From e4454d776aa93fa4bb562715e07845f31365cae9 Mon Sep 17 00:00:00 2001 From: Michael Wyraz Date: Sat, 2 May 2020 20:58:07 +0200 Subject: [PATCH 01/15] Allow to enforce TLS for outbound using OUTBOUND_TLS_LEVEL=encrypt (default is 'may') --- core/postfix/conf/main.cf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf index 43ed2df0..72828ea6 100644 --- a/core/postfix/conf/main.cf +++ b/core/postfix/conf/main.cf @@ -52,9 +52,10 @@ tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256: tls_preempt_cipherlist = yes tls_ssl_options = NO_COMPRESSION -# Outgoing TLS is more flexible because 1. not all receiving servers will -# support TLS, 2. not all will have and up-to-date TLS stack. -smtp_tls_security_level = may +# By default, outgoing TLS is more flexible because +# 1. not all receiving servers will support TLS, +# 2. not all will have and up-to-date TLS stack. +smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('may') }} smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols =!SSLv2,!SSLv3 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache From 6234da37863fd9f61fa441edd06b292db11c8eed Mon Sep 17 00:00:00 2001 From: Michael Wyraz Date: Sat, 2 May 2020 21:02:53 +0200 Subject: [PATCH 02/15] Add doc and changelog for OUTBOUND_TLS_LEVEL --- docs/configuration.rst | 4 ++++ towncrier/1478.feature | 1 + 2 files changed, 5 insertions(+) create mode 100644 towncrier/1478.feature diff --git a/docs/configuration.rst b/docs/configuration.rst index 292d4303..20df3767 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -69,6 +69,10 @@ The ``RELAYHOST`` is an optional address of a mail server relaying all outgoing mail in following format: ``[HOST]:PORT``. ``RELAYUSER`` and ``RELAYPASSWORD`` can be used when authentication is needed. +By default postfix uses "opportunistic TLS" for outbound mail. This can be changed +by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt``. This setting is highly recommended +if you are a relayhost that supports TLS. + The ``FETCHMAIL_DELAY`` is a delay (in seconds) for the fetchmail service to go and fetch new email if available. Do not use too short delays if you do not want to be blacklisted by external services, but not too long delays if you diff --git a/towncrier/1478.feature b/towncrier/1478.feature new file mode 100644 index 00000000..fcfe6ea2 --- /dev/null +++ b/towncrier/1478.feature @@ -0,0 +1 @@ +Allow to enforce TLS for outbound mail by setting OUTBOUND_TLS_LEVEL=encrypt for postfix. \ No newline at end of file From 693fb3dbc71ad2da5bfbdd74d9b76cf1ea0e5dbc Mon Sep 17 00:00:00 2001 From: ofthesun9 Date: Mon, 11 May 2020 09:53:09 +0200 Subject: [PATCH 03/15] Harmonization of the various docker-compose.yml Harmonization (following pr1444) between: - docs/compose/docker-compose.yml - setup/flavors/stack/docker-compose.yml - setup/flavors/compose/docker-compose.yml Also refresh of the mkdir command found in setup/flavors/stack/setup.html --- docs/compose/docker-compose.yml | 11 ++++++----- setup/flavors/stack/docker-compose.yml | 10 +++++----- setup/flavors/stack/setup.html | 2 +- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index 2686ee27..42be1cb0 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -31,7 +31,7 @@ services: - "$BIND_ADDRESS6:587:587" volumes: - "$ROOT/certs:/certs" - - "$ROOT/overrides/nginx:/overrides" + - "$ROOT/overrides/nginx:/overrides:ro" redis: image: redis:alpine @@ -45,7 +45,7 @@ services: env_file: .env volumes: - "$ROOT/mail:/mail" - - "$ROOT/overrides:/overrides" + - "$ROOT/overrides/dovecot:/overrides:ro" depends_on: - front @@ -54,7 +54,8 @@ services: restart: always env_file: .env volumes: - - "$ROOT/overrides:/overrides" + - "$ROOT/mailqueue:/queue" + - "$ROOT/overrides/postfix:/overrides:ro" depends_on: - front @@ -64,8 +65,8 @@ services: env_file: .env volumes: - "$ROOT/filter:/var/lib/rspamd" - - "$ROOT/dkim:/dkim" - - "$ROOT/overrides/rspamd:/etc/rspamd/override.d" + - "$ROOT/dkim:/dkim:ro" + - "$ROOT/overrides/rspamd:/etc/rspamd/override.d:ro" depends_on: - front diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml index 6ae0f103..15bfc9cb 100644 --- a/setup/flavors/stack/docker-compose.yml +++ b/setup/flavors/stack/docker-compose.yml @@ -27,7 +27,7 @@ services: {% endfor %} volumes: - "{{ root }}/certs:/certs" - - "{{ root }}/overrides/nginx:/overrides" + - "{{ root }}/overrides/nginx:/overrides:ro" deploy: replicas: {{ front_replicas }} @@ -49,7 +49,7 @@ services: env_file: {{ env }} volumes: - "{{ root }}/mail:/mail" - - "{{ root }}/overrides:/overrides" + - "{{ root }}/overrides/dovecot:/overrides:ro" deploy: replicas: {{ imap_replicas }} @@ -58,7 +58,7 @@ services: env_file: {{ env }} volumes: - "{{ root }}/mailqueue:/queue" - - "{{ root }}/overrides:/overrides" + - "{{ root }}/overrides/postfix:/overrides:ro" deploy: replicas: {{ smtp_replicas }} @@ -67,8 +67,8 @@ services: env_file: {{ env }} volumes: - "{{ root }}/filter:/var/lib/rspamd" - - "{{ root }}/dkim:/dkim" - - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d" + - "{{ root }}/dkim:/dkim:ro" + - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d:ro" deploy: replicas: 1 diff --git a/setup/flavors/stack/setup.html b/setup/flavors/stack/setup.html index 5ae65cf7..9c775b20 100644 --- a/setup/flavors/stack/setup.html +++ b/setup/flavors/stack/setup.html @@ -4,7 +4,7 @@

