22 Commits

Author SHA1 Message Date
3wc
e471ec6fd8 chore: publish 1.1.1+2.0.41 release
All checks were successful
continuous-integration/drone/tag Build is passing
2024-05-11 13:02:05 -03:00
976b85b701 chore: publish 1.1.0+2.0.34 release 2023-11-27 13:46:28 +01:00
2cd5446ca2 Fix admin user command line to be in the right order 2023-10-07 21:19:50 -07:00
3wc
16bd66c208 Drop config for accessing mailman network, not needed 2023-10-02 22:25:39 +01:00
3wc
68fd4e6a1b virtual_mailbox_maps instead of relay_domains..
..to get DKIM signing working for mailman
2023-10-01 16:44:16 +01:00
3wc
014d4456f8 Reorganise settings..
..including attempting to group options by likelihood of being edited,
removing some settings that weren't really configurable, and adding some
explanatory text
2023-09-24 18:52:33 +01:00
3wc
41b2f8d9c1 Move SECRET_KEY to docker secret 2023-09-24 18:52:19 +01:00
3wc
158537ab52 Properly delete irrelevant certs
Re: coop-cloud/organising#54
2023-09-23 01:42:04 +01:00
3wc
877a528df2 Add more API stuff 2023-09-20 18:39:12 +01:00
abd4911a9b chore: publish 1.0.2+2.0.23 release 2023-09-04 16:22:57 +02:00
536e78d459 chore: publish 1.0.1+2.0.16 release 2023-09-04 16:16:35 +02:00
3wc
826b0269f4 Add API_TOKEN 2023-09-01 20:39:22 +02:00
3wc
3de4147dda chore: publish 1.0.0+2.0.16 release 2023-09-01 15:35:37 +00:00
3wc
72e965154d Mailu 2.0 2023-09-01 15:34:52 +00:00
3wc
b7c8617db2 Rename release notes directory for correctness
(Grumble docs wrong grumble grumble)
2023-07-18 10:19:36 +01:00
3wc
8d570c7d79 chore: publish 0.2.1+1.9 release 2023-04-10 22:48:25 -04:00
3wc
11db4147c0 Switch to ghcr.io for container images..
..following upstream change
2023-04-10 22:47:40 -04:00
3wc
4ce12e9c55 Add Drone config for recipe catalogue regeneration 2023-03-12 17:43:10 -04:00
3wc
756e584198 chore: publish 0.2.0+1.9 release 2023-03-12 17:24:38 -04:00
3wc
814175806c Upgrade to Mailu 1.9, adjust env vars 2023-03-12 17:20:24 -04:00
3wc
4427115bc8 Update abra syntax in examples (finally) [mass update] 2023-01-19 16:02:28 -08:00
3wc
dc8b5734f6 chore: publish 0.1.0+1.8 release 2022-04-02 16:13:53 +02:00
10 changed files with 220 additions and 134 deletions

View File

@ -0,0 +1,16 @@
kind: pipeline
name: generate recipe catalogue
steps:
- name: release a new version
image: plugins/downstream
settings:
server: https://build.coopcloud.tech
token:
from_secret: drone_abra-bot_token
fork: true
repositories:
- coop-cloud/auto-recipes-catalogue-json
trigger:
event: tag

