lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Merge branch 'master' of https://github.com/Mailu/Mailu into fail2ban-update

Browse Source
main
Florent Daigniere 1 year ago
parent a973fffa9e 0069b67ada
commit 61ca539d6d
34 changed files with 137 additions and 118 deletions
Show Stats Download Patch File Download Diff File

6
CHANGELOG.md
Unescape Escape View File

@ -10,7 +10,7 @@ These settings tell Mailu that the HTTP header with the remote client IP address
For more information see the [configuration reference](https://mailu.io/1.9/configuration.html#advanced-settings). For more information see the [configuration reference](https://mailu.io/1.9/configuration.html#advanced-settings).
One major change for the docker compose file is that the antispam container needs a fixed hostname [#1837](https://github.com/Mailu/Mailu/issues/1837). One major change for the docker compose file is that the antispam container needs a fixed hostname [#1837](https://github.com/Mailu/Mailu/issues/1837).
This is handled when you regenerate the docker-compose file. A fixed hostname is required to retain rspamd history. This is handled when you regenerate the docker compose file. A fixed hostname is required to retain rspamd history.
After changing mailu.env, it is required to recreate all containers for the changes to be propagated. After changing mailu.env, it is required to recreate all containers for the changes to be propagated.
@ -314,8 +314,8 @@ v1.6.0 - 2019-01-18
- Enhancement: Reverse proxy - Real ip header and mail-letsencrypt ([#358](https://github.com/Mailu/Mailu/issues/358)) - Enhancement: Reverse proxy - Real ip header and mail-letsencrypt ([#358](https://github.com/Mailu/Mailu/issues/358))
- Enhancement: Parametrize hosts ([#373](https://github.com/Mailu/Mailu/issues/373)) - Enhancement: Parametrize hosts ([#373](https://github.com/Mailu/Mailu/issues/373))
- Enhancement: Expose ports in dockerfiles ([#392](https://github.com/Mailu/Mailu/issues/392)) - Enhancement: Expose ports in dockerfiles ([#392](https://github.com/Mailu/Mailu/issues/392))
- Enhancement: Added webmail-imap dependency in docker-compose ([#403](https://github.com/Mailu/Mailu/issues/403)) - Enhancement: Added webmail-imap dependency in docker compose ([#403](https://github.com/Mailu/Mailu/issues/403))
- Enhancement: Add environment variables to allow running outside of docker-compose ([#429](https://github.com/Mailu/Mailu/issues/429)) - Enhancement: Add environment variables to allow running outside of docker compose ([#429](https://github.com/Mailu/Mailu/issues/429))
- Enhancement: Add original Delivered-To header to received messages ([#433](https://github.com/Mailu/Mailu/issues/433)) - Enhancement: Add original Delivered-To header to received messages ([#433](https://github.com/Mailu/Mailu/issues/433))
- Enhancement: Use HOST_ADMIN in "Forwarding authentication server" ([#436](https://github.com/Mailu/Mailu/issues/436), [#437](https://github.com/Mailu/Mailu/issues/437)) - Enhancement: Use HOST_ADMIN in "Forwarding authentication server" ([#436](https://github.com/Mailu/Mailu/issues/436), [#437](https://github.com/Mailu/Mailu/issues/437))
- Enhancement: Use POD_ADDRESS_RANGE for Dovecot ([#448](https://github.com/Mailu/Mailu/issues/448)) - Enhancement: Use POD_ADDRESS_RANGE for Dovecot ([#448](https://github.com/Mailu/Mailu/issues/448))

4
ISSUE_TEMPLATE.md
Unescape Escape View File

@ -19,7 +19,7 @@ Please put your text outside of the comment blocks to be visible. You can use th
### Environment ### Environment
- [ ] docker-compose - [ ] docker compose
- [ ] kubernetes - [ ] kubernetes
- [ ] docker swarm - [ ] docker swarm
@ -61,7 +61,7 @@ Just saying "it doesnt work as expected" is not useful. It's also helpful to
Often it is very useful to include log fragments of the involved component. Often it is very useful to include log fragments of the involved component.
You can get the logs via `docker logs <container name> --tail 1000`. You can get the logs via `docker logs <container name> --tail 1000`.
For example for the admin container: `docker logs mailu_admin_1 --tail 1000` For example for the admin container: `docker logs mailu_admin_1 --tail 1000`
or using docker-compose `docker-compose -f /mailu/docker-compose.yml logs --tail 1000 admin` or using docker compose `docker compose -f /mailu/docker-compose.yml logs --tail 1000 admin`
If you can find the relevant section, please share only the parts that seem relevant. If you have any logs, please enclose them in code tags, like so: If you can find the relevant section, please share only the parts that seem relevant. If you have any logs, please enclose them in code tags, like so:

2
RELEASE_TEMPLATE.md
Unescape Escape View File

@ -1,5 +1,5 @@
This is a new automatic release of Mailu. The new version can be seen in the tag name. This is a new automatic release of Mailu. The new version can be seen in the tag name.
The main version X.Y (e.g. 1.9) will always reflect the latest version of the branch. To update your Mailu installation simply pull the latest images `docker-compose pull && docker-compose up -d`. The main version X.Y (e.g. 1.9) will always reflect the latest version of the branch. To update your Mailu installation simply pull the latest images `docker compose pull && docker compose up -d`.
The pinned version X.Y.Z (e.g. 1.9.1) is not updated. It is pinned to the commit that was used for creating this release. You can use a pinned version to make sure your Mailu installation is not suddenly updated when recreating containers. The pinned version allows the user to manually update. It also allows to go back to a previous pinned version. The pinned version X.Y.Z (e.g. 1.9.1) is not updated. It is pinned to the commit that was used for creating this release. You can use a pinned version to make sure your Mailu installation is not suddenly updated when recreating containers. The pinned version allows the user to manually update. It also allows to go back to a previous pinned version.
To check what was changed: To check what was changed:

3
core/admin/mailu/sso/views/base.py
Unescape Escape View File

@ -62,7 +62,6 @@ def logout():
response.set_cookie(cookie, 'empty', expires=0) response.set_cookie(cookie, 'empty', expires=0)
return response return response
@sso.route('/proxy', methods=['GET']) @sso.route('/proxy', methods=['GET'])
@sso.route('/proxy/<target>', methods=['GET']) @sso.route('/proxy/<target>', methods=['GET'])
def proxy(target='webmail'): def proxy(target='webmail'):
@ -97,6 +96,8 @@ def proxy(target='webmail'):
user.set_password(secrets.token_urlsafe()) user.set_password(secrets.token_urlsafe())
models.db.session.add(user) models.db.session.add(user)
models.db.session.commit() models.db.session.commit()
flask.session.regenerate()
flask_login.login_user(user)
user.send_welcome() user.send_welcome()
flask.current_app.logger.info(f'Login succeeded by proxy created user: {user} from {client_ip} through {flask.request.remote_addr}.') flask.current_app.logger.info(f'Login succeeded by proxy created user: {user} from {client_ip} through {flask.request.remote_addr}.')
return flask.redirect(app.config['WEB_ADMIN'] if target=='admin' else app.config['WEB_WEBMAIL']) return flask.redirect(app.config['WEB_ADMIN'] if target=='admin' else app.config['WEB_WEBMAIL'])

2
core/base/Dockerfile
Unescape Escape View File

@ -1,7 +1,7 @@
# syntax=docker/dockerfile-upstream:1.4.3 # syntax=docker/dockerfile-upstream:1.4.3
# base system image (intermediate) # base system image (intermediate)
ARG DISTRO=alpine:3.17.1 ARG DISTRO=alpine:3.17.2
FROM $DISTRO as system FROM $DISTRO as system
ENV TZ=Etc/UTC LANG=C.UTF-8 ENV TZ=Etc/UTC LANG=C.UTF-8

6
design/mailu-directory-structure.md
Unescape Escape View File

@ -88,7 +88,7 @@ If RFC issue #1222 is accepted, Dovecot will need read-only access to the certif
- Path: `/mailu/data/` - Path: `/mailu/data/`
Database files, like SQLite or PostgreSQL files. Databases don't perform well on network filesystems as they depend heavily on file locking and full controll on the database files. Making it unfit for concurrent access from multiple hosts. This directory should always live on a local filesystem. This makes it only usable in `docker-compose` deployments. Usage of this directory should be avoided in Kubernetes and Docker Swarm deployments. Some services will need to be improved to allow for this. Database files, like SQLite or PostgreSQL files. Databases don't perform well on network filesystems as they depend heavily on file locking and full controll on the database files. Making it unfit for concurrent access from multiple hosts. This directory should always live on a local filesystem. This makes it only usable in `docker compose` deployments. Usage of this directory should be avoided in Kubernetes and Docker Swarm deployments. Some services will need to be improved to allow for this.
#### admin data #### admin data
@ -138,7 +138,7 @@ In the old situation, Maildir indexes are stored on the same volume. However, th
- Path: `/mailu/local` (new) - Path: `/mailu/local` (new)
Persistent storage not suitable for replication. In `docker-compose` deployments it lives inside `/mailu` and in replicated deployments it should live somewhere on the local host machine. Persistent storage not suitable for replication. In `docker compose` deployments it lives inside `/mailu` and in replicated deployments it should live somewhere on the local host machine.
#### Mailqueue #### Mailqueue
@ -185,7 +185,7 @@ The final layout of the Mailu filesystem will look like:
Where in replicated environments: Where in replicated environments:
- `/mailu/config/`: should be a small, low performant and shared filesystem. - `/mailu/config/`: should be a small, low performant and shared filesystem.
- `/mailu/data`: should be avoided. More work will need to be done to configure external DB servers for relevant services. Ideally, this directory should only exist on docker-compose deployments. - `/mailu/data`: should be avoided. More work will need to be done to configure external DB servers for relevant services. Ideally, this directory should only exist on docker compose deployments.
- `/mailu/local/`: Should exist only on local file systems of worker nodes. - `/mailu/local/`: Should exist only on local file systems of worker nodes.
- `/mailu/mail`: A distributed filesystem with sufficient performance and storage requirements to hold and process all user mailboxes. Ideally only Maildir without indexes. - `/mailu/mail`: A distributed filesystem with sufficient performance and storage requirements to hold and process all user mailboxes. Ideally only Maildir without indexes.

