Commit graph

699 commits

Author SHA1 Message Date
Den ce6ebcc021
docs: Rspamd DKIM config simplify via path setting (#3702)
docs: Rspamd DKIM config (`dkim_signing.conf`) example has been simplified via `path` + `selector` settings.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-15 13:10:03 +13:00
Joerg Sonnenberger e3331b0f44
feat: Add MTA-STS support for outbound mail (#3592)
* feat: add support for MTA-STS for outgoing mails

* Hook-up mta-sts-daemon into basic process handling test

* fix: Call python script directly

The python3 shebang will run it, which will now meet the expectations of the process testing via pgrep. fail2ban has the same approach.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-13 21:37:20 +13:00
Keval Kapdee 52c4582f7b
feat: Auth - OAuth2 (Dovecot PassDB) (#3480)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2024-01-13 09:45:14 +13:00
Brennan Kinney 5e28c17cf4
docs: SpamAssassin ENV docs refactor (#3756)
* chore: Log `SPAMASSASSIN_SPAM_TO_INBOX=1` ENV correctly

ENV name logged was incomplete.

* docs: Update SA related ENV docs

* fix: Log level `warning` should be `warn`

* docs: FAQ - Revise outdated SA entry

* chore: Antispam / Antivirus => Anti-spam / Anti-virus

* docs: ENV - Additional revisions to SA ENV

* docs: ENV - Move `ENABLE_SPAMASSASSIN_KAM`
2024-01-08 03:07:38 +01:00
Brennan Kinney 72517d3f82
docs: Debugging - Delivery failure from service downtime (#3718)
* docs: Debugging - Delivery failure from service downtime

Services may be temporarily down, such as when restarted when certificates are updated due to the `check-for-changes.sh` service. This is another known source of intermittent delivery failures.
2023-12-26 09:53:32 +13:00
Brennan Kinney 5908d9f060
tests(refactor): Dovecot quotas (#3068)
* chore: Extract out Dovecot Quota test cases into new test file

Test cases are just cut + paste, no logic changed there yet.

* chore: Rename test case descriptions

* chore: Use `setup ...` methods instead of direct calls

* chore: Adjust `_run_in_container_bash` to `_run_in_container`

Plus some additional bug fixes in the disabled test case

* tests(refactor): Revise ENV test cases for max mailbox and message sizes

* tests(refactor): Revise ENV test cases for mailbox and message limits v2

Removes the extra variables and filtering in favour of explicit values instead of matching for comparison.

- Easier at a glance to know what is actually expected.
- Additionally reworks the quota limit checks in other test cases. Using a different formatter for `doveadm` is easier to match the desired value (`Limit`).

* chore: Sync improvement from `tests.bats` master

---

NOTE: This PR has been merged to avoid additional maintenance burden without losing the improvements. It was not considered complete, but remaining tasks were not documented in the PR.
2023-12-19 14:33:38 +13:00
Casper 98a4c13ca9
Add ENV ENABLE_IMAP (#3703) 2023-12-18 12:26:28 +01:00
Peter Adam 77917f5cc6
scripts: Install arm64 rspamd from official repository (#3686)
* scripts: Install rspamd from official repository instead of debian backports on arm64 architecture

* Remove unnecessary deb-src repository for rspamd

* Remove note about ARM64 rspamd version, update CHANGELOG.md

---------

Co-authored-by: Peter Adam <p.adam@cygnusnetworks.de>
2023-12-07 23:45:02 +01:00
Brennan Kinney 01689ab788
docs: Troubleshooting - Bare domain misconfiguration (#3680) 2023-12-03 23:22:43 +01:00
Georg Lauterbach 472174b744
ci: add run-local-instance target to Makefile (#3663) 2023-12-04 10:28:40 +13:00
Brennan Kinney 19e96b5131
fix: update-check.sh should query GH Releases (#3666)
* fix: Source `VERSION` from image ENV

Now CI builds triggered from tagged releases will always have the correct version. No need for manually updating a separate file.

* fix: Query latest GH release tag

Compare to the remote GH release tag published, rather than contents of a `VERSION` file.

