a3x/mailserver
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

mailman tested and working, rspamd tested and working, roundcube tested and working

Browse source
This commit is contained in:
Aeris 2018-12-07 17:00:01 +01:00
parent fe40ec4e2f
commit ef7471b3dd
26 changed files with 213 additions and 96 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -1,9 +1,12 @@
# General # General
Postfix mta doesnt provide SNI, so there mailserver and lists must run on the same domain Postfix mta doesnt provide SNI, so mailserver and lists must run on the same domain.
# State
All the front facing files are just examplatory of the final docker-compose directory structure on the provisioned host, therefore completely out of date. Just deploy the ansible project.
All the credentials found in this repo are for testing purpose and may only work on the test instance @creditcards.bayern (v6). Happy fuzzing
# Configure # Configure

11
db/databases.sh Executable file
View file

@ -0,0 +1,11 @@
file_env 'MYSQL_DATABASES'
if [ "$MYSQL_DATABASES" ]; then
for databaseName in $MYSQL_DATABASES; do
echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}"
done
fi
if [ "$MYSQL_DATABASES" ]; then
for databaseName in $MYSQL_DATABASES; do
echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
done
fi

0
deploy/roles/mailserver/files/docker-entrypoint.sh → db/docker-entrypoint.sh
View file

0
docker-entrypoint.sh → deploy/roles/mailserver/files/db/docker-entrypoint.sh
View file

4
deploy/roles/mailserver/files/mailman-extra.cfg → deploy/roles/mailserver/files/mailman/mailman-extra.cfg
View file

@ -3,8 +3,8 @@
[mta] [mta]
incoming: mailman.mta.postfix.LMTP incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver outgoing: mailman.mta.deliver.deliver
lmtp_host: imap lmtp_host: mailman-core
lmtp_port: 8472 lmtp_port: 8424
smtp_host: smtp smtp_host: smtp
smtp_port: 25 smtp_port: 25
configuration: /etc/postfix-mailman.cfg configuration: /etc/postfix-mailman.cfg

8
deploy/roles/mailserver/files/smtp/main.cf
View file

@ -70,16 +70,16 @@ mailbox_size_limit = 0
recipient_delimiter = + recipient_delimiter = +
inet_interfaces = all inet_interfaces = all
virtual_transport = lmtp:inet:imap:24 virtual_transport = lmtp:inet:mailman-core:8024
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf regexp:/mailman/var/data/postfix_vmap
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_lmtp
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
message_size_limit = 20480000 message_size_limit = 20480000
# Milter setup # Milter setup
smtpd_milters = inet:spam:11334 smtpd_milters = inet:spam:11332
milter_default_action = accept milter_default_action = accept
milter_protocol = 6 milter_protocol = 6

1
deploy/roles/mailserver/files/smtp/master.cf
View file

@ -10,7 +10,6 @@
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
smtp inet n - - - - smtpd smtp inet n - - - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd submission inet n - - - - smtpd
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes

2
deploy/roles/mailserver/files/spam/Dockerfile
View file

@ -2,7 +2,7 @@ FROM alpine:edge
# We have to upgrade musl, or rspamd will not work. # We have to upgrade musl, or rspamd will not work.
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
&& apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates && apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates
RUN mkdir /run/rspamd RUN mkdir /run/rspamd

15
deploy/roles/mailserver/files/spam/start.sh
View file

@ -11,4 +11,19 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc
enable_password = "${PASSWORD}"; enable_password = "${PASSWORD}";
EOF EOF
cat << EOF > /etc/rspamd/local.d/worker-proxy.inc
bind_socket = "0.0.0.0:11332";
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
EOF
cat << EOF > /etc/rspamd/override.d/worker-normal.inc
bind_socket = "127.0.0.1:11333";
EOF
/usr/sbin/rspamd -f --insecure /usr/sbin/rspamd -f --insecure

