formatting files according to standard (#1619)

* added EditorConfig linting
* adding `eclint` as Travis script target
* re-adjusted .pem files to have a newline
This commit is contained in:
Georg Lauterbach 2020-09-24 14:54:21 +02:00 committed by GitHub
parent 9f7414d95f
commit a0791ef457
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
37 changed files with 178 additions and 185 deletions

View file

@ -28,8 +28,6 @@ indent_size = 2
# directories created by git submodules # directories created by git submodules
[{test/bats/**,test/test_helper/bats-assert/**,test/test_helper/bats-support/**,target/docker-configomat/**}] [{test/bats/**,test/test_helper/bats-assert/**,test/test_helper/bats-support/**,target/docker-configomat/**}]
insert_final_newline = none
indent_style = none indent_style = none
indent_size = none indent_size = none
trim_trailing_whitespace = none
end_of_line = none end_of_line = none

2
.gitignore vendored
View file

@ -21,4 +21,4 @@ test/config/postfix-receive-access.cfe
test/config/postfix-send-access.cf test/config/postfix-send-access.cf
test/config/postfix-send-access.cfe test/config/postfix-send-access.cfe
test/config/relay-hosts/chksum test/config/relay-hosts/chksum
test/config/relay-hosts/postfix-aliases.cf test/config/relay-hosts/postfix-aliases.cf

View file

@ -1,5 +1,5 @@
ignored: ignored:
# disable explicit version for apt install # disable explicit version for apt install
- DL3008 - DL3008
trustedRegistries: trustedRegistries:
- docker.io - docker.io

View file

@ -10,20 +10,27 @@ env:
global: global:
- HADOLINT_VERSION=1.17.1 - HADOLINT_VERSION=1.17.1
- SHELLCHECK_VERSION=0.7.1 - SHELLCHECK_VERSION=0.7.1
- ECLINT_VERSION=2.1.0
addons: addons:
apt: apt:
packages: packages:
- xz-utils - xz-utils
services: services:
- docker - docker
before_install: before_install:
- sudo curl -L https://github.com/hadolint/hadolint/releases/download/v$HADOLINT_VERSION/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint # HADOLINT
- sudo curl -L https://github.com/hadolint/hadolint/releases/download/v${HADOLINT_VERSION}/hadolint-$(uname -s)-$(uname -m) -o /usr/local/bin/hadolint
- sudo chmod +rx /usr/local/bin/hadolint - sudo chmod +rx /usr/local/bin/hadolint
- sudo wget -qO- "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" | tar -xJv # SHELLCHECK
- sudo cp "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/bin/ - sudo wget -qO- "https://github.com/koalaman/shellcheck/releases/download/v${SHELLCHECK_VERSION}/shellcheck-v${SHELLCHECK_VERSION}.linux.x86_64.tar.xz" | tar -xJ
- sudo mv "shellcheck-v${SHELLCHECK_VERSION}/shellcheck" /usr/bin/
# ECLINT
- sudo wget -qO- "https://github.com/editorconfig-checker/editorconfig-checker/releases/download/${ECLINT_VERSION}/ec-linux-amd64.tar.gz" | tar -xaz
- sudo mv bin/ec-linux-amd64 /usr/bin/eclint
- sudo chmod +x /usr/bin/eclint
install: install:
- make lint - make lint
@ -31,6 +38,7 @@ install:
script: script:
- make shellcheck - make shellcheck
- make eclint
- make generate-accounts run generate-accounts-after-run fixtures tests - make generate-accounts run generate-accounts-after-run fixtures tests
after_script: after_script:

