Releases: docker-mailserver/docker-mailserver
v14.0.0
Useful Links
- Diff to last release: v13.3.1...v14.0.0
- Our Changelog
What's Changed
The most noteworthy change of this release is the update of the container's base image from Debian 11 ("Bullseye") to Debian 12 ("Bookworm"). This update alone involves breaking changes and requires a careful review when updating! Make sure to scan our changelog carefully.
Merged Pull Requests
- general: update base image to Debian 12 ("Bookworm") by @georglauterbach in #3403
- tests: new sending and filtering functions by @georglauterbach in #3786
- docs(fix): New external link icon workaround for mkdocs-material 9.5.5 by @polarathene in #3823
- chore: Revise improper restart message by @polarathene in #3826
- fix: Ensure configs are sanitized for parsing by @polarathene in #3819
- docs: UX Improvement - Better distinguish side nav page categories by @polarathene in #3835
- docs: Add context to
sender-cleanup
in Postfixmaster.cf
by @polarathene in #3834 - Rspamd: only declare Rspamd variables when not already declared by @georglauterbach in #3837
- setup-stack: fix error when RSPAMD_DMS_DKIM_D is not set by @ap-wtioit in #3827
- ci:
docs-preview-deploy.yml
- Use official v4download-artifact
by @polarathene in #3838 - docs: Minor revisions to
README.md
by @polarathene in #3839 - docs: Add Debian 12 breaking change for
opendmarc
package by @polarathene in #3841 - ci(fix):
docs-preview-deploy.yml
- Use the correct setting names by @polarathene in #3843 - docs: update
CONTRIBUTORS.md
by @github-actions in #3844 - docs: Remove ENV
ONE_DIR
by @polarathene in #3840 - spam: use Sieve for rewriting subject with Rspamd & SA/Amavis by @georglauterbach in #3820
- chore(deps): Bump anchore/scan-action from 3.6.0 to 3.6.1 by @dependabot in #3848
- Rspamd scripts: only correct permissions when directory exists by @georglauterbach in #3849
- fix:
packages.sh
- Downloadjaq
via releasetag
notlatest
by @polarathene in #3852 - fix: abort when (jaq) curl fails by @casperklein in #3853
- docs: Add new local dependency (
file
) for running tests by @ap-wtioit in #3856 - refactor:
relay.sh
by @polarathene in #3845 - chore:
CHANGELOG.md
- Addrsyslog
breaking changes for v14 by @casperklein in #3854 - docs: Complete rewrite of Relay Host pages by @polarathene in #3861
- fix(rspamd): Add missing comma to
local_networks
setting by @aspettl in #3862 - rspamd: add neural module config by @hanscees in #3833
- docs: misc improvements (but mostly related to Rspamd) by @georglauterbach in #3858
- Minor spelling correction by @JacksonZ03 in #3870
- docs: update
CONTRIBUTORS.md
by @github-actions in #3869 - chore(deps): Bump docker/metadata-action from 5.5.0 to 5.5.1 by @dependabot in #3878
- chore(deps): Bump anchore/scan-action from 3.6.1 to 3.6.4 by @dependabot in #3877
- docs: fix 404 in mailserver.env and default to RSA 2048 for TLS certs by @rahilarious in #3875
- Rspamd: improve DKIM key generation by @georglauterbach in #3876
- chore: Source Postgrey
whitelist_clients
config from Github by @frugan-dev in #3879 - docs: Complete rewrite of PROXY protocol guide by @polarathene in #3882
- docs: update
CONTRIBUTORS.md
by @github-actions in #3883 - fix: Apply SELinux security context after moving to mail-state by @robbertkl in #3890
- chore:
packages.sh
- Remove redundant comment by @polarathene in #3900 - fix(
setup
):open-dkim
log for conflicting implementations by @polarathene in #3899 - fix: fetchmail environment variables by @casperklein in #3901
- Fix typo and broken README link by @jessp01 in #3906
- docs: update
CONTRIBUTORS.md
