DMS: spoof protection, sender rewriting, rspamd, SSL, size limits
But disable things that are redundant with rspamd.
diff --git a/mail/mailserver.env b/mail/mailserver.env
index c857aff..69ecec5 100644
--- a/mail/mailserver.env
+++ b/mail/mailserver.env
@@ -58,6 +58,9 @@
# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
# `connected-networks` option, can create an open relay
# https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498
+#
+# BECAUSE IPv6 => IPv4 NAT!!!
+#
# The same can happen for rootless podman. To prevent this, set the value to "none" or configure slirp4netns
# https://github.com/docker-mailserver/docker-mailserver/issues/2377
#
@@ -88,22 +91,22 @@
#
# **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing).
# 1 => Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
-SPOOF_PROTECTION=
+SPOOF_PROTECTION=1
# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
# - **0** => Disabled
# - 1 => Enabled
-ENABLE_SRS=0
+ENABLE_SRS=1
# Enables the OpenDKIM service.
# **1** => Enabled
# 0 => Disabled
-ENABLE_OPENDKIM=1
+ENABLE_OPENDKIM=0
# Enables the OpenDMARC service.
# **1** => Enabled
# 0 => Disabled
-ENABLE_OPENDMARC=1
+ENABLE_OPENDMARC=0
# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
@@ -111,7 +114,7 @@
#
# - 0 => Disabled
# - **1** => Enabled
-ENABLE_POLICYD_SPF=1
+ENABLE_POLICYD_SPF=0
# 1 => Enables POP3 service
# empty => disables POP3
@@ -125,13 +128,13 @@
# Enables Rspamd
# **0** => Disabled
# 1 => Enabled
-ENABLE_RSPAMD=0
+ENABLE_RSPAMD=1
# When `ENABLE_RSPAMD=1`, an internal Redis instance is enabled implicitly.
# This setting provides an opt-out to allow using an external instance instead.
# 0 => Disabled
# 1 => Enabled
-ENABLE_RSPAMD_REDIS=
+ENABLE_RSPAMD_REDIS=1
# When enabled,
#
@@ -140,7 +143,7 @@
#
# **0** => disabled
# 1 => enabled
-RSPAMD_LEARN=0
+RSPAMD_LEARN=1
# Controls whether the Rspamd Greylisting module is enabled.
# This module can further assist in avoiding spam emails by greylisting
@@ -148,7 +151,7 @@
#
# **0** => disabled
# 1 => enabled
-RSPAMD_GREYLISTING=0
+RSPAMD_GREYLISTING=1
# Can be used to enable or disable the Hfilter group module.
#
@@ -164,7 +167,7 @@
# Amavis content filter (used for ClamAV & SpamAssassin)
# 0 => Disabled
# 1 => Enabled
-ENABLE_AMAVIS=1
+ENABLE_AMAVIS=0
# -1/-2/-3 => Only show errors
# **0** => Show warnings
@@ -209,7 +212,7 @@
# custom => Enables custom certificates
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates
-SSL_TYPE=
+SSL_TYPE=letsencrypt
# These are only supported with `SSL_TYPE=manual`.
# Provide the path to your cert and key files that you've mounted access to within the container.
@@ -236,7 +239,7 @@
# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
#
# empty => 0
-POSTFIX_MAILBOX_SIZE_LIMIT=
+POSTFIX_MAILBOX_SIZE_LIMIT=1073741824
# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes
# 0 => Dovecot quota is disabled
@@ -246,7 +249,7 @@
# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
#
# empty => 10240000 (~10 MB)
-POSTFIX_MESSAGE_SIZE_LIMIT=
+POSTFIX_MESSAGE_SIZE_LIMIT=268435456
# Mails larger than this limit won't be scanned.
# ClamAV must be enabled (ENABLE_CLAMAV=1) for this.