docker/docker-mailserver
1
0
Fork 0
mirror of https://github.com/tomav/docker-mailserver.git synced 2024-06-21 15:06:54 +02:00
Code Issues Releases Wiki Activity

fixing #1602; variable-brace-policy changed;

Browse Source
This commit is contained in:
Georg Lauterbach 2020-09-06 12:27:40 +02:00
parent 67e1e586c7
commit f7ca406ec9
No known key found for this signature in database
GPG Key ID: 386D76E7AD496709
7 changed files with 169 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
CONTRIBUTING.md
View File

@ -119,21 +119,14 @@ var="bad"
##### braces
We use braces in the following way:
We always use braces.
``` BASH
# when it's clear and unambiguous,
# you do not have to use braces,
# but you might, see shellcheck SC2248
$VAR
# or
${VAR}
# when the variable is used
# in a bigger context
echo "/some/dir/${VAR}/to/destination/"
```
If you forgot this and want to change it later, you can use [this link](https://regex101.com/r/ikzJpF/4), which points to <https://regex101.com>. The used regex is `\$([^{("\\'\/])([a-zA-Z0-9_]*)([^}\/ \t'"\n.\]:]*)`, where you should in practice be able to replace all variable occurrences without braces with occurrences with braces.
##### loops
Like `if-else`, loops look like this

4
Makefile
View File

@ -161,14 +161,14 @@ clean:
sudo rm -rf test/config ;\
mv testconfig.bak test/config ;\
fi
-@ sudo rm -rf test/onedir test/alias test/quota test/relay test/config/dovecot-lmtp/userdb test/config/key* test/config/opendkim/keys/domain.tld/ test/config/opendkim/keys/example.com/ test/config/opendkim/keys/localdomain2.com/ test/config/postfix-aliases.cf test/config/postfix-receive-access.cf test/config/postfix-receive-access.cfe test/config/dovecot-quotas.cf test/config/postfix-send-access.cf test/config/postfix-send-access.cfe test/config/relay-hosts/chksum test/config/relay-hosts/postfix-aliases.cf test/config/dhparams.pem test/config/dovecot-lmtp/dh.pem test/config/relay-hosts/dovecot-quotas.cf test/config/user-patches.sh
-@ sudo rm -rf test/onedir test/alias test/quota test/relay test/config/dovecot-lmtp/userdb test/config/key* test/config/opendkim/keys/domain.tld/ test/config/opendkim/keys/example.com/ test/config/opendkim/keys/localdomain2.com/ test/config/postfix-aliases.cf test/config/postfix-receive-access.cf test/config/postfix-receive-access.cfe test/config/dovecot-quotas.cf test/config/postfix-send-access.cf test/config/postfix-send-access.cfe test/config/relay-hosts/chksum test/config/relay-hosts/postfix-aliases.cf test/config/dhparams.pem test/config/dovecot-lmtp/dh.pem test/config/relay-hosts/dovecot-quotas.cf test/config/user-patches.sh test/alias/config/postfix-virtual.cf test/quota/config/dovecot-quotas.cf test/quota/config/postfix-accounts.cf test/relay/config/postfix-relaymap.cf test/relay/config/postfix-sasl-password.cf
shellcheck:
@ echo -e "Testing shell / bash scripts with shellcheck\n"
@ shellcheck --version
@ echo ''
# currently without `start-mailserver` as this is to be merged separately
@ if find -iname "*.sh" -not -path "./test/*" -not -path "./target/docker-configomat/*" -not -wholename ./target/start-mailserver.sh -exec shellcheck -S style -Cauto -e SC2250,SC2154,SC2248 -W 50 {} \; | grep .; then\
@ if find -iname "*.sh" -not -path "./test/*" -not -path "./target/docker-configomat/*" -not -wholename ./target/start-mailserver.sh -exec shellcheck -S style -Cauto -e SC2250,SC2154 -W 50 {} \; | grep .; then\
echo -e "\nError" ;\
exit 1 ;\
else\

