Added folder target, simplified user configuration, few renames... Need to work on tests....

This commit is contained in:
Thomas VIAL 2016-04-12 00:04:33 +02:00
parent ad5536057a
commit fc2e2ae591
32 changed files with 66 additions and 176 deletions

View file

@ -12,8 +12,8 @@ RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
# Configures Dovecot
RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf
ADD dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
ADD dovecot/10-*.conf /etc/dovecot/conf.d/
ADD target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
ADD target/dovecot/10-*.conf /etc/dovecot/conf.d/
# Enables Spamassassin and CRON updates
RUN sed -i -r 's/^(CRON|ENABLED)=0/\1=1/g' /etc/default/spamassassin
@ -31,19 +31,19 @@ RUN freshclam
# Configure DKIM (opendkim)
RUN mkdir -p /etc/opendkim/keys
ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
ADD target/opendkim/TrustedHosts /etc/opendkim/TrustedHosts
# DKIM config files
ADD postfix/opendkim.conf /etc/opendkim.conf
ADD postfix/default-opendkim /etc/default/opendkim
ADD target/opendkim/opendkim.conf /etc/opendkim.conf
ADD target/opendkim/default-opendkim /etc/default/opendkim
# Configure DMARC (opendmarc)
ADD postfix/opendmarc.conf /etc/opendmarc.conf
ADD postfix/default-opendmarc /etc/default/opendmarc
ADD target/opendmarc/opendmarc.conf /etc/opendmarc.conf
ADD target/opendmarc/default-opendmarc /etc/default/opendmarc
# Configures Postfix
ADD postfix/main.cf /etc/postfix/main.cf
ADD postfix/master.cf /etc/postfix/master.cf
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
ADD target/postfix/main.cf /etc/postfix/main.cf
ADD target/postfix/master.cf /etc/postfix/master.cf
ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
RUN chmod +x /usr/local/bin/generate-ssl-certificate
# Get LetsEncrypt signed certificate
@ -51,7 +51,7 @@ RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/s
RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
# Start-mailserver script
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
ADD target/start-mailserver.sh /usr/local/bin/start-mailserver.sh
RUN chmod +x /usr/local/bin/start-mailserver.sh
# SMTP ports

21
LICENSE
View file

@ -1,21 +0,0 @@
The MIT License (MIT)
Copyright (c) 2015 Thomas VIAL
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View file

@ -8,15 +8,10 @@ build:
docker build --no-cache -t $(NAME) .
run:
# Copy test files
cp test/accounts.cf postfix/
cp test/main.cf postfix/
cp test/virtual postfix/
# Run containers
docker run -d --name mail \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test":/tmp/docker-mailserver/test \
-e SA_TAG=1.0 \
-e SA_TAG2=2.0 \
-e SA_KILL=3.0 \
@ -24,23 +19,20 @@ run:
-h mail.my-domain.com -t $(NAME)
sleep 15
docker run -d --name mail_pop3 \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test":/tmp/docker-mailserver/test \
-e ENABLE_POP3=1 \
-h mail.my-domain.com -t $(NAME)
sleep 15
docker run -d --name mail_smtponly \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test":/tmp/docker-mailserver/test \
-e SMTP_ONLY=1 \
-h mail.my-domain.com -t $(NAME)
sleep 15
docker run -d --name mail_fail2ban \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test":/tmp/docker-mailserver/test \
-e ENABLE_FAIL2BAN=1 \
-h mail.my-domain.com -t $(NAME)
# Wait for containers to fully start
@ -48,12 +40,12 @@ run:
fixtures:
# Sending test mails
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/non-existing-user.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/amavis-spam.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/amavis-virus.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-alias-external.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-alias-local.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-user.txt"
docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/non-existing-user.txt"
# Wait for mails to be analyzed
sleep 10
@ -62,7 +54,5 @@ tests:
./test/bats/bats test/tests.bats
clean:
# Get default files back
git checkout postfix/accounts.cf postfix/main.cf postfix/virtual
# Remove running test containers
docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban

0
config/postfix-main.cf Normal file
View file

View file

@ -1,5 +1,6 @@
mail:
image: tvial/docker-mailserver
# image: tvial/docker-mailserver
build: .
hostname: mail
domainname: domain.com
cap_add:
@ -10,6 +11,4 @@ mail:
- "587:587"
- "993:993"
volumes:
- ./spamassassin:/tmp/spamassassin/
- ./postfix:/tmp/postfix/
environment:
- ./config/:/tmp/docker-mailserver/

View file

@ -1 +0,0 @@
user@domain.tld|mypassword

View file

@ -1,64 +0,0 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
append_dot_mydomain = no
readme_directory = no
# Basic configuration
# myhostname =
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination =
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_CAfile=
#smtp_tls_CAfile=
smtpd_tls_security_level = may
smtpd_use_tls=yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_sender_restrictions = permit_mynetworks
smtp_tls_security_level = may
smtp_tls_loglevel = 1
tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
smtpd_tls_protocols=!SSLv2,!SSLv3
smtp_tls_protocols=!SSLv2,!SSLv3
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
# SASL
smtpd_sasl_auth_enable = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain = $myhostname
broken_sasl_auth_clients = yes
# Mail directory
virtual_mailbox_base = /var/mail
virtual_mailbox_domains = /etc/postfix/vhost
virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
virtual_uid_maps = static:5000
virtual_gid_maps = static:5000
# Additional option for filtering
content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301,inet:localhost:54321
non_smtpd_milters = inet:localhost:12301,inet:localhost:54321

