diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf index 43ed2df0..72828ea6 100644 --- a/core/postfix/conf/main.cf +++ b/core/postfix/conf/main.cf @@ -52,9 +52,10 @@ tls_high_cipherlist = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256: tls_preempt_cipherlist = yes tls_ssl_options = NO_COMPRESSION -# Outgoing TLS is more flexible because 1. not all receiving servers will -# support TLS, 2. not all will have and up-to-date TLS stack. -smtp_tls_security_level = may +# By default, outgoing TLS is more flexible because +# 1. not all receiving servers will support TLS, +# 2. not all will have and up-to-date TLS stack. +smtp_tls_security_level = {{ OUTBOUND_TLS_LEVEL|default('may') }} smtp_tls_mandatory_protocols = !SSLv2, !SSLv3 smtp_tls_protocols =!SSLv2,!SSLv3 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache diff --git a/docs/configuration.rst b/docs/configuration.rst index 292d4303..20df3767 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -69,6 +69,10 @@ The ``RELAYHOST`` is an optional address of a mail server relaying all outgoing mail in following format: ``[HOST]:PORT``. ``RELAYUSER`` and ``RELAYPASSWORD`` can be used when authentication is needed. +By default postfix uses "opportunistic TLS" for outbound mail. This can be changed +by setting ``OUTBOUND_TLS_LEVEL`` to ``encrypt``. This setting is highly recommended +if you are a relayhost that supports TLS. + The ``FETCHMAIL_DELAY`` is a delay (in seconds) for the fetchmail service to go and fetch new email if available. Do not use too short delays if you do not want to be blacklisted by external services, but not too long delays if you diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 78ecce72..b3cef48d 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -76,8 +76,8 @@ FETCHMAIL_DELAY={{ fetchmail_delay or '600' }} RECIPIENT_DELIMITER={{ recipient_delimiter or '+' }} # DMARC rua and ruf email -DMARC_RUA={{ dmarc_rua or 'admin' }} -DMARC_RUF={{ dmarc_ruf or 'admin' }} +DMARC_RUA={{ dmarc_rua or postmaster }} +DMARC_RUF={{ dmarc_ruf or postmaster }} # Welcome email, enable and set a topic and body if you wish to send welcome # emails to all users. diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml index 6ae0f103..66731805 100644 --- a/setup/flavors/stack/docker-compose.yml +++ b/setup/flavors/stack/docker-compose.yml @@ -43,6 +43,8 @@ services: - "{{ root }}/dkim:/dkim" deploy: replicas: {{ admin_replicas }} + healthcheck: + disable: true imap: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-{{ version }}} @@ -52,6 +54,8 @@ services: - "{{ root }}/overrides:/overrides" deploy: replicas: {{ imap_replicas }} + healthcheck: + disable: true smtp: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-{{ version }}} @@ -61,6 +65,8 @@ services: - "{{ root }}/overrides:/overrides" deploy: replicas: {{ smtp_replicas }} + healthcheck: + disable: true antispam: image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-{{ version }}} @@ -71,6 +77,8 @@ services: - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d" deploy: replicas: 1 + healthcheck: + disable: true # Optional services {% if antivirus_enabled %} @@ -81,6 +89,8 @@ services: - "{{ root }}/filter:/data" deploy: replicas: 1 + healthcheck: + disable: true {% endif %} {% if webdav_enabled %} @@ -91,6 +101,8 @@ services: - "{{ root }}/dav:/data" deploy: replicas: 1 + healthcheck: + disable: true {% endif %} {% if fetchmail_enabled %} @@ -101,6 +113,8 @@ services: - "{{ root }}/data:/data" deploy: replicas: 1 + healthcheck: + disable: true {% endif %} {% if webmail_type != 'none' %} @@ -111,6 +125,8 @@ services: - "{{ root }}/webmail:/data" deploy: replicas: 1 + healthcheck: + disable: true {% endif %} {% if db_flavor == 'postgresql' and postgresql == 'internal' %} @@ -119,6 +135,8 @@ services: env_file: {{ env }} volumes: - "{{ root }}/data/psql_backup:/backup" + healthcheck: + disable: true {% endif %} networks: diff --git a/setup/templates/steps/stack/04_replicas.html b/setup/templates/steps/stack/04_replicas.html index 785125cc..9f6de061 100644 --- a/setup/templates/steps/stack/04_replicas.html +++ b/setup/templates/steps/stack/04_replicas.html @@ -22,7 +22,7 @@