View File

@ -1,67 +1,81 @@
# See https://mailu.io/2.0/configuration.html for explanation of (most of) these
# settings. "Quoted text" in this file comes from that page.
###############################################################################
# BOILERPLATE SETTINGS (shouldn't need to change these) #
###############################################################################
TYPE=mailu TYPE=mailu
# Main mail domain, NOT main web domain (if they are different)
DOMAIN=example.com
LETS_ENCRYPT_ENV=production LETS_ENCRYPT_ENV=production
COMPOSE_FILE="compose.yml"
# Custom settings used by certdumper_post.sh and Traefik ###############################################################################
WEB_DOMAIN=example.com # REQUIRED SETTINGS (always need to change these) #
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json ###############################################################################
# Mailu settings # Main web domain, NOT main mail domain (if they are different)
# https://mailu.io DOMAIN=mailu.example.com
TLS_CERT_FILENAME=$WEB_DOMAIN/certificate.crt # "This email domain is used for bounce emails, for generating the postmaster
TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key # email and other technical addresses."
MAIL_DOMAIN=mailu.example.com
REDIS_ADDRESS=db # Hostnames for this server, separated with commas
# "The first declared hostname is the main hostname and will be exposed over
# SMTP, IMAP, etc."
HOSTNAMES=$DOMAIN
# Set to a randomly generated 16 bytes string # Run `DOCKER_CONTEXT=<yourserver> docker stack ls | grep traefik | cut -f 1 -d " "` to get that one
SECRET_KEY=XXXXXXXXXXXXXXXX TRAEFIK_STACK_NAME=traefik_example_com
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) ###############################################################################
SUBNET=192.168.203.0/24 # OPTIONAL SETTINGS #
###############################################################################
# Hostnames for this server, separated with comas # Name of the instance, displayed in the web UI
HOSTNAMES=$WEB_DOMAIN SITENAME=mymail
# Linked Website URL
WEBSITE=https://$DOMAIN
# Postmaster local part (will append the main mail domain) # Postmaster local part (will append the main mail domain)
POSTMASTER=admin POSTMASTER=c
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) # Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
TLS_FLAVOR=mail AUTH_RATELIMIT_IP=60/hour
# Authentication rate limit (per source IP address) # Opt-in to statistics, change to "False" to opt in
AUTH_RATELIMIT=10/minute DISABLE_STATISTICS=True
# Opt-out of statistics, replace with "True" to opt out # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
DISABLE_STATISTICS=False LOG_LEVEL=WARNING
################################### # Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
# Optional features TZ=Etc/UTC
###################################
# Expose the admin interface (value: true, false) # Expose the admin interface (value: true, false)
ADMIN=true ADMIN=true
# Choose which webmail to run if any (values: roundcube, rainloop, none) # Choose which webmail to run if any (values: snappymail, roundcube, none)
WEBMAIL=rainloop WEBMAIL=snappymail
# Dav server implementation (value: radicale, none) # API settings
WEBDAV=none # -------------
# Antivirus solution (value: clamav, none) # Authentication token for API requests
ANTIVIRUS=none API=false
#API_TOKEN=
###################################
# Mail settings # Mail settings
################################### # -------------
# Message size limit in bytes # Message size limit in bytes
# Default: accept messages up to 50MB # Default: accept messages up to 50MB
# Max attachment size will be 33% smaller # Max attachment size will be 33% smaller
MESSAGE_SIZE_LIMIT=50000000 MESSAGE_SIZE_LIMIT=50000000
# Message rate limit (per user)
MESSAGE_RATELIMIT=200/day
# Networks granted relay permissions # Networks granted relay permissions
# Use this with care, all hosts in this networks will be able to send mail without authentication! # Use this with care, all hosts in this networks will be able to send mail without authentication!
RELAYNETS= RELAYNETS=
@ -69,10 +83,13 @@ RELAYNETS=
# Will relay all outgoing mails if configured # Will relay all outgoing mails if configured
RELAYHOST= RELAYHOST=
# Enable fetchmail
FETCHMAIL_ENABLED=False
# Fetchmail delay # Fetchmail delay
FETCHMAIL_DELAY=600 FETCHMAIL_DELAY=600
# Recipient delimiter, character used to delimiter localpart from custom address part # Recipient delimiter, character used to delimit localpart from custom address part
RECIPIENT_DELIMITER=+ RECIPIENT_DELIMITER=+
