From a144f3811c00f8cac8332437f47274a7bbbfb7c1 Mon Sep 17 00:00:00 2001 From: "Thomas A. Kilian" Date: Mon, 17 Apr 2017 18:27:28 +0200 Subject: [PATCH 1/7] Issue 538 (#541) * adapted setup.sh to handle email aliases * added needed scripts for alias management * added integration tests --- .gitignore | 1 + setup.sh | 26 ++++++++++++++++++++++++++ target/bin/addalias | 30 ++++++++++++++++++++++++++++++ target/bin/delalias | 30 ++++++++++++++++++++++++++++++ target/bin/listalias | 13 +++++++++++++ test/tests.bats | 22 ++++++++++++++++++++++ 6 files changed, 122 insertions(+) create mode 100755 target/bin/addalias create mode 100755 target/bin/delalias create mode 100755 target/bin/listalias diff --git a/.gitignore b/.gitignore index bc5326d5..7f72b1bb 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ test/config/without-virtual/ test/config/postfix-accounts.cf test/config/letsencrypt/mail.my-domain.com/combined.pem test/onedir +config/opendkim/ diff --git a/setup.sh b/setup.sh index 40e29ead..3de6ae86 100755 --- a/setup.sh +++ b/setup.sh @@ -47,6 +47,11 @@ SUBCOMMANDS: $0 email del $0 email list + alias: + $0 alias add + $0 alias del + $0 alias list + config: $0 config dkim @@ -133,6 +138,27 @@ case $1 in esac ;; + alias) + shift + case $1 in + add) + shift + _docker_image addalias $@ + ;; + del) + shift + _docker_image delalias $@ + ;; + list) + shift + _docker_image listalias $@ + ;; + *) + _usage + ;; + esac + ;; + config) shift case $1 in diff --git a/target/bin/addalias b/target/bin/addalias new file mode 100755 index 00000000..f25d05d1 --- /dev/null +++ b/target/bin/addalias @@ -0,0 +1,30 @@ +#! /bin/bash + +DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-virtual.cf} + +EMAIL="$1" +RECIPIENT="$2" + +usage() { + echo "Usage: addalias " +} + +errex() { + echo "$@" 1>&2 + exit 1 +} + +escape() { + echo "${1//./\\.}" +} + +[ -z "$EMAIL" ] && { usage; errex "no email specified"; } + +grep -qi "^$(escape $EMAIL)[a-zA-Z@.\ ]*$(escape $RECIPIENT)" $DATABASE 2>/dev/null && + errex "Alias \"$EMAIL $RECIPIENT\" already exists" + +if grep -qi "^$(escape $EMAIL)" $DATABASE 2>/dev/null; then + sed -i "/$EMAIL/s/$/ $RECIPIENT,/" $DATABASE + else + echo "$EMAIL $RECIPIENT," >> $DATABASE +fi diff --git a/target/bin/delalias b/target/bin/delalias new file mode 100755 index 00000000..33fed3ec --- /dev/null +++ b/target/bin/delalias @@ -0,0 +1,30 @@ +#! /bin/bash + +DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-virtual.cf} + +EMAIL="$1" +RECIPIENT="$2" + +usage() { + echo "Usage: delalias " +} + +errex() { + echo "$@" 1>&2 + exit 1 +} + +escape() { + echo "${1//./\\.}" +} + +[ -z "$EMAIL" ] || [ -z "$RECIPIENT" ] && { usage; errex "No email specifed"; } +[ -s "$DATABASE" ] || exit 0 + +CNT=$(grep "^$EMAIL" $DATABASE | wc -w | awk '{print $1}') + +if [[ $CNT -eq 2 ]]; then + sed -i "/^$EMAIL/d" $DATABASE + else + sed -i "/^$EMAIL/s/ $RECIPIENT,//g" $DATABASE +fi diff --git a/target/bin/listalias b/target/bin/listalias new file mode 100755 index 00000000..4db49e85 --- /dev/null +++ b/target/bin/listalias @@ -0,0 +1,13 @@ +#! /bin/bash + +DATABASE=${DATABASE:-/tmp/docker-mailserver/postfix-virtual.cf} + +errex() { + echo "$@" 1>&2 + exit 1 +} + +[ -f $DATABASE ] || errex "No postfix-virtual.cf file" +[ -s $DATABASE ] || errex "Empty postfix-virtual.cf - no aliases have been added" + +cat $DATABASE diff --git a/test/tests.bats b/test/tests.bats index e166b77d..77369d29 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -936,6 +936,28 @@ load 'test_helper/bats-assert/load' [ -z "$value" ] } +# alias +@test "checking setup.sh: setup.sh alias list" { + echo "test@example.org test@forward.com" > ./config/postfix-virtual.cf + run ./setup.sh -c mail alias list + assert_success +} +@test "checking setup.sh: setup.sh alias add" { + echo "" > ./config/postfix-virtual.cf + ./setup.sh -c mail alias add test1@example.org test1@forward.com + ./setup.sh -c mail alias add test1@example.org test2@forward.com + + run /bin/sh -c 'cat ./config/postfix-virtual.cf | grep "test1@example.org test1@forward.com, test2@forward.com," | wc -l | grep 1' + assert_success +} +@test "checking setup.sh: setup.sh alias del" { + echo 'test1@example.org test1@forward.com, test2@forward.com,' > ./config/postfix-virtual.cf + ./setup.sh -c mail alias del test1@example.org test1@forward.com + ./setup.sh -c mail alias del test1@example.org test2@forward.com + run cat ./config/postfix-virtual.cf | wc -l | grep 0 + assert_success +} + # config @test "checking setup.sh: setup.sh config dkim" { run ./setup.sh -c mail config dkim From 4e842c75f837f9875788370e1a2bba2d9080628a Mon Sep 17 00:00:00 2001 From: Arne Kepp Date: Mon, 17 Apr 2017 18:30:04 +0200 Subject: [PATCH 2/7] Mention submodule dependency (#573) Mention that the integration tests will not work unless you manually initialize and update submodules --- CONTRIBUTING.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 41768cfd..0d5a9ca1 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -23,6 +23,7 @@ The development workflow is the following: - Fork project and clone your fork - Create a branch using `git checkout -b branch_name` (you can use `issue-xxx` if fixing an existing issue) +- Run `git submodule init` and `git submodule update` to get the BATS submodules - Code :-) - Add integration tests in `test/tests.bats` - Use `make` to build image locally and run tests From 62f6fbbaae340c658113bfe410ebc194e2b306d6 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 18 Apr 2017 14:18:42 +0200 Subject: [PATCH 3/7] Fixes #496 enabling all domains to get spam headers and spam checks (#563) * Fixes #496 enabling all domains to get spam headers and spam checks (integration tests included) --- Dockerfile | 3 ++- Makefile | 11 ++++++----- target/amavis/conf.d/60-dms_default_config | 7 +++++++ target/start-mailserver.sh | 2 +- .../{existing-user.txt => existing-user1.txt} | 0 test/email-templates/existing-user2.txt | 12 ++++++++++++ test/tests.bats | 12 ++++++++++-- 7 files changed, 38 insertions(+), 9 deletions(-) create mode 100644 target/amavis/conf.d/60-dms_default_config rename test/email-templates/{existing-user.txt => existing-user1.txt} (100%) create mode 100644 test/email-templates/existing-user2.txt diff --git a/Dockerfile b/Dockerfile index 8ac2e2bb..1a0a4a91 100644 --- a/Dockerfile +++ b/Dockerfile @@ -77,7 +77,7 @@ COPY target/postfix/ldap-users.cf target/postfix/ldap-groups.cf target/postfix/l # Enables Spamassassin CRON updates RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin -#Enables Postgrey +# Enables Postgrey COPY target/postgrey/postgrey /etc/default/postgrey COPY target/postgrey/postgrey.init /etc/init.d/postgrey RUN chmod 755 /etc/init.d/postgrey @@ -86,6 +86,7 @@ RUN chown postgrey:postgrey /var/run/postgrey # Enables Amavis RUN sed -i -r 's/#(@| \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_filter_mode +COPY target/amavis/conf.d/60-dms_default_config /etc/amavis/conf.d/ RUN adduser clamav amavis && adduser amavis clamav RUN useradd -u 5000 -d /home/docker -s /bin/bash -p $(echo docker | openssl passwd -1 -stdin) docker RUN (echo "0 4 * * * /usr/local/bin/virus-wiper" ; crontab -l) | crontab - diff --git a/Makefile b/Makefile index cccb1c89..f96fb710 100644 --- a/Makefile +++ b/Makefile @@ -24,7 +24,7 @@ run: -v "`pwd`/test/onedir":/var/mail-state \ -e ENABLE_CLAMAV=1 \ -e ENABLE_SPAMASSASSIN=1 \ - -e SA_TAG=1.0 \ + -e SA_TAG=-5.0 \ -e SA_TAG2=2.0 \ -e SA_KILL=3.0 \ -e VIRUSMAILS_DELETE_DELAY=7 \ @@ -150,18 +150,19 @@ fixtures: docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-external.