mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Merge branch 'master' into issues/2467
This commit is contained in:
commit
a435c32661
|
@ -14,7 +14,7 @@ function _setup_supervisor
|
||||||
if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf
|
if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf
|
||||||
then
|
then
|
||||||
case "${SUPERVISOR_LOGLEVEL}" in
|
case "${SUPERVISOR_LOGLEVEL}" in
|
||||||
'critical' | 'error' | 'info' | 'debug' )
|
( 'critical' | 'error' | 'info' | 'debug' )
|
||||||
sed -i -E \
|
sed -i -E \
|
||||||
"s|(loglevel).*|\1 = ${SUPERVISOR_LOGLEVEL}|g" \
|
"s|(loglevel).*|\1 = ${SUPERVISOR_LOGLEVEL}|g" \
|
||||||
/etc/supervisor/supervisord.conf
|
/etc/supervisor/supervisord.conf
|
||||||
|
@ -23,11 +23,11 @@ function _setup_supervisor
|
||||||
exit
|
exit
|
||||||
;;
|
;;
|
||||||
|
|
||||||
'warn' )
|
( 'warn' )
|
||||||
return 0
|
return 0
|
||||||
;;
|
;;
|
||||||
|
|
||||||
* )
|
( * )
|
||||||
_notify 'err' \
|
_notify 'err' \
|
||||||
"SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'"
|
"SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'"
|
||||||
;;
|
;;
|
||||||
|
@ -160,7 +160,7 @@ function _setup_dovecot
|
||||||
|
|
||||||
# set mail_location according to mailbox format
|
# set mail_location according to mailbox format
|
||||||
case "${DOVECOT_MAILBOX_FORMAT}" in
|
case "${DOVECOT_MAILBOX_FORMAT}" in
|
||||||
"sdbox" | "mdbox" )
|
( "sdbox" | "mdbox" )
|
||||||
_notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured"
|
_notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured"
|
||||||
sed -i -e \
|
sed -i -e \
|
||||||
"s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \
|
"s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \
|
||||||
|
@ -171,7 +171,7 @@ function _setup_dovecot
|
||||||
chmod 644 /etc/cron.d/dovecot-purge
|
chmod 644 /etc/cron.d/dovecot-purge
|
||||||
;;
|
;;
|
||||||
|
|
||||||
* )
|
( * )
|
||||||
_notify 'inf' "Dovecot maildir format configured (default)"
|
_notify 'inf' "Dovecot maildir format configured (default)"
|
||||||
sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf
|
sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf
|
||||||
;;
|
;;
|
||||||
|
@ -719,12 +719,12 @@ function _setup_docker_permit
|
||||||
done < <(ip -o -4 addr show type veth | grep -E -o '[0-9\.]+/[0-9]+')
|
done < <(ip -o -4 addr show type veth | grep -E -o '[0-9\.]+/[0-9]+')
|
||||||
|
|
||||||
case "${PERMIT_DOCKER}" in
|
case "${PERMIT_DOCKER}" in
|
||||||
"none" )
|
( 'none' )
|
||||||
_notify 'inf' "Clearing Postfix's 'mynetworks'"
|
_notify 'inf' "Clearing Postfix's 'mynetworks'"
|
||||||
postconf -e "mynetworks ="
|
postconf -e "mynetworks ="
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"connected-networks" )
|
( 'connected-networks' )
|
||||||
for NETWORK in "${CONTAINER_NETWORKS[@]}"
|
for NETWORK in "${CONTAINER_NETWORKS[@]}"
|
||||||
do
|
do
|
||||||
NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}")
|
NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}")
|
||||||
|
@ -735,28 +735,28 @@ function _setup_docker_permit
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"container" )
|
( 'container' )
|
||||||
_notify 'inf' "Adding container IP address to Postfix's 'mynetworks'"
|
_notify 'inf' "Adding container IP address to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32"
|
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32"
|
||||||
echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts
|
echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts
|
||||||
echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts
|
echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"host" )
|
( 'host' )
|
||||||
_notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'"
|
_notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16"
|
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16"
|
||||||
echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts
|
echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts
|
||||||
echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts
|
echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"network" )
|
( 'network' )
|
||||||
_notify 'inf' "Adding docker network to Postfix's 'mynetworks'"
|
_notify 'inf' "Adding docker network to Postfix's 'mynetworks'"
|
||||||
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
|
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
|
||||||
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
|
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
|
||||||
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
|
