Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'release/5.8.1' into stable

This commit is contained in:
Johan Smits 2018-04-01 12:27:53 +02:00
parent 69d66912c6 18a5595850
commit 8910aa9be7
No known key found for this signature in database
GPG Key ID: 410DEF86BA323E19
7 changed files with 70 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.env.dist
View File

@ -74,7 +74,8 @@ POSTSCREEN_ACTION=enforce
# 1 => only launch postfix smtp # 1 => only launch postfix smtp
SMTP_ONLY= SMTP_ONLY=
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information. # Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
#
# empty => SSL disabled # empty => SSL disabled
# letsencrypt => Enables Let's Encrypt certificates # letsencrypt => Enables Let's Encrypt certificates
# custom => Enables custom certificates # custom => Enables custom certificates
@ -91,7 +92,8 @@ VIRUSMAILS_DELETE_DELAY=
# 1 => enabled # 1 => enabled
ENABLE_POSTFIX_VIRTUAL_TRANSPORT= ENABLE_POSTFIX_VIRTUAL_TRANSPORT=
Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix # Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix
#
# empty => fail # empty => fail
# `lmtp:unix:private/dovecot-lmtp` (use socket) # `lmtp:unix:private/dovecot-lmtp` (use socket)
# `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/) # `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)

22
CHANGELOG.md
View File

@ -1,5 +1,27 @@
# Changelog # Changelog
## 5.8.1
* add headers to postfix summary mail (#919)
* quotes needed to run multi-word command inside
container (#921)
* Fix uncommented lines in .env file (#920)
* Tls level fix (#916)
* test/config backup & restore (#907)
* Restore userdb for tests (#913)
## 5.8.0
* Adding daily mail review from Issue 839 (#881)
You can enable REPORT_RECIPIENT for REPORT_INTERVAL
reports. Default is disabled.
* introducing ENABLE_SRS env variable (#906, #852)
In v3.2.0 was SRS introduced and enabled by default
Now it is disabled by default and can be enabled with
the new env variable.
* fixed delalias, added additional tests (#909)
Fixes to setup where made for deletion and addition.
## 5.7.0 ## 5.7.0
* Delmailuser (#878) * Delmailuser (#878)
You can now delete users and the mailbox You can now delete users and the mailbox

