From 2e164621e80bc56be92c9f65e76e9e81b6642b54 Mon Sep 17 00:00:00 2001 From: Lucas Date: Sat, 8 Jun 2024 03:04:45 +0200 Subject: [PATCH 1/3] Add TLS options for SMTP (#693) * added smtp security settings for mta * Update README.md for mailman-core * change default values according to mailman docs * added smtp options to README --------- Co-authored-by: Abhilash Raj --- README.md | 3 +++ core/README.md | 5 +++++ core/docker-entrypoint.sh | 18 ++++++++++++++++++ 3 files changed, 26 insertions(+) diff --git a/README.md b/README.md index c5988de..f5aab45 100644 --- a/README.md +++ b/README.md @@ -214,6 +214,9 @@ These are the variables that you MUST change in your docker-compose.yaml before - `SMTP_PORT` : use this port. 25, 587, whatever your host asks for. - `SMTP_HOST_USER`: authenticate this user - `SMTP_HOST_PASSWORD`: and use this password +- `SMTP_SECURE_MODE`: security mode for smtp connection - can be `smtp` (no encryption), `smtps` or `starttls` +- `SMTP_VERIFY_HOSTNAME`: defaults to `true` - verify, that certificate hostname is identical to `SMTP_HOST` +- `SMTP_VERIFY_CERT`: defaults to `true` - verify, that certificate is valid For more details on how to configure this image, please look [Mailman-core's Readme](core/) diff --git a/core/README.md b/core/README.md index ec55bbc..52f6a10 100644 --- a/core/README.md +++ b/core/README.md @@ -60,6 +60,8 @@ standard version of docker-compose.yaml from this repository. - `SMTP_PORT`: Port used for SMTP. Default is `25`. +- `SMTP_SECURE_MODE`: Security mode (encryption) used for SMTP. Default is `smtp`. Can also be `starttls` or `smtps`. + - `HYPERKITTY_URL`: Default value is `http://mailman-web:8000/hyperkitty` In case of a need for fine tuning of REST API web-server that uses [Gunicorn](https://docs.gunicorn.org/en/stable/settings.html) (e.g. for raising of timeouts) `/opt/mailman/core/gunicorn-extra.cfg` file could be provided holding necessary configuration options. @@ -106,6 +108,9 @@ lmtp_host: $MM_HOSTNAME lmtp_port: 8024 smtp_host: $SMTP_HOST smtp_port: $SMTP_PORT +smtp_secure_mode: $SMTP_SECURE_MODE +smtp_verify_hostname: $SMTP_VERIFY_HOSTNAME +smtp_verify_cert: $SMTP_VERIFY_CERT configuration: python:mailman.config.exim4 [runner.retry] diff --git a/core/docker-entrypoint.sh b/core/docker-entrypoint.sh index d0bd089..3e544bb 100755 --- a/core/docker-entrypoint.sh +++ b/core/docker-entrypoint.sh @@ -43,6 +43,18 @@ if [[ ! -v SMTP_PORT ]]; then export SMTP_PORT=25 fi +if [[ ! -v SMTP_SECURE_MODE ]]; then + export SMTP_SECURE_MODE="smtp" +fi + +if [[ ! -v SMTP_VERIFY_HOSTNAME ]]; then + export SMTP_VERIFY_HOSTNAME="true" +fi + +if [[ ! -v SMTP_VERIFY_CERT ]]; then + export SMTP_VERIFY_CERT="true" +fi + # Check if REST port, username, and password are set, if not, set them # to default values. if [[ ! -v MAILMAN_REST_PORT ]]; then @@ -144,6 +156,9 @@ smtp_host: $SMTP_HOST smtp_port: $SMTP_PORT smtp_user: $SMTP_HOST_USER smtp_pass: $SMTP_HOST_PASSWORD +smtp_secure_mode: $SMTP_SECURE_MODE +smtp_verify_hostname: $SMTP_VERIFY_HOSTNAME +smtp_verify_cert: $SMTP_VERIFY_CERT configuration: python:mailman.config.exim4 EOF @@ -167,6 +182,9 @@ smtp_host: $SMTP_HOST smtp_port: $SMTP_PORT smtp_user: $SMTP_HOST_USER smtp_pass: $SMTP_HOST_PASSWORD +smtp_secure_mode: $SMTP_SECURE_MODE +smtp_verify_hostname: $SMTP_VERIFY_HOSTNAME +smtp_verify_cert: $SMTP_VERIFY_CERT configuration: /etc/postfix-mailman.cfg EOF From 4502598d2b9a10744dc132b4f1cad7937b796c11 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 7 Jun 2024 18:05:01 -0700 Subject: [PATCH 2/3] Bump django-mailman3 from 1.3.11 to 1.3.12 in /web (#689) Bumps [django-mailman3](https://gitlab.com/mailman/django-mailman3) from 1.3.11 to 1.3.12. - [Release notes](https://gitlab.com/mailman/django-mailman3/tags) - [Commits](https://gitlab.com/mailman/django-mailman3/compare/v1.3.11...v1.3.12) --- updated-dependencies: - dependency-name: django-mailman3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Abhilash Raj --- web/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web/requirements.txt b/web/requirements.txt index e6dcc61..9d54fee 100644 --- a/web/requirements.txt +++ b/web/requirements.txt @@ -1,4 +1,4 @@ mailmanclient==3.3.5 postorius==1.3.10 hyperkitty==1.3.9 -django-mailman3==1.3.11 \ No newline at end of file +django-mailman3==1.3.12 \ No newline at end of file From 1d883a7614e235d41277d7736af1824837aea807 Mon Sep 17 00:00:00 2001 From: Antonio Rocco <8lue@8lue.xyz> Date: Mon, 17 Jun 2024 12:14:51 +0200 Subject: [PATCH 3/3] [web, postorius] Fix libldap installation package group The libldap package is not installed in the