From 7803b68764592e6953e0bf88a3122a58366b2846 Mon Sep 17 00:00:00 2001 From: julien Date: Tue, 14 Jan 2025 19:54:22 +0100 Subject: [PATCH] merged with upstream --- .env | 187 +++++++++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 143 insertions(+), 44 deletions(-) diff --git a/.env b/.env index 3206255..303cd65 100644 --- a/.env +++ b/.env @@ -3,7 +3,7 @@ # ----------------------------------------------- # DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER -# https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/ +# https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/ # ----------------------------------------------- # --- General Section --------------------------- @@ -30,9 +30,11 @@ LOG_LEVEL=info # debug => Also show debug messages SUPERVISOR_LOGLEVEL= -# 0 => mail state in default directories -# 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes -ONE_DIR=1 +# Support for deployment where these defaults are not compatible (eg: some NAS appliances): +# /var/mail vmail User ID (default: 5000) +DMS_VMAIL_UID= +# /var/mail vmail Group ID (default: 5000) +DMS_VMAIL_GID= # **empty** => use FILE # LDAP => use LDAP authentication @@ -105,15 +107,35 @@ ENABLE_OPENDKIM=1 # 0 => Disabled ENABLE_OPENDMARC=1 -# 1 => Enables POP3 service -# empty => disables POP3 + +# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this +# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`). +# +# - 0 => Disabled +# - **1** => Enabled +ENABLE_POLICYD_SPF=1 + +# Enables POP3 service +# - **0** => Disabled +# - 1 => Enabled ENABLE_POP3= +# Enables IMAP service +# - 0 => Disabled +# - **1** => Enabled +ENABLE_IMAP=1 + # Enables ClamAV, and anti-virus scanner. # 1 => Enabled # **0** => Disabled ENABLE_CLAMAV=0 +# Add the value of this ENV as a prefix to the mail subject when spam is detected. +# NOTE: This subject prefix may be redundant (by default spam is delivered to a junk folder). +# It provides value when your junk mail is stored alongside legitimate mail instead of a separate location (like with `SPAMASSASSIN_SPAM_TO_INBOX=1` or `MOVE_SPAM_TO_JUNK=0` or a POP3 only setup, without IMAP). +# NOTE: When not using Docker Compose, other CRI may not support quote-wrapping the value here to preserve any trailing white-space. +SPAM_SUBJECT= + # Enables Rspamd # **0** => Disabled # 1 => Enabled @@ -125,6 +147,49 @@ ENABLE_RSPAMD=0 # 1 => Enabled ENABLE_RSPAMD_REDIS= +# When enabled, +# +# 1. the "[autolearning][rspamd-autolearn]" feature is turned on; +# 2. the Bayes classifier will be trained when moving mails from or to the Junk folder (with the help of Sieve scripts). +# +# **0** => disabled +# 1 => enabled +RSPAMD_LEARN=0 + +# This settings controls whether checks should be performed on emails coming +# from authenticated users (i.e. most likely outgoing emails). The default value +# is `0` in order to align better with SpamAssassin. We recommend reading +# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to +# decide for yourself whether you need and want this feature. +# +# Note that DKIM signing of e-mails will still happen. +RSPAMD_CHECK_AUTHENTICATED=0 + +# Controls whether the Rspamd Greylisting module is enabled. +# This module can further assist in avoiding spam emails by greylisting +# e-mails with a certain spam score. +# +# **0** => disabled +# 1 => enabled +RSPAMD_GREYLISTING=0 + +# Can be used to enable or disable the Hfilter group module. +# +# - 0 => Disabled +# - **1** => Enabled +RSPAMD_HFILTER=1 + +# Can be used to control the score when the HFILTER_HOSTNAME_UNKNOWN symbol applies. A higher score is more punishing. Setting it to 15 is equivalent to rejecting the email when the check fails. +# +# Default: 6 +RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6 + +# Can be used to enable or disable the (still experimental) neural module. +# +# - **0** => Disabled +# - 1 => Enabled +RSPAMD_NEURAL=0 + # Amavis content filter (used for ClamAV & SpamAssassin) # 0 => Disabled # 1 => Enabled @@ -142,7 +207,7 @@ AMAVIS_LOGLEVEL=0 # 1 => DNS block lists are enabled ENABLE_DNSBL=0 -# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`: +# If you enable Fail2Ban, don't forget to add the following lines to your `compose.yaml`: # cap_add: # - NET_ADMIN # Otherwise, `nftables` won't be able to ban IPs. @@ -166,14 +231,14 @@ POSTSCREEN_ACTION=enforce # 1 => only launch postfix smtp SMTP_ONLY= -# Please read [the SSL page in the documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl) for more information. +# Please read [the SSL page in the documentation](https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl) for more information. # # empty => SSL disabled # letsencrypt => Enables Let's Encrypt certificates # custom => Enables custom certificates # manual => Let's you manually specify locations of your SSL certificates for non-standard cases # self-signed => Enables self-signed certificates -SSL_TYPE=letsencrypt +SSL_TYPE= # These are only supported with `SSL_TYPE=manual`. # Provide the path to your cert and key files that you've mounted access to within the container. @@ -197,17 +262,17 @@ VIRUSMAILS_DELETE_DELAY= # `lmtp::2003` (use kopano as mailstore) POSTFIX_DAGENT= -# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). +# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes. # # empty => 0 POSTFIX_MAILBOX_SIZE_LIMIT=5120000000 -# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes +# See https://docker-mailserver.github.io/docker-mailserver/latest/config/account-management/overview/#quotas # 0 => Dovecot quota is disabled # 1 => Dovecot quota is enabled ENABLE_QUOTAS=1 -# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!) +# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes. # # empty => 10240000 (~10 MB) POSTFIX_MESSAGE_SIZE_LIMIT=26214400 @@ -282,6 +347,16 @@ REPORT_SENDER= # Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger). LOGROTATE_INTERVAL=weekly +# Defines how many log files are kept by logrorate +LOGROTATE_COUNT=4 + + +# If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration. +# +# - **0** => Disabled +# - 1 => Enabled +POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0 + # Choose TCP/IP protocols for postfix to use # **all** => All possible protocols. # ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker. @@ -290,6 +365,12 @@ LOGROTATE_INTERVAL=weekly # Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols POSTFIX_INET_PROTOCOLS=all +# Enables MTA-STS support for outbound mail. +# More details: https://docker-mailserver.github.io/docker-mailserver/v13.3/config/best-practices/mta-sts/ +# - **0** ==> MTA-STS disabled +# - 1 => MTA-STS enabled +ENABLE_MTA_STS=1 + # Choose TCP/IP protocols for dovecot to use # **all** => Listen on all interfaces # ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker. @@ -304,9 +385,6 @@ DOVECOT_INET_PROTOCOLS=all ENABLE_SPAMASSASSIN=0 -# deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT) -SPAMASSASSIN_SPAM_TO_INBOX=1 - # KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation. # If SpamAssassin is enabled, KAM can be used in addition to the default ruleset. # - **0** => KAM disabled @@ -315,21 +393,24 @@ SPAMASSASSIN_SPAM_TO_INBOX=1 # Note: only has an effect if `ENABLE_SPAMASSASSIN=1` ENABLE_SPAMASSASSIN_KAM=0 +# deliver spam messages to the inbox (tagged using SPAM_SUBJECT) +SPAMASSASSIN_SPAM_TO_INBOX=1 + # spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required) MOVE_SPAM_TO_JUNK=1 -# add spam info headers if at, or above that level: +# spam messages will be marked as read +MARK_SPAM_AS_READ=0 + +# add 'spam info' headers at, or above this level SA_TAG=2.0 -# add 'spam detected' headers at that level +# add 'spam detected' headers at, or above this level SA_TAG2=6.31 # triggers spam evasive actions SA_KILL=10.0 -# add tag to subject if spam detected -SA_SPAM_SUBJECT=***SPAM***** - # ----------------------------------------------- # --- Fetchmail Section ------------------------- # ----------------------------------------------- @@ -338,25 +419,45 @@ ENABLE_FETCHMAIL=0 # The interval to fetch mail in seconds FETCHMAIL_POLL=300 +# Use multiple fetchmail instances (1 per poll entry in fetchmail.cf) +# Supports multiple IMAP IDLE connections when a server is used across multiple poll entries +# https://otremba.net/wiki/Fetchmail_(Debian)#Immediate_Download_via_IMAP_IDLE +FETCHMAIL_PARALLEL=0 + +# Enable or disable `getmail`. +# +# - **0** => Disabled +# - 1 => Enabled +ENABLE_GETMAIL=0 + +# The number of minutes for the interval. Min: 1; Default: 5. +GETMAIL_POLL=5 + +# ----------------------------------------------- +# --- OAUTH2 Section ---------------------------- +# ----------------------------------------------- + +# empty => OAUTH2 authentication is disabled +# 1 => OAUTH2 authentication is enabled +ENABLE_OAUTH2= + +# Specify the user info endpoint URL of the oauth2 provider +# Example: https://oauth2.example.com/userinfo/ +OAUTH2_INTROSPECTION_URL= # ----------------------------------------------- # --- LDAP Section ------------------------------ # ----------------------------------------------- -# A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap) - -# with the :edge tag, use ACCOUNT_PROVISIONER=LDAP -# empty => LDAP authentification is disabled -# 1 => LDAP authentification is enabled -ENABLE_LDAP= +# A second container for the ldap service is necessary (i.e. https://hub.docker.com/r/bitnami/openldap/) # empty => no # yes => LDAP over TLS enabled for Postfix LDAP_START_TLS= -# If you going to use the mailserver in combination with docker-compose you can set the service name here -# empty => mail.domain.com -# Specify the dns-name/ip-address where the ldap-server +# empty => mail.example.com +# Specify the `` / `` where the LDAP server is reachable via a URI like: `ldaps://mail.example.com`. +# Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`). LDAP_SERVER_HOST= # empty => ou=people,dc=domain,dc=com @@ -443,11 +544,11 @@ SASLAUTHD_MECHANISMS= SASLAUTHD_MECH_OPTIONS= # empty => Use value of LDAP_SERVER_HOST -# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL. +# Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`). SASLAUTHD_LDAP_SERVER= # empty => Use value of LDAP_BIND_DN -# specify an object with priviliges to search the directory tree +# specify an object with privileges to search the directory tree # e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net # e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net SASLAUTHD_LDAP_BIND_DN= @@ -528,8 +629,8 @@ SRS_SECRET= # Setup relaying all mail through a default relay host # -# empty => don't configure default relay host -# default host and optional port to relay all mail through +# Set a default host to relay all mail through (optionally include a port) +# Example: [mail.example.com]:587 DEFAULT_RELAY_HOST= # ----------------------------------------------- @@ -539,24 +640,22 @@ DEFAULT_RELAY_HOST= # Setup relaying for multiple domains based on the domain name of the sender # optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf # -# empty => don't configure relay host -# default host to relay mail through +# Set a default host to relay mail through +# Example: mail.example.com RELAY_HOST= # empty => 25 # default port to relay mail RELAY_PORT=25 +# ----------------------------------------------- +# --- Relay Host Credentials Section ------------ +# ----------------------------------------------- + +# Configure a relay user and password to use with RELAY_HOST / DEFAULT_RELAY_HOST + # empty => no default -# default relay username (if no specific entry exists in postfix-sasl-password.cf) RELAY_USER= # empty => no default -# password for default relay user -RELAY_PASSWORD= - -# ----------------------------------------------- -# --- Custom Config Section --------------------- -# ----------------------------------------------- - -ENABLE_MTA_STS=1 +RELAY_PASSWORD= \ No newline at end of file