Merge branch 'master' into master

2017-08-07 17:44:27 +02:00 · 2017-08-07 17:44:27 +02:00 · 70b70cc892
parent e68972f21c 9e7959fafe
commit 70b70cc892
10 changed files with 358 additions and 47 deletions
--- a/41
+++ b/41
@ -4,6 +4,13 @@ MAINTAINER Thomas VIAL
 ENV DEBIAN_FRONTEND noninteractive
 ENV VIRUSMAILS_DELETE_DELAY=7
 ENV ONE_DIR=0
+ENV ENABLE_POSTGREY=0
+ENV POSTGREY_DELAY=300
+ENV POSTGREY_MAX_AGE=35
+ENV POSTGREY_TEXT="Delayed by postgrey"
+
+ENV SASLAUTHD_MECHANISMS=pam
+ENV SASLAUTHD_MECH_OPTIONS=""

 # Packages
 RUN apt-get update -q --fix-missing && \
@ -12,10 +19,13 @@ RUN apt-get update -q --fix-missing && \
  apt-get -y install --no-install-recommends \
    amavisd-new \
    arj \
+    binutils \
    bzip2 \
    ca-certificates \
+    cabextract \
    clamav \
    clamav-daemon \
+    cpio \
    curl \
    dovecot-core \
    dovecot-imapd \
@ -32,24 +42,36 @@ RUN apt-get update -q --fix-missing && \
    gzip \
    iptables \
    locales \
+    liblz4-tool \
    libmail-spf-perl \
    libnet-dns-perl \
    libsasl2-modules \
+    lrzip \
+    lzop \
    netcat-openbsd \
+    nomarch \
    opendkim \
    opendkim-tools \
    opendmarc \
-    p7zip \
+    pax \
+    p7zip-full \
    postfix-ldap \
    postfix-pcre \
    postfix-policyd-spf-python \
    pyzor \
+    rar \
    razor \
+    ripole \
+    rpm2cpio \
    rsyslog \
    sasl2-bin \
    spamassassin \
+    supervisor \
    postgrey \
+    unrar-free \
    unzip \
+    xz-utils \
+    zoo \
    && \
  curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
  echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \
@ -69,7 +91,11 @@ RUN apt-get update -q --fix-missing && \

 RUN echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" > /etc/cron.d/freshclam && \
  chmod 644 /etc/clamav/freshclam.conf && \
-  freshclam
+  freshclam && \
+  sed -i 's/Foreground false/Foreground true/g' /etc/clamav/clamd.conf && \
+  sed -i 's/AllowSupplementaryGroups false/AllowSupplementaryGroups true/g' /etc/clamav/clamd.conf && \
+  mkdir /var/run/clamav && \
+  chown -R clamav:root /var/run/clamav

 # Configures Dovecot
 COPY target/dovecot/auth-passwdfile.inc target/dovecot/??-*.conf /etc/dovecot/conf.d/
@ -111,7 +137,7 @@ RUN sed -i -r 's/#(@|   \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_fil
 # Configure Fail2ban
 COPY target/fail2ban/jail.conf /etc/fail2ban/jail.conf
 COPY target/fail2ban/filter.d/dovecot.conf /etc/fail2ban/filter.d/dovecot.conf
-RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
+RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf && mkdir /var/run/fail2ban

 # Enables Pyzor and Razor
 USER amavis
@ -133,6 +159,7 @@ COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts
 # Configure fetchmail
 COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general
 RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail
+RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail

 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
@ -161,11 +188,15 @@ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /et
 COPY ./target/bin /usr/local/bin

 # Start-mailserver script
-COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
+COPY ./target/start-mailserver.sh ./target/fail2ban-wrapper.sh ./target/postfix-wrapper.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/*

+# Configure supervisor
+COPY target/supervisor/* /etc/supervisor/conf.d/
+
 EXPOSE 25 587 143 993 110 995 4190

-CMD ["/bin/bash", "/usr/local/bin/start-mailserver.sh"]
+CMD supervisord -c /etc/supervisor/supervisord.conf

