docker-mailserver/target/scripts/start-mailserver.sh

248 lines
7.5 KiB
Bash
Raw Normal View History

#!/bin/bash
# ------------------------------------------------------------
2022-03-21 12:42:12 +00:00
# ? >> Sourcing helpers & stacks
# 1. Helpers
# 2. Checks
# 3. Setup
# 4. Fixes
# 5. Miscellaneous
# 6. Daemons
# ------------------------------------------------------------
# shellcheck source=./helpers/index.sh
source /usr/local/bin/helpers/index.sh
2022-03-21 12:42:12 +00:00
# shellcheck source=./startup/check-stack.sh
source /usr/local/bin/check-stack.sh
# shellcheck source=./startup/setup-stack.sh
source /usr/local/bin/setup-stack.sh
# shellcheck source=./startup/fixes-stack.sh
source /usr/local/bin/fixes-stack.sh
# shellcheck source=./startup/misc-stack.sh
source /usr/local/bin/misc-stack.sh
# shellcheck source=./startup/daemons-stack.sh
source /usr/local/bin/daemons-stack.sh
# ------------------------------------------------------------
# ? << Sourcing helpers & stacks
# --
# ? >> Early setup & environment variables setup
2022-03-21 12:42:12 +00:00
# ------------------------------------------------------------
# shellcheck source=./helpers/variables.sh
source /usr/local/bin/helpers/variables.sh
_setup_supervisor
_obtain_hostname_and_domainname
_environment_variables_backwards_compatibility
_environment_variables_general_setup
# ------------------------------------------------------------
# ? << Early setup & environment variables setup
# --
# ? >> Registering functions
# ------------------------------------------------------------
2016-12-01 14:45:40 +00:00
function _register_functions
{
_log 'info' 'Initializing setup'
_log 'debug' 'Registering functions'
2016-12-01 14:45:40 +00:00
# ? >> Checks
2016-12-01 14:45:40 +00:00
_register_check_function '_check_hostname'
_register_check_function '_check_log_level'
2016-12-01 14:45:40 +00:00
# ? >> Setup
2016-12-01 14:45:40 +00:00
_register_setup_function '_setup_file_permissions'
_register_setup_function '_setup_timezone'
if [[ ${SMTP_ONLY} -ne 1 ]]
then
_register_setup_function '_setup_dovecot'
_register_setup_function '_setup_dovecot_dhparam'
_register_setup_function '_setup_dovecot_quota'
fi
case "${ACCOUNT_PROVISIONER}" in
( 'FILE' )
_register_setup_function '_setup_dovecot_local_user'
;;
( 'LDAP' )
_environment_variables_ldap
_register_setup_function '_setup_ldap'
;;
( 'OIDC' )
_register_setup_function '_setup_oidc'
;;
( * )
_shutdown "'${ACCOUNT_PROVISIONER}' is not a valid value for ACCOUNT_PROVISIONER"
;;
esac
if [[ ${ENABLE_SASLAUTHD} -eq 1 ]]
then
_environment_variables_saslauthd
_register_setup_function '_setup_saslauthd'
fi
[[ ${ENABLE_POSTGREY} -eq 1 ]] && _register_setup_function '_setup_postgrey'
[[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_postfix_inet_protocols'
[[ ${DOVECOT_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_dovecot_inet_protocols'
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
[[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
[[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]] && _register_setup_function '_setup_clamav_sizelimit'
[[ ${ENABLE_RSPAMD} -eq 1 ]] && _register_setup_function '_setup_rspamd'
feature: provide better rspamd suppport (#3016) * added options to toggle OpenDKIM & OpenDMARC rspamd can provide DKIM signing and DMARC checking itself, so users should be able to disable OpenDKIM & OpenDMARC. The default is left at 1, so users have to to opt-in when the want to disable the features. * misc small enhancements * adjusted start of rspamd The order of starting redis + rspamd was reversed (now correct) and rspamd now starts with the correct user. * adjusted rspamd core configuration The main configuration was revised. This includes AV configuration as well as worker/proxy/controller configuration used to control the main rspamd processes. The configuration is not tested extensively, but well enough that I am confident to go forward with it until we declare rspamd support as stable. * update & improve the documentation * add tests These are some initial tests which test the most basic functionality. * tests(refactor): Improve consistency and documentation for test helpers (#3012) * added `ALWAYS_RUN` target `Makefile` recipies (#3013) This ensures the recipies are always run. Co-authored-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com> * adjusted rspamd test to refactored test helper functions * improve documentation * apply suggestions from code review (no. 1 by @polarthene) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * streamline heredoc (EOM -> EOF) * adjust rspamd test (remove unnecessary run arguments) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-25 09:28:59 +00:00