by @github-actions in #3909 - chore(deps): Bump myrotvorets/set-commit-status-action from 2.0.0 to 2.0.1 by @dependabot in #3911
- feat: Configurable number of rotated log files by @doominator42 in #3907
- Rename supervisor-app.conf to dms-services.conf by @casperklein in #3908
- Fail2Ban: Align logrotate count & interval by @casperklein in #3915
- Rspamd: improve SPF, DKIM and DMARC Symbol Weights by @georglauterbach in #3913
- Fail2ban logrotate interval/count: substitute only when necessary by @casperklein in #3919
- docs: update
CONTRIBUTORS.md
by @github-actions in #3916 - chore(deps): Bump docker/setup-buildx-action from 3.0.0 to 3.1.0 by @dependabot in #3924
- docs(TLS): Reference systemd timer example (
cerbot renew
) by @polarathene in #3921 - Rspamd: minor tweaks and follow-up for SPF, DKIM and DMARC symbols by @georglauterbach in #3923
- Rspamd: update history key in Redis configuration by @georglauterbach in #3927
- fix: Move spam to mailbox associated to the
\Junk
special-use attribute by @UltraCoderRU in #3925 - getmail: remove temp file usage by @casperklein in #3920
- Update user-patches.sh by @eltociear in #3932
- chore(deps): Bump docker/build-push-action from 5.1.0 to 5.2.0 by @dependabot in #3934
- chore(deps): Bump nwtgck/actions-netlify from 2.1 to 3.0 by @dependabot in #3933
- docs: rewrite Kubernetes page by @georglauterbach in #3928
- docs: Update links for account management in
README.md
by @rahilarious in #3937 - docs: Add IPv6 troubleshooting tip by @polarathene in #3938
- docs: update
CONTRIBUTORS.md
by @github-actions in #3930 - Better support regular container restarts by @casperklein in #3929
- chore(deps): Bump docker/build-push-action from 5.2.0 to 5.3.0 by @dependabot in #3947
- chore(deps): Bump docker/setup-buildx-action from 3.1.0 to 3.2.0 by @dependabot in #3946
- Enable spamassassin only, when amavis is enabled too. by @casperklein in #3943
- docs: update
CONTRIBUTORS.md
by @github-actions in #3944 - docs: Add relay host config guide for Gmail by @in-seo in https://github.com/docker...
v13.3.1
Useful Links
- Diff to last release: v13.3.0...v13.3.1
- Our Changelog
What's Changed
This is a patch release fixing two important bugs in v13.3.0
:
- Dovecot: We now restrict the authentication mechanisms for PassDB configurations we manage (oauth2, passwd-file, ldap) (#3812). This prevents misleading auth failures from attempting to authenticate against a PassDB with incompatible auth mechanisms. When the new OAuth2 feature was enabled, it introduced false-positives with logged auth failures which triggered Fail2Ban to ban the IP.
- Rspamd: We now ensure correct ownership (
_rspamd:_rspamd
) for the Rspamd DKIM directory and files (/tmp/docker-mailserver/rspamd/dkim/
)
What's Changed
- fix(typo): comment on mailserver.env by @JamBalaya56562 in #3799
- fix: Ensure correct ownership for the Rspamd DKIM directory by @polarathene in #3813
- fix: Correctly support multiple Dovecot PassDBs by @polarathene in #3812
- docs: Minor revisions to Dovecot Sieve page by @polarathene in #3811
- chore: Raise awareness of v13 breaking change better (Proxy Protocol) by @polarathene in #3818
v13.3.0
Useful Links
- Diff to last release: v13.2.0...v13.3.0
- Our Changelog
What's Changed
The main feature that can be found in this release is added very simple OAUTH2 support. DMS now supports authentication via OAuth2 (via XOAUTH2
or OAUTHBEARER
SASL mechanisms) from capable services (like Roundcube). This does not replace the need for an ACCOUNT_PROVISIONER
(FILE
/ LDAP
), which is required for an account to receive or send mail.