# DMARC rua and ruf email # DMARC rua and ruf email
@ -86,7 +103,7 @@ WELCOME_SUBJECT="Welcome to your new email account"
WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!" WELCOME_BODY="Welcome to your new email account, if you can read this, then it is configured properly!"
# Maildir Compression # Maildir Compression
# choose compression-method, default: none (value: bz2, gz) # choose compression-method, default: none (value: gz, bz2, lz4, zstd)
COMPRESSION= COMPRESSION=
# change compression-level, default: 6 (value: 1-9) # change compression-level, default: 6 (value: 1-9)
COMPRESSION_LEVEL= COMPRESSION_LEVEL=
@ -94,9 +111,56 @@ COMPRESSION_LEVEL=
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature. # IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
#FULL_TEXT_SEARCH=off #FULL_TEXT_SEARCH=off
################################### # Co-op Cloud settings
# -------------
# Mailman settings
# NOTE(3wc): remember to also set RELAYNETS
#COMPOSE_FILE="compose.yml:compose.mailman.yml"
#MAILMAN_POSTFIX_OVERRIDES=1
#MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
#MAILMAN_CORE_NETWORK=lists_example_com_internal
# NOTE(3wc): think this is no longer needed, see https://github.com/Mailu/Mailu/pull/1904
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
#COMPOSE_FILE="compose.yml:compose.senderlogins.yml"
#SENDER_LOGINS_POSTFIX_OVERRIDES=1
SECRET_SECRET_KEY_VERSION=v1
###############################################################################
# INFINITE NERD DEPTH SETTINGS (rarely needed) #
###############################################################################
# Traefik certificates filename, used by certdumper
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json
TLS_CERT_FILENAME=$DOMAIN/certificate.crt
TLS_KEYPAIR_FILENAME=$DOMAIN/privatekey.key
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
# NOTE(3wc): changing this to "letsencrypt" might (but probably won't) allow
# this recipe to be deployed standalone without Traefik. "notls" might (but
# might not) disable encryption for everything except the web interfaces.
TLS_FLAVOR=mail
# Optional features
# -------------
# Dav server implementation (value: radicale, none)
WEBDAV=none
# Antivirus solution (value: clamav, none)
ANTIVIRUS=none
# Scan Macros solution (value: true, false)
SCAN_MACROS=true
# Web settings # Web settings
################################### # -------------
# Path to redirect / to # Path to redirect / to
WEBROOT_REDIRECT=/webmail WEBROOT_REDIRECT=/webmail
@ -107,15 +171,8 @@ WEB_ADMIN=/admin
# Path to the webmail if enabled # Path to the webmail if enabled
WEB_WEBMAIL=/webmail WEB_WEBMAIL=/webmail
# Website name
SITENAME=mymail
# Linked Website URL
WEBSITE=https://$DOMAIN
###################################
# Advanced settings # Advanced settings
################################### # -------------
# Log driver for front service. Possible values: # Log driver for front service. Possible values:
# json-file (default) # json-file (default)
@ -123,12 +180,8 @@ WEBSITE=https://$DOMAIN
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
#LOG_DRIVER=json-file #LOG_DRIVER=json-file
# Docker-compose project name, this will prepended to containers names. # Number of rounds used by the password hashing scheme
COMPOSE_PROJECT_NAME=mailu CREDENTIAL_ROUNDS=12
# Default password scheme used for newly created accounts and changed passwords
# (value: PBKDF2, BLF-CRYPT, SHA512-CRYPT, SHA256-CRYPT)
PASSWORD_SCHEME=PBKDF2
# Header to take the real ip from # Header to take the real ip from
REAL_IP_HEADER= REAL_IP_HEADER=
@ -139,27 +192,6 @@ REAL_IP_FROM=
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
REJECT_UNLISTED_RECIPIENT= REJECT_UNLISTED_RECIPIENT=
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) # NOTE(3wc): Other values are not supported, as compose.yml does not contain
LOG_LEVEL=WARNING # configuration for them. Pull requests welcome!
###################################
# Database settings
###################################
DB_FLAVOR=sqlite DB_FLAVOR=sqlite
###################################
# Mailman settings
###################################
# COMPOSE_FILE="compose.yml:compose.mailman.yml"
# MAILMAN_POSTFIX_OVERRIDES=1
# MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
# MAILMAN_CORE_NETWORK=lists_example_com_internal
###################################
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
###################################
# COMPOSE_FILE="compose.yml:compose.senderlogins.yml"
# SENDER_LOGINS_POSTFIX_OVERRIDES=1

