From b06c8e438e52f9ff132dbe122005717364828438 Mon Sep 17 00:00:00 2001
From: Felix Schwarz <felix.schwarz@iospirit.com>
Date: Sun, 30 Jul 2017 10:28:08 +0200
Subject: [PATCH] Merging changes from tomav/docker-mailserver up to 60afbe1;
 fixing path for header_reject pcre file

---
 .travis.yml                |  2 +-
 Dockerfile                 | 84 +++++++++++++++++++++++---------------
 target/start-mailserver.sh | 11 ++++-
 3 files changed, 61 insertions(+), 36 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 92bddfb5..b6bf81c5 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -6,7 +6,7 @@ sudo: required
 services:
 - docker
 install:
-- travis_wait make build-no-cache
+- travis_retry travis_wait make build-no-cache
 script:
 - make generate-accounts run fixtures tests
 after_script:
diff --git a/Dockerfile b/Dockerfile
index 0f0a1bed..fe3caac3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,9 +8,7 @@ ENV ONE_DIR=0
 # Packages
 RUN apt-get update -q --fix-missing && \
   apt-get -y upgrade && \
-  apt-get -y install postfix
-RUN apt-get update -q --fix-missing && \
-  apt-get -y upgrade && \
+  apt-get -y install postfix && \
   apt-get -y install --no-install-recommends \
     amavisd-new \
     arj \
@@ -55,27 +53,38 @@ RUN apt-get update -q --fix-missing && \
     && \
   curl https://packages.elasticsearch.org/GPG-KEY-elasticsearch | apt-key add - && \
   echo "deb http://packages.elastic.co/beats/apt stable main" | tee -a /etc/apt/sources.list.d/beats.list && \
-  apt-get update -q --fix-missing && apt-get -y upgrade fail2ban filebeat && \
-  apt-get autoclean && rm -rf /var/lib/apt/lists/* && \
-  rm -rf /usr/share/locale/* && rm -rf /usr/share/man/* && rm -rf /usr/share/doc/* && \
-  touch /var/log/auth.log && update-locale
+  apt-get update -q --fix-missing && \
+  apt-get -y upgrade \
+    fail2ban \
+    filebeat \
+    && \
+  apt-get autoclean && \
+  rm -rf /var/lib/apt/lists/* && \
+  rm -rf /usr/share/locale/* && \
+  rm -rf /usr/share/man/* && \
+  rm -rf /usr/share/doc/* && \
+  touch /var/log/auth.log && \
+  update-locale && \
+  rm -f /etc/cron.weekly/fstrim
 
-# Enables Clamav
-RUN (echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" ; crontab -l) | crontab -
-RUN chmod 644 /etc/clamav/freshclam.conf && freshclam
+RUN echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" > /etc/cron.d/freshclam && \
+  chmod 644 /etc/clamav/freshclam.conf && \
+  freshclam
 
 # Configures Dovecot
-RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf
-RUN sed -i -e 's/#mail_plugins = \$mail_plugins/mail_plugins = \$mail_plugins sieve/g' /etc/dovecot/conf.d/15-lda.conf
-RUN sed -i -e 's/^.*lda_mailbox_autocreate.*/lda_mailbox_autocreate = yes/g' /etc/dovecot/conf.d/15-lda.conf
-RUN sed -i -e 's/^.*lda_mailbox_autosubscribe.*/lda_mailbox_autosubscribe = yes/g' /etc/dovecot/conf.d/15-lda.conf
-RUN sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDRESS:="postmaster@domain.com"}'/g' /etc/dovecot/conf.d/15-lda.conf
-RUN sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf
-COPY target/dovecot/auth-passwdfile.inc /etc/dovecot/conf.d/
-COPY target/dovecot/??-*.conf /etc/dovecot/conf.d/
-RUN cd /usr/share/dovecot && ./mkcert.sh
-RUN mkdir /usr/lib/dovecot/sieve-pipe && chmod 755 /usr/lib/dovecot/sieve-pipe
-RUN mkdir /usr/lib/dovecot/sieve-filter && chmod 755 /usr/lib/dovecot/sieve-filter
+COPY target/dovecot/auth-passwdfile.inc target/dovecot/??-*.conf /etc/dovecot/conf.d/
+RUN sed -i -e 's/include_try \/usr\/share\/dovecot\/protocols\.d/include_try \/etc\/dovecot\/protocols\.d/g' /etc/dovecot/dovecot.conf && \
+  sed -i -e 's/#mail_plugins = \$mail_plugins/mail_plugins = \$mail_plugins sieve/g' /etc/dovecot/conf.d/15-lda.conf && \
+  sed -i -e 's/^.*lda_mailbox_autocreate.*/lda_mailbox_autocreate = yes/g' /etc/dovecot/conf.d/15-lda.conf && \
+  sed -i -e 's/^.*lda_mailbox_autosubscribe.*/lda_mailbox_autosubscribe = yes/g' /etc/dovecot/conf.d/15-lda.conf && \
+  sed -i -e 's/^.*postmaster_address.*/postmaster_address = '${POSTMASTER_ADDRESS:="postmaster@domain.com"}'/g' /etc/dovecot/conf.d/15-lda.conf && \
+  sed -i 's/#imap_idle_notify_interval = 2 mins/imap_idle_notify_interval = 29 mins/' /etc/dovecot/conf.d/20-imap.conf && \
+  cd /usr/share/dovecot && \
+  ./mkcert.sh  && \
+  mkdir /usr/lib/dovecot/sieve-pipe && \
+  chmod 755 /usr/lib/dovecot/sieve-pipe  && \
+  mkdir /usr/lib/dovecot/sieve-filter && \
+  chmod 755 /usr/lib/dovecot/sieve-filter
 
