Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improved start-mailserver output

This commit is contained in:
Thomas VIAL 2016-12-22 18:29:02 +01:00
parent 83c0095e00
commit 13a22552a1
No known key found for this signature in database
GPG Key ID: 0394CEE552FAFEFC
2 changed files with 118 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -93,6 +93,11 @@ Please check [how the container starts](https://github.com/tomav/docker-mailserv
Value in **bold** is the default value. Value in **bold** is the default value.
##### DMS_DEBUG
- **empty** (0) => Debug disabled
- 1 => Enables debug on startup
##### ENABLE_POP3 ##### ENABLE_POP3
- **empty** => POP3 service disabled - **empty** => POP3 service disabled

178
target/start-mailserver.sh
View File

@ -8,6 +8,7 @@
########################################################################## ##########################################################################
declare -A DEFAULT_VARS declare -A DEFAULT_VARS
DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}" DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}"
########################################################################## ##########################################################################
# << DEFAULT VARS # << DEFAULT VARS
########################################################################## ##########################################################################
@ -34,7 +35,8 @@ DEFAULT_VARS["VIRUSMAILS_DELETE_DELAY"]="${VIRUSMAILS_DELETE_DELAY:="7"}"
# Implement them in the section-group: {check,setup,fix,start} # Implement them in the section-group: {check,setup,fix,start}
########################################################################## ##########################################################################
function register_functions() { function register_functions() {
notify 'taskgrp' 'Registering check,setup,fix,misc and start-daemons functions' notify 'taskgrp' 'Initializing setup'
notify 'task' 'Registering check,setup,fix,misc and start-daemons functions'
################### >> check funcs ################### >> check funcs
@ -75,7 +77,10 @@ function register_functions() {
_register_setup_function "_setup_security_stack" _register_setup_function "_setup_security_stack"
_register_setup_function "_setup_postfix_aliases" _register_setup_function "_setup_postfix_aliases"
_register_setup_function "_setup_postfix_vhost" _register_setup_function "_setup_postfix_vhost"
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
_register_setup_function "_setup_postfix_relay_amazon_ses" _register_setup_function "_setup_postfix_relay_amazon_ses"
fi
################### << setup funcs ################### << setup funcs
@ -191,31 +196,37 @@ function _register_misc_function() {
function notify () { function notify () {
c_red="\e[0;31m" c_red="\e[0;31m"
c_green="\e[0;32m" c_green="\e[0;32m"
c_brown="\e[0;33m"
c_blue="\e[0;34m" c_blue="\e[0;34m"
c_bold="\033[1m" c_bold="\033[1m"
c_reset="\e[0m" c_reset="\e[0m"
notification_type=$1 notification_type=$1
notification_msg=$2 notification_msg=$2
msg=""
case "${notification_type}" in case "${notification_type}" in
'inf') 'inf')
if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
msg="${c_green} * ${c_reset}${notification_msg}" msg="${c_green} * ${c_reset}${notification_msg}"
fi
;; ;;
'err') 'err')
msg="${c_red} * ${c_reset}${notification_msg}" msg="${c_red} * ${c_reset}${notification_msg}"
;; ;;
'warn') 'warn')
msg="${c_blue} * ${c_reset}${notification_msg}" msg="${c_brown} * Warning => ${notification_msg}"
;; ;;
'task') 'task')
msg=" >>>> ${notification_msg}" if [[ ${DEFAULT_VARS["DMS_DEBUG"]} == 1 ]]; then
msg="${notification_msg}"
fi
;; ;;
'taskgrp') 'taskgrp')
msg="${c_bold}${notification_msg}${c_reset}" msg="${c_bold}${notification_msg}${c_reset}"
;; ;;
'fatal') 'fatal')
msg="${c_bold} >>>> ${notification_msg} <<<<${c_reset}" msg="${c_red}Error: ${notification_msg}${c_red}"
;; ;;
*) *)
msg="" msg=""
