mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
scripts: new log (#2493)
* added new `_log` function With `_log`, the `_notify` method wa rendered obsolete. `_notify` was not completely removed due to test failures in `check-for-changes.sh`. The new `_log` function properly uses log levels such as `trace`, `debug`, `info`, `warn` and `error`. It provides a cleaner solution and renders `DMS_DEBUG` obsolete too (as only `_notify` depends on it). * converted all helper script to new `_log` function * converted all startup stacks to new `log` function * `start-mailserver.sh` now uses new `_log` function * final test and misc small script adjustments * updated documentation
This commit is contained in:
parent
d8d4b6a189
commit
24031ae365
|
@ -15,9 +15,17 @@ title: Environment Variables
|
||||||
|
|
||||||
##### DMS_DEBUG
|
##### DMS_DEBUG
|
||||||
|
|
||||||
|
This environment variable is deprecated. Use `LOG_LEVEL` instead.
|
||||||
|
|
||||||
- **0** => Debug disabled
|
- **0** => Debug disabled
|
||||||
- 1 => Enables debug on startup
|
- 1 => Enables debug on startup
|
||||||
|
|
||||||
|
##### LOG_LEVEL
|
||||||
|
|
||||||
|
Set the log level for DMS. This is mostly relevant for container startup scripts and change detection event feedback.
|
||||||
|
|
||||||
|
Valid values (in order of increasing verbosity) are: `error`, `warn`, `info`, `debug` and `trace`. The default log level is `info`.
|
||||||
|
|
||||||
##### SUPERVISOR_LOGLEVEL
|
##### SUPERVISOR_LOGLEVEL
|
||||||
|
|
||||||
Here you can adjust the [log-level for Supervisor](http://supervisord.org/logging.html#activity-log-levels). Possible values are
|
Here you can adjust the [log-level for Supervisor](http://supervisord.org/logging.html#activity-log-levels). Possible values are
|
||||||
|
|
|
@ -115,7 +115,7 @@ A positive example, which is taken from `setup-stack.sh`, would be
|
||||||
```bash
|
```bash
|
||||||
function _setup_postfix_aliases
|
function _setup_postfix_aliases
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Postfix Aliases'
|
_log 'debug' 'Setting up Postfix aliases'
|
||||||
|
|
||||||
: >/etc/postfix/virtual
|
: >/etc/postfix/virtual
|
||||||
: >/etc/postfix/regexp
|
: >/etc/postfix/regexp
|
||||||
|
@ -139,10 +139,10 @@ function _setup_postfix_aliases
|
||||||
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
|
DOMAIN=$(echo "${FROM}" | cut -d @ -f2)
|
||||||
|
|
||||||
# if they are equal it means the line looks like: "user1 other@example.com"
|
# if they are equal it means the line looks like: "user1 other@example.com"
|
||||||
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >> /tmp/vhost.tmp
|
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
|
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
|
||||||
else
|
else
|
||||||
_notify 'inf' "Warning '/tmp/docker-mailserver/postfix-virtual.cf' is not provided. No mail alias/forward created."
|
_log 'debug' "'/tmp/docker-mailserver/postfix-virtual.cf' not provided - no mail alias/forward created"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -13,10 +13,18 @@
|
||||||
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
|
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
|
||||||
OVERRIDE_HOSTNAME=
|
OVERRIDE_HOSTNAME=
|
||||||
|
|
||||||
|
# (deprecated: use LOG_LEVEL instead)
|
||||||
# 0 => Debug disabled
|
# 0 => Debug disabled
|
||||||
# 1 => Enables debug on startup
|
# 1 => Enables debug on startup
|
||||||
DMS_DEBUG=0
|
DMS_DEBUG=0
|
||||||
|
|
||||||
|
# Set the log level for DMS.
|
||||||
|
# This is mostly relevant for container startup scripts and change detection event feedback.
|
||||||
|
#
|
||||||
|
# Valid values (in order of increasing verbosity) are: `error`, `warn`, `info`, `debug` and `trace`.
|
||||||
|
# The default log level is `info`.
|
||||||
|
LOG_LEVEL=info
|
||||||
|
|
||||||
# critical => Only show critical messages
|
# critical => Only show critical messages
|
||||||
# error => Only show erroneous output
|
# error => Only show erroneous output
|
||||||
# **warn** => Show warnings
|
# **warn** => Show warnings
|
||||||
|
|
|
@ -3,5 +3,5 @@
|
||||||
# shellcheck source=../scripts/helpers/index.sh
|
# shellcheck source=../scripts/helpers/index.sh
|
||||||
source /usr/local/bin/helpers/index.sh
|
source /usr/local/bin/helpers/index.sh
|
||||||
|
|
||||||
_notify 'inf' 'Printing environment variables. Make sure no sensitive data is copied.'
|
_log 'debug' 'Printing environment variables. Make sure no sensitive data is copied.'
|
||||||
cat /etc/dms-settings
|
cat /etc/dms-settings
|
||||||
|
|
|
@ -15,10 +15,10 @@ function _create_accounts
|
||||||
|
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] && [[ ${ENABLE_LDAP} -ne 1 ]]
|
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] && [[ ${ENABLE_LDAP} -ne 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Checking file line endings"
|
_log 'trace' "Checking file line endings"
|
||||||
sed -i 's|\r||g' /tmp/docker-mailserver/postfix-accounts.cf
|
sed -i 's|\r||g' /tmp/docker-mailserver/postfix-accounts.cf
|
||||||
|
|
||||||
_notify 'inf' "Regenerating postfix user list"
|
_log 'trace' "Regenerating postfix user list"
|
||||||
echo "# WARNING: this file is auto-generated. Modify /tmp/docker-mailserver/postfix-accounts.cf to edit the user list." > /etc/postfix/vmailbox
|
echo "# WARNING: this file is auto-generated. Modify /tmp/docker-mailserver/postfix-accounts.cf to edit the user list." > /etc/postfix/vmailbox
|
||||||
|
|
||||||
# checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
|
# checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
|
||||||
|
@ -54,9 +54,9 @@ function _create_accounts
|
||||||
|
|
||||||
if [[ -z ${USER_ATTRIBUTES} ]]
|
if [[ -z ${USER_ATTRIBUTES} ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Creating user '${USER}' for domain '${DOMAIN}'"
|
_log 'debug' "Creating user '${USER}' for domain '${DOMAIN}'"
|
||||||
else
|
else
|
||||||
_notify 'inf' "Creating user '${USER}' for domain '${DOMAIN}' with attributes '${USER_ATTRIBUTES}'"
|
_log 'debug' "Creating user '${USER}' for domain '${DOMAIN}' with attributes '${USER_ATTRIBUTES}'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
local POSTFIX_VMAILBOX_LINE DOVECOT_USERDB_LINE
|
local POSTFIX_VMAILBOX_LINE DOVECOT_USERDB_LINE
|
||||||
|
@ -64,7 +64,7 @@ function _create_accounts
|
||||||
POSTFIX_VMAILBOX_LINE="${LOGIN} ${DOMAIN}/${USER}/"
|
POSTFIX_VMAILBOX_LINE="${LOGIN} ${DOMAIN}/${USER}/"
|
||||||
if grep -qF "${POSTFIX_VMAILBOX_LINE}" /etc/postfix/vmailbox
|
if grep -qF "${POSTFIX_VMAILBOX_LINE}" /etc/postfix/vmailbox
|
||||||
then
|
then
|
||||||
_notify 'warn' "User '${USER}@${DOMAIN}' will not be added to '/etc/postfix/vmailbox' twice"
|
_log 'warn' "User '${USER}@${DOMAIN}' will not be added to '/etc/postfix/vmailbox' twice"
|
||||||
else
|
else
|
||||||
echo "${POSTFIX_VMAILBOX_LINE}" >>/etc/postfix/vmailbox
|
echo "${POSTFIX_VMAILBOX_LINE}" >>/etc/postfix/vmailbox
|
||||||
fi
|
fi
|
||||||
|
@ -74,7 +74,7 @@ function _create_accounts
|
||||||
DOVECOT_USERDB_LINE="${LOGIN}:${PASS}:5000:5000::/var/mail/${DOMAIN}/${USER}::${USER_ATTRIBUTES}"
|
DOVECOT_USERDB_LINE="${LOGIN}:${PASS}:5000:5000::/var/mail/${DOMAIN}/${USER}::${USER_ATTRIBUTES}"
|
||||||
if grep -qF "${DOVECOT_USERDB_LINE}" "${DOVECOT_USERDB_FILE}"
|
if grep -qF "${DOVECOT_USERDB_LINE}" "${DOVECOT_USERDB_FILE}"
|
||||||
then
|
then
|
||||||
_notify 'warn' "Login '${LOGIN}' will not be added to '${DOVECOT_USERDB_FILE}' twice"
|
_log 'warn' "Login '${LOGIN}' will not be added to '${DOVECOT_USERDB_FILE}' twice"
|
||||||
else
|
else
|
||||||
echo "${DOVECOT_USERDB_LINE}" >>"${DOVECOT_USERDB_FILE}"
|
echo "${DOVECOT_USERDB_LINE}" >>"${DOVECOT_USERDB_FILE}"
|
||||||
fi
|
fi
|
||||||
|
@ -87,7 +87,7 @@ function _create_accounts
|
||||||
cp "/tmp/docker-mailserver/${LOGIN}.dovecot.sieve" "/var/mail/${DOMAIN}/${USER}/.dovecot.sieve"
|
cp "/tmp/docker-mailserver/${LOGIN}.dovecot.sieve" "/var/mail/${DOMAIN}/${USER}/.dovecot.sieve"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "${DOMAIN}" >> /tmp/vhost.tmp
|
echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf)
|
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf)
|
||||||
|
|
||||||
_create_dovecot_alias_dummy_accounts
|
_create_dovecot_alias_dummy_accounts
|
||||||
|
@ -128,11 +128,11 @@ function _create_dovecot_alias_dummy_accounts
|
||||||
|
|
||||||
if ! grep -q "${REAL_FQUN}" /tmp/docker-mailserver/postfix-accounts.cf
|
if ! grep -q "${REAL_FQUN}" /tmp/docker-mailserver/postfix-accounts.cf
|
||||||
then
|
then
|
||||||
_notify 'inf' "Alias '${ALIAS}' is non-local (or mapped to a non-existing account) and will not be added to Dovecot's userdb"
|
_log 'debug' "Alias '${ALIAS}' is non-local (or mapped to a non-existing account) and will not be added to Dovecot's userdb"
|
||||||
continue
|
continue
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_notify 'inf' "Adding alias '${ALIAS}' for user '${REAL_FQUN}' to Dovecot's userdb"
|
_log 'debug' "Adding alias '${ALIAS}' for user '${REAL_FQUN}' to Dovecot's userdb"
|
||||||
|
|
||||||
# ${REAL_ACC[0]} => real account name (e-mail address) == ${REAL_FQUN}
|
# ${REAL_ACC[0]} => real account name (e-mail address) == ${REAL_FQUN}
|
||||||
# ${REAL_ACC[1]} => password hash
|
# ${REAL_ACC[1]} => password hash
|
||||||
|
@ -157,7 +157,7 @@ function _create_dovecot_alias_dummy_accounts
|
||||||
DOVECOT_USERDB_LINE="${ALIAS}:${REAL_ACC[1]}:5000:5000::/var/mail/${REAL_DOMAINNAME}/${REAL_USERNAME}::${REAL_ACC[2]:-}"
|
DOVECOT_USERDB_LINE="${ALIAS}:${REAL_ACC[1]}:5000:5000::/var/mail/${REAL_DOMAINNAME}/${REAL_USERNAME}::${REAL_ACC[2]:-}"
|
||||||
if grep -qF "${DOVECOT_USERDB_LINE}" "${DOVECOT_USERDB_FILE}"
|
if grep -qF "${DOVECOT_USERDB_LINE}" "${DOVECOT_USERDB_FILE}"
|
||||||
then
|
then
|
||||||
_notify 'warn' "Alias '${ALIAS}' will not be added to '${DOVECOT_USERDB_FILE}' twice"
|
_log 'warn' "Alias '${ALIAS}' will not be added to '${DOVECOT_USERDB_FILE}' twice"
|
||||||
else
|
else
|
||||||
echo "${DOVECOT_USERDB_LINE}" >>"${DOVECOT_USERDB_FILE}"
|
echo "${DOVECOT_USERDB_LINE}" >>"${DOVECOT_USERDB_FILE}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -32,7 +32,7 @@ function _handle_postfix_virtual_config
|
||||||
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp
|
[[ ${UNAME} != "${DOMAIN}" ]] && echo "${DOMAIN}" >>/tmp/vhost.tmp
|
||||||
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
|
done < <(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true)
|
||||||
else
|
else
|
||||||
_notify 'inf' "Warning '/tmp/docker-mailserver/postfix-virtual.cf' is not provided. No mail alias/forward created."
|
_log 'debug' "'/tmp/docker-mailserver/postfix-virtual.cf' not provided - no mail alias/forward created"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ function _handle_postfix_regexp_config
|
||||||
{
|
{
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-regexp.cf ]]
|
if [[ -f /tmp/docker-mailserver/postfix-regexp.cf ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Adding regexp alias file postfix-regexp.cf"
|
_log 'trace' "Adding regexp alias file postfix-regexp.cf"
|
||||||
|
|
||||||
cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp
|
cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp
|
||||||
|
|
||||||
|
@ -55,7 +55,7 @@ function _handle_postfix_regexp_config
|
||||||
|
|
||||||
function _handle_postfix_aliases_config
|
function _handle_postfix_aliases_config
|
||||||
{
|
{
|
||||||
_notify 'inf' 'Configuring root alias'
|
_log 'trace' 'Configuring root alias'
|
||||||
|
|
||||||
echo "root: ${POSTMASTER_ADDRESS}" >/etc/aliases
|
echo "root: ${POSTMASTER_ADDRESS}" >/etc/aliases
|
||||||
|
|
||||||
|
@ -63,7 +63,7 @@ function _handle_postfix_aliases_config
|
||||||
then
|
then
|
||||||
cat /tmp/docker-mailserver/postfix-aliases.cf >>/etc/aliases
|
cat /tmp/docker-mailserver/postfix-aliases.cf >>/etc/aliases
|
||||||
else
|
else
|
||||||
_notify 'inf' "'/tmp/docker-mailserver/postfix-aliases.cf' is not provided, it will be auto created."
|
_log 'trace' "'/tmp/docker-mailserver/postfix-aliases.cf' is not provided, it will be auto created."
