mirror of
https://github.com/tomav/docker-mailserver.git
synced 2024-06-28 04:01:20 +02:00
Merge branch 'release/6.0.0' into stable
This commit is contained in:
commit
6f9ac790df
23
.env.dist
23
.env.dist
|
@ -273,3 +273,26 @@ SRS_EXCLUDE_DOMAINS=
|
|||
# signing and the remaining will be used for verification. this is how you
|
||||
# rotate and expire keys
|
||||
SRS_SECRET=
|
||||
|
||||
# -----------------------------------------------------------------------------------------------------------------------------
|
||||
# ---------------- Multi-domain relay section ---------------------------------------------------------------------------------
|
||||
# -----------------------------------------------------------------------------------------------------------------------------
|
||||
|
||||
# Setup relaying for multiple domains based on the domain name of the sender
|
||||
# optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf
|
||||
#
|
||||
# empty => don't configure relay host
|
||||
# default host to relay mail through
|
||||
RELAY_HOST=
|
||||
|
||||
# empty => 25
|
||||
# default port to relay mail
|
||||
RELAY_PORT=25
|
||||
|
||||
# empty => no default
|
||||
# default relay username (if no specific entry exists in postfix-sasl-password.cf)
|
||||
RELAY_USER=
|
||||
|
||||
# empty => no default
|
||||
# password for default relay user
|
||||
RELAY_PASSWORD=
|
||||
|
|
17
CHANGELOG.md
17
CHANGELOG.md
|
@ -1,5 +1,22 @@
|
|||
# Changelog
|
||||
|
||||
## 6.0.0
|
||||
|
||||
* Implementation of multi-domain relay hosts (#922, #926)
|
||||
AWS_SES_HOST and AWS_SES_PORT are deprecated now.
|
||||
RELAY_HOST and RELAY_PORT are introduced to replace them.
|
||||
* Password creation fix (#908, #914)
|
||||
* Fixes 'duplicate log entry for /var/log/mail/mail.log' (#925, #927)
|
||||
* fixed cleanup (mail_with_relays didn't get cleaned up) (#930)
|
||||
* fix line breaks in postfix-summary mail error case (#936)
|
||||
* Set default virus delete time (#932, #935)
|
||||
This defaults to 7 days
|
||||
* Ensure that the account contains a @ (#923, #924)
|
||||
* Introducing global filters. (#934)
|
||||
* add missing env vars to docker-compose.yml (#937)
|
||||
* set postmaster address to a sensible default (#938, #939, #940)
|
||||
* Testfixes & more (#942)
|
||||
|
||||
## 5.8.1
|
||||
|
||||
* add headers to postfix summary mail (#919)
|
||||
|
|
|
@ -117,10 +117,8 @@ RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/e
|
|||
chmod 755 /etc/dovecot/ssl && \
|
||||
cd /usr/share/dovecot && \
|
||||
./mkcert.sh && \
|
||||
mkdir /usr/lib/dovecot/sieve-pipe && \
|
||||
chmod 755 /usr/lib/dovecot/sieve-pipe && \
|
||||
mkdir /usr/lib/dovecot/sieve-filter && \
|
||||
chmod 755 /usr/lib/dovecot/sieve-filter
|
||||
mkdir -p /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global && \
|
||||
chmod 755 -R /usr/lib/dovecot/sieve-pipe /usr/lib/dovecot/sieve-filter /usr/lib/dovecot/sieve-global
|
||||
|
||||
# Configures LDAP
|
||||
COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
|
||||
|
@ -198,8 +196,8 @@ RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
|
|||
sed -i -r 's|UpdateLogFile /var/log/clamav/|UpdateLogFile /var/log/mail/|g' /etc/clamav/freshclam.conf && \
|
||||
sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-daemon && \
|
||||
sed -i -r 's|/var/log/clamav|/var/log/mail|g' /etc/logrotate.d/clamav-freshclam && \
|
||||
sed -i -r '/\/var\/log\/mail\/mail.log/d' /etc/logrotate.d/rsyslog && \
|
||||
sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog && \
|
||||
sed -i -r '/\/var\/log\/mail\/mail.log/d' /etc/logrotate.d/rsyslog && \
|
||||
# prevent syslog logrotate warnings \
|
||||
sed -i -e 's/\(printerror "could not determine current runlevel"\)/#\1/' /usr/sbin/invoke-rc.d && \
|
||||
sed -i -e 's/^\(POLICYHELPER=\).*/\1/' /usr/sbin/invoke-rc.d && \
|
||||
|
|
22
Makefile
22
Makefile
|
@ -96,7 +96,7 @@ run:
|
|||
-e PERMIT_DOCKER=network \
|
||||
-e DMS_DEBUG=0 \
|
||||
-e OVERRIDE_HOSTNAME=mail.my-domain.com \
|
||||
-h mail.my-domain.com \
|
||||
-h unknown.domain.tld \
|
||||
-t $(NAME)
|
||||
sleep 15
|
||||
docker run -d --name mail_fail2ban \
|
||||
|
@ -207,10 +207,23 @@ run:
|
|||
