Commit graph

163 commits

Author SHA1 Message Date
Daniel Panteleit e7efeda036 Fixed virus-wiper script when using the default value for VIRUSMAILS_DELETE_DELAY (#540)
Moved variable VIRUSMAILS_DELETE_DELAY to Dockerfile. This variable will be written to /etc/environment in the start
script to make it visible to cron. Also removed echo in cron job to prevent sending mail for each run.
2017-03-14 15:22:19 +01:00
Florian 7e4e3662b3 Hostname override fixes for docker option --net=host in conjunction with OVERRIDE_HOSTNAME (#517)
* Fixed wrong mail headers when using OVERRIDE_HOSTNAME by setting the the hostname explicitly

* Added tests and fixed hostname in dovecot conf

* Added missing tests

* Improved function naming and task notification message
2017-02-13 11:07:30 +01:00
Thomas VIAL 4189374cb5 Adds postgrey in /var/mail-state - Fixes #514 (#515) 2017-02-09 17:05:36 +01:00
Thomas VIAL ef59fae8b3 Fixes #507 - Permission check on Amavis lib folder, and bring back to amavis:amavis if needed (#513) 2017-02-08 23:31:56 +01:00
Thomas VIAL 8cf4f839ee Issue #507 (#511)
* Fixes #507 permissions on /var/lib/amavis
2017-02-07 23:17:03 +01:00
Thomas VIAL 0a6733c65a Fixes #507 permissions on /var/lib/amavis (#510) 2017-02-07 20:53:34 +01:00
Wolfgang Ocker 5abff5208e Fix #499 (in start-mailserver.sh, argument expected) (#506)
Fix "/usr/local/bin/start-mailserver.sh: line 489: [: argument expected"

There are quotes missing around a shell variable. I added some more, too.

[ -z ] is okay, but [ a = b -a -z ] is not.

Signed-off-by: Wolfgang Ocker <weo@reccoware.de>
2017-02-06 12:11:15 +01:00
Sven Kauber c7e4206466 Added greylisting using postgrey (#495)
* Added greylisting using postgrey
* Updated the documentation
2017-02-06 10:21:18 +01:00
Kai Ren d40ae81d09 Hardening TLS ciphers (#492)
* Hardening Dovecot TLS ciphers
* Mitigate Logjam vulnerability on Dovecot
* Mitigate Logjam vulnerability on Postfix
* Add Nmap tests of PCI compliance for Postfix and Dovecot
* Increase sleep duration on Makefile steps to avoid races
2017-01-25 14:10:40 +01:00
Kevin Crawley 16c90fc52a kubernetes fix (#484)
* Allow OVERRIDE_HOSTNAME
* Document the new environment variable
2017-01-20 23:30:29 +01:00
1 0290eca7c6 Added DKIM compatibility with AWS SES 2017-01-11 22:27:01 +01:00
Thomas VIAL 805506fbea Fixes #468: cron (virus wiper) (#469)
* Fixes #468: cron (virus wiper)
2017-01-11 10:52:39 +01:00
alinmear a7670ac5c1 Add #394: Postfix Virtual Transport (#461)
* Add #394: Postfix Virtual Transport
This makes it possible to specify a lmtp config file, by providing
POSTFIX_DAGENT.

Update - Readme with informations about #394

    * Add Variable ENABLE_POSTFIX_VIRTUAL_TRANSPORT (task)
    * Add Variable POSTFIX_DAGENT (section)

