Releasing 1.1.1

Author: technicalguru

CONTRIBUTING.md

@@ -37,6 +37,7 @@ Mailserver is intentionally modular. Its main mail-related functions are separat
 
 * [docker-mailserver](https://github.com/technicalguru/docker-mailserver) - Provides help, guidance and examples how to orchestrate the Docker images
 * [docker-mailserver-postfix](https://github.com/technicalguru/docker-mailserver-postfix) - Implements the core mailing functionality to send and receive messages.
+* [docker-mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) - OpenDKIM image (DKIM signing milter component)
 * [docker-mailserver-postfixadmin](https://github.com/technicalguru/docker-mailserver-postfixadmin) - Provides administration function for domains and mailboxes
 * [docker-mailserver-amavis](https://github.com/technicalguru/docker-mailserver-amavis) - Provides mail scanners to detect viruses and spam
 * [docker-mailserver-roundcube](https://github.com/technicalguru/docker-mailserver-roundcube) - A webmail interface that lets you pick-up, read, manage and send e-mails

README.md

@@ -20,14 +20,16 @@ configuration scripts.
 # Sub-projects
 
 * [docker-mailserver-postfix](https://github.com/technicalguru/docker-mailserver-postfix) - Postfix/Dovecot image (mailserver component)
+* [docker-mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) - OpenDKIM image (DKIM signing milter component)
 * [docker-mailserver-postfixadmin](https://github.com/technicalguru/docker-mailserver-postfixadmin) - Image for PostfixAdmin (Web UI to manage mailboxes and domain in Postfix)
 * [docker-mailserver-amavis](https://github.com/technicalguru/docker-mailserver-amavis) - Amavis, ClamAV and SpamAssassin (provides spam and virus detection)
 * [docker-mailserver-roundcube](https://github.com/technicalguru/docker-mailserver-roundcube) - Roundcube Webmailer
 
 # Versions
 The following versions are available as releases. Sub-projects have their own lifecycle.
 
-* [1.0.0, 1.0, 1, latest](https://github.com/technicalguru/docker-mailserver/tree/v1.0.0)
+* [1.1.1, 1.1, 1, latest](https://github.com/technicalguru/docker-mailserver/tree/v1.1.1)
+* [1.0.0, 1.0](https://github.com/technicalguru/docker-mailserver/tree/v1.0.0)
 
 # License
 _docker-mailserver_  is licensed under [GNU LGPL 3.0](LICENSE.md).
@@ -36,10 +38,11 @@ _docker-mailserver_  is licensed under [GNU LGPL 3.0](LICENSE.md).
 A complete mailserver is the coordinated setup of multiple components. Various docker images come into play to fulfill this goal. You shall set them up in the following order:
 
 1. [MySQL >8.0](https://hub.docker.com/\_/mysql) or [MariaDB >10.4](https://hub.docker.com/\_/mariadb) as the database backend
-1. [Postfix/Dovecot instance](https://hub.docker.com/technicalguru/mailserver-postfix)
-1. [Amavis/ClamAV/SpamAssassin instance](https://hub.docker.com/technicalguru/mailserver-amavis)
-1. [PostfixAdmin instance](https://hub.docker.com/technicalguru/mailserver-postfixadmin)
-1. [Roundcube](https://hub.docker.com/technicalguru/mailserver-roundcube)
+1. [Postfix/Dovecot instance](https://hub.docker.com/repository/docker/technicalguru/mailserver-postfix)
+1. [OpenDKIM instance](https://github.com/technicalguru/docker-mailserver-opendkim) (optional)
+1. [Amavis/ClamAV/SpamAssassin instance](https://hub.docker.com/repository/docker/technicalguru/mailserver-amavis)
+1. [PostfixAdmin instance](https://hub.docker.com/repository/docker/technicalguru/mailserver-postfixadmin)
+1. [Roundcube](https://hub.docker.com/repository/docker/technicalguru/mailserver-roundcube)
 1. Securing the web interfaces with a Reverse Proxy or Ingress Controller. (see section "Security Considerations" below)
 
 The following sections will help you to setup your own mailserver using different infrastructures.
@@ -55,14 +58,14 @@ Please refer to the special [HELM](examples/helm-charts) section.
 
