diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py
index 39181678..ce12a09a 100644
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@@ -40,7 +40,7 @@ class PrefixMiddleware(object):
return self.app(environ, start_response)
def init_app(self, app):
- self.app = fixers.ProxyFix(app.wsgi_app)
+ self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
app.wsgi_app = self
proxy = PrefixMiddleware()
diff --git a/core/dovecot/conf/dovecot.conf b/core/dovecot/conf/dovecot.conf
index aa33a7bb..81811cdb 100644
--- a/core/dovecot/conf/dovecot.conf
+++ b/core/dovecot/conf/dovecot.conf
@@ -21,7 +21,10 @@ mail_access_groups = mail
maildir_stat_dirs = yes
mailbox_list_index = yes
mail_vsize_bg_after_count = 100
-mail_plugins = $mail_plugins quota quota_clone zlib fts fts_xapian
+mail_plugins = $mail_plugins quota quota_clone zlib{{ ' ' }}
+ {%- if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] -%}
+ fts fts_xapian
+ {%- endif %}
default_vsz_limit = 2GB
namespace inbox {
@@ -39,11 +42,13 @@ plugin {
quota_vsizes = yes
quota_clone_dict = proxy:/tmp/podop.socket:quota
+ {% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %}
fts = xapian
fts_xapian = partial=2 full=30
fts_autoindex = yes
fts_enforced = yes
fts_autoindex_exclude = \Trash
+ {% endif %}
{% if COMPRESSION in [ 'gz', 'bz2' ] %}
zlib_save = {{ COMPRESSION }}
diff --git a/core/dovecot/start.py b/core/dovecot/start.py
index 559baf6e..1845eb93 100755
--- a/core/dovecot/start.py
+++ b/core/dovecot/start.py
@@ -21,13 +21,9 @@ def start_podop():
])
# Actual startup script
-
os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
-os.environ["REDIS_ADDRESS"] = system.get_host_address_from_environment("REDIS", "redis")
os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
os.environ["ANTISPAM_WEBUI_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_WEBUI", "antispam:11334")
-if os.environ["WEBMAIL"] != "none":
- os.environ["WEBMAIL_ADDRESS"] = system.get_host_address_from_environment("WEBMAIL", "webmail")
for dovecot_file in glob.glob("/conf/*.conf"):
conf.jinja(dovecot_file, os.environ, os.path.join("/etc/dovecot", os.path.basename(dovecot_file)))
diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf
index 43ed2df0..72828ea6 100644
--- a/core/postfix/conf/main.cf
+++ b/core/postfix/conf/main.cf
@@ -52,9 +52,10 @@ tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:
tls_preempt_cipherlist = yes
tls_ssl_options = NO_COMPRESSION
-# Outgoing TLS is more flexible because 1. not all receiving servers will
-# support TLS, 2. not all will have and up-to-date TLS stack.
-smtp_tls_security_level = may
+# By default, outgoing TLS is more flexible because
+# 1. not all receiving servers will support TLS,
+# 2. not all will have and up-to-date TLS stack.
+smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('may') }}
smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
smtp_tls_protocols =!SSLv2,!SSLv3
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
diff --git a/docs/compose/.env b/docs/compose/.env
index 69c91d82..7f91c270 100644
--- a/docs/compose/.env
+++ b/docs/compose/.env
@@ -102,6 +102,9 @@ COMPRESSION=
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL=
+# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
+# FULL_TEXT_SEARCH=off
+
###################################
# Web settings
###################################
diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml
index 2686ee27..42be1cb0 100644
--- a/docs/compose/docker-compose.yml
+++ b/docs/compose/docker-compose.yml
@@ -31,7 +31,7 @@ services:
- "$BIND_ADDRESS6:587:587"
volumes:
- "$ROOT/certs:/certs"
- - "$ROOT/overrides/nginx:/overrides"
+ - "$ROOT/overrides/nginx:/overrides:ro"
redis:
image: redis:alpine
@@ -45,7 +45,7 @@ services:
env_file: .env
volumes:
- "$ROOT/mail:/mail"
- - "$ROOT/overrides:/overrides"
+ - "$ROOT/overrides/dovecot:/overrides:ro"
depends_on:
- front
@@ -54,7 +54,8 @@ services:
restart: always
env_file: .env
volumes:
- - "$ROOT/overrides:/overrides"
+ - "$ROOT/mailqueue:/queue"
+ - "$ROOT/overrides/postfix:/overrides:ro"
depends_on:
- front
@@ -64,8 +65,8 @@ services:
env_file: .env
volumes:
- "$ROOT/filter:/var/lib/rspamd"
- - "$ROOT/dkim:/dkim"
- - "$ROOT/overrides/rspamd:/etc/rspamd/override.d"
+ - "$ROOT/dkim:/dkim:ro"
+ - "$ROOT/overrides/rspamd:/etc/rspamd/override.d:ro"
depends_on:
- front
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 292d4303..4b211925 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -69,6 +69,10 @@ The ``RELAYHOST`` is an optional address of a mail server relaying all outgoing
mail in following format: ``[HOST]:PORT``.