4
README.md
View File

@ -21,7 +21,7 @@ Easy to deploy and upgrade.
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
## ANNOUNCEMENT
## Announcement
At this point we have merged the next branch based on Debian Buster into master.
That means the docker image latest uses Buster. The change may break things!
@ -144,8 +144,6 @@ If you got any problems with SPF and/or forwarding mails, give [SRS](https://git
#### For informational purposes
Your config folder will be mounted in `/tmp/docker-mailserver/`. To understand how things work on boot, please have a look at [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh)
`restart: always` ensures that the mail server container (and Filebeat/ELK containers when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit.
#### Exposed ports

181
setup.sh
View File

@ -4,11 +4,11 @@
# included in the docker-mailserver
set -euEo pipefail
trap '_report_err $_ $LINENO $?' ERR
trap '_report_err ${_} ${LINENO} ${?}' ERR
function _report_err()
{
echo "ERROR occured :: source (hint) $1 ; line $2 ; exit code $3 ;;" >&2
echo "ERROR occured :: source ${1} ; line ${2} ; exit code ${3} ;;" >&2
_unset_vars
}
@ -18,12 +18,24 @@ function _unset_vars()
unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY
}
CDIR="$(cd "$(dirname "$(readlink -f "$0")")" && pwd)"
function _get_current_directory()
{
if dirname "$(readlink -f "${0}")" &>/dev/null
then
CDIR="$(cd "$(dirname "$(readlink -f "${0}")")" && pwd)"
elif realpath -e -L "${0}" &>/dev/null
then
CDIR="$(realpath -e -L "${0}")"
CDIR="${CDIR%/setup.sh}"
fi
}
CDIR="$(pwd)" ; _get_current_directory
CRI=
INFO=
IMAGE_NAME=
CONTAINER_NAME='mail'
DEFAULT_CONFIG_PATH="$CDIR/config"
DEFAULT_CONFIG_PATH="${CDIR}/config"
USE_CONTAINER=false
WISHED_CONFIG_PATH=
CONFIG_PATH=
@ -32,7 +44,7 @@ USE_TTY=
function _check_root()
{
if [[ $EUID -ne 0 ]]
if [[ ${EUID} -ne 0 ]]
then
echo "Curently docker-mailserver doesn't support podman's rootless mode, please run this script as root user."
return 1
@ -41,32 +53,32 @@ function _check_root()
function _update_config_path()
{
if [[ -n $CONTAINER_NAME ]]
if [[ -n ${CONTAINER_NAME} ]]
then
VOLUME=$(docker inspect "$CONTAINER_NAME" \
VOLUME=$(docker inspect "${CONTAINER_NAME}" \
--format="{{range .Mounts}}{{ println .Source .Destination}}{{end}}" | \
grep "/tmp/docker-mailserver$" 2>/dev/null)
fi
if [[ -n $VOLUME ]]
if [[ -n ${VOLUME} ]]
then
CONFIG_PATH=$(echo "$VOLUME" | awk '{print $1}')
CONFIG_PATH=$(echo "${VOLUME}" | awk '{print $1}')
fi
}
function _inspect()
{
if _docker_image_exists "$IMAGE_NAME"
if _docker_image_exists "${IMAGE_NAME}"
then
echo "Image: $IMAGE_NAME"
echo "Image: ${IMAGE_NAME}"
else
echo "Image: '$IMAGE_NAME' cant be found."
echo "Image: '${IMAGE_NAME}' cant be found."
fi
if [[ -n $CONTAINER_NAME ]]
if [[ -n ${CONTAINER_NAME} ]]
then
echo "Container: $CONTAINER_NAME"
echo "Config mount: $CONFIG_PATH"
echo "Container: ${CONTAINER_NAME}"
echo "Config mount: ${CONFIG_PATH}"
else
echo "Container: Not running, please start docker-mailserver."
fi
@ -74,7 +86,7 @@ function _inspect()
function _usage()
{
echo "Usage: $0 [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]
echo "Usage: ${0} [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]
OPTIONS:
@ -84,53 +96,52 @@ OPTIONS:
-c CONTAINER_NAME The name of the running container.
-p PATH config folder path (default: $(pwd)/config)
