From ea848eb86fe3410c6b1b98e4e7a0c48ef92bdcae Mon Sep 17 00:00:00 2001 From: Paul Adams Date: Mon, 23 Apr 2018 19:35:33 +0100 Subject: [PATCH 1/9] Deliver root mail (#952) * Configure delivery of root's mail to postmaster * Tests for delivery of root mail * add missing email template --- Makefile | 1 + target/postfix/main.cf | 6 +++--- target/start-mailserver.sh | 6 +++++- test/config/postfix-regexp.cf | 2 ++ test/email-templates/root-email.txt | 3 +++ test/tests.bats | 15 ++++++++++++--- 6 files changed, 26 insertions(+), 7 deletions(-) create mode 100644 test/email-templates/root-email.txt diff --git a/Makefile b/Makefile index 02d2aedd..eab04cc6 100644 --- a/Makefile +++ b/Makefile @@ -249,6 +249,7 @@ fixtures: docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-pipe.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt" docker exec mail_disabled_clamav_spamassassin /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" + docker exec mail /bin/sh -c "sendmail root < /tmp/docker-mailserver-test/email-templates/root-email.txt" # postfix virtual transport lmtp docker exec mail_lmtp_ip /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt" docker exec mail_privacy /bin/sh -c "openssl s_client -quiet -starttls smtp -connect 0.0.0.0:587 < /tmp/docker-mailserver-test/email-templates/send-privacy-email.txt" diff --git a/target/postfix/main.cf b/target/postfix/main.cf index e1c094c7..0e74b38c 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -7,9 +7,9 @@ readme_directory = no # Basic configuration # myhostname = -alias_maps = texthash:/etc/aliases -alias_database = texthash:/etc/aliases -mydestination = +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = $myhostname, localhost.$mydomain, localhost relayhost = mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 mailbox_size_limit = 0 diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index abd22b18..c6e79e55 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -656,7 +656,7 @@ function _setup_spoof_protection () { sed -i 's|smtpd_sender_restrictions =|smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch,|' /etc/postfix/main.cf [ "$ENABLE_LDAP" = 1 ] \ && postconf -e "smtpd_sender_login_maps=ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf" \ - || postconf -e "smtpd_sender_login_maps=texthash:/etc/postfix/virtual, texthash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre" + || postconf -e "smtpd_sender_login_maps=texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre" } function _setup_postfix_access_control() { @@ -754,6 +754,10 @@ function _setup_postfix_aliases() { s/$/ pcre:\/etc\/postfix\/regexp/ }' /etc/postfix/main.cf fi + + notify 'inf' "Configuring root alias" + echo "root: ${POSTMASTER_ADDRESS}" > /etc/aliases + postalias /etc/aliases } function _setup_SRS() { diff --git a/test/config/postfix-regexp.cf b/test/config/postfix-regexp.cf index ac8e5e73..27954d6f 100644 --- a/test/config/postfix-regexp.cf +++ b/test/config/postfix-regexp.cf @@ -1,2 +1,4 @@ /^test[0-9][0-9]*@localhost.localdomain/ user1@localhost.localdomain /^bounce.*@.*/ external1@otherdomain.tld +/^postmaster@/ user1@localhost.localdomain + diff --git a/test/email-templates/root-email.txt b/test/email-templates/root-email.txt new file mode 100644 index 00000000..b778e86d --- /dev/null +++ b/test/email-templates/root-email.txt @@ -0,0 +1,3 @@ +Subject: Root Test Message + +This is a test mail. diff --git a/test/tests.bats b/test/tests.bats index 4bc6db65..54457e21 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -296,7 +296,7 @@ load 'test_helper/bats-assert/load' @test "checking smtp: delivers mail to existing account" { run docker exec mail /bin/sh -c "grep 'postfix/lmtp' /var/log/mail/mail.log | grep 'status=sent' | grep ' Saved)' | wc -l" assert_success - assert_output 10 + assert_output 12 } @test "checking smtp: delivers mail to existing alias" { @@ -326,10 +326,10 @@ load 'test_helper/bats-assert/load' assert_output 1 } -@test "checking smtp: user1 should have received 6 mails" { +@test "checking smtp: user1 should have received 9 mails" { run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" assert_success - assert_output 7 + assert_output 9 } @test "checking smtp: rejects mail to unknown user" { @@ -1708,3 +1708,12 @@ load 'test_helper/bats-assert/load' run docker exec mail_with_relays /bin/sh -c 'cat /etc/postfix/sasl_passwd | grep -e "^\[default.relay.com\]:2525\s\+smtp_user:smtp_password" | wc -l | grep 1' assert_success } + +# +# root mail delivery +# + +@test "checking that mail for root was delivered" { + run docker exec mail grep "Subject: Root Test Message" /var/mail/localhost.localdomain/user1/new/ -R + assert_success +} From 283ac70bb92e79f48f513913f2fa565b1fed0a13 Mon Sep 17 00:00:00 2001 From: Paul Adams Date: Mon, 23 Apr 2018 19:42:47 +0100 Subject: [PATCH 2/9] don't update permissions on non-existent file (#956) --- target/start-mailserver.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index c6e79e55..e50c6cb9 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -1073,8 +1073,10 @@ function _setup_postfix_relay_hosts() { fi fi - chown root:root /etc/postfix/sasl_passwd - chmod 0600 /etc/postfix/sasl_passwd + if [ -f /etc/postfix/sasl_passwd ]; then + chown root:root /etc/postfix/sasl_passwd + chmod 0600 /etc/postfix/sasl_passwd + fi # end /etc/postfix/sasl_passwd # setup /etc/postfix/relayhost_map From 5d03bb0982d6e3397cecd9d5eafc174b5d3af587 Mon Sep 17 00:00:00 2001 From: Johan Smits Date: Mon, 23 Apr 2018 20:59:27 +0200 Subject: [PATCH 3/9] Update docker-configomat (#959) --- target/docker-configomat | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/docker-configomat b/target/docker-configomat index e3e84ded..b42a6eb6 160000 --- a/target/docker-configomat +++ b/target/docker-configomat @@ -1 +1 @@ -Subproject commit e3e84ded29d88b2945c0782dbb43237c561a54a9 +Subproject commit b42a6eb65dc1e059c8bf3661e51f3ce308469e19 From c1118af66d3342a6e8ca842f19486bcce3886368 Mon Sep 17 00:00:00 2001 From: magnus anderssen Date: Sat, 28 Apr 2018 10:27:42 +0200 Subject: [PATCH 4/9] Support for detecting running container mount (#884) This modification proposes to support the running configured mounted volume for configuration. This removes the need to pass a path from the command line when the container is running and configured in another way that yours. --- Makefile | 3 ++ setup.sh | 30 ++++++++++-- test/tests.bats | 122 +++++++++++++++++++++++++++++------------------- 3 files changed, 102 insertions(+), 53 deletions(-) diff --git a/Makefile b/Makefile index eab04cc6..b286cd27 100644 --- a/Makefile +++ b/Makefile @@ -293,3 +293,6 @@ clean: mv testconfig.bak test/config ;\ fi -sudo rm -rf test/onedir + -sudo rm -rf test/alias + -sudo rm -rf test/relay + diff --git a/setup.sh b/setup.sh index 56da03b2..2abcbf3d 100755 --- a/setup.sh +++ b/setup.sh @@ -11,7 +11,17 @@ INFO=$(docker ps \ IMAGE_NAME=$(echo $INFO | awk '{print $1}') CONTAINER_NAME=$(echo $INFO | awk '{print $2}') -CONFIG_PATH="$(pwd)/config" +DEFAULT_CONFIG_PATH="$(pwd)/config" + +_update_config_path() { + VOLUME=$(docker inspect $CONTAINER_NAME \ + --format="{{range .Mounts}}{{ println .Source .Destination}}{{end}}" | \ + grep "/tmp/docker-mailserver$" 2>/dev/null) + + if [ ! -z "$VOLUME" ]; then + CONFIG_PATH=$(echo $VOLUME | awk '{print $1}') + fi +} if [ -z "$IMAGE_NAME" ]; then IMAGE_NAME=tvial/docker-mailserver:latest @@ -25,6 +35,7 @@ _inspect() { fi if [ -n "$CONTAINER_NAME" ]; then echo "Container: $CONTAINER_NAME" + echo "Config mount: $CONFIG_PATH" else echo "Container: Not running, please start docker-mailserver." fi @@ -117,13 +128,13 @@ while getopts ":c:i:p:" OPT; do p) case "$OPTARG" in /*) - CONFIG_PATH="$OPTARG" + WISHED_CONFIG_PATH="$OPTARG" ;; *) - CONFIG_PATH="$(pwd)/$OPTARG" + WISHED_CONFIG_PATH="$(pwd)/$OPTARG" ;; esac - if [ ! -d "$CONFIG_PATH" ]; then + if [ ! -d "$WISHED_CONFIG_PATH" ]; then echo "Directory doesn't exist" _usage exit 1 @@ -135,6 +146,17 @@ while getopts ":c:i:p:" OPT; do esac done +if [ ! -n "$WISHED_CONFIG_PATH" ]; then + # no wished config path + _update_config_path + + if [ ! -n "$CONFIG_PATH" ]; then + CONFIG_PATH=$DEFAULT_CONFIG_PATH + fi +else + CONFIG_PATH=$WISHED_CONFIG_PATH +fi + shift $((OPTIND-1)) case $1 in diff --git a/test/tests.bats b/test/tests.bats index 54457e21..769afcea 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -1051,6 +1051,7 @@ load 'test_helper/bats-assert/load' run docker exec mail /bin/sh -c "grep 'Spambot ' -R /var/mail/localhost.localdomain/user1/new/" assert_success } + # # accounts # @@ -1175,6 +1176,12 @@ load 'test_helper/bats-assert/load' assert_output 1 } + +@test "checking user login: predefined user can login" { + result=$(docker exec mail doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \a `p^a.