mailman tested and working, rspamd tested and working, roundcube tested and working

README.md

@@ -1,9 +1,12 @@
 # General
 
-Postfix mta doesnt provide SNI, so there mailserver and lists must run on the same domain
+Postfix mta doesnt provide SNI, so mailserver and lists must run on the same domain.
 
+# State 
 
+All the front facing files are just examplatory of the final docker-compose directory structure on the provisioned host, therefore completely out of date. Just deploy the ansible project.
 
+All the credentials found in this repo are for testing purpose and may only work on the test instance @creditcards.bayern (v6). Happy fuzzing
 
 # Configure
 

db/databases.sh

@@ -0,0 +1,11 @@
+file_env 'MYSQL_DATABASES'
+if [ "$MYSQL_DATABASES" ]; then
+	for databaseName in $MYSQL_DATABASES; do
+		echo "CREATE DATABASE IF NOT EXISTS \`$databaseName\` ;" | "${mysql[@]}"
+	done
+fi
+if [ "$MYSQL_DATABASES" ]; then
+	for databaseName in $MYSQL_DATABASES; do
+		echo "GRANT ALL ON \`$databaseName\`.* TO '$MYSQL_USER'@'%' ;" | "${mysql[@]}"
+	done
+fi

deploy/roles/mailserver/files/mailman/mailman-extra.cfg

@@ -3,8 +3,8 @@
 [mta]
 incoming: mailman.mta.postfix.LMTP
 outgoing: mailman.mta.deliver.deliver
-lmtp_host: imap
+lmtp_host: mailman-core
-lmtp_port: 8472
+lmtp_port: 8424
 smtp_host: smtp
 smtp_port: 25
 configuration: /etc/postfix-mailman.cfg

deploy/roles/mailserver/files/smtp/main.cf

@@ -70,16 +70,16 @@ mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 
-virtual_transport = lmtp:inet:imap:24
+virtual_transport = lmtp:inet:mailman-core:8024
 
-virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
+virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf regexp:/mailman/var/data/postfix_vmap
-virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
+virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_lmtp
 virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
 
 message_size_limit = 20480000
 
 # Milter setup
-smtpd_milters = inet:spam:11334
+smtpd_milters = inet:spam:11332
 milter_default_action = accept
 milter_protocol = 6
 

deploy/roles/mailserver/files/smtp/master.cf

@@ -10,7 +10,6 @@
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
 smtp      inet  n       -       -       -       -       smtpd
-  -o content_filter=spamassassin
 submission inet n       -       -       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_sasl_auth_enable=yes

deploy/roles/mailserver/files/spam/Dockerfile

@@ -2,7 +2,7 @@ FROM alpine:edge
 
 # We have to upgrade musl, or rspamd will not work.
 RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
- && apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates
+ && apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates
 
 RUN mkdir /run/rspamd
 

deploy/roles/mailserver/files/spam/start.sh

@@ -11,4 +11,19 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc
     enable_password = "${PASSWORD}";
 EOF
 
+cat << EOF > /etc/rspamd/local.d/worker-proxy.inc
+    bind_socket = "0.0.0.0:11332";
+    milter = yes;
+    timeout = 120s;
+    upstream "local" {
+      default = yes;
+      self_scan = yes;
+    }
+EOF
+
+cat << EOF > /etc/rspamd/override.d/worker-normal.inc
+  bind_socket = "127.0.0.1:11333";
+EOF
+
+
 /usr/sbin/rspamd -f --insecure

deploy/roles/mailserver/tasks/main.yml

@@ -37,6 +37,16 @@
     src: config.inc.php.j2
     dest: "{{ docker_project_folder }}/mailserver/webmail/config.inc.php"
 
+- name: Create mailman config
+  copy:
+    dest: "{{ docker_project_folder }}/mailserver/mailman"
+    src: mailman
+
+- name: Copy Mailman Settings
+  template:
+    src: settings_local.py.j2
+    dest: "{{ docker_project_folder }}/mailserver/mailman/settings_local.py"
+
 - name: make start executable smtp
   copy:
     dest: "{{ docker_project_folder }}/mailserver/smtp/start.sh"

deploy/roles/mailserver/templates/docker-compose.yml.j2

@@ -14,6 +14,7 @@ services:
       - imap:imap
       - db:db
       - spam:spam
+      - mailman-core:mailman-core
     volumes:
       - {{ docker_data_folder }}/mailserver/mailman/core:/mailman
       - mails:/home/vmail
@@ -27,6 +28,10 @@ services:
       - MYHOSTNAME=mail.{{ DOMAIN }}
     labels:
       - "traefik.enable=false"
+    networks:
+      defualt:
+        alias:
+          - smtp
 