`VERSION` file remains in source for now as prior releases still rely on it for an update notification.

* chore: Switch from `yq` to `jaq`

- Can more easily express a string subslice.
- Lighter weight: 9.3M vs 1.7M.
- Drawback, no YAML input/output support.

If `yq` is preferred, the `v` prefix could be removed via BASH easily enough.

* chore: Add entry to `CHANGELOG.md`

* ci: `VERSION` has no relevance to `:edge`

* docs: Update build guide + simplify `make build`

---------

Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
2023-11-30 10:21:26 +13:00
Georg Lauterbach a11951e398
hotfix: solve #3665 (#3669)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-28 10:33:29 +01:00
Jean-Kevin KPADEY cedd360ebd
docs: add a new example explaining how to integrate crowdsec with (#3651) 2023-11-25 11:02:42 +01:00
Brennan Kinney 7d1fcb75d7
docs: Debugging - Correctly starting DMS (#3654) 2023-11-25 10:57:34 +01:00
Brennan Kinney 2a716cf4a4
docs: Dovecot Sieve - Adjust to new path for user home folder (#3650) 2023-11-23 10:47:11 +01:00
Brennan Kinney 020542a66c
docs: Debugging - Add macOS suggestion to use gRPC FUSE file sharing implementation (#3652) 2023-11-23 14:05:51 +13:00
Georg Lauterbach d8ebf591f9
docs: correct path for logs (#3640) 2023-11-15 10:34:56 +13:00
Georg Lauterbach 26214491ef
fix: Drop special bits from Postfix maildrop/ and public/ directory permissions (#3625)
* update K8s deployment

Because `allowPrivilegeEscalation` controls SUID/SGID, we require it
when postdrop is invoked.

* correct permissions for maildrop/public

The reason our permissions previously worked out as that in setups where
SUID/SGID worked, the binaries used to place files in these directories
already have SGID set; the current set of permissions makes less sense
(as explained in this comment:
https://github.com/docker-mailserver/docker-mailserver/issues/3619#issuecomment-1793816412)

Since the binaries used to place files inside these directories alredy
have SUID/SGID set, we do not require these bits (or the sticky bit) to
be set on the directories.

* Apply suggestions from code review

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-10 19:57:17 +01:00
Joerg Sonnenberger 0703e01492
docs: Clarify default for ENV FETCHMAIL_PARALLEL (#3603)
- Make this easier to find when browsing the example environment file.
- Adjust ENV documentation to properly mark the actual default value.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-10 13:03:21 +13:00
Zepmann 290355cf5a
docs: Add Dovecot Lua auth guide + required package (#3579)
* Dovecot: add deb package dovecot-lua to support Lua scripting
* Adding documentation for Lua authentication
* Updated documentation and made a better distinction between Dovecot packages for officially supported features and for community supported features.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-09 10:18:17 +13:00
Joerg Sonnenberger 460f2d5be5
docs: correct Rspamd directory name (#3629) 2023-11-08 17:57:16 +01:00
Georg Lauterbach 8c0777b669
docs: improve docs about how to work with logs (#3626)
* improvide docs about how to work with logs

Most importantly,

1. I added information on the recently adopted `less` / `nano`
2. I added information about `/var/log/mail/`

* fix typos

* Apply suggestions from code review

* Update docs/content/config/debugging.md

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-11-08 10:49:36 +01:00
Georg Lauterbach f674232f71
misc: final Rspamd adjustments for v13 (#3599)
* outsource Rspamd ENVs into explicit helper

This will allow us to uniformly source the helper and get the values
from everywhere consistently. This is more than desirable since we will
be using these values not only for the Rspamd setup, but also for DKIM
management and during change-detection.

* integrate Rspamd into changedetection

We outsource one more function to reside in the helper script for Rspamd
so that we can call this function from the Rspamd setup and from the
changedetection functionality too.

* realize deprecation of old commands file for Rspamd

THIS IS A BREAKING CHANGE!

This change realizes the log message: "Using old file location now
(deprecated) - this will prevent startup in v13.0.0" Startup will now
fail.