Additionally, MTA-STS support for outbound mail was added to DMS. A bunch of smaller changes have made it into this release as well: Rspamd symbol scores for SPF, DKIM & DMARC have been adjusted to better align with RFC7489; smtputf8
has been disabled directly; scripts were improved (replacing wc -l
with grep -c
, etc.); and a bug fix for jaq
on arm64 was added.
As is usual business, we worked on improving the documentation. Last but not least, the test suite saw bigger changes in the area of helper functions used during tests to send test e-mails.
Merged Pull Requests
- Rspamd: add custom symbol scores for SPF, DKIM & DMARC by @georglauterbach in #3726
- chore: Disable
smtputf8
support in config directly by @polarathene in #3750 - tests: Replace
wc -l
withgrep -c
by @casperklein in #3752 - ci:
.gitattributes
- Ensureeol=lf
for shell scripts by @polarathene in #3755 - docs: SpamAssassin ENV docs refactor by @polarathene in #3756
- Fix jaq: Download platform specific binary by @casperklein in #3766
- tests: normalizations by @georglauterbach in #3747
- feat: Auth - OAuth2 (Dovecot PassDB) by @thechubbypanda in #3480
- Tiny #3480 follow up: Add missing ENABLE_OAUTH2 var by @casperklein in #3775
- feat: Add MTA-STS support for outbound mail by @jsonn in #3592
- tests: small adjustments by @georglauterbach in #3772
- fix: Revert quoting
SA_SPAM_SUBJECT
inmailserver.env
by @polarathene in #3767 - docs: Rspamd DKIM config simplify via
path
setting by @denisix in #3702 - fix: Ensure
.svbin
files are newer than.sieve
source files by @polarathene in #3779 - docs: misc improvements by @georglauterbach in #3773
- chore: Add maintenance comment for
sed
usage by @polarathene in #3789 - tests: Revise
process_check_restart.bats
by @polarathene in #3780 - fix: Ensure
setup dkim
generates DKIM keys with ownership matching the parent directory by @ap-wtioit in #3783 - docs: Guidance for binding outbound SMTP with multiple interfaces available by @norrs in #3465
- docs: Add maintenance comment for
main.cf:reject_unknown_sender_domain
by @polarathene in #3793 - tests: Revise OAuth2 tests by @polarathene in #3795
- release: v13.3 by @georglauterbach in #3781
New Contributors
v13.2.0
Useful Links
- Diff to last release: v13.1.0...v13.2.0
- Our Changelog
What's Changed
Most importantly, DMS is now protected by default against the security vulnerability called "SMTP smuggling". Moreover, we switched from raw netcat (nc
) to swaks
in our test suite - a change that is beneficial for upcoming changes and improvements to our test suite. Last but not least, the log path for Postgrey was corrected.
Merged Pull Requests
- fix:
supervisor-app.conf
- Correct the log location forpostgrey
by @polarathene in #3724 - tests: Use
swaks
instead ofnc
for sending mail by @georglauterbach in #3732 - security(Postfix): Protect against "SMTP Smuggling" attack by @georglauterbach in #3727
- Postfix: add
smtpd_data_restrictions = reject_unauth_pipelining
by @georglauterbach in #3744
v13.1.0
Useful Links
- Diff to last release: v13.0.1...v13.1.0
- Our Changelog
What's Changed
Updated
- Internal
- We now store the version that DMS is running on in the environment variable
DMS_RELEASE
and no longer in the file/VERSION
. Moreover, the update check will use this to determine whether you are running:edge
(to disable the update check if this is the case). - An option to run DMS locally was added, and the docs saw improvements (as usual).
- The quota tests were adjusted and now conform to our new standards.
- We now store the version that DMS is running on in the environment variable
- Documentation
- The troubleshooting documentation was enhanced.
