Commit graph

136 commits

Author SHA1 Message Date
youtous 92414b7eba
sieve after/before use folder instead of individual listing
Loading sieve scripts using a directory scheme permits to handle multi scripts wtihout defining individual sieve_before/sieve_after
2020-05-04 00:27:29 +02:00
youtous d829905cf7
init spams to junk 2020-05-03 10:33:28 +02:00
youtous 47fac2706f
use ffdhe4096 for DHE params
use by default ffdhe4096 for DHE params 


use by default ffdhe4096 for DHE params
2020-04-26 22:23:51 +02:00
youtous 2527ebfaf2
added dovecot quota feature
add postfix service quota check


check-for-changes on quotas


setquota command


fix checkforchanges quota


addquota verify user exists


add setquota in setup.sh


merging addquota into setquota


test quota commands


add ldap tests for dovecot quota


fix smtp only quota postfix rules


test postfix conf


add quota test integration


add quota exceeded test


add wait analyze


fix tests


fix setup typo


add test fixes


fix error output


wip


update startup rules


fix setup


fix setup tests


fix output commands


remove quota on remove user


try to fix sync limit mails


check if file exists


fix path


change used quota user


fix post size


check if quota file exists


update tests


configure virtualmailbox limit for dovecot


last fix


fix quota expr


relax dovecot tests


auto create dovecot-quotas


fix dovecot apply quota test


wip quota warning


trying to fix get dovadm quota


dovecot applies fix


fix quota warning lda path


test count mail on quota


fix quota warning permissiosn


fix test
2020-04-24 14:56:15 +02:00
Casper ccd838c027
rsyslog logrotate warning fixed
Fix for https://github.com/tomav/docker-mailserver/issues/1465
2020-04-23 00:39:56 +02:00
Casper b21e14a1c2
AllowSupplementaryGroups change removed
1. "AllowSupplementaryGroups false" is no longer present in /etc/clamav/clamd.conf, therefore the command does not work anymore.
2. Since Clamd 0.100.0, "AllowSupplementaryGroups" is deprecated. See: https://blog.clamav.net/2018/04/clamav-01000-has-been-released.html

"Deprecation of the AllowSupplementaryGroups parameter statement in clamd, clamav-milter, and freshclam. Use of supplementary is now in effect by default."
2020-04-20 21:11:17 +02:00
Casper 78fd5b8760
-f option removed from rm commands
Let build fail, if file does not exist.
2020-04-19 11:39:43 +02:00
Casper 5d79e56bf0
Cleanup obsolete file removal
`/etc/cron.weekly/fstrim` does not exist, so no need to remove it.
2020-04-18 13:09:50 +02:00
Erik Wramner df26d35695
Merge pull request #1450 from casperklein/patch-1
Upgrade packages, Debian base image not updated often enough.
2020-04-12 08:31:40 +02:00
Casper d56a0f86d5
hadolint ignore 3005 added 2020-04-12 03:18:08 +02:00
Erik Wramner e8a0cdc556 Fix error #792 in logrotate 2020-04-11 09:59:07 +02:00
Nils Knappmeier 370d08fd33 fail2ban: use filter.d/dovecot.conf from distribution
closes #972
2020-04-10 22:21:40 +02:00
Casper 7e96ebe8b9
Upgrade packages
Some packages from the base image are upgradable. For example, that's the case for `libgnutls30` at the moment.
2020-04-10 12:47:58 +02:00
Erik Wramner c24612e992 Removed commented lines 2020-04-05 12:01:57 +02:00
Germain Masse ce41f60888 Move filebeat to its own container 2020-03-20 17:56:18 +01:00
Erik Wramner 85ae8a1471 Fix fail2ban issues and install some suggested amavis packages 2020-01-25 15:33:06 +01:00
Erik Wramner 91b2c9834e Upgrade to buster and remove filebeat 2020-01-25 15:33:06 +01:00
Lukas Elsner b476118514 remove not needed log files after build 2020-01-15 20:29:21 +01:00
Erik Wramner 5da23c066d Added dovecot-solr for full text search 2019-11-10 10:14:27 +01:00
Felix Bartels 7ff9764285
Provide version information through labels (#1256)
* Provide version information through labels

Can be retrieved by calling e.g. `docker inspect -f {{.Config.Labels}} tvial/docker-mailserver:testing`

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* add build hook so that Docker Hub can work with the build args