View File

@ -22,12 +22,12 @@ host.
1. Set up Docker Swarm and [`abra`][abra] 1. Set up Docker Swarm and [`abra`][abra]
2. Deploy [`coop-cloud/traefik`][compose-traefik] 2. Deploy [`coop-cloud/traefik`][compose-traefik]
3. `abra app new mailu` 3. `abra app new mailu`
4. `abra app YOURAPPDOMAIN config` - be sure to change `$WEB_DOMAIN` to something that resolves to 4. `abra app config YOURAPPDOMAIN` - be sure to change `$WEB_DOMAIN` to something that resolves to
your Docker swarm box your Docker swarm box
5. `abra app YOURAPPDOMAIN deploy` 5. `abra app deploy YOURAPPDOMAIN`
9. Create initial user: 9. Create initial user:
``` ```
abra app YOURAPPDOMAIN run admin flask mailu admin admin YOURDOMAIN YOURPASSWORD abra app run YOURDOMAIN admin flask mailu admin admin YOURDOMAIN YOURPASSWORD
``` ```
[Mailu]: https://mailu.io/ [Mailu]: https://mailu.io/

View File

@ -1,3 +1,3 @@
export CERTDUMPER_POST_VERSION=v1 export CERTDUMPER_POST_VERSION=v1
export POSTFIX_OVERRIDE_VERSION=v15 export POSTFIX_OVERRIDE_VERSION=v17
export SENDER_LOGIN_VERSIONS=v2 export SENDER_LOGIN_VERSIONS=v2

View File

@ -10,18 +10,12 @@ services:
- MAILMAN_POSTFIX_OVERRIDES - MAILMAN_POSTFIX_OVERRIDES
networks: networks:
- default - default
- shared_mailman_network
volumes: volumes:
- "shared-mailman-core:/opt/mailman/" - "shared-mailman-core:/opt/mailman/"
configs: configs:
- source: postfix_override - source: postfix_override
target: /overrides/postfix.cf target: /overrides/postfix.cf
networks:
shared_mailman_network:
external: true
name: ${MAILMAN_CORE_NETWORK}
volumes: volumes:
# https://git.autonomic.zone/coop-cloud/mailman3/src/branch/master/compose.yml # https://git.autonomic.zone/coop-cloud/mailman3/src/branch/master/compose.yml
shared-mailman-core: shared-mailman-core:

View File

@ -5,7 +5,10 @@ x-environment:
- FRONT_ADDRESS=${STACK_NAME}_app - FRONT_ADDRESS=${STACK_NAME}_app
- ADMIN - ADMIN
- ANTIVIRUS - ANTIVIRUS
- AUTH_RATELIMIT - API
- API_TOKEN
- AUTH_RATELIMIT_IP
- MESSAGE_RATELIMIT
- COMPOSE_PROJECT_NAME - COMPOSE_PROJECT_NAME
- COMPRESSION - COMPRESSION
- COMPRESSION_LEVEL - COMPRESSION_LEVEL
@ -22,18 +25,18 @@ x-environment:
- LOG_DRIVER - LOG_DRIVER
- LOG_LEVEL - LOG_LEVEL
- MESSAGE_SIZE_LIMIT - MESSAGE_SIZE_LIMIT
- PASSWORD_SCHEME - CREDENTIAL_ROUNDS
- POSTMASTER - POSTMASTER
- REAL_IP_FROM - REAL_IP_FROM
- REAL_IP_HEADER - REAL_IP_HEADER
- RECIPIENT_DELIMITER - RECIPIENT_DELIMITER
- REDIS_ADDRESS - REDIS_ADDRESS=db
- REJECT_UNLISTED_RECIPIENT - REJECT_UNLISTED_RECIPIENT
- RELAYHOST - RELAYHOST
- RELAYNETS - RELAYNETS
- SECRET_KEY - SECRET_KEY_FILE=/run/secrets/secret_key
- SITENAME - SITENAME
- SUBNET - SUBNET=192.168.203.0/24
- TLS_CERT_FILENAME - TLS_CERT_FILENAME
- TLS_FLAVOR - TLS_FLAVOR
- TLS_KEYPAIR_FILENAME - TLS_KEYPAIR_FILENAME
@ -43,13 +46,15 @@ x-environment:
- WEBROOT_REDIRECT - WEBROOT_REDIRECT
- WEBSITE - WEBSITE
- WEB_WEBMAIL - WEB_WEBMAIL
- WEB_API=/api
- WELCOME - WELCOME
- WELCOME_BODY - WELCOME_BODY
- WELCOME_SUBJECT - WELCOME_SUBJECT
- TZ
services: services:
app: app:
image: mailu/nginx:1.8 image: ghcr.io/mailu/nginx:2.0.41
logging: logging:
driver: json-file driver: json-file
networks: networks:
@ -80,48 +85,67 @@ services:
mode: host mode: host
volumes: volumes:
- "certs:/certs" - "certs:/certs"
secrets:
- secret_key
deploy: deploy:
labels: labels:
- "traefik.enable=true" - "traefik.enable=true"
- "traefik.docker.network=proxy" - "traefik.docker.network=proxy"
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
- "coop-cloud.${STACK_NAME}.version=1.1.1+2.0.41"
db: db:
image: redis:alpine image: redis:7.2.4-alpine
volumes: volumes:
- "redis:/data" - "redis:/data"
admin: admin:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}admin:1.8 image: ghcr.io/mailu/admin:2.0.41
environment: *default-env environment: *default-env
healthcheck: healthcheck:
disable: true disable: true
secrets:
- secret_key
volumes: volumes:
- "dkim:/dkim" - "dkim:/dkim"
- "mailu:/data" - "mailu:/data"
networks:
- default
imap: imap:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}dovecot:1.8 image: ghcr.io/mailu/dovecot:2.0.41
environment: *default-env environment: *default-env
secrets:
- secret_key
volumes: volumes:
- "mail:/mail" - "mail:/mail"
healthcheck: healthcheck:
disable: true disable: true
depends_on:
- app
networks:
- default
smtp: smtp:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}postfix:1.8 image: ghcr.io/mailu/postfix:2.0.41
environment: *default-env environment: *default-env
secrets:
- secret_key
volumes: volumes:
- "mailqueue:/queue" - "mailqueue:/queue"
healthcheck: healthcheck:
disable: true disable: true
depends_on:
- app
antispam: antispam:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rspamd:1.8 image: ghcr.io/mailu/rspamd:2.0.41
environment: *default-env environment: *default-env
secrets:
- secret_key
volumes: volumes:
- "rspamd:/var/lib/rspamd" - "rspamd:/var/lib/rspamd"
- "dkim:/dkim:ro" - "dkim:/dkim:ro"
@ -129,46 +153,38 @@ services:
disable: true disable: true
webmail: webmail:
image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}rainloop:1.8 image: ghcr.io/mailu/webmail:2.0.41
environment: *default-env environment: *default-env
networks:
- default
volumes: volumes:
- "webmail:/data" - "webmail:/data"
secrets:
- secret_key
deploy: deploy:
replicas: 1 replicas: 1
healthcheck: healthcheck:
disable: true disable: true
#certdumper:
# restart: always
# image: ${DOCKER_ORG:-mailu}/${DOCKER_PREFIX:-}traefik-certdumper:master
# environment:
# - DOMAIN=$DOMAIN
# # Set TRAEFIK_VERSION to v2 in your .env if you're using Traefik v2
# - TRAEFIK_VERSION=${TRAEFIK_VERSION:-v2}
# volumes:
# - "/docker/traefik/letsencrypt/acme.json:/traefik/acme.json"
# - "/docker/traefik/letsencrypt/certs:/tmp/work"
# - "/docker/mailu/certs:/output"
# labels:
# # Set watchtower label
# - "com.centurylinklabs.watchtower.enable=true"
certdumper: certdumper:
image: ldez/traefik-certs-dumper:v2.7.4 image: ldez/traefik-certs-dumper:v2.8.3
entrypoint: sh -c ' entrypoint: sh -c '
apk add jq apk add jq
; while ! [ -e /traefik/production-acme.json ] ; while ! [ -e /traefik/${ACME_JSON} ]
|| ! [ `jq ".production.Certificates | length" /traefik/production-acme.json` != 0 ]; do || ! [ `jq ".production.Certificates | length" /traefik/${ACME_JSON}` != 0 ]; do
sleep 1 sleep 1
; done ; done
&& traefik-certs-dumper file --watch --source /traefik/production-acme.json && traefik-certs-dumper file --watch --source /traefik/${ACME_JSON}
--dest /output --domain-subdir=true --version v2' --dest /output --domain-subdir=true --version v2
--post-hook "sh /usr/bin/certdumper_post.sh"'
environment: environment:
# Make sure this is the same as the main=-domain in traefik.toml - DOMAIN=$DOMAIN
- DOMAIN=$WEB_DOMAIN
volumes: volumes:
# Folder, which contains the acme.json # Folder, which contains the acme.json
- "traefik_letsencrypt:/traefik" - type: volume
read_only: true
source: traefik_letsencrypt
target: "/traefik"
# Folder, where cert.pem and key.pem will be written # Folder, where cert.pem and key.pem will be written
- "certs:/output" - "certs:/output"
configs: configs:
@ -176,14 +192,6 @@ services:
target: /usr/bin/certdumper_post.sh target: /usr/bin/certdumper_post.sh
mode: 0555 mode: 0555
#certdumper:
# image: humenius/traefik-certs-dumper:latest
# volumes:
# - traefik_letsencrypt:/traefik:ro
# - certs:/output:rw
# environment:
# - DOMAIN=$WEB_DOMAIN
volumes: volumes:
mailu: mailu:
rspamd: rspamd:
@ -194,6 +202,7 @@ volumes:
certs: certs:
mailqueue: mailqueue:
traefik_letsencrypt: traefik_letsencrypt:
name: "${TRAEFIK_STACK_NAME}_letsencrypt"
external: true external: true
networks: networks:
@ -210,3 +219,8 @@ configs:
certdumper_post: certdumper_post:
name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION} name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION}
file: certdumper_post.sh file: certdumper_post.sh
secrets:
secret_key:
external: true
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}

