From 0f943788427a6e7eefd963e17822952ad0e99a79 Mon Sep 17 00:00:00 2001 From: angus Date: Fri, 1 Apr 2016 17:18:13 +0200 Subject: [PATCH 1/3] All email-related services now logs in /var/log/mail/ and fail2ban config has been updated accordingly. Added also a check before copying spamassassin rule file. --- start-mailserver.sh | 23 ++++++++++++++++------- test/tests.bats | 22 +++++++++++----------- 2 files changed, 27 insertions(+), 18 deletions(-) diff --git a/start-mailserver.sh b/start-mailserver.sh index 010e09b8..45ca5259 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -222,7 +222,6 @@ fi echo "Fixing permissions" chown -R 5000:5000 /var/mail -mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav chown postfix.sasl /etc/sasldb2 echo "Creating /etc/mailname" @@ -232,14 +231,16 @@ echo "Configuring Spamassassin" SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults -cp /tmp/spamassassin/rules.cf /etc/spamassassin/ +test -e /tmp/spamassassin/rules.cf && cp /tmp/spamassassin/rules.cf /etc/spamassassin/ echo "Configuring fail2ban" # enable filters -perl -i -0pe 's/(\[postfix\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf -perl -i -0pe 's/(\[couriersmtp\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf -perl -i -0pe 's/(\[courierauth\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf -perl -i -0pe 's/(\[sasl\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf +awk 'BEGIN{unit=0}{if ($1=="[postfix]" || $1=="[couriersmtp]" || $1=="[courierauth]" || $1=="[sasl]") {unit=1;} + if ($1=="enabled" && unit==1) $3="true"; + else if ($1=="logpath" && unit==1) $3="/var/log/mail/mail.log"; + print; + if (unit==1 && $1~/\[/ && $1!~/postfix|couriersmtp|courierauth|sasl/) unit=0; +}'/etc/fail2ban/jail.conf > /tmp/jail.conf.new && mv /tmp/jail.conf.new /etc/fail2ban/jail.conf && rm -f /tmp/jail.conf.new # increase ban time and find time to 3h sed -i "/^bantime *=/c\bantime = 10800" /etc/fail2ban/jail.conf @@ -251,6 +252,14 @@ echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf # continue to write the log information in the newly created file after rotating the old log file sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf +# Setup logging +mkdir -p /var/log/mail && chown syslog:root /var/log/mail +touch /var/log/mail/clamav.log && chown -R clamav:root /var/log/mail/clamav.log +touch /var/log/mail/freshclam.log && chown -R clamav:root /var/log/mail/freshclam.log +sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/rsyslog.d/50-default.conf +sed -i -r 's|LogFile /var/log/clamav/|LogFile /var/log/mail/|g' /etc/clamav/clamd.conf +sed -i -r 's|UpdateLogFile /var/log/clamav/|UpdateLogFile /var/log/mail/|g' /etc/clamav/freshclam.conf + echo "Starting daemons" cron /etc/init.d/rsyslog start @@ -285,4 +294,4 @@ echo "Listing SASL users" sasldblistusers2 echo "Starting..." -tail -f /var/log/mail.log +tail -f /var/log/mail/mail.log diff --git a/test/tests.bats b/test/tests.bats index 72c569b5..3aadc551 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -140,13 +140,13 @@ } @test "checking smtp: delivers mail to existing account" { - run docker exec mail /bin/sh -c "grep 'status=sent (delivered to maildir)' /var/log/mail.log | wc -l" + run docker exec mail /bin/sh -c "grep 'status=sent (delivered to maildir)' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] [ "$output" -eq 2 ] } @test "checking smtp: delivers mail to existing alias" { - run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail.log | grep 'status=sent' | wc -l" + run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @@ -158,25 +158,25 @@ } @test "checking smtp: rejects mail to unknown user" { - run docker exec mail /bin/sh -c "grep ': Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail.log | wc -l" + run docker exec mail /bin/sh -c "grep ': Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @test "checking smtp: redirects mail to external alias" { - run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail.log | wc -l" + run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @test "checking smtp: rejects spam" { - run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail.log | grep spam@external.tld | wc -l" + run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @test "checking smtp: rejects virus" { - run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail.log | grep virus@external.tld | wc -l" + run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] } @@ -349,14 +349,14 @@ [ "$output" = "0 1 * * * /usr/bin/freshclam --quiet" ] } -@test "checking system: /var/log/mail.log is error free" { - run docker exec mail grep 'non-null host address bits in' /var/log/mail.log +@test "checking system: /var/log/mail/mail.log is error free" { + run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log [ "$status" -eq 1 ] - run docker exec mail grep ': error:' /var/log/mail.log + run docker exec mail grep ': error:' /var/log/mail/mail.log [ "$status" -eq 1 ] - run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail.log + run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log [ "$status" -eq 1 ] - run docker exec mail_pop3 grep ': error:' /var/log/mail.log + run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log [ "$status" -eq 1 ] } From 25ac07cae74f03a87e9256038cda0fa2640c5805 Mon Sep 17 00:00:00 2001 From: angus Date: Wed, 6 Apr 2016 19:29:39 +0200 Subject: [PATCH 2/3] Introduce the env variable ENABLE_FAIL2BAN. Modified the Makefile so that the containers startup with a short delay between each other. Corrected a small bug in start-mailserver.sh that prevented the correct configuration of the jails. --- Makefile | 5 ++++- start-mailserver.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index 03899b5c..6ea1a4d4 100644 --- a/Makefile +++ b/Makefile @@ -21,18 +21,21 @@ run: -e SA_KILL=3.0 \ -e SASL_PASSWD=testing \ -h mail.my-domain.com -t $(NAME) + sleep 15 docker run -d --name mail_pop3 \ -v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/test \ -e ENABLE_POP3=1 \ -h mail.my-domain.com -t $(NAME) + sleep 15 docker run -d --name mail_smtponly \ -v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/test \ -e SMTP_ONLY=1 \ -h mail.my-domain.com -t $(NAME) + sleep 15 docker run -d --name mail_fail2ban \ -v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/spamassassin":/tmp/spamassassin \ @@ -40,7 +43,7 @@ run: -e ENABLE_FAIL2BAN=1 \ -h mail.my-domain.com -t $(NAME) # Wait for containers to fully start - sleep 60 + sleep 15 fixtures: # Sending test mails diff --git a/start-mailserver.sh b/start-mailserver.sh index 45ca5259..cff93be2 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -240,7 +240,7 @@ awk 'BEGIN{unit=0}{if ($1=="[postfix]" || $1=="[couriersmtp]" || $1=="[courierau else if ($1=="logpath" && unit==1) $3="/var/log/mail/mail.log"; print; if (unit==1 && $1~/\[/ && $1!~/postfix|couriersmtp|courierauth|sasl/) unit=0; -}'/etc/fail2ban/jail.conf > /tmp/jail.conf.new && mv /tmp/jail.conf.new /etc/fail2ban/jail.conf && rm -f /tmp/jail.conf.new +}' /etc/fail2ban/jail.conf > /tmp/jail.conf.new && mv /tmp/jail.conf.new /etc/fail2ban/jail.conf && rm -f /tmp/jail.conf.new # increase ban time and find time to 3h sed -i "/^bantime *=/c\bantime = 10800" /etc/fail2ban/jail.conf From c2881024c776f141c8e211b34df4dcab8ab81af0 Mon Sep 17 00:00:00 2001 From: angus Date: Fri, 8 Apr 2016 00:23:12 +0200 Subject: [PATCH 3/3] Clamav, Imap, Pop3, Dovecot, Postfix services are now logging into /var/log/mail directory. Fail2ban jails and logrotate config files have been updated accordingly. Integration tests have been extended to include a check of the new path. --- start-mailserver.sh | 3 +++ test/tests.bats | 10 ++++++++++ 2 files changed, 13 insertions(+) diff --git a/start-mailserver.sh b/start-mailserver.sh index cff93be2..80054489 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -259,6 +259,9 @@ touch /var/log/mail/freshclam.log && chown -R clamav:root /var/log/mail/freshcl sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/rsyslog.d/50-default.conf sed -i -r 's|LogFile /var/log/clamav/|LogFile /var/log/mail/|g' /etc/clamav/clamd.conf sed -i -r 's|UpdateLogFile /var/log/clamav/|UpdateLogFile /var/log/mail/|g' /etc/clamav/freshclam.conf +sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-daemon +sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-freshclam +sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog echo "Starting daemons" cron diff --git a/test/tests.bats b/test/tests.bats index 3aadc551..709fcae5 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -115,6 +115,16 @@ [ "$status" -eq 0 ] } +# +# logs +# + +@test "checking logs: mail related logs should be located in a subdirectory" { + run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail'|wc -l" + [ "$status" -eq 0 ] + [ "$output" = 3 ] +} + # # smtp #