-p PATH config folder path (default: ${CDIR}/config)
SUBCOMMANDS:
email:
$0 email add <email> [<password>]
$0 email update <email> [<password>]
$0 email del <email>
$0 email restrict <add|del|list> <send|receive> [<email>]
$0 email list
${0} email add <email> [<password>]
${0} email update <email> [<password>]
${0} email del <email>
${0} email restrict <add|del|list> <send|receive> [<email>]
${0} email list
alias:
$0 alias add <email> <recipient>
$0 alias del <email> <recipient>
$0 alias list
${0} alias add <email> <recipient>
${0} alias del <email> <recipient>
${0} alias list
quota:
$0 quota set <email> [<quota>]
$0 quota del <email>
${0} quota set <email> [<quota>]
${0} quota del <email>
config:
$0 config dkim <keysize> (default: 2048)
$0 config ssl <fqdn>
${0} config dkim <keysize> (default: 2048)
${0} config ssl <fqdn>
relay:
$0 relay add-domain <domain> <host> [<port>]
$0 relay add-auth <domain> <username> [<password>]
$0 relay exclude-domain <domain>
${0} relay add-domain <domain> <host> [<port>]
${0} relay add-auth <domain> <username> [<password>]
${0} relay exclude-domain <domain>
debug:
$0 debug fetchmail
$0 debug fail2ban [<unban> <ip-address>]
$0 debug show-mail-logs
$0 debug inspect
$0 debug login <commands>
"
${0} debug fetchmail
${0} debug fail2ban [<unban> <ip-address>]
${0} debug show-mail-logs
${0} debug inspect
${0} debug login <commands>
return 1
"
}
function _docker_image_exists()
{
if $CRI history -q "$1" >/dev/null 2>&1
if ${CRI} history -q "${1}" >/dev/null 2>&1
then
return 0
else
@ -140,32 +151,32 @@ function _docker_image_exists()
function _docker_image()
{
if $USE_CONTAINER
if ${USE_CONTAINER}
then
# reuse existing container specified on command line
$CRI exec "$USE_TTY" "$CONTAINER_NAME" "$@"
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" "${@}"
else
# start temporary container with specified image
if ! _docker_image_exists "$IMAGE_NAME"
if ! _docker_image_exists "${IMAGE_NAME}"
then
echo "Image '$IMAGE_NAME' not found. Pulling ..."
$CRI pull "$IMAGE_NAME"
echo "Image '${IMAGE_NAME}' not found. Pulling ..."
${CRI} pull "${IMAGE_NAME}"
fi
${CRI} run --rm \
-v "$CONFIG_PATH":/tmp/docker-mailserver \
"$USE_TTY" "$IMAGE_NAME" "$@"
-v "${CONFIG_PATH}":/tmp/docker-mailserver \
"${USE_TTY}" "${IMAGE_NAME}" "${@}"
fi
}
function _docker_container()
{
if [[ -n $CONTAINER_NAME ]]
if [[ -n ${CONTAINER_NAME} ]]
then
$CRI exec "$USE_TTY" "$CONTAINER_NAME" "$@"
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" "${@}"
else
echo "The docker-mailserver is not running!"
exit 1
exit 5
fi
}
@ -183,7 +194,7 @@ function _main()
exit 10
fi
INFO=$($CRI ps \
INFO=$(${CRI} ps \
--no-trunc \
--format "{{.Image}};{{.Names}}" \
--filter label=org.label-schema.name="docker-mailserver" | \
@ -192,12 +203,12 @@ function _main()
IMAGE_NAME=${INFO%;*}
CONTAINER_NAME=${INFO#*;}
if [[ -z $IMAGE_NAME ]]
if [[ -z ${IMAGE_NAME} ]]
then
if [[ $CRI == "docker" ]]
if [[ ${CRI} == "docker" ]]
then
IMAGE_NAME=tvial/docker-mailserver:latest
elif [[ $CRI == "podman" ]]
elif [[ ${CRI} == "podman" ]]
then
IMAGE_NAME=docker.io/tvial/docker-mailserver:latest
fi
@ -211,38 +222,38 @@ function _main()
local OPTIND
while getopts ":c:i:p:" OPT
do
case $OPT in
c) CONTAINER_NAME="$OPTARG" ; USE_CONTAINER=true ;; # container specified, connect to running instance
i) IMAGE_NAME="$OPTARG" ;;