|
||||||
: >/tmp/docker-mailserver/postfix-aliases.cf
|
: >/tmp/docker-mailserver/postfix-aliases.cf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,14 @@
|
||||||
|
|
||||||
function _errex
|
function _errex
|
||||||
{
|
{
|
||||||
echo -e "Error :: ${*}\nAborting." >&2
|
if [[ -n ${1+set} ]]
|
||||||
|
then
|
||||||
|
_log 'error' "${1}"
|
||||||
|
else
|
||||||
|
_log 'error' "Call to '_errex' is missing a message to log"
|
||||||
|
fi
|
||||||
|
|
||||||
|
_log 'error' 'Aborting'
|
||||||
exit 1
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -62,13 +69,13 @@ function dms_panic__no_file { dms_panic 'no-file' "${1}" "${2}"; }
|
||||||
function dms_panic__misconfigured { dms_panic 'misconfigured' "${1}" "${2}"; }
|
function dms_panic__misconfigured { dms_panic 'misconfigured' "${1}" "${2}"; }
|
||||||
function dms_panic__invalid_value { dms_panic 'invalid-value' "${1}" "${2}"; }
|
function dms_panic__invalid_value { dms_panic 'invalid-value' "${1}" "${2}"; }
|
||||||
|
|
||||||
# Call this method when you want to panic (emit a 'FATAL' log level error, and exit uncleanly).
|
# Call this method when you want to panic (i.e. emit an 'ERROR' log, and exit uncleanly).
|
||||||
# `dms_panic` methods should be preferred if your failure type is supported.
|
# `dms_panic` methods should be preferred if your failure type is supported.
|
||||||
function _shutdown
|
function _shutdown
|
||||||
{
|
{
|
||||||
local FATAL_ERROR_MESSAGE=$1
|
_log 'error' "${1}"
|
||||||
|
_log 'error' 'Shutting down'
|
||||||
|
|
||||||
_notify 'fatal' "${FATAL_ERROR_MESSAGE}"
|
|
||||||
_notify 'err' "Shutting down.."
|
|
||||||
kill 1
|
kill 1
|
||||||
|
exit 1
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,19 +12,20 @@ function _create_lock
|
||||||
LOCK_FILE="/tmp/docker-mailserver/${SCRIPT_NAME}.lock"
|
LOCK_FILE="/tmp/docker-mailserver/${SCRIPT_NAME}.lock"
|
||||||
while [[ -e "${LOCK_FILE}" ]]
|
while [[ -e "${LOCK_FILE}" ]]
|
||||||
do
|
do
|
||||||
_notify 'warn' "Lock file ${LOCK_FILE} exists. Another ${SCRIPT_NAME} execution is happening. Trying again shortly..."
|
_log 'warn' "Lock file '${LOCK_FILE}' exists - another execution of '${SCRIPT_NAME}' is happening - trying again shortly"
|
||||||
# Handle stale lock files left behind on crashes
|
# Handle stale lock files left behind on crashes
|
||||||
# or premature/non-graceful exits of containers while they're making changes
|
# or premature/non-graceful exits of containers while they're making changes
|
||||||
if [[ -n "$(find "${LOCK_FILE}" -mmin +1 2>/dev/null)" ]]
|
if [[ -n "$(find "${LOCK_FILE}" -mmin +1 2>/dev/null)" ]]
|
||||||
then
|
then
|
||||||
_notify 'warn' "Lock file older than 1 minute. Removing stale lock file."
|
_log 'warn' 'Lock file older than 1 minute - removing stale lock file'
|
||||||
rm -f "${LOCK_FILE}"
|
rm -f "${LOCK_FILE}"
|
||||||
_notify 'inf' "Removed stale lock ${LOCK_FILE}."
|
|
||||||
fi
|
fi
|
||||||
sleep 5
|
sleep 5
|
||||||
done
|
done
|
||||||
trap _remove_lock EXIT
|
trap _remove_lock EXIT
|
||||||
echo "${LOCK_ID}" > "${LOCK_FILE}"
|
|
||||||
|
_log 'trace' "Creating lock ${LOCK_FILE}"
|
||||||
|
echo "${LOCK_ID}" >"${LOCK_FILE}"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _remove_lock
|
function _remove_lock
|
||||||
|
@ -34,6 +35,6 @@ function _remove_lock
|
||||||
if [[ -e "${LOCK_FILE}" ]] && grep -q "${LOCK_ID}" "${LOCK_FILE}" # Ensure we don't delete a lock that's not ours
|
if [[ -e "${LOCK_FILE}" ]] && grep -q "${LOCK_ID}" "${LOCK_FILE}" # Ensure we don't delete a lock that's not ours
|
||||||
then
|
then
|
||||||
rm -f "${LOCK_FILE}"
|
rm -f "${LOCK_FILE}"
|
||||||
_notify 'inf' "Removed lock ${LOCK_FILE}."
|
_log 'trace' "Removed lock ${LOCK_FILE}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,100 @@
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
|
LOG_RESET='\e[0m'
|
||||||
|
LOG_LGRAY='\e[37m'
|
||||||
|
LOG_LBLUE='\e[94m'
|
||||||
|
LOG_BLUE='\e[34m'
|
||||||
|
LOG_LYELLOW='\e[93m'
|
||||||
|
LOG_RED='\e[91m'
|
||||||
|
|
||||||
|
# ### DMS Logging Functionality
|
||||||
|
#
|
||||||
|
# This function provides the logging for scripts used by DMS.
|
||||||
|
# It adheres to the convention for log levels.
|
||||||
|
# Valid values (in order of increasing verbosity) are: `error`,
|
||||||
|
# `warn`, `info`, `debug` and `trace`. The default log level
|
||||||
|
# is `info`.
|
||||||
|
#
|
||||||
|
# #### Arguments
|
||||||
|
#
|
||||||
|
# $1 :: the log level to log the message with
|
||||||
|
# $2 :: the message
|
||||||
|
#
|
||||||
|
# #### Panics
|
||||||
|
#
|
||||||
|
# If the first argument is not set or invalid, an error
|
||||||
|
# message is logged. Likewise when the second argument
|
||||||
|
# is missing. Both failures will return with exit code '1'.
|
||||||
|
function _log
|
||||||
|
{
|
||||||
|
if [[ -z ${1+set} ]]
|
||||||
|
then
|
||||||
|
echo "Call to '_log' is missing a valid log level" >&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [[ -z ${2+set} ]]
|
||||||
|
then
|
||||||
|
echo "Call to '_log' is missing a message to log" >&2
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
local MESSAGE LEVEL_AS_INT
|
||||||
|
MESSAGE="${LOG_RESET}["
|
||||||
|
|
||||||
|
case "${LOG_LEVEL:-}" in
|
||||||
|
( 'trace' ) LEVEL_AS_INT=5 ;;
|
||||||
|
( 'debug' ) LEVEL_AS_INT=4 ;;
|
||||||
|
( 'warn' ) LEVEL_AS_INT=2 ;;
|
||||||
|
( 'error' ) LEVEL_AS_INT=1 ;;
|
||||||
|
( * ) LEVEL_AS_INT=3 ;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
case "${1}" in
|
||||||
|
( 'trace' )
|
||||||
|
[[ ${LEVEL_AS_INT} -ge 5 ]] || return 0
|
||||||
|
MESSAGE+=" ${LOG_LGRAY}TRACE "
|
||||||
|
;;
|
||||||
|
|
||||||
|
( 'debug' )
|
||||||
|
[[ ${LEVEL_AS_INT} -ge 4 ]] || return 0
|
||||||
|
MESSAGE+=" ${LOG_LBLUE}DEBUG "
|
||||||
|
;;
|
||||||
|
|
||||||
|
( 'info' )
|
||||||
|
[[ ${LEVEL_AS_INT} -ge 3 ]] || return 0
|
||||||
|
MESSAGE+=" ${LOG_BLUE}INF "
|
||||||
|
;;
|
||||||
|
|
||||||
|
( 'warn' )
|
||||||
|
[[ ${LEVEL_AS_INT} -ge 2 ]] || return 0
|
||||||
|
MESSAGE+=" ${LOG_LYELLOW}WARNING "
|
||||||
|
;;
|
||||||
|
|
||||||
|
( 'error' )
|
||||||
|
[[ ${LEVEL_AS_INT} -ge 1 ]] || return 0
|
||||||
|
MESSAGE+=" ${LOG_RED}ERROR " ;;
|
||||||
|
|
||||||
|
( * )
|
||||||
|
echo "Call to '_log' with invalid log level argument '${1}'" >&2
|
||||||
|
return 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
MESSAGE+="${LOG_RESET}] ${2}"
|
||||||
|
|
||||||
|
if [[ ${1} =~ ^(warn|error)$ ]]
|
||||||
|
then
|
||||||
|
echo -e "${MESSAGE}" >&2
|
||||||
|
else
|
||||||
|
echo -e "${MESSAGE}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# Still used by `check-for-changes.sh` for legacy / test purposes. Adjusting
|
||||||
|
# `check-for-changes.sh` must be done with great care and requires some effort.
|
||||||
|
# As a consequence, this function is kept to keep some of the original log for
|
||||||
|
# `check-for-changes.sh` for tests to pass.
|
||||||
function _notify
|
function _notify
|
||||||
{
|
{
|
||||||
{ [[ -z ${1:-} ]] || [[ -z ${2:-} ]] ; } && return 0
|
{ [[ -z ${1:-} ]] || [[ -z ${2:-} ]] ; } && return 0
|
||||||
|
|
|
@ -17,13 +17,13 @@ function _relayhost_sasl
|
||||||
{
|
{
|
||||||
if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]]
|
if [[ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]] && [[ -z ${RELAY_USER} || -z ${RELAY_PASSWORD} ]]
|
||||||
then
|
then
|
||||||
_notify 'warn' "No relay auth file found and no default set"
|
_log 'warn' "No relay auth file found and no default set"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]]
|
if [[ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Adding relay authentication from postfix-sasl-password.cf"
|
_log 'trace' "Adding relay authentication from postfix-sasl-password.cf"
|
||||||
|
|
||||||
# add domain-specific auth from config file:
|
# add domain-specific auth from config file:
|
||||||
while read -r LINE
|
while read -r LINE
|
||||||
|
@ -60,7 +60,7 @@ function _populate_relayhost_map
|
||||||
|
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-relaymap.cf ]]
|
if [[ -f /tmp/docker-mailserver/postfix-relaymap.cf ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Adding relay mappings from postfix-relaymap.cf"
|
_log 'trace' "Adding relay mappings from postfix-relaymap.cf"
|
||||||
# keep lines which are not a comment *and* have a destination.
|
# keep lines which are not a comment *and* have a destination.
|
||||||
sed -n '/^\s*[^#[:space:]]\S*\s\+\S/p' /tmp/docker-mailserver/postfix-relaymap.cf >> /etc/postfix/relayhost_map
|
sed -n '/^\s*[^#[:space:]]\S*\s\+\S/p' /tmp/docker-mailserver/postfix-relaymap.cf >> /etc/postfix/relayhost_map
|
||||||
fi
|
fi
|
||||||
|
@ -75,7 +75,7 @@ function _populate_relayhost_map
|
||||||
# DOMAIN not already present *and* not ignored
|
# DOMAIN not already present *and* not ignored
|
||||||
if ! grep -q -e "^@${DOMAIN}\b" /etc/postfix/relayhost_map && ! grep -qs -e "^\s*@${DOMAIN}\s*$" /tmp/docker-mailserver/postfix-relaymap.cf
|
if ! grep -q -e "^@${DOMAIN}\b" /etc/postfix/relayhost_map && ! grep -qs -e "^\s*@${DOMAIN}\s*$" /tmp/docker-mailserver/postfix-relaymap.cf
|
||||||
then
|
then
|
||||||
_notify 'inf' "Adding relay mapping for ${DOMAIN}"
|
_log 'trace' "Adding relay mapping for ${DOMAIN}"
|
||||||
echo "@${DOMAIN} [${RELAY_HOST}]:${RELAY_PORT}" >> /etc/postfix/relayhost_map
|
echo "@${DOMAIN} [${RELAY_HOST}]:${RELAY_PORT}" >> /etc/postfix/relayhost_map
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
@ -96,18 +96,18 @@ function _relayhost_configure_postfix
|
||||||
|
|
||||||
function _setup_relayhost
|
function _setup_relayhost
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Postfix Relay Hosts'
|
_log 'debug' 'Setting up Postfix Relay Hosts'
|
||||||
|
|
||||||
if [[ -n ${DEFAULT_RELAY_HOST} ]]
|
if [[ -n ${DEFAULT_RELAY_HOST} ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Setting default relay host ${DEFAULT_RELAY_HOST} to /etc/postfix/main.cf"
|
_log 'trace' "Setting default relay host ${DEFAULT_RELAY_HOST} to /etc/postfix/main.cf"
|
||||||
postconf -e "relayhost = ${DEFAULT_RELAY_HOST}"
|
postconf -e "relayhost = ${DEFAULT_RELAY_HOST}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -n ${RELAY_HOST} ]]
|
if [[ -n ${RELAY_HOST} ]]
|
||||||
then
|
then
|
||||||
_relayhost_default_port_fallback
|
_relayhost_default_port_fallback
|
||||||
_notify 'inf' "Setting up outgoing email relaying via ${RELAY_HOST}:${RELAY_PORT}"
|
_log 'trace' "Setting up outgoing email relaying via ${RELAY_HOST}:${RELAY_PORT}"
|
||||||
|
|
||||||
# Expects `_sasl_passwd_create` was called prior in `setup-stack.sh`
|
# Expects `_sasl_passwd_create` was called prior in `setup-stack.sh`
|
||||||
_relayhost_sasl
|
_relayhost_sasl
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
function _setup_ssl
|
function _setup_ssl
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up SSL'
|
_log 'debug' 'Setting up SSL'
|
||||||
|
|
||||||
local POSTFIX_CONFIG_MAIN='/etc/postfix/main.cf'
|
local POSTFIX_CONFIG_MAIN='/etc/postfix/main.cf'
|
||||||
local POSTFIX_CONFIG_MASTER='/etc/postfix/master.cf'
|
local POSTFIX_CONFIG_MASTER='/etc/postfix/master.cf'
|
||||||
|
@ -116,10 +116,10 @@ function _setup_ssl
|
||||||
then
|
then
|
||||||
EXTRACTED_DOMAIN=('DOMAINNAME' "${DOMAINNAME}")
|
EXTRACTED_DOMAIN=('DOMAINNAME' "${DOMAINNAME}")
|
||||||
else
|
else
|
||||||
_notify 'err' "'setup-stack.sh' | letsencrypt (acme.json) failed to identify a certificate to extract"
|
_log 'warn' "letsencrypt (acme.json) failed to identify a certificate to extract"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_notify 'inf' "'setup-stack.sh' | letsencrypt (acme.json) extracted certificate using ${EXTRACTED_DOMAIN[0]}: '${EXTRACTED_DOMAIN[1]}'"
|
_log 'trace' "letsencrypt (acme.json) extracted certificate using ${EXTRACTED_DOMAIN[0]}: '${EXTRACTED_DOMAIN[1]}'"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -132,7 +132,7 @@ function _setup_ssl
|
||||||
|
|
||||||
_apply_tls_level "${TLS_MODERN_SUITE}" "${TLS_MODERN_IGNORE}" "${TLS_MODERN_MIN}"
|
_apply_tls_level "${TLS_MODERN_SUITE}" "${TLS_MODERN_IGNORE}" "${TLS_MODERN_MIN}"
|
||||||
|
|
||||||
_notify 'inf' "TLS configured with 'modern' ciphers"
|
_log 'debug' "TLS configured with 'modern' ciphers"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( "intermediate" )
|
( "intermediate" )
|
||||||
|
@ -154,11 +154,11 @@ function _setup_ssl
|
||||||
-e 's|^(CipherString).*|\1 = DEFAULT@SECLEVEL=1|' \
|
-e 's|^(CipherString).*|\1 = DEFAULT@SECLEVEL=1|' \
|
||||||
/usr/lib/ssl/openssl.cnf
|
/usr/lib/ssl/openssl.cnf
|
||||||
|
|
||||||
_notify 'inf' "TLS configured with 'intermediate' ciphers"
|
_log 'debug' "TLS configured with 'intermediate' ciphers"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'err' "TLS_LEVEL not found [ in ${FUNCNAME[0]} ]"
|
_log 'warn' "TLS_LEVEL '${TLS_LEVEL}' not valid"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
esac
|
esac
|
||||||
|
@ -169,7 +169,7 @@ function _setup_ssl
|
||||||
# NOTE: Some `SSL_TYPE` logic uses mounted certs/keys directly, some make an internal copy either retaining filename or renaming.