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
|
||||||
;;
|
;;
|
||||||
|
|
||||||
* )
|
( * )
|
||||||
_notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}"
|
_notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}"
|
||||||
_notify 'inf' "Clearing Postfix's 'mynetworks'"
|
_notify 'inf' "Clearing Postfix's 'mynetworks'"
|
||||||
postconf -e "mynetworks ="
|
postconf -e "mynetworks ="
|
||||||
|
@ -942,10 +942,21 @@ function _setup_security_stack
|
||||||
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
|
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
|
||||||
|
|
||||||
sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
|
sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
|
||||||
|
|
||||||
cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM"
|
cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM"
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com
|
RESULT="$(sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com 2>&1)"
|
||||||
|
EXIT_CODE=${?}
|
||||||
|
|
||||||
|
# see https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
|
||||||
|
if [[ ${EXIT_CODE} -ge 4 ]]
|
||||||
|
then
|
||||||
|
echo -e "Updating SpamAssassin KAM failed:\n${RESULT}\n" >&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
EOM
|
EOM
|
||||||
|
|
||||||
|
@ -986,7 +997,9 @@ EOM
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# fix cron.daily for spamassassin
|
# fix cron.daily for spamassassin
|
||||||
sed -i -e 's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' /etc/cron.daily/spamassassin
|
sed -i \
|
||||||
|
's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' \
|
||||||
|
/etc/cron.daily/spamassassin
|
||||||
|
|
||||||
# Amavis
|
# Amavis
|
||||||
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
|
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
|
||||||
|
@ -1010,22 +1023,22 @@ function _setup_logrotate
|
||||||
LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n'
|
LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n'
|
||||||
|
|
||||||
case "${LOGROTATE_INTERVAL}" in
|
case "${LOGROTATE_INTERVAL}" in
|
||||||
'daily' )
|
( 'daily' )
|
||||||
_notify 'inf' 'Setting postfix logrotate interval to daily'
|
_notify 'inf' 'Setting postfix logrotate interval to daily'
|
||||||
LOGROTATE="${LOGROTATE} rotate 4\n daily\n"
|
LOGROTATE="${LOGROTATE} rotate 4\n daily\n"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
'weekly' )
|
( 'weekly' )
|
||||||
_notify 'inf' 'Setting postfix logrotate interval to weekly'
|
_notify 'inf' 'Setting postfix logrotate interval to weekly'
|
||||||
LOGROTATE="${LOGROTATE} rotate 4\n weekly\n"
|
LOGROTATE="${LOGROTATE} rotate 4\n weekly\n"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
'monthly' )
|
( 'monthly' )
|
||||||
_notify 'inf' 'Setting postfix logrotate interval to monthly'
|
_notify 'inf' 'Setting postfix logrotate interval to monthly'
|
||||||
LOGROTATE="${LOGROTATE} rotate 4\n monthly\n"
|
LOGROTATE="${LOGROTATE} rotate 4\n monthly\n"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
* )
|
( * )
|
||||||
_notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate'
|
_notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -1039,27 +1052,30 @@ function _setup_mail_summary
|
||||||
_notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}"
|
_notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}"
|
||||||
|
|
||||||
case "${PFLOGSUMM_TRIGGER}" in
|
case "${PFLOGSUMM_TRIGGER}" in
|
||||||
'daily_cron' )
|
( 'daily_cron' )
|
||||||
_notify 'inf' 'Creating daily cron job for pflogsumm report'
|
_notify 'inf' 'Creating daily cron job for pflogsumm report'
|
||||||
|
|
||||||
echo '#! /bin/bash' > /etc/cron.daily/postfix-summary
|
cat >/etc/cron.daily/postfix-summary << EOM
|
||||||
echo "/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}" >>/etc/cron.daily/postfix-summary
|
#! /bin/bash
|
||||||
|
|
||||||
|
/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}
|
||||||
|
EOM
|
||||||
|
|
||||||
chmod +x /etc/cron.daily/postfix-summary
|
chmod +x /etc/cron.daily/postfix-summary
|
||||||
;;
|
;;
|
||||||
|
|
||||||
'logrotate' )
|
( 'logrotate' )
|
||||||
_notify 'inf' 'Add postrotate action for pflogsumm report'
|
_notify 'inf' 'Add postrotate action for pflogsumm report'
|
||||||
sed -i \
|
sed -i \
|
||||||
"s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \
|
"s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \
|
||||||
/etc/logrotate.d/maillog
|
/etc/logrotate.d/maillog
|
||||||
;;
|
;;
|
||||||
|
|
||||||
'none' )
|
( 'none' )
|
||||||
_notify 'inf' 'Postfix log summary reports disabled.'
