Releases: docker-mailserver/docker-mailserver
v13.3.1
Useful Links
- Diff to last release: v13.3.0...v13.3.1
- Our Changelog
What's Changed
This is a patch release fixing two important bugs in v13.3.0
:
- Dovecot: We now restrict the authentication mechanisms for PassDB configurations we manage (oauth2, passwd-file, ldap) (#3812). This prevents misleading auth failures from attempting to authenticate against a PassDB with incompatible auth mechanisms. When the new OAuth2 feature was enabled, it introduced false-positives with logged auth failures which triggered Fail2Ban to ban the IP.
- Rspamd: We now ensure correct ownership (
_rspamd:_rspamd
) for the Rspamd DKIM directory and files (/tmp/docker-mailserver/rspamd/dkim/
)
What's Changed
- fix(typo): comment on mailserver.env by @JamBalaya56562 in #3799
- fix: Ensure correct ownership for the Rspamd DKIM directory by @polarathene in #3813
- fix: Correctly support multiple Dovecot PassDBs by @polarathene in #3812
- docs: Minor revisions to Dovecot Sieve page by @polarathene in #3811
- chore: Raise awareness of v13 breaking change better (Proxy Protocol) by @polarathene in #3818
v13.3.0
Useful Links
- Diff to last release: v13.2.0...v13.3.0
- Our Changelog
What's Changed
The main feature that can be found in this release is added very simple OAUTH2 support. DMS now supports authentication via OAuth2 (via XOAUTH2
or OAUTHBEARER
SASL mechanisms) from capable services (like Roundcube). This does not replace the need for an ACCOUNT_PROVISIONER
(FILE
/ LDAP
), which is required for an account to receive or send mail.
Additionally, MTA-STS support for outbound mail was added to DMS. A bunch of smaller changes have made it into this release as well: Rspamd symbol scores for SPF, DKIM & DMARC have been adjusted to better align with RFC7489; smtputf8
has been disabled directly; scripts were improved (replacing wc -l
with grep -c
, etc.); and a bug fix for jaq
on arm64 was added.
As is usual business, we worked on improving the documentation. Last but not least, the test suite saw bigger changes in the area of helper functions used during tests to send test e-mails.
Merged Pull Requests
- Rspamd: add custom symbol scores for SPF, DKIM & DMARC by @georglauterbach in #3726
- chore: Disable
smtputf8
support in config directly by @polarathene in #3750 - tests: Replace
wc -l
withgrep -c
by @casperklein in #3752 - ci:
.gitattributes
- Ensureeol=lf
for shell scripts by @polarathene in #3755 - docs: SpamAssassin ENV docs refactor by @polarathene in #3756
- Fix jaq: Download platform specific binary by @casperklein in #3766
- tests: normalizations by @georglauterbach in #3747
- feat: Auth - OAuth2 (Dovecot PassDB) by @thechubbypanda in #3480
- Tiny #3480 follow up: Add missing ENABLE_OAUTH2 var by @casperklein in #3775
- feat: Add MTA-STS support for outbound mail by @jsonn in #3592
- tests: small adjustments by @georglauterbach in #3772
- fix: Revert quoting
SA_SPAM_SUBJECT
inmailserver.env
by @polarathene in #3767 - docs: Rspamd DKIM config simplify via
path
setting by @denisix in #3702 - fix: Ensure
.svbin
files are newer than.sieve
source files by @polarathene in #3779 - docs: misc improvements by @georglauterbach in #3773
- chore: Add maintenance comment for
sed
usage by @polarathene in #3789 - tests: Revise
process_check_restart.bats
by @polarathene in #3780 - fix: Ensure
setup dkim
generates DKIM keys with ownership matching the parent directory by @ap-wtioit in #3783 - docs: Guidance for binding outbound SMTP with multiple interfaces available by @norrs in #3465
- docs: Add maintenance comment for
main.cf:reject_unknown_sender_domain
by @polarathene in #3793 - tests: Revise OAuth2 tests by @polarathene in #3795
- release: v13.3 by @georglauterbach in #3781
New Contributors
v13.2.0
Useful Links
- Diff to last release: v13.1.0...v13.2.0
- Our Changelog
What's Changed
Most importantly, DMS is now protected by default against the security vulnerability called "SMTP smuggling". Moreover, we switched from raw netcat (nc
) to swaks
in our test suite - a change that is beneficial for upcoming changes and improvements to our test suite. Last but not least, the log path for Postgrey was corrected.