|
# NOTE: Some `SSL_TYPE` logic uses mounted certs/keys directly, some make an internal copy either retaining filename or renaming.
|
||||||
case "${SSL_TYPE}" in
|
case "${SSL_TYPE}" in
|
||||||
( "letsencrypt" )
|
( "letsencrypt" )
|
||||||
_notify 'inf' "Configuring SSL using 'letsencrypt'"
|
_log 'debug' "Configuring SSL using 'letsencrypt'"
|
||||||
|
|
||||||
# `docker-mailserver` will only use one certificate from an FQDN folder in `/etc/letsencrypt/live/`.
|
# `docker-mailserver` will only use one certificate from an FQDN folder in `/etc/letsencrypt/live/`.
|
||||||
# We iterate the sequence [SSL_DOMAIN, HOSTNAME, DOMAINNAME] to find a matching FQDN folder.
|
# We iterate the sequence [SSL_DOMAIN, HOSTNAME, DOMAINNAME] to find a matching FQDN folder.
|
||||||
|
@ -200,7 +200,7 @@ function _setup_ssl
|
||||||
then
|
then
|
||||||
LETSENCRYPT_DOMAIN=${DOMAINNAME}
|
LETSENCRYPT_DOMAIN=${DOMAINNAME}
|
||||||
else
|
else
|
||||||
_notify 'err' "Cannot find a valid DOMAIN for '/etc/letsencrypt/live/<DOMAIN>/', tried: '${SSL_DOMAIN}', '${HOSTNAME}', '${DOMAINNAME}'"
|
_log 'warn' "Cannot find a valid DOMAIN for '/etc/letsencrypt/live/<DOMAIN>/', tried: '${SSL_DOMAIN}', '${HOSTNAME}', '${DOMAINNAME}'"
|
||||||
dms_panic__misconfigured 'LETSENCRYPT_DOMAIN' "${SCOPE_SSL_TYPE}"
|
dms_panic__misconfigured 'LETSENCRYPT_DOMAIN' "${SCOPE_SSL_TYPE}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
@ -213,13 +213,13 @@ function _setup_ssl
|
||||||
then
|
then
|
||||||
LETSENCRYPT_KEY='key'
|
LETSENCRYPT_KEY='key'
|
||||||
else
|
else
|
||||||
_notify 'err' "Cannot find key file ('privkey.pem' or 'key.pem') in '/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN}/'"
|
_log 'warn' "Cannot find key file ('privkey.pem' or 'key.pem') in '/etc/letsencrypt/live/${LETSENCRYPT_DOMAIN}/'"
|
||||||
dms_panic__misconfigured 'LETSENCRYPT_KEY' "${SCOPE_SSL_TYPE}"
|
dms_panic__misconfigured 'LETSENCRYPT_KEY' "${SCOPE_SSL_TYPE}"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Update relevant config for Postfix and Dovecot
|
# Update relevant config for Postfix and Dovecot
|
||||||
_notify 'inf' "Adding ${LETSENCRYPT_DOMAIN} SSL certificate to the postfix and dovecot configuration"
|
_log 'trace' "Adding ${LETSENCRYPT_DOMAIN} SSL certificate to the postfix and dovecot configuration"
|
||||||
|
|
||||||
# LetsEncrypt `fullchain.pem` and `privkey.pem` contents are detailed here from CertBot:
|
# LetsEncrypt `fullchain.pem` and `privkey.pem` contents are detailed here from CertBot:
|
||||||
# https://certbot.eff.org/docs/using.html#where-are-my-certificates
|
# https://certbot.eff.org/docs/using.html#where-are-my-certificates
|
||||||
|
@ -230,11 +230,11 @@ function _setup_ssl
|
||||||
|
|
||||||
_set_certificate "${PRIVATE_KEY}" "${CERT_CHAIN}"
|
_set_certificate "${PRIVATE_KEY}" "${CERT_CHAIN}"
|
||||||
|
|
||||||
_notify 'inf' "SSL configured with 'letsencrypt' certificates"
|
_log 'trace' "SSL configured with 'letsencrypt' certificates"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( "custom" ) # (hard-coded path) Use a private key with full certificate chain all in a single PEM file.
|
( "custom" ) # (hard-coded path) Use a private key with full certificate chain all in a single PEM file.
|
||||||
_notify 'inf' "Adding ${HOSTNAME} SSL certificate"
|
_log 'debug' "Adding ${HOSTNAME} SSL certificate"
|
||||||
|
|
||||||
# NOTE: Dovecot works fine still as both values are bundled into the keychain
|
# NOTE: Dovecot works fine still as both values are bundled into the keychain
|
||||||
local COMBINED_PEM_NAME="${HOSTNAME}-full.pem"
|
local COMBINED_PEM_NAME="${HOSTNAME}-full.pem"
|
||||||
|
@ -248,14 +248,14 @@ function _setup_ssl
|
||||||
|
|
||||||
_set_certificate "${KEY_WITH_FULLCHAIN}"
|
_set_certificate "${KEY_WITH_FULLCHAIN}"
|
||||||
|
|
||||||
_notify 'inf' "SSL configured with 'CA signed/custom' certificates"
|
_log 'trace' "SSL configured with 'CA signed/custom' certificates"
|
||||||
else
|
else
|
||||||
dms_panic__no_file "${TMP_KEY_WITH_FULLCHAIN}" "${SCOPE_SSL_TYPE}"
|
dms_panic__no_file "${TMP_KEY_WITH_FULLCHAIN}" "${SCOPE_SSL_TYPE}"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( "manual" ) # (dynamic path via ENV) Use separate private key and cert/chain files (should be PEM encoded)
|
( "manual" ) # (dynamic path via ENV) Use separate private key and cert/chain files (should be PEM encoded)
|
||||||
_notify 'inf' "Configuring certificates using key ${SSL_KEY_PATH} and cert ${SSL_CERT_PATH}"
|
_log 'debug' "Configuring certificates using key ${SSL_KEY_PATH} and cert ${SSL_CERT_PATH}"
|
||||||
|
|
||||||
# Source files are copied internally to these destinations:
|
# Source files are copied internally to these destinations:
|
||||||
local PRIVATE_KEY="${DMS_TLS_PATH}/key"
|
local PRIVATE_KEY="${DMS_TLS_PATH}/key"
|
||||||
|
@ -287,7 +287,7 @@ function _setup_ssl
|
||||||
# Support for a fallback certificate, useful for hybrid/dual ECDSA + RSA certs
|
# Support for a fallback certificate, useful for hybrid/dual ECDSA + RSA certs
|
||||||
if [[ -n ${SSL_ALT_KEY_PATH} ]] && [[ -n ${SSL_ALT_CERT_PATH} ]]
|
if [[ -n ${SSL_ALT_KEY_PATH} ]] && [[ -n ${SSL_ALT_CERT_PATH} ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Configuring fallback certificates using key ${SSL_ALT_KEY_PATH} and cert ${SSL_ALT_CERT_PATH}"
|
_log 'trace' "Configuring fallback certificates using key ${SSL_ALT_KEY_PATH} and cert ${SSL_ALT_CERT_PATH}"
|
||||||
|
|
||||||
_set_alt_certificate "${SSL_ALT_KEY_PATH}" "${SSL_ALT_CERT_PATH}"
|
_set_alt_certificate "${SSL_ALT_KEY_PATH}" "${SSL_ALT_CERT_PATH}"
|
||||||
else
|
else
|
||||||
|
@ -299,14 +299,14 @@ function _setup_ssl
|
||||||
"${DOVECOT_CONFIG_SSL}"
|
"${DOVECOT_CONFIG_SSL}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_notify 'inf' "SSL configured with 'Manual' certificates"
|
_log 'trace' "SSL configured with 'Manual' certificates"
|
||||||
else
|
else
|
||||||
dms_panic__no_file "${SSL_KEY_PATH} or ${SSL_CERT_PATH}" "${SCOPE_SSL_TYPE}"
|
dms_panic__no_file "${SSL_KEY_PATH} or ${SSL_CERT_PATH}" "${SCOPE_SSL_TYPE}"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( "self-signed" ) # (hard-coded path) Use separate private key and cert/chain files (should be PEM encoded), expects self-signed CA
|
( "self-signed" ) # (hard-coded path) Use separate private key and cert/chain files (should be PEM encoded), expects self-signed CA
|
||||||
_notify 'inf' "Adding ${HOSTNAME} SSL certificate"
|
_log 'debug' "Adding ${HOSTNAME} SSL certificate"
|
||||||
|
|
||||||
local KEY_NAME="${HOSTNAME}-key.pem"
|
local KEY_NAME="${HOSTNAME}-key.pem"
|
||||||
local CERT_NAME="${HOSTNAME}-cert.pem"
|
local CERT_NAME="${HOSTNAME}-cert.pem"
|
||||||
|
@ -344,14 +344,14 @@ function _setup_ssl
|
||||||
local PRIVATE_CA="/etc/ssl/certs/cacert-${HOSTNAME}.pem"
|
local PRIVATE_CA="/etc/ssl/certs/cacert-${HOSTNAME}.pem"
|
||||||
ln -s "${CA_CERT}" "${PRIVATE_CA}"
|
ln -s "${CA_CERT}" "${PRIVATE_CA}"
|
||||||
|
|
||||||
_notify 'inf' "SSL configured with 'self-signed' certificates"
|
_log 'trace' "SSL configured with 'self-signed' certificates"
|
||||||
else
|
else
|
||||||
dms_panic__no_file "${SS_KEY} or ${SS_CERT}" "${SCOPE_SSL_TYPE}"
|
dms_panic__no_file "${SS_KEY} or ${SS_CERT}" "${SCOPE_SSL_TYPE}"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( '' ) # No SSL/TLS certificate used/required, plaintext auth permitted over insecure connections
|
( '' ) # No SSL/TLS certificate used/required, plaintext auth permitted over insecure connections
|
||||||
_notify 'warn' "(INSECURE!) SSL configured with plain text access. DO NOT USE FOR PRODUCTION DEPLOYMENT."
|
_log 'warn' "(INSECURE!) SSL configured with plain text access. DO NOT USE FOR PRODUCTION DEPLOYMENT."