*ssword' | grep 'auth succeeded') + [ "$result" = "passdb: pass@localhost.localdomain auth succeeded" ] +} + # # setup.sh # @@ -1185,6 +1192,7 @@ load 'test_helper/bats-assert/load' assert_failure [ "${lines[0]}" = "Usage: ./setup.sh [-i IMAGE_NAME] [-c CONTAINER_NAME] [args]" ] } + @test "checking setup.sh: Wrong arguments" { run ./setup.sh lol troll assert_failure @@ -1192,14 +1200,14 @@ load 'test_helper/bats-assert/load' } # email -@test "checking setup.sh: setup.sh email add " { - run ./setup.sh -c mail email add lorem@impsum.org dolorsit +@test "checking setup.sh: setup.sh email add" { + run ./setup.sh -c mail email add setup_email_add@example.com test_password assert_success - value=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $1}') - [ "$value" = "lorem@impsum.org" ] - docker exec mail doveadm auth test -x service=smtp pass@localhost.localdomain 'may be \a `p^a.*ssword' | grep 'auth succeeded' - assert_success + value=$(cat ./test/config/postfix-accounts.cf | grep setup_email_add@example.com | awk -F '|' '{print $1}') + [ "$value" = "setup_email_add@example.com" ] + + # we test the login of this user later to let the container digest the addition } @test "checking setup.sh: setup.sh email list" { @@ -1208,10 +1216,9 @@ load 'test_helper/bats-assert/load' } @test "checking setup.sh: setup.sh email update" { - initialpass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}') - run ./setup.sh email update lorem@impsum.org my password - sleep 10 - updatepass=$(cat ./config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}') + ./setup.sh -c mail email add lorem@impsum.org test_test && initialpass=$(cat ./test/config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}') + run ./setup.sh -c mail email update lorem@impsum.org my password + updatepass=$(cat ./test/config/postfix-accounts.cf | grep lorem@impsum.org | awk -F '|' '{print $2}') [ "$initialpass" != "$updatepass" ] assert_success @@ -1222,9 +1229,16 @@ load 'test_helper/bats-assert/load' @test "checking setup.sh: setup.sh email del" { run ./setup.sh -c mail email del -y lorem@impsum.org assert_success - run docker exec mail ls /var/mail/impsum.org/lorem - assert_failure - run grep lorem@impsum.org ./config/postfix-accounts.cf +# +# TODO delmailuser does not work as expected. +# Its implementation is not functional, you cannot delete a user data +# directory in the running container by running a new docker container +# and not mounting the mail folders (persistance is broken). +# The add script is only adding the user to account file. +# +# run docker exec mail ls /var/mail/impsum.org/lorem +# assert_failure + run grep lorem@impsum.org ./test/config/postfix-accounts.cf assert_failure } @@ -1251,37 +1265,41 @@ load 'test_helper/bats-assert/load' # alias @test "checking setup.sh: setup.sh alias list" { - echo "test@example.org test@forward.com" > ./config/postfix-virtual.cf - run ./setup.sh -c mail alias list + mkdir -p ./test/alias/config && echo "test@example.org test@forward.com" > ./test/alias/config/postfix-virtual.cf + run ./setup.sh -p ./test/alias/config alias list assert_success } @test "checking setup.sh: setup.sh alias add" { - echo "" > ./config/postfix-virtual.cf - ./setup.sh -c mail alias add test1@example.org test1@forward.com - ./setup.sh -c mail alias add test1@example.org test2@forward.com - - run /bin/sh -c 'cat ./config/postfix-virtual.cf | grep "test1@example.org test1@forward.com,test2@forward.com" | wc -l | grep 1' + mkdir -p ./test/alias/config && echo "" > ./test/alias/config/postfix-virtual.cf + ./setup.sh -p ./test/alias/config alias add alias@example.com target1@forward.com + ./setup.sh -p ./test/alias/config alias add alias@example.com target2@forward.com + sleep 5 + run /bin/sh -c 'cat ./test/alias/config/postfix-virtual.cf | grep "alias@example.com target1@forward.com,target2@forward.com" | wc -l | grep 1' assert_success } @test "checking setup.sh: setup.sh alias del" { - echo -e 'test1@example.org test1@forward.com,test2@forward.com\ntest2@example.org test1@forward.com' > ./config/postfix-virtual.cf + # start with a1 -> t1,t2 and a2 -> t1 + mkdir -p ./test/alias/config && echo -e 'alias1@example.org target1@forward.com,target2@forward.com\nalias2@example.org target1@forward.com' > ./test/alias/config/postfix-virtual.cf - ./setup.sh -c mail alias del test1@example.org test1@forward.com - run grep "test1@forward.com" ./config/postfix-virtual.cf - assert_output --regexp "^test2@example.org +test1@forward.com$" + # we remove a1 -> t1 ==> a1 -> t2 and a2 -> t1 + ./setup.sh -p ./test/alias/config alias del alias1@example.org target1@forward.com + run grep "target1@forward.com" ./test/alias/config/postfix-virtual.cf + assert_output --regexp "^alias2@example.org +target1@forward.com$" - run grep "test2@forward.com" ./config/postfix-virtual.cf - assert_output --regexp "^test1@example.org +test2@forward.com$" + run grep "target2@forward.com" ./test/alias/config/postfix-virtual.cf + assert_output --regexp "^alias1@example.org +target2@forward.com$" - ./setup.sh -c mail alias del test1@example.org test2@forward.com - run grep "test1@example.org" ./config/postfix-virtual.cf + # we remove a1 -> t2 ==> a2 -> t1 + ./setup.sh -p ./test/alias/config alias del alias1@example.org target2@forward.com + run grep "alias1@example.org" ./test/alias/config/postfix-virtual.cf assert_failure - run grep "test2@example.org" ./config/postfix-virtual.cf + run grep "alias2@example.org" ./test/alias/config/postfix-virtual.cf assert_success - ./setup.sh -c mail alias del test2@example.org test1@forward.com - run grep "test2@example.org" ./config/postfix-virtual.cf + # we remove a2 -> t1 ==> empty + ./setup.sh -p ./test/alias/config alias del alias2@example.org target1@forward.com + run grep "alias2@example.org" ./test/alias/config/postfix-virtual.cf assert_failure } @@ -1299,7 +1317,7 @@ load 'test_helper/bats-assert/load' # debug @test "checking setup.sh: setup.sh debug fetchmail" { run ./setup.sh -c mail debug fetchmail - [ "$status" -eq 5 ] + [ "$status" -eq 11 ] # TODO: Fix output check # [ "$output" = "fetchmail: no mailservers have been specified." ] } @@ -1330,45 +1348,51 @@ load 'test_helper/bats-assert/load' } @test "checking setup.sh: setup.sh relay add-domain" { - echo -n > ./config/postfix-relaymap.cf - ./setup.sh -c mail relay add-domain example1.org smtp.relay1.com 2525 - ./setup.sh -c mail relay add-domain example2.org smtp.relay2.com - ./setup.sh -c mail relay add-domain example3.org smtp.relay3.com 2525 - ./setup.sh -c mail relay add-domain example3.org smtp.relay.com 587 + mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf + ./setup.sh -p ./test/relay/config relay add-domain example1.org smtp.relay1.com 2525 + ./setup.sh -p ./test/relay/config relay add-domain example2.org smtp.relay2.com + ./setup.sh -p ./test/relay/config relay add-domain example3.org smtp.relay3.com 2525 + ./setup.sh -p ./test/relay/config relay add-domain example3.org smtp.relay.com 587 # check adding - run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example1.org\s\+\[smtp.relay1.com\]:2525" | wc -l | grep 1' + run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example1.org\s\+\[smtp.relay1.com\]:2525" | wc -l | grep 1' assert_success # test default port - run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example2.org\s\+\[smtp.relay2.com\]:25" | wc -l | grep 1' + run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example2.org\s\+\[smtp.relay2.com\]:25" | wc -l | grep 1' assert_success # test modifying - run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example3.org\s\+\[smtp.relay.com\]:587" | wc -l | grep 1' + run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example3.org\s\+\[smtp.relay.com\]:587" | wc -l | grep 1' assert_success } @test "checking setup.sh: setup.sh relay add-auth" { - echo -n > ./config/postfix-sasl-password.cf - ./setup.sh -c mail