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-recipient-delimiter.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user2.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user-and-cc-local-alias.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-external.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-catchall-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt" - docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt" + docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" # postfix virtual transport lmtp - docker exec mail_lmtp_ip /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt" + docker exec mail_lmtp_ip /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" - docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt" + docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" # Wait for mails to be analyzed sleep 20 diff --git a/target/amavis/conf.d/60-dms_default_config b/target/amavis/conf.d/60-dms_default_config new file mode 100644 index 00000000..e5b71e2f --- /dev/null +++ b/target/amavis/conf.d/60-dms_default_config @@ -0,0 +1,7 @@ +use strict; + +@local_domains_maps = ( + read_hash('/etc/postfix/vhost') +); + +1; # ensure a defined return diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 7d4faaab..6a725874 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -860,7 +860,7 @@ function _setup_security_stack() { notify 'task' "Setting up Security Stack" # recreate auto-generated file - dms_amavis_file="/etc/amavis/conf.d/51-dms_auto_generated" + dms_amavis_file="/etc/amavis/conf.d/61-dms_auto_generated" echo "# WARNING: this file is auto-generated." > $dms_amavis_file echo "use strict;" >> $dms_amavis_file diff --git a/test/email-templates/existing-user.txt b/test/email-templates/existing-user1.txt similarity index 100% rename from test/email-templates/existing-user.txt rename to test/email-templates/existing-user1.txt diff --git a/test/email-templates/existing-user2.txt b/test/email-templates/existing-user2.txt new file mode 100644 index 00000000..eb75c7fe --- /dev/null +++ b/test/email-templates/existing-user2.txt @@ -0,0 +1,12 @@ +HELO mail.external.tld +MAIL FROM: user@external.tld +RCPT TO: user2@otherdomain.tld +DATA +From: Docker Mail Server +To: Existing Local User +Date: Sat, 22 May 2010 07:43:25 -0400 +Subject: Test Message +This is a test mail. + +. +QUIT diff --git a/test/tests.bats b/test/tests.bats index 77369d29..39fd6efa 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -271,7 +271,7 @@ load 'test_helper/bats-assert/load' @test "checking smtp: delivers mail to existing account" { run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l" assert_success - assert_output 7 + assert_output 8 } @test "checking smtp: delivers mail to existing alias" { @@ -414,7 +414,7 @@ load 'test_helper/bats-assert/load' } @test "checking spamassassin: docker env variables are set correctly (custom)" { - run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 1.0'" + run docker exec mail /bin/sh -c "grep '\$sa_tag_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= -5.0'" assert_success run docker exec mail /bin/sh -c "grep '\$sa_tag2_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 2.0'" assert_success @@ -422,6 +422,14 @@ load 'test_helper/bats-assert/load' assert_success } +@test "checking spamassassin: all registered domains should see spam headers" { + run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/localhost.localdomain/user1/new" + assert_success + run docker exec mail /bin/sh -c "grep -ir 'X-Spam-' /var/mail/otherdomain.tld/user2/new" + assert_success +} + + # # clamav # From 26992bb66fa19c94169e726371fe86e16b0d6a46 Mon Sep 17 00:00:00 2001 From: alinmear Date: Wed, 26 Apr 2017 14:56:09 +0200 Subject: [PATCH 4/7] #503 (#522) * Add method