@ -243,21 +254,21 @@ function defunc() {
# Description: Place functions for initial check of container sanity # Description: Place functions for initial check of container sanity
########################################################################## ##########################################################################
function check() { function check() {
notify 'taskgrp' 'Checking configuration sanity:' notify 'taskgrp' 'Checking configuration'
for _func in "${FUNCS_CHECK[@]}";do for _func in "${FUNCS_CHECK[@]}";do
$_func $_func
[ $? != 0 ] && defunc # [ $? != 0 ] && defunc
done done
} }
function _check_hostname() { function _check_hostname() {
notify "task" "Check that hostname/domainname is provided (no default docker hostname) [$FUNCNAME]" notify "task" "Check that hostname/domainname is provided (no default docker hostname) [$FUNCNAME]"
if ( ! echo $(hostname) | grep -E '^(\S+[.]\S+)$' ); then if ( ! echo $(hostname) | grep -E '^(\S+[.]\S+)$' > /dev/null ); then
notify 'err' "Setting hostname/domainname is required" notify 'err' "Setting hostname/domainname is required"
return 1 return 1
else else
notify 'inf' "Hostname has been set" notify 'inf' "Hostname has been set to $(hostname)"
return 0 return 0
fi fi
} }
@ -277,11 +288,9 @@ function _check_environment_variables() {
# Description: Place functions for functional configurations here # Description: Place functions for functional configurations here
########################################################################## ##########################################################################
function setup() { function setup() {
notify 'taskgrp' 'Setting up the Container:' notify 'taskgrp' 'Configuring mail server'
for _func in "${FUNCS_SETUP[@]}";do for _func in "${FUNCS_SETUP[@]}";do
$_func $_func
[ $? != 0 ] && defunc
done done
} }
@ -290,15 +299,15 @@ function _setup_default_vars() {
for var in ${!DEFAULT_VARS[@]}; do for var in ${!DEFAULT_VARS[@]}; do
echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1 # [ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1
notify 'inf' "$var=${DEFAULT_VARS[$var]} set" notify 'inf' "Set $var=${DEFAULT_VARS[$var]}"
done done
} }
function _setup_mailname() { function _setup_mailname() {
notify 'task' 'Setting up Mailname' notify 'task' 'Setting up Mailname'
echo "Creating /etc/mailname" notify 'inf' "Creating /etc/mailname"
echo $(hostname -d) > /etc/mailname echo $(hostname -d) > /etc/mailname
} }
@ -327,9 +336,9 @@ function _setup_dovecot_local_user() {
echo -n > /etc/postfix/vmailbox echo -n > /etc/postfix/vmailbox
echo -n > /etc/dovecot/userdb echo -n > /etc/dovecot/userdb
if [ -f /tmp/docker-mailserver/postfix-accounts.cf -a "$ENABLE_LDAP" != 1 ]; then if [ -f /tmp/docker-mailserver/postfix-accounts.cf -a "$ENABLE_LDAP" != 1 ]; then
echo "Checking file line endings" notify 'inf' "Checking file line endings"
sed -i 's/\r//g' /tmp/docker-mailserver/postfix-accounts.cf sed -i 's/\r//g' /tmp/docker-mailserver/postfix-accounts.cf
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users" notify 'inf' "Regenerating postfix user list"
echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox echo "# WARNING: this file is auto-generated. Modify config/postfix-accounts.cf to edit user list." > /etc/postfix/vmailbox
# Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline # Checking that /tmp/docker-mailserver/postfix-accounts.cf ends with a newline
@ -384,7 +393,7 @@ function _setup_ldap() {
/etc/postfix/ldap-${i}.cf /etc/postfix/ldap-${i}.cf
done done
echo "Configuring dovecot LDAP authentification" notify 'inf' "Configuring dovecot LDAP authentification"
sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \ sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \
-e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \ -e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \
-e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \ -e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \
@ -394,18 +403,18 @@ function _setup_ldap() {
# Add domainname to vhost. # Add domainname to vhost.
echo $(hostname -d) >> /tmp/vhost.tmp echo $(hostname -d) >> /tmp/vhost.tmp
echo "Enabling dovecot LDAP authentification" notify 'inf' "Enabling dovecot LDAP authentification"
sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-ldap\.conf\.ext/s/^#//' /etc/dovecot/conf.d/10-auth.conf
sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf sed -i -e '/\!include auth-passwdfile\.inc/s/^/#/' /etc/dovecot/conf.d/10-auth.conf
echo "Configuring LDAP" notify 'inf' "Configuring LDAP"
[ -f /etc/postfix/ldap-users.cf ] && \ [ -f /etc/postfix/ldap-users.cf ] && \
postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf" || \ postconf -e "virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf" || \
echo '==> Warning: /etc/postfix/ldap-user.cf not found' notify 'inf' "==> Warning: /etc/postfix/ldap-user.cf not found"
[ -f /etc/postfix/ldap-aliases.cf -a -f /etc/postfix/ldap-groups.cf ] && \ [ -f /etc/postfix/ldap-aliases.cf -a -f /etc/postfix/ldap-groups.cf ] && \
postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf" || \ postconf -e "virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf" || \
echo '==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found' notify 'inf' "==> Warning: /etc/postfix/ldap-aliases.cf or /etc/postfix/ldap-groups.cf not found"
[ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF [ ! -f /etc/postfix/sasl/smtpd.conf ] && cat > /etc/postfix/sasl/smtpd.conf << EOF
pwcheck_method: saslauthd pwcheck_method: saslauthd
@ -415,9 +424,9 @@ return 0
} }
function _setup_saslauthd() { function _setup_saslauthd() {
notify 'task' 'Setting up Saslauthd' notify 'task' "Setting up Saslauthd"
echo "Configuring Cyrus SASL" notify 'inf' "Configuring Cyrus SASL"
# checking env vars and setting defaults # checking env vars and setting defaults
[ -z $SASLAUTHD_MECHANISMS ] && SASLAUTHD_MECHANISMS=pam [ -z $SASLAUTHD_MECHANISMS ] && SASLAUTHD_MECHANISMS=pam
[ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam [ -z $SASLAUTHD_LDAP_SEARCH_BASE ] && SASLAUTHD_MECHANISMS=pam
@ -426,7 +435,7 @@ function _setup_saslauthd() {
([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://' ([ -z $SASLAUTHD_LDAP_SSL ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://'
if [ ! -f /etc/saslauthd.conf ]; then if [ ! -f /etc/saslauthd.conf ]; then
echo "Creating /etc/saslauthd.conf" notify 'inf' "Creating /etc/saslauthd.conf"
cat > /etc/saslauthd.conf << EOF cat > /etc/saslauthd.conf << EOF
ldap_servers: ${SASLAUTHD_LDAP_PROTO}${SASLAUTHD_LDAP_SERVER} ldap_servers: ${SASLAUTHD_LDAP_PROTO}${SASLAUTHD_LDAP_SERVER}
@ -477,11 +486,11 @@ function _setup_postfix_aliases() {
test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp test "$uname" != "$domain" && echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-virtual.cf done < /tmp/docker-mailserver/postfix-virtual.cf
else else
echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created." notify 'inf' "Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created."
