mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Stretch backport (#813)
* install dovecot from backports * dovecot 2.2.33 has a slightly different TLS-configuration than 2.2.27 * want to have both images a the same time * make use of the /etc/dovecot/ssl as mkcert.sh (2.2.33) is using that folder for certs.
This commit is contained in:
parent
c2f4220016
commit
b4b19e76b7
21
Dockerfile
21
Dockerfile
|
@ -28,13 +28,6 @@ RUN apt-get update -q --fix-missing && \
|
||||||
clamav-daemon \
|
clamav-daemon \
|
||||||
cpio \
|
cpio \
|
||||||
curl \
|
curl \
|
||||||
dovecot-core \
|
|
||||||
dovecot-imapd \
|
|
||||||
dovecot-ldap \
|
|
||||||
dovecot-lmtpd \
|
|
||||||
dovecot-managesieved \
|
|
||||||
dovecot-pop3d \
|
|
||||||
dovecot-sieve \
|
|
||||||
ed \
|
ed \
|
||||||
fail2ban \
|
fail2ban \
|
||||||
fetchmail \
|
fetchmail \
|
||||||
|
@ -77,11 +70,20 @@ RUN apt-get update -q --fix-missing && \
|
||||||
&& \
|
&& \
|
||||||
curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
|
curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
|
||||||
echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \
|
echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \
|
||||||
|
echo "deb http://ftp.debian.org/debian stretch-backports main" | tee -a /etc/apt/sources.list.d/stretch-bp.list && \
|
||||||
apt-get update -q --fix-missing && \
|
apt-get update -q --fix-missing && \
|
||||||
apt-get -y upgrade \
|
apt-get -y upgrade \
|
||||||
fail2ban \
|
|
||||||
filebeat \
|
filebeat \
|
||||||
&& \
|
&& \
|
||||||
|
apt-get -t stretch-backports -y install --no-install-recommends \
|
||||||
|
dovecot-core \
|
||||||
|
dovecot-imapd \
|
||||||
|
dovecot-ldap \
|
||||||
|
dovecot-lmtpd \
|
||||||
|
dovecot-managesieved \
|
||||||
|
dovecot-pop3d \
|
||||||
|
dovecot-sieve \
|
||||||
|
&& \
|
||||||
apt-get autoclean && \
|
apt-get autoclean && \
|
||||||
rm -rf /var/lib/apt/lists/* && \
|
rm -rf /var/lib/apt/lists/* && \
|
||||||
rm -rf /usr/share/locale/* && \
|
rm -rf /usr/share/locale/* && \
|
||||||
|
@ -107,6 +109,9 @@ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/e
|
||||||
sed -i -e 's/^.*lda_mailbox_autosubscribe.*/lda_mailbox_autosubscribe = yes/g' /etc/dovecot/conf.d/15-lda.conf && \
|
sed -i -e 's/^.*lda_mailbox_autosubscribe.*/lda_mailbox_autosubscribe = yes/g' /etc/dovecot/conf.d/15-lda.conf && \
|
||||||
sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDRESS:="postmaster@domain.com"}'/g' /etc/dovecot/conf.d/15-lda.conf && \
|
sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDRESS:="postmaster@domain.com"}'/g' /etc/dovecot/conf.d/15-lda.conf && \
|
||||||
sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf && \
|
sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf && \
|
||||||
|
# stretch-backport of dovecot needs this folder
|
||||||
|
mkdir /etc/dovecot/ssl && \
|
||||||
|
chmod 755 /etc/dovecot/ssl && \
|
||||||
cd /usr/share/dovecot && \
|
cd /usr/share/dovecot && \
|
||||||
./mkcert.sh && \
|
./mkcert.sh && \
|
||||||
mkdir /usr/lib/dovecot/sieve-pipe && \
|
mkdir /usr/lib/dovecot/sieve-pipe && \
|
||||||
|
|
|
@ -9,8 +9,8 @@
|
||||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||||
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
||||||
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
||||||
ssl_cert = </etc/dovecot/dovecot.pem
|
ssl_cert = </etc/dovecot/ssl/dovecot.pem
|
||||||
ssl_key = </etc/dovecot/private/dovecot.pem
|
ssl_key = </etc/dovecot/ssl/dovecot.key
|
||||||
|
|
||||||
# If key file is password protected, give the password here. Alternatively
|
# If key file is password protected, give the password here. Alternatively
|
||||||
# give it when starting dovecot with -p parameter. Since this file is often
|
# give it when starting dovecot with -p parameter. Since this file is often
|
||||||
|
|
|
@ -736,8 +736,8 @@ function _setup_ssl() {
|
||||||
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/letsencrypt/live/'$HOSTNAME'/'"$KEY"'\.pem~g' /etc/postfix/main.cf
|
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/letsencrypt/live/'$HOSTNAME'/'"$KEY"'\.pem~g' /etc/postfix/main.cf
|
||||||
|
|
||||||
# Dovecot configuration
|
# Dovecot configuration
|
||||||
