Merge branch 'master' into patch-3

2025-08-01 16:45:15 +02:00 · 2024-12-11 11:42:59 +01:00 · 2024-12-11 11:42:59 +01:00 · 795bd01da2
commit 795bd01da2
parent 3cc6a16a06 96bffd7979
9 changed files with 33 additions and 38 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.yml
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@ -67,10 +67,3 @@ body:
        - This field expects only plain text (_rendered as a fenced code block_).
        - You can enable debug output by setting the environment variable `LOG_LEVEL` to `debug` or `trace`.
      render: Text
-  - type: input
-    id: form-improvements
-    attributes:
-      label: Improvements to this form?
-      description: If you have criticism or general feedback about this issue form, feel free to tell us so we can enhance the experience for everyone.
-    validations:
-      required: false
--- a/.github/workflows/generic_build.yml
+++ b/.github/workflows/generic_build.yml
@ -83,7 +83,7 @@ jobs:

      # NOTE: AMD64 can build within 2 minutes
      - name: 'Build images'
-        uses: docker/build-push-action@v6.9.0
+        uses: docker/build-push-action@v6.10.0
        with:
          context: .
          # Build at least the AMD64 image (which runs against the test suite).
--- a/.github/workflows/generic_publish.yml
+++ b/.github/workflows/generic_publish.yml
@ -23,7 +23,7 @@ jobs:

      - name: 'Prepare tags'
        id: prep
-        uses: docker/metadata-action@v5.5.1
+        uses: docker/metadata-action@v5.6.1
        with:
          images: |
            ${{ secrets.DOCKER_REPOSITORY }}
@ -67,7 +67,7 @@ jobs:
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: 'Build and publish images'
-        uses: docker/build-push-action@v6.9.0
+        uses: docker/build-push-action@v6.10.0
        with:
          context: .
          build-args: |
--- a/.github/workflows/generic_test.yml
+++ b/.github/workflows/generic_test.yml
@ -43,7 +43,7 @@ jobs:
      # Importing from the cache should create the image within approx 30 seconds:
      # NOTE: `qemu` step is not needed as we only test for AMD64.
      - name: 'Build AMD64 image from cache'
-        uses: docker/build-push-action@v6.9.0
+        uses: docker/build-push-action@v6.10.0
        with:
          context: .
          tags: mailserver-testing:ci
--- a/.github/workflows/generic_vulnerability-scan.yml
+++ b/.github/workflows/generic_vulnerability-scan.yml
@ -42,7 +42,7 @@ jobs:
      # Importing from the cache should create the image within approx 30 seconds:
      # NOTE: `qemu` step is not needed as we only test for AMD64.
      - name: 'Build AMD64 image from cache'
-        uses: docker/build-push-action@v6.9.0
+        uses: docker/build-push-action@v6.10.0
        with:
          context: .
          tags: mailserver-testing:ci
@ -55,7 +55,7 @@ jobs:
          provenance: false

      - name: 'Run the Anchore Grype scan action'
-        uses: anchore/scan-action@v5.2.1
+        uses: anchore/scan-action@v5.3.0
        id: scan
        with:
          image: mailserver-testing:ci
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -16,7 +16,7 @@ All notable changes to this project will be documented in this file. The format
  - Added `getmail` as a new service for `supervisor` to manage, replacing cron for periodic polling.
  - Generated getmail configuration files no longer set the `message_log` option. Instead of individual log files per config, the [default base settings DMS configures](https://github.com/docker-mailserver/docker-mailserver/tree/v15.0.0/target/getmail/getmailrc_general) now enables `message_log_syslog`. This aligns with how other services in DMS log to syslog where it is captured in `mail.log`.
  - Getmail configurations have changed location from the base of the DMS Config Volume, to the `getmail/` subdirectory. Any existing configurations **must be migrated manually.**
-  - DMS v14 mistakenly relocated the getmail state directory to the DMS Config Volume as a `getmail/` subdirectory.
+  - DMS v14 mistakenly relocated the _getmail state directory_ to the _DMS Config Volume_ as a `getmail/` subdirectory.
    - This has been corrected to `/var/lib/getmail` (_if you have mounted a DMS State Volume to `/var/mail-state`, `/var/lib/getmail` will be symlinked to `/var/mail-state/lib-getmail`_).
    - To preserve this state when upgrading to DMS v15, **you must manually migrate `getmail/` from the _DMS Config Volume_ to `lib-getmail/` in the _DMS State Volume_.**

@ -37,34 +37,35 @@ All notable changes to this project will be documented in this file. The format
 ### Updates

