netig/mail.netig.net
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

merged with upstream

Browse Source
This commit is contained in:
julien 2025-01-14 19:54:22 +01:00
parent ed41173183
commit 7803b68764
1 changed files with 143 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

185
.env
View File

@ -3,7 +3,7 @@
# ----------------------------------------------- # -----------------------------------------------
# DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER # DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER
# https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/ # https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/
# ----------------------------------------------- # -----------------------------------------------
# --- General Section --------------------------- # --- General Section ---------------------------
@ -30,9 +30,11 @@ LOG_LEVEL=info
# debug => Also show debug messages # debug => Also show debug messages
SUPERVISOR_LOGLEVEL= SUPERVISOR_LOGLEVEL=
# 0 => mail state in default directories # Support for deployment where these defaults are not compatible (eg: some NAS appliances):
# 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes # /var/mail vmail User ID (default: 5000)
ONE_DIR=1 DMS_VMAIL_UID=
# /var/mail vmail Group ID (default: 5000)
DMS_VMAIL_GID=
# **empty** => use FILE # **empty** => use FILE
# LDAP => use LDAP authentication # LDAP => use LDAP authentication
@ -105,15 +107,35 @@ ENABLE_OPENDKIM=1
# 0 => Disabled # 0 => Disabled
ENABLE_OPENDMARC=1 ENABLE_OPENDMARC=1
# 1 => Enables POP3 service
# empty => disables POP3 # Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`).
#
# - 0 => Disabled
# - **1** => Enabled
ENABLE_POLICYD_SPF=1
# Enables POP3 service
# - **0** => Disabled
# - 1 => Enabled
ENABLE_POP3= ENABLE_POP3=
# Enables IMAP service
# - 0 => Disabled
# - **1** => Enabled
ENABLE_IMAP=1
# Enables ClamAV, and anti-virus scanner. # Enables ClamAV, and anti-virus scanner.
# 1 => Enabled # 1 => Enabled
# **0** => Disabled # **0** => Disabled
ENABLE_CLAMAV=0 ENABLE_CLAMAV=0
# Add the value of this ENV as a prefix to the mail subject when spam is detected.
# NOTE: This subject prefix may be redundant (by default spam is delivered to a junk folder).
# It provides value when your junk mail is stored alongside legitimate mail instead of a separate location (like with `SPAMASSASSIN_SPAM_TO_INBOX=1` or `MOVE_SPAM_TO_JUNK=0` or a POP3 only setup, without IMAP).
# NOTE: When not using Docker Compose, other CRI may not support quote-wrapping the value here to preserve any trailing white-space.
SPAM_SUBJECT=
# Enables Rspamd # Enables Rspamd
# **0** => Disabled # **0** => Disabled
# 1 => Enabled # 1 => Enabled
@ -125,6 +147,49 @@ ENABLE_RSPAMD=0
# 1 => Enabled # 1 => Enabled
ENABLE_RSPAMD_REDIS= ENABLE_RSPAMD_REDIS=
# When enabled,
#
# 1. the "[autolearning][rspamd-autolearn]" feature is turned on;
# 2. the Bayes classifier will be trained when moving mails from or to the Junk folder (with the help of Sieve scripts).
#
# **0** => disabled
# 1 => enabled
RSPAMD_LEARN=0
# This settings controls whether checks should be performed on emails coming
# from authenticated users (i.e. most likely outgoing emails). The default value
# is `0` in order to align better with SpamAssassin. We recommend reading
# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to
# decide for yourself whether you need and want this feature.
#
# Note that DKIM signing of e-mails will still happen.
RSPAMD_CHECK_AUTHENTICATED=0
# Controls whether the Rspamd Greylisting module is enabled.
# This module can further assist in avoiding spam emails by greylisting
# e-mails with a certain spam score.
#
# **0** => disabled
# 1 => enabled
RSPAMD_GREYLISTING=0
# Can be used to enable or disable the Hfilter group module.
#
# - 0 => Disabled
# - **1** => Enabled
RSPAMD_HFILTER=1
# Can be used to control the score when the HFILTER_HOSTNAME_UNKNOWN symbol applies. A higher score is more punishing. Setting it to 15 is equivalent to rejecting the email when the check fails.
#
# Default: 6
RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6
# Can be used to enable or disable the (still experimental) neural module.
#
# - **0** => Disabled
# - 1 => Enabled
RSPAMD_NEURAL=0
# Amavis content filter (used for ClamAV & SpamAssassin) # Amavis content filter (used for ClamAV & SpamAssassin)
# 0 => Disabled # 0 => Disabled
# 1 => Enabled # 1 => Enabled
@ -142,7 +207,7 @@ AMAVIS_LOGLEVEL=0
# 1 => DNS block lists are enabled # 1 => DNS block lists are enabled
ENABLE_DNSBL=0 ENABLE_DNSBL=0
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`: # If you enable Fail2Ban, don't forget to add the following lines to your `compose.yaml`:
# cap_add: # cap_add:
# - NET_ADMIN # - NET_ADMIN
# Otherwise, `nftables` won't be able to ban IPs. # Otherwise, `nftables` won't be able to ban IPs.
@ -166,14 +231,14 @@ POSTSCREEN_ACTION=enforce
# 1 => only launch postfix smtp # 1 => only launch postfix smtp
SMTP_ONLY= SMTP_ONLY=
# Please read [the SSL page in the documentation](https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl) for more information. # Please read [the SSL page in the documentation](https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl) for more information.
