mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
1175: specify user for cron.d freshclam file (#1176)
* 1175: specify user for cron.d freshclam file * Fix Dovecot SSL parameters and generate dhparams as for Postfix * Fixed broken unit tests
This commit is contained in:
parent
adf3d8e1b3
commit
603dbbd7b0
|
@ -27,6 +27,7 @@ The development workflow is the following:
|
||||||
- Code :-)
|
- Code :-)
|
||||||
- Add integration tests in `test/tests.bats`
|
- Add integration tests in `test/tests.bats`
|
||||||
- Use `make` to build image locally and run tests
|
- Use `make` to build image locally and run tests
|
||||||
|
Note that tests work on Linux only; they hang on Mac and Windows.
|
||||||
- Document your improvements in `README.md` or Wiki depending on content
|
- Document your improvements in `README.md` or Wiki depending on content
|
||||||
- [Commit](https://help.github.com/articles/closing-issues-via-commit-messages/), push and make a pull-request
|
- [Commit](https://help.github.com/articles/closing-issues-via-commit-messages/), push and make a pull-request
|
||||||
- Pull-request is automatically tested on Travis
|
- Pull-request is automatically tested on Travis
|
||||||
|
|
|
@ -97,7 +97,7 @@ RUN apt-get update -q --fix-missing && \
|
||||||
rm -f /etc/cron.weekly/fstrim && \
|
rm -f /etc/cron.weekly/fstrim && \
|
||||||
rm -f /etc/postsrsd.secret
|
rm -f /etc/postsrsd.secret
|
||||||
|
|
||||||
RUN echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" > /etc/cron.d/clamav-freshclam && \
|
RUN echo "0 0,6,12,18 * * * root /usr/bin/freshclam --quiet" > /etc/cron.d/clamav-freshclam && \
|
||||||
chmod 644 /etc/clamav/freshclam.conf && \
|
chmod 644 /etc/clamav/freshclam.conf && \
|
||||||
freshclam && \
|
freshclam && \
|
||||||
sed -i 's/Foreground false/Foreground true/g' /etc/clamav/clamd.conf && \
|
sed -i 's/Foreground false/Foreground true/g' /etc/clamav/clamd.conf && \
|
||||||
|
@ -119,7 +119,8 @@ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/e
|
||||||
cd /usr/share/dovecot && \
|
cd /usr/share/dovecot && \
|
||||||
./mkcert.sh && \
|
./mkcert.sh && \
|
||||||
mkdir -p /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global && \
|
mkdir -p /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global && \
|
||||||
chmod 755 -R /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global
|
chmod 755 -R /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global && \
|
||||||
|
openssl dhparam -out /etc/dovecot/dh.pem 2048
|
||||||
|
|
||||||
# Configures LDAP
|
# Configures LDAP
|
||||||
COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
|
COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
|
||||||
|
|
|
@ -15,6 +15,16 @@ if [ ! -f postfix-accounts.cf ]; then
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Determine postmaster address, duplicated from start-mailserver.sh
|
||||||
|
# This script previously didn't work when POSTMASTER_ADDRESS was empty
|
||||||
|
if [[ -n "${OVERRIDE_HOSTNAME}" ]]; then
|
||||||
|
DOMAINNAME=$(echo "${OVERRIDE_HOSTNAME}" | sed s/[^.]*.//)
|
||||||
|
else
|
||||||
|
DOMAINNAME="$(hostname -d)"
|
||||||
|
fi
|
||||||
|
PM_ADDRESS="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
|
||||||
|
echo "${log_date} Using postmaster address ${PM_ADDRESS}"
|
||||||
|
|
||||||
# create an array of files to monitor (perhaps simple *.cf would be ok here)
|
# create an array of files to monitor (perhaps simple *.cf would be ok here)
|
||||||
declare -a cf_files=()
|
declare -a cf_files=()
|
||||||
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf; do
|
for file in postfix-accounts.cf postfix-virtual.cf postfix-aliases.cf; do
|
||||||
|
@ -37,8 +47,11 @@ chksum=$(sha512sum -c --ignore-missing chksum)
|
||||||
if [[ $chksum == *"FAIL"* ]]; then
|
if [[ $chksum == *"FAIL"* ]]; then
|
||||||
echo "${log_date} Change detected"
|
echo "${log_date} Change detected"
|
||||||
|
|
||||||
|
# Bug alert! This overwrites the alias set by start-mailserver.sh
|
||||||
|
# Take care that changes in one script are propagated to the other
|
||||||
|
|
||||||
#regen postix aliases.
