From ba11fccaf4b1fa8467b71b5ffad9b2553d17244a Mon Sep 17 00:00:00 2001 From: Aeris Date: Mon, 26 Nov 2018 22:31:51 +0100 Subject: [PATCH] databases/dh.pem --- deploy/roles/mailserver/files/db/databases.sh | 11 ++++ deploy/roles/mailserver/files/imap/Dockerfile | 6 +-- deploy/roles/mailserver/files/imap/dh.pem | 13 +++++ deploy/roles/mailserver/files/imap/start.sh | 7 +-- deploy/roles/mailserver/files/smtp/Dockerfile | 2 +- deploy/roles/mailserver/files/smtp/main.cf | 8 +-- deploy/roles/mailserver/files/smtp/start.sh | 54 +++++++++---------- .../mailserver/files/webmail/config.inc.php | 7 +++ deploy/roles/mailserver/tasks/main.yml | 13 +++++ .../templates/docker-compose.yml.j2 | 29 ++++++---- deploy/roles/mailserver/vars/main.yml | 2 +- 11 files changed, 100 insertions(+), 52 deletions(-) create mode 100755 deploy/roles/mailserver/files/db/databases.sh create mode 100644 deploy/roles/mailserver/files/imap/dh.pem mode change 100755 => 100644 deploy/roles/mailserver/files/smtp/start.sh create mode 100644 deploy/roles/mailserver/files/webmail/config.inc.php diff --git a/deploy/roles/mailserver/files/db/databases.sh b/deploy/roles/mailserver/files/db/databases.sh new file mode 100755 index 0000000..65f1b7f --- /dev/null +++ b/deploy/roles/mailserver/files/db/databases.sh @@ -0,0 +1,11 @@ +file_env 'MYSQL_DATABASES' +if [ "$MYSQL_DATABASES" ]; then + for databaseName in $MYSQL_DATABASES; do + echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}" + done +fi +if [ "$MYSQL_DATABASES" ]; then + for databaseName in $MYSQL_DATABASES; do + echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done +fi diff --git a/deploy/roles/mailserver/files/imap/Dockerfile b/deploy/roles/mailserver/files/imap/Dockerfile index d1e80ff..fea24b2 100644 --- a/deploy/roles/mailserver/files/imap/Dockerfile +++ b/deploy/roles/mailserver/files/imap/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:latest -RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin +RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql -RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail +RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail RUN mkdir /etc/dovecot/sieve-filter RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc @@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf - +ADD dh.pem /dh.pem ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf diff --git a/deploy/roles/mailserver/files/imap/dh.pem b/deploy/roles/mailserver/files/imap/dh.pem new file mode 100644 index 0000000..1bdb8ea --- /dev/null +++ b/deploy/roles/mailserver/files/imap/dh.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy +/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B +2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs +M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A +LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4 +EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE +hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb +z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG +Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN +3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0 +i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI= +-----END DH PARAMETERS----- diff --git a/deploy/roles/mailserver/files/imap/start.sh b/deploy/roles/mailserver/files/imap/start.sh index a6fadc6..b989174 100755 --- a/deploy/roles/mailserver/files/imap/start.sh +++ b/deploy/roles/mailserver/files/imap/start.sh @@ -8,9 +8,10 @@ #fi #if [ -n "${MAILDOMAIN}" ]; then - echo -e "ssl = yes\n \ - ssl_cert = /etc/dovecot/conf.d/10-ssl.conf +echo -e "ssl = yes\n \ +ssl_dh = /etc/dovecot/conf.d/10-ssl.conf #fi dovecot -F diff --git a/deploy/roles/mailserver/files/smtp/Dockerfile b/deploy/roles/mailserver/files/smtp/Dockerfile index 45f04de..c91ec89 100644 --- a/deploy/roles/mailserver/files/smtp/Dockerfile +++ b/deploy/roles/mailserver/files/smtp/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:latest RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail -RUN apk add --no-cache postfix ca-certificates +RUN apk add --no-cache postfix postfix-mysql ca-certificates ADD ./main.cf /etc/postfix/main.cf ADD ./master.cf /etc/postfix/master.cf diff --git a/deploy/roles/mailserver/files/smtp/main.cf b/deploy/roles/mailserver/files/smtp/main.cf index d95d781..27a4455 100644 --- a/deploy/roles/mailserver/files/smtp/main.cf +++ b/deploy/roles/mailserver/files/smtp/main.cf @@ -79,12 +79,12 @@ virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf message_size_limit = 20480000 # Milter setup -smtpd_milters = inet:spam:11332 +smtpd_milters = inet:spam:11334 milter_default_action = accept milter_protocol = 6 unknown_local_recipient_reject_code = 550 owner_request_special = no -transport_maps = hash:/mailman/var/data/postfix_lmtp -local_recipient_maps = hash:/mailman/var/data/postfix_lmtp -relay_domains = hash:/mailman/var/data/postfix_domains +transport_maps = regexp:/mailman/var/data/postfix_lmtp +local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp +relay_domains = regexp:/mailman/var/data/postfix_domains diff --git a/deploy/roles/mailserver/files/smtp/start.sh b/deploy/roles/mailserver/files/smtp/start.sh old mode 100755 new mode 100644 index f7637bc..75fafdd --- a/deploy/roles/mailserver/files/smtp/start.sh +++ b/deploy/roles/mailserver/files/smtp/start.sh @@ -1,36 +1,32 @@ #!/bin/sh -#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then - echo -e "myorigin = ${MYORIGIN}\n \ - myhostname = ${MYHOSTNAME} \ - smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \ - smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf -#fi +echo "myorigin = ${MYORIGIN}" >> /etc/postfix/main.cf +echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf +echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf +echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf -#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then - echo -e "user = ${DATABASE_USER}\n \ - password = ${DATABASE_PASSWORD}\n \ - hosts = db\n \ - dbname = ${DATABASE_NAME}\n \ - table = alias\n \ - select_field = goto\n \ - where_field = address" > /etc/postfix/virtual_alias_maps.cf; +echo "user = ${DATABASE_USER} +password = ${DATABASE_PASSWORD} +hosts = db +dbname = ${DATABASE_NAME} +table = alias +select_field = goto +where_field = address" > /etc/postfix/virtual_alias_maps.cf; - echo -e "user = ${DATABASE_USER}\n \ - password = ${DATABASE_PASSWORD}\n \ - hosts = db\n \ - dbname = ${DATABASE_NAME}\n \ - table = domain\n \ - select_field = domain\n \ - where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf; +echo "user = ${DATABASE_USER} +password = ${DATABASE_PASSWORD} +hosts = db +dbname = ${DATABASE_NAME} +table = domain +select_field = domain +where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf; - echo -e "user = ${DATABASE_USER}\n \ - password = ${DATABASE_PASSWORD}\n \ - hosts = db\n \ - dbname = ${DATABASE_NAME}\n \ - table = mailbox\n \ - select_field = maildir\n \ - where_field = username" > /etc/postfix/virtual_mailbox_maps.cf; -#fi +echo "user = ${DATABASE_USER} +password = ${DATABASE_PASSWORD} +hosts = db +dbname = ${DATABASE_NAME} +table = mailbox +select_field = maildir +where_field = username" > /etc/postfix/virtual_mailbox_maps.cf; postfix start-fg diff --git a/deploy/roles/mailserver/files/webmail/config.inc.php b/deploy/roles/mailserver/files/webmail/config.inc.php new file mode 100644 index 0000000..aff8edd --- /dev/null +++ b/deploy/roles/mailserver/files/webmail/config.inc.php @@ -0,0 +1,7 @@ + array( 'verify_peer' => false, 'verify_peer_name' => false ), ); +$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), ); +$rcmail_config['managesieve_port'] = 4190; +$rcmail_config['managesieve_host'] = 'tls://imap'; +$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), ); diff --git a/deploy/roles/mailserver/tasks/main.yml b/deploy/roles/mailserver/tasks/main.yml index 8f93072..ab52644 100644 --- a/deploy/roles/mailserver/tasks/main.yml +++ b/deploy/roles/mailserver/tasks/main.yml @@ -32,6 +32,11 @@ src: smtp dest: "{{ docker_project_folder }}/mailserver" +- name: Copy webmail Add + copy: + src: webmail + dest: "{{ docker_project_folder }}/mailserver" + - name: make start executable in traefik shell: chmod +x "{{ docker_project_folder }}/mailserver/smtp/start.sh" @@ -51,6 +56,14 @@ - name: make start executable in spam shell: chmod +x "{{ docker_project_folder }}/mailserver/spam/start.sh" +- name: Copy db + copy: + src: db + dest: "{{ docker_project_folder }}/mailserver" + +- name: make start executable in db + shell: chmod +x "{{ docker_project_folder }}/mailserver/db/databases.sh" + - name: Copy traefik copy: src: traefik diff --git a/deploy/roles/mailserver/templates/docker-compose.yml.j2 b/deploy/roles/mailserver/templates/docker-compose.yml.j2 index d35d531..eeb9108 100644 --- a/deploy/roles/mailserver/templates/docker-compose.yml.j2 +++ b/deploy/roles/mailserver/templates/docker-compose.yml.j2 @@ -15,10 +15,9 @@ services: - db:db - spam:spam volumes: - - ./smtp/main.cf:/etc/postfix/main.cf:ro - - ./smtp/master.cf:/etc/postfix/master.cf:ro - - {{ docker_data_folder }}/mailserver/mailman/data:/mailman + - {{ docker_data_folder }}/mailserver/mailman/core:/mailman - mails:/home/vmail + - /dev/log:/dev/log - certs:/certs environment: - DATABASE_USER=mail @@ -42,6 +41,7 @@ services: expose: - '24' - '8472' + - '993' links: - db - spam @@ -84,15 +84,19 @@ services: - imap:imap - smtp:smtp environment: - ROUNDCUBEMAIL_DEFAULT_HOST: imap - ROUNDCUBEMAIL_SMTP_SERVER: smtp + ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap" + ROUNDCUBEMAIL_DEFAULT_PORT: "993" + ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp" + ROUNDCUBEMAIL_SMTP_PORT: 587 ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M ROUNDCUBEMAIL_DB_TYPE: mysql ROUNDCUBEMAIL_DB_HOST: db ROUNDCUBEMAIL_DB_USER: mail ROUNDCUBEMAIL_DB_PASSWORD: {{ DB_PASSWORD }} - ROUNDCUBEMAIL_DB_NAME: postfix + ROUNDCUBEMAIL_DB_NAME: roundcube + volumes: + - ./webmail/config.inc.php:/var/roundcube/config/config.inc.php labels: - "traefik.frontend.rule=Host:mail.{{ DOMAIN }}" - "traefik.port=80" @@ -125,12 +129,13 @@ services: restart: always environment: MYSQL_ROOT_PASSWORD: {{ DB_ROOT_PASSWORD }} - MYSQL_DATABASES: "postfix mailman" + MYSQL_DATABASES: "postfix mailman roundcube" MYSQL_USER: mail MYSQL_PASSWORD: {{ DB_PASSWORD }} volumes: - - {{ docker_data_fodler }}:/var/lib/mysql - - ./docker-entrypoint.sh:/docker-entrypoint.sh + - {{ docker_data_folder }}/mailserver/db:/var/lib/mysql + #- ./docker-entrypoint.sh:/docker-entrypoint.sh + - {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d labels: - "traefik.enable=false" @@ -152,6 +157,10 @@ services: - DATABASE_TYPE=mysql - DATABASE_CLASS=mailman.database.mysql.MySQLDatabase - HYPERKITTY_API_KEY=someapikey + - MM_HOSTNAME=mailman-core + - SMTP_PORT=587 + - SMTP_HOST=smtp + - MTA=postfix labels: - "traefik.enable=false" @@ -202,8 +211,6 @@ services: - "traefik.port=80" - - traefik: container_name: traefik image: traefik diff --git a/deploy/roles/mailserver/vars/main.yml b/deploy/roles/mailserver/vars/main.yml index 9ec9e4a..d61f15e 100644 --- a/deploy/roles/mailserver/vars/main.yml +++ b/deploy/roles/mailserver/vars/main.yml @@ -1,7 +1,7 @@ --- become_method: sudo ansible_ask_become_pass: yes -docker_data_folder: /data_ansible +docker_data_folder: /data_test docker_project_folder: /var/docker DOMAIN: creditcards.bayern