   imap:
     container_name: imap
@@ -62,8 +67,9 @@ services:
     restart: always
     expose:
       - 11334
+      - 11332
     volumes:
-      - spam:{{ docker_data_folder }}
+      - {{ docker_data_folder }}/mailserver/rspamd/:/var/lib/rspamd
       - /etc/localtime:/etc/localtime:ro
     environment:
       - PASSWORD={{ WEB_PASSWORD }}
@@ -134,7 +140,7 @@ services:
       MYSQL_PASSWORD: {{ DB_PASSWORD }}
     volumes:
       - {{ docker_data_folder }}/mailserver/db:/var/lib/mysql
-      #- ./docker-entrypoint.sh:/docker-entrypoint.sh
+      - ./db/docker-entrypoint.sh:/docker-entrypoint.sh
       - {{ docker_project_folder }}/mailserver/db:/docker-entrypoint-initdb.d
     labels:
       - "traefik.enable=false"
@@ -145,11 +151,12 @@ services:
     hostname: mailman-core
     volumes:
       - {{ docker_data_folder }}/mailserver/mailman/core:/opt/mailman/
-      - ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
+      - ./mailman/mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
+    expose:
+      - 8024
+      - 8001
     links:
      - db:db
-     - smtp:smtp
-     - imap:imap
     depends_on:
       - db
     environment:
@@ -178,6 +185,7 @@ services:
       - db:db
       - smtp:smtp
     volumes:
+      - ./mailman/settings_local.py:/opt/mailman/web/settings_local.py
       - {{ docker_data_folder }}/mailserver/mailman/web:/opt/mailman-web-data
     environment:
       - DATABASE_URL=mysql://mail:{{ DB_PASSWORD }}@db/mailman
@@ -238,7 +246,8 @@ services:
     labels:
       - "traefik.enable=false"
 
-
+  networks:
+    default:
 
 volumes:
   mails:

deploy/roles/mailserver/templates/settings_local.py.j2

@@ -0,0 +1,7 @@
+USE_SSL = True
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST = 'smtp'
+EMAIL_PORT = 25
+DEFAULT_FROM_EMAIL = "{{ mailman_sender_address }}"
+SERVER_EMAIL = "{{ mailman_sender_address }}"
+DEBUG = True

deploy/roles/mailserver/vars/main.yml

@@ -4,6 +4,7 @@ ansible_ask_become_pass: yes
 docker_data_folder: /data_test
 docker_project_folder: /var/docker
 DOMAIN: creditcards.bayern
+mailman_sender_address: "lists@{{ DOMAIN }}"
 
 # vault
 

docker-compose.yml

@@ -14,27 +14,30 @@ services:
       - imap:imap
       - db:db
       - spam:spam
+      - mailman-core:mailman-core
     volumes:
-      - ./smtp/main.cf:/etc/postfix/main.cf:ro
+      - /data_test/mailserver/mailman/core:/mailman
-      - ./smtp/master.cf:/etc/postfix/master.cf:ro
-      - /data/mailserver/mailman/data:/mailman
       - mails:/home/vmail
+      - /dev/log:/dev/log
       - certs:/certs
     environment:
       - DATABASE_USER=mail
-      - DATABASE_PASSWORD=db_password
+      - DATABASE_PASSWORD=98ewtx9mwh4e9x
       - DATABASE_NAME=postfix
       - MYORIGIN=creditcards.bayern
       - MYHOSTNAME=mail.creditcards.bayern
     labels:
       - "traefik.enable=false"
+    networks:
+      default:
+        aliases:
+         - smtp
 
