From a00ea4f1eeda34a2d79812a0911068932dcdb400 Mon Sep 17 00:00:00 2001 From: Johan Smits Date: Mon, 19 Mar 2018 20:53:03 +0100 Subject: [PATCH 1/8] Add changelog entry --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0875d9cd..72cee422 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 5.8.0 + +* Adding daily mail review from Issue 839 (#881) + You can enable REPORT_RECIPIENT for REPORT_INTERVAL + reports. Default is disabled. +* introducing ENABLE_SRS env variable (#906, #852) + In v3.2.0 was SRS introduced and enabled by default + Now it is disabled by default and can be enabled with + the new env variable. +* fixed delalias, added additional tests (#909) + Fixes to setup where made for deletion and addition. + ## 5.7.0 * Delmailuser (#878) You can now delete users and the mailbox From ee4b434a5c1103cab0316dd4a851e8ba9010cf7e Mon Sep 17 00:00:00 2001 From: 17Halbe Date: Tue, 20 Mar 2018 08:17:24 +0100 Subject: [PATCH 2/8] Restore userdb for tests (#913) --- test/config/dovecot-lmtp/userdb | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 test/config/dovecot-lmtp/userdb diff --git a/test/config/dovecot-lmtp/userdb b/test/config/dovecot-lmtp/userdb new file mode 100644 index 00000000..a0ddaba8 --- /dev/null +++ b/test/config/dovecot-lmtp/userdb @@ -0,0 +1,2 @@ +user1@localhost.localdomain:{SHA512-CRYPT}$6$pnBf.UoYuOJ0EcxA$AY.2iRKsDftvCs5u2u72jgKcQHdN/tLguweV08YuBNaZGN4Xn9N8ES0NPxErqRR433vqBFUMmOiVNVF3JgMpB.:5000:5000::/var/mail/localhost.localdomain/user1:: +user2@otherdomain.tld:{SHA512-CRYPT}$6$xkJ0klS8NqpoGeVB$jKmC1YE03GeLtrcwgnQ14AG.nYm8Vj0l0BqUVM.VQ3MVBwYoooJL7JS7czR17gfwM9SRB/311OP8nF/GpNKr5.:5000:5000::/var/mail/otherdomain.tld/user2:: From a7589aa353735bfb93f8d42d09f32526d0b7bde9 Mon Sep 17 00:00:00 2001 From: 17Halbe Date: Wed, 21 Mar 2018 19:55:41 +0100 Subject: [PATCH 3/8] test/config backup & restore (#907) * backup and restore of test/config folder as done for the regular config folder as well. * permissions fix * preserving permissions and ownership * new backup rule --- Makefile | 33 ++++++++++++++++++--------------- test/config/dovecot-lmtp/userdb | 2 -- 2 files changed, 18 insertions(+), 17 deletions(-) delete mode 100644 test/config/dovecot-lmtp/userdb diff --git a/Makefile b/Makefile index 5356ee9b..566f8aa1 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,8 @@ NAME = tvial/docker-mailserver:testing -all: build-no-cache generate-accounts run generate-accounts-after-run fixtures tests clean -all-fast: build generate-accounts run generate-accounts-after-run fixtures tests clean -no-build: generate-accounts run generate-accounts-after-run fixtures tests clean +all: build-no-cache backup generate-accounts run generate-accounts-after-run fixtures tests clean +all-fast: build backup generate-accounts run generate-accounts-after-run fixtures tests clean +no-build: backup generate-accounts run generate-accounts-after-run fixtures tests clean build-no-cache: cd test/docker-openldap/ && docker build -f Dockerfile -t ldap --no-cache . @@ -12,6 +12,15 @@ build: cd test/docker-openldap/ && docker build -f Dockerfile -t ldap . docker build -t $(NAME) . +backup: + # if backup directories exist, clean hasn't been called, therefore we shouldn't overwrite it. It still contains the original content. + @if [ ! -d config.bak ]; then\ + cp -rp config config.bak; \ + fi + @if [ ! -d testconfig.bak ]; then\ + cp -rp test/config testconfig.bak ;\ + fi + generate-accounts: docker run --rm -e MAIL_USER=user1@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' > test/config/postfix-accounts.cf docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf @@ -205,7 +214,6 @@ generate-accounts-after-run: sleep 10 fixtures: - cp -r config config.bak # Setup sieve & create filtering folder (INBOX/spam) docker cp "`pwd`/test/config/sieve/dovecot.sieve" mail:/var/mail/localhost.localdomain/user1/.dovecot.sieve docker exec mail /bin/sh -c "maildirmake.dovecot /var/mail/localhost.localdomain/user1/.INBOX.spam" @@ -262,16 +270,11 @@ clean: mail_override_hostname @if [ -d config.bak ]; then\ - sudo rm -rf config ;\ + rm -rf config ;\ mv config.bak config ;\ fi - -sudo rm -rf test/onedir \ - test/config/empty \ - test/config/keyDefault \ - test/config/key2048 \ - test/config/key1024 \ - test/config/without-accounts \ - test/config/without-virtual \ - test/config/with-domain \ - test/config/dovecot-lmtp/userdb \ - test/config/postfix-*-access.cf* + @if [ -d testconfig.bak ]; then\ + rm -rf test/config ;\ + mv testconfig.bak test/config ;\ + fi + -sudo rm -rf test/onedir diff --git a/test/config/dovecot-lmtp/userdb b/test/config/dovecot-lmtp/userdb deleted file mode 100644 index a0ddaba8..00000000 --- a/test/config/dovecot-lmtp/userdb +++ /dev/null @@ -1,2 +0,0 @@ -user1@localhost.localdomain:{SHA512-CRYPT}$6$pnBf.UoYuOJ0EcxA$AY.2iRKsDftvCs5u2u72jgKcQHdN/tLguweV08YuBNaZGN4Xn9N8ES0NPxErqRR433vqBFUMmOiVNVF3JgMpB.:5000:5000::/var/mail/localhost.localdomain/user1:: -user2@otherdomain.tld:{SHA512-CRYPT}$6$xkJ0klS8NqpoGeVB$jKmC1YE03GeLtrcwgnQ14AG.nYm8Vj0l0BqUVM.VQ3MVBwYoooJL7JS7czR17gfwM9SRB/311OP8nF/GpNKr5.:5000:5000::/var/mail/otherdomain.tld/user2:: From b17ffe85d88d783ad88fd647bed5f8ef731272eb Mon Sep 17 00:00:00 2001 From: Marek Walczak <2558195+mwlczk@users.noreply.github.com> Date: Mon, 26 Mar 2018 20:50:28 +0200 Subject: [PATCH 4/8] Tls level fix (#916) * fix for TLS_LEVEL processing. unified spacing for sed. --- target/postfix/main.cf | 6 +++--- target/start-mailserver.sh | 20 ++++++++++---------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/target/postfix/main.cf b/target/postfix/main.cf index 807e282f..e1c094c7 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -28,10 +28,10 @@ smtpd_tls_loglevel = 1 smtp_tls_security_level = may smtp_tls_loglevel = 1 tls_ssl_options = NO_COMPRESSION -tls_high_cipherlist=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 +tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 tls_preempt_cipherlist = yes -smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 -smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 +smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 +smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 370d3f1e..a1a4a58f 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -775,23 +775,23 @@ function _setup_ssl() { case $TLS_LEVEL in "modern" ) # Postfix configuration - sed -i -r 's/^smtpd_tls_mandatory_protocols=.*$/smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf - sed -i -r 's/^smtpd_tls_protocols=.*$/smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf - sed -i -r 's/^smtp_tls_protocols=.*$/smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf - sed -i -r 's/^tls_high_cipherlist=.*$/tls_high_cipherlist=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/postfix/main.cf + sed -i -r 's/^smtpd_tls_mandatory_protocols =.*$/smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf + sed -i -r 's/^smtpd_tls_protocols =.*$/smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf + sed -i -r 's/^smtp_tls_protocols =.*$/smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf + sed -i -r 's/^tls_high_cipherlist =.*$/tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/postfix/main.cf # Dovecot configuration - sed -i -r 's/^ssl_protocols = .*$/ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1/' /etc/dovecot/conf.d/10-ssl.conf - sed -i -r 's/^ssl_cipher_list = .*$/ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/dovecot/conf.d/10-ssl.conf + sed -i -r 's/^ssl_protocols =.*$/ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1/' /etc/dovecot/conf.d/10-ssl.conf + sed -i -r 's/^ssl_cipher_list =.*$/ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/dovecot/conf.d/10-ssl.conf notify 'inf' "TLS configured with 'modern' ciphers" ;; "intermediate" ) # Postfix configuration - sed -i -r 's/^smtpd_tls_mandatory_protocols=.*$/smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3/' /etc/postfix/main.cf - sed -i -r 's/^smtpd_tls_protocols=.*$/smtpd_tls_protocols=!SSLv2,!SSLv3/' /etc/postfix/main.cf - sed -i -r 's/^smtp_tls_protocols=.*$/smtp_tls_protocols=!SSLv2,!SSLv3/' /etc/postfix/main.cf - sed -i -r 's/^tls_high_cipherlist=.*$/tls_high_cipherlist=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/postfix/main.cf + sed -i -r 's/^smtpd_tls_mandatory_protocols =.