View File

@ -10,9 +10,9 @@
unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 550
owner_request_special = no owner_request_special = no
virtual_mailbox_maps = regexp:/opt/mailman/var/data/postfix_lmtp, \${podop}mailbox
transport_maps = regexp:/opt/mailman/var/data/postfix_lmtp \${podop}transport transport_maps = regexp:/opt/mailman/var/data/postfix_lmtp \${podop}transport
local_recipient_maps = regexp:/opt/mailman/var/data/postfix_lmtp local_recipient_maps = regexp:/opt/mailman/var/data/postfix_lmtp
relay_domains = regexp:/opt/mailman/var/data/postfix_domains \${podop}transport
{{ end }} {{ end }}
{{ if eq (env "SENDER_LOGINS_POSTFIX_OVERRIDES") "1" }} {{ if eq (env "SENDER_LOGINS_POSTFIX_OVERRIDES") "1" }}
# https://github.com/Mailu/Mailu/issues/1096 # https://github.com/Mailu/Mailu/issues/1096

11
release/0.2.0+1.9 Normal file
View File

@ -0,0 +1,11 @@
When upgrading to 1.9, you'll need to update your app(s') configuration(s) for
new settings names:
- Rename `AUTH_RATELIMIT` to `AUTH_RATELIMIT_IP`
- Add MESSAGE_RATELIMIT (default `200/day`)
- Add `TZ` to specify server timezone, e.g. `TZ=Etc/UTC`
- Remove `PASSWORD_SCHEME`
- Add `CREDENTIAL_ROUNDS` (default `12`)
If you haven't made these changes already, it's best to bail on this upgrade
FIRST (i.e. Ctrl+C) and run `abra app config` first.

1
release/1.0.1+2.0.16 Normal file
View File

@ -0,0 +1 @@
this version introduces a new variable TRAEFIK_STACK_NAME

18
release/1.1.0+2.0.34 Normal file
View File

@ -0,0 +1,18 @@
# Secret key
The secret key is now stored as a docker secret instead of a variable in the
env file. You need to insert it by running:
`abra app secret insert <your mailu app> secret_key v1 <SECRETKEYHERE>`
and you can remove `SECRET_KEY` from your config file.
# `DOMAIN` is now `MAIL_DOMAIN`
This is important! If your main e-mail domain is something else than the
domain you are reaching the web interface at, you need to make changes.
I.e. in our setup we have `autonomic.zone` pointing an A record at some server
and `mail.autonomic.zone` is a separate server, and MX records are pointing
to the server at `mail.autonomic.zone`.
In this case:
- `DOMAIN` should be `mail.autonomic.zone` - this is what traefik will use to
provision a certificate
- `MAIL_DOMAIN` should be `autonomic.zone`