docker/docker-mailserver
1
0
Fork 0
mirror of https://github.com/tomav/docker-mailserver.git synced 2024-06-30 13:11:15 +02:00
Code Issues Releases Wiki Activity
1,777 Commits 3 Branches 27 Tags 32 MiB
a226863aa5
Commit Graph

409 Commits

Author SHA1 Message Date
Casper
11ab4a84a9
More detailed error message 2020-07-19 21:23:59 +02:00
Casper
7c0998f7fa
Check if second argument is given 2020-07-19 21:21:01 +02:00
Erik Wramner
f206ad7ee1
Merge pull request #1553 from MichaelSp/letsencrypt-traefik-acme-json 
Letsencrypt traefik v2 acme json
 2020-07-16 07:49:04 +02:00
guardiande
5c5c8eb814
Revert dummy change 2020-07-15 09:39:59 +02:00
guardiande
7189d4c63f
Dummy change to trigger travis 2020-07-15 09:12:14 +02:00
guardiande
76d3f7643a
Fix sasl_password generation to allow passwords containing hashes 2020-07-15 08:26:25 +02:00
Michael Sprauer
d61a8cd9c0 letsencrypt & traefik wildcard support 
set SSL_DOMAIN=*.example.com to extract a wildcard certificate from traefiks acme.json store
 2020-07-13 22:58:17 +02:00
Michael Sprauer
3a3cec6a8f trigger reload if cert change 
/etc/letsencrypt/live/$HOSTNAME/key.pem  and /etc/letsencrypt/live/$HOSTNAME/fullchain.pem are watched and will trigger a reload if changed
 2020-07-07 21:26:53 +02:00
Ben
2ee280dcb3
Update dovecot-ldap.conf.ext 
add auth_bind = no so that it can be overridden via the env-mailserver file used by docker compose. This is related to #1526
 2020-07-04 11:50:25 -07:00
Michael Sprauer
32c732e276 certificates from acme.json 
Will extract certificates from acme.json as written by traefik for usage in dovecot and postfix.
Also watches acme.json for changes. For this to work the file has to be mounted/present at `/etc/letsencrypt/acme.json`
 2020-06-30 22:43:22 +02:00
Erik Wramner
df4e04f033
Merge pull request #1547 from MrFreezeex/master 
Fix dovecot variable with whitespace
 2020-06-28 11:02:58 +02:00
Gio
d888dbcf7f Fix typo 2020-06-27 23:07:17 -05:00
Arthur Outhenin-Chalandre
c7f9fbd439
Fix dovecot variable with whitespace 
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
 2020-06-27 11:17:25 +02:00
Casper
c359521121
Typo fixed 2020-06-14 04:39:34 +02:00
Nicholas Pepper
1b659a5574 Modified letsencrypt support to add domain name checking in addition to 
hostname checking.  Added necessary tests and renamed original manual
ssl test to a name that supports adding the other SSL tests.
 2020-05-15 04:52:26 +00:00
youtous
04059cd618
MAIL-8818 - Postfix information leakage 
To prevent announcing software or version to malicious people or scripts, it is advised to hide such information.


This information is provided as part of the Lynis community project. It is related to Lynis control MAIL-8818 and should be considered as-is and without guarantees.