overwrite_config() This method takes 2 arguments: 1.) Environment Variable Prefix 2.) String of files separated by whitespace e.g. export LDAP_SEARCH_BASE=dc=domain,dc=loc export LDAP_BIND_PW=test overwrite_config "LDAP_" "/etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf" Logic: + all env vars will be search for vars with the prefix LDAP_ + afterwards they will be dissembled in key value pairs LDAP_BIND_PW=test --> bind_pw test + the key and value will be substituted within the provided files via sed * Fix #503 added logic for custom configs provided at container provisioning within /tmp/docker-mailserver * Add additional unit tests for postfix ldap integration * check custom configs copied * check environment variables substituted * Fix quoting problems in tests.bats * Fix missing brackets in function _fix_var_amavis_permissions() * Fix typo in _setup_ldap * Fix notify in overwrite_config * Fix typo * Fix added dovecot ldap config provisioning again and Add notify for tasks --- target/start-mailserver.sh | 64 +++++++++++++++++++++++++++++++++---- test/config/ldap-aliases.cf | 9 ++++++ test/config/ldap-groups.cf | 9 ++++++ test/config/ldap-users.cf | 9 ++++++ test/tests.bats | 33 +++++++++++++++++++ 5 files changed, 117 insertions(+), 7 deletions(-) create mode 100644 test/config/ldap-aliases.cf create mode 100644 test/config/ldap-groups.cf create mode 100644 test/config/ldap-users.cf diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 6a725874..b6103e93 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -316,6 +316,50 @@ function display_startup_daemon() { return $res } +function override_config() { + notify "task" "Starting do do overrides" + + declare -A config_overrides + + _env_variable_prefix=$1 + [ -z ${_env_variable_prefix} ] && return 1 + + + IFS=" " read -r -a _config_files <<< $2 + + # dispatch env variables + for env_variable in $(printenv | grep $_env_variable_prefix);do + # get key + # IFS not working because values like ldap_query_filter or search base consists of several '=' + # IFS="=" read -r -a __values <<< $env_variable + # key="${__values[0]}" + # value="${__values[1]}" + key=$(echo $env_variable | cut -d "=" -f1) + key=${key#"${_env_variable_prefix}"} + # make key lowercase + key=${key,,} + # get value + value=$(echo $env_variable | cut -d "=" -f2-) + + config_overrides[$key]=$value + done + + for f in "${_config_files[@]}" + do + if [ ! -f "${f}" ];then + echo "Can not find ${f}. Skipping override" + else + for key in ${!config_overrides[@]} + do + [ -z $key ] && echo -e "\t no key provided" && return 1 + + sed -i -e "s|^${key}[[:space:]]\+.*|${key} = "${config_overrides[$key]}'|g' \ + ${f} + done + fi + done +} + # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # ! CARE --> DON'T CHANGE, except you know exactly what you are doing # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! @@ -497,21 +541,27 @@ function _setup_dovecot_local_user() { function _setup_ldap() { notify 'task' 'Setting up Ldap' + + notify 'inf' 'Checking for custom configs' + # cp config files if in place for i in 'users' 'groups' 'aliases'; do - sed -i -e 's|^server_host.*|server_host = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ - -e 's|^search_base.*|search_base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ - -e 's|^bind_dn.*|bind_dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ - -e 's|^bind_pw.