Merge branch 'staging' into staging

2025-12-13 01:45:59 +00:00 · 2023-12-11 16:28:05 +01:00
parent 218ba69501 c2e5dfd933
commit 7f4e9c1ad4
231 changed files with 15439 additions and 8892 deletions
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -21,43 +21,76 @@ if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep
 if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
 if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi

-for bin in openssl curl docker git awk sha1sum; do
+for bin in openssl curl docker git awk sha1sum grep cut; do
  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
 done

 if docker compose > /dev/null 2>&1; then
-    if docker compose version --short | grep "^2." > /dev/null 2>&1; then
+    if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
      COMPOSE_VERSION=native
-      echo -e "\e[31mFound Docker Compose Plugin (native).\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
+      echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
+      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
      sleep 2
      echo -e "\e[33mNotice: You´ll have to update this Compose Version via your Package Manager manually!\e[0m"
    else
      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/i_u_m/i_u_m_install/\e[0m"
      exit 1
    fi
 elif docker-compose > /dev/null 2>&1; then
  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
    if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
      COMPOSE_VERSION=standalone
-      echo -e "\e[31mFound Docker Compose Standalone.\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
+      echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
+      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
      sleep 2
      echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
    else
      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m" 
-      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/i_u_m/i_u_m_install/\e[0m"
      exit 1
    fi
  fi

 else
  echo -e "\e[31mCannot find Docker Compose.\e[0m" 
-  echo -e "\e[31mPlease install it regarding to this doc site: https://mailcow.github.io/mailcow-dockerized-docs/i_u_m/i_u_m_install/\e[0m"
+  echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/i_u_m/i_u_m_install/\e[0m"
  exit 1
 fi
-    
+
+detect_bad_asn() {
+  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
+  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+  if [ "$response" -eq 503 ]; then
+    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
+      sleep 2
+      echo ""
+      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
+      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
+      echo ""
+      sleep 2
+
+    else
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
+    fi
+  elif [ "$response" -eq 200 ]; then
+    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
+  elif [ "$response" -eq 429 ]; then
+    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
+  else
+    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
+  fi
+}
+
+### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
+if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
+  SKIP_BRANCH=y
+else
+  SKIP_BRANCH=n
+fi

 if [ -f mailcow.conf ]; then
  read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response
@@ -76,9 +109,24 @@ echo "Press enter to confirm the detected value '[value]' where applicable or en
 while [ -z "${MAILCOW_HOSTNAME}" ]; do
  read -p "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: " -e MAILCOW_HOSTNAME
  DOTS=${MAILCOW_HOSTNAME//[^.]};
-  if [ ${#DOTS} -lt 2 ] && [ ! -z ${MAILCOW_HOSTNAME} ]; then
-    echo "${MAILCOW_HOSTNAME} is not a FQDN"
-    MAILCOW_HOSTNAME=
+  if [ ${#DOTS} -lt 1 ]; then
+    echo -e "\e[31mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is not a FQDN!\e[0m"
+    sleep 1
+    echo "Please change it to a FQDN and redeploy the stack with docker(-)compose up -d"
+    exit 1
+  elif [[ "${MAILCOW_HOSTNAME: -1}" == "." ]]; then
+    echo "MAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) is ending with a dot. This is not a valid FQDN!"
+    exit 1
+  elif [ ${#DOTS} -eq 1 ]; then
+    echo -e "\e[33mMAILCOW_HOSTNAME (${MAILCOW_HOSTNAME}) does not contain a Subdomain. This is not fully tested and may cause issues.\e[0m"
+    echo "Find more information about why this message exists here: https://github.com/mailcow/mailcow-dockerized/issues/1572"
+    read -r -p "Do you want to proceed anyway? [y/N] " response
+    if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+      echo "OK. Procceding."
+    else
+      echo "OK. Exiting."
+      exit 1
+    fi
  fi
 done

@@ -135,32 +183,44 @@ else
  SKIP_SOLR=n
 fi

-echo "Which branch of mailcow do you want to use?"
-echo ""
-echo "Available Branches:"
-echo "- master branch (stable updates) | default, recommended [1]"
-echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
-sleep 1
+if [[ ${SKIP_BRANCH} != y ]]; then
+  echo "Which branch of mailcow do you want to use?"
+  echo ""
+  echo "Available Branches:"
+  echo "- master branch (stable updates) | default, recommended [1]"
+  echo "- nightly branch (unstable updates, testing) | not-production ready [2]"
+  sleep 1

-while [ -z "${MAILCOW_BRANCH}" ]; do
-  read -r -p  "Choose the Branch with it´s number [1/2] " branch
-  case $branch in
-    [2])
-      MAILCOW_BRANCH="nightly"
+  while [ -z "${MAILCOW_BRANCH}" ]; do
+    read -r -p  "Choose the Branch with it´s number [1/2] " branch
+    case $branch in
+      [2])
+        MAILCOW_BRANCH="nightly"
+        ;;
+      *)
+        MAILCOW_BRANCH="master"
      ;;
-    *)
-      MAILCOW_BRANCH="master"
-    ;;
-  esac
-done
+    esac
+  done
+
+  git fetch --all
+  git checkout -f $MAILCOW_BRANCH
+
+elif [[ ${SKIP_BRANCH} == y ]]; then
+  echo -e "\033[33mEnabled Dev Mode.\033[0m"
+  echo -e "\033[33mNot checking out a different branch!\033[0m"
+  MAILCOW_BRANCH=$(git rev-parse --short $(git rev-parse @{upstream}))
+
+else
+  echo -e "\033[31mCould not determine branch input..."
+  echo -e "\033[31mExiting."
+  exit 1
+fi  

 if [ ! -z "${MAILCOW_BRANCH}" ]; then
  git_branch=${MAILCOW_BRANCH}
 fi

-git fetch --all
-git checkout -f $git_branch
-
 [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc

 cat << EOF > mailcow.conf
@@ -175,7 +235,7 @@ MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}

