From b44c0786f0435bbfe608e39806e4b04f7d33852d Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Tue, 19 Nov 2024 09:02:15 +0100
Subject: [PATCH 01/24] must be overwritten anyways

---
 mailu/mailu.env | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index 88a41e2..19a158b 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -8,8 +8,6 @@
 # Common configuration variables
 ###################################
 
-MAILU_VERSION=1.9.46
-
 # Set to a randomly generated 16 bytes string
 # SECRET_KEY=key
 

From ba3b102458a1f50619154df720f65c44ab4db466 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 22:47:11 +0100
Subject: [PATCH 02/24] migrate config

---
 mailu/mailu.env | 54 ++++++++++++++++++++++++++++---------------------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index 19a158b..d9ac5ab 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -18,7 +18,7 @@ SUBNET=172.26.0.0/24
 DOMAIN=patz.family
 TRAEFIK_DOMAIN=mail.patz.family
 
-# Hostnames for this server, separated with comas
+# Hostnames for this server, separated with commas
 HOSTNAMES=mail.patz.family,mail.patz.app,mail.whynot.holdings
 
 # Postmaster local part (will append the main mail domain)
@@ -27,11 +27,11 @@ POSTMASTER=martin
 # Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
 TLS_FLAVOR=mail
 
-# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
-AUTH_RATELIMIT_IP=10/hour
+# Authentication rate limit per IP (per /24 on ipv4 and /48 on ipv6)
+AUTH_RATELIMIT_IP=5/hour
 
 # Authentication rate limit per user (regardless of the source-IP)
-AUTH_RATELIMIT_USER=20/day
+AUTH_RATELIMIT_USER=50/day
 
 # Opt-out of statistics, replace with "True" to opt out
 DISABLE_STATISTICS=False
@@ -43,19 +43,19 @@ DISABLE_STATISTICS=False
 # Expose the admin interface (value: true, false)
 ADMIN=true
 
-# Choose which webmail to run if any (values: roundcube, rainloop, none)
+# Choose which webmail to run if any (values: roundcube, snappymail, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBMAIL=roundcube
 
 # Expose the API interface (value: true, false)
 API=false
 
-# Dav server implementation (value: radicale, none)
+# Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBDAV=none
 
-# Antivirus solution (value: clamav, none)
+# Antivirus solution (value: clamav, none). To enable this feature, recreate the docker-compose.yml file via setup.
 ANTIVIRUS=none
 
-# Scan Macros solution (value: true, false)
+# Scan Macros solution (value: true, false). To enable this feature, recreate the docker-compose.yml file via setup.
 SCAN_MACROS=true
 
 ###################################
@@ -77,6 +77,9 @@ RELAYNETS=
 # Will relay all outgoing mails if configured
 RELAYHOST=smtp-relay.sendinblue.com:587
 
+# Enable fetchmail
+FETCHMAIL_ENABLED=False
+
 # Fetchmail delay
 FETCHMAIL_DELAY=600
 
@@ -99,8 +102,10 @@ COMPRESSION=
 # change compression-level, default: 6 (value: 1-9)
 COMPRESSION_LEVEL=
 
-# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
-FULL_TEXT_SEARCH=on
+# IMAP full-text search is enabled by default.
+# Set the following variable to off in order to disable the feature
+# or a comma separated list of language codes to support
+FULL_TEXT_SEARCH=de,en,es
 
 ###################################
 # Web settings
@@ -115,6 +120,9 @@ WEB_ADMIN=/admin
 # Path to the webmail if enabled
 WEB_WEBMAIL=/webmail
 
+# Path to the API interface if enabled
+WEB_API=/api
+
 # Website name
 SITENAME=Mailu
 
@@ -122,16 +130,11 @@ SITENAME=Mailu
 WEBSITE=https://patz.family
 
 
+
 ###################################
 # Advanced settings
 ###################################
 
-# Log driver for front service. Possible values:
-# json-file (default)
-# journald (On systemd platforms, useful for Fail2Ban integration)
-# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
-# LOG_DRIVER=json-file
-
 # Docker-compose project name, this will prepended to containers names.
 COMPOSE_PROJECT_NAME=mailu
 
@@ -139,13 +142,13 @@ COMPOSE_PROJECT_NAME=mailu
 CREDENTIAL_ROUNDS=12
 
 # Header to take the real ip from
-REAL_IP_HEADER=X-Real-Ip
+REAL_IP_HEADER=
 
 # IPs for nginx set_real_ip_from (CIDR list separated by commas)
-REAL_IP_FROM=172.26.0.0/24
+REAL_IP_FROM=
 
 # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
-REJECT_UNLISTED_RECIPIENT=no
+REJECT_UNLISTED_RECIPIENT=
 
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=WARNING
@@ -153,7 +156,12 @@ LOG_LEVEL=WARNING
 # Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
 TZ=Europe/Berlin
 
-###################################
-# Database settings
-###################################
-DB_FLAVOR=sqlite
+# Default spam threshold used for new users
+DEFAULT_SPAM_THRESHOLD=80
+
+# API token required for authenticating to the RESTful API.
+# This is a mandatory setting for using the RESTful API.
+API_TOKEN=
+
+# Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
+FULL_TEXT_SEARCH_ATTACHMENTS=

From 45438557df348a7ab8947886749fa9f7704a6053 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:08:57 +0100
Subject: [PATCH 03/24] enable API

---
 mailu/mailu.env | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index d9ac5ab..6cbd618 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -47,7 +47,7 @@ ADMIN=true
 WEBMAIL=roundcube
 
 # Expose the API interface (value: true, false)
-API=false
+API=true
 
 # Dav server implementation (value: radicale, none). To enable this feature, recreate the docker-compose.yml file via setup.
 WEBDAV=none
@@ -161,7 +161,7 @@ DEFAULT_SPAM_THRESHOLD=80
 
 # API token required for authenticating to the RESTful API.
 # This is a mandatory setting for using the RESTful API.
-API_TOKEN=
+API_TOKEN=3M611QRW127TFTJRTIILZ8O32DUG3TDU
 
 # Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
-FULL_TEXT_SEARCH_ATTACHMENTS=
+FULL_TEXT_SEARCH_ATTACHMENTS=true
\ No newline at end of file

From ff6a640b367f94e70264af32f9948ebe10b7cb07 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:11:34 +0100
Subject: [PATCH 04/24] align order of front

---
 mailu/docker-compose.yml | 41 ++++++++++++++++++++--------------------
 1 file changed, 21 insertions(+), 20 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index ba01f3f..5302ec0 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -32,26 +32,6 @@ services:
     dns:
       - 172.26.0.254
 
-  resolver:
-    image: ghcr.io/mailu/unbound:${MAILU_VERSION}
-    restart: unless-stopped
-    env_file: mailu.env
-    networks:
-      default:
-        ipv4_address: 172.26.0.254
-
-  certdumper:
-    image: ghcr.io/mailu/traefik-certdumper:${MAILU_VERSION}
-    restart: unless-stopped
-    dns:
-      - 172.26.0.254
-    environment:
-      - DOMAIN=${DOMAIN}
-      - TRAEFIK_VERSION=v2
-    volumes:
-      - "/mnt/ssd-1tb/docker/traefik/letsencrypt/patz.family:/traefik"
-      - "/mnt/ssd-1tb/docker/mailu/certs:/output"
-
   # Core services
   front:
     image: ghcr.io/mailu/nginx:${MAILU_VERSION}
@@ -92,6 +72,27 @@ services:
       - "traefik.http.routers.mailu-front.tls.domains[2].sans=mail.whynot.holdings,smtp.whynot.holdings,imap.whynot.holdings"
       - "traefik.http.services.mailu-front.loadbalancer.server.port=80"
 
+  resolver:
+    image: ghcr.io/mailu/unbound:${MAILU_VERSION}
+    restart: unless-stopped
+    env_file: mailu.env
+    networks:
+      default:
+        ipv4_address: 172.26.0.254
+
+  certdumper:
+    image: ghcr.io/mailu/traefik-certdumper:${MAILU_VERSION}
+    restart: unless-stopped
+    dns:
+      - 172.26.0.254
+    environment:
+      - DOMAIN=${DOMAIN}
+      - TRAEFIK_VERSION=v2
+    volumes:
+      - "/mnt/ssd-1tb/docker/traefik/letsencrypt/patz.family:/traefik"
+      - "/mnt/ssd-1tb/docker/mailu/certs:/output"
+
+
   admin:
     image: ghcr.io/mailu/admin:${MAILU_VERSION}
     restart: unless-stopped