Added
- Rspamd
- The ARM64 build now also uses the official PPA, making the version even for ARM64 and AMD64.
- Dovecot
- The environment variable
ENABLE_IMAP
was added, which works analogous toENABLE_POP3
.
- The environment variable
Fixed
- Internal
- A
sed
line for quota-related changes to Postfix'smain.cf
was not working as expected. This has been taken care of.
- A
Merged Pull Requests
- fix: Logging - Welcome should use
DMS_RELEASE
ENV by @polarathene in #3676 - ci: Add
run-local-instance
target toMakefile
by @georglauterbach in #3663 - docs: Troubleshooting - Bare domain misconfiguration by @polarathene in #3680
- chore: Postfix should integrate Dovecot at runtime by @polarathene in #3681
- Add warning, when update-check is enabled, but no stable release image is used by @casperklein in #3684
- scripts: Install arm64 rspamd from official repository by @p3dda in #3686
- update-check: fix 'read' exit status by @casperklein in #3688
- fix: only set
virtual_mailbox_maps
to texthash when not using LDAP by @reneploetz in #3693 - Add ENV
ENABLE_IMAP
by @casperklein in #3703 - tests(refactor): Dovecot quotas by @polarathene in #3068
- ci: Avoiding linting
CONTRIBUTORS.yml
by @polarathene in #3705 - ci: Allow lint workflow to be manually triggered by @polarathene in #3714
- ci: Remove
VERSION
fromDockerfile
by @polarathene in #3711 - fix:
sed
logic forENABLE_QUOTAS=0
is not actionable by @casperklein in #3715
New Contributors
v13.0.1
This patch release fixes two bugs that Rspamd users encountered with the v13.0.0
release. Big thanks to the those that helped to identify these issues! ❤️
What's Changed
Fixed
- Internal:
- The update check service now queries the latest GH release for a version tag (instead of from a
VERSION
file at the GH repo). This should provide more reliable update notifications (#3666)
- The update check service now queries the latest GH release for a version tag (instead of from a
- Rspamd:
- The check for correct permission on the private key when signing e-mails with DKIM was flawed. The result was that a false warning was emitted (#3669)
- When
RSPAMD_CHECK_AUTHENTICATED=0
, DKIM signing for outbound e-mail was disabled, which is undesirable (#3669). Make sure to check the documentation ofRSPAMD_CHECK_AUTHENTICATED
!
Merged Pull Requests
- docs: update
CONTRIBUTORS.md
by @github-actions in #3656 - bug fix: push
:edge
whenVERSION
is updated as well by @georglauterbach in #3662 - chore(deps): Bump anchore/scan-action from 3.3.6 to 3.3.7 by @dependabot in #3667
- hotfix: solve #3665 by @georglauterbach in #3669
- fix:
update-check.sh
should query GH Releases by @polarathene in #3666
Full Changelog: v13.0.0...v13.0.1
v13.0.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.1.0...v13.0.0.
Summary
v13.0.0
contains a lot of changes! In fact, we never had more pull requests in a single release before 🚀 Thus, please read the following changes thoroughly!
Breaking Changes
LDAP
The environment variables LDAP_SERVER_HOST
, DOVECOT_URIS
, and SASLAUTHD_LDAP_SERVER
will now log an error if the LDAP URI scheme is missing. Previously, there was an implicit fallback to ldap://
(see #3522).
Moreover, ENABLE_LDAP=1
is no longer supported. Please use ACCOUNT_PROVISIONER=LDAP
.
Rspamd
The deprecated path for the Rspamd custom commands file (/tmp/docker-mailserver/rspamd-modules.conf
) now prevents successful startup. The correct path is /tmp/docker-mailserver/rspamd/custom-commands.conf
.
