Merge branch 'master' into issues/2467

This commit is contained in:
Nathan Pierce 2022-03-17 09:24:55 -04:00 committed by GitHub
commit a435c32661
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 70 additions and 49 deletions

View file

@ -148,7 +148,7 @@ body:
**You are not obliged to answer this question**. **You are not obliged to answer this question**.
We do encourage answering though as it provides context to better assist you. We do encourage answering though as it provides context to better assist you.
Less experienced users tend to make common mistakes, which is ok; by letting us know we can spot those more easily. Less experienced users tend to make common mistakes, which is ok; by letting us know we can spot those more easily.
options: options:
- label: I am inexperienced with docker - label: I am inexperienced with docker
- label: I am inexperienced with mail servers - label: I am inexperienced with mail servers

View file

@ -271,7 +271,7 @@ start_misc
start_daemons start_daemons
# marker to check, if container was restarted # marker to check, if container was restarted
date > /CONTAINER_START date >/CONTAINER_START
_notify 'tasklog' "${HOSTNAME} is up and running" _notify 'tasklog' "${HOSTNAME} is up and running"

View file

@ -14,7 +14,7 @@ function _setup_supervisor
if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf
then then
case "${SUPERVISOR_LOGLEVEL}" in case "${SUPERVISOR_LOGLEVEL}" in
'critical' | 'error' | 'info' | 'debug' ) ( 'critical' | 'error' | 'info' | 'debug' )
sed -i -E \ sed -i -E \
"s|(loglevel).*|\1 = ${SUPERVISOR_LOGLEVEL}|g" \ "s|(loglevel).*|\1 = ${SUPERVISOR_LOGLEVEL}|g" \
/etc/supervisor/supervisord.conf /etc/supervisor/supervisord.conf
@ -23,11 +23,11 @@ function _setup_supervisor
exit exit
;; ;;
'warn' ) ( 'warn' )
return 0 return 0
;; ;;
* ) ( * )
_notify 'err' \ _notify 'err' \
"SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'" "SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'"
;; ;;
@ -160,7 +160,7 @@ function _setup_dovecot
# set mail_location according to mailbox format # set mail_location according to mailbox format
case "${DOVECOT_MAILBOX_FORMAT}" in case "${DOVECOT_MAILBOX_FORMAT}" in
"sdbox" | "mdbox" ) ( "sdbox" | "mdbox" )
_notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured" _notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured"
sed -i -e \ sed -i -e \
"s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \ "s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \
@ -171,7 +171,7 @@ function _setup_dovecot
chmod 644 /etc/cron.d/dovecot-purge chmod 644 /etc/cron.d/dovecot-purge
;; ;;
* ) ( * )
_notify 'inf' "Dovecot maildir format configured (default)" _notify 'inf' "Dovecot maildir format configured (default)"
sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf
;; ;;
@ -719,12 +719,12 @@ function _setup_docker_permit
done < <(ip -o -4 addr show type veth | grep -E -o '[0-9\.]+/[0-9]+') done < <(ip -o -4 addr show type veth | grep -E -o '[0-9\.]+/[0-9]+')
case "${PERMIT_DOCKER}" in case "${PERMIT_DOCKER}" in
"none" ) ( 'none' )
_notify 'inf' "Clearing Postfix's 'mynetworks'" _notify 'inf' "Clearing Postfix's 'mynetworks'"
postconf -e "mynetworks =" postconf -e "mynetworks ="
;; ;;
"connected-networks" ) ( 'connected-networks' )
for NETWORK in "${CONTAINER_NETWORKS[@]}" for NETWORK in "${CONTAINER_NETWORKS[@]}"
do do
NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}") NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}")
@ -735,28 +735,28 @@ function _setup_docker_permit
done done
;; ;;
"container" ) ( 'container' )
_notify 'inf' "Adding container IP address to Postfix's 'mynetworks'" _notify 'inf' "Adding container IP address to Postfix's 'mynetworks'"
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32" postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32"
echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts
echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts
;; ;;
"host" ) ( 'host' )
_notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'" _notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'"
postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16" postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16"
echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts
echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts
;; ;;
"network" ) ( 'network' )
_notify 'inf' "Adding docker network to Postfix's 'mynetworks'" _notify 'inf' "Adding docker network to Postfix's 'mynetworks'"
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12" postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
;; ;;
* ) ( * )
_notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}" _notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}"
_notify 'inf' "Clearing Postfix's 'mynetworks'" _notify 'inf' "Clearing Postfix's 'mynetworks'"
postconf -e "mynetworks =" postconf -e "mynetworks ="
@ -942,10 +942,21 @@ function _setup_security_stack
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key
cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM" cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM"
#! /bin/bash #! /bin/bash
sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com RESULT="$(sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com 2>&1)"
EXIT_CODE=${?}
# see https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
if [[ ${EXIT_CODE} -ge 4 ]]
then
