From ef7471b3dd2599927c9fa861da5bf4a1c282f0f8 Mon Sep 17 00:00:00 2001 From: Aeris Date: Fri, 7 Dec 2018 17:00:01 +0100 Subject: [PATCH] mailman tested and working, rspamd tested and working, roundcube tested and working --- README.md | 5 +- db/databases.sh | 11 +++ .../files => db}/docker-entrypoint.sh | 0 .../mailserver/files/db/docker-entrypoint.sh | 0 .../files/{ => mailman}/mailman-extra.cfg | 4 +- deploy/roles/mailserver/files/smtp/main.cf | 8 +- deploy/roles/mailserver/files/smtp/master.cf | 1 - deploy/roles/mailserver/files/spam/Dockerfile | 2 +- deploy/roles/mailserver/files/spam/start.sh | 15 ++++ deploy/roles/mailserver/tasks/main.yml | 10 +++ .../templates/docker-compose.yml.j2 | 21 +++-- .../mailserver/templates/settings_local.py.j2 | 7 ++ deploy/roles/mailserver/vars/main.yml | 1 + docker-compose.yml | 84 ++++++++++++------- imap/Dockerfile | 6 +- imap/dh.pem | 13 +++ imap/start.sh | 7 +- .../mailman-extra.cfg | 4 +- mailman/settings_local.py | 7 ++ smtp/Dockerfile | 2 +- smtp/main.cf | 17 ++-- smtp/master.cf | 3 +- smtp/start.sh | 54 ++++++------ spam/Dockerfile | 2 +- spam/start.sh | 14 ++++ webmail/config.inc.php | 11 +++ 26 files changed, 213 insertions(+), 96 deletions(-) create mode 100755 db/databases.sh rename {deploy/roles/mailserver/files => db}/docker-entrypoint.sh (100%) rename docker-entrypoint.sh => deploy/roles/mailserver/files/db/docker-entrypoint.sh (100%) rename deploy/roles/mailserver/files/{ => mailman}/mailman-extra.cfg (80%) create mode 100644 deploy/roles/mailserver/templates/settings_local.py.j2 create mode 100644 imap/dh.pem rename mailman-extra.cfg => mailman/mailman-extra.cfg (80%) create mode 100644 mailman/settings_local.py create mode 100644 webmail/config.inc.php diff --git a/README.md b/README.md index 8c2c93e..3b18a98 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,12 @@ # General -Postfix mta doesnt provide SNI, so there mailserver and lists must run on the same domain +Postfix mta doesnt provide SNI, so mailserver and lists must run on the same domain. +# State +All the front facing files are just examplatory of the final docker-compose directory structure on the provisioned host, therefore completely out of date. Just deploy the ansible project. +All the credentials found in this repo are for testing purpose and may only work on the test instance @creditcards.bayern (v6). Happy fuzzing # Configure diff --git a/db/databases.sh b/db/databases.sh new file mode 100755 index 0000000..65f1b7f --- /dev/null +++ b/db/databases.sh @@ -0,0 +1,11 @@ +file_env 'MYSQL_DATABASES' +if [ "$MYSQL_DATABASES" ]; then + for databaseName in $MYSQL_DATABASES; do + echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}" + done +fi +if [ "$MYSQL_DATABASES" ]; then + for databaseName in $MYSQL_DATABASES; do + echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}" + done +fi diff --git a/deploy/roles/mailserver/files/docker-entrypoint.sh b/db/docker-entrypoint.sh similarity index 100% rename from deploy/roles/mailserver/files/docker-entrypoint.sh rename to db/docker-entrypoint.sh diff --git a/docker-entrypoint.sh b/deploy/roles/mailserver/files/db/docker-entrypoint.sh similarity index 100% rename from docker-entrypoint.sh rename to deploy/roles/mailserver/files/db/docker-entrypoint.sh diff --git a/deploy/roles/mailserver/files/mailman-extra.cfg b/deploy/roles/mailserver/files/mailman/mailman-extra.cfg similarity index 80% rename from deploy/roles/mailserver/files/mailman-extra.cfg rename to deploy/roles/mailserver/files/mailman/mailman-extra.cfg index a601873..e3618d0 100644 --- a/deploy/roles/mailserver/files/mailman-extra.cfg +++ b/deploy/roles/mailserver/files/mailman/mailman-extra.cfg @@ -3,8 +3,8 @@ [mta] incoming: mailman.mta.postfix.LMTP outgoing: mailman.mta.deliver.deliver -lmtp_host: imap -lmtp_port: 8472 +lmtp_host: mailman-core +lmtp_port: 8424 smtp_host: smtp smtp_port: 25 configuration: /etc/postfix-mailman.cfg diff --git a/deploy/roles/mailserver/files/smtp/main.cf b/deploy/roles/mailserver/files/smtp/main.cf index 2d7368f..d42b8d8 100644 --- a/deploy/roles/mailserver/files/smtp/main.cf +++ b/deploy/roles/mailserver/files/smtp/main.cf @@ -70,16 +70,16 @@ mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all -virtual_transport = lmtp:inet:imap:24 +virtual_transport = lmtp:inet:mailman-core:8024 -virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf -virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf +virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf regexp:/mailman/var/data/postfix_vmap +virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_lmtp virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf message_size_limit = 20480000 # Milter setup -smtpd_milters = inet:spam:11334 +smtpd_milters = inet:spam:11332 milter_default_action = accept milter_protocol = 6 diff --git a/deploy/roles/mailserver/files/smtp/master.cf b/deploy/roles/mailserver/files/smtp/master.cf index dd70ac0..a126b27 100644 --- a/deploy/roles/mailserver/files/smtp/master.cf +++ b/deploy/roles/mailserver/files/smtp/master.cf @@ -10,7 +10,6 @@ # (yes) (yes) (yes) (never) (100) # ========================================================================== smtp inet n - - - - smtpd - -o content_filter=spamassassin submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes diff --git a/deploy/roles/mailserver/files/spam/Dockerfile b/deploy/roles/mailserver/files/spam/Dockerfile index 5111185..9b31fc7 100644 --- a/deploy/roles/mailserver/files/spam/Dockerfile +++ b/deploy/roles/mailserver/files/spam/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:edge # We have to upgrade musl, or rspamd will not work. RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \ - && apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates + && apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates RUN mkdir /run/rspamd diff --git a/deploy/roles/mailserver/files/spam/start.sh b/deploy/roles/mailserver/files/spam/start.sh index c6a859f..f436e19 100755 --- a/deploy/roles/mailserver/files/spam/start.sh +++ b/deploy/roles/mailserver/files/spam/start.sh @@ -11,4 +11,19 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc enable_password = "${PASSWORD}"; EOF +cat << EOF > /etc/rspamd/local.d/worker-proxy.inc + bind_socket = "0.0.0.0:11332"; + milter = yes; + timeout = 120s; + upstream "local" { + default = yes; + self_scan = yes; + } +EOF + +cat << EOF > /etc/rspamd/override.d/worker-normal.inc + bind_socket = "127.0.0.1:11333"; +EOF + + /usr/sbin/rspamd -f --insecure diff --git a/deploy/roles/mailserver/tasks/main.yml b/deploy/roles/mailserver/tasks/main.yml index 024f95d..d9d7a53 100644 --- a/deploy/roles/mailserver/tasks/main.yml +++ b/deploy/roles/mailserver/tasks/main.yml @@ -37,6 +37,16 @@ src: config.inc.php.j2 dest: "{{ docker_project_folder }}/mailserver/webmail/config.inc.php" +- name: Create mailman config + copy: + dest: "{{ docker_project_folder }}/mailserver/mailman" + src: mailman + +- name: Copy Mailman Settings + template: + src: settings_local.py.j2 + dest: "{{ docker_project_folder }}/mailserver/mailman/settings_local.py" + - name: make start executable smtp copy: dest: "{{ docker_project_folder }}/mailserver/smtp/start.sh" diff --git a/deploy/roles/mailserver/templates/docker-compose.yml.j2 b/deploy/roles/mailserver/templates/docker-compose.yml.j2 index 3d6b522..8ee1e76 100644 --- a/deploy/roles/mailserver/templates/docker-compose.yml.j2 +++ b/deploy/roles/mailserver/templates/docker-compose.yml.j2 @@ -14,6 +14,7 @@ services: - imap:imap - db:db - spam:spam + - mailman-core:mailman-core volumes: - {{ docker_data_folder }}/mailserver/mailman/core:/mailman - mails:/home/vmail @@ -27,6 +28,10 @@ services: - MYHOSTNAME=mail.