data/Dockerfiles/clamd/Dockerfile

@@ -1,14 +1,12 @@
-FROM alpine:3.18
+FROM clamav/clamav:1.0.1-1_base
 
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
 RUN apk upgrade --no-cache \
   && apk add --update --no-cache \
   rsync \
-  clamav \
   bind-tools \
-  bash \
+  bash 
-  tini
 
 # init
 COPY clamd.sh /clamd.sh
@@ -16,9 +14,7 @@ RUN chmod +x /sbin/tini
 
 # healthcheck
 COPY healthcheck.sh /healthcheck.sh
-COPY clamdcheck.sh /usr/local/bin
 RUN chmod +x /healthcheck.sh
-RUN chmod +x /usr/local/bin/clamdcheck.sh
 HEALTHCHECK --start-period=6m CMD "/healthcheck.sh"
 
 ENTRYPOINT []

data/Dockerfiles/clamd/clamdcheck.sh

@@ -1,14 +0,0 @@
-#!/bin/sh
-
-set -eu
-
-if [ "${CLAMAV_NO_CLAMD:-}" != "false" ]; then
-	if [ "$(echo "PING" | nc localhost 3310)" != "PONG" ]; then
-		echo "ERROR: Unable to contact server"
-		exit 1
-	fi
-
-	echo "Clamd is up"
-fi
-
-exit 0

data/Dockerfiles/dovecot/Dockerfile

@@ -1,127 +1,119 @@
-FROM alpine:3.18
+FROM debian:bullseye-slim
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
+ARG DEBIAN_FRONTEND=noninteractive
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
+ARG DOVECOT=2.3.20
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
+ENV LC_ALL C
 