relay add-auth example.org smtp_user smtp_pass - ./setup.sh -c mail relay add-auth example2.org smtp_user2 smtp_pass2 - ./setup.sh -c mail relay add-auth example2.org smtp_user2 smtp_pass_new + mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-sasl-password.cf + ./setup.sh -p ./test/relay/config relay add-auth example.org smtp_user smtp_pass + ./setup.sh -p ./test/relay/config relay add-auth example2.org smtp_user2 smtp_pass2 + ./setup.sh -p ./test/relay/config relay add-auth example2.org smtp_user2 smtp_pass_new # test adding - run /bin/sh -c 'cat ./config/postfix-sasl-password.cf | grep -e "^@example.org\s\+smtp_user:smtp_pass" | wc -l | grep 1' + run /bin/sh -c 'cat ./test/relay/config/postfix-sasl-password.cf | grep -e "^@example.org\s\+smtp_user:smtp_pass" | wc -l | grep 1' assert_success # test updating - run /bin/sh -c 'cat ./config/postfix-sasl-password.cf | grep -e "^@example2.org\s\+smtp_user2:smtp_pass_new" | wc -l | grep 1' + run /bin/sh -c 'cat ./test/relay/config/postfix-sasl-password.cf | grep -e "^@example2.org\s\+smtp_user2:smtp_pass_new" | wc -l | grep 1' assert_success } @test "checking setup.sh: setup.sh relay exclude-domain" { - echo -n > ./config/postfix-relaymap.cf - ./setup.sh -c mail relay exclude-domain example.org + mkdir -p ./test/relay/config && echo -n > ./test/relay/config/postfix-relaymap.cf + ./setup.sh -p ./test/relay/config relay exclude-domain example.org - run /bin/sh -c 'cat ./config/postfix-relaymap.cf | grep -e "^@example.org\s*$" | wc -l | grep 1' + run /bin/sh -c 'cat ./test/relay/config/postfix-relaymap.cf | grep -e "^@example.org\s*$" | wc -l | grep 1' assert_success } +@test "checking setup.sh: email add login validation" { + # validates that the user created previously with setup.sh can login + result=$(docker exec mail doveadm auth test -x service=smtp setup_email_add@example.com 'test_password' | grep 'auth succeeded') + [ "$result" = "passdb: setup_email_add@example.com auth succeeded" ] +} + # # LDAP # From 60656aec492936d4287132bf523cf1576d07a6ab Mon Sep 17 00:00:00 2001 From: ixeft Date: Tue, 1 May 2018 19:57:31 +0200 Subject: [PATCH 5/9] Report sender (#965) * added REPORT_SENDER env variable to the container. * integration test for REPORT_SENDER * added tests for default REPORT_SENDER --- .env.dist | 6 ++++++ Makefile | 2 ++ README.md | 9 +++++++++ docker-compose.elk.yml.dist | 1 + docker-compose.yml.dist | 1 + target/bin/postfix-summary | 4 ++-- target/start-mailserver.sh | 5 ++++- test/tests.bats | 10 ++++++++++ 8 files changed, 35 insertions(+), 3 deletions(-) diff --git a/.env.dist b/.env.dist index 6a064212..8222f4d8 100644 --- a/.env.dist +++ b/.env.dist @@ -107,6 +107,12 @@ POSTFIX_DAGENT= # => Specify the recipient address REPORT_RECIPIENT=0 + +# Change the sending address for mail report +# **empty** => mailserver-report@hostname +# => Specify the report sender (From) address +REPORT_SENDER= + # Changes the interval in which a report is being sent. # **daily** => Send a daily report # weekly => Send a report every week diff --git a/Makefile b/Makefile index b286cd27..d3c48e57 100644 --- a/Makefile +++ b/Makefile @@ -35,6 +35,7 @@ run: -e SPOOF_PROTECTION=1 \ -e ENABLE_SPAMASSASSIN=1 \ -e REPORT_RECIPIENT=user1@localhost.localdomain \ + -e REPORT_SENDER=report1@mail.my-domain.com \ -e SA_TAG=-5.0 \ -e SA_TAG2=2.0 \ -e SA_KILL=3.0 \ @@ -153,6 +154,7 @@ run: -e DOVECOT_TLS=no \ -e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ -e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \ + -e REPORT_RECIPIENT=1 \ -e ENABLE_SASLAUTHD=1 \ -e SASLAUTHD_MECHANISMS=ldap \ -e SASLAUTHD_LDAP_SERVER=ldap \ diff --git a/README.md b/README.md index d15901ea..72ebe224 100644 --- a/README.md +++ b/README.md @@ -314,12 +314,14 @@ Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postf - **empty** => postmaster@domain.com - => Specify the postmaster address + ##### POSTSCREEN_ACTION - **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects. - drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects. - ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail. + ##### REPORT_RECIPIENT Enables a report being sent (created by pflogsumm) on a regular basis. @@ -327,6 +329,13 @@ Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postf - 1 => Using POSTMASTER_ADDRESS as the recipient - => Specify the recipient address +##### REPORT_SENDER + + Change the sending address for mail report + - **empty** => mailserver-report@hostname + - => Specify the report sender (From) address + + ##### REPORT_INTERVAL changes the interval in which a report is being sent. diff --git a/docker-compose.elk.yml.dist b/docker-compose.elk.yml.dist index e717e927..4613ac86 100644 --- a/docker-compose.elk.yml.dist +++ b/docker-compose.elk.yml.dist @@ -28,6 +28,7 @@ services: - POSTSCREEN_ACTION=${POSTSCREEN_ACTION} - ENABLE_SRS=${ENABLE_SRS} - REPORT_RECIPIENT=${REPORT_RECIPIENT} + - REPORT_SENDER=${REPORT_SENDER} - REPORT_INTERVAL=${REPORT_INTERVAL} - SMTP_ONLY=${SMTP_ONLY} - SSL_TYPE=${SSL_TYPE} diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist index b8156581..a1a17a19 100644 --- a/docker-compose.yml.dist +++ b/docker-compose.yml.dist @@ -25,6 +25,7 @@ services: - POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS} - POSTSCREEN_ACTION=${POSTSCREEN_ACTION} - REPORT_RECIPIENT=${REPORT_RECIPIENT} + - REPORT_SENDER=${REPORT_SENDER} - REPORT_INTERVAL=${REPORT_INTERVAL} - SMTP_ONLY=${SMTP_ONLY} - SSL_TYPE=${SSL_TYPE} diff --git a/target/bin/postfix-summary b/target/bin/postfix-summary index 8bba8e7f..db3138bf 100755 --- a/target/bin/postfix-summary +++ b/target/bin/postfix-summary @@ -2,7 +2,7 @@ HOSTNAME=$1 RECIPIENT=$2 - +SENDER=$3 errex() { echo -e "$@" 1>&2 exit 1 @@ -23,7 +23,7 @@ The $HOSTNAME Mailserver" fi sendmail -t <> /root/.bashrc @@ -1234,7 +1236,8 @@ function _setup_logrotate() { function _setup_mail_summary() { notify 'inf' "Enable postfix summary with recipient $REPORT_RECIPIENT" [ "$REPORT_RECIPIENT" = 1 ] && REPORT_RECIPIENT=$POSTMASTER_ADDRESS - sed -i "s|}| postrotate\n /usr/local/bin/postfix-summary $HOSTNAME $REPORT_RECIPIENT\n endscript\n}\n|" /etc/logrotate.d/maillog + sed -i "s|}| postrotate\n /usr/local/bin/postfix-summary $HOSTNAME \ + $REPORT_RECIPIENT $REPORT_SENDER\n endscript\n}\n|" /etc/logrotate.d/maillog } function _setup_environment() { diff --git a/test/tests.bats b/test/tests.bats index 769afcea..8ea54871 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -1596,6 +1596,16 @@ load 'test_helper/bats-assert/load' sleep 10 run docker exec mail grep "Subject: Postfix Summary for " /var/mail/localhost.localdomain/user1/new/ -R assert_success + # check sender is the one specified in REPORT_SENDER + run docker exec mail grep "From: report1@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R + assert_success + # check sender is not the default one. + run docker exec mail grep "From: mailserver-report@mail.my-domain.com" /var/mail/localhost.localdomain/user1/new/ -R + assert_failure + + # checking default sender is correctly set when env variable not defined + run docker exec mail_with_ldap grep "mailserver-report@mail.my-domain.com" /etc/logrotate.d/maillog + assert_success # checking default logrotation setup run docker exec mail_with_ldap grep "daily" /etc/logrotate.d/maillog assert_success From e27e13c1b3bbd0be7d4d52b521818cdbbab1834c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Franz=20Keferb=C3=B6ck?= Date: Sat, 2 Jun 2018 21:16:16 +0200 Subject: [PATCH 6/9] Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (Solves: #979, #980) --- .env.dist | 9 +++++++++ docker-compose.elk.yml.dist | 2 ++ docker-compose.yml.dist | 2 ++ target/start-mailserver.sh | 5 +++++ 4 files changed, 18 insertions(+) diff --git a/.env.dist b/.env.dist index 8222f4d8..76606cda 100644 --- a/.env.dist +++ b/.env.dist @@ -261,6 +261,15 @@ SASLAUTHD_LDAP_SEARCH_BASE= # e.g. for openldap: `(&(uid=%U)(objectClass=person))` SASLAUTHD_LDAP_FILTER= +# empty => no +# yes => LDAP over TLS enabled for SASL +# Must not be used together with SASLAUTHD_LDAP_SSL=1_ +SASLAUTHD_LDAP_START_TLS= + +# empty => no +# yes => Require and verify server certificate +SASLAUTHD_LDAP_TLS_CHECK_PEER= + # empty => No sasl_passwd will be created # string => `/etc/postfix/sasl_passwd` will be created with the string as password SASL_PASSWD= diff --git a/docker-compose.elk.yml.dist