From 008b8e6bce0a8e146b0eb2c67d1dcfe5b71f0cf8 Mon Sep 17 00:00:00 2001
From: Erik Wramner <erik@wramner.name>
Date: Sun, 15 Sep 2019 15:40:05 +0200
Subject: [PATCH 1/2] Fix #1093, pflogsumm and logwatch

---
 Dockerfile                            |  5 +-
 README.md                             | 73 ++++++++++++++++++++---
 docker-compose.elk.yml.dist           |  4 ++
 docker-compose.yml.dist               |  5 +-
 target/bin/report-pflogsumm-yesterday | 25 ++++++++
 target/start-mailserver.sh            | 85 ++++++++++++++++++++++-----
 6 files changed, 173 insertions(+), 24 deletions(-)
 create mode 100755 target/bin/report-pflogsumm-yesterday

diff --git a/Dockerfile b/Dockerfile
index afe675d3..ba10696a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -44,6 +44,8 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
     iproute2 \
     iptables \
     locales \
+    logwatch \
+    libdate-manip-perl \
     liblz4-tool \
     libmail-spf-perl \
     libnet-dns-perl \
@@ -99,7 +101,8 @@ RUN echo "deb http://http.debian.net/debian stretch-backports main" | tee -a /et
   touch /var/log/auth.log && \
   update-locale && \
   rm -f /etc/cron.weekly/fstrim && \
-  rm -f /etc/postsrsd.secret
+  rm -f /etc/postsrsd.secret && \
+  rm -f /etc/cron.daily/00logwatch
 
 # install filebeat for logging
 RUN curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
diff --git a/README.md b/README.md
index 8ed4b4b8..f383aa92 100644
--- a/README.md
+++ b/README.md
@@ -132,6 +132,7 @@ services:
     volumes:
       - maildata:/var/mail
       - mailstate:/var/mail-state
+      - maillogs:/var/log/mail
       - ./config/:/tmp/docker-mailserver/
     environment:
       - ENABLE_SPAMASSASSIN=1
@@ -149,6 +150,8 @@ volumes:
     driver: local
   mailstate:
     driver: local
+  maillogs:
+    driver: local
 ```
 
 __for ldap setup__:
@@ -170,6 +173,7 @@ services:
     volumes:
       - maildata:/var/mail
       - mailstate:/var/mail-state
+      - maillogs:/var/log/mail
       - ./config/:/tmp/docker-mailserver/
     environment:
       - ENABLE_SPAMASSASSIN=1
@@ -206,6 +210,8 @@ volumes:
     driver: local
   mailstate:
     driver: local
+  maillogs:
+    driver: local
 ```
 
 # Environment variables
@@ -347,28 +353,81 @@ Set the message size limit for all users. If set to zero, the size will be unlim
   - ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
 
 
-##### REPORT_RECIPIENT
+## Reports
+
+##### PFLOGSUMM_TRIGGER
 
   Enables a report being sent (created by pflogsumm) on a regular basis.
-  - **0** => Report emails are disabled
+  - **none** => No report
+  - daily_cron => Daily report for Yesterday will be sent
+  - logrotate => Full report for period will be sent when logs are rotated
+
+This is a new option. The old REPORT options are still supported for backwards compatibility.
+If this is not set and reports are enabled with the old options, logrotate will be used.
+
+##### PFLOGSUMM_RECIPIENT
+
+  Recipient address for pflogsumm reports if they are enabled.
+  - **not set** => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
+  - => Specify the recipient address(es)
+
+##### PFLOGSUMM_SENDER
+
+  From address for pflogsumm reports if they are enabled.
+  - **not set** => Use REPORT_SENDER or POSTMASTER_ADDRESS
+  - => Specify the sender address
+
+##### LOGWATCH_INTERVAL
+
+  Interval for logwatch report.
+  - **none** => No report is generated
+  - daily => Send a daily report
+  - weekly => Send a report every week
+
+##### LOGWATCH_RECIPIENT
+
+  Recipient address for logwatch reports if they are enabled.
+  - **not set** => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
+  - => Specify the recipient address(es)
+
+##### REPORT_RECIPIENT (deprecated)
+
+  Enables a report being sent (created by pflogsumm) on a regular basis.
+  - **0** => Report emails are disabled unless enabled by other options
   - 1 => Using POSTMASTER_ADDRESS as the recipient
   - => Specify the recipient address
 
-##### REPORT_SENDER
+##### REPORT_SENDER (deprecated)
 
   Change the sending address for mail report
   - **empty** => mailserver-report@hostname
   - => Specify the report sender (From) address
 
+##### REPORT_INTERVAL (deprecated)
 
-##### REPORT_INTERVAL
-
-  changes the interval in which a report is being sent.
+  changes the interval in which logs are rotated and a report is being sent (deprecated).
   - **daily** => Send a daily report
   - weekly => Send a report every week
   - monthly => Send a report every month
 
-Note: This Variable actually controls logrotate inside the container and rotates the log depending on this setting. The main log output is still available in its entirety via `docker logs mail` (Or your respective container name). If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/)
+Note: This variable used to control logrotate inside the container and sent the pflogsumm report when the logs were rotated.
+It is still supported for backwards compatibility, but the new option LOGROTATE_INTERVAL has been added that only rotates
+the logs. 
+
+##### LOGROTATE_INTERVAL 
+
+  Defines the interval in which the mail log is being rotated.
+  - **daily** => Rotate daily.
+  - weekly => Rotate weekly.
+  - monthly => Rotate monthly.
+
+Note that only the log inside the container is affected.
+The full log output is still available via `docker logs mail` (or your respective container name).
+If you want to control logrotation for the docker generated logfile see: [Docker Logging Drivers](https://docs.docker.com/config/containers/logging/configure/).
+
+Also note that by default the logs are lost when the container is recycled. To keep the logs, mount a volume.
+
+Finally the logrotate interval **may** affect the period for generated reports. That is the case when the reports are triggered by log rotation.
 
 ## Spamassassin
 
diff --git a/docker-compose.elk.yml.dist b/docker-compose.elk.yml.dist
index 4058713a..e9cf3370 100644
--- a/docker-compose.elk.yml.dist
+++ b/docker-compose.elk.yml.dist
@@ -15,6 +15,7 @@ services:
     - "993:993"
     volumes:
     - maildata:/var/mail
+    - maillogs:/var/log/mail
     - ./config/:/tmp/docker-mailserver/
     environment:
     - DMS_DEBUG=${DMS_DEBUG}
@@ -53,6 +54,7 @@ services:
     - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
     - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
     - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
+    - LOGROTATE_INTERVAL=${LOGROTATE_INTERVAL}
     - DOVECOT_TLS=${DOVECOT_TLS}
     - DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER}
     - DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER}
@@ -89,3 +91,5 @@ services:
 volumes:
   maildata:
     driver: local
+  maillogs:
+    driver: local
diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist
index c9b96cba..6873e9a5 100644
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@@ -13,6 +13,7 @@ services:
     volumes:
     - maildata:/var/mail
     - mailstate:/var/mail-state
+    - maillogs:/var/log/mail
     - ./config/:/tmp/docker-mailserver/
     environment:
     - DMS_DEBUG=${DMS_DEBUG}
@@ -55,6 +56,7 @@ services:
     - LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
     - LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
     - LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
+    - LOGROTATE_INTERVAL=${LOGROTATE_INTERVAL}
     - DOVECOT_TLS=${DOVECOT_TLS}
     - DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER}
     - DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER}
@@ -91,4 +93,5 @@ volumes:
     driver: local
   mailstate:
     driver: local
-
+  maillogs:
+    driver: local
diff --git a/target/bin/report-pflogsumm-yesterday b/target/bin/report-pflogsumm-yesterday
new file mode 100755
index 00000000..f4efd170
--- /dev/null
+++ b/target/bin/report-pflogsumm-yesterday
@@ -0,0 +1,25 @@
+#!/bin/bash
+set -eo
+
+HOSTNAME=$1
+RECIPIENT=$2
+SENDER=$3
+errex() {
+  echo -e "$@" 1>&2
+  exit 1
+}
+
+test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found"
+
+BODY=$(gzip -cdfq $(ls -tr /var/log/mail/mail.log*) | /usr/sbin/pflogsumm --problems_first -d yesterday)
+
+sendmail -t <<EOF
+From: $SENDER
+To: $RECIPIENT
+Subject: Postfix summary for $HOSTNAME sent $(date '+%Y-%m-%d_%H%M%S')
+Content-Transfer-Encoding: 8bit
+Content-Type: text/plain; charset=UTF-8
+
+$BODY
+EOF
+
diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh
index 6acdd1ab..2885e87d 100644
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@@ -33,7 +33,8 @@ DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
 DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
 DEFAULT_VARS["ENABLE_SRS"]="${ENABLE_SRS:="0"}"
 DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
-DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}"
+DEFAULT_VARS["LOGROTATE_INTERVAL"]="${LOGROTATE_INTERVAL:=${REPORT_INTERVAL:-"daily"}}"
+DEFAULT_VARS["LOGWATCH_INTERVAL"]="${LOGWATCH_INTERVAL:="none"}"
 DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
 
 ##########################################################################
@@ -164,9 +165,14 @@ function register_functions() {
   _register_setup_function "_setup_environment"
   _register_setup_function "_setup_logrotate"
 
-  if [ "$REPORT_RECIPIENT" != 0 ]; then
-  	_register_setup_function "_setup_mail_summary"
-  fi
+	if [ "$PFLOGSUMM_TRIGGER" != "none" ]; then
+		_register_setup_function "_setup_mail_summary"
+	fi
+
+	if [ "$LOGWATCH_TRIGGER" != "none" ]; then
+		_register_setup_function "_setup_logwatch"
+	fi
+
 
         # Compute last as the config files are modified in-place
         _register_setup_function "_setup_chksum_file"
@@ -438,8 +444,26 @@ function _setup_default_vars() {
 
 	# update POSTMASTER_ADDRESS - must be done done after _check_hostname()
 	DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
-    # update REPORT_SENDER - must be done done after _check_hostname()
-    DEFAULT_VARS["REPORT_SENDER"]="${REPORT_SENDER:=mailserver-report@${HOSTNAME}}"
+
+	# update REPORT_SENDER - must be done done after _check_hostname()
+	DEFAULT_VARS["REPORT_SENDER"]="${REPORT_SENDER:=mailserver-report@${HOSTNAME}}"
+	DEFAULT_VARS["PFLOGSUMM_SENDER"]="${PFLOGSUMM_SENDER:=${REPORT_SENDER}}"
+
+	# set PFLOGSUMM_TRIGGER here for backwards compatibility
+	# when REPORT_RECIPIENT is on the old method should be used
+	if [ $"REPORT_RECIPIENT" != "0" ]; then
+		DEFAULT_VARS["PFLOGSUMM_TRIGGER"]="${PFLOGSUMM_TRIGGER:="logrotate"}"
+	else
+		DEFAULT_VARS["PFLOGSUMM_TRIGGER"]="${PFLOGSUMM_TRIGGER:="none"}"
+	fi
+
+	# Expand address to simplify the rest of the script
+	if [ $"REPORT_RECIPIENT" == "1" ]; then
+		REPORT_RECIPIENT="$POSTMASTER_ADDRESS"
+		DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT}"
+	fi
+	DEFAULT_VARS["PFLOGSUMM_RECIPIENT"]="${PFLOGSUMM_RECIPIENT:=${REPORT_RECIPIENT}}"
+	DEFAULT_VARS["LOGWATCH_RECIPIENT"]="${LOGWATCH_RECIPIENT:=${REPORT_RECIPIENT}}"
 
 	for var in ${!DEFAULT_VARS[@]}; do
 		echo "export $var=\"${DEFAULT_VARS[$var]}\"" >> /root/.bashrc
@@ -626,7 +650,7 @@ function _setup_dovecot_local_user() {
 
 	if [[ ! $(grep '@' /tmp/docker-mailserver/postfix-accounts.cf | grep '|') ]]; then
 		if [ $ENABLE_LDAP -eq 0 ]; then
-			notify 'fatal' "Unless using LDAP, you need at least 1 email account to start the server."
+			notify 'fatal' "Unless using LDAP, you need at least 1 email account to start Dovecot."
 			defunc
 		fi
 	fi
@@ -1385,17 +1409,17 @@ function _setup_logrotate() {
 	notify 'inf' "Setting up logrotate"
 
 	LOGROTATE="/var/log/mail/mail.log\n{\n  compress\n  copytruncate\n  delaycompress\n"
-	case "$REPORT_INTERVAL" in
+	case "$LOGROTATE_INTERVAL" in
 		"daily" )
-			notify 'inf' "Setting postfix summary interval to daily"
+			notify 'inf' "Setting postfix logrotate interval to daily"
 			LOGROTATE="$LOGROTATE  rotate 1\n  daily\n"
 			;;
 		"weekly" )
-			notify 'inf' "Setting postfix summary interval to weekly"
+			notify 'inf' "Setting postfix logrotate interval to weekly"
 			LOGROTATE="$LOGROTATE  rotate 1\n  weekly\n"
 			;;
 		"monthly" )
-			notify 'inf' "Setting postfix summary interval to monthly"
+			notify 'inf' "Setting postfix logrotate interval to monthly"
 			LOGROTATE="$LOGROTATE  rotate 1\n  monthly\n"
 			;;
 	esac
@@ -1404,10 +1428,41 @@ function _setup_logrotate() {
 }
 
 function _setup_mail_summary() {
-	notify 'inf' "Enable postfix summary with recipient $REPORT_RECIPIENT"
-	[ "$REPORT_RECIPIENT" = 1 ] && REPORT_RECIPIENT=$POSTMASTER_ADDRESS
-	sed -i "s|}|  postrotate\n    /usr/local/bin/postfix-summary $HOSTNAME \
-    $REPORT_RECIPIENT $REPORT_SENDER\n  endscript\n}\n|" /etc/logrotate.d/maillog
+	notify 'inf' "Enable postfix summary with recipient $PFLOGSUMM_RECIPIENT"
+        case "$PFLOGSUMM_TRIGGER" in
+                "daily_cron" )
+                        notify 'inf' "Creating daily cron job for pflogsumm report"
+			echo "#!/bin/bash" > /etc/cron.daily/postfix-summary
+			echo "/usr/local/bin/report-pflogsumm-yesterday $HOSTNAME $PFLOGSUMM_RECIPIENT $PFLOGSUMM_SENDER" \
+			 >> /etc/cron.daily/postfix-summary
+			chmod +x /etc/cron.daily/postfix-summary
+                        ;;
+                "logrotate" )
+                        notify 'inf' "Add postrotate action for pflogsumm report"
+			sed -i "s|}|  postrotate\n    /usr/local/bin/postfix-summary $HOSTNAME \
+    $PFLOGSUMM_RECIPIENT $PFLOGSUMM_SENDER\n  endscript\n}\n|" /etc/logrotate.d/maillog
+                        ;;
+        esac
+}
+
+function _setup_logwatch() {
+	notify 'inf' "Enable logwatch reports with recipient $LOGWATCH_RECIPIENT"
+	case "$LOGWATCH_INTERVAL" in
+		"daily" )
+			notify 'inf' "Creating daily cron job for logwatch reports"
+			echo "#!/bin/bash" > /etc/cron.daily/logwatch
+			echo "/usr/sbin/logwatch --range Yesterday --hostname $HOSTNAME --mailto $LOGWATCH_RECIPIENT" \
+			>> /etc/cron.daily/logwatch
+			chmod 744 /etc/cron.daily/logwatch
+			;;
+		"weekly" )
+			notify 'inf' "Creating weekly cron job for logwatch reports"
+			echo "#!/bin/bash" > /etc/cron.weekly/logwatch
+			echo "/usr/sbin/logwatch --range 'between -7 days and -1 days' --hostname $HOSTNAME --mailto $LOGWATCH_RECIPIENT" \
+			>> /etc/cron.weekly/logwatch
+			chmod 744 /etc/cron.weekly/logwatch
+			;;
+	esac
 }
 
 function _setup_environment() {

From 2584124ccd85367213ebd4386d4d53a775ad8265 Mon Sep 17 00:00:00 2001
From: Erik Wramner <erik@wramner.name>
Date: Mon, 16 Sep 2019 08:05:18 +0200
Subject: [PATCH 2/2] Updated readme after code review

---
 README.md | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index f383aa92..9cdd79e1 100644
--- a/README.md
+++ b/README.md
@@ -357,23 +357,23 @@ Set the message size limit for all users. If set to zero, the size will be unlim
 
 ##### PFLOGSUMM_TRIGGER
 
-  Enables a report being sent (created by pflogsumm) on a regular basis.
-  - **none** => No report
-  - daily_cron => Daily report for Yesterday will be sent
-  - logrotate => Full report for period will be sent when logs are rotated
+  Enables regular pflogsumm mail reports.
+  - **not set** => No report
+  - daily_cron => Daily report for the previous day
+  - logrotate => Full report based on the mail log when it is rotated
 
 This is a new option. The old REPORT options are still supported for backwards compatibility.
 If this is not set and reports are enabled with the old options, logrotate will be used.
 
 ##### PFLOGSUMM_RECIPIENT
 
-  Recipient address for pflogsumm reports if they are enabled.
+  Recipient address for pflogsumm reports.
   - **not set** => Use REPORT_RECIPIENT or POSTMASTER_ADDRESS
   - => Specify the recipient address(es)
 
 ##### PFLOGSUMM_SENDER
 
-  From address for pflogsumm reports if they are enabled.
+  From address for pflogsumm reports.
   - **not set** => Use REPORT_SENDER or POSTMASTER_ADDRESS
   - => Specify the sender address