``RELAYUSER`` and ``RELAYPASSWORD`` can be used when authentication is needed.
+By default postfix uses "opportunistic TLS" for outbound mail. This can be changed
+by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt``. This setting is highly recommended
+if you are a relayhost that supports TLS.
+
The ``FETCHMAIL_DELAY`` is a delay (in seconds) for the fetchmail service to
go and fetch new email if available. Do not use too short delays if you do not
want to be blacklisted by external services, but not too long delays if you
@@ -83,6 +87,9 @@ later classify incoming mail based on the custom part.
The ``DMARC_RUA`` and ``DMARC_RUF`` are DMARC protocol specific values. They hold
the localpart for DMARC rua and ruf email addresses.
+Full-text search is enabled for IMAP is enabled by default. This feature can be disabled
+(e.g. for performance reasons) by setting the optional variable ``FULL_TEXT_SEARCH`` to ``off``.
+
Web settings
------------
diff --git a/optional/radicale/Dockerfile b/optional/radicale/Dockerfile
index 2a2affe9..400b1a3f 100644
--- a/optional/radicale/Dockerfile
+++ b/optional/radicale/Dockerfile
@@ -8,13 +8,14 @@ RUN apk add --no-cache \
# Image specific layers under this line
RUN apk add --no-cache curl \
- && pip3 install radicale==2.1.12
+ && pip3 install radicale~=3.0
+
COPY radicale.conf /radicale.conf
EXPOSE 5232/tcp
VOLUME ["/data"]
-CMD radicale -f -S -C /radicale.conf
+CMD radicale -S -C /radicale.conf
HEALTHCHECK CMD curl -f -L http://localhost:5232/ || exit 1
diff --git a/optional/radicale/radicale.conf b/optional/radicale/radicale.conf
index e2ed045e..6c99d8e0 100644
--- a/optional/radicale/radicale.conf
+++ b/optional/radicale/radicale.conf
@@ -1,15 +1,13 @@
[server]
hosts = 0.0.0.0:5232, [::]:5232
-daemon = False
ssl = False
-dns_lookup = False
-realm = Radicale - Password Required
[encoding]
request = utf-8
stock = utf-8
[auth]
+realm = Radicale - Password Required
type = http_x_remote_user
[rights]
diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 78ecce72..560f7722 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -76,8 +76,8 @@ FETCHMAIL_DELAY={{ fetchmail_delay or '600' }}