14
docs/antispam.rst
Unescape Escape View File

@ -125,12 +125,12 @@ The following steps have to be taken to configure an additional symbol (rule) th
#This file is LIVE reloaded by rspamd. Any changes are EFFECTIVE IMMEDIATELY. #This file is LIVE reloaded by rspamd. Any changes are EFFECTIVE IMMEDIATELY.
dummy.com dummy.com
3. Reload Rspamd by stopping the Rspamd container and starting the Rspamd container again. Example for docker-compose setup: 3. Reload Rspamd by stopping the Rspamd container and starting the Rspamd container again. Example for docker compose setup:
.. code-block:: bash .. code-block:: bash
docker-compose scale antispam=0 docker compose scale antispam=0
docker-compose scale antispam=1 docker compose scale antispam=1
4. (Optional) Check if the custom symbol is loaded. To access the Rspamd webgui, log in the Mailu administration web interface with a user that is an administrator and go to Antispam. In Rspamd webgui go to tab Symbols. Change the group drop-down box to local_bl. The following additional rule will be listed. 4. (Optional) Check if the custom symbol is loaded. To access the Rspamd webgui, log in the Mailu administration web interface with a user that is an administrator and go to Antispam. In Rspamd webgui go to tab Symbols. Change the group drop-down box to local_bl. The following additional rule will be listed.
@ -163,8 +163,8 @@ Mailu rejects emails with file attachements it deems to be "executable" or other
.. code-block:: bash .. code-block:: bash
docker-compose exec antispam cat /etc/rspamd/local.d/forbidden_file_extension.map > overrides/rspamd/forbidden_file_extension.map docker compose exec antispam cat /etc/rspamd/local.d/forbidden_file_extension.map > overrides/rspamd/forbidden_file_extension.map
docker-compose restart antispam docker compose restart antispam
Now the file `overrides/rspamd/forbidden_file_extension.map` can be edited, to make changes to the forbidden file extensions list. Now the file `overrides/rspamd/forbidden_file_extension.map` can be edited, to make changes to the forbidden file extensions list.
For the changes to take effect, rspamd must be restarted. For the changes to take effect, rspamd must be restarted.
@ -176,8 +176,8 @@ If configured to do so, Mailu uses a lightweight tool called `mraptor from oleto
.. code-block:: bash .. code-block:: bash
docker-compose exec antispam cat /etc/rspamd/local.d/composites.conf > overrides/rspamd/composites.conf docker compose exec antispam cat /etc/rspamd/local.d/composites.conf > overrides/rspamd/composites.conf
docker-compose restart antispam docker compose restart antispam
Now the file `overrides/rspamd/composites.conf` can be edited, to override the mraptor configuration in rspamd. Now the file `overrides/rspamd/composites.conf` can be edited, to override the mraptor configuration in rspamd.
For the changes to take effect, rspamd must be restarted. For the changes to take effect, rspamd must be restarted.

30
docs/cli.rst
Unescape Escape View File

@ -19,7 +19,7 @@ alias
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu alias foo example.net "mail1@example.com,mail2@example.com" docker compose exec admin flask mailu alias foo example.net "mail1@example.com,mail2@example.com"
alias-delete alias-delete
@ -27,7 +27,7 @@ alias-delete
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu alias-delete foo@example.net docker compose exec admin flask mailu alias-delete foo@example.net
domain domain
@ -35,7 +35,7 @@ domain
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu domain example.net docker compose exec admin flask mailu domain example.net
password password
@ -43,7 +43,7 @@ password
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu password myuser example.net 'password123' docker compose exec admin flask mailu password myuser example.net 'password123'
user user
@ -51,7 +51,7 @@ user
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu user myuser example.net 'password123' docker compose exec admin flask mailu user myuser example.net 'password123'
user-import user-import
@ -61,14 +61,14 @@ primary difference with simple `user` command is that password is being imported
.. code-block:: bash .. code-block:: bash
docker-compose run --rm admin flask mailu user-import myuser example.net '$6$51ebe0cb9f1dab48effa2a0ad8660cb489b445936b9ffd812a0b8f46bca66dd549fea530ce' 'SHA512-CRYPT' docker compose run --rm admin flask mailu user-import myuser example.net '$6$51ebe0cb9f1dab48effa2a0ad8660cb489b445936b9ffd812a0b8f46bca66dd549fea530ce' 'SHA512-CRYPT'
user-delete user-delete
----------- -----------
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu user-delete foo@example.net docker compose exec admin flask mailu user-delete foo@example.net
config-update config-update
------------- -------------
@ -77,7 +77,7 @@ The sole purpose of this command is for importing users/aliases in bulk and sync
.. code-block:: bash .. code-block:: bash
cat mail-config.yml | docker-compose exec -T admin flask mailu config-update --delete-objects cat mail-config.yml | docker compose exec -T admin flask mailu config-update --delete-objects
where mail-config.yml looks like: where mail-config.yml looks like:
@ -131,7 +131,7 @@ The purpose of this command is to export the complete configuration in YAML or J
.. code-block:: bash .. code-block:: bash
$ docker-compose exec admin flask mailu config-export --help $ docker compose exec -T admin flask mailu config-export --help
Usage: flask mailu config-export [OPTIONS] [FILTER]... Usage: flask mailu config-export [OPTIONS] [FILTER]...
@ -156,11 +156,11 @@ Attributes explicitly specified in filters are automatically exported: there is
.. code-block:: bash .. code-block:: bash
$ docker-compose exec admin flask mailu config-export --output mail-config.yml $ docker compose exec admin flask mailu config-export --output mail-config.yml
$ docker-compose exec admin flask mailu config-export domain.dns_mx domain.dns_spf $ docker compose exec -T admin flask mailu config-export domain.dns_mx domain.dns_spf
$ docker-compose exec admin flask mailu config-export user.spam_threshold $ docker compose exec -T admin flask mailu config-export user.email user.spam_threshold
config-import config-import
------------- -------------
@ -169,7 +169,7 @@ This command imports configuration data from an external YAML or JSON source.
.. code-block:: bash .. code-block:: bash
$ docker-compose exec admin flask mailu config-import --help $ docker compose exec -T admin flask mailu config-import --help
Usage: flask mailu config-import [OPTIONS] [FILENAME|-] Usage: flask mailu config-import [OPTIONS] [FILENAME|-]
@ -184,11 +184,11 @@ This command imports configuration data from an external YAML or JSON source.
-n, --dry-run Perform a trial run with no changes made. -n, --dry-run Perform a trial run with no changes made.
-?, -h, --help Show this message and exit. -?, -h, --help Show this message and exit.
The current version of docker-compose exec does not pass stdin correctly, so you have to user docker exec instead: To pass stdin correctly you have to use the `-T` option:
.. code-block:: bash .. code-block:: bash
docker exec -i $(docker-compose ps -q admin) flask mailu config-import -nv < mail-config.yml docker compose exec -T admin flask mailu config-import -nv < mail-config.yml
mail-config.yml contains the configuration and looks like this: mail-config.yml contains the configuration and looks like this:

2
docs/compose/.env
Unescape Escape View File

@ -138,7 +138,7 @@ WEBSITE=https://mailu.io
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
LOG_DRIVER=json-file LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

52
docs/compose/requirements.rst
Unescape Escape View File

@ -91,7 +91,7 @@ The Docker website is full of `detailed instructions`_
about setting up a proper Docker install. Default configuration should be about setting up a proper Docker install. Default configuration should be
suited for Mailu. suited for Mailu.
Additionally, you must install ``docker-compose`` by following the instructions Additionally, you must install ``docker compose`` v2 by following the instructions
from the `Docker website`_ if you plan on using the Compose flavor. Compose is a from the `Docker website`_ if you plan on using the Compose flavor. Compose is a
management tool for Docker, especially suited for multiple containers systems management tool for Docker, especially suited for multiple containers systems
like Mailu. like Mailu.
@ -105,24 +105,34 @@ Once everything is setup, you should be able to run the following commands
.. code-block:: bash .. code-block:: bash
$ docker version $ docker version
Client: Client: Docker Engine - Community
Version: 1.11.2 Version: 20.10.22
API version: 1.23 API version: 1.41
Go version: go1.6.2 Go version: go1.18.9
Git commit: b9f10c9 Git commit: 3a2c30b
Built: Sun Jun 5 23:17:55 2016 Built: Thu Dec 15 22:27:03 2022
OS/Arch: linux/amd64 OS/Arch: linux/arm64
Context: default
Experimental: true
Server: Docker Engine - Community
Engine:
Version: 20.10.22
API version: 1.41 (minimum version 1.12)
Go version: go1.18.9
Git commit: 42c8b31
Built: Thu Dec 15 22:25:25 2022
OS/Arch: linux/arm64
Experimental: false
containerd:
Version: 1.6.14
GitCommit: 9ba4b250366a5ddde94bb7c9d1def331423aa323
runc:
Version: 1.1.4
GitCommit: v1.1.4-0-g5fd4c4d
docker-init:
Version: 0.19.0
GitCommit: de40ad0
Server: $ docker compose version
Version: 1.11.1 Docker Compose version v2.14.1
API version: 1.23
Go version: go1.6.2
Git commit: 5604cbe
Built: Mon May 2 00:06:51 2016
OS/Arch: linux/amd64
$ docker-compose version
docker-compose version 1.7.1, build 6c29830
docker-py version: 1.8.1
CPython version: 3.5.1
OpenSSL version: OpenSSL 1.0.2h 3 May 2016

4
docs/compose/setup.rst
Unescape Escape View File

@ -95,7 +95,7 @@ You may now start Mailu. Move the to the Mailu directory and run:
.. code-block:: bash .. code-block:: bash
docker-compose up -d docker compose up -d
Finally, you need an admin user account. Finally, you need an admin user account.
@ -106,7 +106,7 @@ Else, if you don't go with the automatic way, you need to manually create the ad
.. code-block:: bash .. code-block:: bash
docker-compose exec admin flask mailu admin me example.net 'password' docker compose exec admin flask mailu admin me example.net 'password'
This will create a user named ``me@example.net`` with password ``password`` and administration privileges. This will create a user named ``me@example.net`` with password ``password`` and administration privileges.
Connect to the Web admin interface and change the password to a strong one. Connect to the Web admin interface and change the password to a strong one.