-e SA_SPAM_SUBJECT="undef" \
|
||||
-h mail.my-domain.com -t $(NAME)
|
||||
sleep 15
|
||||
|
||||
docker run -d --name mail_with_relays \
|
||||
-v "`pwd`/test/config/relay-hosts":/tmp/docker-mailserver \
|
||||
-v "`pwd`/test":/tmp/docker-mailserver-test \
|
||||
-e RELAY_HOST=default.relay.com \
|
||||
-e RELAY_PORT=2525 \
|
||||
-e RELAY_USER=smtp_user \
|
||||
-e RELAY_PASSWORD=smtp_password \
|
||||
--cap-add=SYS_PTRACE \
|
||||
-e PERMIT_DOCKER=host \
|
||||
-e DMS_DEBUG=0 \
|
||||
-h mail.my-domain.com -t $(NAME)
|
||||
sleep 15
|
||||
|
||||
generate-accounts-after-run:
|
||||
docker run --rm -e MAIL_USER=added@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf
|
||||
docker exec mail addmailuser pass@localhost.localdomain 'may be \a `p^a.*ssword'
|
||||
|
||||
sleep 10
|
||||
|
||||
fixtures:
|
||||
|
@ -267,14 +280,15 @@ clean:
|
|||
mail_with_postgrey \
|
||||
mail_undef_spam_subject \
|
||||
mail_postscreen \
|
||||
mail_override_hostname
|
||||
mail_override_hostname \
|
||||
mail_with_relays
|
||||
|
||||
@if [ -d config.bak ]; then\
|
||||
rm -rf config ;\
|
||||
mv config.bak config ;\
|
||||
fi
|
||||
@if [ -d testconfig.bak ]; then\
|
||||
rm -rf test/config ;\
|
||||
sudo rm -rf test/config ;\
|
||||
mv testconfig.bak test/config ;\
|
||||
fi
|
||||
-sudo rm -rf test/onedir
|
||||
|
|
24
README.md
24
README.md
|
@ -67,7 +67,7 @@ Download the docker-compose.yml, the .env and the setup.sh files:
|
|||
|
||||
#### Create your mail accounts
|
||||
|
||||
./setup.sh email add <email> [<password>]
|
||||
./setup.sh email add <user@domain> [<password>]
|
||||
|
||||
#### Generate DKIM keys
|
||||
|
||||
|
@ -538,3 +538,25 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
|
|||
- you may specify multiple keys, comma separated. the first one is used for signing and the remaining will be used for verification. this is how you rotate and expire keys
|
||||
- if you have a cluster/swarm make sure the same keys are on all nodes
|
||||
- example command to generate a key: `dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64`
|
||||
|
||||
## Multi-domain Relay Hosts
|
||||
|
||||
#### RELAY_HOST
|
||||
|
||||
- **empty** => don't configure relay host
|
||||
- default host to relay mail through
|
||||
|
||||
#### RELAY_PORT
|
||||
|
||||
- **empty** => 25
|
||||
- default port to relay mail through
|
||||
|
||||
#### RELAY_USER
|
||||
|
||||
- **empty** => no default
|
||||
- default relay username (if no specific entry exists in postfix-sasl-password.cf)
|
||||
|
||||
#### RELAY_PASSWORD
|
||||
|
||||
- **empty** => no default
|
||||
- password for default relay user
|
||||
|
|
|
@ -68,6 +68,12 @@ services:
|
|||
- SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
|
||||
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
|
||||
- SASL_PASSWD=${SASL_PASSWD}
|
||||
- SRS_EXCLUDE_DOMAINS=${SRS_EXCLUDE_DOMAINS}
|
||||
- SRS_SECRET=${SRS_SECRET}
|
||||
- RELAY_HOST=${RELAY_HOST}
|
||||
- RELAY_PORT=${RELAY_PORT}
|
||||
- RELAY_USER=${RELAY_USER}
|
||||
- RELAY_PASSWORD=${RELAY_PASSWORD}
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_PTRACE
|
||||
|
|
27
setup.sh
27
setup.sh
|
@ -61,6 +61,12 @@ SUBCOMMANDS:
|
|||
$0 config dkim <keysize> (default: 2048)
|
||||
$0 config ssl
|
||||
|
||||
relay:
|
||||
|
||||
$0 relay add-domain <domain> <host> [<port>]
|
||||
$0 relay add-auth <domain> <username> [<password>]
|
||||
$0 relay exclude-domain <domain>
|
||||
|
||||
debug:
|
||||
|
||||
$0 debug fetchmail
|
||||
|
@ -197,6 +203,27 @@ case $1 in
|
|||
esac
|
||||
;;
|
||||
|
||||
relay)
|
||||
shift
|
||||
case $1 in
|
||||
add-domain)
|
||||
shift
|
||||
_docker_image addrelayhost $@
|
||||
;;
|
||||
add-auth)
|
||||
shift
|
||||
_docker_image addsaslpassword $@
|
||||
;;
|
||||
exclude-domain)
|
||||
shift
|
||||
_docker_image excluderelaydomain $@
|
||||
;;
|
||||
*)
|
||||
_usage
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
|
||||
debug)
|
||||
shift
|
||||
case $1 in
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-accounts.cf}
|
||||
|
||||
USER="$1"
|
||||
PASSWD="$2"
|
||||
shift
|
||||
PASSWD="$@"
|
||||
|
||||
usage() {
|
||||
echo "Usage: addmailuser <user@domain> [<password>]"
|
||||
|
@ -19,6 +20,7 @@ escape() {