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* remove obsolete build-no-cache

build args invalidate build cache already

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* adapt travis file

Signed-off-by: Felix Bartels <felix@host-consultants.de>

* shellcheck

Signed-off-by: Felix Bartels <felix@host-consultants.de>
2019-10-23 11:22:23 +02:00
Erik Wramner 008b8e6bce Fix #1093, pflogsumm and logwatch 2019-09-16 08:00:35 +02:00
Felix Bartels 043e184630 Update readme
reorg dockerfile and add comments
2019-09-02 11:16:21 +02:00
Erik Wramner 3618939f21 Ignore hadolint error about parameter expansion 2019-08-30 13:51:48 +02:00
Erik Wramner b766b5646b Change repo for dovecot to fix CVE-2019-11500 2019-08-30 13:43:11 +02:00
Felix Bartels 1ba0991d80
Fix linting errors reported by hadolint (#1211)
* Fix linting errors reported by hadolint
* use full path for folders when listing contents
* add linting task to makefile
2019-08-13 11:41:38 +02:00
Felix Bartels a7408b73e0 Do not remove dh*.pem as they do not exist at this point in time
Signed-off-by: Felix Bartels <felix@host-consultants.de>
2019-08-12 19:31:24 +02:00
Erik Wramner 9d7873850d Move dovecot cert generation to startup 2019-08-10 10:15:35 +02:00
Erik Wramner fc8d684994 Generate dhparams at startup, not build 2019-08-09 22:13:50 +02:00
Martin Schulze fcce47a392 WIP: actually test PERMIT_DOCKER=connected-networks
also showcase timeouts and makefile integration
2019-08-07 02:24:56 +02:00
j-marz 2107793f7f install whois package for use with fail2ban action_mwl email notification 2019-08-01 21:37:02 +10:00
Erik Wramner f21bffe322 Fix 1198 freshclam (#1199)
* Run freshclam as clamav user not root

* Remove freshclam cron job when clamav is disabled
2019-07-29 11:15:49 +02:00
dimalo 70cbfa352b FIX: escape symbols in cron command (#1200) 2019-07-29 11:15:21 +02:00
j-marz c3e7ecc773 Replace ENV with ARG for DEBIAN_FRONTEND (#1180)
Best practice suggests not using ENV for this setting as it persists after build. ARG is only set during build.
2019-07-24 14:48:59 +02:00
Erik Wramner 603dbbd7b0 1175: specify user for cron.d freshclam file (#1176)
* 1175: specify user for cron.d freshclam file

* Fix Dovecot SSL parameters and generate dhparams as for Postfix

* Fixed broken unit tests
2019-07-23 16:12:12 +02:00
Daniel Panteleit cc56b4f89e Calling supervisord directly instead of via shell (Closes: #1047, #1074) 2018-11-04 20:23:50 +01:00
millerjason 53a344a056 Support for additional postgrey options (Close: #998, #999, #1046)
* addnl postgrey whitelist support. closes #998, closes #999.

	modified:   Dockerfile
	modified:   Makefile
	modified:   README.md
	modified:   docker-compose.elk.yml.dist
	modified:   docker-compose.yml.dist
	modified:   target/start-mailserver.sh
	modified:   target/supervisor/conf.d/supervisor-app.conf
	new file:   test/config/whitelist_recipients
	new file:   test/nc_templates/postgrey_whitelist_local.txt
	new file:   test/nc_templates/postgrey_whitelist_recipients.txt
	modified:   test/tests.bats

