github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Improved start-mailserver output (#420)

Browse source 
* Improved start-mailserver output
* Fixed rework to make tests work again
* Improved output and updated SSL certs for LE
This commit is contained in:
Thomas VIAL 2016-12-23 23:56:39 +01:00 committed by GitHub
parent 2a15ac619e
commit ccad91c23d
5 changed files with 202 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
Dockerfile
View file

@ -117,8 +117,7 @@ RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog
# Get LetsEncrypt signed certificate # Get LetsEncrypt signed certificate
RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem && \ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
curl -s https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
COPY ./target/bin /usr/local/bin COPY ./target/bin /usr/local/bin
# Start-mailserver script # Start-mailserver script

4
Makefile
View file

@ -28,7 +28,8 @@ run:
-e VIRUSMAILS_DELETE_DELAY=7 \ -e VIRUSMAILS_DELETE_DELAY=7 \
-e SASL_PASSWD="external-domain.com username:password" \ -e SASL_PASSWD="external-domain.com username:password" \
-e ENABLE_MANAGESIEVE=1 \ -e ENABLE_MANAGESIEVE=1 \
-e PERMIT_DOCKER=host\ -e PERMIT_DOCKER=host \
-e DMS_DEBUG=0 \
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
sleep 20 sleep 20
docker run -d --name mail_pop3 \ docker run -d --name mail_pop3 \
@ -36,6 +37,7 @@ run:
-v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test":/tmp/docker-mailserver-test \
-v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \ -v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \
-e ENABLE_POP3=1 \ -e ENABLE_POP3=1 \
-e DMS_DEBUG=1 \
-e SSL_TYPE=letsencrypt \ -e SSL_TYPE=letsencrypt \
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
sleep 20 sleep 20

5
README.md
View file

@ -93,6 +93,11 @@ Please check [how the container starts](https://github.com/tomav/docker-mailserv
Value in **bold** is the default value. Value in **bold** is the default value.
##### DMS_DEBUG
- **empty** (0) => Debug disabled
- 1 => Enables debug on startup
##### ENABLE_POP3 ##### ENABLE_POP3
- **empty** => POP3 service disabled - **empty** => POP3 service disabled

322
target/start-mailserver.sh
View file

@ -8,6 +8,7 @@
########################################################################## ##########################################################################
declare -A DEFAULT_VARS declare -A DEFAULT_VARS
DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}"
########################################################################## ##########################################################################
# << DEFAULT VARS # << DEFAULT VARS
########################################################################## ##########################################################################
@ -34,7 +35,8 @@ DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
# Implement them in the section-group: {check,setup,fix,start} # Implement them in the section-group: {check,setup,fix,start}
########################################################################## ##########################################################################
function register_functions() { function register_functions() {
notify 'taskgrp' 'Registering check,setup,fix,misc and start-daemons functions' notify 'taskgrp' 'Initializing setup'
notify 'task' 'Registering check,setup,fix,misc and start-daemons functions'
################### >> check funcs ################### >> check funcs
@ -75,7 +77,10 @@ function register_functions() {
_register_setup_function "_setup_security_stack" _register_setup_function "_setup_security_stack"
_register_setup_function "_setup_postfix_aliases" _register_setup_function "_setup_postfix_aliases"
_register_setup_function "_setup_postfix_vhost" _register_setup_function "_setup_postfix_vhost"
_register_setup_function "_setup_postfix_relay_amazon_ses"
