Update docker-mailserver to 11.0.0
This commit is contained in:
parent
3ecc8c2621
commit
d267845832
|
@ -2,7 +2,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
mail:
|
||||
image: docker.io/mailserver/docker-mailserver:10.5
|
||||
image: docker.io/mailserver/docker-mailserver:11.0.0
|
||||
hostname: mail
|
||||
domainname: zweili.org
|
||||
env_file: mailserver.env
|
||||
|
|
|
@ -1,13 +1,24 @@
|
|||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Mailserver Environment Variables ––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- Mailserver Environment Variables ----------
|
||||
# -----------------------------------------------
|
||||
|
||||
# DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER
|
||||
# https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/
|
||||
|
||||
# -----------------------------------------------
|
||||
# --- General Section ---------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
# empty => uses the `hostname` command to get the mail server's canonical hostname
|
||||
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
|
||||
OVERRIDE_HOSTNAME=mail.zweili.org
|
||||
|
||||
# 0 => Debug disabled 1 => Enables debug on startup
|
||||
DMS_DEBUG=0
|
||||
# Set the log level for DMS.
|
||||
# This is mostly relevant for container startup scripts and change detection event feedback.
|
||||
#
|
||||
# Valid values (in order of increasing verbosity) are: `error`, `warn`, `info`, `debug` and `trace`.
|
||||
# The default log level is `info`.
|
||||
LOG_LEVEL=info
|
||||
|
||||
# critical => Only show critical messages
|
||||
# error => Only show erroneous output
|
||||
|
@ -24,15 +35,35 @@ ONE_DIR=0
|
|||
# => Specify the postmaster address
|
||||
POSTMASTER_ADDRESS=postmaster@2li.ch
|
||||
|
||||
# Check for updates on container start and then once a day
|
||||
# If an update is available, a mail is sent to POSTMASTER_ADDRESS
|
||||
# 0 => Update check disabled
|
||||
# 1 => Update check enabled
|
||||
ENABLE_UPDATE_CHECK=1
|
||||
|
||||
# Customize the update check interval.
|
||||
# Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
|
||||
UPDATE_CHECK_INTERVAL=1d
|
||||
|
||||
# Set different options for mynetworks option (can be overwrite in postfix-main.cf)
|
||||
# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
|
||||
# `connected-networks` option, can create an open relay
|
||||
# https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498
|
||||
# empty => localhost only
|
||||
# host => Add docker host (ipv4 only)
|
||||
# network => Add all docker containers (ipv4 only)
|
||||
# The same can happen for rootless podman. To prevent this, set the value to "none" or configure slirp4netns
|
||||
# https://github.com/docker-mailserver/docker-mailserver/issues/2377
|
||||
#
|
||||
# none => Explicitly force authentication
|
||||
# container => Container IP address only
|
||||
# host => Add docker container network (ipv4 only)
|
||||
# network => Add all docker container networks (ipv4 only)
|
||||
# connected-networks => Add all connected docker networks (ipv4 only)
|
||||
PERMIT_DOCKER=
|
||||
PERMIT_DOCKER=none
|
||||
|
||||
# Set the timezone. If this variable is unset, the container runtime will try to detect the time using
|
||||
# `/etc/localtime`, which you can alternatively mount into the container. The value of this variable
|
||||
# must follow the pattern `AREA/ZONE`, i.e. of you want to use Germany's time zone, use `Europe/Berlin`.
|
||||
# You can lookup all available timezones here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
|
||||
TZ=
|
||||
|
||||
# In case you network interface differs from 'eth0', e.g. when you are using HostNetworking in Kubernetes,
|
||||
# you can set NETWORK_INTERFACE to whatever interface you want. This interface will then be used.
|
||||
|
@ -68,12 +99,30 @@ ENABLE_CLAMAV=1
|
|||
# 1 => Enabled
|
||||
ENABLE_AMAVIS=1
|
||||
|
||||
# -1/-2/-3 => Only show errors
|
||||
# **0** => Show warnings
|
||||
# 1/2 => Show default informational output
|