https://cisofy.com/lynis/controls/MAIL-8818/
 2020-05-10 16:04:53 +02:00
youtous
d0f7257333
support comments in .cf files 2020-05-06 22:59:55 +02:00
youtous
32d16084ec
sieve scripts using alphabetical order 2020-05-04 16:13:47 +02:00
youtous
92414b7eba
sieve after/before use folder instead of individual listing 
Loading sieve scripts using a directory scheme permits to handle multi scripts wtihout defining individual sieve_before/sieve_after
 2020-05-04 00:27:29 +02:00
youtous
30262128f4
raise a warning when SPAMASSASSIN_SPAM_TO_INBOX isn't explicitly defined 2020-05-03 10:33:50 +02:00
youtous
d829905cf7
init spams to junk 2020-05-03 10:33:28 +02:00
Erik Wramner
23eb7c42ab
Merge pull request #1481 from youtous/fix-sieve-folder 
Prevent sieve symlink to be evaluated as a directory by dovecot
 2020-05-02 08:09:09 +02:00
Erik Wramner
0537c6f046
Merge pull request #1482 from youtous/feature-quota-optional 
Feature quota optional.
 2020-05-02 08:07:38 +02:00
youtous
16cd4f9d2d
Reduce opportunities for a potential CPU exhaustion attack with NO_RENEGOTIATION 
See https://en.wikipedia.org/wiki/Resource_exhaustion_attack
 2020-05-02 00:04:05 +02:00
youtous
0c838706d0
Option to disable dovecot quota 2020-05-01 23:42:21 +02:00
youtous
e8581be2d3
Prevent sieve symlink to be evaluated as a directory by dovecot 2020-05-01 23:20:15 +02:00
youtous
3aeacef125
remove start-mailserver nested conditions dovecot quota 2020-04-30 16:11:45 +02:00
youtous
d45e6b1c22
#fix 1478 2020-04-30 12:47:12 +02:00
Erik Wramner
35f473ad12
Merge pull request #1474 from polarathene/chore/remove-obsolete-param-usetls 
chore: Remove obsolete postfix parameter `smtpd_use_tls`
 2020-04-30 08:02:11 +02:00
Brennan Kinney
76594c21c4
Add note about tls_ssl_options = NO_COMPRESSION 
[Postfix docs](http://www.postfix.org/postconf.5.html#tls_ssl_options):

> Disable SSL compression even if supported by the OpenSSL library. Compression is CPU-intensive, and compression before encryption does not always improve security.

[Postfix mailing list discussion](http://postfix.1071664.n5.nabble.com/patch-mitigate-CRIME-attack-td57978.html):

> The CRIME attack does not apply to SMTP, because unlike SMTP, there is no javascript in SMTP clients that makes them send thousands of email messages with chosen plaintext compressed together in the same packet with SASL credentials or other sensitive data.
> The auditor completely failed to take the context into account.

[Mailing list discussion of potential compression CRIME-like attack](https://lists.cert.at/pipermail/ach/2014-December/001660.html)

> keeping compression disabled is a good idea.

If you need a good test score, PCI compliance will likely flag compression despite not having any known risk with non-HTTP TLS.
 2020-04-29 19:41:08 +12:00
Brennan Kinney
e7de9bceaf
chore: Remove obsolete postfix parameter smtpd_use_tls 
See: http://www.postfix.org/postconf.5.html#smtpd_tls_security_level

> this overrides the obsolete parameters `smtpd_use_tls` and `smtpd_enforce_tls`.
 2020-04-27 23:24:26 +12:00
youtous
03b8f87ffc
update dovecot conf comment 2020-04-26 22:23:51 +02:00
youtous
47fac2706f
use ffdhe4096 for DHE params 
use by default ffdhe4096 for DHE params 


use by default ffdhe4096 for DHE params
 2020-04-26 22:23:51 +02:00
youtous
f60de0c66e
init tests cases ffdhe4096 2020-04-26 22:23:51 +02:00
youtous
2527ebfaf2
added dovecot quota feature 
add postfix service quota check