-ENV LANG C.UTF-8
-ENV LC_ALL C.UTF-8
 
 # Add groups and users before installing Dovecot to not break compatibility
-RUN addgroup -g 5000 vmail \
+RUN groupadd -g 5000 vmail \
-  && addgroup -g 401 dovecot \
+  && groupadd -g 401 dovecot \
-  && addgroup -g 402 dovenull \
+  && groupadd -g 402 dovenull \
-  && sed -i "s/999/99/" /etc/group \
+  && groupadd -g 999 sogo \
-  && addgroup -g 999 sogo \
+  && usermod -a -G sogo nobody \
-  && addgroup nobody sogo \
+  && useradd -g vmail -u 5000 vmail -d /var/vmail \
-  && adduser -D -u 5000 -G vmail -h /var/vmail vmail \
+  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
-  && adduser -D -G dovecot -u 401 -h /dev/null -s /sbin/nologin dovecot \
+  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
-  && adduser -D -G dovenull -u 402 -h /dev/null -s /sbin/nologin dovenull \
+  && touch /etc/default/locale \
-  && apk add --no-cache --update \
+  && apt-get update \
-  build-base \
+  && apt-get -y --no-install-recommends install \
-  bash \
+  build-essential \
-  bind-tools \
+  apt-transport-https \
   ca-certificates \
+  cpanminus \
   curl \
-  cyrus-sasl-dev \
+  dnsutils \
-  gcc \
+  dirmngr \
-  gettext-dev \
+  gettext \
-  gnupg \
+  gnupg2 \
-  gnupg-dirmngr \
   jq \
-  libintl \
+  libauthen-ntlm-perl \
-  libssl1.1 \
+  libcgi-pm-perl \
-  libstdc++ \
+  libcrypt-openssl-rsa-perl \
-  libxml2-dev \
+  libcrypt-ssleay-perl \
-  lua \
+  libdata-uniqid-perl \
-  lua-cjson \
+  libdbd-mysql-perl \
-  lua-socket \
+  libdbi-perl \
+  libdigest-hmac-perl \
+  libdist-checkconflicts-perl \
+  libencode-imaputf7-perl \
+  libfile-copy-recursive-perl \
+  libfile-tail-perl \
+  libhtml-parser-perl \
+  libio-compress-perl \
+  libio-socket-inet6-perl \
+  libio-socket-ssl-perl \
+  libio-tee-perl \
+  libipc-run-perl \
+  libjson-webtoken-perl \
+  liblockfile-simple-perl \
+  libmail-imapclient-perl \
+  libmodule-implementation-perl \
+  libmodule-scandeps-perl \
+  libnet-ssleay-perl \
+  libpackage-stash-perl \
+  libpackage-stash-xs-perl \
+  libpar-packer-perl \
+  libparse-recdescent-perl \
+  libproc-processtable-perl \
+  libreadonly-perl \
+  libregexp-common-perl \
+  libssl-dev \
+  libsys-meminfo-perl \
+  libterm-readkey-perl \
+  libtest-deep-perl \
+  libtest-fatal-perl \
+  libtest-mock-guard-perl \
+  libtest-mockobject-perl \
+  libtest-nowarnings-perl \
+  libtest-pod-perl \
+  libtest-requires-perl \
+  libtest-simple-perl \
+  libtest-warn-perl \
+  libtry-tiny-perl \
+  libunicode-string-perl \
+  liburi-perl \
+  libwww-perl \
   lua-sql-mysql \
-  lua5.3-sql-mysql \
+  lua-socket \
-  make \
-  mariadb-connector-c \
-  mariadb-dev \
-  glib-dev \
-  gcompat \
   mariadb-client \
-# libressl-dev \
-  openssl-dev \
-  pcre-dev \
-  perl \
-  perl-dev \
-  perl-ntlm \
-  perl-cgi \
-  perl-crypt-openssl-rsa \
-  perl-utils \
-  perl-crypt-ssleay \
-  perl-data-uniqid \
-  perl-dbd-mysql \
-  perl-dbi \
-  perl-digest-hmac \
-  perl-dist-checkconflicts \
-  perl-encode-imaputf7 \
-  perl-file-copy-recursive \
-  perl-file-tail \
-  perl-io-socket-inet6 \
-  perl-io-gzip \
-  perl-io-socket-ssl \
-  perl-io-tee \
-  perl-ipc-run \
-  perl-json-webtoken \
-  perl-mail-imapclient \
-  perl-module-implementation \
-  perl-module-scandeps \
-  perl-net-ssleay \
-  perl-package-stash \
-  perl-package-stash-xs \
-  perl-par-packer \
-  perl-parse-recdescent \
-  libproc \
-  perl-readonly \
-  perl-regexp-common \
-  perl-sys-meminfo \
-  perl-term-readkey \
-  perl-test-deep \
-  perl-test-fatal \
-  perl-test-mockobject \
-  perl-test-mock-guard \
-  perl-test-pod \
-  perl-test-requires \
-  perl-test-simple \
-  perl-test-warn \
-  perl-try-tiny \
-  perl-unicode-string \
-  perl-proc-processtable \
-  perl-app-cpanminus \
   procps \
-  python3 \
+  python3-pip \
-  python3-dev \
+  redis-server \
-  py3-pip \
-  redis \
-  syslog-ng \
-  syslog-ng-redis \
-  syslog-ng-json \
   supervisor \
-  tzdata \
+  syslog-ng \
+  syslog-ng-core \
+  syslog-ng-mod-redis \
   wget \
-  dovecot \
+  && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
-  dovecot-dev \
+  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
-  dovecot-lmtpd \
+  && chmod +x /usr/local/bin/gosu \
+  && gosu nobody true \
+  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
+  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
+  && apt-get update \
+  && apt-get -y --no-install-recommends install \
   dovecot-lua \
+  dovecot-managesieved \
+  dovecot-sieve \
+  dovecot-lmtpd \
   dovecot-ldap \
   dovecot-mysql \
-  dovecot-sql \
+  dovecot-core \
-  dovecot-submissiond \
-  dovecot-pigeonhole-plugin \
   dovecot-pop3d \
-  dovecot-fts-solr \
+  dovecot-imapd \
-  && arch=$(arch | sed s/aarch64/arm64/ | sed s/x86_64/amd64/) \
+  dovecot-solr \
-  && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$arch" \
+  && pip3 install mysql-connector-python html2text jinja2 redis \
-  && chmod +x /usr/local/bin/gosu \
+  && apt-get autoremove --purge -y \
-  && gosu nobody true
+  && apt-get autoclean \
-
+  && rm -rf /var/lib/apt/lists/* \
-RUN cpan LockFile::Simple
+  && rm -rf /tmp/* /var/tmp/* /root/.cache/
-
+# imapsync dependencies
-RUN pip3 install mysql-connector-python html2text jinja2 redis
+RUN cpan Crypt::OpenSSL::PKCS12
 
