Merge pull request #5106 from mailcow/staging

2023-03

.gitignore

@@ -13,7 +13,6 @@ data/conf/dovecot/acl_anyone
 data/conf/dovecot/dovecot-master.passwd
 data/conf/dovecot/dovecot-master.userdb
 data/conf/dovecot/extra.conf
-data/conf/dovecot/dovecot-fts-flatcurve.conf
 data/conf/dovecot/global_sieve_*
 data/conf/dovecot/last_login
 data/conf/dovecot/lua

data/Dockerfiles/dovecot/Dockerfile

@@ -1,17 +1,27 @@
-FROM debian:bullseye-slim as build
+FROM debian:bullseye-slim
 LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
-ARG DOVECOT=2.3.19.1
-ARG FLATCURVE=v0.3.2
-ARG XAPIAN=1.4.21
+# renovate: datasource=github-tags depName=dovecot/core versioning=semver-coerced
+ARG DOVECOT=2.3.20
+# renovate: datasource=github-releases depName=tianon/gosu versioning=semver-coerced
+ARG GOSU_VERSION=1.16
 ENV LC_ALL C
 
 
 # Add groups and users before installing Dovecot to not break compatibility
-RUN touch /etc/default/locale \
+RUN groupadd -g 5000 vmail \
+  && groupadd -g 401 dovecot \
+  && groupadd -g 402 dovenull \
+  && groupadd -g 999 sogo \
+  && usermod -a -G sogo nobody \
+  && useradd -g vmail -u 5000 vmail -d /var/vmail \
+  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
+  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
+  && touch /etc/default/locale \
   && apt-get update \
   && apt-get -y --no-install-recommends install \
+  build-essential \
   apt-transport-https \
   ca-certificates \
   cpanminus \
@@ -52,6 +62,7 @@ RUN touch /etc/default/locale \
   libproc-processtable-perl \
   libreadonly-perl \
   libregexp-common-perl \
+  libssl-dev \
   libsys-meminfo-perl \
   libterm-readkey-perl \
   libtest-deep-perl \
@@ -67,13 +78,7 @@ RUN touch /etc/default/locale \
   libunicode-string-perl \
   liburi-perl \
   libwww-perl \
-  libstemmer-dev \
-  libexttextcat-dev \
-  libldap-dev \
-  libghc-bzlib-dev \
   lua-sql-mysql \
-  liblz4-dev \
-  libzstd-dev \
   lua-socket \
   mariadb-client \
   procps \
@@ -84,152 +89,32 @@ RUN touch /etc/default/locale \
   syslog-ng-core \
   syslog-ng-mod-redis \
   wget \
-  git \
-  bison \
-  flex \
-  build-essential \
-  autoconf \
-  automake \
-  libtool \
-  make \
-  libxapian-dev \
-  default-libmysqlclient-dev \
-  libicu-dev \
-  zlib1g-dev \
-  pkg-config \
-  libsqlite3-dev \
-  liblua5.3-dev \
   && dpkgArch="$(dpkg --print-architecture | awk -F- '{ print $NF }')" \
   && wget -O /usr/local/bin/gosu "https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch" \
   && chmod +x /usr/local/bin/gosu \
-  && gosu nobody true
-#  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
-#  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
-#  && apt-get update \
-#  && apt-get -y --no-install-recommends install \
-#  dovecot-lua \
-#  dovecot-managesieved \
-#  dovecot-sieve \
-#  dovecot-lmtpd \
-#  dovecot-ldap \
-#  dovecot-mysql \
-#  dovecot-core \
-#  dovecot-pop3d \
-#  dovecot-imapd \
-#  dovecot-dev
+  && gosu nobody true \
+  && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \
+  && echo "deb https://repo.dovecot.org/ce-${DOVECOT}/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list \
+  && apt-get update \
+  && apt-get -y --no-install-recommends install \
+  dovecot-lua \
+  dovecot-managesieved \
+  dovecot-sieve \
+  dovecot-lmtpd \
+  dovecot-ldap \
+  dovecot-mysql \
+  dovecot-core \
+  dovecot-pop3d \
+  dovecot-imapd \
+  dovecot-solr \
+  && pip3 install mysql-connector-python html2text jinja2 redis \
+  && apt-get autoremove --purge -y \
+  && apt-get autoclean \
+  && rm -rf /var/lib/apt/lists/* \
+  && rm -rf /tmp/* /var/tmp/* /root/.cache/
+# imapsync dependencies
+RUN cpan Crypt::OpenSSL::PKCS12
 
-RUN cd /tmp && git clone --depth 1 --branch ${DOVECOT} https://github.com/dovecot/core.git dovecot/core && cd dovecot/core \
-  && ./autogen.sh \
-  && PANDOC=false ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --with-ssldir=/etc/ssl --enable-maintainer-mode --with-sql=yes --with-lua=yes --with-mysql --with-ldap --with-zstd --with-lz4 --with-ssl=openssl --with-notify=inotify --with-bzlib --with-zlib --enable-hardening --with-stemmer --with-textcat --with-icu \
-  && make -j6 \
-  && make install \
-  && make clean
-
-RUN cd /tmp && git clone --depth 1 --branch release-0.5 https://github.com/dovecot/pigeonhole dovecot/pigeonhole && cd dovecot/pigeonhole \
-  && ./autogen.sh \
-  && ./configure --with-dovecot=/usr/lib/dovecot --with-managesieve\ 
-  && make -j6 \
-  && make install \
-  && make clean
-
-RUN  cd /tmp && wget https://oligarchy.co.uk/xapian/${XAPIAN}/xapian-core-${XAPIAN}.tar.xz && tar xf xapian-core-${XAPIAN}.tar.xz && cd xapian-core-${XAPIAN} \
-  && ./configure --prefix=/usr/local/xapian \
-  && make -j6 \
-  && make install \
-  && make clean
-
-RUN cd /tmp && git clone --depth 1 --branch ${FLATCURVE} https://github.com/slusarz/dovecot-fts-flatcurve.git dovecot/flatcurve && cd dovecot/flatcurve \
-  && ./autogen.sh \
-  && ./configure --with-dovecot=/usr/lib/dovecot \
-  && make -j6 \
-  && make install \
-  && make clean
-
-FROM debian:bullseye-slim
-RUN groupadd -g 5000 vmail \
-  && groupadd -g 401 dovecot \
-  && groupadd -g 402 dovenull \
-  && groupadd -g 999 sogo \
-  && usermod -a -G sogo nobody \
-  && useradd -g vmail -u 5000 vmail -d /var/vmail \
-  && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \
-  && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \
-  && apt update && apt install lua-socket \
-  mariadb-client \
-  libstemmer-dev \
-  libexttextcat-dev \
-  libicu-dev \
-  libxapian-dev \
-  libsqlite3-dev \
-  liblua5.3-dev \
-  lua-sql-mysql \
-  libldap-dev \
-  procps \
-  python3-pip \
-  redis-server \
-  supervisor \
-  syslog-ng \
-  syslog-ng-core \
-  syslog-ng-mod-redis \
-  cpanminus \
-  curl \
-  libauthen-ntlm-perl \
-  libcgi-pm-perl \
-  libcrypt-openssl-rsa-perl \
-  libcrypt-ssleay-perl \
-  libdata-uniqid-perl \
-  libdbd-mysql-perl \
-  libdbi-perl \
-  libdigest-hmac-perl \
-  libdist-checkconflicts-perl \
-  libencode-imaputf7-perl \
-  libfile-copy-recursive-perl \
-  libfile-tail-perl \
-  libhtml-parser-perl \
-  libio-compress-perl \
-  libio-socket-inet6-perl \
-  libio-socket-ssl-perl \
-  libio-tee-perl \
-  libipc-run-perl \
-  libjson-webtoken-perl \
-  liblockfile-simple-perl \
-  libmail-imapclient-perl \
-  libmodule-implementation-perl \
-  libmodule-scandeps-perl \
-  libnet-ssleay-perl \
-  libpackage-stash-perl \
-  libpackage-stash-xs-perl \
-  libpar-packer-perl \
-  libparse-recdescent-perl \
-  libproc-processtable-perl \
-  libreadonly-perl \
-  libregexp-common-perl \
-  libsys-meminfo-perl \
-  libterm-readkey-perl \
-  libtest-deep-perl \
-  libtest-fatal-perl \
-  libtest-mock-guard-perl \
-  libtest-mockobject-perl \
-  libtest-nowarnings-perl \
-  libtest-pod-perl \
-  libtest-requires-perl \
-  libtest-simple-perl \
-  libtest-warn-perl \
-  libtry-tiny-perl \
-  libunicode-string-perl \
-  liburi-perl \
-  libwww-perl \
-  dnsutils \
-  gettext-base -y --no-install-recommends \
-  && pip3 install mysql-connector-python html2text jinja2 redis
-COPY --from=build /usr/lib/dovecot /usr/lib/dovecot
-COPY --from=build /usr/bin/doveconf /usr/bin/doveconf
-COPY --from=build /usr/bin/doveadm /usr/bin/doveadm
-COPY --from=build /usr/bin/dovecot-sysreport /usr/bin/dovecot-sysreport
-COPY --from=build /usr/sbin/dovecot /usr/sbin/dovecot
-COPY --from=build /usr/libexec/dovecot/ /usr/libexec/dovecot/
-COPY --from=build /usr/local/bin /usr/local/bin
-COPY --from=build /usr/local/xapian/ /usr/local/xapian
 COPY trim_logs.sh /usr/local/bin/trim_logs.sh
 COPY clean_q_aged.sh /usr/local/bin/clean_q_aged.sh
 COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -109,19 +109,17 @@ EOF
 
 echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone
 
-if [[ "${SKIP_XAPIAN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify listescape replication' > /etc/dovecot/mail_plugins
 echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify listescape replication mail_log' > /etc/dovecot/mail_plugins_imap
 echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 else
-echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins
-echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_flatcurve listescape replication' > /etc/dovecot/mail_plugins_imap
-echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_flatcurve notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
+echo -n 'quota acl zlib mail_crypt mail_crypt_acl mail_log notify fts fts_solr listescape replication' > /etc/dovecot/mail_plugins
+echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve mail_crypt mail_crypt_acl notify mail_log fts fts_solr listescape replication' > /etc/dovecot/mail_plugins_imap
+echo -n 'quota sieve acl zlib mail_crypt mail_crypt_acl fts fts_solr notify listescape replication' > /etc/dovecot/mail_plugins_lmtp
 fi
 chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
 
-sed -i 's/vsz_limit.*/vsz_limit = '${XAPIAN_HEAP}m/g /etc/dovecot/dovecot-fts-flatcurve.conf
-
 cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
 # Autogenerated by mailcow
 driver = mysql

data/Dockerfiles/dovecot/imapsync

@@ -8492,6 +8492,7 @@ sub xoauth2
         require HTML::Entities ;
         require JSON ;
         require JSON::WebToken::Crypt::RSA ;
+        require Crypt::OpenSSL::PKCS12;
         require Crypt::OpenSSL::RSA ;
         require Encode::Byte ;
         require IO::Socket::SSL ;
@@ -8532,8 +8533,9 @@ sub xoauth2
 
             $sync->{ debug } and myprint( "Service account: $iss\nKey file: $keyfile\nKey password: $keypass\n");
 
-            # Get private key from p12 file (would be better in perl...)
-            $key = `openssl pkcs12 -in "$keyfile" -nodes -nocerts -passin pass:$keypass -nomacver`;
+            # Get private key from p12 file
+            my $pkcs12 = Crypt::OpenSSL::PKCS12->new_from_file($keyfile);
+            $key = $pkcs12->private_key($keypass);
 
