* remove two ciphers according to https://www.htbridge.com/ssl/ (NIST, HIPAA)
* added a switch via an environment variable to choose between modern and intermediate ciphers
* new setup.sh function, new tests, new script and some minor updates to main.cf
* fix for missing files
* removed obsolete test-files
* restart postfix if neccessary.
* see pr #845
* fixed typo
* fixed branchmixup
* changed postfix reload command & changed to operate on container instead of image
* reload postfix only on adding new restriction
* main.cf is only changed when user is added.
- Postfix reload changed
- working on container instead of image now in setup.sh
- added cleanup after tests
* moved cleanup to makefile
* install dovecot from backports
* dovecot 2.2.33 has a slightly different TLS-configuration than 2.2.27
* want to have both images a the same time
* make use of the /etc/dovecot/ssl as mkcert.sh (2.2.33) is using that folder for certs.
* Allow setup of LDAP STARTTLS for Dovecot and Postfix
* Added tests for TLS config override
* Add missing Postfix TLS options
* Added missing new line at the end of the file
* Added STARTTLS tests for Postfix config
* Switch to stretch-slim as base image.
- first step correct the testdata, as newer packages are more strict
about the mail-structure.
* Switch to stretch-slim: correcting the test-environment and the build
- add missing build-step to make
- clean the userdb aswell
- use timeout of netcat, as postgrey would not close the connection
- there is 2 extra mail-logs -> assert_output 5
- cosmetic: use "" instead of ''
* Switch to stretch-slim:
new image:
- smaller size
- 0 CVEs compared to 11 CVEs in ubuntu 16.04 Image
better backport situation
- postfix 3.1.6 vs 3.1.0
- fail2ban 0.9.6 vs 0.9.3
...
changes needed because of stretch-slim:
- add missing gnupg and iproute2 package
- remove non-free rar, unrar-free should do
- rsyslog does not add syslog user and has different conf-structure
- pyzor command discover was deprecated and is missing in the new
stretch package
- dovecot does not know SSLv2 anymore. removed because of warnings in
log
- iptables does not know imap3, IMAP working group chose imap2 in favor
of imap3
* Switch to debian stretch slim:
SSLv2 seems to be a not known protocol anymore - good!
* switch to debian stretch slim:
make this test more stable. there might be more than only one mail.log
(mail.info, mail.warn, ...)
* switch to debian stretc slim:
new openssl 1.1.0 needs stronger ciphers, removed some weekers ones.
Please, look through the new list of cipher! this needs to be done in
another commit for all other SSL/TLS-Endpoints aswell.
* Switch to debian stretch slim:
let our server pre-empt the cipher list.
Did a read through, wwwDOTpostfixDOTorg/FORWARD_SECRECY_READMEDOThtml
and
wwwDOTpostfixDOTorg/TLS_READMEDOThtml
* Switch to debian stretch slim: lets give this openssl-based test a new and independent but identical container. many other test on the main 'mail' container might interfere here.
* Switch to debian stretch slim: remove unused lines
* First pass at adding support for pipe and filter in Sieve, excluding unit tests.
* Reduce insight into copied scripts
* Added test
* Adjustments related to switch to 16.04
* Add method overwrite_config()
This method takes 2 arguments:
1.) Environment Variable Prefix
2.) String of files separated by whitespace
e.g.
export LDAP_SEARCH_BASE=dc=domain,dc=loc
export LDAP_BIND_PW=test
overwrite_config "LDAP_" "/etc/postfix/ldap-users.cf
/etc/postfix/ldap-groups.cf"
Logic:
+ all env vars will be search for vars with the prefix LDAP_
+ afterwards they will be dissembled in key value pairs
LDAP_BIND_PW=test --> bind_pw test
+ the key and value will be substituted within the provided files
via sed
* Fix#503 added logic for custom configs provided at container
provisioning within /tmp/docker-mailserver
* Add additional unit tests for postfix ldap integration
* check custom configs copied
* check environment variables substituted
* Fix quoting problems in tests.bats
* Fix missing brackets in function _fix_var_amavis_permissions()
* Fix typo in _setup_ldap
* Fix notify in overwrite_config
* Fix typo
* Fix added dovecot ldap config provisioning again and Add notify for tasks
* Add #394: Postfix Virtual Transport
This makes it possible to specify a lmtp config file, by providing
POSTFIX_DAGENT.
Update - Readme with informations about #394
* Add Variable ENABLE_POSTFIX_VIRTUAL_TRANSPORT (task)
* Add Variable POSTFIX_DAGENT (section)
Added Unit tests for virtual transport
* Fix syntax error in test/tests.bats
* Fix Unit Test
* Move ldap files to target dir
* Move ldap files to target dir
* Update start-mailser.sh to use copied files
* Add the domainname from container to vhost
* Fix unary operator error
* List dovecot users only when LDAP disabled
* Minor
The dovecot-sieve plugin is installed and configured to apply sieve
as soon as a .dovecot.sieve file is encountered in the virtual user's
home directory (that is /var/mail/${domain}/${username}/.dovecot.sieve).
Transport has been changed in the postfix configuration to use
Dovecot LDA (see http://wiki.dovecot.org/LDA/Postfix) to actually
enable sieve filtering.
Tests have been added.
(encrypted passwords).
Modified integration tests to adapt to dovecot.
Need to be worked out:
- user accounts checks: dir layout under dovecot probably include dynamic filenames.
How can we handle that ?
- fail2ban container cannot ban via iptables if we do not run it with special
privileges.