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$HOSTNAME'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_cert = </etc/dovecot/ssl/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$HOSTNAME'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/letsencrypt/live/'$HOSTNAME'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_key = </etc/dovecot/ssl/dovecot\.key~ssl_key = </etc/letsencrypt/live/'$HOSTNAME'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
|
|
||||||
notify 'inf' "SSL configured with 'letsencrypt' certificates"
|
notify 'inf' "SSL configured with 'letsencrypt' certificates"
|
||||||
fi
|
fi
|
||||||
|
@ -755,8 +755,8 @@ function _setup_ssl() {
|
||||||
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/postfix/ssl/'$HOSTNAME'-full.pem~g' /etc/postfix/main.cf
|
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/postfix/ssl/'$HOSTNAME'-full.pem~g' /etc/postfix/main.cf
|
||||||
|
|
||||||
# Dovecot configuration
|
# Dovecot configuration
|
||||||
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$HOSTNAME'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_cert = </etc/dovecot/ssl/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$HOSTNAME'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$HOSTNAME'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_key = </etc/dovecot/ssl/dovecot\.key~ssl_key = </etc/postfix/ssl/'$HOSTNAME'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
|
|
||||||
notify 'inf' "SSL configured with 'CA signed/custom' certificates"
|
notify 'inf' "SSL configured with 'CA signed/custom' certificates"
|
||||||
fi
|
fi
|
||||||
|
@ -777,8 +777,8 @@ function _setup_ssl() {
|
||||||
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/postfix/ssl/key~g' /etc/postfix/main.cf
|
sed -i -r 's~smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key~smtpd_tls_key_file=/etc/postfix/ssl/key~g' /etc/postfix/main.cf
|
||||||
|
|
||||||
# Dovecot configuration
|
# Dovecot configuration
|
||||||
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_cert = </etc/dovecot/ssl/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_key = </etc/dovecot/ssl/dovecot\.key~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
|
|
||||||
notify 'inf' "SSL configured with 'Manual' certificates"
|
notify 'inf' "SSL configured with 'Manual' certificates"
|
||||||
fi
|
fi
|
||||||
|
@ -806,8 +806,8 @@ function _setup_ssl() {
|
||||||
ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$HOSTNAME.pem"
|
ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$HOSTNAME.pem"
|
||||||
|
|
||||||
# Dovecot configuration
|
# Dovecot configuration
|
||||||
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$HOSTNAME'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_cert = </etc/dovecot/ssl/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$HOSTNAME'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$HOSTNAME'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
sed -i -e 's~ssl_key = </etc/dovecot/ssl/dovecot\.key~ssl_key = </etc/postfix/ssl/'$HOSTNAME'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
|
||||||
|
|
||||||
notify 'inf' "SSL configured with 'self-signed' certificates"
|
notify 'inf' "SSL configured with 'self-signed' certificates"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -9,8 +9,8 @@ ssl = required
|
||||||
# dropping root privileges, so keep the key file unreadable by anyone but
|
# dropping root privileges, so keep the key file unreadable by anyone but
|
||||||
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
# root. Included doc/mkcert.sh can be used to easily generate self-signed
|
||||||
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
# certificate, just make sure to update the domains in dovecot-openssl.cnf
|
||||||
ssl_cert = </etc/dovecot/dovecot.pem
|
ssl_cert = </etc/dovecot/ssl/dovecot.pem
|
||||||
ssl_key = </etc/dovecot/private/dovecot.pem
|
ssl_key = </etc/dovecot/ssl/dovecot.key
|
||||||
|
|
||||||
# If key file is password protected, give the password here. Alternatively
|
# If key file is password protected, give the password here. Alternatively
|
||||||
# give it when starting dovecot with -p parameter. Since this file is often
|
# give it when starting dovecot with -p parameter. Since this file is often
|
||||||
|
|
Loading…
Reference in a new issue