Dovecot
Dovecot mail storage per account in /var/mail
previously shared the same path for the accounts home directory (#3335). The home directory now is a subdirectory home/
. This change better supports sieve scripts. You will need to manually move (manageseive) Sieve scripts from <SERVER>/<ACCOUNT>/sieve
to <SERVER>/<ACCOUNT>/home/sieve
and re-enable them with managesieve. This change has not been implemented yet with ACCOUNT_PROVISIONER=LDAP
.
Postfix
/etc/postfix/master.cf
has renamed the "smtps
" service to "submissions
" (#3235).
- This is the modern
/etc/services
name for port 465, aligning with the similar "submission
" port 587. - If you have configured Proxy Protocol support with a reverse proxy via
postfix-master.cf
(as per our docs guide), you will want to updatesmtps
tosubmissions
there.
Postfix now defaults to supporting DSNs (Delivery Status Notifications) only for authenticated users (via ports 465 + 587). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. (#3572). If you need to modify this change, please let us know by opening an issue / discussion. You can opt out (enable DSNs) via the postfix-main.cf override support using the contents: smtpd_discard_ehlo_keywords =. Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via master.cf to keep DSNs enabled (since authentication protects from abuse). If necessary, DSNs for authenticated users can be disabled via the postfix-master.cf override with the following contents:
submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
Miscellaneous
This section only contains the most important updates; for a full list, consult our CHANGELOG.
- The default DKIM key size was changed to 2048.
- Getmail was added as an alternative to Fetchmail.
- New environment variables were added:
MARK_SPAM_AS_READ
,DMS_VMAIL_UID
/DMS_VMAIL_GID
, andRSPAMD_CHECK_AUTHENTICATED
.
Our documentation was updated heavily across many pages; especially the debugging section should be much more helpful now.
Rspamd saw many adjustments as well:
- The configuration of the anti-virus engines (for ClamAV) was updated
- Ham is now learned in a better way
logrotate
was implemented for Rspamd logs- The default config location for DKIM was changed to be preserved in a volume now, internal symlinks were removed in favor of simplicity, DKIM key permissions are now verified.
Merged Pull Requests
- docs/misc: update to align with Docker Compose v2 by @georglauterbach in #3295
- Postfix: rename "smtps" to "submissions" by @georglauterbach in #3235
- docs: update Rspamd docs (small improvement) by @georglauterbach in #3318
- chore(main.cf): Add note advising caution changing
mydestination
by @polarathene in #3316 - docs: fix spelling mistakes by @georglauterbach in #3324
- docs: clear up confusion about Rspamd's
override.d
directory by @georglauterbach in #3325 - docs: improve Rspamd docs about DKIM signing of multiple domains by @georglauterbach in #3329
- Fix "OpenDMARC" by @ghnp5 in #3330
- ci: slim down bug report template by @georglauterbach in #3317
- scripts: improve
CLAMAV_MESSAGE_SIZE_LIMIT
usage by @georglauterbach in #3332 - Rspamd: adjust learning of ham by @georglauterbach in #3334
- docs: Fix URL by @casperklein in #3337
- docs: Restore missing edit button by @casperklein in #3338
- docs: Update contributing by @casperklein in #3339
- config: adjust
antivirus.conf
for Rspamd by @georglauterbach in #3331 - ClamAV: add a warning for the internal message size limit by @ap-wtioit in #3341
- Fix typos by @casperklein in #3344
- Dovecot: make home dir distinct from mail dir by @georglauterbach in #3335
- ci: fix scheduled build permissions by @georglauterbach in #3345
- fix: DB helper should properly filter entries by @polarathene in #3359
- ci: fix ShellCheck linting for BATS tests by @georglauterbach in #3347
- feature: adding
getmail
as an alternative tofetchmail
by @LucidityCrash in #2803 - SPAM_TO_INBOX=1; add info about SA_KILL by @casperklein in #3360
- Change if-statement style by @casperklein in #3361
- Change 'function' style by @casperklein in #3364
- Change 'while' style by @casperklein in #3365
- Change 'until' style by @casperklein in #3366
- Change 'for' style by @casperklein in #3368
- Update dkim_dmarc_spf.md by @arunvc in #3367
- Add BASH syntax check to linter by @casperklein in #3369
- Bump hadolint/eclint version by @casperklein in #3371
