From f2e5891b1606c45da6e13ae9a77327e0e6c5b897 Mon Sep 17 00:00:00 2001 From: litetex <40789489+litetex@users.noreply.github.com> Date: Wed, 23 Apr 2025 18:43:41 +0200 Subject: [PATCH 1/2] feat: Configurable poll rate for `check-for-changes.sh` (#4450) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Co-authored-by: Casper --- CHANGELOG.md | 5 +++++ docs/content/config/environment.md | 17 +++++++++++++++++ target/scripts/check-for-changes.sh | 2 +- target/scripts/startup/variables-stack.sh | 1 + 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 90f2fd3f..0abef183 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ All notable changes to this project will be documented in this file. The format > **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes. +### Added + +- **Internal:** + - [`DMS_CONFIG_POLL`](https://docker-mailserver.github.io/docker-mailserver/v15.0/config/environment/#dms_config_poll) supports adjusting the polling rate (seconds) for the change detection service `check-for-changes.sh` ([#4450](https://github.com/docker-mailserver/docker-mailserver/pull/4450)) + ### Updates - **Documentation:** diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md index e209a0cf..2c2364cb 100644 --- a/docs/content/config/environment.md +++ b/docs/content/config/environment.md @@ -360,6 +360,23 @@ Default: empty (no prefix will be added to e-mails) Add trailing white-space by quote wrapping the value: `SPAM_SUBJECT='[SPAM] '` +##### DMS_CONFIG_POLL + +Defines how often DMS polls [monitored config files][gh::monitored-configs] for changes in the DMS Config Volume. This also includes TLS certificates and is often relied on for applying changes managed via `setup` CLI commands. + +- **`2`** => How often (in seconds) [change detection][gh::check-for-changes] is performed. + +!!! note "Decreasing the frequency of polling for changes" + + Raising the value will delay how soon a change is detected which may impact UX expectations for responsiveness, but reduces resource usage when changes are rare. + +!!! info + + When using `ACCOUNT_PROVISIONER=LDAP`, the change detection feature is presently disabled. + +[gh::check-for-changes]: https://github.com/docker-mailserver/docker-mailserver/blob/v15.0.0/target/scripts/check-for-changes.sh#L37 +[gh::monitored-configs]: https://github.com/docker-mailserver/docker-mailserver/blob/v15.0.0/target/scripts/helpers/change-detection.sh#L30-L42 + #### Rspamd ##### ENABLE_RSPAMD diff --git a/target/scripts/check-for-changes.sh b/target/scripts/check-for-changes.sh index bf5cd90b..9546cd06 100755 --- a/target/scripts/check-for-changes.sh +++ b/target/scripts/check-for-changes.sh @@ -211,7 +211,7 @@ function _rspamd_changes() { while true; do _check_for_changes - sleep 2 + sleep "${DMS_CONFIG_POLL:-2}" done exit 0 diff --git a/target/scripts/startup/variables-stack.sh b/target/scripts/startup/variables-stack.sh index 3d0d1bee..8c75d9c1 100644 --- a/target/scripts/startup/variables-stack.sh +++ b/target/scripts/startup/variables-stack.sh @@ -149,6 +149,7 @@ function __environment_variables_general_setup() { _log 'trace' 'Setting miscellaneous environment variables' VARS[ACCOUNT_PROVISIONER]="${ACCOUNT_PROVISIONER:=FILE}" + VARS[DMS_CONFIG_POLL]="${DMS_CONFIG_POLL:=2}" VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}" VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}" VARS[GETMAIL_POLL]="${GETMAIL_POLL:=5}" From 4b0e3a5002e92717d710d7d10334ea28fb07a069 Mon Sep 17 00:00:00 2001 From: Brennan Kinney <5098581+polarathene@users.noreply.github.com> Date: Thu, 24 Apr 2025 08:16:36 +1200 Subject: [PATCH 2/2] tests: Reference the new `testssl` image location (#4454) --- docs/content/config/security/ssl.md | 2 +- test/tests/parallel/set2/tls_cipherlists.bats | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/content/config/security/ssl.md b/docs/content/config/security/ssl.md index 9b1fd8f7..853ab446 100644 --- a/docs/content/config/security/ssl.md +++ b/docs/content/config/security/ssl.md @@ -13,7 +13,7 @@ There are multiple options to enable SSL (via [`SSL_TYPE`][docs-env::ssl-type]): After installation, you can test your setup with: - [`checktls.com`](https://www.checktls.com/TestReceiver) -- [`testssl.sh`](https://github.com/drwetter/testssl.sh) +- [`testssl.sh`](https://github.com/testssl/testssl.sh) !!! warning "Exposure of DNS labels through Certificate Transparency" diff --git a/test/tests/parallel/set2/tls_cipherlists.bats b/test/tests/parallel/set2/tls_cipherlists.bats index 3429f516..135f0c6a 100644 --- a/test/tests/parallel/set2/tls_cipherlists.bats +++ b/test/tests/parallel/set2/tls_cipherlists.bats @@ -25,7 +25,7 @@ function setup_file() { # Pull `testssl.sh` image in advance to avoid it interfering with the `run` captured output. # Only interferes (potential test failure) with `assert_output` not `assert_success`? - docker pull drwetter/testssl.sh:3.2 + docker pull ghcr.io/testssl/testssl.sh:3.2 # Only used in `_should_support_expected_cipherlists()` to set a storage location for `testssl.sh` JSON output: # `${BATS_TMPDIR}` maps to `/tmp`: https://bats-core.readthedocs.io/en/v1.8.2/writing-tests.html#special-variables @@ -111,7 +111,7 @@ function _configure_and_run_dms_container() { function _should_support_expected_cipherlists() { # Make a directory with test user ownership. Avoids Docker creating this with root ownership. - # TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/drwetter/testssl.sh/issues/1845 + # TODO: Can switch to filename prefix for JSON output when this is resolved: https://github.com/testssl/testssl.sh/issues/1845 local RESULTS_PATH="${TLS_RESULTS_DIR}/${TEST_VARIANT}" mkdir -p "${RESULTS_PATH}" @@ -156,7 +156,7 @@ function _collect_cipherlists() { # NOTE: Batch testing ports via `--file` doesn't properly bubble up failure. # If the failure for a test is misleading consider testing a single port with: # local TESTSSL_CMD=(--quiet --jsonfile-pretty "/output/port_${PORT}.json" --starttls smtp "${TEST_DOMAIN}:${PORT}") - # TODO: Can use `jq` to check for failure when this is resolved: https://github.com/drwetter/testssl.sh/issues/1844 + # TODO: Can use `jq` to check for failure when this is resolved: https://github.com/testssl/testssl.sh/issues/1844 # `--user ":"` is a workaround: Avoids `permission denied` write errors for json output, uses `id` to match user uid & gid. run docker run --rm \ @@ -166,7 +166,7 @@ function _collect_cipherlists() { --volume "${TLS_CONFIG_VOLUME}" \ --volume "${RESULTS_PATH}:/output" \ --workdir "/output" \ - drwetter/testssl.sh:3.2 "${TESTSSL_CMD[@]}" + ghcr.io/testssl/testssl.sh:3.2 "${TESTSSL_CMD[@]}" assert_success }