 # Password hash algorithm
 # Only certain password hash algorithm are supported. For a fully list of supported schemes,
-# see https://mailcow.github.io/mailcow-dockerized-docs/models/model-passwd/
+# see https://docs.mailcow.email/models/model-passwd/
 MAILCOW_PASS_SCHEME=BLF-CRYPT

 # ------------------------------
@@ -187,8 +247,8 @@ DBUSER=mailcow

 # Please use long, random alphanumeric strings (A-Za-z0-9)

-DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
-DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
+DBPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)
+DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)

 # ------------------------------
 # HTTP/S Bindings
@@ -201,7 +261,7 @@ DBROOT=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
 # IMPORTANT: Do not use port 8081, 9081 or 65510!
 # Example: HTTP_BIND=1.2.3.4
 # For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
-# For IPv6 see https://mailcow.github.io/mailcow-dockerized-docs/post_installation/firststeps-ip_bindings/
+# For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/

 HTTP_PORT=80
 HTTP_BIND=
@@ -230,7 +290,7 @@ REDIS_PORT=127.0.0.1:7654

 # Your timezone
 # See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
-# Use the row named 'TZ database name' + pay attention for 'Notes' row
+# Use the column named 'TZ identifier' + pay attention for the column named 'Notes'

 TZ=${MAILCOW_TZ}

@@ -243,7 +303,7 @@ COMPOSE_PROJECT_NAME=mailcowdockerized
 # Switch here between native (compose plugin) and standalone
 # For more informations take a look at the mailcow docs regarding the configuration options.
 # Normally this should be untouched but if you decided to use either of those you can switch it manually here.
-# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail.
+# Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.

 DOCKER_COMPOSE_VERSION=${COMPOSE_VERSION}

@@ -292,7 +352,7 @@ SKIP_LETS_ENCRYPT=n

 # Create seperate certificates for all domains - y/n
 # this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
-# see https://wiki.dovecot.org/SSL/SNIClientSupport
+# see https://doc.dovecot.org/admin_manual/ssl/sni_support
 ENABLE_SSL_SNI=n

 # Skip IPv4 check in ACME container - y/n
@@ -412,7 +472,7 @@ DOVECOT_MASTER_PASS=
 # Optional: Leave empty for none
 # This value is only used on first order!
 # Setting it at a later point will require the following steps:
-# https://mailcow.github.io/mailcow-dockerized-docs/troubleshooting/debug-reset_tls/
+# https://docs.mailcow.email/troubleshooting/debug-reset_tls/
 ACME_CONTACT=

 # WebAuthn device manufacturer verification
@@ -420,6 +480,13 @@ ACME_CONTACT=
 # root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
 WEBAUTHN_ONLY_TRUSTED_VENDORS=n

+# Spamhaus Data Query Service Key
+# Optional: Leave empty for none
+# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist. 
+# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
+# Otherwise it will work normally.
+SPAMHAUS_DQS_KEY=
+
 EOF

 mkdir -p data/assets/ssl
@@ -434,18 +501,37 @@ echo "Copying snake-oil certificate..."
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/

 # Set app_info.inc.php
-if [ ${git_branch} == "master" ]; then
-  mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
-elif [ ${git_branch} == "nightly" ]; then
-  mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
-  mailcow_last_git_version=""
-else
-  mailcow_git_version=$(git rev-parse --short HEAD)
-  mailcow_last_git_version=""
-fi
+case ${git_branch} in
+  master)
+    mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+    ;;
+  nightly)
+    mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+    mailcow_last_git_version=""
+    ;;
+  *)
+    mailcow_git_version=$(git rev-parse --short HEAD)
+    mailcow_last_git_version=""
+    ;;
+esac
+# if [ ${git_branch} == "master" ]; then
+#   mailcow_git_version=$(git describe --tags `git rev-list --tags --max-count=1`)
+# elif [ ${git_branch} == "nightly" ]; then
+#   mailcow_git_version=$(git rev-parse --short $(git rev-parse @{upstream}))
+#   mailcow_last_git_version=""
+# else
+#   mailcow_git_version=$(git rev-parse --short HEAD)
+#   mailcow_last_git_version=""
+# fi

+if [[ $SKIP_BRANCH != "y" ]]; then
 mailcow_git_commit=$(git rev-parse origin/${git_branch})
 mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
+else
+mailcow_git_commit=$(git rev-parse ${git_branch})
+mailcow_git_commit_date=$(git log -1 --format=%ci @{upstream} )
+git_branch=$(git rev-parse --abbrev-ref HEAD)
+fi

 if [ $? -eq 0 ]; then
  echo '<?php' > data/web/inc/app_info.inc.php
@@ -473,3 +559,5 @@ else
  echo '?>' >> data/web/inc/app_info.inc.php
  echo -e "\e[33mCannot determine current git repository version...\e[0m"
 fi
+
+detect_bad_asn