Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
MIT License
Bot releases are hidden (Show)
The most noteworthy change of this release is the update of the container's base image from Debian 11 ("Bullseye") to Debian 12 ("Bookworm"). This update alone involves breaking changes and requires a careful review when updating! Make sure to scan our changelog carefully.
sender-cleanup
in Postfix master.cf
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3834
docs-preview-deploy.yml
- Use official v4 download-artifact
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3838
README.md
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3839
opendmarc
package by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3841
docs-preview-deploy.yml
- Use the correct setting names by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3843
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3844
ONE_DIR
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3840
packages.sh
- Download jaq
via release tag
not latest
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3852
file
) for running tests by @ap-wtioit in https://github.com/docker-mailserver/docker-mailserver/pull/3856
relay.sh
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3845
CHANGELOG.md
- Add rsyslog
breaking changes for v14 by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/3854
local_networks
setting by @aspettl in https://github.com/docker-mailserver/docker-mailserver/pull/3862
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3869
whitelist_clients
config from Github by @frugan-dev in https://github.com/docker-mailserver/docker-mailserver/pull/3879
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3883
packages.sh
- Remove redundant comment by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3900
setup
): open-dkim
log for conflicting implementations by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3899
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3909
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3916
cerbot renew
) by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3921
\Junk
special-use attribute by @UltraCoderRU in https://github.com/docker-mailserver/docker-mailserver/pull/3925
README.md
by @rahilarious in https://github.com/docker-mailserver/docker-mailserver/pull/3937
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3930
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3944
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3967
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3971
compose.yaml
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3982
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3984
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3992
getmail6
by @forzagreen in https://github.com/docker-mailserver/docker-mailserver/pull/3996
accounts.sh
): Sync user home location for alias workaround by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3997
postfix-main.cf
may depend upon postfix-master.cf
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3880
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/4002
ignore.conf
to ignore logs from Dovecot index-worker
by @mmehnert in https://github.com/docker-mailserver/docker-mailserver/pull/4012
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/4014
.ecrc.json
to exclude CONTRIBUTORS.md
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/4020
/var/mail-state
should not symlink non-existing directories by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/4018
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/4021
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/4036
externalTrafficPolicy: Local
if no PROXY protocol configured by @Amphaal in https://github.com/docker-mailserver/docker-mailserver/pull/4039
CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/4043
Published by georglauterbach 9 months ago
This is a patch release fixing two important bugs in v13.3.0
:
_rspamd:_rspamd
) for the Rspamd DKIM directory and files (/tmp/docker-mailserver/rspamd/dkim/
)Published by georglauterbach 9 months ago
The main feature that can be found in this release is added very simple OAUTH2 support. DMS now supports authentication via OAuth2 (via XOAUTH2
or OAUTHBEARER
SASL mechanisms) from capable services (like Roundcube). This does not replace the need for an ACCOUNT_PROVISIONER
(FILE
/ LDAP
), which is required for an account to receive or send mail.
Additionally, MTA-STS support for outbound mail was added to DMS. A bunch of smaller changes have made it into this release as well: Rspamd symbol scores for SPF, DKIM & DMARC have been adjusted to better align with RFC7489; smtputf8
has been disabled directly; scripts were improved (replacing wc -l
with grep -c
, etc.); and a bug fix for jaq
on arm64 was added.
As is usual business, we worked on improving the documentation. Last but not least, the test suite saw bigger changes in the area of helper functions used during tests to send test e-mails.
smtputf8
support in config directly by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3750
wc -l
with grep -c
by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/3752
.gitattributes
- Ensure eol=lf
for shell scripts by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3755
SA_SPAM_SUBJECT
in mailserver.env
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3767
path
setting by @denisix in https://github.com/docker-mailserver/docker-mailserver/pull/3702
.svbin
files are newer than .sieve
source files by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3779
sed
usage by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3789
process_check_restart.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3780
setup dkim
generates DKIM keys with ownership matching the parent directory by @ap-wtioit in https://github.com/docker-mailserver/docker-mailserver/pull/3783
main.cf:reject_unknown_sender_domain
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3793
Published by georglauterbach 10 months ago
Most importantly, DMS is now protected by default against the security vulnerability called "SMTP smuggling". Moreover, we switched from raw netcat (nc
) to swaks
in our test suite - a change that is beneficial for upcoming changes and improvements to our test suite. Last but not least, the log path for Postgrey was corrected.
