Skip to content

Commit 3559470

Browse files
committed
Refresh: dovecot 2.4.2 ,apline 3.23.2, f2b-exp 0.10.3, prips 1.2.2
This commit updates dovecot to 2.4.2, refreshes the mailserver container to the latest Alpine release and includes minor version bumps for fail2ban-exporter and prips. BREAKING CHANGE: Dovecot 2.4 significantly changed its configuration format and requires manual porting. See https://doc.dovecot.org/2.4.0/installation/upgrade/2.3-to-2.4.html for a list of changes. The commit updates dovecot/.. config snippets accordingly. To update: 0. Stop the mailserver: `systemctl stop mailserver` 1. Back up `_server_workspace_/etc/dovecot`. 2. Update VERSION to use mailserver v1.4.0 3. CAREFULLY Replace your mailserver's `_server_workspace_/etc/dovecot/...` with the release's `dovecot/...` 0. If you did not modify any of the files, it's safe to delete `_server_workspace_/etc/dovecot/...` and just copy the release's `dovecot/...` to `_server_workspace_/etc/dovecot/...`. 1. If you made modifications in files shipped with mailserver, you will need to port these to the new syntax. 2. If you made modifications in default config files shipped with Alpine (and included in the mailserver container) you will need to port these, too. 4. Start the mailserver: `systemctl start mailserver` (and also any optional contrib or monitoring services as required). Signed-off-by: Thilo Fromm <thilo.alexander@gmail.com>
1 parent 49d95f1 commit 3559470

File tree

12 files changed

+85
-96
lines changed

12 files changed

+85
-96
lines changed

Dockerfile

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,9 @@
11
# First, build the metrics exporter and the "prips" (print ip ranges) tool.
2-
ARG alpine_version=3.21.0
2+
ARG alpine_version=3.23.2
33
FROM alpine:$alpine_version AS builder
44
ARG postfix_exporter_version=0.3.0
5-
ARG fail2ban_exporter_version=0.10.2
6-
ARG prips_version=1.2.0
5+
ARG fail2ban_exporter_version=0.10.3
6+
ARG prips_version=1.2.2
77

88
RUN apk update \
99
&& apk add go gcc make musl-dev

dovecot/conf.d/10-auth.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
## Authentication processes
33
##
44

5-
disable_plaintext_auth = yes
5+
auth_allow_cleartext = no
66

77
#auth_cache_size = 0
88
#auth_cache_ttl = 1 hour
@@ -23,7 +23,7 @@ disable_plaintext_auth = yes
2323
# the standard variables here, eg. %Lu would lowercase the username, %n would
2424
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
2525
# "-AT-". This translation is done after auth_username_translation changes.
26-
auth_username_format = %Lu
26+
auth_username_format = %{user}
2727

2828
#auth_master_user_separator =
2929

dovecot/conf.d/10-logging.conf

Lines changed: 3 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -20,21 +20,12 @@ syslog_facility = mail
2020
# Log unsuccessful authentication attempts and the reasons why they failed.
2121
auth_verbose = yes
2222

23-
#auth_verbose_passwords = no
24-
#auth_debug = no
25-
#auth_debug_passwords = no
23+
#auth_verbose_passwords = yes
24+
#auth_debug = yes
25+
#auth_debug_passwords = yes
2626
#mail_debug = no
2727
#verbose_ssl = no
2828

29-
# mail_log plugin provides more event logging for mail processes.
30-
plugin {
31-
# Events to log. Also available: flag_change append
32-
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
33-
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
34-
# size and vsize are available only for expunge and copy events.
35-
#mail_log_fields = uid box msgid size
36-
}
37-
3829
## Log formatting.
3930

4031
#log_timestamp = "%b %d %H:%M:%S "

dovecot/conf.d/10-mail.conf

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,8 @@
1515
# mail_location = mbox:~/mail:INBOX=/var/mail/%u
1616
# mail_location = mbox:/var/mail/%d/%1n/%n:INDEX=/var/indexes/%d/%1n/%n
1717
#
18-
mail_location = maildir:/host/mail/inboxes/%d/%u/Maildir
18+
mail_driver = maildir
19+
mail_path = ~/Maildir
1920