   imap:
     container_name: imap
     build: ./imap
     restart: always
     depends_on:
-     - extractor
      - db
     ports:
      - '993:993'
@@ -42,6 +45,7 @@ services:
     expose:
      - '24'
      - '8472'
+     - '993'
     links:
       - db
       - spam
@@ -50,7 +54,7 @@ services:
       - certs:/certs
     environment:
       - "DATABASE_USER=mail"
-      - "DATABASE_PASSWORD=db_password"
+      - "DATABASE_PASSWORD=98ewtx9mwh4e9x"
       - "DATABASE_NAME=postfix"
       - "MAILDOMAIN=mail.creditcards.bayern"
     labels:
@@ -62,11 +66,13 @@ services:
     restart: always
     expose:
       - 11334
+      - 11332
     volumes:
-      - spam:/data
+      - spam:/data_test
+      - /data_test/rspamd/:/var/lib/rspamd
       - /etc/localtime:/etc/localtime:ro
     environment:
-      - PASSWORD=nichtsicher
+      - PASSWORD=feelsnotverysecure
       - PORT=11334
     labels:
       - "traefik.frontend.rule=Host:spam.creditcards.bayern"
@@ -84,15 +90,19 @@ services:
       - imap:imap
       - smtp:smtp
     environment:
-      ROUNDCUBEMAIL_DEFAULT_HOST: imap
+      ROUNDCUBEMAIL_DEFAULT_HOST: "ssl://imap"
-      ROUNDCUBEMAIL_SMTP_SERVER: smtp
+      ROUNDCUBEMAIL_DEFAULT_PORT: "993"
+      ROUNDCUBEMAIL_SMTP_SERVER: "tls://smtp"
+      ROUNDCUBEMAIL_SMTP_PORT: 587
       ROUNDCUBEMAIL_PLUGINS: archive,zipdownload,managesieve,password
       ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE: 100M
       ROUNDCUBEMAIL_DB_TYPE: mysql
       ROUNDCUBEMAIL_DB_HOST: db
       ROUNDCUBEMAIL_DB_USER: mail
-      ROUNDCUBEMAIL_DB_PASSWORD: db_password
+      ROUNDCUBEMAIL_DB_PASSWORD: 98ewtx9mwh4e9x
-      ROUNDCUBEMAIL_DB_NAME: postfix
+      ROUNDCUBEMAIL_DB_NAME: roundcube
+    volumes:
+      - ./webmail/config.inc.php:/var/roundcube/config/config.inc.php
     labels:
       - "traefik.frontend.rule=Host:mail.creditcards.bayern"
       - "traefik.port=80"
@@ -112,7 +122,7 @@ services:
       DBHOST: db
       DBUSER: mail
       DBNAME: postfix
-      DBPASS: db_password
+      DBPASS: 98ewtx9mwh4e9x
       SMTPHOST: smtp
       DOMAIN: creditcards.bayern
     labels:
@@ -124,13 +134,14 @@ services:
     image: mariadb:10.3
     restart: always
     environment:
-      MYSQL_ROOT_PASSWORD: root_password
+      MYSQL_ROOT_PASSWORD: kf43,cj,ewft3jr4
-      MYSQL_DATABASES: "postfix mailman"
+      MYSQL_DATABASES: "postfix mailman roundcube"
       MYSQL_USER: mail
-      MYSQL_PASSWORD: db_password
+      MYSQL_PASSWORD: 98ewtx9mwh4e9x
     volumes:
-      - database:/var/lib/mysql
+      - /data_test/mailserver/db:/var/lib/mysql
-      - ./docker-entrypoint.sh:/docker-entrypoint.sh
+      - ./db/docker-entrypoint.sh:/docker-entrypoint.sh
+      - /var/docker/mailserver/db:/docker-entrypoint-initdb.d
     labels:
       - "traefik.enable=false"
 
@@ -139,19 +150,24 @@ services:
     container_name: mailman-core
     hostname: mailman-core
     volumes:
-      - /data/mailserver/mailman/core:/opt/mailman/
+      - /data_test/mailserver/mailman/core:/opt/mailman/
-      - ./mailman-extra.cfg:/opt/mailman/core/mailman-extra.cfg
+      - ./mailman-extra.cfg:/opt/mailman/mailman-extra.cfg
     links:
-     - db
+     - db:db
-     - smtp
+    expose:
-     - imap
+     - 8024
+     - 8001
     depends_on:
       - db
     environment:
-      - DATABASE_URL=mysql://mail:db_password@db/mailman
+      - DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman
       - DATABASE_TYPE=mysql
       - DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
       - HYPERKITTY_API_KEY=someapikey
+      - MM_HOSTNAME=mailman-core
+      - SMTP_PORT=587
+      - SMTP_HOST=smtp
+      - MTA=postfix
     labels:
       - "traefik.enable=false"
 