supervisor-app.conf
- Correct the log location for postgrey
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3724
swaks
instead of nc
for sending mail by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3732
smtpd_data_restrictions = reject_unauth_pipelining
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3744
Published by georglauterbach 10 months ago
DMS_RELEASE
and no longer in the file /VERSION
. Moreover, the update check will use this to determine whether you are running :edge
(to disable the update check if this is the case).ENABLE_IMAP
was added, which works analogous to ENABLE_POP3
.sed
line for quota-related changes to Postfix's main.cf
was not working as expected. This has been taken care of.DMS_RELEASE
ENV by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3676
run-local-instance
target to Makefile
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3663
virtual_mailbox_maps
to texthash when not using LDAP by @reneploetz in https://github.com/docker-mailserver/docker-mailserver/pull/3693
ENABLE_IMAP
by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/3703
CONTRIBUTORS.yml
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3705
VERSION
from Dockerfile
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3711
sed
logic for ENABLE_QUOTAS=0
is not actionable by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/3715
Published by polarathene 11 months ago
This patch release fixes two bugs that Rspamd users encountered with the v13.0.0
release. Big thanks to the those that helped to identify these issues! ❤️
VERSION
file at the GH repo). This should provide more reliable update notifications (#3666)RSPAMD_CHECK_AUTHENTICATED=0
, DKIM signing for outbound e-mail was disabled, which is undesirable (#3669). Make sure to check the documentation of RSPAMD_CHECK_AUTHENTICATED
!CONTRIBUTORS.md
by @github-actions in https://github.com/docker-mailserver/docker-mailserver/pull/3656
:edge
when VERSION
is updated as well by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3662
update-check.sh
should query GH Releases by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3666
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v13.0.0...v13.0.1
Published by georglauterbach 11 months ago
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: https://github.com/docker-mailserver/docker-mailserver/compare/v12.1.0...v13.0.0.
Will be written in approximately 2 hours. Sorry for the delay.
mydestination
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3316
override.d
directory by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3325
CLAMAV_MESSAGE_SIZE_LIMIT
usage by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3332
antivirus.conf
for Rspamd by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3331
getmail
as an alternative to fetchmail
by @LucidityCrash in https://github.com/docker-mailserver/docker-mailserver/pull/2803
fts_xapian
from source to match Dovecot ABI by @tbutter in https://github.com/docker-mailserver/docker-mailserver/pull/3373
latest
in bug report version field by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3435
fail2ban
sub-command status <JAIL>
by @nilshoell in https://github.com/docker-mailserver/docker-mailserver/pull/3455
MARK_SPAM_AS_READ=1
) by @H4R0 in https://github.com/docker-mailserver/docker-mailserver/pull/3489
bitnami/openldap
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3494
question.yml
- Clarify that the issue tracker is not for personal support by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3498
question.yml
template - value
should be an attribute by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3502
testssl.sh
tag to 3.2
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3504
setup config dkim
default key size to 2048
(open-dkim
) by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3508
ENABLE_LDAP=1
to ACCOUNT_PROVISIONER=LDAP
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3507
_add_to_or_update_postfix_main()
by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/3505
eol=lf
via .gitattributes
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3527
update-and-cleanup.md
by @jpduyx in https://github.com/docker-mailserver/docker-mailserver/pull/3539
pgrep
within the actual container by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3553
lmtp_ip.bats
improve partial failure output by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3552
.gitattributes
+ improve eclint
coverage by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3566
passthrough=true
on implicit ports for Traefik example by @vincentDcmps in https://github.com/docker-mailserver/docker-mailserver/pull/3568
logrotate
setup + rspamd log path + tests log helper fallback path by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3576
packages.sh
) + more resilient rspamd setup by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3578
watchtower
page by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3583
eclint
to 2.7.2
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3584
FETCHMAIL_PARALLEL
by @jsonn in https://github.com/docker-mailserver/docker-mailserver/pull/3603
maildrop/
and public/
directory permissions by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3625
Published by georglauterbach over 1 year ago
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: https://github.com/docker-mailserver/docker-mailserver/compare/v12.0.0...v12.1.0.
