github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Improved start-mailserver output (#420)

Browse source 
* Improved start-mailserver output
* Fixed rework to make tests work again
* Improved output and updated SSL certs for LE
This commit is contained in:
Thomas VIAL 2016-12-23 23:56:39 +01:00 committed by GitHub
parent 2a15ac619e
commit ccad91c23d
5 changed files with 202 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -117,8 +117,7 @@ RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog
# Get LetsEncrypt signed certificate
RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem && \
curl -s https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
COPY ./target/bin /usr/local/bin
# Start-mailserver script

4
Makefile
View file

@ -28,7 +28,8 @@ run:
-e VIRUSMAILS_DELETE_DELAY=7 \
-e SASL_PASSWD="external-domain.com username:password" \
-e ENABLE_MANAGESIEVE=1 \
-e PERMIT_DOCKER=host\
-e PERMIT_DOCKER=host \
-e DMS_DEBUG=0 \
-h mail.my-domain.com -t $(NAME)
sleep 20
docker run -d --name mail_pop3 \
@ -36,6 +37,7 @@ run:
-v "`pwd`/test":/tmp/docker-mailserver-test \
-v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \
-e ENABLE_POP3=1 \
-e DMS_DEBUG=1 \
-e SSL_TYPE=letsencrypt \
-h mail.my-domain.com -t $(NAME)
sleep 20

5
README.md
View file

@ -93,6 +93,11 @@ Please check [how the container starts](https://github.com/tomav/docker-mailserv
Value in **bold** is the default value.
##### DMS_DEBUG
- **empty** (0) => Debug disabled
- 1 => Enables debug on startup
##### ENABLE_POP3
- **empty** => POP3 service disabled

322
target/start-mailserver.sh
View file

@ -8,6 +8,7 @@
##########################################################################
declare -A DEFAULT_VARS
DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}"
##########################################################################
# << DEFAULT VARS
##########################################################################
@ -34,7 +35,8 @@ DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
# Implement them in the section-group: {check,setup,fix,start}
##########################################################################
function register_functions() {
notify 'taskgrp' 'Registering check,setup,fix,misc and start-daemons functions'
notify 'taskgrp' 'Initializing setup'
notify 'task' 'Registering check,setup,fix,misc and start-daemons functions'
################### >> check funcs
@ -75,7 +77,10 @@ function register_functions() {
_register_setup_function "_setup_security_stack"
_register_setup_function "_setup_postfix_aliases"
_register_setup_function "_setup_postfix_vhost"
_register_setup_function "_setup_postfix_relay_amazon_ses"
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
_register_setup_function "_setup_postfix_relay_amazon_ses"
fi
################### << setup funcs
@ -93,7 +98,8 @@ function register_functions() {
################### >> daemon funcs
_register_start_daemon "_start_daemons_sys"
_register_start_daemon "_start_daemons_cron"
_register_start_daemon "_start_daemons_rsyslog"
if [ "$ENABLE_ELK_FORWARDER" = 1 ]; then
_register_start_daemon "_start_daemons_filebeat"
@ -191,45 +197,78 @@ function _register_misc_function() {
function notify () {
c_red="\e[0;31m"
c_green="\e[0;32m"
c_brown="\e[0;33m"
c_blue="\e[0;34m"
c_bold="\033[1m"
c_reset="\e[0m"
notification_type=$1
notification_msg=$2
notification_format=$3
msg=""
case "${notification_type}" in
'inf')
msg="${c_green} * ${c_reset}${notification_msg}"
;;
'err')
msg="${c_red} * ${c_reset}${notification_msg}"
;;
'warn')
msg="${c_blue} * ${c_reset}${notification_msg}"
;;
'task')
msg=" >>>> ${notification_msg}"
;;
'taskgrp')
msg="${c_bold}${notification_msg}${c_reset}"
;;
'task')
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
msg=" ${notification_msg}${c_reset}"
fi
;;
'inf')
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
msg="${c_green} * ${notification_msg}${c_reset}"
fi
;;
'started')
msg="${c_green} ${notification_msg}${c_reset}"
;;
'warn')
msg="${c_brown} * ${notification_msg}${c_reset}"
;;
'err')
msg="${c_red} * ${notification_msg}${c_reset}"
;;
'fatal')
msg="${c_bold} >>>> ${notification_msg} <<<<${c_reset}"
msg="${c_red}Error: ${notification_msg}${c_reset}"
;;
*)
msg=""
;;
esac
[[ ! -z "${msg}" ]] && echo -e "${msg}"
case "${notification_format}" in
'n')
options="-ne"
;;
*)
options="-e"
;;
esac
[[ ! -z "${msg}" ]] && echo $options "${msg}"
}
function defunc() {
notify 'fatal' "Please fix the failures. Exiting ..."