||||
# 3/4/5 => log debug information (very verbose)
|
||||
AMAVIS_LOGLEVEL=0
|
||||
|
||||
# This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix
|
||||
# and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen.
|
||||
# Note: Emails will be rejected, if they don't pass the block list checks!
|
||||
# **0** => DNS block lists are disabled
|
||||
# 1 => DNS block lists are enabled
|
||||
ENABLE_DNSBL=0
|
||||
|
||||
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
|
||||
# cap_add:
|
||||
# - NET_ADMIN
|
||||
# Otherwise, `iptables` won't be able to ban IPs.
|
||||
# Otherwise, `nftables` won't be able to ban IPs.
|
||||
ENABLE_FAIL2BAN=0
|
||||
|
||||
# Fail2Ban blocktype
|
||||
# drop => drop packet (send NO reply)
|
||||
# reject => reject packet (send ICMP unreachable)
|
||||
FAIL2BAN_BLOCKTYPE=drop
|
||||
|
||||
# 1 => Enables Managesieve on port 4190
|
||||
# empty => disables Managesieve
|
||||
ENABLE_MANAGESIEVE=
|
||||
|
@ -128,11 +177,22 @@ POSTFIX_DAGENT=
|
|||
# empty => 0
|
||||
POSTFIX_MAILBOX_SIZE_LIMIT=
|
||||
|
||||
# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes
|
||||
# 0 => Dovecot quota is disabled
|
||||
# 1 => Dovecot quota is enabled
|
||||
ENABLE_QUOTAS=1
|
||||
|
||||
# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
|
||||
#
|
||||
# empty => 10240000 (~10 MB)
|
||||
POSTFIX_MESSAGE_SIZE_LIMIT=
|
||||
|
||||
# Mails larger than this limit won't be scanned.
|
||||
# ClamAV must be enabled (ENABLE_CLAMAV=1) for this.
|
||||
#
|
||||
# empty => 25M (25 MB)
|
||||
CLAMAV_MESSAGE_SIZE_LIMIT=
|
||||
|
||||
# Enables regular pflogsumm mail reports.
|
||||
# This is a new option. The old REPORT options are still supported for backwards compatibility. If this is not set and reports are enabled with the old options, logrotate will be used.
|
||||
#
|
||||
|
@ -147,9 +207,9 @@ PFLOGSUMM_TRIGGER=daily_cron
|
|||
# => Specify the recipient address(es)
|
||||
PFLOGSUMM_RECIPIENT=andreas@zweili.ch
|
||||
|
||||
# From address for pflogsumm reports.
|
||||
# Sender address (`FROM`) for pflogsumm reports if pflogsumm reports are enabled.
|
||||
#
|
||||
# not set => Use REPORT_SENDER or POSTMASTER_ADDRESS
|
||||
# not set => Use REPORT_SENDER
|
||||
# => Specify the sender address
|
||||
PFLOGSUMM_SENDER=
|
||||
|
||||
|
@ -164,44 +224,72 @@ LOGWATCH_INTERVAL=daily
|
|||
#
|
||||
# not set => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
|
||||
# => Specify the recipient address(es)
|
||||
LOGWATCH_RECIPIENT=andreas@zweili.ch
|
||||
LOGWATCH_RECIPIENT=
|
||||
|
||||
# Enables a report being sent (created by pflogsumm) on a regular basis. (deprecated)
|
||||
# **0** => Report emails are disabled
|
||||
# 1 => Using POSTMASTER_ADDRESS as the recipient
|
||||
# Sender address (`FROM`) for logwatch reports if logwatch reports are enabled.
|
||||
#
|
||||
# not set => Use REPORT_SENDER
|
||||
# => Specify the sender address
|
||||
LOGWATCH_SENDER=
|
||||
|
||||
# Defines who receives reports if they are enabled.
|
||||
# **empty** => ${POSTMASTER_ADDRESS}
|
||||
# => Specify the recipient address
|
||||
REPORT_RECIPIENT=0
|
||||
REPORT_RECIPIENT=andreas@zweili.ch
|
||||
|
||||
# Change the sending address for mail report (deprecated)
|
||||
# **empty** => mailserver-report@hostname
|
||||
# => Specify the report sender (From) address
|
||||
# Defines who sends reports if they are enabled.
|
||||
# **empty** => mailserver-report@${DOMAINNAME}
|
||||
# => Specify the sender address
|
||||
REPORT_SENDER=
|
||||
|
||||
# Changes the interval in which a report is being sent. (deprecated)
|
||||
# **daily** => Send a daily report
|
||||
# weekly => Send a report every week
|
||||
# monthly => Send a report every month
|
||||
# Changes the interval in which log files are rotated
|
||||
# **weekly** => Rotate log files weekly
|
||||
# daily => Rotate log files daily
|
||||
# monthly => Rotate log files monthly
|
||||
#
|
||||
# Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/)
