Merge branch 'automated-tasks' into 'development'

chore(gitlab-ci): Automated update of git sub-module

See merge request nofusscomputing/projects/docker-mail!68

.cz.yaml

@@ -2,6 +2,6 @@ commitizen:
   bump_message: "build(version): bump version $current_version \u2192 $new_version"
   changelog_incremental: false
   name: cz_conventional_commits
-  tag_format: v$major.$minor.$patch$prerelease
+  tag_format: $major.$minor.$patch$prerelease
   update_changelog_on_bump: true
-  version: 0.0.2
+  version: 0.1.0

.dockerignore

@@ -0,0 +1,14 @@
+# Directories
+.git/
+.gitlab/
+gitlab-ci/
+test/
+.vscode/
+
+# Files
+.cz.yaml
+.gitignore
+.gitlab-ci.yml
+.gitmodules
+.markdownlint.json
+*.md

.gitlab-ci.yml

@@ -1,42 +1,38 @@
-stages:
-    - validation
-    - build
-    - prepare
-    - test
-    - release
-    - sync
-    - publish
+---
 
-variables:
-    GIT_SUBMODULE_STRATEGY: recursive
-    MY_PROJECT_ID: "33611657"
 
 include:
   - project: nofusscomputing/projects/gitlab-ci
-    ref: ce1cc017e26ff7f6cee586cc7d98e4d292275672
+    ref: development
     file:
-      - conventional_commits/.gitlab-ci.yml
-      - validation/.gitlab-ci.yml
-      - gitlab_release/.gitlab-ci.yml
-      - git_push_mirror/.gitlab-ci.yml
+      - .gitlab-ci_common.yaml
+      - template/automagic.gitlab-ci.yaml
+
+
+variables:
+  DOCKER_IMAGE_BUILD_TARGET_PLATFORMS: "linux/amd64,linux/arm64"
+  DOCKER_IMAGE_PUBLISH_NAME: 'docker-mail'
+  DOCKER_IMAGE_PUBLISH_REGISTRY: docker.io/nofusscomputing
+  DOCKER_IMAGE_PUBLISH_URL: https://hub.docker.com/r/nofusscomputing/$DOCKER_IMAGE_PUBLISH_NAME
+
+  GIT_SUBMODULE_STRATEGY: recursive
+  GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/docker-mail.git"
+  MY_PROJECT_ID: "33611657"
+  PAGES_ENVIRONMENT_PATH: projects/docker-mail/
 
 
 
-
-Markdown Linting:
-  extends:
-    - .Lint_Markdown
-
-
-Gitlab Release:
-    extends:
-        - .gitlab_release
-
-
-Github (Push --mirror):
-    variables:
-        GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/docker-mail.git"
-    extends:
-        - .git_push_mirror
-
-
+Compile Dovecot:
+  extends: .build_docker_container
+  variables:
+    DOCKER_DOCKERFILE: dockerfile-compile
+    DOCKER_IMAGE_BUILD_TARGET_PLATFORMS: "linux/arm64"
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: never
+    - if: $CI_COMMIT_TAG
+      when: never
+    - if: '$CI_COMMIT_BRANCH != "master" && $CI_PIPELINE_SOURCE == "push"'
+      when: manual
+      allow_failure: true
+    - when: never

.gitmodules

@@ -1,4 +1,8 @@
 [submodule "gitlab-ci"]
 	path = gitlab-ci
 	url = https://gitlab.com/nofusscomputing/projects/gitlab-ci.git
-	branch = master
+	branch = development
+[submodule "website-template"]
+	path = website-template
+	url = https://gitlab.com/nofusscomputing/infrastructure/website-template.git
+	branch = development

.markdownlint.json

@@ -0,0 +1,19 @@
+{
+  "line-length": false,
+  "MD007": {
+    "indent": 4
+  },
+  "MD033": {
+    "allowed_elements": [ "div", "s", "span", "u", "p", "br" ]
+  },
+  "blanks-around-headings":{
+    "lines_above": 2,
+    "lines_below": 1
+  },
+  "MD012": { 
+    "maximum": 2
+  }, 
+  "comment": {
+    "MD012": "MD012 max=2 added so that headings can have two lines above for clarity."
+  }
+}

.nfc_automation.yaml

@@ -0,0 +1,8 @@
+---
+
+role_git_conf:
+  gitlab:
+    submodule_branch: "development"
+    default_branch: development
+    mr_labels: ~"type::automation" ~"impact::0" ~"priority::0"
+    auto_merge: true

.vscode/extensions.json

@@ -0,0 +1,7 @@
+{
+    "recommendations": [
+        "davidanson.vscode-markdownlint",
+        "gitlab.gitlab-workflow",
+        "ms-azuretools.vscode-docker"
+    ]
+  }

CHANGELOG.md

@@ -1,3 +1,167 @@
+## 0.1.0 (2023-11-06)
+
+### Bug Fixes
+
+- **ci**: [cab22ceb](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/cab22cebfa98d50774b4b433fed5f1727f596a26) - added automation config [ [!13](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/13) ]
+
+### Continious Integration
+
+- **automagic**: [b1b5fc20](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/b1b5fc20606dc0d87d860ae5ee64559307c6f3ea) - use template automagic for jobs [ [!12](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/12) [#5](https://gitlab.com/nofusscomputing/projects/docker-mail/-/issues/5) ]
+
+## 0.1.0rc3 (2023-05-24)
+
+### Bug Fixes
+
+- **docs**: [e872534a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/e872534aec12c0905a7713532f36f6fde63b4730) - use docs path instead of pages [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) [!26](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/26) ]
+- **mkdocs**: [9acc37ec](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/9acc37ec4f2286c06debbbfda0acb8a3bf04c998) - use correct edit path [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **website**: [c2902063](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/c290206392836642af5a3b6ca1dad67abe799b42) - correct repo name [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **docs**: [bfcb3469](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/bfcb346924b12411102fc58bec13aa7e0820a0ce) - add base files for navigation [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **ci**: [235aa8d7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/235aa8d7ccd19dcee44f56a27367113f2e4f5354) - must have index.md file for linting to start [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **build**: [88689c87](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/88689c87ac84ba493652cbf22da934d5873c55b3) - ensure dovecot downloaded and installed [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **build**: [9a0df52c](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/9a0df52cd9d2d0f8574801ca73e6b0a525531b30) - fix build logic [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **publish**: [c30efc8b](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/c30efc8bd64f7d7702b71e3fed2acab915821f2c) - must specify docker publish details [ [!3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/3) ]
+- [29c6d6f7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/29c6d6f7304c6bca751d3904e37d2561ac9f01a1) - lock debian base image [ [!3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/3) ]
+- **versions**: [840e2ad5](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/840e2ad5aead5effdb925dd640ce483782a11ca5) - update postfix [ [!3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/3) ]
+- **repo**: [d6b2b5b4](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/d6b2b5b40ef2643005078807da7ca7dcce82505a) - lock dovecot repo to specified version [ [!3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/3) ]
+
+### Code Refactor
+
+- **image**: [4c106025](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/4c106025d545d89cadef0bf019a86cbaf7dca00a) - reduce the number of layers [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **dockerfile**: [1c6b3a36](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/1c6b3a3617cfcd0a781391c96d0265c2fb7eef3b) - use global var [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **dockerfile**: [88bfc649](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/88bfc64940e7a2b7073c8ebe644afd06a4e2149c) - use args for apt software versions [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **ci**: [300961aa](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/300961aaff303b1b4a6ea2f70b9c13fbf1831260) - update template path [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+
+### Continious Integration
+
+- **gitlab**: [aa461590](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/aa461590a83065e81b3743e791975ebcad916874) - update to latest HEAD [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **compile**: [808ca861](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/808ca861edc1080844cbfd61bd962020146cdcf0) - add dovecot compile job [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **gitlab-ci**: [e2e704c5](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/e2e704c54588c6bddccfcd38c18f21a5bc863c78) - use dev branch and type docker container [ [!3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/3) ]
+
+### Documentaton / Guides
+
+- **build**: [f22931e6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/f22931e6f079657acc94f21e7e2d5c61410a150b) - added navigation for project [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+
+### Features
+
+- **ci**: [80ccaaa6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/80ccaaa6e7d875283770baff1b090b8807a65947) - trigger downstream website to build [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) [!27](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/27) ]
+- **docs**: [6409627d](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/6409627daeb7ce6a131bd7205409c3f8c07f9986) - add website static page building [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) [!25](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/25) ]
+- **build**: [7261769a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/7261769a95a985b95a5f16142c0e461d0984174e) - dockerfile for compiling dovecot [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **arm64**: [a866bd82](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/a866bd82b82ae6ec45a1121bed1a6dfd9f59f114) - build arm64 image using compiled bins [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **amd64**: [676546f7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/676546f71c13dcc8ddf7db7128b003b8f2416721) - use dovecot apt repo to install [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+- **build**: [2b497fd2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/2b497fd2cf7678e17f544ad38187486cc4efeaf3) - specify architecture [ [!10](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/10) ]
+
+## v0.1.0rc2 (2022-02-19)
+
+### Bug Fixes
+
+- **backup.sh**: [e8eb6f90](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/e8eb6f906f07b5044ec873327117dbf87e357797) - exclude unix sockets from backup [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **backup**: [acccf247](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/acccf24774e100f0cda38941549099adc52b7b58) - ssl dir renamed to certs [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **backup**: [93378dee](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/93378dee86abe5f1ee86e824f2543656e1826e64) - /var/spool/postfix needs to be backed up [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **sa-learn**: [43f6a356](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/43f6a356bd7f458ee33955151ff5609c2b599a70) - amavis can't do bayes check if not mask 777 [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **dovecot**: [e9fb4123](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/e9fb4123e9c6aad6d0793f4de0d21da46ba332fd) - sieve extensions debug error. [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **cron**: [e9718c97](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/e9718c97a678223257c2450cede863757e376b90) - sa-learn must run as spamd user [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **bayes_learn**: [967fd04f](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/967fd04fe7af6c3d5330357e18c1a76583163ede) - ensure journal is synced after scan [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **file_permission**: [fbdf6efa](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/fbdf6efab73324aceebfc49ab37190adb9bc0af5) - set spamd to own spamassassin folder [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **local_group**: [7f7a259a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/7f7a259a820bdbb6025dfee93cfb8df5ad8dba0a) - amavis and opendkim added to vmail [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **build**: [db03fc2e](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/db03fc2efaa418b28267fe532a0cc9c09d2e09ab) - corrected syntax error in dockerfile
+- **postfix**: [5f7095f2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/5f7095f274e6fe3cf61d8b55e14eaa47f1d2ae4d) - only use the servers order of tls ciphers [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **logrotate**: [3120ecf2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/3120ecf2f5cb61011c321f6e41936e6a77c0686c) - ensure log rotate runs [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **logrotate**: [6625d72a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/6625d72a48bad7a6a50bc7e93d14470fbc6eacc6) - don't specify log extension [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **dovecot**: [edadc477](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/edadc4779e445ff7036de05fc55607a035a53eb0) - ensure quota syntax is correct [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **mailbox_quota**: [b3d80b41](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/b3d80b41ca7bd6a9b6c15f9d6ea09bbc206f4664) - ensure user quota visible. [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+
+### Continious Integration
+
+- **docker_hub**: [3741b926](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/3741b92606281ddabfa9df50186818d54c0602e1) - fix rc release must be tagged 'dev' [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- [3bca896c](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/3bca896c29fdbe3d79cc12ef56785ef7c02394ca) - Add dockerhub url to environment [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+
+### Features
+
+- **docker_container**: [22a987a5](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/22a987a5133e8e878f8c79e016e218ea5a8b76d1) - Ensure amavis data is a volume [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **amavis**: [9f7ccabf](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/9f7ccabfa52dc71f14fa690ef9e7f0e3184f14c9) - don't allow user to send banned email [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **amavis**: [c3739c4f](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/c3739c4f1964e4e315cd9eaa2a67e787aa121688) - Don't allow user to send spam/virus [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **amavis**: [f6b7bae3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/f6b7bae3eba7398ad6de11b9cb2b36594df6f891) - move policy bank to own config file [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **amavis**: [7ec97502](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/7ec975021659fee5ebaa78332fef0d9533ee769d) - Add received header to message [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **ssl_tls**: [2a222df7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/2a222df7784e85f13a477c3859ca10709734c199) - updated dovecot and postfix accepted ciphers [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **dovecot**: [396cb15a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/396cb15addc8fd6de038da3a66d16891226b0363) - Disable SSL/TLS protocol logging [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **postfix**: [24f10af6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/24f10af6d6e16b75fc77cf4538033839058748ec) - prevent anonymous users on submission [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **dovecot**: [274ade2d](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/274ade2d8407ff91e448bff4c838a67f53074dde) - log SSL/TLS porotocol errors [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **dovecot**: [478336ca](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/478336ca686c7d6fdbd040d012126f3ad906f44b) - log failed authentication attempts [ [!9](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/9) ]
+- **postfix**: [4554e9e6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/4554e9e66d688c417a06f1a808403f985e4a2a22) - specify my_networks as localhost ONLY [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **postfix**: [41e03936](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/41e03936cc6e36473d0c962361d822d95ae69e86) - no compression or renegotiation [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **submission**: [4c37932b](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/4c37932bf78fbc0af2e4c354fec0a1af037e5e77) - check user quota recipient restriction [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **postfix**: [f90daea4](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/f90daea454fac0ccec781129128bbf40e43378a3) - enforce only reaying mail for auth destination [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **postfix**: [1b168f07](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/1b168f07d56c89cf8e5635aa3d00429342914f15) - enforce SMTPD recipient restrictions [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **postfix**: [58f42a79](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/58f42a7913625afda9550ce99328af9e8ede2df7) - Enforce SMTPD sender restrictions [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **postfix**: [8c68163e](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/8c68163e9d6dd2edf94bba6159156dde115cc8f8) - introduce smtpd helo restrictions [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **postfix**: [64258f2c](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/64258f2cd8b0a8febd63d585e9b3aa1fe5d88bd4) - enforce smtpd client restrictions [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+- **quota_status**: [8f938bd3](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/8f938bd3ce1a5f432a97a2aae75592f39e82d28e) - use a unix socket for postfix [ [!7](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/7) ]
+
+## v0.1.0rc1 (2022-02-17)
+
+### Code Refactor
+
+- [bde6c054](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/bde6c054bbe4bea0a14509070fed9328138dbb1d) - conf config values updated [ [!6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/6) ]
+- **amavis**: [53e0cdd1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/53e0cdd17139bdd3e6df079edec3c88ef12a5c1a) - move dkim key config to own file [ [!4](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/4) ]
+- [3e30b278](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/3e30b2780ef53ef12d036d0e009bff19b96dd8e2) - ci code review suggestions [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+- **amavis**: [d8e51085](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/d8e51085a1e0598e564030790b1d0fcf5dd8fb17) - seperate config for socket [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+- **ssl**: [09aabeb6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/09aabeb68aae478bd125e48b4bfaecaa7a97b1ae) - Moved /ssl to /certs [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+
+### Continious Integration
+
+- **docker_hub**: [27ad07ea](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/27ad07ead345bbf7b0c929adbfd24947ef977e40) - fix dev push [ [!5](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/5) ]
+- **docker_hub**: [aafd9acc](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/aafd9acca9fe98bad1710a4af2f1b0eabadd6944) - ensure build and DH push works on merge [ [!4](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/4) ]
+- **docker_hub**: [36808960](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/36808960ce9a1369eebcaf0fe878d85bdbd37ced) - push a dev and latest tag to docker hub [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+- **docker_hub**: [76c899e2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/76c899e285f7ea816d6fc4c7e78644302b5921b3) - removed duplicate rules section [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+- **docker_container**: [23830c85](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/23830c85510c5cff6da80fa6ab617b8580e29739) - set to allow failure [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+
+### Documentaton / Guides
+
+- **spf**: [a71e7691](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/a71e7691a2188fb9372c2e7c9b32cb39adb4e8ce) - added basic spf guide [ [!6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/6) ]
+- [be42d0ad](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/be42d0ad3ba83717a9c4e907a48fd087539e720f) - Addied initial documentation for dkim [ [!4](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/4) ]
+
+### Features
+
+- **amavis**: [92e4e4b2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/92e4e4b2d55ab538eda937bc698d7a11961c47b6) - added DKIM verification [ [!6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/6) ]
+- **spf**: [245aa724](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/245aa724d2d8121c7a758da6e086fe0a59c751d8) - conduct spf check for inbound smtp [ [!6](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/6) ]
+- **posfix**: [b795fe5b](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/b795fe5b67ecdfaa9390d2028478fd0b6570cfcc) - configure submission to dkim sign [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+- **amavis**: [b9b2527a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/b9b2527a42586843faea3ad074c1d34392b5d1d8) - Configured dkim [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+- **dkim**: [72ee475b](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/72ee475be7c459531762d489dd649d696a6f47be) - Added OpenDKIM to image [ [!2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/2) ]
+
+## v0.1.0rc0 (2022-02-14)
+
+### Bug Fixes
+
+- **fetchmail**: [1fe3598a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/1fe3598a545044327026f44038be53eeb5f06182) - fix cron job so it runs [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **script**: [3601d90a](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/3601d90aefd42219c32fe5792d39839f52c5c2af) - group-mailbox script must be executable [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+
+### Code Refactor
+
+- [b01bab03](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/b01bab033fc73866084ea583f416bea57f18d880) - readme linting errors [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- [eb43442b](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/eb43442bb7a61bf1dc84f4a6e547375825db7e62) - cron out to /dev/null [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+
+### Continious Integration
+
+- **detached_pipeline**: [99e61d0f](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/99e61d0f11736b8f8078fedc5569182a8e93a6a3) - stop MR jobs
+- **build**: [f80c02ba](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/f80c02ba1530c51e34e2f41b59f91edf7a5d00a9) - Added docker container build job [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **gitlab-ci**: [b536a5e4](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/b536a5e4b4d0522377e093eec2a0dffb771e6a01) - updated to current dev commit [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **markdown_lint**: [38a25272](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/38a252727d103bdd2ccc18f09f74ba4337e8422c) - added linting rule file [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+
+### Documentaton / Guides
+
+- **README**: [6a61efe2](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/6a61efe229a2a31703f5539e03cc8910e0feba3e) - updated readme [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+
+### Features
+
+- **spam-learn**: [3a3f2098](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/3a3f2098c7d81ae85ee42751fa8aef4bbec6a624) - add duration to email [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **vscode**: [1d73c6eb](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/1d73c6eb8c1f67accaa9c310ad0dc76458c3d2bd) - recommended extensions added [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **shared_mailbox**: [d8ad253f](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/d8ad253f98b81b747dea101748cf2687d148bdd0) - added helper script to share mailbox. [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **sa-learn**: [5ec218da](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/5ec218dad9865a38f5846c90fd6ccc5c30721d81) - Added cron script to learn spam/ham [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **fetchmail**: [ace2493f](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/ace2493f66a6cc39ea406180ab7d7f8aa21ade88) - added fetchmail [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **backup**: [a7c1ae05](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/a7c1ae052cb441d7445610b2ac5a7caf8e66d9d1) - Added backup cron and helper script. [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- **amavis**: [4db1b34d](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/4db1b34d386456fcc3c2ac562cfe5330b61af847) - added amavis and configured spam [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+- [df8997f0](https://gitlab.com/nofusscomputing/projects/docker-mail/-/commit/df8997f07de834dc8ffd3c3e58ff82b0da87c806) - Added Dovecot and Postfix to container [ [!1](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests/1) ]
+
 ## v0.0.2 (2022-02-11)
 