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
_register_setup_function "_setup_postfix_relay_amazon_ses"
fi
################### << setup funcs ################### << setup funcs
@ -93,7 +98,8 @@ function register_functions() {
################### >> daemon funcs ################### >> daemon funcs
_register_start_daemon "_start_daemons_sys" _register_start_daemon "_start_daemons_cron"
_register_start_daemon "_start_daemons_rsyslog"
if [ "$ENABLE_ELK_FORWARDER" = 1 ]; then if [ "$ENABLE_ELK_FORWARDER" = 1 ]; then
_register_start_daemon "_start_daemons_filebeat" _register_start_daemon "_start_daemons_filebeat"
@ -191,45 +197,78 @@ function _register_misc_function() {
function notify () { function notify () {
c_red="\e[0;31m" c_red="\e[0;31m"
c_green="\e[0;32m" c_green="\e[0;32m"
c_brown="\e[0;33m"
c_blue="\e[0;34m" c_blue="\e[0;34m"
c_bold="\033[1m" c_bold="\033[1m"
c_reset="\e[0m" c_reset="\e[0m"
notification_type=$1 notification_type=$1
notification_msg=$2 notification_msg=$2
notification_format=$3
msg=""
case "${notification_type}" in case "${notification_type}" in
'inf')
msg="${c_green} * ${c_reset}${notification_msg}"
;;
'err')
msg="${c_red} * ${c_reset}${notification_msg}"
;;
'warn')
msg="${c_blue} * ${c_reset}${notification_msg}"
;;
'task')
msg=" >>>> ${notification_msg}"
;;
'taskgrp') 'taskgrp')
msg="${c_bold}${notification_msg}${c_reset}" msg="${c_bold}${notification_msg}${c_reset}"
;; ;;
'task')
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
msg=" ${notification_msg}${c_reset}"
fi
;;
'inf')
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
msg="${c_green} * ${notification_msg}${c_reset}"
fi
;;
'started')
msg="${c_green} ${notification_msg}${c_reset}"
;;
'warn')
msg="${c_brown} * ${notification_msg}${c_reset}"
;;
'err')
msg="${c_red} * ${notification_msg}${c_reset}"
;;
'fatal') 'fatal')
msg="${c_bold} >>>> ${notification_msg} <<<<${c_reset}" msg="${c_red}Error: ${notification_msg}${c_reset}"
;; ;;
*) *)
msg="" msg=""
;; ;;
esac esac
[[ ! -z "${msg}" ]] && echo -e "${msg}" case "${notification_format}" in
'n')
options="-ne"
;;
*)
options="-e"
;;
esac
[[ ! -z "${msg}" ]] && echo $options "${msg}"
} }
function defunc() { function defunc() {
notify 'fatal' "Please fix the failures. Exiting ..." notify 'fatal' "Please fix your configuration. Exiting..."
exit 1 exit 1
} }
function display_startup_daemon() {
$1 &>/dev/null
res=$?
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
if [ $res = 0 ]; then
notify 'started' " [ OK ]"
else
echo "false"
notify 'err' " [ FAILED ]"
fi
fi
return $res
}
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# ! CARE --> DON'T CHANGE, except you know exactly what you are doing # ! CARE --> DON'T CHANGE, except you know exactly what you are doing
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@ -243,7 +282,7 @@ function defunc() {
# Description: Place functions for initial check of container sanity # Description: Place functions for initial check of container sanity
########################################################################## ##########################################################################
function check() { function check() {
notify 'taskgrp' 'Checking configuration sanity:' notify 'taskgrp' 'Checking configuration'
for _func in "${FUNCS_CHECK[@]}";do for _func in "${FUNCS_CHECK[@]}";do
$_func $_func
[ $? != 0 ] && defunc [ $? != 0 ] && defunc
@ -253,11 +292,11 @@ function check() {
function _check_hostname() { function _check_hostname() {
notify "task" "Check that hostname/domainname is provided (no default docker hostname) [$FUNCNAME]" notify "task" "Check that hostname/domainname is provided (no default docker hostname) [$FUNCNAME]"
if ( ! echo $(hostname) | grep -E '^(\S+[.]\S+)$' ); then if ( ! echo $(hostname) | grep -E '^(\S+[.]\S+)$' > /dev/null ); then
notify 'err' "Setting hostname/domainname is required" notify 'err' "Setting hostname/domainname is required"