|
||||||
# Untested. Not officially supported.
|
# Untested. Not officially supported.
|
||||||
|
|
||||||
# Postfix configuration:
|
# Postfix configuration:
|
||||||
|
@ -413,7 +413,7 @@ function _extract_certs_from_acme
|
||||||
local CERT_DOMAIN=${1}
|
local CERT_DOMAIN=${1}
|
||||||
if [[ -z ${CERT_DOMAIN} ]]
|
if [[ -z ${CERT_DOMAIN} ]]
|
||||||
then
|
then
|
||||||
_notify 'err' "_extract_certs_from_acme | CERT_DOMAIN is empty"
|
_log 'warn' "_extract_certs_from_acme | CERT_DOMAIN is empty"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -423,7 +423,7 @@ function _extract_certs_from_acme
|
||||||
|
|
||||||
if [[ -z ${KEY} ]] || [[ -z ${CERT} ]]
|
if [[ -z ${KEY} ]] || [[ -z ${CERT} ]]
|
||||||
then
|
then
|
||||||
_notify 'warn' "_extract_certs_from_acme | Unable to find key and/or cert for '${CERT_DOMAIN}' in '/etc/letsencrypt/acme.json'"
|
_log 'warn' "_extract_certs_from_acme | Unable to find key and/or cert for '${CERT_DOMAIN}' in '/etc/letsencrypt/acme.json'"
|
||||||
return 1
|
return 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -438,7 +438,7 @@ function _extract_certs_from_acme
|
||||||
echo "${KEY}" | base64 -d > "/etc/letsencrypt/live/${CERT_DOMAIN}/key.pem" || exit 1
|
echo "${KEY}" | base64 -d > "/etc/letsencrypt/live/${CERT_DOMAIN}/key.pem" || exit 1
|
||||||
echo "${CERT}" | base64 -d > "/etc/letsencrypt/live/${CERT_DOMAIN}/fullchain.pem" || exit 1
|
echo "${CERT}" | base64 -d > "/etc/letsencrypt/live/${CERT_DOMAIN}/fullchain.pem" || exit 1
|
||||||
|
|
||||||
_notify 'inf' "_extract_certs_from_acme | Certificate successfully extracted for '${CERT_DOMAIN}'"
|
_log 'trace' "_extract_certs_from_acme | Certificate successfully extracted for '${CERT_DOMAIN}'"
|
||||||
}
|
}
|
||||||
|
|
||||||
# Remove the `*.` prefix if it exists, else returns the input value
|
# Remove the `*.` prefix if it exists, else returns the input value
|
||||||
|
|
|
@ -46,6 +46,7 @@ VARS[FAIL2BAN_BLOCKTYPE]="${FAIL2BAN_BLOCKTYPE:=drop}"
|
||||||
VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}"
|
VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}"
|
||||||
VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}"
|
VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}"
|
||||||
VARS[LDAP_START_TLS]="${LDAP_START_TLS:=no}"
|
VARS[LDAP_START_TLS]="${LDAP_START_TLS:=no}"
|
||||||
|
VARS[LOG_LEVEL]="${LOG_LEVEL:=info}"
|
||||||
VARS[LOGROTATE_INTERVAL]="${LOGROTATE_INTERVAL:=weekly}"
|
VARS[LOGROTATE_INTERVAL]="${LOGROTATE_INTERVAL:=weekly}"
|
||||||
VARS[LOGWATCH_INTERVAL]="${LOGWATCH_INTERVAL:=none}"
|
VARS[LOGWATCH_INTERVAL]="${LOGWATCH_INTERVAL:=none}"
|
||||||
VARS[LOGWATCH_RECIPIENT]="${LOGWATCH_RECIPIENT:=${REPORT_RECIPIENT}}"
|
VARS[LOGWATCH_RECIPIENT]="${LOGWATCH_RECIPIENT:=${REPORT_RECIPIENT}}"
|
||||||
|
@ -89,12 +90,13 @@ VARS[VIRUSMAILS_DELETE_DELAY]="${VIRUSMAILS_DELETE_DELAY:=7}"
|
||||||
|
|
||||||
function register_functions
|
function register_functions
|
||||||
{
|
{
|
||||||
_notify 'tasklog' 'Initializing setup'
|
_log 'info' 'Initializing setup'
|
||||||
_notify 'task' 'Registering functions'
|
_log 'debug' 'Registering functions'
|
||||||
|
|
||||||
# ? >> Checks
|
# ? >> Checks
|
||||||
|
|
||||||
_register_check_function '_check_hostname'
|
_register_check_function '_check_hostname'
|
||||||
|
_register_check_function '_check_log_level'
|
||||||
|
|
||||||
# ? >> Setup
|
# ? >> Setup
|
||||||
|
|
||||||
|
@ -201,31 +203,31 @@ function register_functions
|
||||||
function _register_start_daemon
|
function _register_start_daemon
|
||||||
{
|
{
|
||||||
DAEMONS_START+=("${1}")
|
DAEMONS_START+=("${1}")
|
||||||
_notify 'inf' "${1}() registered"
|
_log 'trace' "${1}() registered"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _register_setup_function
|
function _register_setup_function
|
||||||
{
|
{
|
||||||
FUNCS_SETUP+=("${1}")
|
FUNCS_SETUP+=("${1}")
|
||||||
_notify 'inf' "${1}() registered"
|
_log 'trace' "${1}() registered"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _register_fix_function
|
function _register_fix_function
|
||||||
{
|
{
|
||||||
FUNCS_FIX+=("${1}")
|
FUNCS_FIX+=("${1}")
|
||||||
_notify 'inf' "${1}() registered"
|
_log 'trace' "${1}() registered"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _register_check_function
|
function _register_check_function
|
||||||
{
|
{
|
||||||
FUNCS_CHECK+=("${1}")
|
FUNCS_CHECK+=("${1}")
|
||||||
_notify 'inf' "${1}() registered"
|
_log 'trace' "${1}() registered"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _register_misc_function
|
function _register_misc_function
|
||||||
{
|
{
|
||||||
FUNCS_MISC+=("${1}")
|
FUNCS_MISC+=("${1}")
|
||||||
_notify 'inf' "${1}() registered"
|
_log 'trace' "${1}() registered"
|
||||||
}
|
}
|
||||||
|
|
||||||
# ------------------------------------------------------------
|
# ------------------------------------------------------------
|
||||||
|
@ -260,12 +262,12 @@ source /usr/local/bin/daemons-stack.sh
|
||||||
# ? >> Executing all stacks
|
# ? >> Executing all stacks
|
||||||
# ------------------------------------------------------------
|
# ------------------------------------------------------------
|
||||||
|
|
||||||
_notify 'tasklog' "Welcome to docker-mailserver $(</VERSION)"
|
_log 'info' "Welcome to docker-mailserver $(</VERSION)"
|
||||||
|
|
||||||
register_functions
|
register_functions
|
||||||
check
|
check
|
||||||
setup
|
setup
|
||||||
[[ ${DMS_DEBUG} -eq 1 ]] && print-environment
|
[[ ${LOG_LEVEL} =~ (debug|trace) ]] && print-environment
|
||||||
fix
|
fix
|
||||||
start_misc
|
start_misc
|
||||||
start_daemons
|
start_daemons
|
||||||
|
@ -273,7 +275,7 @@ start_daemons
|
||||||
# marker to check, if container was restarted
|
# marker to check, if container was restarted
|
||||||
date >/CONTAINER_START
|
date >/CONTAINER_START
|
||||||
|
|
||||||
_notify 'tasklog' "${HOSTNAME} is up and running"
|
_log 'info' "${HOSTNAME} is up and running"
|
||||||
|
|
||||||
touch /var/log/mail/mail.log
|
touch /var/log/mail/mail.log
|
||||||
tail -Fn 0 /var/log/mail/mail.log
|
tail -Fn 0 /var/log/mail/mail.log
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
function check
|
function check
|
||||||
{
|
{
|
||||||
_notify 'tasklog' 'Checking configuration'
|
_log 'info' 'Checking configuration'
|
||||||
for FUNC in "${FUNCS_CHECK[@]}"
|
for FUNC in "${FUNCS_CHECK[@]}"
|
||||||
do
|
do
|
||||||
${FUNC}
|
${FUNC}
|
||||||
|
@ -11,10 +11,10 @@ function check
|
||||||
|
|
||||||
function _check_hostname
|
function _check_hostname
|
||||||
{
|
{
|
||||||
_notify 'task' 'Checking that hostname/domainname is provided or overridden'
|
_log 'debug' 'Checking that hostname/domainname is provided or overridden'
|
||||||
|
|
||||||
_notify 'inf' "Domain has been set to ${DOMAINNAME}"
|
_log 'debug' "Domain has been set to ${DOMAINNAME}"
|
||||||
_notify 'inf' "Hostname has been set to ${HOSTNAME}"
|
_log 'debug' "Hostname has been set to ${HOSTNAME}"
|
||||||
|
|
||||||
# HOSTNAME should be an FQDN (eg: hostname.domain)
|
# HOSTNAME should be an FQDN (eg: hostname.domain)
|
||||||
if ! grep -q -E '^(\S+[.]\S+)$' <<< "${HOSTNAME}"
|
if ! grep -q -E '^(\S+[.]\S+)$' <<< "${HOSTNAME}"
|
||||||
|
@ -22,3 +22,23 @@ function _check_hostname
|
||||||
_shutdown 'Setting hostname/domainname is required'
|
_shutdown 'Setting hostname/domainname is required'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _check_log_level
|
||||||
|
{
|
||||||
|
if [[ ${LOG_LEVEL} == 'trace' ]] \
|
||||||
|
|| [[ ${LOG_LEVEL} == 'debug' ]] \
|
||||||
|
|| [[ ${LOG_LEVEL} == 'info' ]] \
|
||||||
|
|| [[ ${LOG_LEVEL} == 'warn' ]] \
|
||||||
|
|| [[ ${LOG_LEVEL} == 'error' ]]
|
||||||
|
then
|
||||||
|
return 0
|
||||||
|
else
|
||||||
|
local DEFAULT_LOG_LEVEL='info'
|
||||||
|
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
VARS[LOG_LEVEL]="${DEFAULT_LOG_LEVEL}"
|
||||||
|
LOG_LEVEL="${DEFAULT_LOG_LEVEL}"
|
||||||
|
|
||||||
|
_log 'warn' "Log level '${LOG_LEVEL}' is invalid (falling back to default '${DEFAULT_LOG_LEVEL}')"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
function start_daemons
|
function start_daemons
|
||||||
{
|
{
|
||||||
_notify 'tasklog' 'Starting daemons & mail server'
|
_log 'info' 'Starting daemons & mail server'
|
||||||
for FUNC in "${DAEMONS_START[@]}"
|
for FUNC in "${DAEMONS_START[@]}"
|
||||||
do
|
do
|
||||||
${FUNC}
|
${FUNC}
|
||||||
|
@ -11,25 +11,25 @@ function start_daemons
|
||||||
|
|
||||||
function _start_daemons_cron
|
function _start_daemons_cron
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting cron'
|
_log 'debug' 'Starting cron'
|
||||||
supervisorctl start cron || dms_panic__fail_init 'cron'
|
supervisorctl start cron || dms_panic__fail_init 'cron'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_rsyslog
|
function _start_daemons_rsyslog
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting rsyslog'
|
_log 'debug' 'Starting rsyslog'
|
||||||
supervisorctl start rsyslog || dms_panic__fail_init 'rsyslog'
|
supervisorctl start rsyslog || dms_panic__fail_init 'rsyslog'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_saslauthd
|
function _start_daemons_saslauthd
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting saslauthd'
|
_log 'debug' 'Starting saslauthd'
|
||||||
supervisorctl start "saslauthd_${SASLAUTHD_MECHANISMS}" || dms_panic__fail_init 'saslauthd'
|
supervisorctl start "saslauthd_${SASLAUTHD_MECHANISMS}" || dms_panic__fail_init 'saslauthd'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_fail2ban
|
function _start_daemons_fail2ban
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting Fail2ban'
|
_log 'debug' 'Starting Fail2ban'
|
||||||
touch /var/log/auth.log
|
touch /var/log/auth.log
|
||||||
|
|
||||||
# delete fail2ban.sock that probably was left here after container restart
|
# delete fail2ban.sock that probably was left here after container restart
|
||||||
|
@ -43,35 +43,35 @@ function _start_daemons_fail2ban
|
||||||
|
|
||||||
function _start_daemons_opendkim
|
function _start_daemons_opendkim
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting opendkim'
|
_log 'debug' 'Starting opendkim'
|
||||||
supervisorctl start opendkim || dms_panic__fail_init 'opendkim'
|
supervisorctl start opendkim || dms_panic__fail_init 'opendkim'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_opendmarc
|
function _start_daemons_opendmarc
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting opendmarc'
|
_log 'debug' 'Starting opendmarc'
|
||||||
supervisorctl start opendmarc || dms_panic__fail_init 'opendmarc'
|
supervisorctl start opendmarc || dms_panic__fail_init 'opendmarc'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_postsrsd
|
function _start_daemons_postsrsd
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting postsrsd'
|
_log 'debug' 'Starting postsrsd'
|
||||||
supervisorctl start postsrsd || dms_panic__fail_init 'postsrsd'
|
supervisorctl start postsrsd || dms_panic__fail_init 'postsrsd'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_postfix
|
function _start_daemons_postfix
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting postfix'
|
_log 'debug' 'Starting postfix'
|
||||||
supervisorctl start postfix || dms_panic__fail_init 'postfix'
|
supervisorctl start postfix || dms_panic__fail_init 'postfix'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_dovecot
|
function _start_daemons_dovecot
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting dovecot services'
|
_log 'debug' 'Starting dovecot services'
|
||||||
|
|
||||||
if [[ ${ENABLE_POP3} -eq 1 ]]
|
if [[ ${ENABLE_POP3} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'task' 'Starting pop3 services'
|
_log 'debug' 'Starting pop3 services'
|
||||||
mv /etc/dovecot/protocols.d/pop3d.protocol.disab \
|
mv /etc/dovecot/protocols.d/pop3d.protocol.disab \
|
||||||
/etc/dovecot/protocols.d/pop3d.protocol
|
/etc/dovecot/protocols.d/pop3d.protocol
|
||||||
fi
|
fi
|
||||||
|
@ -86,7 +86,7 @@ function _start_daemons_dovecot
|
||||||
|
|
||||||
function _start_daemons_fetchmail
|
function _start_daemons_fetchmail
|
||||||
{
|
{
|
||||||
_notify 'task' 'Preparing fetchmail config'
|
_log 'debug' 'Preparing fetchmail config'
|
||||||
/usr/local/bin/setup-fetchmail
|
/usr/local/bin/setup-fetchmail
|
||||||
|
|
||||||
if [[ ${FETCHMAIL_PARALLEL} -eq 1 ]]
|
if [[ ${FETCHMAIL_PARALLEL} -eq 1 ]]
|
||||||
|
@ -119,42 +119,42 @@ EOF
|
||||||
for _ in /etc/fetchmailrc.d/fetchmail-*.rc
|
for _ in /etc/fetchmailrc.d/fetchmail-*.rc
|
||||||
do
|
do
|
||||||
COUNTER=$(( COUNTER + 1 ))
|
COUNTER=$(( COUNTER + 1 ))
|
||||||
_notify 'task' "Starting fetchmail instance ${COUNTER}"
|
_log 'debug' "Starting fetchmail instance ${COUNTER}"
|
||||||
supervisorctl start "fetchmail-${COUNTER}" || _panic__fail_init "fetchmail-${COUNTER}"
|
supervisorctl start "fetchmail-${COUNTER}" || _panic__fail_init "fetchmail-${COUNTER}"
|
||||||
done
|
done
|
||||||
else
|
else
|
||||||
_notify 'task' 'Starting fetchmail'
|
_log 'debug' 'Starting fetchmail'
|
||||||
supervisorctl start fetchmail || dms_panic__fail_init 'fetchmail'
|
supervisorctl start fetchmail || dms_panic__fail_init 'fetchmail'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_clamav
|
function _start_daemons_clamav
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting ClamAV'
|
_log 'debug' 'Starting ClamAV'
|
||||||
supervisorctl start clamav || dms_panic__fail_init 'ClamAV'
|
supervisorctl start clamav || dms_panic__fail_init 'ClamAV'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_postgrey
|
function _start_daemons_postgrey
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting postgrey'
|
_log 'debug' 'Starting postgrey'
|
||||||
rm -f /var/run/postgrey/postgrey.pid
|
rm -f /var/run/postgrey/postgrey.pid
|
||||||
supervisorctl start postgrey || dms_panic__fail_init 'postgrey'
|
supervisorctl start postgrey || dms_panic__fail_init 'postgrey'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_amavis
|
function _start_daemons_amavis
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting amavis'
|
_log 'debug' 'Starting amavis'
|
||||||
supervisorctl start amavis || dms_panic__fail_init 'amavis'
|
supervisorctl start amavis || dms_panic__fail_init 'amavis'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_changedetector
|
function _start_changedetector
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting changedetector'
|
_log 'debug' 'Starting changedetector'
|
||||||
supervisorctl start changedetector || dms_panic__fail_init 'changedetector'
|
supervisorctl start changedetector || dms_panic__fail_init 'changedetector'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _start_daemons_update_check
|
function _start_daemons_update_check
|
||||||
{
|
{
|
||||||
_notify 'task' 'Starting update-check'
|
_log 'debug' 'Starting update-check'
|
||||||
