Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'master' into feature/mailfolder

This commit is contained in:
Steffen 2017-07-11 23:34:58 +02:00 committed by GitHub
parent 3f0108b9a6 dbf65789f2
commit f9ff2d1676
9 changed files with 204 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitmodules vendored
View File

@ -7,3 +7,6 @@
[submodule "test/test_helper/bats-assert"] [submodule "test/test_helper/bats-assert"]
path = test/test_helper/bats-assert path = test/test_helper/bats-assert
url = https://github.com/ztombol/bats-assert url = https://github.com/ztombol/bats-assert
[submodule "target/docker-configomat"]
path = target/docker-configomat
url = https://github.com/alinmear/docker-configomat

2
Dockerfile
View File

@ -144,7 +144,7 @@ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /et
COPY ./target/bin /usr/local/bin COPY ./target/bin /usr/local/bin
# Start-mailserver script # Start-mailserver script
COPY ./target/start-mailserver.sh /usr/local/bin/ COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
RUN chmod +x /usr/local/bin/* RUN chmod +x /usr/local/bin/*
EXPOSE 25 587 143 993 110 995 4190 EXPOSE 25 587 143 993 110 995 4190

15
Makefile
View File

@ -27,6 +27,7 @@ run:
-e SA_TAG=-5.0 \ -e SA_TAG=-5.0 \
-e SA_TAG2=2.0 \ -e SA_TAG2=2.0 \
-e SA_KILL=3.0 \ -e SA_KILL=3.0 \
-e SA_SPAM_SUBJECT="SPAM: " \
-e VIRUSMAILS_DELETE_DELAY=7 \ -e VIRUSMAILS_DELETE_DELAY=7 \
-e SASL_PASSWD="external-domain.com username:password" \ -e SASL_PASSWD="external-domain.com username:password" \
-e ENABLE_MANAGESIEVE=1 \ -e ENABLE_MANAGESIEVE=1 \
@ -51,6 +52,13 @@ run:
-e OVERRIDE_HOSTNAME=mail.my-domain.com \ -e OVERRIDE_HOSTNAME=mail.my-domain.com \
-t $(NAME) -t $(NAME)
sleep 15 sleep 15
docker run -d --name mail_smtponly_without_config \
-e SMTP_ONLY=1 \
-e ENABLE_LDAP=1 \
-e PERMIT_DOCKER=network \
-e OVERRIDE_HOSTNAME=mail.mydomain.com \
-t $(NAME)
sleep 15
docker run -d --name mail_override_hostname \ docker run -d --name mail_override_hostname \
-v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test/config":/tmp/docker-mailserver \
-v "`pwd`/test":/tmp/docker-mailserver-test \ -v "`pwd`/test":/tmp/docker-mailserver-test \
@ -99,6 +107,12 @@ run:
-e LDAP_SERVER_HOST=ldap \ -e LDAP_SERVER_HOST=ldap \
-e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \ -e LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \
-e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \ -e LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain \
-e LDAP_BIND_PW=admin \
-e LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))" \
-e LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))" \
-e LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))" \
-e DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
-e DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))" \
-e ENABLE_SASLAUTHD=1 \ -e ENABLE_SASLAUTHD=1 \
-e SASLAUTHD_MECHANISMS=ldap \ -e SASLAUTHD_MECHANISMS=ldap \
-e SASLAUTHD_LDAP_SERVER=ldap \ -e SASLAUTHD_LDAP_SERVER=ldap \
@ -177,6 +191,7 @@ clean:
mail \ mail \
mail_pop3 \ mail_pop3 \
mail_smtponly \ mail_smtponly \
mail_smtponly_without_config \
mail_fail2ban \ mail_fail2ban \
mail_fetchmail \ mail_fetchmail \
fail-auth-mailer \ fail-auth-mailer \