mailman-web:0.5 and postorius images despite being listed as a dependency in the Dockerfile. This issue arises because libldap is included in the .build-deps virtual package group, which is removed at the end of the build process, causing the package to be uninstalled. This commit addresses the issue by moving libldap from the .build-deps virtual package group to the .mailman-rundeps virtual package group in both the web and postorius Dockerfiles. This ensures that libldap remains installed in the final image, as it is now part of the runtime dependencies. Changes: - Move libldap installation from .build-deps to .mailman-rundeps in postorius/Dockerfile and postorius/Dockerfile.env; - Move libldap installation from .build-deps to .mailman-rundeps in web/Dockerfile and web/Dockerfile.env. These changes are necessary to ensure that the libldap package is available in the running containers, preventing runtime errors related to missing LDAP dependencies. Signed-off-by: Antonio Rocco <8lue@8lue.xyz> --- postorius/Dockerfile | 4 ++-- postorius/Dockerfile.dev | 4 ++-- web/Dockerfile | 4 ++-- web/Dockerfile.dev | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/postorius/Dockerfile b/postorius/Dockerfile index 93eaca8..ec4f3d6 100644 --- a/postorius/Dockerfile +++ b/postorius/Dockerfile @@ -6,9 +6,9 @@ FROM alpine:3.20.0 # rights for management script RUN --mount=type=cache,target=/root/.cache \ set -ex \ - && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers libldap \ + && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers \ postgresql-dev mariadb-dev mariadb-connector-c python3-dev libffi-dev openldap-dev cargo rust \ - && apk add --no-cache --virtual .mailman-rundeps bash sassc tzdata \ + && apk add --no-cache --virtual .mailman-rundeps bash sassc tzdata libldap \ postgresql-client mysql-client py3-mysqlclient curl mailcap gettext \ python3 py3-pip libffi libuuid pcre-dev py-cryptography \ && python3 -m pip install --break-system-packages -U 'Django<4.3' pip setuptools wheel \ diff --git a/postorius/Dockerfile.dev b/postorius/Dockerfile.dev index b80a66c..989ec98 100644 --- a/postorius/Dockerfile.dev +++ b/postorius/Dockerfile.dev @@ -10,9 +10,9 @@ ARG CLIENT_REF # rights for management script RUN --mount=type=cache,target=/root/.cache \ set -ex \ - && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers libldap \ + && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers \ postgresql-dev mariadb-dev mariadb-connector-c python3-dev libffi-dev git cargo rust \ - && apk add --no-cache --virtual .mailman-rundeps bash sassc tzdata \ + && apk add --no-cache --virtual .mailman-rundeps bash sassc tzdata libldap \ postgresql-client mysql-client py3-mysqlclient curl mailcap \ python3 py3-pip libffi gettext py-cryptography \ && python3 -m pip install --break-system-packages -U pip setuptools wheel \ diff --git a/web/Dockerfile b/web/Dockerfile index 2c2f464..37deeba 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -9,9 +9,9 @@ COPY requirements.txt /tmp/ # rights for management script RUN --mount=type=cache,target=/root/.cache \ set -ex \ - && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers libldap \ + && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers \ postgresql-dev mariadb-dev mariadb-connector-c python3-dev libffi-dev openldap-dev cargo rust \ - && apk add --no-cache --virtual .mailman-rundeps bash sassc tzdata \ + && apk add --no-cache --virtual .mailman-rundeps bash sassc tzdata libldap \ postgresql-client mysql-client py3-mysqlclient curl mailcap gettext \ python3 py3-pip xapian-core xapian-bindings-python3 libffi pcre-dev py-cryptography \ && python3 -m pip install --break-system-packages -U 'Django<4.3' pip setuptools wheel \ diff --git a/web/Dockerfile.dev b/web/Dockerfile.dev index 7c93f3c..b629441 100644 --- a/web/Dockerfile.dev +++ b/web/Dockerfile.dev @@ -11,9 +11,9 @@ ARG CLIENT_REF # rights for management script RUN --mount=type=cache,target=/root/.cache \ set -ex \ - && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers git libldap \ + && apk add --no-cache --virtual .build-deps gcc libc-dev linux-headers git \ postgresql-dev mariadb-dev mariadb-connector-c python3-dev libffi-dev openldap-dev cargo rust \ - && apk add --no-cache --virtual .mailman-rundeps bash sassc pcre-dev tzdata \ + && apk add --no-cache --virtual .mailman-rundeps bash sassc pcre-dev tzdata libldap \ python3 py3-pip postgresql-client mysql-client py3-mysqlclient \ curl mailcap xapian-core xapian-bindings-python3 libffi gettext py-cryptography \ && python3 -m pip install --break-system-packages -U pip setuptools wheel \