|
|||
}
|
||||
|
||||
[ -z "$USER" ] && { usage; errex "no username specified"; }
|
||||
expr index "$USER" "@" >/dev/null || { usage; errex "username must include the domain"; }
|
||||
|
||||
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null &&
|
||||
errex "User \"$USER\" already exists"
|
||||
|
@ -28,5 +30,5 @@ if [ -z "$PASSWD" ]; then
|
|||
echo
|
||||
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
||||
fi
|
||||
|
||||
echo "$USER|$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")" >>$DATABASE
|
||||
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
|
||||
echo "$USER|$HASH" >> $DATABASE
|
||||
|
|
33
target/bin/addrelayhost
Executable file
33
target/bin/addrelayhost
Executable file
|
@ -0,0 +1,33 @@
|
|||
#! /bin/bash
|
||||
|
||||
DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-relaymap.cf}
|
||||
|
||||
DOMAIN="$1"
|
||||
HOST="$2"
|
||||
PORT="$3"
|
||||
|
||||
usage() {
|
||||
echo "Usage: addrelayhost <domain> <host> [<port>]"
|
||||
}
|
||||
|
||||
errex() {
|
||||
echo "$@" 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
escape() {
|
||||
echo "${1//./\\.}"
|
||||
}
|
||||
|
||||
[ -z "$DOMAIN" ] && { usage; errex "no domain specified"; }
|
||||
[ -z "$HOST" ] && { usage; errex "no relay host specified"; }
|
||||
|
||||
if [ -z "$PORT" ]; then
|
||||
PORT=25
|
||||
fi
|
||||
|
||||
if grep -qi "^@$DOMAIN" $DATABASE 2>/dev/null; then
|
||||
sed -i "s ^@"$DOMAIN".* "@$DOMAIN"\t\t["$HOST"]:"$PORT" " $DATABASE
|
||||
else
|
||||
echo -e "@$DOMAIN\t\t[$HOST]:$PORT" >> $DATABASE
|
||||
fi
|
35
target/bin/addsaslpassword
Executable file
35
target/bin/addsaslpassword
Executable file
|
@ -0,0 +1,35 @@
|
|||
#! /bin/bash
|
||||
|
||||
DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-sasl-password.cf}
|
||||
|
||||
DOMAIN="$1"
|
||||
USER="$2"
|
||||
PASSWD="$3"
|
||||
|
||||
usage() {
|
||||
echo "Usage: addsaslpassword <domain> <username> <password>"
|
||||
}
|
||||
|
||||
errex() {
|
||||
echo "$@" 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
escape() {
|
||||
echo "${1//./\\.}"
|
||||
}
|
||||
|
||||
[ -z "$DOMAIN" ] && { usage; errex "no domain specified"; }
|
||||
[ -z "$USER" ] && { usage; errex "no username specified"; }
|
||||
|
||||
if [ -z "$PASSWD" ]; then
|
||||
read -s -p "Enter Password: " PASSWD
|
||||
echo
|
||||
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
||||
fi
|
||||
|
||||
if grep -qi "^@$DOMAIN" $DATABASE 2>/dev/null; then
|
||||
sed -i "s ^@"$DOMAIN".* "@$DOMAIN"\t\t"$USER":"$PASSWD" " $DATABASE
|
||||
else
|
||||
echo -e "@$DOMAIN\t\t$USER:$PASSWD" >> $DATABASE
|
||||
fi
|
22
target/bin/excluderelaydomain
Executable file
22
target/bin/excluderelaydomain
Executable file
|
@ -0,0 +1,22 @@
|
|||
#! /bin/bash
|
||||
|
||||
DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-relaymap.cf}
|
||||
|
||||
DOMAIN="$1"
|
||||
|
||||
usage() {
|
||||
echo "Usage: excluderelayhost <domain>"
|
||||
}
|
||||
|
||||
errex() {
|
||||
echo "$@" 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
[ -z "$DOMAIN" ] && { usage; errex "no domain specified"; }
|
||||
|
||||
if grep -qi "^@$DOMAIN" $DATABASE 2>/dev/null; then
|
||||
sed -i "s/^@"$DOMAIN".*/@"$DOMAIN"/" $DATABASE
|
||||
else
|
||||
echo -e "@$DOMAIN" >> $DATABASE
|
||||
fi
|
|
@ -11,9 +11,16 @@ errex() {
|
|||
test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found"
|
||||
|
||||
# The case that the mail.log.1 file isn't readable shouldn't actually be possible with logrotate not rotating empty files.. But you never know!
|
||||
[ -r "/var/log/mail/mail.log.1" ] \
|
||||
&& BODY=$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first) \
|
||||
|| BODY="Error: Mail log not readable or not found: /var/log/mail/mail.log.1\n\nIn case of mail inactivity since the last report, this might be considered a nuisance warning.\n\nYours faithfully, The $HOSTNAME Mailserver"
|
||||
if [ -r "/var/log/mail/mail.log.1" ]; then
|
||||
BODY=$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first)
|
||||
else
|
||||
BODY="Error: Mail log not readable or not found: /var/log/mail/mail.log.1
|
||||
|
||||
In case of mail inactivity since the last report, this might be considered a nuisance warning.
|
||||
|
||||
Yours faithfully,
|
||||
The $HOSTNAME Mailserver"
|
||||
fi
|
||||
|
||||
sendmail -t <<EOF
|
||||
From: mailserver-report@$HOSTNAME
|
||||
|
|
|
@ -3,7 +3,8 @@
|
|||
DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-accounts.cf}
|
||||
|
||||
USER="$1"
|
||||
PASSWD=$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$2")
|
||||
shift
|
||||
PASSWD="$@"
|
||||
|
||||
usage() {
|
||||
echo "Usage: updatemailuser <user@domain.tld> [password]"
|
||||
|
@ -20,7 +21,13 @@ escape() {
|
|||
|
||||
[ -z "$USER" ] && { usage; errex "no username specified"; }
|
||||
|
||||
if [ -z "$PASSWD" ]; then
|
||||
read -s -p "Enter Password: " PASSWD
|
||||
echo
|
||||
[ -z "$PASSWD" ] && errex "Password must not be empty"
|
||||
fi
|
||||
HASH="$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"
|
||||
grep -qi "^$(escape "$USER")|" $DATABASE 2>/dev/null ||
|
||||
errex "User \"$USER\" does not exist"
|
||||
sed -i "s ^"$USER"|.* "$USER"|"$PASSWD" " $DATABASE
|
||||
#sed -i "s/^"$(escape "$USER")"|*/"$USER"|"$(doveadm pw -s SHA512-CRYPT -u "$USER" -p "$PASSWD")"/" $DATABASE
|
||||
|
||||
sed -i "s ^"$USER"|.* "$USER"|"$HASH" " $DATABASE
|
||||
|
|
|
@ -51,6 +51,37 @@ if ! [ $resu_acc = "OK" ] || ! [ $resu_vir = "OK" ]; then
|
|||
chmod 640 /etc/dovecot/userdb
|
||||
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
|
||||
sed -i -e '/\!include auth-passwdfile\.inc/s/^#//' /etc/dovecot/conf.d/10-auth.conf
|
||||
|
||||
# rebuild relay host
|
||||
if [ ! -z "$RELAY_HOST" ]; then
|
||||
# keep old config
|
||||
echo -n > /etc/postfix/sasl_passwd
|
||||
echo -n > /etc/postfix/relayhost_map
|
||||
if [ ! -z "$SASL_PASSWD" ]; then
|
||||
echo "$SASL_PASSWD" >> /etc/postfix/sasl_passwd
|
||||
fi
|
||||
# add domain-specific auth from config file
|
||||
if [ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]; then
|
||||
while read line; do
|
||||
if ! echo "$line" | grep -q -e "\s*#"; then
|
||||
echo "$line" >> /etc/postfix/sasl_passwd
|
||||
fi
|
||||
done < /tmp/docker-mailserver/postfix-sasl-password.cf
|
||||
fi
|
||||
# add default relay
|
||||
if [ ! -z "$RELAY_USER" ] && [ ! -z "$RELAY_PASSWORD" ]; then
|
||||
echo "[$RELAY_HOST]:$RELAY_PORT $RELAY_USER:$RELAY_PASSWORD" >> /etc/postfix/sasl_passwd
|
||||
fi
|
||||
# add relay maps from file
|
||||
if [ -f /tmp/docker-mailserver/postfix-relaymap.cf ]; then
|
||||
while read line; do
|
||||
if ! echo "$line" | grep -q -e "\s*#"; then
|
||||
echo "$line" >> /etc/postfix/relayhost_map
|
||||
fi
|
||||
done < /tmp/docker-mailserver/postfix-relaymap.cf
|
||||
fi
|
||||
fi
|
||||
|
||||
# Creating users
|
||||
# 'pass' is encrypted
|
||||
# comments and empty lines are ignored
|
||||
|
@ -78,8 +109,22 @@ if ! [ $resu_acc = "OK" ] || ! [ $resu_vir = "OK" ]; then
|
|||
# Copy user provided sieve file, if present
|
||||
test -e /tmp/docker-mailserver/${login}.dovecot.sieve && cp /tmp/docker-mailserver/${login}.dovecot.sieve /var/mail/${domain}/${user}/.dovecot.sieve
|
||||
echo ${domain} >> /tmp/vhost.tmp
|
||||
# add domains to relayhost_map
|
||||
if [ ! -z "$RELAY_HOST" ]; then
|
||||
if ! grep -q -e "^@${domain}\s" /etc/postfix/relayhost_map; then
|
||||
echo "@${domain} [$RELAY_HOST]:$RELAY_PORT" >> /etc/postfix/relayhost_map
|
||||
fi
|
||||
fi
|
||||
done
|
||||
fi
|
||||
if [ -f /etc/postfix/sasl_passwd ]; then
|
||||
chown root:root /etc/postfix/sasl_passwd
|
||||
chmod 0600 /etc/postfix/sasl_passwd
|
||||
fi
|
||||
if [ -f /etc/postfix/relayhost_map ]; then
|
||||
chown root:root /etc/postfix/relayhost_map
|
||||
chmod 0600 /etc/postfix/relayhost_map
|
||||
fi
|
||||
if [ -f postfix-virtual.cf ]; then
|
||||
# regen postfix aliases
|
||||
echo -n > /etc/postfix/virtual
|
||||
|
|
|
@ -31,14 +31,14 @@ plugin {
|
|||
# executed. The order of execution within a directory is determined by the
|
||||
# file names, using a normal 8bit per-character comparison. Multiple script
|
||||
# file or directory paths can be specified by appending an increasing number.
|
||||
#sieve_before =
|
||||
#sieve_before = /usr/lib/dovecot/sieve-global/before.dovecot.sieve
|
||||
#sieve_before2 =
|
||||
#sieve_before3 = (etc...)
|
||||
|
||||
# Identical to sieve_before, only the specified scripts are executed after the
|
||||
# user's script (only when keep is still in effect!). Multiple script file or
|
||||
# directory paths can be specified by appending an increasing number.
|
||||
#sieve_after =
|
||||
#sieve_after = /usr/lib/dovecot/sieve-global/after.dovecot.sieve
|
||||
#sieve_after2 =
|
||||
#sieve_after2 = (etc...)
|
||||
|
||||
|
|
|
@ -23,13 +23,14 @@ DEFAULT_VARS["ENABLE_SASLAUTHD"]="${ENABLE_SASLAUTHD:="0"}"
|
|||
DEFAULT_VARS["SMTP_ONLY"]="${SMTP_ONLY:="0"}"
|
||||
DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}"
|
||||
DEFAULT_VARS["OVERRIDE_HOSTNAME"]="${OVERRIDE_HOSTNAME}"
|
||||
DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:="postmaster@domain.com"}"
|
||||
DEFAULT_VARS["POSTSCREEN_ACTION"]="${POSTSCREEN_ACTION:="enforce"}"
|
||||
DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
|
||||
DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
|
||||
DEFAULT_VARS["ENABLE_SRS"]="${ENABLE_SRS:="0"}"
|
||||
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
|
||||
DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}"
|
||||
DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
|
||||
|
||||
##########################################################################
|
||||
# << DEFAULT VARS
|
||||
##########################################################################
|
||||
|
@ -135,7 +136,11 @@ function register_functions() {
|
|||
_register_setup_function "_setup_postfix_access_control"
|
||||
|
||||
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
|
||||
_register_setup_function "_setup_postfix_relay_amazon_ses"
|
||||
_register_setup_function "_setup_postfix_relay_hosts"
|
||||
fi
|
||||
|
||||
if [ ! -z "$RELAY_HOST" ]; then
|
||||
_register_setup_function "_setup_postfix_relay_hosts"
|
||||
fi
|
||||
|
||||
if [ "$ENABLE_POSTFIX_VIRTUAL_TRANSPORT" = 1 ]; then
|
||||
|
@ -410,6 +415,9 @@ function setup() {
|
|||
function _setup_default_vars() {
|
||||
notify 'task' "Setting up default variables [$FUNCNAME]"
|
||||
|
||||
# update POSTMASTER_ADDRESS - must be done done after _check_hostname()
|
||||
DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
|
||||
|
||||
for var in ${!DEFAULT_VARS[@]}; do
|
||||
echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
|
||||
[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && kill -15 `cat /var/run/supervisord.pid` && return 1
|
||||
|
@ -477,16 +485,25 @@ function _setup_dovecot() {
|
|||
# Copy pipe and filter programs, if any
|
||||
rm -f /usr/lib/dovecot/sieve-filter/*
|
||||
rm -f /usr/lib/dovecot/sieve-pipe/*
|
||||
if [ -d /tmp/docker-mailserver/sieve-filter ]; then
|
||||
cp /tmp/docker-mailserver/sieve-filter/* /usr/lib/dovecot/sieve-filter/
|
||||
chown docker:docker /usr/lib/dovecot/sieve-filter/*
|
||||
chmod 550 /usr/lib/dovecot/sieve-filter/*
|
||||
[ -d /tmp/docker-mailserver/sieve-filter ] && cp /tmp/docker-mailserver/sieve-filter/* /usr/lib/dovecot/sieve-filter/
|
||||
[ -d /tmp/docker-mailserver/sieve-pipe ] && cp /tmp/docker-mailserver/sieve-pipe/* /usr/lib/dovecot/sieve-pipe/
|
||||
if [ -f /tmp/docker-mailserver/before.dovecot.sieve ]; then
|
||||
sed -i "s/#sieve_before =/sieve_before =/" /etc/dovecot/conf.d/90-sieve.conf
|
||||
cp /tmp/docker-mailserver/before.dovecot.sieve /usr/lib/dovecot/sieve-global/
|
||||
sievec /usr/lib/dovecot/sieve-global/before.dovecot.sieve
|
||||
else
|
||||
sed -i "s/ sieve_before =/ #sieve_before =/" /etc/dovecot/conf.d/90-sieve.conf
|
||||
fi
|
||||
if [ -d /tmp/docker-mailserver/sieve-pipe ]; then
|
||||
cp /tmp/docker-mailserver/sieve-pipe/* /usr/lib/dovecot/sieve-pipe/
|
||||
chown docker:docker /usr/lib/dovecot/sieve-pipe/*
|
||||
chmod 550 /usr/lib/dovecot/sieve-pipe/*
|
||||
|
||||
if [ -f /tmp/docker-mailserver/after.dovecot.sieve ]; then
|
||||
sed -i "s/#sieve_after =/sieve_after =/" /etc/dovecot/conf.d/90-sieve.conf
|
||||
cp /tmp/docker-mailserver/after.dovecot.sieve /usr/lib/dovecot/sieve-global/
|
||||
sievec /usr/lib/dovecot/sieve-global/after.dovecot.sieve
|
||||
else
|
||||
sed -i "s/ sieve_after =/ #sieve_after =/" /etc/dovecot/conf.d/90-sieve.conf
|
||||
fi
|
||||
chown docker:docker -R /usr/lib/dovecot/sieve*
|
||||
chmod 550 -R /usr/lib/dovecot/sieve*
|
||||
}
|
||||
|
||||
function _setup_dovecot_local_user() {
|
||||
|