notify 'fatal' "Please fix your configuration. Exiting..."
exit 1
}
function display_startup_daemon() {
$1 &>/dev/null
res=$?
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
if [ $res = 0 ]; then
notify 'started' " [ OK ]"
else
echo "false"
notify 'err' " [ FAILED ]"
fi
fi
return $res
}
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# ! CARE --> DON'T CHANGE, except you know exactly what you are doing
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@ -243,7 +282,7 @@ function defunc() {
# Description: Place functions for initial check of container sanity
##########################################################################
function check() {
notify 'taskgrp' 'Checking configuration sanity:'
notify 'taskgrp' 'Checking configuration'
for _func in "${FUNCS_CHECK[@]}";do
$_func
[ $? != 0 ] && defunc
@ -253,11 +292,11 @@ function check() {
function _check_hostname() {
notify "task" "Check that hostname/domainname is provided (no default docker hostname) [$FUNCNAME]"
if ( ! echo $(hostname) | grep -E '^(\S+[.]\S+)$' ); then
if ( ! echo $(hostname) | grep -E '^(\S+[.]\S+)$' > /dev/null ); then
notify 'err' "Setting hostname/domainname is required"
return 1
else
notify 'inf' "Hostname has been set"
notify 'inf' "Hostname has been set to $(hostname)"
return 0
fi
}
@ -277,11 +316,9 @@ function _check_environment_variables() {
# Description: Place functions for functional configurations here
##########################################################################
function setup() {
notify 'taskgrp' 'Setting up the Container:'
notify 'taskgrp' 'Configuring mail server'
for _func in "${FUNCS_SETUP[@]}";do
$_func
[ $? != 0 ] && defunc
done
}
@ -291,14 +328,14 @@ function _setup_default_vars() {
for var in ${!DEFAULT_VARS[@]}; do
echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1
notify 'inf' "$var=${DEFAULT_VARS[$var]} set"
notify 'inf' "Set $var=${DEFAULT_VARS[$var]}"
done
}
function _setup_mailname() {
notify 'task' 'Setting up Mailname'
echo "Creating /etc/mailname"
notify 'inf' "Creating /etc/mailname"
echo $(hostname -d) > /etc/mailname
}
@ -317,7 +354,7 @@ function _setup_dovecot() {
# Enable Managesieve service by setting the symlink
# to the configuration file Dovecot will actually find
if [ "$ENABLE_MANAGESIEVE" = 1 ]; then
echo "Sieve management enabled"
notify 'inf' "Sieve management enabled"
mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
fi
}
@ -327,9 +364,9 @@ function _setup_dovecot_local_user() {
echo -n > /etc/postfix/vmailbox
echo -n > /etc/dovecot/userdb
if [ -f /tmp/docker-mailserver/postfix-accounts.cf -a "$ENABLE_LDAP" != 1 ]; then
echo "Checking file line endings"
notify 'inf' "Checking file line endings"
sed -i 's/\r//g' /tmp/docker-mailserver/postfix-accounts.cf
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
notify 'inf' "Regenerating postfix user list"
echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox
# Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
@ -349,7 +386,7 @@ function _setup_dovecot_local_user() {
user=$(echo ${login} | cut -d @ -f1)
domain=$(echo ${login} | cut -d @ -f2)