Docker Stack expects a project file, named docker-compose.yml in a project directory. First create your project directory.

-
mkdir -p /{{ root }}/{redis,certs,data,dkim,mail,overrides/rspamd,overrides/nginx,filter,dav,webmail}
+
mkdir -p {{ root }}/{redis,certs,data,dkim,mail,mailqueue,overrides/rspamd,overrides/postfix,overrides/dovecot,overrides/nginx,filter,dav,webmail}
 

 
 
Then download the project file. A side configuration file makes it easier

From b1f012d53b586820b3a2f17aff34b1074d305504 Mon Sep 17 00:00:00 2001
From: ofthesun9 
Date: Tue, 12 May 2020 09:51:30 +0200
Subject: [PATCH 04/15] In setup/flavor, change DMARC rua and ruf email default
 settings DMARC_RUA and DMARC_RUF defaults will reuse the value defined for
 POSTMASTER, instead of 'admin' as previously

---
 setup/flavors/compose/mailu.env     | 4 ++--
 towncrier/newsfragments/1463.bugfix | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 towncrier/newsfragments/1463.bugfix

diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 78ecce72..b3cef48d 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -76,8 +76,8 @@ FETCHMAIL_DELAY={{ fetchmail_delay or '600' }}
 RECIPIENT_DELIMITER={{ recipient_delimiter or '+' }}
 
 # DMARC rua and ruf email
-DMARC_RUA={{ dmarc_rua or 'admin' }}
-DMARC_RUF={{ dmarc_ruf or 'admin' }}
+DMARC_RUA={{ dmarc_rua or postmaster }}
+DMARC_RUF={{ dmarc_ruf or postmaster }}
 
 # Welcome email, enable and set a topic and body if you wish to send welcome
 # emails to all users.
diff --git a/towncrier/newsfragments/1463.bugfix b/towncrier/newsfragments/1463.bugfix
new file mode 100644
index 00000000..37423bfa
--- /dev/null
+++ b/towncrier/newsfragments/1463.bugfix
@@ -0,0 +1 @@
+Defining POSTMASTER through setup tool apply also to DMARC_RUA and DMARC_RUF settings