10
deploy/roles/mailserver/tasks/main.yml
View file

@ -37,6 +37,16 @@
src: config.inc.php.j2 src: config.inc.php.j2
dest: "{{ docker_project_folder }}/mailserver/webmail/config.inc.php" dest: "{{ docker_project_folder }}/mailserver/webmail/config.inc.php"
- name: Create mailman config
copy:
dest: "{{ docker_project_folder }}/mailserver/mailman"
src: mailman
- name: Copy Mailman Settings
template:
src: settings_local.py.j2
dest: "{{ docker_project_folder }}/mailserver/mailman/settings_local.py"
- name: make start executable smtp - name: make start executable smtp
copy: copy:
dest: "{{ docker_project_folder }}/mailserver/smtp/start.sh" dest: "{{ docker_project_folder }}/mailserver/smtp/start.sh"

21
deploy/roles/mailserver/templates/docker-compose.yml.j2
View file

@ -14,6 +14,7 @@ services:
- imap:imap - imap:imap
- db:db - db:db
- spam:spam - spam:spam
- mailman-core:mailman-core
volumes: volumes:
- {{ docker_data_folder }}/mailserver/mailman/core:/mailman - {{ docker_data_folder }}/mailserver/mailman/core:/mailman
- mails:/home/vmail - mails:/home/vmail
@ -27,6 +28,10 @@ services:
- MYHOSTNAME=mail.{{ DOMAIN }} - MYHOSTNAME=mail.{{ DOMAIN }}
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
networks:
defualt:
alias:
- smtp
imap: imap:
container_name: imap container_name: imap
@ -62,8 +67,9 @@ services:
restart: always restart: always
expose: expose:
- 11334 - 11334
- 11332
volumes: volumes:
- spam:{{ docker_data_folder }} - {{ docker_data_folder }}/mailserver/rspamd/:/var/lib/rspamd
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:
- PASSWORD={{ WEB_PASSWORD }} - PASSWORD={{ WEB_PASSWORD }}
@ -134,7 +140,7 @@ services:
MYSQL_PASSWORD: {{ DB_PASSWORD }} MYSQL_PASSWORD: {{ DB_PASSWORD }}
volumes: volumes:
- {{ docker_data_folder }}/mailserver/db:/var/lib/mysql - {{ docker_data_folder }}/mailserver/db:/var/lib/mysql
#- ./docker-entrypoint.sh:/docker-entrypoint.sh - ./db/docker-entrypoint.sh:/docker-entrypoint.sh
- {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d - {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
@ -145,11 +151,12 @@ services:
hostname: mailman-core hostname: mailman-core
volumes: volumes:
- {{ docker_data_folder }}/mailserver/mailman/core:/opt/mailman/ - {{ docker_data_folder }}/mailserver/mailman/core:/opt/mailman/
- ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg - ./mailman/mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
expose:
- 8024
- 8001
links: links:
- db:db - db:db
- smtp:smtp
- imap:imap
depends_on: depends_on:
- db - db
environment: environment:
@ -178,6 +185,7 @@ services:
- db:db - db:db
- smtp:smtp - smtp:smtp
volumes: volumes:
- ./mailman/settings_local.py:/opt/mailman/web/settings_local.py
- {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman-web-data - {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman-web-data
environment: environment:
- DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman - DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman
@ -238,7 +246,8 @@ services:
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
networks:
default:
volumes: volumes:
mails: mails:

7
deploy/roles/mailserver/templates/settings_local.py.j2 Normal file
View file

@ -0,0 +1,7 @@
USE_SSL = True
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp'
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = "{{ mailman_sender_address }}"
SERVER_EMAIL = "{{ mailman_sender_address }}"
DEBUG = True

1
deploy/roles/mailserver/vars/main.yml
View file

@ -4,6 +4,7 @@ ansible_ask_become_pass: yes
docker_data_folder: /data_test docker_data_folder: /data_test
docker_project_folder: /var/docker docker_project_folder: /var/docker
DOMAIN: creditcards.bayern DOMAIN: creditcards.bayern
mailman_sender_address: "lists@{{ DOMAIN }}"
# vault # vault