 ADD target/filebeat.yml.tmpl /etc/filebeat/filebeat.yml.tmpl
+
--- a/14
+++ b/14
@ -40,7 +40,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \
 		-e ENABLE_POP3=1 \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-e SSL_TYPE=letsencrypt \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
@ -49,6 +49,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e SMTP_ONLY=1 \
 		-e PERMIT_DOCKER=network \
+		-e DMS_DEBUG=0 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-t $(NAME)
 	sleep 15
@ -63,6 +64,7 @@ run:
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e PERMIT_DOCKER=network \
+		-e DMS_DEBUG=0 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-h mail.my-domain.com \
 		-t $(NAME)
@ -79,6 +81,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_FETCHMAIL=1 \
 		--cap-add=NET_ADMIN \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_disabled_clamav_spamassassin \
@ -86,6 +89,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_CLAMAV=0 \
 		-e ENABLE_SPAMASSASSIN=0 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_manual_ssl \
@ -94,6 +98,7 @@ run:
 		-e SSL_TYPE=manual \
 		-e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \
 		-e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name ldap_for_mail \
@ -120,6 +125,7 @@ run:
 		-e SASLAUTHD_LDAP_PASSWORD=admin \
 		-e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \
 		-e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \
+		-e DMS_DEBUG=0 \
 		--link ldap_for_mail:ldap \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
@ -130,8 +136,8 @@ run:
 		-e SASLAUTHD_MECHANISMS=rimap \
 		-e SASLAUTHD_MECH_OPTIONS=127.0.0.1 \
 		-e POSTMASTER_ADDRESS=postmaster@localhost.localdomain \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
-	# Wait for containers to fully start
 	sleep 15
 	docker run -d --name mail_lmtp_ip \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
@ -139,6 +145,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 \
 		-e POSTFIX_DAGENT=lmtp:127.0.0.1:24 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 30
 	docker run -d --name mail_with_postgrey \
@ -148,6 +155,7 @@ run:
 		-e POSTGREY_DELAY=15 \
 		-e POSTGREY_MAX_AGE=35 \
 		-e POSTGREY_TEXT="Delayed by postgrey" \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 20

@ -179,7 +187,7 @@ fixtures:

 	docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
 	# Wait for mails to be analyzed
-	sleep 20
+	sleep 40

 tests:
 	# Start tests
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 # docker-mailserver

-[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=master)](https://travis-ci.org/tomav/docker-mailserver) [![Docker Pulls](https://img.shields.io/docker/pulls/tvial/docker-mailserver.svg)](https://hub.docker.com/r/tvial/docker-mailserver/) [![Github Stars](https://img.shields.io/github/stars/tomav/docker-mailserver.svg?label=github%20%E2%98%85)](https://github.com/tomav/docker-mailserver/) [![Github Stars](https://img.shields.io/github/contributors/tomav/docker-mailserver.svg)](https://github.com/tomav/docker-mailserver/) [![Github Forks](https://img.shields.io/github/forks/tomav/docker-mailserver.svg?label=github%20forks)](https://github.com/tomav/docker-mailserver/) [![Gitter](https://img.shields.io/gitter/room/tomav/docker-mailserver.svg)](https://gitter.im/tomav/docker-mailserver)
+[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=master)](https://travis-ci.org/tomav/docker-mailserver) [![Docker Pulls](https://img.shields.io/docker/pulls/tvial/docker-mailserver.svg)](https://hub.docker.com/r/tvial/docker-mailserver/) [![Docker layers](https://images.microbadger.com/badges/image/tvial/docker-mailserver.svg)](https://microbadger.com/images/tvial/docker-mailserver) [![Github Stars](https://img.shields.io/github/stars/tomav/docker-mailserver.svg?label=github%20%E2%98%85)](https://github.com/tomav/docker-mailserver/) [![Github Stars](https://img.shields.io/github/contributors/tomav/docker-mailserver.svg)](https://github.com/tomav/docker-mailserver/) [![Github Forks](https://img.shields.io/github/forks/tomav/docker-mailserver.svg?label=github%20forks)](https://github.com/tomav/docker-mailserver/) [![Gitter](https://img.shields.io/gitter/room/tomav/docker-mailserver.svg)](https://gitter.im/tomav/docker-mailserver)


 A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
--- a/setup.sh
+++ b/setup.sh
@ -7,7 +7,7 @@
 INFO=$(docker ps \
  --no-trunc \
  --format="{{.Image}}\t{{.Names}}\t{{.Command}}" | \
-  grep '/bin/sh -c /usr/local/bin/start-mailserver.sh')
+  grep "/bin/sh -c 'supervisord -c /etc/supervisor/supervisord.conf'")