* added '--force' option to Rspamd DKIM script

* use new helper to get ENVs for Rspamd in DKIM script

* remove the need for linking directories

This was unnecessary, as explained in
https://github.com/docker-mailserver/docker-mailserver/pull/3597#discussion_r1369413599

* Apply suggestions from code review

review by @polarathene

* apply more review feedback from @polarathene

- <https://github.com/docker-mailserver/docker-mailserver/pull/3599#discussion_r1370885519>
- <https://github.com/docker-mailserver/docker-mailserver/pull/3599#discussion_r1370904201>

* update documentation

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-30 10:20:37 +01:00
Andreas Perhab f6e556e33f
docs: fix path to rspamd.log (#3585) 2023-10-17 10:24:01 +02:00
Brennan Kinney 4a58e2eb83
docs: Revise watchtower page (#3583)
- Better clarify images are only updated to newer image updates to the same tag of the running container(s).
- Slight revisions to existing content.
2023-10-16 15:20:50 +02:00
Georg Lauterbach 894978ddd7
refactor: logrotate setup + rspamd log path + tests log helper fallback path (#3576)
* simplify `_setup_logrotate`

* adjust Rspamd's log file and improve it's management

* add information to docs about Rspamd log

* update log query helper to allow another file location

* bail in case `LOGROTATE_INTERVAL` is invalid

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-14 17:14:10 +02:00
Vincent Ducamps 82c38f2426
docs: TLS - Include passthrough=true on implicit ports for Traefik example (#3568) 2023-10-08 11:25:57 +13:00
Brennan Kinney aae42fae9b
ci(fix): Normalize for .gitattributes + improve eclint coverage (#3566) 2023-10-04 12:53:32 +02:00
Vincent Ducamps bd96c1161e
feat: Allow changing the Dovecot vmail UID/GID via ENV (#3550)
Some deployment scenarios are not compatible with `5000:5000` static vmail user with `/var/mail`. This feature allows adjusting the defaults to a UID / GID that is compatible.

Signed-off-by: vincent <vincent@ducamps.win>
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-10-01 00:20:03 +13:00
jpduyx 8c0cfa0836
docs: Revise update-and-cleanup.md (#3539)
* Update update-and-cleanup.md

spotify dockergc is UNMAINTAINED, they advice to consider using the `docker system prune` command instead.

"This repository has been archived by the owner on Feb 2, 2021. It is now read-only."

https://github.com/spotify/docker-gc

* Revise `update-and-cleanup.md`

Merges the image update + cleanup sections.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-09-19 16:21:33 +12:00
Milas Bowman 20241691b8
docs: Fix IPv6 example for Compose (#3531)
The subnet must be specified as part of `ipam.configs`.

This was unfortunately slightly incorrect due to a mistake in the official Docker docs being propagated, which has since been fixed upstream.

Refer to the official Compose Spec for more details:
 * https://docs.docker.com/compose/compose-file/06-networks/#ipam
2023-09-08 10:35:08 +12:00
Brennan Kinney ed84dca147
chore: LDAP config improvements (#3522)
* chore: Drop management of `SASLAUTHD_*` ENV

- `variables-stack.sh` does not need to manage all these extra ENV or store them. They're not used anywhere else.
- `saslauthd.sh` is the only consumer of these ENV which are effectively direct key/value mappings, with some defaults provided / inherited.

Instead of trying to conditionally support key/value pairs when ENV is set, we could instead use `sed` to delete lines with empty values.

* chore: Drop fallbacks + update configs to match docs

- Drop deprecated support:
  - `DOVECOT_HOSTS` is an ENV deprecated since v10.
  - Fallback for missing URI scheme introduced for Dovecot and SASLAuthd in v10.
  - Adding error log message when no LDAP URI scheme is detected for the supported ENV (when set).
- Docs updated for ENV to reflect the mandatory requirement. `mailserver.env` partially synced equivalent sections.
- Provided base LDAP configs (for overriding) likewise updated from `domain.com` to `example.com`.
- LDAP test updated for required `ldap://` URI scheme. Common ENV shared across LDAP configs hoisted out of the Postfix group.

