From 08dc28e3041550646cf8b45ccfccada2a0ffde3c Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sat, 8 Oct 2016 19:02:47 +0200 Subject: [PATCH] Fixes #346 and added a virusmail wiper triggered by a CRON (#347) * Fixes #346 and added a virusmail wiper triggered by a CRON * Renamed env to something more explicit VIRUSMAILS_DELETE_DELAY --- Dockerfile | 9 +++++---- Makefile | 2 +- README.md | 5 +++++ target/start-mailserver.sh | 6 ++++++ test/tests.bats | 29 +++++++++++++++++++++++++++-- 5 files changed, 44 insertions(+), 7 deletions(-) diff --git a/Dockerfile b/Dockerfile index 77346926..98f220d3 100644 --- a/Dockerfile +++ b/Dockerfile @@ -45,6 +45,10 @@ RUN DEBIAN_FRONTEND=noninteractive apt-get update -q --fix-missing && \ apt-get autoclean && rm -rf /var/lib/apt/lists/* && \ rm -rf /usr/share/locale/* && rm -rf /usr/share/man/* && rm -rf /usr/share/doc/* +# Enables Clamav +RUN (echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" ; crontab -l) | crontab - +RUN chmod 644 /etc/clamav/freshclam.conf && freshclam + # Configures Dovecot RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf RUN sed -i -e 's/#mail_plugins = \$mail_plugins/mail_plugins = \$mail_plugins sieve/g' /etc/dovecot/conf.d/15-lda.conf @@ -58,16 +62,13 @@ RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin RUN sed -i -r 's/#(@| \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_filter_mode RUN adduser clamav amavis && adduser amavis clamav RUN useradd -u 5000 -d /home/docker -s /bin/bash -p $(echo docker | openssl passwd -1 -stdin) docker +RUN (echo "0 4 * * * find /var/lib/amavis/virusmails/ -type f -mtime +\$VIRUSMAILS_DELETE_DELAY -delete" ; crontab -l) | crontab - # Configure Fail2ban COPY target/fail2ban/jail.conf /etc/fail2ban/jail.conf COPY target/fail2ban/filter.d/dovecot.conf /etc/fail2ban/filter.d/dovecot.conf RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf -# Enables Clamav -RUN (crontab; echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab - -RUN chmod 644 /etc/clamav/freshclam.conf && freshclam - # Enables Pyzor and Razor USER amavis RUN razor-admin -create && razor-admin -register && pyzor discover diff --git a/Makefile b/Makefile index b3dfcd4c..18545b96 100644 --- a/Makefile +++ b/Makefile @@ -23,9 +23,9 @@ run: -e SA_TAG=1.0 \ -e SA_TAG2=2.0 \ -e SA_KILL=3.0 \ + -e VIRUSMAILS_DELETE_DELAY=7 \ -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_MANAGESIEVE=1 \ - -e ONE_DIR=1 \ -e PERMIT_DOCKER=host\ -h mail.my-domain.com -t $(NAME) sleep 20 diff --git a/README.md b/README.md index 80b65ea3..71ae5f8e 100644 --- a/README.md +++ b/README.md @@ -156,3 +156,8 @@ Set different options for mynetworks option (can be overwrite in postfix-main.cf - **empty** => localhost only - host => Add docker host (ipv4 only) - network => Add all docker containers (ipv4 only) + +##### VIRUSMAILS_DELETE_DELAY + +Set how many days a virusmail will stay on the server before being deleted + - **empty** => 7 days diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 5d3aeae0..968ad9af 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -5,6 +5,12 @@ die () { exit 1 } +# +# Default variables +# + +echo "export VIRUSMAILS_DELETE_DELAY=${VIRUSMAILS_DELETE_DELAY:="7"}" >> /root/.bashrc + # # Users # diff --git a/test/tests.bats b/test/tests.bats index c9989ea5..d3b79d74 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -538,9 +538,34 @@ # @test "checking system: freshclam cron is enabled" { - run docker exec mail crontab -l + run docker exec mail bash -c "crontab -l | grep '/usr/bin/freshclam'" + [ "$status" -eq 0 ] +} + +@test "checking amavis: virusmail wiper cron exists" { + run docker exec mail bash -c "crontab -l | grep '/var/lib/amavis/virusmails/'" + [ "$status" -eq 0 ] +} + +@test "checking amavis: VIRUSMAILS_DELETE_DELAY override works as expected" { + run docker run -ti --rm -e VIRUSMAILS_DELETE_DELAY=2 `docker inspect --format '{{ .Config.Image }}' mail` /bin/bash -c 'echo $VIRUSMAILS_DELETE_DELAY | grep 2' + [ "$status" -eq 0 ] +} + +@test "checking amavis: old virusmail is wipped by cron" { + docker exec mail bash -c 'touch -d "`date --date=2000-01-01`" /var/lib/amavis/virusmails/should-be-deleted' + run docker exec -ti mail bash -c 'find /var/lib/amavis/virusmails/ -type f -mtime +$VIRUSMAILS_DELETE_DELAY -delete' + [ "$status" -eq 0 ] + run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-be-deleted' + [ "$status" -eq 1 ] +} + +@test "checking amavis: recent virusmail is not wipped by cron" { + docker exec mail bash -c 'touch -d "`date`" /var/lib/amavis/virusmails/should-not-be-deleted' + run docker exec -ti mail bash -c 'find /var/lib/amavis/virusmails/ -type f -mtime +$VIRUSMAILS_DELETE_DELAY -delete' + [ "$status" -eq 0 ] + run docker exec mail bash -c 'ls -la /var/lib/amavis/virusmails/ | grep should-not-be-deleted' [ "$status" -eq 0 ] - [ "$output" = "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" ] } @test "checking system: /var/log/mail/mail.log is error free" {