View file

@ -4,13 +4,13 @@ ARG VCS_REF
ARG VCS_VERSION ARG VCS_VERSION
LABEL maintainer="Thomas VIAL" \ LABEL maintainer="Thomas VIAL" \
org.label-schema.name="docker-mailserver" \ org.label-schema.name="docker-mailserver" \
org.label-schema.description="A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...)" \ org.label-schema.description="A fullstack but simple mailserver (smtp, imap, antispam, antivirus, ssl...)" \
org.label-schema.url="https://github.com/tomav/docker-mailserver" \ org.label-schema.url="https://github.com/tomav/docker-mailserver" \
org.label-schema.vcs-ref=$VCS_REF \ org.label-schema.vcs-ref=$VCS_REF \
org.label-schema.vcs-url="https://github.com/tomav/docker-mailserver" \ org.label-schema.vcs-url="https://github.com/tomav/docker-mailserver" \
org.label-schema.version=$VCS_VERSION \ org.label-schema.version=$VCS_VERSION \
org.label-schema.schema-version="1.0" org.label-schema.schema-version="1.0"
ARG DEBIAN_FRONTEND=noninteractive ARG DEBIAN_FRONTEND=noninteractive
ENV VIRUSMAILS_DELETE_DELAY=7 ENV VIRUSMAILS_DELETE_DELAY=7
@ -33,76 +33,76 @@ RUN \
apt-get -y upgrade && \ apt-get -y upgrade && \
apt-get -y install postfix && \ apt-get -y install postfix && \
apt-get -y install --no-install-recommends \ apt-get -y install --no-install-recommends \
altermime \ altermime \
amavisd-new \ amavisd-new \
apt-transport-https \ apt-transport-https \
arj \ arj \
binutils \ binutils \
bzip2 \ bzip2 \
ca-certificates \ ca-certificates \
cabextract \ cabextract \
clamav \ clamav \
clamav-daemon \ clamav-daemon \
cpio \ cpio \
curl \ curl \
ed \ ed \
fail2ban \ fail2ban \
fetchmail \ fetchmail \
file \ file \
gamin \ gamin \
gzip \ gzip \
gnupg \ gnupg \
iproute2 \ iproute2 \
iptables \ iptables \
locales \ locales \
logwatch \ logwatch \
lhasa \ lhasa \
libdate-manip-perl \ libdate-manip-perl \
liblz4-tool \ liblz4-tool \
libmail-spf-perl \ libmail-spf-perl \
libnet-dns-perl \ libnet-dns-perl \
libsasl2-modules \ libsasl2-modules \
lrzip \ lrzip \
lzop \ lzop \
netcat-openbsd \ netcat-openbsd \
nomarch \ nomarch \
opendkim \ opendkim \
opendkim-tools \ opendkim-tools \
opendmarc \ opendmarc \
pax \ pax \
pflogsumm \ pflogsumm \
p7zip-full \ p7zip-full \
postfix-ldap \ postfix-ldap \
postfix-pcre \ postfix-pcre \
postfix-policyd-spf-python \ postfix-policyd-spf-python \
postsrsd \ postsrsd \
pyzor \ pyzor \
razor \ razor \
rpm2cpio \ rpm2cpio \
rsyslog \ rsyslog \
sasl2-bin \ sasl2-bin \
spamassassin \ spamassassin \
supervisor \ supervisor \
postgrey \ postgrey \
unrar-free \ unrar-free \
unzip \ unzip \
whois \ whois \
xz-utils \ xz-utils \
# use Dovecot community repo to react faster on security updates # use Dovecot community repo to react faster on security updates
#curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \ #curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
#gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg && \ #gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg && \
#echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot-community.list && \ #echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main" > /etc/apt/sources.list.d/dovecot-community.list && \
#apt-get update -q --fix-missing && \ #apt-get update -q --fix-missing && \
#apt-get -y install --no-install-recommends \ #apt-get -y install --no-install-recommends \
dovecot-core \ dovecot-core \
dovecot-imapd \ dovecot-imapd \
dovecot-ldap \ dovecot-ldap \
dovecot-lmtpd \ dovecot-lmtpd \
dovecot-managesieved \ dovecot-managesieved \
dovecot-pop3d \ dovecot-pop3d \
dovecot-sieve \ dovecot-sieve \
dovecot-solr \ dovecot-solr \
&& \ && \
apt-get autoclean && \ apt-get autoclean && \
rm -rf /var/lib/apt/lists/* && \ rm -rf /var/lib/apt/lists/* && \
rm -rf /usr/share/locale/* && \ rm -rf /usr/share/locale/* && \
@ -151,7 +151,7 @@ COPY target/postfix/ldap-users.cf target/postfix/ldap-groups.cf target/postfix/l
# Enables Spamassassin CRON updates and update hook for supervisor # Enables Spamassassin CRON updates and update hook for supervisor
# hadolint ignore=SC2016 # hadolint ignore=SC2016
RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin && \ RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin && \
sed -i -r 's/^\$INIT restart/supervisorctl restart amavis/g' /etc/spamassassin/sa-update-hooks.d/amavisd-new sed -i -r 's/^\$INIT restart/supervisorctl restart amavis/g' /etc/spamassassin/sa-update-hooks.d/amavisd-new
# Enables Postgrey # Enables Postgrey
COPY target/postgrey/postgrey /etc/default/postgrey COPY target/postgrey/postgrey /etc/default/postgrey
@ -244,7 +244,7 @@ WORKDIR /
# Switch iptables and ip6tables to legacy for fail2ban # Switch iptables and ip6tables to legacy for fail2ban
RUN update-alternatives --set iptables /usr/sbin/iptables-legacy \ RUN update-alternatives --set iptables /usr/sbin/iptables-legacy \
&& update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy && update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
EXPOSE 25 587 143 465 993 110 995 4190 EXPOSE 25 587 143 465 993 110 995 4190

View file

@ -19,12 +19,8 @@ build:
backup: backup:
# if backup directories exist, clean hasn't been called, therefore # if backup directories exist, clean hasn't been called, therefore
# we shouldn't overwrite it. It still contains the original content. # we shouldn't overwrite it. It still contains the original content.
@ if [ ! -d config.bak ]; then\ @ if [ ! -d config.bak ]; then cp -rp config config.bak; fi
cp -rp config config.bak;\ @ if [ ! -d testconfig.bak ]; then cp -rp test/config testconfig.bak; fi
fi
@ if [ ! -d testconfig.bak ]; then\
cp -rp test/config testconfig.bak;\
fi
generate-accounts: generate-accounts:
@ docker run --rm -e MAIL_USER=user1@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' > test/config/postfix-accounts.cf @ docker run --rm -e MAIL_USER=user1@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' > test/config/postfix-accounts.cf
@ -173,3 +169,13 @@ shellcheck:
else\ else\
echo -e '\nSuccess' ;\ echo -e '\nSuccess' ;\
fi fi
eclint:
@ echo -e "Testing file formatting according to .editorconfig\n"
@ printf "Version %s\n\n" "$$(/usr/bin/eclint --version)"
@ if /usr/bin/eclint -exclude "\.bats$$" | grep .; then\
echo -e "\nError" ;\
exit 1 ;\
else\
echo -e '\nSuccess' ;\
fi

View file

@ -15,13 +15,13 @@
[shields::gitter]: https://img.shields.io/gitter/room/tomav/docker-mailserver.svg [shields::gitter]: https://img.shields.io/gitter/room/tomav/docker-mailserver.svg
[gitter]: https://gitter.im/tomav/docker-mailserver [gitter]: https://gitter.im/tomav/docker-mailserver
A fullstack but simple mail server (smtp, imap, antispam, antivirus...). A fullstack but simple mail server (SMTP, IMAP, Antispam, Antivirus...).
Only configuration files, no SQL database. Keep it simple and versioned. Only configuration files, no SQL database. Keep it simple and versioned.
Easy to deploy and upgrade. Easy to deploy and upgrade.
Why I created this image: [Simple Mail Server with Docker](http://tvi.al/simple-mail-server-with-docker/) Why I created this image: [Simple Mail Server with Docker](http://tvi.al/simple-mail-server-with-docker/)
1. [Announcement](#announcement) 1. [Announcements](#announcements)
2. [Includes](#includes) 2. [Includes](#includes)
3. [Issues & Contributing](#issues--contributing) 3. [Issues & Contributing](#issues--contributing)
4. [Requirements](#requirements) 4. [Requirements](#requirements)
@ -29,24 +29,19 @@ Why I created this image: [Simple Mail Server with Docker](http://tvi.al/simple-
6. [Examples](#examples) 6. [Examples](#examples)
7. [Environment Variables](#environment-variables) 7. [Environment Variables](#environment-variables)
## Announcement ## Announcements
At this point we have merged the next branch based on Debian Buster into master. 1. Debian Buster is now Docker base image
That means the docker image latest uses Buster. The change may break things! - Filebeat was removed
- Dovecot was downgraded
The following possibly breaking changes are known: 2. ELK was removed
3. New contributing guidelines were added
- Filebeat is removed and should be handled by another container, see [Wiki](https://github.com/tomav/docker-mailserver/wiki/).
- Dovecot will be downgraded a little bit (same major version) so that we can use the official Debian version.
If you want to stick to the old version a while longer, either switch to stable or to a specific version.
If you run into problems, please raise issues and ask for help. Don't forget to provide details.
## Includes ## Includes
- [Postfix](http://www.postfix.org) with smtp or ldap auth - [Postfix](http://www.postfix.org) with SMTP or LDAP auth
- [Dovecot](https://www.dovecot.org) for sasl, imap (and optional pop3) with ssl support, with ldap auth, sieve and [quotas](https://github.com/tomav/docker-mailserver/wiki/Configure-Accounts#mailbox-quota) - [Dovecot](https://www.dovecot.org) for SASL, IMAP (and optional POP3) with ssl support, with ldap auth, sieve and [quotas](https://github.com/tomav/docker-mailserver/wiki/Configure-Accounts#mailbox-quota)
- saslauthd with ldap auth - SASLauthd with LDAP auth
- [Amavis](https://www.amavis.org/) - [Amavis](https://www.amavis.org/)
- [Spamassasin](http://spamassassin.apache.org/) supporting custom rules - [Spamassasin](http://spamassassin.apache.org/) supporting custom rules
- [ClamAV](https://www.clamav.net/) with automatic updates - [ClamAV](https://www.clamav.net/) with automatic updates
@ -112,21 +107,11 @@ curl -o env-mailserver https://raw.githubusercontent.com/tomav/docker-mailserver
**Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name). **Note:** If you want to use a bare domain (host name equals domain name) see [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#can-i-use-nakedbare-domains-no-host-name).
### Start the Container ### Get up and running
``` BASH ``` BASH
docker-compose up -d mail docker-compose up -d mail
```
### Create your mail accounts
``` BASH
./setup.sh email add <user@domain> [<password>] ./setup.sh email add <user@domain> [<password>]
```
### Generate DKIM keys
``` BASH
./setup.sh config dkim ./setup.sh config dkim
``` ```
@ -150,10 +135,6 @@ And don't forget to have a look at the remaining functions of the `setup.sh` scr
If you got any problems with SPF and/or forwarding mails, give [SRS](https://github.com/roehling/postsrsd/blob/master/README.md) a try. You enable SRS by setting `ENABLE_SRS=1`. See the variable description for further information. If you got any problems with SPF and/or forwarding mails, give [SRS](https://github.com/roehling/postsrsd/blob/master/README.md) a try. You enable SRS by setting `ENABLE_SRS=1`. See the variable description for further information.
#### For informational purposes
`restart: always` ensures that the mail server container (and Filebeat/ELK containers when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit.
#### Exposed ports #### Exposed ports
| Protocol | Opt-in Encryption &#185; | Enforced Encryption | Purpose | | Protocol | Opt-in Encryption &#185; | Enforced Encryption | Purpose |

View file

@ -24,7 +24,7 @@ expr index "$USER" "@" >/dev/null || { usage; errex "username must include the d
# Protect config file with lock to avoid race conditions # Protect config file with lock to avoid race conditions
touch $DATABASE touch $DATABASE
( (
flock -e 200 flock -e 200
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null && grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null &&

View file

@ -30,7 +30,7 @@
# Default realm/domain to use if none was specified. This is used for both # Default realm/domain to use if none was specified. This is used for both
# SASL realms and appending @domain to username in plaintext logins. # SASL realms and appending @domain to username in plaintext logins.
#auth_default_realm = #auth_default_realm =
# List of allowed characters in username. If the user-given username contains # List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just # a character not listed in here, the login automatically fails. This is just
@ -73,7 +73,7 @@
# Kerberos keytab to use for the GSSAPI mechanism. Will use the system # Kerberos keytab to use for the GSSAPI mechanism. Will use the system
# default (usually /etc/krb5.keytab) if not specified. You may need to change # default (usually /etc/krb5.keytab) if not specified. You may need to change
# the auth service to run as root to be able to read this file. # the auth service to run as root to be able to read this file.
#auth_krb5_keytab = #auth_krb5_keytab =
# Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and # Do NTLM and GSS-SPNEGO authentication using Samba's winbind daemon and
# ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt> # ntlm_auth helper. <doc/wiki/Authentication/Mechanisms/Winbind.txt>
@ -88,9 +88,9 @@
# Require a valid SSL client certificate or the authentication fails. # Require a valid SSL client certificate or the authentication fails.
#auth_ssl_require_client_cert = no #auth_ssl_require_client_cert = no
# Take the username from client's SSL certificate, using # Take the username from client's SSL certificate, using
# X509_NAME_get_text_by_NID() which returns the subject's DN's # X509_NAME_get_text_by_NID() which returns the subject's DN's
# CommonName. # CommonName.
#auth_ssl_username_from_cert = no #auth_ssl_username_from_cert = no
# Space separated list of wanted authentication mechanisms: # Space separated list of wanted authentication mechanisms:

View file

@ -7,9 +7,9 @@
#log_path = syslog #log_path = syslog
# Log file to use for informational messages. Defaults to log_path. # Log file to use for informational messages. Defaults to log_path.
#info_log_path = #info_log_path =
# Log file to use for debug messages. Defaults to info_log_path. # Log file to use for debug messages. Defaults to info_log_path.
#debug_log_path = #debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't # Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard # want to use "mail", you'll use local0..local7. Also other standard
@ -69,7 +69,7 @@ plugin {
# Login log format. %s contains login_log_format_elements string, %$ contains # Login log format. %s contains login_log_format_elements string, %$ contains
# the data we want to log. # the data we want to log.
#login_log_format = %$: %s #login_log_format = %$: %s
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
# possible variables you can use. # possible variables you can use.
#mail_log_prefix = "%s(%u): " #mail_log_prefix = "%s(%u): "

View file

@ -46,11 +46,11 @@ namespace inbox {
# Hierarchy separator to use. You should use the same separator for all # Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one. # namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format. # The default however depends on the underlying mail storage format.
#separator = #separator =
# Prefix required to access this namespace. This needs to be different for # Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/". # all namespaces. For example "Public/".
#prefix = #prefix =
# Physical location of the mailbox. This is in same format as # Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it. # mail_location, which is also the default for it.
@ -186,7 +186,7 @@ mail_privileged_group = docker
# WARNING: Never add directories here which local users can modify, that # WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't # may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt> # allow shell access for users. <doc/wiki/Chrooting.txt>
#valid_chroot_dirs = #valid_chroot_dirs =
# Default chroot directory for mail processes. This can be overridden for # Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory # specific users in user database by giving /./ in user's home directory
@ -194,7 +194,7 @@ mail_privileged_group = docker
# need to do chrooting, Dovecot doesn't allow users to access files outside # need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with # their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt> # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
#mail_chroot = #mail_chroot =
# UNIX socket path to master authentication server to find users. # UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda. # This is used by imap (for shared users) and lda.
@ -312,7 +312,7 @@ maildir_stat_dirs = yes
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't # fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if # how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately. # some other MUA changes message flags, Dovecot doesn't notice it immediately.
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK # Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands. # commands.
#mbox_dirty_syncs = yes #mbox_dirty_syncs = yes

View file

@ -55,7 +55,7 @@ service lmtp {
#inet_listener lmtp { #inet_listener lmtp {
# Avoid making LMTP visible for the entire internet # Avoid making LMTP visible for the entire internet
#address = #address =
#port = #port =
#} #}
} }
@ -122,7 +122,7 @@ service dict {
# For example: mode=0660, group=vmail and global mail_access_groups=vmail # For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict { unix_listener dict {
#mode = 0600 #mode = 0600
#user = #user =
#group = #group =
} }
} }

View file

@ -10,10 +10,10 @@
# (yes) (yes) (no) (never) (100) # (yes) (yes) (no) (never) (100)
# ========================================================================== # ==========================================================================
smtp inet n - n - 1 postscreen smtp inet n - n - 1 postscreen
smtpd pass - - n - - smtpd smtpd pass - - n - - smtpd
tlsproxy unix - - n - 0 tlsproxy tlsproxy unix - - n - 0 tlsproxy
dnsblog unix - - n - 0 dnsblog dnsblog unix - - n - 0 dnsblog
submission inet n - n - - smtpd submission inet n - n - - smtpd
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt -o smtpd_tls_security_level=encrypt

View file

@ -38,4 +38,4 @@ SRS_REVERSE_PORT=10002
RUN_AS=postsrsd RUN_AS=postsrsd
# Jail daemon in chroot environment # Jail daemon in chroot environment
CHROOT=/var/lib/postsrsd CHROOT=/var/lib/postsrsd

View file

@ -1627,7 +1627,7 @@ function _setup_security_stack()
if [[ ${DEFAULT_VARS['EXPLICITLY_DEFINED_SPAMASSASSIN_SPAM_TO_INBOX']} == "0" ]] if [[ ${DEFAULT_VARS['EXPLICITLY_DEFINED_SPAMASSASSIN_SPAM_TO_INBOX']} == "0" ]]
then then
_notify 'warn' "Spam messages WILL NOT BE DELIVERED, you will NOT be notified of ANY message bounced. Please define SPAMASSASSIN_SPAM_TO_INBOX explicitly." _notify 'warn' "Spam messages WILL NOT BE DELIVERED, you will NOT be notified of ANY message bounced. Please define SPAMASSASSIN_SPAM_TO_INBOX explicitly."
fi fi
fi fi
fi fi

View file

@ -11,11 +11,11 @@
# List of IPs or hostnames to all director servers, including ourself. # List of IPs or hostnames to all director servers, including ourself.
# Ports can be specified as ip:port. The default port is the same as # Ports can be specified as ip:port. The default port is the same as
# what director service's inet_listener is using. # what director service's inet_listener is using.
#director_servers = #director_servers =
# List of IPs or hostnames to all backend mail servers. Ranges are allowed # List of IPs or hostnames to all backend mail servers. Ranges are allowed
# too, like 10.0.0.10-10.0.0.30. # too, like 10.0.0.10-10.0.0.30.
#director_mail_servers = #director_mail_servers =
# How long to redirect users to a specific server after it no longer has # How long to redirect users to a specific server after it no longer has
# any connections. # any connections.
@ -42,7 +42,7 @@ service director {
#mode = 0600 #mode = 0600
} }
inet_listener { inet_listener {
#port = #port =
} }
} }

View file

@ -7,9 +7,9 @@
#log_path = syslog #log_path = syslog
# Log file to use for informational messages. Defaults to log_path. # Log file to use for informational messages. Defaults to log_path.
#info_log_path = #info_log_path =
# Log file to use for debug messages. Defaults to info_log_path. # Log file to use for debug messages. Defaults to info_log_path.
#debug_log_path = #debug_log_path =
# Syslog facility to use if you're logging to syslog. Usually if you don't # Syslog facility to use if you're logging to syslog. Usually if you don't
# want to use "mail", you'll use local0..local7. Also other standard # want to use "mail", you'll use local0..local7. Also other standard
@ -69,7 +69,7 @@ plugin {
# Login log format. %s contains login_log_format_elements string, %$ contains # Login log format. %s contains login_log_format_elements string, %$ contains
# the data we want to log. # the data we want to log.
#login_log_format = %$: %s #login_log_format = %$: %s
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of # Log prefix for mail processes. See doc/wiki/Variables.txt for list of
# possible variables you can use. # possible variables you can use.
#mail_log_prefix = "%s(%u): " #mail_log_prefix = "%s(%u): "