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
@@ -143,4 +135,4 @@ COPY quota_notify.py /usr/local/bin/quota_notify.py
 COPY repl_health.sh /usr/local/bin/repl_health.sh
 
 ENTRYPOINT ["/docker-entrypoint.sh"]
-CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf

data/Dockerfiles/dovecot/supervisord.conf

@@ -13,10 +13,6 @@ autostart=true
 
 [program:dovecot]
 command=/usr/sbin/dovecot -F
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
 autorestart=true
 
 [eventlistener:processes]

data/Dockerfiles/dovecot/syslog-ng-redis_slave.conf

@@ -1,4 +1,4 @@
-@version: 4.1
+@version: 3.28
 @include "scl.conf"
 options {
   chain_hostnames(off);
@@ -6,11 +6,11 @@ options {
   use_dns(no);
   use_fqdn(no);
   owner("root"); group("adm"); perm(0640);
-  stats(freq(0));
+  stats_freq(0);
   bad_hostname("^gconfd$");
 };
-source s_dgram {
+source s_src {
-  unix-dgram("/dev/log");
+  unix-stream("/dev/log");
   internal();
 };
 destination d_stdout { pipe("/dev/stdout"); };
@@ -36,7 +36,7 @@ filter f_replica {
   not match("Error: sync: Unknown user in remote" value("MESSAGE"));
 };
 log {
-  source(s_dgram);
+  source(s_src);
   filter(f_replica);
   destination(d_stdout);
   filter(f_mail);

data/Dockerfiles/dovecot/syslog-ng.conf

@@ -1,4 +1,4 @@
-@version: 4.1
+@version: 3.28
 @include "scl.conf"
 options {
   chain_hostnames(off);
@@ -6,11 +6,11 @@ options {
   use_dns(no);
   use_fqdn(no);
   owner("root"); group("adm"); perm(0640);
-  stats(freq(0));
+  stats_freq(0);
   bad_hostname("^gconfd$");
 };
-source s_dgram {
+source s_src {
-  unix-dgram("/dev/log");
+  unix-stream("/dev/log");
   internal();
 };
 destination d_stdout { pipe("/dev/stdout"); };
@@ -36,7 +36,7 @@ filter f_replica {
   not match("Error: sync: Unknown user in remote" value("MESSAGE"));
 };
 log {
-  source(s_dgram);
+  source(s_src);
   filter(f_replica);
   destination(d_stdout);
   filter(f_mail);

data/Dockerfiles/rspamd/Dockerfile

@@ -1,19 +1,19 @@
-FROM debian:bookworm-slim
+FROM debian:bullseye-slim
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG CODENAME=bookworm
+ARG CODENAME=bullseye
 ENV LC_ALL C
 
-RUN apt-get update && apt-get install -y --no-install-recommends \
+RUN apt-get update && apt-get install -y \
   tzdata \
   ca-certificates \
   gnupg2 \
   apt-transport-https \
   dnsutils \
-  netcat-traditional \
+  netcat \
   && apt-key adv --fetch-keys https://rspamd.com/apt-stable/gpg.key \
-  && echo "deb https://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list \
+  && echo "deb [arch=amd64] https://rspamd.com/apt-stable/ $CODENAME main" > /etc/apt/sources.list.d/rspamd.list \
   && apt-get update \
   && apt-get --no-install-recommends -y install rspamd redis-tools procps nano \
   && rm -rf /var/lib/apt/lists/* \

data/Dockerfiles/sogo/Dockerfile

@@ -2,7 +2,7 @@ FROM debian:bullseye-slim
 LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG SOGO_DEBIAN_REPOSITORY=http://www.axis.cz/linux/debian
+ARG SOGO_DEBIAN_REPOSITORY=http://packages.sogo.nu/nightly/5/debian/
 # renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
 ARG GOSU_VERSION=1.16
 ENV LC_ALL C
@@ -32,7 +32,7 @@ RUN echo "Building from repository $SOGO_DEBIAN_REPOSITORY" \
   && mkdir /usr/share/doc/sogo \
   && touch /usr/share/doc/sogo/empty.sh \
   && apt-key adv --keyserver keys.openpgp.org --recv-key 74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9 \
-  && echo "deb [trusted=yes] ${SOGO_DEBIAN_REPOSITORY} bullseye sogo-v5" > /etc/apt/sources.list.d/sogo.list \
+  && echo "deb ${SOGO_DEBIAN_REPOSITORY} bullseye bullseye" > /etc/apt/sources.list.d/sogo.list \
   && apt-get update && apt-get install -y --no-install-recommends \
     sogo \
     sogo-activesync \

data/Dockerfiles/solr/Dockerfile

@@ -1,5 +1,4 @@
 FROM solr:7.7-slim
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
 