Merged Pull Requests
- fix:
supervisor-app.conf
- Correct the log location forpostgrey
by @polarathene in #3724 - tests: Use
swaks
instead ofnc
for sending mail by @georglauterbach in #3732 - security(Postfix): Protect against "SMTP Smuggling" attack by @georglauterbach in #3727
- Postfix: add
smtpd_data_restrictions = reject_unauth_pipelining
by @georglauterbach in #3744
v13.1.0
Useful Links
- Diff to last release: v13.0.1...v13.1.0
- Our Changelog
What's Changed
Updated
- Internal
- We now store the version that DMS is running on in the environment variable
DMS_RELEASE
and no longer in the file/VERSION
. Moreover, the update check will use this to determine whether you are running:edge
(to disable the update check if this is the case). - An option to run DMS locally was added, and the docs saw improvements (as usual).
- The quota tests were adjusted and now conform to our new standards.
- We now store the version that DMS is running on in the environment variable
- Documentation
- The troubleshooting documentation was enhanced.
Added
- Rspamd
- The ARM64 build now also uses the official PPA, making the version even for ARM64 and AMD64.
- Dovecot
- The environment variable
ENABLE_IMAP
was added, which works analogous toENABLE_POP3
.
- The environment variable
Fixed
- Internal
- A
sed
line for quota-related changes to Postfix'smain.cf
was not working as expected. This has been taken care of.
- A
Merged Pull Requests
- fix: Logging - Welcome should use
DMS_RELEASE
ENV by @polarathene in #3676 - ci: Add
run-local-instance
target toMakefile
by @georglauterbach in #3663 - docs: Troubleshooting - Bare domain misconfiguration by @polarathene in #3680
- chore: Postfix should integrate Dovecot at runtime by @polarathene in #3681
- Add warning, when update-check is enabled, but no stable release image is used by @casperklein in #3684
- scripts: Install arm64 rspamd from official repository by @p3dda in #3686
- update-check: fix 'read' exit status by @casperklein in #3688
- fix: only set
virtual_mailbox_maps
to texthash when not using LDAP by @reneploetz in #3693 - Add ENV
ENABLE_IMAP
by @casperklein in #3703 - tests(refactor): Dovecot quotas by @polarathene in #3068
- ci: Avoiding linting
CONTRIBUTORS.yml
by @polarathene in #3705 - ci: Allow lint workflow to be manually triggered by @polarathene in #3714
- ci: Remove
VERSION
fromDockerfile
by @polarathene in #3711 - fix:
sed
logic forENABLE_QUOTAS=0
is not actionable by @casperklein in #3715
New Contributors
v13.0.1
This patch release fixes two bugs that Rspamd users encountered with the v13.0.0
release. Big thanks to the those that helped to identify these issues! ❤️
What's Changed
Fixed
- Internal:
- The update check service now queries the latest GH release for a version tag (instead of from a
VERSION
file at the GH repo). This should provide more reliable update notifications (#3666)
- The update check service now queries the latest GH release for a version tag (instead of from a
- Rspamd:
- The check for correct permission on the private key when signing e-mails with DKIM was flawed. The result was that a false warning was emitted (#3669)
- When
RSPAMD_CHECK_AUTHENTICATED=0
, DKIM signing for outbound e-mail was disabled, which is undesirable (#3669). Make sure to check the documentation ofRSPAMD_CHECK_AUTHENTICATED
!