- docs: add note about DMS FQDN by @georglauterbach in #3372
- misc: remaining v13 todos by @georglauterbach in #3370
- chore: Revise Dockerfile comment on COPY bug by @polarathene in #3378
- ci: Simplify GH bug report template by @polarathene in #3381
- Dovecot: compile
fts_xapian
from source to match Dovecot ABI by @tbutter in #3373 - Don't register _setup_spam_to_junk() when SMTP_ONLY=1 by @casperklein in #3385
- Fix sieve setup by @arkanovicz in #3397
- Fix issue with concatenating $dmarc_milter and $dkim_milter in main.cf by @wligtenberg in #3380
- docs: Add compatibility section to debugging page by @polarathene in #3404
- fix spelling issues in rspamd-dkim by @felixn in #3411
- docs: Rewrite of IPv6 page by @georglauterbach in #3244
- chore: Discourage
latest
in bug report version field by @polarathene in #3435 - docs: IPv6 config examples with content tabs by @polarathene in #3436
- docs: Fix typos by @rriski in https://github.com/docker-ma...
v12.1.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.0.0...v12.1.0.
Summary
Rspamd Stabilization
With v12.1.0, Rspamd is stabilized. We added more documentation (e.g. on the web interface), the option to greylist e-mails, an option to use HFILTER_HOSTNAME_UNKNOWN
and a helper script for DKIM signing. The scripts have been properly stabilized and cleaned up as well, and all WIP warnings are now removed.
Updates to Fail2Ban
Fail2Ban saw some major updates in its configuration. The mode for Postfix was changed to extra
to catch more log lines and the time to find an offender and the time the offer is banned was raised as well.
Smaller Fixes
v12.1.0 also packs a lot of smaller fixes for scripts, our CI and configurations.
What's Changed
- Image registry and setup update by @georglauterbach in #3233
- fix: GH docs update workflow by @georglauterbach in #3241
- docs: update DKIM/DMARC/SPF docs by @georglauterbach in #3231
- docs: renamings by @georglauterbach in #3242
- docs: add note about Rspamd's web interface by @georglauterbach in #3245
- scripts: make
policyd-spf
configurable by @georglauterbach in #3246 - Rspamd: add greylisting option & code refactoring by @georglauterbach in #3206
- Rspamd: replace
reject_unknown_client_hostname
with RspamdHFILTER_HOSTNAME_UNKNOWN
and make it configurable by @georglauterbach in #3248 - tests: fix dovecot: ldap mail delivery works by @ap-wtioit in #3252
- change F2B configs: made config more aggressive by @georglauterbach in #3243
- scripts: get all
policyd-spf
setup in one place by @georglauterbach in #3263 - Posfix: add option to re-enable
reject_unknown_client_hostname
after #3248 by @georglauterbach in #3255 - config-examples: update fail2ban config examples with current DMS default values by @ap-wtioit in #3258
- [FIX] shellcheck: do not check .git folder by @ap-wtioit in #3267
- scripts: disallow alias = account by @georglauterbach in #3270
- postfix.sh: add missing -E for extended regexes in smtpd_sender_restrictions by @ap-wtioit in #3272
- scripts: fix setting
SRS_EXCLUDE_DOMAINS
during startup by @jamebus in #3271 - scripts: improve shutdown function by making PANIC_STRATEGY obsolete by @casperklein in #3265
- misc: make Fail2Ban log persistent by @casperklein in #3269
- ci: update
bug_report.yml
by @georglauterbach in #3275 - ci: simplify
bug_report.yml
by @georglauterbach in #3276 - scripts: remove superfluous
EOF
indmarc_dkim_spf.sh
by @ap-wtioit in #3266 - docs: improve Rspamd docs (part of its stabilization) by @georglauterbach in #3257
- scripts: misc improvements by @georglauterbach in #3281
- Rspamd: script stabilization pt. 1 by @georglauterbach in #3261
- scripts: Rspamd stabilization pt. 2 by @georglauterbach in #3282
- Rspamd: remove WIP warnings by @georglauterbach in #3283
- scripts: apply fixes to helpers when using
set -eE
by @georglauterbach in #3285 - docs: update F2B docs & bind mount links by @georglauterbach in #3293
- docs: update FAQ entries by @georglauterbach in #3294
- ci: revised the contributor workflow by @polarathene in #2227
- scripts: remove unnecessary
return 0
statements by @georglauterbach in #3290 - F2B: update F2B after discussion in #3256 by @georglauterbach in #3288
- fail2ban: add 'log' command by @casperklein in #3299
- scripts: add DKIM helper script for Rspamd by @georglauterbach in #3286
v12.0.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.0.0...v12.1.0.