return 1 return 1
else else
notify 'inf' "Hostname has been set" notify 'inf' "Hostname has been set to $(hostname)"
return 0 return 0
fi fi
} }
@ -277,11 +316,9 @@ function _check_environment_variables() {
# Description: Place functions for functional configurations here # Description: Place functions for functional configurations here
########################################################################## ##########################################################################
function setup() { function setup() {
notify 'taskgrp' 'Setting up the Container:' notify 'taskgrp' 'Configuring mail server'
for _func in "${FUNCS_SETUP[@]}";do for _func in "${FUNCS_SETUP[@]}";do
$_func $_func
[ $? != 0 ] && defunc
done done
} }
@ -291,14 +328,14 @@ function _setup_default_vars() {
for var in ${!DEFAULT_VARS[@]}; do for var in ${!DEFAULT_VARS[@]}; do
echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1 [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1
notify 'inf' "$var=${DEFAULT_VARS[$var]} set" notify 'inf' "Set $var=${DEFAULT_VARS[$var]}"
done done
} }
function _setup_mailname() { function _setup_mailname() {
notify 'task' 'Setting up Mailname' notify 'task' 'Setting up Mailname'
echo "Creating /etc/mailname" notify 'inf' "Creating /etc/mailname"
echo $(hostname -d) > /etc/mailname echo $(hostname -d) > /etc/mailname
} }
@ -317,7 +354,7 @@ function _setup_dovecot() {
# Enable Managesieve service by setting the symlink # Enable Managesieve service by setting the symlink
# to the configuration file Dovecot will actually find # to the configuration file Dovecot will actually find
if [ "$ENABLE_MANAGESIEVE" = 1 ]; then if [ "$ENABLE_MANAGESIEVE" = 1 ]; then
echo "Sieve management enabled" notify 'inf' "Sieve management enabled"
mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
fi fi
} }
@ -327,9 +364,9 @@ function _setup_dovecot_local_user() {
echo -n > /etc/postfix/vmailbox echo -n > /etc/postfix/vmailbox
echo -n > /etc/dovecot/userdb echo -n > /etc/dovecot/userdb
if [ -f /tmp/docker-mailserver/postfix-accounts.cf -a "$ENABLE_LDAP" != 1 ]; then if [ -f /tmp/docker-mailserver/postfix-accounts.cf -a "$ENABLE_LDAP" != 1 ]; then
echo "Checking file line endings" notify 'inf' "Checking file line endings"
sed -i 's/\r//g' /tmp/docker-mailserver/postfix-accounts.cf sed -i 's/\r//g' /tmp/docker-mailserver/postfix-accounts.cf
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users" notify 'inf' "Regenerating postfix user list"
echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox
# Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline # Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
@ -349,7 +386,7 @@ function _setup_dovecot_local_user() {
user=$(echo ${login} | cut -d @ -f1) user=$(echo ${login} | cut -d @ -f1)
domain=$(echo ${login} | cut -d @ -f2) domain=$(echo ${login} | cut -d @ -f2)
# Let's go! # Let's go!
echo "user '${user}' for domain '${domain}' with password '********'" notify 'inf' "user '${user}' for domain '${domain}' with password '********'"
echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox
# User database for dovecot has the following format: # User database for dovecot has the following format:
# user:password:uid:gid:(gecos):home:(shell):extra_fields # user:password:uid:gid:(gecos):home:(shell):extra_fields
@ -370,7 +407,7 @@ function _setup_dovecot_local_user() {
echo ${domain} >> /tmp/vhost.tmp echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-accounts.cf done < /tmp/docker-mailserver/postfix-accounts.cf
else else
echo "==> Warning: 'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created." notify 'warn' "'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
fi fi
} }
@ -384,7 +421,7 @@ function _setup_ldap() {
/etc/postfix/ldap-${i}.cf /etc/postfix/ldap-${i}.cf
done done
echo "Configuring dovecot LDAP authentification" notify 'inf' "Configuring dovecot LDAP authentification"
sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \
-e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \
-e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \
@ -394,18 +431,18 @@ function _setup_ldap() {
# Add domainname to vhost. # Add domainname to vhost.
echo $(hostname -d) >> /tmp/vhost.tmp echo $(hostname -d) >> /tmp/vhost.tmp
echo "Enabling dovecot LDAP authentification" notify 'inf' "Enabling dovecot LDAP authentification"
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
echo "Configuring LDAP" notify 'inf' "Configuring LDAP"
[ -f /etc/postfix/ldap-users.cf ] && \ [ -f /etc/postfix/ldap-users.cf ] && \
postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf" || \ postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf" || \
echo '==> Warning: /etc/postfix/ldap-user.cf not found' notify 'inf' "==> Warning: /etc/postfix/ldap-user.cf not found"
[ -f /etc/postfix/ldap-aliases.cf -a -f /etc/postfix/ldap-groups.cf ] && \ [ -f /etc/postfix/ldap-aliases.cf -a -f /etc/postfix/ldap-groups.cf ] && \
postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf" || \ postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf" || \
echo '==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found' notify 'inf' "==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found"
[ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF [ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF
pwcheck_method: saslauthd pwcheck_method: saslauthd
@ -415,9 +452,9 @@ return 0
} }
function _setup_saslauthd() { function _setup_saslauthd() {
notify 'task' 'Setting up Saslauthd' notify 'task' "Setting up Saslauthd"
echo "Configuring Cyrus SASL" notify 'inf' "Configuring Cyrus SASL"
# checking env vars and setting defaults # checking env vars and setting defaults
[ -z $SASLAUTHD_MECHANISMS ] && SASLAUTHD_MECHANISMS=pam [ -z $SASLAUTHD_MECHANISMS ] && SASLAUTHD_MECHANISMS=pam
[ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam [ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam
@ -426,7 +463,7 @@ function _setup_saslauthd() {
([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://' ([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://'
if [ ! -f /etc/saslauthd.conf ]; then if [ ! -f /etc/saslauthd.conf ]; then
echo "Creating /etc/saslauthd.conf" notify 'inf' "Creating /etc/saslauthd.conf"
cat > /etc/saslauthd.conf << EOF cat > /etc/saslauthd.conf << EOF
ldap_servers: ${SASLAUTHD_LDAP_PROTO}${SASLAUTHD_LDAP_SERVER} ldap_servers: ${SASLAUTHD_LDAP_PROTO}${SASLAUTHD_LDAP_SERVER}
@ -477,11 +514,11 @@ function _setup_postfix_aliases() {
test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-virtual.cf done < /tmp/docker-mailserver/postfix-virtual.cf
else else
echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created." notify 'inf' "Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
fi fi
if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then
# Copying regexp alias file # Copying regexp alias file
echo "Adding regexp alias file postfix-regexp.cf" notify 'inf' "Adding regexp alias file postfix-regexp.cf"
cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp
sed -i -e '/^virtual_alias_maps/{ sed -i -e '/^virtual_alias_maps/{
s/ regexp:.*// s/ regexp:.*//
@ -493,18 +530,18 @@ function _setup_postfix_aliases() {
function _setup_dkim() { function _setup_dkim() {
notify 'task' 'Setting up DKIM' notify 'task' 'Setting up DKIM'
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
# Check if keys are already available # Check if keys are already available
if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/ cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`" notify 'inf' "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
echo "Changing permissions on /etc/opendkim" notify 'inf' "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/ chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right # And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/ chmod -R 0700 /etc/opendkim/keys/
else else
echo "No DKIM key provided. Check the documentation to find how to get your keys." notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
fi fi
} }
@ -524,7 +561,7 @@ function _setup_ssl() {
KEY="key" KEY="key"
fi fi
if [ -n "$KEY" ]; then if [ -n "$KEY" ]; then
echo "Adding $(hostname) SSL certificate" notify 'inf' "Adding $(hostname) SSL certificate"
# Postfix configuration # Postfix configuration
sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$(hostname)'/fullchain.pem~g' /etc/postfix/main.cf sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$(hostname)'/fullchain.pem~g' /etc/postfix/main.cf
@ -534,14 +571,14 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$(hostname)'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$(hostname)'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/letsencrypt/live/'$(hostname)'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/letsencrypt/live/'$(hostname)'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'letsencrypt' certificates" notify 'inf' "SSL configured with 'letsencrypt' certificates"
fi fi
fi fi
;; ;;
"custom" ) "custom" )