View file

@ -46,11 +46,11 @@ namespace inbox {
# Hierarchy separator to use. You should use the same separator for all # Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one. # namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format. # The default however depends on the underlying mail storage format.
#separator = #separator =
# Prefix required to access this namespace. This needs to be different for # Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/". # all namespaces. For example "Public/".
#prefix = #prefix =
# Physical location of the mailbox. This is in same format as # Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it. # mail_location, which is also the default for it.
@ -186,7 +186,7 @@ mail_privileged_group = docker
# WARNING: Never add directories here which local users can modify, that # WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you don't # may lead to root exploit. Usually this should be done only if you don't
# allow shell access for users. <doc/wiki/Chrooting.txt> # allow shell access for users. <doc/wiki/Chrooting.txt>
#valid_chroot_dirs = #valid_chroot_dirs =
# Default chroot directory for mail processes. This can be overridden for # Default chroot directory for mail processes. This can be overridden for
# specific users in user database by giving /./ in user's home directory # specific users in user database by giving /./ in user's home directory
@ -194,7 +194,7 @@ mail_privileged_group = docker
# need to do chrooting, Dovecot doesn't allow users to access files outside # need to do chrooting, Dovecot doesn't allow users to access files outside
# their mail directory anyway. If your home directories are prefixed with # their mail directory anyway. If your home directories are prefixed with
# the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt> # the chroot directory, append "/." to mail_chroot. <doc/wiki/Chrooting.txt>
#mail_chroot = #mail_chroot =
# UNIX socket path to master authentication server to find users. # UNIX socket path to master authentication server to find users.
# This is used by imap (for shared users) and lda. # This is used by imap (for shared users) and lda.
@ -205,7 +205,7 @@ mail_privileged_group = docker
# Space separated list of plugins to load for all services. Plugins specific to # Space separated list of plugins to load for all services. Plugins specific to
# IMAP, LDA, etc. are added to this list in their own .conf files. # IMAP, LDA, etc. are added to this list in their own .conf files.
#mail_plugins = #mail_plugins =
## ##
## Mailbox handling optimizations ## Mailbox handling optimizations
@ -307,7 +307,7 @@ mail_privileged_group = docker
# fallbacks to re-reading the whole mbox file whenever something in mbox isn't # fallbacks to re-reading the whole mbox file whenever something in mbox isn't
# how it's expected to be. The only real downside to this setting is that if # how it's expected to be. The only real downside to this setting is that if
# some other MUA changes message flags, Dovecot doesn't notice it immediately. # some other MUA changes message flags, Dovecot doesn't notice it immediately.
# Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK # Note that a full sync is done with SELECT, EXAMINE, EXPUNGE and CHECK
# commands. # commands.
#mbox_dirty_syncs = yes #mbox_dirty_syncs = yes

View file

@ -122,7 +122,7 @@ service dict {
# For example: mode=0660, group=vmail and global mail_access_groups=vmail # For example: mode=0660, group=vmail and global mail_access_groups=vmail
unix_listener dict { unix_listener dict {
#mode = 0600 #mode = 0600
#user = #user =
#group = #group =
} }
} }

View file

@ -14,7 +14,7 @@
# Override the IMAP CAPABILITY response. If the value begins with '+', # Override the IMAP CAPABILITY response. If the value begins with '+',
# add the given capabilities on top of the defaults (e.g. +XFOO XBAR). # add the given capabilities on top of the defaults (e.g. +XFOO XBAR).
#imap_capability = #imap_capability =
# How long to wait between "OK Still here" notifications when client is # How long to wait between "OK Still here" notifications when client is
# IDLEing. # IDLEing.
@ -23,7 +23,7 @@
# ID field names and values to send to clients. Using * as the value makes # ID field names and values to send to clients. Using * as the value makes
# Dovecot use the default value. The following fields have default values # Dovecot use the default value. The following fields have default values
# currently: name, version, os, os-version, support-url, support-email. # currently: name, version, os, os-version, support-url, support-email.
#imap_id_send = #imap_id_send =
# ID fields sent by client to log. * means everything. # ID fields sent by client to log. * means everything.
#imap_id_log = #imap_id_log =
@ -46,7 +46,7 @@
# greyed out, instead of only later giving "not selectable" popup error. # greyed out, instead of only later giving "not selectable" popup error.
# #
# The list is space-separated. # The list is space-separated.
#imap_client_workarounds = #imap_client_workarounds =
# Host allowed in URLAUTH URLs sent by client. "*" allows all. # Host allowed in URLAUTH URLs sent by client. "*" allows all.
#imap_urlauth_host = #imap_urlauth_host =

View file

@ -86,7 +86,7 @@
# Outlook Express and Netscape Mail breaks if end of headers-line is # Outlook Express and Netscape Mail breaks if end of headers-line is
# missing. This option simply sends it if it's missing. # missing. This option simply sends it if it's missing.
# The list is space-separated. # The list is space-separated.
#pop3_client_workarounds = #pop3_client_workarounds =
protocol pop3 { protocol pop3 {
# Space separated list of plugins to load (default is global mail_plugins). # Space separated list of plugins to load (default is global mail_plugins).