# Let's go!
echo "user '${user}' for domain '${domain}' with password '********'"
notify 'inf' "user '${user}' for domain '${domain}' with password '********'"
echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox
# User database for dovecot has the following format:
# user:password:uid:gid:(gecos):home:(shell):extra_fields
@ -370,7 +407,7 @@ function _setup_dovecot_local_user() {
echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-accounts.cf
else
echo "==> Warning: 'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
notify 'warn' "'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
fi
}
@ -384,7 +421,7 @@ function _setup_ldap() {
/etc/postfix/ldap-${i}.cf
done
echo "Configuring dovecot LDAP authentification"
notify 'inf' "Configuring dovecot LDAP authentification"
sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \
-e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \
-e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \
@ -394,18 +431,18 @@ function _setup_ldap() {
# Add domainname to vhost.
echo $(hostname -d) >> /tmp/vhost.tmp
echo "Enabling dovecot LDAP authentification"
notify 'inf' "Enabling dovecot LDAP authentification"
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
echo "Configuring LDAP"
notify 'inf' "Configuring LDAP"
[ -f /etc/postfix/ldap-users.cf ] && \
postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf" || \
echo '==> Warning: /etc/postfix/ldap-user.cf not found'
notify 'inf' "==> Warning: /etc/postfix/ldap-user.cf not found"
[ -f /etc/postfix/ldap-aliases.cf -a -f /etc/postfix/ldap-groups.cf ] && \
postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf" || \
echo '==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found'
notify 'inf' "==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found"
[ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF
pwcheck_method: saslauthd
@ -415,9 +452,9 @@ return 0
}
function _setup_saslauthd() {
notify 'task' 'Setting up Saslauthd'
notify 'task' "Setting up Saslauthd"
echo "Configuring Cyrus SASL"
notify 'inf' "Configuring Cyrus SASL"
# checking env vars and setting defaults
[ -z $SASLAUTHD_MECHANISMS ] && SASLAUTHD_MECHANISMS=pam
[ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam
@ -426,7 +463,7 @@ function _setup_saslauthd() {
([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://'
if [ ! -f /etc/saslauthd.conf ]; then
echo "Creating /etc/saslauthd.conf"
notify 'inf' "Creating /etc/saslauthd.conf"
cat > /etc/saslauthd.conf << EOF
ldap_servers: ${SASLAUTHD_LDAP_PROTO}${SASLAUTHD_LDAP_SERVER}
@ -477,11 +514,11 @@ function _setup_postfix_aliases() {
test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-virtual.cf
else
echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
notify 'inf' "Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
fi
if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then
# Copying regexp alias file
echo "Adding regexp alias file postfix-regexp.cf"
notify 'inf' "Adding regexp alias file postfix-regexp.cf"
cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp
sed -i -e '/^virtual_alias_maps/{
s/ regexp:.*//
@ -493,18 +530,18 @@ function _setup_postfix_aliases() {
function _setup_dkim() {
notify 'task' 'Setting up DKIM'
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
# Check if keys are already available
if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
echo "Changing permissions on /etc/opendkim"
# chown entire directory
notify 'inf' "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
notify 'inf' "Changing permissions on /etc/opendkim"
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
else
echo "No DKIM key provided. Check the documentation to find how to get your keys."
notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
fi
}
@ -524,7 +561,7 @@ function _setup_ssl() {
KEY="key"
fi
if [ -n "$KEY" ]; then
echo "Adding $(hostname) SSL certificate"
notify 'inf' "Adding $(hostname) SSL certificate"
# Postfix configuration
sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$(hostname)'/fullchain.pem~g' /etc/postfix/main.cf
@ -534,14 +571,14 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$(hostname)'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/letsencrypt/live/'$(hostname)'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'letsencrypt' certificates"
notify 'inf' "SSL configured with 'letsencrypt' certificates"
fi
fi
;;
"custom" )
# Adding CA signed SSL certificate if provided in 'postfix/ssl' folder
if [ -e "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" ]; then
echo "Adding $(hostname) SSL certificate"
notify 'inf' "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" /etc/postfix/ssl
@ -553,14 +590,14 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'CA signed/custom' certificates"
notify 'inf' "SSL configured with 'CA signed/custom' certificates"
fi
;;
"manual" )
# Lets you manually specify the location of the SSL Certs to use. This gives you some more control over this whole processes (like using kube-lego to generate certs)
if [ -n "$SSL_CERT_PATH" ] \
&& [ -n "$SSL_KEY_PATH" ]; then