             $sync->{ debug } and myprint( "Private key:\n$key\n");
         }

data/conf/dovecot/dovecot-fts-flatcurve.conf

@@ -1,23 +0,0 @@
-plugin {
-  fts = flatcurve
-  fts_autoindex = yes
-
-  fts_languages = en de  
-
-  fts_tokenizers = generic email-address
-  fts_tokenizer_generic = algorithm=simple
-  # All of these are optional, and indicate the default values.
-  # They are listed here for documentation purposes; most people should
-  # not need to define/override in their config.
-  fts_flatcurve_commit_limit = 500
-  fts_flatcurve_max_term_size = 30
-  fts_flatcurve_min_term_size = 2
-  fts_flatcurve_optimize_limit = 10
-  fts_flatcurve_rotate_size = 5000
-  fts_flatcurve_rotate_time = 5000
-  fts_flatcurve_substring_search = yes
-}
-
-service indexer-worker {
-    vsz_limit = 1024m
-}

data/conf/dovecot/dovecot.conf

@@ -11,7 +11,6 @@ auth_mechanisms = plain login
 #mail_debug = yes
 #auth_debug = yes
 log_path = syslog
-log_debug = category=fts-flatcurve
 disable_plaintext_auth = yes
 # Uncomment on NFS share
 #mmap_disable = yes
@@ -190,6 +189,9 @@ plugin {
   acl_shared_dict = file:/var/vmail/shared-mailboxes.db
   acl = vfile
   acl_user = %u
+  fts = solr
+  fts_autoindex = yes
+  fts_solr = url=http://solr:8983/solr/dovecot-fts/
   quota = dict:Userquota::proxy::sqlquota
   quota_rule2 = Trash:storage=+100%%
   sieve = /var/vmail/sieve/%u.sieve
@@ -240,7 +242,6 @@ plugin {
   mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
   mail_log_fields = uid box msgid size
   mail_log_cached_only = yes
-
 }
 service quota-warning {
   executable = script /usr/local/bin/quota_notify.py
@@ -296,7 +297,6 @@ replication_dsync_parameters = -d -l 30 -U -n INBOX
 !include_try /etc/dovecot/extra.conf
 !include_try /etc/dovecot/sogo-sso.conf
 !include_try /etc/dovecot/shared_namespace.conf
-!include_try /etc/dovecot/dovecot-fts-flatcurve.conf
 # </Includes>
 default_client_limit = 10400
 default_vsz_limit = 1024 M

data/conf/rspamd/local.d/multimap.conf

@@ -159,8 +159,8 @@ BAZAAR_ABUSE_CH {
 }
 
 URLHAUS_ABUSE_CH {
-  type = "url";
-  filter = "full";
+  type = "selector";
+  selector = "urls";
   map = "https://urlhaus.abuse.ch/downloads/text_online/";
   score = 10.0;
 }