 ### Documentaton / Guides

README.md

@@ -1,13 +1,11 @@
-# README.md
-
-
 <div align="center" width="100%">
 
+
 # No Fuss Computing - Docker Mail Server
 
 <br>
 
-![Project Status - Active](https://img.shields.io/badge/Project%20Status-Active-green?logo=gitlab&style=plastic) 
+![Project Status - Active](https://img.shields.io/badge/Project%20Status-Active-green?logo=gitlab&style=plastic)
 
 <br>
 
@@ -22,13 +20,13 @@ This project is hosted on [Gitlab](https://gitlab.com/nofusscomputing/projects/d
 
 ----
 
-**Stable Branch**
+.**Stable Branch**
 
-![Gitlab build status - stable](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Dmaster&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fmaster%2F.cz.yaml) 
+![Gitlab build status - stable](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Dmaster&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fmaster%2F.cz.yaml)
 
 ----
 
-**Development Branch** 
+.**Development Branch**
 
 ![Gitlab build status - development](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Ddevelopment&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fdevelopment%2F.cz.yaml)
 
@@ -45,3 +43,68 @@ links:
 - [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests)
 
 
+## Features
+
+This docker container is intended to be a fully fledged E-Mail Server. Dovecot acts as the IMAP Server and Local Delivery agent. Postfix is intended to be the MTA utilising Dovecot's LMTP service for local delivery. User management is via LDAP and a working directory server is required to use this image.
+
+
+- Mail Server - _Dovecot_
+
+    - IMAP Server on tcp/993
+
+    - Acts as Local Delivery Agent (LDA) via LMTP
+
+    - Group E-Mail Boxes
+
+    - Mail Aliasing. _(User can have multiple E-Mail Addresses)_
+
+    - Ability to Share Mailboxes
+
+    - redirection of spam to Spam folder
+
+    - manage sieve server
+
+    - New user welcome email
+
+
+- SMTP Server _Postfix_
+
+    - Acts as Mail Transfer Agent (MTA)
+
+    - filters file extensions
+
+    - [Remove/cleans headers](https://gitlab.com/nofusscomputing/projects/docker-mail/-/blob/master/include/etc/postfix/header_checks_privacy) that contain potentially sensitive information
+
+    - Spam filtering
+
+    - [DKIM key signing](pages/dkim.md) _Note: [Key length requirements](https://datatracker.ietf.org/doc/html/rfc6376#section-3.3.3)_
+
+
+- General Features:
+
+    - Automatic Backups of container data
+
+    - rotation of old logs
+
+    - All Data exposed as separate docker volumes so you don't loose data
+
+
+## Using this container
+
+Currently this container is **not ready for production.**
+
+
+### Useful Commands
+
+Share a Mailbox
+
+``` bash
+doveadm acl add -u {user_name_sharing} INBOX user={user to share with} lookup read write write-seen write-deleted insert post expunge create delete admin
+
+```
+
+or you can use the provided helper script `group-mailbox.sh {user_name_sharing} {user to share with}`. This command will share the all of the default folders _Archives, Drafts, Inbox, Sent, Spam and Trash_.
+
+| :alert: NOTE!! |
+|:----|
+| `{user_name_sharing}` must be specified as a full E-Mail address. <br> `{user to share with}` must be specified as the user name only (without the `@domainname.tld`)|

