diff --git a/README.md b/README.md index 0fe99302..98ceb414 100644 --- a/README.md +++ b/README.md @@ -386,7 +386,8 @@ This list gives you an overview of default security settings and if they comply | | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | | | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | | Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 | -| CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 | +| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 | +| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 | | Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | | | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 | | | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | diff --git a/helmfile/apps/open-xchange/helmfile.yaml b/helmfile/apps/open-xchange/helmfile.yaml index 314fcb68..9ee856c5 100644 --- a/helmfile/apps/open-xchange/helmfile.yaml +++ b/helmfile/apps/open-xchange/helmfile.yaml @@ -35,7 +35,7 @@ repositories: releases: - name: "dovecot" chart: "opendesk-dovecot-repo/dovecot" - version: "1.3.4" + version: "1.3.5" values: - "values-dovecot.yaml" - "values-dovecot.gotmpl" diff --git a/helmfile/apps/open-xchange/values-dovecot.gotmpl b/helmfile/apps/open-xchange/values-dovecot.gotmpl index 8441f21c..f4dd17f4 100644 --- a/helmfile/apps/open-xchange/values-dovecot.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.gotmpl @@ -22,7 +22,8 @@ dovecot: host: {{ .Values.ldap.host | quote }} password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }} oidc: - introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect" + introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} + introspectionPath: "/realms/souvap/protocol/openid-connect/token/introspect" clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }} clientID: "as8oidc" loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }} diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml b/helmfile/apps/open-xchange/values-dovecot.yaml index a18ad954..225c0648 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml +++ b/helmfile/apps/open-xchange/values-dovecot.yaml @@ -1,9 +1,6 @@ # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- -containerSecurityContext: - readOnlyRootFilesystem: false - dovecot: ldap: enabled: true @@ -14,4 +11,9 @@ dovecot: enabled: true clientID: "as8oidc" usernameAttribute: "phoenixusername" + + submission: + enabled: true + ssl: "no" + host: "postfix:25" ... diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 1cf54c68..ab1874ad 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -15,8 +15,8 @@ images: tag: "opendesk-20231020@sha256:b0bfe09601d8c8064e1b174d21a225ddb10aaa4103892fdfdf3d216726c26dde" # @supplier: "XWiki" dovecot: - repository: "dovecot/dovecot" - tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7" + repository: "souvap/tooling/images/dovecot-public-sector" + tag: "2.3.21@sha256:c76965a84d1ca527f523404eb027119f6736b199c094e4671037cb345ecad3dc" # @supplier: "Open-Xchange" element: repository: "souvap/tooling/images/element-web"