Added Unit tests for virtual transport

* Fix syntax error in test/tests.bats

* Fix Unit Test
2017-01-09 23:52:36 +01:00
Kai Ren 5020ab0a0f Convert $(hostname) usage to $(hostname -f) (#459)
* Convert `$(hostname)` usage to `$(hostname -f)`
2017-01-09 23:49:46 +01:00
Thomas VIAL d4cee677ce ONE_DIR documentation (#460)
* Fixes #457 adding information regarding `ONE_DIR` env variable
2017-01-09 17:11:10 +01:00
Wolfgang Ocker 9095ba3803 Fix #443 - RIMAP support (#448)
* Add unit tests for #443 (rimap auth)
* Fix #443 - configure rimap for saslauth
* Fix #443 - reuse smtp-auth-login.txt when testing rimap auth
2017-01-03 10:55:03 +01:00
Thomas VIAL fd8ad784d1 Fixes #424, suggested by @alinmear (#447) 2017-01-02 13:39:46 +01:00
Wolfgang Ocker 461c88e6ae Fix mailuser tools (#441)
* Add some checks for user name matching in mail user scripts
* Fix user matching problems in mail user scripts
** fix matching problems at several places:
    "delmailuser a@example.com" deletes also user "aa@example.com"
    "delmailuser a@sub.example.com" deletes also user "a@sub-example.com"
** similar problems when inserting
** refactor and clean up
2016-12-30 20:06:44 +01:00
Thomas VIAL de70a155f2 Fixed Issue #437 (#439)
* Also fixed SMTP_ONLY
2016-12-27 16:09:16 +01:00
Thomas VIAL 40ae75112b Fixed #437 setting ENABLE_POP3 to 0 by default (#438) 2016-12-27 15:55:41 +01:00
Thomas VIAL df752280e0 BREAKING CHANGES: (#432)
* Removed DISABLE_AMAVIS
* Renamed DISABLE_* to ENABLE_* with 0 as default value. (this must be explicit)
* Added missing tests for ENABLE_*
* Improved readme and docker-compose example

Should fix #256 and #386
2016-12-25 22:54:37 +01:00
Thomas VIAL 63cf0f9965 Disables clamav config in amavis when DISABLE_CLAMAV=1. Fixes #378 (#431) 2016-12-25 15:41:02 +01:00
Thomas VIAL 3286612831 Should fix #426 (#427) 2016-12-24 14:24:29 +01:00
Thomas VIAL ccad91c23d Improved start-mailserver output (#420)
* Improved start-mailserver output
* Fixed rework to make tests work again
* Improved output and updated SSL certs for LE
2016-12-23 23:56:39 +01:00
Daniele Bellavista 2a15ac619e Secure TLS protocols (#418) 2016-12-23 19:14:02 +01:00
Influencer 83c0095e00 Script to update users password, made test and updated setup.sh (#413)
* Added script to update users password, made test and updated setup.sh

* Moved update password test to tests.bat

* Fixed test for update password
2016-12-21 20:12:05 +01:00
alinmear 782152f827 Fix Problem with Saslauthd and Postfix master.cf
The provided default postfix master.cf overwrites the configs for
saslauthd within main.cf. To make saslauthd work, we have to comment or
in this case delete the lines from master.cf to make the given configs
in main.cf work.
2016-12-19 13:39:30 +01:00
arcaine2 2707992c44 Fail2ban fix for restarting container
Fail2ban doesn't seems to shutdown cleanly and leaves fail2ban.sock file that prevent it from starting after a container restart. That simple check should do the trick.
2016-12-18 13:06:45 +01:00
Thomas VIAL 86141ebb8c Merge pull request #400 from sylvaindumont/patch-2
use strong tls and ciphers
2016-12-17 22:28:52 +01:00
Sylvain Dumont d47cf72650 use strong tls and ciphers 2016-12-17 10:59:04 +01:00
alinmear 1f31475e11 Restructure start-mailserver.sh #338 2016-12-01 15:45:40 +01:00
tyranron 9e862b8405 use "texthash" Postfix database format instead of "hash" 2016-11-15 21:48:09 +02:00
Dennis Stumm a208cd1b13 Use hostname to get domainname 2016-11-13 14:58:30 +01:00
Dennis Stumm d3cd407295 Improve LDAP integration (#379)
* Move ldap files to target dir

* Move ldap files to target dir

* Update start-mailser.sh to use copied files

* Add the domainname from container to vhost

* Fix unary operator error

* List dovecot users only when LDAP disabled

* Minor
2016-11-13 11:39:45 +01:00
Josef Friedrich f2f059bb91 Changing the fetchmail config file has no effect (#372) (#373) 2016-11-02 11:28:27 +01:00
Dennis Stumm 3ec1fb202d Add ldap auth for postfix and dovecot (#352)
* Add ldap support for postfix and dovecot

* Add SASLAUTHD

* Update README.md

* Add necessary packages to dockerfile

* Add config files for ldap

* Add tests for ldap auth
2016-10-30 14:11:36 +01:00
Thomas VIAL 5298271bfd Fixes #364 - hostname/domainame is required. (#368) 2016-10-30 12:42:29 +01:00
Thomas VIAL 05f993ceb8 Fixes #362 by removing unused parameter (#363) 2016-10-27 14:59:38 +02:00
Kai Ren 9111a92b18 improve OpenDKIM and OpenDMARC milters integration (#361) 2016-10-25 08:57:08 +02:00
Kai Ren a62062c382 make Postfix -> Dovecot delivery over LMTP (was LDA) (#305) (#360) 2016-10-24 15:03:08 +02:00
Thomas VIAL 08dc28e304 Fixes #346 and added a virusmail wiper triggered by a CRON (#347)
* Fixes #346 and added a virusmail wiper triggered by a CRON

* Renamed env to something more explicit VIRUSMAILS_DELETE_DELAY
2016-10-08 19:02:47 +02:00
Pablo Castorino e4bab5b996 add ELK support (#331)
* add support to forward logs to ELK stack.
* from docker elk customize image with
* https://github.com/whyscream/postfix-grok-patterns
* custom imput
* override syslog filter.
* fix typo.
* Explicit forwarder vars and messages.
* add amavis grok
* add dovecot grok
* add geoip db
* add logstash geoip plugin
* add custom amavis grok from @tomav.
* switch to filebeats input
* refactor syslog filter
* add filebeat
* add template config
* replace rsyslog with filebeat.
2016-09-29 22:52:05 +02:00
Josef Friedrich bd14a1d8bf Revert "Fix for multiple ipv4" (#306 #310) (#325)
This reverts commit e5d14fd0bc.
172.0.0.0-172.15.255.255 and 172.32.0.0-172.255.255.255 are valid
external IP addresses. Try PERMIT_DOCKER: network instead.
2016-09-19 12:34:57 +02:00
Josef Friedrich c8086135a4 Avoid many escaped slashes in sed scripts (#317)
Many escaped slashes can be avoided by changing the deliminter in sed
replace statements. This increases readability a little bit.
2016-09-09 12:29:15 +02:00
Kai Ren d9e1c0ad61 remove unnecessary spamd process (#312) 2016-09-06 13:06:25 +02:00
Zehir e5d14fd0bc Fix for multiple IPV4 2016-09-04 23:26:10 +02:00
Josef Friedrich 06125e1f1a Show debug message when config/dovecot.cf gets loaded (#307) (#308) 2016-09-04 20:38:30 +02:00
bigpigeon 0baf7954c5 missing with relayhost (#303)
* add AWS_SES_PORT env

* issue: relayhost port
2016-09-02 14:25:15 +02:00
Morgan Kesler 02f854f4e9 Allow user to provide Amavis configuration (#299)
* Add the option of manually specifying paths to SSL certificates

* Adding tests for manual SSL changes

* Allow user provided configuration of amavis
2016-09-02 09:08:41 +02:00
Morgan Kesler ee0c4244cc Add the option of manually specifying paths to SSL certificates (#296)
* Add the option of manually specifying paths to SSL certificates

* Adding tests for manual SSL changes
2016-08-31 15:15:39 +02:00
Josef Friedrich 81f42d096a Improve script 'debug-fetchmail' (#292)
The option '--check' checks for new mails without actually fetching
or deleting mail. Without '--check' 'debug-fetchmail' throws errors if
the external mail accout has new mails and the smtp daemon is not
running.
2016-08-30 09:58:45 +02:00
Jack Twilley dbc6c6dffa Actually use the key. (#290)
This code was mistakenly not committed, and is required for the feature to work.
2016-08-30 09:57:44 +02:00
Josef Friedrich 6c9901e260 Improve fetchmail support (#289)
Fetchmail is now configured by a script called 'setup-fetchmail'.
The script 'debug-fetchmail' is used inside the 'setup.sh' script.
2016-08-29 19:03:45 +02:00
Jack Twilley cd7bc5f6bc Minor tweaks to letsencrypt configuration. (#288)
The letsencrypt-auto client creates cert.pem, chain.pem, fullchain.pem, and
privkey.pem in its default settings.  The simp_le client creates cert.pem,
fullchain.pem, and key.pem in its default settings.

A check for either privkey.pem or key.pem was added.

The chain.pem file was only used by the letsencrypt code for the creation of
combined.pem, which is not used by either postfix or dovecot.

The code to create a combined.pem file for letsencrypt was removed, as was the
corresponding test.
2016-08-29 13:46:16 +02:00
Josef Friedrich 98e59a7abe Implement ./setup.sh email list (#287)
This commit adds a script nammed 'listmailuser'. './setup.sh' uses this
this script for its subcommand './setup.sh email list'. A test have
been added too.
2016-08-29 13:44:36 +02:00
Josef Friedrich 69ee54513e Fix build (#286)
The Refactoring of the scripts 'addmailuser' and 'delmailuser'
destroyed the build process.
2016-08-29 07:13:36 +02:00
Josef Friedrich 76d2c779df Adjust coding style in "bin" scripts (#279)
The main shell script (start-mailserver.sh) uses two spaces for
indentation. All other shell scripts should use this coding
style.
2016-08-28 21:08:37 +02:00
bigpigeon 46278ec890 add AWS_SES_PORT env (#278) 2016-08-28 21:07:16 +02:00
Jack Twilley 6d2d9dd738 Handle missing files more gracefully. (#265)
* Wrote functional tests for desired behavior.