From f389196d43af5f4b53e98f871422cd60be20a421 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:13:59 +0100
Subject: [PATCH 05/24] more alignment

---
 mailu/docker-compose.yml | 31 ++++++++++++++++++-------------
 1 file changed, 18 insertions(+), 13 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 5302ec0..a4d6953 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -80,19 +80,6 @@ services:
       default:
         ipv4_address: 172.26.0.254
 
-  certdumper:
-    image: ghcr.io/mailu/traefik-certdumper:${MAILU_VERSION}
-    restart: unless-stopped
-    dns:
-      - 172.26.0.254
-    environment:
-      - DOMAIN=${DOMAIN}
-      - TRAEFIK_VERSION=v2
-    volumes:
-      - "/mnt/ssd-1tb/docker/traefik/letsencrypt/patz.family:/traefik"
-      - "/mnt/ssd-1tb/docker/mailu/certs:/output"
-
-
   admin:
     image: ghcr.io/mailu/admin:${MAILU_VERSION}
     restart: unless-stopped
@@ -166,6 +153,11 @@ services:
     dns:
       - 172.26.0.254
 
+  # Optional services
+
+
+
+  # Webmail
   webmail:
     image: ghcr.io/mailu/webmail:${MAILU_VERSION}
     restart: unless-stopped
@@ -179,3 +171,16 @@ services:
       - front
     dns:
       - 172.26.0.254
+
+  # Certdumper from Traefik
+  certdumper:
+    image: ghcr.io/mailu/traefik-certdumper:${MAILU_VERSION}
+    restart: unless-stopped
+    dns:
+      - 172.26.0.254
+    environment:
+      - DOMAIN=${DOMAIN}
+      - TRAEFIK_VERSION=v2
+    volumes:
+      - "/mnt/ssd-1tb/docker/traefik/letsencrypt/patz.family:/traefik"
+      - "/mnt/ssd-1tb/docker/mailu/certs:/output"

From b47da2b43737e790095535aaf3e2be5b2b9d590a Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:18:08 +0100
Subject: [PATCH 06/24] rename noinet to oletools

---
 mailu/docker-compose.yml | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index a4d6953..ddc40b4 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -1,3 +1,6 @@
+# This file is auto-generated by the Mailu configuration wizard.
+# Please read the documentation before attempting any change.
+# Generated for compose flavor
 networks:
 
   default:
@@ -10,7 +13,7 @@ networks:
   webmail:
     driver: bridge
 
-  noinet:
+  oletools:
     driver: bridge
     internal: true
 
@@ -128,7 +131,7 @@ services:
     hostname: oletools
     restart: unless-stopped
     networks:
-      - noinet
+      - oletools
     depends_on:
       - resolver
     dns:
@@ -144,7 +147,7 @@ services:
       - "/mnt/ssd-1tb/docker/mailu/overrides/rspamd:/etc/rspamd/override.d"
     networks:
       - default
-      - noinet
+      - oletools
     depends_on:
       - front
       - redis

From 5d6caa8602520ce9829b3429ee8af65e88c8556d Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:20:57 +0100
Subject: [PATCH 07/24] add fts_attachments

---
 mailu/docker-compose.yml | 31 +++++++++++++++++++++++++++++--
 1 file changed, 29 insertions(+), 2 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index ddc40b4..b98ff0f 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -17,6 +17,10 @@ networks:
     driver: bridge
     internal: true
 
+  fts_attachments:
+    driver: bridge
+    internal: true
+
   traefik:
     name: traefik
     external: true
@@ -103,11 +107,13 @@ services:
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/mail:/mail"
       - "/mnt/ssd-1tb/docker/mailu/overrides/dovecot:/overrides:ro"
+    networks:
+      - default
+      - fts_attachments
     depends_on:
       - front
+      - fts_attachments
       - resolver
-    networks:
-      - default
     dns:
       - 172.26.0.254
 