 # Security Considerations
 
-* It is crucial that you do not expose port 10025 of the [mailserver-postfix](https://hub.docker.com/technicalguru/mailserver-postfix)
+* It is crucial that you do not expose port 10025 of the [mailserver-postfix](https://hub.docker.com/repository/docker/technicalguru/mailserver-postfix)
   container. It can be misused as a SPAM relay as it does not restrict senders that deliver mail to it. This port is intended for
-  internal purposes only. The same is valid for the port 10024 of the [mailserver-amavis](https://hub.docker.com/technicalguru/mailserver-amavis)
+  internal purposes only. The same is valid for the port 10024 of the [mailserver-amavis](https://hub.docker.com/repository/docker/technicalguru/mailserver-amavis)
   container.
 * Postfix's main ports can be protected by TLS. Please make use of this as it increases security of your setup. In fact,
   the Postfix setup was never tested thoroughly without TLS so it is possible it will not work properly - especially when
   passwords are required.
-* PostfixAdmin and Roundcube are Web User Interfaces that are exposed as HTTP only. An attacker could easily copy your network
+* PostfixAdmin, OpenDKIM and Roundcube provide Web User Interfaces that are exposed as HTTP only. An attacker could easily copy your network
   traffic and read your passwords. Make sure you have an appropriate Ingress Controller or Reverse Proxy in front and your traffic
   is routed internally on your host only. 
 * If your internal network traffix in a Kubernetes cluster is crossing node borders, you will need to ensure that it is encrypted.

examples/helm-charts/README.md

@@ -2,10 +2,6 @@
 
 This page explains how to use the HELM charts for the composition of all containers.
 
-*Please notice!* These are examples only. A more valuable source of these charts (and maintained with current versions)
-is my [HELM Repository](https://github.com/technicalguru/helm-repo). That's why these charts will be removed sooner
-or later from here.
-
 # HOWTO
 
 ## Prerequisites
@@ -87,6 +83,11 @@ helm install \
 Now, everything is complete to actually create your domains and mailboxes. Follow the instructions as given in
 [mailserver-postfixadmin](https://github.com/technicalguru/docker-mailserver-postfixadmin) documentation.
 
+## Setup DKIM Signing
+
+The OpenDKIM container does not create any keys (yet). Please follow the key setup instruction of the 
+[mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) documentation.
+
 ## Setup Roundcube WebMailer
 
 Roundcube will require a correct database setup. It can create all the schema tables itself but the database

examples/kubernetes/README.md

@@ -117,6 +117,27 @@ kubectl get pods -n mailserver
 
 Also check that the new pod has no issues. Use `kubectl logs <pod-name>` or your logging infrastructure.
 
+## Setup OpenDKIM
+
+Check the `services/opendkim.yaml` file. If the service definition fits
+then create the service:
+
+```
+kubectl apply -f services/opendkim.yaml
+```
+
+Second, adust the `deployments/opendkim.yaml` file. It requires you to change the
+database and domain data. A complete description can be found
+in the [mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) documentation.
+If the deployment definition is ok for you then apply it:
+
+```
+kubectl apply -f deployments/opendkim.yaml
+```
+
+You need to execute some further steps in order to setup signing keys. Follow the instructions as given in
+[mailserver-opendkim](https://github.com/technicalguru/docker-mailserver-opendkim) documentation.
+
 ## Setup Amavis Virus and Spam Checker
 
 Check the `services/amavis.yaml` file. If the service definition fits
@@ -221,6 +242,8 @@ Here are some useful links that help you to test whether your new Mailserver wor
 * [**Relay Test**](http://www.aupads.org/test-relay.html) - checks whether your mailserver can be misused as an open mail gateway (relay)
 * [**TLS Test**](https://www.checktls.com/) - checks whether your TLS configuration is complete and works as intended
 * [**SMTP Test**](https://mxtoolbox.com/diagnostic.aspx) - A general mailserver diagnostic tool
+* [**DMARC DKIM Record Checker**](https://www.dmarcanalyzer.com/how-to-validate-a-domainkey-dkim-record/) - checks correctness of your DKIM DNS TXT entry
+* [**DKIM Check**](https://www.appmaildev.com/en/dkim) - verifies your DKIM signing feature by giving you a temporary recipient address where you send a test mail
 
 # Congratulations!
 

examples/kubernetes/deployments/opendkim.yaml

@@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: opendkim
+  namespace: mailserver
+spec:
+  selector:
+    matchLabels:
+      app: mailserver
+      tier: opendkim
+  template:
+    metadata:
+      labels:
+        app: mailserver
+        tier: opendkim
+        logType: opendkim
+    spec:
+      containers:
+      - name: opendkim
+        image: technicalguru/mailserver-opendkim
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: DKIM_DOMAIN
+          value: "<my-first-domain>"
+        - name: DKIM_PORT
+          value: "41001"
+        - name: DKIM_DB_HOST
+          value: "mariadb"
+        - name: DKIM_DB_NAME
+          value: "opendkim"
+        - name: DKIM_DB_USER
+          value: "opendkim"
+        - name: DKIM_DB_PASS
+          value: "<my-mariadb-opendkim-password>"
+        - name: DKIM_SETUP_PASS
+          value: "<my-mariadb-root-password>"
+        ports:
+        - containerPort: 41001
+          name: opendkim
+    

examples/kubernetes/services/opendkim.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: opendkim
+  namespace: mailserver
+spec:
+  selector:
+    app: mailserver
+    tier: opendkim
+  ports:
+  - port: 41001
+    name: opendkim
+    targetPort: opendkim