Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

hotfix: solve #3665 #3669

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Nov 28, 2023
Merged

hotfix: solve #3665 #3669

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
44eb503
fix #3665
georglauterbach Nov 27, 2023
09fbd61
adjust tests
georglauterbach Nov 27, 2023
f331456
Apply suggestions from code review
georglauterbach Nov 27, 2023
bc59f51
improve wording
georglauterbach Nov 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion 14 CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,18 @@ All notable changes to this project will be documented in this file. The format

> **Note**: Changes and additions listed here are contained in the `:edge` image tag. These changes may not be as stable as released changes.

## [v13.0.1](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.1)

georglauterbach marked this conversation as resolved.
Show resolved Hide resolved
This patch release fixes two bugs that Rspamd users encounter on `v13.0.0`. Big thanks to the those that helped to identify these issues!

### Fixed

- **Rspamd:**
- The check for correct permission on the private key when signing e-mails with DKIM was flawed. The result was that a false warning was emitted ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669))
- When [`RSPAMD_CHECK_AUTHENTICATED=0`][docs::env-rspamd-check-auth], DKIM signing for outbound e-mail was disabled, which is undesirable ([#3669](https://github.com/docker-mailserver/docker-mailserver/pull/3669)). **Make sure to check the documentation of [`RSPAMD_CHECK_AUTHENTICATED`][docs::env-rspamd-check-auth]**!

[docs::env-rspamd-check-auth]: https://docker-mailserver.github.io/docker-mailserver/v13.0/config/environment/#rspamd_check_authenticated

## [v13.0.0](https://github.com/docker-mailserver/docker-mailserver/releases/tag/v13.0.0)

### Breaking
Expand Down Expand Up @@ -78,7 +90,7 @@ All notable changes to this project will be documented in this file. The format
- `logrotate` setup + Rspamd log path + tests log helper fallback path ([#3576](https://github.com/docker-mailserver/docker-mailserver/pull/3576))
- Setup during container startup is now more resilient ([#3578](https://github.com/docker-mailserver/docker-mailserver/pull/3578))
- Changed DKIM default config location ([#3597](https://github.com/docker-mailserver/docker-mailserver/pull/3597))
- Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, , added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
- Removed the symlink for the `override.d/` directory in favor of using `cp`, integrated into the changedetector service, added a `--force` option for the Rspamd DKIM management, and provided a dedicated helper script for common ENV variables ([#3599](https://github.com/docker-mailserver/docker-mailserver/pull/3599))
- Required permissions are now verified for DKIM private key files ([#3627](https://github.com/docker-mailserver/docker-mailserver/pull/3627))
- **Documentation:**
- Documentation aligned to Compose v2 conventions, `docker-compose` command changed to `docker compose`, `docker-compose.yaml` to `compose.yaml` ([#3295](https://github.com/docker-mailserver/docker-mailserver/pull/3295))
Expand Down
4 changes: 4 additions & 0 deletions 4 docs/content/config/environment.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -366,6 +366,10 @@ The purpose of this setting is to opt-out of starting an internal Redis instance

This settings controls whether checks should be performed on emails coming from authenticated users (i.e. most likely outgoing emails). The default value is `0` in order to align better with SpamAssassin. **We recommend** reading through [the Rspamd documentation on scanning outbound emails][rspamd-scanning-outbound] though to decide for yourself whether you need and want this feature.

!!! note "Not all checks and actions are disabled"

DKIM signing of e-mails will still happen.

- **0** => No checks will be performed for authenticated users
- 1 => All default checks will be performed for authenticated users

Expand Down
2 changes: 2 additions & 0 deletions 2 mailserver.env
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,8 @@ RSPAMD_LEARN=0
# is `0` in order to align better with SpamAssassin. We recommend reading
# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to
# decide for yourself whether you need and want this feature.
#
# Note that DKIM signing of e-mails will still happen.
RSPAMD_CHECK_AUTHENTICATED=0

# Controls whether the Rspamd Greylisting module is enabled.
Expand Down
2 changes: 1 addition & 1 deletion 2 target/rspamd/local.d/settings.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ authenticated {
priority = high;
authenticated = yes;
apply {
groups_enabled = [];
groups_enabled = [dkim];
georglauterbach marked this conversation as resolved.
Show resolved Hide resolved
}
}
# DMS::SED_TAG::1::END
2 changes: 1 addition & 1 deletion 2 target/scripts/startup/setup.d/security/rspamd.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -325,7 +325,7 @@ function __rspamd__check_dkim_permissions() {
__rspamd__log 'trace' "Checking DKIM file '${FILE}'"
# See https://serverfault.com/a/829314 for an explanation on `-exec false {} +`
# We additionally resolve symbolic links to check the permissions of the actual files
if find "$(realpath -eL "${FILE}")" -user _rspamd -or -group _rspamd -or -perm -o=r -exec false {} +; then
if find "$(realpath -eL "${FILE}")" \( -user _rspamd -or -group _rspamd -or -perm -o=r \) -exec false {} +; then
__rspamd__log 'warn' "Rspamd DKIM private key file '${FILE}' does not appear to have correct permissions/ownership for Rspamd to use it"
else
__rspamd__log 'trace' "DKIM file '${FILE}' permissions and ownership appear correct"
Expand Down
2 changes: 1 addition & 1 deletion 2 test/tests/parallel/set1/spam_virus/rspamd_full.bats
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -307,5 +307,5 @@ function teardown_file() { _default_teardown ; }
_run_in_container grep -E -A 6 'authenticated \{' "${MODULE_FILE}"
assert_success
assert_output --partial 'authenticated = yes;'
assert_output --partial 'groups_enabled = [];'
assert_output --partial 'groups_enabled = [dkim];'
georglauterbach marked this conversation as resolved.
Show resolved Hide resolved
}
Morty Proxy This is a proxified and sanitized view of the page, visit original site.