|
||||
REPORT_INTERVAL=daily
|
||||
# Note: This Variable actually controls logrotate inside the container
|
||||
# and rotates the log files depending on this setting. The main log output is
|
||||
# still available in its entirety via `docker logs mail` (Or your
|
||||
# respective container name). If you want to control logrotation for
|
||||
# the Docker-generated logfile see:
|
||||
# https://docs.docker.com/config/containers/logging/configure/
|
||||
#
|
||||
# Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
|
||||
LOGROTATE_INTERVAL=weekly
|
||||
|
||||
# Choose TCP/IP protocols to use
|
||||
# Choose TCP/IP protocols for postfix to use
|
||||
# **all** => All possible protocols.
|
||||
# ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
|
||||
# ipv6 => Use only IPv6 traffic.
|
||||
#
|
||||
# Note: More details in http://www.postfix.org/postconf.5.html#inet_protocols
|
||||
# Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols
|
||||
POSTFIX_INET_PROTOCOLS=all
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Spamassassin Section ––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# Choose TCP/IP protocols for dovecot to use
|
||||
# **all** => Listen on all interfaces
|
||||
# ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
|
||||
# ipv6 => Listen only on IPv6 interfaces.
|
||||
#
|
||||
# Note: More information at https://dovecot.org/doc/dovecot-example.conf
|
||||
DOVECOT_INET_PROTOCOLS=all
|
||||
|
||||
# -----------------------------------------------
|
||||
# --- SpamAssassin Section ----------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
ENABLE_SPAMASSASSIN=1
|
||||
|
||||
# deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT)
|
||||
SPAMASSASSIN_SPAM_TO_INBOX=1
|
||||
|
||||
# KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation.
|
||||
# If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
|
||||
# - **0** => KAM disabled
|
||||
# - 1 => KAM enabled
|
||||
#
|
||||
# Note: only has an effect if `ENABLE_SPAMASSASSIN=1`
|
||||
ENABLE_SPAMASSASSIN_KAM=1
|
||||
|
||||
# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
|
||||
MOVE_SPAM_TO_JUNK=1
|
||||
|
||||
|
@ -217,18 +305,18 @@ SA_KILL=6.31
|
|||
# add tag to subject if spam detected
|
||||
SA_SPAM_SUBJECT=***SPAM*****
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Fetchmail Section –––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- Fetchmail Section -------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
ENABLE_FETCHMAIL=0
|
||||
|
||||
# The interval to fetch mail in seconds
|
||||
FETCHMAIL_POLL=300
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– LDAP Section ––––––––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- LDAP Section ------------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
# A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap)
|
||||
# For preparing the ldap server to use in combination with this container this article may be helpful: http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/
|
||||
|
@ -274,9 +362,9 @@ LDAP_QUERY_FILTER_ALIAS=
|
|||
# => Specify how ldap should be asked for domains
|
||||
LDAP_QUERY_FILTER_DOMAIN=
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Dovecot Section –––––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- Dovecot Section ---------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
# empty => no
|
||||
# yes => LDAP over TLS enabled for Dovecot
|
||||
|
@ -297,9 +385,9 @@ DOVECOT_MAILBOX_FORMAT=maildir
|
|||
# https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
|
||||
DOVECOT_AUTH_BIND=
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Postgrey Section ––––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- Postgrey Section --------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
ENABLE_POSTGREY=0
|
||||
# greylist for N seconds
|
||||
|
@ -307,13 +395,13 @@ POSTGREY_DELAY=300
|
|||
# delete entries older than N days since the last time that they have been seen
|
||||
POSTGREY_MAX_AGE=35
|
||||
# response when a mail is greylisted
|
||||
POSTGREY_TEXT=Delayed by Postgrey
|
||||
POSTGREY_TEXT="Delayed by Postgrey"
|
||||
# whitelist host after N successful deliveries (N=0 to disable whitelisting)
|
||||
POSTGREY_AUTO_WHITELIST_CLIENTS=5
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– SASL Section ––––––––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- SASL Section ------------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
ENABLE_SASLAUTHD=0
|
||||
|
||||
|
@ -322,30 +410,27 @@ ENABLE_SASLAUTHD=0
|
|||
# `shadow` => authenticate against local user db
|
||||
# `mysql` => authenticate against mysql db
|
||||
# `rimap` => authenticate against imap server
|
||||
# NOTE: can be a list of mechanisms like pam ldap shadow
|
||||
# Note: can be a list of mechanisms like pam ldap shadow
|
||||
SASLAUTHD_MECHANISMS=
|
||||
|
||||
# empty => None
|
||||
# e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
|
||||
SASLAUTHD_MECH_OPTIONS=
|
||||
|
||||
# empty => localhost
|
||||
# empty => Use value of LDAP_SERVER_HOST
|
||||
# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL.
