chore: publish 1.0.2+2.0.23 release

(Grumble docs wrong grumble grumble)

.drone.yml

@@ -0,0 +1,16 @@
+
+kind: pipeline
+name: generate recipe catalogue
+steps:
+  - name: release a new version
+    image: plugins/downstream
+    settings:
+      server: https://build.coopcloud.tech
+      token:
+        from_secret: drone_abra-bot_token
+      fork: true
+      repositories:
+        - coop-cloud/auto-recipes-catalogue-json
+
+trigger:
+  event: tag

.env.sample

@@ -3,6 +3,8 @@ TYPE=mailu
 # Main mail domain, NOT main web domain (if they are different)
 DOMAIN=example.com
 LETS_ENCRYPT_ENV=production
+# Run `docker stack ls | grep traefik | cut -f 1 -d " "` on the target machine to get that one
+TRAEFIK_STACK_NAME=traefik_example_com
 
 # Custom settings used by certdumper_post.sh and Traefik
 WEB_DOMAIN=example.com
@@ -31,11 +33,11 @@ POSTMASTER=admin
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 TLS_FLAVOR=mail
 
-# Authentication rate limit (per source IP address)
-AUTH_RATELIMIT=10/minute
+# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
+AUTH_RATELIMIT_IP=60/hour
 
 # Opt-out of statistics, replace with "True" to opt out
-DISABLE_STATISTICS=False
+DISABLE_STATISTICS=True
 
 ###################################
 # Optional features
@@ -45,7 +47,7 @@ DISABLE_STATISTICS=False
 ADMIN=true
 
 # Choose which webmail to run if any (values: roundcube, rainloop, none)
-WEBMAIL=rainloop
+WEBMAIL=snappymail
 
 # Dav server implementation (value: radicale, none)
 WEBDAV=none
@@ -53,6 +55,9 @@ WEBDAV=none
 # Antivirus solution (value: clamav, none)
 ANTIVIRUS=none
 
+# Scan Macros solution (value: true, false)
+SCAN_MACROS=true
+
 ###################################
 # Mail settings
 ###################################
@@ -62,6 +67,9 @@ ANTIVIRUS=none
 # Max attachment size will be 33% smaller
 MESSAGE_SIZE_LIMIT=50000000
 
+# Message rate limit (per user)
+MESSAGE_RATELIMIT=200/day
+
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!
 RELAYNETS=
@@ -69,6 +77,9 @@ RELAYNETS=
 # Will relay all outgoing mails if configured
 RELAYHOST=
 
+# Enable fetchmail
+FETCHMAIL_ENABLED=False
+
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 
@@ -86,7 +97,7 @@ WELCOME_SUBJECT="Welcome to your new email account"
 WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!"
 
 # Maildir Compression
-# choose compression-method, default: none (value: bz2, gz)
+# choose compression-method, default: none (value: gz, bz2, lz4, zstd)
 COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
@@ -126,9 +137,8 @@ WEBSITE=https://$DOMAIN
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
 
-# Default password scheme used for newly created accounts and changed passwords
-# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
-PASSWORD_SCHEME=PBKDF2
+# Number of rounds used by the password hashing scheme
+CREDENTIAL_ROUNDS=12
 
 # Header to take the real ip from
 REAL_IP_HEADER=
@@ -142,6 +152,12 @@ REJECT_UNLISTED_RECIPIENT=
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=WARNING
 
+# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
+TZ=Etc/UTC
+
+# Authentication token for API requests
+#API_TOKEN=
+
 ###################################
 # Database settings
 ###################################