supervisorctl start update-check || dms_panic__fail_init 'update-check'
|
supervisorctl start update-check || dms_panic__fail_init 'update-check'
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,28 +2,28 @@
|
||||||
|
|
||||||
function fix
|
function fix
|
||||||
{
|
{
|
||||||
_notify 'tasklog' 'Post-configuration checks'
|
_log 'info' 'Post-configuration checks'
|
||||||
for FUNC in "${FUNCS_FIX[@]}"
|
for FUNC in "${FUNCS_FIX[@]}"
|
||||||
do
|
do
|
||||||
${FUNC}
|
${FUNC}
|
||||||
done
|
done
|
||||||
|
|
||||||
_notify 'inf' 'Removing leftover PID files from a stop/start'
|
_log 'trace' 'Removing leftover PID files from a stop/start'
|
||||||
find /var/run/ -not -name 'supervisord.pid' -name '*.pid' -delete
|
find /var/run/ -not -name 'supervisord.pid' -name '*.pid' -delete
|
||||||
touch /dev/shm/supervisor.sock
|
touch /dev/shm/supervisor.sock
|
||||||
}
|
}
|
||||||
|
|
||||||
function _fix_var_mail_permissions
|
function _fix_var_mail_permissions
|
||||||
{
|
{
|
||||||
_notify 'task' 'Checking /var/mail permissions'
|
_log 'debug' 'Checking /var/mail permissions'
|
||||||
|
|
||||||
# fix permissions, but skip this if 3 levels deep the user id is already set
|
# fix permissions, but skip this if 3 levels deep the user id is already set
|
||||||
if find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | read -r
|
if find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | read -r
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Fixing /var/mail permissions'
|
_log 'trace' 'Fixing /var/mail permissions'
|
||||||
chown -R 5000:5000 /var/mail || _shutdown 'Failed to fix /var/mail permissions'
|
chown -R 5000:5000 /var/mail || _shutdown 'Failed to fix /var/mail permissions'
|
||||||
else
|
else
|
||||||
_notify 'inf' 'Permissions in /var/mail look OK'
|
_log 'trace' 'Permissions in /var/mail look OK'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -33,24 +33,24 @@ function _fix_var_amavis_permissions
|
||||||
[[ ${ONE_DIR} -eq 0 ]] && AMAVIS_STATE_DIR="/var/lib/amavis"
|
[[ ${ONE_DIR} -eq 0 ]] && AMAVIS_STATE_DIR="/var/lib/amavis"
|
||||||
[[ ! -e ${AMAVIS_STATE_DIR} ]] && return 0
|
[[ ! -e ${AMAVIS_STATE_DIR} ]] && return 0
|
||||||
|
|
||||||
_notify 'inf' 'Fixing Amavis permissions'
|
_log 'trace' 'Fixing Amavis permissions'
|
||||||
chown -hR amavis:amavis "${AMAVIS_STATE_DIR}" || _shutdown 'Failed to fix Amavis permissions'
|
chown -hR amavis:amavis "${AMAVIS_STATE_DIR}" || _shutdown 'Failed to fix Amavis permissions'
|
||||||
}
|
}
|
||||||
|
|
||||||
function _fix_cleanup_clamav
|
function _fix_cleanup_clamav
|
||||||
{
|
{
|
||||||
_notify 'task' 'Cleaning up disabled ClamAV'
|
_log 'trace' 'Cleaning up disabled ClamAV'
|
||||||
rm /etc/logrotate.d/clamav-* /etc/cron.d/clamav-freshclam 2>/dev/null || {
|
rm /etc/logrotate.d/clamav-* /etc/cron.d/clamav-freshclam 2>/dev/null || {
|
||||||
# show error only on first container start
|
# show warning only on first container start
|
||||||
[[ ! -f /CONTAINER_START ]] && _notify 'err' 'Failed to remove ClamAV configuration'
|
[[ ! -f /CONTAINER_START ]] && _log 'warn' 'Failed to remove ClamAV configuration'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function _fix_cleanup_spamassassin
|
function _fix_cleanup_spamassassin
|
||||||
{
|
{
|
||||||
_notify 'task' 'Cleaning up disabled SpamAssassin'
|
_log 'trace' 'Cleaning up disabled SpamAssassin'
|
||||||
rm /etc/cron.daily/spamassassin 2>/dev/null || {
|
rm /etc/cron.daily/spamassassin 2>/dev/null || {
|
||||||
# show error only on first container start
|
# show warning only on first container start
|
||||||
[[ ! -f /CONTAINER_START ]] && _notify 'err' 'Failed to remove SpamAssassin configuration'
|
[[ ! -f /CONTAINER_START ]] && _log 'warn' 'Failed to remove SpamAssassin configuration'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
function start_misc
|
function start_misc
|
||||||
{
|
{
|
||||||
_notify 'inf' 'Starting miscellaneous tasks'
|
_log 'info' 'Starting miscellaneous tasks'
|
||||||
for FUNC in "${FUNCS_MISC[@]}"
|
for FUNC in "${FUNCS_MISC[@]}"
|
||||||
do
|
do
|
||||||
${FUNC}
|
${FUNC}
|
||||||
|
@ -19,7 +19,7 @@ function _misc_save_states
|
||||||
|
|
||||||
if [[ ${ONE_DIR} -eq 1 ]] && [[ -d ${STATEDIR} ]]
|
if [[ ${ONE_DIR} -eq 1 ]] && [[ -d ${STATEDIR} ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Consolidating all state onto ${STATEDIR}"
|
_log 'debug' "Consolidating all state onto ${STATEDIR}"
|
||||||
|
|
||||||
FILES=(
|
FILES=(
|
||||||
spool/postfix
|
spool/postfix
|
||||||
|
@ -39,22 +39,22 @@ function _misc_save_states
|
||||||
|
|
||||||
if [[ -d ${DEST} ]]
|
if [[ -d ${DEST} ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Destination ${DEST} exists, linking ${FILE} to it"
|
_log 'trace' "Destination ${DEST} exists, linking ${FILE} to it"
|
||||||
rm -rf "${FILE}"
|
rm -rf "${FILE}"
|
||||||
ln -s "${DEST}" "${FILE}"
|
ln -s "${DEST}" "${FILE}"
|
||||||
elif [[ -d ${FILE} ]]
|
elif [[ -d ${FILE} ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Moving contents of ${FILE} to ${DEST}"
|
_log 'trace' "Moving contents of ${FILE} to ${DEST}"
|
||||||
mv "${FILE}" "${DEST}"
|
mv "${FILE}" "${DEST}"
|
||||||
ln -s "${DEST}" "${FILE}"
|
ln -s "${DEST}" "${FILE}"
|
||||||
else
|
else
|
||||||
_notify 'inf' "Linking ${FILE} to ${DEST}"
|
_log 'trace' "Linking ${FILE} to ${DEST}"
|
||||||
mkdir -p "${DEST}"
|
mkdir -p "${DEST}"
|
||||||
ln -s "${DEST}" "${FILE}"
|
ln -s "${DEST}" "${FILE}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
_notify 'inf' 'Fixing /var/mail-state/* permissions'
|
_log 'trace' 'Fixing /var/mail-state/* permissions'
|
||||||
chown -R clamav /var/mail-state/lib-clamav
|
chown -R clamav /var/mail-state/lib-clamav
|
||||||
chown -R postfix /var/mail-state/lib-postfix
|
chown -R postfix /var/mail-state/lib-postfix
|
||||||
chown -R postgrey /var/mail-state/lib-postgrey
|
chown -R postgrey /var/mail-state/lib-postgrey
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
function setup
|
function setup
|
||||||
{
|
{
|
||||||
_notify 'tasklog' 'Configuring mail server'
|
_log 'info' 'Configuring mail server'
|
||||||
for FUNC in "${FUNCS_SETUP[@]}"
|
for FUNC in "${FUNCS_SETUP[@]}"
|
||||||
do
|
do
|
||||||
${FUNC}
|
${FUNC}
|
||||||
|
@ -28,7 +28,7 @@ function _setup_supervisor
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'err' \
|
_log 'warn' \
|
||||||
"SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'"
|
"SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -40,7 +40,7 @@ function _setup_supervisor
|
||||||
|
|
||||||
function _setup_default_vars
|
function _setup_default_vars
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up default variables'
|
_log 'debug' 'Setting up default variables'
|
||||||
|
|
||||||
: >/root/.bashrc # make DMS variables available in login shells and their subprocesses
|
: >/root/.bashrc # make DMS variables available in login shells and their subprocesses
|
||||||
: >/etc/dms-settings # this file can be sourced by other scripts
|
: >/etc/dms-settings # this file can be sourced by other scripts
|
||||||
|
@ -61,7 +61,7 @@ function _setup_default_vars
|
||||||
# Set the expected values and create missing folders/files just in case.
|
# Set the expected values and create missing folders/files just in case.
|
||||||
function _setup_file_permissions
|
function _setup_file_permissions
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting file/folder permissions'
|
_log 'debug' 'Setting file/folder permissions'
|
||||||
|
|
||||||
mkdir -p /var/log/supervisor
|
mkdir -p /var/log/supervisor
|
||||||
|
|
||||||
|
@ -79,23 +79,23 @@ function _setup_file_permissions
|
||||||
|
|
||||||
function _setup_chksum_file
|
function _setup_chksum_file
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up configuration checksum file'
|
_log 'debug' 'Setting up configuration checksum file'
|
||||||
|
|
||||||
if [[ -d /tmp/docker-mailserver ]]
|
if [[ -d /tmp/docker-mailserver ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Creating ${CHKSUM_FILE}"
|
_log 'trace' "Creating ${CHKSUM_FILE}"
|
||||||
_monitored_files_checksums >"${CHKSUM_FILE}"
|
_monitored_files_checksums >"${CHKSUM_FILE}"
|
||||||
else
|
else
|
||||||
# We could just skip the file, but perhaps config can be added later?
|
# We could just skip the file, but perhaps config can be added later?
|
||||||
# If so it must be processed by the check for changes script
|
# If so it must be processed by the check for changes script
|
||||||
_notify 'inf' "Creating empty ${CHKSUM_FILE} (no config)"
|
_log 'trace' "Creating empty ${CHKSUM_FILE} (no config)"
|
||||||
touch "${CHKSUM_FILE}"
|
touch "${CHKSUM_FILE}"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_mailname
|
function _setup_mailname
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up mailname / creating /etc/mailname'
|
_log 'debug' 'Setting up mailname / creating /etc/mailname'
|
||||||
echo "${DOMAINNAME}" >/etc/mailname
|
echo "${DOMAINNAME}" >/etc/mailname
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -103,21 +103,21 @@ function _setup_amavis
|
||||||
{
|
{
|
||||||
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
|
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'task' 'Setting up Amavis'
|
_log 'debug' 'Setting up Amavis'
|
||||||
sed -i \
|
sed -i \
|
||||||
"s|^#\$myhostname = \"mail.example.com\";|\$myhostname = \"${HOSTNAME}\";|" \
|
"s|^#\$myhostname = \"mail.example.com\";|\$myhostname = \"${HOSTNAME}\";|" \
|
||||||
/etc/amavis/conf.d/05-node_id
|
/etc/amavis/conf.d/05-node_id
|
||||||
else
|
else
|
||||||
_notify 'task' 'Remove Amavis from postfix configuration'
|
_log 'debug' 'Remove Amavis from postfix configuration'
|
||||||
sed -i 's|content_filter =.*|content_filter =|' /etc/postfix/main.cf
|
sed -i 's|content_filter =.*|content_filter =|' /etc/postfix/main.cf
|
||||||
[[ ${ENABLE_CLAMAV} -eq 1 ]] && _notify 'warn' 'ClamAV will not work when Amavis is disabled. Remove ENABLE_AMAVIS=0 from your configuration to fix it.'
|
[[ ${ENABLE_CLAMAV} -eq 1 ]] && _log 'warn' 'ClamAV will not work when Amavis is disabled. Remove ENABLE_AMAVIS=0 from your configuration to fix it.'
|
||||||
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && _notify 'warn' 'Spamassassin will not work when Amavis is disabled. Remove ENABLE_AMAVIS=0 from your configuration to fix it.'
|
[[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && _log 'warn' 'Spamassassin will not work when Amavis is disabled. Remove ENABLE_AMAVIS=0 from your configuration to fix it.'
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_dmarc_hostname
|
function _setup_dmarc_hostname
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up dmarc'
|
_log 'debug' 'Setting up dmarc'
|
||||||
sed -i -e \
|
sed -i -e \
|
||||||
"s|^AuthservID.*$|AuthservID ${HOSTNAME}|g" \
|
"s|^AuthservID.*$|AuthservID ${HOSTNAME}|g" \
|
||||||
-e "s|^TrustedAuthservIDs.*$|TrustedAuthservIDs ${HOSTNAME}|g" \
|
-e "s|^TrustedAuthservIDs.*$|TrustedAuthservIDs ${HOSTNAME}|g" \
|
||||||
|
@ -126,14 +126,14 @@ function _setup_dmarc_hostname
|
||||||
|
|
||||||
function _setup_postfix_hostname
|
function _setup_postfix_hostname
|
||||||
{
|
{
|
||||||
_notify 'task' 'Applying hostname and domainname to Postfix'
|
_log 'debug' 'Applying hostname and domainname to Postfix'
|
||||||
postconf -e "myhostname = ${HOSTNAME}"
|
postconf -e "myhostname = ${HOSTNAME}"
|
||||||
postconf -e "mydomain = ${DOMAINNAME}"
|
postconf -e "mydomain = ${DOMAINNAME}"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_dovecot_hostname
|
function _setup_dovecot_hostname
|
||||||
{
|
{
|
||||||
_notify 'task' 'Applying hostname to Dovecot'
|
_log 'debug' 'Applying hostname to Dovecot'
|
||||||
sed -i \
|
sed -i \
|
||||||
"s|^#hostname =.*$|hostname = '${HOSTNAME}'|g" \
|
"s|^#hostname =.*$|hostname = '${HOSTNAME}'|g" \
|
||||||
/etc/dovecot/conf.d/15-lda.conf
|
/etc/dovecot/conf.d/15-lda.conf
|
||||||
|
@ -141,7 +141,7 @@ function _setup_dovecot_hostname
|
||||||
|
|
||||||
function _setup_dovecot
|
function _setup_dovecot
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Dovecot'
|
_log 'debug' 'Setting up Dovecot'
|
||||||
|
|
||||||
cp -a /usr/share/dovecot/protocols.d /etc/dovecot/
|
cp -a /usr/share/dovecot/protocols.d /etc/dovecot/
|
||||||
# disable pop3 (it will be eventually enabled later in the script, if requested)
|
# disable pop3 (it will be eventually enabled later in the script, if requested)
|
||||||
|
@ -160,19 +160,20 @@ function _setup_dovecot
|
||||||
|
|
||||||
# set mail_location according to mailbox format
|
# set mail_location according to mailbox format
|
||||||
case "${DOVECOT_MAILBOX_FORMAT}" in
|
case "${DOVECOT_MAILBOX_FORMAT}" in
|
||||||
( "sdbox" | "mdbox" )
|
|
||||||
_notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured"
|
( 'sdbox' | 'mdbox' )
|
||||||
|
_log 'trace' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured"
|
||||||
sed -i -e \
|
sed -i -e \
|
||||||
"s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \
|
"s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \
|
||||||
/etc/dovecot/conf.d/10-mail.conf
|
/etc/dovecot/conf.d/10-mail.conf
|
||||||
|
|
||||||
_notify 'inf' 'Enabling cron job for dbox purge'
|
_log 'trace' 'Enabling cron job for dbox purge'
|
||||||
mv /etc/cron.d/dovecot-purge.disabled /etc/cron.d/dovecot-purge
|
mv /etc/cron.d/dovecot-purge.disabled /etc/cron.d/dovecot-purge
|
||||||
chmod 644 /etc/cron.d/dovecot-purge
|
chmod 644 /etc/cron.d/dovecot-purge
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'inf' "Dovecot maildir format configured (default)"
|
_log 'trace' "Dovecot maildir format configured (default)"
|
||||||
sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf
|
sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -182,7 +183,7 @@ function _setup_dovecot
|
||||||
# to the configuration file Dovecot will actually find
|
# to the configuration file Dovecot will actually find
|
||||||
if [[ ${ENABLE_MANAGESIEVE} -eq 1 ]]
|
if [[ ${ENABLE_MANAGESIEVE} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Sieve management enabled'
|
_log 'trace' 'Sieve management enabled'
|
||||||
mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
|
mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -215,7 +216,7 @@ function _setup_dovecot
|
||||||
# sieve will move spams to .Junk folder when SPAMASSASSIN_SPAM_TO_INBOX=1 and MOVE_SPAM_TO_JUNK=1
|
# sieve will move spams to .Junk folder when SPAMASSASSIN_SPAM_TO_INBOX=1 and MOVE_SPAM_TO_JUNK=1
|
||||||
if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]] && [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]
|
if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]] && [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Spam messages will be moved to the Junk folder."