*|bind_pw = '${LDAP_BIND_PW:="admin"}'|g' \ - /etc/postfix/ldap-${i}.cf + fpath="/tmp/docker-mailserver/ldap-${i}.cf" + if [ -f $fpath ]; then + cp ${fpath} /etc/postfix/ldap-${i}.cf + fi done + notify 'inf' 'Starting to override configs' + override_config "LDAP_" "/etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf" + + # @TODO: Environment Variables for DOVECOT ldap integration to configure for better control notify 'inf' "Configuring dovecot LDAP authentification" sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ -e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \ /etc/dovecot/dovecot-ldap.conf.ext - + # Add domainname to vhost. echo $DOMAINNAME >> /tmp/vhost.tmp @@ -962,7 +1012,7 @@ function _fix_var_mail_permissions() { } function _fix_var_amavis_permissions() { - if [ "$ONE_DIR" -eq 0 ]; then + if [[ "$ONE_DIR" -eq 0 ]]; then amavis_state_dir=/var/lib/amavis else amavis_state_dir=/var/mail-state/lib-amavis diff --git a/test/config/ldap-aliases.cf b/test/config/ldap-aliases.cf new file mode 100644 index 00000000..f51f2d08 --- /dev/null +++ b/test/config/ldap-aliases.cf @@ -0,0 +1,9 @@ +# Testconfig for ldap integration +bind = yes +bind_dn = cn=admin,dc=domain,dc=com +bind_pw = admin +query_filter = (&(mailAlias=%s)(mailEnabled=TRUE)) +result_attribute = mail +search_base = ou=people,dc=domain,dc=com +server_host = mail.domain.com +version = 3 diff --git a/test/config/ldap-groups.cf b/test/config/ldap-groups.cf new file mode 100644 index 00000000..b51d96c6 --- /dev/null +++ b/test/config/ldap-groups.cf @@ -0,0 +1,9 @@ +# Testconfig for ldap integration +bind = yes +bind_dn = cn=admin,dc=domain,dc=com +bind_pw = admin +query_filter = (&(mailGroupMember=%s)(mailEnabled=TRUE)) +result_attribute = mail +search_base = ou=people,dc=domain,dc=com +server_host = mail.domain.com +version = 3 diff --git a/test/config/ldap-users.cf b/test/config/ldap-users.cf new file mode 100644 index 00000000..fa915ccb --- /dev/null +++ b/test/config/ldap-users.cf @@ -0,0 +1,9 @@ +# Testconfig for ldap integration +bind = yes +bind_dn = cn=admin,dc=domain,dc=com +bind_pw = admin +query_filter = (&(mail=%s)(mailEnabled=TRUE)) +result_attribute = mail +search_base = ou=people,dc=domain,dc=com +server_host = mail.domain.com +version = 3 diff --git a/test/tests.bats b/test/tests.bats index 39fd6efa..e4199259 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -1012,6 +1012,38 @@ load 'test_helper/bats-assert/load' assert_output "some.user@localhost.localdomain" } +@test "checking postfix: ldap custom config files copied" { + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf" + assert_success +} + +@test "checking postfix: ldap config overwrites success" { + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" + assert_success + + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" + assert_success + + run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" + assert_success + run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" + assert_success +} + # dovecot @test "checking dovecot: ldap imap connection and authentication works" { run docker exec mail_with_ldap /bin/sh -c "nc -w 1 0.0.0.0 143 < /tmp/docker-mailserver-test/auth/imap-ldap-auth.txt" @@ -1037,6 +1069,7 @@ load 'test_helper/bats-assert/load' assert_success } + # # RIMAP # From 50ac2bdc0760690087967010fcf6d2de3c6333f9 Mon Sep 17 00:00:00 2001 From: alinmear Date: Wed, 26 Apr 2017 14:56:33 +0200 Subject: [PATCH 5/7] Fix #526: fatal: no SASL authentication mechanisms (#556) * Fix #526: fatal: no SASL authentication mechanisms When using the container with SMTP_ONLY = 1, then the container fails on ehlo because there is no valid sasl authentication mechanism available. This happens because sasl has been enabled within postfix/main.cf per default but sasl is not configured. To fix this _setup_postfix_sasl does not depend anymore on ENABLE_SASLAUTHD and will check in it's logic, whether to enable sasl or not within postfix/main.cf. * Fix #526: fatal: no SASL authentication mechanisms When using the container with SMTP_ONLY = 1, then the container fails on ehlo because there is no valid sasl authentication mechanism available. This happens because sasl has been enabled within postfix/main.cf per default but sasl is not configured. To fix this _setup_postfix_sasl does not depend anymore on ENABLE_SASLAUTHD and will check in it's logic, whether to enable sasl or not within postfix/main.cf. * Fix test --- target/start-mailserver.sh | 14 ++++++++++++-- test/email-templates/smtp-only.txt | 8 ++++++++ test/tests.bats | 13 +++++++++++++ 3 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 test/email-templates/smtp-only.txt diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index b6103e93..252986de 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -90,7 +90,6 @@ function register_functions() { if [ "$ENABLE_SASLAUTHD" = 1 ];then _register_setup_function "_setup_saslauthd" - _register_setup_function "_setup_postfix_sasl" fi if [ "$ENABLE_POSTGREY" = 1 ];then @@ -107,6 +106,7 @@ function register_functions() { _register_setup_function "_setup_postfix_hostname" _register_setup_function "_setup_dovecot_hostname" + _register_setup_function "_setup_postfix_sasl" _register_setup_function "_setup_postfix_override_configuration" _register_setup_function "_setup_postfix_sasl_password" _register_setup_function "_setup_security_stack" @@ -595,11 +595,21 @@ function _setup_postgrey() { function _setup_postfix_sasl() { + if [[ ${ENABLE_SASLAUTHD} == 1 ]];then [ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF pwcheck_method: saslauthd mech_list: plain login EOF - return 0 + fi + + # cyrus sasl or dovecot sasl + if [[ ${ENABLE_SASLAUTHD} == 1 ]] || [[ ${SMTP_ONLY} == 0 ]];then + sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = yes|g' /etc/postfix/main.cf + else + sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = no|g' /etc/postfix/main.cf + fi + + return 0 } function _setup_saslauthd() { diff --git a/test/email-templates/smtp-only.txt b/test/email-templates/smtp-only.txt new file mode 100644 index 00000000..220ace15 --- /dev/null +++ b/test/email-templates/smtp-only.txt @@ -0,0 +1,8 @@ +HELO mail.localhost +MAIL FROM: test@localhost +RCPT TO: user2@external.tld +DATA +This is a test mail. + +. +QUIT diff --git a/test/tests.bats b/test/tests.bats index e4199259..18240d92 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -331,6 +331,19 @@ load 'test_helper/bats-assert/load' assert_output 1 } +@test "checking smtp_only: mail send should work" { + run docker exec mail_smtponly /bin/sh -c "postconf -e smtp_host_lookup=no" + assert_success + run docker exec mail_smtponly /bin/sh -c "/etc/init.d/postfix reload" + assert_success + run docker exec mail_smtponly /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/smtp-only.txt" + assert_success + run docker exec mail_smtponly /bin/sh -c 'grep -cE "to=.*status\=sent" /var/log/mail/mail.log' + [ "$status" -ge 0 ] +} + + + # # accounts # From 95d33750105347edc80f8d12b5c6d97e833c6be0 Mon Sep 17 00:00:00 2001 From: "Thomas A. Kilian" Date: Thu, 27 Apr 2017 17:59:28 +0200 Subject: [PATCH 6/7] Upgrade to 16.04 (#571) * Upgrade to ubuntu:16.04 --- Dockerfile | 12 ++++++++---- Makefile | 2 +- target/fail2ban/jail.conf | 26 -------------------------- test/tests.bats | 12 ++++++------ 4 files changed, 15 insertions(+), 37 deletions(-) diff --git a/Dockerfile b/Dockerfile index 1a0a4a91..0c021ea0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:14.04 +FROM ubuntu:16.04 MAINTAINER Thomas VIAL ENV DEBIAN_FRONTEND noninteractive @@ -6,12 +6,16 @@ ENV VIRUSMAILS_DELETE_DELAY=7 ENV ONE_DIR=0 # Packages +RUN apt-get update -q --fix-missing && \ + apt-get -y upgrade && \ + apt-get -y install postfix RUN apt-get update -q --fix-missing && \ apt-get -y upgrade && \ apt-get -y install --no-install-recommends \ amavisd-new \ arj \ bzip2 \ + ca-certificates \ clamav \ clamav-daemon \ curl \ @@ -29,14 +33,15 @@ RUN apt-get update -q --fix-missing && \ gamin \ gzip \ iptables \ + locales \ libmail-spf-perl \ libnet-dns-perl \ libsasl2-modules \ + netcat-openbsd \ opendkim \ opendkim-tools \ opendmarc \ p7zip \ - postfix \ postfix-ldap \ postfix-policyd-spf-python \ pyzor \ @@ -47,8 +52,6 @@ RUN apt-get update -q --fix-missing && \ postgrey \ unzip \ && \ - curl -sk http://neuro.debian.net/lists/trusty.de-m.libre > /etc/apt/sources.list.d/neurodebian.sources.list && \ - apt-key adv --recv-keys --keyserver hkp://pgp.mit.edu:80 0xA5D32F012649A5A9 && \ curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \ echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \ apt-get update -q --fix-missing && apt-get -y upgrade fail2ban filebeat && \ @@ -69,6 +72,7 @@ RUN sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDR RUN sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf COPY target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/ COPY target/dovecot/??-*.conf /etc/dovecot/conf.d/ +RUN cd /usr/share/dovecot && ./mkcert.sh # Configures LDAP COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot diff --git a/Makefile b/Makefile index f96fb710..286fe70b 100644 --- a/Makefile +++ b/Makefile @@ -56,7 +56,7 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -e PERMIT_DOCKER=network \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ - -h unknown.domain.tld \ + -h mail.my-domain.com \ -t $(NAME) sleep 15 docker run -d --name mail_fail2ban \ diff --git a/target/fail2ban/jail.conf b/target/fail2ban/jail.conf index 6da04a58..ec08e5c8 100644 --- a/target/fail2ban/jail.conf +++ b/target/fail2ban/jail.conf @@ -224,7 +224,6 @@ action = %(action_)s port = ssh logpath = %(sshd_log)s -backend = %(sshd_backend)s [sshd-ddos] @@ -233,14 +232,12 @@ backend = %(sshd_backend)s # in the body. port = ssh logpath = %(sshd_log)s -backend = %(sshd_backend)s [dropbear] port = ssh logpath = %(dropbear_log)s -backend = %(dropbear_backend)s [selinux-ssh] @@ -419,7 +416,6 @@ port = http,https port = http,https logpath = %(syslog_daemon)s -backend = %(syslog_backend)s [guacamole] @@ -436,14 +432,12 @@ logpath = /var/log/monit port = 10000 logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s [froxlor-auth] port = http,https logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s # @@ -472,28 +466,24 @@ logpath = /var/log/3proxy.log port = ftp,ftp-data,ftps,ftps-data logpath = %(proftpd_log)s -backend = %(proftpd_backend)s [pure-ftpd] port = ftp,ftp-data,ftps,ftps-data logpath = %(pureftpd_log)s -backend = %(pureftpd_backend)s [gssftpd] port = ftp,ftp-data,ftps,ftps-data logpath = %(syslog_daemon)s -backend = %(syslog_backend)s [wuftpd] port = ftp,ftp-data,ftps,ftps-data logpath = %(wuftpd_log)s -backend = %(wuftpd_backend)s [vsftpd] @@ -520,14 +510,12 @@ logpath = /root/path/to/assp/logs/maillog.txt port = smtp,465,submission logpath = %(syslog_mail)s -backend = %(syslog_backend)s [postfix] port = smtp,465,submission logpath = /var/log/mail/mail.log -backend = %(postfix_backend)s enabled = true @@ -535,7 +523,6 @@ enabled = true port = smtp,465,submission logpath = %(postfix_log)s -backend = %(postfix_backend)s maxretry = 1 @@ -543,14 +530,12 @@ maxretry = 1 port = submission,465,smtp logpath = %(syslog_mail)s -backend = %(syslog_backend)s [sendmail-reject] port = smtp,465,submission logpath = %(syslog_mail)s -backend = %(syslog_backend)s [qmail-rbl] @@ -566,7 +551,6 @@ logpath = /service/qmail/log/main/current port = pop3,pop3s,imap,imaps,submission,465,sieve logpath = /var/log/mail/mail.log -backend = %(dovecot_backend)s enabled = true @@ -574,7 +558,6 @@ enabled = true port = smtp,465,submission logpath = %(dovecot_log)s -backend = %(dovecot_backend)s [solid-pop3d] @@ -610,7 +593,6 @@ logpath = /opt/kerio/mailserver/store/logs/security.log port = smtp,465,submission,imap3,imaps,pop3,pop3s