Summary
v12.0.0
is our biggest release yet, with over 100 merged pull requests and closed issues, this release packs a ton of changes & updates. Make sure to thoroughly read the CHANGELOG! We will list the most natable changes now.
Rspamd Support
v12.0.0
is the first release to feature Rspamd. Support for this feature is expected to stabilize with v12.1.0
- we encourage all users to give it a try though, as we feel like support is mature enough to run it on production systems. There will be a dedicated page in our documentation about Rspamd!
We plan on making Rspamd the default anti-spam engine in DMS. For the time being, Rspamd is an opt-in and you'll most likely want to disable Amavis & SA when using Rspamd.
Dropping ARMv7
Support for the already deprecated ARMv7 platform was dropped.
SASL Socket Location
The socket location for SASL changed to /dev/shm/sasl-auth.sock
- custom setups need to take care!
Disabling chroot
We do not use chroot
environments anymore. These environments caused trouble in the past and did not bring an advantage.
Bumping the Minimum TLS Version & Disabling SMTP Authentication on Port 25
The minimum supported protocol is now TLSv1.2. Moreover, we disabled SMTP authentication on the unencrypted port 25.
Fail2Ban Major Version Bump
We now ship Fail2Ban version 1.0.2
, which is one major version ahead of DMS v11.3.1
and the latest version for Debian 11.
MOVE_SPAM_TO_JUNK
Sieve File Adjustments
When using MOVE_SPAM_TO_JUNK
, the Sieve script is now a global-after rule (before it was a global-before rule). This means you will now need to explicitly use the stop
directive and disable implicit keep when using user scripts (e.g. to whitelist e-mails).
Heavily Updated Unit & Integration Tests
While you may not notice this in the final image, we are working hard behind the scenes to further improve our CI. With v12.0.0
, almost all of our tests have been migrated to a new format in which tests can now run in parallel, decreasing the time it takes to test new changes. The code quality was also improved, a ton of comments were added to the helper code and many new helpers now assist in tests.
Miscellaneous
ping
&dig
are now shipped with the image- many minor bugfixes
- added vulnerability scanning workflow to GH Actions
- better default for
SA_KILL
- added check for improper restarts so users directly see when they did a not-supported restart
- the Dovecot community repository is now the default
- removed DNSBLs from Postfix's recipient checks
- removed all wrapper scripts, cleaning up the code
Merged Pull Requests
[Excluding PRs by @dependabot & @github-actions.]
