diff --git a/core/dovecot/Dockerfile b/core/dovecot/Dockerfile index d2260c98..97aa26ce 100644 --- a/core/dovecot/Dockerfile +++ b/core/dovecot/Dockerfile @@ -16,7 +16,7 @@ COPY start.py / RUN echo $VERSION >/version EXPOSE 110/tcp 143/tcp 993/tcp 4190/tcp 2525/tcp -HEALTHCHECK CMD echo PING|nc -w2 localhost 5001|grep "PONG" +HEALTHCHECK CMD kill -0 `cat /run/dovecot/master.pid` VOLUME ["/mail"] diff --git a/core/dovecot/conf/dovecot.conf b/core/dovecot/conf/dovecot.conf index ebcd97aa..11138694 100644 --- a/core/dovecot/conf/dovecot.conf +++ b/core/dovecot/conf/dovecot.conf @@ -95,13 +95,6 @@ service auth-worker { } } -service health-check { - executable = script -p health-check.sh - inet_listener health-check { - port = 5001 - } -} - ############### # IMAP & POP ############### diff --git a/core/dovecot/start.py b/core/dovecot/start.py index afc0d6f6..2a5de1ec 100755 --- a/core/dovecot/start.py +++ b/core/dovecot/start.py @@ -9,7 +9,7 @@ import sys from podop import run_server from socrate import system, conf -system.set_env(log_filters=r'waitpid\(\) returned unknown PID \d+$') +system.set_env(log_filters=r'Error\: SSL context initialization failed, disabling SSL\: Can\'t load SSL certificate \(ssl_cert setting\)\: The certificate is empty$') def start_podop(): system.drop_privs_to('mail') diff --git a/core/postfix/Dockerfile b/core/postfix/Dockerfile index f9a5ac24..578294df 100644 --- a/core/postfix/Dockerfile +++ b/core/postfix/Dockerfile @@ -15,7 +15,7 @@ COPY start.py / RUN echo $VERSION >/version #EXPOSE 25/tcp 10025/tcp -HEALTHCHECK --start-period=350s CMD /usr/sbin/postfix status +HEALTHCHECK --start-period=30s CMD ! /usr/libexec/postfix/master -t VOLUME ["/queue"] diff --git a/core/postfix/conf/main.cf b/core/postfix/conf/main.cf index 2e038f61..3e63dd91 100644 --- a/core/postfix/conf/main.cf +++ b/core/postfix/conf/main.cf @@ -6,6 +6,7 @@ mydomain = {{ DOMAIN }} myhostname = {{ HOSTNAMES.split(",")[0] }} myorigin = $mydomain +maillog_file = /dev/stdout # Queue location queue_directory = /queue diff --git a/core/postfix/conf/master.cf b/core/postfix/conf/master.cf index 569ea718..f88a19b3 100644 --- a/core/postfix/conf/master.cf +++ b/core/postfix/conf/master.cf @@ -52,6 +52,7 @@ discard unix - - n - - discard lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache +postlog unix-dgram n - n - 1 postlogd {# Ensure that the rendered file ends with a newline #} {{- "\n" }} diff --git a/core/postfix/start.py b/core/postfix/start.py index 149e4dae..56adba4f 100755 --- a/core/postfix/start.py +++ b/core/postfix/start.py @@ -11,7 +11,6 @@ from podop import run_server from socrate import system, conf system.set_env(log_filters=[ - r'the Postfix mail system is running\: \d+$', r'(dis)?connect from localhost\[(\:\:1|127\.0\.0\.1)\]( quit=1 commands=1)?$', r'haproxy read\: short protocol header\: QUIT$', r'discarding EHLO keywords\: PIPELINING$', diff --git a/docs/configuration.rst b/docs/configuration.rst index 2e9f8ef5..394e27f7 100644 --- a/docs/configuration.rst +++ b/docs/configuration.rst @@ -241,6 +241,10 @@ but slows down the performance of modern devices. The ``TLS_PERMISSIVE`` (default: true) setting controls whether ciphers and protocols offered on port 25 for STARTTLS are optimized for maximum compatibility. We **strongly recommend** that you do **not** change this setting on the basis that any encryption beats no encryption. If you are subject to compliance requirements and are not afraid of losing emails as a result of artificially reducing compatibility, set it to 'false'. Keep in mind that servers that are running a software stack old enough to not be compatible with the current TLS requirements will either a) deliver in plaintext b) bounce emails c) silently drop emails; moreover, modern servers will benefit from various downgrade protections (DOWNGRD, RFC7507) making the security argument mostly a moot point. +The ``COMPRESSION`` (default: unset) setting controls whether emails are stored compressed at rest on disk. Valid values are ``gz``, ``bz2`` or ``zstd`` and additional settings can be configured via ``COMPRESSION_LEVEL``, see `zlib_save_level`_ for accepted values. If the underlying filesystem supports compression natively you should use it instead of this setting as it will be more efficient and will improve compatibility with 3rd party tools. + +.. _`zlib_save_level`: https://doc.dovecot.org/settings/plugin/zlib-plugin/#plugin_setting-zlib-zlib_save_level + .. _reverse_proxy_headers: The ``REAL_IP_HEADER`` (default: unset) and ``REAL_IP_FROM`` (default: unset) settings diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 090f4d3a..eae69104 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -105,7 +105,7 @@ WELCOME_SUBJECT={{ welcome_subject or 'Welcome to your new email account' }} WELCOME_BODY={{ welcome_body or 'Welcome to your new email account, if you can read this, then it is configured properly!' }} # Maildir Compression -# choose compression-method, default: none (value: gz, bz2) +# choose compression-method, default: none (value: gz, bz2, zstd) COMPRESSION={{ compression }} # change compression-level, default: 6 (value: 1-9) COMPRESSION_LEVEL={{ compression_level }} diff --git a/towncrier/newsfragments/2793.bugfix b/towncrier/newsfragments/2793.bugfix new file mode 100644 index 00000000..12727762 --- /dev/null +++ b/towncrier/newsfragments/2793.bugfix @@ -0,0 +1,3 @@ +The SMTP container wasn't logging things like it should +The health-check of dovecot was creating zombies +Document that COMPRESSION=zstd is now possible (see #2139)