Merge pull request #1262 from erik-wramner/issue_1093_logwatch_pflogsum

Fix #1093, pflogsumm and logwatch.
This commit is contained in:
Erik Wramner 2019-09-16 09:43:38 +02:00 committed by GitHub
commit dc49f16117
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 173 additions and 24 deletions

View file

@ -44,6 +44,8 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
iproute2 \ iproute2 \
iptables \ iptables \
locales \ locales \
logwatch \
libdate-manip-perl \
liblz4-tool \ liblz4-tool \
libmail-spf-perl \ libmail-spf-perl \
libnet-dns-perl \ libnet-dns-perl \
@ -99,7 +101,8 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
touch /var/log/auth.log && \ touch /var/log/auth.log && \
update-locale && \ update-locale && \
rm -f /etc/cron.weekly/fstrim && \ rm -f /etc/cron.weekly/fstrim && \
rm -f /etc/postsrsd.secret rm -f /etc/postsrsd.secret && \
rm -f /etc/cron.daily/00logwatch
# install filebeat for logging # install filebeat for logging
RUN curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \ RUN curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \

View file

@ -132,6 +132,7 @@ services:
volumes: volumes:
- maildata:/var/mail - maildata:/var/mail
- mailstate:/var/mail-state - mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN=1
@ -149,6 +150,8 @@ volumes:
driver: local driver: local
mailstate: mailstate:
driver: local driver: local
maillogs:
driver: local
``` ```
__for ldap setup__: __for ldap setup__:
@ -170,6 +173,7 @@ services:
volumes: volumes:
- maildata:/var/mail - maildata:/var/mail
- mailstate:/var/mail-state - mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- ENABLE_SPAMASSASSIN=1 - ENABLE_SPAMASSASSIN=1
@ -206,6 +210,8 @@ volumes:
driver: local driver: local
mailstate: mailstate:
driver: local driver: local
maillogs:
driver: local
``` ```
# Environment variables # Environment variables
@ -347,28 +353,81 @@ Set the message size limit for all users. If set to zero, the size will be unlim
- ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail. - ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
##### REPORT_RECIPIENT ## Reports
##### PFLOGSUMM_TRIGGER
Enables regular pflogsumm mail reports.
- **not set** => No report
- daily_cron => Daily report for the previous day
- logrotate => Full report based on the mail log when it is rotated
This is a new option. The old REPORT options are still supported for backwards compatibility.
If this is not set and reports are enabled with the old options, logrotate will be used.
##### PFLOGSUMM_RECIPIENT
Recipient address for pflogsumm reports.
- **not set** => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
- => Specify the recipient address(es)
##### PFLOGSUMM_SENDER
From address for pflogsumm reports.
- **not set** => Use REPORT_SENDER or POSTMASTER_ADDRESS
- => Specify the sender address
##### LOGWATCH_INTERVAL
Interval for logwatch report.
- **none** => No report is generated
- daily => Send a daily report
- weekly => Send a report every week
##### LOGWATCH_RECIPIENT
Recipient address for logwatch reports if they are enabled.
- **not set** => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
- => Specify the recipient address(es)
##### REPORT_RECIPIENT (deprecated)
Enables a report being sent (created by pflogsumm) on a regular basis. Enables a report being sent (created by pflogsumm) on a regular basis.
- **0** => Report emails are disabled - **0** => Report emails are disabled unless enabled by other options
- 1 => Using POSTMASTER_ADDRESS as the recipient - 1 => Using POSTMASTER_ADDRESS as the recipient
- => Specify the recipient address - => Specify the recipient address
##### REPORT_SENDER ##### REPORT_SENDER (deprecated)
Change the sending address for mail report Change the sending address for mail report
- **empty** => mailserver-report@hostname - **empty** => mailserver-report@hostname
- => Specify the report sender (From) address - => Specify the report sender (From) address
##### REPORT_INTERVAL (deprecated)
##### REPORT_INTERVAL changes the interval in which logs are rotated and a report is being sent (deprecated).
changes the interval in which a report is being sent.
- **daily** => Send a daily report - **daily** => Send a daily report
- weekly => Send a report every week - weekly => Send a report every week
- monthly => Send a report every month - monthly => Send a report every month
Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/) Note: This variable used to control logrotate inside the container and sent the pflogsumm report when the logs were rotated.
It is still supported for backwards compatibility, but the new option LOGROTATE_INTERVAL has been added that only rotates
the logs.
##### LOGROTATE_INTERVAL
Defines the interval in which the mail log is being rotated.
- **daily** => Rotate daily.
- weekly => Rotate weekly.
- monthly => Rotate monthly.
Note that only the log inside the container is affected.
The full log output is still available via `docker logs mail` (or your respective container name).
If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/).
Also note that by default the logs are lost when the container is recycled. To keep the logs, mount a volume.
Finally the logrotate interval **may** affect the period for generated reports. That is the case when the reports are triggered by log rotation.
## Spamassassin ## Spamassassin