@@ -167,19 +183,24 @@ services:
     links:
       - mailman-core:mailman-core
       - db:db
+      - smtp:smtp
     volumes:
-      - /data/mailserver/mailman/web:/opt/mailman-web-data
+      - ./settings_local.py:/opt/mailman/web/settings_local.py
+      - /data_test/mailserver/mailman/web:/opt/mailman-web-data
+      - /data_test/mailserver/mailman/core:/var/mailman_
     environment:
-      - DATABASE_URL=mysql://mail:db_password@db/mailman
+      - DATABASE_URL=mysql://mail:98ewtx9mwh4e9x@db/mailman
       - DATABASE_TYPE=mysql   
       - HYPERKITTY_API_KEY=someapikey
-      - SECRET_KEY=thisisaverysecretkey
+      - SECRET_KEY=feelsnotverysecure
       - DYLD_LIBRARY_PATH=/usr/local/mysql/lib/
       - SERVE_FROM_DOMAIN=lists.creditcards.bayern
       - DJANGO_ALLOWED_HOSTS=mailman.creditcards.bayern
       - MAILMAN_ADMIN_USER=admin
       - MAILMAN_ADMIN_EMAIL=a3x@eris.cc
       - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
+      - SMTP_PORT=587
+      - SMTP_HOST=smtp
     labels:
       #- "traefik.frontend.rule=Host:mailman.creditcards.bayern"
       #- "traefik.port=8000"
@@ -196,14 +217,12 @@ services:
       - mailman-web:mailman-web
     volumes:
       - ./nginx/:/etc/nginx/conf.d/
-      - /data/mailserver/mailman/web:/opt/mailman/
+      - /data_test/mailserver/mailman/web:/opt/mailman/
     labels:
       - "traefik.frontend.rule=Host:mailman.creditcards.bayern"
       - "traefik.port=80"
 
 
-
-
   traefik:
     container_name: traefik
     image: traefik  
@@ -223,15 +242,16 @@ services:
     container_name: extractor
     image: danielhuisman/traefik-certificate-extractor
     volumes: 
-      - /data/mailserver/traefik:/app/data
+      - /data_test/mailserver/traefik:/app/data
       - certs:/app/certs_flat
     labels:
       - "traefik.enable=false"
 
+networks:
+  default:
 
 
 volumes:
-  database:
   mails:
   certs:
   spam:

imap/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:latest
-RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin
+RUN apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-mysql
 
-RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
+RUN addgroup -S vmail && adduser -u 5000 -G vmail -s /usr/bin/nologin -h /home/vmail -S vmail
 
 RUN mkdir /etc/dovecot/sieve-filter
 RUN ln -s /usr/bin/vendor_perl/spamc /etc/dovecot/sieve-filter/spamc
@@ -10,7 +10,7 @@ ADD dovecot.conf /etc/dovecot/dovecot.conf
 ADD 10-auth.conf /etc/dovecot/conf.d/10-auth.conf
 ADD 10-master.conf /etc/dovecot/conf.d/10-master.conf
 
-
+ADD dh.pem /dh.pem
 ADD 20-lmtp.conf /etc/dovecot/conf.d/20-lmtp.conf
 ADD 90-sieve.conf /etc/dovecot/conf.d/90-sieve.conf
 

imap/dh.pem

@@ -0,0 +1,13 @@
+-----BEGIN DH PARAMETERS-----
+MIICCAKCAgEAp8B6nAUjQq4z8Oxx77t29exX+ukVggQJBVlxk3RJJxdZxdaLh9Zy
+/Vu+AzrowdhqAjzIOj96r7nS7qK2D6T5FN6OcsQOLCQc1fiP7AuK421IT2ZvFj0B
+2nvgT0O06s/yMV0G7wgBb2XbqwCTMHTlukMvHwnmKrEUttZ39tIYWcs/C/i2F4Rs
+M/KkAR475gh3tLm89mOe3ROkIs6Z/eWnEWs2+mT6MCfFWSCaY5/aatktt5nKXi1A
+LcW0jXug5/i7Ie/LoqjbSSfuuCxaQ8Tm1nQW9Xv7TlwWXD3ccudS6+ggzaX5hPd4
+EnX7o6CvgBUZfY1ecb88Id2sm6+WgHaXkEhsv4pDqU5qwbW3aEGR+iSmqW8l9cWE
+hPtCiRwM4IJ96pJ1bhwS8pwVO4g7O4vNYl/wsAeWGqY2v1hAdkufUvUk3O7IV7Zb
+z1V6XAitG2YWnfOaZlK/XbXmZ7DPRh4L7A8HNswf745jCpHsnk7RnLu3tUTTKshG
+Bk9du8bq1Rjexc2IRVDMnxl2HvpSG21qU7VrPNXEpJDADfqbIcwFIajD6FfN7fEN
+3H4J3VhYm3lblG5ppx3NogT4rvtMR9wIQAEuHY5GEezZnSAe9AcZLkIeBhXhNZJ0
+i2tw3N+k2O0iRYEZs9f0cq/V2F4BUKamilkGEoM7J4CwMvINZoAW1XsCAQI=
+-----END DH PARAMETERS-----

imap/start.sh

@@ -8,9 +8,10 @@
 #fi
 
 #if [ -n "${MAILDOMAIN}" ]; then
-	echo -e "ssl = yes\n \
+echo -e "ssl = yes\n \
-		ssl_cert = </certs/${MAILDOMAIN}.crt\n \
+ssl_dh = </dh.pem\n \
-		ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
+ssl_cert = </certs/${MAILDOMAIN}.crt\n \
+ssl_key = </certs/${MAILDOMAIN}.key" > /etc/dovecot/conf.d/10-ssl.conf
 #fi
 
 dovecot -F

mailman/mailman-extra.cfg

@@ -3,8 +3,8 @@
 [mta]
 incoming: mailman.mta.postfix.LMTP
 outgoing: mailman.mta.deliver.deliver
-lmtp_host: imap
+lmtp_host: mailman-core
-lmtp_port: 8472
+lmtp_port: 8024
 smtp_host: smtp
 smtp_port: 25
 configuration: /etc/postfix-mailman.cfg

mailman/settings_local.py

@@ -0,0 +1,7 @@
+USE_SSL = True
+EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
+EMAIL_HOST = 'smtp'
+EMAIL_PORT = 25
+DEFAULT_FROM_EMAIL = "lists@creditcards.bayern"
+SERVER_EMAIL = "lists@creditcards.bayern"
+DEBUG = True

smtp/Dockerfile

@@ -1,7 +1,7 @@
 FROM alpine:latest
 
 RUN adduser -u 5000 -g vmail -s /usr/bin/nologin -h /home/vmail -S vmail
-RUN apk add --no-cache postfix ca-certificates
+RUN apk add --no-cache postfix postfix-mysql ca-certificates
 
 ADD ./main.cf /etc/postfix/main.cf
 ADD ./master.cf /etc/postfix/master.cf

smtp/main.cf

@@ -65,17 +65,18 @@ alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = localhost
 relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.0.0.0/8
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all
 
-virtual_transport = lmtp:inet:imap:24
+virtual_transport = lmtp:inet:mailman-core:8024
 
 virtual_mailbox_domains = mysql:/etc/postfix/virtual_mailbox_domains.cf
-virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf
+                       
-virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf
+virtual_mailbox_maps = mysql:/etc/postfix/virtual_mailbox_maps.cf regexp:/mailman/var/data/postfix_vmap                 
-
+virtual_alias_maps = mysql:/etc/postfix/virtual_alias_maps.cf regexp:/mailman/var/data/postfix_lmtp                     
+                                                                                                      
 message_size_limit = 20480000
 
 # Milter setup
@@ -85,6 +86,6 @@ milter_protocol = 6
 
 unknown_local_recipient_reject_code = 550
 owner_request_special = no
-transport_maps = hash:/mailman/var/data/postfix_lmtp
+transport_maps = regexp:/mailman/var/data/postfix_lmtp
-local_recipient_maps = hash:/mailman/var/data/postfix_lmtp
+local_recipient_maps = regexp:/mailman/var/data/postfix_lmtp
-relay_domains = hash:/mailman/var/data/postfix_domains
+relay_domains = regexp:/mailman/var/data/postfix_domains

smtp/master.cf

@@ -9,8 +9,7 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
-smtp      inet  n       -       -       -       -       smtpd
+smtp	  inet  n	-	-	-	-	smtpd
-  -o content_filter=spamassassin
 submission inet n       -       -       -       -       smtpd
   -o syslog_name=postfix/submission
   -o smtpd_sasl_auth_enable=yes

smtp/start.sh

@@ -1,36 +1,32 @@
 #!/bin/sh
 
-#if [ -n "${MYORIGIN}" -a -n "${MYHOSTNAME}" ]; then
+echo "myorigin = ${MYHOSTNAME}" >> /etc/postfix/main.cf
-	echo -e "myorigin = ${MYORIGIN}\n \
+echo "myhostname = ${MYHOSTNAME}" >> /etc/postfix/main.cf
-	     	myhostname = ${MYHOSTNAME} \
+echo "smtpd_tls_key_file = /certs/${MYHOSTNAME}.key" >> /etc/postfix/main.cf
-	     	smtpd_tls_key_file = /certs/${MYHOSTNAME}.key \
+echo "smtpd_tls_cert_file = /certs/${MYHOSTNAME}.crt" >> /etc/postfix/main.cf
-	    	smtpd_tls_cert_file=/certs/${MYHOSTNAME}.crt" >> /etc/postfix/main_addendum.cf
-#fi
 