_register_setup_function '_setup_dkim_dmarc'
_register_setup_function '_setup_ssl'
_register_setup_function '_setup_docker_permit'
_register_setup_function '_setup_mailname'
_register_setup_function '_setup_amavis'
_register_setup_function '_setup_dmarc_hostname'
_register_setup_function '_setup_postfix_hostname'
_register_setup_function '_setup_dovecot_hostname'
_register_setup_function '_setup_postfix_smtputf8'
_register_setup_function '_setup_postfix_sasl'
_register_setup_function '_setup_security_stack'
_register_setup_function '_setup_postfix_aliases'
_register_setup_function '_setup_postfix_vhost'
_register_setup_function '_setup_postfix_dhparam'
_register_setup_function '_setup_postfix_postscreen'
_register_setup_function '_setup_postfix_sizelimits'
# needs to come after _setup_postfix_aliases
[[ ${SPOOF_PROTECTION} -eq 1 ]] && _register_setup_function '_setup_spoof_protection'
if [[ ${ENABLE_FETCHMAIL} -eq 1 ]]
then
_register_setup_function '_setup_fetchmail'
[[ ${FETCHMAIL_PARALLEL} -eq 1 ]] && _register_setup_function '_setup_fetchmail_parallel'
fi
if [[ ${ENABLE_SRS} -eq 1 ]]
then
_register_setup_function '_setup_SRS'
_register_start_daemon '_start_daemon_postsrsd'
fi
2019-09-15 13:40:05 +00:00
_register_setup_function '_setup_postfix_access_control'
fix: `check-for-changes.sh` should not fall out of sync with shared logic (#2260) Removes duplicate logic from `check-for-changes.sh` that is used/maintained elsewhere to avoid risk of problems, as this code is already starting to diverge / rot. --- Previously the change detection support has had code added for rebuilding config upon change detection which is the same as code run during startup scripts. Unfortunately over time this has fallen out of sync. Mostly the startup scripts would get maintenance and the contributor and reviewers may not have been aware of the duplicate code handled by `check-for-changes.sh`. That code was starting to diverge in addition to some changes in structure (_eg: relay host logic seems interleaved here vs separated out in startup scripts_). I wanted to address this before it risks becoming a much bigger headache. Rather than bloat `helper-functions.sh` further, I've added a `helpers/` folder extracting relevant common logic between startup scripts and `changedetector`. If you want to follow that process I've kept scoped commits to make those diffs easier. Some minor changes/improvements were added but nothing significant. --- - chore: Extract relay host logic to new `relay.sh` helper - chore: Extract `/etc/postfix/sasl_passwd` logic to new `sasl.sh` helper - chore: Extract `postfix-accounts.cf` logic to new `accounts.sh` helper - chore: Extract `/etc/aliases` logic to new `aliases.sh` helper - chore: Extract `/etc/postfix/vhost` logic to new `postfix.sh` helper - chore: Add inline docs for Postfix configs > These are possibly more verbose than needed and can be reduced at a later stage. > They are helpful during this refactor process while investigating that everything is handled correctly. `accounts.sh`: - Add note regarding potential bug for bare domain setups with `/etc/postfix/vhost` and `mydestination` sharing same domain value. `relay.sh`: - Remove the tabs for a single space delimiter, revised associated comment. - Add PR reference for original `_populate_relayhost_map` implementation which has some useful details. Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Co-authored-by: Casper <casperklein@users.noreply.github.com>
2021-11-20 20:33:49 +00:00
_register_setup_function '_setup_postfix_relay_hosts'
2016-12-01 14:45:40 +00:00