 USER root
 

data/Dockerfiles/watchdog/Dockerfile

@@ -1,5 +1,5 @@
 FROM alpine:3.17
-LABEL maintainer "The Infrastructure Company GmbH <info@servercow.de>"
+LABEL maintainer "André Peters <andre.peters@servercow.de>"
 
 # Installation
 RUN apk add --update \

data/conf/dovecot/dovecot.conf

@@ -241,8 +241,8 @@ plugin {
   mail_crypt_global_public_key = </mail_crypt/ecpubkey.pem
   mail_crypt_save_version = 2
 
-  # Enable compression while saving, zstd Dovecot v2.3.17+
+  # Enable compression while saving, lz4 Dovecot v2.2.11+
-  zlib_save = zstd
+  zlib_save = lz4
 
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size

docker-compose.yml

@@ -2,7 +2,7 @@ version: '2.1'
 services:
 
     unbound-mailcow:
-      image: mailcow/unbound:1.19
+      image: mailcow/unbound:1.17
       environment:
         - TZ=${TZ}
       volumes:
@@ -58,7 +58,7 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.63
+      image: mailcow/clamd:1.61
       restart: always
       depends_on:
         - unbound-mailcow
@@ -76,7 +76,7 @@ services:
             - clamd
 
     rspamd-mailcow:
-      image: mailcow/rspamd:1.93
+      image: mailcow/rspamd:1.92
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -106,7 +106,7 @@ services:
             - rspamd
 
     php-fpm-mailcow:
-      image: mailcow/phpfpm:1.85
+      image: mailcow/phpfpm:1.84
       command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
       depends_on:
         - redis-mailcow
@@ -170,7 +170,7 @@ services:
             - phpfpm
 
     sogo-mailcow:
-      image: mailcow/sogo:1.119
+      image: mailcow/sogo:1.118
       environment:
         - DBNAME=${DBNAME}
         - DBUSER=${DBUSER}
@@ -217,7 +217,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.25
+      image: mailcow/dovecot:1.24
       depends_on:
         - mysql-mailcow
       dns:
@@ -297,7 +297,7 @@ services:
             - dovecot
 
     postfix-mailcow:
-      image: mailcow/postfix:1.72
+      image: mailcow/postfix:1.71
       depends_on:
         - mysql-mailcow
       volumes:
@@ -391,7 +391,7 @@ services:
     acme-mailcow:
       depends_on:
         - nginx-mailcow
-      image: mailcow/acme:1.85
+      image: mailcow/acme:1.84
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -427,7 +427,7 @@ services:
             - acme
 
     netfilter-mailcow:
-      image: mailcow/netfilter:1.53
+      image: mailcow/netfilter:1.52
       stop_grace_period: 30s
       depends_on:
         - dovecot-mailcow
@@ -450,7 +450,7 @@ services:
         - /lib/modules:/lib/modules:ro
 
     watchdog-mailcow:
-      image: mailcow/watchdog:1.98
+      image: mailcow/watchdog:1.97
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       tmpfs:
@@ -512,7 +512,7 @@ services:
             - watchdog
 
     dockerapi-mailcow:
-      image: mailcow/dockerapi:2.06
+      image: mailcow/dockerapi:2.05
       security_opt:
         - label=disable
       restart: always
@@ -531,7 +531,7 @@ services:
             - dockerapi
 
     solr-mailcow:
-      image: mailcow/solr:1.8.2
+      image: mailcow/solr:1.8.1
       restart: always
       volumes:
         - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
@@ -547,7 +547,7 @@ services:
             - solr
 
     olefy-mailcow:
-      image: mailcow/olefy:1.12
+      image: mailcow/olefy:1.11
       restart: always
       environment:
         - TZ=${TZ}