Nebucatnetzer
/
docker_systems
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Update docker-mailserver to 11.0.0

This commit is contained in:
Andreas Zweili 2022-05-05 20:21:09 +02:00
parent 3ecc8c2621
commit d267845832
3 changed files with 159 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docker-mailserver/docker-compose.yml
View File

@ -2,7 +2,7 @@ version: "3.8"
services:
mail:
image: docker.io/mailserver/docker-mailserver:10.5
image: docker.io/mailserver/docker-mailserver:11.0.0
hostname: mail
domainname: zweili.org
env_file: mailserver.env

219
docker-mailserver/mailserver.env
View File

@ -1,13 +1,24 @@
#
# Mailserver Environment Variables
#
# -----------------------------------------------
# --- Mailserver Environment Variables ----------
# -----------------------------------------------
# DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER
# https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/
# -----------------------------------------------
# --- General Section ---------------------------
# -----------------------------------------------
# empty => uses the `hostname` command to get the mail server's canonical hostname
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
OVERRIDE_HOSTNAME=mail.zweili.org
# 0 => Debug disabled 1 => Enables debug on startup
DMS_DEBUG=0
# Set the log level for DMS.
# This is mostly relevant for container startup scripts and change detection event feedback.
#
# Valid values (in order of increasing verbosity) are: `error`, `warn`, `info`, `debug` and `trace`.
# The default log level is `info`.
LOG_LEVEL=info
# critical => Only show critical messages
# error => Only show erroneous output
@ -24,15 +35,35 @@ ONE_DIR=0
# => Specify the postmaster address
POSTMASTER_ADDRESS=postmaster@2li.ch
# Check for updates on container start and then once a day
# If an update is available, a mail is sent to POSTMASTER_ADDRESS
# 0 => Update check disabled
# 1 => Update check enabled
ENABLE_UPDATE_CHECK=1
# Customize the update check interval.
# Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
UPDATE_CHECK_INTERVAL=1d
# Set different options for mynetworks option (can be overwrite in postfix-main.cf)
# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
# `connected-networks` option, can create an open relay
# https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498
# empty => localhost only
# host => Add docker host (ipv4 only)
# network => Add all docker containers (ipv4 only)
# The same can happen for rootless podman. To prevent this, set the value to "none" or configure slirp4netns
# https://github.com/docker-mailserver/docker-mailserver/issues/2377
#
# none => Explicitly force authentication
# container => Container IP address only
# host => Add docker container network (ipv4 only)
# network => Add all docker container networks (ipv4 only)
# connected-networks => Add all connected docker networks (ipv4 only)
PERMIT_DOCKER=
PERMIT_DOCKER=none
# Set the timezone. If this variable is unset, the container runtime will try to detect the time using
# `/etc/localtime`, which you can alternatively mount into the container. The value of this variable
# must follow the pattern `AREA/ZONE`, i.e. of you want to use Germany's time zone, use `Europe/Berlin`.
# You can lookup all available timezones here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List
TZ=
# In case you network interface differs from 'eth0', e.g. when you are using HostNetworking in Kubernetes,
# you can set NETWORK_INTERFACE to whatever interface you want. This interface will then be used.
@ -68,12 +99,30 @@ ENABLE_CLAMAV=1
# 1 => Enabled
ENABLE_AMAVIS=1
# -1/-2/-3 => Only show errors
# **0** => Show warnings
# 1/2 => Show default informational output
# 3/4/5 => log debug information (very verbose)
AMAVIS_LOGLEVEL=0
# This enables the [zen.spamhaus.org](https://www.spamhaus.org/zen/) DNS block list in postfix
# and various [lists](https://github.com/docker-mailserver/docker-mailserver/blob/f7465a50888eef909dbfc01aff4202b9c7d8bc00/target/postfix/main.cf#L58-L66) in postscreen.
# Note: Emails will be rejected, if they don't pass the block list checks!
# **0** => DNS block lists are disabled
# 1 => DNS block lists are enabled
ENABLE_DNSBL=0
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
# cap_add:
# - NET_ADMIN
# Otherwise, `iptables` won't be able to ban IPs.
# Otherwise, `nftables` won't be able to ban IPs.
ENABLE_FAIL2BAN=0
# Fail2Ban blocktype
# drop => drop packet (send NO reply)
# reject => reject packet (send ICMP unreachable)
FAIL2BAN_BLOCKTYPE=drop
# 1 => Enables Managesieve on port 4190
# empty => disables Managesieve
ENABLE_MANAGESIEVE=
@ -128,11 +177,22 @@ POSTFIX_DAGENT=
# empty => 0
POSTFIX_MAILBOX_SIZE_LIMIT=
# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes
# 0 => Dovecot quota is disabled
# 1 => Dovecot quota is enabled
ENABLE_QUOTAS=1
# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
#
# empty => 10240000 (~10 MB)
POSTFIX_MESSAGE_SIZE_LIMIT=
# Mails larger than this limit won't be scanned.
# ClamAV must be enabled (ENABLE_CLAMAV=1) for this.
#
# empty => 25M (25 MB)
CLAMAV_MESSAGE_SIZE_LIMIT=
# Enables regular pflogsumm mail reports.
# This is a new option. The old REPORT options are still supported for backwards compatibility. If this is not set and reports are enabled with the old options, logrotate will be used.
#
@ -147,9 +207,9 @@ PFLOGSUMM_TRIGGER=daily_cron
# => Specify the recipient address(es)
PFLOGSUMM_RECIPIENT=andreas@zweili.ch
# From address for pflogsumm reports.
# Sender address (`FROM`) for pflogsumm reports if pflogsumm reports are enabled.
#
# not set => Use REPORT_SENDER or POSTMASTER_ADDRESS
# not set => Use REPORT_SENDER
# => Specify the sender address
PFLOGSUMM_SENDER=
@ -164,44 +224,72 @@ LOGWATCH_INTERVAL=daily
#
# not set => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
# => Specify the recipient address(es)
LOGWATCH_RECIPIENT=andreas@zweili.ch
LOGWATCH_RECIPIENT=
# Enables a report being sent (created by pflogsumm) on a regular basis. (deprecated)
# **0** => Report emails are disabled
# 1 => Using POSTMASTER_ADDRESS as the recipient
# Sender address (`FROM`) for logwatch reports if logwatch reports are enabled.
#
# not set => Use REPORT_SENDER
# => Specify the sender address
LOGWATCH_SENDER=
# Defines who receives reports if they are enabled.
# **empty** => ${POSTMASTER_ADDRESS}
# => Specify the recipient address
REPORT_RECIPIENT=0
REPORT_RECIPIENT=andreas@zweili.ch
# Change the sending address for mail report (deprecated)
# **empty** => mailserver-report@hostname
# => Specify the report sender (From) address
# Defines who sends reports if they are enabled.
# **empty** => mailserver-report@${DOMAINNAME}
# => Specify the sender address
REPORT_SENDER=
