Adding daily mail review from Issue 839 (#881)

* Added dependencies, binary, startup configuration
* Added env variable to dist files/readme
* send summary after each logrotate, added env variable for mail/logrotate interval
* remove mail.log from rsyslogs logrotate
* rotate mail.log when no email is set
* Added documentation for POSTFIX_LOGROTATE_INTERVAL
* Removed interval option, since its not being tested for.
* changed test to force logrotate to rotate fixed logrotate config
* readded setup_environment, made logrotate_setup being called everytime
* changed documentation for new variable names - again
* Did Documentation, added a default recipient, added test for default config.
* layout fix
* changed variable names apposite the documentation
This commit is contained in:
akmet 2018-03-18 19:52:28 +01:00 committed by Johan Smits
parent 9192816e85
commit a420b15370
9 changed files with 106 additions and 0 deletions

View file

@ -94,6 +94,20 @@ Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postf
# etc. # etc.
POSTFIX_DAGENT= POSTFIX_DAGENT=
# Enables a report being sent (created by pflogsumm) on a regular basis.
# **0** => Report emails are disabled
# 1 => Using POSTMASTER_ADDRESS as the recipient
# => Specify the recipient address
REPORT_RECIPIENT=0
# Changes the interval in which a report is being sent.
# **daily** => Send a daily report
# weekly => Send a report every week
# monthly => Send a report every month
#
# Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/)
REPORT_INTERVAL=daily
# ----------------------------------------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------------------------------------
# --------------------- Spamassassin section ---------------------------------------------------------------------------------- # --------------------- Spamassassin section ----------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------------- # -----------------------------------------------------------------------------------------------------------------------------

View file

@ -50,6 +50,7 @@ RUN apt-get update -q --fix-missing && \
opendkim-tools \ opendkim-tools \
opendmarc \ opendmarc \
pax \ pax \
pflogsumm \
p7zip-full \ p7zip-full \
postfix-ldap \ postfix-ldap \
postfix-pcre \ postfix-pcre \
@ -197,6 +198,7 @@ RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
sed -i -r 's|UpdateLogFile /var/log/clamav/|UpdateLogFile /var/log/mail/|g' /etc/clamav/freshclam.conf && \ sed -i -r 's|UpdateLogFile /var/log/clamav/|UpdateLogFile /var/log/mail/|g' /etc/clamav/freshclam.conf && \
sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-daemon && \ sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-daemon && \
sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-freshclam && \ sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-freshclam && \
sed -i -r '/\/var\/log\/mail\/mail.log/d' /etc/logrotate.d/rsyslog && \
sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog && \ sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog && \
# prevent syslog logrotate warnings \ # prevent syslog logrotate warnings \
sed -i -e 's/\(printerror "could not determine current runlevel"\)/#\1/' /usr/sbin/invoke-rc.d && \ sed -i -e 's/\(printerror "could not determine current runlevel"\)/#\1/' /usr/sbin/invoke-rc.d && \

View file

@ -25,6 +25,7 @@ run:
-e ENABLE_CLAMAV=1 \ -e ENABLE_CLAMAV=1 \
-e SPOOF_PROTECTION=1 \ -e SPOOF_PROTECTION=1 \
-e ENABLE_SPAMASSASSIN=1 \ -e ENABLE_SPAMASSASSIN=1 \
-e REPORT_RECIPIENT=user1@localhost.localdomain \
-e SA_TAG=-5.0 \ -e SA_TAG=-5.0 \
-e SA_TAG2=2.0 \ -e SA_TAG2=2.0 \
-e SA_KILL=3.0 \ -e SA_KILL=3.0 \

View file

@ -311,6 +311,22 @@ Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postf
- drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects. - drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.
- ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail. - ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
##### REPORT_RECIPIENT
Enables a report being sent (created by pflogsumm) on a regular basis.
- **0** => Report emails are disabled
- 1 => Using POSTMASTER_ADDRESS as the recipient
- => Specify the recipient address
##### REPORT_INTERVAL
changes the interval in which a report is being sent.
- **daily** => Send a daily report
- weekly => Send a report every week
- monthly => Send a report every month
Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/)
## Spamassassin ## Spamassassin
##### ENABLE_SPAMASSASSIN ##### ENABLE_SPAMASSASSIN

View file

@ -26,6 +26,8 @@ services:
- OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME} - OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS} - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- POSTSCREEN_ACTION=${POSTSCREEN_ACTION} - POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
- REPORT_RECIPIENT=${REPORT_RECIPIENT}
- REPORT_INTERVAL=${REPORT_INTERVAL}
- SMTP_ONLY=${SMTP_ONLY} - SMTP_ONLY=${SMTP_ONLY}
- SSL_TYPE=${SSL_TYPE} - SSL_TYPE=${SSL_TYPE}
- PERMIT_DOCKER=${PERMIT_DOCKER} - PERMIT_DOCKER=${PERMIT_DOCKER}