View file

@ -19,7 +19,7 @@ passdb {
userdb { userdb {
driver = ldap driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext args = /etc/dovecot/dovecot-ldap.conf.ext
# Default fields can be used to specify defaults that LDAP may override # Default fields can be used to specify defaults that LDAP may override
#default_fields = home=/home/virtual/%u #default_fields = home=/home/virtual/%u
} }

View file

@ -20,7 +20,7 @@ passdb {
#passdb { #passdb {
#driver = passwd #driver = passwd
# [blocking=no] # [blocking=no]
#args = #args =
#} #}
# Shadow passwords for system users (NSS, /etc/shadow or similiar). # Shadow passwords for system users (NSS, /etc/shadow or similiar).
@ -29,7 +29,7 @@ passdb {
#passdb { #passdb {
#driver = shadow #driver = shadow
# [blocking=no] # [blocking=no]
#args = #args =
#} #}
# PAM-like authentication for OpenBSD. # PAM-like authentication for OpenBSD.
@ -50,7 +50,7 @@ userdb {
# <doc/wiki/AuthDatabase.Passwd.txt> # <doc/wiki/AuthDatabase.Passwd.txt>
driver = passwd driver = passwd
# [blocking=no] # [blocking=no]
#args = #args =
# Override fields from passwd # Override fields from passwd
#override_fields = home=/home/virtual/%u #override_fields = home=/home/virtual/%u

View file

@ -29,7 +29,7 @@
# ); # );
# Database driver: mysql, pgsql, sqlite # Database driver: mysql, pgsql, sqlite
#driver = #driver =
# Database connection string. This is driver-specific setting. # Database connection string. This is driver-specific setting.
# #
@ -54,7 +54,7 @@
# option_file - Read options from the given file instead of # option_file - Read options from the given file instead of
# the default my.cnf location # the default my.cnf location
# option_group - Read options from the given group (default: client) # option_group - Read options from the given group (default: client)
# #
# You can connect to UNIX sockets by using host: host=/var/run/mysql.sock # You can connect to UNIX sockets by using host: host=/var/run/mysql.sock
# Note that currently you can't use spaces in parameters. # Note that currently you can't use spaces in parameters.
# #
@ -93,7 +93,7 @@
# %u = entire user@domain # %u = entire user@domain
# %n = user part of user@domain # %n = user part of user@domain
# %d = domain part of user@domain # %d = domain part of user@domain
# #
# Note that these can be used only as input to SQL query. If the query outputs # Note that these can be used only as input to SQL query. If the query outputs
# any of these substitutions, they're not touched. Otherwise it would be # any of these substitutions, they're not touched. Otherwise it would be
# difficult to have eg. usernames containing '%' characters. # difficult to have eg. usernames containing '%' characters.

View file

@ -23,7 +23,7 @@
# Enable installed protocols # Enable installed protocols
!include_try /etc/dovecot/protocols.d/*.protocol !include_try /etc/dovecot/protocols.d/*.protocol
# A comma separated list of IPs or hosts where to listen in for connections. # A comma separated list of IPs or hosts where to listen in for connections.
# "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces. # "*" listens in all IPv4 interfaces, "::" listens in all IPv6 interfaces.
# If you want to specify non-default ports or anything more complex, # If you want to specify non-default ports or anything more complex,
# edit conf.d/master.conf. # edit conf.d/master.conf.
@ -48,7 +48,7 @@
#login_trusted_networks = #login_trusted_networks =
# Space separated list of login access check sockets (e.g. tcpwrap) # Space separated list of login access check sockets (e.g. tcpwrap)
#login_access_sockets = #login_access_sockets =
# With proxy_maybe=yes if proxy destination matches any of these IPs, don't do # With proxy_maybe=yes if proxy destination matches any of these IPs, don't do
# proxying. This isn't necessary normally, but may be useful if the destination # proxying. This isn't necessary normally, but may be useful if the destination

View file

@ -27,4 +27,4 @@ WIdAFVykPs87WKyHNY8W1zle/Ye9yjS6bjHdjqnOiG/7qDQ/DDYGn7ILHAHmUZYy
1QQ0EdffNkLpkmCnTnotgBUpqmDt7pMNZRuYFTQq631ihe7jRXjSkgWS7tTfUT15 1QQ0EdffNkLpkmCnTnotgBUpqmDt7pMNZRuYFTQq631ihe7jRXjSkgWS7tTfUT15
SesUIo1NbjCJmBceFd2c/srgVlbWc2LXt7Qf5yxWJyhT16r/M7ok0btH25D5azk2 SesUIo1NbjCJmBceFd2c/srgVlbWc2LXt7Qf5yxWJyhT16r/M7ok0btH25D5azk2
TKdnq/QFhHWVZUr3hg== TKdnq/QFhHWVZUr3hg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -24,4 +24,4 @@ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -54,4 +54,4 @@ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -25,4 +25,4 @@ NaecuatRxyhxk7O76U4PHuQkAsdrFi+yDcetLJIBAoGBAJHUMttKQ9/sc6EYgdym
u8hMi/WGrt5eOOAJ17lY53eRZLci7s1mfsWIF9b0N50iE60SaFADQiMRAUtkJXNI u8hMi/WGrt5eOOAJ17lY53eRZLci7s1mfsWIF9b0N50iE60SaFADQiMRAUtkJXNI
a55qdpalVHsAE4Wwh7nlKLkaDEartx5X1qSTFw4fTMyKNOveiggQ/i9LZpFxsz22 a55qdpalVHsAE4Wwh7nlKLkaDEartx5X1qSTFw4fTMyKNOveiggQ/i9LZpFxsz22
3V+7jPJaCNyPbmOevXGhBEjr 3V+7jPJaCNyPbmOevXGhBEjr
-----END PRIVATE KEY----- -----END PRIVATE KEY-----