# #
# empty => SSL disabled # empty => SSL disabled
# letsencrypt => Enables Let's Encrypt certificates # letsencrypt => Enables Let's Encrypt certificates
# custom => Enables custom certificates # custom => Enables custom certificates
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates # self-signed => Enables self-signed certificates
SSL_TYPE=letsencrypt SSL_TYPE=
# These are only supported with `SSL_TYPE=manual`. # These are only supported with `SSL_TYPE=manual`.
# Provide the path to your cert and key files that you've mounted access to within the container. # Provide the path to your cert and key files that you've mounted access to within the container.
@ -197,17 +262,17 @@ VIRUSMAILS_DELETE_DELAY=
# `lmtp:<kopano-host>:2003` (use kopano as mailstore) # `lmtp:<kopano-host>:2003` (use kopano as mailstore)
POSTFIX_DAGENT= POSTFIX_DAGENT=
# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). # Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
# #
# empty => 0 # empty => 0
POSTFIX_MAILBOX_SIZE_LIMIT=5120000000 POSTFIX_MAILBOX_SIZE_LIMIT=5120000000
# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes # See https://docker-mailserver.github.io/docker-mailserver/latest/config/account-management/overview/#quotas
# 0 => Dovecot quota is disabled # 0 => Dovecot quota is disabled
# 1 => Dovecot quota is enabled # 1 => Dovecot quota is enabled
ENABLE_QUOTAS=1 ENABLE_QUOTAS=1
# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!) # Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
# #
# empty => 10240000 (~10 MB) # empty => 10240000 (~10 MB)
POSTFIX_MESSAGE_SIZE_LIMIT=26214400 POSTFIX_MESSAGE_SIZE_LIMIT=26214400
@ -282,6 +347,16 @@ REPORT_SENDER=
# Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger). # Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
LOGROTATE_INTERVAL=weekly LOGROTATE_INTERVAL=weekly
# Defines how many log files are kept by logrorate
LOGROTATE_COUNT=4
# If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
#
# - **0** => Disabled
# - 1 => Enabled
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
# Choose TCP/IP protocols for postfix to use # Choose TCP/IP protocols for postfix to use
# **all** => All possible protocols. # **all** => All possible protocols.
# ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker. # ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
@ -290,6 +365,12 @@ LOGROTATE_INTERVAL=weekly
# Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols # Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols
POSTFIX_INET_PROTOCOLS=all POSTFIX_INET_PROTOCOLS=all
# Enables MTA-STS support for outbound mail.
# More details: https://docker-mailserver.github.io/docker-mailserver/v13.3/config/best-practices/mta-sts/
# - **0** ==> MTA-STS disabled
# - 1 => MTA-STS enabled
ENABLE_MTA_STS=1
# Choose TCP/IP protocols for dovecot to use # Choose TCP/IP protocols for dovecot to use
# **all** => Listen on all interfaces # **all** => Listen on all interfaces
# ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker. # ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
@ -304,9 +385,6 @@ DOVECOT_INET_PROTOCOLS=all
ENABLE_SPAMASSASSIN=0 ENABLE_SPAMASSASSIN=0
# deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1
# KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation. # KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation.
# If SpamAssassin is enabled, KAM can be used in addition to the default ruleset. # If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
# - **0** => KAM disabled # - **0** => KAM disabled
@ -315,21 +393,24 @@ SPAMASSASSIN_SPAM_TO_INBOX=1
# Note: only has an effect if `ENABLE_SPAMASSASSIN=1` # Note: only has an effect if `ENABLE_SPAMASSASSIN=1`
ENABLE_SPAMASSASSIN_KAM=0 ENABLE_SPAMASSASSIN_KAM=0
# deliver spam messages to the inbox (tagged using SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1
# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required) # spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