dockerfile

@@ -0,0 +1,290 @@
+
+
+ARG CI_JOB_TOKEN
+ARG CI_API_V4_URL
+ARG CI_PROJECT_ID
+
+ARG DOVECOT_BUILD_VERSION=2.3.18
+ARG PIGEONHOLE_BUILD_VERSION=0.5.20
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+ARG VERSION_APT_AMAVISD=1:2.11.1-5+deb11u1
+ARG VERSION_APT_CLAMAV=0.103.5+dfsg-0+deb11u1
+# 2:2.3.18-4+debian11
+ARG VERSION_APT_DOVECOT=2:$DOVECOT_BUILD_VERSION-4+debian11
+ARG VERSION_APT_FETCHMAIL=6.4.16-4+deb11u1
+ARG VERSION_APT_FAM=2.7.0-17.3
+ARG VERSION_APT_LIBNET_DNS_PERL=1.29-1
+ARG VERSION_APT_LIBMAIL_TOOLS_PERL=2.21-1
+ARG VERSION_APT_OPENDKIM=2.11.0~beta2-4+deb11u1
+ARG VERSION_APT_POSTFIX=3.5.25-0+deb11u1
+ARG VERSION_APT_POSTFIX_POLICYD_SPF_PYTHON=2.9.2-1+deb11u1
+ARG VERSION_APT_SPAMASSASSIN=3.4.6-1
+
+
+
+FROM --platform=$TARGETPLATFORM debian:11.7-slim as build
+
+
+ARG CI_JOB_TOKEN
+ARG CI_API_V4_URL
+ARG CI_PROJECT_ID
+
+ARG DOVECOT_BUILD_VERSION
+ARG PIGEONHOLE_BUILD_VERSION
+
+ARG DEBIAN_FRONTEND
+
+ARG VERSION_APT_AMAVISD
+ARG VERSION_APT_CLAMAV
+ARG VERSION_APT_DOVECOT
+ARG VERSION_APT_FETCHMAIL
+ARG VERSION_APT_FAM
+ARG VERSION_APT_LIBNET_DNS_PERL
+ARG VERSION_APT_LIBMAIL_TOOLS_PERL
+ARG VERSION_APT_OPENDKIM
+ARG VERSION_APT_POSTFIX
+ARG VERSION_APT_POSTFIX_POLICYD_SPF_PYTHON
+ARG VERSION_APT_SPAMASSASSIN
+
+#COPY apt_proxy.conf /etc/apt/apt.conf.d/apt_proxy.conf
+
+LABEL \
+  #org.opencontainers.image.created="" \ # set during build with $(date --rfc-3339=seconds) \
+  org.opencontainers.image.authors="No Fuss Computing" \ 
+  #org.opencontainers.image.url="" # $CI_PROJECT_URL/-/releases/$CI_COMMIT_TAG set during build from url\
+  #org.opencontainers.image.documentation="" # $CI_PROJECT_URL/pages Set URL during build \
+  #org.opencontainers.image.source="" # $CI_PROJECT_URL Set URL during build \
+  #org.opencontainers.image.version="" \ # $(cz -n cz_nfc version --project) ) Set during build from .cz.yml
+  #org.opencontainers.image.revision="" # $CI_COMMIT_SHA set during build from git commit \
+  org.opencontainers.image.vendor="No Fuss Computing" \
+    #License(s) under which contained software is distributed as an SPDX License Expression.
+  org.opencontainers.image.licenses="" \
+  org.opencontainers.image.title="Docker Mail Server" \
+  org.opencontainers.image.description="A Complete mailserver in a container" \
+  io.artifacthub.package.license="MIT"
+
+
+# Install dependencies
+RUN apt update && apt -y --no-install-recommends install \
+      curl \
+      gpg \ 
+      gpg-agent \ 
+      apt-transport-https \
+      ca-certificates \
+      supervisor \
+    && apt -y --no-install-recommends install \
+        # System Apps
+      cron \
+      rsyslog \
+      logrotate \
+        # Postfix
+      postfix=$VERSION_APT_POSTFIX \
+      postfix-ldap=$VERSION_APT_POSTFIX \
+      libsasl2-modules \
+      sasl2-bin \
+        # Amavis
+      amavisd-new=$VERSION_APT_AMAVISD \
+      spamassassin=$VERSION_APT_SPAMASSASSIN \
+      spamc=$VERSION_APT_SPAMASSASSIN \
+        # Amavis decoders
+      arj bzip2 cabextract cpio file gzip nomarch pax unzip zip xzdec lrzip lzop rpm2cpio unrar-free p7zip-full lz4 \
+#      clamav=$VERSION_APT_CLAMAV \
+#      clamav-daemon=$VERSION_APT_CLAMAV \
+      libmailtools-perl=$VERSION_APT_LIBMAIL_TOOLS_PERL \
+      fam=$VERSION_APT_FAM \
+      libnet-dns-perl=$VERSION_APT_LIBNET_DNS_PERL \
+        # Fetchmail
+      fetchmail=$VERSION_APT_FETCHMAIL \
+        # Perl Modules for fetchmail.pl
+        # DBI
+      libdbix-easy-perl \
+        # LockFile::Simple
+      liblockfile-simple-perl \
+        # DBD::mysql
+      libclass-dbi-mysql-perl \
+        # Sys::Syslog
+      liblogger-syslog-perl \
+        # LockFile::Simple
+      libio-lockedfile-perl \
+        # DKIM
+      opendkim=$VERSION_APT_OPENDKIM \
+      opendkim-tools=$VERSION_APT_OPENDKIM \
+        # SPF
+      postfix-policyd-spf-python=$VERSION_APT_POSTFIX_POLICYD_SPF_PYTHON; \
+        # Dovecot
+    if [ "0$(echo `dpkg --print-architecture`)" = "0amd64" ]; then \
+        echo "[DEBUG] installing dovecot via APT"; \
+        curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
+          gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg; \
+        echo "deb https://repo.dovecot.org/ce-$DOVECOT_BUILD_VERSION/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list; \
+        apt update; \
+        apt -y --no-install-recommends install \
+          dovecot-core=$VERSION_APT_DOVECOT \
+          dovecot-imapd=$VERSION_APT_DOVECOT \
+          dovecot-lmtpd=$VERSION_APT_DOVECOT \
+          dovecot-ldap=$VERSION_APT_DOVECOT \
+          dovecot-sieve=$VERSION_APT_DOVECOT \
+          dovecot-managesieved=$VERSION_APT_DOVECOT; \
+      else \
+        echo "[DEBUG] installing dovecot via compiled binaries"; \
+        # as this architecture doesn't exist in the apt repo, use compiled versions
+        adduser --system --group dovecot --no-create-home; \
+        cd tmp; \
+        curl --header "JOB-TOKEN: ${CI_JOB_TOKEN}" \
+            "https://gitlab.com/api/v4/projects/${CI_PROJECT_ID}/packages/generic/dovecot/${DOVECOT_BUILD_VERSION}/dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb" -o "dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb"; \
+        curl --header "JOB-TOKEN: $CI_JOB_TOKEN" \
+            "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/packages/generic/dovecot/${DOVECOT_BUILD_VERSION}/dovecot-pigeonhole_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb" -o "dovecot-pigeonhole_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb"; \
+        dpkg -i dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb; \
+        cp /usr/local/share/doc/dovecot/example-config/dovecot.conf /etc/dovecot/; \
+        dpkg -i dovecot-pigeonhole_$DOVECOT_BUILD_VERSION-1_$(echo `dpkg --print-architecture`).deb; \
+      fi \
+    && rm -f /etc/cron.d/e2scrub_all \
+    && rm -f /etc/cron.daily/apt-compat \
+    && rm -f /etc/cron.daily/dpkg \
+    && rm -f /etc/cron.daily/logrotate
+
+
+COPY include/ /
+
+RUN chmod +x /docker-entrypoint.sh \
+      # Create vmail user for system
+    && groupadd -g 5000 vmail \
+    && useradd -g vmail -u 5000 vmail -d /var/vmail \
+      # Ensure Backup directory is created
+    && mkdir /backup \
+    && chown root:root /backup \
+    && chmod 700 /backup \
+      # create SSL directory for ssl certificates
+    && mkdir -p /certs \
+      # Ensure scripts are executable
+    && chmod +x /bin/backup.sh \
+      # Dovecot related commands
+    && mkdir -p /srv/mail \ 
+    && chown vmail:vmail /srv/mail \
+    && chmod 765 -R /srv/mail \
+    && mkdir -p /certs/dovecot \
+    && chown dovecot:dovecot -R /etc/dovecot/ \
+    && chgrp postfix -R /etc/dovecot/sieve/ \
+    && chmod 0755 -R /etc/dovecot/sieve/ \
+      # ensure dovecot related scripts are executable
+    && chmod +x /bin/quota-warning.sh \
+    && chmod +x /bin/welcome-email.sh \
+    && chmod +x /bin/group-mailbox.sh \
+    && chmod 744 /etc/dovecot/dovecot-acl \
+      # Postfix related commands
+    && usermod -a -G vmail postfix \
+    && mkdir -p /certs/postfix \
+    && ln -s /etc/dovecot/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap-userdb.conf.ext \
+      # ensure postfix related scripts are executable
+    && chmod +x /bin/postfix.sh \
+      # check if needed
+    && mkdir -p /var/spool/postfix/private/dovecot /var/lib/dovecot \
+    && chown postfix:postfix /var/spool/postfix/private/dovecot \
+    && chown vmail:vmail /var/lib/dovecot \
+      # Spammassassin related Commands
+    && mkdir -p /var/spool/spamassassin \
+    && chmod 777 /var/spool/spamassassin \
+    && usermod -a -G vmail debian-spamd \
+    && chown debian-spamd:vmail -R /var/spool/spamassassin \
+      # Ensure spamassassin related scripts are executable
+    && chmod +x /bin/spam-learn.sh \
+       # fetchmail.pl setup
+    && curl -o /bin/fetchmail.pl https://raw.githubusercontent.com/postfixadmin/postfixadmin/8f20c96278a694a7e0bb570f1d56c208105e5a14/ADDITIONS/fetchmail.pl \
+    && chmod +x /bin/fetchmail.pl \
+    && mkdir -p /var/run/fetchmail \
+    && mkdir -p /var/lock/fetchmail \
+      # Amavis DKIM related commands
+    && mkdir -p /certs/amavis/dkim/ \
+    && chown root:amavis /certs/amavis/dkim/ \
+    && chmod 750 /certs/amavis/dkim/ \
+    && usermod -a -G vmail amavis \
+    && usermod -a -G vmail opendkim
+        
+
+# Setup data volumes
+VOLUME /srv/mail /certs /var/spool/postfix /var/spool/spamassassin /var/lib/amavis /backup /var/log
+
+# Configure postfix
+RUN postconf -e "maillog_file=/var/log/postfix.log" \
+  # Postfix to use dovecot LMTP
+  && postconf -e "virtual_transport=lmtp:unix:private/lda" \
+  #       # Only allow a user to send from email address' they own
+  #    && postconf -e "smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps" \
+  # Only allow specified domains for usage
+  && postconf -e "virtual_mailbox_domains=ldap:/etc/postfix/ldap/virtual_email_domains" \
+  # postfix user mapping 
+  && postconf -e "virtual_alias_maps=ldap:/etc/postfix/ldap/virtual_alias_maps" \
+    # Only trust localhost
+  && postconf -e "mynetworks_style = host" \
+  # by default encryption is optional
+  && postconf -e "smtpd_tls_security_level=may" \
+  # log outbound tls connection information
+  && postconf -e "smtpd_tls_loglevel=1" \
+  # try tls connection outbound
+  && postconf -e "smtp_tls_security_level=may" \
+  # log inbound tls connection information
+  && postconf -e "smtp_tls_loglevel=1" \
+  # Only authenticate over tls
+  && postconf -e "smtpd_tls_auth_only=yes" \
+  # all smtpd actions need to be filtered
+  && postconf -e "content_filter=amavis:[127.0.0.1]:10024" \
+  # not give away os, set clean banner
+  && postconf -e "smtpd_banner=$myhostname ESMTP " \
+  # Dont give away that postfix is used
+  && postconf -e "mail_name=server" \
+  # create privacy header check db
+  && postmap /etc/postfix/header_checks_privacy \
+  # create clean header check db
+  && postmap /etc/postfix/header_checks_outbound \
+  # Clean outbound headers
+  && postconf -e "smtp_header_checks=regexp:/etc/postfix/header_checks_outbound" \
+  # Add To, From, Date and Message-id headers if missing
+  && postconf -e "always_add_missing_headers=yes" \
+  # Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost
+  && postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \
+  # set tls settings
+  && postconf -e "tls_preempt_cipherlist = yes" \
+  && postconf -e "tls_ssl_options = NO_COMPRESSION, NO_RENEGOTIATION" \
+  && postconf -e "smtpd_tls_cert_file=/certs/postfix/cert.pem" \
+  && postconf -e "smtpd_tls_key_file=/certs/postfix/key.pem" \
+  && postconf -e "smtpd_helo_required = yes" \
+  && postconf -e "smtpd_delay_reject = yes" \
+  && postconf -e "disable_vrfy_command = yes" \
+  # use secure protocols and cyphers
+  # Generated by https://ssl-config.mozilla.org/
+  #&& postconf -e "smtpd_tls_mandatory_ciphers=high" \
+  && postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
+  && postconf -e "tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384" \
+     # SPF postfix Settings
+  && postconf -e "policyd-spf_time_limit=3600" \
+    # Connection defaults to reject where possible/advised
+    # Client command restrictions
+  && postconf -e "smtpd_client_restrictions=reject_unauth_destination,reject_unauth_pipelining,permit_mynetworks,permit_auth_destination,reject" \
+    # HELO/EHLO restrictions
+  && postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" \
+    # MAIL FROM restrictions
+  && postconf -e "smtpd_sender_restrictions=permit_mynetworks,reject_non_fqdn_sender,permit" \
+    # RCPT TO restrictions
+  && postconf -e "smtpd_recipient_restrictions=permit_mynetworks,reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,check_policy_service,unix:private/policyd-spf,check_policy_service unix:private/quota,permit_auth_destination,reject" \
+    # RCPT TO restrictions
+  && postconf -e "smtpd_relay_restrictions=reject_non_fqdn_recipient,permit_auth_destination,reject" \
+  && postconf -e "smtpd_sasl_security_options = noanonymous"
+    
+EXPOSE 25 587 993 4190
+
+
+ENTRYPOINT ["/docker-entrypoint.sh"]
+
+
+# testing software
+RUN apt update && apt -y --no-install-recommends install \
+      procps \
+      vim \
+      iputils-ping \
+      python3-ldap \
+      net-tools
+#    && freshclam