View file

@ -15,6 +15,7 @@ services:
- "993:993" - "993:993"
volumes: volumes:
- maildata:/var/mail - maildata:/var/mail
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- DMS_DEBUG=${DMS_DEBUG} - DMS_DEBUG=${DMS_DEBUG}
@ -53,6 +54,7 @@ services:
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP} - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS} - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN} - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- LOGROTATE_INTERVAL=${LOGROTATE_INTERVAL}
- DOVECOT_TLS=${DOVECOT_TLS} - DOVECOT_TLS=${DOVECOT_TLS}
- DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER} - DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER}
- DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER} - DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER}
@ -89,3 +91,5 @@ services:
volumes: volumes:
maildata: maildata:
driver: local driver: local
maillogs:
driver: local

View file

@ -13,6 +13,7 @@ services:
volumes: volumes:
- maildata:/var/mail - maildata:/var/mail
- mailstate:/var/mail-state - mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- DMS_DEBUG=${DMS_DEBUG} - DMS_DEBUG=${DMS_DEBUG}
@ -55,6 +56,7 @@ services:
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP} - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS} - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN} - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- LOGROTATE_INTERVAL=${LOGROTATE_INTERVAL}
- DOVECOT_TLS=${DOVECOT_TLS} - DOVECOT_TLS=${DOVECOT_TLS}
- DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER} - DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER}
- DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER} - DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER}
@ -91,4 +93,5 @@ volumes:
driver: local driver: local
mailstate: mailstate:
driver: local driver: local
maillogs:
driver: local

View file

@ -0,0 +1,25 @@
#!/bin/bash
set -eo
HOSTNAME=$1
RECIPIENT=$2
SENDER=$3
errex() {
echo -e "$@" 1>&2
exit 1
}
test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found"
BODY=$(gzip -cdfq $(ls -tr /var/log/mail/mail.log*) | /usr/sbin/pflogsumm --problems_first -d yesterday)
sendmail -t <<EOF
From: $SENDER
To: $RECIPIENT
Subject: Postfix summary for $HOSTNAME sent $(date '+%Y-%m-%d_%H%M%S')
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
$BODY
EOF