check-for-changes on quotas


setquota command


fix checkforchanges quota


addquota verify user exists


add setquota in setup.sh


merging addquota into setquota


test quota commands


add ldap tests for dovecot quota


fix smtp only quota postfix rules


test postfix conf


add quota test integration


add quota exceeded test


add wait analyze


fix tests


fix setup typo


add test fixes


fix error output


wip


update startup rules


fix setup


fix setup tests


fix output commands


remove quota on remove user


try to fix sync limit mails


check if file exists


fix path


change used quota user


fix post size


check if quota file exists


update tests


configure virtualmailbox limit for dovecot


last fix


fix quota expr


relax dovecot tests


auto create dovecot-quotas


fix dovecot apply quota test


wip quota warning


trying to fix get dovadm quota


dovecot applies fix


fix quota warning lda path


test count mail on quota


fix quota warning permissiosn


fix test
 2020-04-24 14:56:15 +02:00
Nils Knappmeier
370d08fd33 fail2ban: use filter.d/dovecot.conf from distribution 
closes #972
 2020-04-10 22:21:40 +02:00
Erik Wramner
73b8d65dd3 Merge next into master 2020-04-05 09:28:22 +02:00
Erik Wramner
04777fdb89
Merge pull request #1435 from Drakulix/master 
amavis: fix config permission
 2020-04-05 08:43:47 +02:00
Christian Glahn
ff1248eeee activate shortcircuit plugin, fixes #1442 2020-03-31 17:09:23 +02:00
Jairo Llopis
a00dced8bc Allow to set comfortably inet_protocols 
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.

@Tecnativa TT22925
 2020-03-25 21:43:29 +01:00
Victor Brekenfeld
c491496b6e avavis fix config permission 2020-03-24 15:43:35 +01:00
Erik Wramner
142b98a209
Merge pull request #1427 from Tecnativa/inet-protocols 
Allow to set comfortably inet_protocols
 2020-03-22 08:56:55 +01:00
Germain Masse
ce41f60888 Move filebeat to its own container 2020-03-20 17:56:18 +01:00
Jairo Llopis
ab22450364
Allow to set comfortably inet_protocols 
Setting `inet_protocols = ipv4` is almost a requirement when running behind Docker. Provide a way to make it easy.

@Tecnativa TT22925
 2020-03-19 08:35:25 +00:00
Wandrille RONCE
d148eeddfb Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example 2020-03-16 18:47:24 +01:00
Robert Pufky
d3f7c56cdf Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature. 
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
  supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
  error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
 2020-03-16 18:45:22 +01:00
Wandrille RONCE
90951876cd Add an option to place spam in the inbox, and then sort the mail by a sieve rule for example 2020-03-15 17:51:12 +01:00
Robert Pufky
a82caf5d9b Fix broken fail2ban dovecot filter; use <HOST> instead of undocumented feature. 
* Replace deprecated, undocumented fail2ban feature "(\P<host>\S*)" with
  supported host match "<HOST>".
* Fixes "No failure-id group in '(?: pop3-login|ima ..." fail2ban dovecot filter
  error message.
* See: https://github.com/fail2ban/fail2ban/issues/2130
 2020-02-01 14:57:03 -08:00
Erik Wramner
f342151b80 Fixed several amavis tests and removed commented code 2020-01-26 16:39:58 +01:00
Erik Wramner
a208748ea2 Configure amavis with D_BOUNCE for spam 2020-01-26 08:34:40 +01:00
Erik Wramner
85ae8a1471 Fix fail2ban issues and install some suggested amavis packages 2020-01-25 15:33:06 +01:00
Erik Wramner
91b2c9834e Upgrade to buster and remove filebeat 2020-01-25 15:33:06 +01:00
Torben Weibert
ca16307729 Added -f flag to chmod command to suppress error when no sieve-pipe scripts exist 2020-01-21 22:18:00 +01:00
Torben Weibert
70d87f5119 Add executable flag for scripts in /usr/lib/dovecot/sieve-pipe 2020-01-21 18:18:16 +01:00
Erik Wramner
ae2aa6eeb4
Merge pull request #1372 from phish108/shortcircuit-bayes-99-mini 
activate SA shortcircuit features via env, fixes #1118 (again)
 2020-01-15 07:28:00 +01:00
Lukas Elsner
35df764107 fix clamav issue in logwatch 2020-01-13 17:58:34 -05:00
Christian Glahn
b8726b80a4 activate SA shortcircuit features via env, fixes #1118 2020-01-13 14:22:14 +01:00
Erik Wramner
d847be2d5a
Merge pull request #1331 from Tecnativa/srs-sender-classes 
Allow to configure SRS sender classes easily
 2019-12-06 07:22:46 +01:00
Jairo Llopis
7f1bc8f8b3
Avoid infinite failure log in Amavis with SMTP_ONLY=1 
Fix #801 by simply touching the file if it doesn't exist.