dockerfile-compile

@@ -0,0 +1,135 @@
+
+ARG CI_JOB_TOKEN
+ARG CI_API_V4_URL
+ARG CI_PROJECT_ID
+
+ARG DOVECOT_BUILD_VERSION=2.3.18
+ARG PIGEONHOLE_BUILD_VERSION=0.5.20
+
+ARG DEBIAN_FRONTEND=noninteractive
+
+
+
+FROM --platform=$TARGETPLATFORM debian:11.7-slim as compile-dovecot
+# ref: https://doc.dovecot.org/installation_guide/dovecot_community_repositories/compiling_source/
+
+
+ARG CI_JOB_TOKEN
+ARG CI_API_V4_URL
+ARG CI_PROJECT_ID
+
+ARG DOVECOT_BUILD_VERSION
+ARG PIGEONHOLE_BUILD_VERSION
+
+ARG DEBIAN_FRONTEND
+
+
+RUN export && apt update \
+  && apt -y install --reinstall --fix-missing \
+      wget \
+      autoconf \
+      automake \
+      libtool \
+      pkg-config \
+      gettext \
+      pandoc \
+      make \
+      git \
+      ca-certificates \
+      libssl-dev \
+      bison \
+      flex \
+      curl \
+      checkinstall \
+      zlib1g-dev 
+
+
+RUN mkdir -p /tmp/build \
+    && cd /tmp/build \
+    && git clone --depth=1 -b release-${DOVECOT_BUILD_VERSION} https://github.com/dovecot/core.git dovecot
+
+
+RUN cd /tmp/build/dovecot \
+    && ./autogen.sh \
+    && ./configure --enable-maintainer-mode --sysconfdir=/etc \
+    # && make \
+    && ls -la
+
+RUN /bin/mkdir -p '/usr/local/lib/dovecot' \
+                  '/usr/local/share/dovecot/stopwords' \
+                  '/usr/local/libexec/dovecot' \
+                  '/usr/local/lib/dovecot/auth' \
+                  '/usr/local/lib/dovecot/old-stats' \
+                  '/usr/local/lib/dovecot/doveadm' \
+                  '/usr/local/share/doc/dovecot/wiki' \
+                  '/usr/local/share/doc/dovecot/example-config/conf.d'
+
+
+RUN cd /tmp/build/dovecot && checkinstall --pkgname=dovecot-core --pkgversion=${DOVECOT_BUILD_VERSION} --pkgarch=$(echo `dpkg --print-architecture`) -D -y \
+    && ls -la
+
+
+RUN cd /tmp/build/dovecot && curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --verbose \
+     --upload-file dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb \
+     "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/packages/generic/dovecot/${DOVECOT_BUILD_VERSION}/dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb"
+
+
+
+
+
+FROM --platform=$TARGETPLATFORM debian:11.7-slim as compile-pigeonhole
+# ref: https://doc.dovecot.org/installation_guide/dovecot_community_repositories/compiling_source/
+
+
+ARG CI_JOB_TOKEN
+ARG CI_API_V4_URL
+ARG CI_PROJECT_ID
+
+ARG DOVECOT_BUILD_VERSION
+ARG PIGEONHOLE_BUILD_VERSION
+
+ARG DEBIAN_FRONTEND
+
+
+RUN export && apt update \
+  && apt -y install --reinstall --fix-missing \
+      wget \
+      autoconf \
+      automake \
+      libtool \
+      pkg-config \
+      gettext \
+      pandoc \
+      make \
+      git \
+      ca-certificates \
+      libssl-dev \
+      bison \
+      flex \
+      curl \
+      checkinstall \
+      zlib1g-dev 
+
+
+
+RUN cd tmp && curl --header "JOB-TOKEN: $CI_JOB_TOKEN" \
+            "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/packages/generic/dovecot/${DOVECOT_BUILD_VERSION}/dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb" -o "dovecot-core_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb" \
+            && dpkg -i dovecot-core_$DOVECOT_BUILD_VERSION-1_$(echo `dpkg --print-architecture`).deb
+
+RUN mkdir -p /tmp/build \
+  && cd /tmp/build/ && git clone -b $PIGEONHOLE_BUILD_VERSION --depth=1 https://github.com/dovecot/pigeonhole.git pigeonhole \
+  && cd pigeonhole \
+  && ./autogen.sh \
+  && ./configure --sysconfdir=/etc --with-dovecot-install-dirs \
+  # && make \
+  && mkdir -p '/usr/local/lib/dovecot/sieve' \
+              '/usr/local/lib/dovecot/settings' \
+              '/usr/local/share/doc/dovecot/example-config'  \
+              '/usr/local/share/doc/dovecot/sieve/extensions'
+
+RUN cd /tmp/build/pigeonhole && checkinstall --pkgname=dovecot-pigeonhole --pkgversion=${DOVECOT_BUILD_VERSION} --pkgarch=$(echo `dpkg --print-architecture`) -D -y
+
+RUN cd /tmp/build/pigeonhole && curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --verbose \
+     --upload-file dovecot-pigeonhole_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb \
+     "https://gitlab.com/api/v4/projects/$CI_PROJECT_ID/packages/generic/dovecot/${DOVECOT_BUILD_VERSION}/dovecot-pigeonhole_${DOVECOT_BUILD_VERSION}-1_$(echo `dpkg --print-architecture`).deb"
+

docs/projects/docker-mail/dkim.md

@@ -0,0 +1,181 @@
+---
+title: Amavis DKIM Signing configuration
+Description: How to configure DKIM for No Fuss Computings mail server.
+date: 2022-02-16
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/docker-mail
+---
+
+To utilise DKIM message signing for outbound mail (leaving the server), you will need to configure dkim to use your certificates.
+
+This document assumes that your are familar with amavis and DKIM E-Mail signing. Without this assumed knowledge, there may be uninteded consequences.
+
+
+## DKIM Key creation
+
+You will be required to generate your DKIM signing certificates for the E-Mail domains that you utilise. The recommended location for DKIM keys is `/certs/amavis/dkim`, this ensures they are included in the backups.
+
+``` bash title="bash"
+
+$ amavisd-new genrsa /certs/amavis/dkim/example.org.dkim.pem 2048 # (1)!
+
+$ chmod g+r /certs/amavis/dkim/example.org.dkim.pem # (2)!
+
+$ chgrp amavis /certs/amavis/dkim/example.org.dkim.pem # (2)!
+
+```
+
+1. create your DKIM Key
+
+    is an RSA Key
+
+    has a key of length 2048 bits _[See RFC6376 - Key Sizes](https://datatracker.ietf.org/doc/html/rfc6376#section-3.3.3)_
+
+    saved to location `/certs/amavis/dkim/` with a name of `example.org.dkim.pem`
+
+    The filename is crucial and has some requirements:
+
+    - `example.org` set to your E-Mail domain name.
+
+    - `dkim` is the key selector that will be utilised during the amavis configuration
+
+    - `.pem` is the file extension
+
+    For example: if you have a E-Mail domain called `myemail.com` and wanted to use a key selector of `q2` for second quarter of teh year, you would use command `amavisd-new genrsa /certs/amavis/dkim/myemail.com.q2.pem 2048` to create your dkim signing key. _not forgetting that `q2` needs to be added to your amavis config, see below_
+
+2. Set the permissions for your dkim signing key to only be accessable to amavis
+
+
+## Configuring Amavis
+
+To configure amavis, you will be required to create a confiuguration file with your E-Mail domain settings. you can name this file anything you wish, as long as the filename is oredered after `90-dkim`. The configuration file needs to be located in `/etc/amavis/conf.d/` and amavis will need to be restarted `supervisorctl restart amavis` for the configuration to take effect.
+
+!!! tip Note
+    Ensure you adjust all occurances of `example.org` to match your E-Mail domain
+
+
+``` conf title="/etc/amavis/conf.d/99-dkim-keys"
+
+dkim_key(
+    'example.org', # (1)!
+    'dkim', # (2)!
+    '/certs/amavis/dkim/example.org.dkim.pem' # (3)!
+);
+
+
+@dkim_signature_options_bysender_maps = (
+    {
+        "example.org" => { # (1)!
+            s   => 'dkim', # (2)! # (4)!
+            d   => 'example.org', # (1)!
+            a   => 'rsa-sha256', # (5)!
+            ttl => 30*24*3600 # (6)!
+        }
+    }
+);
+
+```
+
+1. Adjust to suit your domain name
+
+2. This is the key selector _located in the filename, `{E-Mail domain}.{key_selector}.pem`_.
+
+3. This is the location of the DKIM Signing key. This must match the name given during key generation.
+
+4. This is the key selector. Only this key will be used to sign the E-Mails if it matches the E-Mail domain name.
+
+5. This is the key signing algorithm
+
+6. This is the signed E-Mail validity duration `30*24*3600` = `30 days * 24 hours * seconds in one hour`. This value is used to set the E-Mails signature validation period.
+
+!!! Tip
+    you can add as many `dkim_key` sections to your config as required.
+
+!!! note
+    if you don't place a domain entry in `@dkim_signature_options_bysender_maps` that matches your E-Mail domain, any email sent from that domain will not be dkim signed. You can specify `'.'` for the domain entry to capture all domains.
+
+Once configuration is complete issue command `supervisorctl restart amavis` to load the config changes
+
+
+## Configuring DNS
+
+Once you have configured Amavis and created your DKIM keys, you will need to configure DNS. For this you will require the DKIM Key information. Since we are using Amavis, issue command `amavisd-new showkeys` to display your keys and the required dns config.
+
+``` bash title="DNS Configuration"
+
+$ amavisd-new showkeys
+; key#1 4096 bits, i=dkim, d=example.org, /certs/amavis/dkim/example.org.dkim.pem
+dkim._domainkey.example.org.    3600 TXT (
+  "v=DKIM1; p="
+  "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArP2MsM5q9IbgVTxwj0nA"
+  "2Iqa8NsL5L72TGEnBib8nusfoFWw5G8yGpAkterD7w9hIhCiRbpXakzQ8a9vrsnF"
+  "HsQph79d02mAndE9VS3b+dxABzGKNWdRszrKHDb4q8OeX+g6fsPlPlIOb1ngg4qo"
+  "oVJTlswV3KacE7OwGq1ZRy8X6CIAjzeiC3x7qiBH5Yxi895i7GLeTwMKQY8mIv1Z"
+  "iLVoNcH5lpB3FOJFWtXiztpkQaLLVY/YQAGzwRnWQHcqRd6ybtf9q34ADYhq1gZb"
+  "NC6GOnkets6mv2o7daTQ78Sr+GO2/4DpciXGIDB8QbbX4Qh0kaazEqx9HlGG7MC2"
+  "TdyIjmMF0pzI9qjVDdkXvwFJLLyIDP4Y4DgGuVHi/+Zdi9YtxcWrKpb8Zv+32xgU"
+  "Qvz8EQt03upcpxB0aVRkK1I6GYKYr3I0uhYhfBZdUonUkxaklcnrQZVsooo+xont"
+  "MMyPbPM6HYf0KJZCxGa6AYrIiYlnj7giudVTJdvA1J3IOQEGjq0tRmH0id/Qv2F5"
+  "Po5zMEPMtx/pcWcqEJEC7/phgboQ3vkZYf/lCqZ8T2JXAIE9ujQFTFE86v+pXhVf"
+  "98/oY4n5PN9LYfaflkTOmWyfig/qQ7mCjxdaYnOko9hlUnaRGrG5d6Dfy16qFt64"
+  "PYEseCN67yeWZz8r1NaZHckCAwEAAQ==")
+$ 
+
+```
+
+1. Using the example output from the above command, displays the required DNS txt entry.
+
+    Create a DNS `TXT` entry named `dkim._domainkey.example.org` The breakdown of this name is as follows `{key selector}._domainkey.{domain name}`
+
+    !!! note
+        if you have configured amavis correctly, the selector and domain name will match your E-Mail domain.
+
+    Give it a TTL of at least `3600`. Any value can be set here. However understand that if the duration is too long, if you need to change your key, the ttl period will need to pass before any cached look ups will expire.
+
+    enter the value of (obviously, use the output of your command run):
+
+    ``` text
+    "v=DKIM1; p="
+      "MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEArP2MsM5q9IbgVTxwj0nA"
+      "2Iqa8NsL5L72TGEnBib8nusfoFWw5G8yGpAkterD7w9hIhCiRbpXakzQ8a9vrsnF"
+      "HsQph79d02mAndE9VS3b+dxABzGKNWdRszrKHDb4q8OeX+g6fsPlPlIOb1ngg4qo"
+      "oVJTlswV3KacE7OwGq1ZRy8X6CIAjzeiC3x7qiBH5Yxi895i7GLeTwMKQY8mIv1Z"
+      "iLVoNcH5lpB3FOJFWtXiztpkQaLLVY/YQAGzwRnWQHcqRd6ybtf9q34ADYhq1gZb"
+      "NC6GOnkets6mv2o7daTQ78Sr+GO2/4DpciXGIDB8QbbX4Qh0kaazEqx9HlGG7MC2"
+      "TdyIjmMF0pzI9qjVDdkXvwFJLLyIDP4Y4DgGuVHi/+Zdi9YtxcWrKpb8Zv+32xgU"
+      "Qvz8EQt03upcpxB0aVRkK1I6GYKYr3I0uhYhfBZdUonUkxaklcnrQZVsooo+xont"
+      "MMyPbPM6HYf0KJZCxGa6AYrIiYlnj7giudVTJdvA1J3IOQEGjq0tRmH0id/Qv2F5"
+      "Po5zMEPMtx/pcWcqEJEC7/phgboQ3vkZYf/lCqZ8T2JXAIE9ujQFTFE86v+pXhVf"
+      "98/oY4n5PN9LYfaflkTOmWyfig/qQ7mCjxdaYnOko9hlUnaRGrG5d6Dfy16qFt64"
+      "PYEseCN67yeWZz8r1NaZHckCAwEAAQ=="
+    ```
+
+    !!! tip Note
+        If you have multiple keys, the above command will output all of the keys and selectors that was configured within amavis.
+
+2. once dns is configured, you can test the DNS entries and amavis config with the following command `amavisd testkeys` if the tests pass, you have configured it properly.
+
+
+## Changing DKIM Keys
+
+To change your DKIM keys, generate new ones, ensuring you utilise a differently named selector and update `99-dkim-keys` with your new key details. You will also be required to update the DNS entries.
+
+!!! alert Danger
+    If you reconfigure amavis to sign your E-Mails with a new key before the DNS changes take effect (before cache expires), you run the risk of having your E-Mails fail the receiving servers DKIM checks.
+    It is recommended that you do the following:
+    
+        1. generate the new key, add it to a new `dkim_key` section in file `99-dkim-keys`
+
+        2. run `amavisd-new showkeys` to get your dns config. Reconfigure DNS with the new key
+
+        3. wait 24 hours
+
+        5. Prevent users from sending emails (or do after hours when the mail server would normally be quite)
+
+        3. edit the `s` to match the new key selector and `d` value to match the domain name in the new key file in section `@dkim_signature_options_bysender_maps` in file `99-dkim-keys`
+
+        6. restart amavis with `supervisorctl restart amavis`
+
+        7. test the config with `amavisd testkeys`. if the tests pass, thumbs up.
+
+        8. you are good to go.