Merged Pull Requests
- docs: update
CONTRIBUTORS.md
by @github-actions in #3656 - bug fix: push
:edge
whenVERSION
is updated as well by @georglauterbach in #3662 - chore(deps): Bump anchore/scan-action from 3.3.6 to 3.3.7 by @dependabot in #3667
- hotfix: solve #3665 by @georglauterbach in #3669
- fix:
update-check.sh
should query GH Releases by @polarathene in #3666
Full Changelog: v13.0.0...v13.0.1
v13.0.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.1.0...v13.0.0.
Summary
v13.0.0
contains a lot of changes! In fact, we never had more pull requests in a single release before 🚀 Thus, please read the following changes thoroughly!
Breaking Changes
LDAP
The environment variables LDAP_SERVER_HOST
, DOVECOT_URIS
, and SASLAUTHD_LDAP_SERVER
will now log an error if the LDAP URI scheme is missing. Previously, there was an implicit fallback to ldap://
(see #3522).
Moreover, ENABLE_LDAP=1
is no longer supported. Please use ACCOUNT_PROVISIONER=LDAP
.
Rspamd
The deprecated path for the Rspamd custom commands file (/tmp/docker-mailserver/rspamd-modules.conf
) now prevents successful startup. The correct path is /tmp/docker-mailserver/rspamd/custom-commands.conf
.
Dovecot
Dovecot mail storage per account in /var/mail
previously shared the same path for the accounts home directory (#3335). The home directory now is a subdirectory home/
. This change better supports sieve scripts. You will need to manually move (manageseive) Sieve scripts from <SERVER>/<ACCOUNT>/sieve
to <SERVER>/<ACCOUNT>/home/sieve
and re-enable them with managesieve. This change has not been implemented yet with ACCOUNT_PROVISIONER=LDAP
.
Postfix
/etc/postfix/master.cf
has renamed the "smtps
" service to "submissions
" (#3235).
- This is the modern
/etc/services
name for port 465, aligning with the similar "submission
" port 587. - If you have configured Proxy Protocol support with a reverse proxy via
postfix-master.cf
(as per our docs guide), you will want to updatesmtps
tosubmissions
there.
Postfix now defaults to supporting DSNs (Delivery Status Notifications) only for authenticated users (via ports 465 + 587). This is a security measure to reduce spammer abuse of your DMS instance as a backscatter source. (#3572). If you need to modify this change, please let us know by opening an issue / discussion. You can opt out (enable DSNs) via the postfix-main.cf override support using the contents: smtpd_discard_ehlo_keywords =. Likewise for authenticated users, the submission(s) ports (465 + 587) are configured internally via master.cf to keep DSNs enabled (since authentication protects from abuse). If necessary, DSNs for authenticated users can be disabled via the postfix-master.cf override with the following contents:
submission/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
submissions/inet/smtpd_discard_ehlo_keywords=silent-discard,dsn
Miscellaneous
This section only contains the most important updates; for a full list, consult our CHANGELOG.
- The default DKIM key size was changed to 2048.
- Getmail was added as an alternative to Fetchmail.
- New environment variables were added:
MARK_SPAM_AS_READ
,DMS_VMAIL_UID
/DMS_VMAIL_GID
, andRSPAMD_CHECK_AUTHENTICATED
.
Our documentation was updated heavily across many pages; especially the debugging section should be much more helpful now.
Rspamd saw many adjustments as well:
- The configuration of the anti-virus engines (for ClamAV) was updated
- Ham is now learned in a better way
logrotate
was implemented for Rspamd logs- The default config location for DKIM was changed to be preserved in a volume now, internal symlinks were removed in favor of simplicity, DKIM key permissions are now verified.