@Tecnativa TT20505
 2019-12-03 13:43:43 +00:00
Jairo Llopis
42348ff353
Allow to configure SRS sender classes easily 
This will allow to forward safely any email from any host, no matter how strict their SPF policy is, by setting `SRS_SENDER_CLASSES=envelope_sender,header_sender`.

@Tecnativa TT20505
 2019-12-03 13:33:51 +00:00
Erik Wramner
da1287c1a5 Changed wrong set options in pflogsumm cron job 2019-12-01 09:19:47 +01:00
Erik Wramner
c882d95deb
Merge pull request #1284 from vortex852456/master 
Added optional file user-patches.sh for own patches without recompiling
 2019-11-09 15:13:06 +01:00
Germain Masse
36afac7726 New option DOVECOT_MAILBOX_FORMAT 2019-11-04 15:49:29 +00:00
Germain Masse
e465e659ad Remove unnecessary maildir folders creation 2019-11-01 20:04:37 +00:00
Erik Wramner
37e0082cd7 Set expected permissions in log #1300 2019-10-27 09:22:16 +01:00
Vortex
c30c3bf5de moved user_patches from misc to nearly the end of setups 2019-10-16 18:56:06 +02:00
Daniel Dobko
e441f1318a Tests should work from now on 
Merge branch 'user-patches.sh'

# Conflicts:
#	config/user-patches.sh
#	target/start-mailserver.sh
 2019-10-08 21:55:46 +02:00
Undercover1989
275a83667a base files 2019-10-08 21:22:12 +02:00
Undercover1989
0975b71d72 chown docker:docker /tmp/docker-mailserver/user-patches.sh 2019-10-08 19:24:01 +02:00
Undercover1989
b5c422c3c5 start user-patches.sh native instead of explicit using the bash-command 2019-10-08 15:08:01 +02:00
Undercover1989
b01071f52f Added optional file ./config/user-patches.sh which is executed between configuration and starting daemons (misc-section) 2019-10-07 21:04:49 +02:00
Erik Wramner
5f9428fcf3 Set REPORT_RECIPIENT to postmaster when 0 2019-09-24 21:09:48 +02:00
Erik Wramner
b9515eae4c Fix report_recipient bugs 2019-09-22 17:16:33 +02:00
Erik Wramner
008b8e6bce Fix #1093, pflogsumm and logwatch 2019-09-16 08:00:35 +02:00
Erik Wramner
f14c9fc6ce Moved Postfix overrides last to fix #1143 2019-09-15 18:29:46 +02:00
Erik Wramner
0eef718ed2 Fix #1251 intermediate TLS level 2019-09-05 19:39:33 +02:00
Erik Wramner
615a845d6c Fixed bug when dh.pem/dhparam.pem exists with ONE_DIR 2019-08-13 07:26:31 +02:00
Erik Wramner
5ebb8614a2
Merge pull request #1220 from erik-wramner/dhparam_on_start 
Generate dhparam and dovecot cert on start
 2019-08-12 22:00:31 +02:00
Erik Wramner
f5dac6e71c Disable SMTPUTF8 as Dovecot can't handle it 2019-08-11 17:14:00 +02:00
Erik Wramner
d6838e8274 Remove spamassassin cron job when spamassassin is off 2019-08-11 09:52:50 +02:00
Erik Wramner
9d7873850d Move dovecot cert generation to startup 2019-08-10 10:15:35 +02:00
Erik Wramner
fc8d684994 Generate dhparams at startup, not build 2019-08-09 22:13:50 +02:00
Roman Seyffarth
5eb0d5ffa6 Fixed opendkim config on multiple nameservers 2019-08-09 09:04:43 +02:00
Martin Schulze
fcce47a392 WIP: actually test PERMIT_DOCKER=connected-networks 
also showcase timeouts and makefile integration
 2019-08-07 02:24:56 +02:00
Erik Wramner
41921f82aa
Merge pull request #1205 from j-marz/opendkim_nameserver 
set Nameservers in opendkim.conf at start-up
 2019-08-04 18:54:08 +02:00
j-marz
8a1584c3cb set Nameservers in opendkim.conf at start-up 2019-08-03 15:26:44 +10:00
Martin Schulze
234632913e Add PERMIT_DOCKER=connected-networks 2019-08-02 15:05:00 +02:00
Erik Wramner
81e9c7dcff Protect user db with flock 2019-08-01 19:39:25 +02:00
Erik Wramner
ec4661194b Compute checksum after possible in-place sed changes 2019-08-01 12:05:48 +02:00
Erik Wramner
7f3e5a22e1 Create checksums in start script, avoid race condition 2019-08-01 09:58:22 +02:00
Erik Wramner
573609e011 Put checksum file in /tmp as suggested in code review 2019-07-31 12:56:18 +02:00
Erik Wramner
37708b5787 Added comment explaining chksum file location 2019-07-31 10:41:32 +02:00
Erik Wramner
311bdfa1ba Keep checksum file outside shared/mounted area 2019-07-30 16:10:51 +02:00
Erik Wramner
566c28555a Revert "Sync after update to make sure changes propagate to host" 
This reverts commit 66711cfe5d33a9ce5ae3d78e7b7c04e68edf1571.
 2019-07-30 16:10:51 +02:00
Erik Wramner
b58fd30c0a Sync after update to make sure changes propagate to host 2019-07-30 16:10:51 +02:00
Erik Wramner
f21bffe322 Fix 1198 freshclam (#1199) 
* Run freshclam as clamav user not root

