Merge branch 'master' into issues/2467

This commit is contained in:
Nathan Pierce 2022-03-17 09:24:55 -04:00 committed by GitHub
commit a435c32661
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 70 additions and 49 deletions

View file

@ -148,7 +148,7 @@ body:
**You are not obliged to answer this question**.
We do encourage answering though as it provides context to better assist you.
Less experienced users tend to make common mistakes, which is ok; by letting us know we can spot those more easily.
options:
- label: I am inexperienced with docker
- label: I am inexperienced with mail servers

View file

@ -271,7 +271,7 @@ start_misc
start_daemons
# marker to check, if container was restarted
date > /CONTAINER_START
date >/CONTAINER_START
_notify 'tasklog' "${HOSTNAME} is up and running"

View file

@ -14,7 +14,7 @@ function _setup_supervisor
if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf
then
case "${SUPERVISOR_LOGLEVEL}" in
'critical' | 'error' | 'info' | 'debug' )
( 'critical' | 'error' | 'info' | 'debug' )
sed -i -E \
"s|(loglevel).*|\1 = ${SUPERVISOR_LOGLEVEL}|g" \
/etc/supervisor/supervisord.conf
@ -23,11 +23,11 @@ function _setup_supervisor
exit
;;
'warn' )
( 'warn' )
return 0
;;
* )
( * )
_notify 'err' \
"SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'"
;;
@ -160,7 +160,7 @@ function _setup_dovecot
# set mail_location according to mailbox format
case "${DOVECOT_MAILBOX_FORMAT}" in
"sdbox" | "mdbox" )
( "sdbox" | "mdbox" )
_notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured"
sed -i -e \
"s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \
@ -171,7 +171,7 @@ function _setup_dovecot
chmod 644 /etc/cron.d/dovecot-purge
;;
* )
( * )
_notify 'inf' "Dovecot maildir format configured (default)"
sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf
;;
@ -719,12 +719,12 @@ function _setup_docker_permit
done < <(ip -o -4 addr show type veth | grep -E -o '[0-9\.]+/[0-9]+')
case "${PERMIT_DOCKER}" in
"none" )
( 'none' )
_notify 'inf' "Clearing Postfix's 'mynetworks'"
postconf -e "mynetworks ="
;;
"connected-networks" )
( 'connected-networks' )
for NETWORK in "${CONTAINER_NETWORKS[@]}"
do
NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}")
@ -735,28 +735,28 @@ function _setup_docker_permit
done
;;
"container" )
( 'container' )
_notify 'inf' "Adding container IP address to Postfix's 'mynetworks'"
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32"
echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts
echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts
;;
"host" )
( 'host' )
_notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'"
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16"
echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts
echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts
;;
"network" )
( 'network' )
_notify 'inf' "Adding docker network to Postfix's 'mynetworks'"
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
;;
* )
( * )
_notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}"
_notify 'inf' "Clearing Postfix's 'mynetworks'"
postconf -e "mynetworks ="
@ -942,10 +942,21 @@ function _setup_security_stack
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM"
#! /bin/bash
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
RESULT="$(sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com 2>&1)"
EXIT_CODE=${?}
# see https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
if [[ ${EXIT_CODE} -ge 4 ]]
then
echo -e "Updating SpamAssassin KAM failed:\n${RESULT}\n" >&2
exit 1
fi
exit 0
EOM
@ -986,7 +997,9 @@ EOM
fi
# fix cron.daily for spamassassin
sed -i -e 's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' /etc/cron.daily/spamassassin
sed -i \
's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' \
/etc/cron.daily/spamassassin
# Amavis
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
@ -1010,22 +1023,22 @@ function _setup_logrotate
LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n'
case "${LOGROTATE_INTERVAL}" in
'daily' )
( 'daily' )