case ${OPT} in
c) CONTAINER_NAME="${OPTARG}" ; USE_CONTAINER=true ;; # container specified, connect to running instance
i) IMAGE_NAME="${OPTARG}" ;;
p)
case "$OPTARG" in
/*) WISHED_CONFIG_PATH="$OPTARG" ;;
* ) WISHED_CONFIG_PATH="$CDIR/$OPTARG" ;;
case "${OPTARG}" in
/*) WISHED_CONFIG_PATH="${OPTARG}" ;;
* ) WISHED_CONFIG_PATH="${CDIR}/${OPTARG}" ;;
esac
if [[ ! -d $WISHED_CONFIG_PATH ]]
if [[ ! -d ${WISHED_CONFIG_PATH} ]]
then
echo "Directory doesn't exist"
_usage
exit 1
exit 40
fi
;;
*) echo "Invalid option: -$OPTARG" >&2 ;;
*) echo "Invalid option: -${OPTARG}" >&2 ;;
esac
done
shift $((OPTIND-1))
if [[ -z $WISHED_CONFIG_PATH ]]
if [[ -z ${WISHED_CONFIG_PATH} ]]
then
# no wished config path
_update_config_path
if [[ -z $CONFIG_PATH ]]
if [[ -z ${CONFIG_PATH} ]]
then
CONFIG_PATH=$DEFAULT_CONFIG_PATH
CONFIG_PATH=${DEFAULT_CONFIG_PATH}
fi
else
CONFIG_PATH=$WISHED_CONFIG_PATH
CONFIG_PATH=${WISHED_CONFIG_PATH}
fi
@ -250,10 +261,10 @@ function _main()
email)
shift ; case ${1:-} in
add ) shift ; _docker_image addmailuser "$@" ;;
update ) shift ; _docker_image updatemailuser "$@" ;;
del ) shift ; _docker_image delmailuser "$@" ;;
restrict ) shift ; _docker_container restrict-access "$@" ;;
add ) shift ; _docker_image addmailuser "${@}" ;;
update ) shift ; _docker_image updatemailuser "${@}" ;;
del ) shift ; _docker_image delmailuser "${@}" ;;
restrict ) shift ; _docker_container restrict-access "${@}" ;;
list ) _docker_image listmailuser ;;
* ) _usage ;;
esac
@ -261,17 +272,17 @@ function _main()
alias)
shift ; case ${1:-} in
add ) shift ; _docker_image addalias "$@" ;;
del ) shift ; _docker_image delalias "$@" ;;
list ) shift ; _docker_image listalias "$@" ;;
add ) shift ; _docker_image addalias "${@}" ;;
del ) shift ; _docker_image delalias "${@}" ;;
list ) shift ; _docker_image listalias "${@}" ;;
* ) _usage ;;
esac
;;
quota)
shift ; case ${1:-} in
set ) shift ; _docker_image setquota "$@" ;;
del ) shift ; _docker_image delquota "$@" ;;
set ) shift ; _docker_image setquota "${@}" ;;
del ) shift ; _docker_image delquota "${@}" ;;
* ) _usage ;;
esac
;;
@ -279,16 +290,16 @@ function _main()
config)
shift ; case ${1:-} in
dkim ) _docker_image generate-dkim-config "${2:-2048}" ;;
ssl ) _docker_image generate-ssl-certificate "$2" ;;
ssl ) _docker_image generate-ssl-certificate "${2}" ;;
* ) _usage ;;
esac
;;
relay)
shift ; case ${1:-} in
add-domain ) shift ; _docker_image addrelayhost "$@" ;;
add-auth ) shift ; _docker_image addsaslpassword "$@" ;;
exclude-domain ) shift ; _docker_image excluderelaydomain "$@" ;;
add-domain ) shift ; _docker_image addrelayhost "${@}" ;;
add-auth ) shift ; _docker_image addsaslpassword "${@}" ;;
exclude-domain ) shift ; _docker_image excluderelaydomain "${@}" ;;
* ) _usage ;;
esac
;;
@ -296,7 +307,7 @@ function _main()
debug)
shift ; case ${1:-} in
fetchmail ) _docker_image debug-fetchmail ;;
fail2ban ) shift ; _docker_container fail2ban "$@" ;;
fail2ban ) shift ; _docker_container fail2ban "${@}" ;;
show-mail-logs ) _docker_container cat /var/log/mail/mail.log ;;
inspect ) _inspect ;;
login )
@ -305,16 +316,16 @@ function _main()
then
_docker_container /bin/bash
else
_docker_container /bin/bash -c "$@"
_docker_container /bin/bash -c "${@}"
fi
;;
* ) _usage ;;
* ) _usage ; exit 1 ;;
esac
;;
* ) _usage ;;
* ) _usage ; exit 1 ;;
esac
}
_main "$@"
_main "${@}"
_unset_vars

64
target/check-for-changes.sh
View File

@ -8,7 +8,7 @@
. /usr/local/bin/helper_functions.sh
LOG_DATE=$(date +"%Y-%m-%d %H:%M:%S ")
echo "$LOG_DATE Start check-for-changes script."
echo "${LOG_DATE} Start check-for-changes script."
# ? Checks ------------------------------------------------
@ -17,14 +17,14 @@ cd /tmp/docker-mailserver || exit 1
# Check postfix-accounts.cf exist else break
if [[ ! -f postfix-accounts.cf ]]
then
echo "$LOG_DATE postfix-accounts.cf is missing! This should not run! Exit!"
echo "${LOG_DATE} postfix-accounts.cf is missing! This should not run! Exit!"
exit
fi
# Verify checksum file exists; must be prepared by start-mailserver.sh
if [[ ! -f $CHKSUM_FILE ]]
if [[ ! -f ${CHKSUM_FILE} ]]
then
echo "$LOG_DATE $CHKSUM_FILE is missing! Start script failed? Exit!"
echo "${LOG_DATE} ${CHKSUM_FILE} is missing! Start script failed? Exit!"
exit
fi
@ -32,14 +32,14 @@ fi
# Determine postmaster address, duplicated from start-mailserver.sh
# This script previously didn't work when POSTMASTER_ADDRESS was empty
if [[ -n $OVERRIDE_HOSTNAME ]]
if [[ -n ${OVERRIDE_HOSTNAME} ]]
then
DOMAINNAME="${OVERRIDE_HOSTNAME#*.}"
else
DOMAINNAME="$(hostname -d)"
fi
PM_ADDRESS="${POSTMASTER_ADDRESS:=postmaster@${DOMAINNAME}}"
echo "$LOG_DATE Using postmaster address $PM_ADDRESS"
echo "${LOG_DATE} Using postmaster address ${PM_ADDRESS}"
sleep 10
while true
@ -49,32 +49,32 @@ do
# get chksum and check it, no need to lock config yet
_monitored_files_checksums >"${CHKSUM_FILE}.new"
if ! cmp --silent -- "$CHKSUM_FILE" "$CHKSUM_FILE.new"
if ! cmp --silent -- "${CHKSUM_FILE}" "${CHKSUM_FILE}.new"
then
echo "${LOG_DATE} Change detected"
changed=$(grep -Fxvf "$CHKSUM_FILE" "$CHKSUM_FILE.new" | sed 's/^[^ ]\+ //')
mv "$CHKSUM_FILE.new" "$CHKSUM_FILE"
changed=$(grep -Fxvf "${CHKSUM_FILE}" "${CHKSUM_FILE}.new" | sed 's/^[^ ]\+ //')
mv "${CHKSUM_FILE}.new" "${CHKSUM_FILE}"
# Bug alert! This overwrites the alias set by start-mailserver.sh
# Take care that changes in one script are propagated to the other
# ! NEEDS FIX -----------------------------------------
# TODO FIX --------------------------------------------
# ! NEEDS EXTENSIONS ----------------------------
# TODO Perform updates below conditionally too --
# ! NEEDS EXTENSIONS ----------------------------------
# TODO Perform updates below conditionally too --------
# Also note that changes are performed in place and are not atomic
# We should fix that and write to temporary files, stop, swap and start
# Lock configuration while working
(
flock -e 200
for file in $changed
for file in ${changed}
do
case $file in
case ${file} in
/etc/letsencrypt/acme.json)
for certdomain in $SSL_DOMAIN $HOSTNAME $DOMAINNAME
for certdomain in ${SSL_DOMAIN} ${HOSTNAME} ${DOMAINNAME}
do
if _extract_certs_from_acme "$certdomain"
if _extract_certs_from_acme "${certdomain}"
then
break
fi
@ -96,7 +96,7 @@ do
echo -n >/etc/postfix/vmailbox
echo -n >/etc/dovecot/userdb
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] && [[ $ENABLE_LDAP -ne 1 ]]
if [[ -f /tmp/docker-mailserver/postfix-accounts.cf ]] && [[ ${ENABLE_LDAP} -ne 1 ]]
then