From 6dbf7eb0e0d35fb33e97ac0f495f4241b4f9eacf Mon Sep 17 00:00:00 2001
From: liquidat 
Date: Sun, 17 May 2020 01:50:42 +0200
Subject: [PATCH 05/15] Setup, compose: add note about reverse DNS

---
 setup/templates/steps/compose/03_expose.html | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html
index bde4e84b..93c2147f 100644
--- a/setup/templates/steps/compose/03_expose.html
+++ b/setup/templates/steps/compose/03_expose.html
@@ -52,7 +52,9 @@ avoid generic all-interfaces addresses like 0.0.0.0 or ::MX record. Hostnames must be comma-separated. If you're having
 trouble accessing your admin interface, make sure it is the first entry here (and possibly the
-same as your DOMAIN entry from earlier.

+same as your DOMAIN entry from earlier). Also make sure that the first entry in
+this list resolves to the IP address of your server, and that the reverse DNS entry for
+the IP address of your server resolves to this first entry in this list.

 
 

   

From 506b7e9372ce0a972cbec6cd2333b56fd7a893f0 Mon Sep 17 00:00:00 2001
From: ofthesun9 
Date: Thu, 28 May 2020 14:05:47 +0200
Subject: [PATCH 06/15] Use Radicale 3.x for webdav service - remove ==2.1.12
 in Dockerfile pip3 install radicale - remove -f flag in Dockerfile CMD -
 remove deprecated daemon and dns_lookup settings from radicale.conf - move
 realm setting from [server] to [auth] in radicale.conf - add newsfragment

---
 optional/radicale/Dockerfile      | 4 ++--
 optional/radicale/radicale.conf   | 4 +---
 towncrier/newsfragments/1512.misc | 1 +
 3 files changed, 4 insertions(+), 5 deletions(-)
 create mode 100644 towncrier/newsfragments/1512.misc

diff --git a/optional/radicale/Dockerfile b/optional/radicale/Dockerfile
index 64712208..bbd05d43 100644
--- a/optional/radicale/Dockerfile
+++ b/optional/radicale/Dockerfile
@@ -2,13 +2,13 @@ ARG DISTRO=alpine:3.10
 FROM $DISTRO
 
 RUN apk add --no-cache curl bash python3 \
- && pip3 install radicale==2.1.12
+ && pip3 install radicale
 
 COPY radicale.conf /radicale.conf
 
 EXPOSE 5232/tcp
 VOLUME ["/data"]
 
-CMD radicale -f -S -C /radicale.conf
+CMD radicale -S -C /radicale.conf
 
 HEALTHCHECK CMD curl -f -L http://localhost:5232/ || exit 1
diff --git a/optional/radicale/radicale.conf b/optional/radicale/radicale.conf
index e2ed045e..6c99d8e0 100644
--- a/optional/radicale/radicale.conf
+++ b/optional/radicale/radicale.conf
@@ -1,15 +1,13 @@
 [server]
 hosts = 0.0.0.0:5232, [::]:5232
-daemon = False
 ssl = False
-dns_lookup = False
-realm = Radicale - Password Required
 
 [encoding]
 request = utf-8
 stock = utf-8
 
 [auth]
+realm = Radicale - Password Required
 type = http_x_remote_user
 
 [rights]
diff --git a/towncrier/newsfragments/1512.misc b/towncrier/newsfragments/1512.misc
new file mode 100644
index 00000000..a886a8c0
--- /dev/null
+++ b/towncrier/newsfragments/1512.misc
@@ -0,0 +1 @@
+Use Radicale 3.x for webdav service

From c3cbac65f9c0b321b3f842d3f1e7a187c9e28c23 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe 
Date: Sat, 6 Jun 2020 20:18:36 +0200
Subject: [PATCH 07/15] Replace SMPT with SMTP