fi fi
if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then
# Copying regexp alias file # Copying regexp alias file
echo "Adding regexp alias file postfix-regexp.cf" notify 'inf' "Adding regexp alias file postfix-regexp.cf"
cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp cp -f /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp
sed -i -e '/^virtual_alias_maps/{ sed -i -e '/^virtual_alias_maps/{
s/ regexp:.*// s/ regexp:.*//
@ -493,18 +502,18 @@ function _setup_postfix_aliases() {
function _setup_dkim() { function _setup_dkim() {
notify 'task' 'Setting up DKIM' notify 'task' 'Setting up DKIM'
mkdir -p /etc/opendkim && touch /etc/opendkim/SigningTable
# Check if keys are already available # Check if keys are already available
if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/ cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`" notify 'inf' "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
echo "Changing permissions on /etc/opendkim" notify 'inf' "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/ chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right # And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/ chmod -R 0700 /etc/opendkim/keys/
else else
echo "No DKIM key provided. Check the documentation to find how to get your keys." notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
fi fi
} }
@ -524,7 +533,7 @@ function _setup_ssl() {
KEY="key" KEY="key"
fi fi
if [ -n "$KEY" ]; then if [ -n "$KEY" ]; then
echo "Adding $(hostname) SSL certificate" notify 'inf' "Adding $(hostname) SSL certificate"
# Postfix configuration # Postfix configuration
sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$(hostname)'/fullchain.pem~g' /etc/postfix/main.cf sed -i -r 's~smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem~smtpd_tls_cert_file=/etc/letsencrypt/live/'$(hostname)'/fullchain.pem~g' /etc/postfix/main.cf
@ -534,14 +543,14 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$(hostname)'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/letsencrypt/live/'$(hostname)'/fullchain\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/letsencrypt/live/'$(hostname)'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/letsencrypt/live/'$(hostname)'/'"$KEY"'\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'letsencrypt' certificates" notify 'inf' "SSL configured with 'letsencrypt' certificates"
fi fi
fi fi
;; ;;
"custom" ) "custom" )
# Adding CA signed SSL certificate if provided in 'postfix/ssl' folder # Adding CA signed SSL certificate if provided in 'postfix/ssl' folder
if [ -e "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" ]; then if [ -e "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" ]; then
echo "Adding $(hostname) SSL certificate" notify 'inf' "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" /etc/postfix/ssl cp "/tmp/docker-mailserver/ssl/$(hostname)-full.pem" /etc/postfix/ssl
@ -553,14 +562,14 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-full\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'CA signed/custom' certificates" notify 'inf' "SSL configured with 'CA signed/custom' certificates"
fi fi
;; ;;
"manual" ) "manual" )
# Lets you manually specify the location of the SSL Certs to use. This gives you some more control over this whole processes (like using kube-lego to generate certs) # Lets you manually specify the location of the SSL Certs to use. This gives you some more control over this whole processes (like using kube-lego to generate certs)
if [ -n "$SSL_CERT_PATH" ] \ if [ -n "$SSL_CERT_PATH" ] \
&& [ -n "$SSL_KEY_PATH" ]; then && [ -n "$SSL_KEY_PATH" ]; then
echo "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH" notify 'inf' "Configuring certificates using cert $SSL_CERT_PATH and key $SSL_KEY_PATH"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp "$SSL_CERT_PATH" /etc/postfix/ssl/cert cp "$SSL_CERT_PATH" /etc/postfix/ssl/cert
cp "$SSL_KEY_PATH" /etc/postfix/ssl/key cp "$SSL_KEY_PATH" /etc/postfix/ssl/key
@ -575,7 +584,7 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/cert~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/key~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'Manual' certificates" notify 'inf' "SSL configured with 'Manual' certificates"
