mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-14 15:08:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

ci(fix): Normalize for .gitattributes + improve eclint coverage (#3566)

Browse source
This commit is contained in:
Brennan Kinney 2023-10-04 23:53:32 +13:00 committed by GitHub
parent bd96c1161e
commit aae42fae9b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
27 changed files with 120 additions and 299 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/content/config/advanced/dovecot-master-accounts.md
View file

@ -18,4 +18,4 @@ Once a master account is configured, it is possible to connect to any users mail
Username: `<EMAIL ADDRESS>*<MASTER ACCOUNT NAME>`
Password: `<MASTER ACCOUNT PASSWORD>`
Password: `<MASTER ACCOUNT PASSWORD>`

2
docs/content/config/advanced/ipv6.md
View file

@ -132,7 +132,7 @@ Next, configure a network with an IPv6 subnet for your container with any of the
!!! warning "This approach is discouraged"
The [`bridge` network is considered legacy][docker-docs-network-bridge-legacy].
The [`bridge` network is considered legacy][docker-docs-network-bridge-legacy].
Add these two extra IPv6 settings to your daemon config. They only apply to the [default `bridge` docker network][docker-docs-ipv6-create-default] aka `docker0` (_which containers are attached to by default when using `docker run`_).

12
docs/content/config/advanced/mail-sieve.md
View file

@ -69,12 +69,12 @@ It is possible to sort subaddresses such as `user+mailing-lists@example.com` int
require ["envelope", "fileinto", "mailbox", "subaddress", "variables"];
if envelope :detail :matches "to" "*" {
set :lower :upperfirst "tag" "${1}";
if mailboxexists "INBOX.${1}" {
fileinto "INBOX.${1}";
} else {
fileinto :create "INBOX.${tag}";
}
set :lower :upperfirst "tag" "${1}";
if mailboxexists "INBOX.${1}" {
fileinto "INBOX.${1}";
} else {
fileinto :create "INBOX.${tag}";
}
}
```

35
docs/content/config/security/ssl.md
View file

@ -161,8 +161,9 @@ Obtain a Cloudflare API token:
dns_cloudflare_api_token = YOUR_CLOUDFLARE_TOKEN_HERE
```
- As this is sensitive data, you should restrict access to it with `chmod 600` and `chown 0:0`.
- Store the file in a folder if you like, such as `docker-data/certbot/secrets/`.
- As this is sensitive data, you should restrict access to it with `chmod 600` and `chown 0:0`.
- Store the file in a folder if you like, such as `docker-data/certbot/secrets/`.
5. Your `compose.yaml` should include the following:
```yaml
@ -594,7 +595,7 @@ This setup only comes with one caveat: The domain has to be configured on anothe
container_name: mailserver
hostname: mail.example.com
volumes:
- ./docker-data/traefik/acme.json:/etc/letsencrypt/acme.json:ro
- ./docker-data/traefik/acme.json:/etc/letsencrypt/acme.json:ro
environment:
SSL_TYPE: letsencrypt
SSL_DOMAIN: mail.example.com
@ -605,26 +606,26 @@ This setup only comes with one caveat: The domain has to be configured on anothe
image: docker.io/traefik:latest #v2.5
container_name: docker-traefik
ports:
- "80:80"
- "443:443"
- "80:80"
- "443:443"
command:
- --providers.docker
- --entrypoints.http.address=:80
- --entrypoints.http.http.redirections.entryPoint.to=https
- --entrypoints.http.http.redirections.entryPoint.scheme=https
- --entrypoints.https.address=:443
- --entrypoints.https.http.tls.certResolver=letsencrypt
- --certificatesresolvers.letsencrypt.acme.email=admin@example.com
- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http
- --providers.docker
- --entrypoints.http.address=:80
- --entrypoints.http.http.redirections.entryPoint.to=https
- --entrypoints.http.http.redirections.entryPoint.scheme=https
- --entrypoints.https.address=:443
- --entrypoints.https.http.tls.certResolver=letsencrypt
- --certificatesresolvers.letsencrypt.acme.email=admin@example.com
- --certificatesresolvers.letsencrypt.acme.storage=/acme.json
- --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http
volumes:
- ./docker-data/traefik/acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./docker-data/traefik/acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock:ro
whoami:
image: docker.io/traefik/whoami:latest
labels:
- "traefik.http.routers.whoami.rule=Host(`mail.example.com`)"
- "traefik.http.routers.whoami.rule=Host(`mail.example.com`)"
```
### Self-Signed Certificates

40
docs/content/contributing/tests.md
View file

@ -85,10 +85,10 @@ In this example, you've made a change to the Rspamd feature support (_or adjuste
```console
$ make clean generate-accounts test/rspamd
rspamd.bats
✓ [Rspamd] Postfix's main.cf was adjusted [12]
✓ [Rspamd] normal mail passes fine [44]
✓ [Rspamd] detects and rejects spam [122]
✓ [Rspamd] detects and rejects virus [189]
✓ [Rspamd] Postfix's main.cf was adjusted [12]
✓ [Rspamd] normal mail passes fine [44]
✓ [Rspamd] detects and rejects spam [122]
✓ [Rspamd] detects and rejects virus [189]
```
As your feature work progresses your change for Rspamd also affects ClamAV. As your change now spans more than just the Rspamd test file, you could run multiple test files serially:
@ -96,16 +96,17 @@ As your feature work progresses your change for Rspamd also affects ClamAV. As y
```console
$ make clean generate-accounts test/rspamd,clamav
rspamd.bats
✓ [Rspamd] Postfix's main.cf was adjusted [12]
✓ [Rspamd] normal mail passes fine [44]
✓ [Rspamd] detects and rejects spam [122]
✓ [Rspamd] detects and rejects virus [189]
✓ [Rspamd] Postfix's main.cf was adjusted [12]
✓ [Rspamd] normal mail passes fine [44]
✓ [Rspamd] detects and rejects spam [122]
✓ [Rspamd] detects and rejects virus [189]
clamav.bats
✓ [ClamAV] log files exist at /var/log/mail directory [68]
✓ [ClamAV] should be identified by Amavis [67]
✓ [ClamAV] freshclam cron is enabled [76]
✓ [ClamAV] env CLAMAV_MESSAGE_SIZE_LIMIT is set correctly [63]
✓ [ClamAV] rejects virus [60]
✓ [ClamAV] log files exist at /var/log/mail directory [68]
✓ [ClamAV] should be identified by Amavis [67]
✓ [ClamAV] freshclam cron is enabled [76]
✓ [ClamAV] env CLAMAV_MESSAGE_SIZE_LIMIT is set correctly [63]
✓ [ClamAV] rejects virus [60]
```
You're almost finished with your change before submitting it as a PR. It's a good idea to run the full parallel set those individual tests belong to (_especially if you've modified any tests_):
@ -113,13 +114,15 @@ You're almost finished with your change before submitting it as a PR. It's a goo
```console
$ make clean generate-accounts tests/parallel/set1
default_relay_host.bats
✓ [Relay] (ENV) 'DEFAULT_RELAY_HOST' should configure 'main.cf:relayhost' [88]
✓ [Relay] (ENV) 'DEFAULT_RELAY_HOST' should configure 'main.cf:relayhost' [88]
spam_virus/amavis.bats
✓ [Amavis] SpamAssassin integration should be active [1165]
✓ [Amavis] SpamAssassin integration should be active [1165]
spam_virus/clamav.bats
✓ [ClamAV] log files exist at /var/log/mail directory [73]
✓ [ClamAV] should be identified by Amavis [67]
✓ [ClamAV] freshclam cron is enabled [76]
✓ [ClamAV] log files exist at /var/log/mail directory [73]
✓ [ClamAV] should be identified by Amavis [67]
✓ [ClamAV] freshclam cron is enabled [76]
...
```
@ -127,7 +130,6 @@ Even better, before opening a PR run the full test suite:
```console
$ make clean tests
...
```
[BATS]: https://github.com/bats-core/bats-core