# Changes the interval in which a report is being sent. (deprecated)
# **daily** => Send a daily report
# weekly => Send a report every week
# monthly => Send a report every month
# Changes the interval in which log files are rotated
# **weekly** => Rotate log files weekly
# daily => Rotate log files daily
# monthly => Rotate log files monthly
#
# Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/)
REPORT_INTERVAL=daily
# Note: This Variable actually controls logrotate inside the container
# and rotates the log files depending on this setting. The main log output is
# still available in its entirety via `docker logs mail` (Or your
# respective container name). If you want to control logrotation for
# the Docker-generated logfile see:
# https://docs.docker.com/config/containers/logging/configure/
#
# Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
LOGROTATE_INTERVAL=weekly
# Choose TCP/IP protocols to use
# Choose TCP/IP protocols for postfix to use
# **all** => All possible protocols.
# ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
# ipv6 => Use only IPv6 traffic.
#
# Note: More details in http://www.postfix.org/postconf.5.html#inet_protocols
# Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols
POSTFIX_INET_PROTOCOLS=all
#
# Spamassassin Section
#
# Choose TCP/IP protocols for dovecot to use
# **all** => Listen on all interfaces
# ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
# ipv6 => Listen only on IPv6 interfaces.
#
# Note: More information at https://dovecot.org/doc/dovecot-example.conf
DOVECOT_INET_PROTOCOLS=all
# -----------------------------------------------
# --- SpamAssassin Section ----------------------
# -----------------------------------------------
ENABLE_SPAMASSASSIN=1
# deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1
# KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation.
# If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
# - **0** => KAM disabled
# - 1 => KAM enabled
#
# Note: only has an effect if `ENABLE_SPAMASSASSIN=1`
ENABLE_SPAMASSASSIN_KAM=1
# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
MOVE_SPAM_TO_JUNK=1
@ -217,18 +305,18 @@ SA_KILL=6.31
# add tag to subject if spam detected
SA_SPAM_SUBJECT=***SPAM*****
#
# Fetchmail Section
#
# -----------------------------------------------
# --- Fetchmail Section -------------------------
# -----------------------------------------------
ENABLE_FETCHMAIL=0
# The interval to fetch mail in seconds
FETCHMAIL_POLL=300
#
# LDAP Section
#
# -----------------------------------------------
# --- LDAP Section ------------------------------
# -----------------------------------------------
# A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap)
# For preparing the ldap server to use in combination with this container this article may be helpful: http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/
@ -274,9 +362,9 @@ LDAP_QUERY_FILTER_ALIAS=
# => Specify how ldap should be asked for domains
LDAP_QUERY_FILTER_DOMAIN=
#
# Dovecot Section
#
# -----------------------------------------------
# --- Dovecot Section ---------------------------
# -----------------------------------------------
# empty => no
# yes => LDAP over TLS enabled for Dovecot
@ -297,9 +385,9 @@ DOVECOT_MAILBOX_FORMAT=maildir
# https://wiki.dovecot.org/AuthDatabase/LDAP/AuthBinds
DOVECOT_AUTH_BIND=
#
# Postgrey Section
#
# -----------------------------------------------
# --- Postgrey Section --------------------------
# -----------------------------------------------
ENABLE_POSTGREY=0
# greylist for N seconds
@ -307,13 +395,13 @@ POSTGREY_DELAY=300
# delete entries older than N days since the last time that they have been seen
POSTGREY_MAX_AGE=35
# response when a mail is greylisted
POSTGREY_TEXT=Delayed by Postgrey
POSTGREY_TEXT="Delayed by Postgrey"
# whitelist host after N successful deliveries (N=0 to disable whitelisting)
POSTGREY_AUTO_WHITELIST_CLIENTS=5
#
# SASL Section
#
# -----------------------------------------------
# --- SASL Section ------------------------------
# -----------------------------------------------
ENABLE_SASLAUTHD=0
@ -322,30 +410,27 @@ ENABLE_SASLAUTHD=0
# `shadow` => authenticate against local user db
# `mysql` => authenticate against mysql db
# `rimap` => authenticate against imap server
# NOTE: can be a list of mechanisms like pam ldap shadow
# Note: can be a list of mechanisms like pam ldap shadow
SASLAUTHD_MECHANISMS=
# empty => None
# e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
SASLAUTHD_MECH_OPTIONS=
# empty => localhost
# empty => Use value of LDAP_SERVER_HOST
# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL.
SASLAUTHD_LDAP_SERVER=
# empty or 0 => `ldap://` will be used
# 1 => `ldaps://` will be used
SASLAUTHD_LDAP_SSL=
# empty => anonymous bind
# empty => Use value of LDAP_BIND_DN
# specify an object with priviliges to search the directory tree
# e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
# e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
SASLAUTHD_LDAP_BIND_DN=
# empty => anonymous bind
# empty => Use value of LDAP_BIND_PW
SASLAUTHD_LDAP_PASSWORD=
# empty => Reverting to SASLAUTHD_MECHANISMS pam
# empty => Use value of LDAP_SEARCH_BASE
# specify the search base
SASLAUTHD_LDAP_SEARCH_BASE=
@ -356,7 +441,7 @@ SASLAUTHD_LDAP_FILTER=
# empty => no
# yes => LDAP over TLS enabled for SASL
# Must not be used together with SASLAUTHD_LDAP_SSL=1_
# If set to yes, the protocol in SASLAUTHD_LDAP_SERVER must be ldap:// or missing.
SASLAUTHD_LDAP_START_TLS=
# empty => no
@ -390,12 +475,12 @@ SASLAUTHD_LDAP_AUTH_METHOD=
# Specify the authentication mechanism for SASL bind
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_mech` option
# Any value => Fills the `ldap_mech` option
SASLAUTHD_LDAP_MECH=
#
# SRS Section
#
# -----------------------------------------------
# --- SRS Section -------------------------------
# -----------------------------------------------
# envelope_sender => Rewrite only envelope sender address (default)
# header_sender => Rewrite only header sender (not recommended)
@ -416,9 +501,9 @@ SRS_EXCLUDE_DOMAINS=
# rotate and expire keys
SRS_SECRET=
#
# Default Relay Host Section
#
# -----------------------------------------------
# --- Default Relay Host Section ----------------
# -----------------------------------------------
# Setup relaying all mail through a default relay host
#
@ -426,9 +511,9 @@ SRS_SECRET=
# default host and optional port to relay all mail through
DEFAULT_RELAY_HOST=mail.infomaniak.com
#
# Multi-Domain Relay Section
#
# -----------------------------------------------
# --- Multi-Domain Relay Section ----------------
# -----------------------------------------------
# Setup relaying for multiple domains based on the domain name of the sender
# optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf

19
docker-mailserver/setup.sh Executable file → Normal file
View File

@ -26,7 +26,7 @@ LBLUE="\e[94m"
RESET="\e[0m"
set -euEo pipefail
shopt -s inherit_errexit
shopt -s inherit_errexit 2>/dev/null || true
trap '__err "${BASH_SOURCE}" "${FUNCNAME[0]:-?}" "${BASH_COMMAND:-?}" "${LINENO:-?}" "${?:-?}"' ERR
function __err
@ -88,14 +88,6 @@ function _show_local_usage
function _get_absolute_script_directory
{
if [[ "$(uname)" == 'Darwin' ]]
then
readlink() {
# requires coreutils
greadlink "${@:+$@}"
}
fi
if dirname "$(readlink -f "${0}")" &>/dev/null
then
DIR="$(dirname "$(readlink -f "${0}")")"
@ -154,7 +146,7 @@ function _run_in_new_container
${CRI} run --rm "${USE_TTY}" \
-v "${CONFIG_PATH}:${DMS_CONFIG}${USE_SELINUX}" \
"${IMAGE_NAME}" "${@:+$@}"
"${IMAGE_NAME}" "${@}"
}
function _main
@ -234,9 +226,9 @@ function _main
if [[ -n ${CONTAINER_NAME} ]]
then
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" setup "${@:+$@}"
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" setup "${@}"
else
_run_in_new_container setup "${@:+$@}"
_run_in_new_container setup "${@}"
fi
[[ ${1} == 'help' ]] && _show_local_usage
@ -244,4 +236,5 @@ function _main
return 0
}
_main "${@:+$@}"
[[ -z ${1:-} ]] && set 'help'
_main "${@}"