docs/projects/docker-mail/index.md

@@ -0,0 +1,7 @@
+---
+title: No Fuss Computings Dockr Mail Server
+description: How to use No Fuss Computings Dcokerized E-Mail Server
+date: 2023-05-22
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/docker-mail
+---

docs/projects/docker-mail/spf.md

@@ -0,0 +1,41 @@
+---
+title: SPF configuration
+Description: How to configure SPF for No Fuss Computings docker mail server.
+date: 2022-02-17
+template: project.html
+about: https://gitlab.com/nofusscomputing/projects/docker-mail
+---
+
+Sender Policy Framework (SPF) is defined in [RFC7208, Sender Policy Framework (SPF) for Authorizing Use of Domains in Email](https://datatracker.ietf.org/doc/html/rfc7208).
+
+DNS SPF text record example:
+
+``` text
+
+IN    TXT    "v=spf1 mx a ip4:192.168.0.100 ip6:2001:ef3:2911::/64"
+                 " a:mail.example.org a:mail2.example.org -all"
+
+```
+
+1. `v=spf1` Version attribute. only v1 available.
+
+2. `mx` `a` DNS record type. This indicated that `mx` and `a` records within the domain are authorized senders.
+
+3. `ip4:192.168.0.100` indicates that an ipv4 address as specified is authorized as a sender.
+
+4. `ip6:2001:ef3:2911::/64` Sepcifies that an ipv6 subnet is authorized as a sender
+
+5. `-all` specifies a fail if the sender doesn't match what is specified in the record. other valid qualifiers are "+" pass, "-" fail, "~" softfail, "?" neutral
+
+!!! tip
+    To allow only specified MX DNS records to be the only specified senders, create a record as follows:
+
+    ``` text
+    IN    TXT    "v=spf1 mx -all"
+    ```
+
+    If your MX servers only receive mail, then this option is not suitable. you'll have to use the hostname of the receiving server.
+
+    ``` text
+    IN    TXT    "v=spf1 a:mail.example.org -all"
+    ```

include/bin/backup.sh

@@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -e
+
+backup_version=1.0
+back_file_name="mail_server-$backup_version-$(date +%Y-%m-%d-%H%M-%Z).tar.gz"
+
+start=$(date '+%s')
+
+includes=(/srv/mail)
+includes+=(/certs)
+includes+=(/var/spool/postfix)
+includes+=(/var/spool/spamassassin)
+includes+=(/var/log)
+includes+=(/var/lib/amavis)
+
+
+excludes=(--exclude=*.sock)
+
+backup_command="tar -czpvf $back_file_name ${excludes[@]} ${includes[@]}"
+
+cd /tmp
+
+echo "$backup_command"
+
+if ! $backup_command; then
+  status="tar failed"
+elif ! mv "/tmp/$back_file_name" /backup/ ; then
+  status="mv failed"
+else
+  status="success: version=$backup_version size=$(stat -c%s /backup/$back_file_name) duration=$((`date '+%s'` - $start)) command='$backup_command'"
+fi
+
+
+logger -t backup "$status"
+
+
+if [ "0$POST_MASTER_EMAIL" != "0" ]; then
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d "${POST_MASTER_EMAIL}" -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+To: ${POST_MASTER_EMAIL}
+From: Mail Server <NO-REPLY@$(hostname -f)>
+Subject: Backup $(date +%Y-%m-%d-%H:%M-%Z)
+
+Server backups have occured on $(hostname -f)
+
+Summary:
+
+    $status
+
+EOF
+
+fi
+

include/bin/group-mailbox.sh

@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+MAILBOX_USER=$1
+USER_LOGIN_NAME=$2
+
+if [ "0$MAILBOX_USER" = "0" ]; then 
+
+echo " You must specify a mailbox to share";
+
+elif [ "0$USER_LOGIN_NAME" = "0" ]; then
+
+echo " You must specify a user the mailbox is to be shared with";
+
+else
+
+
+doveadm acl add -u $MAILBOX_USER Inbox user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
+doveadm acl add -u $MAILBOX_USER Archive user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
+doveadm acl add -u $MAILBOX_USER Drafts user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
+doveadm acl add -u $MAILBOX_USER Sent user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
+doveadm acl add -u $MAILBOX_USER Spam user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d ${$USER_LOGIN_NAME} -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+From: Postmaster <NO-REPLY@$(hostname -f)>
+Subject: New Shared Mailbox ($MAILBOX_USER)
+
+Hi,
+
+Just letting you known that mailbox $MAILBOX_USER, has been shared with you.
+
+You have visibility of the following folders
+
+- Inbox
+- Archive
+- Drafts
+- Sent
+- Spam
+
+EOF
+
+
+fi
+

include/bin/postfix.sh

@@ -0,0 +1,14 @@
+#! /bin/bash
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+service postfix start
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "$(< /var/spool/postfix/pid/master.pid)"
+do
+  sleep 5
+done
+

include/bin/quota-warning.sh

@@ -0,0 +1,20 @@
+#!/bin/sh
+
+PERCENT=$1
+USER=$2
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+From: Postmaster <NO-REPLY@$(hostname -f)>
+Subject: Mailbox Quota Warning
+
+Hi,
+
+Just wanted to let you know that Your mailbox is now $PERCENT% full.
+
+Note: This is an automated message. Please do not respond to it.
+
+TIP: 
+
+EOF

include/bin/spam-learn.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+
+set -e
+
+start=$(date '+%s')
+
+POSTMASTER="${1}"
+
+# for testing script
+#POSTMASTER=postmaster@example.org
+
+HAM_REPORT=''
+
+SPAM_REPORT=''
+
+for i in /srv/mail/* ; do
+  if [ -d "$i" ]; then
+
+    HAM_REPORT=$(printf "$HAM_REPORT\n\nMailbox: $i\n    $(sa-learn --ham --showdots --sync $i/mail/cur)\n")
+
+    SPAM_REPORT=$(printf "$SPAM_REPORT\n\nMailbox: $i\n    $(sa-learn --spam --showdots --sync $i/mail/Spam/cur)\n")
+
+  fi
+done
+
+
+if [ "0$POST_MASTER_EMAIL" != "0" ]; then
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d "${POST_MASTER_EMAIL}" -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+To: ${POST_MASTER_EMAIL}
+From: Mail Server <NO-REPLY@$(hostname -f)>
+Subject: Spam Learning Report $(date +%Y-%m-%d-%H:%M-%Z)
+
+Command: /bin/spam-learn.sh
+
+Scan duration: $((`date '+%s'` - $start))
+
+
+****************** Ham Scan ******************
+$HAM_REPORT
+
+
+
+****************** Spam Scan ******************
+
+$SPAM_REPORT
+
+EOF
+
+fi

include/bin/welcome-email.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+
+set -e
+
+USER=$1
+
+cat << EOF | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"
+Auto-Submitted: auto-generated
+Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
+From: Postmaster <NO-REPLY@$(hostname -f)>
+Subject: New User Welcome
+
+Hi,
+
+This E-Mail has been sent to inform you of some of the ins and outs of this E-Mail server.
+
+Features available to you:
+- IMAP Sieve
+- Spam automatically sent to your spam folder
+- Ability to share your E-mail folders with other users
+
+
+Quota
+=====
+Your mailbox has a set quota that should be visible in your E-Mail client. A quota is the storage space that your E-Mails use. It is your responsability to keep you storage below your allocated quota, or you won't be able to send or receive E-Mails.
+
+
+Spam
+====
+Spam is defined as unwanted messages, which sometimes contains malicious software. It's advised if you receive a message you think is spam, don't open it. Move it to your spam folder. Any spam that we detect, will automatically delivered to your spam folder. If we miss a spam messages, as stated earlier, please move it to your spam folder.
+
+We have a learning bot that automagically uses your spam folder to learn why it is spam. After our AI learns, it will be better next time at catching the spam messages so you don't have to.
+
+$(if [ "0$POST_MASTER_EMAIL" != "0" ]; then echo "If you have any concerns, please email the postmaster ($POST_MASTER_EMAIL)."; fi )
+
+EOF

include/docker-entrypoint.sh

@@ -0,0 +1,123 @@
+#!/bin/bash
+
+set -e
+
+if [ "0$POST_MASTER_EMAIL" != "0" ]; then export MAILTO="$POST_MASTER_EMAIL"; fi
+
+# Populate this file so cron has access to env vars. thanks to https://stackoverflow.com/a/41938139
+printenv | grep -v "no_proxy" > /etc/environment
+
+
+if [ -f "/var/run/amavis/amavisd.pid" ]; then rm /var/run/amavis/amavisd.pid; fi
+
+
+if [ "$1" == "" ]; then
+
+    echo "Setup server type ($SERVERTYPE)"
+
+    echo "[Information] starting supervisor daemon"
+    /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
+
+    bash
+
+fi
+
+# compile sieve scripts
+for file in /etc/dovecot/sieve/*.sieve ; 
+do 
+
+  sievec $file; 
+
+done
+
+
+mkdir -p /var/lock/fetchmail
+
+chown debian-spamd:vmail -R /var/spool/spamassassin
+
+chmod 777 /var/spool/spamassassin
+
+if [ "$1" == "setup" ]; then
+
+
+
+if [ ! -f /certs/amavis/dkim/example.org.dkim.pem ]; then
+
+        echo "[WARNING] Creating DKIM Cert, example.org. Consider Creating your own";
+
+        amavisd-new genrsa /certs/amavis/dkim/example.org.dkim.pem 4096;
+
+        chmod g+r /certs/amavis/dkim/example.org.dkim.pem;
+
+        chgrp amavis /certs/amavis/dkim/example.org.dkim.pem;
+
+        amavisd-new showkeys example.org;
+    fi
+
+
+    supervisorctl start amavis;
+
+
+postconf -e "myhostname = $(`echo hostname -f`)"
+
+
+    if [ ! -f /certs/dovecot/key.pem ]; then
+
+        echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
+
+        openssl req  -nodes -new -x509 -keyout /certs/dovecot/key.pem -out /certs/dovecot/cert.pem -subj '/CN=localhost'
+
+    fi
+
+    if [ ! -f /certs/dovecot/dh.pem ]; then
+
+        echo "[Information] Creating DHPEM Key"
+
+        openssl dhparam -out /certs/dovecot/dh.pem 2048
+
+    fi
+
+
+    echo "[Information] Start dovecot"
+
+    supervisorctl start dovecot
+
+
+    sed -i -r -e 's/^manpage_directory/#manpage_directory/' /etc/postfix/main.cf.proto
+
+    sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files
+
+    sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files.d/*
+
+
+    if [ ! -f /certs/postfix/key.pem ]; then
+
+        echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
+
+        openssl req  -nodes -new -x509 -keyout /certs/postfix/key.pem -out /certs/postfix/cert.pem -subj '/CN=localhost'
+
+    fi
+
+
+    echo "[Information] set postfix permissions"
+
+    postfix set-permissions create-missing
+
+    postmap /etc/postfix/header_checks_outbound
+
+    postmap /etc/postfix/header_checks_privacy
+
+    echo "[Information] start postfix"
+
+
+#    supervisorctl start amavis
+
+    supervisorctl start postfix
+
+
+else
+
+    exec "$@"
+
+fi
+