Merged Pull Requests
- docs/misc: update to align with Docker Compose v2 by @georglauterbach in #3295
- Postfix: rename "smtps" to "submissions" by @georglauterbach in #3235
- docs: update Rspamd docs (small improvement) by @georglauterbach in #3318
- chore(main.cf): Add note advising caution changing
mydestination
by @polarathene in #3316 - docs: fix spelling mistakes by @georglauterbach in #3324
- docs: clear up confusion about Rspamd's
override.d
directory by @georglauterbach in #3325 - docs: improve Rspamd docs about DKIM signing of multiple domains by @georglauterbach in #3329
- Fix "OpenDMARC" by @ghnp5 in #3330
- ci: slim down bug report template by @georglauterbach in #3317
- scripts: improve
CLAMAV_MESSAGE_SIZE_LIMIT
usage by @georglauterbach in #3332 - Rspamd: adjust learning of ham by @georglauterbach in #3334
- docs: Fix URL by @casperklein in #3337
- docs: Restore missing edit button by @casperklein in #3338
- docs: Update contributing by @casperklein in #3339
- config: adjust
antivirus.conf
for Rspamd by @georglauterbach in #3331 - ClamAV: add a warning for the internal message size limit by @ap-wtioit in #3341
- Fix typos by @casperklein in #3344
- Dovecot: make home dir distinct from mail dir by @georglauterbach in #3335
- ci: fix scheduled build permissions by @georglauterbach in #3345
- fix: DB helper should properly filter entries by @polarathene in #3359
- ci: fix ShellCheck linting for BATS tests by @georglauterbach in #3347
- feature: adding
getmail
as an alternative tofetchmail
by @LucidityCrash in #2803 - SPAM_TO_INBOX=1; add info about SA_KILL by @casperklein in #3360
- Change if-statement style by @casperklein in #3361
- Change 'function' style by @casperklein in #3364
- Change 'while' style by @casperklein in #3365
- Change 'until' style by @casperklein in #3366
- Change 'for' style by @casperklein in #3368
- Update dkim_dmarc_spf.md by @arunvc in #3367
- Add BASH syntax check to linter by @casperklein in #3369
- Bump hadolint/eclint version by @casperklein in #3371
- docs: add note about DMS FQDN by @georglauterbach in #3372
- misc: remaining v13 todos by @georglauterbach in #3370
- chore: Revise Dockerfile comment on COPY bug by @polarathene in #3378
- ci: Simplify GH bug report template by @polarathene in #3381
- Dovecot: compile
fts_xapian
from source to match Dovecot ABI by @tbutter in #3373 - Don't register _setup_spam_to_junk() when SMTP_ONLY=1 by @casperklein in #3385
- Fix sieve setup by @arkanovicz in #3397
- Fix issue with concatenating $dmarc_milter and $dkim_milter in main.cf by @wligtenberg in #3380
- docs: Add compatibility section to debugging page by @polarathene in #3404
- fix spelling issues in rspamd-dkim by @felixn in #3411
- docs: Rewrite of IPv6 page by @georglauterbach in #3244
- chore: Discourage
latest
in bug report version field by @polarathene in #3435 - docs: IPv6 config examples with content tabs by @polarathene in #3436
- docs: Fix typos by @rriski in https://github.com/docker-ma...
v12.1.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.0.0...v12.1.0.
Summary
Rspamd Stabilization
With v12.1.0, Rspamd is stabilized. We added more documentation (e.g. on the web interface), the option to greylist e-mails, an option to use HFILTER_HOSTNAME_UNKNOWN
and a helper script for DKIM signing. The scripts have been properly stabilized and cleaned up as well, and all WIP warnings are now removed.
Updates to Fail2Ban
Fail2Ban saw some major updates in its configuration. The mode for Postfix was changed to extra
to catch more log lines and the time to find an offender and the time the offer is banned was raised as well.
Smaller Fixes
v12.1.0 also packs a lot of smaller fixes for scripts, our CI and configurations.
