v12.0.0
·
571 commits
to master
since this release
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.0.0...v12.1.0.
Summary
v12.0.0 is our biggest release yet, with over 100 merged pull requests and closed issues, this release packs a ton of changes & updates. Make sure to thoroughly read the CHANGELOG! We will list the most natable changes now.
Rspamd Support
v12.0.0 is the first release to feature Rspamd. Support for this feature is expected to stabilize with v12.1.0 - we encourage all users to give it a try though, as we feel like support is mature enough to run it on production systems. There will be a dedicated page in our documentation about Rspamd!
We plan on making Rspamd the default anti-spam engine in DMS. For the time being, Rspamd is an opt-in and you'll most likely want to disable Amavis & SA when using Rspamd.
Dropping ARMv7
Support for the already deprecated ARMv7 platform was dropped.
SASL Socket Location
The socket location for SASL changed to /dev/shm/sasl-auth.sock - custom setups need to take care!
Disabling chroot
We do not use chroot environments anymore. These environments caused trouble in the past and did not bring an advantage.
Bumping the Minimum TLS Version & Disabling SMTP Authentication on Port 25
The minimum supported protocol is now TLSv1.2. Moreover, we disabled SMTP authentication on the unencrypted port 25.
Fail2Ban Major Version Bump
We now ship Fail2Ban version 1.0.2, which is one major version ahead of DMS v11.3.1 and the latest version for Debian 11.
MOVE_SPAM_TO_JUNK Sieve File Adjustments
When using MOVE_SPAM_TO_JUNK, the Sieve script is now a global-after rule (before it was a global-before rule). This means you will now need to explicitly use the stop directive and disable implicit keep when using user scripts (e.g. to whitelist e-mails).
Heavily Updated Unit & Integration Tests
While you may not notice this in the final image, we are working hard behind the scenes to further improve our CI. With v12.0.0, almost all of our tests have been migrated to a new format in which tests can now run in parallel, decreasing the time it takes to test new changes. The code quality was also improved, a ton of comments were added to the helper code and many new helpers now assist in tests.
Miscellaneous
ping&digare now shipped with the image- many minor bugfixes
- added vulnerability scanning workflow to GH Actions
- better default for
SA_KILL - added check for improper restarts so users directly see when they did a not-supported restart
- the Dovecot community repository is now the default
- removed DNSBLs from Postfix's recipient checks
- removed all wrapper scripts, cleaning up the code
Merged Pull Requests
[Excluding PRs by @dependabot & @github-actions.]
- chore: Update changelog and version by @casperklein in #2944
- ci: Drop support for ARM v7 platform by @polarathene in #2943
- chore: Remove legacy ENV
SASL_PASSWDby @polarathene in #2946 - fix(changedetector): Use service
reloadcommands instead ofsupervisorctl restart <service>by @polarathene in #2947 - chore: Drop support for deprecated TLS versions by @polarathene in #2945
- docs(fix): README - Update CI status badge URL by @polarathene in #2951
- fix: Ensure relay host properly handles credentials check by @reneploetz in #2965
- update: make the Dovecot community repository the default by @georglauterbach in #2901
- tests(fix):
wait_until_change_detection_event_completesto count by @polarathene in #2974 - tests: Use
mail.example.testas common container hostname by @polarathene in #2975 - update: bump Fail2Ban version to v1.0.2 by @georglauterbach in #2959
- fix: regex in quota activation code by @Marsu31 in #2958
- feature: provide initial Rspamd support by @georglauterbach in #2902
- ci: more parallel tests by @georglauterbach in #2938
- Add docker-data/ to .gitignore by @casperklein in #2982