With v12.1.0, Rspamd is stabilized. We added more documentation (e.g. on the web interface), the option to greylist e-mails, an option to use HFILTER_HOSTNAME_UNKNOWN
and a helper script for DKIM signing. The scripts have been properly stabilized and cleaned up as well, and all WIP warnings are now removed.
Fail2Ban saw some major updates in its configuration. The mode for Postfix was changed to extra
to catch more log lines and the time to find an offender and the time the offer is banned was raised as well.
v12.1.0 also packs a lot of smaller fixes for scripts, our CI and configurations.
policyd-spf
configurable by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3246
reject_unknown_client_hostname
with Rspamd HFILTER_HOSTNAME_UNKNOWN
and make it configurable by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3248
policyd-spf
setup in one place by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3263
reject_unknown_client_hostname
after #3248 by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3255
SRS_EXCLUDE_DOMAINS
during startup by @jamebus in https://github.com/docker-mailserver/docker-mailserver/pull/3271
bug_report.yml
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3275
bug_report.yml
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3276
EOF
in dmarc_dkim_spf.sh
by @ap-wtioit in https://github.com/docker-mailserver/docker-mailserver/pull/3266
set -eE
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3285
return 0
statements by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3290
Published by georglauterbach over 1 year ago
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: https://github.com/docker-mailserver/docker-mailserver/compare/v12.0.0...v12.1.0.
v12.0.0
is our biggest release yet, with over 100 merged pull requests and closed issues, this release packs a ton of changes & updates. Make sure to thoroughly read the CHANGELOG! We will list the most natable changes now.
v12.0.0
is the first release to feature Rspamd. Support for this feature is expected to stabilize with v12.1.0
- we encourage all users to give it a try though, as we feel like support is mature enough to run it on production systems. There will be a dedicated page in our documentation about Rspamd!
We plan on making Rspamd the default anti-spam engine in DMS. For the time being, Rspamd is an opt-in and you'll most likely want to disable Amavis & SA when using Rspamd.
Support for the already deprecated ARMv7 platform was dropped.
The socket location for SASL changed to /dev/shm/sasl-auth.sock
- custom setups need to take care!
chroot
We do not use chroot
environments anymore. These environments caused trouble in the past and did not bring an advantage.
The minimum supported protocol is now TLSv1.2. Moreover, we disabled SMTP authentication on the unencrypted port 25.
We now ship Fail2Ban version 1.0.2
, which is one major version ahead of DMS v11.3.1
and the latest version for Debian 11.
MOVE_SPAM_TO_JUNK
Sieve File AdjustmentsWhen using MOVE_SPAM_TO_JUNK
, the Sieve script is now a global-after rule (before it was a global-before rule). This means you will now need to explicitly use the stop
directive and disable implicit keep when using user scripts (e.g. to whitelist e-mails).
While you may not notice this in the final image, we are working hard behind the scenes to further improve our CI. With v12.0.0
, almost all of our tests have been migrated to a new format in which tests can now run in parallel, decreasing the time it takes to test new changes. The code quality was also improved, a ton of comments were added to the helper code and many new helpers now assist in tests.
ping
& dig
are now shipped with the imageSA_KILL
[Excluding PRs by @dependabot & @github-actions.]