RECIPIENT_DELIMITER={{ recipient_delimiter or '+' }}
# DMARC rua and ruf email
-DMARC_RUA={{ dmarc_rua or 'admin' }}
-DMARC_RUF={{ dmarc_ruf or 'admin' }}
+DMARC_RUA={{ dmarc_rua or postmaster }}
+DMARC_RUF={{ dmarc_ruf or postmaster }}
# Welcome email, enable and set a topic and body if you wish to send welcome
# emails to all users.
@@ -91,6 +91,9 @@ COMPRESSION={{ compression }}
# change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL={{ compression_level }}
+# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
+# FULL_TEXT_SEARCH=off
+
###################################
# Web settings
###################################
diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml
index 6ae0f103..3568cfdc 100644
--- a/setup/flavors/stack/docker-compose.yml
+++ b/setup/flavors/stack/docker-compose.yml
@@ -27,7 +27,7 @@ services:
{% endfor %}
volumes:
- "{{ root }}/certs:/certs"
- - "{{ root }}/overrides/nginx:/overrides"
+ - "{{ root }}/overrides/nginx:/overrides:ro"
deploy:
replicas: {{ front_replicas }}
@@ -43,34 +43,42 @@ services:
- "{{ root }}/dkim:/dkim"
deploy:
replicas: {{ admin_replicas }}
+ healthcheck:
+ disable: true
imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }}
volumes:
- "{{ root }}/mail:/mail"
- - "{{ root }}/overrides:/overrides"
+ - "{{ root }}/overrides/dovecot:/overrides:ro"
deploy:
replicas: {{ imap_replicas }}
+ healthcheck:
+ disable: true
smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }}
volumes:
- "{{ root }}/mailqueue:/queue"
- - "{{ root }}/overrides:/overrides"
+ - "{{ root }}/overrides/postfix:/overrides:ro"
deploy:
replicas: {{ smtp_replicas }}
+ healthcheck:
+ disable: true
antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}}
env_file: {{ env }}
volumes:
- "{{ root }}/filter:/var/lib/rspamd"
- - "{{ root }}/dkim:/dkim"
- - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d"
+ - "{{ root }}/dkim:/dkim:ro"
+ - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d:ro"
deploy:
replicas: 1
+ healthcheck:
+ disable: true
# Optional services
{% if antivirus_enabled %}
@@ -81,6 +89,8 @@ services:
- "{{ root }}/filter:/data"
deploy:
replicas: 1
+ healthcheck:
+ disable: true
{% endif %}
{% if webdav_enabled %}
@@ -91,6 +101,8 @@ services:
- "{{ root }}/dav:/data"
deploy:
replicas: 1
+ healthcheck:
+ disable: true
{% endif %}
{% if fetchmail_enabled %}
@@ -101,6 +113,8 @@ services:
- "{{ root }}/data:/data"
deploy:
replicas: 1
+ healthcheck:
+ disable: true
{% endif %}
{% if webmail_type != 'none' %}
@@ -111,6 +125,8 @@ services:
- "{{ root }}/webmail:/data"
deploy:
replicas: 1
+ healthcheck:
+ disable: true
{% endif %}
{% if db_flavor == 'postgresql' and postgresql == 'internal' %}
@@ -119,6 +135,8 @@ services:
env_file: {{ env }}
volumes:
- "{{ root }}/data/psql_backup:/backup"
+ healthcheck:
+ disable: true
{% endif %}
networks:
diff --git a/setup/flavors/stack/setup.html b/setup/flavors/stack/setup.html
index 5ae65cf7..9c775b20 100644
--- a/setup/flavors/stack/setup.html
+++ b/setup/flavors/stack/setup.html
@@ -4,7 +4,7 @@
Docker Stack expects a project file, named docker-compose.yml
in a project directory. First create your project directory.
-mkdir -p /{{ root }}/{redis,certs,data,dkim,mail,overrides/rspamd,overrides/nginx,filter,dav,webmail}
+mkdir -p {{ root }}/{redis,certs,data,dkim,mail,mailqueue,overrides/rspamd,overrides/postfix,overrides/dovecot,overrides/nginx,filter,dav,webmail}
Then download the project file. A side configuration file makes it easier
diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index bde4e84b..93c2147f 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -52,7 +52,9 @@ avoid generic all-interfaces addresses like 0.0.0.0 or ::MX record. Hostnames must be comma-separated. If you're having
trouble accessing your admin interface, make sure it is the first entry here (and possibly the
-same as your DOMAIN entry from earlier.
+same as your DOMAIN entry from earlier). Also make sure that the first entry in
+this list resolves to the IP address of your server, and that the reverse DNS entry for
+the IP address of your server resolves to this first entry in this list.