include/etc/amavis/conf.d/15-content_filter_mode

@@ -0,0 +1,27 @@
+use strict;
+
+# You can modify this file to re-enable SPAM checking through spamassassin
+# and to re-enable antivirus checking.
+
+#
+# Default antivirus checking mode
+# Please note, that anti-virus checking is DISABLED by 
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+#@bypass_virus_checks_maps = (
+#   \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
+
+
+#
+# Default SPAM checking mode
+# Please note, that anti-spam checking is DISABLED by 
+# default.
+# If You wish to enable it, please uncomment the following lines:
+
+
+@bypass_spam_checks_maps = (
+   \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
+
+1;  # ensure a defined return

include/etc/amavis/conf.d/40-socket

@@ -0,0 +1,10 @@
+#
+# Socket config
+#
+
+# Listening socket
+#   10023 - Submission, Outbound mail
+#   10024 - SMTP, Inbound mail
+
+$inet_socket_port = [10023, 10024]
+

include/etc/amavis/conf.d/50-user

@@ -0,0 +1,39 @@
+use strict;
+
+#
+# Place your configuration directives here.  They will override those in
+# earlier files.
+#
+# See /usr/share/doc/amavisd-new/ for documentation and examples of
+# the directives you can use in this file
+#
+
+# Higher log level to get expected messages at startup
+$log_level = 2;
+
+$X_HEADER_LINE = "Virus Scanning product";
+
+$virus_admin = "postmaster";
+$banned_admin = "postmaster";
+
+$final_virus_destiny      = D_DISCARD;  # (data not lost, see virus quarantine)
+$final_banned_destiny     = D_DISCARD;  
+$final_spam_destiny       = D_PASS;    
+$final_bad_header_destiny = D_PASS;
+
+$sa_spam_subject_tag = '';
+$sa_tag_level_deflt  = -999;  # add spam info headers if at, or above that level
+$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
+$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
+$sa_dsn_cutoff_level = 10;   # spam level beyond which a DSN is not sent
+
+$spam_quarantine_to       = undef;
+
+# disable the "Received" headers to be added to the mail header
+#$allowed_added_header_fields{lc('Received')} = 0;
+
+
+#------------ Do not modify anything below this line -------------
+1;  # ensure a defined return
+
+

include/etc/amavis/conf.d/60-policy-bank-submission

@@ -0,0 +1,11 @@
+
+$interface_policy{'10023'} = 'SUBMISSION';
+
+$policy_bank{'SUBMISSION'} = {
+    originating => 1,
+    smtpd_discard_ehlo_keywords => ['8BITMIME'],
+    final_banned_destiny => D_BOUNCE, # Bounce so user is notified
+    final_spam_destiny => D_BOUNCE, # Bounce so user is notified
+    final_virus_destiny => D_BOUNCE, # Bounce so user is notified
+};
+

include/etc/amavis/conf.d/90-dkim

@@ -0,0 +1,4 @@
+
+$enable_dkim_signing = 1;
+
+$enable_dkim_verification = 1;

include/etc/amavis/conf.d/99-dkim-keys

@@ -0,0 +1,18 @@
+dkim_key(
+    'example.org',
+    'dkim',
+    '/certs/amavis/dkim/example.org.dkim.pem'
+);
+
+
+@dkim_signature_options_bysender_maps = (
+    {
+        "example.org" => {
+            s   => 'dkim',
+            d   => 'example.org',
+            a   => 'rsa-sha256',
+            ttl => 10*24*3600
+        }
+    }
+);
+

include/etc/cron.d/container_backup

@@ -0,0 +1,6 @@
+#
+#  Backup the docker container 
+#
+# m h dom mon dow user  command
+01 0,3,6,9,12,15,18,21	* * *	root	/bin/backup.sh >/dev/null 2>&1
+

include/etc/cron.d/fetchmail

@@ -0,0 +1,6 @@
+#
+#  SpamAssassin Bayes learning from mailboxes 
+#
+# m h dom mon dow user  command
+#20,50 *	* * *	root	if [ "0$USE_FETCHMAIL_PL" != "0" ]; then /bin/fetchmail.pl 2>&1; fi
+

include/etc/cron.d/logrotate

@@ -0,0 +1,6 @@
+#
+#  Run Log rotate 
+#
+# m h dom mon dow user  command
+1 0	* * *	root	/usr/sbin/logrotate -f /etc/logrotate.conf >/dev/null
+

include/etc/cron.d/sa-learn

@@ -0,0 +1,6 @@
+#
+#  SpamAssassin Bayes learning from mailboxes 
+#
+# m h dom mon dow user  command
+30 0,3,6,9,12,15,18,21	* * *	debian-spamd	/bin/spam-learn.sh >/dev/null 2>&1
+

include/etc/default/spamassassin

@@ -0,0 +1,2 @@
+OPTIONS="--create-prefs --max-children 5 --username debian-spamd --helper-home-dir /home/spamd/ -s /var/log/spamd.log"
+CRON=1

include/etc/dovecot/conf.d/10-auth.conf

@@ -0,0 +1,31 @@
+##
+## Authentication processes
+##
+
+
+#auth_verbose = yes
+#auth_debug=yes
+
+
+#disable_plaintext_auth = yes
+
+#auth_mechanisms = plain login
+auth_mechanisms = plain
+
+mail_access_groups=vmail
+mail_uid=vmail
+mail_gid=vmail
+
+
+auth_username_format = %Lu
+
+userdb {
+    driver = ldap
+    args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
+}
+
+passdb {
+    driver = ldap
+    args = /etc/dovecot/dovecot-ldap.conf.ext
+}
+

include/etc/dovecot/conf.d/10-logging.conf

@@ -0,0 +1,95 @@
+##
+## Log destination.
+##
+
+log_path=/var/log/dovecot.log
+
+
+
+##
+## Logging verbosity and debugging.
+##
+
+# Log filter is a space-separated list conditions. If any of the conditions
+# match, the log filter matches (i.e. they're ORed together). Parenthesis
+# are supported if multiple conditions need to be matched together.
+#
+# See https://doc.dovecot.org/configuration_manual/event_filter/ for details.
+#
+# For example: event=http_request_* AND category=error AND category=storage
+#
+# Filter to specify what debug logging to enable. This will eventually replace
+# mail_debug and auth_debug settings.
+#log_debug = 
+
+# Crash after logging a matching event. For example category=error will crash
+# any time an error is logged, which can be useful for debugging.
+#log_core_filter = 
+
+# Log unsuccessful authentication attempts and the reasons why they failed.
+auth_verbose = yes
+
+# In case of password mismatches, log the attempted password. Valid values are
+# no, plain and sha1. sha1 can be useful for detecting brute force password
+# attempts vs. user simply trying the same password over and over again.
+# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
+#auth_verbose_passwords = no
+
+# Even more verbose logging for debugging purposes. Shows for example SQL
+# queries.
+#auth_debug = no
+
+# In case of password mismatches, log the passwords and used scheme so the
+# problem can be debugged. Enabling this also enables auth_debug.
+#auth_debug_passwords = no
+
+# Enable mail process debugging. This can help you figure out why Dovecot
+# isn't finding your mails.
+#mail_debug = no
+
+# Show protocol level SSL errors.
+#verbose_ssl = yes
+
+# mail_log plugin provides more event logging for mail processes.
+plugin {
+  # Events to log. Also available: flag_change append
+  #mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
+  # Available fields: uid, box, msgid, from, subject, size, vsize, flags
+  # size and vsize are available only for expunge and copy events.
+  #mail_log_fields = uid box msgid size
+}
+
+##
+## Log formatting.
+##
+
+# Prefix for each line written to log file. % codes are in strftime(3)
+# format.
+#log_timestamp = "%b %d %H:%M:%S "
+
+# Space-separated list of elements we want to log. The elements which have
+# a non-empty variable value are joined together to form a comma-separated
+# string.
+#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
+
+# Login log format. %s contains login_log_format_elements string, %$ contains
+# the data we want to log.
+#login_log_format = %$: %s
+ 
+# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
+# possible variables you can use.
+#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
+
+# Format to use for logging mail deliveries:
+#  %$ - Delivery status message (e.g. "saved to INBOX")
+#  %m / %{msgid} - Message-ID
+#  %s / %{subject} - Subject
+#  %f / %{from} - From address
+#  %p / %{size} - Physical size
+#  %w / %{vsize} - Virtual size
+#  %e / %{from_envelope} - MAIL FROM envelope
+#  %{to_envelope} - RCPT TO envelope
+#  %{delivery_time} - How many milliseconds it took to deliver the mail
+#  %{session_time} - How long LMTP session took, not including delivery_time
+#  %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
+#deliver_log_format = msgid=%m: %$

include/etc/dovecot/conf.d/10-mail.conf

@@ -0,0 +1,13 @@
+##
+## Mailbox locations and namespaces
+##
+
+mail_home = /srv/mail/%u
+mail_location = maildir:~/mail:LAYOUT=fs
+
+
+mailbox_list_index = yes
+
+mail_shared_explicit_inbox = yes
+
+

include/etc/dovecot/conf.d/10-master.conf

@@ -0,0 +1,79 @@
+##
+## Services
+##
+
+mail_plugins = $mail_plugins acl quota welcome
+
+service auth {
+
+    unix_listener /var/spool/postfix/private/dovecot/auth {
+        #mode = 0660
+        mode=0777
+        user = postfix
+        group = postfix
+    }
+
+    unix_listener auth-userdb {
+      mode=0777 
+    }
+}
+
+service imap {
+
+}
+
+
+service imap-login {
+    inet_listener imap {
+        port = 0
+    }
+    inet_listener imaps {
+        port = 993
+        ssl = yes
+    }
+    
+    service_count = 1
+    process_min_avail = 1
+}
+
+
+#service imap-postlogin {
+  # all post-login scripts are executed via script-login binary
+#  executable = script-login -d /etc/dovecot/acl_groups.py
+
+  # the script process runs as the user specified here (v2.0.14+):
+#  user = $default_internal_user
+  
+  # this UNIX socket listener must use the same name as given to imap executable
+#  unix_listener imap-postlogin {
+#  }
+#}
+
+
+service lmtp {
+  unix_listener /var/spool/postfix/private/lda {
+    group = postfix
+    mode = 0600
+    user = postfix
+  }
+}
+
+
+service pop3-login {
+  inet_listener pop3 {
+    #port = 110
+  }
+  inet_listener pop3s {
+    #port = 995
+    #ssl = yes
+  }
+}
+
+
+
+service submission-login {
+  inet_listener submission {
+    #port = 587
+  }
+}
+

include/etc/dovecot/conf.d/10-ssl.conf

@@ -0,0 +1,20 @@
+##
+## SSL settings
+##
+
+
+#verbose_ssl = yes
+
+ssl = required
+
+ssl_prefer_server_ciphers = yes
+
+ssl_client_ca_dir = /etc/ssl/certs
+
+ssl_dh = </certs/dovecot/dh.pem
+ssl_cert = </certs/dovecot/cert.pem
+ssl_key = </certs/dovecot/key.pem
+
+# Generated by https://ssl-config.mozilla.org/ 
+ssl_min_protocol = TLSv1.2
+ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