*$/smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf + sed -i -r 's/^smtpd_tls_protocols =.*$/smtpd_tls_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf + sed -i -r 's/^smtp_tls_protocols =.*$/smtp_tls_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf + sed -i -r 's/^tls_high_cipherlist =.*$/tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/postfix/main.cf # Dovecot configuration sed -i -r 's/^ssl_protocols = .*$/ssl_protocols = !SSLv3/' /etc/dovecot/conf.d/10-ssl.conf From a33c1b49ab494f7b94fdf820a493858f1dae52a7 Mon Sep 17 00:00:00 2001 From: Paul Adams Date: Thu, 29 Mar 2018 17:31:18 +0100 Subject: [PATCH 5/8] Fix uncommented lines in .env file (#920) --- .env.dist | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.env.dist b/.env.dist index 7db07447..df2cf266 100644 --- a/.env.dist +++ b/.env.dist @@ -74,7 +74,8 @@ POSTSCREEN_ACTION=enforce # 1 => only launch postfix smtp SMTP_ONLY= -Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information. +# Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information. +# # empty => SSL disabled # letsencrypt => Enables Let's Encrypt certificates # custom => Enables custom certificates @@ -91,7 +92,8 @@ VIRUSMAILS_DELETE_DELAY= # 1 => enabled ENABLE_POSTFIX_VIRTUAL_TRANSPORT= -Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix +# Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix +# # empty => fail # `lmtp:unix:private/dovecot-lmtp` (use socket) # `lmtps:inet::` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/) From e97344cb5c27298239db68b575e0ec4eae698ffa Mon Sep 17 00:00:00 2001 From: Paul Adams Date: Thu, 29 Mar 2018 17:31:57 +0100 Subject: [PATCH 6/8] quotes needed to run multi-word command inside container (#921) --- setup.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.sh b/setup.sh index 9964d35c..4ee77be6 100755 --- a/setup.sh +++ b/setup.sh @@ -93,7 +93,7 @@ _docker_image() { _docker_container() { if [ -n "$CONTAINER_NAME" ]; then - docker exec -ti "$CONTAINER_NAME" $@ + docker exec -ti "$CONTAINER_NAME" "$@" else echo "The docker-mailserver is not running!" exit 1 From f540f8e9c3ac0980364219c2946151abf149fc90 Mon Sep 17 00:00:00 2001 From: Andreas Gerstmayr Date: Fri, 30 Mar 2018 10:24:40 +0200 Subject: [PATCH 7/8] add headers to postfix summary mail (#919) --- target/bin/postfix-summary | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) mode change 100644 => 100755 target/bin/postfix-summary diff --git a/target/bin/postfix-summary b/target/bin/postfix-summary old mode 100644 new mode 100755 index b925d380..d30b8819 --- a/target/bin/postfix-summary +++ b/target/bin/postfix-summary @@ -10,9 +10,17 @@ errex() { test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found" -BODY="Subject: Postfix Summary for $HOSTNAME\n\n" # The case that the mail.log.1 file isn't readable shouldn't actually be possible with logrotate not rotating empty files.. But you never know! [ -r "/var/log/mail/mail.log.1" ] \ - && BODY="$BODY"$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first) \ - || BODY="$BODY Error: Mail log not readable or not found: /var/log/mail/mail.log.1\n\nIn case of mail inactivity since the last report, this might be considered a nuisance warning.\n\nYours faithfully, The $HOSTNAME Mailserver" -echo -e "$BODY" | sendmail -f "mailserver-report@$HOSTNAME" "$RECIPIENT" + && BODY=$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first) \ + || BODY="Error: Mail log not readable or not found: /var/log/mail/mail.log.1\n\nIn case of mail inactivity since the last report, this might be considered a nuisance warning.\n\nYours faithfully, The $HOSTNAME Mailserver" + +sendmail -t < Date: Sun, 1 Apr 2018 12:27:23 +0200 Subject: [PATCH 8/8] Release 5.8.1 --- CHANGELOG.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 72cee422..ac570b20 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Changelog +## 5.8.1 + +* add headers to postfix summary mail (#919) +* quotes needed to run multi-word command inside + container (#921) +* Fix uncommented lines in .env file (#920) +* Tls level fix (#916) +* test/config backup & restore (#907) +* Restore userdb for tests (#913) + ## 5.8.0 * Adding daily mail review from Issue 839 (#881)