* Remove freshclam cron job when clamav is disabled
 2019-07-29 11:15:49 +02:00
j-marz
42675ba7ad Fixed self-signed cert generation (#1183) 
Added optional FQDN arguement to setup.sh script which avoids using temporary container hostname for cert names. Also fixed issue with certs being saved outside config volume
 2019-07-29 11:14:36 +02:00
Torben Weibert
cba6b07391 Allow postfix master.cf overrides to start with numbers, not only characters (#1190) 2019-07-24 15:11:00 +02:00
Erik Wramner
603dbbd7b0 1175: specify user for cron.d freshclam file (#1176) 
* 1175: specify user for cron.d freshclam file

* Fix Dovecot SSL parameters and generate dhparams as for Postfix

* Fixed broken unit tests
 2019-07-23 16:12:12 +02:00
jjtt
a3724fa91d Support for setting relayhost in main.cf (#1104) 
* Added DEFAULT_RELAY_HOST setting
* If set this value will be used as the relayhost in /etc/postfix/maincf causing all mail to be delivered using this relay host
* Test for default relay host setting
 2019-01-19 11:10:31 +01:00
Andrey Likhodievskiy
a989d77a87 Disable ssl when no certificate is set (Closes: #1083, #1085) 
* Modified start-mailserver.sh with two new options for SSL certificate Configuration ():
+ ‘’ (empty string) modifies dovecot configs to allow plain text access
+ * (default) does nothing but warn with message ‘SSL configured by default’

* Updated README.md:
SSL_TYPE environment variable with unknown value will set SSL by default
 2018-12-02 12:59:16 +01:00
Daniel Panteleit
0fb4a6d082 Clear up env format and hostname value (#1076) 
* Describe format for .env in README
* Display used domain and hostname even when they are not acceptable
This should be clearer for the user when the hostname was set incorrectly.
 2018-11-11 20:46:53 +01:00
Daniel Panteleit
cc56b4f89e Calling supervisord directly instead of via shell (Closes: #1047, #1074) 2018-11-04 20:23:50 +01:00
Marius Panneck
351c9c80a8 Added default values for LDAP_START_TLS and DOVECOT_TLS (Closes: #1071, #1073) 2018-11-04 19:50:40 +01:00
Peter Hartmann
30ed8fbf0e Configuration support for /etc/aliases(Closes: #988, #1065) 
* Update check-for-changes.sh
* add postfix-aliases.cf and handling of runtime updates
 2018-11-01 20:17:07 +01:00
millerjason
53a344a056 Support for additional postgrey options (Close: #998, #999, #1046) 
* addnl postgrey whitelist support. closes #998, closes #999.