* chore: Remove unset lines in generated `saslauthd.conf`
2023-09-02 22:07:02 +12:00
René Plötz 3d5f6aeec4
docs: Add documentation for iOS mail push support (#3513)
* Add documentation for iOS mail push support

---------

Signed-off-by: René Plötz <reneploetz@users.noreply.github.com>
2023-08-30 09:40:54 +12:00
Brennan Kinney 9446fa9b9a
chore: Adapt ENABLE_LDAP=1 to ACCOUNT_PROVISIONER=LDAP (#3507)
- Deprecation startup script check is kept for `ENABLE_LDAP=1` but adjusted to emit an error instead. It can be dropped in a future release. Just a precaution for those who mistakenly update (_possibly via automation_) without checking the release notes, an error log is somewhat helpful, although it could alternatively panic?
- Docs updated to remove the `ENABLE_LDAP=1` usage
- ENV docs updated to reference a maintained LDAP image.
- Changelog includes the breaking change, and slight revision to prior release mention of deprecation.
2023-08-29 10:19:03 +12:00
Brennan Kinney e9f04cf8a7
chore: Change setup config dkim default key size to 2048 (open-dkim) (#3508)
* chore: Adjust default DKIM size (`open-dkim`) from 4096-bit to 2048-bit

4096-bit is excessive in size for DKIM key. 2048-bit is plenty.

* chore: Additional revisions to `open-dkim` command help output

- The examples use `keysize 2048`, but as that's the new default it makes sense to change that.
- Other help text was also revised.
- Last example for domains did not need to demonstrate the other options. Changed example domains to more appropriate values.

* docs: Revise DKIM docs

Primarily for the change in default key size, but does revise some text to better communicate to the user.
- While the referenced RFC advises 512-bit to 2048-bit key size, we now explicitly discourage `512-bit` as it's not secure. `1024-bit` is still likely safe for most, but `2048-bit` is a good default for those not rotating their keys.
- Adjusted the domains example to match the new `setup config dkim domain` domains example.
- Tip for changing default key size changed to "info" with added clarity of lowering security or increasing it (excessively).
- Rspamd section is minor formatting changes, with the exception of clarifying the "main domain" for the mail accounts is assumed as the DMS FQDN with any subdomain (like `mail.`) stripped away. This is not great, but a legacy issue that needs to be addressed in future.
- `docs-rspamd-override-d` ref removed, and usage replaced with equivalent ref `docs-rspamd-config-dropin`, while `docs-rspamd-config-declarative` ref was not in use and also removed.
- Revised the `<selector>.txt` DNS formatting info section to better communicate with the reader. Additionally it had mixed usage of default `mail` and custom `dkim-rsa` selectors (_file content and output_).

* docs: Sync DKIM commands help messages and update DKIM docs for LDAP

- Adopt the help options format style from the `rspamd-dkim` into `open-dkim` command. And convert `./setup.sh` to `setup`. `selector` option has been implemented. for a while now.
- Update `rspamd-dkim` examples help output to align with `open-dkim` command examples.
- Give both DKIM command tools a consistent description. The two tools differ in support for the `domain` option (_implicit domain sourcing for default account provisioner, and support for multiple domains as input_).
- DKIM docs for LDAP domain support revised to better communicate when explicit domain config is necessary.

* tests: Adjust test-cases for `setup config dkim` change

`rspamd_dkim.bats`:
- Update assert for command help output.
- Don't bother creating a DKIM key at 512-bit size.

`setup_cli.bats`:
- Update assert for command help output of the `setup config dkim` (OpenDKIM) command.

* docs: Update DKIM section for large keys to newer RFC

The linked discussion from 2021 does mention this updated RFC over the original. That removes outdated advice about `512-bit` key length support.

The discussion link is still kept to reference a comment for the reader to better understand the security strength of 2048-bit RSA keys and why larger keys are not worthwhile, especially for DKIM.