data/web/lang/lang.da-dk.json

@@ -4,14 +4,14 @@
         "app_passwds": "Administrer app-adgangskoder",
         "bcc_maps": "BCC kort",
         "delimiter_action": "Afgrænsning handling",
-        "eas_reset": "Nulstil EAS endheder",
+        "eas_reset": "Nulstil EAS enheder",
         "extend_sender_acl": "Tillad at udvide afsenderens ACL med eksterne adresser",
         "filters": "Filtre",
         "login_as": "Login som mailboks bruger",
-        "prohibited": "Forbudt af ACL",
-        "protocol_access": "Ændre protokol adgang",
+        "prohibited": "Nægtet af ACL",
+        "protocol_access": "Skift protokol adgang",
         "pushover": "Pushover",
-        "quarantine": "Karantæneaktioner",
+        "quarantine": "Karantænehandlinger",
         "quarantine_attachments": "Karantænevedhæftede filer",
         "quarantine_notification": "Skift karantænemeddelelser",
         "ratelimit": "Satsgrænse",
@@ -25,7 +25,10 @@
         "syncjobs": "Synkroniserings job",
         "tls_policy": "TLS politik",
         "unlimited_quota": "Ubegrænset plads for mailbokse",
-        "domain_desc": "Skift domæne beskrivelse"
+        "domain_desc": "Skift domæne beskrivelse",
+        "domain_relayhost": "Skift relæ host for et domæne",
+        "mailbox_relayhost": "Skift relæ-host for en postkasse",
+        "quarantine_category": "Skift kategorien for karantænemeddelelse"
     },
     "add": {
         "activate_filter_warn": "Alle andre filtre deaktiveres, når aktiv er markeret.",
@@ -59,7 +62,7 @@
         "gal": "Global adresseliste",
         "gal_info": "GAL indeholder alle objekter i et domæne og kan ikke redigeres af nogen bruger. Information om ledig / optaget i SOGo mangler, hvis deaktiveret! <b> Genstart SOGo for at anvende ændringer. </b>",
         "generate": "generere",
-        "goto_ham": "Lær som <span class=\"text-success\"><b>ham</b></span>",
+        "goto_ham": "Lær som <span class=\"text-success\"><b>ønsket</b></span>",
         "goto_null": "Kassér e-mail i stilhed",
         "goto_spam": "Lær som <span class=\"text-danger\"><b>spam</b></span>",
         "hostname": "Vært",
@@ -308,7 +311,9 @@
         "username": "Brugernavn",
         "validate_license_now": "Valider GUID mod licensserver",
         "verify": "Verificere",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "ip_check_opt_in": "Opt-In for brug af tredjepartstjeneste <strong>ipv4.mailcow.email</strong> og <strong>ipv6.mailcow.email</strong> til at finde eksterne IP-adresser.",
+        "queue_unban": "unban"
     },
     "danger": {
         "access_denied": "Adgang nægtet eller ugyldig formular data",
@@ -425,7 +430,8 @@
         "username_invalid": "Brugernavn %s kan ikke bruges",
         "validity_missing": "Tildel venligst en gyldighedsperiode",
         "value_missing": "Angiv alle værdier",
-        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s"
+        "yotp_verification_failed": "Yubico OTP verifikationen mislykkedes: %s",
+        "webauthn_publickey_failed": "Der er ikke gemt nogen offentlig nøgle for den valgte autentifikator"
     },
     "debug": {
         "chart_this_server": "Diagram (denne server)",
@@ -442,7 +448,8 @@
         "solr_status": "Solr-status",
         "started_on": "Startede den",
         "static_logs": "Statiske logfiler",
-        "system_containers": "System og Beholdere"
+        "system_containers": "System og Beholdere",
+        "error_show_ip": "Kunne ikke finde de offentlige IP-adresser"
     },
     "diagnostics": {
         "cname_from_a": "Værdi afledt af A / AAAA-post. Dette understøttes, så længe posten peger på den korrekte ressource.",
@@ -553,7 +560,11 @@
         "title": "Rediger objekt",
         "unchanged_if_empty": "Lad være tomt, hvis uændret",
         "username": "Brugernavn",
-        "validate_save": "Valider og gem"
+        "validate_save": "Valider og gem",
+        "admin": "Rediger administrator",
+        "lookup_mx": "Destination er et regulært udtryk, der matcher MX-navnet (<code>.*google\\.dk</code> for at dirigere al e-mail, der er målrettet til en MX, der ender på google.dk, over dette hop)",
+        "mailbox_relayhost_info": "Anvendt på postkassen og kun direkte aliasser, og overskriver et domæne relæ-host.",
+        "quota_warning_bcc": "Kvoteadvarsel BCC"
     },
     "footer": {
         "cancel": "Afbestille",
@@ -571,7 +582,7 @@
     "header": {
         "administration": "Konfiguration og detailer",
         "apps": "Apps",
-        "debug": "Systemoplysninger",
+        "debug": "Information",
         "email": "E-Mail",
         "mailcow_config": "Konfiguration",
         "quarantine": "Karantæne",
@@ -739,7 +750,10 @@
         "username": "Brugernavn",
         "waiting": "Venter",
         "weekly": "Ugentlig",
-        "yes": "&#10003;"
+        "yes": "&#10003;",
+        "goto_ham": "Lær som <b>ønsket</b>",
+        "catch_all": "Fang-alt",
+        "open_logs": "Åben logfiler"
     },
     "oauth2": {
         "access_denied": "Log ind som mailboks ejer for at give adgang via OAuth2.",
@@ -1066,5 +1080,11 @@
         "quota_exceeded_scope": "Domænekvote overskredet: Kun ubegrænsede postkasser kan oprettes i dette domæneomfang.",
         "session_token": "Form nøgle ugyldig: Nøgle passer ikke",
         "session_ua": "Form nøgle ugyldig: Bruger-Agent gyldighedskontrols fejl"
+    },
+    "datatables": {
+        "lengthMenu": "Vis _MENU_ poster",
+        "paginate": {
+            "first": "Først"
+        }
     }
 }