What's Changed
- Image registry and setup update by @georglauterbach in #3233
- fix: GH docs update workflow by @georglauterbach in #3241
- docs: update DKIM/DMARC/SPF docs by @georglauterbach in #3231
- docs: renamings by @georglauterbach in #3242
- docs: add note about Rspamd's web interface by @georglauterbach in #3245
- scripts: make
policyd-spf
configurable by @georglauterbach in #3246 - Rspamd: add greylisting option & code refactoring by @georglauterbach in #3206
- Rspamd: replace
reject_unknown_client_hostname
with RspamdHFILTER_HOSTNAME_UNKNOWN
and make it configurable by @georglauterbach in #3248 - tests: fix dovecot: ldap mail delivery works by @ap-wtioit in #3252
- change F2B configs: made config more aggressive by @georglauterbach in #3243
- scripts: get all
policyd-spf
setup in one place by @georglauterbach in #3263 - Posfix: add option to re-enable
reject_unknown_client_hostname
after #3248 by @georglauterbach in #3255 - config-examples: update fail2ban config examples with current DMS default values by @ap-wtioit in #3258
- [FIX] shellcheck: do not check .git folder by @ap-wtioit in #3267
- scripts: disallow alias = account by @georglauterbach in #3270
- postfix.sh: add missing -E for extended regexes in smtpd_sender_restrictions by @ap-wtioit in #3272
- scripts: fix setting
SRS_EXCLUDE_DOMAINS
during startup by @jamebus in #3271 - scripts: improve shutdown function by making PANIC_STRATEGY obsolete by @casperklein in #3265
- misc: make Fail2Ban log persistent by @casperklein in #3269
- ci: update
bug_report.yml
by @georglauterbach in #3275 - ci: simplify
bug_report.yml
by @georglauterbach in #3276 - scripts: remove superfluous
EOF
indmarc_dkim_spf.sh
by @ap-wtioit in #3266 - docs: improve Rspamd docs (part of its stabilization) by @georglauterbach in #3257
- scripts: misc improvements by @georglauterbach in #3281
- Rspamd: script stabilization pt. 1 by @georglauterbach in #3261
- scripts: Rspamd stabilization pt. 2 by @georglauterbach in #3282
- Rspamd: remove WIP warnings by @georglauterbach in #3283
- scripts: apply fixes to helpers when using
set -eE
by @georglauterbach in #3285 - docs: update F2B docs & bind mount links by @georglauterbach in #3293
- docs: update FAQ entries by @georglauterbach in #3294
- ci: revised the contributor workflow by @polarathene in #2227
- scripts: remove unnecessary
return 0
statements by @georglauterbach in #3290 - F2B: update F2B after discussion in #3256 by @georglauterbach in #3288
- fail2ban: add 'log' command by @casperklein in #3299
- scripts: add DKIM helper script for Rspamd by @georglauterbach in #3286
v12.0.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release. Here is the full git-diff: v12.0.0...v12.1.0.
Summary
v12.0.0
is our biggest release yet, with over 100 merged pull requests and closed issues, this release packs a ton of changes & updates. Make sure to thoroughly read the CHANGELOG! We will list the most natable changes now.
Rspamd Support
v12.0.0
is the first release to feature Rspamd. Support for this feature is expected to stabilize with v12.1.0
- we encourage all users to give it a try though, as we feel like support is mature enough to run it on production systems. There will be a dedicated page in our documentation about Rspamd!
We plan on making Rspamd the default anti-spam engine in DMS. For the time being, Rspamd is an opt-in and you'll most likely want to disable Amavis & SA when using Rspamd.
Dropping ARMv7
Support for the already deprecated ARMv7 platform was dropped.
SASL Socket Location
The socket location for SASL changed to /dev/shm/sasl-auth.sock
- custom setups need to take care!
Disabling chroot
We do not use chroot
environments anymore. These environments caused trouble in the past and did not bring an advantage.
Bumping the Minimum TLS Version & Disabling SMTP Authentication on Port 25
The minimum supported protocol is now TLSv1.2. Moreover, we disabled SMTP authentication on the unencrypted port 25.
Fail2Ban Major Version Bump
We now ship Fail2Ban version 1.0.2
, which is one major version ahead of DMS v11.3.1
and the latest version for Debian 11.
MOVE_SPAM_TO_JUNK
Sieve File Adjustments
When using MOVE_SPAM_TO_JUNK
, the Sieve script is now a global-after rule (before it was a global-before rule). This means you will now need to explicitly use the stop
directive and disable implicit keep when using user scripts (e.g. to whitelist e-mails).