SASL_PASSWD
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2946
reload
commands instead of supervisorctl restart <service>
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2947
wait_until_change_detection_event_completes
to count by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2974
mail.example.test
as common container hostname by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2975
tests.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2980
devnull
alias gotcha when using a catchall rule by @worldworm in https://github.com/docker-mailserver/docker-mailserver/pull/2949
mail_tls_dhparams.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2994
postconf
write settling logic by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2998
backup
target by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3000
mail_lmtp_ip.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3004
mail_changedetector
+ change detection helpers by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2997
mail_fetchmail.bats
+ co-locate test cases for processes by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3010
mail_privacy.bats
to new format and helpers by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3014
/var/mail-state
retains correct group by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3011
clean
recipe (don't require sudo
anymore) by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3020
spam_junk_folder.bats
+ spam_bounced.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3036
mail_hostname.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3027
gamin
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3030
tls_cipherlists
should configure testssl.sh
to use CA cert by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3037
master.cf
) by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3033
*_INET_PROTOCOLS
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3052
tests.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3055
127.0.0.1
for the Dovecot quota-status
service by @yogo1212 in https://github.com/docker-mailserver/docker-mailserver/pull/3057
docker-container
driver by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3072
open_dkim.bats
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/3060
Envelope From
is properly set by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3081
restrict-access
avoid inserting duplicates by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3067
sedfile
& used _send_mail
where possible by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3103
_send_email
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3105
setup-stack.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3115
ENABLE_REDIS
& add persistence for Redis by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3143
SS_CA_CERT
by @jrpear in https://github.com/docker-mailserver/docker-mailserver/pull/3168
latest
symlink via docs-production-deploy workflow by @jrpear in https://github.com/docker-mailserver/docker-mailserver/pull/3183
make build
instruction from paragraph into list by @jrpear in https://github.com/docker-mailserver/docker-mailserver/pull/3193
edge
version links to latest
+ fix links intended as relative not absolute by @jrpear in https://github.com/docker-mailserver/docker-mailserver/pull/3190
chroot
for Dovecot & PostSRSd by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/3208
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.3.1...v12.0.0
Published by georglauterbach almost 2 years ago
This patch version fixes a build-time error when using the Dovecot community repository. This does not affect users that use the plain container image but people who build DMS on their own with DOVECOT_COMMUNITY_REPO=1
.
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.3.0...v11.3.1
Published by georglauterbach almost 2 years ago
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release.
This release saw significant changes to the CI: we are now capable of running tests in parallel, which will cut down test time significantly in the future. Future pull requests will improve this further.
The Postfix / Postscreen configuration was adjusted to better work with DNSBL return codes (throwing away invalid or useless return codes or codes that indicate using an open resolver). The user-patches.sh
is now run exactly at the time the documentation says it will run. Fetchmal data was made persistent. Some scripts was minor bug fixes.
Removing TLS 1.0 and TLS 1.1 ciphersuites from TLS_LEVEL=intermediate
You should not realistically need support for TLS 1.0 or TLS 1.1, except in niche scenarios such as an old printer/scanner device that refuses to negotiate a compatible non-vulnerable cipher. More details covered here.
SASL_PASSWD
ENV
An old ENV SASL_PASSWD
has been around for supporting relay-host authentication, but since superceded by the postfix-sasl-password.cf
config file. It will be removed in a future major release as detailed here.
Platform Support - ARMv7
This is a very old platform, superceded by ARMv8 and newer with broad product availability around 2016 onwards.
Support was introduced primarily for users of the older generations of Raspberry Pi. ARM64 is the modern target for ARM devices.
If you require ARMv7 support, please let us know.
setup
CLI password example by @pravynandas in https://github.com/docker-mailserver/docker-mailserver/pull/2926
opendmarc.conf
): Change the default OpenDMARC policy to reject by @k3it in https://github.com/docker-mailserver/docker-mailserver/pull/2933
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.2.0...v11.3.0
Published by georglauterbach about 2 years ago
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release.
This release features a lot of small and medium-sized changes, many related to how the image is build and tested during CI. The build now requires Docker Buildkit as the ClamAV Signatures are added via COPY --link ...
during build-time. Moreover, the build is now multi-stage. ENABLE_LDAP
is now deprecated.
faq.md
by @smargold476 in https://github.com/docker-mailserver/docker-mailserver/pull/2677
_create_accounts()
should run after waiting by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2731
addmailuser
- Remove delaying completion until /var/mail
is ready by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2729
helpers/log.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2754
reject_unknown_client_hostname
to main.cf by @GoliathLabs in https://github.com/docker-mailserver/docker-mailserver/pull/2691
outputs
to workflow_call
on generic_build
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2780
postfix-accounts.cf
during setup by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2820
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.1.0...v11.2.0
Published by georglauterbach over 2 years ago
In this release the relay-host support saw significant internal refactoring in preparation for a future breaking change. Similar extensive restructuring through the codebase also occurred, where each PR provides more details. Care was taken to avoid breakage, but there may be some risk affecting unsupported third-party customizations which our test suite is unaware of.