View file

@ -24,6 +24,8 @@ services:
- OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME} - OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS} - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- POSTSCREEN_ACTION=${POSTSCREEN_ACTION} - POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
- REPORT_RECIPIENT=${REPORT_RECIPIENT}
- REPORT_INTERVAL=${REPORT_INTERVAL}
- SMTP_ONLY=${SMTP_ONLY} - SMTP_ONLY=${SMTP_ONLY}
- SSL_TYPE=${SSL_TYPE} - SSL_TYPE=${SSL_TYPE}
- TLS_LEVEL=${TLS_LEVEL} - TLS_LEVEL=${TLS_LEVEL}

View file

@ -0,0 +1,18 @@
#!/bin/bash
HOSTNAME=$1
RECIPIENT=$2
errex() {
echo -e "$@" 1>&2
exit 1
}
test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found"
BODY="Subject: Postfix Summary for $HOSTNAME\n\n"
# The case that the mail.log.1 file isn't readable shouldn't actually be possible with logrotate not rotating empty files.. But you never know!
[ -r "/var/log/mail/mail.log.1" ] \
&& BODY="$BODY"$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first) \
|| BODY="$BODY Error: Mail log not readable or not found: /var/log/mail/mail.log.1\n\nIn case of mail inactivity since the last report, this might be considered a nuisance warning.\n\nYours faithfully, The $HOSTNAME Mailserver"
echo -e "$BODY" | sendmail -f "mailserver-report@$HOSTNAME" "$RECIPIENT"

View file

@ -27,6 +27,8 @@ DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:="postmaster@domain.com
DEFAULT_VARS["POSTSCREEN_ACTION"]="${POSTSCREEN_ACTION:="enforce"}" DEFAULT_VARS["POSTSCREEN_ACTION"]="${POSTSCREEN_ACTION:="enforce"}"
DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}" DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}" DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}"
########################################################################## ##########################################################################
# << DEFAULT VARS # << DEFAULT VARS
########################################################################## ##########################################################################
@ -135,6 +137,11 @@ function register_functions() {
fi fi
_register_setup_function "_setup_environment" _register_setup_function "_setup_environment"
_register_setup_function "_setup_logrotate"
if [ "$REPORT_RECIPIENT" != 0 ]; then
_register_setup_function "_setup_mail_summary"
fi
################### << setup funcs ################### << setup funcs
@ -1085,6 +1092,34 @@ function _setup_elk_forwarder() {
> /etc/filebeat/filebeat.yml > /etc/filebeat/filebeat.yml
} }
function _setup_logrotate() {
notify 'inf' "Setting up logrotate"
LOGROTATE="/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n"
case "$REPORT_INTERVAL" in
"daily" )
notify 'inf' "Setting postfix summary interval to daily"
LOGROTATE="$LOGROTATE rotate 1\n daily\n"
;;
"weekly" )
notify 'inf' "Setting postfix summary interval to weekly"
LOGROTATE="$LOGROTATE rotate 1\n weekly\n"
;;
"monthly" )
notify 'inf' "Setting postfix summary interval to monthly"
LOGROTATE="$LOGROTATE rotate 1\n monthly\n"
;;
esac
LOGROTATE="$LOGROTATE}"
echo -e "$LOGROTATE" > /etc/logrotate.d/maillog
}
function _setup_mail_summary() {
notify 'inf' "Enable postfix summary with recipient $REPORT_RECIPIENT"
[ "$REPORT_RECIPIENT" = 1 ] && REPORT_RECIPIENT=$POSTMASTER_ADDRESS
sed -i "s|}| postrotate\n /usr/local/bin/postfix-summary $HOSTNAME $REPORT_RECIPIENT\n endscript\n}\n|" /etc/logrotate.d/maillog
}
function _setup_environment() { function _setup_environment() {
notify 'task' 'Setting up /etc/environment' notify 'task' 'Setting up /etc/environment'

View file

@ -1465,6 +1465,22 @@ load 'test_helper/bats-assert/load'
assert_output 1 assert_output 1
} }
#
# Pflogsumm delivery check
#
@test "checking pflogsum delivery" {
# checking logrotation working and report being sent
docker exec mail logrotate --force /etc/logrotate.d/maillog
sleep 10
run docker exec mail grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R
assert_success
# checking default logrotation setup
run docker exec mail_with_ldap grep "daily" /etc/logrotate.d/maillog
assert_success
}
# #
# PCI compliance # PCI compliance
# #