Heavily Updated Unit & Integration Tests
While you may not notice this in the final image, we are working hard behind the scenes to further improve our CI. With v12.0.0
, almost all of our tests have been migrated to a new format in which tests can now run in parallel, decreasing the time it takes to test new changes. The code quality was also improved, a ton of comments were added to the helper code and many new helpers now assist in tests.
Miscellaneous
ping
&dig
are now shipped with the image- many minor bugfixes
- added vulnerability scanning workflow to GH Actions
- better default for
SA_KILL
- added check for improper restarts so users directly see when they did a not-supported restart
- the Dovecot community repository is now the default
- removed DNSBLs from Postfix's recipient checks
- removed all wrapper scripts, cleaning up the code
Merged Pull Requests
[Excluding PRs by @dependabot & @github-actions.]
- chore: Update changelog and version by @casperklein in #2944
- ci: Drop support for ARM v7 platform by @polarathene in #2943
- chore: Remove legacy ENV
SASL_PASSWD
by @polarathene in #2946 - fix(changedetector): Use service
reload
commands instead ofsupervisorctl restart <service>
by @polarathene in #2947 - chore: Drop support for deprecated TLS versions by @polarathene in #2945
- docs(fix): README - Update CI status badge URL by @polarathene in #2951
- fix: Ensure relay host properly handles credentials check by @reneploetz in #2965
- update: make the Dovecot community repository the default by @georglauterbach in #2901
- tests(fix):
wait_until_change_detection_event_completes
to count by @polarathene in #2974 - tests: Use
mail.example.test
as common container hostname by @polarathene in #2975 - update: bump Fail2Ban version to v1.0.2 by @georglauterbach in #2959
- fix: regex in quota activation code by @Marsu31 in #2958
- feature: provide initial Rspamd support by @georglauterbach in #2902
- ci: more parallel tests by @georglauterbach in #2938
- Add docker-data/ to .gitignore by @casperklein in #2982
- tests: Extract some test cases out from
tests.bats
by @polarathene in #2980 - docs: Provision a cert with the ACME DNS-01 challenge via Certbot + Cloudflare by @ShiriNmi1520 in #2968
- chore(housekeeping): Cleaning up broken links by @polarathene in #2667
- update BATS & helper + minor updates to BATS variables by @georglauterbach in #2988
- Add tools (ping & dig) to the image by @casperklein in #2989
- Fix several typos by @casperklein in #2990
- Fix several typos by @casperklein in #2993
- docs: FAQ - Add note for
devnull
alias gotcha when using a catchall rule by @worldworm in #2949 - tests(refactor): Adjust
mail_tls_dhparams.bats
by @polarathene in #2994 - fix: Workaround
postconf
write settling logic by @polarathene in #2998 - chore: Remove the Makefile
backup
target by @polarathene in #3000 - tests(refactor):
mail_lmtp_ip.bats
by @polarathene in #3004 - Fix SRS link in README.md by @Jeidnx in #3005
- tests(refactor): Adjust
mail_changedetector
+ change detection helpers by @polarathene in #2997 - tests(refactor):
mail_fetchmail.bats
+ co-locate test cases for processes by @polarathene in #3010 - tests(refactor): Improve consistency and documentation for test helpers by @georglauterbach in #3012
- chore(Makefile): Ensure targets are always run by @polarathene in #3013
- tests(refactor): Migrate
mail_privacy.bats
to new format and helpers by @polarathene in #3014 - docs: clarification of description of explicit TLS by @i-C-o-d-e-r in #3017
- tests: refactor 4 more tests by @georglauterbach in #3018
- docs: add a dedicated page for tests with more information by @georglauterbach in #3019
- fix: Ensure state persisted to
/var/mail-state
retains correct group by @polarathene in #3011 - quality-of-life: improve the
clean
recipe (don't requiresudo
anymore) by @georglauterbach in #3020 - feature: provide better rspamd suppport by @georglauterbach in #3016
- ci: update & streamline GH Actions runner images by @georglauterbach in #3025
- tests(refactor): Amavis
spam_junk_folder.bats
+spam_bounced.bats
by @polarathene in #3036 - tests(refactor):
mail_hostname.bats
by @polarathene in #3027 - chore: Remove wrapper script for fail2ban service by @polarathene in #3032
- chore: Remove package
gamin
by @polarathene in #3030 - tests:
tls_cipherlists
should configuretestssl.sh
to use CA cert by @polarathene in #3037 - test helpers: add functionality for sending emails by @georglauterbach in #3026
- chore: Remove the wrapper script for Postfix (and disable chroot in
master.cf
) by @polarathene in #3033 - rspamd: follow-up of #3016 by @georglauterbach in #3039
- postfix header filter: correct the casing for Mime vs. MIME by @georglauterbach in https://github.com/docker-mailserver/docke...