	modified:   Dockerfile
	modified:   Makefile
	modified:   README.md
	modified:   docker-compose.elk.yml.dist
	modified:   docker-compose.yml.dist
	modified:   target/start-mailserver.sh
	modified:   target/supervisor/conf.d/supervisor-app.conf
	new file:   test/config/whitelist_recipients
	new file:   test/nc_templates/postgrey_whitelist_local.txt
	new file:   test/nc_templates/postgrey_whitelist_recipients.txt
	modified:   test/tests.bats

* match existing indent convention

	modified:   target/start-mailserver.sh

* ISSUE-999: add support for header_checks

	modified:   Dockerfile
	modified:   target/postfix/main.cf

* ISSUE-999: add empty header_check file

	new file:   target/postfix/header_checks.pcre
 2018-11-01 19:32:36 +01:00
olaf-mandel
8c8426ef4a postfix: fix message size limits (#1061) 
The message size limit was reduced in c8728eab from the postfix
default [1] of 10,240,000B = 10,000kiB = ~10MiB to only
1,048,576B = 1MiB. And the documentation claims that this would be 10MiB
instead of 1MiB.

Restore the old behaviour as default and fix the documentation as well.

[1]: http://www.postfix.org/postconf.5.html
 2018-10-20 20:10:30 +02:00
Jiří Kozlovský
c8728eab8a feat: added postfix message & mailbox size limits to ENV settings (Closes: #629, #1056) 2018-10-15 21:17:45 +02:00
Birkenstab
92002041ba Fix missing quotes in env export (Closes: #1007, #1048) 2018-10-14 10:07:05 +02:00
Birkenstab
a198ea8495 Fix allow sending emails from regexp aliases when spoof protection is enabled (#1032) 2018-09-12 18:55:13 +02:00
James
d518a9fc1d DOMAINNAME can fail to be set in postsrsd-wrapper.sh (#989) 
* DOMAINNAME can fail to be set in postsrsd-wrapper.sh