sed -i 's/\r//g' /tmp/docker-mailserver/postfix-accounts.cf
echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." >/etc/postfix/vmailbox
@ -110,13 +110,13 @@ do
sed -i -e '/\!include auth-passwdfile\.inc/s/^#//' /etc/dovecot/conf.d/10-auth.conf
# rebuild relay host
if [[ -n $RELAY_HOST ]]
if [[ -n ${RELAY_HOST} ]]
then
# keep old config
echo -n >/etc/postfix/sasl_passwd
if [[ -n $SASL_PASSWD ]]
if [[ -n ${SASL_PASSWD} ]]
then
echo "$SASL_PASSWD" >>/etc/postfix/sasl_passwd
echo "${SASL_PASSWD}" >>/etc/postfix/sasl_passwd
fi
# add domain-specific auth from config file
@ -124,17 +124,17 @@ do
then
(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-sasl-password.cf || true) | while read -r line
do
if ! echo "$line" | grep -q -e "\s*#"
if ! echo "${line}" | grep -q -e "\s*#"
then
echo "$line" >>/etc/postfix/sasl_passwd
echo "${line}" >>/etc/postfix/sasl_passwd
fi
done
fi
# add default relay
if [[ -n "$RELAY_USER" ]] && [[ -n "$RELAY_PASSWORD" ]]
if [[ -n "${RELAY_USER}" ]] && [[ -n "${RELAY_PASSWORD}" ]]
then
echo "[$RELAY_HOST]:$RELAY_PORT $RELAY_USER:$RELAY_PASSWORD" >>/etc/postfix/sasl_passwd
echo "[${RELAY_HOST}]:${RELAY_PORT} ${RELAY_USER}:${RELAY_PASSWORD}" >>/etc/postfix/sasl_passwd
fi
fi
@ -142,8 +142,8 @@ do
# comments and empty lines are ignored
grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-accounts.cf | while IFS=$'|' read -r login pass
do
user=$(echo "$login" | cut -d @ -f1)
domain=$(echo "$login" | cut -d @ -f2)
user=$(echo "${login}" | cut -d @ -f1)
domain=$(echo "${login}" | cut -d @ -f2)
user_attributes=""
# test if user has a defined quota
@ -156,7 +156,7 @@ do
[[ ${#user_quota[@]} -eq 2 ]] && user_attributes="${user_attributes}userdb_quota_rule=*:bytes=${user_quota[1]}"
fi
echo "$login ${domain}/${user}/" >>/etc/postfix/vmailbox
echo "${login} ${domain}/${user}/" >>/etc/postfix/vmailbox
# user database for dovecot has the following format:
# user:password:uid:gid:(gecos):home:(shell):extra_fields
@ -170,11 +170,11 @@ do
cp "/tmp/docker-mailserver/${login}.dovecot.sieve" "/var/mail/${domain}/${user}/.dovecot.sieve"
fi
echo "$domain" >>/tmp/vhost.tmp
echo "${domain}" >>/tmp/vhost.tmp
done
fi
[[ -n $RELAY_HOST ]] && _populate_relayhost_map
[[ -n ${RELAY_HOST} ]] && _populate_relayhost_map
if [[ -f /etc/postfix/sasl_passwd ]]
@ -197,11 +197,11 @@ do
# shellcheck disable=SC2034
(grep -v "^\s*$\|^\s*\#" /tmp/docker-mailserver/postfix-virtual.cf || true) | while read -r from to
do
uname=$(echo "$from" | cut -d @ -f1)
domain=$(echo "$from" | cut -d @ -f2)
uname=$(echo "${from}" | cut -d @ -f1)
domain=$(echo "${from}" | cut -d @ -f2)
# if they are equal it means the line looks like: "user1 other@domain.tld"
[ "$uname" != "$domain" ] && echo "$domain" >>/tmp/vhost.tmp
[ "${uname}" != "${domain}" ] && echo "${domain}" >>/tmp/vhost.tmp
done
fi
@ -229,7 +229,7 @@ s/$/ regexp:\/etc\/postfix\/regexp/
supervisorctl restart postfix
# prevent restart of dovecot when smtp_only=1
[[ $SMTP_ONLY -ne 1 ]] && supervisorctl restart dovecot
[[ ${SMTP_ONLY} -ne 1 ]] && supervisorctl restart dovecot
) 200<postfix-accounts.cf # end lock
fi