33
Makefile
View File

@ -1,8 +1,8 @@
NAME = tvial/docker-mailserver:testing NAME = tvial/docker-mailserver:testing
all: build-no-cache generate-accounts run generate-accounts-after-run fixtures tests clean all: build-no-cache backup generate-accounts run generate-accounts-after-run fixtures tests clean
all-fast: build generate-accounts run generate-accounts-after-run fixtures tests clean all-fast: build backup generate-accounts run generate-accounts-after-run fixtures tests clean
no-build: generate-accounts run generate-accounts-after-run fixtures tests clean no-build: backup generate-accounts run generate-accounts-after-run fixtures tests clean
build-no-cache: build-no-cache:
cd test/docker-openldap/ && docker build -f Dockerfile -t ldap --no-cache . cd test/docker-openldap/ && docker build -f Dockerfile -t ldap --no-cache .
@ -12,6 +12,15 @@ build:
cd test/docker-openldap/ && docker build -f Dockerfile -t ldap . cd test/docker-openldap/ && docker build -f Dockerfile -t ldap .
docker build -t $(NAME) . docker build -t $(NAME) .
backup:
# if backup directories exist, clean hasn't been called, therefore we shouldn't overwrite it. It still contains the original content.
@if [ ! -d config.bak ]; then\
cp -rp config config.bak; \
fi
@if [ ! -d testconfig.bak ]; then\
cp -rp test/config testconfig.bak ;\
fi
generate-accounts: generate-accounts:
docker run --rm -e MAIL_USER=user1@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' > test/config/postfix-accounts.cf docker run --rm -e MAIL_USER=user1@localhost.localdomain -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' > test/config/postfix-accounts.cf
docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf docker run --rm -e MAIL_USER=user2@otherdomain.tld -e MAIL_PASS=mypassword -t $(NAME) /bin/sh -c 'echo "$$MAIL_USER|$$(doveadm pw -s SHA512-CRYPT -u $$MAIL_USER -p $$MAIL_PASS)"' >> test/config/postfix-accounts.cf
@ -205,7 +214,6 @@ generate-accounts-after-run:
sleep 10 sleep 10
fixtures: fixtures:
cp -r config config.bak
# Setup sieve & create filtering folder (INBOX/spam) # Setup sieve & create filtering folder (INBOX/spam)
docker cp "`pwd`/test/config/sieve/dovecot.sieve" mail:/var/mail/localhost.localdomain/user1/.dovecot.sieve docker cp "`pwd`/test/config/sieve/dovecot.sieve" mail:/var/mail/localhost.localdomain/user1/.dovecot.sieve
docker exec mail /bin/sh -c "maildirmake.dovecot /var/mail/localhost.localdomain/user1/.INBOX.spam" docker exec mail /bin/sh -c "maildirmake.dovecot /var/mail/localhost.localdomain/user1/.INBOX.spam"
@ -262,16 +270,11 @@ clean:
mail_override_hostname mail_override_hostname
@if [ -d config.bak ]; then\ @if [ -d config.bak ]; then\
sudo rm -rf config ;\ rm -rf config ;\
mv config.bak config ;\ mv config.bak config ;\
fi fi
-sudo rm -rf test/onedir \ @if [ -d testconfig.bak ]; then\
test/config/empty \ rm -rf test/config ;\
test/config/keyDefault \ mv testconfig.bak test/config ;\
test/config/key2048 \ fi
test/config/key1024 \ -sudo rm -rf test/onedir
test/config/without-accounts \
test/config/without-virtual \
test/config/with-domain \
test/config/dovecot-lmtp/userdb \
test/config/postfix-*-access.cf*

2
setup.sh
View File

@ -93,7 +93,7 @@ _docker_image() {
_docker_container() { _docker_container() {
if [ -n "$CONTAINER_NAME" ]; then if [ -n "$CONTAINER_NAME" ]; then
docker exec -ti "$CONTAINER_NAME" $@ docker exec -ti "$CONTAINER_NAME" "$@"
else else
echo "The docker-mailserver is not running!" echo "The docker-mailserver is not running!"
exit 1 exit 1

16
target/bin/postfix-summary Normal file → Executable file
View File

@ -10,9 +10,17 @@ errex() {
test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found" test -x /usr/sbin/pflogsumm || errex "Critical: /usr/sbin/pflogsumm not found"
BODY="Subject: Postfix Summary for $HOSTNAME\n\n"
# The case that the mail.log.1 file isn't readable shouldn't actually be possible with logrotate not rotating empty files.. But you never know! # The case that the mail.log.1 file isn't readable shouldn't actually be possible with logrotate not rotating empty files.. But you never know!
[ -r "/var/log/mail/mail.log.1" ] \ [ -r "/var/log/mail/mail.log.1" ] \
&& BODY="$BODY"$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first) \ && BODY=$(/usr/sbin/pflogsumm /var/log/mail/mail.log.1 --problems-first) \
|| BODY="$BODY Error: Mail log not readable or not found: /var/log/mail/mail.log.1\n\nIn case of mail inactivity since the last report, this might be considered a nuisance warning.\n\nYours faithfully, The $HOSTNAME Mailserver" || BODY="Error: Mail log not readable or not found: /var/log/mail/mail.log.1\n\nIn case of mail inactivity since the last report, this might be considered a nuisance warning.\n\nYours faithfully, The $HOSTNAME Mailserver"
echo -e "$BODY" | sendmail -f "mailserver-report@$HOSTNAME" "$RECIPIENT"
sendmail -t <<EOF
From: mailserver-report@$HOSTNAME
To: $RECIPIENT
Subject: Postfix Summary for $HOSTNAME
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset=UTF-8
$BODY
EOF