- chore: Update changelog and version by @casperklein in #2944
- ci: Drop support for ARM v7 platform by @polarathene in #2943
- chore: Remove legacy ENV
SASL_PASSWD
by @polarathene in #2946 - fix(changedetector): Use service
reload
commands instead ofsupervisorctl restart <service>
by @polarathene in #2947 - chore: Drop support for deprecated TLS versions by @polarathene in #2945
- docs(fix): README - Update CI status badge URL by @polarathene in #2951
- fix: Ensure relay host properly handles credentials check by @reneploetz in #2965
- update: make the Dovecot community repository the default by @georglauterbach in #2901
- tests(fix):
wait_until_change_detection_event_completes
to count by @polarathene in #2974 - tests: Use
mail.example.test
as common container hostname by @polarathene in #2975 - update: bump Fail2Ban version to v1.0.2 by @georglauterbach in #2959
- fix: regex in quota activation code by @Marsu31 in #2958
- feature: provide initial Rspamd support by @georglauterbach in #2902
- ci: more parallel tests by @georglauterbach in #2938
- Add docker-data/ to .gitignore by @casperklein in #2982
- tests: Extract some test cases out from
tests.bats
by @polarathene in #2980 - docs: Provision a cert with the ACME DNS-01 challenge via Certbot + Cloudflare by @ShiriNmi1520 in #2968
- chore(housekeeping): Cleaning up broken links by @polarathene in #2667
- update BATS & helper + minor updates to BATS variables by @georglauterbach in #2988
- Add tools (ping & dig) to the image by @casperklein in #2989
- Fix several typos by @casperklein in #2990
- Fix several typos by @casperklein in #2993
- docs: FAQ - Add note for
devnull
alias gotcha when using a catchall rule by @worldworm in #2949 - tests(refactor): Adjust
mail_tls_dhparams.bats
by @polarathene in #2994 - fix: Workaround
postconf
write settling logic by @polarathene in #2998 - chore: Remove the Makefile
backup
target by @polarathene in #3000 - tests(refactor):
mail_lmtp_ip.bats
by @polarathene in #3004 - Fix SRS link in README.md by @Jeidnx in #3005
- tests(refactor): Adjust
mail_changedetector
+ change detection helpers by @polarathene in #2997 - tests(refactor):
mail_fetchmail.bats
+ co-locate test cases for processes by @polarathene in #3010 - tests(refactor): Improve consistency and documentation for test helpers by @georglauterbach in #3012
- chore(Makefile): Ensure targets are always run by @polarathene in #3013
- tests(refactor): Migrate
mail_privacy.bats
to new format and helpers by @polarathene in #3014 - docs: clarification of description of explicit TLS by @i-C-o-d-e-r in #3017
- tests: refactor 4 more tests by @georglauterbach in #3018
- docs: add a dedicated page for tests with more information by @georglauterbach in #3019
- fix: Ensure state persisted to
/var/mail-state
retains correct group by @polarathene in #3011 - quality-of-life: improve the
clean
recipe (don't requiresudo
anymore) by @georglauterbach in #3020 - feature: provide better rspamd suppport by @georglauterbach in #3016
- ci: update & streamline GH Actions runner images by @georglauterbach in #3025
- tests(refactor): Amavis
spam_junk_folder.bats
+spam_bounced.bats
by @polarathene in #3036 - tests(refactor):
mail_hostname.bats
by @polarathene in #3027 - chore: Remove wrapper script for fail2ban service by @polarathene in #3032
- chore: Remove package
gamin
by @polarathene in #3030 - tests:
tls_cipherlists
should configuretestssl.sh
to use CA cert by @polarathene in #3037 - test helpers: add functionality for sending emails by @georglauterbach in #3026
- chore: Remove the wrapper script for Postfix (and disable chroot in
master.cf
) by @polarathene in #3033 - rspamd: follow-up of #3016 by @georglauterbach in #3039
- postfix header filter: correct the casing for Mime vs. MIME by @georglauterbach in https://github.com/docker-mailserver/docke...
v11.3.1
Summary
This patch version fixes a build-time error when using the Dovecot community repository. This does not affect users that use the plain container image but people who build DMS on their own with DOVECOT_COMMUNITY_REPO=1
.
What's Changed
- Fix dovecot-fts-xapian dependency, when using dovecot community repository by @casperklein in #2937
- reverted #2903 which got merged in the meantime
Full Changelog: v11.3.0...v11.3.1