if the container doesn’t have a proper hostname, postsrsd will fail to start
because SRS_DOMAIN is empty. Make a best effort to figure out the domain name
and provide a way to set one if needed.
 2018-06-19 08:17:32 +02:00
n00dl3
261a78c036 fix SASL domain (fixes #892, #970) 
setting value as `$myhostname` will make sasl look for users `user@mail.domain.tld` instead of `user@domain.tld`
 2018-06-14 20:02:49 +02:00
Franz Keferböck
e27e13c1b3 Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (Solves: #979, #980) 2018-06-02 21:16:16 +02:00
ixeft
60656aec49 Report sender (#965) 
* added REPORT_SENDER env variable to the container.
* integration test for REPORT_SENDER
* added tests for default REPORT_SENDER
 2018-05-01 19:57:31 +02:00
Johan Smits
5d03bb0982
Update docker-configomat (#959) 2018-04-23 20:59:27 +02:00
Paul Adams
283ac70bb9 don't update permissions on non-existent file (#956) 2018-04-23 20:42:47 +02:00
Paul Adams
ea848eb86f Deliver root mail (#952) 
* Configure delivery of root's mail to postmaster
* Tests for delivery of root mail
* add missing email template
 2018-04-23 20:35:33 +02:00
17Halbe
59ce9d03f0 Testfixes & more (#942) 
* fixed useless updatetest, made updatemailuser and addmailuser setup.sh compliant.
* changed documentation
 2018-04-08 16:12:41 +02:00
Paul Adams
a564cca0e5 set postmaster address to a sensible default (#938, #939, #940) 2018-04-05 19:04:55 +02:00
17Halbe
cc7c1f8804 Introducing global filters. (#934) 
* Introducing global filters
* added optional after.dovecot.sieve/before.dovecot.sieve files
* added global filter test
 2018-04-05 18:54:01 +02:00
Pierre-Yves Rofes
137d623171 Ensure that the account contains a @ (#923, #924) 
* Ensure that the provided username actually contains a domain
* Update README.md to be consistent with addmailuser script
* Add a test to check if the username includes the domain
 2018-04-04 18:59:28 +02:00
17Halbe
7015d09404 Set default virus delete time (#932, #935) 2018-04-04 18:48:55 +02:00
Andreas Gerstmayr
1490f652c0 fix line breaks in postfix-summary mail error case (#936) 2018-04-04 18:45:50 +02:00
17Halbe
2e06228b10 Password creation fix (#908, #914) 
* fix password with spaces is stripped to first word
 2018-04-02 16:55:54 +02:00
Paul Adams
f28e9843ce Implementation of multi-domain relay hosts (#922, #926) 
* Add new configuration for multi-domain relay hosts (#922)
 * Creates new environment variables (replacing existing AWS_SES variables)
 * Optionally allows more advanced setups using config files
* Update relay hosts during change detection (#922)
* Add helper scripts for adding relay hosts and per-domain auth
* Allow the possibility to deliver some mail directly
* adding a domain with no destination will exclude it from the
  relayhost_map and so Postfix will attempt to deliver the mail directly
* tests for setup.sh script
* tests for relay host configuration
* these tests cover the code in `start-mailserver.sh` dealing with both
  the env vars and the configuration files
 2018-04-02 10:45:58 +02:00
Andreas Gerstmayr
f540f8e9c3 add headers to postfix summary mail (#919) 2018-03-30 10:24:40 +02:00
Marek Walczak
b17ffe85d8 Tls level fix (#916) 
* fix for TLS_LEVEL processing. unified spacing for sed.
 2018-03-26 20:50:28 +02:00
17Halbe
f682dfc15d fixed delalias, added additional tests (Closes: #909) 2018-03-19 20:26:10 +01:00
17Halbe
2167108ec0 introducing ENABLE_SRS env variable (Closes: #906, #852) 
* making postsrsd optional
* added tests, added documentation
 2018-03-18 20:15:06 +01:00
akmet
a420b15370 Adding daily mail review from Issue 839 (#881) 
* Added dependencies, binary, startup configuration
* Added env variable to dist files/readme
* send summary after each logrotate, added env variable for mail/logrotate interval
* remove mail.log from rsyslogs logrotate
* rotate mail.log when no email is set
* Added documentation for POSTFIX_LOGROTATE_INTERVAL
* Removed interval option, since its not being tested for.
* changed test to force logrotate to rotate fixed logrotate config
* readded setup_environment, made logrotate_setup being called everytime
* changed documentation for new variable names - again
* Did Documentation, added a default recipient, added test for default config.