{{ DOMAIN }} labels: - "traefik.enable=false" + networks: + defualt: + alias: + - smtp imap: container_name: imap @@ -62,8 +67,9 @@ services: restart: always expose: - 11334 + - 11332 volumes: - - spam:{{ docker_data_folder }} + - {{ docker_data_folder }}/mailserver/rspamd/:/var/lib/rspamd - /etc/localtime:/etc/localtime:ro environment: - PASSWORD={{ WEB_PASSWORD }} @@ -134,7 +140,7 @@ services: MYSQL_PASSWORD: {{ DB_PASSWORD }} volumes: - {{ docker_data_folder }}/mailserver/db:/var/lib/mysql - #- ./docker-entrypoint.sh:/docker-entrypoint.sh + - ./db/docker-entrypoint.sh:/docker-entrypoint.sh - {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d labels: - "traefik.enable=false" @@ -145,11 +151,12 @@ services: hostname: mailman-core volumes: - {{ docker_data_folder }}/mailserver/mailman/core:/opt/mailman/ - - ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg + - ./mailman/mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg + expose: + - 8024 + - 8001 links: - db:db - - smtp:smtp - - imap:imap depends_on: - db environment: @@ -178,6 +185,7 @@ services: - db:db - smtp:smtp volumes: + - ./mailman/settings_local.py:/opt/mailman/web/settings_local.py - {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman-web-data environment: - DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman @@ -238,7 +246,8 @@ services: labels: - "traefik.enable=false" - + networks: + default: volumes: mails: diff --git a/deploy/roles/mailserver/templates/settings_local.py.j2 b/deploy/roles/mailserver/templates/settings_local.py.j2 new file mode 100644 index 0000000..913f029 --- /dev/null +++ b/deploy/roles/mailserver/templates/settings_local.py.j2 @@ -0,0 +1,7 @@ +USE_SSL = True +EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' +EMAIL_HOST = 'smtp' +EMAIL_PORT = 25 +DEFAULT_FROM_EMAIL = "{{ mailman_sender_address }}" +SERVER_EMAIL = "{{ mailman_sender_address }}" +DEBUG = True diff --git a/deploy/roles/mailserver/vars/main.yml b/deploy/roles/mailserver/vars/main.yml index d61f15e..a06479b 100644 --- a/deploy/roles/mailserver/vars/main.yml +++ b/deploy/roles/mailserver/vars/main.yml @@ -4,6 +4,7 @@ ansible_ask_become_pass: yes docker_data_folder: /data_test docker_project_folder: /var/docker DOMAIN: creditcards.bayern +mailman_sender_address: "lists@{{ DOMAIN }}" # vault diff --git a/docker-compose.yml b/docker-compose.yml index 4c0cc48..74043f6 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -14,27 +14,30 @@ services: - imap:imap - db:db - spam:spam + - mailman-core:mailman-core volumes: - - ./smtp/main.cf:/etc/postfix/main.cf:ro - - ./smtp/master.cf:/etc/postfix/master.cf:ro - - /data/mailserver/mailman/data:/mailman + - /data_test/mailserver/mailman/core:/mailman - mails:/home/vmail + - /dev/log:/dev/log - certs:/certs environment: - DATABASE_USER=mail - - DATABASE_PASSWORD=db_password + - DATABASE_PASSWORD=98ewtx9mwh4e9x - DATABASE_NAME=postfix - MYORIGIN=creditcards.bayern - MYHOSTNAME=mail.creditcards.bayern labels: - "traefik.enable=false" + networks: + default: + aliases: + - smtp imap: container_name: imap build: ./imap restart: always depends_on: - - extractor - db ports: - '993:993' @@ -42,6 +45,7 @@ services: expose: - '24' - '8472' + - '993' links: - db - spam @@ -50,7 +54,7 @@ services: - certs:/certs environment: - "DATABASE_USER=mail" - - "DATABASE_PASSWORD=db_password" + - "DATABASE_PASSWORD=98ewtx9mwh4e9x" - "DATABASE_NAME=postfix" - "MAILDOMAIN=mail.creditcards.bayern" labels: @@ -62,11 +66,13 @@ services: restart: always expose: - 11334 + - 11332 volumes: - - spam:/data + - spam:/data_test + - /data_test/rspamd/:/var/lib/rspamd - /etc/localtime:/etc/localtime:ro environment: - - PASSWORD=nichtsicher + - PASSWORD=feelsnotverysecure - PORT=11334 labels: - "traefik.frontend.rule=Host:spam.creditcards.bayern" @@ -84,15 +90,19 @@ services: - imap:imap - smtp:smtp environment: - ROUNDCUBEMAIL_DEFAULT_HOST: imap - ROUNDCUBEMAIL_SMTP_SERVER: smtp + ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap" + ROUNDCUBEMAIL_DEFAULT_PORT: "993" + ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp" + ROUNDCUBEMAIL_SMTP_PORT: 587 ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M