Version-specific upgrade notes. When upgrading, update manifests in deploy/compose and deploy/kustomize to match the new version (volumes, configuration). Update .env for new or changed environment variables.
Observability features in mailserver-admin. Set:
MDA_DOVEADM_ADDRESS: MDA address for Dovecot API (default:mda:8080)DOVEADM_API_KEY: API key for Dovecot API
Change at least DOVEADM_API_KEY from the default.
- web: mailserver-admin can generate mobileconfig files for iOS and macOS. Generation uses the same TLS certificate shown to clients. Mount that certificate into the web container to enable generation.
- web: Image is Alpine-based and uses FrankenPHP instead of PHP-FPM.
- web: Roundcube path:
/var/www/html/webmail→/opt/roundcube(symlink at/var/www/html/webmailto Roundcubepublic_html). - web: Admin path:
/opt/admin. - web: Read-only operation supported; configure tmpfs mounts as in
deploy/compose/web.yaml.
- Kubernetes deployment is supported via
kustomization.yaml. Helm chart deprecated and archived. - virus: Removed. Use Rspamd antivirus for antivirus.
- unbound: Added as DNS resolver for the filter.
- filter: Base image
rspamd/rspamd; no longer Alpine-based. - web:
CSRF_ENABLED=falsedisables CSRF (default:true). Rootless: web listens on 8080 internally.
- TLS paths:
/etc/postfix/tls/tls.crt,/etc/postfix/tls/tls.key. - Submission only on port 587.
- Base image:
dovecot/dovecot; no longer Alpine-based. - TLS paths:
/etc/dovecot/tls/tls.crt,/etc/dovecot/tls/tls.key. No DH file. - Mail storage:
/srv/vmail(was/var/vmail). - Rootless: runs as non-root; ensure mail storage and TLS are accessible by UID/GID 1000.
- Internal ports: IMAP 31143, POP3 31110, IMAPS 31993, POP3S 31995 (internal only).
- FTS enabled by default;
FTS_*variables removed. - POP3 and IMAP always enabled;
POP3_ENABLEDandIMAP_ENABLEDremoved.