5
docs/content/faq.md
View file

@ -511,8 +511,9 @@ require ["comparator-i;ascii-numeric","relational","fileinto"];
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
} elsif allof (
not header :matches "x-spam-score" "-*",
header :value "ge" :comparator "i;ascii-numeric" "x-spam-score" "3.75" ) {
not header :matches "x-spam-score" "-*",
header :value "ge" :comparator "i;ascii-numeric" "x-spam-score" "3.75"
) {
fileinto "Junk";
}
```

36
docs/content/introduction.md
View file

@ -43,10 +43,10 @@ Here's where DMS's toolchain fits within the delivery chain:
```txt
docker-mailserver is here:
┏━━━━━━━┓
Sending an email: MUA ---> MTA ---> (MTA relays) ---> ┫ MTA ╮ ┃
Fetching an email: MUA <------------------------------ MDA
┗━━━━━━━┛
┏━━━━━━━┓
Sending an email: MUA ---> MTA ---> (MTA relays) ---> ┫ MTA ╮ ┃
Fetching an email: MUA <------------------------------ MDA
┗━━━━━━━┛
```
??? example "An Example"
@ -86,18 +86,18 @@ When it comes to the specifics of email exchange, we have to look at protocols a
The following picture gives a visualization of the interplay of all components and their [respective ports][docs-understandports]:
```txt
┏━━━━━━━━━━ Submission ━━━━━━━━━━━━┓┏━━━━━━━━━━━━━ Transfer/Relay ━━━━━━━━━━━┓
┏━━━━━━━━━━ Submission ━━━━━━━━━━━━┓┏━━━━━━━━━━━━━ Transfer/Relay ━━━━━━━━━━━┓
┌─────────────────────┐ ┌┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┐
MUA ----- STARTTLS ------> ┤(587) MTA ╮ (25)├ <-- cleartext ---> ┊ Third-party MTA ┊
----- implicit TLS --> ┤(465) │ | └┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┘
----- cleartext -----> ┤(25) │ |
|┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄|
MUA <---- STARTTLS ------- (143) MDA |
<---- implicit TLS --- (993) |
└─────────────────────┘
┌─────────────────────┐ ┌┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┐
MUA ----- STARTTLS -------> ┤(587) MTA ╮ (25)├ <-- cleartext ---> ┊ Third-party MTA ┊
----- implicit TLS ---> ┤(465) │ | └┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┘
----- cleartext ------> ┤(25) │ |
|┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄|
MUA <---- STARTTLS -------- (143) MDA |
<---- implicit TLS ---- (993) |
└─────────────────────┘
┗━━━━━━━━━━ Retrieval ━━━━━━━━━━━━━┛
┗━━━━━━━━━━ Retrieval ━━━━━━━━━━━━━┛
```
If you're new to email infrastructure, both that table and the schema may be confusing.
@ -124,7 +124,7 @@ My MTA will thus have to support two kinds of Submission:
- Inbound Submission (third-party email has been submitted & relayed, then is accepted "inside" by the MTA)
```txt
┏━━━ Outbound Submission ━━━┓
┏━━━ Outbound Submission ━━━┓
┌────────────────────┐ ┌┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┐
Me ---------------> ┤ ├ -----------------> ┊ ┊
@ -132,7 +132,7 @@ Me ---------------> ┤ ├ -----------------> ┊
│ ├ <-----------------
└────────────────────┘ └┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┘
┗━━━━━━━━━━ Inbound Submission ━━━━━━━━━━┛
┗━━━━━━━━━━ Inbound Submission ━━━━━━━━━━┛
```
#### Outbound Submission
@ -168,7 +168,7 @@ Granted it's still very difficult enforcing encryption between MTAs (Transfer/Re
Overall, DMS's default configuration for SMTP looks like this:
```txt
┏━━━ Outbound Submission ━━━┓
┏━━━ Outbound Submission ━━━┓
┌────────────────────┐ ┌┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┐
Me -- cleartext --> ┤(25) (25)├ --- cleartext ---> ┊ ┊
@ -177,7 +177,7 @@ Me -- STARTTLS ---> ┤(587) │ ┊
│ (25)├ <---cleartext ----
└────────────────────┘ └┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┄┘
┗━━━━━━━━━━ Inbound Submission ━━━━━━━━━━┛
┗━━━━━━━━━━ Inbound Submission ━━━━━━━━━━┛
```
### Retrieval - IMAP