Added folder target, simplified user configuration, few renames... Need to work on tests....

2016-04-12 00:04:33 +02:00 · 2016-04-12 00:04:33 +02:00 · fc2e2ae591
parent ad5536057a
commit fc2e2ae591
32 changed files with 66 additions and 176 deletions
--- a/22
+++ b/22
@ -12,8 +12,8 @@ RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
 # Configures Dovecot
 RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf
-ADD dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
+ADD target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
-ADD dovecot/10-*.conf /etc/dovecot/conf.d/
+ADD target/dovecot/10-*.conf /etc/dovecot/conf.d/
 # Enables Spamassassin and CRON updates
 RUN sed -i -r 's/^(CRON|ENABLED)=0/\1=1/g' /etc/default/spamassassin
@ -31,19 +31,19 @@ RUN freshclam
 # Configure DKIM (opendkim)
 RUN mkdir -p /etc/opendkim/keys
-ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
+ADD target/opendkim/TrustedHosts /etc/opendkim/TrustedHosts
 # DKIM config files
-ADD postfix/opendkim.conf /etc/opendkim.conf
+ADD target/opendkim/opendkim.conf /etc/opendkim.conf
-ADD postfix/default-opendkim /etc/default/opendkim
+ADD target/opendkim/default-opendkim /etc/default/opendkim
 # Configure DMARC (opendmarc)
-ADD postfix/opendmarc.conf /etc/opendmarc.conf
+ADD target/opendmarc/opendmarc.conf /etc/opendmarc.conf
-ADD postfix/default-opendmarc /etc/default/opendmarc
+ADD target/opendmarc/default-opendmarc /etc/default/opendmarc
 # Configures Postfix
-ADD postfix/main.cf /etc/postfix/main.cf
+ADD target/postfix/main.cf /etc/postfix/main.cf
-ADD postfix/master.cf /etc/postfix/master.cf
+ADD target/postfix/master.cf /etc/postfix/master.cf
-ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
+ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
 RUN chmod +x /usr/local/bin/generate-ssl-certificate
 # Get LetsEncrypt signed certificate
@ -51,7 +51,7 @@ RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/s
 RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem
 # Start-mailserver script
-ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
+ADD target/start-mailserver.sh /usr/local/bin/start-mailserver.sh
 RUN chmod +x /usr/local/bin/start-mailserver.sh
 # SMTP ports
--- a/21
+++ b/21
@ -1,21 +0,0 @@
 The MIT License (MIT)
 Copyright (c) 2015 Thomas VIAL
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:
 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/38
+++ b/38
@ -8,15 +8,10 @@ build:
 	docker build --no-cache -t $(NAME) . 
 run:
 	# Copy test files
 	cp test/accounts.cf postfix/
 	cp test/main.cf postfix/
 	cp test/virtual postfix/
 	# Run containers
 	docker run -d --name mail \
-		-v "`pwd`/postfix":/tmp/postfix \
+		-v "`pwd`/test/config":/tmp/docker-mailserver \
-		-v "`pwd`/spamassassin":/tmp/spamassassin \
+		-v "`pwd`/test":/tmp/docker-mailserver/test \
 		-v "`pwd`/test":/tmp/test \
 		-e SA_TAG=1.0 \
 		-e SA_TAG2=2.0 \
 		-e SA_KILL=3.0 \
@ -24,23 +19,20 @@ run:
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_pop3 \
-		-v "`pwd`/postfix":/tmp/postfix \
+		-v "`pwd`/test/config":/tmp/docker-mailserver \
-		-v "`pwd`/spamassassin":/tmp/spamassassin \
+		-v "`pwd`/test":/tmp/docker-mailserver/test \
 		-v "`pwd`/test":/tmp/test \
 		-e ENABLE_POP3=1 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_smtponly \
-		-v "`pwd`/postfix":/tmp/postfix \
+		-v "`pwd`/test/config":/tmp/docker-mailserver \
-		-v "`pwd`/spamassassin":/tmp/spamassassin \
+		-v "`pwd`/test":/tmp/docker-mailserver/test \
 		-v "`pwd`/test":/tmp/test \
 		-e SMTP_ONLY=1 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_fail2ban \
-		-v "`pwd`/postfix":/tmp/postfix \
+		-v "`pwd`/test/config":/tmp/docker-mailserver \
-		-v "`pwd`/spamassassin":/tmp/spamassassin \
+		-v "`pwd`/test":/tmp/docker-mailserver/test \
 		-v "`pwd`/test":/tmp/test \
 		-e ENABLE_FAIL2BAN=1 \
 		-h mail.my-domain.com -t $(NAME)
 	# Wait for containers to fully start
@ -48,12 +40,12 @@ run:
 fixtures:
 	# Sending test mails
-	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt"
+	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/amavis-spam.txt"