36
target/helper_functions.sh
View File

@ -18,13 +18,13 @@ function _mask_ip_digit()
MASK=0
else
VALUES=(0 128 192 224 240 248 252 254 255)
MASK=${VALUES[$1]}
MASK=${VALUES[${1}]}
fi
local DVAL=${2}
((DVAL&=MASK))
echo "$DVAL"
echo "${DVAL}"
}
# Transforms a specific IP with CIDR suffix
@ -35,15 +35,13 @@ function _sanitize_ipv4_to_subnet_cidr()
{
local DIGIT_PREFIX_LENGTH="${1#*/}"
declare -a DIGITS
IFS='.' ; read -r -a DIGITS < <(echo "${1%%/*}")
unset IFS
declare -a MASKED_DIGITS
declare -a DIGITS
IFS='.' ; read -r -a DIGITS < <(echo "${1%%/*}") ; unset IFS
for ((i = 0 ; i < 4 ; i++))
do
MASKED_DIGITS[i]=$(_mask_ip_digit "$DIGIT_PREFIX_LENGTH" "${DIGITS[i]}")
MASKED_DIGITS[i]=$(_mask_ip_digit "${DIGIT_PREFIX_LENGTH}" "${DIGITS[i]}")
DIGIT_PREFIX_LENGTH=$((DIGIT_PREFIX_LENGTH - 8))
done
@ -66,7 +64,7 @@ for key, value in acme.items():
certs = value['Certificates']
for cert in certs:
if 'domain' in cert and 'key' in cert:
if 'main' in cert['domain'] and cert['domain']['main'] == '$1' or 'sans' in cert['domain'] and '$1' in cert['domain']['sans']:
if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']:
print cert['key']
break
")
@ -80,7 +78,7 @@ for key, value in acme.items():
certs = value['Certificates']
for cert in certs:
if 'domain' in cert and 'certificate' in cert:
if 'main' in cert['domain'] and cert['domain']['main'] == '$1' or 'sans' in cert['domain'] and '$1' in cert['domain']['sans']:
if 'main' in cert['domain'] and cert['domain']['main'] == '${1}' or 'sans' in cert['domain'] and '${1}' in cert['domain']['sans']:
print cert['certificate']
break
")
@ -89,9 +87,9 @@ for key, value in acme.items():
then
mkdir -p "/etc/letsencrypt/live/${HOSTNAME}/"
echo "$KEY" | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/key.pem || exit 1
echo "$CERT" | base64 -d >/etc/letsencrypt/live/"$HOSTNAME"/fullchain.pem || exit 1
echo "Cert found in /etc/letsencrypt/acme.json for $1"
echo "${KEY}" | base64 -d >/etc/letsencrypt/live/"${HOSTNAME}"/key.pem || exit 1
echo "${CERT}" | base64 -d >/etc/letsencrypt/live/"${HOSTNAME}"/fullchain.pem || exit 1
echo "Cert found in /etc/letsencrypt/acme.json for ${1}"
return 0
else
@ -116,9 +114,9 @@ function _notify()
c_bold="\033[1m"
c_reset="\e[0m"
notification_type=$1
notification_msg=$2
notification_format=$3
notification_type=${1}
notification_msg=${2}
notification_format=${3}
msg=""
case "${notification_type}" in
@ -147,7 +145,7 @@ function _notify()
* ) options="-e" ;;
esac
[[ -n "${msg}" ]] && echo $options "${msg}"
[[ -n "${msg}" ]] && echo ${options} "${msg}"
}
export -f _notify
@ -184,7 +182,7 @@ function _populate_relayhost_map()
if ! grep -q -e "^@${domain}\b" /etc/postfix/relayhost_map && ! grep -qs -e "^\s*@${domain}\s*$" /tmp/docker-mailserver/postfix-relaymap.cf
then
_notify 'inf' "Adding relay mapping for ${domain}"
echo "@${domain} [$RELAY_HOST]:$RELAY_PORT" >> /etc/postfix/relayhost_map
echo "@${domain} [${RELAY_HOST}]:${RELAY_PORT}" >> /etc/postfix/relayhost_map
fi
done
}
@ -209,8 +207,8 @@ function _monitored_files_checksums()
postfix-aliases.cf \
dovecot-quotas.cf \
/etc/letsencrypt/acme.json \
"/etc/letsencrypt/live/$HOSTNAME/key.pem" \
"/etc/letsencrypt/live/$HOSTNAME/fullchain.pem"
"/etc/letsencrypt/live/${HOSTNAME}/key.pem" \
"/etc/letsencrypt/live/${HOSTNAME}/fullchain.pem"
)
}
export -f _monitored_files_checksums