@@ -137,6 +143,27 @@ services:
     dns:
       - 172.26.0.254
 
+  fts_attachments:
+    image: apache/tika:2.9.2.1-full
+    hostname: tika
+    logging:
+      driver: journald
+      options:
+        tag: mailu-tika
+    restart: unless-stopped
+    networks:
+      - fts_attachments
+    depends_on:
+      - resolver
+    dns:
+      - 172.26.0.254
+    healthcheck:
+      test: ["CMD-SHELL", "wget -nv -t1 -O /dev/null http://127.0.0.1:9998/tika || exit 1"]
+      interval: 10s
+      timeout: 5s
+      retries: 3
+      start_period: 10s
+
   antispam:
     image: ghcr.io/mailu/rspamd:${MAILU_VERSION}
     hostname: antispam

From 93959b0511b70ffa6e5f316aaf72d90cbf9182be Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:23:15 +0100
Subject: [PATCH 08/24] update image parametrization

---
 mailu/docker-compose.yml | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index b98ff0f..8ed5995 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -41,7 +41,7 @@ services:
 
   # Core services
   front:
-    image: ghcr.io/mailu/nginx:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
     logging:
@@ -80,7 +80,7 @@ services:
       - "traefik.http.services.mailu-front.loadbalancer.server.port=80"
 
   resolver:
-    image: ghcr.io/mailu/unbound:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: mailu.env
     networks:
@@ -88,7 +88,7 @@ services:
         ipv4_address: 172.26.0.254
 
   admin:
-    image: ghcr.io/mailu/admin:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
     volumes:
@@ -101,7 +101,7 @@ services:
       - 172.26.0.254
 
   imap:
-    image: ghcr.io/mailu/dovecot:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
     volumes:
@@ -118,7 +118,7 @@ services:
       - 172.26.0.254
 
   smtp:
-    image: ghcr.io/mailu/postfix:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
     volumes:
@@ -133,7 +133,7 @@ services:
       - 172.26.0.254
 
   oletools:
-    image: ghcr.io/mailu/oletools:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
     hostname: oletools
     restart: unless-stopped
     networks:
@@ -165,7 +165,7 @@ services:
       start_period: 10s
 
   antispam:
-    image: ghcr.io/mailu/rspamd:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
     hostname: antispam
     restart: unless-stopped
     env_file: ../stack.env
@@ -189,7 +189,7 @@ services:
 
   # Webmail
   webmail:
-    image: ghcr.io/mailu/webmail:${MAILU_VERSION}
+    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
     networks:

From 447adb958e802509cd2e758cf664087a484f4f82 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:30:22 +0100
Subject: [PATCH 09/24] update logging

---
 mailu/docker-compose.yml | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 8ed5995..61cd4a1 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -45,7 +45,9 @@ services:
     restart: unless-stopped
     env_file: ../stack.env
     logging:
-      driver: json-file
+      driver: journald
+      options:
+        tag: mailu-front
     depends_on:
       - certdumper
       - resolver
@@ -81,6 +83,10 @@ services:
 
   resolver:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
+    logging:
+      driver: journald
+      options:
+        tag: mailu-resolver
     restart: unless-stopped
     env_file: mailu.env
     networks:
@@ -91,6 +97,10 @@ services:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
+    logging:
+      driver: journald
+      options:
+        tag: mailu-admin
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/data:/data"
       - "/mnt/ssd-1tb/docker/mailu/dkim:/dkim"
@@ -104,6 +114,10 @@ services:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
+    logging:
+      driver: journald
+      options:
+        tag: mailu-imap
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/mail:/mail"
       - "/mnt/ssd-1tb/docker/mailu/overrides/dovecot:/overrides:ro"
@@ -121,6 +135,10 @@ services:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
+    logging:
+      driver: journald
+      options:
+        tag: mailu-smtp
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/mailqueue:/queue"
       - "/mnt/ssd-1tb/docker/mailu/overrides/postfix:/overrides:ro"
@@ -135,6 +153,10 @@ services:
   oletools:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06}
     hostname: oletools
+    logging:
+      driver: journald
+      options:
+        tag: mailu-oletools
     restart: unless-stopped
     networks:
       - oletools
@@ -169,6 +191,10 @@ services:
     hostname: antispam
     restart: unless-stopped
     env_file: ../stack.env
+    logging:
+      driver: journald
+      options:
+        tag: mailu-antispam
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/filter:/var/lib/rspamd"
       - "/mnt/ssd-1tb/docker/mailu/overrides/rspamd:/etc/rspamd/override.d"
@@ -192,6 +218,10 @@ services:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
     env_file: ../stack.env
+    logging:
+      driver: journald
+      options:
+        tag: mailu-webmail
     networks:
       - webmail
     volumes:

From 590a501245ca595e2bafd6c9f265c93d9b31fea9 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:31:48 +0100
Subject: [PATCH 10/24] antispam has a new mount path

---
 mailu/docker-compose.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 61cd4a1..45cf954 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -195,12 +195,12 @@ services:
       driver: journald
       options:
         tag: mailu-antispam
-    volumes:
-      - "/mnt/ssd-1tb/docker/mailu/filter:/var/lib/rspamd"
-      - "/mnt/ssd-1tb/docker/mailu/overrides/rspamd:/etc/rspamd/override.d"
     networks:
       - default
       - oletools
+    volumes:
+      - "/mnt/ssd-1tb/docker/mailu/filter:/var/lib/rspamd"
+      - "/mnt/ssd-1tb/docker/mailu/overrides/rspamd:/overrides:ro"
     depends_on:
       - front
       - redis

From 703d37b23a77980dd82770ffeb6cb39771ab8aa1 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:32:10 +0100
Subject: [PATCH 11/24] arbitrary order

---
 mailu/docker-compose.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 45cf954..9ae3ae1 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -222,11 +222,11 @@ services:
       driver: journald
       options:
         tag: mailu-webmail
-    networks:
-      - webmail
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/webmail:/data"
       - "/mnt/ssd-1tb/docker/mailu/overrides/roundcube:/overrides:ro"
+    networks:
+      - webmail
     depends_on:
       - front
     dns:

From 350e98fd5d4e931a1d9e083d8d14f3204b0066d0 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:33:01 +0100
Subject: [PATCH 12/24] DNS not needed here

---
 mailu/docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 9ae3ae1..f563526 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -229,8 +229,6 @@ services:
       - webmail
     depends_on:
       - front
-    dns:
-      - 172.26.0.254
 
   # Certdumper from Traefik
   certdumper:

From 7c330e1176b7beb0811462cea36a1fcfa5390d43 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:35:13 +0100
Subject: [PATCH 13/24] source both env files

---
 mailu/docker-compose.yml | 28 +++++++++++++++++++++-------
 1 file changed, 21 insertions(+), 7 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index f563526..ba1921c 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -43,7 +43,9 @@ services:
   front:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
-    env_file: ../stack.env
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:
@@ -83,12 +85,14 @@ services:
 
   resolver:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06}
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:
         tag: mailu-resolver
     restart: unless-stopped
-    env_file: mailu.env
     networks:
       default:
         ipv4_address: 172.26.0.254
@@ -96,7 +100,9 @@ services:
   admin:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
-    env_file: ../stack.env
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:
@@ -113,7 +119,9 @@ services:
   imap:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
-    env_file: ../stack.env
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:
@@ -134,7 +142,9 @@ services:
   smtp:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
-    env_file: ../stack.env
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:
@@ -190,7 +200,9 @@ services:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06}
     hostname: antispam
     restart: unless-stopped
-    env_file: ../stack.env
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:
@@ -217,7 +229,9 @@ services:
   webmail:
     image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06}
     restart: unless-stopped
-    env_file: ../stack.env
+    env_file:
+      - ../stack.env
+      - mailu.env
     logging:
       driver: journald
       options:

From ae66449f0abd5fd9e1e05ad05805268c347965ca Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:38:22 +0100
Subject: [PATCH 14/24] use a new secret API token