b/docker-compose.elk.yml.dist index 4613ac86..c9e042f9 100644 --- a/docker-compose.elk.yml.dist +++ b/docker-compose.elk.yml.dist @@ -68,6 +68,8 @@ services: - SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD} - SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE} - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER} + - SASLAUTHD_LDAP_START_TLS=${SASLAUTHD_LDAP_START_TLS} + - SASLAUTHD_LDAP_TLS_CHECK_PEER=${SASLAUTHD_LDAP_TLS_CHECK_PEER} - SASL_PASSWD=${SASL_PASSWD} cap_add: - NET_ADMIN diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist index a1a17a19..5a6f84f1 100644 --- a/docker-compose.yml.dist +++ b/docker-compose.yml.dist @@ -68,6 +68,8 @@ services: - SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD} - SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE} - SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER} + - SASLAUTHD_LDAP_START_TLS=${SASLAUTHD_LDAP_START_TLS} + - SASLAUTHD_LDAP_TLS_CHECK_PEER=${SASLAUTHD_LDAP_TLS_CHECK_PEER} - SASL_PASSWD=${SASL_PASSWD} - SRS_EXCLUDE_DOMAINS=${SRS_EXCLUDE_DOMAINS} - SRS_SECRET=${SRS_SECRET} diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 65953566..9f305edd 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -695,6 +695,8 @@ function _setup_saslauthd() { [ -z "$SASLAUTHD_LDAP_SERVER" ] && SASLAUTHD_LDAP_SERVER=localhost [ -z "$SASLAUTHD_LDAP_FILTER" ] && SASLAUTHD_LDAP_FILTER='(&(uniqueIdentifier=%u)(mailEnabled=TRUE))' ([ -z "$SASLAUTHD_LDAP_SSL" ] || [ $SASLAUTHD_LDAP_SSL == 0 ]) && SASLAUTHD_LDAP_PROTO='ldap://' || SASLAUTHD_LDAP_PROTO='ldaps://' + [ -z "$SASLAUTHD_LDAP_START_TLS" ] && SASLAUTHD_LDAP_START_TLS=no + [ -z "$SASLAUTHD_LDAP_TLS_CHECK_PEER" ] && SASLAUTHD_LDAP_TLS_CHECK_PEER=no if [ ! -f /etc/saslauthd.conf ]; then notify 'inf' "Creating /etc/saslauthd.conf" @@ -708,6 +710,9 @@ ldap_bind_pw: ${SASLAUTHD_LDAP_PASSWORD} ldap_search_base: ${SASLAUTHD_LDAP_SEARCH_BASE} ldap_filter: ${SASLAUTHD_LDAP_FILTER} +ldap_start_tls: $SASLAUTHD_LDAP_START_TLS +ldap_tls_check_peer: $SASLAUTHD_LDAP_TLS_CHECK_PEER + ldap_referrals: yes log_level: 10 EOF From 261a78c036582a57a5b6f25214f9fcbf2623f19c Mon Sep 17 00:00:00 2001 From: n00dl3 Date: Thu, 14 Jun 2018 20:02:49 +0200 Subject: [PATCH 7/9] fix SASL domain (fixes #892, #970) setting value as `$myhostname` will make sasl look for users `user@mail.domain.tld` instead of `user@domain.tld` --- target/postfix/main.cf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/postfix/main.cf b/target/postfix/main.cf index 0e74b38c..74c26493 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -72,7 +72,7 @@ smtpd_sasl_path = /var/spool/postfix/private/auth smtpd_sasl_type = dovecot smtpd_sasl_security_options = noanonymous -smtpd_sasl_local_domain = $myhostname +smtpd_sasl_local_domain = $mydomain broken_sasl_auth_clients = yes # Mail directory From d518a9fc1d8b9bb2059bd656403e5485b371f7c9 Mon Sep 17 00:00:00 2001 From: James Date: Tue, 19 Jun 2018 01:17:32 -0500 Subject: [PATCH 8/9] DOMAINNAME can fail to be set in postsrsd-wrapper.sh (#989) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * DOMAINNAME can fail to be set in postsrsd-wrapper.sh if the container doesn’t have a proper hostname, postsrsd will fail to start because SRS_DOMAIN is empty. Make a best effort to figure out the domain name and provide a way to set one if needed. --- Makefile | 24 ++++++++++++++++++++++++ README.md | 5 +++++ target/postsrsd-wrapper.sh | 15 ++++++++++++--- test/tests.bats | 19 +++++++++++++++++++ 4 files changed, 60 insertions(+), 3 deletions(-) diff --git a/Makefile b/Makefile index d3c48e57..1e693c80 100644 --- a/Makefile +++ b/Makefile @@ -96,10 +96,32 @@ run: -v "`pwd`/test":/tmp/docker-mailserver-test \ -e PERMIT_DOCKER=network \ -e DMS_DEBUG=0 \ + -e ENABLE_SRS=1 \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \ -h unknown.domain.tld \ -t $(NAME) sleep 15 + docker run -d --name mail_domainname \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test":/tmp/docker-mailserver-test \ + -e PERMIT_DOCKER=network \ + -e DMS_DEBUG=0 \ + -e ENABLE_SRS=1 \ + -e DOMAINNAME=my-domain.com \ + -h unknown.domain.tld \ + -t $(NAME) + sleep 15 + docker run -d --name