|
_notify 'inf' 'Postfix log summary reports disabled.'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
* )
|
( * )
|
||||||
_notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery'
|
_notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -1068,34 +1084,37 @@ function _setup_mail_summary
|
||||||
|
|
||||||
function _setup_logwatch
|
function _setup_logwatch
|
||||||
{
|
{
|
||||||
_notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
|
|
||||||
|
|
||||||
echo 'LogFile = /var/log/mail/freshclam.log' >>/etc/logwatch/conf/logfiles/clam-update.conf
|
echo 'LogFile = /var/log/mail/freshclam.log' >>/etc/logwatch/conf/logfiles/clam-update.conf
|
||||||
|
|
||||||
echo "MailFrom = ${LOGWATCH_SENDER}" >>/etc/logwatch/conf/logwatch.conf
|
echo "MailFrom = ${LOGWATCH_SENDER}" >>/etc/logwatch/conf/logwatch.conf
|
||||||
|
|
||||||
case "${LOGWATCH_INTERVAL}" in
|
case "${LOGWATCH_INTERVAL}" in
|
||||||
'daily' )
|
( 'daily' | 'weekly' )
|
||||||
_notify 'inf' "Creating daily cron job for logwatch reports"
|
_notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
|
||||||
echo "#! /bin/bash" > /etc/cron.daily/logwatch
|
_notify 'inf' "Creating ${LOGWATCH_INTERVAL} cron job for logwatch reports"
|
||||||
echo "/usr/sbin/logwatch --range Yesterday --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \
|
|
||||||
>>/etc/cron.daily/logwatch
|
local LOGWATCH_FILE INTERVAL
|
||||||
chmod 744 /etc/cron.daily/logwatch
|
|
||||||
|
LOGWATCH_FILE="/etc/cron.${LOGWATCH_INTERVAL}/logwatch"
|
||||||
|
INTERVAL='--range Yesterday'
|
||||||
|
|
||||||
|
if [[ ${LOGWATCH_INTERVAL} == 'weekly' ]]
|
||||||
|
then
|
||||||
|
INTERVAL="--range 'between -7 days and -1 days'"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >"${LOGWATCH_FILE}" << EOM
|
||||||
|
#! /bin/bash
|
||||||
|
|
||||||
|
/usr/sbin/logwatch ${INTERVAL} --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}
|
||||||
|
EOM
|
||||||
|
chmod 744 "${LOGWATCH_FILE}"
|
||||||
;;
|
;;
|
||||||
|
|
||||||
'weekly' )
|
( 'none' )
|
||||||
_notify 'inf' "Creating weekly cron job for logwatch reports"
|
|
||||||
echo "#! /bin/bash" > /etc/cron.weekly/logwatch
|
|
||||||
echo "/usr/sbin/logwatch --range 'between -7 days and -1 days' --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \
|
|
||||||
>>/etc/cron.weekly/logwatch
|
|
||||||
chmod 744 /etc/cron.weekly/logwatch
|
|
||||||
;;
|
|
||||||
|
|
||||||
'none' )
|
|
||||||
_notify 'inf' 'Logwatch reports disabled.'
|
_notify 'inf' 'Logwatch reports disabled.'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
* )
|
( * )
|
||||||
_notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch'
|
_notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch'
|
||||||
;;
|
;;
|
||||||
|
|
||||||
|
@ -1127,7 +1146,9 @@ function _setup_fail2ban
|
||||||
function _setup_dnsbl_disable
|
function _setup_dnsbl_disable
|
||||||
{
|
{
|
||||||
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
|
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
|
||||||
sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf
|
sedfile -i \
|
||||||
|
'/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' \
|
||||||
|
/etc/postfix/main.cf
|
||||||
|
|
||||||
_notify 'task' 'Disabling postscreen DNS block lists'
|
_notify 'task' 'Disabling postscreen DNS block lists'
|
||||||
postconf -e "postscreen_dnsbl_action = ignore"
|
postconf -e "postscreen_dnsbl_action = ignore"
|
||||||
|
|
|
@ -101,7 +101,7 @@ function teardown_file() {
|
||||||
@test "checking ssl: manual cert changes are picked up by check-for-changes" {
|
@test "checking ssl: manual cert changes are picked up by check-for-changes" {
|
||||||
printf 'someThingsChangedHere' \
|
printf 'someThingsChangedHere' \
|
||||||
>>"$(pwd)/test/test-files/ssl/${DOMAIN_SSL_MANUAL}/with_ca/ecdsa/key.ecdsa.pem"
|
>>"$(pwd)/test/test-files/ssl/${DOMAIN_SSL_MANUAL}/with_ca/ecdsa/key.ecdsa.pem"
|
||||||
sleep 10
|
sleep 15
|
||||||
|
|
||||||
run docker exec mail_manual_ssl /bin/bash -c "supervisorctl tail -3000 changedetector"
|
run docker exec mail_manual_ssl /bin/bash -c "supervisorctl tail -3000 changedetector"
|
||||||
assert_output --partial 'Change detected'
|
assert_output --partial 'Change detected'
|
||||||
|
|
Loading…
Reference in a new issue