84
docker-compose.yml
View file

@ -14,27 +14,30 @@ services:
- imap:imap - imap:imap
- db:db - db:db
- spam:spam - spam:spam
- mailman-core:mailman-core
volumes: volumes:
- ./smtp/main.cf:/etc/postfix/main.cf:ro - /data_test/mailserver/mailman/core:/mailman
- ./smtp/master.cf:/etc/postfix/master.cf:ro
- /data/mailserver/mailman/data:/mailman
- mails:/home/vmail - mails:/home/vmail
- /dev/log:/dev/log
- certs:/certs - certs:/certs
environment: environment:
- DATABASE_USER=mail - DATABASE_USER=mail
- DATABASE_PASSWORD=db_password - DATABASE_PASSWORD=98ewtx9mwh4e9x
- DATABASE_NAME=postfix - DATABASE_NAME=postfix
- MYORIGIN=creditcards.bayern - MYORIGIN=creditcards.bayern
- MYHOSTNAME=mail.creditcards.bayern - MYHOSTNAME=mail.creditcards.bayern
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
networks:
default:
aliases:
- smtp
imap: imap:
container_name: imap container_name: imap
build: ./imap build: ./imap
restart: always restart: always
depends_on: depends_on:
- extractor
- db - db
ports: ports:
- '993:993' - '993:993'
@ -42,6 +45,7 @@ services:
expose: expose:
- '24' - '24'
- '8472' - '8472'
- '993'
links: links:
- db - db
- spam - spam
@ -50,7 +54,7 @@ services:
- certs:/certs - certs:/certs
environment: environment:
- "DATABASE_USER=mail" - "DATABASE_USER=mail"
- "DATABASE_PASSWORD=db_password" - "DATABASE_PASSWORD=98ewtx9mwh4e9x"
- "DATABASE_NAME=postfix" - "DATABASE_NAME=postfix"
- "MAILDOMAIN=mail.creditcards.bayern" - "MAILDOMAIN=mail.creditcards.bayern"
labels: labels:
@ -62,11 +66,13 @@ services:
restart: always restart: always
expose: expose:
- 11334 - 11334
- 11332
volumes: volumes:
- spam:/data - spam:/data_test
- /data_test/rspamd/:/var/lib/rspamd
- /etc/localtime:/etc/localtime:ro - /etc/localtime:/etc/localtime:ro
environment: environment:
- PASSWORD=nichtsicher - PASSWORD=feelsnotverysecure
- PORT=11334 - PORT=11334
labels: labels:
- "traefik.frontend.rule=Host:spam.creditcards.bayern" - "traefik.frontend.rule=Host:spam.creditcards.bayern"
@ -84,15 +90,19 @@ services:
- imap:imap - imap:imap
- smtp:smtp - smtp:smtp
environment: environment:
ROUNDCUBEMAIL_DEFAULT_HOST: imap ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap"
ROUNDCUBEMAIL_SMTP_SERVER: smtp ROUNDCUBEMAIL_DEFAULT_PORT: "993"
ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp"
ROUNDCUBEMAIL_SMTP_PORT: 587
ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
ROUNDCUBEMAIL_DB_TYPE: mysql ROUNDCUBEMAIL_DB_TYPE: mysql
ROUNDCUBEMAIL_DB_HOST: db ROUNDCUBEMAIL_DB_HOST: db
ROUNDCUBEMAIL_DB_USER: mail ROUNDCUBEMAIL_DB_USER: mail
ROUNDCUBEMAIL_DB_PASSWORD: db_password ROUNDCUBEMAIL_DB_PASSWORD: 98ewtx9mwh4e9x
ROUNDCUBEMAIL_DB_NAME: postfix ROUNDCUBEMAIL_DB_NAME: roundcube
volumes:
- ./webmail/config.inc.php:/var/roundcube/config/config.inc.php
labels: labels:
- "traefik.frontend.rule=Host:mail.creditcards.bayern" - "traefik.frontend.rule=Host:mail.creditcards.bayern"
- "traefik.port=80" - "traefik.port=80"
@ -112,7 +122,7 @@ services:
DBHOST: db DBHOST: db
DBUSER: mail DBUSER: mail
DBNAME: postfix DBNAME: postfix
DBPASS: db_password DBPASS: 98ewtx9mwh4e9x
SMTPHOST: smtp SMTPHOST: smtp
DOMAIN: creditcards.bayern DOMAIN: creditcards.bayern
labels: labels:
@ -124,13 +134,14 @@ services:
image: mariadb:10.3 image: mariadb:10.3
restart: always restart: always
environment: environment:
MYSQL_ROOT_PASSWORD: root_password MYSQL_ROOT_PASSWORD: kf43,cj,ewft3jr4
MYSQL_DATABASES: "postfix mailman" MYSQL_DATABASES: "postfix mailman roundcube"
MYSQL_USER: mail MYSQL_USER: mail
MYSQL_PASSWORD: db_password MYSQL_PASSWORD: 98ewtx9mwh4e9x