36
target/postsrsd-wrapper.sh
View File

@ -2,20 +2,20 @@
# version 0.1.0
function generate_secret()
function _generate_secret()
{
( umask 0077 ; dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 -w0 > "$1" )
( umask 0077 ; dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64 -w0 > "${1}" )
}
if [[ -n $SRS_DOMAINNAME ]]
if [[ -n ${SRS_DOMAINNAME} ]]
then
NEW_DOMAIN_NAME="$SRS_DOMAINNAME"
elif [[ -n $OVERRIDE_HOSTNAME ]]
NEW_DOMAIN_NAME="${SRS_DOMAINNAME}"
elif [[ -n ${OVERRIDE_HOSTNAME} ]]
then
NEW_DOMAIN_NAME="${OVERRIDE_HOSTNAME#*.}"
elif [[ -n $DOMAINNAME ]]
elif [[ -n ${DOMAINNAME} ]]
then
NEW_DOMAIN_NAME="$DOMAINNAME"
NEW_DOMAIN_NAME="${DOMAINNAME}"
else
NEW_DOMAIN_NAME=$(hostname -d)
fi
@ -26,28 +26,28 @@ POSTSRSD_SECRET_FILE='/etc/postsrsd.secret'
POSTSRSD_STATE_DIR='/var/mail-state/etc-postsrsd'
POSTSRSD_STATE_SECRET_FILE="${POSTSRSD_STATE_DIR}/postsrsd.secret"
if [[ -n $SRS_SECRET ]]
if [[ -n ${SRS_SECRET} ]]
then
( umask 0077 ; echo "$SRS_SECRET" | tr ',' '\n' > "$POSTSRSD_SECRET_FILE" )
( umask 0077 ; echo "${SRS_SECRET}" | tr ',' '\n' > "${POSTSRSD_SECRET_FILE}" )
else
if [[ $ONE_DIR -eq 1 ]]
if [[ ${ONE_DIR} -eq 1 ]]
then
if [[ ! -f $POSTSRSD_STATE_SECRET_FILE ]]
if [[ ! -f ${POSTSRSD_STATE_SECRET_FILE} ]]
then
install -d -m 0775 "$POSTSRSD_STATE_DIR"
generate_secret "$POSTSRSD_STATE_SECRET_FILE"
install -d -m 0775 "${POSTSRSD_STATE_DIR}"
_generate_secret "${POSTSRSD_STATE_SECRET_FILE}"
fi
install -m 0400 "$POSTSRSD_STATE_SECRET_FILE" "$POSTSRSD_SECRET_FILE"
elif [[ ! -f $POSTSRSD_SECRET_FILE ]]
install -m 0400 "${POSTSRSD_STATE_SECRET_FILE}" "${POSTSRSD_SECRET_FILE}"
elif [[ ! -f ${POSTSRSD_SECRET_FILE} ]]
then
generate_secret "$POSTSRSD_SECRET_FILE"
_generate_secret "${POSTSRSD_SECRET_FILE}"
fi
fi
if [[ -n $SRS_EXCLUDE_DOMAINS ]]
if [[ -n ${SRS_EXCLUDE_DOMAINS} ]]
then
sed -i -e "s/^#\?SRS_EXCLUDE_DOMAINS=.*$/SRS_EXCLUDE_DOMAINS=$SRS_EXCLUDE_DOMAINS/g" /etc/default/postsrsd
sed -i -e "s/^#\?SRS_EXCLUDE_DOMAINS=.*$/SRS_EXCLUDE_DOMAINS=${SRS_EXCLUDE_DOMAINS}/g" /etc/default/postsrsd
fi
/etc/init.d/postsrsd start