fi fi
;; ;;
"self-signed" ) "self-signed" )
@ -584,7 +593,7 @@ function _setup_ssl() {
&& [ -e "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" ] \ && [ -e "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" ] \
&& [ -e "/tmp/docker-mailserver/ssl/$(hostname)-combined.pem" ] \ && [ -e "/tmp/docker-mailserver/ssl/$(hostname)-combined.pem" ] \
&& [ -e "/tmp/docker-mailserver/ssl/demoCA/cacert.pem" ]; then && [ -e "/tmp/docker-mailserver/ssl/demoCA/cacert.pem" ]; then
echo "Adding $(hostname) SSL certificate" notify 'inf' "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-cert.pem" /etc/postfix/ssl cp "/tmp/docker-mailserver/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
cp "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" /etc/postfix/ssl cp "/tmp/docker-mailserver/ssl/$(hostname)-key.pem" /etc/postfix/ssl
@ -604,7 +613,7 @@ function _setup_ssl() {
sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_cert = </etc/dovecot/dovecot\.pem~ssl_cert = </etc/postfix/ssl/'$(hostname)'-combined\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf sed -i -e 's~ssl_key = </etc/dovecot/private/dovecot\.pem~ssl_key = </etc/postfix/ssl/'$(hostname)'-key\.pem~g' /etc/dovecot/conf.d/10-ssl.conf
echo "SSL configured with 'self-signed' certificates" notify 'inf' "SSL configured with 'self-signed' certificates"
fi fi
;; ;;
esac esac
@ -626,30 +635,26 @@ function _setup_docker_permit() {
case $PERMIT_DOCKER in case $PERMIT_DOCKER in
"host" ) "host" )
echo "Adding $container_network/16 to my networks" notify 'inf' "Adding $container_network/16 to my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_network/16" postconf -e "$(postconf | grep '^mynetworks =') $container_network/16"
bash -c "echo $container_network/16 >> /etc/opendmarc/ignore.hosts" echo $container_network/16 >> /etc/opendmarc/ignore.hosts
bash -c "echo $container_network/16 >> /etc/opendkim/TrustedHosts" echo $container_network/16 >> /etc/opendkim/TrustedHosts
;; ;;
"network" ) "network" )
echo "Adding docker network in my networks" notify 'inf' "Adding docker network in my networks"
postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12" postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12"
bash -c "echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts" echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts
bash -c "echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts" echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts
;; ;;
* ) * )
echo "Adding container ip in my networks" notify 'inf' "Adding container ip in my networks"
postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32" postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32"
bash -c "echo $container_ip/32 >> /etc/opendmarc/ignore.hosts" echo $container_ip/32 >> /etc/opendmarc/ignore.hosts
bash -c "echo $container_ip/32 >> /etc/opendkim/TrustedHosts" echo $container_ip/32 >> /etc/opendkim/TrustedHosts
;; ;;
esac esac
# @TODO fix: bash: /etc/opendkim/TrustedHosts: No such file or directory
# temporary workarround return success
return 0
} }
function _setup_postfix_override_configuration() { function _setup_postfix_override_configuration() {
@ -659,9 +664,9 @@ function _setup_postfix_override_configuration() {
while read line; do while read line; do
postconf -e "$line" postconf -e "$line"
done < /tmp/docker-mailserver/postfix-main.cf done < /tmp/docker-mailserver/postfix-main.cf
echo "Loaded 'config/postfix-main.cf'" notify 'inf' "Loaded 'config/postfix-main.cf'"
else else
echo "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided." notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
fi fi
} }
@ -678,20 +683,18 @@ function _setup_postfix_sasl_password() {
if [ -f /etc/postfix/sasl_passwd ]; then if [ -f /etc/postfix/sasl_passwd ]; then
chown root:root /etc/postfix/sasl_passwd chown root:root /etc/postfix/sasl_passwd
chmod 0600 /etc/postfix/sasl_passwd chmod 0600 /etc/postfix/sasl_passwd
echo "Loaded SASL_PASSWD" notify 'inf' "Loaded SASL_PASSWD"
else else
echo "==> Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created." notify 'inf' "Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created."