 IMAGE_NAME=$(echo $INFO | awk '{print $1}')
 CONTAINER_NAME=$(echo $INFO | awk '{print $2}')
--- a/target/fail2ban-wrapper.sh
+++ b/target/fail2ban-wrapper.sh
@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# fail2ban-wrapper.sh, version 0.0.1
+#
+# You cannot start fail2ban in some foreground mode and
+# it's more or less important that docker doesn't kill
+# fail2ban and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping fail2ban correctly.
+#
+# supervisord config snippet for fail2ban-wrapper:
+#
+# [program:fail2ban]
+# process_name = fail2ban
+# command = /path/to/fail2ban-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "/usr/bin/fail2ban-client stop" SIGINT
+trap "/usr/bin/fail2ban-client stop" SIGTERM
+trap "/usr/bin/fail2ban-client reload" SIGHUP
+
+# start fail2ban
+/usr/bin/fail2ban-client start
+
+# lets give fail2ban some time to start
+sleep 5
+
+# wait until fail2ban is dead (triggered by trap)
+while kill -0 "`cat /var/run/fail2ban/fail2ban.pid`"; do
+  sleep 5
+done
+
--- a/target/postfix-wrapper.sh
+++ b/target/postfix-wrapper.sh
@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# postfix-wrapper.sh, version 0.1.0
+#
+# You cannot start postfix in some foreground mode and
+# it's more or less important that docker doesn't kill
+# postfix and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping postfix correctly.
+#
+# supervisord config snippet for postfix-wrapper:
+#
+# [program:postfix]
+# process_name = postfix
+# command = /path/to/postfix-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+# start postfix
+service postfix start
+
+# lets give postfix some time to start
+sleep 5
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "`cat /var/spool/postfix/pid/master.pid`"; do
+  sleep 5
+done
+
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@ -361,7 +361,7 @@ function _check_hostname() {

 	if ( ! echo $HOSTNAME | grep -E '^(\S+[.]\S+)$' > /dev/null ); then
 		notify 'err' "Setting hostname/domainname is required"
-		return 1
+		kill -6 `cat /var/run/supervisord.pid` && return 1
 	else
 		notify 'inf' "Domain has been set to $DOMAINNAME"
 		notify 'inf' "Hostname has been set to $HOSTNAME"
@ -395,7 +395,7 @@ function _setup_default_vars() {

 	for var in ${!DEFAULT_VARS[@]}; do
 		echo "export $var=${DEFAULT_VARS[$var]}" >> /root/.bashrc
-		[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && return 1
+		[ $? != 0 ] && notify 'err' "Unable to set $var=${DEFAULT_VARS[$var]}" && kill -15 `cat /var/run/supervisord.pid` && return 1
 		notify 'inf' "Set $var=${DEFAULT_VARS[$var]}"
 	done
 }
@ -665,18 +665,6 @@ EOF
 		 -e "/^[^#].*smtpd_sasl_path.*/s/^/#/g" \
 		 /etc/postfix/master.cf

-	sed -i \
-		-e "s|^START=.*|START=yes|g" \
-		-e "s|^MECHANISMS=.*|MECHANISMS="\"$SASLAUTHD_MECHANISMS\""|g" \
-		-e "s|^MECH_OPTIONS=.*|MECH_OPTIONS="\"$SASLAUTHD_MECH_OPTIONS\""|g" \
-		/etc/default/saslauthd
-
-	if [ "$SASLAUTHD_MECHANISMS" = rimap ]; then
-		sed -i \
-			-e 's|^OPTIONS="|OPTIONS="-r |g' \
-			/etc/default/saslauthd
-	fi
-
 	sed -i \
 		-e "/smtpd_sasl_path =.*/d" \
 		-e "/smtpd_sasl_type =.*/d" \
@ -905,7 +893,7 @@ function _setup_postfix_virtual_transport() {

 	[ -z "${POSTFIX_DAGENT}" ] && \
 		echo "${POSTFIX_DAGENT} not set." && \
-		return 1
+		kill -15 `cat /var/run/supervisord.pid` && return 1
 	postconf -e "virtual_transport = ${POSTFIX_DAGENT}"
 }

@ -1199,46 +1187,47 @@ function start_daemons() {

 function _start_daemons_cron() {
 	notify 'task' 'Starting cron' 'n'
-	display_startup_daemon "cron"
+	supervisorctl start cron
 }

 function _start_daemons_rsyslog() {
-	notify 'task' 'Starting rsyslog' 'n'
-	display_startup_daemon "/etc/init.d/rsyslog start"
+	notify 'task' 'Starting rsyslog ' 'n'
+    supervisorctl start rsyslog
 }

 function _start_daemons_saslauthd() {
 	notify 'task' 'Starting saslauthd' 'n'
-	display_startup_daemon "/etc/init.d/saslauthd start"
+    supervisorctl start "saslauthd_${SASLAUTHD_MECHANISMS}"
 }