-#if [ -n "${DATABASE_USER}" -a -n "${DATBASE_PASSWORD}" -a -n "${DATABASE_NAME}" ]; then
+echo "user = ${DATABASE_USER}
-	echo -e "user = ${DATABASE_USER}\n \
+password = ${DATABASE_PASSWORD}
-	     	password = ${DATABASE_PASSWORD}\n \
+hosts = db
-		hosts = db\n \
+dbname = ${DATABASE_NAME}
-		dbname = ${DATABASE_NAME}\n \
+table = alias
-		table = alias\n \
+select_field = goto
-		select_field = goto\n \
+where_field = address" > /etc/postfix/virtual_alias_maps.cf;
-		where_field = address" > /etc/postfix/virtual_alias_maps.cf;
 
-	echo -e "user = ${DATABASE_USER}\n \
+echo "user = ${DATABASE_USER}
-		password = ${DATABASE_PASSWORD}\n \
+password = ${DATABASE_PASSWORD}
-		hosts = db\n \
+hosts = db
-		dbname = ${DATABASE_NAME}\n \
+dbname = ${DATABASE_NAME}
-		table = domain\n \
+table = domain
-		select_field = domain\n \
+select_field = domain
-		where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
+where_field = domain" > /etc/postfix/virtual_mailbox_domains.cf;
 
-	echo -e "user = ${DATABASE_USER}\n \
+echo "user = ${DATABASE_USER}
-		password = ${DATABASE_PASSWORD}\n \
+password = ${DATABASE_PASSWORD}
-		hosts = db\n \
+hosts = db
-		dbname = ${DATABASE_NAME}\n \
+dbname = ${DATABASE_NAME}
-		table = mailbox\n \
+table = mailbox
-		select_field = maildir\n \
+select_field = maildir
-		where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
+where_field = username" > /etc/postfix/virtual_mailbox_maps.cf;
-#fi
 
 postfix start-fg

spam/Dockerfile

@@ -2,7 +2,7 @@ FROM alpine:edge
 
 # We have to upgrade musl, or rspamd will not work.
 RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
- && apk add --no-cache rspamd rspamd-controller rsyslog ca-certificates
+ && apk add --no-cache rspamd rspamd-controller rspamd-proxy rsyslog ca-certificates
 
 RUN mkdir /run/rspamd
 

spam/start.sh

@@ -11,4 +11,18 @@ cat << EOF > /etc/rspamd/override.d/worker-controller.inc
     enable_password = "${PASSWORD}";
 EOF
 
+cat << EOF > /etc/rspamd/local.d/worker-proxy.inc
+    bind_socket = "0.0.0.0:11332";
+    milter = yes;
+    timeout = 120s;
+    upstream "local" {
+      default = yes;
+      self_scan = yes;
+    }
+EOF
+
+cat << EOF > /etc/rspamd/override.d/worker-normal.inc
+  bind_socket = "127.0.0.1:11333";
+EOF
+
 /usr/sbin/rspamd -f --insecure

webmail/config.inc.php

@@ -0,0 +1,11 @@
+<?php
+
+$config['imap_conn_options'] = array(   'ssl'         => array(    'verify_peer'  => false, 'verify_peer_name' => false  ),  );
+$config['smtp_conn_options'] = array('ssl'         => array(     'verify_peer'  => false, 'verify_peer_name' => false   ), );
+$rcmail_config['managesieve_port'] = 4190;
+$rcmail_config['managesieve_host'] = 'tls://imap';
+$config['managesieve_conn_options'] = array(   'ssl'         => array(     'verify_peer'  => false, 'verify_peer_name' => false  ), );
+$config['password_db_dsn'] = 'mysql://mail:98ewtx9mwh4e9x@db/postfix';
+$config['password_query'] = "UPDATE mailbox SET password=CONCAT('{SHA512-CRYPT}', ENCRYPT (%p, CONCAT('$5$', SUBSTRING(SHA(RAND()), -16)))) WHERE username=%u;";
+
+