fi fi
} }
function _setup_postfix_relay_amazon_ses() { function _setup_postfix_relay_amazon_ses() {
notify 'task' 'Setting up Postfix Relay Amazon SES' notify 'task' 'Setting up Postfix Relay Amazon SES'
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
if [ -z "$AWS_SES_PORT" ];then if [ -z "$AWS_SES_PORT" ];then
AWS_SES_PORT=25 AWS_SES_PORT=25
fi fi
echo "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT" notify 'inf' "Setting up outgoing email via AWS SES host $AWS_SES_HOST:$AWS_SES_PORT"
echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd echo "[$AWS_SES_HOST]:$AWS_SES_PORT $AWS_SES_USERPASS" >> /etc/postfix/sasl_passwd
postconf -e \ postconf -e \
"relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \ "relayhost = [$AWS_SES_HOST]:$AWS_SES_PORT" \
@ -702,21 +705,19 @@ function _setup_postfix_relay_amazon_ses() {
"smtp_tls_security_level = encrypt" \ "smtp_tls_security_level = encrypt" \
"smtp_tls_note_starttls_offer = yes" \ "smtp_tls_note_starttls_offer = yes" \
"smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt" "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
fi
} }
function _setup_security_stack() { function _setup_security_stack() {
notify 'task' 'Setting up Security Stack' notify 'task' "Setting up Security Stack"
echo "Configuring Spamassassin" notify 'inf' "Configuring Spamassassin"
SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults
SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults
SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/ test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
if [ "$ENABLE_FAIL2BAN" = 1 ]; then if [ "$ENABLE_FAIL2BAN" = 1 ]; then
echo "Fail2ban enabled" notify 'inf' "Fail2ban enabled"
test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local test -e /tmp/docker-mailserver/fail2ban-jail.cf && cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.local
else else
# Disable logrotate config for fail2ban if not enabled # Disable logrotate config for fail2ban if not enabled
@ -737,7 +738,7 @@ function _setup_elk_forwarder() {
ELK_PORT=${ELK_PORT:="5044"} ELK_PORT=${ELK_PORT:="5044"}
ELK_HOST=${ELK_HOST:="elk"} ELK_HOST=${ELK_HOST:="elk"}
echo "Enabling log forwarding to ELK ($ELK_HOST:$ELK_PORT)" notify 'inf' "Enabling log forwarding to ELK ($ELK_HOST:$ELK_PORT)"
cat /etc/filebeat/filebeat.yml.tmpl \ cat /etc/filebeat/filebeat.yml.tmpl \
| sed "s@\$ELK_HOST@$ELK_HOST@g" \ | sed "s@\$ELK_HOST@$ELK_HOST@g" \
| sed "s@\$ELK_PORT@$ELK_PORT@g" \ | sed "s@\$ELK_PORT@$ELK_PORT@g" \
@ -754,10 +755,10 @@ function _setup_elk_forwarder() {
# Description: Place functions for temporary workarounds and fixes here # Description: Place functions for temporary workarounds and fixes here
########################################################################## ##########################################################################
function fix() { function fix() {
notify 'taskgrg' "Starting to fix:" notify 'taskgrg' "Post-configuration checks..."
for _func in "${FUNCS_FIX[@]}";do for _func in "${FUNCS_FIX[@]}";do
$_func $_func
[ $? != 0 ] && defunc # [ $? != 0 ] && defunc
done done
} }
@ -767,9 +768,9 @@ function _fix_var_mail_permissions() {
# Fix permissions, but skip this if 3 levels deep the user id is already set # Fix permissions, but skip this if 3 levels deep the user id is already set
if [ `find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | grep -c .` != 0 ]; then if [ `find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | grep -c .` != 0 ]; then
chown -R 5000:5000 /var/mail chown -R 5000:5000 /var/mail
echo "/var/mail permissions fixed" notify 'inf' "/var/mail permissions fixed"
else else
echo "Permissions in /var/mail look OK" notify 'inf' "Permissions in /var/mail look OK"
fi fi
} }
########################################################################## ##########################################################################
@ -783,11 +784,11 @@ function _fix_var_mail_permissions() {