# Adding CA signed SSL certificate if provided in 'postfix/ssl' folder # Adding CA signed SSL certificate if provided in 'postfix/ssl' folder
if [ -e "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" ]; then if [ -e "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" ]; then
echo "Adding $(hostname) SSL certificate" notify 'inf' "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" /etc/postfix/ssl cp "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" /etc/postfix/ssl
@ -553,14 +590,14 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'CA signed/custom' certificates" notify 'inf' "SSL configured with 'CA signed/custom' certificates"
fi fi
;; ;;
"manual" ) "manual" )
# Lets you manually specify the location of the SSL Certs to use. This gives you some more control over this whole processes (like using kube-lego to generate certs) # Lets you manually specify the location of the SSL Certs to use. This gives you some more control over this whole processes (like using kube-lego to generate certs)
if [ -n "$SSL_CERT_PATH" ] \ if [ -n "$SSL_CERT_PATH" ] \
&& [ -n "$SSL_KEY_PATH" ]; then && [ -n "$SSL_KEY_PATH" ]; then
echo "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH" notify 'inf' "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp "$SSL_CERT_PATH" /etc/postfix/ssl/cert cp "$SSL_CERT_PATH" /etc/postfix/ssl/cert
cp "$SSL_KEY_PATH" /etc/postfix/ssl/key cp "$SSL_KEY_PATH" /etc/postfix/ssl/key
@ -575,7 +612,7 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'Manual' certificates" notify 'inf' "SSL configured with 'Manual' certificates"
fi fi
;; ;;
"self-signed" ) "self-signed" )
@ -584,7 +621,7 @@ function _setup_ssl() {
&& [ -e "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" ] \ && [ -e "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" ] \
&& [ -e "/tmp/docker-mailserver/ssl/$(hostname)-combined.pem" ] \ && [ -e "/tmp/docker-mailserver/ssl/$(hostname)-combined.pem" ] \
&& [ -e "/tmp/docker-mailserver/ssl/demoCA/cacert.pem" ]; then && [ -e "/tmp/docker-mailserver/ssl/demoCA/cacert.pem" ]; then
echo "Adding $(hostname) SSL certificate" notify 'inf' "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-cert.pem" /etc/postfix/ssl cp "/tmp/docker-mailserver/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" /etc/postfix/ssl cp "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" /etc/postfix/ssl
@ -604,7 +641,7 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'self-signed' certificates" notify 'inf' "SSL configured with 'self-signed' certificates"
fi fi
;; ;;
esac esac
@ -626,30 +663,26 @@ function _setup_docker_permit() {
case $PERMIT_DOCKER in case $PERMIT_DOCKER in
"host" ) "host" )
echo "Adding $container_network/16 to my networks" notify 'inf' "Adding $container_network/16 to my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_network/16" postconf -e "$(postconf | grep '^mynetworks =') $container_network/16"
bash -c "echo $container_network/16 >> /etc/opendmarc/ignore.hosts" echo $container_network/16 >> /etc/opendmarc/ignore.hosts
bash -c "echo $container_network/16 >> /etc/opendkim/TrustedHosts" echo $container_network/16 >> /etc/opendkim/TrustedHosts
;; ;;
"network" ) "network" )
echo "Adding docker network in my networks" notify 'inf' "Adding docker network in my networks"
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12" postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
bash -c "echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts" echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
bash -c "echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts" echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
;; ;;
* ) * )
echo "Adding container ip in my networks" notify 'inf' "Adding container ip in my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32" postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32"
bash -c "echo $container_ip/32 >> /etc/opendmarc/ignore.hosts" echo $container_ip/32 >> /etc/opendmarc/ignore.hosts
bash -c "echo $container_ip/32 >> /etc/opendkim/TrustedHosts" echo $container_ip/32 >> /etc/opendkim/TrustedHosts
;; ;;
esac esac
# @TODO fix: bash: /etc/opendkim/TrustedHosts: No such file or directory
# temporary workarround return success
return 0
} }
function _setup_postfix_override_configuration() { function _setup_postfix_override_configuration() {
@ -659,9 +692,9 @@ function _setup_postfix_override_configuration() {
while read line; do while read line; do
postconf -e "$line" postconf -e "$line"
done < /tmp/docker-mailserver/postfix-main.cf done < /tmp/docker-mailserver/postfix-main.cf
echo "Loaded 'config/postfix-main.cf'" notify 'inf' "Loaded 'config/postfix-main.cf'"
else else
echo "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided." notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
fi fi
} }
@ -678,45 +711,41 @@ function _setup_postfix_sasl_password() {
if [ -f /etc/postfix/sasl_passwd ]; then if [ -f /etc/postfix/sasl_passwd ]; then
chown root:root /etc/postfix/sasl_passwd chown root:root /etc/postfix/sasl_passwd
chmod 0600 /etc/postfix/sasl_passwd chmod 0600 /etc/postfix/sasl_passwd
echo "Loaded SASL_PASSWD" notify 'inf' "Loaded SASL_PASSWD"
else else
echo "==> Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created." notify 'inf' "Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created."