data/web/lang/lang.pl-pl.json

@@ -1,7 +1,8 @@
 {
     "acl": {
         "sogo_profile_reset": "Usuń profil SOGo (webmail)",
-        "syncjobs": "Polecenie synchronizacji"
+        "syncjobs": "Polecenie synchronizacji",
+        "alias_domains": "Dodaj aliasy domen"
     },
     "add": {
         "active": "Aktywny",

data/web/templates/debug.twig

@@ -612,7 +612,7 @@
               <li class="table_collapse_option"><a class="dropdown-item" data-datatables-expand="rl_log" data-table="rl_log" href="#">{{ lang.datatables.expand_all }}</a></li>
               <li class="table_collapse_option"><a class="dropdown-item" data-datatables-collapse="rl_log" data-table="rl_log" href="#">{{ lang.datatables.collapse_all }}</a></li>
             </ul>
-            <p class="text-muted">{{ lang.admin.hash_remove_info }}</p>
+            <p class="text-muted">{{ lang.admin.hash_remove_info|raw }}</p>
             <table id="rl_log" class="table table-striped dt-responsive w-100"></table>
           </div>
         </div>

data/web/templates/mailbox.twig

@@ -19,7 +19,7 @@
     </li>
     <li class="nav-item" role="presentation"><button class="nav-link" aria-controls="tab-resources" role="tab" data-bs-toggle="tab" data-bs-target="#tab-resources">{{ lang.mailbox.resources }}</button></li>
     <li class="nav-item dropdown">
-      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" data-bs-target="#">{{ lang.mailbox.aliases }}</a>
+      <a class="nav-link dropdown-toggle" data-bs-toggle="dropdown" href="#">{{ lang.mailbox.aliases }}</a>
       <ul class="dropdown-menu">
         <li role="presentation"><button class="dropdown-item" aria-selected="false" aria-controls="tab-mbox-aliases" role="tab" data-bs-toggle="tab" data-bs-target="#tab-mbox-aliases">{{ lang.mailbox.aliases }}</button></li>
         <li role="presentation"><button class="dropdown-item" aria-selected="false" aria-controls="tab-domain-aliases" role="tab" data-bs-toggle="tab" data-bs-target="#tab-domain-aliases">{{ lang.mailbox.domain_aliases }}</button></li>

docker-compose.yml

@@ -154,7 +154,7 @@ services:
         - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
         - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
         - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
-        - SKIP_XAPIAN=${SKIP_XAPIAN:-y}
+        - SKIP_SOLR=${SKIP_SOLR:-y}
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
@@ -216,7 +216,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.20-xapian
+      image: mailcow/dovecot:1.23
       depends_on:
         - mysql-mailcow
       dns:
@@ -250,8 +250,7 @@ services:
         - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
         - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
         - ACL_ANYONE=${ACL_ANYONE:-disallow}
-        - SKIP_XAPIAN=${SKIP_XAPIAN:-y}
-        - XAPIAN_HEAP=${XAPIAN_HEAP:-1024}
+        - SKIP_SOLR=${SKIP_SOLR:-y}
         - MAILDIR_SUB=${MAILDIR_SUB:-}
         - MASTER=${MASTER:-y}
         - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
@@ -282,7 +281,7 @@ services:
         ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
         ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
         ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
-        ofelia.job-exec.dovecot_fts.command: "doveadm fts optimize -A"
+        ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true"
         ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
         ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
       ulimits:
@@ -529,6 +528,22 @@ services:
           aliases:
             - dockerapi
 
