80 Commits (d689a8eeb3834dc972e08ea703c2a0263f628d98)

Author SHA1 Message Date
Michael Wyraz de2f166bd1 Resolve HOST_* to *_ADDRESS only if *_ADDRESS is not already set 5 years ago
bors[bot] f3f0c3190b
Merge #1014
1014: Fixed hardcoded antispam and antivirus host addresses r=mergify[bot] a=ajgon

## What type of PR?

enchancement

## What does this PR do?

Adds configurable parameters `HOST_ANTISPAM` and `HOST_ANTIVIRUS` for `core/dovecot` and `services/rspamd`, instead of using hardcoded container names.

### Related issue(s)
- closes #978 

Co-authored-by: Igor Rzegocki <igor@rzegocki.pl>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
5 years ago
Ionut Filip d49ee2997f Remove unnecesary condition 5 years ago
Tim Möhlmann 05ea4474e7
make `ANTIVIRUS_ADDRESS` consistent with #940 5 years ago
Igor Rzegocki 6f973a2e4b
Fixed hardcoded antispam and antivirus host addresses
Fixes #978
5 years ago
Ionut Filip 075417bf90 Merged master and fixed conflicts 5 years ago
hoellen 9de5dc2592 Use python package socrate instead of Mailustart 5 years ago
Dario Ernst 1dbda71401 Adapt shared layer conf to now really-missing mailustart in admin (after merging webpack) 5 years ago
Dario Ernst 0306be1eed Re-add missing MailuStar in admin
It turns out we were all blind and admin *does* use MailuStart
5 years ago
Dario Ernst 53f754f5ac Remove MailuStart from admin and correct layer-sharing comments 5 years ago
Dario Ernst bb2edb6eb6 Revert "Move alpine version definition out to variable"
This reverts commit c787e4bdbd.
5 years ago
Dario Ernst c787e4bdbd Move alpine version definition out to variable 5 years ago
Dario Ernst 80c4edb144 Add simple patch to build fetchmail against newer libssl 5 years ago
Dario Ernst a253ca47fe Use official Mailu/MailuStart 5 years ago
Dario Ernst d1f80cca99 Update Dockerfiles to most recent alpine 3.10 5 years ago
Thomas Sänger ef3c6c407a upgrade alpine base-image 5 years ago
Dario Ernst 5ceedde1de Use more robust SF index URL now that -L helps following 5 years ago
Nebukadneza 94dbddd933
Add -L to curl to support sourceforge redirects
As per @hoellens suggestion

Co-Authored-By: hoellen <hoellen@users.noreply.github.com>
5 years ago
Dario Ernst 5f4a6cf16b Update fetchmail to selfbuilt 7.0.0-alpha
Fetchmail in alpine is ~5 years old — and doesn’t support current SSL/TLS
variants anymore. This especially leads to our own fetchmail not being able to
pull mail from mailu itself. Since no new fetchmail release is on the horizon,
let’s build the lastest distribution artifact — which strangely is not
6.4.0-snapshot, but 7.0.0-alpha — ourselves.
6 years ago
Ionut Filip 4c25c83419 HOST_* and *_ADDRESS variables cleanup 6 years ago
Ionut Filip f9e3cd3c5d Use corret host_* variables 6 years ago
Ionut Filip ec4b35673a Resolve HOST_REDIS in rspamd 6 years ago
bors[bot] d129733fac Merge #919
919: Install bash in alpine based images. r=mergify[bot] a=firvida

This fixes #918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.

## What type of PR?

bug-fix

## What does this PR do?

### Related issue(s)
- closes #918 

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Abel Alfonso Fírvida Donéstevez <abel@merchise.org>
6 years ago
bors[bot] d3a5c70589 Merge #907
907: Don't generate the clamav configuration if ANTIVIRUS is none. r=mergify[bot] a=mvaled

## What type of PR?

bug-fix

## What does this PR do?

Avoid rspamd to try to connect to clamav if you choose ANTIVIRUS="none".  Otherwise the rspamd will try to connect to none, timing out several times and leading to poor performance.

I have a server without CLAMAV; and I'm getting times up to 45s:

```
$ grep 'CLAMAV' ~/downloads/logs-from-antispam-in-mailu-security-5d75fb987-kv958.txt | grep -o 'time: [^m]*'
time: 45011.089
time: 45126.002
time: 45002.024
time: 45037.436
time: 45006.775
...
```

Mails for which clamav is not used range from a tens of miliseconds to a few hundred.


## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [ ] In case of feature or enhancement: documentation updated accordingly
- [ ] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Manuel Vázquez Acosta <manuel@merchise.org>
6 years ago
Abel Alfonso Fírvida Donéstevez 39444c794e Install bash in alpine based images.
This fix https://github.com/Mailu/Mailu/issues/918

Bash shell is used by default in Kubernetes' dashboard console, which is very
useful for admins.
6 years ago
bors[bot] 86b4242f82 Merge #886
886: Ipv6 support r=mergify[bot] a=muhlemmer

## What type of PR?

(Feature, enhancement, bug-fix, documentation) -> A bit of everything

## What does this PR do?

Document how to use ipv6nat. This, however triggers some kind of flaky behavior with the Docker DNS resolver, resulting in lookup failures between containers.  So all resolving needs to be done during container startup/configuration.