12
docs/contributors/environment.rst
Unescape Escape View File

@ -153,25 +153,25 @@ After that you can run:
.. code-block:: bash .. code-block:: bash
docker-compose up -d docker compose up -d
If you wish to run commands inside a container, simply run (example): If you wish to run commands inside a container, simply run (example):
.. code-block:: bash .. code-block:: bash
docker-compose exec admin ls -lah / docker compose exec admin ls -lah /
Or if you wish to start a shell for debugging: Or if you wish to start a shell for debugging:
.. code-block:: bash .. code-block:: bash
docker-compose exec admin sh docker compose exec admin sh
Finally, if you need to install packages inside the containers for debugging: Finally, if you need to install packages inside the containers for debugging:
.. code-block:: bash .. code-block:: bash
docker-compose exec admin apk add --no-cache package-name docker compose exec admin apk add --no-cache package-name
Reviewing Reviewing
--------- ---------
@ -215,8 +215,8 @@ For example, to test PR #500 against master, reviewers can use:
export DOCKER_ORG="mailuci" export DOCKER_ORG="mailuci"
export MAILU_VERSION="pr-500" export MAILU_VERSION="pr-500"
docker-compose pull docker compose pull
docker-compose up -d docker compose up -d
You can now test the PR. Play around. See if (external) mails work. Check for whatever functionality the PR is You can now test the PR. Play around. See if (external) mails work. Check for whatever functionality the PR is
trying to fix. When happy, you can approve the PR. When running into failures, mark the review as trying to fix. When happy, you can approve the PR. When running into failures, mark the review as

24
docs/database.rst
Unescape Escape View File

@ -15,11 +15,11 @@ This means it is not possible to switch the database back-end used by roundcube
To switch to a different database back-end: To switch to a different database back-end:
1. Run config-export to export the configuration. E.g. `docker-compose exec admin flask mailu config-export --secrets --output mail-config.yml` 1. Run config-export to export the configuration. E.g. `docker compose exec admin flask mailu config-export --secrets --output mail-config.yml`
2. Set up your new database server. Refer to the subsequent sections for tips for creating the database. 2. Set up your new database server. Refer to the subsequent sections for tips for creating the database.
3. Modify the database settings (DB_*) in mailu.env. Refer to the :ref:`configuration guide (link) <db_settings>` for the exact settings. 3. Modify the database settings (DB_*) in mailu.env. Refer to the :ref:`configuration guide (link) <db_settings>` for the exact settings.
4. Start your Mailu deployment. 4. Start your Mailu deployment.
5. Run config-import to import the configuration. E.g. `docker exec -i $(docker-compose ps -q admin) flask mailu config-import -v < mail-config.yml` 5. Run config-import to import the configuration. E.g. `docker exec -i $(docker compose ps -q admin) flask mailu config-import -v < mail-config.yml`
Mailu has now been switched to the new database back-end. The Mailu configuration has also been migrated. Mailu has now been switched to the new database back-end. The Mailu configuration has also been migrated.
@ -114,22 +114,22 @@ Prepare the environment. Mailu must not be in use. Only the database container.
1. Open a terminal. 1. Open a terminal.
2. `cd /mailu` 2. `cd /mailu`
3. `docker-compose -p mailu down` 3. `docker compose -p mailu down`
4. `docker-compose -p mailu up -d database` 4. `docker compose -p mailu up -d database`
Create the dump SQL file for recreating the database. Create the dump SQL file for recreating the database.
1. `docker-compose -p mailu exec database /bin/bash` 1. `docker compose -p mailu exec database /bin/bash`
2. `pg_dump -h database -p 5432 -U mailu > /backup/backup_db.sql` 2. `pg_dump -h database -p 5432 -U mailu > /backup/backup_db.sql`
3. Enter the password. See the value of DB_PW in mailu.env. 3. Enter the password. See the value of DB_PW in mailu.env.
4. `exit` 4. `exit`
5. The dump is saved to /mailu/data/psql_backup/backup_db.sql. 5. The dump is saved to /mailu/data/psql_backup/backup_db.sql.
6. `docker-compose -p mailu down` 6. `docker compose -p mailu down`
Prepare the new PostgreSQL deployment. Prepare the new PostgreSQL deployment.
1. `mkdir -p /mailu/data/external_psql/pgdata` 1. `mkdir -p /mailu/data/external_psql/pgdata`
2. Create the file docker-compose-postgresql.yml with the following contents: 2. Create the file docker compose-postgresql.yml with the following contents:
.. code-block:: docker .. code-block:: docker
@ -147,12 +147,12 @@ Prepare the new PostgreSQL deployment.
- "/mailu/data/psql_backup:/dump" - "/mailu/data/psql_backup:/dump"
3. `docker-compose -f docker-compose-postgresql.yml up -d` 3. `docker compose -f docker compose-postgresql.yml up -d`
4. `docker-compose -f docker-compose-postgresql.yml exec database /bin/bash` 4. `docker compose -f docker compose-postgresql.yml exec database /bin/bash`
5. `cat /dump/backup_db.sql | psql -h localhost -p 5432 -U mailu` 5. `cat /dump/backup_db.sql | psql -h localhost -p 5432 -U mailu`
6. `exit` 6. `exit`
7. `docker-compose -f docker-compose-postgresql.yml down` 7. `docker compose -f docker compose-postgresql.yml down`
8. Remove the file docker-compose-postgresql.yml. 8. Remove the file docker compose-postgresql.yml.
The new PostgreSQL deployment has the dump loaded now. Now it is time to modify Mailu to use the official PostgreSQL docker image. The new PostgreSQL deployment has the dump loaded now. Now it is time to modify Mailu to use the official PostgreSQL docker image.
@ -199,7 +199,7 @@ to
Mailu is now configured to use the official PostgreSQL docker image. Bring your new deployment online Mailu is now configured to use the official PostgreSQL docker image. Bring your new deployment online
1. `docker-compose -p mailu up -d` 1. `docker compose -p mailu up -d`
Optionally you can remove left-over files which were used by the old database: Optionally you can remove left-over files which were used by the old database:

16
docs/faq.rst
Unescape Escape View File

@ -401,8 +401,8 @@ down and up again. A container restart is not sufficient.
.. code-block:: bash .. code-block:: bash
docker-compose down && \ docker compose down && \
docker-compose up -d docker compose up -d
*Issue reference:* `615`_. *Issue reference:* `615`_.
@ -479,8 +479,8 @@ to check the logs.
.. code-block:: bash .. code-block:: bash
docker-compose logs front | less -R docker compose logs front | less -R
docker-compose exec front less /var/log/letsencrypt/letsencrypt.log docker compose exec front less /var/log/letsencrypt/letsencrypt.log
Common problems: Common problems:
@ -551,7 +551,7 @@ See the :ref:`configuration reference <reverse_proxy_headers>` for more informat
Assuming you have a working Fail2Ban installation on the host running your Docker containers, Assuming you have a working Fail2Ban installation on the host running your Docker containers,
follow these steps: follow these steps:
1. In the mailu docker-compose set the logging driver of the front container to journald; and set the tag to mailu-front 1. In the mailu docker compose set the logging driver of the front container to journald; and set the tag to mailu-front
.. code-block:: bash .. code-block:: bash
@ -566,7 +566,7 @@ follow these steps:
# Fail2Ban configuration file # Fail2Ban configuration file
[Definition] [Definition]
failregex = ^.*?\[info\] \d+#\d+: \*\d+ client login failed: \"AUTH not supported\" while in http auth state, client: <HOST>, server: failregex = ^ \S+ mailu\-front\[\d+\]: \S+ \S+ \[info\] \d+#\d+: \*\d+ client login failed: \"AUTH not supported\" while in http auth state, client: <HOST>, server:
ignoreregex = ignoreregex =
journalmatch = CONTAINER_TAG=mailu-front journalmatch = CONTAINER_TAG=mailu-front
@ -585,7 +585,7 @@ follow these steps:
The above will block flagged IPs for a week, you can of course change it to your needs. The above will block flagged IPs for a week, you can of course change it to your needs.
5. Add the following to /etc/fail2ban/action.d/docker-action-net.conf 4. In the mailu docker compose set the logging driver of the Admin container to journald; and set the tag to mailu-admin
IMPORTANT: You have to install ipset on the host system, eg. `apt-get install ipset` on a Debian/Ubuntu system. IMPORTANT: You have to install ipset on the host system, eg. `apt-get install ipset` on a Debian/Ubuntu system.
@ -760,7 +760,7 @@ In many cases, Docker Compose will complain about the yaml syntax because it is
Unless your distribution has proper up-to-date packages for Compose, we strongly advise that you install it either: Unless your distribution has proper up-to-date packages for Compose, we strongly advise that you install it either:
- from the Docker-CE repositories along with Docker CE itself, - from the Docker-CE repositories along with Docker CE itself,
- from PyPI using `pip install docker-compose` or - from PyPI using `pip install docker compose` or
- from Github by downloading it directly. - from Github by downloading it directly.
Detailed instructions can be found at https://docs.docker.com/compose/install/ Detailed instructions can be found at https://docs.docker.com/compose/install/

8
docs/maintain.rst
Unescape Escape View File

@ -14,9 +14,9 @@ simply pull the latest images and recreate the containers :
.. code-block:: bash .. code-block:: bash
docker-compose pull docker compose pull
docker-compose down docker compose down
docker-compose up -d docker compose up -d
Monitoring the mail server Monitoring the mail server
-------------------------- --------------------------
@ -25,7 +25,7 @@ Logs are managed by Docker directly. You can easily read your logs using:
.. code-block:: bash .. code-block:: bash
docker-compose logs docker compose logs
Docker is able to forward logs to multiple log engines. Read the following documentation for details: https://docs.docker.com/engine/admin/logging/overview/. Docker is able to forward logs to multiple log engines. Read the following documentation for details: https://docs.docker.com/engine/admin/logging/overview/.

10
docs/releases.rst
Unescape Escape View File

@ -382,9 +382,9 @@ For this upgrade it is necessary to bring the project down and up, due to networ
.. code-block:: bash .. code-block:: bash
docker-compose pull docker compose pull
docker-compose down --remove-orphans docker compose down --remove-orphans
docker-compose up -d docker compose up -d
After everything runs successfully, ``/mailu/certs/dhparam.pem`` is no longer needed and can be deleted. After everything runs successfully, ``/mailu/certs/dhparam.pem`` is no longer needed and can be deleted.
It's included in the Mailu distribution by default now. Also the old ``.env`` can be deleted. It's included in the Mailu distribution by default now. Also the old ``.env`` can be deleted.
@ -441,8 +441,8 @@ were removed (e.g. rmilter):
.. code-block:: bash .. code-block:: bash
docker-compose pull docker compose pull
docker-compose up -d --remove-orphans docker compose up -d --remove-orphans
If you experience problems when upgrading, feel free to post issues and contact If you experience problems when upgrading, feel free to post issues and contact
us on our chat channel for emergency support. us on our chat channel for emergency support.