|
#regen postix aliases.
|
||||||
echo "root: ${POSTMASTER_ADDRESS}" > /etc/aliases
|
echo "root: ${PM_ADDRESS}" > /etc/aliases
|
||||||
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
|
if [ -f /tmp/docker-mailserver/postfix-aliases.cf ]; then
|
||||||
cat /tmp/docker-mailserver/postfix-aliases.cf>>/etc/aliases
|
cat /tmp/docker-mailserver/postfix-aliases.cf>>/etc/aliases
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -42,11 +42,15 @@ ssl_key = </etc/dovecot/ssl/dovecot.key
|
||||||
# auth_ssl_username_from_cert=yes.
|
# auth_ssl_username_from_cert=yes.
|
||||||
#ssl_cert_username_field = commonName
|
#ssl_cert_username_field = commonName
|
||||||
|
|
||||||
# DH parameters length to use.
|
# SSL DH parameters
|
||||||
ssl_dh_parameters_length = 2048
|
# Generate new params with `openssl dhparam -out /etc/dovecot/dh.pem 4096`
|
||||||
|
# Or migrate from old ssl-parameters.dat file with the command dovecot
|
||||||
|
# gives on startup when ssl_dh is unset.
|
||||||
|
ssl_dh = </etc/dovecot/dh.pem
|
||||||
|
|
||||||
# SSL protocols to use
|
# Minimum SSL protocol version to use. Potentially recognized values are SSLv3,
|
||||||
ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1
|
# TLSv1, TLSv1.1, and TLSv1.2, depending on the OpenSSL version used.
|
||||||
|
ssl_min_protocol = TLSv1.2
|
||||||
|
|
||||||
# SSL ciphers to use
|
# SSL ciphers to use
|
||||||
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
|
||||||
|
|
|
@ -95,6 +95,7 @@ function register_functions() {
|
||||||
|
|
||||||
if [ "$SMTP_ONLY" != 1 ]; then
|
if [ "$SMTP_ONLY" != 1 ]; then
|
||||||
_register_setup_function "_setup_dovecot"
|
_register_setup_function "_setup_dovecot"
|
||||||
|
_register_setup_function "_setup_dovecot_dhparam"
|
||||||
_register_setup_function "_setup_dovecot_local_user"
|
_register_setup_function "_setup_dovecot_local_user"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1189,13 +1190,32 @@ function _setup_postfix_dhparam() {
|
||||||
notify 'inf' "Use dhparams that was generated previously"
|
notify 'inf' "Use dhparams that was generated previously"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Copy from the state directpry to the working location
|
# Copy from the state directory to the working location
|
||||||
rm /etc/postfix/dhparams.pem && cp $DHPARAMS_FILE /etc/postfix/dhparams.pem
|
rm /etc/postfix/dhparams.pem && cp $DHPARAMS_FILE /etc/postfix/dhparams.pem
|
||||||
else
|
else
|
||||||
notify 'inf' "No state dir, we use the dhparams generated on image creation"
|
notify 'inf' "No state dir, we use the dhparams generated on image creation"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _setup_dovecot_dhparam() {
|
||||||
|
notify 'task' 'Setting up Dovecot dhparam'
|
||||||
|
if [ "$ONE_DIR" = 1 ];then
|
||||||
|
DHPARAMS_FILE=/var/mail-state/lib-dovecot/dh.pem
|
||||||
|
if [ ! -f $DHPARAMS_FILE ]; then
|
||||||
|
notify 'inf' "Generate new dhparams for dovecot"
|
||||||
|
mkdir -p $(dirname "$DHPARAMS_FILE")
|
||||||
|
openssl dhparam -out $DHPARAMS_FILE 2048
|
||||||
|
else
|
||||||
|
notify 'inf' "Use dovecot dhparams that was generated previously"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Copy from the state directory to the working location
|
||||||
|
rm /etc/dovecot/dh.pem && cp $DHPARAMS_FILE /etc/dovecot/dh.pem
|
||||||
|
else
|
||||||
|
notify 'inf' "No state dir, we use the dovecot dhparams generated on image creation"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
function _setup_security_stack() {
|
function _setup_security_stack() {
|
||||||
notify 'task' "Setting up Security Stack"
|
notify 'task' "Setting up Security Stack"
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue