BREAKING CHANGES: (#432)

* Removed DISABLE_AMAVIS * Renamed DISABLE_* to ENABLE_* with 0 as default value. (this must be explicit) * Added missing tests for ENABLE_* * Improved readme and docker-compose example Should fix #256 and #386
2024-01-19 02:48:50 +00:00 · 2016-12-25 22:54:37 +01:00 · 2016-12-25 22:54:37 +01:00 · df752280e0
parent ae9eaae68e
commit df752280e0
5 changed files with 124 additions and 74 deletions
--- a/36
+++ b/36
@ -22,6 +22,8 @@ run:
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-v "`pwd`/test/onedir":/var/mail-state \
+		-e ENABLE_CLAMAV=1 \
+		-e ENABLE_SPAMASSASSIN=1 \
 		-e SA_TAG=1.0 \
 		-e SA_TAG2=2.0 \
 		-e SA_KILL=3.0 \
@ -31,7 +33,7 @@ run:
 		-e PERMIT_DOCKER=host \
 		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
+	sleep 15
 	docker run -d --name mail_pop3 \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
@ -40,40 +42,35 @@ run:
 		-e DMS_DEBUG=1 \
 		-e SSL_TYPE=letsencrypt \
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
+	sleep 15
 	docker run -d --name mail_smtponly \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e SMTP_ONLY=1 \
 		-e PERMIT_DOCKER=network\
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
+	sleep 15
 	docker run -d --name mail_fail2ban \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_FAIL2BAN=1 \
 		--cap-add=NET_ADMIN \
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
+	sleep 15
 	docker run -d --name mail_fetchmail \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_FETCHMAIL=1 \
 		--cap-add=NET_ADMIN \
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
-	docker run -d --name mail_disabled_amavis \
+	sleep 15
+	docker run -d --name mail_disabled_clamav_spamassassin \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
-		-e DISABLE_AMAVIS=1 \
+		-e ENABLE_CLAMAV=0 \
+		-e ENABLE_SPAMASSASSIN=0 \
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
-	docker run -d --name mail_disabled_clamav \
-		-v "`pwd`/test/config":/tmp/docker-mailserver \
-		-v "`pwd`/test":/tmp/docker-mailserver-test \
-		-e DISABLE_CLAMAV=1 \
-		-h mail.my-domain.com -t $(NAME)
-	sleep 20
+	sleep 15
 	docker run -d --name mail_manual_ssl \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
@ -81,11 +78,11 @@ run:
 		-e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \
 		-e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \
 		-h mail.my-domain.com -t $(NAME)
-	sleep 20
+	sleep 15
 	docker run -d --name ldap_for_mail \
 		-e LDAP_DOMAIN="localhost.localdomain" \
 		-h mail.my-domain.com -t ldap
-	sleep 20
+	sleep 15
 	docker run -d --name mail_with_ldap \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
@ -103,7 +100,7 @@ run:
 		--link ldap_for_mail:ldap \
 		-h mail.my-domain.com -t $(NAME)
 	# Wait for containers to fully start
-	sleep 20
+	sleep 15

 fixtures:
 	cp config/postfix-accounts.cf config/postfix-accounts.cf.bak
@ -123,7 +120,7 @@ fixtures:
 	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-catchall-local.txt"
 	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt"
 	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt"
-	docker exec mail_disabled_clamav /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt"
+	docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt"
 	# Wait for mails to be analyzed
 	sleep 10

@ -140,8 +137,7 @@ clean:
 		mail_fail2ban \
 		mail_fetchmail \
 		fail-auth-mailer \
-		mail_disabled_amavis \
-		mail_disabled_clamav \
+		mail_disabled_clamav_spamassassin \
 		mail_manual_ssl \
 		ldap_for_mail \
 		mail_with_ldap
--- a/README.md
+++ b/README.md
@ -20,6 +20,7 @@ Includes:
 - fetchmail
 - basic [sieve support](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters) using dovecot
 - [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates
+- persistent data and state (but think about backups!)
 - [integration tests](https://travis-ci.org/tomav/docker-mailserver)
 - [automated builds on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)

@ -42,8 +43,7 @@ version: '2'

 services:
  mail:
-    image: tvial/docker-mailserver:latest
-    # build: .
+    image: tvial/docker-mailserver:v2.1
    hostname: mail
    domainname: domain.com
    container_name: mail
@ -54,11 +54,22 @@ services:
    - "993:993"
    volumes:
    - maildata:/var/mail
+    - mailstate:/var/mail-state
    - ./config/:/tmp/docker-mailserver/
+    environment:
+    - ENABLE_SPAMASSASSIN=1
+    - ENABLE_CLAMAV=1
+    - ENABLE_FAIL2BAN=1
+    - ONE_DIR=1
+    - DMS_DEBUG=0
+    cap_add:
+    - NET_ADMIN

 volumes:
  maildata:
    driver: local
+  mailstate:
+    driver: local
 ```

 #### Create your mail accounts
@ -95,9 +106,37 @@ Value in **bold** is the default value.

 ##### DMS_DEBUG

-  - **empty** (0) => Debug disabled
+  - **0** => Debug disabled
  - 1 => Enables debug on startup

+#### ENABLE_CLAMAV
+
+  - **0** => Clamav is disabled
+  - 1 => Clamav is enabled
+
+#### ENABLE_SPAMASSASSIN
+
+  - **0** => Spamassassin is disabled
+  - 1 => Spamassassin is enabled
+
+##### SA_TAG
+
+  - **2.0** => add spam info headers if at, or above that level
+
+Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
+
+##### SA_TAG2
+
+  - **6.31** => add 'spam detected' headers at that level
+
+Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
+
+##### SA_KILL
+
+  - **6.31** => triggers spam evasive actions
+
+Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
+
 ##### ENABLE_POP3

  - **empty** => POP3 service disabled
@ -105,7 +144,7 @@ Value in **bold** is the default value.

 ##### ENABLE_FAIL2BAN

-  - **empty** => fail2ban service disabled
+  - **0** => fail2ban service disabled
  - 1 => Enables fail2ban service

 If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
@ -121,7 +160,7 @@ Otherwise, `iptables` won't be able to ban IPs.
  - 1 => Enables Managesieve on port 4190

 ##### ENABLE_FETCHMAIL
-  - **empty** => `fetchmail` disabled
+  - **0** => `fetchmail` disabled
  - 1 => `fetchmail` enabled

 ##### ENABLE_LDAP
@ -158,21 +197,9 @@ Otherwise, `iptables` won't be able to ban IPs.
  - **empty** => postmaster@domain.com
  - => Specify the postmaster address

-##### SA_TAG
-
-  - **2.0** => add spam info headers if at, or above that level
-
-##### SA_TAG2
-
-  - **6.31** => add 'spam detected' headers at that level
-
-##### SA_KILL
-
-  - **6.31** => triggers spam evasive actions
-
 ##### ENABLE_SASLAUTHD

-  - **empty** => `saslauthd` is disabled
+  - **0** => `saslauthd` is disabled
  - 1 => `saslauthd` is enabled

 ##### SASLAUTHD_MECHANISMS
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@ -2,7 +2,7 @@ version: '2'

 services:
  mail:
-    image: tvial/docker-mailserver:v2
+    image: tvial/docker-mailserver:v2.1
    hostname: mail
    domainname: domain.com
    container_name: mail
@ -13,12 +13,19 @@ services:
    - "993:993"
    volumes:
    - maildata:/var/mail
+    - mailstate:/var/mail-state
    - ./config/:/tmp/docker-mailserver/
    environment:
+    - ENABLE_SPAMASSASSIN=1
+    - ENABLE_CLAMAV=1
    - ENABLE_FAIL2BAN=1
+    - ONE_DIR=1
+    - DMS_DEBUG=0
    cap_add:
    - NET_ADMIN

 volumes:
  maildata:
    driver: local
+  mailstate:
+    driver: local
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@ -7,6 +7,13 @@
 # Example: DEFAULT_VARS["KEY"]="VALUE"
 ##########################################################################
 declare -A DEFAULT_VARS
+DEFAULT_VARS["ENABLE_CLAMAV"]="${ENABLE_CLAMAV:="0"}"
+DEFAULT_VARS["ENABLE_SPAMASSASSIN"]="${ENABLE_SPAMASSASSIN:="0"}"
+DEFAULT_VARS["ENABLE_FAIL2BAN"]="${ENABLE_FAIL2BAN:="0"}"
+DEFAULT_VARS["ENABLE_MANAGESIEVE"]="${ENABLE_MANAGESIEVE:="0"}"
+DEFAULT_VARS["ENABLE_FETCHMAIL"]="${ENABLE_FETCHMAIL:="0"}"
+DEFAULT_VARS["ENABLE_LDAP"]="${ENABLE_LDAP:="0"}"
+DEFAULT_VARS["ENABLE_SASLAUTHD"]="${ENABLE_SASLAUTHD:="0"}"
 DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
 DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}"
 ##########################################################################
@ -127,13 +134,11 @@ function register_functions() {
 		_register_start_daemon "_start_daemons_fetchmail"
 	fi

-	if ! [ "$DISABLE_CLAMAV" = 1 ]; then
+	if [ "$ENABLE_CLAMAV" = 1 ]; then
 		_register_start_daemon "_start_daemons_clamav"
 	fi

-	if ! [ "$DISABLE_AMAVIS" = 1 ]; then
  _register_start_daemon "_start_daemons_amavis"
-	fi
 	################### << daemon funcs
 }
 ##########################################################################
@ -738,25 +743,35 @@ function _setup_postfix_relay_amazon_ses() {
 function _setup_security_stack() {
 	notify 'task' "Setting up Security Stack"

-	notify 'inf' "Configuring Spamassassin"
+	# recreate auto-generated file
+	dms_amavis_file="/etc/amavis/conf.d/51-dms_auto_generated"
+  echo "# WARNING: this file is auto-generated." > $dms_amavis_file
+	echo "use strict;" >> $dms_amavis_file
+
+	# Spamassassin
+	if [ "$ENABLE_SPAMASSASSIN" = 0 ]; then
+		notify 'warn' "Spamassassin is disabled. You can enable it with 'ENABLE_SPAMASSASSIN=1'"
+		echo "@bypass_spam_checks_maps = (1);" >> $dms_amavis_file
+	elif [ "$ENABLE_SPAMASSASSIN" = 1 ]; then
+		notify 'inf' "Enabling and configuring spamassassin"
 		SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults
 		SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults
 		SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
 		test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
-
-	if [ "$DISABLE_CLAMAV" = 1 ]; then
-		notify 'inf' "Disabling clamav"
-		cat > /etc/amavis/conf.d/50-user-security <<- EOM
-use strict;
-@bypass_virus_checks_maps = ();
-$undecipherable_subject_tag = undef;
-1;
-		EOM
-	else
-		notify 'inf' "Enabling clamav"
-		echo "" > /etc/amavis/conf.d/50-user-security
 	fi

+	# Clamav
+	if [ "$ENABLE_CLAMAV" = 0 ]; then
+		notify 'warn' "Clamav is disabled. You can enable it with 'ENABLE_CLAMAV=1'"
+		echo "@bypass_virus_checks_maps = (1);" >> $dms_amavis_file
+	elif [ "$ENABLE_CLAMAV" = 1 ]; then
+		notify 'inf' "Enabling clamav"
+	fi
+
+	echo "1;  # ensure a defined return" >> $dms_amavis_file
+
+
+	# Fail2ban
 	if [ "$ENABLE_FAIL2BAN" = 1 ]; then
 		notify 'inf' "Fail2ban enabled"
 		test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
--- a/test/tests.bats
+++ b/test/tests.bats
@ -56,13 +56,8 @@
  [ "$status" -eq 0 ]
 }

-@test "checking process: amavis (amavis disabled by DISABLE_AMAVIS)" {
-  run docker exec mail_disabled_amavis /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new'"
-  [ "$status" -eq 1 ]
-}
-
-@test "checking process: clamav (clamav disabled by DISABLE_CLAMAV)" {
-  run docker exec mail_disabled_clamav /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
+@test "checking process: clamav (clamav disabled by ENABLED_CLAMAV=0)" {
+  run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
  [ "$status" -eq 1 ]
 }

@ -274,6 +269,16 @@
 # spamassassin
 #

+@test "checking spamassassin: should be listed in amavis when enabled" {
+  run docker exec mail /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
+  [ "$status" -eq 1 ]
+}
+
+@test "checking spamassassin: should not be listed in amavis when disabled" {
+  run docker exec mail_disabled_clamav_spamassassin /bin/sh -c "grep -i 'ANTI-SPAM-SA code' /var/log/mail/mail.log | grep 'NOT loaded'"
+  [ "$status" -eq 0 ]
+}
+
@test "checking spamassassin: docker env variables are set correctly (default)" {
  run docker exec mail_pop3 /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'"
  [ "$status" -eq 0 ]
@ -302,12 +307,12 @@
 }

@test "checking clamav: should not be listed in amavis when disabled" {
-  run docker exec mail_disabled_clamav grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
+  run docker exec mail_disabled_clamav_spamassassin grep -i 'Found secondary av scanner ClamAV-clamscan' /var/log/mail/mail.log
  [ "$status" -eq 1 ]
 }

@test "checking clamav: should not be called when disabled" {
-  run docker exec mail_disabled_clamav grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
+  run docker exec mail_disabled_clamav_spamassassin grep -i 'connect to /var/run/clamav/clamd.ctl failed' /var/log/mail/mail.log
  [ "$status" -eq 1 ]
 }