1014: Fixed hardcoded antispam and antivirus host addresses r=mergify[bot] a=ajgon
## What type of PR?
enchancement
## What does this PR do?
Adds configurable parameters `HOST_ANTISPAM` and `HOST_ANTIVIRUS` for `core/dovecot` and `services/rspamd`, instead of using hardcoded container names.
### Related issue(s)
- closes#978
Co-authored-by: Igor Rzegocki <igor@rzegocki.pl>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
Fetchmail in alpine is ~5 years old — and doesn’t support current SSL/TLS
variants anymore. This especially leads to our own fetchmail not being able to
pull mail from mailu itself. Since no new fetchmail release is on the horizon,
let’s build the lastest distribution artifact — which strangely is not
6.4.0-snapshot, but 7.0.0-alpha — ourselves.
919: Install bash in alpine based images. r=mergify[bot] a=firvida
This fixes#918
Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
## What type of PR?
bug-fix
## What does this PR do?
### Related issue(s)
- closes#918
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.
Co-authored-by: Abel Alfonso Fírvida Donéstevez <abel@merchise.org>
907: Don't generate the clamav configuration if ANTIVIRUS is none. r=mergify[bot] a=mvaled
## What type of PR?
bug-fix
## What does this PR do?
Avoid rspamd to try to connect to clamav if you choose ANTIVIRUS="none". Otherwise the rspamd will try to connect to none, timing out several times and leading to poor performance.
I have a server without CLAMAV; and I'm getting times up to 45s:
```
$ grep 'CLAMAV' ~/downloads/logs-from-antispam-in-mailu-security-5d75fb987-kv958.txt | grep -o 'time: [^m]*'
time: 45011.089
time: 45126.002
time: 45002.024
time: 45037.436
time: 45006.775
...
```
Mails for which clamav is not used range from a tens of miliseconds to a few hundred.
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.
Co-authored-by: Manuel Vázquez Acosta <manuel@merchise.org>
886: Ipv6 support r=mergify[bot] a=muhlemmer
## What type of PR?
(Feature, enhancement, bug-fix, documentation) -> A bit of everything
## What does this PR do?
Document how to use ipv6nat. This, however triggers some kind of flaky behavior with the Docker DNS resolver, resulting in lookup failures between containers. So all resolving needs to be done during container startup/configuration.
In order not to pollute every single start.py file, we've created a small library called [Mailu/MailuStart](https://github.com/Mailu/MailuStart). As an addition, this library also defines the template generation function, including its logging facility.
Note: `docker-compose.yml` downgrade is necessary, as IPv6 settings are not supported by the Docker Compose file format 3 😞
### Related issue(s)
Supersedes PR #844
- Fixes#827
- Hopefully helps with #829 and #834
## No backport yet
This PR directly imports MailuStart from git. This makes it a bit more simple to implement on the short term an do some testing and probably some future improvements. When everything is proved stable, we will create a proper PyPi package with versioning and consider back porting.
## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.
- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.
Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
In the process we found that the previous way of tenacity syntax caused it not to honor any args.
In this commit we've refactored to use the @decorator syntax, in which tenacity seems to behave better.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
In Docker Swarm mode the services listed below can get stuck in their start script, while they
are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve
names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet
available, it will create a chain of failing services.
The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time
flag is now set at 350 seconds.
- dovecot (imap)
- postfix (smtp)
- rspamd (antispam)
Michael Wyraz