github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Add PERMIT_DOCKER=connected-networks

Browse source
This commit is contained in:
Martin Schulze 2019-08-02 15:05:00 +02:00
parent 33c85d75ad
commit 234632913e
4 changed files with 35 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
Makefile
View file

@ -1,4 +1,5 @@
NAME = tvial/docker-mailserver:testing NAME = tvial/docker-mailserver:testing
NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME=non-default-docker-mail-network
all: build-no-cache backup generate-accounts run generate-accounts-after-run fixtures tests clean all: build-no-cache backup generate-accounts run generate-accounts-after-run fixtures tests clean
all-fast: build backup generate-accounts run generate-accounts-after-run fixtures tests clean all-fast: build backup generate-accounts run generate-accounts-after-run fixtures tests clean
@ -26,6 +27,19 @@ generate-accounts:
docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf
run: run:
docker network create --driver bridge --subnet 192.168.133.0/24 $(NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME)
# use two networks (default ("bridge") and our custom network) to recreate problematic test case where PERMIT_DOCKER=host would not help
docker run -d --name mail_smtponly_second_network \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test":/tmp/docker-mailserver-test \
-e SMTP_ONLY=1 \
-e PERMIT_DOCKER=connected-networks \
-e DMS_DEBUG=0 \
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
--network bridge \
--network $(NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME) \
-t $(NAME)
sleep 15
# Run containers # Run containers
docker run -d --name mail \ docker run -d --name mail \
-v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test/config":/tmp/docker-mailserver \
@ -319,8 +333,10 @@ clean:
mail_domainname \ mail_domainname \
mail_srs_domainname \ mail_srs_domainname \
mail_with_relays \ mail_with_relays \
mail_with_default_relay mail_with_default_relay \
mail_smtponly_second_network
docker network rm ${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}
@if [ -d config.bak ]; then\ @if [ -d config.bak ]; then\
rm -rf config ;\ rm -rf config ;\
mv config.bak config ;\ mv config.bak config ;\

3
README.md
View file

@ -285,7 +285,8 @@ Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as f
Set different options for mynetworks option (can be overwrite in postfix-main.cf) Set different options for mynetworks option (can be overwrite in postfix-main.cf)
- **empty** => localhost only - **empty** => localhost only
- host => Add docker host (ipv4 only) - host => Add docker host (ipv4 only)
- network => Add all docker containers (ipv4 only) - network => Add the docker default bridge network (172.16.0.0/12); **WARNING**: `docker-compose` might use others (e.g. 192.168.0.0/16) use `PERMIT_DOCKER=connected-networks` in this case
- connected-networks => Add all connected docker networks (ipv4 only)
##### VIRUSMAILS_DELETE_DELAY ##### VIRUSMAILS_DELETE_DELAY

10
target/start-mailserver.sh
View file

@ -1016,6 +1016,7 @@ function _setup_docker_permit() {
container_ip=$(ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1) container_ip=$(ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1)
container_network="$(echo $container_ip | cut -d '.' -f1-2).0.0" container_network="$(echo $container_ip | cut -d '.' -f1-2).0.0"
container_networks=$(ip -o -4 addr show type veth | egrep -o '[0-9\.]+/[0-9]+')
case $PERMIT_DOCKER in case $PERMIT_DOCKER in
"host" ) "host" )
@ -1031,7 +1032,14 @@ function _setup_docker_permit() {
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
;; ;;
"connected-networks" )
for network in $container_networks; do
notify 'inf' "Adding docker network $network in my networks"
postconf -e "$(postconf | grep '^mynetworks =') $network"
echo $network >> /etc/opendmarc/ignore.hosts
echo $network >> /etc/opendkim/TrustedHosts
done
;;
* ) * )
notify 'inf' "Adding container ip in my networks" notify 'inf' "Adding container ip in my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32" postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32"

7
test/tests.bats
View file

@ -1227,6 +1227,13 @@ function count_processed_changes() {
assert_success assert_success
} }
@test "checking PERMIT_DOCKER: connected-networks" {
run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'"
assert_success
run docker exec mail_pop3 /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'"
assert_success
}
# #
# amavis # amavis
# #