echo "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH"
notify 'inf' "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH"
mkdir -p /etc/postfix/ssl
cp "$SSL_CERT_PATH" /etc/postfix/ssl/cert
cp "$SSL_KEY_PATH" /etc/postfix/ssl/key
@ -575,7 +612,7 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'Manual' certificates"
notify 'inf' "SSL configured with 'Manual' certificates"
fi
;;
"self-signed" )
@ -584,7 +621,7 @@ function _setup_ssl() {
&& [ -e "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" ] \
&& [ -e "/tmp/docker-mailserver/ssl/$(hostname)-combined.pem" ] \
&& [ -e "/tmp/docker-mailserver/ssl/demoCA/cacert.pem" ]; then
echo "Adding $(hostname) SSL certificate"
notify 'inf' "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" /etc/postfix/ssl
@ -604,7 +641,7 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'self-signed' certificates"
notify 'inf' "SSL configured with 'self-signed' certificates"
fi
;;
esac
@ -626,30 +663,26 @@ function _setup_docker_permit() {
case $PERMIT_DOCKER in
"host" )
echo "Adding $container_network/16 to my networks"
notify 'inf' "Adding $container_network/16 to my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_network/16"
bash -c "echo $container_network/16 >> /etc/opendmarc/ignore.hosts"
bash -c "echo $container_network/16 >> /etc/opendkim/TrustedHosts"
echo $container_network/16 >> /etc/opendmarc/ignore.hosts
echo $container_network/16 >> /etc/opendkim/TrustedHosts
;;
"network" )
echo "Adding docker network in my networks"
notify 'inf' "Adding docker network in my networks"
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
bash -c "echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts"
bash -c "echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts"
echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
;;
* )
echo "Adding container ip in my networks"
notify 'inf' "Adding container ip in my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32"
bash -c "echo $container_ip/32 >> /etc/opendmarc/ignore.hosts"
bash -c "echo $container_ip/32 >> /etc/opendkim/TrustedHosts"
echo $container_ip/32 >> /etc/opendmarc/ignore.hosts
echo $container_ip/32 >> /etc/opendkim/TrustedHosts
;;
esac
# @TODO fix: bash: /etc/opendkim/TrustedHosts: No such file or directory
# temporary workarround return success
return 0
}
function _setup_postfix_override_configuration() {
@ -659,9 +692,9 @@ function _setup_postfix_override_configuration() {
while read line; do
postconf -e "$line"
done < /tmp/docker-mailserver/postfix-main.cf
echo "Loaded 'config/postfix-main.cf'"
notify 'inf' "Loaded 'config/postfix-main.cf'"
else
echo "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
fi
}
@ -678,45 +711,41 @@ function _setup_postfix_sasl_password() {
if [ -f /etc/postfix/sasl_passwd ]; then
chown root:root /etc/postfix/sasl_passwd
chmod 0600 /etc/postfix/sasl_passwd
echo "Loaded SASL_PASSWD"
notify 'inf' "Loaded SASL_PASSWD"
else
echo "==> Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created."
notify 'inf' "Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created."
fi
}
function _setup_postfix_relay_amazon_ses() {
notify 'task' 'Setting up Postfix Relay Amazon SES'
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
if [ -z "$AWS_SES_PORT" ];then
AWS_SES_PORT=25
fi
echo "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT"
echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd
postconf -e \
"relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes" \
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
if [ -z "$AWS_SES_PORT" ];then
AWS_SES_PORT=25
fi
notify 'inf' "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT"
echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd
postconf -e \
"relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes" \
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
}
function _setup_security_stack() {
notify 'task' 'Setting up Security Stack'
notify 'task' "Setting up Security Stack"
echo "Configuring Spamassassin"
notify 'inf' "Configuring Spamassassin"
SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults
SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults
SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
if [ "$ENABLE_FAIL2BAN" = 1 ]; then
echo "Fail2ban enabled"
notify 'inf' "Fail2ban enabled"
test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
else
# Disable logrotate config for fail2ban if not enabled
@ -737,7 +766,7 @@ function _setup_elk_forwarder() {
ELK_PORT=${ELK_PORT:="5044"}
ELK_HOST=${ELK_HOST:="elk"}
echo "Enabling log forwarding to ELK ($ELK_HOST:$ELK_PORT)"
notify 'inf' "Enabling log forwarding to ELK ($ELK_HOST:$ELK_PORT)"
cat /etc/filebeat/filebeat.yml.tmpl \
| sed "s@\$ELK_HOST@$ELK_HOST@g" \
| sed "s@\$ELK_PORT@$ELK_PORT@g" \
@ -754,7 +783,7 @@ function _setup_elk_forwarder() {
# Description: Place functions for temporary workarounds and fixes here
##########################################################################
function fix() {
notify 'taskgrg' "Starting to fix:"
notify 'taskgrg' "Post-configuration checks..."