README.md

@@ -22,9 +22,9 @@ host.
 1. Set up Docker Swarm and [`abra`][abra]
 2. Deploy [`coop-cloud/traefik`][compose-traefik]
 3. `abra app new mailu`
-4. `abra app YOURAPPDOMAIN config` - be sure to change `$WEB_DOMAIN` to something that resolves to
+4. `abra app config YOURAPPDOMAIN` - be sure to change `$WEB_DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app YOURAPPDOMAIN deploy`
+5. `abra app deploy YOURAPPDOMAIN`
 9. Create initial user:
 ```
 abra app YOURAPPDOMAIN run admin flask mailu admin admin YOURDOMAIN YOURPASSWORD

compose.yml

@@ -5,7 +5,9 @@ x-environment:
   - FRONT_ADDRESS=${STACK_NAME}_app
   - ADMIN
   - ANTIVIRUS
-  - AUTH_RATELIMIT
+  - API_TOKEN
+  - AUTH_RATELIMIT_IP
+  - MESSAGE_RATELIMIT
   - COMPOSE_PROJECT_NAME
   - COMPRESSION
   - COMPRESSION_LEVEL
@@ -22,7 +24,7 @@ x-environment:
   - LOG_DRIVER
   - LOG_LEVEL
   - MESSAGE_SIZE_LIMIT
-  - PASSWORD_SCHEME
+  - CREDENTIAL_ROUNDS
   - POSTMASTER
   - REAL_IP_FROM
   - REAL_IP_HEADER
@@ -46,10 +48,11 @@ x-environment:
   - WELCOME
   - WELCOME_BODY
   - WELCOME_SUBJECT
+  - TZ
 
 services:
   app:
-    image: mailu/nginx:1.8
+    image: ghcr.io/mailu/nginx:2.0.23
     logging:
       driver: json-file
     networks:
@@ -88,39 +91,48 @@ services:
         - "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "coop-cloud.${STACK_NAME}.version=1.0.2+2.0.23"
   
   db:
-    image: redis:alpine
+    image: redis:7.2.0-alpine
     volumes:
       - "redis:/data"
 
   admin:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:1.8
+    image: ghcr.io/mailu/admin:2.0.23
     environment: *default-env
     healthcheck:
       disable: true
     volumes:
       - "dkim:/dkim"
       - "mailu:/data"
+    networks:
+      - default
 
   imap:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:1.8
+    image: ghcr.io/mailu/dovecot:2.0.23
     environment: *default-env
     volumes:
       - "mail:/mail"
     healthcheck:
       disable: true
+    depends_on:
+      - app
+    networks:
+      - default
 
   smtp:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:1.8
+    image: ghcr.io/mailu/postfix:2.0.23
     environment: *default-env
     volumes:
       - "mailqueue:/queue"
     healthcheck:
       disable: true
+    depends_on:
+      - app
 
   antispam:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:1.8
+    image: ghcr.io/mailu/rspamd:2.0.23
     environment: *default-env
     volumes:
       - "rspamd:/var/lib/rspamd"
@@ -129,8 +141,10 @@ services:
       disable: true
 
   webmail:
-    image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:1.8
+    image: ghcr.io/mailu/webmail:2.0.23
     environment: *default-env
+    networks:
+      - default
     volumes:
       - "webmail:/data"
     deploy:
@@ -138,23 +152,8 @@ services:
     healthcheck:
       disable: true
 
-  #certdumper:
-  #  restart: always
-  #  image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}traefik-certdumper:master
-  #  environment:
-  #    - DOMAIN=$DOMAIN
-  #    # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
-  #    - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v2}
-  #  volumes:
-  #    - "/docker/traefik/letsencrypt/acme.json:/traefik/acme.json"
-  #    - "/docker/traefik/letsencrypt/certs:/tmp/work"
-  #    - "/docker/mailu/certs:/output"
-  #  labels:
-  #    # Set watchtower label
-  #    - "com.centurylinklabs.watchtower.enable=true"
-
   certdumper:
-    image: ldez/traefik-certs-dumper:v2.7.4
+    image: ldez/traefik-certs-dumper:v2.8.1
     entrypoint: sh -c '
       apk add jq
       ; while ! [ -e /traefik/production-acme.json ]
@@ -168,7 +167,10 @@ services:
       - DOMAIN=$WEB_DOMAIN
     volumes:
       # Folder, which contains the acme.json
-      - "traefik_letsencrypt:/traefik"
+      - type: volume
+        read_only: true
+        source: traefik_letsencrypt
+        target: "/traefik"
       # Folder, where cert.pem and key.pem will be written
       - "certs:/output"
     configs:
@@ -176,14 +178,6 @@ services:
         target: /usr/bin/certdumper_post.sh
         mode: 0555
 
-  #certdumper:
-  #  image: humenius/traefik-certs-dumper:latest
-  #  volumes:
-  #   - traefik_letsencrypt:/traefik:ro
-  #   - certs:/output:rw
-  #  environment:
-  #   - DOMAIN=$WEB_DOMAIN
-
 volumes:
   mailu:
   rspamd:
@@ -194,6 +188,7 @@ volumes:
   certs:
   mailqueue:
   traefik_letsencrypt:
+    name: "${TRAEFIK_STACK_NAME}_letsencrypt"
     external: true
 
 networks:

release/0.2.0+1.9

@@ -0,0 +1,11 @@
+When upgrading to 1.9, you'll need to update your app(s') configuration(s) for
+new settings names:
+
+- Rename `AUTH_RATELIMIT` to `AUTH_RATELIMIT_IP`
+- Add MESSAGE_RATELIMIT (default `200/day`)
+- Add `TZ` to specify server timezone, e.g. `TZ=Etc/UTC`
+- Remove `PASSWORD_SCHEME`
+- Add `CREDENTIAL_ROUNDS` (default `12`)
+
+If you haven't made these changes already, it's best to bail on this upgrade
+FIRST (i.e. Ctrl+C) and run `abra app config` first.

release/1.0.1+2.0.16

@@ -0,0 +1 @@
+this version introduces a new variable TRAEFIK_STACK_NAME