From 0c31f713587ab590af40552a1e3be07be273ff81 Mon Sep 17 00:00:00 2001
From: Casper <casperklein@users.noreply.github.com>
Date: Thu, 6 Jan 2022 00:53:18 +0100
Subject: [PATCH] Introduce DOVECOT_INET_PROTOCOLS env (#2358)

---
 docs/content/config/environment.md    | 16 ++++++--
 mailserver.env                        | 12 +++++-
 target/scripts/start-mailserver.sh    |  5 ++-
 target/scripts/startup/setup-stack.sh | 23 +++++++++++-
 test/dovecot_inet_protocol.bats       | 54 +++++++++++++++++++++++++++
 5 files changed, 102 insertions(+), 8 deletions(-)
 create mode 100644 test/dovecot_inet_protocol.bats

diff --git a/docs/content/config/environment.md b/docs/content/config/environment.md
index fca6c912..066cefa7 100644
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -230,11 +230,19 @@ This option has been added in November 2019. Using other format than Maildir is
 
 ##### POSTFIX_INET_PROTOCOLS
 
-- **all** => All possible protocols.
-- ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
-- ipv6 => Use only IPv6 traffic.
+- **all** => Listen on all interfaces.
+- ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
+- ipv6 => Listen only on IPv6 interfaces.
 
-Note: More details in <http://www.postfix.org/postconf.5.html#inet_protocols>
+Note: More details at <http://www.postfix.org/postconf.5.html#inet_protocols>
+
+##### DOVECOT_INET_PROTOCOLS
+
+- **all** => Listen on all interfaces
+- ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
+- ipv6 => Listen only on IPv6 interfaces.
+
+Note: More information at <https://dovecot.org/doc/dovecot-example.conf>
 
 #### Reports
 
diff --git a/mailserver.env b/mailserver.env
index eca09380..75521e1b 100644
--- a/mailserver.env
+++ b/mailserver.env
@@ -226,14 +226,22 @@ REPORT_SENDER=
 # Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/)
 REPORT_INTERVAL=daily
 
-# Choose TCP/IP protocols to use
+# Choose TCP/IP protocols for postfix to use
 # **all** => All possible protocols.
 # ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
 # ipv6 => Use only IPv6 traffic.
 #
-# Note: More details in http://www.postfix.org/postconf.5.html#inet_protocols
+# Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols
 POSTFIX_INET_PROTOCOLS=all
 
+# Choose TCP/IP protocols for dovecot to use
+# **all** => Listen on all interfaces
+# ipv4 => Listen only on IPv4 interfaces. Most likely you want this behind Docker.
+# ipv6 => Listen only on IPv6 interfaces.
+#
+# Note: More information at https://dovecot.org/doc/dovecot-example.conf
+DOVECOT_INET_PROTOCOLS=all
+
 # -----------------------------------------------
 # --- SpamAssassin Section ----------------------
 # -----------------------------------------------
diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh
index 7aa96f4e..0c447bfd 100755
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -19,6 +19,7 @@ declare -a FUNCS_SETUP FUNCS_FIX FUNCS_CHECK FUNCS_MISC DAEMONS_START
 VARS[AMAVIS_LOGLEVEL]="${AMAVIS_LOGLEVEL:=0}"
 VARS[DEFAULT_RELAY_HOST]="${DEFAULT_RELAY_HOST:=}"
 VARS[DMS_DEBUG]="${DMS_DEBUG:=0}"
+VARS[DOVECOT_INET_PROTOCOLS]="${DOVECOT_INET_PROTOCOLS:=all}"
 VARS[DOVECOT_MAILBOX_FORMAT]="${DOVECOT_MAILBOX_FORMAT:=maildir}"
 VARS[DOVECOT_TLS]="${DOVECOT_TLS:=no}"
 VARS[ENABLE_AMAVIS]="${ENABLE_AMAVIS:=1}"
@@ -68,6 +69,7 @@ VARS[SSL_TYPE]="${SSL_TYPE:=}"
 VARS[SUPERVISOR_LOGLEVEL]="${SUPERVISOR_LOGLEVEL:=warn}"
 VARS[TLS_LEVEL]="${TLS_LEVEL:=modern}"
 VARS[UPDATE_CHECK_INTERVAL]="${UPDATE_CHECK_INTERVAL:=1d}"
+# shellcheck disable=SC2034
 VARS[VIRUSMAILS_DELETE_DELAY]="${VIRUSMAILS_DELETE_DELAY:=7}"
 