for _func in "${FUNCS_FIX[@]}";do
$_func
[ $? != 0 ] && defunc
@ -766,10 +795,10 @@ function _fix_var_mail_permissions() {
# Fix permissions, but skip this if 3 levels deep the user id is already set
if [ `find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | grep -c .` != 0 ]; then
notify 'inf' "Fixing /var/mail permissions"
chown -R 5000:5000 /var/mail
echo "/var/mail permissions fixed"
else
echo "Permissions in /var/mail look OK"
notify 'inf' "Permissions in /var/mail look OK"
fi
}
##########################################################################
@ -783,11 +812,11 @@ function _fix_var_mail_permissions() {
# Description: Place functions that do not fit in the sections above here
##########################################################################
function misc() {
notify 'taskgrp' 'Starting Misc:'
notify 'taskgrp' 'Starting Misc'
for _func in "${FUNCS_MISC[@]}";do
$_func
[ $? != 0 ] && defunc
[ $? != 0 ] && defunc
done
}
@ -796,19 +825,19 @@ function _misc_save_states() {
# directory
statedir=/var/mail-state
if [ "$ONE_DIR" = 1 -a -d $statedir ]; then
echo "Consolidating all state onto $statedir"
notify 'inf' "Consolidating all state onto $statedir"
for d in /var/spool/postfix /var/lib/postfix /var/lib/amavis /var/lib/clamav /var/lib/spamassasin /var/lib/fail2ban; do
dest=$statedir/`echo $d | sed -e 's/.var.//; s/\//-/g'`
if [ -d $dest ]; then
echo " Destination $dest exists, linking $d to it"
notify 'inf' " Destination $dest exists, linking $d to it"
rm -rf $d
ln -s $dest $d
elif [ -d $d ]; then
echo " Moving contents of $d to $dest:" `ls $d`
notify 'inf' " Moving contents of $d to $dest:" `ls $d`
mv $d $dest
ln -s $dest $d
else
echo " Linking $d to $dest"
notify 'inf' " Linking $d to $dest"
mkdir -p $dest
ln -s $dest $d
fi
@ -821,65 +850,66 @@ function _misc_save_states() {
# >> Start Daemons
##########################################################################
function start_daemons() {
notify 'taskgrp' 'Starting Daemons'
notify 'taskgrp' 'Starting mail server'
for _func in "${DAEMONS_START[@]}";do
$_func
[ $? != 0 ] && defunc
[ $? != 0 ] && defunc
done
}
function _start_daemons_sys() {
notify 'task' 'Starting Cron'
cron
function _start_daemons_cron() {
notify 'task' 'Starting cron' 'n'
display_startup_daemon "cron"
}
notify 'task' 'Starting rsyslog'
/etc/init.d/rsyslog start
function _start_daemons_rsyslog() {
notify 'task' 'Starting rsyslog' 'n'
display_startup_daemon "/etc/init.d/rsyslog start"
}
function _start_daemons_saslauthd() {
notify "task" "Starting saslauthd"
/etc/init.d/saslauthd start
notify 'task' 'Starting saslauthd' 'n'
display_startup_daemon "/etc/init.d/saslauthd start"
}
function _start_daemons_fail2ban() {
notify 'task' 'Starting fail2ban'
notify 'task' 'Starting fail2ban' 'n'
touch /var/log/auth.log
# Delete fail2ban.sock that probably was left here after container restart
if [ -e /var/run/fail2ban/fail2ban.sock ]; then
rm /var/run/fail2ban/fail2ban.sock
fi
/etc/init.d/fail2ban start
display_startup_daemon "/etc/init.d/fail2ban start"
}
function _start_daemons_opendkim() {
notify 'task' 'Starting opendkim'
/etc/init.d/opendkim start
notify 'task' 'Starting opendkim' 'n'
display_startup_daemon "/etc/init.d/opendkim start"
}
function _start_daemons_opendmarc() {
notify 'task' 'Starting opendmarc'
/etc/init.d/opendmarc start
notify 'task' 'Starting opendmarc' 'n'
display_startup_daemon "/etc/init.d/opendmarc start"
}
function _start_daemons_postfix() {
notify 'task' 'Starting postfix'
/etc/init.d/postfix start
notify 'task' 'Starting postfix' 'n'
display_startup_daemon "/etc/init.d/postfix start"
}
function _start_daemons_dovecot() {