 - **Fail2ban:**
-  - Bump version to [1.1.0](https://github.com/fail2ban/fail2ban/releases/tag/1.1.0). For more information, check the [changelog](https://github.com/fail2ban/fail2ban/blob/1.1.0/ChangeLog).
+  - Updated to version [`1.1.0`](https://github.com/fail2ban/fail2ban/releases/tag/1.1.0) ([#4045](https://github.com/docker-mailserver/docker-mailserver/pull/4045))
 - **Documentation:**
-  - Rewritten and organized the pages for Account Management and Authentication ([#4122](https://github.com/docker-mailserver/docker-mailserver/pull/4122))
-  - Add caveat for `DMS_VMAIL_UID` not being compatible with `0` / root ([#4143](https://github.com/docker-mailserver/docker-mailserver/pull/4143))
+  - Account Management and Authentication pages have been rewritten and better organized ([#4122](https://github.com/docker-mailserver/docker-mailserver/pull/4122))
+  - Add a caveat for `DMS_VMAIL_UID` not being compatible with `0` / root ([#4143](https://github.com/docker-mailserver/docker-mailserver/pull/4143))
 - **Postfix:**
-  - Disable Microsoft reactions to outgoing mail ([#4120](https://github.com/docker-mailserver/docker-mailserver/pull/4120))
- bumped `jaq` version from 1.3.0 to 1.6.0 ([#4190](https://github.com/docker-mailserver/docker-mailserver/pull/4190))
- updated Rspamd GTube settings and tests ([#4191](https://github.com/docker-mailserver/docker-mailserver/pull/4191))
+  - By default opt-out from _Microsoft reactions_ for outbound mail ([#4120](https://github.com/docker-mailserver/docker-mailserver/pull/4120))
+- Updated `jaq` version from `1.3.0` to `2.0.0` ([#4190](https://github.com/docker-mailserver/docker-mailserver/pull/4190))
+- Updated Rspamd GTube settings and tests ([#4191](https://github.com/docker-mailserver/docker-mailserver/pull/4191))

 ### Fixes

 - **Dovecot:**
-  - Update logwatch `ignore.conf` to exclude Xapian messages about pending documents ([#4060](https://github.com/docker-mailserver/docker-mailserver/pull/4060))
+  - The logwatch `ignore.conf` now also excludes Xapian messages about pending documents ([#4060](https://github.com/docker-mailserver/docker-mailserver/pull/4060))
  - `dovecot-fts-xapian` plugin was updated to `1.7.13`, fixing a regression with indexing ([#4095](https://github.com/docker-mailserver/docker-mailserver/pull/4095))
-  - The Dovecot Quota support "dummy account" workaround no longer treats the alias as a regex when checking the Dovecot UserDB ([#4222](https://github.com/docker-mailserver/docker-mailserver/pull/4222))
+  - The "dummy account" workaround for _Dovecot Quota_ feature support no longer treats the alias as a regex when checking the Dovecot UserDB ([#4222](https://github.com/docker-mailserver/docker-mailserver/pull/4222))
 - **LDAP:**
-  - A previous compatibility fix for OAuth2 in v13.3.1 had not applied the actual LDAP config changes. This has been corrected ([#4175](https://github.com/docker-mailserver/docker-mailserver/pull/4175))
+  - Correctly apply a compatibility fix for OAuth2 introduced in DMS v13.3.1 which had not been applied to the actual LDAP config changes ([#4175](https://github.com/docker-mailserver/docker-mailserver/pull/4175))
 - **Internal:**
-  - The main `mail.log` which is piped to stdout via `tail` now correctly begins from the first log line of the active container run. Previously some daemon logs and potential warnings/errors were omitted. ([#4146](https://github.com/docker-mailserver/docker-mailserver/pull/4146))
+  - The main `mail.log` (_which is piped to stdout via `tail`_) now correctly begins from the first log line of the active container run. Previously some daemon logs and potential warnings/errors were omitted ([#4146](https://github.com/docker-mailserver/docker-mailserver/pull/4146))
  - Fixed a regression introduced in v14 where `postfix-main.cf` appended `stderr` output into `/etc/postfix/main.cf`, causing Postfix startup to fail ([#4147](https://github.com/docker-mailserver/docker-mailserver/pull/4147))
-  - Unused `shopt -s inherit_errexit` removed from `start-mailserver.sh` ([#4161](https://github.com/docker-mailserver/docker-mailserver/pull/4161))
+  - `start-mailserver.sh` removed unused `shopt -s inherit_errexit` ([#4161](https://github.com/docker-mailserver/docker-mailserver/pull/4161))
 - **Rspamd:**
-  - DKIM private key path checking is now performed only on paths that do not contain "$" ([#4201](https://github.com/docker-mailserver/docker-mailserver/pull/4201))
+  - DKIM private key path checking is now performed only on paths that do not contain `$` ([#4201](https://github.com/docker-mailserver/docker-mailserver/pull/4201))
+- The command `swaks --help` is now functional ([#4282](https://github.com/docker-mailserver/docker-mailserver/pull/4282))