122
README.md
View File

@ -44,7 +44,7 @@ Your configs must be mounted in `/tmp/docker-mailserver/`. To understand how thi
`restart: always` ensures that the mail server container (and ELK container when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit. `restart: always` ensures that the mail server container (and ELK container when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit.
```yaml ```yaml
version: '2' version: '2'
services: services:
@ -79,6 +79,60 @@ volumes:
driver: local driver: local
``` ```
__for ldap setup__:
```yaml
version: '2'
services:
mail:
image: tvial/docker-mailserver:latest
hostname: mail
domainname: domain.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldap # your ldap container/IP/ServerName
- LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain
- LDAP_BIND_PW=admin
- LDAP_QUERY_FILTER_USER="(&(mail=%s)(mailEnabled=TRUE))"
- LDAP_QUERY_FILTER_GROUP="(&(mailGroupMember=%s)(mailEnabled=TRUE))"
- LDAP_QUERY_FILTER_ALIAS="(&(mailAlias=%s)(mailEnabled=TRUE))"
- DOVECOT_PASS_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- DOVECOT_USER_FILTER="(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=ldap
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain
- SASLAUTHD_LDAP_PASSWORD=admin
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
cap_add:
- NET_ADMIN
volumes:
maildata:
driver: local
mailstate:
driver: local
```
#### Create your mail accounts #### Create your mail accounts
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
@ -146,6 +200,12 @@ Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1` Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
##### SA_SPAM_SUBJECT
- **\*\*\*SPAM\*\*\*** => add tag to subject if spam detected
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
##### ONE_DIR ##### ONE_DIR
- **0** => state in default directories - **0** => state in default directories
@ -206,6 +266,29 @@ Otherwise, `iptables` won't be able to ban IPs.
- **empty** => admin - **empty** => admin
- => Specify the password to bind against ldap - => Specify the password to bind against ldap
##### LDAP_QUERY_FILTER_USER
- e.g. `"(&(mail=%s)(mailEnabled=TRUE))"`
- => Specify how ldap should be asked for users
##### LDAP_QUERY_FILTER_GROUP
- e.g. `"(&(mailGroupMember=%s)(mailEnabled=TRUE))"`
- => Specify how ldap should be asked for groups
##### LDAP_QUERY_FILTER_ALIAS
- e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"`
- => Specify how ldap should be asked for aliases
##### DOVECOT_USER_FILTER
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
##### DOVECOT_PASS_FILTER
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
##### OVERRIDE_HOSTNAME ##### OVERRIDE_HOSTNAME
- **empty** => uses the `hostname` command to get the mail server's canonical hostname - **empty** => uses the `hostname` command to get the mail server's canonical hostname
@ -228,13 +311,13 @@ Otherwise, `iptables` won't be able to ban IPs.
Note: This postgrey setting needs `ENABLE_POSTGREY=1` Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### POSTGREY_MAX_AGE ##### POSTGREY_MAX_AGE