---
 mailu/README.md | 1 +
 mailu/mailu.env | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/mailu/README.md b/mailu/README.md
index 4bfc9d4..775176e 100644
--- a/mailu/README.md
+++ b/mailu/README.md
@@ -11,6 +11,7 @@ Set the following (sensitive) environment variables:
   apt-get install pwgen
   pwgen 16 1
   ```
+* `API_TOKEN`: a random string of at least 3 characters. Use `pwgen`.
 
 Then upload the `mailu.env` file into Portainer and populate the environment.
 
diff --git a/mailu/mailu.env b/mailu/mailu.env
index 6cbd618..bd279ab 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -161,7 +161,7 @@ DEFAULT_SPAM_THRESHOLD=80
 
 # API token required for authenticating to the RESTful API.
 # This is a mandatory setting for using the RESTful API.
-API_TOKEN=3M611QRW127TFTJRTIILZ8O32DUG3TDU
+# API_TOKEN=key
 
 # Whether tika should be enabled (scan/OCR email attachements). To enable this feature, recreate the docker-compose.yml file via setup.
 FULL_TEXT_SEARCH_ATTACHMENTS=true
\ No newline at end of file

From 22bf7b3f95e023d88dc1a3a5baf345f32f0edfc0 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:41:16 +0100
Subject: [PATCH 15/24] reorder

---
 mailu/docker-compose.yml | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index ba1921c..3471ed7 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -50,26 +50,26 @@ services:
       driver: journald
       options:
         tag: mailu-front
-    depends_on:
-      - certdumper
-      - resolver
+    ports:
+      - "127.0.0.1:25:25"
+      - "127.0.0.1:465:465"
+      - "127.0.0.1:587:587"
+      - "127.0.0.1:110:110"
+      - "127.0.0.1:995:995"
+      - "127.0.0.1:143:143"
+      - "127.0.0.1:993:993"
     networks:
       - default
       - traefik
       - webmail
-    dns:
-      - 172.26.0.254
-    ports:
-      - "25:25"
-      - "110:110"
-      - "143:143"
-      - "465:465"
-      - "587:587"
-      - "993:993"
-      - "995:995"
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/certs:/certs"
       - "/mnt/ssd-1tb/docker/mailu/overrides/nginx:/overrides:ro"
+    depends_on:
+      - certdumper
+      - resolver
+    dns:
+      - 172.26.0.254
     labels:
       - "traefik.enable=true"
       - "traefik.http.routers.mailu-front.rule=Host(`mail.${DOMAIN}`) || Host(`mail.patz.app`) || Host(`mail.whynot.holdings`)"

From 72675ccf4fdaa58559c6adb06e5e88f2017d6a2c Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:42:46 +0100
Subject: [PATCH 16/24] flag the Sieve port

---
 mailu/docker-compose.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 3471ed7..9c66487 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -58,6 +58,7 @@ services:
       - "127.0.0.1:995:995"
       - "127.0.0.1:143:143"
       - "127.0.0.1:993:993"
+      # - "127.0.0.1:4190:4190" -> Sieve, not needed
     networks:
       - default
       - traefik

From 36e9ec3391608f7db81743aea25d068dca001fb6 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:43:12 +0100
Subject: [PATCH 17/24] remove default network?

---
 mailu/docker-compose.yml | 2 --
 1 file changed, 2 deletions(-)

diff --git a/mailu/docker-compose.yml b/mailu/docker-compose.yml
index 9c66487..115ae78 100644
--- a/mailu/docker-compose.yml
+++ b/mailu/docker-compose.yml
@@ -153,8 +153,6 @@ services:
     volumes:
       - "/mnt/ssd-1tb/docker/mailu/mailqueue:/queue"
       - "/mnt/ssd-1tb/docker/mailu/overrides/postfix:/overrides:ro"
-    networks:
-      - default
     depends_on:
       - front
       - resolver

From b8fdd677928c8faa29c9d00966a6ecd7b401aaa8 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:50:36 +0100
Subject: [PATCH 18/24] let the stack name determine the project name

---
 mailu/mailu.env | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index bd279ab..82b0d34 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -135,9 +135,6 @@ WEBSITE=https://patz.family
 # Advanced settings
 ###################################
 
-# Docker-compose project name, this will prepended to containers names.
-COMPOSE_PROJECT_NAME=mailu
-
 # Number of rounds used by the password hashing scheme
 CREDENTIAL_ROUNDS=12
 