-	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt"
+	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/amavis-virus.txt"
-	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt"
+	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-alias-external.txt"
-	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt"
+	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-alias-local.txt"
-	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt"
+	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/existing-user.txt"
-	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/non-existing-user.txt"
+	docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver/test/email-templates/non-existing-user.txt"
 	# Wait for mails to be analyzed
 	sleep 10
@ -62,7 +54,5 @@ tests:
 	./test/bats/bats test/tests.bats
 clean:
 	# Get default files back
 	git checkout postfix/accounts.cf postfix/main.cf postfix/virtual
 	# Remove running test containers
 	docker rm -f mail mail_pop3 mail_smtponly mail_fail2ban
--- a/config/postfix-accounts.cf
+++ b/config/postfix-accounts.cf
--- a/config/postfix-main.cf
+++ b/config/postfix-main.cf
--- a/config/postfix-virtual.cf
+++ b/config/postfix-virtual.cf
--- a/config/spamassassin-rules.cf
+++ b/config/spamassassin-rules.cf
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@ -1,5 +1,6 @@
 mail:
-  image: tvial/docker-mailserver
+  # image: tvial/docker-mailserver
  build: .
  hostname: mail
  domainname: domain.com
  cap_add:
@ -10,6 +11,4 @@ mail:
  - "587:587"
  - "993:993"
  volumes:
-  - ./spamassassin:/tmp/spamassassin/
+  - ./config/:/tmp/docker-mailserver/
  - ./postfix:/tmp/postfix/
  environment:
--- a/postfix/accounts.cf
+++ b/postfix/accounts.cf
@ -1 +0,0 @@
 user@domain.tld|mypassword
--- a/postfix/main.cf
+++ b/postfix/main.cf
@ -1,64 +0,0 @@
 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
 biff = no
 append_dot_mydomain = no
 readme_directory = no
 # Basic configuration
 # myhostname = 
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = 
 relayhost = 
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 inet_protocols = all
 # TLS parameters
 smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 #smtpd_tls_CAfile=
 #smtp_tls_CAfile=
 smtpd_tls_security_level = may
 smtpd_use_tls=yes
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
 smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination
 smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
 smtpd_sender_restrictions = permit_mynetworks
 smtp_tls_security_level = may
 smtp_tls_loglevel = 1
 tls_ssl_options = NO_COMPRESSION
 tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA
 smtpd_tls_protocols=!SSLv2,!SSLv3
 smtp_tls_protocols=!SSLv2,!SSLv3
 smtpd_tls_mandatory_ciphers = high
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL
 # SASL
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_path = private/auth
 smtpd_sasl_type = dovecot
 smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain = $myhostname
 broken_sasl_auth_clients = yes
 # Mail directory
 virtual_mailbox_base = /var/mail
 virtual_mailbox_domains = /etc/postfix/vhost
 virtual_mailbox_maps = hash:/etc/postfix/vmailbox
 virtual_alias_maps = hash:/etc/postfix/virtual
 virtual_uid_maps = static:5000
 virtual_gid_maps = static:5000
 # Additional option for filtering
 content_filter = smtp-amavis:[127.0.0.1]:10024
 # Milters used by DKIM
 milter_protocol = 2
 milter_default_action = accept
 smtpd_milters = inet:localhost:12301,inet:localhost:54321
 non_smtpd_milters = inet:localhost:12301,inet:localhost:54321
--- a/postfix/virtual
+++ b/postfix/virtual
@ -1,7 +0,0 @@
 #
 # ALIAS => from alias@domain.tld (alias) to user@domain.tld (real account), space separated
 # alias@domain.tld user@domain.tld
 #
 # FORWARD => from redirect@domain.tld to a list of internal/external email addresses, space separated
 # redirect@domain.tld otheruser@domain.tld otheruser@otherdomain.tld
 #
--- a/target/bin/generate-ssl-certificate
+++ b/target/bin/generate-ssl-certificate
--- a/target/dovecot/10-auth.conf