In order not to pollute every single start.py file, we've created a small library called [Mailu/MailuStart](https://github.com/Mailu/MailuStart). As an addition, this library also defines the template generation function, including its logging facility.

Note: `docker-compose.yml` downgrade is necessary, as IPv6 settings are not supported by the Docker Compose file format 3 😞  

### Related issue(s)
Supersedes  PR #844
- Fixes #827 
- Hopefully helps with #829 and #834

## No backport yet

This PR directly imports MailuStart from git. This makes it a bit more simple to implement on the short term an do some testing and probably some future improvements. When everything is proved stable, we will create a proper PyPi package with versioning and consider back porting.

## Prerequistes
Before we can consider review and merge, please make sure the following list is done and checked.
If an entry in not applicable, you can check it or remove it from the list.

- [x] In case of feature or enhancement: documentation updated accordingly
- [x] Unless it's docs or a minor change: place entry in the [changelog](CHANGELOG.md), under the latest un-released version.


Co-authored-by: Ionut Filip <ionut.philip@gmail.com>
Co-authored-by: Tim Möhlmann <muhlemmer@gmail.com>
6 years ago
Manuel Vázquez Acosta 611363cbe4
Don't generate the clamav configuration if ANTIVIRUS is none.
Otherwise the rspamd will try to connect to none, timing out several times and
leading to poor performance.
6 years ago
Ionut Filip 004a431e97
Change to mailustart functions 6 years ago
Ionut Filip 9684ebf33f Use mailustart package from git 6 years ago
Thomas Sänger f50995b5e6
unbound: drop privileges after binding to port 6 years ago
Tim Möhlmann 049ca9941f
Cleanup syntax and fix typo 6 years ago
Tim Möhlmann 7d01bb2a4d
LOG_LEVEL docs and changelog entry 6 years ago
Tim Möhlmann b04a9d1c28
Implement debug logging for template rendering 6 years ago
Tim Möhlmann b9313488dd
Add logging for tenacity.retry
In the process we found that the previous way of tenacity syntax caused it not to honor any args.
In this commit we've refactored to use the @decorator syntax, in which tenacity seems to behave better.
6 years ago
Tim Möhlmann 8172f3eab8
Move the Mailu Docker network to a fixed subnet.
This will make network configuration and host based authentication
more robust, across different deployment platforms.
The options `RELAYNETS` and`POD_ADDRESS_RANGE` are kept for compatibility.
However, their usage have become optional.
6 years ago
mergify[bot] 5c24390114
Merge pull request #697 from HorayNarea/fix-missing-dkim
allow DKIM-signing if From-Header and Auth-User mismatch - fix #462
6 years ago
mergify[bot] e08f3e81d0
Merge pull request #680 from usrpro/feat-startup
Standarize images
6 years ago
Thomas Sänger 13bc6261e4
allow DKIM-signing if From-Header and Auth-User mismatch 6 years ago
Tim Möhlmann 42e2dbe35d
Standarize image by using shared / similair layers 6 years ago
Tim Möhlmann 903bb70c5b
Merge remote-tracking branch 'upstream/master' into standarize-images 6 years ago
Thomas Sänger 9ba086fcff
store rspamd history in redis 6 years ago
Tim Möhlmann bcfce27ee2
Standarize unbound, prepare for setup inclusion
- Use jinja template for configuration file (start.py)
- Limit access to the Mailu subnet
- Implement health checks
6 years ago
Ionut Filip 8a44a44688
Merge branch 'master' into feat-startup 6 years ago
Ionut Filip 1187cac5e1 Finished up switching from .sh to .py 6 years ago
Ionut Filip eb7dfb5771 Cleaning up start.py 6 years ago
Thomas Sänger 603b6e7390
Merge pull request #2 from usrpro/fix-nginx-healthcheck
Fix nginx healthcheck
6 years ago
Tim Möhlmann 81b24f61e8
Merge branch 'master' into feat-healthchecks 6 years ago
Tim Möhlmann a2fea36c79
Increase HEALTHCHECK start time for services that need to wait for host resolving during startup.
In Docker Swarm mode the services listed below can get stuck in their start script, while they
are waiting for other services become available. Now, with HEALTHCHECK enabled, docker does not resolve
names of services that not pass HEALTHCHECK yet. Meaning that if one of the depenend services is not yet
available, it will create a chain of failing services.

The services below retry to resolve 100 time, with an average of 3.5 seconds. Hence, the --start-time
flag is now set at 350 seconds.
- dovecot (imap)
- postfix (smtp)
- rspamd (antispam)
6 years ago
mergify[bot] 118ea0f3fb
Merge pull request #604 from ofthesun9/feature-swarm
Enabling swarm deployment on master branch
6 years ago
ofthesun9 86bdce8407 Explicitely specify the fuzzy worker listen address 6 years ago