---
 setup/templates/steps/stack/04_replicas.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/setup/templates/steps/stack/04_replicas.html b/setup/templates/steps/stack/04_replicas.html
index 785125cc..9f6de061 100644
--- a/setup/templates/steps/stack/04_replicas.html
+++ b/setup/templates/steps/stack/04_replicas.html
@@ -22,7 +22,7 @@
 

   
-  
+  
 

 
-{% endcall %}
\ No newline at end of file
+{% endcall %}

From fc47b736ea4f87b0cfcfa725c2fa7cba8e9b3bb5 Mon Sep 17 00:00:00 2001
From: Thomas Rehn 
Date: Sun, 14 Jun 2020 19:06:17 +0200
Subject: [PATCH 08/15] introduce environment variable to control dovecot
 full-text-search

---
 core/dovecot/conf/dovecot.conf | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/dovecot/conf/dovecot.conf b/core/dovecot/conf/dovecot.conf
index aa33a7bb..81811cdb 100644
--- a/core/dovecot/conf/dovecot.conf
+++ b/core/dovecot/conf/dovecot.conf
@@ -21,7 +21,10 @@ mail_access_groups = mail
 maildir_stat_dirs = yes
 mailbox_list_index = yes
 mail_vsize_bg_after_count = 100
-mail_plugins = $mail_plugins quota quota_clone zlib fts fts_xapian
+mail_plugins = $mail_plugins quota quota_clone zlib{{ ' ' }}
+  {%- if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] -%}
+  fts fts_xapian
+  {%- endif %}
 default_vsz_limit = 2GB
 
 namespace inbox {
@@ -39,11 +42,13 @@ plugin {
   quota_vsizes = yes
   quota_clone_dict = proxy:/tmp/podop.socket:quota
 
+  {% if (FULL_TEXT_SEARCH or '').lower() not in ['off', 'false', '0'] %}
   fts = xapian
   fts_xapian = partial=2 full=30
   fts_autoindex = yes
   fts_enforced = yes
   fts_autoindex_exclude = \Trash
+  {% endif %}
 
   {% if COMPRESSION in [ 'gz', 'bz2' ] %}
   zlib_save = {{ COMPRESSION }}

From 065447fd3598396d89774475eb03570593c5c3bf Mon Sep 17 00:00:00 2001
From: Thomas Rehn 
Date: Sun, 14 Jun 2020 19:30:41 +0200
Subject: [PATCH 09/15] add feature description

---
 towncrier/newsfragments/1538.feature | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 towncrier/newsfragments/1538.feature

diff --git a/towncrier/newsfragments/1538.feature b/towncrier/newsfragments/1538.feature
new file mode 100644
index 00000000..cdefe766
--- /dev/null
+++ b/towncrier/newsfragments/1538.feature
@@ -0,0 +1 @@
+Introduce option to disable dovecot full-text-search by an enviroment variable. 

From f3ac4e939740908389cdec9dff41843e8dd2ab41 Mon Sep 17 00:00:00 2001
From: Dennis Hoppe 
Date: Tue, 16 Jun 2020 15:45:11 +0200
Subject: [PATCH 10/15] Remove unused variables

---
 core/dovecot/start.py | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/core/dovecot/start.py b/core/dovecot/start.py
index 559baf6e..1845eb93 100755
--- a/core/dovecot/start.py
+++ b/core/dovecot/start.py
@@ -21,13 +21,9 @@ def start_podop():
     ])
 
 # Actual startup script
-
 os.environ["FRONT_ADDRESS"] = system.get_host_address_from_environment("FRONT", "front")
-os.environ["REDIS_ADDRESS"] = system.get_host_address_from_environment("REDIS", "redis")
 os.environ["ADMIN_ADDRESS"] = system.get_host_address_from_environment("ADMIN", "admin")
 os.environ["ANTISPAM_WEBUI_ADDRESS"] = system.get_host_address_from_environment("ANTISPAM_WEBUI", "antispam:11334")
-if os.environ["WEBMAIL"] != "none":
-    os.environ["WEBMAIL_ADDRESS"] = system.get_host_address_from_environment("WEBMAIL", "webmail")
 
 for dovecot_file in glob.glob("/conf/*.conf"):
     conf.jinja(dovecot_file, os.environ, os.path.join("/etc/dovecot", os.path.basename(dovecot_file)))