MOVE_SPAM_TO_JUNK=1 MOVE_SPAM_TO_JUNK=1
# add spam info headers if at, or above that level: # spam messages will be marked as read
MARK_SPAM_AS_READ=0
# add 'spam info' headers at, or above this level
SA_TAG=2.0 SA_TAG=2.0
# add 'spam detected' headers at that level # add 'spam detected' headers at, or above this level
SA_TAG2=6.31 SA_TAG2=6.31
# triggers spam evasive actions # triggers spam evasive actions
SA_KILL=10.0 SA_KILL=10.0
# add tag to subject if spam detected
SA_SPAM_SUBJECT=***SPAM*****
# ----------------------------------------------- # -----------------------------------------------
# --- Fetchmail Section ------------------------- # --- Fetchmail Section -------------------------
# ----------------------------------------------- # -----------------------------------------------
@ -338,25 +419,45 @@ ENABLE_FETCHMAIL=0
# The interval to fetch mail in seconds # The interval to fetch mail in seconds
FETCHMAIL_POLL=300 FETCHMAIL_POLL=300
# Use multiple fetchmail instances (1 per poll entry in fetchmail.cf)
# Supports multiple IMAP IDLE connections when a server is used across multiple poll entries
# https://otremba.net/wiki/Fetchmail_(Debian)#Immediate_Download_via_IMAP_IDLE
FETCHMAIL_PARALLEL=0
# Enable or disable `getmail`.
#
# - **0** => Disabled
# - 1 => Enabled
ENABLE_GETMAIL=0
# The number of minutes for the interval. Min: 1; Default: 5.
GETMAIL_POLL=5
# -----------------------------------------------
# --- OAUTH2 Section ----------------------------
# -----------------------------------------------
# empty => OAUTH2 authentication is disabled
# 1 => OAUTH2 authentication is enabled
ENABLE_OAUTH2=
# Specify the user info endpoint URL of the oauth2 provider
# Example: https://oauth2.example.com/userinfo/
OAUTH2_INTROSPECTION_URL=
# ----------------------------------------------- # -----------------------------------------------
# --- LDAP Section ------------------------------ # --- LDAP Section ------------------------------
# ----------------------------------------------- # -----------------------------------------------
# A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap) # A second container for the ldap service is necessary (i.e. https://hub.docker.com/r/bitnami/openldap/)
# with the :edge tag, use ACCOUNT_PROVISIONER=LDAP
# empty => LDAP authentification is disabled
# 1 => LDAP authentification is enabled
ENABLE_LDAP=
# empty => no # empty => no
# yes => LDAP over TLS enabled for Postfix # yes => LDAP over TLS enabled for Postfix
LDAP_START_TLS= LDAP_START_TLS=
# If you going to use the mailserver in combination with docker-compose you can set the service name here # empty => mail.example.com
# empty => mail.domain.com # Specify the `<dns-name>` / `<ip-address>` where the LDAP server is reachable via a URI like: `ldaps://mail.example.com`.
# Specify the dns-name/ip-address where the ldap-server # Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
LDAP_SERVER_HOST= LDAP_SERVER_HOST=
# empty => ou=people,dc=domain,dc=com # empty => ou=people,dc=domain,dc=com
@ -443,11 +544,11 @@ SASLAUTHD_MECHANISMS=
SASLAUTHD_MECH_OPTIONS= SASLAUTHD_MECH_OPTIONS=
# empty => Use value of LDAP_SERVER_HOST # empty => Use value of LDAP_SERVER_HOST
# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL. # Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
SASLAUTHD_LDAP_SERVER= SASLAUTHD_LDAP_SERVER=
# empty => Use value of LDAP_BIND_DN # empty => Use value of LDAP_BIND_DN
# specify an object with priviliges to search the directory tree # specify an object with privileges to search the directory tree
# e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net # e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
# e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net # e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
SASLAUTHD_LDAP_BIND_DN= SASLAUTHD_LDAP_BIND_DN=
@ -528,8 +629,8 @@ SRS_SECRET=
# Setup relaying all mail through a default relay host # Setup relaying all mail through a default relay host
# #
# empty => don't configure default relay host # Set a default host to relay all mail through (optionally include a port)
# default host and optional port to relay all mail through # Example: [mail.example.com]:587
DEFAULT_RELAY_HOST= DEFAULT_RELAY_HOST=
# ----------------------------------------------- # -----------------------------------------------
@ -539,24 +640,22 @@ DEFAULT_RELAY_HOST=
# Setup relaying for multiple domains based on the domain name of the sender # Setup relaying for multiple domains based on the domain name of the sender
# optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf # optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf
# #
# empty => don't configure relay host # Set a default host to relay mail through
# default host to relay mail through # Example: mail.example.com
RELAY_HOST= RELAY_HOST=
# empty => 25 # empty => 25
# default port to relay mail # default port to relay mail
RELAY_PORT=25 RELAY_PORT=25
# -----------------------------------------------
# --- Relay Host Credentials Section ------------
# -----------------------------------------------
# Configure a relay user and password to use with RELAY_HOST / DEFAULT_RELAY_HOST
# empty => no default # empty => no default
# default relay username (if no specific entry exists in postfix-sasl-password.cf)
RELAY_USER= RELAY_USER=
# empty => no default # empty => no default
# password for default relay user
RELAY_PASSWORD= RELAY_PASSWORD=
# -----------------------------------------------
# --- Custom Config Section ---------------------
# -----------------------------------------------
ENABLE_MTA_STS=1