+++ b/target/dovecot/10-auth.conf
--- a/target/dovecot/10-logging.conf
+++ b/target/dovecot/10-logging.conf
--- a/target/dovecot/10-mail.conf
+++ b/target/dovecot/10-mail.conf
--- a/target/dovecot/10-master.conf
+++ b/target/dovecot/10-master.conf
--- a/target/dovecot/10-ssl.conf
+++ b/target/dovecot/10-ssl.conf
--- a/target/dovecot/15-mailboxes.conf
+++ b/target/dovecot/15-mailboxes.conf
--- a/target/dovecot/auth-passwdfile.inc
+++ b/target/dovecot/auth-passwdfile.inc
--- a/target/dovecot/dovecot.conf
+++ b/target/dovecot/dovecot.conf
--- a/target/opendkim/TrustedHosts
+++ b/target/opendkim/TrustedHosts
--- a/target/opendkim/default-opendkim
+++ b/target/opendkim/default-opendkim
--- a/target/opendkim/opendkim.conf
+++ b/target/opendkim/opendkim.conf
--- a/target/opendmarc/default-opendmarc
+++ b/target/opendmarc/default-opendmarc
--- a/target/opendmarc/opendmarc.conf
+++ b/target/opendmarc/opendmarc.conf
--- a/target/postfix/main.cf
+++ b/target/postfix/main.cf
--- a/target/postfix/master.cf
+++ b/target/postfix/master.cf
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@ -5,12 +5,15 @@ die () {
  exit 1
 }
-if [ -f /tmp/postfix/accounts.cf ]; then
+#
 # Users
 #
 if [ -f /tmp/docker-mailserver/postfix-accounts.cf ]; then
  echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
-  echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
+  echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox
-  # Checking that /tmp/postfix/accounts.cf ends with a newline
+  # Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
-  sed -i -e '$a\' /tmp/postfix/accounts.cf
+  sed -i -e '$a\' /tmp/docker-mailserver/postfix-accounts.cf
  # Configuring Dovecot
  echo -n > /etc/dovecot/userdb
  chown dovecot:dovecot /etc/dovecot/userdb
@ -24,7 +27,7 @@ if [ -f /tmp/postfix/accounts.cf ]; then
  sed -i -e 's/#ssl = yes/ssl = required/g' /etc/dovecot/conf.d/10-ssl.conf
  # Creating users
-  # pass is encrypted
+  # 'pass' is encrypted
  while IFS=$'|' read login pass
  do
    # Setting variables for better readability
@ -33,9 +36,10 @@ if [ -f /tmp/postfix/accounts.cf ]; then
    # Let's go!
    echo "user '${user}' for domain '${domain}' with password '********'"
    echo "${login} ${domain}/${user}/" >> /etc/postfix/vmailbox
-    # user database for dovecot has the following format:
+    # User database for dovecot has the following format:
    # user:password:uid:gid:(gecos):home:(shell):extra_fields
-    # Example : ${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::userdb_mail=maildir:/var/mail/${domain}/${user}
+    # Example :
    # ${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::userdb_mail=maildir:/var/mail/${domain}/${user}
    echo "${login}:${pass}:5000:5000::/var/mail/${domain}/${user}::" >> /etc/dovecot/userdb
    mkdir -p /var/mail/${domain}
    if [ ! -d "/var/mail/${domain}/${user}" ]; then
@ -50,26 +54,29 @@ if [ -f /tmp/postfix/accounts.cf ]; then
    echo ${domain} >> /tmp/vhost.tmp
  done < /tmp/postfix/accounts.cf
 else
-  echo "==> Warning: '/tmp/postfix/accounts.cf' is not provided. No mail account created."
+  echo "==> Warning: 'config/docker-mailserver/postfix-accounts.cf' is not provided. No mail account created."
 fi
-if [ -f /tmp/postfix/virtual ]; then
+#
 # Aliases
 #
 if [ -f /tmp/docker-mailserver/postfix-virtual.cf ]; then
  # Copying virtual file
-  cp /tmp/postfix/virtual /etc/postfix/virtual
+  cp /tmp/docker-mailserver/postfix-virtual.cf /etc/postfix/virtual
-  while IFS=$' ' read from to
+  while read from to
  do
    # Setting variables for better readability
    uname=$(echo ${from} | cut -d @ -f1)
    domain=$(echo ${from} | cut -d @ -f2)
    # if they are equal it means the line looks like: "user1     other@domain.tld"
-    test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp
+    test "$uname" != "$domain" && echo ${domain} >> /tmp/docker-mailserver/tmp/vhost.tmp
-  done < /tmp/postfix/virtual
+  done < /tmp/docker-mailserver/postfix-virtual.cf
 else
-  echo "==> Warning: '/tmp/postfix/virtual' is not provided. No mail alias created."
