v13.0.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.1.0...v13.0.0.
Summary
v13.0.0 contains a lot of changes! In fact, we never had more pull requests in a single release before 🚀 Thus, please read the following changes thoroughly!
Breaking Changes
LDAP
The environment variables LDAP_SERVER_HOST, DOVECOT_URIS, and SASLAUTHD_LDAP_SERVER will now log an error if the LDAP URI scheme is missing. Previously, there was an implicit fallback to ldap:// (see #3522).
Moreover, ENABLE_LDAP=1 is no longer supported. Please use ACCOUNT_PROVISIONER=LDAP.
Rspamd
The deprecated path for the Rspamd custom commands file (/tmp/docker-mailserver/rspamd-modules.conf) now prevents successful startup. The correct path is /tmp/docker-mailserver/rspamd/custom-commands.conf.
Dovecot
Dovecot mail storage per account in /var/mail previously shared the same path for the accounts home directory (#3335). The home directory now is a subdirectory home/. This change better supports sieve scripts. You will need to manually move (manageseive) Sieve scripts from <SERVER>/<ACCOUNT>/sieve to <SERVER>/<ACCOUNT>/home/sieve and re-enable them with managesieve. This change has not been implemented yet with ACCOUNT_PROVISIONER=LDAP.
Postfix
/etc/postfix/master.cf has renamed the "smtps" service to "submissions" (#3235).
- This is the modern
/etc/servicesname for port 465, aligning with the similar "submission" port 587. - If you have configured Proxy Protocol support with a reverse proxy via
postfix-master.cf(as per our docs guide), you will want to updatesmtpstosubmissionsthere.
Postfix now defaults to supporting DSNs (Delivery Status Notifications) only for authenticated users (via ports 465 + 587). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. (#3572). If you need to modify this change, please let us know by opening an issue / discussion. You can opt out (enable DSNs) via the postfix-main.cf override support using the contents: smtpd_discard_ehlo_keywords =. Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via master.cf to keep DSNs enabled (since authentication protects from abuse). If necessary, DSNs for authenticated users can be disabled via the postfix-master.cf override with the following contents:
submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsnMiscellaneous
This section only contains the most important updates; for a full list, consult our CHANGELOG.
- The default DKIM key size was changed to 2048.
- Getmail was added as an alternative to Fetchmail.
- New environment variables were added:
MARK_SPAM_AS_READ,DMS_VMAIL_UID/DMS_VMAIL_GID, andRSPAMD_CHECK_AUTHENTICATED.
Our documentation was updated heavily across many pages; especially the debugging section should be much more helpful now.
Rspamd saw many adjustments as well:
- The configuration of the anti-virus engines (for ClamAV) was updated
- Ham is now learned in a better way
logrotatewas implemented for Rspamd logs- The default config location for DKIM was changed to be preserved in a volume now, internal symlinks were removed in favor of simplicity, DKIM key permissions are now verified.
Merged Pull Requests
- docs/misc: update to align with Docker Compose v2 by @georglauterbach in #3295
- Postfix: rename "smtps" to "submissions" by @georglauterbach in #3235
- docs: update Rspamd docs (small improvement) by @georglauterbach in #3318
- chore(main.cf): Add note advising caution changing
mydestinationby @polarathene in #3316 - docs: fix spelling mistakes by @georglauterbach in #3324
- docs: clear up confusion about Rspamd's
override.ddirectory by @georglauterbach in #3325 - docs: improve Rspamd docs about DKIM signing of multiple domains by @georglauterbach in #3329
- Fix "OpenDMARC" by @ghnp5 in #3330
- ci: slim down bug report template by @georglauterbach in #3317
- scripts: improve
CLAMAV_MESSAGE_SIZE_LIMITusage by @georglauterbach in #3332 - Rspamd: adjust learning of ham by @georglauterbach in #3334
- docs: Fix URL by @casperklein in #3337
- docs: Restore missing edit button by @casperklein in #3338
- docs: Update contributing by @casperklein in #3339
- config: adjust
antivirus.conffor Rspamd by @georglauterbach in #3331 - ClamAV: add a warning for the internal message size limit by @ap-wtioit in #3341
- Fix typos by @casperklein in #3344
- Dovecot: make home dir distinct from mail dir by @georglauterbach in #3335
- ci: fix scheduled build permissions by @georglauterbach in #3345
- fix: DB helper should properly filter entries by @polarathene in #3359
- ci: fix ShellCheck linting for BATS tests by @georglauterbach in #3347
- feature: adding
getmailas an alternative tofetchmailby @LucidityCrash in #2803 - SPAM_TO_INBOX=1; add info about SA_KILL by @casperklein in #3360
- Change if-statement style by @casperklein in #3361
- Change 'function' style by @casperklein in #3364
- Change 'while' style by @casperklein in #3365
- Change 'until' style by @casperklein in #3366
- Change 'for' style by @casperklein in #3368
- Update dkim_dmarc_spf.md by @arunvc in #3367
- Add BASH syntax check to linter by @casperklein in #3369
- Bump hadolint/eclint version by @casperklein in #3371
- docs: add note about DMS FQDN by @georglauterbach in #3372
- misc: remaining v13 todos by @georglauterbach in #3370
- chore: Revise Dockerfile comment on COPY bug by @polarathene in #3378
- ci: Simplify GH bug report template by @polarathene in #3381
- Dovecot: compile
fts_xapianfrom source to match Dovecot ABI by @tbutter in #3373 - Don't register _setup_spam_to_junk() when SMTP_ONLY=1 by @casperklein in #3385