v11.3.1
Summary
This patch version fixes a build-time error when using the Dovecot community repository. This does not affect users that use the plain container image but people who build DMS on their own with DOVECOT_COMMUNITY_REPO=1
.
What's Changed
- Fix dovecot-fts-xapian dependency, when using dovecot community repository by @casperklein in #2937
- reverted #2903 which got merged in the meantime
Full Changelog: v11.3.0...v11.3.1
v11.3.0
Please refer to the CHANGELOG to get the complete and comprehensive overview of this release.
Summary
Internal Changes
This release saw significant changes to the CI: we are now capable of running tests in parallel, which will cut down test time significantly in the future. Future pull requests will improve this further.
External Changes
The Postfix / Postscreen configuration was adjusted to better work with DNSBL return codes (throwing away invalid or useless return codes or codes that indicate using an open resolver). The user-patches.sh
is now run exactly at the time the documentation says it will run. Fetchmal data was made persistent. Some scripts was minor bug fixes.
Deprecation Notice
-
Removing TLS 1.0 and TLS 1.1 ciphersuites from
TLS_LEVEL=intermediate
You should not realistically need support for TLS 1.0 or TLS 1.1, except in niche scenarios such as an old printer/scanner device that refuses to negotiate a compatible non-vulnerable cipher. More details covered here. -
SASL_PASSWD
ENV
An old ENVSASL_PASSWD
has been around for supporting relay-host authentication, but since superceded by thepostfix-sasl-password.cf
config file. It will be removed in a future major release as detailed here. -
Platform Support - ARMv7
This is a very old platform, superceded by ARMv8 and newer with broad product availability around 2016 onwards.
Support was introduced primarily for users of the older generations of Raspberry Pi. ARM64 is the modern target for ARM devices.If you require ARMv7 support, please let us know.
What's Changed
- ci: misc test enhancements by @georglauterbach in #2815
- Fix typo by @casperklein in #2830
- Run user-patches.sh right before starting daemons by @casperklein in #2817
- fail2ban: enable network bans by @casperklein in #2818
- Fix: Run Amavis cron job only when Amavis is enabled by @casperklein in #2831
- build: cleaned up Makefile by @georglauterbach in #2833
- Remove unusual space from shebang line by @casperklein in #2834
- setup: fix unbound variable error by @casperklein in #2849
- Fix: Make fetchmail data persistant by @casperklein in #2851
- Follow up for #2849 by @casperklein in #2853
- Run fetchmail not in verbose mode by @casperklein in #2859
- scripts: Improve error handling, when parameters are missing by @casperklein in #2854
- Add OS version to issue template by @casperklein in #2870
- setup.sh: Remove __err function by @casperklein in #2876
- Bugfix: './setup.sh email list' does not display aliases correctly by @casperklein in #2881
- improvement: issue form by @georglauterbach in #2891
- fix: adjust DNSBL return code interpretation by @georglauterbach in #2890
- ci: update to new output format on GH actions by @georglauterbach in #2892
- ci: run tests in parallel (part 1) by @georglauterbach in #2857
- docs: Improve
setup
CLI password example by @pravynandas in #2926 - fix(
opendmarc.conf
): Change the default OpenDMARC policy to reject by @k3it in #2933
New Contributors
- @pravynandas made their first contribution in #2926
Full Changelog: v11.2.0...v11.3.0