Docker Mailserver Versions Save

Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.

v11.2.0

1 year ago

Please refer to the CHANGELOG to get the complete and comprehensive overview of this release.

Summary

This release features a lot of small and medium-sized changes, many related to how the image is build and tested during CI. The build now requires Docker Buildkit as the ClamAV Signatures are added via COPY --link ... during build-time. Moreover, the build is now multi-stage. ENABLE_LDAP is now deprecated.

What's Changed

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.1.0...v11.2.0

v11.1.0

1 year ago

In this release the relay-host support saw significant internal refactoring in preparation for a future breaking change. Similar extensive restructuring through the codebase also occurred, where each PR provides more details. Care was taken to avoid breakage, but there may be some risk affecting unsupported third-party customizations which our test suite is unaware of.

Features

Fixes

  • Using Port 465 to authenticate with a relay-host no longer breaks the Amavis transport for Postfix (#2607)
  • When mounting /var/mail-state, disabled services will no longer copy over data redundantly (#2608)
  • Amavis is now aware of new domains detected during Change Detection, no longer skipping virus and spam filtering (#2616)
  • setup.sh -c <container name> no longer ignores <container name> when more than 1 docker-mailserver container is running (#2622)

Improvements

  • The Change Detector service will now only process relevant changes (#2615), in addition to now monitoring postfix-sasl-password.cf, postfix-relaymap.cf, and postfix-regexp.cf (#2623)
  • For LDAP users that only need to support a single mail domain, setup config dkim should now detect the domain implicitly (#2620)
  • The container capability SYS_PTRACE is no longer necessary (#2624)
  • Added an example for configuring a basic container healthcheck command (#2625)
  • Postfix main.cf setting compatibility_level was set to 2 during our startup scripts. This is now part of our default shipped main.cf config (#2597)
  • The Postfix main.cf override/extension support via postfix-main.cf has been improved to support multi-line values, instead of the previous single-line only support (#2598)

Deprecation Notice

  • SASL_PASSWD ENV An old ENV SASL_PASSWD has been around for supporting relay-host authentication, but since superceded by the postfix-sasl-password.cf config file. It will be removed in a future major release as detailed here.

  • Platform Support - ARMv7 This is a very old platform, superceded by ARMv8 and newer with broad product availability around 2016 onwards. Support was introduced primarily for users the older generations of Raspberry Pi. ARM64 is the modern target for ARM devices.

    If you require ARMv7 support, please let us know.

What's Changed (Generated)

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v11.0.0...v11.1.0

v11.0.0

2 years ago

Major Changes

  1. Internal logging has been refactored. The environment variable DMS_DEBUG has been replaced by LOG_LEVEL to better control the verbosity of logs we output. The new logger is more structured and follows standard log conventions. LOG_LEVEL can be set to: error, warn, info (default), debug and trace.
  2. iptables has been replaced by nftables. The Fail2Ban configuration was adjusted accordingly. If you use iptables yourself (e.g. in user-patches.sh), make sure to update the scripts.
  3. PERMIT_DOCKER has a new default value of none. This change better secures Podman; to keep the old behaviour (adding the container IP address to Postfix's mynetworks), use PERMIT_DOCKER=container.

Minor Changes

  1. Many minor improvements were made (cleanup & refactoring). Please refer to the section below to get an overview over all improvements. Moreover, there was a lot of cleanup in the scripts and in the tests. The documentation was adjusted accordingly.
  2. New environment variables were added:
    1. CLAMAV_MESSAGE_SIZE_LIMIT
    2. TZ
  3. SpamAssassin KAM was added with ENABLE_SPAMASSASSIN_KAM.
  4. The fail2ban command was reworked and can now ban IP addresses as well.
  5. There were a few small fixes, especially when it comes to bugs in scripts and service restart loops (no functionality changes, only fixes of existing functionality). When building an image from the Dockerfile - Installation of Postfix on modern Linux distributions should now always succeed.
  6. Some default values for environment values changed: these are mostly non-critical, please refer to #2428 and #2487.

