diff --git a/apps/docker-mailserver/14.0.0/data.yml b/apps/docker-mailserver/14.0.0/data.yml deleted file mode 100644 index 2ff188a8..00000000 --- a/apps/docker-mailserver/14.0.0/data.yml +++ /dev/null @@ -1,38 +0,0 @@ -additionalProperties: - formFields: - - default: "/home/bark" - edit: true - envKey: BARK_ROOT_PATH - labelZh: 数据持久化路径 - labelEn: Data persistence path - required: true - type: text - - default: 8080 - edit: true - envKey: PANEL_APP_PORT_HTTP - labelZh: WebUI 端口 - labelEn: WebUI port - required: true - rule: paramPort - type: number - - default: "" - edit: true - envKey: BARK_SERVER_DSN - labelZh: 数据库链接 - labelEn: Database URL - required: false - type: text - - default: "" - edit: true - envKey: BARK_SERVER_BASIC_AUTH_USER - labelZh: 用户名 (服务基础验证) - labelEn: Basic Auth User - required: false - type: text - - default: "" - edit: true - envKey: BARK_SERVER_BASIC_AUTH_PASSWORD - labelZh: 密码 (服务基础验证) - labelEn: Basic Auth Password - required: false - type: text diff --git a/apps/docker-mailserver/README.md b/apps/docker-mailserver/README.md deleted file mode 100644 index e3530061..00000000 --- a/apps/docker-mailserver/README.md +++ /dev/null @@ -1,13 +0,0 @@ -# Docker Mailserver - -docker-mailserver,简称 DMS,是一个可用于生产的全栈但简单的邮件服务器(SMTP、IMAP、LDAP、反垃圾邮件、反病毒等)。它只使用配置文件,不使用 -SQL 数据库。其形象以 "保持简单和版本化 "为口号。 - -## 前置准备 - -- `域名` -- `DNS 解析` -- `服务器` - - `Docker` 服务 - - `推荐配置`: 1核2G内存 容器已启用交换功能 - - `最小配置`: 1核512M内存 (禁用 ClamAV 服务) diff --git a/apps/docker-mailserver/logo.png b/apps/docker-mailserver/logo.png deleted file mode 100644 index eba752a8..00000000 Binary files a/apps/docker-mailserver/logo.png and /dev/null differ diff --git a/apps/mailserver/14.0.0/data.yml b/apps/mailserver/14.0.0/data.yml new file mode 100644 index 00000000..b3e56137 --- /dev/null +++ b/apps/mailserver/14.0.0/data.yml @@ -0,0 +1,136 @@ +additionalProperties: + formFields: + - default: "/home/bark" + edit: true + envKey: MAILSERVER_ROOT_PATH + labelZh: 数据持久化路径 + labelEn: Data persistence path + required: true + type: text + - default: 25 + edit: true + envKey: PANEL_APP_PORT_SMTP + labelZh: SMTP 端口 (保持默认) + labelEn: SMTP Port (keep default) + required: true + rule: paramPort + type: number + - default: 143 + edit: true + envKey: PANEL_APP_PORT_IMAP + labelZh: IMAP 端口 (保持默认) + labelEn: IMAP Port (keep default) + required: true + rule: paramPort + type: number + - default: 465 + edit: true + envKey: PANEL_APP_PORT_SMTPS + labelZh: SMTP SSL 端口 (保持默认) + labelEn: SMTP SSL Port (keep default) + required: true + rule: paramPort + type: number + - default: 587 + edit: true + envKey: PANEL_APP_PORT_ESMTP + labelZh: SMTP 提交端口 (保持默认) + labelEn: SMTP Submission Port (keep default) + required: true + rule: paramPort + type: number + - default: 993 + edit: true + envKey: PANEL_APP_PORT_IPAPS + labelZh: IMAP SSL 端口 (保持默认) + labelEn: IMAP SSL Port (keep default) + required: true + rule: paramPort + type: number + - default: 0 + edit: true + envKey: ENABLE_POP3 + labelZh: 启用 POP3 + labelEn: Enable POP3 + required: true + type: select + values: + - label: 启用 + value: 1 + - label: 禁用 + value: 0 + - default: 110 + edit: true + envKey: PANEL_APP_PORT_POP + labelZh: POP3 端口 (保持默认) + labelEn: POP3 Port (keep default) + required: false + rule: paramPort + type: number + - default: 995 + edit: true + envKey: PANEL_APP_PORT_POPS + labelZh: POP3 SSL 端口 (保持默认) + labelEn: POP3 SSL Port (keep default) + required: false + rule: paramPort + type: number + - default: "postmaster@domain.com" + edit: true + envKey: POSTMASTER_ADDRESS + labelZh: 管理员邮箱地址 + labelEn: Postmaster email address + required: true + type: text + - default: 0 + edit: true + envKey: ENABLE_AMAVIS + labelZh: 内容过滤器 (Amavis支持) + labelEn: Content filter (Amavis support) + required: true + type: select + values: + - label: 启用 + value: 1 + - label: 禁用 + value: 0 + - default: 0 + edit: true + envKey: ENABLE_CLAMAV + labelZh: 邮件病毒扫描 (ClamAV支持) + labelEn: Mail virus scanning (ClamAV support) + required: true + type: select + values: + - label: 启用 + value: 1 + - label: 禁用 + value: 0 + - default: "manual" + edit: true + envKey: SSL_TYPE + labelZh: SSL 证书类型 + labelEn: SSL certificate type + required: true + type: select + values: + - label: Let's Encrypt + value: "letsencrypt" + - label: 本地证书 + value: "manual" + - label: 禁用 SSL + value: "" + - default: "public.crt" + edit: true + envKey: CERTS_PUBLIC_CRT + labelZh: SSL Public 证书文件名 + labelEn: SSL Public certificate file name + required: false + type: text + - default: "private.key" + edit: true + envKey: CERTS_PRIVATE_KEY + labelZh: SSL Private 证书文件名 + labelEn: SSL Private certificate file name + required: false + type: text diff --git a/apps/docker-mailserver/14.0.0/docker-compose.yml b/apps/mailserver/14.0.0/docker-compose.yml similarity index 55% rename from apps/docker-mailserver/14.0.0/docker-compose.yml rename to apps/mailserver/14.0.0/docker-compose.yml index 6c403795..523023cf 100644 --- a/apps/docker-mailserver/14.0.0/docker-compose.yml +++ b/apps/mailserver/14.0.0/docker-compose.yml @@ -21,18 +21,27 @@ services: - ${PANEL_APP_PORT_SMTPS}:465 - ${PANEL_APP_PORT_ESMTP}:587 - ${PANEL_APP_PORT_IPAPS}:993 + - ${PANEL_APP_PORT_POP:-}:110 + - ${PANEL_APP_PORT_POPS:-}:995 env_file: - /etc/1panel/envs/global.env - /etc/1panel/envs/mailserver/mailserver.env - ${ENV_FILE:-/etc/1panel/envs/default.env} volumes: - /etc/localtime:/etc/localtime:ro - - ${DOCKER_MAILSERVER_ROOT_PATH}/dms/mail-data/:/var/mail/ - - ${DOCKER_MAILSERVER_ROOT_PATH}/dms/mail-state/:/var/mail-state/ - - ${DOCKER_MAILSERVER_ROOT_PATH}/dms/mail-logs/:/var/log/mail/ - - ${DOCKER_MAILSERVER_ROOT_PATH}/dms/config/:/tmp/docker-mailserver/ + - ${MAILSERVER_ROOT_PATH}/dms/mail-data/:/var/mail/ + - ${MAILSERVER_ROOT_PATH}/dms/mail-state/:/var/mail-state/ + - ${MAILSERVER_ROOT_PATH}/dms/mail-logs/:/var/log/mail/ + - ${MAILSERVER_ROOT_PATH}/dms/config/:/tmp/docker-mailserver/ + - ${MAILSERVER_ROOT_PATH}/certs/:/tmp/dms/certs/ + - ${MAILSERVER_ROOT_PATH}/dms-backups/:/backup/ environment: - - + - LOG_LEVEL=info + - SUPERVISOR_LOGLEVEL=info + - ACCOUNT_PROVISIONER=FILE + - SSL_CERT_PATH=/tmp/dms/certs/${CERTS_PUBLIC_CRT:-public.crt} + - SSL_KEY_PATH=/tmp/dms/certs/${CERTS_PRIVATE_KEY:-private.key} + - SPOOF_PROTECTION=1 