fi fi
} }
function _setup_postfix_relay_amazon_ses() { function _setup_postfix_relay_amazon_ses() {
notify 'task' 'Setting up Postfix Relay Amazon SES' notify 'task' 'Setting up Postfix Relay Amazon SES'
if [ -z "$AWS_SES_PORT" ];then
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then AWS_SES_PORT=25
if [ -z "$AWS_SES_PORT" ];then
AWS_SES_PORT=25
fi
echo "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT"
echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd
postconf -e \
"relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes" \
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
fi fi
notify 'inf' "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT"
echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd
postconf -e \
"relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \
"smtp_sasl_auth_enable = yes" \
"smtp_sasl_security_options = noanonymous" \
"smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd" \
"smtp_use_tls = yes" \
"smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes" \
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
} }
function _setup_security_stack() { function _setup_security_stack() {
notify 'task' 'Setting up Security Stack' notify 'task' "Setting up Security Stack"
echo "Configuring Spamassassin" notify 'inf' "Configuring Spamassassin"
SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults
SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults
SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/ test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
if [ "$ENABLE_FAIL2BAN" = 1 ]; then if [ "$ENABLE_FAIL2BAN" = 1 ]; then
echo "Fail2ban enabled" notify 'inf' "Fail2ban enabled"
test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
else else
# Disable logrotate config for fail2ban if not enabled # Disable logrotate config for fail2ban if not enabled
@ -737,7 +766,7 @@ function _setup_elk_forwarder() {
ELK_PORT=${ELK_PORT:="5044"} ELK_PORT=${ELK_PORT:="5044"}
ELK_HOST=${ELK_HOST:="elk"} ELK_HOST=${ELK_HOST:="elk"}
echo "Enabling log forwarding to ELK ($ELK_HOST:$ELK_PORT)" notify 'inf' "Enabling log forwarding to ELK ($ELK_HOST:$ELK_PORT)"
cat /etc/filebeat/filebeat.yml.tmpl \ cat /etc/filebeat/filebeat.yml.tmpl \
| sed "s@\$ELK_HOST@$ELK_HOST@g" \ | sed "s@\$ELK_HOST@$ELK_HOST@g" \
| sed "s@\$ELK_PORT@$ELK_PORT@g" \ | sed "s@\$ELK_PORT@$ELK_PORT@g" \
@ -754,7 +783,7 @@ function _setup_elk_forwarder() {
# Description: Place functions for temporary workarounds and fixes here # Description: Place functions for temporary workarounds and fixes here
########################################################################## ##########################################################################
function fix() { function fix() {
notify 'taskgrg' "Starting to fix:" notify 'taskgrg' "Post-configuration checks..."
for _func in "${FUNCS_FIX[@]}";do for _func in "${FUNCS_FIX[@]}";do
$_func $_func
[ $? != 0 ] && defunc [ $? != 0 ] && defunc
@ -766,10 +795,10 @@ function _fix_var_mail_permissions() {
# Fix permissions, but skip this if 3 levels deep the user id is already set # Fix permissions, but skip this if 3 levels deep the user id is already set
if [ `find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | grep -c .` != 0 ]; then if [ `find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | grep -c .` != 0 ]; then
notify 'inf' "Fixing /var/mail permissions"
chown -R 5000:5000 /var/mail chown -R 5000:5000 /var/mail
echo "/var/mail permissions fixed"
else else
echo "Permissions in /var/mail look OK" notify 'inf' "Permissions in /var/mail look OK"
fi fi
} }
########################################################################## ##########################################################################
@ -783,11 +812,11 @@ function _fix_var_mail_permissions() {
# Description: Place functions that do not fit in the sections above here # Description: Place functions that do not fit in the sections above here
########################################################################## ##########################################################################
function misc() { function misc() {
notify 'taskgrp' 'Starting Misc:' notify 'taskgrp' 'Starting Misc'
for _func in "${FUNCS_MISC[@]}";do for _func in "${FUNCS_MISC[@]}";do
$_func $_func
[ $? != 0 ] && defunc [ $? != 0 ] && defunc
done done
} }
@ -796,19 +825,19 @@ function _misc_save_states() {
# directory # directory
statedir=/var/mail-state statedir=/var/mail-state