2021
# If you need to set multiple mailbox locations or want to change default
2122
# namespace settings, you can do it by defining namespace sections.

dovecot/conf.d/10-metrics.conf

Lines changed: 32 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -16,42 +16,66 @@
1616

1717
metric auth_success {
1818
filter = event=auth_request_finished AND success=yes
19-
group_by = user
19+
group_by user {
20+
}
2021
}
2122
#
2223
metric auth_failures {
2324
filter = event=auth_request_finished AND NOT success=yes
24-
group_by = user
25+
group_by user {
26+
}
2527
}
2628
#
2729
metric imap_command {
2830
filter = event=imap_command_finished
29-
group_by = user cmd_name tagged_reply_state
31+
group_by user {
32+
}
33+
group_by cmd_name {
34+
}
35+
group_by tagged_reply_state {
36+
}
3037
}
3138
#
3239
metric smtp_command {
3340
filter = event=smtp_server_command_finished
34-
group_by = user cmd_name status_code
41+
group_by user {
42+
}
43+
group_by cmd_name {
44+
}
45+
group_by status_code {
46+
}
3547
}
3648
#
3749
metric mail_delivery {
3850
filter = event=mail_delivery_finished
39-
group_by = user
51+
group_by user {
52+
}
4053
}
4154

4255
metric sieve_action {
4356
filter = event=sieve_action_finished
44-
group_by = user action_name
57+
group_by user {
58+
}
59+
group_by action_name {
60+
}
4561
}
4662

4763
metric sieve_success {
4864
filter = event=sieve_runtime_script_finished AND error = ""
49-
group_by = user script_name
65+
group_by user {
66+
}
67+
group_by script_name {
68+
}
5069
}
5170

5271
metric sieve_error {
5372
filter = event=sieve_runtime_script_finished AND NOT error = ""
54-
group_by = user script_name error
73+
group_by user {
74+
}
75+
group_by script_name {
76+
}
77+
group_by error {
78+
}
5579
}
5680

5781
##

dovecot/conf.d/10-ssl.conf.tmpl

Lines changed: 4 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -4,34 +4,9 @@
44

55
ssl = required
66

7-
ssl_cert = </etc/letsencrypt/live/${HOSTNAME}/fullchain.pem
8-
ssl_key = </etc/letsencrypt/live/${HOSTNAME}/privkey.pem
7+
ssl_server_cert_file= /etc/letsencrypt/live/${HOSTNAME}/fullchain.pem
8+
ssl_server_key_file = /etc/letsencrypt/live/${HOSTNAME}/privkey.pem
99

10-
#ssl_key_password =
11-
#ssl_ca =
12-
#ssl_require_crl = yes
10+
ssl_server_dh_file = /etc/dovecot/dh.pem
1311

14-
#ssl_client_ca_dir =
15-
#ssl_client_ca_file =
16-
#ssl_client_require_valid_cert = yes
17-
#ssl_verify_client_cert = no
18-
19-
#ssl_cert_username_field = commonName
20-
21-
#ssl_dh = </etc/dovecot/dh.pem
22-
23-
#ssl_min_protocol = TLSv1.2
24-
25-
#ssl_cipher_list = ALL:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
26-
# To disable non-EC DH, use:
27-
#ssl_cipher_list = ALL:!DH:!kRSA:!SRP:!kDHd:!DSS:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
28-
29-
#ssl_curve_list =
30-
31-
ssl_prefer_server_ciphers = yes
32-
33-
#ssl_crypto_device =
34-
35-
# compression - Enable compression.
36-
# no_ticket - Disable SSL session tickets.
37-
#ssl_options =
12+
ssl_server_prefer_ciphers = server

dovecot/conf.d/20-lmtp.conf

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,5 +36,7 @@
3636

3737
protocol lmtp {
3838
# Space separated list of plugins to load (default is global mail_plugins).
39-
mail_plugins = $mail_plugins sieve
39+
mail_plugins {
40+
sieve = yes
41+
}
4042
}

dovecot/conf.d/20-managesieve.conf

Lines changed: 3 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,6 @@
22
## ManageSieve specific settings
33
##
44