* layout fix
* changed variable names apposite the documentation
 2018-03-18 19:52:28 +01:00
akmet
68aaeba59f added error messages to letsencrypt on startup (#898) 2018-03-15 08:01:44 +01:00
17Halbe
570237232c Delmailuser (Closes: #878) 
* delmailuser:
  + added multiple address deletion
  + added alias deletion
  + added maildir deletion (upon confirmation)
  + introduced optional "assume yes" argument
* updated addalias,delalias,delmailuser,updatemailuser and added modified tests
* added config check and repair to start-mailserver for old postfix-virtual.cf files
 2018-03-14 20:00:38 +01:00
Johan Smits
50a76ba91e
Update docker-configomat (Resolves: #680) 2018-03-13 08:10:16 +01:00
James
ef79e9a65d Generate SRS secret on first run and store it (#891) 2018-03-10 13:41:20 +01:00
Benedict Endemann
e6c32a03e5 Add /var/lib/dovecot to mailstate persistence (Closes: #887) 
Added `/var/lib/dovecot/` to the list of folders that get persisted in `mailstate`. So the creation of `ssl-parameters.dat` has not to be done every restart again. This may only take some dozen seconds, but can be very long on systems with high load.
 2018-03-09 19:46:49 +01:00
James
2e8bb4ae34 Allow configuring SRS secrets using the environment (#885) 2018-03-08 22:51:10 +01:00
akmet
34cb3a14cc Removed unneeded check for Let's encrypt cert.pem (Closes: #843) 2018-03-07 20:21:46 +01:00
17Halbe
a73692cc9f Added reject_authenticated_sender_login_mismatch (#872) 
* added reject_authenticated_sender_login_mismatch handling including tests
* removed obsolete reject_sender_login_mismatch
* introduced SPOOF_PROTECTION env variable, tests, documentation and missing documentation for TLS_LEVEL
* added missing email template
 2018-03-07 19:33:43 +01:00
Alexander Elbracht
d9502ab6e7 Implement undef option for SA_SPAM_SUBJECT (#767) 
* Implement undef option for SA_SPAM_SUBJECT in amavis config
* Add test for undef spam subject
 2018-03-02 22:38:57 +01:00
Marek Walczak
c505177486 Dkim key size (#868) 
Allow to change the keysize for the dkim key
 2018-03-02 22:17:18 +01:00
Andreas Gerstmayr
2687469f38 update postmaster_address in dovecot config according to POSTMASTER_ADDRESS env var (#866) 
* update postmaster_address in dovecot config according to POSTMASTER_ADDRESS env var
* tests: add another test for postmaster_address with default settings
 2018-02-27 20:44:45 +01:00
Marek Walczak
c36e878d76 Nist tls (#831) 
* remove two ciphers according to https://www.htbridge.com/ssl/ (NIST, HIPAA)
* added a switch via an environment variable to choose between modern and intermediate ciphers
 2018-02-22 08:36:12 +01:00
Achim Christ
eb20722b80 Add environment variable to allow for customizing postsrsd's SRS_EXCLUDE_DOMAINS setting (#849, #842) 2018-02-18 20:53:13 +01:00
17Halbe
5e09074d58 postscreen implementation altered (#846) 
* new setup.sh function, new tests, new script and some minor updates to main.cf
* fix for missing files
* removed obsolete test-files
* restart postfix if neccessary.
* see pr  #845
* fixed typo
* fixed branchmixup
* changed postfix reload command & changed to operate on container instead of image
* reload postfix only on adding new restriction
* main.cf is only changed when user is added.
 - Postfix reload changed
 - working on container instead of image now in setup.sh
 - added cleanup after tests
* moved cleanup to makefile
 2018-02-18 13:29:43 +01:00
17Halbe
795cbf103d fixed greedy postgrey sed command (#845) 2018-02-18 10:37:31 +01:00
17Halbe
b08c9b42ed moved fail2ban function from setup.sh to own file (#837) 
* moved fail2ban function out of setup.sh
 2018-02-13 08:31:12 +01:00
17Halbe
5394a505b9 Restrict access (Closes #452, #816) 
new setup.sh function, new tests, new script
 2018-02-07 21:33:07 +01:00
H4R0
f6404156f9 Changed Junk folder to be created and subscribed by default (#806) 2018-02-06 20:21:37 +01:00
TechnicLab
f68befdbee Added reject_sender_login_mismatch (Closes: #811) 2018-02-06 19:35:32 +01:00
Jurek Barth
e1e4542390 Fix: Add SRS to fix SPF issues on redirect #611 (#814) 
* add srs support

* change autorestart behavior

* this may work now

* make postsrsd’s own wrapper file

* fix dockerfile formatting

* fixing tests
 2018-02-06 08:11:57 +01:00