if [ "$ONE_DIR" = 1 -a -d $statedir ]; then if [ "$ONE_DIR" = 1 -a -d $statedir ]; then
echo "Consolidating all state onto $statedir" notify 'inf' "Consolidating all state onto $statedir"
for d in /var/spool/postfix /var/lib/postfix /var/lib/amavis /var/lib/clamav /var/lib/spamassasin /var/lib/fail2ban; do for d in /var/spool/postfix /var/lib/postfix /var/lib/amavis /var/lib/clamav /var/lib/spamassasin /var/lib/fail2ban; do
dest=$statedir/`echo $d | sed -e 's/.var.//; s/\//-/g'` dest=$statedir/`echo $d | sed -e 's/.var.//; s/\//-/g'`
if [ -d $dest ]; then if [ -d $dest ]; then
echo " Destination $dest exists, linking $d to it" notify 'inf' " Destination $dest exists, linking $d to it"
rm -rf $d rm -rf $d
ln -s $dest $d ln -s $dest $d
elif [ -d $d ]; then elif [ -d $d ]; then
echo " Moving contents of $d to $dest:" `ls $d` notify 'inf' " Moving contents of $d to $dest:" `ls $d`
mv $d $dest mv $d $dest
ln -s $dest $d ln -s $dest $d
else else
echo " Linking $d to $dest" notify 'inf' " Linking $d to $dest"
mkdir -p $dest mkdir -p $dest
ln -s $dest $d ln -s $dest $d
fi fi
@ -821,65 +850,66 @@ function _misc_save_states() {
# >> Start Daemons # >> Start Daemons
########################################################################## ##########################################################################
function start_daemons() { function start_daemons() {
notify 'taskgrp' 'Starting Daemons' notify 'taskgrp' 'Starting mail server'
for _func in "${DAEMONS_START[@]}";do for _func in "${DAEMONS_START[@]}";do
$_func $_func
[ $? != 0 ] && defunc [ $? != 0 ] && defunc
done done
} }
function _start_daemons_sys() { function _start_daemons_cron() {
notify 'task' 'Starting Cron' notify 'task' 'Starting cron' 'n'
cron display_startup_daemon "cron"
}
notify 'task' 'Starting rsyslog' function _start_daemons_rsyslog() {
/etc/init.d/rsyslog start notify 'task' 'Starting rsyslog' 'n'
display_startup_daemon "/etc/init.d/rsyslog start"
} }
function _start_daemons_saslauthd() { function _start_daemons_saslauthd() {
notify "task" "Starting saslauthd" notify 'task' 'Starting saslauthd' 'n'
/etc/init.d/saslauthd start display_startup_daemon "/etc/init.d/saslauthd start"
} }
function _start_daemons_fail2ban() { function _start_daemons_fail2ban() {
notify 'task' 'Starting fail2ban' notify 'task' 'Starting fail2ban' 'n'
touch /var/log/auth.log touch /var/log/auth.log
# Delete fail2ban.sock that probably was left here after container restart # Delete fail2ban.sock that probably was left here after container restart
if [ -e /var/run/fail2ban/fail2ban.sock ]; then if [ -e /var/run/fail2ban/fail2ban.sock ]; then
rm /var/run/fail2ban/fail2ban.sock rm /var/run/fail2ban/fail2ban.sock
fi fi
/etc/init.d/fail2ban start display_startup_daemon "/etc/init.d/fail2ban start"
} }
function _start_daemons_opendkim() { function _start_daemons_opendkim() {
notify 'task' 'Starting opendkim' notify 'task' 'Starting opendkim' 'n'
/etc/init.d/opendkim start display_startup_daemon "/etc/init.d/opendkim start"
} }
function _start_daemons_opendmarc() { function _start_daemons_opendmarc() {
notify 'task' 'Starting opendmarc' notify 'task' 'Starting opendmarc' 'n'
/etc/init.d/opendmarc start display_startup_daemon "/etc/init.d/opendmarc start"
} }
function _start_daemons_postfix() { function _start_daemons_postfix() {
notify 'task' 'Starting postfix' notify 'task' 'Starting postfix' 'n'
/etc/init.d/postfix start display_startup_daemon "/etc/init.d/postfix start"
} }
function _start_daemons_dovecot() { function _start_daemons_dovecot() {
# Here we are starting sasl and imap, not pop3 because it's disabled by default # Here we are starting sasl and imap, not pop3 because it's disabled by default
notify 'task' "Starting dovecot services" notify 'task' 'Starting dovecot services' 'n'
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf display_startup_daemon "/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf"
if [ "$ENABLE_POP3" = 1 ]; then if [ "$ENABLE_POP3" = 1 ]; then
echo "Starting POP3 services" notify 'task' 'Starting pop3 services' 'n'
mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol
/usr/sbin/dovecot reload display_startup_daemon "/usr/sbin/dovecot reload"
fi fi
if [ -f /tmp/docker-mailserver/dovecot.cf ]; then if [ -f /tmp/docker-mailserver/dovecot.cf ]; then
echo 'Adding file "dovecot.cf" to the Dovecot configuration'
cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf
/usr/sbin/dovecot reload /usr/sbin/dovecot reload
fi fi
@ -895,25 +925,24 @@ function _start_daemons_dovecot() {
} }