 function _start_daemons_fail2ban() {
-	notify 'task' 'Starting fail2ban' 'n'
+	notify 'task' 'Starting fail2ban ' 'n'
 	touch /var/log/auth.log
 	# Delete fail2ban.sock that probably was left here after container restart
 	if [ -e /var/run/fail2ban/fail2ban.sock ]; then
 		rm /var/run/fail2ban/fail2ban.sock
 	fi
-	display_startup_daemon "/etc/init.d/fail2ban start"
+    supervisorctl start fail2ban
 }

 function _start_daemons_opendkim() {
-	notify 'task' 'Starting opendkim' 'n'
-	display_startup_daemon "/etc/init.d/opendkim start"
+	notify 'task' 'Starting opendkim ' 'n'
+    supervisorctl start opendkim
 }

 function _start_daemons_opendmarc() {
-	notify 'task' 'Starting opendmarc' 'n'
-	display_startup_daemon "/etc/init.d/opendmarc start"
+	notify 'task' 'Starting opendmarc ' 'n'
+    supervisorctl start opendmarc
 }

 function _start_daemons_postfix() {
 	notify 'task' 'Starting postfix' 'n'
-	display_startup_daemon "/etc/init.d/postfix start"
+    supervisorctl start postfix
 }

 function _start_daemons_dovecot() {
 	# Here we are starting sasl and imap, not pop3 because it's disabled by default
+
 	notify 'task' 'Starting dovecot services' 'n'
 	rm -f /var/run/dovecot/master.pid
 	display_startup_daemon "/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf"
@ -1246,14 +1235,14 @@ function _start_daemons_dovecot() {
 	if [ "$ENABLE_POP3" = 1 ]; then
 		notify 'task' 'Starting pop3 services' 'n'
 		mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol
-		display_startup_daemon "/usr/sbin/dovecot reload"
 	fi

 	if [ -f /tmp/docker-mailserver/dovecot.cf ]; then
 		cp /tmp/docker-mailserver/dovecot.cf /etc/dovecot/local.conf
-		/usr/sbin/dovecot reload
 	fi

+    supervisorctl start dovecot
+
 	# @TODO fix: on integration test
 	# doveadm: Error: userdb lookup: connect(/var/run/dovecot/auth-userdb) failed: No such file or directory
 	# doveadm: Fatal: user listing failed
@ -1266,30 +1255,30 @@ function _start_daemons_dovecot() {

 function _start_daemons_filebeat() {
 	notify 'task' 'Starting filebeat' 'n'
-	display_startup_daemon "/etc/init.d/filebeat start"
+    supervisorctl start filebeat
 }

 function _start_daemons_fetchmail() {
 	notify 'task' 'Starting fetchmail' 'n'
 	/usr/local/bin/setup-fetchmail
-	display_startup_daemon "/etc/init.d/fetchmail start"
+	supervisorctl start fetchmail
 }

 function _start_daemons_clamav() {
 	notify 'task' 'Starting clamav' 'n'
-	display_startup_daemon "/etc/init.d/clamav-daemon start"
+    supervisorctl start clamav
 }

 function _start_daemons_postgrey() {
 	notify 'task' 'Starting postgrey' 'n'
 	rm -f /var/run/postgrey/postgrey.pid
-	display_startup_daemon "/etc/init.d/postgrey start"
+    supervisorctl start postgrey
 }


 function _start_daemons_amavis() {
 	notify 'task' 'Starting amavis' 'n'
-	display_startup_daemon "/etc/init.d/amavis start"
+    supervisorctl start amavis
 }

 ##########################################################################
--- a/target/supervisor/saslauth.conf
+++ b/target/supervisor/saslauth.conf
@ -0,0 +1,45 @@
+[program:saslauthd_ldap]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a ldap -O /etc/saslauthd.conf
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_mysql]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a mysql -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_pam]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a pam -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_rimap]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a rimap -r -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
+[program:saslauthd_shadow]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/saslauthd -d -a shadow -O %(ENV_SASLAUTHD_MECH_OPTIONS)s
+pidfile=/var/run/saslauthd/saslauthd.pid
+
--- a/target/supervisor/supervisor-app.conf
+++ b/target/supervisor/supervisor-app.conf
@ -0,0 +1,116 @@
+# each program entry below is a separate terminal command.
+# Each command MUST run in the foreground and stay running.
+# If the command ever exits, the supervisor daemon will automatically run it again.
+# Programs can be controlled like this: 'supervisorctl start fail2ban' 'supervisorctl stop fail2ban'
+# supervisor writes program statuses in /var/log/supervisor
+
+[supervisord]
+nodaemon=true
+
+[program:mailserver]
+startsecs=0
+autostart=true
+autorestart=false
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+command=/usr/local/bin/start-mailserver.sh
+
+[program:cron]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/cron -f
+
+[program:rsyslog]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/rsyslogd -n
+
+[program:fail2ban]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/local/bin/fail2ban-wrapper.sh
+
+[program:opendkim]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/opendkim -f
+
+[program:opendmarc]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/opendmarc -f -p "inet:8893@localhost" -P /var/run/opendmarc/opendmarc.pid
+
+[program:dovecot]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
+
+[program:filebeat]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/bin/filebeat -c /etc/filebeat/filebeat.yml
+
+[program:clamav]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/clamd -c /etc/clamav/clamd.conf
+
+[program:postgrey]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/mail/mail.log
+stderr_logfile=/var/log/mail/mail.log
+command=/usr/sbin/postgrey --inet=127.0.0.1:10023 --syslog-facility=mail --delay=%(ENV_POSTGREY_DELAY)s --max-age=%(ENV_POSTGREY_MAX_AGE)s --greylist-text="%(ENV_POSTGREY_TEXT)s"
+
+[program:amavis]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/amavisd-new foreground
+
+[program:fetchmail]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+user=fetchmail
+command=/usr/bin/fetchmail -f /etc/fetchmailrc -v --nodetach --daemon 300 -i /var/lib/fetchmail/.fetchmail-UIDL-cache --pidfile /var/run/fetchmail/fetchmail.pid
+
+[program:postfix]
+startsecs=0
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/local/bin/postfix-wrapper.sh
+
--- a/test/tests.bats
+++ b/test/tests.bats
@ -111,10 +111,6 @@ load 'test_helper/bats-assert/load'
  assert_success
 }

-@test "checking process: saslauthd (saslauthd server enabled)" {
-  run docker exec mail_with_imap /bin/bash -c "ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
-  assert_success
-}

 #
 # postgrey
@ -791,6 +787,13 @@ load 'test_helper/bats-assert/load'
  assert_failure
 }

+@test "checking system: amavis decoders installed and available" {
+  run docker exec mail /bin/sh -c "grep -E '.*(Internal decoder|Found decoder) for\s+\.(mail|Z|gz|bz2|xz|lzma|lrz|lzo|lz4|rpm|cpio|tar|deb|rar|arj|arc|zoo|doc|cab|tnef|zip|kmz|7z|jar|swf|lha|iso|exe).*' /var/log/mail/mail.log|wc -l"
+  assert_success
+  assert_output 28
+}
+
+
 #
 # sieve
 #
@ -1187,3 +1190,54 @@ load 'test_helper/bats-assert/load'
  assert_success
  assert_output 0
 }
+
+
+#
+# supervisor
+#
+
+@test "checking restart of process: postfix" {
+  run docker exec mail /bin/bash -c "pkill master && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/lib/postfix/sbin/master'"
+  assert_success
+}
+
+@test "checking restart of process: clamd" {
+  run docker exec mail /bin/bash -c "pkill clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
+  assert_success
+}
+
+@test "checking restart of process: amavisd-new" {
+  run docker exec mail /bin/bash -c "pkill amavi && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/amavisd-new (master)'"
+  assert_success
+}
+
+@test "checking restart of process: opendkim" {
+  run docker exec mail /bin/bash -c "pkill opendkim && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendkim'"
+  assert_success
+}
+
+@test "checking restart of process: opendmarc" {
+  run docker exec mail /bin/bash -c "pkill opendmarc && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/opendmarc'"
+  assert_success
+}
+
+@test "checking restart of process: fail2ban (fail2ban server enabled)" {
+  run docker exec mail_fail2ban /bin/bash -c "pkill fail2ban && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/python3 /usr/bin/fail2ban-server'"
+  assert_success
+}
+
+@test "checking restart of process: fetchmail" {
+  run docker exec mail_fetchmail /bin/bash -c "pkill fetchmail && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/bin/fetchmail'"
+  assert_success
+}
+
+@test "checking restart of process: clamav (clamav disabled by ENABLED_CLAMAV=0)" {
+  run docker exec mail_disabled_clamav_spamassassin /bin/bash -c "pkill -f clamd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/clamd'"
+  assert_failure
+}
+
+@test "checking restart of process: saslauthd (saslauthd server enabled)" {
+  run docker exec mail_with_ldap /bin/bash -c "pkill saslauthd && sleep 10 && ps aux --forest | grep -v grep | grep '/usr/sbin/saslauthd'"
+  assert_success
+}
+