|
_log 'debug' "Spam messages will be moved to the Junk folder."
|
||||||
cp /etc/dovecot/sieve/before/60-spam.sieve /usr/lib/dovecot/sieve-global/before/
|
cp /etc/dovecot/sieve/before/60-spam.sieve /usr/lib/dovecot/sieve-global/before/
|
||||||
sievec /usr/lib/dovecot/sieve-global/before/60-spam.sieve
|
sievec /usr/lib/dovecot/sieve-global/before/60-spam.sieve
|
||||||
else
|
else
|
||||||
|
@ -229,7 +230,7 @@ function _setup_dovecot
|
||||||
|
|
||||||
function _setup_dovecot_quota
|
function _setup_dovecot_quota
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Dovecot quota'
|
_log 'debug' 'Setting up Dovecot quota'
|
||||||
|
|
||||||
# Dovecot quota is disabled when using LDAP or SMTP_ONLY or when explicitly disabled.
|
# Dovecot quota is disabled when using LDAP or SMTP_ONLY or when explicitly disabled.
|
||||||
if [[ ${ENABLE_LDAP} -eq 1 ]] || [[ ${SMTP_ONLY} -eq 1 ]] || [[ ${ENABLE_QUOTAS} -eq 0 ]]
|
if [[ ${ENABLE_LDAP} -eq 1 ]] || [[ ${SMTP_ONLY} -eq 1 ]] || [[ ${ENABLE_QUOTAS} -eq 0 ]]
|
||||||
|
@ -273,7 +274,7 @@ function _setup_dovecot_quota
|
||||||
|
|
||||||
if [[ ! -f /tmp/docker-mailserver/dovecot-quotas.cf ]]
|
if [[ ! -f /tmp/docker-mailserver/dovecot-quotas.cf ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "'/tmp/docker-mailserver/dovecot-quotas.cf' is not provided. Using default quotas."
|
_log 'trace' "'/tmp/docker-mailserver/dovecot-quotas.cf' is not provided. Using default quotas."
|
||||||
: >/tmp/docker-mailserver/dovecot-quotas.cf
|
: >/tmp/docker-mailserver/dovecot-quotas.cf
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -286,13 +287,13 @@ function _setup_dovecot_quota
|
||||||
|
|
||||||
function _setup_dovecot_local_user
|
function _setup_dovecot_local_user
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Dovecot Local User'
|
_log 'debug' 'Setting up Dovecot Local User'
|
||||||
|
|
||||||
_create_accounts
|
_create_accounts
|
||||||
|
|
||||||
if [[ ! -f /tmp/docker-mailserver/postfix-accounts.cf ]]
|
if [[ ! -f /tmp/docker-mailserver/postfix-accounts.cf ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "'/tmp/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
|
_log 'trace' "'/tmp/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! grep '@' /tmp/docker-mailserver/postfix-accounts.cf 2>/dev/null | grep -q '|'
|
if ! grep '@' /tmp/docker-mailserver/postfix-accounts.cf 2>/dev/null | grep -q '|'
|
||||||
|
@ -306,8 +307,8 @@ function _setup_dovecot_local_user
|
||||||
|
|
||||||
function _setup_ldap
|
function _setup_ldap
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up LDAP'
|
_log 'debug' 'Setting up LDAP'
|
||||||
_notify 'inf' 'Checking for custom configs'
|
_log 'trace' 'Checking for custom configs'
|
||||||
|
|
||||||
for i in 'users' 'groups' 'aliases' 'domains'
|
for i in 'users' 'groups' 'aliases' 'domains'
|
||||||
do
|
do
|
||||||
|
@ -318,7 +319,7 @@ function _setup_ldap
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
_notify 'inf' 'Starting to override configs'
|
_log 'trace' 'Starting to override configs'
|
||||||
|
|
||||||
local FILES=(
|
local FILES=(
|
||||||
/etc/postfix/ldap-users.cf
|
/etc/postfix/ldap-users.cf
|
||||||
|
@ -339,7 +340,7 @@ function _setup_ldap
|
||||||
configomat.sh "LDAP_" "${FILE}"
|
configomat.sh "LDAP_" "${FILE}"
|
||||||
done
|
done
|
||||||
|
|
||||||
_notify 'inf' "Configuring dovecot LDAP"
|
_log 'trace' "Configuring dovecot LDAP"
|
||||||
|
|
||||||
declare -A DOVECOT_LDAP_MAPPING
|
declare -A DOVECOT_LDAP_MAPPING
|
||||||
|
|
||||||
|
@ -368,32 +369,32 @@ function _setup_ldap
|
||||||
# add domainname to vhost
|
# add domainname to vhost
|
||||||
echo "${DOMAINNAME}" >>/tmp/vhost.tmp
|
echo "${DOMAINNAME}" >>/tmp/vhost.tmp
|
||||||
|
|
||||||
_notify 'inf' 'Enabling dovecot LDAP authentification'
|
_log 'trace' 'Enabling dovecot LDAP authentification'
|
||||||
|
|
||||||
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
|
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
|
||||||
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
|
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
|
||||||
|
|
||||||
_notify 'inf' "Configuring LDAP"
|
_log 'trace' "Configuring LDAP"
|
||||||
|
|
||||||
if [[ -f /etc/postfix/ldap-users.cf ]]
|
if [[ -f /etc/postfix/ldap-users.cf ]]
|
||||||
then
|
then
|
||||||
postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf"
|
postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf"
|
||||||
else
|
else
|
||||||
_notify 'warn' "'/etc/postfix/ldap-users.cf' not found"
|
_log 'warn' "'/etc/postfix/ldap-users.cf' not found"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f /etc/postfix/ldap-domains.cf ]]
|
if [[ -f /etc/postfix/ldap-domains.cf ]]
|
||||||
then
|
then
|
||||||
postconf -e "virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf"
|
postconf -e "virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf"
|
||||||
else
|
else
|
||||||
_notify 'warn' "'/etc/postfix/ldap-domains.cf' not found"
|
_log 'warn' "'/etc/postfix/ldap-domains.cf' not found"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]
|
if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]
|
||||||
then
|
then
|
||||||
postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf"
|
postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf"
|
||||||
else
|
else
|
||||||
_notify 'warn' "'/etc/postfix/ldap-aliases.cf' and / or '/etc/postfix/ldap-groups.cf' not found"
|
_log 'warn' "'/etc/postfix/ldap-aliases.cf' and / or '/etc/postfix/ldap-groups.cf' not found"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
|
@ -404,7 +405,7 @@ function _setup_ldap
|
||||||
|
|
||||||
function _setup_postgrey
|
function _setup_postgrey
|
||||||
{
|
{
|
||||||
_notify 'inf' "Configuring postgrey"
|
_log 'debug' "Configuring postgrey"
|
||||||
|
|
||||||
sed -i -E \
|
sed -i -E \
|
||||||
's|, reject_rbl_client zen.spamhaus.org$|, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023|' \
|
's|, reject_rbl_client zen.spamhaus.org$|, reject_rbl_client zen.spamhaus.org, check_policy_service inet:127.0.0.1:10023|' \
|
||||||
|
@ -434,7 +435,7 @@ function _setup_postgrey
|
||||||
|
|
||||||
function _setup_postfix_postscreen
|
function _setup_postfix_postscreen
|
||||||
{
|
{
|
||||||
_notify 'inf' "Configuring postscreen"
|
_log 'debug' "Configuring postscreen"
|
||||||
sed -i \
|
sed -i \
|
||||||
-e "s|postscreen_dnsbl_action = enforce|postscreen_dnsbl_action = ${POSTSCREEN_ACTION}|" \
|
-e "s|postscreen_dnsbl_action = enforce|postscreen_dnsbl_action = ${POSTSCREEN_ACTION}|" \
|
||||||
-e "s|postscreen_greet_action = enforce|postscreen_greet_action = ${POSTSCREEN_ACTION}|" \
|
-e "s|postscreen_greet_action = enforce|postscreen_greet_action = ${POSTSCREEN_ACTION}|" \
|
||||||
|
@ -443,31 +444,31 @@ function _setup_postfix_postscreen
|
||||||
|
|
||||||
function _setup_postfix_sizelimits
|
function _setup_postfix_sizelimits
|
||||||
{
|
{
|
||||||
_notify 'inf' "Configuring postfix message size limit to ${POSTFIX_MESSAGE_SIZE_LIMIT}"
|
_log 'trace' "Configuring postfix message size limit to ${POSTFIX_MESSAGE_SIZE_LIMIT}"
|
||||||
postconf -e "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
|
postconf -e "message_size_limit = ${POSTFIX_MESSAGE_SIZE_LIMIT}"
|
||||||
|
|
||||||
_notify 'inf' "Configuring postfix mailbox size limit to ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
_log 'trace' "Configuring postfix mailbox size limit to ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
||||||
postconf -e "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
postconf -e "mailbox_size_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
||||||
|
|
||||||
_notify 'inf' "Configuring postfix virtual mailbox size limit to ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
_log 'trace' "Configuring postfix virtual mailbox size limit to ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
||||||
postconf -e "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
postconf -e "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_clamav_sizelimit
|
function _setup_clamav_sizelimit
|
||||||
{
|
{
|
||||||
_notify 'inf' "Configuring ClamAV message scan size limit to ${CLAMAV_MESSAGE_SIZE_LIMIT}"
|
_log 'trace' "Configuring ClamAV message scan size limit to ${CLAMAV_MESSAGE_SIZE_LIMIT}"
|
||||||
sedfile -i "s/^MaxFileSize.*/MaxFileSize ${CLAMAV_MESSAGE_SIZE_LIMIT}/" /etc/clamav/clamd.conf
|
sedfile -i "s/^MaxFileSize.*/MaxFileSize ${CLAMAV_MESSAGE_SIZE_LIMIT}/" /etc/clamav/clamd.conf
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_postfix_smtputf8
|
function _setup_postfix_smtputf8
|
||||||
{
|
{
|
||||||
_notify 'inf' "Configuring postfix smtputf8 support (disable)"
|
_log 'trace' "Configuring postfix smtputf8 support (disable)"
|
||||||
postconf -e "smtputf8_enable = no"
|
postconf -e "smtputf8_enable = no"
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_spoof_protection
|
function _setup_spoof_protection
|
||||||
{
|
{
|
||||||
_notify 'inf' "Configuring Spoof Protection"
|
_log 'trace' "Configuring Spoof Protection"
|
||||||
sed -i \
|
sed -i \
|
||||||
's|smtpd_sender_restrictions =|smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,|' \
|
's|smtpd_sender_restrictions =|smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,|' \
|
||||||
/etc/postfix/main.cf
|
/etc/postfix/main.cf
|
||||||
|
@ -491,7 +492,7 @@ function _setup_spoof_protection
|
||||||
|
|
||||||
function _setup_postfix_access_control
|
function _setup_postfix_access_control
|
||||||
{
|
{
|
||||||
_notify 'inf' 'Configuring user access'
|
_log 'trace' 'Configuring user access'
|
||||||
|
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
|
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
|
||||||
then
|
then
|
||||||
|
@ -527,7 +528,7 @@ EOF
|
||||||
|
|
||||||
function _setup_saslauthd
|
function _setup_saslauthd
|
||||||
{
|
{
|
||||||
_notify 'task' "Setting up SASLAUTHD"
|
_log 'debug' "Setting up SASLAUTHD"
|
||||||
|
|
||||||
# checking env vars and setting defaults
|
# checking env vars and setting defaults
|
||||||
[[ -z ${SASLAUTHD_MECHANISMS:-} ]] && SASLAUTHD_MECHANISMS=pam
|
[[ -z ${SASLAUTHD_MECHANISMS:-} ]] && SASLAUTHD_MECHANISMS=pam
|
||||||
|
@ -577,7 +578,7 @@ function _setup_saslauthd
|
||||||
|
|
||||||
if [[ ! -f /etc/saslauthd.conf ]]
|
if [[ ! -f /etc/saslauthd.conf ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Creating /etc/saslauthd.conf'
|
_log 'trace' 'Creating /etc/saslauthd.conf'
|
||||||
cat > /etc/saslauthd.conf << EOF
|
cat > /etc/saslauthd.conf << EOF
|
||||||
ldap_servers: ${SASLAUTHD_LDAP_SERVER}
|
ldap_servers: ${SASLAUTHD_LDAP_SERVER}
|
||||||
|
|
||||||
|
@ -617,13 +618,13 @@ EOF
|
||||||
|
|
||||||
function _setup_postfix_aliases
|
function _setup_postfix_aliases
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Postfix Aliases'
|
_log 'debug' 'Setting up Postfix aliases'
|
||||||
_create_aliases
|
_create_aliases
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_SRS
|
function _setup_SRS
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up SRS'
|
_log 'debug' 'Setting up SRS'
|
||||||
|
|
||||||
postconf -e "sender_canonical_maps = tcp:localhost:10001"
|
postconf -e "sender_canonical_maps = tcp:localhost:10001"
|
||||||
postconf -e "sender_canonical_classes = ${SRS_SENDER_CLASSES}"
|
postconf -e "sender_canonical_classes = ${SRS_SENDER_CLASSES}"
|
||||||
|
@ -633,7 +634,7 @@ function _setup_SRS
|
||||||
|
|
||||||
function _setup_dkim
|
function _setup_dkim
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up DKIM'
|
_log 'debug' 'Setting up DKIM'
|
||||||
|
|
||||||
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
|
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
|
||||||
|
|
||||||
|
@ -642,13 +643,13 @@ function _setup_dkim
|
||||||
then
|
then
|
||||||
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
|
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
|
||||||
|
|
||||||
_notify 'inf' "DKIM keys added for: $(ls -C /etc/opendkim/keys/)"
|
_log 'trace' "DKIM keys added for: $(ls -C /etc/opendkim/keys/)"
|
||||||
_notify 'inf' "Changing permissions on /etc/opendkim"
|
_log 'trace' "Changing permissions on /etc/opendkim"
|
||||||
|
|
||||||
chown -R opendkim:opendkim /etc/opendkim/
|
chown -R opendkim:opendkim /etc/opendkim/
|
||||||
chmod -R 0700 /etc/opendkim/keys/
|
chmod -R 0700 /etc/opendkim/keys/
|
||||||
else
|
else
|
||||||
_notify 'warn' 'No DKIM key provided. Check the documentation on how to get your keys.'