/var/mail-state
, disabled services will no longer copy over data redundantly (#2608)setup.sh -c <container name>
no longer ignores <container name>
when more than 1 docker-mailserver
container is running (#2622)postfix-sasl-password.cf
, postfix-relaymap.cf
, and postfix-regexp.cf
(#2623)setup config dkim
should now detect the domain implicitly (#2620)SYS_PTRACE
is no longer necessary (#2624)healthcheck
command (#2625)main.cf
setting compatibility_level
was set to 2
during our startup scripts. This is now part of our default shipped main.cf
config (#2597)main.cf
override/extension support via postfix-main.cf
has been improved to support multi-line values, instead of the previous single-line only support (#2598)SASL_PASSWD
ENV
An old ENV SASL_PASSWD
has been around for supporting relay-host authentication, but since superceded by the postfix-sasl-password.cf
config file. It will be removed in a future major release as detailed here.
Platform Support - ARMv7
This is a very old platform, superceded by ARMv8 and newer with broad product availability around 2016 onwards.
Support was introduced primarily for users the older generations of Raspberry Pi. ARM64 is the modern target for ARM devices.
If you require ARMv7 support, please let us know.
DOCKER_HOST
missing unix://
by @pyy in https://github.com/docker-mailserver/docker-mailserver/pull/2589
start-mailserver.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2587
grep
on first starts by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2591
SASLAUTHD_*
variables in start-mailserver.sh
by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/2562
relay.sh
helper by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2604
compatibility_level
setting by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2597
SASL_PASSWD
ENV support by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2605
CONTAINER_NAME
value by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2622
SYS_PTRACE
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2624
setup.sh
cases to their own test file by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2629
/var/mail
ownership workaround by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2628
check-for-changes.sh
): Drop redundant guards by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2623
check-for-changes.sh
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2615
/etc/postfix/vhost
updates by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2616
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.0.0...v11.1.0
Published by georglauterbach over 2 years ago
DMS_DEBUG
has been replaced by LOG_LEVEL
to better control the verbosity of logs we output. The new logger is more structured and follows standard log conventions. LOG_LEVEL
can be set to: error
, warn
, info
(default), debug
and trace
.iptables
has been replaced by nftables
. The Fail2Ban configuration was adjusted accordingly. If you use iptables
yourself (e.g. in user-patches.sh
), make sure to update the scripts.PERMIT_DOCKER
has a new default value of none
. This change better secures Podman; to keep the old behaviour (adding the container IP address to Postfix's mynetworks
), use PERMIT_DOCKER=container
.ENABLE_SPAMASSASSIN_KAM
.fail2ban
command was reworked and can now ban IP addresses as well.PERMIT_DOCKER=none
as new default value by @casperklein in #2424
setup.sh debug inspect
command from usage description by @casperklein in #2454
CLAMAV_MESSAGE_SIZE_LIMIT
env by @casperklein in #2453
REPORT_SENDER
default value by @casperklein in #2487
_errex
-> _exit_with_error
by @georglauterbach in #2497
target/bin/
by @georglauterbach in #2500
daemon-stack.sh
by @georglauterbach in #2496
_log
to sedfile
by @georglauterbach in #2507
.github/FUNDING.yml
by @georglauterbach in #2512
check-for-changes.sh
by @georglauterbach in #2498
DMS_DEBUG
by @georglauterbach in #2523
iptables
with nftables
by @georglauterbach in #2505
TZ
environment variable to set timezone by @georglauterbach in #2530
setup.sh
DATABASE fallback ENV by @polarathene in #2556
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.5.0...v11.0.0
Published by georglauterbach over 2 years ago
check-for-changes.sh
was fixed (#2401)SPAMASSASSIN_SPAM_TO_INBOX
's default changed to 1
.SSL_TYPE=manual
-setups.LOGWATCH_SENDER
, ENABLE_DNSBL
and ENABLE_SPAMASSASSIN_KAM
.libldap-common
to packages in Dockerfile by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2341
testssl
field name change by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2353
LOGWATCH_SENDER
by @craue in https://github.com/docker-mailserver/docker-mailserver/pull/2362
listmailuser
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2382
README.md
and Documentation Update by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2389
exec
in helper-functions.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2401
/etc/postfix/regexp
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2397
SPAMASSASSIN_SPAM_TO_INBOX
by @craue in https://github.com/docker-mailserver/docker-mailserver/pull/2361
${SSL_TYPE} == manual
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2404
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.4.0...v10.5.0
Published by polarathene almost 3 years ago
This release upgrades our base image from Debian 10 to Debian 11.