- Fix sieve setup by @arkanovicz in #3397
- Fix issue with concatenating $dmarc_milter and $dkim_milter in main.cf by @wligtenberg in #3380
- docs: Add compatibility section to debugging page by @polarathene in #3404
- fix spelling issues in rspamd-dkim by @felixn in #3411
- docs: Rewrite of IPv6 page by @georglauterbach in #3244
- chore: Discourage
latestin bug report version field by @polarathene in #3435 - docs: IPv6 config examples with content tabs by @polarathene in #3436
- docs: Fix typos by @rriski in #3443
- Adding tool to testing links by @rmlhuk in #3445
- rspamd: fix DKIM signing for inbound emails by @georglauterbach in #3439
- feat(setup): Add
fail2bansub-commandstatus <JAIL>by @nilshoell in #3455 - Rspamd: local network addition and user name mismatch by @georglauterbach in #3453
- rspamd: disable checks for authenticated users by @georglauterbach in #3440
- compose.yaml: Add comment about disabled authentication on port 25 by @casperklein in #3464
- tests: Refactor LDAP tests to current conventions by @polarathene in #3483
- feat: Allow marking spam as read via a sieve filter (ENV
MARK_SPAM_AS_READ=1) by @H4R0 in #3489 - Docs: Drop mention of port 25 support for authenticated submission by @HeySora in #3496
- scripts: add wrapper to update Postfix configuration safely by @georglauterbach in #3484
- tests: Change OpenLDAP image to
bitnami/openldapby @polarathene in #3494 - ci:
question.yml- Clarify that the issue tracker is not for personal support by @polarathene in #3498 - ci: Fix
question.ymltemplate -valueshould be an attribute by @polarathene in #3502 - tests: TLS cipher suites - Update
testssl.shtag to3.2by @polarathene in #3504 - scripts: add wrapper to update Postfix configuration safely (follow up) by @casperklein in #3503
- chore: Change
setup config dkimdefault key size to2048(open-dkim) by @polarathene in #3508 - tests: LDAP - Improvements to LDIF test data by @polarathene in #3506
- chore: Adapt
ENABLE_LDAP=1toACCOUNT_PROVISIONER=LDAPby @polarathene in #3507 - docs: Update docs builder image by @polarathene in #3516
- tests: Revise LDAP config + setup by @polarathene in #3514
- docs: Add documentation for iOS mail push support by @reneploetz in #3513
- tests: add tests for helper function
_add_to_or_update_postfix_main()by @casperklein in #3505 - chore: LDAP config improvements by @polarathene in #3522
- docs: fix ipv6 example for Compose by @milas in #3531
- fix: Ensure files are committed with
eol=lfvia.gitattributesby @polarathene in #3527 - fix: Open-DKIM key generation broken by @luke- in #3535
- docs: Revise
update-and-cleanup.mdby @jpduyx in #3539 - tests(fix): Run
pgrepwithin the actual container by @polarathene in #3553 - tests(fix):
lmtp_ip.batsimprove partial failure output by @polarathene in #3552 - feat: Allow changing the Dovecot vmail UID/GID via ENV by @vincentDcmps in #3550
- ci(fix): Normalize for
.gitattributes+ improveeclintcoverage by @polarathene in #3566 - docs: TLS - Include
passthrough=trueon implicit ports for Traefik example by @vincentDcmps in #3568 - refactor:
logrotatesetup + rspamd log path + tests log helper fallback path by @georglauterbach in #3576 - chore: Add debug group (
packages.sh) + more resilient rspamd setup by @georglauterbach in #3578 - docs: Revise
watchtowerpage by @polarathene in #3583 - docs: fix path to rspamd.log by @ap-wtioit in #3585
- ci: Update
eclintto2.7.2by @polarathene in #3584 - feat: Postfix permit DSN (Delivery Status Notification) only on authenticated ports (465 + 587) by @allddd in #3572
- bugfix: change Rspamd DKIM default config location by @georglauterbach in #3597
- docs(bin/setup): Add an example for an alias with multiple recipients by @jsonn in #3600
- misc: final Rspamd adjustments for v13 by @georglauterbach in #3599
- docs: improve docs about how to work with logs by @georglauterbach in #3626
- Fix rspamd directory by @jsonn in #3629
- docs: Add Dovecot Lua auth guide + required package by @Zepmann in #3579
- docs: Clarify default for ENV
FETCHMAIL_PARALLELby @jsonn in #3603 - fix: Drop special bits from Postfix
maildrop/andpublic/directory permissions by @georglauterbach in #3625 - Rspamd: add check for DKIM private key files' permissions by @georglauterbach in #3627
- contributors: fix spelling & remove dedicated AllContributors section by @georglauterbach in #3638
- docs: correct path for logs in docs by @georglauterbach in #3640
- docs: Debugging - Add macOS suggestion to use
gRPC FUSEby @polarathene in #3652 - docs: Debugging - Correctly starting DMS by @polarathene in #3654
- ci: Linter EC should use
/checkas the mount path by @polarathene in #3655
New Contributors
- @ghnp5 made their first contribution in #3330
- @LucidityCrash made their first contribution in #2803
- @arunvc made their first contribution in #3367
- @arkanovicz made their first contribution in #3397
- @wligtenberg made their first contribution in #3380
- @felixn made their first contribution in #3411
- @rriski made their first contribution in #3443
- @rmlhuk made their first contribution in #3445
- @nilshoell made their first contribution in #3455
- @HeySora made their first contribution in #3496
- @milas made their first contribution in #3531
- @luke- made their first contribution in #3535
- @jpduyx made their first contribution in #3539
- @vincentDcmps made their first contribution in #3550
- @allddd made their first contribution in #3572
- @jsonn made their first contribution in #3600
- @Zepmann made their first contribution in #3579