@ -1001,22 +1018,102 @@ function _setup_postfix_sasl_password() {
|
|||
fi
|
||||
}
|
||||
|
||||
function _setup_postfix_relay_amazon_ses() {
|
||||
notify 'task' 'Setting up Postfix Relay Amazon SES'
|
||||
if [ -z "$AWS_SES_PORT" ];then
|
||||
AWS_SES_PORT=25
|
||||
function _setup_postfix_relay_hosts() {
|
||||
notify 'task' 'Setting up Postfix Relay Hosts'
|
||||
# copy old AWS_SES variables to new variables
|
||||
if [ -z "$RELAY_HOST" ]; then
|
||||
if [ ! -z "$AWS_SES_HOST" ]; then
|
||||
notify 'inf' "Using deprecated AWS_SES environment variables"
|
||||
RELAY_HOST=$AWS_SES_HOST
|
||||
fi
|
||||
fi
|
||||
notify 'inf' "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT"
|
||||
echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd
|
||||
if [ -z "$RELAY_PORT" ]; then
|
||||
if [ -z "$AWS_SES_PORT" ]; then
|
||||
RELAY_PORT=25
|
||||
else
|
||||
RELAY_PORT=$AWS_SES_PORT
|
||||
fi
|
||||
fi
|
||||
if [ -z "$RELAY_USER" ]; then
|
||||
if [ ! -z "$AWS_SES_USERPASS" ]; then
|
||||
# NB this will fail if the password contains a colon!
|
||||
RELAY_USER=$(echo "$AWS_SES_USERPASS" | cut -f 1 -d ":")
|
||||
RELAY_PASSWORD=$(echo "$AWS_SES_USERPASS" | cut -f 2 -d ":")
|
||||
fi
|
||||
fi
|
||||
notify 'inf' "Setting up outgoing email relaying via $RELAY_HOST:$RELAY_PORT"
|
||||
|
||||
# setup /etc/postfix/sasl_passwd
|
||||
# --
|
||||
# @domain1.com postmaster@domain1.com:your-password-1
|
||||
# @domain2.com postmaster@domain2.com:your-password-2
|
||||
# @domain3.com postmaster@domain3.com:your-password-3
|
||||
#
|
||||
# [smtp.mailgun.org]:587 postmaster@domain2.com:your-password-2
|
||||
|
||||
if [ -f /tmp/docker-mailserver/postfix-sasl-password.cf ]; then
|
||||
notify 'inf' "Adding relay authentication from postfix-sasl-password.cf"
|
||||
while read line; do
|
||||
if ! echo "$line" | grep -q -e "\s*#"; then
|
||||
echo "$line" >> /etc/postfix/sasl_passwd
|
||||
fi
|
||||
done < /tmp/docker-mailserver/postfix-sasl-password.cf
|
||||
fi
|
||||
|
||||
# add default relay
|
||||
if [ ! -z "$RELAY_USER" ] && [ ! -z "$RELAY_PASSWORD" ]; then
|
||||
echo "[$RELAY_HOST]:$RELAY_PORT $RELAY_USER:$RELAY_PASSWORD" >> /etc/postfix/sasl_passwd
|
||||
else
|
||||
if [ ! -f /tmp/docker-mailserver/postfix-sasl-password.cf ]; then
|
||||
notify 'warn' "No relay auth file found and no default set"
|
||||
fi
|
||||
fi
|
||||
|
||||
chown root:root /etc/postfix/sasl_passwd
|
||||
chmod 0600 /etc/postfix/sasl_passwd
|
||||
# end /etc/postfix/sasl_passwd
|
||||
|
||||
# setup /etc/postfix/relayhost_map
|
||||
# --
|
||||
# @domain1.com [smtp.mailgun.org]:587
|
||||
# @domain2.com [smtp.mailgun.org]:587
|
||||
# @domain3.com [smtp.mailgun.org]:587
|
||||
|
||||
echo -n > /etc/postfix/relayhost_map
|
||||
|
||||
if [ -f /tmp/docker-mailserver/postfix-relaymap.cf ]; then
|
||||
notify 'inf' "Adding relay mappings from postfix-relaymap.cf"
|
||||
while read line; do
|
||||
if ! echo "$line" | grep -q -e "\s*#"; then
|
||||
echo "$line" >> /etc/postfix/relayhost_map
|
||||
fi
|
||||
done < /tmp/docker-mailserver/postfix-relaymap.cf
|
||||
fi
|
||||
grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf | while IFS=$'|' read login pass
|
||||
do
|
||||
domain=$(echo ${login} | cut -d @ -f2)
|
||||
if ! grep -q -e "^@${domain}\b" /etc/postfix/relayhost_map; then
|
||||
notify 'inf' "Adding relay mapping for ${domain}"
|
||||
echo "@${domain} [$RELAY_HOST]:$RELAY_PORT" >> /etc/postfix/relayhost_map
|
||||
fi
|
||||
done
|
||||
# remove lines with no destination
|
||||
sed -i '/^@\S*\s*$/d' /etc/postfix/relayhost_map
|
||||
|
||||
chown root:root /etc/postfix/relayhost_map
|
||||
chmod 0600 /etc/postfix/relayhost_map
|
||||
# end /etc/postfix/relayhost_map
|
||||
|
||||
postconf -e \
|
||||
"relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \
|
||||
"smtp_sasl_auth_enable = yes" \
|
||||
"smtp_sasl_security_options = noanonymous" \
|
||||
"smtp_sasl_password_maps = texthash:/etc/postfix/sasl_passwd" \
|
||||
"smtp_use_tls = yes" \
|
||||
"smtp_tls_security_level = encrypt" \
|
||||
"smtp_tls_note_starttls_offer = yes" \
|
||||
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
|
||||
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt" \
|
||||
"sender_dependent_relayhost_maps = texthash:/etc/postfix/relayhost_map" \
|
||||
"smtp_sender_dependent_authentication = yes"
|
||||
}
|
||||
|
||||
function _setup_postfix_dhparam() {
|
||||
|
|
6
test/config/before.dovecot.sieve
Normal file
6
test/config/before.dovecot.sieve
Normal file
|
@ -0,0 +1,6 @@
|
|||
require ["fileinto", "copy"];
|
||||
|
||||
if address :contains ["From"] "spam@spam.com" {
|
||||
fileinto :copy "INBOX";
|
||||
}
|
||||
|
3
test/config/relay-hosts/postfix-accounts.cf
Normal file
3
test/config/relay-hosts/postfix-accounts.cf
Normal file
|
@ -0,0 +1,3 @@
|
|||
user1@domainone.tld|{SHA512-CRYPT}$6$UMGnThsSm0IFgzEw$BynVshxudpGQHDRQaF4b7wb57A7NazGZcBUakYYLflp7J4E3UHK2qo/C1qXMCkRlYFlTd.SuwCsCKb7zBaUkb/
|
||||
user2@domaintwo.tld|{SHA512-CRYPT}$6$pDkaJmqaNJB0GNtl$692CLTUW1Z2C3kV1c9geJ7jWRrxqtT3eE7d/EEufEU2hI0br.SbLTItIfKPO9vhqpgWYB/bmUM7VRs7UZbN1w.
|
||||
user3@domainthree.tld|{SHA512-CRYPT}$6$y370fIl7h8PUWXkp$aC2Pp7xw2Gc9CSQW0cYORFfAOjzBJB8iu/GDFe9D4PVnE0aupFGdupm9db.7SU8Ur9T4eZyJ75.Be747XdDZ.0
|
2
test/config/relay-hosts/postfix-relaymap.cf
Normal file
2
test/config/relay-hosts/postfix-relaymap.cf
Normal file
|
@ -0,0 +1,2 @@
|
|||
@domaintwo.tld [other.relay.com]:587
|
||||
@domainthree.tld
|
1
test/config/relay-hosts/postfix-sasl-password.cf
Normal file
1
test/config/relay-hosts/postfix-sasl-password.cf
Normal file
|
@ -0,0 +1 @@
|
|||
@domaintwo.tld smtp_user_2:smtp_password_2
|
103
test/tests.bats
103
test/tests.bats
|
@ -15,7 +15,7 @@ load 'test_helper/bats-assert/load'
|
|||
}
|
||||
|
||||
@test "checking configuration: hostname/domainname override: check container hostname is applied correctly" {
|
||||
run docker exec mail_override_hostname /bin/bash -c "hostname | grep mail.my-domain.com"
|
||||
run docker exec mail_override_hostname /bin/bash -c "hostname | grep unknown.domain.tld"
|
||||
assert_success
|
||||
}
|
||||
|
||||
|
@ -329,7 +329,7 @@ load 'test_helper/bats-assert/load'
|
|||
@test "checking smtp: user1 should have received 6 mails" {
|
||||
run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l"
|
||||
assert_success
|
||||
assert_output 6
|
||||
assert_output 7
|
||||
}
|
||||
|
||||
@test "checking smtp: rejects mail to unknown user" {
|
||||
|
@ -1047,9 +1047,18 @@ load 'test_helper/bats-assert/load'
|
|||
assert_output 1
|
||||
}
|
||||
|
||||
@test "checking sieve global: user1 should have gotten a copy of his spam mail" {
|
||||
run docker exec mail /bin/sh -c "grep 'Spambot <spam@spam.com>' -R /var/mail/localhost.localdomain/user1/new/"
|
||||
assert_success
|
||||
}
|
||||
#
|
||||
# accounts
|
||||
#
|
||||
@test "checking accounts: user_without_domain creation should be rejected since user@domain format is required" {
|
||||
run docker exec mail /bin/sh -c "addmailuser user_without_domain mypassword"
|
||||
assert_failure
|
||||
assert_output --partial "username must include the domain"
|
||||
}
|
||||
|
||||
@test "checking accounts: user3 should have been added to /tmp/docker-mailserver/postfix-accounts.cf" {
|
||||
docker exec mail /bin/sh -c "addmailuser user3@domain.tld mypassword"
|
||||
|
@ -1188,17 +1197,28 @@ load 'test_helper/bats-assert/load'
|
|||
assert_success
|
||||
value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $1}')
|
||||
[ "$value" = "lorem@impsum.org" ]
|
||||
|
||||
docker exec mail doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \a `p^a.*ssword' | grep 'auth succeeded'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh email list" {
|
||||
run ./setup.sh -c mail email list
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh email update" {
|
||||
initialpass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
|
||||
run ./setup.sh -c mail email update lorem@impsum.org consectetur
|
||||
run ./setup.sh email update lorem@impsum.org my password
|
||||
sleep 10
|
||||
updatepass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}')
|
||||
[ "$initialpass" != "$changepass" ]
|
||||
[ "$initialpass" != "$updatepass" ]
|
||||
assert_success
|
||||
|
||||
docker exec mail doveadm pw -t "$updatepass" -p 'my password' | grep 'verified'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh email del" {
|
||||
run ./setup.sh -c mail email del -y lorem@impsum.org
|
||||
assert_success
|
||||
|
@ -1243,7 +1263,6 @@ load 'test_helper/bats-assert/load'
|
|||
run /bin/sh -c 'cat ./config/postfix-virtual.cf | grep "test1@example.org test1@forward.com,test2@forward.com" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh alias del" {
|
||||
