a3x/mailserver
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

mailman tested and working, rspamd tested and working, roundcube tested and working

Browse source
This commit is contained in:
Aeris 2018-12-07 17:00:01 +01:00
parent fe40ec4e2f
commit ef7471b3dd
26 changed files with 213 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -1,9 +1,12 @@
# General
Postfix mta doesnt provide SNI, so there mailserver and lists must run on the same domain
Postfix mta doesnt provide SNI, so mailserver and lists must run on the same domain.
# State
All the front facing files are just examplatory of the final docker-compose directory structure on the provisioned host, therefore completely out of date. Just deploy the ansible project.
All the credentials found in this repo are for testing purpose and may only work on the test instance @creditcards.bayern (v6). Happy fuzzing
# Configure

11
db/databases.sh Executable file
View file

@ -0,0 +1,11 @@
file_env 'MYSQL_DATABASES'
if [ "$MYSQL_DATABASES" ]; then
for databaseName in $MYSQL_DATABASES; do
echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}"
done
fi
if [ "$MYSQL_DATABASES" ]; then
for databaseName in $MYSQL_DATABASES; do
echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
done
fi

0
deploy/roles/mailserver/files/docker-entrypoint.sh → db/docker-entrypoint.sh
View file

0
docker-entrypoint.sh → deploy/roles/mailserver/files/db/docker-entrypoint.sh
View file

4
deploy/roles/mailserver/files/mailman-extra.cfg → deploy/roles/mailserver/files/mailman/mailman-extra.cfg
View file

@ -3,8 +3,8 @@
[mta]
incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver
lmtp_host: imap
lmtp_port: 8472
lmtp_host: mailman-core
lmtp_port: 8424
smtp_host: smtp
smtp_port: 25
configuration: /etc/postfix-mailman.cfg

8
deploy/roles/mailserver/files/smtp/main.cf
View file

@ -70,16 +70,16 @@ mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_transport = lmtp:inet:imap:24
virtual_transport = lmtp:inet:mailman-core:8024
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf regexp:/mailman/var/data/postfix_vmap
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_lmtp
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
message_size_limit = 20480000
# Milter setup
smtpd_milters = inet:spam:11334
smtpd_milters = inet:spam:11332
milter_default_action = accept
milter_protocol = 6

1
deploy/roles/mailserver/files/smtp/master.cf
View file

@ -10,7 +10,6 @@
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes

2
deploy/roles/mailserver/files/spam/Dockerfile
View file

@ -2,7 +2,7 @@ FROM alpine:edge
# We have to upgrade musl, or rspamd will not work.
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
&& apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates
&& apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates
RUN mkdir /run/rspamd

15
deploy/roles/mailserver/files/spam/start.sh
View file

@ -11,4 +11,19 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc
enable_password = "${PASSWORD}";
EOF
cat << EOF > /etc/rspamd/local.d/worker-proxy.inc
bind_socket = "0.0.0.0:11332";
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
EOF
cat << EOF > /etc/rspamd/override.d/worker-normal.inc
bind_socket = "127.0.0.1:11333";
EOF
/usr/sbin/rspamd -f --insecure

10
deploy/roles/mailserver/tasks/main.yml
View file

@ -37,6 +37,16 @@
src: config.inc.php.j2
dest: "{{ docker_project_folder }}/mailserver/webmail/config.inc.php"
- name: Create mailman config
copy:
dest: "{{ docker_project_folder }}/mailserver/mailman"
src: mailman
- name: Copy Mailman Settings
template:
src: settings_local.py.j2
dest: "{{ docker_project_folder }}/mailserver/mailman/settings_local.py"
- name: make start executable smtp
copy:
dest: "{{ docker_project_folder }}/mailserver/smtp/start.sh"

21
deploy/roles/mailserver/templates/docker-compose.yml.j2
View file

@ -14,6 +14,7 @@ services:
- imap:imap
- db:db
- spam:spam
- mailman-core:mailman-core
volumes:
- {{ docker_data_folder }}/mailserver/mailman/core:/mailman
- mails:/home/vmail
@ -27,6 +28,10 @@ services:
- MYHOSTNAME=mail.{{ DOMAIN }}
labels:
- "traefik.enable=false"
networks:
defualt:
alias:
- smtp
imap:
container_name: imap
@ -62,8 +67,9 @@ services:
restart: always
expose:
- 11334
- 11332
volumes:
- spam:{{ docker_data_folder }}
- {{ docker_data_folder }}/mailserver/rspamd/:/var/lib/rspamd
- /etc/localtime:/etc/localtime:ro
environment:
- PASSWORD={{ WEB_PASSWORD }}
@ -134,7 +140,7 @@ services:
MYSQL_PASSWORD: {{ DB_PASSWORD }}
volumes:
- {{ docker_data_folder }}/mailserver/db:/var/lib/mysql
#- ./docker-entrypoint.sh:/docker-entrypoint.sh
- ./db/docker-entrypoint.sh:/docker-entrypoint.sh
- {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d
labels:
- "traefik.enable=false"
@ -145,11 +151,12 @@ services:
hostname: mailman-core
volumes:
- {{ docker_data_folder }}/mailserver/mailman/core:/opt/mailman/
- ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
- ./mailman/mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
expose:
- 8024
- 8001
links:
- db:db
- smtp:smtp
- imap:imap
depends_on:
- db
environment:
@ -178,6 +185,7 @@ services:
- db:db
- smtp:smtp
volumes:
- ./mailman/settings_local.py:/opt/mailman/web/settings_local.py
- {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman-web-data
environment:
- DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman
@ -238,7 +246,8 @@ services:
labels:
- "traefik.enable=false"
networks:
default:
volumes:
mails:

7
deploy/roles/mailserver/templates/settings_local.py.j2 Normal file
View file

@ -0,0 +1,7 @@
USE_SSL = True
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp'
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = "{{ mailman_sender_address }}"
SERVER_EMAIL = "{{ mailman_sender_address }}"
DEBUG = True

1
deploy/roles/mailserver/vars/main.yml
View file

@ -4,6 +4,7 @@ ansible_ask_become_pass: yes
docker_data_folder: /data_test
docker_project_folder: /var/docker
DOMAIN: creditcards.bayern
mailman_sender_address: "lists@{{ DOMAIN }}"
# vault