5-
# Uncomment to enable managesieve protocol:
6-
protocols = $protocols sieve
7-
8-
# Service definitions
9-
105
service managesieve-login {
116
inet_listener sieve {
127
port = 4190
@@ -28,10 +23,10 @@ service managesieve-login {
2823
#vsz_limit = 64M
2924
}
3025

31-
#service managesieve {
26+
service managesieve {
3227
# Max. number of ManageSieve processes (connections)
3328
#process_limit = 1024
34-
#}
29+
}
3530

3631
# Service configuration
3732

@@ -49,7 +44,6 @@ protocol sieve {
4944
# Space separated list of plugins to load (none known to be useful so far).
5045
# Do NOT try to load IMAP plugins here.
5146
#mail_plugins =
52-
5347
# MANAGESIEVE logout format string:
5448
# %i - total number of bytes read from client
5549
# %o - total number of bytes sent to client
@@ -66,7 +60,7 @@ protocol sieve {
6660
# To fool ManageSieve clients that are focused on CMU's timesieved you can
6761
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
6862
# For example: 'Cyrus timsieved v2.2.13'
69-
#managesieve_implementation_string = Dovecot Pigeonhole
63+
managesieve_implementation_string = Dovecot Pigeonhole
7064

7165
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
7266
# before login. If left unassigned these will be reported dynamically

dovecot/conf.d/90-sieve-extprograms.conf

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@
66
# sieve_extensions or sieve_global_extensions settings. Restricting these
77
# extensions to a global context using sieve_global_extensions is recommended.
88

9-
plugin {
9+
#plugin {
1010

1111
# The directory where the program sockets are located for the
1212
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
@@ -23,7 +23,7 @@ plugin {
2323
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
2424
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
2525
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
26-
}
26+
#}
2727

2828
# An example program service called 'do-something' to pipe messages to
2929
#service do-something {

dovecot/conf.d/90-sieve.conf

Lines changed: 7 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -21,22 +21,12 @@
2121
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
2222
# information.
2323

24-
plugin {
25-
# The location of the user's main Sieve script or script storage. The LDA
26-
# Sieve plugin uses this to find the active script for Sieve filtering at
27-
# delivery. The "include" extension uses this location for retrieving
28-
# :personal" scripts. This is also where the ManageSieve service will store
29-
# the user's scripts, if supported.
30-
#
31-
# Currently only the 'file:' location type supports ManageSieve operation.
32-
# Other location types like 'dict:' and 'ldap:' can currently only
33-
# be used as a read-only script source ().
34-
#
35-
# For the 'file:' type: use the ';active=' parameter to specify where the
36-
# active script symlink is located.
37-
# For other types: use the ';name=' parameter to specify the name of the
38-
# default/active script.
39-
sieve = file:~/sieve;active=~/.dovecot.sieve
24+
#plugin {
25+
sieve_script personal {
26+
type = personal
27+
path = /host/mail/inboxes/%{user | domain}/%{user}/sieve
28+
active_path = /host/mail/inboxes/%{user | domain}/%{user}/.dovecot.sieve
29+
}
4030

4131
# The default Sieve script when the user has none. This is the location of a
4232
# global sieve script file, which gets executed ONLY if user's personal Sieve
@@ -202,4 +192,4 @@ plugin {
202192
# Enables showing byte code addresses in the trace output, rather than only
203193
# the source line numbers.
204194
#sieve_trace_addresses = no
205-
}
195+
#}

0 commit comments

Comments
 (0)