* postfix: removed TLS1.0/1.1 support (natively)
* postfix: upgrade to deb12 + pf to 3.7.9
* compose: increased postfix tag
* postfix: shortened TLS syntax with new format of 3.6+
* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to acme.sh
* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to docker-compose.yml
* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to generate_config.sh
* Add ACME_DONT_FETCH_CERTS_FOR_HTTP_SUBDOMAINS to update.sh
* AUTODISCOVER_SAN instead of long string
default on,
default is fetching certs for auto{discover,conf}
* AUTODISCOVER_SAN instead of long string
also flipped
* AUTODISCOVER_SAN instead of long string
flipped default meaning
* fix explanation for AUTODISCOVER_SAN
* AUTODISCOVER_SAN instead of long string
and flipped meaning of the bool
* fix AUTODISCOVER_SAN explanation
* Merge branch 'mailcow:staging' into staging
* update.sh: corrected syntax for mailcow.conf insertion
[Netfilter] add mailcow rule to docker-user chain
[Netfilter] add mailcow isolation rule to MAILCOW chain
[Netfilter] add mailcow isolation rule to MAILCOW chain
[Netfilter] set mailcow isolation rule before redis
[Netfilter] clear bans in redis after connecting
[Netfilter] simplify mailcow isolation rule for compatibility with iptables-nft
[Netfilter] stop container after mariadb, redis, dovecot, solr
[Netfilter] simplify mailcow isolation rule for compatibility with iptables-nft
[Netfilter] add exception for mailcow isolation rule for HA setups
[Netfilter] add exception for mailcow isolation rule for HA setups
[Netfilter] add DISABLE_NETFILTER_ISOLATION_RULE
[Netfilter] fix wrong var name
[Netfilter] add DISABLE_NETFILTER_ISOLATION_RULE to update and generate_config sh
The default behavior is still the old one (send a notifcation when the
watchdog is started), but this notification can now be suppressed by
setting WATCHDOG_NOTIFY_START=n.