View file

@ -33,7 +33,8 @@ DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}" DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
DEFAULT_VARS["ENABLE_SRS"]="${ENABLE_SRS:="0"}" DEFAULT_VARS["ENABLE_SRS"]="${ENABLE_SRS:="0"}"
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}" DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}" DEFAULT_VARS["LOGROTATE_INTERVAL"]="${LOGROTATE_INTERVAL:=${REPORT_INTERVAL:-"daily"}}"
DEFAULT_VARS["LOGWATCH_INTERVAL"]="${LOGWATCH_INTERVAL:="none"}"
DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
########################################################################## ##########################################################################
@ -164,9 +165,14 @@ function register_functions() {
_register_setup_function "_setup_environment" _register_setup_function "_setup_environment"
_register_setup_function "_setup_logrotate" _register_setup_function "_setup_logrotate"
if [ "$REPORT_RECIPIENT" != 0 ]; then if [ "$PFLOGSUMM_TRIGGER" != "none" ]; then
_register_setup_function "_setup_mail_summary" _register_setup_function "_setup_mail_summary"
fi fi
if [ "$LOGWATCH_TRIGGER" != "none" ]; then
_register_setup_function "_setup_logwatch"
fi
# Compute last as the config files are modified in-place # Compute last as the config files are modified in-place
_register_setup_function "_setup_chksum_file" _register_setup_function "_setup_chksum_file"
@ -438,8 +444,26 @@ function _setup_default_vars() {
# update POSTMASTER_ADDRESS - must be done done after _check_hostname() # update POSTMASTER_ADDRESS - must be done done after _check_hostname()
DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}" DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
# update REPORT_SENDER - must be done done after _check_hostname()
DEFAULT_VARS["REPORT_SENDER"]="${REPORT_SENDER:=mailserver-report@${HOSTNAME}}" # update REPORT_SENDER - must be done done after _check_hostname()
DEFAULT_VARS["REPORT_SENDER"]="${REPORT_SENDER:=mailserver-report@${HOSTNAME}}"
DEFAULT_VARS["PFLOGSUMM_SENDER"]="${PFLOGSUMM_SENDER:=${REPORT_SENDER}}"
# set PFLOGSUMM_TRIGGER here for backwards compatibility
# when REPORT_RECIPIENT is on the old method should be used
if [ $"REPORT_RECIPIENT" != "0" ]; then
DEFAULT_VARS["PFLOGSUMM_TRIGGER"]="${PFLOGSUMM_TRIGGER:="logrotate"}"
else
DEFAULT_VARS["PFLOGSUMM_TRIGGER"]="${PFLOGSUMM_TRIGGER:="none"}"
fi
# Expand address to simplify the rest of the script
if [ $"REPORT_RECIPIENT" == "1" ]; then
REPORT_RECIPIENT="$POSTMASTER_ADDRESS"
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT}"
fi
DEFAULT_VARS["PFLOGSUMM_RECIPIENT"]="${PFLOGSUMM_RECIPIENT:=${REPORT_RECIPIENT}}"
DEFAULT_VARS["LOGWATCH_RECIPIENT"]="${LOGWATCH_RECIPIENT:=${REPORT_RECIPIENT}}"
for var in ${!DEFAULT_VARS[@]}; do for var in ${!DEFAULT_VARS[@]}; do
echo "export $var=\"${DEFAULT_VARS[$var]}\"" >> /root/.bashrc echo "export $var=\"${DEFAULT_VARS[$var]}\"" >> /root/.bashrc
@ -626,7 +650,7 @@ function _setup_dovecot_local_user() {
if [[ ! $(grep '@' /tmp/docker-mailserver/postfix-accounts.cf | grep '|') ]]; then if [[ ! $(grep '@' /tmp/docker-mailserver/postfix-accounts.cf | grep '|') ]]; then
if [ $ENABLE_LDAP -eq 0 ]; then if [ $ENABLE_LDAP -eq 0 ]; then
notify 'fatal' "Unless using LDAP, you need at least 1 email account to start the server." notify 'fatal' "Unless using LDAP, you need at least 1 email account to start Dovecot."
defunc defunc
fi fi
fi fi
@ -1385,17 +1409,17 @@ function _setup_logrotate() {
notify 'inf' "Setting up logrotate" notify 'inf' "Setting up logrotate"
LOGROTATE="/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n" LOGROTATE="/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n"
case "$REPORT_INTERVAL" in case "$LOGROTATE_INTERVAL" in
"daily" ) "daily" )
notify 'inf' "Setting postfix summary interval to daily" notify 'inf' "Setting postfix logrotate interval to daily"
LOGROTATE="$LOGROTATE rotate 1\n daily\n" LOGROTATE="$LOGROTATE rotate 1\n daily\n"
;; ;;
"weekly" ) "weekly" )
notify 'inf' "Setting postfix summary interval to weekly" notify 'inf' "Setting postfix logrotate interval to weekly"
LOGROTATE="$LOGROTATE rotate 1\n weekly\n" LOGROTATE="$LOGROTATE rotate 1\n weekly\n"
;; ;;
"monthly" ) "monthly" )
notify 'inf' "Setting postfix summary interval to monthly" notify 'inf' "Setting postfix logrotate interval to monthly"
LOGROTATE="$LOGROTATE rotate 1\n monthly\n" LOGROTATE="$LOGROTATE rotate 1\n monthly\n"
;; ;;
esac esac
@ -1404,10 +1428,41 @@ function _setup_logrotate() {
} }
function _setup_mail_summary() { function _setup_mail_summary() {
notify 'inf' "Enable postfix summary with recipient $REPORT_RECIPIENT" notify 'inf' "Enable postfix summary with recipient $PFLOGSUMM_RECIPIENT"
[ "$REPORT_RECIPIENT" = 1 ] && REPORT_RECIPIENT=$POSTMASTER_ADDRESS case "$PFLOGSUMM_TRIGGER" in
sed -i "s|}| postrotate\n /usr/local/bin/postfix-summary $HOSTNAME \ "daily_cron" )
$REPORT_RECIPIENT $REPORT_SENDER\n endscript\n}\n|" /etc/logrotate.d/maillog notify 'inf' "Creating daily cron job for pflogsumm report"
echo "#!/bin/bash" > /etc/cron.daily/postfix-summary
echo "/usr/local/bin/report-pflogsumm-yesterday $HOSTNAME $PFLOGSUMM_RECIPIENT $PFLOGSUMM_SENDER" \
>> /etc/cron.daily/postfix-summary
chmod +x /etc/cron.daily/postfix-summary
;;
"logrotate" )
notify 'inf' "Add postrotate action for pflogsumm report"
sed -i "s|}| postrotate\n /usr/local/bin/postfix-summary $HOSTNAME \
$PFLOGSUMM_RECIPIENT $PFLOGSUMM_SENDER\n endscript\n}\n|" /etc/logrotate.d/maillog
;;
esac
}
function _setup_logwatch() {
notify 'inf' "Enable logwatch reports with recipient $LOGWATCH_RECIPIENT"
case "$LOGWATCH_INTERVAL" in
"daily" )
notify 'inf' "Creating daily cron job for logwatch reports"
echo "#!/bin/bash" > /etc/cron.daily/logwatch
echo "/usr/sbin/logwatch --range Yesterday --hostname $HOSTNAME --mailto $LOGWATCH_RECIPIENT" \
>> /etc/cron.daily/logwatch
chmod 744 /etc/cron.daily/logwatch
;;
"weekly" )
notify 'inf' "Creating weekly cron job for logwatch reports"
echo "#!/bin/bash" > /etc/cron.weekly/logwatch
echo "/usr/sbin/logwatch --range 'between -7 days and -1 days' --hostname $HOSTNAME --mailto $LOGWATCH_RECIPIENT" \
>> /etc/cron.weekly/logwatch
chmod 744 /etc/cron.weekly/logwatch
;;
esac
} }
function _setup_environment() { function _setup_environment() {