echo -e "Updating SpamAssassin KAM failed:\n${RESULT}\n" >&2
exit 1
fi
exit 0
EOM EOM
@ -986,7 +997,9 @@ EOM
fi fi
# fix cron.daily for spamassassin # fix cron.daily for spamassassin
sed -i -e 's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' /etc/cron.daily/spamassassin sed -i \
's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' \
/etc/cron.daily/spamassassin
# Amavis # Amavis
if [[ ${ENABLE_AMAVIS} -eq 1 ]] if [[ ${ENABLE_AMAVIS} -eq 1 ]]
@ -1010,22 +1023,22 @@ function _setup_logrotate
LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n' LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n'
case "${LOGROTATE_INTERVAL}" in case "${LOGROTATE_INTERVAL}" in
'daily' ) ( 'daily' )
_notify 'inf' 'Setting postfix logrotate interval to daily' _notify 'inf' 'Setting postfix logrotate interval to daily'
LOGROTATE="${LOGROTATE} rotate 4\n daily\n" LOGROTATE="${LOGROTATE} rotate 4\n daily\n"
;; ;;
'weekly' ) ( 'weekly' )
_notify 'inf' 'Setting postfix logrotate interval to weekly' _notify 'inf' 'Setting postfix logrotate interval to weekly'
LOGROTATE="${LOGROTATE} rotate 4\n weekly\n" LOGROTATE="${LOGROTATE} rotate 4\n weekly\n"
;; ;;
'monthly' ) ( 'monthly' )
_notify 'inf' 'Setting postfix logrotate interval to monthly' _notify 'inf' 'Setting postfix logrotate interval to monthly'
LOGROTATE="${LOGROTATE} rotate 4\n monthly\n" LOGROTATE="${LOGROTATE} rotate 4\n monthly\n"
;; ;;
* ) ( * )
_notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate' _notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate'
;; ;;
@ -1039,27 +1052,30 @@ function _setup_mail_summary
_notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}" _notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}"
case "${PFLOGSUMM_TRIGGER}" in case "${PFLOGSUMM_TRIGGER}" in
'daily_cron' ) ( 'daily_cron' )
_notify 'inf' 'Creating daily cron job for pflogsumm report' _notify 'inf' 'Creating daily cron job for pflogsumm report'
echo '#! /bin/bash' > /etc/cron.daily/postfix-summary cat >/etc/cron.daily/postfix-summary << EOM
echo "/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}" >>/etc/cron.daily/postfix-summary #! /bin/bash
/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}
EOM
chmod +x /etc/cron.daily/postfix-summary chmod +x /etc/cron.daily/postfix-summary
;; ;;
'logrotate' ) ( 'logrotate' )
_notify 'inf' 'Add postrotate action for pflogsumm report' _notify 'inf' 'Add postrotate action for pflogsumm report'
sed -i \ sed -i \
"s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \ "s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \
/etc/logrotate.d/maillog /etc/logrotate.d/maillog
;; ;;
'none' ) ( 'none' )
_notify 'inf' 'Postfix log summary reports disabled.' _notify 'inf' 'Postfix log summary reports disabled.'
;; ;;
* ) ( * )
_notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery' _notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery'
;; ;;
@ -1068,34 +1084,37 @@ function _setup_mail_summary
function _setup_logwatch function _setup_logwatch
{ {
_notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
echo 'LogFile = /var/log/mail/freshclam.log' >>/etc/logwatch/conf/logfiles/clam-update.conf echo 'LogFile = /var/log/mail/freshclam.log' >>/etc/logwatch/conf/logfiles/clam-update.conf
echo "MailFrom = ${LOGWATCH_SENDER}" >>/etc/logwatch/conf/logwatch.conf
echo "MailFrom = ${LOGWATCH_SENDER}" >> /etc/logwatch/conf/logwatch.conf
case "${LOGWATCH_INTERVAL}" in case "${LOGWATCH_INTERVAL}" in
'daily' ) ( 'daily' | 'weekly' )
_notify 'inf' "Creating daily cron job for logwatch reports" _notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}"
echo "#! /bin/bash" > /etc/cron.daily/logwatch _notify 'inf' "Creating ${LOGWATCH_INTERVAL} cron job for logwatch reports"
echo "/usr/sbin/logwatch --range Yesterday --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \
>>/etc/cron.daily/logwatch local LOGWATCH_FILE INTERVAL
chmod 744 /etc/cron.daily/logwatch
LOGWATCH_FILE="/etc/cron.${LOGWATCH_INTERVAL}/logwatch"
INTERVAL='--range Yesterday'
if [[ ${LOGWATCH_INTERVAL} == 'weekly' ]]
then
INTERVAL="--range 'between -7 days and -1 days'"
fi
cat >"${LOGWATCH_FILE}" << EOM
#! /bin/bash
/usr/sbin/logwatch ${INTERVAL} --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}
EOM
chmod 744 "${LOGWATCH_FILE}"
;; ;;
'weekly' ) ( 'none' )
_notify 'inf' "Creating weekly cron job for logwatch reports"
echo "#! /bin/bash" > /etc/cron.weekly/logwatch
echo "/usr/sbin/logwatch --range 'between -7 days and -1 days' --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \
>>/etc/cron.weekly/logwatch
chmod 744 /etc/cron.weekly/logwatch
;;
'none' )
_notify 'inf' 'Logwatch reports disabled.' _notify 'inf' 'Logwatch reports disabled.'
;; ;;
* ) ( * )
_notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch' _notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch'
;; ;;
@ -1127,7 +1146,9 @@ function _setup_fail2ban
function _setup_dnsbl_disable function _setup_dnsbl_disable
{ {
_notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)' _notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)'
sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf sedfile -i \
'/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' \
/etc/postfix/main.cf
_notify 'task' 'Disabling postscreen DNS block lists' _notify 'task' 'Disabling postscreen DNS block lists'
postconf -e "postscreen_dnsbl_action = ignore" postconf -e "postscreen_dnsbl_action = ignore"

