From 814175806c543aae7f186ea014d5c35ff9839e09 Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Sun, 12 Mar 2023 17:20:24 -0400
Subject: [PATCH] Upgrade to Mailu 1.9, adjust env vars

---
 .env.sample | 19 ++++++++++++-------
 compose.yml | 45 +++++++++++++--------------------------------
 2 files changed, 25 insertions(+), 39 deletions(-)

diff --git a/.env.sample b/.env.sample
index 96b1971..bd17a3c 100644
--- a/.env.sample
+++ b/.env.sample
@@ -31,11 +31,11 @@ POSTMASTER=admin
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 TLS_FLAVOR=mail
 
-# Authentication rate limit (per source IP address)
-AUTH_RATELIMIT=10/minute
+# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
+AUTH_RATELIMIT_IP=60/hour
 
 # Opt-out of statistics, replace with "True" to opt out
-DISABLE_STATISTICS=False
+DISABLE_STATISTICS=True
 
 ###################################
 # Optional features
@@ -62,6 +62,9 @@ ANTIVIRUS=none
 # Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000
 
+# Message rate limit (per user)
+MESSAGE_RATELIMIT=200/day
+
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=
@@ -86,7 +89,7 @@ WELCOME_SUBJECT="Welcome to your new email account"
 WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!"
 
 # Maildir Compression
-# choose compression-method, default: none (value: bz2, gz)
+# choose compression-method, default: none (value: gz, bz2, lz4, zstd)
 COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
@@ -126,9 +129,8 @@ WEBSITE=https://$DOMAIN
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
 
-# Default password scheme used for newly created accounts and changed passwords
-# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
-PASSWORD_SCHEME=PBKDF2
+# Number of rounds used by the password hashing scheme
+CREDENTIAL_ROUNDS=12
 
 # Header to take the real ip from
 REAL_IP_HEADER=
@@ -142,6 +144,9 @@ REJECT_UNLISTED_RECIPIENT=
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=WARNING
 
+# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=Etc/UTC
+
 ###################################
 # Database settings
 ###################################
diff --git a/compose.yml b/compose.yml
index 0b0c537..db51319 100644
--- a/compose.yml
+++ b/compose.yml
@@ -2,10 +2,11 @@ version: "3.8"
 
 x-environment:
   &default-env
-  - FRONT_ADDRESS=${STACK_NAME}_app
+  - HOST_FRONT=${STACK_NAME}_app
   - ADMIN
   - ANTIVIRUS
-  - AUTH_RATELIMIT
+  - AUTH_RATELIMIT_IP
+  - MESSAGE_RATELIMIT
   - COMPOSE_PROJECT_NAME
   - COMPRESSION
   - COMPRESSION_LEVEL
@@ -22,7 +23,7 @@ x-environment:
   - LOG_DRIVER
   - LOG_LEVEL
   - MESSAGE_SIZE_LIMIT
-  - PASSWORD_SCHEME
+  - CREDENTIAL_ROUNDS
   - POSTMASTER
   - REAL_IP_FROM
   - REAL_IP_HEADER
@@ -46,10 +47,11 @@ x-environment:
   - WELCOME
   - WELCOME_BODY
   - WELCOME_SUBJECT
+  - TZ
 
 services:
   app:
-    image: mailu/nginx:1.8
+    image: mailu/nginx:1.9
     logging:
       driver: json-file
     networks:
@@ -96,7 +98,7 @@ services:
       - "redis:/data"
 
   admin:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:1.8
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:1.9
     environment: *default-env
     healthcheck:
       disable: true
@@ -105,7 +107,7 @@ services:
       - "mailu:/data"
 
   imap:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:1.8
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:1.9
     environment: *default-env
     volumes:
       - "mail:/mail"
@@ -113,7 +115,7 @@ services:
       disable: true
 
   smtp:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:1.8
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:1.9
     environment: *default-env
     volumes:
       - "mailqueue:/queue"
@@ -121,7 +123,7 @@ services:
       disable: true
 
   antispam:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:1.8
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:1.9
     environment: *default-env
     volumes:
       - "rspamd:/var/lib/rspamd"
@@ -130,8 +132,10 @@ services:
       disable: true
 
   webmail:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:1.8
+    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:1.9
     environment: *default-env
+    networks:
+      - default
     volumes:
       - "webmail:/data"
     deploy:
@@ -139,21 +143,6 @@ services:
     healthcheck:
       disable: true
 
-  #certdumper:
-  #  restart: always
-  #  image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}traefik-certdumper:master
-  #  environment:
-  #    - DOMAIN=$DOMAIN
-  #    # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
-  #    - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v2}
-  #  volumes:
-  #    - "/docker/traefik/letsencrypt/acme.json:/traefik/acme.json"
-  #    - "/docker/traefik/letsencrypt/certs:/tmp/work"
-  #    - "/docker/mailu/certs:/output"
-  #  labels:
-  #    # Set watchtower label
-  #    - "com.centurylinklabs.watchtower.enable=true"
-
   certdumper:
     image: ldez/traefik-certs-dumper:v2.7.4
     entrypoint: sh -c '
@@ -176,14 +165,6 @@ services:
       - source: certdumper_post
         target: /usr/bin/certdumper_post.sh
         mode: 0555
-  
-  #certdumper:
-  #  image: humenius/traefik-certs-dumper:latest
-  #  volumes:
-  #   - traefik_letsencrypt:/traefik:ro
-  #   - certs:/output:rw
-  #  environment:
-  #   - DOMAIN=$WEB_DOMAIN
 
 volumes:
   mailu: