Added folder target, simplified user configuration, few renames... Need to work on tests....

This commit is contained in:
Thomas VIAL 2016-04-12 00:04:33 +02:00
parent ad5536057a
commit fc2e2ae591
32 changed files with 66 additions and 176 deletions

View file

@ -12,8 +12,8 @@ RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
# Configures Dovecot # Configures Dovecot
RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf
ADD dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/ ADD target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
ADD dovecot/10-*.conf /etc/dovecot/conf.d/ ADD target/dovecot/10-*.conf /etc/dovecot/conf.d/
# Enables Spamassassin and CRON updates # Enables Spamassassin and CRON updates
RUN sed -i -r 's/^(CRON|ENABLED)=0/\1=1/g' /etc/default/spamassassin RUN sed -i -r 's/^(CRON|ENABLED)=0/\1=1/g' /etc/default/spamassassin
@ -31,19 +31,19 @@ RUN freshclam
# Configure DKIM (opendkim) # Configure DKIM (opendkim)
RUN mkdir -p /etc/opendkim/keys RUN mkdir -p /etc/opendkim/keys
ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts ADD target/opendkim/TrustedHosts /etc/opendkim/TrustedHosts
# DKIM config files # DKIM config files
ADD postfix/opendkim.conf /etc/opendkim.conf ADD target/opendkim/opendkim.conf /etc/opendkim.conf
ADD postfix/default-opendkim /etc/default/opendkim ADD target/opendkim/default-opendkim /etc/default/opendkim
# Configure DMARC (opendmarc) # Configure DMARC (opendmarc)
ADD postfix/opendmarc.conf /etc/opendmarc.conf ADD target/opendmarc/opendmarc.conf /etc/opendmarc.conf
ADD postfix/default-opendmarc /etc/default/opendmarc ADD target/opendmarc/default-opendmarc /etc/default/opendmarc
# Configures Postfix # Configures Postfix
ADD postfix/main.cf /etc/postfix/main.cf ADD target/postfix/main.cf /etc/postfix/main.cf
ADD postfix/master.cf /etc/postfix/master.cf ADD target/postfix/master.cf /etc/postfix/master.cf
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
RUN chmod +x /usr/local/bin/generate-ssl-certificate RUN chmod +x /usr/local/bin/generate-ssl-certificate
# Get LetsEncrypt signed certificate # Get LetsEncrypt signed certificate
@ -51,7 +51,7 @@ RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/s
RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
# Start-mailserver script # Start-mailserver script
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh ADD target/start-mailserver.sh /usr/local/bin/start-mailserver.sh
RUN chmod +x /usr/local/bin/start-mailserver.sh RUN chmod +x /usr/local/bin/start-mailserver.sh
# SMTP ports # SMTP ports

21
LICENSE
View file

@ -1,21 +0,0 @@
The MIT License (MIT)
Copyright (c) 2015 Thomas VIAL
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -1,6 +1,6 @@
NAME = tvial/docker-mailserver:dovecot NAME = tvial/docker-mailserver:dovecot
#all: build run fixtures tests clean # all: build run fixtures tests clean
#all-no-build: run fixtures tests clean #all-no-build: run fixtures tests clean
all: build all: build
@ -8,15 +8,10 @@ build:
docker build --no-cache -t $(NAME) . docker build --no-cache -t $(NAME) .
run: run:
# Copy test files
cp test/accounts.cf postfix/
cp test/main.cf postfix/
cp test/virtual postfix/
# Run containers # Run containers
docker run -d --name mail \ docker run -d --name mail \
-v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/docker-mailserver/test \
-v "`pwd`/test":/tmp/test \
-e SA_TAG=1.0 \ -e SA_TAG=1.0 \
-e SA_TAG2=2.0 \ -e SA_TAG2=2.0 \
-e SA_KILL=3.0 \ -e SA_KILL=3.0 \
@ -24,23 +19,20 @@ run:
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
sleep 15 sleep 15
docker run -d --name mail_pop3 \ docker run -d --name mail_pop3 \
-v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/docker-mailserver/test \
-v "`pwd`/test":/tmp/test \
-e ENABLE_POP3=1 \ -e ENABLE_POP3=1 \
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
sleep 15 sleep 15
docker run -d --name mail_smtponly \ docker run -d --name mail_smtponly \
-v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/docker-mailserver/test \
-v "`pwd`/test":/tmp/test \
-e SMTP_ONLY=1 \ -e SMTP_ONLY=1 \
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
sleep 15 sleep 15
docker run -d --name mail_fail2ban \ docker run -d --name mail_fail2ban \
-v "`pwd`/postfix":/tmp/postfix \ -v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/docker-mailserver/test \
-v "`pwd`/test":/tmp/test \
-e ENABLE_FAIL2BAN=1 \ -e ENABLE_FAIL2BAN=1 \
-h mail.my-domain.com -t $(NAME) -h mail.my-domain.com -t $(NAME)
# Wait for containers to fully start # Wait for containers to fully start
@ -48,12 +40,12 @@ run:
fixtures: fixtures:
# Sending test mails # Sending test mails
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/amavis-spam.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/amavis-virus.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-alias-external.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-alias-local.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-user.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/non-existing-user.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/non-existing-user.txt"
# Wait for mails to be analyzed # Wait for mails to be analyzed
sleep 10 sleep 10
@ -62,7 +54,5 @@ tests:
./test/bats/bats test/tests.bats ./test/bats/bats test/tests.bats
clean: clean:
# Get default files back
git checkout postfix/accounts.cf postfix/main.cf postfix/virtual
# Remove running test containers # Remove running test containers
docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban

0
config/postfix-main.cf Normal file
View file

View file

@ -1,5 +1,6 @@
mail: mail:
image: tvial/docker-mailserver # image: tvial/docker-mailserver
build: .
hostname: mail hostname: mail
domainname: domain.com domainname: domain.com
cap_add: cap_add:
@ -10,6 +11,4 @@ mail:
- "587:587" - "587:587"
- "993:993" - "993:993"
volumes: volumes:
- ./spamassassin:/tmp/spamassassin/ - ./config/:/tmp/docker-mailserver/
- ./postfix:/tmp/postfix/
environment:

View file

@ -1 +0,0 @@
user@domain.tld|mypassword

View file

@ -1,64 +0,0 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# Basic configuration
# myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_CAfile=
#smtp_tls_CAfile=
smtpd_tls_security_level = may
smtpd_use_tls=yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks
smtp_tls_security_level = may
smtp_tls_loglevel = 1
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# Mail directory
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = /etc/postfix/vhost
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# Additional option for filtering
content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301,inet:localhost:54321
non_smtpd_milters = inet:localhost:12301,inet:localhost:54321

View file

@ -1,7 +0,0 @@
#
# ALIAS => from alias@domain.tld (alias) to user@domain.tld (real account), space separated
# alias@domain.tld user@domain.tld
#
# FORWARD => from redirect@domain.tld to a list of internal/external email addresses, space separated
# redirect@domain.tld otheruser@domain.tld otheruser@otherdomain.tld
#

View file

@ -5,12 +5,15 @@ die () {
exit 1 exit 1
} }
if [ -f /tmp/postfix/accounts.cf ]; then #
# Users
#
if [ -f /tmp/docker-mailserver/postfix-accounts.cf ]; then
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users" echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox
# Checking that /tmp/postfix/accounts.cf ends with a newline # Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
sed -i -e '$a\' /tmp/postfix/accounts.cf sed -i -e '$a\' /tmp/docker-mailserver/postfix-accounts.cf
# Configuring Dovecot # Configuring Dovecot
echo -n > /etc/dovecot/userdb echo -n > /etc/dovecot/userdb
chown dovecot:dovecot /etc/dovecot/userdb chown dovecot:dovecot /etc/dovecot/userdb
@ -24,7 +27,7 @@ if [ -f /tmp/postfix/accounts.cf ]; then
sed -i -e 's/#ssl = yes/ssl = required/g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's/#ssl = yes/ssl = required/g' /etc/dovecot/conf.d/10-ssl.conf
# Creating users # Creating users
# pass is encrypted # 'pass' is encrypted
while IFS=$'|' read login pass while IFS=$'|' read login pass
do do
# Setting variables for better readability # Setting variables for better readability
@ -33,9 +36,10 @@ if [ -f /tmp/postfix/accounts.cf ]; then
# Let's go! # Let's go!
echo "user '${user}' for domain '${domain}' with password '********'" echo "user '${user}' for domain '${domain}' with password '********'"
echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox
# user database for dovecot has the following format: # User database for dovecot has the following format:
# user:password:uid:gid:(gecos):home:(shell):extra_fields # user:password:uid:gid:(gecos):home:(shell):extra_fields
# Example : ${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::userdb_mail=maildir:/var/mail/${domain}/${user} # Example :
# ${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::userdb_mail=maildir:/var/mail/${domain}/${user}
echo "${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::" >> /etc/dovecot/userdb echo "${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::" >> /etc/dovecot/userdb
mkdir -p /var/mail/${domain} mkdir -p /var/mail/${domain}
if [ ! -d "/var/mail/${domain}/${user}" ]; then if [ ! -d "/var/mail/${domain}/${user}" ]; then
@ -50,26 +54,29 @@ if [ -f /tmp/postfix/accounts.cf ]; then
echo ${domain} >> /tmp/vhost.tmp echo ${domain} >> /tmp/vhost.tmp
done < /tmp/postfix/accounts.cf done < /tmp/postfix/accounts.cf
else else
echo "==> Warning: '/tmp/postfix/accounts.cf' is not provided. No mail account created." echo "==> Warning: 'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
fi fi
if [ -f /tmp/postfix/virtual ]; then #
# Aliases
#
if [ -f /tmp/docker-mailserver/postfix-virtual.cf ]; then
# Copying virtual file # Copying virtual file
cp /tmp/postfix/virtual /etc/postfix/virtual cp /tmp/docker-mailserver/postfix-virtual.cf /etc/postfix/virtual
while IFS=$' ' read from to while read from to
do do
# Setting variables for better readability # Setting variables for better readability
uname=$(echo ${from} | cut -d @ -f1) uname=$(echo ${from} | cut -d @ -f1)
domain=$(echo ${from} | cut -d @ -f2) domain=$(echo ${from} | cut -d @ -f2)
# if they are equal it means the line looks like: "user1 other@domain.tld" # if they are equal it means the line looks like: "user1 other@domain.tld"
test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
done < /tmp/postfix/virtual done < /tmp/docker-mailserver/postfix-virtual.cf
else else
echo "==> Warning: '/tmp/postfix/virtual' is not provided. No mail alias created." echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
fi fi
if [ -f /tmp/vhost.tmp ]; then if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then
cat /tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/vhost.tmp cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp
fi fi
echo "Postfix configurations" echo "Postfix configurations"
@ -78,9 +85,9 @@ touch /etc/postfix/virtual && postmap /etc/postfix/virtual
# DKIM # DKIM
# Check if keys are already available # Check if keys are already available
if [ -e "/tmp/postfix/opendkim/KeyTable" ]; then if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim mkdir -p /etc/opendkim
cp -a /tmp/postfix/opendkim/* /etc/opendkim/ cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for : `ls -C /etc/opendkim/keys/`" echo "DKIM keys added for : `ls -C /etc/opendkim/keys/`"
else else
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
@ -214,11 +221,14 @@ case $DMS_SSL in
esac esac
if [ -f /tmp/postfix/main.cf ]; then #
# Override Postfix configuration
#
if [ -f /tmp/docker-mailserver/postfix-main.cf ]; then
while read line; do while read line; do
postconf -e "$line" postconf -e "$line"
done < /tmp/postfix/main.cf done < /tmp/docker-mailserver/postfix-main.cf
echo "Loaded '/tmp/postfix/main.cf'" echo "Loaded 'config/postfix-main.cf'"
else else
echo "'/tmp/postfix/main.cf' not provided. No extra postfix settings loaded." echo "'/tmp/postfix/main.cf' not provided. No extra postfix settings loaded."
fi fi
@ -302,7 +312,6 @@ sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog
echo "Starting daemons" echo "Starting daemons"
cron cron
/etc/init.d/rsyslog start /etc/init.d/rsyslog start
##/etc/init.d/saslauthd start
if [ "$SMTP_ONLY" != 1 ]; then if [ "$SMTP_ONLY" != 1 ]; then
# Here we are starting sasl and imap, not pop3 because it's disabled by default # Here we are starting sasl and imap, not pop3 because it's disabled by default

View file

@ -0,0 +1,2 @@
user1@localhost.localdomain|mypassword
user2@otherdomain.tld|mypassword

View file

@ -0,0 +1,2 @@
max_idle = 600s
readme_directory = /tmp

View file

@ -0,0 +1,2 @@
alias1@localhost.localdomain user1@localhost.localdomain
alias2@localhost.localdomain external1@otherdomain.tld

View file

@ -7,11 +7,6 @@
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@test "checking process: saslauthd" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
[ "$status" -eq 0 ]
}
@test "checking process: clamd" { @test "checking process: clamd" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'" run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
@ -42,22 +37,6 @@
[ "$status" -eq 0 ] [ "$status" -eq 0 ]
} }
@test "checking process: courierpop3d (disabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
[ "$status" -eq 1 ]
}
@test "checking process: courierpop3d (pop3 server enabled)" {
run docker exec mail_pop3 /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
[ "$status" -eq 0 ]
}
@test "checking process: courierpop3d (disabled using SMTP_ONLY)" {
run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
[ "$status" -eq 1 ]
}
# #
# imap # imap
# #