* docs: Extract out common DKIM generation command from content tabs

Should be fine to be DRY here, not specific to `open-dkim` or `rspamd` generation/support. Previously rspamd lacked support of an equivalent command in DMS.

* docs: DKIM refactoring

- Shifted out the info admonition on key size advice out of the content tabs as it's now generic information.
- Indented the 4096-bit warning into this, which is less of a concern as the default for our DKIM generation tools is consistently 2048-bit now.
- Reworked the LDAP and Rspamd multi-domain advice. To avoid causing a bad diff, these sections haven't been moved/merged yet.

* docs: Revise DKIM docs

Advice for managing domains individually with LDAP and Rspamd extracted out of the content tabs. Default domain behaviour explained with extra info about OpenDKIM + FILE provisioner sourcing extra domains implicitly.
2023-08-29 09:40:02 +12:00
HeySora 758fd9c913
Docs: Drop mention of port 25 support for authenticated submission (#3496)
* FAQ: Remove outdated port 25 for mail client use
2023-08-22 17:49:15 +12:00
H4R0 bb2038e8c6
feat: Allow marking spam as read via a sieve filter (ENV MARK_SPAM_AS_READ=1) (#3489)
* add MARK_SPAM_AS_READ environment variable

* review changes

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>

* update unit test

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-08-21 10:32:26 +12:00
Georg Lauterbach f28fce9cc4
rspamd: disable checks for authenticated users (#3440)
Co-authored-by: Casper <casperklein@users.noreply.github.com>
Co-authored-by: William Desportes <williamdes@wdes.fr>
2023-08-08 10:43:21 +02:00
Nils Höll 85603193a2
feat(setup): Add fail2ban sub-command status <JAIL> (#3455)
* Added status command to fail2ban setup script

* Switched to `printf` for command output

Co-authored-by: Casper <casperklein@users.noreply.github.com>

* Update docs/content/config/security/fail2ban.md

Co-authored-by: Casper <casperklein@users.noreply.github.com>

---------

Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-08-02 12:09:01 +12:00
rmlhuk f53a40d2ae
docs(page:usage): Add internet.nl to the testing tools section (#3445)
Adding `internet.nl` mail tester, this testing services gives users in-depth analysis of their mail server, connectivity, DKIM/SPF/DMARC records and DNS.
2023-07-28 11:07:26 +12:00
rriski 59f483f157
docs: Fix typos (#3443)
Various typos fixed in docs, in addition to a config and ENV template.
2023-07-27 12:24:36 +12:00
Brennan Kinney a0fde8b83f
docs: IPv6 config examples with content tabs (#3436)
For added clarity, a user requested we document the example config snippets instead of only linking external references to them. Revised section and adjusted to presenting via the content tabs feature.
2023-07-20 23:05:19 +02:00
Georg Lauterbach 9f5d662da7
docs: Rewrite of IPv6 page (#3244)
Much better docs for IPv6 support. Third-party container no longer required, Docker has `ip6tables` feature now.

---------

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-07-03 11:33:14 +12:00
Brennan Kinney a276589e40
docs: Add compatibility section to debugging page (#3404)
docs: Add compatibility section to debugging page

ci: Adjust bug report template
Reduce some text + compress the preliminary checks down to single check item.
2023-06-22 09:17:41 +02:00
Georg Lauterbach 6a4fac61f8
misc: remaining v13 todos (#3370) 2023-05-29 19:07:45 +02:00
Georg Lauterbach 68265b744d
add note about DMS FQDN (#3372) 2023-05-29 18:34:58 +02:00
Arun 69ae4ff319
Update dkim_dmarc_spf.md (#3367) 2023-05-26 14:24:07 +02:00
LucidityCrash 7af7546d88
feature: adding getmail as an alternative to fetchmail (#2803)
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com>
Co-authored-by: Casper <casperklein@users.noreply.github.com>
2023-05-23 17:25:08 +02:00
Casper f794d10bb5
Update contributing (#3339) 2023-05-15 06:38:52 +02:00
Casper 7cc05581d1
docs: Restore missing edit button (#3338) 2023-05-14 23:54:53 +02:00