- tests: Extract some test cases out from
tests.batsby @polarathene in #2980 - docs: Provision a cert with the ACME DNS-01 challenge via Certbot + Cloudflare by @ShiriNmi1520 in #2968
- chore(housekeeping): Cleaning up broken links by @polarathene in #2667
- update BATS & helper + minor updates to BATS variables by @georglauterbach in #2988
- Add tools (ping & dig) to the image by @casperklein in #2989
- Fix several typos by @casperklein in #2990
- Fix several typos by @casperklein in #2993
- docs: FAQ - Add note for
devnullalias gotcha when using a catchall rule by @worldworm in #2949 - tests(refactor): Adjust
mail_tls_dhparams.batsby @polarathene in #2994 - fix: Workaround
postconfwrite settling logic by @polarathene in #2998 - chore: Remove the Makefile
backuptarget by @polarathene in #3000 - tests(refactor):
mail_lmtp_ip.batsby @polarathene in #3004 - Fix SRS link in README.md by @Jeidnx in #3005
- tests(refactor): Adjust
mail_changedetector+ change detection helpers by @polarathene in #2997 - tests(refactor):
mail_fetchmail.bats+ co-locate test cases for processes by @polarathene in #3010 - tests(refactor): Improve consistency and documentation for test helpers by @georglauterbach in #3012
- chore(Makefile): Ensure targets are always run by @polarathene in #3013
- tests(refactor): Migrate
mail_privacy.batsto new format and helpers by @polarathene in #3014 - docs: clarification of description of explicit TLS by @i-C-o-d-e-r in #3017
- tests: refactor 4 more tests by @georglauterbach in #3018
- docs: add a dedicated page for tests with more information by @georglauterbach in #3019
- fix: Ensure state persisted to
/var/mail-stateretains correct group by @polarathene in #3011 - quality-of-life: improve the
cleanrecipe (don't requiresudoanymore) by @georglauterbach in #3020 - feature: provide better rspamd suppport by @georglauterbach in #3016
- ci: update & streamline GH Actions runner images by @georglauterbach in #3025
- tests(refactor): Amavis
spam_junk_folder.bats+spam_bounced.batsby @polarathene in #3036 - tests(refactor):
mail_hostname.batsby @polarathene in #3027 - chore: Remove wrapper script for fail2ban service by @polarathene in #3032
- chore: Remove package
gaminby @polarathene in #3030 - tests:
tls_cipherlistsshould configuretestssl.shto use CA cert by @polarathene in #3037 - test helpers: add functionality for sending emails by @georglauterbach in #3026
- chore: Remove the wrapper script for Postfix (and disable chroot in
master.cf) by @polarathene in #3033 - rspamd: follow-up of #3016 by @georglauterbach in #3039
- postfix header filter: correct the casing for Mime vs. MIME by @georglauterbach in #3040
- ci: move tests than can be run in parallel now by @georglauterbach in #3038
- Linting: bump shellcheck version to 0.9.0 by @casperklein in #3041
- tests: Reduce time taken by a third for testing cipher suites by @polarathene in #3050
- tests: Migrate Dovecot DBox tests (sdbox + mdbox) by @polarathene in #3051
- tests: Migrate and combine ENV tests for
*_INET_PROTOCOLSby @polarathene in #3052 - chore(Amavis): only add configuration to Postfix when enabled by @georglauterbach in #3046
- tests(refactor): Extract mail account management tests from
tests.batsby @polarathene in #3055 - fix: Only listen on
127.0.0.1for the Dovecotquota-statusservice by @yogo1212 in #3057 - removal: configomat (submodule) by @georglauterbach in #3045
- ci: remove CI ENV & disable fail-fast by @georglauterbach in #3065
- tests: refactor POP3, IMAP (actually SASLauthd + RIMAP) & relay by @georglauterbach in #3062
- Better default value for SA_KILL variable by @casperklein in #3058
- ci(fix): Switch test workflows to also use the buildx
docker-containerdriver by @polarathene in #3072 - tests(refactor):
open_dkim.batsby @polarathene in #3060 - Fix: Make logrotate state persistant by @casperklein in #3077