- **35** => delete entries older than N days since the last time that they have been seen - **35** => delete entries older than N days since the last time that they have been seen
Note: This postgrey setting needs `ENABLE_POSTGREY=1` Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### POSTGREY_TEXT ##### POSTGREY_TEXT
- **Delayed by postgrey** => response when a mail is greylisted - **Delayed by postgrey** => response when a mail is greylisted
Note: This postgrey setting needs `ENABLE_POSTGREY=1` Note: This postgrey setting needs `ENABLE_POSTGREY=1`
@ -247,10 +330,10 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### SASLAUTHD_MECHANISMS ##### SASLAUTHD_MECHANISMS
- empty => pam - empty => pam
- ldap => authenticate against ldap server - `ldap` => authenticate against ldap server
- shadow => authenticate against local user db - `shadow` => authenticate against local user db
- mysql => authenticate against mysql db - `mysql` => authenticate against mysql db
- rimap => authenticate against imap server - `rimap` => authenticate against imap server
- NOTE: can be a list of mechanisms like pam ldap shadow - NOTE: can be a list of mechanisms like pam ldap shadow
##### SASLAUTHD_MECH_OPTIONS ##### SASLAUTHD_MECH_OPTIONS
@ -264,8 +347,8 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### SASLAUTHD_LDAP_SSL ##### SASLAUTHD_LDAP_SSL
- empty or 0 => ldap:// will be used - empty or 0 => `ldap://` will be used
- 1 => ldaps:// will be used - 1 => `ldaps://` will be used
##### SASLAUTHD_LDAP_BIND_DN ##### SASLAUTHD_LDAP_BIND_DN
@ -285,9 +368,9 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### SASLAUTHD_LDAP_FILTER ##### SASLAUTHD_LDAP_FILTER
- empty => default filter (&(uniqueIdentifier=%u)(mailEnabled=TRUE)) - empty => default filter `(&(uniqueIdentifier=%u)(mailEnabled=TRUE))`
- e.g. for active directory: (&(sAMAccountName=%U)(objectClass=person)) - e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))`
- e.g. for openldap: (&(uid=%U)(objectClass=person)) - e.g. for openldap: `(&(uid=%U)(objectClass=person))`
##### SASL_PASSWD ##### SASL_PASSWD
@ -325,15 +408,16 @@ Set how many days a virusmail will stay on the server before being deleted
##### ENABLE_POSTFIX_VIRTUAL_TRANSPORT ##### ENABLE_POSTFIX_VIRTUAL_TRANSPORT
This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket. This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket.
- **empty** => disabled
- 1 => enabled - **empty** => disabled
- 1 => enabled
##### POSTFIX_DAGENT ##### POSTFIX_DAGENT
Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix
- **empty**: fail
- lmtp:unix:private/dovecot-lmtp (use socket)
- lmtps:inet:<host>:<port> (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)
- lmtp:<kopano-host>:2003 (use kopano as mailstore)
- etc.
- **empty**: fail
- `lmtp:unix:private/dovecot-lmtp` (use socket)
- `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)
- `lmtp:<kopano-host>:2003` (use kopano as mailstore)
- etc.