function _start_daemons_filebeat() { function _start_daemons_filebeat() {
notify 'task' 'Starting FileBeat' notify 'task' 'Starting filebeat' 'n'
/etc/init.d/filebeat start display_startup_daemon "/etc/init.d/filebeat start"
} }
function _start_daemons_fetchmail() { function _start_daemons_fetchmail() {
notify 'task' 'Starting fetchmail' notify 'task' 'Starting fetchmail' 'n'
/usr/local/bin/setup-fetchmail /usr/local/bin/setup-fetchmail
echo "Fetchmail enabled" display_startup_daemon "/etc/init.d/fetchmail start"
/etc/init.d/fetchmail start
} }
function _start_daemons_clamav() { function _start_daemons_clamav() {
notify 'task' "Starting clamav" notify 'task' 'Starting clamav' 'n'
/etc/init.d/clamav-daemon start display_startup_daemon "/etc/init.d/clamav-daemon start"
} }
function _start_daemons_amavis() { function _start_daemons_amavis() {
notify 'task' 'Starting Daemon Amavis' notify 'task' 'Starting amavis' 'n'
/etc/init.d/amavis start display_startup_daemon "/etc/init.d/amavis start"
# @TODO fix: on integration test of mail_with_ldap amavis fails because of: # @TODO fix: on integration test of mail_with_ldap amavis fails because of:
# Starting amavisd: The value of variable $myhostname is "ldap", but should have been # Starting amavisd: The value of variable $myhostname is "ldap", but should have been
@ -922,7 +951,7 @@ function _start_daemons_amavis() {
# in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's # in /etc/amavis/conf.d/05-node_id, or fix what uname(3) provides as a host's
# network name! # network name!
# > temporary workaround to passe integration test # > temporary workaround to pass integration test
return 0 return 0
} }
########################################################################## ##########################################################################
@ -938,6 +967,24 @@ function _start_daemons_amavis() {
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# >> # >>
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' "# ENV"
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' ""
printenv
fi
notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' "# docker-mailserver"
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' ""
register_functions register_functions
@ -947,7 +994,14 @@ fix
misc misc
start_daemons start_daemons
tail -f /var/log/mail/mail.log notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "# $(hostname) is up and running"
notify 'taskgrp' "#"
notify 'taskgrp' ""
tail -fn 0 /var/log/mail/mail.log
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

13
test/tests.bats
View file

@ -402,13 +402,8 @@
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@test "checking ssl: lets-encrypt-x1-cross-signed.pem is installed" { @test "checking ssl: lets-encrypt-x3-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
[ "$status" -eq 0 ]
}
@test "checking ssl: lets-encrypt-x2-cross-signed.pem is installed" {
run docker exec mail grep 'BEGIN CERTIFICATE' /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@ -483,7 +478,7 @@
# Getting mail_fail2ban container IP # Getting mail_fail2ban container IP
MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban) MAIL_FAIL2BAN_IP=$(docker inspect --format '{{ .NetworkSettings.IPAddress }}' mail_fail2ban)
# Create a container which will send wront authentications and should banned # Create a container which will send wrong authentications and should banned
docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d $(docker inspect --format '{{ .Config.Image }}' mail) tail -f /var/log/faillog docker run --name fail-auth-mailer -e MAIL_FAIL2BAN_IP=$MAIL_FAIL2BAN_IP -v "$(pwd)/test":/tmp/docker-mailserver-test -d $(docker inspect --format '{{ .Config.Image }}' mail) tail -f /var/log/faillog
docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt' docker exec fail-auth-mailer /bin/sh -c 'nc $MAIL_FAIL2BAN_IP 25 < /tmp/docker-mailserver-test/auth/smtp-auth-login-wrong.txt'
@ -577,6 +572,8 @@
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log run docker exec mail grep -i 'permission denied' /var/log/mail/mail.log
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
run docker exec mail grep -i '(!)connect' /var/log/mail/mail.log
[ "$status" -eq 1 ]
run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log run docker exec mail_pop3 grep 'non-null host address bits in' /var/log/mail/mail.log
[ "$status" -eq 1 ] [ "$status" -eq 1 ]
run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log run docker exec mail_pop3 grep ': error:' /var/log/mail/mail.log