Redoing the pull request, starting from current master.

The tests now fail where expected.

* Updated commands to handle missing files better.

The functional tests now pass.
2016-08-24 10:06:59 +02:00
Josef Friedrich 859df6866b Delete orphaned configuration file (#273)
The config file target/dovecot/dovecot.conf is not used to build the
docker-mailserver image. All tests are working without this file. The
additional config file config/dovecot.cf won’t be loaded if
target/dovecot/dovecot.conf is used.
2016-08-22 17:37:45 +02:00
Josef Friedrich e7de8b9245 Implement fetchmail (#260) (#271)
To retrieve emails from external mail accounts.
2016-08-21 22:13:13 +02:00
Zehir 8b289f6717 Adding the PERMIT_DOCKER option (#270)
* Adding the PERMIT_DOCKER option

See README.md for more informations

* Adding some test for PERMIT_DOCKER option

* Fix test cases

* Opendkim and Openmarc configuration

Fix docker network range
Adding opendkim and openmarc configuration

* Adding some options for tests

* Update log message

* Update tests
2016-08-21 22:10:13 +02:00
Kyle Ondy 4872d0e777 selective service disable (#250)
* Allow disabling amavis service

Setting the `DISABLE_AMAVIS=1` env var will skip the starting of the
amavis process.

* Enable option to not run spamassassin

Setting the `DISABLE_SPAMASSASSIN=1` env var will start this container
without spamassain.

* Allow starting of the container without clamav

Setting the `DISABLE_CLAMAV=1` env var will start this container without
starting clamav.
2016-08-04 21:04:26 +02:00
Kyle Ondy f4f70899c9
Add echo when sieve managemnt is enabled 2016-07-28 14:35:09 -04:00
Kyle Ondy 43b366aaad
Add echo when Fail2ban is enabled 2016-07-28 14:34:20 -04:00
Christoph 9998416590 Add paths to CA to postifx
Fixes untrusted TLS connections

See: http://giantdorks.org/alain/fix-for-postfix-untrusted-certificate-tls-error/
2016-07-25 22:50:36 +02:00
Thomas VIAL 0f7e7bb693
Fixed #230 adding postifx configuration. Also added tests. 2016-07-23 21:01:01 +02:00
Adrian Pistol 133d6eba32
Fix some bugs in the shell scripts. 2016-07-12 17:40:08 +02:00
shim_ 94679df291 move addmailuser, delmailuser to target/bin 2016-06-15 19:50:01 +02:00
shim_ 2a6d05cab6 set user var 2016-06-14 13:29:55 +02:00
shim_ 13b43561f8 add quotes 2016-06-14 13:28:15 +02:00
shim_ 3b2ae0f1c8 basic user management 2016-06-14 13:16:11 +02:00
Dominik Winter 94077b2a29 added ability to overwrite jail.conf 2016-06-03 01:22:03 +02:00
Thomas VIAL 5232935d47 Merge pull request #195 from tve/persistence
Persist mail state directories
2016-06-01 13:37:41 +02:00
Thomas VIAL ba29ac40b9
Fixed #197 removing SORBS from RBL 2016-05-30 10:09:32 +02:00
Josef Friedrich 0df97da39d Add user configuration file for dovecot 2016-05-24 19:19:06 +02:00
Thorsten von Eicken 4ca39f9144 consolidate mail state to fix #191 2016-05-23 23:21:18 -07:00
Thorsten von Eicken 1ff72b2faf improve finder for botched permissions 2016-05-23 20:45:58 -07:00
Thorsten von Eicken 6d8b8d1a6e AWS SES needs ca-certificates 2016-05-23 00:03:22 -07:00
Thorsten von Eicken 7f398a6bbc fix sed of main.cf for regexp aliases, try #3 2016-05-22 23:35:09 -07:00
Thorsten von Eicken 9ce94f442a fix sed of main.cf for regexp aliases, try #2 2016-05-22 23:23:06 -07:00
Thorsten von Eicken d87bb285a6 fix sed of main.cf for regexp aliases 2016-05-22 22:57:05 -07:00
Thorsten von Eicken 70dd4d1519 support sending via AWS SES 2016-05-22 21:45:00 -07:00
Thorsten von Eicken 36ed1453ae Avoid fixing permissions that look OK 2016-05-22 19:23:08 -07:00
Thorsten von Eicken 26bb8f6b34 Support addition of regexp alias file 2016-05-22 19:10:58 -07:00
Lukas Matt 777b1bacc7
Fix permission issues on wrong dkim path
Signed-off-by: Lukas Matt <lukas@zauberstuhl.de>
2016-05-01 15:29:47 +02:00
Thomas VIAL fd98dd4f16 Merge pull request #168 from 00angus/v2_smallfix
Sieve filters can now be installed at user setup.
2016-04-29 18:38:18 +02:00
André Stein 9f63fa2ef4 Rename environment variable ENABLE_MANAGE_SIEVE to ENABLE_MANAGESIEVE. 2016-04-29 17:09:48 +02:00
André Stein 69b66d55bc Configure dovecot's managesieve plugin when the environment variable
ENABLE_MANAGE_SIEVE has been set.