0
config/postfix-master.cf Normal file
View File

1
target/docker-configomat Submodule

@ -0,0 +1 @@
Subproject commit e3e84ded29d88b2945c0782dbb43237c561a54a9

98
target/start-mailserver.sh
View File

@ -316,50 +316,6 @@ function display_startup_daemon() {
return $res return $res
} }
function override_config() {
notify "task" "Starting do do overrides"
declare -A config_overrides
_env_variable_prefix=$1
[ -z ${_env_variable_prefix} ] && return 1
IFS=" " read -r -a _config_files <<< $2
# dispatch env variables
for env_variable in $(printenv | grep $_env_variable_prefix);do
# get key
# IFS not working because values like ldap_query_filter or search base consists of several '='
# IFS="=" read -r -a __values <<< $env_variable
# key="${__values[0]}"
# value="${__values[1]}"
key=$(echo $env_variable | cut -d "=" -f1)
key=${key#"${_env_variable_prefix}"}
# make key lowercase
key=${key,,}
# get value
value=$(echo $env_variable | cut -d "=" -f2-)
config_overrides[$key]=$value
done
for f in "${_config_files[@]}"
do
if [ ! -f "${f}" ];then
echo "Can not find ${f}. Skipping override"
else
for key in ${!config_overrides[@]}
do
[ -z $key ] && echo -e "\t no key provided" && return 1
sed -i -e "s|^${key}[[:space:]]\+.*|${key} = "${config_overrides[$key]}'|g' \
${f}
done
fi
done
}
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# ! CARE --> DON'T CHANGE, except you know exactly what you are doing # ! CARE --> DON'T CHANGE, except you know exactly what you are doing
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
@ -570,21 +526,37 @@ function _setup_ldap() {
for i in 'users' 'groups' 'aliases'; do for i in 'users' 'groups' 'aliases'; do
fpath="/tmp/docker-mailserver/ldap-${i}.cf" fpath="/tmp/docker-mailserver/ldap-${i}.cf"
if [ -f $fpath ]; then if [ -f $fpath ]; then
cp ${fpath} /etc/postfix/ldap-${i}.cf cp ${fpath} /etc/postfix/ldap-${i}.cf
fi fi
done done
notify 'inf' 'Starting to override configs' notify 'inf' 'Starting to override configs'
override_config "LDAP_" "/etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf" for f in /etc/postfix/ldap-users.cf /etc/postfix/ldap-groups.cf /etc/postfix/ldap-aliases.cf
do
[[ $f =~ ldap-user ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_USER}"
[[ $f =~ ldap-group ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_GROUP}"
[[ $f =~ ldap-aliases ]] && export LDAP_QUERY_FILTER="${LDAP_QUERY_FILTER_ALIAS}"
configomat.sh "LDAP_" "${f}"
done
notify 'inf' "Configuring dovecot LDAP"
declare -A _dovecot_ldap_mapping
_dovecot_ldap_mapping["DOVECOT_BASE"]="${DOVECOT_BASE:="${LDAP_SEARCH_BASE}"}"
_dovecot_ldap_mapping["DOVECOT_DN"]="${DOVECOT_DN:="${LDAP_BIND_DN}"}"
_dovecot_ldap_mapping["DOVECOT_DNPASS"]="${DOVECOT_DNPASS:="${LDAP_BIND_PW}"}"
_dovecot_ldap_mapping["DOVECOT_HOSTS"]="${DOVECOT_HOSTS:="${LDAP_SERVER_HOST}"}"
# Not sure whether this can be the same or not
# _dovecot_ldap_mapping["DOVECOT_PASS_FILTER"]="${DOVECOT_PASS_FILTER:="${LDAP_QUERY_FILTER_USER}"}"
# _dovecot_ldap_mapping["DOVECOT_USER_FILTER"]="${DOVECOT_USER_FILTER:="${LDAP_QUERY_FILTER_USER}"}"
for var in ${!_dovecot_ldap_mapping[@]}; do
export $var=${_dovecot_ldap_mapping[$var]}
done
configomat.sh "DOVECOT_" "/etc/dovecot/dovecot-ldap.conf.ext"
# @TODO: Environment Variables for DOVECOT ldap integration to configure for better control
notify 'inf' "Configuring dovecot LDAP authentification"