+    solr-mailcow:
+      image: mailcow/solr:1.8.1
+      restart: always
+      volumes:
+        - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
+      ports:
+        - "${SOLR_PORT:-127.0.0.1:18983}:8983"
+      environment:
+        - TZ=${TZ}
+        - SOLR_HEAP=${SOLR_HEAP:-1024}
+        - SKIP_SOLR=${SKIP_SOLR:-y}
+      networks:
+        mailcow-network:
+          aliases:
+            - solr
+
     olefy-mailcow:
       image: mailcow/olefy:1.11
       restart: always
@@ -584,6 +599,7 @@ services:
         - netfilter-mailcow
         - watchdog-mailcow
         - dockerapi-mailcow
+        - solr-mailcow
       environment:
         - TZ=${TZ}
       image: robbertkl/ipv6nat
@@ -615,6 +631,7 @@ volumes:
   mysql-socket-vol-1:
   redis-vol-1:
   rspamd-vol-1:
+  solr-vol-1:
   postfix-vol-1:
   crypt-vol-1:
   sogo-web-vol-1:

generate_config.sh

@@ -122,23 +122,23 @@ else
 fi
 
 if [ ${MEM_TOTAL} -le "2097152" ]; then
-  echo "Disabling Xapian (full text search, build in Dovecot) on low-memory system."
-  SKIP_XAPIAN=y
+  echo "Disabling Solr on low-memory system."
+  SKIP_SOLR=y
 elif [ ${MEM_TOTAL} -le "3670016" ]; then
-  echo "Installed memory is <= 3.5 GiB. We suggest you to disable Xapian (full text search, build in Dovecot) to prevent out-of-memory situations."
-  echo "The default Xapian heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
-  echo "Xapian can be re-enabled by setting SKIP_XAPIAN=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
-  read -r -p  "Do you want to disable the FTS Xapian now? [Y/n] " response
+  echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
+  echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
+  echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
+  read -r -p  "Do you want to disable Solr now? [Y/n] " response
   case $response in
     [nN][oO]|[nN])
-      SKIP_XAPIAN=n
+      SKIP_SOLR=n
       ;;
     *)
-      SKIP_XAPIAN=y
+      SKIP_SOLR=y
     ;;
   esac
 else
-  SKIP_XAPIAN=n
+  SKIP_SOLR=n
 fi
 
 if [[ ${SKIP_BRANCH} != y ]]; then
@@ -243,6 +243,7 @@ POPS_PORT=995
 SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
+SOLR_PORT=127.0.0.1:18983
 REDIS_PORT=127.0.0.1:7654
 
 # Your timezone
@@ -328,14 +329,14 @@ SKIP_CLAMD=${SKIP_CLAMD}
 
 SKIP_SOGO=n
 
-# Skip Xapian (FTS) on low-memory systems or if you do not want to store a readable index of your mails in vmail-index-vol-1.
+# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
 
-SKIP_XAPIAN=${SKIP_XAPIAN}
+SKIP_SOLR=${SKIP_SOLR}
 
-# Xapian heap size in MB, there is no recommendation, please see Xapians docs.
-# Xapian is replacing solr completely. It is supposed to be much more efficient in CPU and RAM consumption.
+# Solr heap size in MB, there is no recommendation, please see Solr docs.
+# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
 
-XAPIAN_HEAP=1024
+SOLR_HEAP=1024
 
 # Allow admins to log into SOGo as email user (without any password)
 

helper-scripts/expiry-dates.sh

@@ -3,10 +3,11 @@
 [[ -f mailcow.conf ]] && source mailcow.conf
 [[ -f ../mailcow.conf ]] && source ../mailcow.conf
 