Merged Pull Requests

  • [improvement] tests: remove legacy functions / tests by @casperklein in #2434
  • [improvement] PERMIT_DOCKER=none as new default value by @casperklein in #2424
  • [improvement] Adjust environment variables to more sensible defaults by @georglauterbach in #2428
  • [fix] macOS linting support by @NorseGaud in #2448
  • [improvement] Rename config examples directory by @casperklein in #2438
  • [docs] FAQ - Update naked/bare domain section by @sportshead in #2446
  • [improvement] Remove obsolete setup.sh debug inspect command from usage description by @casperklein in #2454
  • [feature] Introduce CLAMAV_MESSAGE_SIZE_LIMIT env by @casperklein in #2453
  • [fix] remove SA reload for KAM by @georglauterbach in #2456
  • [docs] Enhance logrotate description by @casperklein in #2469
  • [improvement] Remove macOS specific code / support + shellcheck should avoid python, regardless of permissions by @NorseGaud in #2466
  • [docs] Update fail2ban.md by @casperklein in #2484
  • [fix] Makefile: Remove backup/restore of obsolete config directory by @casperklein in #2479
  • [improvement] scripts: small refactorings by @georglauterbach in #2485
  • [fix] Building on Ubuntu 21.10 failing to install postfix by @NorseGaud in #2468
  • [improvement] Use FQDN as REPORT_SENDER default value by @casperklein in #2487
  • [improvement] Improve test, get rid of sleep by @casperklein in #2492
  • [feature] scripts: new log by @georglauterbach in #2493
  • [fix] Restart supervisord early by @casperklein in #2494
  • [improvement] scripts: renamed function _errex -> _exit_with_error by @georglauterbach in #2497
  • [improvement] Remove invalid URL from SPF message by @casperklein in #2503
  • [improvement] scripts: refactored scripts located under target/bin/ by @georglauterbach in #2500
  • [improvement] scripts: refactoring & miscellaneous small changes by @georglauterbach in #2499
  • [improvement] scripts: refactored daemon-stack.sh by @georglauterbach in #2496
  • [fix] add compatibility for Bash 4 to setup.sh by @georglauterbach in #2519
  • [fix] tests: disabled "quota exceeded" test by @georglauterbach in #2511
  • [fix] typo in setup-stack.sh by @eltociear in #2521
  • [improvement] scripts: introduce _log to sedfile by @georglauterbach in #2507
  • [feature] create .github/FUNDING.yml by @georglauterbach in #2512
  • [improvement] scripts: refactored check-for-changes.sh by @georglauterbach in #2498
  • [improvement] scripts: remove DMS_DEBUG by @georglauterbach in #2523
  • [feature] firewall: replace iptables with nftables by @georglauterbach in #2505
  • [improvement] log: adjust level and message(s) slightly for four messages by @georglauterbach in #2532
  • [improvement] log: introduce proper log level fallback and env getter function by @georglauterbach in #2506
  • [feature] scripts: added TZ environment variable to set timezone by @georglauterbach in #2530
  • [improvement] setup: added grace period for account creation by @georglauterbach in #2531
  • [improvement] refactor: letsencrypt implicit location discovery by @polarathene in #2525
  • [improvement] setup.sh/setup: show usage when no argument is given by @casperklein in #2540
  • [improvement] Dockerfile: Remove not needed ENVs and add comment by @casperklein in #2541
  • [improvement] chore: (setup-stack.sh) Fix a small typo by @polarathene in #2552
  • [feature] Add ban feature to fail2ban script by @casperklein in #2538
  • [fix] Fix changedetector restart loop by @casperklein in #2548
  • [improvement] chore: Drop setup.sh DATABASE fallback ENV by @polarathene in #2556

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.5.0...v11.0.0

v10.5.0

2 years ago

What's Changed

Critical Changes

  1. This release fixes a critical issue for LDAP users, installing a needed package on Debian 11 on build-time. Moreover, a race-condition was eliminated (#2341).
  2. A resource leak in check-for-changes.sh was fixed (#2401)

Other Minor Changes

  1. SPAMASSASSIN_SPAM_TO_INBOX's default changed to 1.
  2. Changedetector functionality was added to SSL_TYPE=manual-setups.
  3. Three new environment variables were introduced: LOGWATCH_SENDER, ENABLE_DNSBL and ENABLE_SPAMASSASSIN_KAM.
  4. There are plenty of bug fixes and documentation enhancements with this release.

All Merged Pull Requests

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.4.0...v10.5.0

v10.4.0

2 years ago

What's Changed

This release upgrades our base image from Debian 10 to Debian 11.
There is also an important regression fixed for SSL_TYPE=letsencrypt users.

Changelog

  • [fix] A regression with check-for-changes.sh introduced in v10.3.0 affected SSL_TYPE=letsencrypt, preventing detection of cert renewals to restart services (unless using acme.json) #2326
  • [improvement] Base image upgraded from Debian 10 Buster to Debian 11 Bullseye #2116
    • Postfix upgraded from 3.4 to 3.5. Dovecot upgraded from 2.3.4 to 2.3.13. Python 2 is no longer included in the image, Python 3 remains (more information).
    • yescrypt is now supported upstream as a password hash algorithm, docker-mailserver continues to use SHA512-CRYPT (more information).
  • [chore] Dovecot statistics service disabled #2292

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.3.0...v10.4.0

v10.3.0

2 years ago

Description

This release fixes some issues with Dovecot Quotas (enabled by default), the SSL_DOMAIN ENV (rarely needed), DKIM and DMARC support.

Additionally there are some minor improvements and internal changes with HOSTNAME / DOMAINNAME handling, SSL_TYPE=letsencrypt and ACME cert extraction (Traefik specific) that should resolve some edge cases with handling cert renewals.

WARNING: This release had a small regression affecting the detection of changes for certificates provisioned in /etc/letsencrypt with the config ENV SSL_TYPE=letsencrypt, unless you use Traefik's acme.json. If you rely on this functionality to restart Postfix and Dovecot when updating your cert files, this will not work and it is advised to upgrade to v10.4.0 or newer prior to renewal of your certificates.