ROUNDCUBEMAIL_DB_TYPE: mysql ROUNDCUBEMAIL_DB_HOST: db ROUNDCUBEMAIL_DB_USER: mail - ROUNDCUBEMAIL_DB_PASSWORD: db_password - ROUNDCUBEMAIL_DB_NAME: postfix + ROUNDCUBEMAIL_DB_PASSWORD: 98ewtx9mwh4e9x + ROUNDCUBEMAIL_DB_NAME: roundcube + volumes: + - ./webmail/config.inc.php:/var/roundcube/config/config.inc.php labels: - "traefik.frontend.rule=Host:mail.creditcards.bayern" - "traefik.port=80" @@ -112,7 +122,7 @@ services: DBHOST: db DBUSER: mail DBNAME: postfix - DBPASS: db_password + DBPASS: 98ewtx9mwh4e9x SMTPHOST: smtp DOMAIN: creditcards.bayern labels: @@ -124,13 +134,14 @@ services: image: mariadb:10.3 restart: always environment: - MYSQL_ROOT_PASSWORD: root_password - MYSQL_DATABASES: "postfix mailman" + MYSQL_ROOT_PASSWORD: kf43,cj,ewft3jr4 + MYSQL_DATABASES: "postfix mailman roundcube" MYSQL_USER: mail - MYSQL_PASSWORD: db_password + MYSQL_PASSWORD: 98ewtx9mwh4e9x volumes: - - database:/var/lib/mysql - - ./docker-entrypoint.sh:/docker-entrypoint.sh + - /data_test/mailserver/db:/var/lib/mysql + - ./db/docker-entrypoint.sh:/docker-entrypoint.sh + - /var/docker/mailserver/db:/docker-entrypoint-initdb.d labels: - "traefik.enable=false" @@ -139,19 +150,24 @@ services: container_name: mailman-core hostname: mailman-core volumes: - - /data/mailserver/mailman/core:/opt/mailman/ - - ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg + - /data_test/mailserver/mailman/core:/opt/mailman/ + - ./mailman-extra.cfg:/opt/mailman/mailman-extra.cfg links: - - db - - smtp - - imap + - db:db + expose: + - 8024 + - 8001 depends_on: - db environment: - - DATABASE_URL=mysql://mail:db_password@db/mailman + - DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman - DATABASE_TYPE=mysql - DATABASE_CLASS=mailman.database.mysql.MySQLDatabase - HYPERKITTY_API_KEY=someapikey + - MM_HOSTNAME=mailman-core + - SMTP_PORT=587 + - SMTP_HOST=smtp + - MTA=postfix labels: - "traefik.enable=false" @@ -167,19 +183,24 @@ services: links: - mailman-core:mailman-core - db:db + - smtp:smtp volumes: - - /data/mailserver/mailman/web:/opt/mailman-web-data + - ./settings_local.py:/opt/mailman/web/settings_local.py + - /data_test/mailserver/mailman/web:/opt/mailman-web-data + - /data_test/mailserver/mailman/core:/var/mailman_ environment: - - DATABASE_URL=mysql://mail:db_password@db/mailman + - DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman - DATABASE_TYPE=mysql - HYPERKITTY_API_KEY=someapikey - - SECRET_KEY=thisisaverysecretkey + - SECRET_KEY=feelsnotverysecure - DYLD_LIBRARY_PATH=/usr/local/mysql/lib/ - SERVE_FROM_DOMAIN=lists.creditcards.bayern - DJANGO_ALLOWED_HOSTS=mailman.creditcards.bayern - MAILMAN_ADMIN_USER=admin - MAILMAN_ADMIN_EMAIL=a3x@eris.cc - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static + - SMTP_PORT=587 + - SMTP_HOST=smtp labels: #- "traefik.frontend.rule=Host:mailman.creditcards.bayern" #- "traefik.port=8000" @@ -196,14 +217,12 @@ services: - mailman-web:mailman-web volumes: - ./nginx/:/etc/nginx/conf.d/ - - /data/mailserver/mailman/web:/opt/mailman/ + - /data_test/mailserver/mailman/web:/opt/mailman/ labels: - "traefik.frontend.rule=Host:mailman.creditcards.bayern" - "traefik.port=80" - - traefik: container_name: traefik image: traefik @@ -223,15 +242,16 @@ services: container_name: extractor image: danielhuisman/traefik-certificate-extractor volumes: - - /data/mailserver/traefik:/app/data + - /data_test/mailserver/traefik:/app/data - certs:/app/certs_flat labels: - "traefik.enable=false" +networks: + default: volumes: - database: mails: certs: spam: diff --git a/imap/Dockerfile b/imap/Dockerfile index d1e80ff..fea24b2 100644 --- a/imap/Dockerfile +++ b/imap/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:latest -RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin +RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql -RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail +RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail RUN