-POSTFIX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:25 -starttls smtp 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-DOVECOT=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:143 -starttls imap 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-NGINX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:443 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
-echo TLS expiry dates:
-echo Postfix: ${POSTFIX}
-echo Dovecot: ${DOVECOT}
-echo Nginx: ${NGINX}
+POSTFIX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${SMTP_PORT} -starttls smtp 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+DOVECOT=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${IMAP_PORT} -starttls imap 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+NGINX=$(echo | openssl s_client -connect ${MAILCOW_HOSTNAME}:${HTTPS_PORT} 2>/dev/null | openssl x509 -inform pem -noout -enddate | cut -d "=" -f 2)
+
+echo "TLS expiry dates:"
+echo "Postfix: ${POSTFIX}"
+echo "Dovecot: ${DOVECOT}"
+echo "Nginx:   ${NGINX}"

helper-scripts/nextcloud.sh

@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # renovate: datasource=github-releases depName=nextcloud/server versioning=semver extractVersion=^v(?<version>.*)$
-NEXTCLOUD_VERSION=25.0.3
+NEXTCLOUD_VERSION=25.0.4
 
 echo -ne "Checking prerequisites..."
 sleep 1

update.sh

@@ -388,8 +388,8 @@ CONFIG_ARRAY=(
   "MAILDIR_GC_TIME"
   "MAILDIR_SUB"
   "ACL_ANYONE"
-  "XAPIAN_HEAP"
-  "SKIP_XAPIAN"
+  "SOLR_HEAP"
+  "SKIP_SOLR"
   "ENABLE_SSL_SNI"
   "ALLOW_ADMIN_EMAIL_LOGIN"
   "SKIP_HTTP_VERIFICATION"
@@ -510,20 +510,20 @@ for option in ${CONFIG_ARRAY[@]}; do
       echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
       echo 'ACL_ANYONE=disallow' >> mailcow.conf
     fi
-  elif [[ ${option} == "XAPIAN_HEAP" ]]; then
+  elif [[ ${option} == "SOLR_HEAP" ]]; then
     if ! grep -q ${option} mailcow.conf; then
-      echo "Replacing SOLR_HEAP with \"${option}\" in mailcow.conf"
-      sed -i '/# Solr heap size in MB, there is no recommendation, please see Solr docs./c\# Xapian heap size in MB, there is no recommendation, please see Xapians docs.' mailcow.conf
-      sed -i '/# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended./c\# Xapian is replacing solr completely. It is supposed to be much more efficient in CPU and RAM consumption.'  mailcow.conf
-      sed -i '/SOLR_HEAP=/c\XAPIAN_HEAP=' mailcow.conf
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
+      echo '# Solr is a prone to run OOM on large systems and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
+      echo '# Solr will refuse to start with total system memory below or equal to 2 GB.' >> mailcow.conf
+      echo "SOLR_HEAP=1024" >> mailcow.conf
     fi
-  elif [[ ${option} == "SKIP_XAPIAN" ]]; then
+  elif [[ ${option} == "SKIP_SOLR" ]]; then
     if ! grep -q ${option} mailcow.conf; then
-      echo "Replacing SKIP_SOLR with \"${option}\" in mailcow.conf"
-      sed -i '/# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1./c\# Skip Xapian (FTS) on low-memory systems or if you do not want to store a readable index of your mails in vmail-index-vol-1.' mailcow.conf
-      sed -i '/SKIP_SOLR=/c\SKIP_XAPIAN=' mailcow.conf
-      echo "Removing Solr-Port Binding from mailcow.conf"
-      sed -i '/SOLR_PORT=/d' mailcow.conf
+      echo "Adding new option \"${option}\" to mailcow.conf"
+      echo '# Solr is disabled by default after upgrading from non-Solr to Solr-enabled mailcows.' >> mailcow.conf
+      echo '# Disable Solr or if you do not want to store a readable index of your mails in solr-vol-1.' >> mailcow.conf
+      echo "SKIP_SOLR=y" >> mailcow.conf
     fi
   elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
     if ! grep -q ${option} mailcow.conf; then