From 321ae744fa873ca300af83983b4f916ac8dc9c35 Mon Sep 17 00:00:00 2001 From: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Date: Thu, 17 Mar 2022 11:24:30 +0100 Subject: [PATCH] scripts: small refactorings (#2485) Co-authored-by: Casper --- .github/ISSUE_TEMPLATE/bug_report.yml | 2 +- target/scripts/start-mailserver.sh | 2 +- target/scripts/startup/setup-stack.sh | 109 +++++++++++++++----------- test/mail_special_use_folders.bats | 4 +- test/mail_ssl_manual.bats | 2 +- 5 files changed, 70 insertions(+), 49 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index 16727281..14d7c2cd 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -148,7 +148,7 @@ body: **You are not obliged to answer this question**. We do encourage answering though as it provides context to better assist you. Less experienced users tend to make common mistakes, which is ok; by letting us know we can spot those more easily. - + options: - label: I am inexperienced with docker - label: I am inexperienced with mail servers diff --git a/target/scripts/start-mailserver.sh b/target/scripts/start-mailserver.sh index b4da3e31..2e845e58 100755 --- a/target/scripts/start-mailserver.sh +++ b/target/scripts/start-mailserver.sh @@ -271,7 +271,7 @@ start_misc start_daemons # marker to check, if container was restarted -date > /CONTAINER_START +date >/CONTAINER_START _notify 'tasklog' "${HOSTNAME} is up and running" diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh index a5a0d1fe..2844587d 100644 --- a/target/scripts/startup/setup-stack.sh +++ b/target/scripts/startup/setup-stack.sh @@ -14,7 +14,7 @@ function _setup_supervisor if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf then case "${SUPERVISOR_LOGLEVEL}" in - 'critical' | 'error' | 'info' | 'debug' ) + ( 'critical' | 'error' | 'info' | 'debug' ) sed -i -E \ "s|(loglevel).*|\1 = ${SUPERVISOR_LOGLEVEL}|g" \ /etc/supervisor/supervisord.conf @@ -23,11 +23,11 @@ function _setup_supervisor exit ;; - 'warn' ) + ( 'warn' ) return 0 ;; - * ) + ( * ) _notify 'err' \ "SUPERVISOR_LOGLEVEL '${SUPERVISOR_LOGLEVEL}' unknown. Using default 'warn'" ;; @@ -160,7 +160,7 @@ function _setup_dovecot # set mail_location according to mailbox format case "${DOVECOT_MAILBOX_FORMAT}" in - "sdbox" | "mdbox" ) + ( "sdbox" | "mdbox" ) _notify 'inf' "Dovecot ${DOVECOT_MAILBOX_FORMAT} format configured" sed -i -e \ "s|^mail_location = .*$|mail_location = ${DOVECOT_MAILBOX_FORMAT}:\/var\/mail\/%d\/%n|g" \ @@ -171,7 +171,7 @@ function _setup_dovecot chmod 644 /etc/cron.d/dovecot-purge ;; - * ) + ( * ) _notify 'inf' "Dovecot maildir format configured (default)" sed -i -e 's|^mail_location = .*$|mail_location = maildir:\/var\/mail\/%d\/%n|g' /etc/dovecot/conf.d/10-mail.conf ;; @@ -719,12 +719,12 @@ function _setup_docker_permit done < <(ip -o -4 addr show type veth | grep -E -o '[0-9\.]+/[0-9]+') case "${PERMIT_DOCKER}" in - "none" ) + ( 'none' ) _notify 'inf' "Clearing Postfix's 'mynetworks'" postconf -e "mynetworks =" ;; - "connected-networks" ) + ( 'connected-networks' ) for NETWORK in "${CONTAINER_NETWORKS[@]}" do NETWORK=$(_sanitize_ipv4_to_subnet_cidr "${NETWORK}") @@ -735,28 +735,28 @@ function _setup_docker_permit done ;; - "container" ) + ( 'container' ) _notify 'inf' "Adding container IP address to Postfix's 'mynetworks'" postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_IP}/32" echo "${CONTAINER_IP}/32" >> /etc/opendmarc/ignore.hosts