+  echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
 fi
-if [ -f /tmp/vhost.tmp ]; then
+if [ -f /tmp/docker-mailserver/tmp/vhost.tmp ]; then
-  cat /tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/vhost.tmp
+  cat /tmp/docker-mailserver/tmp/vhost.tmp | sort | uniq > /etc/postfix/vhost && rm /tmp/docker-mailserver/tmp/vhost.tmp
 fi
 echo "Postfix configurations"
@ -78,9 +85,9 @@ touch /etc/postfix/virtual && postmap /etc/postfix/virtual
 # DKIM
 # Check if keys are already available
-if [ -e "/tmp/postfix/opendkim/KeyTable" ]; then
+if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
  mkdir -p /etc/opendkim
-  cp -a /tmp/postfix/opendkim/* /etc/opendkim/
+  cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
  echo "DKIM keys added for : `ls -C /etc/opendkim/keys/`"
 else 
  grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
@ -214,11 +221,14 @@ case $DMS_SSL in
 esac
-if [ -f /tmp/postfix/main.cf ]; then
+#
 # Override Postfix configuration
 #
 if [ -f /tmp/docker-mailserver/postfix-main.cf ]; then
  while read line; do
    postconf -e "$line"
-  done < /tmp/postfix/main.cf
+  done < /tmp/docker-mailserver/postfix-main.cf
-  echo "Loaded '/tmp/postfix/main.cf'"
+  echo "Loaded 'config/postfix-main.cf'"
 else
  echo "'/tmp/postfix/main.cf' not provided. No extra postfix settings loaded."
 fi
@ -302,7 +312,6 @@ sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/logrotate.d/rsyslog
 echo "Starting daemons"
 cron
 /etc/init.d/rsyslog start
 ##/etc/init.d/saslauthd start
 if [ "$SMTP_ONLY" != 1 ]; then
  # Here we are starting sasl and imap, not pop3 because it's disabled by default
--- a/test/config/postfix-accounts.cf
+++ b/test/config/postfix-accounts.cf
@ -0,0 +1,2 @@
 user1@localhost.localdomain|mypassword
 user2@otherdomain.tld|mypassword
--- a/test/config/postfix-main.cf
+++ b/test/config/postfix-main.cf
@ -0,0 +1,2 @@
 max_idle = 600s
 readme_directory = /tmp
--- a/test/config/postfix-virtual.cf
+++ b/test/config/postfix-virtual.cf
@ -0,0 +1,2 @@
 alias1@localhost.localdomain user1@localhost.localdomain
 alias2@localhost.localdomain external1@otherdomain.tld
--- a/test/tests.bats
+++ b/test/tests.bats
@ -7,11 +7,6 @@
  [ "$status" -eq 0 ]
 }
@test "checking process: saslauthd" {
  run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
  [ "$status" -eq 0 ]
 }
@test "checking process: clamd" {
  run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
  [ "$status" -eq 0 ]
@ -42,22 +37,6 @@
  [ "$status" -eq 0 ]
 }
@test "checking process: courierpop3d (disabled in default configuration)" {
  run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
  [ "$status" -eq 1 ]
 }
@test "checking process: courierpop3d (pop3 server enabled)" {
  run docker exec mail_pop3 /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
  [ "$status" -eq 0 ]
 }
@test "checking process: courierpop3d (disabled using SMTP_ONLY)" {
  run docker exec mail_smtponly /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/courier/courier/courierpop3d'"
  [ "$status" -eq 1 ]
 }
 #
 # imap
 #
		`@ -0,0 +1,2 @@`
							`user1@localhost.localdomain\|mypassword`
							`user2@otherdomain.tld\|mypassword`
		`@ -0,0 +1,2 @@`
							`alias1@localhost.localdomain user1@localhost.localdomain`
							`alias2@localhost.localdomain external1@otherdomain.tld`