# Description: Place functions that do not fit in the sections above here # Description: Place functions that do not fit in the sections above here
########################################################################## ##########################################################################
function misc() { function misc() {
notify 'taskgrp' 'Starting Misc:' notify 'taskgrp' 'Starting Misc'
for _func in "${FUNCS_MISC[@]}";do for _func in "${FUNCS_MISC[@]}";do
$_func $_func
[ $? != 0 ] && defunc # [ $? != 0 ] && defunc
done done
} }
@ -796,19 +797,19 @@ function _misc_save_states() {
# directory # directory
statedir=/var/mail-state statedir=/var/mail-state
if [ "$ONE_DIR" = 1 -a -d $statedir ]; then if [ "$ONE_DIR" = 1 -a -d $statedir ]; then
echo "Consolidating all state onto $statedir" notify 'inf' "Consolidating all state onto $statedir"
for d in /var/spool/postfix /var/lib/postfix /var/lib/amavis /var/lib/clamav /var/lib/spamassasin /var/lib/fail2ban; do for d in /var/spool/postfix /var/lib/postfix /var/lib/amavis /var/lib/clamav /var/lib/spamassasin /var/lib/fail2ban; do
dest=$statedir/`echo $d | sed -e 's/.var.//; s/\//-/g'` dest=$statedir/`echo $d | sed -e 's/.var.//; s/\//-/g'`
if [ -d $dest ]; then if [ -d $dest ]; then
echo " Destination $dest exists, linking $d to it" notify 'inf' " Destination $dest exists, linking $d to it"
rm -rf $d rm -rf $d
ln -s $dest $d ln -s $dest $d
elif [ -d $d ]; then elif [ -d $d ]; then
echo " Moving contents of $d to $dest:" `ls $d` notify 'inf' " Moving contents of $d to $dest:" `ls $d`
mv $d $dest mv $d $dest
ln -s $dest $d ln -s $dest $d
else else
echo " Linking $d to $dest" notify 'inf' " Linking $d to $dest"
mkdir -p $dest mkdir -p $dest
ln -s $dest $d ln -s $dest $d
fi fi
@ -821,11 +822,11 @@ function _misc_save_states() {
# >> Start Daemons # >> Start Daemons
########################################################################## ##########################################################################
function start_daemons() { function start_daemons() {
notify 'taskgrp' 'Starting Daemons' notify 'taskgrp' 'Starting mail server'
for _func in "${DAEMONS_START[@]}";do for _func in "${DAEMONS_START[@]}";do
$_func $_func
[ $? != 0 ] && defunc # [ $? != 0 ] && defunc
done done
} }
@ -854,7 +855,10 @@ function _start_daemons_fail2ban() {
function _start_daemons_opendkim() { function _start_daemons_opendkim() {
notify 'task' 'Starting opendkim' notify 'task' 'Starting opendkim'
if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
/etc/init.d/opendkim start /etc/init.d/opendkim start
[ $? != 0 ] && defunc
fi
} }
function _start_daemons_opendmarc() { function _start_daemons_opendmarc() {
@ -873,13 +877,13 @@ function _start_daemons_dovecot() {
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
if [ "$ENABLE_POP3" = 1 ]; then if [ "$ENABLE_POP3" = 1 ]; then
echo "Starting POP3 services" notify 'inf' "Starting POP3 services"
mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol
/usr/sbin/dovecot reload /usr/sbin/dovecot reload
fi fi
if [ -f /tmp/docker-mailserver/dovecot.cf ]; then if [ -f /tmp/docker-mailserver/dovecot.cf ]; then
echo 'Adding file "dovecot.cf" to the Dovecot configuration' notify 'inf' "Adding file 'dovecot.cf' to the Dovecot configuration"
cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf
/usr/sbin/dovecot reload /usr/sbin/dovecot reload
fi fi
@ -938,6 +942,13 @@ function _start_daemons_amavis() {
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# >> # >>
notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' "# docker-mailserver"
notify 'taskgrp' "#"
notify 'taskgrp' "#"
notify 'taskgrp' ""
register_functions register_functions
@ -947,7 +958,14 @@ fix
misc misc
start_daemons start_daemons
tail -f /var/log/mail/mail.log notify 'taskgrp' ""
notify 'taskgrp' "#"
notify 'taskgrp' "# $(hostname) is up and running"
notify 'taskgrp' "#"
notify 'taskgrp' ""
tail -fn 0 /var/log/mail/mail.log
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!