feat: ensure tracing is possible and lock down ssl ciphers

• related to #1

intent is to enable integration with fail2ban and to ensure the flow of email can be traced.

🔗 References

• Mozilla SSL/TLS Config for software

  provides up to date config for many server software including postfix and dovecot

🚧 Tasks

• postfix smtpd_sasl_security_options = noanonymous

  prevent anonymous authentication.

• amavis to add received header to messages comment out config line 33

  Currently this setting is turned off, as it was assumed it would be a pointless header. However, without it, tracing would be difficult to identify a lengthy period of time passing between received headers as there are many milters the message goes through.

• dovecot logs auth success

• dovecot logs auth failure auth_verbose=yes

  Enables logging of failed login attempts

• sieve logs auth success

• sieve logs auth failure

• postfix logs auth failure

• postfix logs auth success

• Bug when a tag is created on dev branch, don't tag docker image as latest. tag it dev.

• dovecot verbose_ssl

  Logs protocol ssl errors. might be handy to diagnose why a connection failed. Or repeated attempts to connect with a block ssl cipher.

• dovecot has suitable and secure ssl ciphers enabled

  • dovecot ssl_cipher_list

  • dovecot ssl_cipher_suites

  • dovecot ssl_min_protocol

  • dovecot ssl_prefer_server_ciphers=yes