include/etc/dovecot/conf.d/15-lda.conf

@@ -0,0 +1,49 @@
+##
+## LDA specific settings (also used by LMTP)
+##
+
+# Address to use when sending rejection mails.
+# Default is postmaster@%d. %d expands to recipient domain.
+#postmaster_address =
+
+# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
+# in LMTP replies. Default is the system's real hostname@domain.
+#hostname = 
+
+# If user is over quota, return with temporary failure instead of
+# bouncing the mail.
+#quota_full_tempfail = no
+
+# Binary to use for sending mails.
+#sendmail_path = /usr/sbin/sendmail
+
+# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
+#submission_host =
+
+# Subject: header to use for rejection mails. You can use the same variables
+# as for rejection_reason below.
+#rejection_subject = Rejected: %s
+
+# Human readable error message for rejection mails. You can use variables:
+#  %n = CRLF, %r = reason, %s = original subject, %t = recipient
+#rejection_reason = Your message to <%t> was automatically rejected:%n%r
+
+# Delimiter character between local-part and detail in email address.
+#recipient_delimiter = +
+
+# Header where the original recipient address (SMTP's RCPT TO: address) is taken
+# from if not available elsewhere. With dovecot-lda -a parameter overrides this. 
+# A commonly used header for this is X-Original-To.
+#lda_original_recipient_header =
+
+# Should saving a mail to a nonexistent mailbox automatically create it?
+lda_mailbox_autocreate = yes
+
+# Should automatically created mailboxes be also automatically subscribed?
+lda_mailbox_autosubscribe = yes
+
+protocol lda {
+  # Space separated list of plugins to load (default is global mail_plugins).
+  mail_plugins = $mail_plugins sieve
+}
+

include/etc/dovecot/conf.d/15-mailboxes.conf

@@ -0,0 +1,75 @@
+##
+## Mailbox definitions
+##
+
+
+namespace inbox {
+  prefix =
+  type = private
+  separator = /
+  inbox = yes
+  list = yes
+
+  mailbox Archive {
+    auto = subscribe
+    special_use = \Archive
+  }
+
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+
+  mailbox Sent {
+    auto = subscribe # autocreate and autosubscribe the Sent mailbox
+    special_use = \Sent
+  }
+  mailbox "Sent Messages" {
+    special_use = \Sent
+  }
+
+  mailbox Spam {
+    auto = subscribe
+    special_use = \Junk
+    autoexpunge = 60d
+  }
+
+  mailbox Trash {
+    auto = subscribe
+    autoexpunge = 120d
+    special_use = \Trash
+  }
+
+  mailbox virtual/All { # if you have a virtual "All messages" mailbox
+    auto = no
+    special_use = \All
+  }
+
+  # If you have a virtual "Flagged" mailbox:
+  #mailbox virtual/Flagged {
+  #  special_use = \Flagged
+  #  comment = All my flagged messages
+  #}
+
+  # If you have a virtual "Important" mailbox:
+  #mailbox virtual/Important {
+  #  special_use = \Important
+  #  comment = All my important messages
+  #}
+
+}
+
+# Shared mailbox
+namespace {
+  type = shared
+  separator = /
+  prefix = shared/%%n@%%d/
+
+  location = maildir:%%h/mail:LAYOUT=fs:INDEXPVT=%h/mail/shared/%%n@%%d
+
+  subscriptions = no
+  list = children
+
+}
+
+

include/etc/dovecot/conf.d/20-imap.conf

@@ -0,0 +1,22 @@
+##
+## IMAP specific settings
+##
+
+# If nothing happens for this long while client is IDLEing, move the connection
+# to imap-hibernate process and close the old imap process. This saves memory,
+# because connections use very little memory in imap-hibernate process. The
+# downside is that recreating the imap process back uses some resources.
+imap_hibernate_timeout = 5M
+
+# Maximum IMAP command line length. Some clients generate very long command
+# lines with huge mailboxes, so you may need to raise this if you get
+# "Too long argument" or "IMAP command line too large" errors often.
+#imap_max_line_length = 64k
+
+
+
+protocol imap {
+    imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
+    mail_plugins = $mail_plugins imap_acl imap_quota
+
+}

include/etc/dovecot/conf.d/20-lmtp.conf

@@ -0,0 +1,18 @@
+##
+## LMTP specific settings
+##
+
+
+# Verify quota before replying to RCPT TO. This adds a small overhead.
+lmtp_rcpt_check_quota = yes
+
+# Add "Received:" header to mails delivered.
+#lmtp_add_received_header = no
+
+
+protocol lmtp {
+   info_log_path = /var/log/dovecot-lmtp.log
+#   postmaster_address = postmaster@example.org
+
+  mail_plugins = $mail_plugins sieve
+}

include/etc/dovecot/conf.d/20-managesieve.conf

@@ -0,0 +1,85 @@
+##
+## ManageSieve specific settings
+##
+
+# Uncomment to enable managesieve protocol:
+#protocols = $protocols sieve
+
+# Service definitions
+
+service managesieve-login {
+  inet_listener sieve {
+    port = 4190
+  }
+
+  #inet_listener sieve_deprecated {
+  #  port = 2000
+  #}
+
+  # Number of connections to handle before starting a new process. Typically
+  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+  # is faster. <doc/wiki/LoginProcess.txt>
+  service_count = 1
+
+  # Number of processes to always keep waiting for more connections.
+  process_min_avail = 1
+
+  # If you set service_count=0, you probably need to grow this.
+  #vsz_limit = 64M
+}
+
+service managesieve {
+  # Max. number of ManageSieve processes (connections)
+  process_limit = 100
+}
+
+# Service configuration
+
+protocol sieve {
+  # Maximum ManageSieve command line length in bytes. ManageSieve usually does
+  # not involve overly long command lines, so this setting will not normally
+  # need adjustment
+  managesieve_max_line_length = 65536
+
+  # Maximum number of ManageSieve connections allowed for a user from each IP
+  # address.
+  # NOTE: The username is compared case-sensitively.
+  mail_max_userip_connections = 5
+
+  # Space separated list of plugins to load (none known to be useful so far).
+  # Do NOT try to load IMAP plugins here.
+  #mail_plugins =
+
+  # MANAGESIEVE logout format string:
+  #  %i - total number of bytes read from client
+  #  %o - total number of bytes sent to client
+  #  %{put_bytes} - Number of bytes saved using PUTSCRIPT command
+  #  %{put_count} - Number of scripts saved using PUTSCRIPT command
+  #  %{get_bytes} - Number of bytes read using GETCRIPT command
+  #  %{get_count} - Number of scripts read using GETSCRIPT command
+  #  %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
+  #  %{get_count} - Number of scripts checked using CHECKSCRIPT command
+  #  %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
+  #  %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
+  managesieve_logout_format = bytes=%i/%o
+
+  # To fool ManageSieve clients that are focused on CMU's timesieved you can
+  # specify the IMPLEMENTATION capability that Dovecot reports to clients.
+  # For example: 'Cyrus timsieved v2.2.13'
+  #managesieve_implementation_string = Dovecot Pigeonhole
+
+  # Explicitly specify the SIEVE and NOTIFY capability reported by the server
+  # before login. If left unassigned these will be reported dynamically
+  # according to what the Sieve interpreter supports by default (after login
+  # this may differ depending on the user).
+  #managesieve_sieve_capability =
+  #managesieve_notify_capability =
+
+  # The maximum number of compile errors that are returned to the client upon
+  # script upload or script verification.
+  #managesieve_max_compile_errors = 5
+
+  # Refer to 90-sieve.conf for script quota configuration and configuration of
+  # Sieve execution limits.
+}
+

include/etc/dovecot/conf.d/90-acl.conf

@@ -0,0 +1,28 @@
+##
+## Mailbox access control lists.
+##
+
+# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
+# You can also optionally give a global ACL directory path where ACLs are
+# applied to all users' mailboxes. The global ACL directory contains
+# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
+# specifies how many seconds to wait between stat()ing dovecot-acl file
+# to see if it changed.
+plugin {
+  # Per-user ACL:
+  acl = vfile
+
+  # (if yes) Creates an issue where shared folders inbox folder is 
+  # shown but clicking on the root folder, also displays the contents
+  # of the inbox.
+  #acl_defaults_from_inbox = yes
+
+  acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=60
+
+}
+
+plugin {
+
+  acl_shared_dict = file:/srv/mail/shared-mailboxes
+
+}

include/etc/dovecot/conf.d/90-plugin.conf

@@ -0,0 +1,21 @@
+##
+## Plugin settings
+##
+
+
+plugin {
+  welcome_script = welcome %u
+  welcome_wait = no
+}
+
+service welcome {
+  executable = script /bin/welcome-email.sh
+  user = dovecot
+  
+
+  unix_listener welcome {
+    user = dovecot
+    group = postfix
+    mode = 0766
+  }
+}

include/etc/dovecot/conf.d/90-quota.conf

@@ -0,0 +1,90 @@
+##
+## Quota configuration.
+##
+
+# Note that you also have to enable quota plugin in mail_plugins setting.
+# <doc/wiki/Quota.txt>
+
+##
+## Quota limits
+##
+
+plugin {
+  quota = maildir:User quota
+#  quota2 = maildir:Shared quota:ns=shared/
+
+  quota_rule = *:storage=200M
+  quota_rule2 = Trash:storage=+50M
+  quota_grace = 10%%
+
+  quota_max_mail_size = 25M
+
+  quota_status_success = DUNNO
+  quota_status_nouser = DUNNO
+  quota_status_overquota = "552 5.2.2 Mailbox is full"
+}
+
+
+
+#plugin {
+
+#  quota2 = maildir:Shared quota:ns=shared/
+#  quota_rule = *:storage=200M
+
+
+#  quota_max_mail_size = 25M
+
+#  quota_status_success = DUNNO
+#  quota_status_nouser = DUNNO
+#  quota_status_overquota = "552 5.2.2 Mailbox is full"
+
+#}
+
+
+
+##
+## Quota warnings
+##
+
+# You can execute a given command when user exceeds a specified quota limit.
+# Each quota root has separate limits. Only the command for the first
+# exceeded limit is executed, so put the highest limit first.
+# The commands are executed via script service by connecting to the named
+# UNIX socket (quota-warning below).
+# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
+
+plugin {
+  quota_warning = storage=50%% quota-warning 50 %u
+  quota_warning2 = storage=80%% quota-warning 80 %u
+  quota_warning3 = storage=90%% quota-warning 90 %u
+  quota_warning4 = storage=95%% quota-warning 95 %u
+}
+
+# Example quota-warning service. The unix listener's permissions should be
+# set in a way that mail processes can connect to it. Below example assumes
+# that mail processes run as vmail user. If you use mode=0666, all system users
+# can generate quota warnings to anyone.
+
+service quota-warning {
+  executable = script /bin/quota-warning.sh
+#  user = vmail
+
+  unix_listener quota-warning {
+    user = dovecot
+    group = vmail
+    mode = 0766
+  }
+}
+
+service quota-status {
+  
+  executable = quota-status -p postfix
+
+  unix_listener /var/spool/postfix/private/quota {
+    user = dovecot
+    group = vmail
+    mode = 0660
+  }
+  client_limit = 1
+}
+

include/etc/dovecot/conf.d/90-sieve-extprograms.conf

@@ -0,0 +1,45 @@
+# Sieve Extprograms plugin configuration
+
+# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
+# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
+# vnd.dovecot.filter and vnd.dovecot.execute) by adding these	to the
+# sieve_extensions or sieve_global_extensions settings. Restricting these
+# extensions to a global context using sieve_global_extensions is recommended.
+
+plugin {
+
+  # The directory where the program sockets are located for the
+  # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+  # respectively. The name of each unix socket contained in that directory
+  # directly maps to a program-name referenced from the Sieve script.
+  #sieve_pipe_socket_dir = sieve-pipe
+  #sieve_filter_socket_dir = sieve-filter
+  #sieve_execute_socket_dir = sieve-execute
+
+  # The directory where the scripts are located for direct execution by the
+  # vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
+  # respectively. The name of each script contained in that directory
+  # directly maps to a program-name referenced from the Sieve script.
+  #sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
+  #sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
+  #sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
+}
+
+# An example program service called 'do-something' to pipe messages to
+#service do-something {
+  # Define the executed script as parameter to the sieve service
+  #executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
+
+  # Use some unprivileged user for executing the program
+  #user = dovenull
+
+  # The unix socket located in the sieve_pipe_socket_dir (as defined in the 
+  # plugin {} section above)
+  #unix_listener sieve-pipe/do-something {
+    # LDA/LMTP must have access
+  #  user = vmail  
+  #  mode = 0600
+  #}
+#}
+
+