echo -e 'test1@example.org test1@forward.com,test2@forward.com\ntest2@example.org test1@forward.com' > ./config/postfix-virtual.cf
|
||||
|
||||
|
@ -1310,6 +1329,46 @@ load 'test_helper/bats-assert/load'
|
|||
assert_output --partial "You need to specify an IP address. Run"
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh relay add-domain" {
|
||||
echo -n > ./config/postfix-relaymap.cf
|
||||
./setup.sh -c mail relay add-domain example1.org smtp.relay1.com 2525
|
||||
./setup.sh -c mail relay add-domain example2.org smtp.relay2.com
|
||||
./setup.sh -c mail relay add-domain example3.org smtp.relay3.com 2525
|
||||
./setup.sh -c mail relay add-domain example3.org smtp.relay.com 587
|
||||
|
||||
# check adding
|
||||
run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example1.org\s\+\[smtp.relay1.com\]:2525" | wc -l | grep 1'
|
||||
assert_success
|
||||
# test default port
|
||||
run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example2.org\s\+\[smtp.relay2.com\]:25" | wc -l | grep 1'
|
||||
assert_success
|
||||
# test modifying
|
||||
run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example3.org\s\+\[smtp.relay.com\]:587" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh relay add-auth" {
|
||||
echo -n > ./config/postfix-sasl-password.cf
|
||||
./setup.sh -c mail relay add-auth example.org smtp_user smtp_pass
|
||||
./setup.sh -c mail relay add-auth example2.org smtp_user2 smtp_pass2
|
||||
./setup.sh -c mail relay add-auth example2.org smtp_user2 smtp_pass_new
|
||||
|
||||
# test adding
|
||||
run /bin/sh -c 'cat ./config/postfix-sasl-password.cf | grep -e "^@example.org\s\+smtp_user:smtp_pass" | wc -l | grep 1'
|
||||
assert_success
|
||||
# test updating
|
||||
run /bin/sh -c 'cat ./config/postfix-sasl-password.cf | grep -e "^@example2.org\s\+smtp_user2:smtp_pass_new" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking setup.sh: setup.sh relay exclude-domain" {
|
||||
echo -n > ./config/postfix-relaymap.cf
|
||||
./setup.sh -c mail relay exclude-domain example.org
|
||||
|
||||
run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example.org\s*$" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# LDAP
|
||||
#
|
||||
|
@ -1424,11 +1483,14 @@ load 'test_helper/bats-assert/load'
|
|||
}
|
||||
|
||||
@test "checking dovecot: postmaster address" {
|
||||
run docker exec mail /bin/sh -c "grep 'postmaster_address = postmaster@domain.com' /etc/dovecot/conf.d/15-lda.conf"
|
||||
run docker exec mail /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf"
|
||||
assert_success
|
||||
|
||||
run docker exec mail_with_ldap /bin/sh -c "grep 'postmaster_address = postmaster@localhost.localdomain' /etc/dovecot/conf.d/15-lda.conf"
|
||||
assert_success
|
||||
|
||||
run docker exec mail_override_hostname /bin/sh -c "grep 'postmaster_address = postmaster@my-domain.com' /etc/dovecot/conf.d/15-lda.conf"
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking spoofing: rejects sender forging" {
|
||||
|
@ -1617,3 +1679,32 @@ load 'test_helper/bats-assert/load'
|
|||
run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
|
||||
assert_success
|
||||
}
|
||||
|
||||
#
|
||||
# relay hosts
|
||||
#
|
||||
|
||||
@test "checking relay hosts: default mapping is added from env vars" {
|
||||
run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/relayhost_map | grep -e "^@domainone.tld\s\+\[default.relay.com\]:2525" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking relay hosts: custom mapping is added from file" {
|
||||
run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/relayhost_map | grep -e "^@domaintwo.tld\s\+\[other.relay.com\]:587" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking relay hosts: ignored domain is not added" {
|
||||
run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/relayhost_map | grep -e "^@domainthree.tld\s\+\[any.relay.com\]:25" | wc -l | grep 0'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking relay hosts: auth entry is added" {
|
||||
run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^@domaintwo.tld\s\+smtp_user_2:smtp_password_2" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
||||
@test "checking relay hosts: default auth entry is added" {
|
||||
run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^\[default.relay.com\]:2525\s\+smtp_user:smtp_password" | wc -l | grep 1'
|
||||
assert_success
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user