There is also an important regression fixed for SSL_TYPE=letsencrypt
users.
check-for-changes.sh
introduced in v10.3.0
affected SSL_TYPE=letsencrypt
, preventing detection of cert renewals to restart services (unless using acme.json
) #2326
3.4
to 3.5
. Dovecot upgraded from 2.3.4
to 2.3.13
. Python 2 is no longer included in the image, Python 3 remains (more information).yescrypt
is now supported upstream as a password hash algorithm, docker-mailserver
continues to use SHA512-CRYPT
(more information).Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.3.0...v10.4.0
Published by polarathene almost 3 years ago
This release fixes some issues with Dovecot Quotas (enabled by default), the SSL_DOMAIN
ENV (rarely needed), DKIM and DMARC support.
Additionally there are some minor improvements and internal changes with HOSTNAME
/ DOMAINNAME
handling, SSL_TYPE=letsencrypt
and ACME cert extraction (Traefik specific) that should resolve some edge cases with handling cert renewals.
WARNING: This release had a small regression affecting the detection of changes for certificates provisioned in /etc/letsencrypt
with the config ENV SSL_TYPE=letsencrypt
, unless you use Traefik's acme.json
. If you rely on this functionality to restart Postfix and Dovecot when updating your cert files, this will not work and it is advised to upgrade to v10.4.0
or newer prior to renewal of your certificates.
userdb
will now additionally create "dummy" accounts for basic alias maps (alias maps to a single real account managed by Dovecot, relaying to external providers aren't affected) when ENABLE_QUOTAS=1
(default) as a workaround for Postfix quota-status
plugin querying Dovecot with inbound mail for a user, which Postfix uses to reject mail if quota has been exceeded (to avoid risk of blacklisting from spammers abusing backscatter) #2248
setup email list
command will no longer attempt to query Dovecot quota status when ENABLE_QUOTAS
is disabled #2264
SSL_DOMAIN
ENV should now work much more reliably #2274, #2278, #2279
refile:
(regex type) from KeyTable entry in opendkim.conf
, fixes validation error output from opendkim-testkey
#2249
opendmarc.conf
. This avoids an authentication failure where an OpenDKIM header was previously ignored #2291
ONE_DIR=1
(default), the spool-postfix
folder now has the correct permissions carried over. This resolves some failures notably with sieve filters #2273
user-patches.sh
is now invoked via bash
to assist Kubernetes deployments with ConfigMap
#2295
These changes are primarily internal and are only likely relevant to users that maintain their own modifications related to the changed files.
master.cf
has been removed, it should not affect any users as our images have not included any of the related processes #2272
check-for-changes.sh
was carrying some duplicate code from setup-stack.sh
that was falling out of sync, they now share common code #2260
acme.json
extraction was refactored into a CLI utility and updated to Python 3 (required for future upgrade to Debian 11 Bullseye base image) #2274
acme.json
and SSL_DOMAIN
work, logic for SSL_TYPE=letsencrypt
was also revised #2278
HOSTNAME
and DOMAINNAME
from user configured hostname
and domainname
settings #2280
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.2.0...v10.3.0
Published by georglauterbach about 3 years ago
A lot of stuff happened in this release. Make sure to read on to get all important updates! Enjoy :)
With this release, internal TLS functionality was revised. If you run a special or custom setup, make sure to adjust it accordingly. If you're running a normal setup, you will not have to change anything for SSL. The certificates are now stored under /etc/dms/tls/
.
sed
's are now checked (#2158)ONE_DIR
to 1
(#2148)mkcert.sh
(#2196)setup.sh
to now use a running container first if one exists (#2134)setup.sh
functionality inside the container to be version independent again (#2174)HOSTNAME
and DOMAINNAME
setup improved (#2175)delmailuser
can now delete mailboxed without TLD (#2172)_setup_ssl
in setup-stack.sh
(#2196)setup.sh
completely non-interactive for Podman users (#2201)Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.2...v10.2.0
Published by casperklein about 3 years ago
This is bug fix release. It reverts a regression introduced with #2104.
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.1...v10.1.2
Published by wernerfred about 3 years ago
This release mainly improves on v10.1.0
with small bugfixes/improvements and dependency updates
CONTRIBUTORS.md
now also shows every code contributor from the past (#2143)Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.0...v10.1.1