tests(refactor): `mail_lmtp_ip.bats` (#3004) * chore: Drop ENV `ENABLE_POSTFIX_VIRTUAL_TRANSPORT` * tests(chore): Remove redundant `dovecot-lmtp` config None of this is needed. Only relevant change is changing the LMTP service listener for Dovecot and that can be delegated to `user-patches.sh`. * tests(refactor): Use `user-patches.sh` instead of replacing config file The only relevant changes in `test/config/dovecot-lmtp` regarding LMTP was: - `/etc/dovecot/dovecot.conf` (`protocols = imap lmtp`) and `/etc/dovecot/protocols.d/` (`protocols = $protocols lmtp`). - `conf.d/10-master.conf` only changed the LMTP service listener from a unix socket to TCP on port 24 (_this was the only change required for the test to pass_). None of those configs are required as: - `protocols = imap pop3 lmtp` [is the upstream default](https://doc.dovecot.org/settings/core/#core_setting-protocols), no need to add `lmtp`. - The LMTP service listener is now configured for the test with `user-patches.sh`. * tests(refactor): `mail_lmtp_ip.bats` - Converted to new testing conventions and common container helpers. - `ENABLE_POSTFIX_VIRTUAL_TRANSPORT` was not relevant, dropped. - Revised test cases, logic remains the same. - Large custom config used was not documented and doesn't appear to serve any purpose. Simplified by replacing with a single modification with `user-patches.sh`. - Added some additional comments for context of test and improvements that could be made. * tests(chore): Adjust comments The comment from `mail_hostname` provides no valid context, it was likely copied over from `tests.bats` in Oct 2020 by accident. The email sent is just for testing, nothing relevant to LMTP. --- Added additional comment for test to reference extra information from. * tests(chore): Update similar log line matching Extracts out the match pattern and formatting commands into separate vars (reduces horizontal scrolling), and includes extra docs about what the matched line should be expected to look like.
2023-01-15 05:33:31 +00:00
[[ -n ${POSTFIX_DAGENT} ]] && _register_setup_function '_setup_postfix_virtual_transport'
2016-12-01 14:45:40 +00:00
_register_setup_function '_setup_postfix_override_configuration'
_register_setup_function '_setup_logrotate'
_register_setup_function '_setup_mail_summary'
_register_setup_function '_setup_logwatch'
2016-12-01 14:45:40 +00:00
# ? >> Fixes
_register_fix_function '_fix_var_mail_permissions'
2016-12-01 14:45:40 +00:00
[[ ${ENABLE_CLAMAV} -eq 0 ]] && _register_fix_function '_fix_cleanup_clamav'
[[ ${ENABLE_SPAMASSASSIN} -eq 0 ]] && _register_fix_function '_fix_cleanup_spamassassin'
2016-12-01 14:45:40 +00:00
# ? >> Miscellaneous
2016-12-01 14:45:40 +00:00
_register_misc_function '_misc_save_states'
_register_setup_function '_environment_variables_export'
# ? >> Daemons
2016-12-01 14:45:40 +00:00
_register_start_daemon '_start_daemon_cron'
_register_start_daemon '_start_daemon_rsyslog'
2016-12-01 14:45:40 +00:00
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemon_dovecot'
[[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemon_update_check'
2016-12-01 14:45:40 +00:00
if [[ ${ENABLE_RSPAMD} -eq 1 ]]
then
_register_start_daemon '_start_daemon_redis'
feature: provide better rspamd suppport (#3016) * added options to toggle OpenDKIM & OpenDMARC rspamd can provide DKIM signing and DMARC checking itself, so users should be able to disable OpenDKIM & OpenDMARC. The default is left at 1, so users have to to opt-in when the want to disable the features. * misc small enhancements * adjusted start of rspamd The order of starting redis + rspamd was reversed (now correct) and rspamd now starts with the correct user. * adjusted rspamd core configuration The main configuration was revised. This includes AV configuration as well as worker/proxy/controller configuration used to control the main rspamd processes. The configuration is not tested extensively, but well enough that I am confident to go forward with it until we declare rspamd support as stable. * update & improve the documentation * add tests These are some initial tests which test the most basic functionality. * tests(refactor): Improve consistency and documentation for test helpers (#3012) * added `ALWAYS_RUN` target `Makefile` recipies (#3013) This ensures the recipies are always run. Co-authored-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com> * adjusted rspamd test to refactored test helper functions * improve documentation * apply suggestions from code review (no. 1 by @polarthene) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * streamline heredoc (EOM -> EOF) * adjust rspamd test (remove unnecessary run arguments) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-25 09:28:59 +00:00