 ### CI

- Workflow for `CONTRIBUTORS.md` updates removed. `CONTRIBUTORS.md` file and dependencies removed. ([#4141](https://github.com/docker-mailserver/docker-mailserver/pull/4141))
- Refactored the workflows for generating documentation previews on PRs to be more secure ([#4267](https://github.com/docker-mailserver/docker-mailserver/pull/4267), [#4264](https://github.com/docker-mailserver/docker-mailserver/pull/4264), [#4262](https://github.com/docker-mailserver/docker-mailserver/pull/4262), [#4247](https://github.com/docker-mailserver/docker-mailserver/pull/4247), [#4244](https://github.com/docker-mailserver/docker-mailserver/pull/4244))
+- Removed `CONTRIBUTORS.md`, `.all-contributorsrc`, and workflow ([#4141](https://github.com/docker-mailserver/docker-mailserver/pull/4141))
+- Refactored the workflows to be more secure for generating documentation previews on PRs ([#4267](https://github.com/docker-mailserver/docker-mailserver/pull/4267), [#4264](https://github.com/docker-mailserver/docker-mailserver/pull/4264), [#4262](https://github.com/docker-mailserver/docker-mailserver/pull/4262), [#4247](https://github.com/docker-mailserver/docker-mailserver/pull/4247), [#4244](https://github.com/docker-mailserver/docker-mailserver/pull/4244))

 ## [v14.0.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v14.0.0)

--- a/target/scripts/build/compile.sh
+++ b/target/scripts/build/compile.sh
@ -13,7 +13,7 @@ _log_level_is 'trace' && QUIET='-y' || QUIET='-qq'

 function _compile_dovecot_fts_xapian() {
  apt-get "${QUIET}" update
-  apt-get "${QUIET}" --no-install-recommends install \
+  apt-get "${QUIET}" install --no-install-recommends \
    automake libtool pkg-config libicu-dev libsqlite3-dev libxapian-dev make build-essential dh-make devscripts dovecot-dev

  local XAPIAN_VERSION='1.7.13'
--- a/target/scripts/build/packages.sh
+++ b/target/scripts/build/packages.sh
@ -38,11 +38,12 @@ function _pre_installation_steps() {
 function _install_utils() {
  _log 'debug' 'Installing utils sourced from Github'
  _log 'trace' 'Installing jaq'
-  local JAQ_TAG='v1.6.0'
-  curl -sSfL "https://github.com/01mf02/jaq/releases/download/${JAQ_TAG}/jaq-${JAQ_TAG}-$(uname -m)-unknown-linux-gnu" -o /usr/bin/jaq
+  local JAQ_TAG='v2.0.0'
+  curl -sSfL "https://github.com/01mf02/jaq/releases/download/${JAQ_TAG}/jaq-$(uname -m)-unknown-linux-gnu" -o /usr/bin/jaq
  chmod +x /usr/bin/jaq

  _log 'trace' 'Installing swaks'
+  apt-get "${QUIET}" install --no-install-recommends perl-doc
  local SWAKS_VERSION='20240103.0'
  local SWAKS_RELEASE="swaks-${SWAKS_VERSION}"
  curl -sSfL "https://github.com/jetmore/swaks/releases/download/v${SWAKS_VERSION}/${SWAKS_RELEASE}.tar.gz" | tar -xz
@ -118,7 +119,7 @@ function _install_packages() {
    bind9-dnsutils iputils-ping less nano
  )

-  apt-get "${QUIET}" --no-install-recommends install \
+  apt-get "${QUIET}" install --no-install-recommends \
    "${ANTI_VIRUS_SPAM_PACKAGES[@]}" \
    "${CODECS_PACKAGES[@]}" \
    "${MISCELLANEOUS_PACKAGES[@]}" \
@ -154,10 +155,10 @@ function _install_dovecot() {
  fi

  _log 'debug' 'Installing Dovecot'
-  apt-get "${QUIET}" --no-install-recommends install "${DOVECOT_PACKAGES[@]}"
+  apt-get "${QUIET}" install --no-install-recommends "${DOVECOT_PACKAGES[@]}"

  # dependency for fts_xapian
-  apt-get "${QUIET}" --no-install-recommends install libxapian30
+  apt-get "${QUIET}" install --no-install-recommends libxapian30
 }

 function _install_rspamd() {
@ -185,7 +186,7 @@ function _install_fail2ban() {

  _log 'debug' 'Installing Fail2ban'
  # Dependencies (https://github.com/docker-mailserver/docker-mailserver/pull/3403#discussion_r1306581431)
-  apt-get "${QUIET}" --no-install-recommends install python3-pyinotify python3-dnspython python3-systemd
+  apt-get "${QUIET}" install --no-install-recommends python3-pyinotify python3-dnspython python3-systemd

  gpg --keyserver "${FAIL2BAN_GPG_PUBLIC_KEY_SERVER}" --recv-keys "${FAIL2BAN_GPG_PUBLIC_KEY_ID}" 2>&1

--- a/target/scripts/startup/setup.d/security/rspamd.sh
+++ b/target/scripts/startup/setup.d/security/rspamd.sh
@ -330,9 +330,9 @@ function __rspamd__setup_check_authenticated() {
  fi
 }

-# This function performs a simple check: go through DKIM configuration files, acquire
-# all private key file locations and check whether they exist and whether they can be
-# accessed by Rspamd. We are not checking paths that conatain the '$' symbol.
+# This function performs a simple check on the queried rspamd DKIM configuration:
+# - Acquire all private key file locations and check whether they exist and can be accessed by Rspamd.
+# - We are not checking paths that contain the '$' symbol.
 function __rspamd__check_dkim_permissions() {
  local KEY_FILE
  while read -r KEY_FILE; do