Merge branch 'feat_separate-logs' into feat_dovecot_separate-logs

* Dovecot has been added in place of courier and cyrus sasl
* Email services now logs to /var/log/mail/
This commit is contained in:
angus 2016-04-08 00:42:31 +02:00
commit 2e33fcaf42
3 changed files with 44 additions and 19 deletions

View file

@ -22,18 +22,21 @@ run:
-e SA_KILL=3.0 \
-e SASL_PASSWD=testing \
-h mail.my-domain.com -t $(NAME)
sleep 15
docker run -d --name mail_pop3 \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-e ENABLE_POP3=1 \
-h mail.my-domain.com -t $(NAME)
sleep 15
docker run -d --name mail_smtponly \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-e SMTP_ONLY=1 \
-h mail.my-domain.com -t $(NAME)
sleep 15
docker run -d --name mail_fail2ban \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
@ -41,7 +44,7 @@ run:
-e ENABLE_FAIL2BAN=1 \
-h mail.my-domain.com -t $(NAME)
# Wait for containers to fully start
sleep 60
sleep 15
fixtures:
# Sending test mails

View file

@ -231,7 +231,6 @@ fi
echo "Fixing permissions"
chown -R 5000:5000 /var/mail
mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav
echo "Creating /etc/mailname"
echo $(hostname -d) > /etc/mailname
@ -240,14 +239,16 @@ echo "Configuring Spamassassin"
SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults
SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults
SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
cp /tmp/spamassassin/rules.cf /etc/spamassassin/
test -e /tmp/spamassassin/rules.cf && cp /tmp/spamassassin/rules.cf /etc/spamassassin/
echo "Configuring fail2ban"
# enable filters
perl -i -0pe 's/(\[postfix\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf
perl -i -0pe 's/(\[couriersmtp\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf
perl -i -0pe 's/(\[courierauth\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf
perl -i -0pe 's/(\[sasl\]\n\n).*\n/\1enabled = true\n/' /etc/fail2ban/jail.conf
awk 'BEGIN{unit=0}{if ($1=="[postfix]" || $1=="[couriersmtp]" || $1=="[courierauth]" || $1=="[sasl]") {unit=1;}
if ($1=="enabled" && unit==1) $3="true";
else if ($1=="logpath" && unit==1) $3="/var/log/mail/mail.log";
print;
if (unit==1 && $1~/\[/ && $1!~/postfix|couriersmtp|courierauth|sasl/) unit=0;
}' /etc/fail2ban/jail.conf > /tmp/jail.conf.new && mv /tmp/jail.conf.new /etc/fail2ban/jail.conf && rm -f /tmp/jail.conf.new
# increase ban time and find time to 3h
sed -i "/^bantime *=/c\bantime = 10800" /etc/fail2ban/jail.conf
@ -259,6 +260,17 @@ echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
# continue to write the log information in the newly created file after rotating the old log file
sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf
# Setup logging
mkdir -p /var/log/mail && chown syslog:root /var/log/mail
touch /var/log/mail/clamav.log && chown -R clamav:root /var/log/mail/clamav.log
touch /var/log/mail/freshclam.log && chown -R clamav:root /var/log/mail/freshclam.log
sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/rsyslog.d/50-default.conf
sed -i -r 's|LogFile /var/log/clamav/|LogFile /var/log/mail/|g' /etc/clamav/clamd.conf
sed -i -r 's|UpdateLogFile /var/log/clamav/|UpdateLogFile /var/log/mail/|g' /etc/clamav/freshclam.conf
sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-daemon
sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-freshclam
sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog
echo "Starting daemons"
cron
/etc/init.d/rsyslog start
@ -292,4 +304,4 @@ echo "Listing users"
/usr/sbin/dovecot user '*'
echo "Starting..."
tail -f /var/log/mail.log
tail -f /var/log/mail/mail.log

View file

@ -115,6 +115,16 @@
[ "$status" -eq 0 ]
}
#
# logs
#
@test "checking logs: mail related logs should be located in a subdirectory" {
run docker exec mail /bin/sh -c "ls -1 /var/log/mail/ | grep -E 'clamav|freshclam|mail'|wc -l"
[ "$status" -eq 0 ]
[ "$output" = 3 ]
}
#
# smtp
#
@ -140,13 +150,13 @@
}
@test "checking smtp: delivers mail to existing account" {
run docker exec mail /bin/sh -c "grep 'status=sent (delivered to maildir)' /var/log/mail.log | wc -l"
run docker exec mail /bin/sh -c "grep 'status=sent (delivered to maildir)' /var/log/mail/mail.log | wc -l"
[ "$status" -eq 0 ]
[ "$output" -eq 2 ]
}
@test "checking smtp: delivers mail to existing alias" {
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<alias1@localhost.localdomain>' /var/log/mail.log | grep 'status=sent' | wc -l"
run docker exec mail /bin/sh -c "grep 'to=<user1@localhost.localdomain>, orig_to=<alias1@localhost.localdomain>' /var/log/mail/mail.log | grep 'status=sent' | wc -l"
[ "$status" -eq 0 ]
[ "$output" = 1 ]
}
@ -158,25 +168,25 @@
}
@test "checking smtp: rejects mail to unknown user" {
run docker exec mail /bin/sh -c "grep '<nouser@localhost.localdomain>: Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail.log | wc -l"
run docker exec mail /bin/sh -c "grep '<nouser@localhost.localdomain>: Recipient address rejected: User unknown in virtual mailbox table' /var/log/mail/mail.log | wc -l"
[ "$status" -eq 0 ]
[ "$output" = 1 ]
}
@test "checking smtp: redirects mail to external alias" {
run docker exec mail /bin/sh -c "grep -- '-> <external1@otherdomain.tld>' /var/log/mail.log | wc -l"
run docker exec mail /bin/sh -c "grep -- '-> <external1@otherdomain.tld>' /var/log/mail/mail.log | wc -l"
[ "$status" -eq 0 ]
[ "$output" = 1 ]
}
@test "checking smtp: rejects spam" {
run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail.log | grep spam@external.tld | wc -l"
run docker exec mail /bin/sh -c "grep 'Blocked SPAM' /var/log/mail/mail.log | grep spam@external.tld | wc -l"
[ "$status" -eq 0 ]
[ "$output" = 1 ]
}
@test "checking smtp: rejects virus" {
run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail.log | grep virus@external.tld | wc -l"
run docker exec mail /bin/sh -c "grep 'Blocked INFECTED' /var/log/mail/mail.log | grep virus@external.tld | wc -l"
[ "$status" -eq 0 ]
[ "$output" = 1 ]
}
@ -349,14 +359,14 @@
[ "$output" = "0 1 * * * /usr/bin/freshclam --quiet" ]
}
@test "checking system: /var/log/mail.log is error free" {
run docker exec mail grep 'non-null host address bits in' /var/log/mail.log
@test "checking system: /var/log/mail/mail.log is error free" {
run docker exec mail grep 'non-null host address bits in' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail grep ': error:' /var/log/mail.log
run docker exec mail grep ': error:' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail.log
run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail_pop3 grep ': error:' /var/log/mail.log
run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log
[ "$status" -eq 1 ]
}