|
||||
SASLAUTHD_LDAP_SERVER=
|
||||
|
||||
# empty or 0 => `ldap://` will be used
|
||||
# 1 => `ldaps://` will be used
|
||||
SASLAUTHD_LDAP_SSL=
|
||||
|
||||
# empty => anonymous bind
|
||||
# empty => Use value of LDAP_BIND_DN
|
||||
# specify an object with priviliges to search the directory tree
|
||||
# e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
|
||||
# e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
|
||||
SASLAUTHD_LDAP_BIND_DN=
|
||||
|
||||
# empty => anonymous bind
|
||||
# empty => Use value of LDAP_BIND_PW
|
||||
SASLAUTHD_LDAP_PASSWORD=
|
||||
|
||||
# empty => Reverting to SASLAUTHD_MECHANISMS pam
|
||||
# empty => Use value of LDAP_SEARCH_BASE
|
||||
# specify the search base
|
||||
SASLAUTHD_LDAP_SEARCH_BASE=
|
||||
|
||||
|
@ -356,7 +441,7 @@ SASLAUTHD_LDAP_FILTER=
|
|||
|
||||
# empty => no
|
||||
# yes => LDAP over TLS enabled for SASL
|
||||
# Must not be used together with SASLAUTHD_LDAP_SSL=1_
|
||||
# If set to yes, the protocol in SASLAUTHD_LDAP_SERVER must be ldap:// or missing.
|
||||
SASLAUTHD_LDAP_START_TLS=
|
||||
|
||||
# empty => no
|
||||
|
@ -390,12 +475,12 @@ SASLAUTHD_LDAP_AUTH_METHOD=
|
|||
|
||||
# Specify the authentication mechanism for SASL bind
|
||||
# empty => Nothing is added to the configuration
|
||||
# Any value => Fills the `ldap_mech` option
|
||||
# Any value => Fills the `ldap_mech` option
|
||||
SASLAUTHD_LDAP_MECH=
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– SRS Section –––––––––––––––––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- SRS Section -------------------------------
|
||||
# -----------------------------------------------
|
||||
|
||||
# envelope_sender => Rewrite only envelope sender address (default)
|
||||
# header_sender => Rewrite only header sender (not recommended)
|
||||
|
@ -416,9 +501,9 @@ SRS_EXCLUDE_DOMAINS=
|
|||
# rotate and expire keys
|
||||
SRS_SECRET=
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Default Relay Host Section ––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- Default Relay Host Section ----------------
|
||||
# -----------------------------------------------
|
||||
|
||||
# Setup relaying all mail through a default relay host
|
||||
#
|
||||
|
@ -426,9 +511,9 @@ SRS_SECRET=
|
|||
# default host and optional port to relay all mail through
|
||||
DEFAULT_RELAY_HOST=mail.infomaniak.com
|
||||
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# ––– Multi-Domain Relay Section ––––––––––––––––
|
||||
# –––––––––––––––––––––––––––––––––––––––––––––––
|
||||
# -----------------------------------------------
|
||||
# --- Multi-Domain Relay Section ----------------
|
||||
# -----------------------------------------------
|
||||
|
||||
# Setup relaying for multiple domains based on the domain name of the sender
|
||||
# optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf
|
||||
|
|
|
@ -26,7 +26,7 @@ LBLUE="\e[94m"
|
|||
RESET="\e[0m"
|
||||
|
||||
set -euEo pipefail
|
||||
shopt -s inherit_errexit
|
||||
shopt -s inherit_errexit 2>/dev/null || true
|
||||
trap '__err "${BASH_SOURCE}" "${FUNCNAME[0]:-?}" "${BASH_COMMAND:-?}" "${LINENO:-?}" "${?:-?}"' ERR
|
||||
|
||||
function __err
|
||||
|
@ -88,14 +88,6 @@ function _show_local_usage
|
|||
|
||||
function _get_absolute_script_directory
|
||||
{
|
||||
if [[ "$(uname)" == 'Darwin' ]]
|
||||
then
|
||||
readlink() {
|
||||
# requires coreutils
|
||||
greadlink "${@:+$@}"
|
||||
}
|
||||
fi
|
||||
|
||||
if dirname "$(readlink -f "${0}")" &>/dev/null
|
||||
then
|
||||
DIR="$(dirname "$(readlink -f "${0}")")"
|
||||
|
@ -154,7 +146,7 @@ function _run_in_new_container
|
|||
|
||||
${CRI} run --rm "${USE_TTY}" \
|
||||
-v "${CONFIG_PATH}:${DMS_CONFIG}${USE_SELINUX}" \
|
||||
"${IMAGE_NAME}" "${@:+$@}"
|
||||
"${IMAGE_NAME}" "${@}"
|
||||
}
|
||||
|
||||
function _main
|
||||
|
@ -234,9 +226,9 @@ function _main
|
|||
|
||||
if [[ -n ${CONTAINER_NAME} ]]
|
||||
then
|
||||
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" setup "${@:+$@}"
|
||||
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" setup "${@}"
|
||||
else
|
||||
_run_in_new_container setup "${@:+$@}"
|
||||
_run_in_new_container setup "${@}"
|
||||
fi
|
||||
|
||||
[[ ${1} == 'help' ]] && _show_local_usage
|
||||
|
@ -244,4 +236,5 @@ function _main
|
|||
return 0
|
||||
}
|
||||
|
||||
_main "${@:+$@}"
|
||||
[[ -z ${1:-} ]] && set 'help'
|
||||
_main "${@}"
|
||||
|
|
Reference in New Issue