From 4a1070a9afd5040fd7bbb5ae1b9890ba0a375e9d Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:50:48 +0100
Subject: [PATCH 19/24] adjust message limit

---
 mailu/mailu.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index 82b0d34..d71bf31 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -68,7 +68,7 @@ SCAN_MACROS=true
 MESSAGE_SIZE_LIMIT=50000000
 
 # Message rate limit (per user)
-MESSAGE_RATELIMIT=200/day
+MESSAGE_RATELIMIT=300/day
 
 # Networks granted relay permissions
 # Use this with care, all hosts in this networks will be able to send mail without authentication!

From c69d612e35b39d0dc3f9059d50ff451a07006fc4 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:50:55 +0100
Subject: [PATCH 20/24] update host names

---
 mailu/mailu.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index d71bf31..fe5cd08 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -19,7 +19,7 @@ DOMAIN=patz.family
 TRAEFIK_DOMAIN=mail.patz.family
 
 # Hostnames for this server, separated with commas
-HOSTNAMES=mail.patz.family,mail.patz.app,mail.whynot.holdings
+HOSTNAMES=mail.patz.family,mail.patz.app,mail.whynot.holdings,mail.martin-patz.de,mail.fam-patz.de
 
 # Postmaster local part (will append the main mail domain)
 POSTMASTER=martin

From a30cac66a0a171e006c53ace0bb723048e7e0236 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:52:04 +0100
Subject: [PATCH 21/24] update proxy settings

---
 mailu/mailu.env | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index fe5cd08..ba73e91 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -139,13 +139,13 @@ WEBSITE=https://patz.family
 CREDENTIAL_ROUNDS=12
 
 # Header to take the real ip from
-REAL_IP_HEADER=
+REAL_IP_HEADER=X-Real-Ip
 
 # IPs for nginx set_real_ip_from (CIDR list separated by commas)
-REAL_IP_FROM=
+REAL_IP_FROM=172.26.0.0/24
 
 # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
-REJECT_UNLISTED_RECIPIENT=
+REJECT_UNLISTED_RECIPIENT=no
 
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=WARNING

From 88598dae7a854ff5690af189cb94f2afe8635764 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Sun, 24 Nov 2024 23:59:26 +0100
Subject: [PATCH 22/24] DOMAIN needs to be specified in Portainer

---
 mailu/README.md | 2 ++
 mailu/mailu.env | 3 +--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/mailu/README.md b/mailu/README.md
index 775176e..a77eaf3 100644
--- a/mailu/README.md
+++ b/mailu/README.md
@@ -1,6 +1,8 @@
 # Mailu
 
 ## Setup
+Set the following environment variables:
+* `Domain`: the TLD
 
 Set the following (sensitive) environment variables:
 * `RELAYUSER`
diff --git a/mailu/mailu.env b/mailu/mailu.env
index ba73e91..bc8f803 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -15,8 +15,7 @@
 SUBNET=172.26.0.0/24
 
 # Main mail domain
-DOMAIN=patz.family
-TRAEFIK_DOMAIN=mail.patz.family
+# DOMAIN=
 
 # Hostnames for this server, separated with commas
 HOSTNAMES=mail.patz.family,mail.patz.app,mail.whynot.holdings,mail.martin-patz.de,mail.fam-patz.de

From 13f66c2018cc12e6c0540b47fb7c40406ddc2054 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Mon, 25 Nov 2024 00:13:54 +0100
Subject: [PATCH 23/24] try setting the proxy_protocol

---
 mailu/mailu.env | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index bc8f803..739fef8 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -146,6 +146,8 @@ REAL_IP_FROM=172.26.0.0/24
 # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
 REJECT_UNLISTED_RECIPIENT=no
 
+PROXY_PROTOCOL=443
+
 # Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
 LOG_LEVEL=WARNING
 

From 53923dd217200156a540d9ea04596a73d26a4771 Mon Sep 17 00:00:00 2001
From: Martin Patz <martin@patz.family>
Date: Mon, 25 Nov 2024 00:16:24 +0100
Subject: [PATCH 24/24] adjust the redirect

---
 mailu/mailu.env | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mailu/mailu.env b/mailu/mailu.env
index 739fef8..192049e 100644
--- a/mailu/mailu.env
+++ b/mailu/mailu.env
@@ -111,7 +111,7 @@ FULL_TEXT_SEARCH=de,en,es
 ###################################
 
 # Path to redirect / to
-WEBROOT_REDIRECT=/webmail
+WEBROOT_REDIRECT=/sso/login
 
 # Path to the admin interface if enabled
 WEB_ADMIN=/admin