sed -i -e 's|^hosts.*|hosts = '${LDAP_SERVER_HOST:="mail.domain.com"}'|g' \
-e 's|^base.*|base = '${LDAP_SEARCH_BASE:="ou=people,dc=domain,dc=com"}'|g' \
-e 's|^dn\s*=.*|dn = '${LDAP_BIND_DN:="cn=admin,dc=domain,dc=com"}'|g' \
-e 's|^dnpass\s*=.*|dnpass = '${LDAP_BIND_PW:="admin"}'|g' \
/etc/dovecot/dovecot-ldap.conf.ext
# Add domainname to vhost. # Add domainname to vhost.
echo $DOMAINNAME >> /tmp/vhost.tmp echo $DOMAINNAME >> /tmp/vhost.tmp
@ -630,7 +602,7 @@ EOF
# cyrus sasl or dovecot sasl # cyrus sasl or dovecot sasl
if [[ ${ENABLE_SASLAUTHD} == 1 ]] || [[ ${SMTP_ONLY} == 0 ]];then if [[ ${ENABLE_SASLAUTHD} == 1 ]] || [[ ${SMTP_ONLY} == 0 ]];then
sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = yes|g' /etc/postfix/main.cf sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = yes|g' /etc/postfix/main.cf
else else
sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = no|g' /etc/postfix/main.cf sed -i -e 's|^smtpd_sasl_auth_enable[[:space:]]\+.*|smtpd_sasl_auth_enable = no|g' /etc/postfix/main.cf
fi fi
@ -668,7 +640,7 @@ EOF
sed -i \ sed -i \
-e "/^[^#].*smtpd_sasl_type.*/s/^/#/g" \ -e "/^[^#].*smtpd_sasl_type.*/s/^/#/g" \
-e "/^[^#].*smtpd_sasl_path.*/s/^/#/g" \ -e "/^[^#].*smtpd_sasl_path.*/s/^/#/g" \
etc/postfix/master.cf /etc/postfix/master.cf
sed -i \ sed -i \
-e "s|^START=.*|START=yes|g" \ -e "s|^START=.*|START=yes|g" \
@ -735,6 +707,9 @@ function _setup_dkim() {
chmod -R 0700 /etc/opendkim/keys/ chmod -R 0700 /etc/opendkim/keys/
else else
notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys." notify 'warn' "No DKIM key provided. Check the documentation to find how to get your keys."
local _f_keytable="/etc/opendkim/KeyTable"
[ ! -f "$_f_keytable" ] && touch "$_f_keytable"
fi fi
} }
@ -902,6 +877,16 @@ function _setup_postfix_override_configuration() {
else else
notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided." notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided."
fi fi
if [ -f /tmp/docker-mailserver/postfix-master.cf ]; then
while read line; do
if [[ "$line" =~ ^[a-z] ]]; then
postconf -P "$line"
fi
done < /tmp/docker-mailserver/postfix-master.cf
notify 'inf' "Loaded 'config/postfix-master.cf'"
else
notify 'inf' "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-master.cf' not provided."
fi
} }
function _setup_postfix_sasl_password() { function _setup_postfix_sasl_password() {
@ -958,6 +943,7 @@ function _setup_security_stack() {
SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG=${SA_TAG:="2.0"} && sed -i -r 's/^\$sa_tag_level_deflt (.*);/\$sa_tag_level_deflt = '$SA_TAG';/g' /etc/amavis/conf.d/20-debian_defaults
SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults SA_TAG2=${SA_TAG2:="6.31"} && sed -i -r 's/^\$sa_tag2_level_deflt (.*);/\$sa_tag2_level_deflt = '$SA_TAG2';/g' /etc/amavis/conf.d/20-debian_defaults
SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kill_level_deflt = '$SA_KILL';/g' /etc/amavis/conf.d/20-debian_defaults
SA_SPAM_SUBJECT=${SA_SPAM_SUBJECT:="***SPAM*** "} && sed -i -r 's/^\$sa_spam_subject_tag (.*);/\$sa_spam_subject_tag = '"'$SA_SPAM_SUBJECT'"';/g' /etc/amavis/conf.d/20-debian_defaults
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/ test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
fi fi