logpath = %(syslog_mail)s -backend = %(syslog_backend)s [postfix-sasl] @@ -620,7 +602,6 @@ port = smtp,465,submission,imap3,imaps,pop3,pop3s # running postfix since it would provide the same log lines at the # "warn" level but overall at the smaller filesize. logpath = /var/log/mail/mail.log -backend = %(postfix_backend)s enabled = true @@ -628,7 +609,6 @@ enabled = true port = imap3,imaps,pop3,pop3s logpath = %(syslog_mail)s -backend = %(syslog_backend)s [squirrelmail] @@ -641,14 +621,12 @@ logpath = /var/lib/squirrelmail/prefs/squirrelmail_access_log port = imap3,imaps logpath = %(syslog_mail)s -backend = %(syslog_backend)s [uwimap-auth] port = imap3,imaps logpath = %(syslog_mail)s -backend = %(syslog_backend)s # @@ -730,7 +708,6 @@ maxretry = 10 port = 3306 logpath = %(mysql_log)s -backend = %(mysql_backend)s # Jail for more extended banning of persistent abusers @@ -755,14 +732,12 @@ findtime = 86400 ; 1 day # pam-generic filter can be customized to monitor specific subset of 'tty's banaction = %(banaction_allports)s logpath = %(syslog_authpriv)s -backend = %(syslog_backend)s [xinetd-fail] banaction = iptables-multiport-log logpath = %(syslog_daemon)s -backend = %(syslog_backend)s maxretry = 2 @@ -792,7 +767,6 @@ action = %(banaction)s[name=%(__name__)s-tcp, port="%(tcpport)s", protocol="tcp [nagios] logpath = %(syslog_daemon)s ; nrpe.cfg may define a different log_facility -backend = %(syslog_backend)s maxretry = 1 diff --git a/test/tests.bats b/test/tests.bats index 18240d92..27dbc56f 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -15,7 +15,7 @@ load 'test_helper/bats-assert/load' } @test "checking configuration: hostname/domainname override: check container hostname is applied correctly" { - run docker exec mail_override_hostname /bin/bash -c "hostname | grep unknown.domain.tld" + run docker exec mail_override_hostname /bin/bash -c "hostname | grep mail.my-domain.com" assert_success } @@ -57,7 +57,7 @@ load 'test_helper/bats-assert/load' # @test "checking process: postfix" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/postfix/master'" + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/lib/postfix/sbin/master'" assert_success } @@ -82,12 +82,12 @@ load 'test_helper/bats-assert/load' } @test "checking process: fail2ban (disabled in default configuration)" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" assert_failure } @test "checking process: fail2ban (fail2ban server enabled)" { - run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python /usr/bin/fail2ban-server'" + run docker exec mail_fail2ban /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'" assert_success } @@ -121,7 +121,7 @@ load 'test_helper/bats-assert/load' # @test "checking process: postgrey (disabled in default configuration)" { - run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/postgrey'" + run docker exec mail /bin/bash -c "ps aux --forest | grep -v grep | grep 'postgrey'" assert_failure } @@ -141,7 +141,7 @@ load 'test_helper/bats-assert/load' } @test "checking process: postgrey (postgrey server enabled)" { - run docker exec mail_with_postgrey /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/postgrey'" + run docker exec mail_with_postgrey /bin/bash -c "ps aux --forest | grep -v grep | grep 'postgrey'" assert_success } From feff849d624d4da8033beb52a69cf10bddf8d57e Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Thu, 27 Apr 2017 18:01:26 +0200 Subject: [PATCH 7/7] Changed README to :latest tag --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7431112d..22e981ea 100644 --- a/README.md +++ b/README.md @@ -49,7 +49,7 @@ version: '2' services: mail: - image: tvial/docker-mailserver:2.1 + image: tvial/docker-mailserver:latest hostname: mail domainname: domain.com container_name: mail