mkdir /etc/dovecot/sieve-filter RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc @@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf - +ADD dh.pem /dh.pem ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf diff --git a/imap/dh.pem b/imap/dh.pem new file mode 100644 index 0000000..1bdb8ea --- /dev/null +++ b/imap/dh.pem @@ -0,0 +1,13 @@ +-----BEGIN DH PARAMETERS----- +MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy +/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B +2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs +M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A +LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4 +EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE +hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb +z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG +Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN +3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0 +i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI= +-----END DH PARAMETERS----- diff --git a/imap/start.sh b/imap/start.sh index a6fadc6..b989174 100755 --- a/imap/start.sh +++ b/imap/start.sh @@ -8,9 +8,10 @@ #fi #if [ -n "${MAILDOMAIN}" ]; then - echo -e "ssl = yes\n \ - ssl_cert = /etc/dovecot/conf.d/10-ssl.conf +echo -e "ssl = yes\n \ +ssl_dh = /etc/dovecot/conf.d/10-ssl.conf #fi dovecot -F diff --git a/mailman-extra.cfg b/mailman/mailman-extra.cfg similarity index 80% rename from mailman-extra.cfg rename to mailman/mailman-extra.cfg index a601873..e365f53 100644 --- a/mailman-extra.cfg +++ b/mailman/mailman-extra.cfg @@ -3,8 +3,8 @@ [mta] incoming: mailman.mta.postfix.LMTP outgoing: mailman.mta.deliver.deliver -lmtp_host: imap -lmtp_port: 8472 +lmtp_host: mailman-core +lmtp_port: 8024 smtp_host: smtp smtp_port: 25 configuration: /etc/postfix-mailman.cfg diff --git a/mailman/settings_local.py b/mailman/settings_local.py new file mode 100644 index 0000000..a1e7c13 --- /dev/null +++ b/mailman/settings_local.py @@ -0,0 +1,7 @@ +USE_SSL = True +EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' +EMAIL_HOST = 'smtp' +EMAIL_PORT = 25 +DEFAULT_FROM_EMAIL = "lists@creditcards.bayern" +SERVER_EMAIL = "lists@creditcards.bayern" +DEBUG = True diff --git a/smtp/Dockerfile b/smtp/Dockerfile index 45f04de..c91ec89 100644 --- a/smtp/Dockerfile +++ b/smtp/Dockerfile @@ -1,7 +1,7 @@ FROM alpine:latest RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail -RUN apk add --no-cache postfix ca-certificates +RUN apk add --no-cache postfix postfix-mysql ca-certificates ADD ./main.cf /etc/postfix/main.cf ADD ./master.cf /etc/postfix/master.cf diff --git a/smtp/main.cf b/smtp/main.cf index d95d781..796b6eb 100644 --- a/smtp/main.cf +++ b/smtp/main.cf @@ -65,17 +65,18 @@ alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = localhost relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12 +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all -virtual_transport = lmtp:inet:imap:24 +virtual_transport = lmtp:inet:mailman-core:8024 virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf -virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf -virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf - + +virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_vmap +virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf regexp:/mailman/var/data/postfix_lmtp + message_size_limit = 20480000 # Milter setup @@ -85,6 +86,6 @@ milter_protocol = 6 unknown_local_recipient_reject_code = 550 owner_request_special = no -transport_maps = hash:/mailman/var/data/postfix_lmtp -local_recipient_maps = hash:/mailman/var/data/postfix_lmtp -relay_domains = hash:/mailman/var/data/postfix_domains +transport_maps = regexp:/mailman/var/data/postfix_lmtp +local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp +relay_domains = regexp:/mailman/var/data/postfix_domains diff --git a/smtp/master.cf b/smtp/master.cf index dd70ac0..eeed335 100644 --- a/smtp/master.cf +++ b/smtp/master.cf @@ -9,8 +9,7 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -smtp inet n - - - - smtpd - -o content_filter=spamassassin +smtp inet n - - - - smtpd submission inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_sasl_auth_enable=yes diff --git a/smtp/start.sh b/smtp/start.sh index f7637bc..a8c77ee 100755 --- a/smtp/start.sh +++ b/smtp/start.sh @@ -1,36 +1,32 @@ #!