84
docker-compose.yml
View file

@ -14,27 +14,30 @@ services:
- imap:imap
- db:db
- spam:spam
- mailman-core:mailman-core
volumes:
- ./smtp/main.cf:/etc/postfix/main.cf:ro
- ./smtp/master.cf:/etc/postfix/master.cf:ro
- /data/mailserver/mailman/data:/mailman
- /data_test/mailserver/mailman/core:/mailman
- mails:/home/vmail
- /dev/log:/dev/log
- certs:/certs
environment:
- DATABASE_USER=mail
- DATABASE_PASSWORD=db_password
- DATABASE_PASSWORD=98ewtx9mwh4e9x
- DATABASE_NAME=postfix
- MYORIGIN=creditcards.bayern
- MYHOSTNAME=mail.creditcards.bayern
labels:
- "traefik.enable=false"
networks:
default:
aliases:
- smtp
imap:
container_name: imap
build: ./imap
restart: always
depends_on:
- extractor
- db
ports:
- '993:993'
@ -42,6 +45,7 @@ services:
expose:
- '24'
- '8472'
- '993'
links:
- db
- spam
@ -50,7 +54,7 @@ services:
- certs:/certs
environment:
- "DATABASE_USER=mail"
- "DATABASE_PASSWORD=db_password"
- "DATABASE_PASSWORD=98ewtx9mwh4e9x"
- "DATABASE_NAME=postfix"
- "MAILDOMAIN=mail.creditcards.bayern"
labels:
@ -62,11 +66,13 @@ services:
restart: always
expose:
- 11334
- 11332
volumes:
- spam:/data
- spam:/data_test
- /data_test/rspamd/:/var/lib/rspamd
- /etc/localtime:/etc/localtime:ro
environment:
- PASSWORD=nichtsicher
- PASSWORD=feelsnotverysecure
- PORT=11334
labels:
- "traefik.frontend.rule=Host:spam.creditcards.bayern"
@ -84,15 +90,19 @@ services:
- imap:imap
- smtp:smtp
environment:
ROUNDCUBEMAIL_DEFAULT_HOST: imap
ROUNDCUBEMAIL_SMTP_SERVER: smtp
ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap"
ROUNDCUBEMAIL_DEFAULT_PORT: "993"
ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp"
ROUNDCUBEMAIL_SMTP_PORT: 587
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
ROUNDCUBEMAIL_DB_TYPE: mysql
ROUNDCUBEMAIL_DB_HOST: db
ROUNDCUBEMAIL_DB_USER: mail
ROUNDCUBEMAIL_DB_PASSWORD: db_password
ROUNDCUBEMAIL_DB_NAME: postfix
ROUNDCUBEMAIL_DB_PASSWORD: 98ewtx9mwh4e9x
ROUNDCUBEMAIL_DB_NAME: roundcube
volumes:
- ./webmail/config.inc.php:/var/roundcube/config/config.inc.php
labels:
- "traefik.frontend.rule=Host:mail.creditcards.bayern"
- "traefik.port=80"
@ -112,7 +122,7 @@ services:
DBHOST: db
DBUSER: mail
DBNAME: postfix
DBPASS: db_password
DBPASS: 98ewtx9mwh4e9x
SMTPHOST: smtp
DOMAIN: creditcards.bayern
labels:
@ -124,13 +134,14 @@ services:
image: mariadb:10.3
restart: always
environment:
MYSQL_ROOT_PASSWORD: root_password
MYSQL_DATABASES: "postfix mailman"
MYSQL_ROOT_PASSWORD: kf43,cj,ewft3jr4
MYSQL_DATABASES: "postfix mailman roundcube"
MYSQL_USER: mail
MYSQL_PASSWORD: db_password
MYSQL_PASSWORD: 98ewtx9mwh4e9x
volumes:
- database:/var/lib/mysql
- ./docker-entrypoint.sh:/docker-entrypoint.sh
- /data_test/mailserver/db:/var/lib/mysql
- ./db/docker-entrypoint.sh:/docker-entrypoint.sh
- /var/docker/mailserver/db:/docker-entrypoint-initdb.d
labels:
- "traefik.enable=false"
@ -139,19 +150,24 @@ services:
container_name: mailman-core
hostname: mailman-core
volumes:
- /data/mailserver/mailman/core:/opt/mailman/
- ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
- /data_test/mailserver/mailman/core:/opt/mailman/
- ./mailman-extra.cfg:/opt/mailman/mailman-extra.cfg
links:
- db
- smtp
- imap
- db:db
expose:
- 8024
- 8001
depends_on:
- db
environment:
- DATABASE_URL=mysql://mail:db_password@db/mailman
- DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman
- DATABASE_TYPE=mysql
- DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
- HYPERKITTY_API_KEY=someapikey
- MM_HOSTNAME=mailman-core
- SMTP_PORT=587
- SMTP_HOST=smtp
- MTA=postfix
labels:
- "traefik.enable=false"
@ -167,19 +183,24 @@ services:
links:
- mailman-core:mailman-core
- db:db
- smtp:smtp
volumes:
- /data/mailserver/mailman/web:/opt/mailman-web-data
- ./settings_local.py:/opt/mailman/web/settings_local.py
- /data_test/mailserver/mailman/web:/opt/mailman-web-data
- /data_test/mailserver/mailman/core:/var/mailman_
environment:
- DATABASE_URL=mysql://mail:db_password@db/mailman
- DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman
- DATABASE_TYPE=mysql
- HYPERKITTY_API_KEY=someapikey
- SECRET_KEY=thisisaverysecretkey
- SECRET_KEY=feelsnotverysecure
- DYLD_LIBRARY_PATH=/usr/local/mysql/lib/
- SERVE_FROM_DOMAIN=lists.creditcards.bayern
- DJANGO_ALLOWED_HOSTS=mailman.creditcards.bayern
- MAILMAN_ADMIN_USER=admin
- MAILMAN_ADMIN_EMAIL=a3x@eris.cc
- UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
- SMTP_PORT=587
- SMTP_HOST=smtp
labels:
#- "traefik.frontend.rule=Host:mailman.creditcards.bayern"
#- "traefik.port=8000"
@ -196,14 +217,12 @@ services:
- mailman-web:mailman-web
volumes:
- ./nginx/:/etc/nginx/conf.d/
- /data/mailserver/mailman/web:/opt/mailman/
- /data_test/mailserver/mailman/web:/opt/mailman/
labels:
- "traefik.frontend.rule=Host:mailman.creditcards.bayern"
- "traefik.port=80"
traefik:
container_name: traefik
image: traefik
@ -223,15 +242,16 @@ services:
container_name: extractor
image: danielhuisman/traefik-certificate-extractor
volumes:
- /data/mailserver/traefik:/app/data
- /data_test/mailserver/traefik:/app/data
- certs:/app/certs_flat
labels:
- "traefik.enable=false"
networks:
default:
volumes:
database:
mails:
certs:
spam:

6
imap/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:latest
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN mkdir /etc/dovecot/sieve-filter
RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf
ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
ADD dh.pem /dh.pem
ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf

13
imap/dh.pem Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy
/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B
2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs
M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A
LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4
EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE
hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb
z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG
Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN
3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0
i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI=
-----END DH PARAMETERS-----

7
imap/start.sh
View file

@ -8,9 +8,10 @@
#fi
#if [ -n "${MAILDOMAIN}" ]; then
echo -e "ssl = yes\n \
ssl_cert = </certs/${MAILDOMAIN}.crt\n \
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
echo -e "ssl = yes\n \
ssl_dh = </dh.pem\n \
ssl_cert = </certs/${MAILDOMAIN}.crt\n \
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
#fi
dovecot -F