2
docs/setup.rst
Unescape Escape View File

@ -67,7 +67,7 @@ Make sure that you test properly before going live!
- Try to send an email to an external service - Try to send an email to an external service
- On the external service, verify that DKIM and SPF are listed as passing - On the external service, verify that DKIM and SPF are listed as passing
- Try to receive an email from an external service - Try to receive an email from an external service
- Check the logs (``docker-compose logs -f servicenamehere``) to look for - Check the logs (``docker compose logs -f servicenamehere``) to look for
warnings or errors warnings or errors
- Use an open relay checker like `mxtoolbox`_ - Use an open relay checker like `mxtoolbox`_
to ensure you're not contributing to the spam problem on the internet. to ensure you're not contributing to the spam problem on the internet.

2
optional/unbound/start.py
Unescape Escape View File

@ -10,4 +10,4 @@ system.set_env()
conf.jinja("/unbound.conf", os.environ, "/etc/unbound/unbound.conf") conf.jinja("/unbound.conf", os.environ, "/etc/unbound/unbound.conf")
os.execv("/usr/sbin/unbound", ["-c /etc/unbound/unbound.conf"]) os.execv("/usr/sbin/unbound", ["unbound", "-c", "/etc/unbound/unbound.conf"])

2
setup/flavors/compose/mailu.env
Unescape Escape View File

@ -161,7 +161,7 @@ DOMAIN_REGISTRATION=true
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
# LOG_DRIVER={{ log_driver or 'json-file' }} # LOG_DRIVER={{ log_driver or 'json-file' }}
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

4
setup/flavors/compose/setup.html
Unescape Escape View File

@ -31,12 +31,12 @@ files before going any further.</p>
command using <code>-p mailu</code> flag for project name.</p> command using <code>-p mailu</code> flag for project name.</p>
<pre><code>cd {{ root }} <pre><code>cd {{ root }}
docker-compose -p mailu up -d docker compose -p mailu up -d
</pre></code> </pre></code>
Before you can use Mailu, you must create the primary administrator user account. This should be {{ postmaster }}@{{ domain }}. Use the following command, changing PASSWORD to your liking: Before you can use Mailu, you must create the primary administrator user account. This should be {{ postmaster }}@{{ domain }}. Use the following command, changing PASSWORD to your liking:
<pre><code>docker-compose -p mailu exec admin flask mailu admin {{ postmaster }} {{ domain }} PASSWORD <pre><code>docker compose -p mailu exec admin flask mailu admin {{ postmaster }} {{ domain }} PASSWORD
</pre></code> </pre></code>
<p>Login to the admin interface to change the password for a safe one, at <p>Login to the admin interface to change the password for a safe one, at

10
tests/compose/core/00_create_users.sh
Unescape Escape View File

@ -1,11 +1,11 @@
echo "Users tests ..." echo "Users tests ..."
# Should fail, admin is already auto-created # Should fail, admin is already auto-created
docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'FooBar' && exit 1 docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'FooBar' && exit 1
echo "The above error was intended!" echo "The above error was intended!"
# Should not fail, but does nothing; ifmissing mode # Should not fail, but does nothing; ifmissing mode
docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'FooBar' --mode=ifmissing || exit 1 docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'FooBar' --mode=ifmissing || exit 1
# Should not fail and update the password; update mode # Should not fail and update the password; update mode
docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'password' --mode=update || exit 1 docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'password' --mode=update || exit 1
docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user user mailu.io 'password' || exit 1 docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user user mailu.io 'password' || exit 1
docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user 'user/with/slash' mailu.io 'password' || exit 1 docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu user 'user/with/slash' mailu.io 'password' || exit 1
echo "User testing successful!" echo "User testing successful!"

4
tests/compose/core/02_forward_test.sh
Unescape Escape View File

@ -1,4 +1,4 @@
cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1 cat << EOF | docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1
users: users:
- localpart: forwardinguser - localpart: forwardinguser
password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/" password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"
@ -9,7 +9,7 @@ EOF
python3 tests/forward_test.py python3 tests/forward_test.py
cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1 cat << EOF | docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1
users: users:
- localpart: forwardinguser - localpart: forwardinguser
password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/" password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"

4
tests/compose/core/03_alias_test.sh
Unescape Escape View File

@ -1,4 +1,4 @@
cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1 cat << EOF | docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1
aliases: aliases:
- localpart: alltheusers - localpart: alltheusers
domain: mailu.io domain: mailu.io
@ -7,6 +7,6 @@ EOF
python3 tests/alias_test.py python3 tests/alias_test.py
cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1 cat << EOF | docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1
aliases: [] aliases: []
EOF EOF

4
tests/compose/core/04_reply_test.sh
Unescape Escape View File

@ -1,4 +1,4 @@
cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1 cat << EOF | docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1
users: users:
- localpart: replyuser - localpart: replyuser
password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/" password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"
@ -10,7 +10,7 @@ EOF
python3 tests/reply_test.py python3 tests/reply_test.py
cat << EOF | docker-compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1 cat << EOF | docker compose -f tests/compose/core/docker-compose.yml exec -T admin flask mailu config-update -v 1
users: users:
- localpart: replyuser - localpart: replyuser
password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/" password_hash: "\$1\$F2OStvi1\$Q8hBIHkdJpJkJn/TrMIZ9/"

2
tests/compose/core/mailu.env
Unescape Escape View File

@ -128,7 +128,7 @@ WEBSITE=https://mailu.io
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
# LOG_DRIVER=json-file # LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

