Merge branch 'master' into fix/setup-cli-email-list-add-compat-error

2025-07-30 07:35:07 +02:00 · 2025-04-23 22:54:52 +02:00 · 2025-04-23 22:54:52 +02:00 · 503072e1a7
commit 503072e1a7
parent db319d8d87 4b0e3a5002
6 changed files with 29 additions and 6 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file. The format

 > **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.

+### Added
+
+- **Internal:**
+  - [`DMS_CONFIG_POLL`](https://docker-mailserver.github.io/docker-mailserver/v15.0/config/environment/#dms_config_poll) supports adjusting the polling rate (seconds) for the change detection service `check-for-changes.sh` ([#4450](https://github.com/docker-mailserver/docker-mailserver/pull/4450))
+
 ### Updates

 - **Documentation:**
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@ -366,6 +366,23 @@ Default: empty (no prefix will be added to e-mails)

    Add trailing white-space by quote wrapping the value: `SPAM_SUBJECT='[SPAM] '`

+##### DMS_CONFIG_POLL
+
+Defines how often DMS polls [monitored config files][gh::monitored-configs] for changes in the DMS Config Volume. This also includes TLS certificates and is often relied on for applying changes managed via `setup` CLI commands.
+
+- **`2`** => How often (in seconds) [change detection][gh::check-for-changes] is performed.
+
+!!! note "Decreasing the frequency of polling for changes"
+
+    Raising the value will delay how soon a change is detected which may impact UX expectations for responsiveness, but reduces resource usage when changes are rare.
+
+!!! info
+
+    When using `ACCOUNT_PROVISIONER=LDAP`, the change detection feature is presently disabled.
+
+[gh::check-for-changes]: https://github.com/docker-mailserver/docker-mailserver/blob/v15.0.0/target/scripts/check-for-changes.sh#L37
+[gh::monitored-configs]: https://github.com/docker-mailserver/docker-mailserver/blob/v15.0.0/target/scripts/helpers/change-detection.sh#L30-L42
+
 #### Rspamd

 ##### ENABLE_RSPAMD
--- a/docs/content/config/security/ssl.md
+++ b/docs/content/config/security/ssl.md
@ -13,7 +13,7 @@ There are multiple options to enable SSL (via [`SSL_TYPE`][docs-env::ssl-type]):
 After installation, you can test your setup with:

 - [`checktls.com`](https://www.checktls.com/TestReceiver)
- [`testssl.sh`](https://github.com/drwetter/testssl.sh)
+- [`testssl.sh`](https://github.com/testssl/testssl.sh)

 !!! warning "Exposure of DNS labels through Certificate Transparency"

--- a/target/scripts/check-for-changes.sh
+++ b/target/scripts/check-for-changes.sh
@ -211,7 +211,7 @@ function _rspamd_changes() {

 while true; do
  _check_for_changes
-  sleep 2
+  sleep "${DMS_CONFIG_POLL:-2}"
 done

 exit 0
--- a/target/scripts/startup/variables-stack.sh
+++ b/target/scripts/startup/variables-stack.sh
@ -157,6 +157,7 @@ function __environment_variables_general_setup() {
  _log 'trace' 'Setting miscellaneous environment variables'

  VARS[ACCOUNT_PROVISIONER]="${ACCOUNT_PROVISIONER:=FILE}"
+  VARS[DMS_CONFIG_POLL]="${DMS_CONFIG_POLL:=2}"
  VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}"
  VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}"
  VARS[GETMAIL_POLL]="${GETMAIL_POLL:=5}"
--- a/test/tests/parallel/set2/tls_cipherlists.bats
+++ b/test/tests/parallel/set2/tls_cipherlists.bats
@ -25,7 +25,7 @@ function setup_file() {

  # Pull `testssl.sh` image in advance to avoid it interfering with the `run` captured output.
  # Only interferes (potential test failure) with `assert_output` not `assert_success`?
-  docker pull drwetter/testssl.sh:3.2
+  docker pull ghcr.io/testssl/testssl.sh:3.2

  # Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output:
  # `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables
@ -111,7 +111,7 @@ function _configure_and_run_dms_container() {

 function _should_support_expected_cipherlists() {
  # Make a directory with test user ownership. Avoids Docker creating this with root ownership.
-  # TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845
+  # TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/testssl/testssl.sh/issues/1845
  local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}"
  mkdir -p "${RESULTS_PATH}"

@ -156,7 +156,7 @@ function _collect_cipherlists() {
  # NOTE: Batch testing ports via `--file` doesn't properly bubble up failure.
  # If the failure for a test is misleading consider testing a single port with:
  # local TESTSSL_CMD=(--quiet --jsonfile-pretty "/output/port_${PORT}.json" --starttls smtp "${TEST_DOMAIN}:${PORT}")
-  # TODO: Can use `jq` to check for failure when this is resolved: https://github.com/drwetter/testssl.sh/issues/1844
+  # TODO: Can use `jq` to check for failure when this is resolved: https://github.com/testssl/testssl.sh/issues/1844

  # `--user "<uid>:<gid>"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid.
  run docker run --rm \
@ -166,7 +166,7 @@ function _collect_cipherlists() {
    --volume "${TLS_CONFIG_VOLUME}" \
    --volume "${RESULTS_PATH}:/output" \
    --workdir "/output" \
-    drwetter/testssl.sh:3.2 "${TESTSSL_CMD[@]}"
+    ghcr.io/testssl/testssl.sh:3.2 "${TESTSSL_CMD[@]}"

  assert_success
 }