/bin/sh -#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then - echo -e "myorigin = ${MYORIGIN}\n \ - myhostname = ${MYHOSTNAME} \ - smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \ - smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf -#fi +echo "myorigin = ${MYHOSTNAME}" >> /etc/postfix/main.cf +echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf +echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf +echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf -#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then - echo -e "user = ${DATABASE_USER}\n \ - password = ${DATABASE_PASSWORD}\n \ - hosts = db\n \ - dbname = ${DATABASE_NAME}\n \ - table = alias\n \ - select_field = goto\n \ - where_field = address" > /etc/postfix/virtual_alias_maps.cf; +echo "user = ${DATABASE_USER} +password = ${DATABASE_PASSWORD} +hosts = db +dbname = ${DATABASE_NAME} +table = alias +select_field = goto +where_field = address" > /etc/postfix/virtual_alias_maps.cf; - echo -e "user = ${DATABASE_USER}\n \ - password = ${DATABASE_PASSWORD}\n \ - hosts = db\n \ - dbname = ${DATABASE_NAME}\n \ - table = domain\n \ - select_field = domain\n \ - where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf; +echo "user = ${DATABASE_USER} +password = ${DATABASE_PASSWORD} +hosts = db +dbname = ${DATABASE_NAME} +table = domain +select_field = domain +where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf; - echo -e "user = ${DATABASE_USER}\n \ - password = ${DATABASE_PASSWORD}\n \ - hosts = db\n \ - dbname = ${DATABASE_NAME}\n \ - table = mailbox\n \ - select_field = maildir\n \ - where_field = username" > /etc/postfix/virtual_mailbox_maps.cf; -#fi +echo "user = ${DATABASE_USER} +password = ${DATABASE_PASSWORD} +hosts = db +dbname = ${DATABASE_NAME} +table = mailbox +select_field = maildir +where_field = username" > /etc/postfix/virtual_mailbox_maps.cf; postfix start-fg diff --git a/spam/Dockerfile b/spam/Dockerfile index 5111185..9b31fc7 100644 --- a/spam/Dockerfile +++ b/spam/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:edge # We have to upgrade musl, or rspamd will not work. RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \ - && apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates + && apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates RUN mkdir /run/rspamd diff --git a/spam/start.sh b/spam/start.sh index c6a859f..4d2ab81 100755 --- a/spam/start.sh +++ b/spam/start.sh @@ -11,4 +11,18 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc enable_password = "${PASSWORD}"; EOF +cat << EOF > /etc/rspamd/local.d/worker-proxy.inc + bind_socket = "0.0.0.0:11332"; + milter = yes; + timeout = 120s; + upstream "local" { + default = yes; + self_scan = yes; + } +EOF + +cat << EOF > /etc/rspamd/override.d/worker-normal.inc + bind_socket = "127.0.0.1:11333"; +EOF + /usr/sbin/rspamd -f --insecure diff --git a/webmail/config.inc.php b/webmail/config.inc.php new file mode 100644 index 0000000..c919a7a --- /dev/null +++ b/webmail/config.inc.php @@ -0,0 +1,11 @@ + array( 'verify_peer' => false, 'verify_peer_name' => false ), ); +$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), ); +$rcmail_config['managesieve_port'] = 4190; +$rcmail_config['managesieve_host'] = 'tls://imap'; +$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), ); +$config['password_db_dsn'] = 'mysql://mail:98ewtx9mwh4e9x@db/postfix'; +$config['password_query'] = "UPDATE mailbox SET password=CONCAT('{SHA512-CRYPT}', ENCRYPT (%p, CONCAT('$5$', SUBSTRING(SHA(RAND()), -16)))) WHERE username=%u;"; + +