_register_start_daemon '_start_daemon_rspamd'
fi
# needs to be started before SASLauthd
feature: provide better rspamd suppport (#3016) * added options to toggle OpenDKIM & OpenDMARC rspamd can provide DKIM signing and DMARC checking itself, so users should be able to disable OpenDKIM & OpenDMARC. The default is left at 1, so users have to to opt-in when the want to disable the features. * misc small enhancements * adjusted start of rspamd The order of starting redis + rspamd was reversed (now correct) and rspamd now starts with the correct user. * adjusted rspamd core configuration The main configuration was revised. This includes AV configuration as well as worker/proxy/controller configuration used to control the main rspamd processes. The configuration is not tested extensively, but well enough that I am confident to go forward with it until we declare rspamd support as stable. * update & improve the documentation * add tests These are some initial tests which test the most basic functionality. * tests(refactor): Improve consistency and documentation for test helpers (#3012) * added `ALWAYS_RUN` target `Makefile` recipies (#3013) This ensures the recipies are always run. Co-authored-by: georglauterbach <44545919+georglauterbach@users.noreply.github.com> * adjusted rspamd test to refactored test helper functions * improve documentation * apply suggestions from code review (no. 1 by @polarthene) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com> * streamline heredoc (EOM -> EOF) * adjust rspamd test (remove unnecessary run arguments) Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2023-01-25 09:28:59 +00:00
[[ ${ENABLE_OPENDKIM} -eq 1 ]] && _register_start_daemon '_start_daemon_opendkim'
[[ ${ENABLE_OPENDMARC} -eq 1 ]] && _register_start_daemon '_start_daemon_opendmarc'
2016-12-01 14:45:40 +00:00
# needs to be started before postfix
[[ ${ENABLE_POSTGREY} -eq 1 ]] && _register_start_daemon '_start_daemon_postgrey'
_register_start_daemon '_start_daemon_postfix'
# needs to be started after postfix
[[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_start_daemon '_start_daemon_saslauthd'
[[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_start_daemon '_start_daemon_fail2ban'
[[ ${ENABLE_FETCHMAIL} -eq 1 ]] && _register_start_daemon '_start_daemon_fetchmail'
[[ ${ENABLE_CLAMAV} -eq 1 ]] && _register_start_daemon '_start_daemon_clamav'
[[ ${ACCOUNT_PROVISIONER} == 'FILE' ]] && _register_start_daemon '_start_daemon_changedetector'
[[ ${ENABLE_AMAVIS} -eq 1 ]] && _register_start_daemon '_start_daemon_amavis'
2016-12-01 14:45:40 +00:00
}
function _register_start_daemon
{
DAEMONS_START+=("${1}")
_log 'trace' "${1}() registered"
2016-12-01 14:45:40 +00:00
}
function _register_setup_function
{
FUNCS_SETUP+=("${1}")
_log 'trace' "${1}() registered"
2016-12-01 14:45:40 +00:00
}
function _register_fix_function
{
FUNCS_FIX+=("${1}")
_log 'trace' "${1}() registered"
2016-12-01 14:45:40 +00:00
}
function _register_check_function
{
FUNCS_CHECK+=("${1}")
_log 'trace' "${1}() registered"
2016-12-01 14:45:40 +00:00
}
function _register_misc_function
{
FUNCS_MISC+=("${1}")
_log 'trace' "${1}() registered"
2016-12-01 14:45:40 +00:00
}
# ------------------------------------------------------------
# ? << Registering functions
# --
# ? >> Executing all stacks / actual start of DMS
# ------------------------------------------------------------
_log 'info' "Welcome to docker-mailserver $(</VERSION)"
_register_functions
_check
_setup
[[ ${LOG_LEVEL} =~ (debug|trace) ]] && print-environment
_apply_fixes
_start_misc
_setup_user_patches
_start_daemons
# marker to check if container was restarted
date >/CONTAINER_START
2022-01-07 23:25:09 +00:00
_log 'info' "${HOSTNAME} is up and running"
touch /var/log/mail/mail.log
2021-05-17 12:54:43 +00:00
tail -Fn 0 /var/log/mail/mail.log
2016-12-01 14:45:40 +00:00
exit 0