 # Configures LDAP
 COPY target/dovecot/dovecot-ldap.conf.ext /etc/dovecot
@@ -87,16 +96,17 @@ RUN sed -i -r 's/^(CRON)=0/\1=1/g' /etc/default/spamassassin
 # Enables Postgrey
 COPY target/postgrey/postgrey /etc/default/postgrey
 COPY target/postgrey/postgrey.init /etc/init.d/postgrey
-RUN chmod 755 /etc/init.d/postgrey
-RUN mkdir /var/run/postgrey
-RUN chown postgrey:postgrey /var/run/postgrey
+RUN chmod 755 /etc/init.d/postgrey && \
+  mkdir /var/run/postgrey && \
+  chown postgrey:postgrey /var/run/postgrey
 
 # Enables Amavis
-RUN sed -i -r 's/#(@|   \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_filter_mode
 COPY target/amavis/conf.d/60-dms_default_config /etc/amavis/conf.d/
-RUN adduser clamav amavis && adduser amavis clamav
-RUN useradd -u 5000 -d /home/docker -s /bin/bash -p $(echo docker | openssl passwd -1 -stdin) docker
-RUN (echo "0 4 * * * /usr/local/bin/virus-wiper" ; crontab -l) | crontab -
+RUN sed -i -r 's/#(@|   \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_filter_mode && \
+  adduser clamav amavis && \
+  adduser amavis clamav && \
+  useradd -u 5000 -d /home/docker -s /bin/bash -p $(echo docker | openssl passwd -1 -stdin) docker && \
+  (echo "0 4 * * * /usr/local/bin/virus-wiper" ; crontab -l) | crontab -
 
 # Configure Fail2ban
 COPY target/fail2ban/jail.conf /etc/fail2ban/jail.conf
@@ -105,7 +115,9 @@ RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
 
 # Enables Pyzor and Razor
 USER amavis
-RUN razor-admin -create && razor-admin -register && pyzor discover
+RUN razor-admin -create && \
+  razor-admin -register && \
+  pyzor discover
 USER root
 
 # Configure DKIM (opendkim)
@@ -124,14 +136,17 @@ RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail
 
 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
-RUN echo "" > /etc/aliases
-RUN openssl dhparam -out /etc/postfix/dhparams.pem 2048
+RUN echo "" > /etc/aliases && \
+  openssl dhparam -out /etc/postfix/dhparams.pem 2048
 
 # Configuring Logs
 RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
-  mkdir -p /var/log/mail && chown syslog:root /var/log/mail && \
-  touch /var/log/mail/clamav.log && chown -R clamav:root /var/log/mail/clamav.log && \
-  touch /var/log/mail/freshclam.log &&  chown -R clamav:root /var/log/mail/freshclam.log && \
+  mkdir -p /var/log/mail && \
+  chown syslog:root /var/log/mail && \
+  touch /var/log/mail/clamav.log && \
+  chown -R clamav:root /var/log/mail/clamav.log && \
+  touch /var/log/mail/freshclam.log && \
+  chown -R clamav:root /var/log/mail/freshclam.log && \
   sed -i -r 's|/var/log/mail|/var/log/mail/mail|g' /etc/rsyslog.d/50-default.conf && \
   sed -i -r 's|;auth,authpriv.none|;mail.none;mail.error;auth,authpriv.none|g' /etc/rsyslog.d/50-default.conf && \
   sed -i -r 's|LogFile /var/log/clamav/|LogFile /var/log/mail/|g' /etc/clamav/clamd.conf && \
@@ -144,6 +159,7 @@ RUN sed -i -r "/^#?compress/c\compress\ncopytruncate" /etc/logrotate.conf && \
 RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x3-cross-signed.pem
 
 COPY ./target/bin /usr/local/bin
+
 # Start-mailserver script
 COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/*
diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh
index 51bca61f..bcf39271 100644
--- a/target/start-mailserver.sh
+++ b/target/start-mailserver.sh
@@ -133,6 +133,9 @@ function register_functions() {
 
 	_register_fix_function "_fix_var_mail_permissions"
 	_register_fix_function "_fix_var_amavis_permissions"
+	if [ "$ENABLE_CLAMAV" = 0 ]; then
+		_register_fix_function "_fix_cleanup_clamav"
+	fi
 
 	################### << fix funcs
 
@@ -717,7 +720,7 @@ function _setup_postfix_rejections() {
 
 	if [ -f /tmp/docker-mailserver/postfix-reject_header_checks ]; then
 		cp -f /tmp/docker-mailserver/postfix-reject_header_checks /etc/postfix/reject_header_checks
-		postconf -e "header_checks = pcre:/etc/postfix/reject_body_checks"
+		postconf -e "header_checks = pcre:/etc/postfix/reject_header_checks"
 	fi
 	if [ -f /tmp/docker-mailserver/postfix-reject_body_checks ]; then
 		cp -f /tmp/docker-mailserver/postfix-reject_body_checks /etc/postfix/reject_body_checks
@@ -1118,6 +1121,12 @@ function _fix_var_amavis_permissions() {
 	fi
 }
 
+function _fix_cleanup_clamav() {
+	notify 'task' 'Cleaning up disabled Clamav'
+	rm -f /etc/logrotate.d/clamav-*
+	rm -f /etc/cron.d/freshclam
+}
+
 ##########################################################################
 # << Fix Stack
 ##########################################################################