From f48a13336fea092c661bd7825552333af75635d1 Mon Sep 17 00:00:00 2001
From: ofthesun9 
Date: Wed, 17 Jun 2020 16:18:33 +0200
Subject: [PATCH 11/15] Disable Health checks on swarm mode ref:
 https://github.com/moby/moby/issues/35451

---
 setup/flavors/stack/docker-compose.yml | 18 ++++++++++++++++++
 towncrier/newsfragments/1289.bugfix    |  1 +
 2 files changed, 19 insertions(+)
 create mode 100644 towncrier/newsfragments/1289.bugfix

diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml
index 6ae0f103..66731805 100644
--- a/setup/flavors/stack/docker-compose.yml
+++ b/setup/flavors/stack/docker-compose.yml
@@ -43,6 +43,8 @@ services:
       - "{{ root }}/dkim:/dkim"
     deploy:
       replicas: {{ admin_replicas }}
+    healthcheck:
+      disable: true
 
   imap:
     image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}}
@@ -52,6 +54,8 @@ services:
       - "{{ root }}/overrides:/overrides"
     deploy:
       replicas: {{ imap_replicas }}
+    healthcheck:
+      disable: true
 
   smtp:
     image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}}
@@ -61,6 +65,8 @@ services:
       - "{{ root }}/overrides:/overrides"
     deploy:
       replicas: {{ smtp_replicas }}
+    healthcheck:
+      disable: true
 
   antispam:
     image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}}
@@ -71,6 +77,8 @@ services:
       - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d"
     deploy:
       replicas: 1
+    healthcheck:
+      disable: true
 
   # Optional services
   {% if antivirus_enabled %}
@@ -81,6 +89,8 @@ services:
       - "{{ root }}/filter:/data"
     deploy:
       replicas: 1
+    healthcheck:
+      disable: true
   {% endif %}
 
   {% if webdav_enabled %}
@@ -91,6 +101,8 @@ services:
       - "{{ root }}/dav:/data"
     deploy:
       replicas: 1
+    healthcheck:
+      disable: true
   {% endif %}
 
   {% if fetchmail_enabled %}
@@ -101,6 +113,8 @@ services:
       - "{{ root }}/data:/data"
     deploy:
       replicas: 1
+    healthcheck:
+      disable: true
   {% endif %}
 
   {% if webmail_type != 'none' %}
@@ -111,6 +125,8 @@ services:
       - "{{ root }}/webmail:/data"
     deploy:
       replicas: 1
+    healthcheck:
+      disable: true
   {% endif %}
 
   {% if db_flavor == 'postgresql' and postgresql == 'internal' %}
@@ -119,6 +135,8 @@ services:
     env_file: {{ env }}
     volumes:
       - "{{ root }}/data/psql_backup:/backup"
+    healthcheck:
+      disable: true
   {% endif %}
 
 networks:
diff --git a/towncrier/newsfragments/1289.bugfix b/towncrier/newsfragments/1289.bugfix
new file mode 100644
index 00000000..8dc41dea
--- /dev/null
+++ b/towncrier/newsfragments/1289.bugfix
@@ -0,0 +1 @@
+Disable Health checks on swarm mode

From e8eaad6c88188114d8ff192a188d3d57000b1515 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20S=C3=A4nger?= 
Date: Mon, 22 Jun 2020 16:06:23 +0200
Subject: [PATCH 12/15] update roundcube

---
 webmails/roundcube/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile
index e8a6b027..79b911b0 100644
--- a/webmails/roundcube/Dockerfile
+++ b/webmails/roundcube/Dockerfile
@@ -16,7 +16,7 @@ RUN apt-get update && apt-get install -y \
 # Shared layer between nginx, dovecot, postfix, postgresql, rspamd, unbound, rainloop, roundcube
 RUN pip3 install socrate
 
-ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.4.3/roundcubemail-1.4.3-complete.tar.gz
+ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.4.6/roundcubemail-1.4.6-complete.tar.gz
 
 ENV CARDDAV_URL https://github.com/blind-coder/rcmcarddav/releases/download/v3.0.3/carddav-3.0.3.tar.bz2
 

From 6bd14506c0a1a0ff81a3efeff79884beb651d3d8 Mon Sep 17 00:00:00 2001
From: Brian Maloney <3286425+brian-maloney@users.noreply.github.com>
Date: Sun, 28 Jun 2020 17:27:45 -0400
Subject: [PATCH 13/15] Explicitly define ProxyFix options

Even though these seem to be the defaults, since 1.7 x_proto was not being honored (see #1309), this fixes this issue for me.
---
 core/admin/mailu/utils.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/admin/mailu/utils.py b/core/admin/mailu/utils.py
index 39181678..ce12a09a 100644
--- a/core/admin/mailu/utils.py
+++ b/core/admin/mailu/utils.py
@@ -40,7 +40,7 @@ class PrefixMiddleware(object):
         return self.app(environ, start_response)
 
     def init_app(self, app):
-        self.app = fixers.ProxyFix(app.wsgi_app)
+        self.app = fixers.ProxyFix(app.wsgi_app, x_for=1, x_proto=1)
         app.wsgi_app = self
 
 proxy = PrefixMiddleware()

From ebf1f4f1b6567adbd265b6d8a49782a43ede5722 Mon Sep 17 00:00:00 2001
From: Thomas Rehn 
Date: Sun, 12 Jul 2020 21:26:22 +0200
Subject: [PATCH 14/15] add bits of documentation for new environment variable

---
 docs/compose/.env               | 3 +++
 docs/configuration.rst          | 3 +++
 setup/flavors/compose/mailu.env | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/docs/compose/.env b/docs/compose/.env
index 69c91d82..7f91c270 100644
--- a/docs/compose/.env
+++ b/docs/compose/.env
@@ -102,6 +102,9 @@ COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
 
+# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
+# FULL_TEXT_SEARCH=off
+
 ###################################
 # Web settings
 ###################################
diff --git a/docs/configuration.rst b/docs/configuration.rst
index 292d4303..8382e063 100644
--- a/docs/configuration.rst
+++ b/docs/configuration.rst
@@ -83,6 +83,9 @@ later classify incoming mail based on the custom part.
 The ``DMARC_RUA`` and ``DMARC_RUF`` are DMARC protocol specific values. They hold
 the localpart for DMARC rua and ruf email addresses.
 
+Full-text search is enabled for IMAP is enabled by default. This feature can be disabled
+(e.g. for performance reasons) by setting the optional variable ``FULL_TEXT_SEARCH`` to ``off``.
+
 Web settings
 ------------
 
diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env
index 78ecce72..8d94820a 100644
--- a/setup/flavors/compose/mailu.env
+++ b/setup/flavors/compose/mailu.env
@@ -91,6 +91,9 @@ COMPRESSION={{ compression }}
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL={{ compression_level }}
 
+# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
+# FULL_TEXT_SEARCH=off
+
 ###################################
 # Web settings
 ###################################

From 16ec9adadd96ef9ad1a2be12770c54c7ab4b5e08 Mon Sep 17 00:00:00 2001
From: ofthesun9 
Date: Sun, 9 Aug 2020 14:54:00 +0200
Subject: [PATCH 15/15] Update optional/radicale/Dockerfile

Co-authored-by: Dario Ernst 
---
 optional/radicale/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/optional/radicale/Dockerfile b/optional/radicale/Dockerfile
index bbd05d43..42c996d3 100644
--- a/optional/radicale/Dockerfile
+++ b/optional/radicale/Dockerfile
@@ -2,7 +2,7 @@ ARG DISTRO=alpine:3.10
 FROM $DISTRO
 
 RUN apk add --no-cache curl bash python3 \
- && pip3 install radicale
+ && pip3 install radicale~=3.0
 
 COPY radicale.conf /radicale.conf