From b4b19e76b705a792f3d47ba2f61b78ab2416d350 Mon Sep 17 00:00:00 2001 From: Marek Walczak <2558195+mwlczk@users.noreply.github.com> Date: Sun, 4 Feb 2018 21:27:47 +0100 Subject: [PATCH] Stretch backport (#813) * install dovecot from backports * dovecot 2.2.33 has a slightly different TLS-configuration than 2.2.27 * want to have both images a the same time * make use of the /etc/dovecot/ssl as mkcert.sh (2.2.33) is using that folder for certs. --- Dockerfile | 21 ++++++++++++------- target/dovecot/10-ssl.conf | 4 ++-- target/start-mailserver.sh | 16 +++++++------- test/config/dovecot-lmtp/conf.d/10-ssl.conf | 4 ++-- .../{private/dovecot.pem => ssl/dovecot.key} | 0 .../config/dovecot-lmtp/{ => ssl}/dovecot.pem | 0 6 files changed, 25 insertions(+), 20 deletions(-) rename test/config/dovecot-lmtp/{private/dovecot.pem => ssl/dovecot.key} (100%) rename test/config/dovecot-lmtp/{ => ssl}/dovecot.pem (100%) diff --git a/Dockerfile b/Dockerfile index efdf2780..3e0cfd6b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -28,13 +28,6 @@ RUN apt-get update -q --fix-missing && \ clamav-daemon \ cpio \ curl \ - dovecot-core \ - dovecot-imapd \ - dovecot-ldap \ - dovecot-lmtpd \ - dovecot-managesieved \ - dovecot-pop3d \ - dovecot-sieve \ ed \ fail2ban \ fetchmail \ @@ -77,11 +70,20 @@ RUN apt-get update -q --fix-missing && \ && \ curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \ echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \ + echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \ apt-get update -q --fix-missing && \ apt-get -y upgrade \ - fail2ban \ filebeat \ && \ + apt-get -t stretch-backports -y install --no-install-recommends \ + dovecot-core \ + dovecot-imapd \ + dovecot-ldap \ + dovecot-lmtpd \ + dovecot-managesieved \ + dovecot-pop3d \ + dovecot-sieve \ + && \ apt-get autoclean && \ rm -rf /var/lib/apt/lists/* && \ rm -rf /usr/share/locale/* && \ @@ -107,6 +109,9 @@ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/e sed -i -e 's/^.*lda_mailbox_autosubscribe.*/lda_mailbox_autosubscribe = yes/g' /etc/dovecot/conf.d/15-lda.conf && \ sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDRESS:="postmaster@domain.com"}'/g' /etc/dovecot/conf.d/15-lda.conf && \ sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf && \ + # stretch-backport of dovecot needs this folder + mkdir /etc/dovecot/ssl && \ + chmod 755 /etc/dovecot/ssl && \ cd /usr/share/dovecot && \ ./mkcert.sh && \ mkdir /usr/lib/dovecot/sieve-pipe && \ diff --git a/target/dovecot/10-ssl.conf b/target/dovecot/10-ssl.conf index 4623d60c..2d6fd178 100644 --- a/target/dovecot/10-ssl.conf +++ b/target/dovecot/10-ssl.conf @@ -9,8 +9,8 @@ # dropping root privileges, so keep the key file unreadable by anyone but # root. Included doc/mkcert.sh can be used to easily generate self-signed # certificate, just make sure to update the domains in dovecot-openssl.cnf -ssl_cert =