volumes: volumes:
- database:/var/lib/mysql - /data_test/mailserver/db:/var/lib/mysql
- ./docker-entrypoint.sh:/docker-entrypoint.sh - ./db/docker-entrypoint.sh:/docker-entrypoint.sh
- /var/docker/mailserver/db:/docker-entrypoint-initdb.d
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
@ -139,19 +150,24 @@ services:
container_name: mailman-core container_name: mailman-core
hostname: mailman-core hostname: mailman-core
volumes: volumes:
- /data/mailserver/mailman/core:/opt/mailman/ - /data_test/mailserver/mailman/core:/opt/mailman/
- ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg - ./mailman-extra.cfg:/opt/mailman/mailman-extra.cfg
links: links:
- db - db:db
- smtp expose:
- imap - 8024
- 8001
depends_on: depends_on:
- db - db
environment: environment:
- DATABASE_URL=mysql://mail:db_password@db/mailman - DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman
- DATABASE_TYPE=mysql - DATABASE_TYPE=mysql
- DATABASE_CLASS=mailman.database.mysql.MySQLDatabase - DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
- HYPERKITTY_API_KEY=someapikey - HYPERKITTY_API_KEY=someapikey
- MM_HOSTNAME=mailman-core
- SMTP_PORT=587
- SMTP_HOST=smtp
- MTA=postfix
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
@ -167,19 +183,24 @@ services:
links: links:
- mailman-core:mailman-core - mailman-core:mailman-core
- db:db - db:db
- smtp:smtp
volumes: volumes:
- /data/mailserver/mailman/web:/opt/mailman-web-data - ./settings_local.py:/opt/mailman/web/settings_local.py
- /data_test/mailserver/mailman/web:/opt/mailman-web-data
- /data_test/mailserver/mailman/core:/var/mailman_
environment: environment:
- DATABASE_URL=mysql://mail:db_password@db/mailman - DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman
- DATABASE_TYPE=mysql - DATABASE_TYPE=mysql
- HYPERKITTY_API_KEY=someapikey - HYPERKITTY_API_KEY=someapikey
- SECRET_KEY=thisisaverysecretkey - SECRET_KEY=feelsnotverysecure
- DYLD_LIBRARY_PATH=/usr/local/mysql/lib/ - DYLD_LIBRARY_PATH=/usr/local/mysql/lib/
- SERVE_FROM_DOMAIN=lists.creditcards.bayern - SERVE_FROM_DOMAIN=lists.creditcards.bayern
- DJANGO_ALLOWED_HOSTS=mailman.creditcards.bayern - DJANGO_ALLOWED_HOSTS=mailman.creditcards.bayern
- MAILMAN_ADMIN_USER=admin - MAILMAN_ADMIN_USER=admin
- MAILMAN_ADMIN_EMAIL=a3x@eris.cc - MAILMAN_ADMIN_EMAIL=a3x@eris.cc
- UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
- SMTP_PORT=587
- SMTP_HOST=smtp
labels: labels:
#- "traefik.frontend.rule=Host:mailman.creditcards.bayern" #- "traefik.frontend.rule=Host:mailman.creditcards.bayern"
#- "traefik.port=8000" #- "traefik.port=8000"
@ -196,14 +217,12 @@ services:
- mailman-web:mailman-web - mailman-web:mailman-web
volumes: volumes:
- ./nginx/:/etc/nginx/conf.d/ - ./nginx/:/etc/nginx/conf.d/
- /data/mailserver/mailman/web:/opt/mailman/ - /data_test/mailserver/mailman/web:/opt/mailman/
labels: labels:
- "traefik.frontend.rule=Host:mailman.creditcards.bayern" - "traefik.frontend.rule=Host:mailman.creditcards.bayern"
- "traefik.port=80" - "traefik.port=80"
traefik: traefik:
container_name: traefik container_name: traefik
image: traefik image: traefik
@ -223,15 +242,16 @@ services:
container_name: extractor container_name: extractor
image: danielhuisman/traefik-certificate-extractor image: danielhuisman/traefik-certificate-extractor
volumes: volumes:
- /data/mailserver/traefik:/app/data - /data_test/mailserver/traefik:/app/data
- certs:/app/certs_flat - certs:/app/certs_flat
labels: labels:
- "traefik.enable=false" - "traefik.enable=false"
networks:
default:
volumes: volumes:
database:
mails: mails:
certs: certs:
spam: spam:

6
imap/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:latest FROM alpine:latest
RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN mkdir /etc/dovecot/sieve-filter RUN mkdir /etc/dovecot/sieve-filter
RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf
ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
ADD dh.pem /dh.pem
ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf

13
imap/dh.pem Normal file
View file

@ -0,0 +1,13 @@
-----BEGIN DH PARAMETERS-----
MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy
/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B
2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs
M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A
LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4
EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE
hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb
z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG
Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN
3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0
i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI=
-----END DH PARAMETERS-----

1
imap/start.sh
View file

@ -9,6 +9,7 @@
#if [ -n "${MAILDOMAIN}" ]; then #if [ -n "${MAILDOMAIN}" ]; then
echo -e "ssl = yes\n \ echo -e "ssl = yes\n \
ssl_dh = </dh.pem\n \
ssl_cert = </certs/${MAILDOMAIN}.crt\n \ ssl_cert = </certs/${MAILDOMAIN}.crt\n \
ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
#fi #fi

4
mailman-extra.cfg → mailman/mailman-extra.cfg
View file

@ -3,8 +3,8 @@
[mta] [mta]
incoming: mailman.mta.postfix.LMTP incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver outgoing: mailman.mta.deliver.deliver
lmtp_host: imap lmtp_host: mailman-core
lmtp_port: 8472 lmtp_port: 8024
smtp_host: smtp smtp_host: smtp
smtp_port: 25 smtp_port: 25
configuration: /etc/postfix-mailman.cfg configuration: /etc/postfix-mailman.cfg

7
mailman/settings_local.py Normal file
View file

@ -0,0 +1,7 @@
USE_SSL = True
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp'
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = "lists@creditcards.bayern"
SERVER_EMAIL = "lists@creditcards.bayern"
DEBUG = True

2
smtp/Dockerfile
View file

@ -1,7 +1,7 @@
FROM alpine:latest FROM alpine:latest
RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
RUN apk add --no-cache postfix ca-certificates RUN apk add --no-cache postfix postfix-mysql ca-certificates
ADD ./main.cf /etc/postfix/main.cf ADD ./main.cf /etc/postfix/main.cf
ADD ./master.cf /etc/postfix/master.cf ADD ./master.cf /etc/postfix/master.cf

15
smtp/main.cf
View file

@ -65,16 +65,17 @@ alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases alias_database = hash:/etc/aliases
mydestination = localhost mydestination = localhost
relayhost = relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.0.0.0/8
mailbox_size_limit = 0 mailbox_size_limit = 0
recipient_delimiter = + recipient_delimiter = +
inet_interfaces = all inet_interfaces = all
virtual_transport = lmtp:inet:imap:24 virtual_transport = lmtp:inet:mailman-core:8024
virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_vmap
virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf regexp:/mailman/var/data/postfix_lmtp
message_size_limit = 20480000 message_size_limit = 20480000
@ -85,6 +86,6 @@ milter_protocol = 6
unknown_local_recipient_reject_code = 550 unknown_local_recipient_reject_code = 550
owner_request_special = no owner_request_special = no
transport_maps = hash:/mailman/var/data/postfix_lmtp transport_maps = regexp:/mailman/var/data/postfix_lmtp
local_recipient_maps = hash:/mailman/var/data/postfix_lmtp local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp
relay_domains = hash:/mailman/var/data/postfix_domains relay_domains = regexp:/mailman/var/data/postfix_domains