 export HOSTNAME DOMAINNAME CHKSUM_FILE
@@ -108,7 +110,8 @@ function register_functions
   [[ ${ENABLE_LDAP} -eq 1 ]] && _register_setup_function '_setup_ldap'
   [[ ${ENABLE_POSTGREY} -eq 1 ]] && _register_setup_function '_setup_postgrey'
   [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && _register_setup_function '_setup_saslauthd'
-  [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_inet_protocols'
+  [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_postfix_inet_protocols'
+  [[ ${DOVECOT_INET_PROTOCOLS} != 'all' ]] && _register_setup_function '_setup_dovecot_inet_protocols'
   [[ ${ENABLE_FAIL2BAN} -eq 1 ]] && _register_setup_function '_setup_fail2ban'
   [[ ${ENABLE_DNSBL} -eq 0 ]] && _register_setup_function '_setup_dnsbl_disable'
 
diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh
index c8fad3fa..73d5e303 100644
--- a/target/scripts/startup/setup-stack.sh
+++ b/target/scripts/startup/setup-stack.sh
@@ -1100,12 +1100,33 @@ function _setup_postfix_vhost
   _create_postfix_vhost
 }
 
-function _setup_inet_protocols
+function _setup_postfix_inet_protocols
 {
   _notify 'task' 'Setting up POSTFIX_INET_PROTOCOLS option'
   postconf -e "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
 }
 
+function _setup_dovecot_inet_protocols
+{
+  local PROTOCOL
+
+  _notify 'task' 'Setting up DOVECOT_INET_PROTOCOLS option'
+
+  # https://dovecot.org/doc/dovecot-example.conf
+  if [[ ${DOVECOT_INET_PROTOCOLS} == "ipv4" ]]
+  then
+    PROTOCOL='*' # IPv4 only
+  elif [[ ${DOVECOT_INET_PROTOCOLS} == "ipv6" ]]
+  then
+    PROTOCOL='[::]' # IPv6 only
+  else
+    # Unknown value, panic.
+    dms_panic__invalid_value 'DOVECOT_INET_PROTOCOLS' "${DOVECOT_INET_PROTOCOLS}"
+  fi
+
+  sedfile -i "s|^#listen =.*|listen = ${PROTOCOL}|g" /etc/dovecot/dovecot.conf
+}
+
 function _setup_docker_permit
 {
   _notify 'task' 'Setting up PERMIT_DOCKER Option'
diff --git a/test/dovecot_inet_protocol.bats b/test/dovecot_inet_protocol.bats
new file mode 100644
index 00000000..7b0c21cd
--- /dev/null
+++ b/test/dovecot_inet_protocol.bats
@@ -0,0 +1,54 @@
+load 'test_helper/common'
+
+function setup_file() {
+  local PRIVATE_CONFIG
+  export ALL IPV4 IPV6
+
+  PRIVATE_CONFIG="$(duplicate_config_for_container . "${IPV4}")"
+  ALL="mail_dovecot_all_protocols"
+  IPV4="mail_dovecot_ipv4"
+  IPV6="mail_dovecot_ipv6"
+
+	docker run --rm -d --name "${ALL}" \
+		-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
+		-e DOVECOT_INET_PROTOCOLS= \
+		-h mail.my-domain.com \
+		-t "${NAME}"
+
+  docker run --rm -d --name "${IPV4}" \
+		-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
+		-e DOVECOT_INET_PROTOCOLS=ipv4 \
+		-h mail.my-domain.com \
+		-t "${NAME}"
+
+	docker run --rm -d --name "${IPV6}" \
+		-v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \
+		-e DOVECOT_INET_PROTOCOLS=ipv6 \
+		-h mail.my-domain.com \
+		-t "${NAME}"
+}
+
+@test 'checking dovecot IP configuration' {
+  wait_for_finished_setup_in_container "${ALL}"
+  run docker exec "${ALL}" grep '^#listen = \*, ::' /etc/dovecot/dovecot.conf
+  assert_success
+  assert_output '#listen = *, ::'
+}
+
+@test 'checking dovecot IPv4 configuration' {
+  wait_for_finished_setup_in_container "${IPV4}"
+  run docker exec "${IPV4}" grep '^listen = \*$' /etc/dovecot/dovecot.conf
+  assert_success
+  assert_output 'listen = *'
+}
+
+@test 'checking dovecot IPv6 configuration' {
+  wait_for_finished_setup_in_container "${IPV6}"
+  run docker exec "${IPV6}" grep '^listen = \[::\]$' /etc/dovecot/dovecot.conf
+  assert_success
+  assert_output 'listen = [::]'
+}
+
+function teardown_file {
+  docker rm -f "${ALL}" "${IPV4}" "${IPV6}"
+}