View file

@ -4,8 +4,8 @@ setup_file() {
local PRIVATE_CONFIG local PRIVATE_CONFIG
PRIVATE_CONFIG="$(duplicate_config_for_container .)" PRIVATE_CONFIG="$(duplicate_config_for_container .)"
docker run -d --name mail_special_use_folders \ docker run -d --name mail_special_use_folders \
-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
-v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \ -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \
-e SASL_PASSWD="external-domain.com username:password" \ -e SASL_PASSWD="external-domain.com username:password" \
-e ENABLE_CLAMAV=0 \ -e ENABLE_CLAMAV=0 \
-e ENABLE_SPAMASSASSIN=0 \ -e ENABLE_SPAMASSASSIN=0 \

View file

@ -101,7 +101,7 @@ function teardown_file() {
@test "checking ssl: manual cert changes are picked up by check-for-changes" { @test "checking ssl: manual cert changes are picked up by check-for-changes" {
printf 'someThingsChangedHere' \ printf 'someThingsChangedHere' \
>>"$(pwd)/test/test-files/ssl/${DOMAIN_SSL_MANUAL}/with_ca/ecdsa/key.ecdsa.pem" >>"$(pwd)/test/test-files/ssl/${DOMAIN_SSL_MANUAL}/with_ca/ecdsa/key.ecdsa.pem"
sleep 10 sleep 15
run docker exec mail_manual_ssl /bin/bash -c "supervisorctl tail -3000 changedetector" run docker exec mail_manual_ssl /bin/bash -c "supervisorctl tail -3000 changedetector"
assert_output --partial 'Change detected' assert_output --partial 'Change detected'