1
smtp/master.cf
View file

@ -10,7 +10,6 @@
# (yes) (yes) (yes) (never) (100) # (yes) (yes) (yes) (never) (100)
# ========================================================================== # ==========================================================================
smtp inet n - - - - smtpd smtp inet n - - - - smtpd
-o content_filter=spamassassin
submission inet n - - - - smtpd submission inet n - - - - smtpd
-o syslog_name=postfix/submission -o syslog_name=postfix/submission
-o smtpd_sasl_auth_enable=yes -o smtpd_sasl_auth_enable=yes

48
smtp/start.sh
View file

@ -1,36 +1,32 @@
#!/bin/sh #!/bin/sh
#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then echo "myorigin = ${MYHOSTNAME}" >> /etc/postfix/main.cf
echo -e "myorigin = ${MYORIGIN}\n \ echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf
myhostname = ${MYHOSTNAME} \ echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf
smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \ echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf
smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf
#fi
#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then echo "user = ${DATABASE_USER}
echo -e "user = ${DATABASE_USER}\n \ password = ${DATABASE_PASSWORD}
password = ${DATABASE_PASSWORD}\n \ hosts = db
hosts = db\n \ dbname = ${DATABASE_NAME}
dbname = ${DATABASE_NAME}\n \ table = alias
table = alias\n \ select_field = goto
select_field = goto\n \
where_field = address" > /etc/postfix/virtual_alias_maps.cf; where_field = address" > /etc/postfix/virtual_alias_maps.cf;
echo -e "user = ${DATABASE_USER}\n \ echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}\n \ password = ${DATABASE_PASSWORD}
hosts = db\n \ hosts = db
dbname = ${DATABASE_NAME}\n \ dbname = ${DATABASE_NAME}
table = domain\n \ table = domain
select_field = domain\n \ select_field = domain
where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf; where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
echo -e "user = ${DATABASE_USER}\n \ echo "user = ${DATABASE_USER}
password = ${DATABASE_PASSWORD}\n \ password = ${DATABASE_PASSWORD}
hosts = db\n \ hosts = db
dbname = ${DATABASE_NAME}\n \ dbname = ${DATABASE_NAME}
table = mailbox\n \ table = mailbox
select_field = maildir\n \ select_field = maildir
where_field = username" > /etc/postfix/virtual_mailbox_maps.cf; where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
#fi
postfix start-fg postfix start-fg

2
spam/Dockerfile
View file

@ -2,7 +2,7 @@ FROM alpine:edge
# We have to upgrade musl, or rspamd will not work. # We have to upgrade musl, or rspamd will not work.
RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \ RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
&& apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates && apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates
RUN mkdir /run/rspamd RUN mkdir /run/rspamd

14
spam/start.sh
View file

@ -11,4 +11,18 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc
enable_password = "${PASSWORD}"; enable_password = "${PASSWORD}";
EOF EOF
cat << EOF > /etc/rspamd/local.d/worker-proxy.inc
bind_socket = "0.0.0.0:11332";
milter = yes;
timeout = 120s;
upstream "local" {
default = yes;
self_scan = yes;
}
EOF
cat << EOF > /etc/rspamd/override.d/worker-normal.inc
bind_socket = "127.0.0.1:11333";
EOF
/usr/sbin/rspamd -f --insecure /usr/sbin/rspamd -f --insecure

11
webmail/config.inc.php Normal file
View file

@ -0,0 +1,11 @@
<?php
$config['imap_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$config['smtp_conn_options'] = array('ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$rcmail_config['managesieve_port'] = 4190;
$rcmail_config['managesieve_host'] = 'tls://imap';
$config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'verify_peer_name' => false ), );
$config['password_db_dsn'] = 'mysql://mail:98ewtx9mwh4e9x@db/postfix';
$config['password_query'] = "UPDATE mailbox SET password=CONCAT('{SHA512-CRYPT}', ENCRYPT (%p, CONCAT('$5$', SUBSTRING(SHA(RAND()), -16)))) WHERE username=%u;";