Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release.
This release features a lot of small and medium-sized changes, many related to how the image is build and tested during CI. The build now requires Docker Buildkit as the ClamAV Signatures are added via COPY --link ...
during build-time. Moreover, the build is now multi-stage. ENABLE_LDAP
is now deprecated.
faq.md
by @smargold476 in https://github.com/docker-mailserver/docker-mailserver/pull/2677
_create_accounts()
should run after waiting by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2731
addmailuser
- Remove delaying completion until /var/mail
is ready by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2729
helpers/log.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2754
reject_unknown_client_hostname
to main.cf by @GoliathLabs in https://github.com/docker-mailserver/docker-mailserver/pull/2691
outputs
to workflow_call
on generic_build
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2780
postfix-accounts.cf
during setup by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2820
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.1.0...v11.2.0
In this release the relay-host support saw significant internal refactoring in preparation for a future breaking change. Similar extensive restructuring through the codebase also occurred, where each PR provides more details. Care was taken to avoid breakage, but there may be some risk affecting unsupported third-party customizations which our test suite is unaware of.
/var/mail-state
, disabled services will no longer copy over data redundantly (#2608)setup.sh -c <container name>
no longer ignores <container name>
when more than 1 docker-mailserver
container is running (#2622)postfix-sasl-password.cf
, postfix-relaymap.cf
, and postfix-regexp.cf
(#2623)setup config dkim
should now detect the domain implicitly (#2620)SYS_PTRACE
is no longer necessary (#2624)healthcheck
command (#2625)main.cf
setting compatibility_level
was set to 2
during our startup scripts. This is now part of our default shipped main.cf
config (#2597)main.cf
override/extension support via postfix-main.cf
has been improved to support multi-line values, instead of the previous single-line only support (#2598)SASL_PASSWD
ENV
An old ENV SASL_PASSWD
has been around for supporting relay-host authentication, but since superceded by the postfix-sasl-password.cf
config file. It will be removed in a future major release as detailed here.
Platform Support - ARMv7 This is a very old platform, superceded by ARMv8 and newer with broad product availability around 2016 onwards. Support was introduced primarily for users the older generations of Raspberry Pi. ARM64 is the modern target for ARM devices.
If you require ARMv7 support, please let us know.
DOCKER_HOST
missing unix://
by @pyy in https://github.com/docker-mailserver/docker-mailserver/pull/2589
start-mailserver.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2587
grep
on first starts by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2591
SASLAUTHD_*
variables in start-mailserver.sh
by @casperklein in https://github.com/docker-mailserver/docker-mailserver/pull/2562
relay.sh
helper by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2604
compatibility_level
setting by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2597
SASL_PASSWD
ENV support by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2605
CONTAINER_NAME
value by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2622
SYS_PTRACE
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2624
setup.sh
cases to their own test file by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2629
/var/mail
ownership workaround by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2628
check-for-changes.sh
): Drop redundant guards by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2623
check-for-changes.sh
by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2615
/etc/postfix/vhost
updates by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2616
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.0.0...v11.1.0
DMS_DEBUG
has been replaced by LOG_LEVEL
to better control the verbosity of logs we output. The new logger is more structured and follows standard log conventions. LOG_LEVEL
can be set to: error
, warn
, info
(default), debug
and trace
.iptables
has been replaced by nftables
. The Fail2Ban configuration was adjusted accordingly. If you use iptables
yourself (e.g. in user-patches.sh
), make sure to update the scripts.PERMIT_DOCKER
has a new default value of none
. This change better secures Podman; to keep the old behaviour (adding the container IP address to Postfix's mynetworks
), use PERMIT_DOCKER=container
.ENABLE_SPAMASSASSIN_KAM
.fail2ban
command was reworked and can now ban IP addresses as well.PERMIT_DOCKER=none
as new default value by @casperklein in #2424
setup.sh debug inspect
command from usage description by @casperklein in #2454
CLAMAV_MESSAGE_SIZE_LIMIT
env by @casperklein in #2453
REPORT_SENDER
default value by @casperklein in #2487
_errex
-> _exit_with_error
by @georglauterbach in #2497
target/bin/
by @georglauterbach in #2500
daemon-stack.sh
by @georglauterbach in #2496
_log
to sedfile
by @georglauterbach in #2507
.github/FUNDING.yml
by @georglauterbach in #2512
check-for-changes.sh
by @georglauterbach in #2498
DMS_DEBUG
by @georglauterbach in #2523
iptables
with nftables
by @georglauterbach in #2505
TZ
environment variable to set timezone by @georglauterbach in #2530
setup.sh
DATABASE fallback ENV by @polarathene in #2556
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.5.0...v11.0.0
check-for-changes.sh
was fixed (#2401)SPAMASSASSIN_SPAM_TO_INBOX
's default changed to 1
.SSL_TYPE=manual
-setups.LOGWATCH_SENDER
, ENABLE_DNSBL
and ENABLE_SPAMASSASSIN_KAM
.libldap-common
to packages in Dockerfile by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2341
testssl
field name change by @polarathene in https://github.com/docker-mailserver/docker-mailserver/pull/2353
LOGWATCH_SENDER
by @craue in https://github.com/docker-mailserver/docker-mailserver/pull/2362
listmailuser
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2382
README.md
and Documentation Update by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2389
exec
in helper-functions.sh
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2401
/etc/postfix/regexp
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2397
SPAMASSASSIN_SPAM_TO_INBOX
by @craue in https://github.com/docker-mailserver/docker-mailserver/pull/2361
${SSL_TYPE} == manual
by @georglauterbach in https://github.com/docker-mailserver/docker-mailserver/pull/2404
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.4.0...v10.5.0
This release upgrades our base image from Debian 10 to Debian 11.
There is also an important regression fixed for SSL_TYPE=letsencrypt
users.
check-for-changes.sh
introduced in v10.3.0
affected SSL_TYPE=letsencrypt
, preventing detection of cert renewals to restart services (unless using acme.json
) #2326
3.4
to 3.5
. Dovecot upgraded from 2.3.4
to 2.3.13
. Python 2 is no longer included in the image, Python 3 remains (more information).yescrypt
is now supported upstream as a password hash algorithm, docker-mailserver
continues to use SHA512-CRYPT
(more information).Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.3.0...v10.4.0
This release fixes some issues with Dovecot Quotas (enabled by default), the SSL_DOMAIN
ENV (rarely needed), DKIM and DMARC support.
Additionally there are some minor improvements and internal changes with HOSTNAME
/ DOMAINNAME
handling, SSL_TYPE=letsencrypt
and ACME cert extraction (Traefik specific) that should resolve some edge cases with handling cert renewals.
WARNING: This release had a small regression affecting the detection of changes for certificates provisioned in /etc/letsencrypt
with the config ENV SSL_TYPE=letsencrypt
, unless you use Traefik's acme.json
. If you rely on this functionality to restart Postfix and Dovecot when updating your cert files, this will not work and it is advised to upgrade to v10.4.0
or newer prior to renewal of your certificates.
userdb
will now additionally create "dummy" accounts for basic alias maps (alias maps to a single real account managed by Dovecot, relaying to external providers aren't affected) when ENABLE_QUOTAS=1
(default) as a workaround for Postfix quota-status
plugin querying Dovecot with inbound mail for a user, which Postfix uses to reject mail if quota has been exceeded (to avoid risk of blacklisting from spammers abusing backscatter) #2248
setup email list
command will no longer attempt to query Dovecot quota status when ENABLE_QUOTAS
is disabled #2264
SSL_DOMAIN
ENV should now work much more reliably #2274, #2278, #2279
refile:
(regex type) from KeyTable entry in opendkim.conf
, fixes validation error output from opendkim-testkey
#2249
opendmarc.conf
. This avoids an authentication failure where an OpenDKIM header was previously ignored #2291
ONE_DIR=1
(default), the spool-postfix
folder now has the correct permissions carried over. This resolves some failures notably with sieve filters #2273
user-patches.sh
is now invoked via bash
to assist Kubernetes deployments with ConfigMap
#2295
These changes are primarily internal and are only likely relevant to users that maintain their own modifications related to the changed files.
master.cf
has been removed, it should not affect any users as our images have not included any of the related processes #2272
check-for-changes.sh
was carrying some duplicate code from setup-stack.sh
that was falling out of sync, they now share common code #2260
acme.json
extraction was refactored into a CLI utility and updated to Python 3 (required for future upgrade to Debian 11 Bullseye base image) #2274
acme.json
and SSL_DOMAIN
work, logic for SSL_TYPE=letsencrypt
was also revised #2278
HOSTNAME
and DOMAINNAME
from user configured hostname
and domainname
settings #2280
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.2.0...v10.3.0
A lot of stuff happened in this release. Make sure to read on to get all important updates! Enjoy :)
With this release, internal TLS functionality was revised. If you run a special or custom setup, make sure to adjust it accordingly. If you're running a normal setup, you will not have to change anything for SSL. The certificates are now stored under /etc/dms/tls/
.
sed
's are now checked (#2158)ONE_DIR
to 1
(#2148)mkcert.sh
(#2196)setup.sh
to now use a running container first if one exists (#2134)setup.sh
functionality inside the container to be version independent again (#2174)HOSTNAME
and DOMAINNAME
setup improved (#2175)delmailuser
can now delete mailboxed without TLD (#2172)_setup_ssl
in setup-stack.sh
(#2196)setup.sh
completely non-interactive for Podman users (#2201)Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.2...v10.2.0
This is bug fix release. It reverts a regression introduced with #2104.
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.1...v10.1.2
This release mainly improves on v10.1.0
with small bugfixes/improvements and dependency updates
CONTRIBUTORS.md
now also shows every code contributor from the past (#2143)Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.0...v10.1.1
This release mainly improves on v10.0.0
with many bugfixes.
Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.0.0...v10.1.0