- improve bug report template by @georglauterbach in #3080
- chore(Postfix): disable DNSBLs by @georglauterbach in #3069
- fix: order of DKIM/DMARC milters matters by @casperklein in #3082
- chore: Remove delay starting the change detection service by @polarathene in #3064
- fix: add information to Logwatch's mailer so
Envelope Fromis properly set by @georglauterbach in #3081 - fix:
restrict-accessavoid inserting duplicates by @georglauterbach in #3067 - setup: improve Amavis setup routine by @georglauterbach in #3079
- rspamd: add feature for adjusting options with a file parsed by DMS by @georglauterbach in #3059
- completely refactor README & parts of docs by @georglauterbach in #3097
- ci: refactored
sedfile& used_send_mailwhere possible by @georglauterbach in #3103 - docs: add docs about Abusix integration into Rspamd by @georglauterbach in #3104
- ci/docs: add vulnerability scanning workflow & security policy by @georglauterbach in #3106
- config: disable SMTP authentication on port 25 by @mazzz1y in #3006
- tests: improve
_send_emailby @georglauterbach in #3105 - fix: Postfix service should proxy signals received by @polarathene in #3118
- scripts: split
setup-stack.shby @georglauterbach in #3115 - scripts: housekeeping & cleanup setup (1/2) by @georglauterbach in #3121
- scripts: follow up of #3115 (feedback) by @georglauterbach in #3124
- scripts: housekeeping & cleanup setup (2/2) by @georglauterbach in #3123
- scripts/ENV: make disabling Redis possible by @georglauterbach in #3132
- scripts: issue warning in case of improper restart by @georglauterbach in #3129
- scripts: remove PostSRSD wrapper by @georglauterbach in #3128
- ci(fix): Only apply permissions at the job level by @polarathene in #3142
- config/ENV: improve Postfix config for spoof protection by @georglauterbach in #3127
- fix: Avoid creating an unnecessary syslog socket for Postfix by @polarathene in #3134
- config: ensure SASL socket file is not inside a volume mount by @georglauterbach in #3131
- rspamd: rename
ENABLE_REDIS& add persistence for Redis by @georglauterbach in #3143 - scripts: touchups for v12.0.0 by @georglauterbach in #3144
- docs: improve Rspamd docs by @georglauterbach in #3147
- bugfix: special bits for maildrop and public directory by @georglauterbach in #3149
- DRY: Replace path with variable in mail_state.sh by @casperklein in #3153
- fix: regression introduced in #3153 by @georglauterbach in #3157
- scripts: improve panic helpers by @georglauterbach in #3155
- fix: TLS setup (self-signed) error message should include
SS_CA_CERTby @jrpear in #3168 - fix: SRS setup by @casperklein in #3158
- doc: a ip -> an ip by @linhandev in #3175
- fix: postsrsd restart loop by @casperklein in #3160
- Rspamd: more features by @georglauterbach in #3159
- ci(docs): Update
latestsymlink via docs-production-deploy workflow by @jrpear in #3183 - docs: Add FAQ entry for troubleshooting delivery by @jrpear in #3192
- docs: move
make buildinstruction from paragraph into list by @jrpear in #3193 - docs: Change
edgeversion links tolatest+ fix links intended as relative not absolute by @jrpear in #3190 - Fix: only chmod when there are files by @casperklein in #3203
- Update SA_KILL values; follow up to #3058 by @casperklein in #3204
- config: remove
chrootfor Dovecot & PostSRSd by @georglauterbach in #3208
New Contributors
- @reneploetz made their first contribution in #2965
- @Marsu31 made their first contribution in #2958
- @ShiriNmi1520 made their first contribution in #2968
- @worldworm made their first contribution in #2949
- @Jeidnx made their first contribution in #3005
- @i-C-o-d-e-r made their first contribution in #3017
- @mazzz1y made their first contribution in #3006
- @linhandev made their first contribution in #3175
Full Changelog: v11.3.1...v12.0.0
Contributors
casperklein, reneploetz, and 12 other contributors
Assets 2
1
Join discussion