Updates, updates, updates…

Important changes

  • Maildir encryption is enabled by default! Backup “crypt-vol-1”! You lose/delete this key, you lose your mail. There is no way to recover them.
    bash helper-scripts/backup_and_restore.sh backup crypt
    
  • Deleted mailboxes and domains will be moved to /var/vmail/_garbage and cleaned up after $MAILDIR_GC_TIME minutes, the collector runs hourly
  • Rspamd controller password change commands are now piped to a bash to hide them from process lists
  • Docker API now uses a self-generated key pair
  • Unbound logging is finally fixed
  • “unbound-control” was made available
  • Peer Heinlein allowed us to use their SA rules, many thanks!

Summary

[Update] Add MAILDIR_GC_TIME
[Postfix] Increase default message size limit to 100 MiB
[Rspamd] Add desc to high spam networks
[Rspamd] Ignore custom files, but keep bad asn map
[Rspamd] Fix permissions of controller password file
[Rspamd] Place socket in _rspamd home and fix permissions
[Rspamd] Ignore sa-rules-heinlein file, remove from index
[Unbound] Fix logging, fixes #585
[Unbound] Enable unbound-control
[Docker API] Use TLS encryption for communication with “on-the-fly” created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Do not query gid and uid
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Dovecot] Check garbage hourly
[Dovecot] Update SA rules once when container starts
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Web] Fix deletion of spam aliases
[Web] Do not exit loop on fuzzy errors when learning a message as spam
[Compose] Use SQL sockets
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
[Compose] Update Unbound image and set tty true
[Compose] Remove volume for Rspamd socket
[PHP-FPM] Update APCu and Redis libs
[Helper] Add “crypt” to backup script
[Helper] Override file for external SQL socket (not supported!)