Changelog

  • [fix] The Dovecot userdb will now additionally create "dummy" accounts for basic alias maps (alias maps to a single real account managed by Dovecot, relaying to external providers aren't affected) when ENABLE_QUOTAS=1 (default) as a workaround for Postfix quota-status plugin querying Dovecot with inbound mail for a user, which Postfix uses to reject mail if quota has been exceeded (to avoid risk of blacklisting from spammers abusing backscatter) #2248
    • NOTE: If using aliases that map to another alias or multiple addresses, this remains a risk.
  • [fix] setup email list command will no longer attempt to query Dovecot quota status when ENABLE_QUOTAS is disabled #2264
  • [fix] SSL_DOMAIN ENV should now work much more reliably #2274, #2278, #2279
  • [fix] DKIM - Removed refile: (regex type) from KeyTable entry in opendkim.conf, fixes validation error output from opendkim-testkey #2249
  • [fix] DMARC - Removed quotes around the hostname value in opendmarc.conf. This avoids an authentication failure where an OpenDKIM header was previously ignored #2291
  • [fix] When using ONE_DIR=1 (default), the spool-postfix folder now has the correct permissions carried over. This resolves some failures notably with sieve filters #2273
  • [improvement] Warnings are now logged for ClamAV and SpamAssassin if they are enabled but Amavis is disabled (which is required for them to work correctly) #2251
  • [improvement] user-patches.sh is now invoked via bash to assist Kubernetes deployments with ConfigMap #2295

Internal

These changes are primarily internal and are only likely relevant to users that maintain their own modifications related to the changed files.

  • [chore] Redundant config from Postfix master.cf has been removed, it should not affect any users as our images have not included any of the related processes #2272
  • [refactor] check-for-changes.sh was carrying some duplicate code from setup-stack.sh that was falling out of sync, they now share common code #2260
  • [refactor] acme.json extraction was refactored into a CLI utility and updated to Python 3 (required for future upgrade to Debian 11 Bullseye base image) #2274
  • [refactor] As part of the Traefik acme.json and SSL_DOMAIN work, logic for SSL_TYPE=letsencrypt was also revised #2278
  • [improvement] Some minor tweaks to how we derive the internal HOSTNAME and DOMAINNAME from user configured hostname and domainname settings #2280

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.2.0...v10.3.0

v10.2.0

2 years ago

A Big Minor Update

A lot of stuff happened in this release. Make sure to read on to get all important updates! Enjoy :)

Custom TLS Setups

With this release, internal TLS functionality was revised. If you run a special or custom setup, make sure to adjust it accordingly. If you're running a normal setup, you will not have to change anything for SSL. The certificates are now stored under /etc/dms/tls/.

Miscellaneous small additions and changes

  • [ci] improved caching (#2197)
  • [ci] refactored spam tests and introduced common container setup template (#2198)
  • [fix] update Fail2Ban wrapper to propagate errors to user (#2170)
  • [fix] Dockerfile sed's are now checked (#2158)
  • [general] Updated default value of ONE_DIR to 1 (#2148)
  • [docs] updated Kubernetes documentation (#2111)
  • [docs] introduced dedicated Podman documentation (#2179)
  • [docs] miscellaneous documentation improvements
  • [misc] introduced GitHub issue forms for issue templates (#2160)
  • [misc] removed old mkcert.sh (#2196)
  • [scripts] update setup.sh to now use a running container first if one exists (#2134)
  • [scripts] included setup.sh functionality inside the container to be version independent again (#2174)
  • [scripts] HOSTNAME and DOMAINNAME setup improved (#2175)
  • [scripts] delmailuser can now delete mailboxed without TLD (#2172)
  • [scripts] refactored _setup_ssl in setup-stack.sh (#2196)
  • [scripts] properly exit on failure (#2199 in conjunction with #2196)
  • [scripts] make setup.sh completely non-interactive for Podman users (#2201)

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.2...v10.2.0

v10.1.2

2 years ago

Description

This is bug fix release. It reverts a regression introduced with #2104.

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.1...v10.1.2

v10.1.1

2 years ago

Description

This release mainly improves on v10.1.0 with small bugfixes/improvements and dependency updates

Changelog

  • [feat] Add logwatch maillog.conf file to support /var/log/mail/ (#2112)
  • [docs] CONTRIBUTORS.md now also shows every code contributor from the past (#2143)
  • [improve] Avoid chmod +x when not needed (#2127)
  • [improve] check-for-changes: performance improvements (#2104)
  • [dependency] Update various dependencies through docs and base image
  • [security] This release contains also security fixes for OpenSSL

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.1.0...v10.1.1

v10.1.0

2 years ago

Description

This release mainly improves on v10.0.0 with many bugfixes.

Changelog

New Contributors

Full Changelog: https://github.com/docker-mailserver/docker-mailserver/compare/v10.0.0...v10.1.0