2
tests/compose/fetchmail/mailu.env
Unescape Escape View File

@ -128,7 +128,7 @@ WEBSITE=https://mailu.io
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
# LOG_DRIVER=json-file # LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

4
tests/compose/filters/00_create_users.sh
Unescape Escape View File

@ -1,5 +1,5 @@
echo "Creating user required for next test ..." echo "Creating user required for next test ..."
# Should not fail and update the password; update mode # Should not fail and update the password; update mode
docker-compose -f tests/compose/filters/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'password' --mode=update || exit 1 docker compose -f tests/compose/filters/docker-compose.yml exec -T admin flask mailu admin admin mailu.io 'password' --mode=update || exit 1
docker-compose -f tests/compose/filters/docker-compose.yml exec -T admin flask mailu user user mailu.io 'password' || exit 1 docker compose -f tests/compose/filters/docker-compose.yml exec -T admin flask mailu user user mailu.io 'password' || exit 1
echo "User created successfully" echo "User created successfully"

2
tests/compose/filters/mailu.env
Unescape Escape View File

@ -128,7 +128,7 @@ WEBSITE=https://mailu.io
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
# LOG_DRIVER=json-file # LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

4
tests/compose/test.py
Unescape Escape View File

@ -22,7 +22,7 @@ containers = []
def stop(exit_code): def stop(exit_code):
print_logs() print_logs()
sys.stdout.flush() sys.stdout.flush()
print(subprocess.check_output("docker-compose -f " + compose_file + " down", shell=True).decode()) print(subprocess.check_output(f"docker compose -f {compose_file} down", shell=True).decode())
sys.exit(exit_code) sys.exit(exit_code)
def health_checks(deadline): def health_checks(deadline):
@ -88,7 +88,7 @@ def hooks():
sys.stdout.flush() sys.stdout.flush()
deadline=datetime.datetime.now()+datetime.timedelta(minutes=timeout) deadline=datetime.datetime.now()+datetime.timedelta(minutes=timeout)
deadline=calendar.timegm(deadline.timetuple()) deadline=calendar.timegm(deadline.timetuple())
print(subprocess.check_output("docker-compose -f " + compose_file + " up -d", shell=True).decode()) print(subprocess.check_output(f"docker compose -f {compose_file} up -d", shell=True).decode())
print() print()
print(Fore.LIGHTMAGENTA_EX + "Sleeping for 10s" + Style.RESET_ALL) print(Fore.LIGHTMAGENTA_EX + "Sleeping for 10s" + Style.RESET_ALL)
time.sleep(10) time.sleep(10)

2
tests/compose/webdav/mailu.env
Unescape Escape View File

@ -128,7 +128,7 @@ WEBSITE=https://mailu.io
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
# LOG_DRIVER=json-file # LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

2
tests/compose/webmail/01_ensure_admin_unreachable.sh
Unescape Escape View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
IP="$(docker inspect webmail_webmail_1|jq -r '.[0].NetworkSettings.Networks.webmail_default.IPAddress')" IP="$(docker inspect webmail-webmail-1|jq -r '.[0].NetworkSettings.Networks.webmail_webmail.IPAddress')"
MAIN_RETURN_CODE=$(curl -I -so /dev/null -w "%{http_code}" http://$IP/) MAIN_RETURN_CODE=$(curl -I -so /dev/null -w "%{http_code}" http://$IP/)
[[ $MAIN_RETURN_CODE -ne 200 && $MAIN_RETURN_CODE -ne 302 ]] && echo "The default page of snappymail hasn't returned 200 but $MAIN_RETURN_CODE!" >>/dev/stderr && exit 1 [[ $MAIN_RETURN_CODE -ne 200 && $MAIN_RETURN_CODE -ne 302 ]] && echo "The default page of snappymail hasn't returned 200 but $MAIN_RETURN_CODE!" >>/dev/stderr && exit 1

7
tests/compose/webmail/docker-compose.yml
Unescape Escape View File

@ -32,6 +32,9 @@ services:
- "127.0.0.1:993:993" - "127.0.0.1:993:993"
volumes: volumes:
- "/mailu/certs:/certs" - "/mailu/certs:/certs"
networks:
- default
- webmail
admin: admin:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-local} image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-local}
@ -105,6 +108,8 @@ services:
- "/mailu/webmail:/data" - "/mailu/webmail:/data"
depends_on: depends_on:
- imap - imap
networks:
- webmail
networks: networks:
@ -114,6 +119,8 @@ networks:
driver: default driver: default
config: config:
- subnet: 192.168.203.0/24 - subnet: 192.168.203.0/24
webmail:
driver: bridge
noinet: noinet:
driver: bridge driver: bridge
internal: true internal: true

2
tests/compose/webmail/mailu.env
Unescape Escape View File

@ -128,7 +128,7 @@ WEBSITE=https://mailu.io
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
# journald (On systemd platforms, useful for Fail2Ban integration) # journald (On systemd platforms, useful for Fail2Ban integration)
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker compose log` for front!)
# LOG_DRIVER=json-file # LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Docker-compose project name, this will prepended to containers names.

1
towncrier/newsfragments/2666.misc
Unescape Escape View File

@ -0,0 +1 @@
Upgrade to alpine 3.17.2
Write Preview
Loading…
Cancel
Save