mail_srs_domainname \ + -v "`pwd`/test/config":/tmp/docker-mailserver \ + -v "`pwd`/test":/tmp/docker-mailserver-test \ + -e PERMIT_DOCKER=network \ + -e DMS_DEBUG=0 \ + -e ENABLE_SRS=1 \ + -e SRS_DOMAINNAME=srs.my-domain.com \ + -e DOMAINNAME=my-domain.com \ + -h unknown.domain.tld \ + -t $(NAME) + sleep 15 docker run -d --name mail_fail2ban \ -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ @@ -284,6 +306,8 @@ clean: mail_undef_spam_subject \ mail_postscreen \ mail_override_hostname \ + mail_domainname \ + mail_srs_domainname \ mail_with_relays @if [ -d config.bak ]; then\ diff --git a/README.md b/README.md index 72ebe224..1ce7b324 100644 --- a/README.md +++ b/README.md @@ -548,6 +548,11 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1` - if you have a cluster/swarm make sure the same keys are on all nodes - example command to generate a key: `dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64` +##### SRS_DOMAINNAME + + - **empty** => Derived from OVERRIDE_HOSTNAME, DOMAINNAME, or the container's hostname + - Set this if auto-detection fails, isn't what you want, or you wish to have a separate container handle DSNs + ## Multi-domain Relay Hosts #### RELAY_HOST diff --git a/target/postsrsd-wrapper.sh b/target/postsrsd-wrapper.sh index f7f77031..c278d9c8 100644 --- a/target/postsrsd-wrapper.sh +++ b/target/postsrsd-wrapper.sh @@ -1,8 +1,17 @@ #!/usr/bin/env bash -# postsrsd-wrapper.sh, version 0.2.1 +# postsrsd-wrapper.sh, version 0.2.2 -DOMAINNAME="$(hostname -d)" -sed -i -e "s/localdomain/$DOMAINNAME/g" /etc/default/postsrsd +if [ -n "$SRS_DOMAINNAME" ]; then + domain_name="$SRS_DOMAINNAME" +elif [ -n "$OVERRIDE_HOSTNAME" ]; then + domain_name="${OVERRIDE_HOSTNAME#*.}" +elif [ -n "$DOMAINNAME" ]; then + domain_name="$DOMAINNAME" +else + domain_name=$(hostname -d) +fi + +sed -i -e "s/localdomain/${domain_name}/g" /etc/default/postsrsd postsrsd_secret_file='/etc/postsrsd.secret' postsrsd_state_dir='/var/mail-state/etc-postsrsd' diff --git a/test/tests.bats b/test/tests.bats index 8ea54871..a4bec59a 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -810,6 +810,25 @@ load 'test_helper/bats-assert/load' assert_success } +@test "checking SRS: SRS_DOMAINNAME is used correctly" { + run docker exec mail_srs_domainname grep "SRS_DOMAIN=srs.my-domain.com" /etc/default/postsrsd + assert_success +} + +@test "checking SRS: OVERRIDE_HOSTNAME is handled correctly" { + run docker exec mail_override_hostname grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd + assert_success +} + +@test "checking SRS: DOMAINNAME is handled correctly" { + run docker exec mail_domainname grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd + assert_success +} +@test "checking SRS: fallback to hostname is handled correctly" { + run docker exec mail grep "SRS_DOMAIN=my-domain.com" /etc/default/postsrsd + assert_success +} + # # fail2ban # From 18bd444438fc2874d05d8f3e132a7702b7b8ea53 Mon Sep 17 00:00:00 2001 From: Johan Smits Date: Tue, 31 Jul 2018 20:14:50 +0200 Subject: [PATCH 9/9] Release 6.1.0 * Deliver root mail (Closes: #952) * don't update permissions on non-existent file (Closes: #956) * Update docker-configomat (Closes: #959) * Support for detecting running container mount (Closes: #884) * Report sender (Closes: #965) added REPORT_SENDER env variable to the container. * Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (Closes: #979, #980) * fix SASL domain (Closes: #892, #970) * DOMAINNAME can fail to be set in postsrsd-wrapper.sh (Closes: #989) --- CHANGELOG.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa8e2c01..779e5234 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,17 @@ # Changelog +## 6.1.0 + +* Deliver root mail (#952) +* don't update permissions on non-existent file (#956) +* Update docker-configomat (#959) +* Support for detecting running container mount (#884) +* Report sender (#965) + added REPORT_SENDER env variable to the container. +* Add saslauthd option for ldap_start_tls & ldap_tls_check_peer - (#979, #980) +* fix SASL domain (#892, #970) +* DOMAINNAME can fail to be set in postsrsd-wrapper.sh (#989) + ## 6.0.0 * Implementation of multi-domain relay hosts (#922, #926)