View file

@ -27,4 +27,4 @@ WIdAFVykPs87WKyHNY8W1zle/Ye9yjS6bjHdjqnOiG/7qDQ/DDYGn7ILHAHmUZYy
1QQ0EdffNkLpkmCnTnotgBUpqmDt7pMNZRuYFTQq631ihe7jRXjSkgWS7tTfUT15 1QQ0EdffNkLpkmCnTnotgBUpqmDt7pMNZRuYFTQq631ihe7jRXjSkgWS7tTfUT15
SesUIo1NbjCJmBceFd2c/srgVlbWc2LXt7Qf5yxWJyhT16r/M7ok0btH25D5azk2 SesUIo1NbjCJmBceFd2c/srgVlbWc2LXt7Qf5yxWJyhT16r/M7ok0btH25D5azk2
TKdnq/QFhHWVZUr3hg== TKdnq/QFhHWVZUr3hg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -24,4 +24,4 @@ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -54,4 +54,4 @@ wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6 PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg== KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE----- -----END CERTIFICATE-----

View file

@ -25,4 +25,4 @@ NaecuatRxyhxk7O76U4PHuQkAsdrFi+yDcetLJIBAoGBAJHUMttKQ9/sc6EYgdym
u8hMi/WGrt5eOOAJ17lY53eRZLci7s1mfsWIF9b0N50iE60SaFADQiMRAUtkJXNI u8hMi/WGrt5eOOAJ17lY53eRZLci7s1mfsWIF9b0N50iE60SaFADQiMRAUtkJXNI
a55qdpalVHsAE4Wwh7nlKLkaDEartx5X1qSTFw4fTMyKNOveiggQ/i9LZpFxsz22 a55qdpalVHsAE4Wwh7nlKLkaDEartx5X1qSTFw4fTMyKNOveiggQ/i9LZpFxsz22
3V+7jPJaCNyPbmOevXGhBEjr 3V+7jPJaCNyPbmOevXGhBEjr
-----END PRIVATE KEY----- -----END PRIVATE KEY-----

View file

@ -1,2 +1,2 @@
127.0.0.1 127.0.0.1
localhost localhost

View file

@ -3,4 +3,4 @@
# This user script will be executed between configuration and starting daemons # This user script will be executed between configuration and starting daemons
# To enable it you must save it in your config directory as "user-patches.sh" # To enable it you must save it in your config directory as "user-patches.sh"
## ##
echo "Default user-patches.sh successfully executed" echo "Default user-patches.sh successfully executed"

View file

@ -1,6 +1,6 @@
# -------------------------------------------------------------------- # --------------------------------------------------------------------
# Create mail accounts # Create mail accounts
# -------------------------------------------------------------------- # --------------------------------------------------------------------
# Some User # Some User
dn: uniqueIdentifier=some.user,ou=people,dc=localhost,dc=localdomain dn: uniqueIdentifier=some.user,ou=people,dc=localhost,dc=localdomain
changetype: add changetype: add
@ -13,7 +13,7 @@ cn: Some User
givenName: User givenName: User
mail: some.user@localhost.localdomain mail: some.user@localhost.localdomain
mailAlias: postmaster@localhost.localdomain mailAlias: postmaster@localhost.localdomain
mailGroupMember: employees@localhost.localdomain mailGroupMember: employees@localhost.localdomain
mailEnabled: TRUE mailEnabled: TRUE
mailGidNumber: 5000 mailGidNumber: 5000
mailHomeDirectory: /var/mail/localhost.localdomain/some.user/ mailHomeDirectory: /var/mail/localhost.localdomain/some.user/

View file

@ -59,7 +59,7 @@ objectclass ( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount'
SUP top AUXILIARY SUP top AUXILIARY
DESC 'Mail account used in Postfix Book' DESC 'Mail account used in Postfix Book'
MUST ( mail ) MUST ( mail )
MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember
$ mailUidNumber $ mailGidNumber $ mailEnabled $ mailUidNumber $ mailGidNumber $ mailEnabled
$ mailQuota $mailStorageDirectory ) ) $ mailQuota $mailStorageDirectory ) )