# Here we are starting sasl and imap, not pop3 because it's disabled by default
notify 'task' "Starting dovecot services"
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
notify 'task' 'Starting dovecot services' 'n'
display_startup_daemon "/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf"
if [ "$ENABLE_POP3" = 1 ]; then
echo "Starting POP3 services"
notify 'task' 'Starting pop3 services' 'n'
mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol
/usr/sbin/dovecot reload
display_startup_daemon "/usr/sbin/dovecot reload"
fi
if [ -f /tmp/docker-mailserver/dovecot.cf ]; then
echo 'Adding file "dovecot.cf" to the Dovecot configuration'
cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf
/usr/sbin/dovecot reload
fi
@ -895,25 +925,24 @@ function _start_daemons_dovecot() {
}
function _start_daemons_filebeat() {
notify 'task' 'Starting FileBeat'
/etc/init.d/filebeat start
notify 'task' 'Starting filebeat' 'n'
display_startup_daemon "/etc/init.d/filebeat start"
}
function _start_daemons_fetchmail() {
notify 'task' 'Starting fetchmail'
notify 'task' 'Starting fetchmail' 'n'
/usr/local/bin/setup-fetchmail
echo "Fetchmail enabled"
/etc/init.d/fetchmail start
display_startup_daemon "/etc/init.d/fetchmail start"
}
function _start_daemons_clamav() {
notify 'task' "Starting clamav"
/etc/init.d/clamav-daemon start
notify 'task' 'Starting clamav' 'n'
display_startup_daemon "/etc/init.d/clamav-daemon start"
}
function _start_daemons_amavis() {
notify 'task' 'Starting Daemon Amavis'
/etc/init.d/amavis start
notify 'task' 'Starting amavis' 'n'
display_startup_daemon "/etc/init.d/amavis start"
# @TODO fix: on integration test of mail_with_ldap amavis fails because of:
# Starting amavisd: The value of variable $myhostname is "ldap", but should have been
@ -922,7 +951,7 @@ function _start_daemons_amavis() {
# in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's
# network name!
# > temporary workaround to passe integration test
# > temporary workaround to pass integration test
return 0
}
##########################################################################
@ -938,6 +967,24 @@ function _start_daemons_amavis() {
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# >>
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' "# ENV"
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' ""
printenv
fi
notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' "# docker-mailserver"
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' ""
register_functions
@ -947,7 +994,14 @@ fix
misc
start_daemons
tail -f /var/log/mail/mail.log
notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "# $(hostname) is up and running"
notify 'taskgrp' "#"
notify 'taskgrp' ""
tail -fn 0 /var/log/mail/mail.log
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

13
test/tests.bats
View file

@ -402,13 +402,8 @@
[ "$status" -eq 0 ]
}
@test "checking ssl: lets-encrypt-x1-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem
[ "$status" -eq 0 ]
}
@test "checking ssl: lets-encrypt-x2-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
@test "checking ssl: lets-encrypt-x3-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
[ "$status" -eq 0 ]
}
@ -483,7 +478,7 @@
# Getting mail_fail2ban container IP
MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban)
# Create a container which will send wront authentications and should banned
# Create a container which will send wrong authentications and should banned
docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d $(docker inspect --format '{{ .Config.Image }}' mail) tail -f /var/log/faillog
docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
@ -577,6 +572,8 @@
[ "$status" -eq 1 ]
run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log