View file

@ -1,7 +0,0 @@
#
# ALIAS => from alias@domain.tld (alias) to user@domain.tld (real account), space separated
# alias@domain.tld user@domain.tld
#
# FORWARD => from redirect@domain.tld to a list of internal/external email addresses, space separated
# redirect@domain.tld otheruser@domain.tld otheruser@otherdomain.tld
#

View file

@ -5,12 +5,15 @@ die () {
exit 1
}
if [ -f /tmp/postfix/accounts.cf ]; then
#
# Users
#
if [ -f /tmp/docker-mailserver/postfix-accounts.cf ]; then
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox
# Checking that /tmp/postfix/accounts.cf ends with a newline
sed -i -e '$a\' /tmp/postfix/accounts.cf
# Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
sed -i -e '$a\' /tmp/docker-mailserver/postfix-accounts.cf
# Configuring Dovecot
echo -n > /etc/dovecot/userdb
chown dovecot:dovecot /etc/dovecot/userdb
@ -24,7 +27,7 @@ if [ -f /tmp/postfix/accounts.cf ]; then
sed -i -e 's/#ssl = yes/ssl = required/g' /etc/dovecot/conf.d/10-ssl.conf
# Creating users
# pass is encrypted
# 'pass' is encrypted
while IFS=$'|' read login pass
do
# Setting variables for better readability
@ -33,9 +36,10 @@ if [ -f /tmp/postfix/accounts.cf ]; then
# Let's go!
echo "user '${user}' for domain '${domain}' with password '********'"
echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox
# user database for dovecot has the following format:
# User database for dovecot has the following format:
# user:password:uid:gid:(gecos):home:(shell):extra_fields
# Example : ${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::userdb_mail=maildir:/var/mail/${domain}/${user}
# Example :
# ${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::userdb_mail=maildir:/var/mail/${domain}/${user}
echo "${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::" >> /etc/dovecot/userdb
mkdir -p /var/mail/${domain}
if [ ! -d "/var/mail/${domain}/${user}" ]; then
@ -50,26 +54,29 @@ if [ -f /tmp/postfix/accounts.cf ]; then
echo ${domain} >> /tmp/vhost.tmp
done < /tmp/postfix/accounts.cf
else
echo "==> Warning: '/tmp/postfix/accounts.cf' is not provided. No mail account created."
echo "==> Warning: 'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
fi
if [ -f /tmp/postfix/virtual ]; then
#
# Aliases
#
if [ -f /tmp/docker-mailserver/postfix-virtual.cf ]; then
# Copying virtual file
cp /tmp/postfix/virtual /etc/postfix/virtual
while IFS=$' ' read from to
cp /tmp/docker-mailserver/postfix-virtual.cf /etc/postfix/virtual
while read from to
do
# Setting variables for better readability
uname=$(echo ${from} | cut -d @ -f1)
domain=$(echo ${from} | cut -d @ -f2)
# if they are equal it means the line looks like: "user1 other@domain.tld"
test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp
done < /tmp/postfix/virtual
test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-virtual.cf
else
echo "==> Warning: '/tmp/postfix/virtual' is not provided. No mail alias created."
echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
fi
if [ -f /tmp/vhost.tmp ]; then
cat /tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/vhost.tmp
if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then
cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp
fi
echo "Postfix configurations"
@ -78,9 +85,9 @@ touch /etc/postfix/virtual && postmap /etc/postfix/virtual
# DKIM
# Check if keys are already available
if [ -e "/tmp/postfix/opendkim/KeyTable" ]; then
if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim
cp -a /tmp/postfix/opendkim/* /etc/opendkim/
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for : `ls -C /etc/opendkim/keys/`"
else
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
@ -214,11 +221,14 @@ case $DMS_SSL in
esac
if [ -f /tmp/postfix/main.cf ]; then
#
# Override Postfix configuration
#
if [ -f /tmp/docker-mailserver/postfix-main.cf ]; then
while read line; do
postconf -e "$line"
done < /tmp/postfix/main.cf
echo "Loaded '/tmp/postfix/main.cf'"
done < /tmp/docker-mailserver/postfix-main.cf
echo "Loaded 'config/postfix-main.cf'"
else
echo "'/tmp/postfix/main.cf' not provided. No extra postfix settings loaded."
fi
@ -302,7 +312,6 @@ sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog
echo "Starting daemons"
cron
/etc/init.d/rsyslog start
##/etc/init.d/saslauthd start
if [ "$SMTP_ONLY" != 1 ]; then
# Here we are starting sasl and imap, not pop3 because it's disabled by default

View file

@ -0,0 +1,2 @@
user1@localhost.localdomain|mypassword
user2@otherdomain.tld|mypassword

View file

@ -0,0 +1,2 @@
max_idle = 600s
readme_directory = /tmp

View file

@ -0,0 +1,2 @@
alias1@localhost.localdomain user1@localhost.localdomain
alias2@localhost.localdomain external1@otherdomain.tld

View file

@ -7,11 +7,6 @@
[ "$status" -eq 0 ]
}
@test "checking process: saslauthd" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
[ "$status" -eq 0 ]
}
@test "checking process: clamd" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
[ "$status" -eq 0 ]
@ -42,22 +37,6 @@
[ "$status" -eq 0 ]
}
@test "checking process: courierpop3d (disabled in default configuration)" {
run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
[ "$status" -eq 1 ]
}
@test "checking process: courierpop3d (pop3 server enabled)" {
run docker exec mail_pop3 /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
[ "$status" -eq 0 ]
}
@test "checking process: courierpop3d (disabled using SMTP_ONLY)" {
run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
[ "$status" -eq 1 ]
}
#
# imap
#