6
target/postfix/main.cf
View File

@ -28,10 +28,10 @@ smtpd_tls_loglevel = 1
smtp_tls_security_level = may smtp_tls_security_level = may
smtp_tls_loglevel = 1 smtp_tls_loglevel = 1
tls_ssl_options = NO_COMPRESSION tls_ssl_options = NO_COMPRESSION
tls_high_cipherlist=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
tls_preempt_cipherlist = yes tls_preempt_cipherlist = yes
smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_mandatory_ciphers = high smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1
smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL

20
target/start-mailserver.sh
View File

@ -775,23 +775,23 @@ function _setup_ssl() {
case $TLS_LEVEL in case $TLS_LEVEL in
"modern" ) "modern" )
# Postfix configuration # Postfix configuration
sed -i -r 's/^smtpd_tls_mandatory_protocols=.*$/smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf sed -i -r 's/^smtpd_tls_mandatory_protocols =.*$/smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf
sed -i -r 's/^smtpd_tls_protocols=.*$/smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf sed -i -r 's/^smtpd_tls_protocols =.*$/smtpd_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf
sed -i -r 's/^smtp_tls_protocols=.*$/smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf sed -i -r 's/^smtp_tls_protocols =.*$/smtp_tls_protocols = !SSLv2,!SSLv3,!TLSv1,!TLSv1.1/' /etc/postfix/main.cf
sed -i -r 's/^tls_high_cipherlist=.*$/tls_high_cipherlist=ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/postfix/main.cf sed -i -r 's/^tls_high_cipherlist =.*$/tls_high_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/postfix/main.cf
# Dovecot configuration # Dovecot configuration
sed -i -r 's/^ssl_protocols = .*$/ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1/' /etc/dovecot/conf.d/10-ssl.conf sed -i -r 's/^ssl_protocols =.*$/ssl_protocols = !SSLv3,!TLSv1,!TLSv1.1/' /etc/dovecot/conf.d/10-ssl.conf
sed -i -r 's/^ssl_cipher_list = .*$/ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/dovecot/conf.d/10-ssl.conf sed -i -r 's/^ssl_cipher_list =.*$/ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256/' /etc/dovecot/conf.d/10-ssl.conf
notify 'inf' "TLS configured with 'modern' ciphers" notify 'inf' "TLS configured with 'modern' ciphers"
;; ;;
"intermediate" ) "intermediate" )
# Postfix configuration # Postfix configuration
sed -i -r 's/^smtpd_tls_mandatory_protocols=.*$/smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3/' /etc/postfix/main.cf sed -i -r 's/^smtpd_tls_mandatory_protocols =.*$/smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf
sed -i -r 's/^smtpd_tls_protocols=.*$/smtpd_tls_protocols=!SSLv2,!SSLv3/' /etc/postfix/main.cf sed -i -r 's/^smtpd_tls_protocols =.*$/smtpd_tls_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf
sed -i -r 's/^smtp_tls_protocols=.*$/smtp_tls_protocols=!SSLv2,!SSLv3/' /etc/postfix/main.cf sed -i -r 's/^smtp_tls_protocols =.*$/smtp_tls_protocols = !SSLv2,!SSLv3/' /etc/postfix/main.cf
sed -i -r 's/^tls_high_cipherlist=.*$/tls_high_cipherlist=ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/postfix/main.cf sed -i -r 's/^tls_high_cipherlist =.*$/tls_high_cipherlist = ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS/' /etc/postfix/main.cf
# Dovecot configuration # Dovecot configuration
sed -i -r 's/^ssl_protocols = .*$/ssl_protocols = !SSLv3/' /etc/dovecot/conf.d/10-ssl.conf sed -i -r 's/^ssl_protocols = .*$/ssl_protocols = !SSLv3/' /etc/dovecot/conf.d/10-ssl.conf