echo "${CONTAINER_IP}/32" >> /etc/opendkim/TrustedHosts ;; - "host" ) + ( 'host' ) _notify 'inf' "Adding ${CONTAINER_NETWORK}/16 to Postfix's 'mynetworks'" postconf -e "$(postconf | grep '^mynetworks =') ${CONTAINER_NETWORK}/16" echo "${CONTAINER_NETWORK}/16" >> /etc/opendmarc/ignore.hosts echo "${CONTAINER_NETWORK}/16" >> /etc/opendkim/TrustedHosts ;; - "network" ) + ( 'network' ) _notify 'inf' "Adding docker network to Postfix's 'mynetworks'" postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12" echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts ;; - * ) + ( * ) _notify 'warn' "Invalid value for PERMIT_DOCKER: ${PERMIT_DOCKER}" _notify 'inf' "Clearing Postfix's 'mynetworks'" postconf -e "mynetworks =" @@ -942,10 +942,21 @@ function _setup_security_stack local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam sa-update --import /etc/spamassassin/kam/kam.sa-channels.mcgrail.com.key + cat >"${SPAMASSASSIN_KAM_CRON_FILE}" <<"EOM" #! /bin/bash -sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com +RESULT="$(sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com 2>&1)" +EXIT_CODE=${?} + +# see https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes +if [[ ${EXIT_CODE} -ge 4 ]] +then + echo -e "Updating SpamAssassin KAM failed:\n${RESULT}\n" >&2 + exit 1 +fi + +exit 0 EOM @@ -986,7 +997,9 @@ EOM fi # fix cron.daily for spamassassin - sed -i -e 's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' /etc/cron.daily/spamassassin + sed -i \ + 's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' \ + /etc/cron.daily/spamassassin # Amavis if [[ ${ENABLE_AMAVIS} -eq 1 ]] @@ -1010,22 +1023,22 @@ function _setup_logrotate LOGROTATE='/var/log/mail/mail.log\n{\n compress\n copytruncate\n delaycompress\n' case "${LOGROTATE_INTERVAL}" in - 'daily' ) + ( 'daily' ) _notify 'inf' 'Setting postfix logrotate interval to daily' LOGROTATE="${LOGROTATE} rotate 4\n daily\n" ;; - 'weekly' ) + ( 'weekly' ) _notify 'inf' 'Setting postfix logrotate interval to weekly' LOGROTATE="${LOGROTATE} rotate 4\n weekly\n" ;; - 'monthly' ) + ( 'monthly' ) _notify 'inf' 'Setting postfix logrotate interval to monthly' LOGROTATE="${LOGROTATE} rotate 4\n monthly\n" ;; - * ) + ( * ) _notify 'warn' 'LOGROTATE_INTERVAL not found in _setup_logrotate' ;; @@ -1039,27 +1052,30 @@ function _setup_mail_summary _notify 'inf' "Enable postfix summary with recipient ${PFLOGSUMM_RECIPIENT}" case "${PFLOGSUMM_TRIGGER}" in - 'daily_cron' ) + ( 'daily_cron' ) _notify 'inf' 'Creating daily cron job for pflogsumm report' - echo '#! /bin/bash' > /etc/cron.daily/postfix-summary - echo "/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}" >>/etc/cron.daily/postfix-summary + cat >/etc/cron.daily/postfix-summary << EOM +#! /bin/bash + +/usr/local/bin/report-pflogsumm-yesterday ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER} +EOM chmod +x /etc/cron.daily/postfix-summary ;; - 'logrotate' ) + ( 'logrotate' ) _notify 'inf' 'Add postrotate action for pflogsumm report' sed -i \ "s|}| postrotate\n /usr/local/bin/postfix-summary ${HOSTNAME} ${PFLOGSUMM_RECIPIENT} ${PFLOGSUMM_SENDER}\n endscript\n}\n|" \ /etc/logrotate.d/maillog ;; - 'none' ) + ( 'none' ) _notify 'inf' 'Postfix log summary reports disabled.' ;; - * ) + ( * ) _notify 'err' 'PFLOGSUMM_TRIGGER not found in _setup_mail_summery' ;; @@ -1068,34 +1084,37 @@ function _setup_mail_summary function _setup_logwatch { - _notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}" - echo 'LogFile = /var/log/mail/freshclam.log' >>/etc/logwatch/conf/logfiles/clam-update.conf - - echo "MailFrom = ${LOGWATCH_SENDER}" >> /etc/logwatch/conf/logwatch.conf + echo "MailFrom = ${LOGWATCH_SENDER}" >>/etc/logwatch/conf/logwatch.conf case "${LOGWATCH_INTERVAL}" in - 'daily' ) - _notify 'inf' "Creating daily cron job for logwatch reports" - echo "#! /bin/bash" > /etc/cron.daily/logwatch - echo "/usr/sbin/logwatch --range Yesterday --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \ - >>/etc/cron.daily/logwatch - chmod 744 /etc/cron.daily/logwatch + ( 'daily' | 'weekly' ) + _notify 'inf' "Enable logwatch reports with recipient ${LOGWATCH_RECIPIENT}" + _notify 'inf' "Creating ${LOGWATCH_INTERVAL} cron job for logwatch reports" + + local LOGWATCH_FILE INTERVAL + + LOGWATCH_FILE="/etc/cron.${LOGWATCH_INTERVAL}/logwatch" + INTERVAL='--range Yesterday' + + if [[ ${LOGWATCH_INTERVAL} == 'weekly' ]] + then + INTERVAL="--range 'between -7 days and -1 days'" + fi + + cat >"${LOGWATCH_FILE}" << EOM +#! /bin/bash + +/usr/sbin/logwatch ${INTERVAL} --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT} +EOM + chmod 744 "${LOGWATCH_FILE}" ;; - 'weekly' ) - _notify 'inf' "Creating weekly cron job for logwatch reports" - echo "#! /bin/bash" > /etc/cron.weekly/logwatch - echo "/usr/sbin/logwatch --range 'between -7 days and -1 days' --hostname ${HOSTNAME} --mailto ${LOGWATCH_RECIPIENT}" \ - >>/etc/cron.weekly/logwatch - chmod 744 /etc/cron.weekly/logwatch - ;; - - 'none' ) + ( 'none' ) _notify 'inf' 'Logwatch reports disabled.' ;; - * ) + ( * ) _notify 'warn' 'LOGWATCH_INTERVAL not found in _setup_logwatch' ;; @@ -1127,7 +1146,9 @@ function _setup_fail2ban function _setup_dnsbl_disable { _notify 'task' 'Disabling postfix DNS block list (zen.spamhaus.org)' - sedfile -i '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' /etc/postfix/main.cf + sedfile -i \ + '/^smtpd_recipient_restrictions = / s/, reject_rbl_client zen.spamhaus.org//' \ + /etc/postfix/main.cf _notify 'task' 'Disabling postscreen DNS block lists' postconf -e "postscreen_dnsbl_action = ignore" diff --git a/test/mail_special_use_folders.bats b/test/mail_special_use_folders.bats index 8460190b..af3013f9 100644 --- a/test/mail_special_use_folders.bats +++ b/test/mail_special_use_folders.bats @@ -4,8 +4,8 @@ setup_file() { local PRIVATE_CONFIG PRIVATE_CONFIG="$(duplicate_config_for_container .)" docker run -d --name mail_special_use_folders \ - -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ - -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \ + -v "${PRIVATE_CONFIG}":/tmp/docker-mailserver \ + -v "$(pwd)/test/test-files":/tmp/docker-mailserver-test:ro \ -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_CLAMAV=0 \ -e ENABLE_SPAMASSASSIN=0 \ diff --git a/test/mail_ssl_manual.bats b/test/mail_ssl_manual.bats index 17679124..3da41a7d 100644 --- a/test/mail_ssl_manual.bats +++ b/test/mail_ssl_manual.bats @@ -101,7 +101,7 @@ function teardown_file() { @test "checking ssl: manual cert changes are picked up by check-for-changes" { printf 'someThingsChangedHere' \ >>"$(pwd)/test/test-files/ssl/${DOMAIN_SSL_MANUAL}/with_ca/ecdsa/key.ecdsa.pem" - sleep 10 + sleep 15 run docker exec mail_manual_ssl /bin/bash -c "supervisorctl tail -3000 changedetector" assert_output --partial 'Change detected'