[Dovecot] Dovecot 2.3.1, Pigeonhole 0.5.1

[ClamAV] 0.100.0, new log method without pipes
[Compose] New images for Dovecot and ClamAV, add persistent tty to clamd-mailcow

data/Dockerfiles/clamd/Dockerfile

@@ -6,7 +6,7 @@ LABEL maintainer "André Peters <andre.peters@servercow.de>"
 COPY dl_files.sh bootstrap.sh ./
 
 # Installation
-ENV CLAMAV 0.99.3
+ENV CLAMAV 0.100.0
 
 RUN apk add --no-cache --virtual build-dependencies alpine-sdk ncurses-dev zlib-dev bzip2-dev pcre-dev linux-headers fts-dev libxml2-dev libressl-dev \
   && apk add --no-cache curl bash tini libxml2 libbz2 pcre fts libressl \
@@ -33,11 +33,12 @@ RUN apk add --no-cache --virtual build-dependencies alpine-sdk ncurses-dev zlib-
   && apk del build-dependencies \
   && addgroup -S clamav \
   && adduser -S -D -h /var/lib/clamav -s /sbin/nologin -G clamav -g clamav clamav \
+  && adduser clamav tty \
   && mkdir -p /run/clamav \
   && chown clamav:clamav /run/clamav \
-	&& chmod +x /dl_files.sh \
-	&& set -ex; /bin/bash /dl_files.sh \
-	&& chmod 750 /run/clamav
+  && chmod +x /dl_files.sh \
+  && set -ex; /bin/bash /dl_files.sh \
+  && chmod 750 /run/clamav
 
 # Port provision
 EXPOSE 3310

data/Dockerfiles/clamd/bootstrap.sh

@@ -7,18 +7,20 @@ if [[ "${SKIP_CLAMD}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
 fi
 
 # Create log pipes
-mkdir /var/log/clamav
+mkdir -p /var/log/clamav
 touch /var/log/clamav/clamd.log /var/log/clamav/freshclam.log
-mkfifo -m 600 /tmp/logpipe_clamd
-mkfifo -m 600 /tmp/logpipe_freshclam
-chown -R clamav:clamav /var/log/clamav/ /tmp/logpipe_*
-cat <> /tmp/logpipe_clamd 1>&2 &
-cat <> /tmp/logpipe_freshclam 1>&2 &
+chown -R clamav:clamav /var/log/clamav/
 
 # Prepare
 BACKGROUND_TASKS=()
 
-freshclam -d &
+(
+while true; do
+  sleep 1m
+  freshclam
+  sleep 1h
+done
+) &
 BACKGROUND_TASKS+=($!)
 
 clamd &

data/Dockerfiles/dovecot/Dockerfile

@@ -3,8 +3,8 @@ LABEL maintainer "Andre Peters <andre.peters@servercow.de>"
 
 ARG DEBIAN_FRONTEND=noninteractive
 ENV LC_ALL C
-ENV DOVECOT_VERSION 2.2.33.2
-ENV PIGEONHOLE_VERSION 0.4.21
+ENV DOVECOT_VERSION 2.3.1
+ENV PIGEONHOLE_VERSION 0.5.1
 
 RUN apt-get update && apt-get -y --no-install-recommends install \
   automake \
@@ -27,9 +27,11 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
   libauthen-ntlm-perl \
   libbz2-dev \
   libcrypt-ssleay-perl \
+  libcurl4-openssl-dev \
   libdbd-mysql-perl \
   libdbi-perl \
   libdigest-hmac-perl \
+  libexpat1-dev \
   libfile-copy-recursive-perl \
   libio-compress-perl \
   libio-socket-inet6-perl \
@@ -63,24 +65,21 @@ RUN apt-get update && apt-get -y --no-install-recommends install \
   && rm -rf /var/lib/apt/lists/*
 
 
-RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz  \
+RUN curl https://www.dovecot.org/releases/2.3/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz  \
   && cd dovecot-$DOVECOT_VERSION \
-  && curl -o src/lib-auth/auth-client-request.c https://mailcow.email/dovecot-patch1/auth-client-request.c \
-  && curl -o src/lib-auth/auth-server-connection.c https://mailcow.email/dovecot-patch1/auth-server-connection.c \
-  && curl -o src/lib-auth/auth-server-connection.h https://mailcow.email/dovecot-patch1/auth-server-connection.h \
-  && ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
+  && ./configure --with-solr --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
   && make -j3 \
   && make install \
   && make clean \
   && cd .. && rm -rf dovecot-$DOVECOT_VERSION \
-  && curl https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz  \
-  && cd dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
+  && curl https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz  \
+  && cd dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION \
   && ./configure \
   && make -j3 \
   && make install \
   && make clean \
   && cd .. \
-  && rm -rf dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION
+  && rm -rf dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION
 
 RUN cpanm Data::Uniqid Mail::IMAPClient String::Util
 RUN echo '* * * * *   root   /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync

data/conf/clamav/clamd.conf

@@ -1,4 +1,4 @@
-LogFile /tmp/logpipe_clamd
+LogFile /dev/console
 LogTime yes
 LogClean yes
 ExtendedDetectionInfo yes

data/conf/clamav/freshclam.conf

@@ -1,4 +1,4 @@
-UpdateLogFile /tmp/logpipe_freshclam
+UpdateLogFile /var/log/clamav/freshclam.log
 LogTime yes
 PidFile /run/clamav/freshclam.pid
 DatabaseOwner clamav

data/conf/dovecot/dovecot.conf

@@ -17,9 +17,9 @@ mail_location = maildir:~/
 mail_plugins = quota acl zlib listescape #mail_crypt
 
 # Dovecot 2.2
-ssl_protocols = !SSLv3
+#ssl_protocols = !SSLv3
 # Dovecot 2.3
-#ssl_min_protocol = TLSv1
+ssl_min_protocol = TLSv1
 
 ssl_prefer_server_ciphers = yes
 ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
@@ -28,9 +28,9 @@ ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECD
 ssl_options = no_compression
 
 # New in Dovecot 2.3
-#ssl_dh=</etc/ssl/mail/dhparams.pem
+ssl_dh=</etc/ssl/mail/dhparams.pem
 # Dovecot 2.2
-ssl_dh_parameters_length = 2048
+#ssl_dh_parameters_length = 2048
 log_timestamp = "%Y-%m-%d %H:%M:%S "
 recipient_delimiter = +
 auth_master_user_separator = *

docker-compose.yml

@@ -59,9 +59,10 @@ services:
             - redis
 
     clamd-mailcow:
-      image: mailcow/clamd:1.9
+      image: mailcow/clamd:1.10
       build: ./data/Dockerfiles/clamd
       restart: always
+      tty: true
       environment:
         - TZ=${TZ}
         - SKIP_CLAMD=${SKIP_CLAMD:-n}
@@ -166,7 +167,7 @@ services:
             - sogo
 
     dovecot-mailcow:
-      image: mailcow/dovecot:1.24
+      image: mailcow/dovecot:1.25
       build: ./data/Dockerfiles/dovecot
       cap_add:
         - NET_BIND_SERVICE