* match existing indent convention

	modified:   target/start-mailserver.sh

* ISSUE-999: add support for header_checks

	modified:   Dockerfile
	modified:   target/postfix/main.cf

* ISSUE-999: add empty header_check file

	new file:   target/postfix/header_checks.pcre
2018-11-01 19:32:36 +01:00
Cédric Laubacher 9b7cf1d25b Replace MAINTAINER with LABEL (#1042)
MAINTAINER is deprecated
2018-10-01 08:25:34 +02:00
Dingoz 6a69bb192c Fix freshclam cron name (#1019)
This fixes the daily mail error when logrotate tries to restart a non existing freshclam daemon because cron name doesn't fit freshclam init script invoked by logrotate
2018-08-15 08:27:07 +02:00
17Halbe cc7c1f8804 Introducing global filters. (#934)
* Introducing global filters
* added optional after.dovecot.sieve/before.dovecot.sieve files
* added global filter test
2018-04-05 18:54:01 +02:00
17Halbe e403261ba5 Fixes 'duplicate log entry for /var/log/mail/mail.log' (#925, #927) 2018-04-03 19:28:43 +02:00
akmet a420b15370 Adding daily mail review from Issue 839 (#881)
* Added dependencies, binary, startup configuration
* Added env variable to dist files/readme
* send summary after each logrotate, added env variable for mail/logrotate interval
* remove mail.log from rsyslogs logrotate
* rotate mail.log when no email is set
* Added documentation for POSTFIX_LOGROTATE_INTERVAL
* Removed interval option, since its not being tested for.
* changed test to force logrotate to rotate fixed logrotate config
* readded setup_environment, made logrotate_setup being called everytime
* changed documentation for new variable names - again
* Did Documentation, added a default recipient, added test for default config.
* layout fix
* changed variable names apposite the documentation
2018-03-18 19:52:28 +01:00
James ef79e9a65d Generate SRS secret on first run and store it (#891) 2018-03-10 13:41:20 +01:00
17Halbe a73692cc9f Added reject_authenticated_sender_login_mismatch (#872)
* added reject_authenticated_sender_login_mismatch handling including tests
* removed obsolete reject_sender_login_mismatch
* introduced SPOOF_PROTECTION env variable, tests, documentation and missing documentation for TLS_LEVEL
* added missing email template
2018-03-07 19:33:43 +01:00
Thomas A. Kilian 4036588c65 Setting quiet mode on invoke-rc.d (Closes: #792)
This prevents a daily error message
2018-03-07 19:31:10 +01:00
Cédric Laubacher 19cb22a1a5 Generate new DH param weekly instead of daily (#836) 2018-02-12 22:04:02 +01:00
17Halbe ac9be357ce Diffie-Hellman 2048 Bit Parameters should be changed regularly. (#834)
Since it is assumed that the NSA uses Rainbowtables to break default-DHE-Parameters, one is encouraged to change the Parameters periodically.
2018-02-11 18:37:04 +01:00
Jurek Barth e1e4542390 Fix: Add SRS to fix SPF issues on redirect #611 (#814)
* add srs support

* change autorestart behavior

* this may work now

* make postsrsd’s own wrapper file

* fix dockerfile formatting

* fixing tests
2018-02-06 08:11:57 +01:00
Marek Walczak b4b19e76b7 Stretch backport (#813)
* install dovecot from backports

* dovecot 2.2.33 has a slightly different TLS-configuration than 2.2.27

* want to have both images a the same time

* make use of the /etc/dovecot/ssl as mkcert.sh (2.2.33) is using that folder for certs.
2018-02-04 21:27:47 +01:00
Marek Walczak 49b3867c1b debian stretch slim (#784)
* Switch to stretch-slim as base image.
 - first step correct the testdata, as newer packages are more strict
about the mail-structure.

* Switch to stretch-slim: correcting the test-environment and the build
 - add missing build-step to make
 - clean the userdb aswell
 - use timeout of netcat, as postgrey would not close the connection
 - there is 2 extra mail-logs -> assert_output 5
 - cosmetic: use "" instead of ''

* Switch to stretch-slim:
new image:
 - smaller size
 - 0 CVEs compared to 11 CVEs in ubuntu 16.04 Image
better backport situation
 - postfix 3.1.6 vs 3.1.0
 - fail2ban 0.9.6 vs 0.9.3
 ...
changes needed because of stretch-slim:
- add missing gnupg and iproute2 package
- remove non-free rar, unrar-free should do
- rsyslog does not add syslog user and has different conf-structure
- pyzor command discover was deprecated and is missing in the new
stretch package

- dovecot does not know SSLv2 anymore. removed because of warnings in
log

- iptables does not know imap3, IMAP working group chose imap2 in favor
of imap3

* Switch to debian stretch slim:
SSLv2 seems to be a not known protocol anymore - good!

* switch to debian stretch slim:
make this test more stable. there might be more than only one mail.log
(mail.info, mail.warn, ...)

* switch to debian stretc slim:
 new openssl 1.1.0 needs stronger ciphers, removed some weekers ones.
Please, look through the new list of cipher! this needs to be done in
another commit for all other SSL/TLS-Endpoints aswell.

* Switch to debian stretch slim:
let our server pre-empt the cipher list.
Did a read through, wwwDOTpostfixDOTorg/FORWARD_SECRECY_READMEDOThtml
and
wwwDOTpostfixDOTorg/TLS_READMEDOThtml

* Switch to debian stretch slim: lets give this openssl-based test a new and independent but identical container.  many other test on the main 'mail' container might interfere here.

* Switch to debian stretch slim: remove unused lines
2017-12-31 12:33:48 +01:00
kamuri 835939d856 Issue 747 (#748)
* fix for issue #747 (NOT TESTED YET)

Need to test this. Dont merge it yet.

* Small Cleanup and bug fixes Not done Yet!

Not done yet. Dont merge. See comment in issue #747

* Add --ignore-missing. Now is fixed.
2017-10-18 07:43:30 +02:00