chore(release): prepare for 1.11.0

.github/workflows/docker-dispatch.yaml

@@ -9,7 +9,6 @@ name: Trigger Docker build
 on:
   push:
     branches: [main]
-    tags: ['[0-9]+.[0-9]+.[0-9]+']
   workflow_dispatch:
 
 permissions: {}

cmdeploy/src/cmdeploy/postfix/main.cf.j2

@@ -53,8 +53,7 @@ smtpd_tls_exclude_ciphers = aNULL, RC4, MD5, DES
 # See <https://www.postfix.org/FORWARD_SECRECY_README.html#server_fs>.
 tls_preempt_cipherlist = yes
 
-# Reject by default, override per smtpd in master.cf
-smtpd_relay_restrictions = reject
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
 myhostname = {{ config.postfix_myhostname }}
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
@@ -102,18 +101,6 @@ smtpd_peername_lookup = no
 # so instead this is handled in filtermail.
 # We use LMTP instead SMTP so we can communicate per-recipient errors back to postfix.
 default_transport = lmtp-filtermail:inet:[127.0.0.1]:{{ config.filtermail_lmtp_port_transport }}
-
-# All deliveries over lmtp-filtermail are treated
-# as having the same destination [127.0.0.1],
-# so it is not possible to limit per-destination concurrency here,
-# it is a job for filtermail-transport.
-# Total number of parallel deliveries is limited
-# by "maxproc" column in /etc/postfix/master.cf for lmtp-filtermail.
-# Settings below are to prevent Postfix queue manager
-# from limiting the number of LMTP connections to filtermail-transport.
-# Read <https://www.postfix.org/TUNING_README.html#rope> and
-# <https://www.postfix.org/SCHEDULER_README.html> for the details
-# of the Postfix algorithm that we effectively disable here.
 lmtp-filtermail_initial_destination_concurrency=10000
 lmtp-filtermail_destination_concurrency_limit=10000
 

cmdeploy/src/cmdeploy/postfix/master.cf.j2

@@ -17,7 +17,6 @@ smtp      inet  n       -       y       -       -       smtpd
   -o smtpd_tls_security_level=encrypt
   -o smtpd_tls_mandatory_protocols=>=TLSv1.2
   -o smtpd_proxy_filter=127.0.0.1:{{ config.filtermail_smtp_port_incoming }}
-  -o smtpd_relay_restrictions=reject_unauth_destination
 submission inet n       -       y       -       5000    smtpd
   -o syslog_name=postfix/submission
   -o smtpd_tls_security_level=encrypt
@@ -82,14 +81,12 @@ filter    unix -        n       n       -       -       lmtp
   -o syslog_name=postfix/reinject
   -o milter_macro_daemon_name=ORIGINATING
   -o cleanup_service_name=authclean
-  -o smtpd_relay_restrictions=permit_mynetworks,reject
 {% if not config.ipv4_relay %}  -o smtpd_milters=unix:opendkim/opendkim.sock
 {% endif %}
 
 # Local SMTP server for reinjecting incoming filtered mail 
 127.0.0.1:{{ config.postfix_reinject_port_incoming }} inet  n       -       n       -       100      smtpd
   -o syslog_name=postfix/reinject_incoming
-  -o smtpd_relay_restrictions=reject_unauth_destination
 
 # Cleanup `Received` headers for authenticated mail
 # to avoid leaking client IP.
@@ -105,15 +102,7 @@ filter    unix -        n       n       -       -       lmtp
 authclean unix  n       -       -       -       0       cleanup
   -o header_checks=regexp:/etc/postfix/submission_header_cleanup
 
-# Reducing `maxproc` here may result in a head of line blocking
-# when there are many messages sent to unreachable destinations
-# at the same time.
-# LMTP clients here talk to filtermail-transport.
-# LMTP has no pipelining,
-# so while filtermail-transport tries to deliver the message,
-# possibly waiting for a long connection timeout
-# or talking to a slow server, LMTP client cannot be reused.
-lmtp-filtermail unix  -       -       y       -       500       lmtp
+lmtp-filtermail unix  -       -       y       -       10000       lmtp
   -o syslog_name=postfix/lmtp-filtermail
   -o lmtp_header_checks=
   -o lmtp_tls_security_level=none

doc/source/faq.rst

@@ -60,7 +60,6 @@ and run the following commands:
    ::
 
        git pull origin main --rebase --autostash
-       scripts/initenv.sh
        scripts/cmdeploy run
 
 If you don't want the latest development version,