|
_log 'warn' 'No DKIM key provided. Check the documentation on how to get your keys.'
|
||||||
[[ ! -f "/etc/opendkim/KeyTable" ]] && touch "/etc/opendkim/KeyTable"
|
[[ ! -f "/etc/opendkim/KeyTable" ]] && touch "/etc/opendkim/KeyTable"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -657,19 +658,19 @@ function _setup_dkim
|
||||||
then
|
then
|
||||||
echo "Nameservers $(grep '^nameserver' /etc/resolv.conf | awk -F " " '{print $2}' | paste -sd ',' -)" >> /etc/opendkim.conf
|
echo "Nameservers $(grep '^nameserver' /etc/resolv.conf | awk -F " " '{print $2}' | paste -sd ',' -)" >> /etc/opendkim.conf
|
||||||
|
|
||||||
_notify 'inf' "Nameservers added to /etc/opendkim.conf"
|
_log 'trace' "Nameservers added to /etc/opendkim.conf"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_postfix_vhost
|
function _setup_postfix_vhost
|
||||||
{
|
{
|
||||||
_notify 'task' "Setting up Postfix vhost"
|
_log 'debug' "Setting up Postfix vhost"
|
||||||
_create_postfix_vhost
|
_create_postfix_vhost
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_postfix_inet_protocols
|
function _setup_postfix_inet_protocols
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up POSTFIX_INET_PROTOCOLS option'
|
_log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
|
||||||
postconf -e "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
|
postconf -e "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -677,7 +678,7 @@ function _setup_dovecot_inet_protocols
|
||||||
{
|
{
|
||||||
local PROTOCOL
|
local PROTOCOL
|
||||||
|
|
||||||
_notify 'task' 'Setting up DOVECOT_INET_PROTOCOLS option'
|
_log 'trace' 'Setting up DOVECOT_INET_PROTOCOLS option'
|
||||||
|
|
||||||
# https://dovecot.org/doc/dovecot-example.conf
|
# https://dovecot.org/doc/dovecot-example.conf
|
||||||
if [[ ${DOVECOT_INET_PROTOCOLS} == "ipv4" ]]
|
if [[ ${DOVECOT_INET_PROTOCOLS} == "ipv4" ]]
|
||||||
|
@ -696,7 +697,7 @@ function _setup_dovecot_inet_protocols
|
||||||
|
|
||||||
function _setup_docker_permit
|
function _setup_docker_permit
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up PERMIT_DOCKER Option'
|
_log 'debug' 'Setting up PERMIT_DOCKER Option'
|
||||||
|
|
||||||
local CONTAINER_IP CONTAINER_NETWORK
|
local CONTAINER_IP CONTAINER_NETWORK
|
||||||
|
|
||||||
|
@ -709,7 +710,7 @@ function _setup_docker_permit
|
||||||
|
|
||||||
if [[ -z ${CONTAINER_IP} ]]
|
if [[ -z ${CONTAINER_IP} ]]
|
||||||
then
|
then
|
||||||
_notify 'err' 'Detecting the container IP address failed.'
|
_log 'error' 'Detecting the container IP address failed.'
|
||||||
dms_panic__misconfigured 'NETWORK_INTERFACE' 'Network Setup [docker_permit]'
|
dms_panic__misconfigured 'NETWORK_INTERFACE' 'Network Setup [docker_permit]'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -720,7 +721,7 @@ function _setup_docker_permit
|
||||||
|
|
||||||
case "${PERMIT_DOCKER}" in
|
case "${PERMIT_DOCKER}" in
|
||||||
( 'none' )
|
( 'none' )
|
||||||
_notify 'inf' "Clearing Postfix's 'mynetworks'"
|
_log 'trace' "Clearing Postfix's 'mynetworks'"
|
||||||
postconf -e "mynetworks ="
|
postconf -e "mynetworks ="
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -728,7 +729,7 @@ function _setup_docker_permit
|
||||||
for NETWORK in "${CONTAINER_NETWORKS[@]}"
|
for NETWORK in "${CONTAINER_NETWORKS[@]}"
|
||||||
do
|
do
|
||||||
NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}")
|
NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}")
|
||||||
_notify 'inf' "Adding docker network ${NETWORK} to Postfix's 'mynetworks'"
|
_log 'trace' "Adding docker network ${NETWORK} to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') ${NETWORK}"
|
postconf -e "$(postconf | grep '^mynetworks =') ${NETWORK}"
|
||||||
echo "${NETWORK}" >> /etc/opendmarc/ignore.hosts
|
echo "${NETWORK}" >> /etc/opendmarc/ignore.hosts
|
||||||
echo "${NETWORK}" >> /etc/opendkim/TrustedHosts
|
echo "${NETWORK}" >> /etc/opendkim/TrustedHosts
|
||||||
|
@ -736,29 +737,29 @@ function _setup_docker_permit
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'container' )
|
( 'container' )
|
||||||
_notify 'inf' "Adding container IP address to Postfix's 'mynetworks'"
|
_log 'trace' "Adding container IP address to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32"
|
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32"
|
||||||
echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts
|
echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts
|
||||||
echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts
|
echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'host' )
|
( 'host' )
|
||||||
_notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'"
|
_log 'trace' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16"
|
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16"
|
||||||
echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts
|
echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts
|
||||||
echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts
|
echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'network' )
|
( 'network' )
|
||||||
_notify 'inf' "Adding docker network to Postfix's 'mynetworks'"
|
_log 'trace' "Adding docker network to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
|
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
|
||||||
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
|
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
|
||||||
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
|
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}"
|
_log 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}"
|
||||||
_notify 'inf' "Clearing Postfix's 'mynetworks'"
|
_log 'trace' "Clearing Postfix's 'mynetworks'"
|
||||||
postconf -e "mynetworks ="
|
postconf -e "mynetworks ="
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -768,7 +769,7 @@ function _setup_docker_permit
|
||||||
# Requires ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
|
# Requires ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
|
||||||
function _setup_postfix_virtual_transport
|
function _setup_postfix_virtual_transport
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Postfix virtual transport'
|
_log 'trace' 'Setting up Postfix virtual transport'
|
||||||
|
|
||||||
if [[ -z ${POSTFIX_DAGENT} ]]
|
if [[ -z ${POSTFIX_DAGENT} ]]
|
||||||
then
|
then
|
||||||
|
@ -781,7 +782,7 @@ function _setup_postfix_virtual_transport
|
||||||
|
|
||||||
function _setup_postfix_override_configuration
|
function _setup_postfix_override_configuration
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Postfix Override configuration'
|
_log 'trace' 'Setting up Postfix Override configuration'
|
||||||
|
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-main.cf ]]
|
if [[ -f /tmp/docker-mailserver/postfix-main.cf ]]
|
||||||
then
|
then
|
||||||
|
@ -794,9 +795,9 @@ function _setup_postfix_override_configuration
|
||||||
postconf -e "${LINE}"
|
postconf -e "${LINE}"
|
||||||
fi
|
fi
|
||||||
done < /tmp/docker-mailserver/postfix-main.cf
|
done < /tmp/docker-mailserver/postfix-main.cf
|
||||||
_notify 'inf' "Loaded '/tmp/docker-mailserver/postfix-main.cf'"
|
_log 'trace' "Loaded '/tmp/docker-mailserver/postfix-main.cf'"
|
||||||
else
|
else
|
||||||
_notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
|
_log 'trace' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [[ -f /tmp/docker-mailserver/postfix-master.cf ]]
|
if [[ -f /tmp/docker-mailserver/postfix-master.cf ]]
|
||||||
|
@ -808,27 +809,27 @@ function _setup_postfix_override_configuration
|
||||||
postconf -P "${LINE}"
|
postconf -P "${LINE}"
|
||||||
fi
|
fi
|
||||||
done < /tmp/docker-mailserver/postfix-master.cf
|
done < /tmp/docker-mailserver/postfix-master.cf
|
||||||
_notify 'inf' "Loaded '/tmp/docker-mailserver/postfix-master.cf'"
|
_log 'trace' "Loaded '/tmp/docker-mailserver/postfix-master.cf'"
|
||||||
else
|
else
|
||||||
_notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided."
|
_log 'trace' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
_notify 'inf' "set the compatibility level to 2"
|
_log 'trace' "set the compatibility level to 2"
|
||||||
postconf compatibility_level=2
|
postconf compatibility_level=2
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_postfix_sasl_password
|
function _setup_postfix_sasl_password
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up Postfix SASL Password'
|
_log 'debug' 'Setting up Postfix SASL Password'
|
||||||
|
|
||||||
# support general SASL password
|
# support general SASL password
|
||||||
_sasl_passwd_create
|
_sasl_passwd_create
|
||||||
|
|
||||||
if [[ -f /etc/postfix/sasl_passwd ]]
|
if [[ -f /etc/postfix/sasl_passwd ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Loaded SASL_PASSWD"
|
_log 'trace' "Loaded SASL_PASSWD"
|
||||||
else
|
else
|
||||||
_notify 'inf' "Warning: 'SASL_PASSWD' was not provided. /etc/postfix/sasl_passwd not created."
|
_log 'debug' "Warning: 'SASL_PASSWD' was not provided. /etc/postfix/sasl_passwd not created."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -853,22 +854,22 @@ function _setup_dhparam
|
||||||
local DH_DEST=$2
|
local DH_DEST=$2
|
||||||
local DH_CUSTOM=/tmp/docker-mailserver/dhparams.pem
|
local DH_CUSTOM=/tmp/docker-mailserver/dhparams.pem
|
||||||
|
|
||||||
_notify 'task' "Setting up ${DH_SERVICE} dhparam"
|
_log 'debug' "Setting up ${DH_SERVICE} dhparam"
|
||||||
|
|
||||||
if [[ -f ${DH_CUSTOM} ]]
|
if [[ -f ${DH_CUSTOM} ]]
|
||||||
then # use custom supplied dh params (assumes they're probably insecure)
|
then # use custom supplied dh params (assumes they're probably insecure)
|
||||||
_notify 'inf' "${DH_SERVICE} will use custom provided DH paramters."
|
_log 'trace' "${DH_SERVICE} will use custom provided DH paramters."
|
||||||
_notify 'warn' "Using self-generated dhparams is considered insecure. Unless you know what you are doing, please remove ${DH_CUSTOM}."
|
_log 'warn' "Using self-generated dhparams is considered insecure. Unless you know what you are doing, please remove ${DH_CUSTOM}."
|
||||||
|
|
||||||
cp -f "${DH_CUSTOM}" "${DH_DEST}"
|
cp -f "${DH_CUSTOM}" "${DH_DEST}"
|
||||||
else # use official standardized dh params (provided via Dockerfile)
|
else # use official standardized dh params (provided via Dockerfile)
|
||||||
_notify 'inf' "${DH_SERVICE} will use official standardized DH parameters (ffdhe4096)."
