mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Merge pull request #1185 from martin-schulze-vireso/master
Add PERMIT_DOCKER=connected-networks
This commit is contained in:
commit
8fb9a57809
22
Makefile
22
Makefile
|
@ -1,4 +1,5 @@
|
|||
NAME = tvial/docker-mailserver:testing
|
||||
NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME=non-default-docker-mail-network
|
||||
|
||||
all: build-no-cache backup generate-accounts run generate-accounts-after-run fixtures tests clean
|
||||
all-fast: build backup generate-accounts run generate-accounts-after-run fixtures tests clean
|
||||
|
@ -26,6 +27,23 @@ generate-accounts:
|
|||
docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf
|
||||
|
||||
run:
|
||||
docker network create --driver bridge --subnet 192.168.13.0/24 $(NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME)
|
||||
docker network create --driver bridge --subnet 192.168.37.0/24 $(NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME)2
|
||||
# use two networks (default ("bridge") and our custom network) to recreate problematic test case where PERMIT_DOCKER=host would not help
|
||||
# currently we cannot use --network in `docker run` multiple times, it will just use the last one
|
||||
# instead we need to use create, network connect and start (see https://success.docker.com/article/multiple-docker-networks)
|
||||
docker create --name mail_smtponly_second_network \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
|
||||
-e SMTP_ONLY=1 \
|
||||
-e PERMIT_DOCKER=connected-networks \
|
||||
-e DMS_DEBUG=0 \
|
||||
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
|
||||
--network $(NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME) \
|
||||
-t $(NAME)
|
||||
docker network connect $(NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME)2 mail_smtponly_second_network
|
||||
docker start mail_smtponly_second_network
|
||||
sleep 15
|
||||
# Run containers
|
||||
docker run -d --name mail \
|
||||
-v "`pwd`/test/config":/tmp/docker-mailserver \
|
||||
|
@ -319,8 +337,10 @@ clean:
|
|||
mail_domainname \
|
||||
mail_srs_domainname \
|
||||
mail_with_relays \
|
||||
mail_with_default_relay
|
||||
mail_with_default_relay \
|
||||
mail_smtponly_second_network
|
||||
|
||||
-docker network rm ${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME} ${NON_DEFAULT_DOCKER_MAIL_NETWORK_NAME}2
|
||||
@if [ -d config.bak ]; then\
|
||||
rm -rf config ;\
|
||||
mv config.bak config ;\
|
||||
|
|
|
@ -285,7 +285,8 @@ Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as f
|
|||
Set different options for mynetworks option (can be overwrite in postfix-main.cf)
|
||||
- **empty** => localhost only
|
||||
- host => Add docker host (ipv4 only)
|
||||
- network => Add all docker containers (ipv4 only)
|
||||
- network => Add the docker default bridge network (172.16.0.0/12); **WARNING**: `docker-compose` might use others (e.g. 192.168.0.0/16) use `PERMIT_DOCKER=connected-networks` in this case
|
||||
- connected-networks => Add all connected docker networks (ipv4 only)
|
||||
|
||||
##### VIRUSMAILS_DELETE_DELAY
|
||||
|
||||
|
|
|
@ -1016,6 +1016,7 @@ function _setup_docker_permit() {
|
|||
|
||||
container_ip=$(ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1)
|
||||
container_network="$(echo $container_ip | cut -d '.' -f1-2).0.0"
|
||||
container_networks=$(ip -o -4 addr show type veth | egrep -o '[0-9\.]+/[0-9]+')
|
||||
|
||||
case $PERMIT_DOCKER in
|
||||
"host" )
|
||||
|
@ -1031,7 +1032,14 @@ function _setup_docker_permit() {
|
|||
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
|
||||
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
|
||||
;;
|
||||
|
||||
"connected-networks" )
|
||||
for network in $container_networks; do
|
||||
notify 'inf' "Adding docker network $network in my networks"
|
||||
postconf -e "$(postconf | grep '^mynetworks =') $network"
|
||||
echo $network >> /etc/opendmarc/ignore.hosts
|
||||
echo $network >> /etc/opendkim/TrustedHosts
|
||||
done
|
||||
;;
|
||||
* )
|
||||
notify 'inf' "Adding container ip in my networks"
|
||||
postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32"
|
||||
|
|
|
@ -1227,6 +1227,12 @@ function count_processed_changes() {
|
|||
assert_success
|
||||
}
|
||||
|
||||
@test "checking PERMIT_DOCKER: connected-networks" {
|
||||
run docker exec mail_smtponly_second_network /bin/sh -c "postconf | grep '^mynetworks ='"
|
||||
assert_output --regexp "192\.168\.13\.[0-9]{1,3}\/24"
|
||||
assert_output --regexp '192.168.37.[0-9]{1,3}/24'
|
||||
}
|
||||
|
||||
#
|
||||
# amavis
|
||||
#
|
||||
|
|
Loading…
Reference in a new issue