_notify 'inf' 'Setting postfix logrotate interval to daily'
LOGROTATE="${LOGROTATE} rotate 4\n daily\n"
;;
'weekly' )
( 'weekly' )
_notify 'inf' 'Setting postfix logrotate interval to weekly'
LOGROTATE="${LOGROTATE} rotate 4\n weekly\n"
;;
'monthly' )
( 'monthly' )
_notify 'inf' 'Setting postfix logrotate interval to monthly'
LOGROTATE="${LOGROTATE} rotate 4\n monthly\n"
;;
* )
( * )
_notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate'
;;
@ -1039,27 +1052,30 @@ function _setup_mail_summary
_notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}"
case "${PFLOGSUMM_TRIGGER}" in
'daily_cron' )
( 'daily_cron' )
_notify 'inf' 'Creating daily cron job for pflogsumm report'
echo '#! /bin/bash' > /etc/cron.daily/postfix-summary
echo "/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}" >>/etc/cron.daily/postfix-summary
cat >/etc/cron.daily/postfix-summary << EOM
#! /bin/bash
/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}
EOM
chmod +x /etc/cron.daily/postfix-summary
;;
'logrotate' )
( 'logrotate' )
_notify 'inf' 'Add postrotate action for pflogsumm report'
sed -i \
"s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \
/etc/logrotate.d/maillog
;;
'none' )
( 'none' )
_notify 'inf' 'Postfix log summary reports disabled.'
;;
* )
( * )
_notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery'
;;
@ -1068,34 +1084,37 @@ function _setup_mail_summary
function _setup_logwatch
{
_notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
echo 'LogFile = /var/log/mail/freshclam.log' >>/etc/logwatch/conf/logfiles/clam-update.conf
echo "MailFrom = ${LOGWATCH_SENDER}" >> /etc/logwatch/conf/logwatch.conf
echo "MailFrom = ${LOGWATCH_SENDER}" >>/etc/logwatch/conf/logwatch.conf
case "${LOGWATCH_INTERVAL}" in
'daily' )
_notify 'inf' "Creating daily cron job for logwatch reports"
echo "#! /bin/bash" > /etc/cron.daily/logwatch
echo "/usr/sbin/logwatch --range Yesterday --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \
>>/etc/cron.daily/logwatch
chmod 744 /etc/cron.daily/logwatch
( 'daily' | 'weekly' )
_notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
_notify 'inf' "Creating ${LOGWATCH_INTERVAL} cron job for logwatch reports"
local LOGWATCH_FILE INTERVAL
LOGWATCH_FILE="/etc/cron.${LOGWATCH_INTERVAL}/logwatch"
INTERVAL='--range Yesterday'
if [[ ${LOGWATCH_INTERVAL} == 'weekly' ]]
then
INTERVAL="--range 'between -7 days and -1 days'"
fi
cat >"${LOGWATCH_FILE}" << EOM
#! /bin/bash
/usr/sbin/logwatch ${INTERVAL} --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}
EOM
chmod 744 "${LOGWATCH_FILE}"
;;
'weekly' )
_notify 'inf' "Creating weekly cron job for logwatch reports"
echo "#! /bin/bash" > /etc/cron.weekly/logwatch
echo "/usr/sbin/logwatch --range 'between -7 days and -1 days' --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \
>>/etc/cron.weekly/logwatch
chmod 744 /etc/cron.weekly/logwatch
;;
'none' )
( 'none' )
_notify 'inf' 'Logwatch reports disabled.'
;;
* )
( * )
_notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch'
;;
@ -1127,7 +1146,9 @@ function _setup_fail2ban
function _setup_dnsbl_disable
{
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf
sedfile -i \
'/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' \
/etc/postfix/main.cf
_notify 'task' 'Disabling postscreen DNS block lists'
postconf -e "postscreen_dnsbl_action = ignore"

View file

@ -4,8 +4,8 @@ setup_file() {
local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container .)"
docker run -d --name mail_special_use_folders \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e SASL_PASSWD="external-domain.com username:password" \
-e ENABLE_CLAMAV=0 \
-e ENABLE_SPAMASSASSIN=0 \

View file

@ -101,7 +101,7 @@ function teardown_file() {
@test "checking ssl: manual cert changes are picked up by check-for-changes" {
printf 'someThingsChangedHere' \
>>"$(pwd)/test/test-files/ssl/${DOMAIN_SSL_MANUAL}/with_ca/ecdsa/key.ecdsa.pem"
sleep 10
sleep 15
run docker exec mail_manual_ssl /bin/bash -c "supervisorctl tail -3000 changedetector"
assert_output --partial 'Change detected'