1
test/config/postfix-master.cf Normal file
View File

@ -0,0 +1 @@
submission/inet/smtpd_sasl_security_options=noanonymous

52
test/tests.bats
View File

@ -341,7 +341,7 @@ load 'test_helper/bats-assert/load'
run docker exec mail_smtponly /bin/sh -c 'grep -cE "to=<user2\@external.tld>.*status\=sent" /var/log/mail/mail.log' run docker exec mail_smtponly /bin/sh -c 'grep -cE "to=<user2\@external.tld>.*status\=sent" /var/log/mail/mail.log'
[ "$status" -ge 0 ] [ "$status" -ge 0 ]
} }
# #
@ -391,6 +391,11 @@ load 'test_helper/bats-assert/load'
assert_success assert_success
} }
@test "checking postfix: master.cf overrides" {
run docker exec mail grep -q 'submission/inet/smtpd_sasl_security_options=noanonymous' /tmp/docker-mailserver/postfix-master.cf
assert_success
}
# #
# dovecot # dovecot
# #
@ -424,6 +429,8 @@ load 'test_helper/bats-assert/load'
assert_success assert_success
run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'" run docker exec mail_pop3 /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 6.31'"
assert_success assert_success
run docker exec mail_pop3 /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .\*\*\*SPAM\*\*\* .'"
assert_success
} }
@test "checking spamassassin: docker env variables are set correctly (custom)" { @test "checking spamassassin: docker env variables are set correctly (custom)" {
@ -433,6 +440,8 @@ load 'test_helper/bats-assert/load'
assert_success assert_success
run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'" run docker exec mail /bin/sh -c "grep '\$sa_kill_level_deflt' /etc/amavis/conf.d/20-debian_defaults | grep '= 3.0'"
assert_success assert_success
run docker exec mail /bin/sh -c "grep '\$sa_spam_subject_tag' /etc/amavis/conf.d/20-debian_defaults | grep '= .SPAM: .'"
assert_success
} }
@test "checking spamassassin: all registered domains should see spam headers" { @test "checking spamassassin: all registered domains should see spam headers" {
@ -472,6 +481,12 @@ load 'test_helper/bats-assert/load'
assert_output 2 assert_output 2
} }
@test "checking opendkim: /etc/opendkim/KeyTable dummy file generated without keys provided" {
run docker exec mail_smtponly_without_config /bin/bash -c "cat /etc/opendkim/KeyTable"
assert_success
}
@test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" { @test "checking opendkim: /etc/opendkim/keys/ should contain 2 entries" {
run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l" run docker exec mail /bin/sh -c "ls -l /etc/opendkim/keys/ | grep '^d' | wc -l"
assert_success assert_success
@ -1036,34 +1051,34 @@ load 'test_helper/bats-assert/load'
} }
@test "checking postfix: ldap custom config files copied" { @test "checking postfix: ldap custom config files copied" {
run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf" run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-users.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf" run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-groups.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf" run docker exec mail_with_ldap /bin/sh -c "grep '# Testconfig for ldap integration' /etc/postfix/ldap-aliases.cf"
assert_success assert_success
} }
@test "checking postfix: ldap config overwrites success" { @test "checking postfix: ldap config overwrites success" {
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-users.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-users.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-groups.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-groups.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'server_host = ldap' /etc/postfix/ldap-aliases.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'search_base = ou=people,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf"
assert_success assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf" run docker exec mail_with_ldap /bin/sh -c "grep 'bind_dn = cn=admin,dc=localhost,dc=localdomain' /etc/postfix/ldap-aliases.cf"
assert_success assert_success
} }
@ -1074,7 +1089,7 @@ load 'test_helper/bats-assert/load'
} }
# This is ldap, so the mail directory gets set differently! # This is ldap, so the mail directory gets set differently!
@test "checking dovecot: mail delivery works" { @test "checking dovecot: ldap mail delivery works" {
run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt" run docker exec mail_with_ldap /bin/sh -c "sendmail -f user@external.tld some.user@localhost.localdomain < /tmp/docker-mailserver-test/email-templates/test-email.txt"
sleep 10 sleep 10
run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l" run docker exec mail_with_ldap /bin/sh -c "ls -A /var/mail/localhost.localdomain/some.user/new | wc -l"
@ -1082,6 +1097,15 @@ load 'test_helper/bats-assert/load'
assert_output 1 assert_output 1
} }
@test "checking dovecot: ldap config overwrites success" {
run docker exec mail_with_ldap /bin/sh -c "grep 'hosts = ldap' /etc/dovecot/dovecot-ldap.conf.ext"
assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'base = ou=people,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext"
assert_success
run docker exec mail_with_ldap /bin/sh -c "grep 'dn = cn=admin,dc=localhost,dc=localdomain' /etc/dovecot/dovecot-ldap.conf.ext"
assert_success
}
# saslauthd # saslauthd
@test "checking saslauthd: sasl ldap authentication works" { @test "checking saslauthd: sasl ldap authentication works" {
run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret" run docker exec mail_with_ldap bash -c "testsaslauthd -u some.user -p secret"