|
_log 'trace' "${DH_SERVICE} will use official standardized DH parameters (ffdhe4096)."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_security_stack
|
function _setup_security_stack
|
||||||
{
|
{
|
||||||
_notify 'task' "Setting up Security Stack"
|
_log 'debug' "Setting up Security Stack"
|
||||||
|
|
||||||
# recreate auto-generated file
|
# recreate auto-generated file
|
||||||
local DMS_AMAVIS_FILE=/etc/amavis/conf.d/61-dms_auto_generated
|
local DMS_AMAVIS_FILE=/etc/amavis/conf.d/61-dms_auto_generated
|
||||||
|
@ -879,11 +880,11 @@ function _setup_security_stack
|
||||||
# SpamAssassin
|
# SpamAssassin
|
||||||
if [[ ${ENABLE_SPAMASSASSIN} -eq 0 ]]
|
if [[ ${ENABLE_SPAMASSASSIN} -eq 0 ]]
|
||||||
then
|
then
|
||||||
_notify 'warn' "Spamassassin is disabled. You can enable it with 'ENABLE_SPAMASSASSIN=1'"
|
_log 'warn' "Spamassassin is disabled. You can enable it with 'ENABLE_SPAMASSASSIN=1'"
|
||||||
echo "@bypass_spam_checks_maps = (1);" >>"${DMS_AMAVIS_FILE}"
|
echo "@bypass_spam_checks_maps = (1);" >>"${DMS_AMAVIS_FILE}"
|
||||||
elif [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
|
elif [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' "Enabling and configuring spamassassin"
|
_log 'debug' "Enabling and configuring spamassassin"
|
||||||
|
|
||||||
# shellcheck disable=SC2016
|
# shellcheck disable=SC2016
|
||||||
sed -i -r 's|^\$sa_tag_level_deflt (.*);|\$sa_tag_level_deflt = '"${SA_TAG}"';|g' /etc/amavis/conf.d/20-debian_defaults
|
sed -i -r 's|^\$sa_tag_level_deflt (.*);|\$sa_tag_level_deflt = '"${SA_TAG}"';|g' /etc/amavis/conf.d/20-debian_defaults
|
||||||
|
@ -925,12 +926,12 @@ function _setup_security_stack
|
||||||
|
|
||||||
if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]]
|
if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Configuring Spamassassin/Amavis to send SPAM to inbox'
|
_log 'trace' 'Configuring Spamassassin/Amavis to send SPAM to inbox'
|
||||||
|
|
||||||
sed -i "s|\$final_spam_destiny.*=.*$|\$final_spam_destiny = D_PASS;|g" /etc/amavis/conf.d/49-docker-mailserver
|
sed -i "s|\$final_spam_destiny.*=.*$|\$final_spam_destiny = D_PASS;|g" /etc/amavis/conf.d/49-docker-mailserver
|
||||||
sed -i "s|\$final_bad_header_destiny.*=.*$|\$final_bad_header_destiny = D_PASS;|g" /etc/amavis/conf.d/49-docker-mailserver
|
sed -i "s|\$final_bad_header_destiny.*=.*$|\$final_bad_header_destiny = D_PASS;|g" /etc/amavis/conf.d/49-docker-mailserver
|
||||||
else
|
else
|
||||||
_notify 'inf' 'Configuring Spamassassin/Amavis to bounce SPAM'
|
_log 'trace' 'Configuring Spamassassin/Amavis to bounce SPAM'
|
||||||
|
|
||||||
sed -i "s|\$final_spam_destiny.*=.*$|\$final_spam_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
|
sed -i "s|\$final_spam_destiny.*=.*$|\$final_spam_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
|
||||||
sed -i "s|\$final_bad_header_destiny.*=.*$|\$final_bad_header_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
|
sed -i "s|\$final_bad_header_destiny.*=.*$|\$final_bad_header_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
|
||||||
|
@ -938,7 +939,7 @@ function _setup_security_stack
|
||||||
|
|
||||||
if [[ ${ENABLE_SPAMASSASSIN_KAM} -eq 1 ]]
|
if [[ ${ENABLE_SPAMASSASSIN_KAM} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Configuring Spamassassin KAM'
|
_log 'trace' 'Configuring Spamassassin KAM'
|
||||||
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
|
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
|
||||||
|
|
||||||
sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
|
sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
|
||||||
|
@ -967,11 +968,11 @@ EOM
|
||||||
# ClamAV
|
# ClamAV
|
||||||
if [[ ${ENABLE_CLAMAV} -eq 0 ]]
|
if [[ ${ENABLE_CLAMAV} -eq 0 ]]
|
||||||
then
|
then
|
||||||
_notify 'warn' "ClamAV is disabled. You can enable it with 'ENABLE_CLAMAV=1'"
|
_log 'warn' "ClamAV is disabled. You can enable it with 'ENABLE_CLAMAV=1'"
|
||||||
echo '@bypass_virus_checks_maps = (1);' >>"${DMS_AMAVIS_FILE}"
|
echo '@bypass_virus_checks_maps = (1);' >>"${DMS_AMAVIS_FILE}"
|
||||||
elif [[ ${ENABLE_CLAMAV} -eq 1 ]]
|
elif [[ ${ENABLE_CLAMAV} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Enabling ClamAV'
|
_log 'debug' 'Enabling ClamAV'
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo '1; # ensure a defined return' >>"${DMS_AMAVIS_FILE}"
|
echo '1; # ensure a defined return' >>"${DMS_AMAVIS_FILE}"
|
||||||
|
@ -980,7 +981,7 @@ EOM
|
||||||
# Fail2ban
|
# Fail2ban
|
||||||
if [[ ${ENABLE_FAIL2BAN} -eq 1 ]]
|
if [[ ${ENABLE_FAIL2BAN} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Fail2ban enabled'
|
_log 'debug' 'Enabling Fail2Ban'
|
||||||
|
|
||||||
if [[ -e /tmp/docker-mailserver/fail2ban-fail2ban.cf ]]
|
if [[ -e /tmp/docker-mailserver/fail2ban-fail2ban.cf ]]
|
||||||
then
|
then
|
||||||
|
@ -1004,7 +1005,7 @@ EOM
|
||||||
# Amavis
|
# Amavis
|
||||||
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
|
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
|
||||||
then
|
then
|
||||||
_notify 'inf' 'Amavis enabled'
|
_log 'debug' 'Enabling Amavis'
|
||||||
if [[ -f /tmp/docker-mailserver/amavis.cf ]]
|
if [[ -f /tmp/docker-mailserver/amavis.cf ]]
|
||||||
then
|
then
|
||||||
cp /tmp/docker-mailserver/amavis.cf /etc/amavis/conf.d/50-user
|
cp /tmp/docker-mailserver/amavis.cf /etc/amavis/conf.d/50-user
|
||||||
|
@ -1018,28 +1019,28 @@ EOM
|
||||||
|
|
||||||
function _setup_logrotate
|
function _setup_logrotate
|
||||||
{
|
{
|
||||||
_notify 'inf' 'Setting up logrotate'
|
_log 'debug' 'Setting up logrotate'
|
||||||
|
|
||||||
LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n'
|
LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n'
|
||||||
|
|
||||||
case "${LOGROTATE_INTERVAL}" in
|
case "${LOGROTATE_INTERVAL}" in
|
||||||
( 'daily' )
|
( 'daily' )
|
||||||
_notify 'inf' 'Setting postfix logrotate interval to daily'
|
_log 'trace' 'Setting postfix logrotate interval to daily'
|
||||||
LOGROTATE="${LOGROTATE} rotate 4\n daily\n"
|
LOGROTATE="${LOGROTATE} rotate 4\n daily\n"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'weekly' )
|
( 'weekly' )
|
||||||
_notify 'inf' 'Setting postfix logrotate interval to weekly'
|
_log 'trace' 'Setting postfix logrotate interval to weekly'
|
||||||
LOGROTATE="${LOGROTATE} rotate 4\n weekly\n"
|
LOGROTATE="${LOGROTATE} rotate 4\n weekly\n"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'monthly' )
|
( 'monthly' )
|
||||||
_notify 'inf' 'Setting postfix logrotate interval to monthly'
|
_log 'trace' 'Setting postfix logrotate interval to monthly'
|
||||||
LOGROTATE="${LOGROTATE} rotate 4\n monthly\n"
|
LOGROTATE="${LOGROTATE} rotate 4\n monthly\n"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate'
|
_log 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
esac
|
esac
|
||||||
|
@ -1049,11 +1050,11 @@ function _setup_logrotate
|
||||||
|
|
||||||
function _setup_mail_summary
|
function _setup_mail_summary
|
||||||
{
|
{
|
||||||
_notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}"
|
_log 'debug' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}"
|
||||||
|
|
||||||
case "${PFLOGSUMM_TRIGGER}" in
|
case "${PFLOGSUMM_TRIGGER}" in
|
||||||
( 'daily_cron' )
|
( 'daily_cron' )
|
||||||
_notify 'inf' 'Creating daily cron job for pflogsumm report'
|
_log 'trace' 'Creating daily cron job for pflogsumm report'
|
||||||
|
|
||||||
cat >/etc/cron.daily/postfix-summary << EOM
|
cat >/etc/cron.daily/postfix-summary << EOM
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
@ -1065,18 +1066,18 @@ EOM
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'logrotate' )
|
( 'logrotate' )
|
||||||
_notify 'inf' 'Add postrotate action for pflogsumm report'
|
_log 'trace' 'Add postrotate action for pflogsumm report'
|
||||||
sed -i \
|
sed -i \
|
||||||
"s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \
|
"s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \
|
||||||
/etc/logrotate.d/maillog
|
/etc/logrotate.d/maillog
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'none' )
|
( 'none' )
|
||||||
_notify 'inf' 'Postfix log summary reports disabled.'
|
_log 'trace' 'Postfix log summary reports disabled.'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery'
|
_log 'warn' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
esac
|
esac
|
||||||
|
@ -1089,8 +1090,8 @@ function _setup_logwatch
|
||||||
|
|
||||||
case "${LOGWATCH_INTERVAL}" in
|
case "${LOGWATCH_INTERVAL}" in
|
||||||
( 'daily' | 'weekly' )
|
( 'daily' | 'weekly' )
|
||||||
_notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
|
_log 'trace' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
|
||||||
_notify 'inf' "Creating ${LOGWATCH_INTERVAL} cron job for logwatch reports"
|
_log 'trace' "Creating ${LOGWATCH_INTERVAL} cron job for logwatch reports"
|
||||||
|
|
||||||
local LOGWATCH_FILE INTERVAL
|
local LOGWATCH_FILE INTERVAL
|
||||||
|
|
||||||
|
@ -1111,11 +1112,11 @@ EOM
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( 'none' )
|
( 'none' )
|
||||||
_notify 'inf' 'Logwatch reports disabled.'
|
_log 'trace' 'Logwatch reports disabled.'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
( * )
|
( * )
|
||||||
_notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch'
|
_log 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
esac
|
esac
|
||||||
|
@ -1127,16 +1128,16 @@ function _setup_user_patches
|
||||||
|
|
||||||
if [[ -f ${USER_PATCHES} ]]
|
if [[ -f ${USER_PATCHES} ]]
|
||||||
then
|
then
|
||||||
_notify 'tasklog' 'Applying user patches'
|
_log 'info' 'Applying user patches'
|
||||||
/bin/bash "${USER_PATCHES}"
|
/bin/bash "${USER_PATCHES}"
|
||||||
else
|
else
|
||||||
_notify 'inf' "No optional '/tmp/docker-mailserver/user-patches.sh' provided. Skipping."
|
_log 'trace' "No optional '/tmp/docker-mailserver/user-patches.sh' provided. Skipping."
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function _setup_fail2ban
|
function _setup_fail2ban
|
||||||
{
|
{
|
||||||
_notify 'task' 'Setting up fail2ban'
|
_log 'debug' 'Setting up Fail2Ban'
|
||||||
if [[ ${FAIL2BAN_BLOCKTYPE} != "reject" ]]
|
if [[ ${FAIL2BAN_BLOCKTYPE} != "reject" ]]
|
||||||
then
|
then
|
||||||
echo -e "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-common.local
|
echo -e "[Init]\nblocktype = DROP" > /etc/fail2ban/action.d/iptables-common.local
|
||||||
|
@ -1145,12 +1146,13 @@ function _setup_fail2ban
|
||||||
|
|
||||||
function _setup_dnsbl_disable
|
function _setup_dnsbl_disable
|
||||||
{
|
{
|
||||||
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
|
_log 'debug' 'Disabling postfix DNS block list (zen.spamhaus.org)'
|
||||||
|
|
||||||
sedfile -i \
|
sedfile -i \
|
||||||
'/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' \
|
'/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' \
|
||||||
/etc/postfix/main.cf
|
/etc/postfix/main.cf
|
||||||
|
|
||||||
_notify 'task' 'Disabling postscreen DNS block lists'
|
_log 'debug' 'Disabling postscreen DNS block lists'
|
||||||
postconf -e "postscreen_dnsbl_action = ignore"
|
postconf -e "postscreen_dnsbl_action = ignore"
|
||||||
postconf -e "postscreen_dnsbl_sites = "
|
postconf -e "postscreen_dnsbl_sites = "
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,7 @@ function setup_file() {
|
||||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||||
-e DMS_DEBUG=1 \
|
-e DMS_DEBUG=1 \
|
||||||
|
-e LOG_LEVEL=trace \
|
||||||
-h mail.my-domain.com -t "${NAME}"
|
-h mail.my-domain.com -t "${NAME}"
|
||||||
wait_for_finished_setup_in_container mail_changedetector_one
|
wait_for_finished_setup_in_container mail_changedetector_one
|
||||||
|
|
||||||
|
@ -19,6 +20,7 @@ function setup_file() {
|
||||||
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
|
||||||
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||||
-e DMS_DEBUG=1 \
|
-e DMS_DEBUG=1 \
|
||||||
|
-e LOG_LEVEL=trace \
|
||||||
-h mail.my-domain.com -t "${NAME}"
|
-h mail.my-domain.com -t "${NAME}"
|
||||||
wait_for_finished_setup_in_container mail_changedetector_two
|
wait_for_finished_setup_in_container mail_changedetector_two
|
||||||
}
|
}
|
||||||
|
@ -55,15 +57,15 @@ function teardown_file() {
|
||||||
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl start changedetector"
|
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl start changedetector"
|
||||||
sleep 15
|
sleep 15
|
||||||
run docker exec mail_changedetector_one /bin/bash -c "supervisorctl tail changedetector"
|
run docker exec mail_changedetector_one /bin/bash -c "supervisorctl tail changedetector"
|
||||||
assert_output --partial "check-for-changes.sh.lock exists"
|
assert_output --partial "another execution of 'check-for-changes.sh' is happening"
|
||||||
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl tail changedetector"
|
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl tail changedetector"
|
||||||
assert_output --partial "check-for-changes.sh.lock exists"
|
assert_output --partial "another execution of 'check-for-changes.sh' is happening"
|
||||||
# Ensure starting a new check-for-changes.sh instance (restarting here) doesn't delete the lock
|
# Ensure starting a new check-for-changes.sh instance (restarting here) doesn't delete the lock
|
||||||
docker exec mail_changedetector_two /bin/bash -c "rm -f /var/log/supervisor/changedetector.log"
|
docker exec mail_changedetector_two /bin/bash -c "rm -f /var/log/supervisor/changedetector.log"
|
||||||
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl restart changedetector"
|
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl restart changedetector"
|
||||||
sleep 5
|
sleep 5
|
||||||
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl tail changedetector"
|
run docker exec mail_changedetector_two /bin/bash -c "supervisorctl tail changedetector"
|
||||||
refute_output --partial "check-for-changes.sh.lock exists"
|
refute_output --partial "another execution of 'check-for-changes.sh' is happening"
|
||||||
refute_output --partial "Removed lock"
|
refute_output --partial "Removed lock"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -73,8 +75,8 @@ function teardown_file() {
|
||||||
echo "" >> "$(private_config_path mail_changedetector_one)/postfix-accounts.cf"
|
echo "" >> "$(private_config_path mail_changedetector_one)/postfix-accounts.cf"
|
||||||
sleep 15
|
sleep 15
|
||||||
run docker exec mail_changedetector_one /bin/bash -c "supervisorctl tail changedetector"
|
run docker exec mail_changedetector_one /bin/bash -c "supervisorctl tail changedetector"
|
||||||
assert_output --partial "check-for-changes.sh.lock exists"
|
assert_output --partial "another execution of 'check-for-changes.sh' is happening"
|
||||||
sleep 65
|
sleep 65
|
||||||
run docker exec mail_changedetector_one /bin/bash -c "supervisorctl tail -3000 changedetector"
|
run docker exec mail_changedetector_one /bin/bash -c "supervisorctl tail -3000 changedetector"
|
||||||
assert_output --partial "Removed stale lock"
|
assert_output --partial "removing stale lock file"
|
||||||
}
|
}
|
||||||
|
|
|
@ -110,6 +110,7 @@ function teardown() {
|
||||||
local TEST_DOCKER_ARGS=(
|
local TEST_DOCKER_ARGS=(
|
||||||
--volume "${TEST_TMP_CONFIG}/letsencrypt/acme.json:/etc/letsencrypt/acme.json:ro"
|
--volume "${TEST_TMP_CONFIG}/letsencrypt/acme.json:/etc/letsencrypt/acme.json:ro"
|
||||||
--env DMS_DEBUG=1
|
--env DMS_DEBUG=1
|
||||||
|
--env LOG_LEVEL=trace
|
||||||
--env PERMIT_DOCKER='container'
|
--env PERMIT_DOCKER='container'
|
||||||
--env SSL_DOMAIN='*.example.test'
|
--env SSL_DOMAIN='*.example.test'
|
||||||
--env SSL_TYPE='letsencrypt'
|
--env SSL_TYPE='letsencrypt'
|
||||||
|
|
Loading…
Reference in a new issue