Adapted README and updated tests.

The functionality has successfully been tested using the Sieve
Thunderbird plugin.
2016-04-29 15:24:10 +02:00
angus 25406949ee Sieve filters can now be installed at user setup.
Changed Dockerfile to include a missing configuration file for dovecot (mailboxes).
Moved Postfix setup after DKIM/DMARC/SSL setup, near the override postfix setup.
2016-04-29 00:41:48 +02:00
André Stein 2f9f6b1002 Implement basic sieve support using Dovecot.
The dovecot-sieve plugin is installed and configured to apply sieve
as soon as a .dovecot.sieve file is encountered in the virtual user's
home directory (that is /var/mail/${domain}/${username}/.dovecot.sieve).

Transport has been changed in the postfix configuration to use
Dovecot LDA (see http://wiki.dovecot.org/LDA/Postfix) to actually
enable sieve filtering.

Tests have been added.
2016-04-28 08:57:50 +02:00
Thomas VIAL 1a77cb77cc Merge pull request #165 from stonemaster/postfix-spam
Adapted Postfix configuration to block typical spam sending
2016-04-27 11:24:21 +02:00
André Stein 09f9e8ec60 Postfix: reject_invalid_hostname configuration option changed to reject_invalid_helo_hostname string which is
the "modern" Postfix variant since version >=2.3. (same for non_fqdn_hostname)
2016-04-27 09:44:21 +02:00
André Stein a9c4bb3615 Adapted Postfix configuration to block typical spam sending
mail servers using an enhanced client, sender and helo
restriction configuration.

The configuration has been adapted using this blog post:
https://www.webstershome.co.uk/2014/04/07/postfix-blocking-spam-enters-server/

Basically mail servers having invalid configuration (as e.g. sending
from and dynamic IP or a misconfigured hostname) will have their
mails rejected.

Additionnally three RBL servers are used to detect spam sending
IPs: dnsbl.sorbs.net, zen.spamhaus.org and bl.spamcop.net.

The results of a 12h test drive using a 100+ daily spam
mail account (SpamAssasin was always enabled, just counting
delivered mails to inbox not counting what SA detected):
- Before: 34 incoming mails
- Afer change: 6 incoming mails (82% reduction)

Fixes #161.
2016-04-27 08:23:12 +02:00
Thomas VIAL 9fbe20f3d0
Added tests on letsencrypt - #109 2016-04-26 19:39:08 +02:00
Thomas VIAL 9415c099cc
Fixed #159: postfix-accounts.cf now generated with script + fixed line endings using sed in start-mailserver.sh 2016-04-25 16:00:39 +02:00
Thomas VIAL 9e1c4783a8
Refactored documentation and Wiki
Moved docker-compose.yml.dist to version 2 with data volume container
Renamed DMS_SSL to SSL_TYPE
Refactored start-mailserver to avoid DKIM errors
2016-04-24 17:37:10 +02:00
Thomas VIAL b9e1903083
- Fixed #152
- Moved Fail2ban to 0.9.x because OS version was buggy
- Improved documentation
- Reduce image size
2016-04-23 12:09:28 +02:00
Thomas VIAL 0322d890cd
Fixed i#152 Fail2ban config and tests 2016-04-22 17:51:14 +02:00
Thomas VIAL b58d0d33d6 Fixing #143 2016-04-21 01:08:14 +02:00