4
mailman-extra.cfg → mailman/mailman-extra.cfg
View file

@ -3,8 +3,8 @@
[mta]
incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver
lmtp_host: imap
lmtp_port: 8472
lmtp_host: mailman-core
lmtp_port: 8024
smtp_host: smtp
smtp_port: 25
configuration: /etc/postfix-mailman.cfg

7
mailman/settings_local.py Normal file
View file

@ -0,0 +1,7 @@
USE_SSL = True
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp'
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = "lists@creditcards.bayern"
SERVER_EMAIL = "lists@creditcards.bayern"
DEBUG = True

2
smtp/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:latest
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN apk add --no-cache postfix ca-certificates
RUN apk add --no-cache postfix postfix-mysql ca-certificates
ADD ./main.cf /etc/postfix/main.cf
ADD ./master.cf /etc/postfix/master.cf

17
smtp/main.cf
View file

@ -65,17 +65,18 @@ alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
virtual_transport = lmtp:inet:imap:24
virtual_transport = lmtp:inet:mailman-core:8024
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_vmap
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf regexp:/mailman/var/data/postfix_lmtp
message_size_limit = 20480000
# Milter setup
@ -85,6 +86,6 @@ milter_protocol = 6
unknown_local_recipient_reject_code = 550
owner_request_special = no
transport_maps = hash:/mailman/var/data/postfix_lmtp
local_recipient_maps = hash:/mailman/var/data/postfix_lmtp
relay_domains = hash:/mailman/var/data/postfix_domains
transport_maps = regexp:/mailman/var/data/postfix_lmtp
local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp
relay_domains = regexp:/mailman/var/data/postfix_domains

3
smtp/master.cf
View file

@ -9,8 +9,7 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - - - - smtpd
-o content_filter=spamassassin
smtp inet n - - - - smtpd
submission inet n - - - - smtpd
-o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes

54
smtp/start.sh
View file

@ -1,36 +1,32 @@
#!/bin/sh
#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then
echo -e "myorigin = ${MYORIGIN}\n \
myhostname = ${MYHOSTNAME} \
smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \
smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf
#fi
echo "myorigin = ${MYHOSTNAME}" >> /etc/postfix/main.cf
echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf
echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf
echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf
#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then
echo -e "user = ${DATABASE_USER}\n \
password = ${DATABASE_PASSWORD}\n \
hosts = db\n \
dbname = ${DATABASE_NAME}\n \
table = alias\n \
select_field = goto\n \
where_field = address" > /etc/postfix/virtual_alias_maps.cf;
echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}
hosts = db
dbname = ${DATABASE_NAME}
table = alias
select_field = goto
where_field = address" > /etc/postfix/virtual_alias_maps.cf;
echo -e "user = ${DATABASE_USER}\n \
password = ${DATABASE_PASSWORD}\n \
hosts = db\n \
dbname = ${DATABASE_NAME}\n \
table = domain\n \
select_field = domain\n \
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}
hosts = db
dbname = ${DATABASE_NAME}
table = domain
select_field = domain
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
echo -e "user = ${DATABASE_USER}\n \
password = ${DATABASE_PASSWORD}\n \
hosts = db\n \
dbname = ${DATABASE_NAME}\n \
table = mailbox\n \
select_field = maildir\n \
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
#fi
echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}
hosts = db
dbname = ${DATABASE_NAME}
table = mailbox
select_field = maildir
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
postfix start-fg

2
spam/Dockerfile
View file

@ -2,7 +2,7 @@ FROM alpine:edge
# We have to upgrade musl, or rspamd will not work.
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
&& apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates
&& apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates
RUN mkdir /run/rspamd

14
spam/start.sh
View file

@ -11,4 +11,18 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc
enable_password = "${PASSWORD}";
EOF
cat << EOF > /etc/rspamd/local.d/worker-proxy.inc
bind_socket = "0.0.0.0:11332";
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
EOF
cat << EOF > /etc/rspamd/override.d/worker-normal.inc
bind_socket = "127.0.0.1:11333";
EOF
/usr/sbin/rspamd -f --insecure

11
webmail/config.inc.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$rcmail_config['managesieve_port'] = 4190;
$rcmail_config['managesieve_host'] = 'tls://imap';
$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$config['password_db_dsn'] = 'mysql://mail:98ewtx9mwh4e9x@db/postfix';
$config['password_query'] = "UPDATE mailbox SET password=CONCAT('{SHA512-CRYPT}', ENCRYPT (%p, CONCAT('$5$', SUBSTRING(SHA(RAND()), -16)))) WHERE username=%u;";