healthcheck: test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1" timeout: 3s diff --git a/apps/docker-mailserver/14.0.0/scripts/init.sh b/apps/mailserver/14.0.0/scripts/init.sh similarity index 100% rename from apps/docker-mailserver/14.0.0/scripts/init.sh rename to apps/mailserver/14.0.0/scripts/init.sh diff --git a/apps/docker-mailserver/14.0.0/scripts/uninstall.sh b/apps/mailserver/14.0.0/scripts/uninstall.sh similarity index 100% rename from apps/docker-mailserver/14.0.0/scripts/uninstall.sh rename to apps/mailserver/14.0.0/scripts/uninstall.sh diff --git a/apps/docker-mailserver/14.0.0/scripts/upgrade.sh b/apps/mailserver/14.0.0/scripts/upgrade.sh similarity index 100% rename from apps/docker-mailserver/14.0.0/scripts/upgrade.sh rename to apps/mailserver/14.0.0/scripts/upgrade.sh diff --git a/apps/mailserver/README.md b/apps/mailserver/README.md new file mode 100644 index 00000000..61d64f67 --- /dev/null +++ b/apps/mailserver/README.md @@ -0,0 +1,69 @@ +# Docker Mailserver + +docker-mailserver,简称 DMS,是一个可用于生产的全栈但简单的邮件服务器(SMTP、IMAP、LDAP、反垃圾邮件、反病毒等)。它只使用配置文件,不使用 +SQL 数据库。其形象以 "保持简单和版本化 "为口号。 + +## 前置准备 + +- `域名` +- `DNS 解析` +- `服务器` + - `Docker` 服务 + - `推荐配置`: 1核2G内存 容器已启用交换功能 + - `最小配置`: 1核512M内存 (禁用 ClamAV 服务) + +### DNS 配置 + +假设你的域名是 `example.com` + +邮件服务器的完全限定域名 (FQDN) 是 mail.example.com,你需要配置以下记录: + +- `A` 记录: `mail.example.com` 指向你的服务器 IP 地址 + - MX 记录告诉每个人哪个 (DNS) 名称负责您域中的电子邮件。 +- `MX` 记录: `example.com` 指向 `mail.example.com` + - A 记录告诉每个人 DNS 名称 +- `PTR` 记录(可选): 你的服务器 IP 地址指向 `mail.example.com` + - PTR 记录是 A 记录的对应记录 + +当然,您也可以完全在 example.com 上配置,您需要更改您的 MX 记录: + +- `MX` 记录: `example.com` 指向 `example.com` +- `A` 记录: `example.com` 指向您的服务器 IP 地址 + +什么是 PTR 记录?[请参阅](https://en.wikipedia.org/wiki/Reverse_DNS_lookup) + +此项服务在 DNS 解析商中可能存在收费,如您不想使用此项服务,可以不配置 PTR 记录。 + +### 证书准备 + +您需要一个有效的 SSL 证书,您可以使用 `Let's Encrypt` 或者其他证书颁发机构颁发的证书。 + +将证书文件放置在 持久化目录的 `certs` 目录下,文件名为 `public.crt` 和 `private.key`。 + +## 安装完成 + +首次启动至少要添加一个账户,您有两分钟的时间来执行此操作。请在容器终端中运行以下命令。 + +如果您错过了这个时间,您可以通过删除容器并重新启动来重新启动此过程。 + +> 创建 用户 +> +> `setup email add ` + +```sh +setup email add user@example.com +``` + +> 设置别名 +> +> `setup alias add ` + +```sh +setup alias add postmaster@example.com user@example.com +``` + +> 更新证书 + +将证书文件放置在 持久化目录的 `certs` 目录下,文件名为 `public.crt` 和 `private.key`。 + +重启容器,即可更新证书。 diff --git a/apps/docker-mailserver/data.yml b/apps/mailserver/data.yml similarity index 70% rename from apps/docker-mailserver/data.yml rename to apps/mailserver/data.yml index c3fcbdb8..a69f5288 100644 --- a/apps/docker-mailserver/data.yml +++ b/apps/mailserver/data.yml @@ -1,9 +1,9 @@ -name: Docker Mailserver +name: Mailserver title: 是一个可用于生产的全栈但简单的邮件服务器 description: 是一个可用于生产的全栈但简单的邮件服务器 additionalProperties: - key: docker-mailserver - name: Docker Mailserver + key: mailserver + name: Mailserver tags: - Email - Local @@ -12,6 +12,6 @@ additionalProperties: type: runtime crossVersionUpdate: true limit: 0 - website: https://docker-mailserver.github.io/ + website: https://docker-mailserver.github.io/docker-mailserver/latest/ github: https://github.com/docker-mailserver/docker-mailserver/ - document: https://docker-mailserver.github.io/ + document: https://docker-mailserver.github.io/docker-mailserver/latest/ diff --git a/apps/mailserver/logo.png b/apps/mailserver/logo.png new file mode 100644 index 00000000..f39b79a9 Binary files /dev/null and b/apps/mailserver/logo.png differ diff --git a/envs/mailserver/mailserver.env b/envs/mailserver/mailserver.env index bbc40195..3db58204 100644 --- a/envs/mailserver/mailserver.env +++ b/envs/mailserver/mailserver.env @@ -1,26 +1,100 @@ -POSTMASTER_ADDRESS= +# ----------------------------------------------- +# --- Mailserver Environment Variables ---------- +# ----------------------------------------------- -ACCOUNT_PROVISIONER=FILE +# DOCUMENTATION FOR THESE VARIABLES IS FOUND UNDER +# https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/ + +# ----------------------------------------------- +# --- General Section --------------------------- +# ----------------------------------------------- + +# empty => uses the `hostname` command to get the mail server's canonical hostname +# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable. OVERRIDE_HOSTNAME= -# log level -LOG_LEVEL=info -SUPERVISOR_LOGLEVEL=info +# REMOVED in version v11.0.0! Use LOG_LEVEL instead. +DMS_DEBUG=0 -# default: 5000 +# Set the log level for DMS. +# This is mostly relevant for container startup scripts and change detection event feedback. +# +# Valid values (in order of increasing verbosity) are: `error`, `warn`, `info`, `debug` and `trace`. +# The default log level is `info`. +LOG_LEVEL=info + +# critical => Only show critical messages +# error => Only show erroneous output +# **warn** => Show warnings +# info => Normal informational output +# debug => Also show debug messages +SUPERVISOR_LOGLEVEL= + +# Support for deployment where these defaults are not compatible (eg: some NAS appliances): +# /var/mail vmail User ID (default: 5000) DMS_VMAIL_UID= +# /var/mail vmail Group ID (default: 5000) DMS_VMAIL_GID= -# Disable update checking +# **empty** => use FILE +# LDAP => use LDAP authentication +# OIDC => use OIDC authentication (not yet implemented) +# FILE => use local files (this is used as the default) +ACCOUNT_PROVISIONER= + +# empty => postmaster@domain.com +# => Specify the postmaster address +POSTMASTER_ADDRESS= + +# Check for updates on container start and then once a day +# If an update is available, a mail is sent to POSTMASTER_ADDRESS +# 0 => Update check disabled +# 1 => Update check enabled ENABLE_UPDATE_CHECK=0 + +# Customize the update check interval. +# Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days. UPDATE_CHECK_INTERVAL=1d -NETWORK_INTERFACE= +# Set different options for mynetworks option (can be overwrite in postfix-main.cf) +# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or +# `connected-networks` option, can create an open relay +# https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498 +# The same can happen for rootless podman. To prevent this, set the value to "none" or configure slirp4netns +# https://github.com/docker-mailserver/docker-mailserver/issues/2377 +# +# none => Explicitly force authentication +# container => Container IP address only +# host => Add docker container network (ipv4 only) +# network => Add all docker container networks (ipv4 only) +# connected-networks => Add all connected docker networks (ipv4 only) PERMIT_DOCKER=none -TZ=Asia/Shanghai -TLS_LEVEL=modern -SPOOF_PROTECTION=1 +# Set the timezone. If this variable is unset, the container runtime will try to detect the time using +# `/etc/localtime`, which you can alternatively mount into the container. The value of this variable +# must follow the pattern `AREA/ZONE`, i.e. of you want to use Germany's time zone, use `Europe/Berlin`. +# You can lookup all available timezones here: https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List +TZ=Asia/Shanghai + +# In case you network interface differs from 'eth0', e.g. when you are using HostNetworking in Kubernetes, +# you can set NETWORK_INTERFACE to whatever interface you want. This interface will then be used. +# - **empty** => eth0 +NETWORK_INTERFACE= + +# empty => modern +# modern => Enables TLSv1.2 and modern ciphers only. (default) +# intermediate => Enables TLSv1, TLSv1.1 and TLSv1.2 and broad compatibility ciphers. +TLS_LEVEL= + +# Configures the handling of creating mails with forged sender addresses. +# +# **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing). +# 1 => Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages. +SPOOF_PROTECTION= + +# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation. +# - **0** => Disabled +# - 1 => Enabled ENABLE_SRS=0 # Enables the OpenDKIM service. @@ -65,7 +139,7 @@ SPAM_SUBJECT= # Enables Rspamd # **0** => Disabled # 1 => Enabled -ENABLE_RSPAMD=0 +ENABLE_RSPAMD=1 # When `ENABLE_RSPAMD=1`, an internal Redis instance is enabled implicitly. # This setting provides an opt-out to allow using an external instance instead. @@ -80,7 +154,7 @@ ENABLE_RSPAMD_REDIS= # # **0** => disabled # 1 => enabled -RSPAMD_LEARN=0 +RSPAMD_LEARN=1 # This settings controls whether checks should be performed on emails coming # from authenticated users (i.e. most likely outgoing emails). The default value @@ -97,7 +171,7 @@ RSPAMD_CHECK_AUTHENTICATED=0 # # **0** => disabled # 1 => enabled -RSPAMD_GREYLISTING=0 +RSPAMD_GREYLISTING=1 # Can be used to enable or disable the Hfilter group module. # @@ -119,7 +193,7 @@ RSPAMD_NEURAL=0 # Amavis content filter (used for ClamAV & SpamAssassin) # 0 => Disabled # 1 => Enabled -ENABLE_AMAVIS=1 +ENABLE_AMAVIS=0 # -1/-2/-3 => Only show errors # **0** => Show warnings @@ -317,7 +391,7 @@ ENABLE_SPAMASSASSIN=0 # - 1 => KAM enabled # # Note: only has an effect if `ENABLE_SPAMASSASSIN=1` -ENABLE_SPAMASSASSIN_KAM=0 +ENABLE_SPAMASSASSIN_KAM=1 # deliver spam messages to the inbox (tagged using SPAM_SUBJECT) SPAMASSASSIN_SPAM_TO_INBOX=1 @@ -326,7 +400,7 @@ SPAMASSASSIN_SPAM_TO_INBOX=1 MOVE_SPAM_TO_JUNK=1 # spam messages will be marked as read -MARK_SPAM_AS_READ=0 +MARK_SPAM_AS_READ=1 # add 'spam info' headers at, or above this level SA_TAG=2.0