include/etc/dovecot/conf.d/90-sieve.conf

@@ -0,0 +1,210 @@
+##
+## Settings for the Sieve interpreter
+##
+
+# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
+# by adding it to the respective mail_plugins= settings.
+
+# The Sieve interpreter can retrieve Sieve scripts from several types of
+# locations. The default `file' location type is a local filesystem path
+# pointing to a Sieve script file or a directory containing multiple Sieve
+# script files. More complex setups can use other location types such as
+# `ldap' or `dict' to fetch Sieve scripts from remote databases.
+#
+# All settings that specify the location of one ore more Sieve scripts accept
+# the following syntax:
+#
+# location = [<type>:]path[;<option>[=<value>][;...]]
+#
+# If the type prefix is omitted, the script location type is 'file' and the 
+# location is interpreted as a local filesystem path pointing to a Sieve script
+# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+# information.
+
+plugin {
+  # The location of the user's main Sieve script or script storage. The LDA
+  # Sieve plugin uses this to find the active script for Sieve filtering at
+  # delivery. The "include" extension uses this location for retrieving
+  # :personal" scripts. This is also where the  ManageSieve service will store
+  # the user's scripts, if supported.
+  # 
+  # Currently only the 'file:' location type supports ManageSieve operation.
+  # Other location types like 'dict:' and 'ldap:' can currently only
+  # be used as a read-only script source ().
+  #
+  # For the 'file:' type: use the ';active=' parameter to specify where the
+  # active script symlink is located.
+  # For other types: use the ';name=' parameter to specify the name of the
+  # default/active script.
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+
+  # The default Sieve script when the user has none. This is the location of a
+  # global sieve script file, which gets executed ONLY if user's personal Sieve
+  # script doesn't exist. Be sure to pre-compile this script manually using the
+  # sievec command line tool if the binary is not stored in a global location.
+  # --> See sieve_before for executing scripts before the user's personal
+  #     script.
+  #sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+  # The name by which the default Sieve script (as configured by the 
+  # sieve_default setting) is visible to the user through ManageSieve. 
+  #sieve_default_name = 
+
+  # Location for ":global" include scripts as used by the "include" extension.
+  #sieve_global_path = 
+
+  # The location of a Sieve script that is run for any message that is about to
+  # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+  # execution. This only happens when the "implicit keep" is canceled, by e.g.
+  # the "discard" action, and no actions that deliver the message are executed.
+  # This "discard script" can prevent discarding the message, by executing
+  # alternative actions. If the discard script does nothing, the message is
+	# still discarded as it would be when no discard script is configured.
+  #sieve_discard =
+
+  # Location Sieve of scripts that need to be executed before the user's
+  # personal script. If a 'file' location path points to a directory, all the 
+  # Sieve scripts contained therein (with the proper `.sieve' extension) are
+  # executed. The order of execution within that directory is determined by the
+  # file names, using a normal 8bit per-character comparison.
+  #
+  # Multiple script locations can be specified by appending an increasing number
+  # to the setting name. The Sieve scripts found from these locations are added
+  # to the script execution sequence in the specified order. Reading the
+  # numbered sieve_before settings stops at the first missing setting, so no
+  # numbers may be skipped.
+  #sieve_before = /var/lib/dovecot/sieve.d/
+  #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
+  #sieve_before3 = (etc...)
+  sieve_before = /etc/dovecot/sieve
+
+  # Identical to sieve_before, only the specified scripts are executed after the
+  # user's script (only when keep is still in effect!). Multiple script
+  # locations can be specified by appending an increasing number.
+  #sieve_after =
+  #sieve_after2 =
+  #sieve_after2 = (etc...)
+
+  # Which Sieve language extensions are available to users. By default, all
+  # supported extensions are available, except for deprecated extensions or
+  # those that are still under development. Some system administrators may want
+  # to disable certain Sieve extensions or enable those that are not available
+  # by default. This setting can use '+' and '-' to specify differences relative
+  # to the default. For example `sieve_extensions = +imapflags' will enable the
+  # deprecated imapflags extension in addition to all extensions were already
+  # enabled by default.
+  #sieve_extensions = +notify +imapflags
+
+  sieve_extensions=-vacation -enotify -editheader imap4flags
+
+  # Which Sieve language extensions are ONLY available in global scripts. This
+  # can be used to restrict the use of certain Sieve extensions to administrator
+  # control, for instance when these extensions can cause security concerns.
+  # This setting has higher precedence than the `sieve_extensions' setting
+  # (above), meaning that the extensions enabled with this setting are never
+  # available to the user's personal script no matter what is specified for the
+  # `sieve_extensions' setting. The syntax of this setting is similar to the
+  # `sieve_extensions' setting, with the difference that extensions are
+  # enabled or disabled for exclusive use in global scripts. Currently, no
+  # extensions are marked as such by default.
+  #sieve_global_extensions =
+
+  # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
+  # setting, the used plugins can be specified. Check the Dovecot wiki
+  # (wiki2.dovecot.org) or the pigeonhole website
+  # (http://pigeonhole.dovecot.org) for available plugins.
+  # The sieve_extprograms plugin is included in this release.
+  #sieve_plugins =
+  sieve_plugins = sieve_extprograms
+
+  # The maximum size of a Sieve script. The compiler will refuse to compile any
+  # script larger than this limit. If set to 0, no limit on the script size is
+  # enforced.
+  #sieve_max_script_size = 1M
+
+  # The maximum number of actions that can be performed during a single script
+  # execution. If set to 0, no limit on the total number of actions is enforced.
+  #sieve_max_actions = 32
+
+  # The maximum number of redirect actions that can be performed during a single
+  # script execution. If set to 0, no redirect actions are allowed.
+  #sieve_max_redirects = 4
+
+  # The maximum number of personal Sieve scripts a single user can have. If set
+  # to 0, no limit on the number of scripts is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_scripts = 0
+
+  # The maximum amount of disk storage a single user's scripts may occupy. If
+  # set to 0, no limit on the used amount of disk storage is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_storage = 0
+
+  # The primary e-mail address for the user. This is used as a default when no
+  # other appropriate address is available for sending messages. If this setting
+  # is not configured, either the postmaster or null "<>" address is used as a
+  # sender, depending on the action involved. This setting is important when
+  # there is no message envelope to extract addresses from, such as when the
+  # script is executed in IMAP.
+  #sieve_user_email =
+
+  # The path to the file where the user log is written. If not configured, a
+  # default location is used. If the main user's personal Sieve (as configured
+  # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+  # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+  #sieve_user_log =
+
+  # Specifies what envelope sender address is used for redirected messages.
+  # The following values are supported for this setting:
+  #
+  #   "sender"         - The sender address is used (default).
+  #   "recipient"      - The final recipient address is used.
+  #   "orig_recipient" - The original recipient is used.
+  #   "user_email"     - The user's primary address is used. This is
+  #                      configured with the "sieve_user_email" setting. If
+  #                      that setting is unconfigured, "user_mail" is equal to
+  #                      "recipient".
+  #   "postmaster"     - The postmaster_address configured for the LDA.
+  #   "<user@domain>"  - Redirected messages are always sent from user@domain.
+  #                      The angle brackets are mandatory. The null "<>" address
+  #                      is also supported.
+  #
+  # This setting is ignored when the envelope sender is "<>". In that case the
+  # sender of the redirected message is also always "<>".
+  #sieve_redirect_envelope_from = sender
+
+  ## TRACE DEBUGGING
+  # Trace debugging provides detailed insight in the operations performed by
+  # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+  # IMAPSIEVE plugin. 
+  #
+  # WARNING: On a busy server, this functionality can quickly fill up the trace
+  # directory with a lot of trace files. Enable this only temporarily and as
+  # selective as possible.
+  
+  # The directory where trace files are written. Trace debugging is disabled if
+  # this setting is not configured or if the directory does not exist. If the 
+  # path is relative or it starts with "~/" it is interpreted relative to the
+  # current user's home directory.
+  #sieve_trace_dir =
+  
+  # The verbosity level of the trace messages. Trace debugging is disabled if
+  # this setting is not configured. Possible values are:
+  #
+  #   "actions"        - Only print executed action commands, like keep,
+  #                      fileinto, reject and redirect.
+  #   "commands"       - Print any executed command, excluding test commands.
+  #   "tests"          - Print all executed commands and performed tests.
+  #   "matching"       - Print all executed commands, performed tests and the
+  #                      values matched in those tests.
+  #sieve_trace_level =
+  
+  # Enables highly verbose debugging messages that are usually only useful for
+  # developers.
+  #sieve_trace_debug = no
+  
+  # Enables showing byte code addresses in the trace output, rather than only
+  # the source line numbers.
+  #sieve_trace_addresses = no 
+}
+

include/etc/dovecot/dovecot-acl

@@ -0,0 +1,7 @@
+INBOX.Archive owner lrwstipek
+INBOX.Drafts owner lrwstipek
+INBOX.Spam owner lrwstipek
+INBOX.Sent owner lrwstipek
+INBOX.Trash owner lrwstipek
+#* owner akxeilprwts
+

include/etc/dovecot/dovecot-ldap.conf.ext

@@ -0,0 +1,24 @@
+uris = ldap://openldap
+dn = cn=admin,dc=example,dc=org
+dnpass = admin
+
+debug_level = 0
+auth_bind = no
+
+ldap_version = 3
+base = dc=example,dc=org
+scope = subtree
+
+user_attrs = uid=user=%{ldap:uid}, memberUid=user=%{ldap:mail}, mail=home=/srv/mail/%{ldap:mail}, mail=mailHomeDirectory=maildir:~/mail:LAYOUT=fs, mailQuota=quota_rule=*:bytes=%$
+
+user_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)(cn=%u)))
+
+
+pass_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)))
+
+
+iterate_attrs = mail=user
+iterate_filter = (objectClass=PostfixBookMailAccount)
+
+
+

include/etc/dovecot/protocols.d/imap.protocol

@@ -0,0 +1,2 @@
+
+protocols = $protocols imap

include/etc/dovecot/protocols.d/lmtp.protocol

@@ -0,0 +1,2 @@
+
+protocols = $protocols lmtp

include/etc/dovecot/protocols.d/sieve.protocol

@@ -0,0 +1,2 @@
+
+protocols = $protocols sieve

include/etc/dovecot/sieve/00-fileto-spam.sieve

@@ -0,0 +1,11 @@
+require ["fileinto", "mailbox"];
+
+if exists "X-Spam-Flag" {
+if header :contains "X-Spam-Flag" "NO" {
+
+} else {
+fileinto :create "Spam";
+stop;
+}
+
+}

include/etc/logrotate.d/dovecot

@@ -0,0 +1,13 @@
+/var/log/dovecot.log 
+{
+    rotate 30
+    daily
+    missingok
+    notifempty
+    compress
+    delaycompress
+    create 0644 dovecot dovecot
+         postrotate
+             supervisorctl restart dovecot
+         endscript
+}

include/etc/logrotate.d/postfix

@@ -0,0 +1,13 @@
+/var/log/postfix.log
+{
+    rotate 30
+    daily
+    missingok
+    notifempty
+    compress
+    delaycompress
+    create 0644 postfix postfix
+        postrotate
+            supervisorctl restart postfix
+        endscript
+}

include/etc/logrotate.d/rsyslog

@@ -0,0 +1,28 @@
+/var/log/syslog
+/var/log/mail.info
+/var/log/mail.warn
+/var/log/mail.err
+/var/log/mail.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/auth.log
+/var/log/user.log
+/var/log/lpr.log
+/var/log/cron.log
+/var/log/debug
+/var/log/messages
+/var/log/lastlog
+/var/log/faillog
+{
+    rotate 30
+    daily
+    missingok
+    notifempty
+    compress
+    delaycompress
+    sharedscripts
+        postrotate
+            supervisorctl restart rsyslog
+            supervisorctl restart amavis
+        endscript
+}

include/etc/mail/postfixadmin/fetchmail.conf

@@ -0,0 +1,24 @@
+# database settings
+
+# database backend - uncomment one of these
+our $db_type = 'mysql';
+#my $db_type = 'mysql';
+
+# host name
+our $db_host="mysql";
+# database name
+our $db_name="roundcube";
+# database username
+our $db_username="roundcube";
+# database password
+our $db_password="roundcube";
+
+# Where to create a lockfile; please ensure path exists.
+our $run_dir="/var/lock/fetchmail";
+
+# in case you want to use dovecot deliver to put the mail directly into the users mailbox,
+# set "mda" in the fetchmail table to the keyword "dovecot".
+
+# Where the delivery binary is located
+$dovecot_deliver = "/usr/lib/dovecot/dovecot-lda";
+

include/etc/postfix-policyd-spf-python/policyd-spf.conf

@@ -0,0 +1,16 @@
+#  For a fully commented sample config file see policyd-spf.conf.commented
+# or https://manpages.debian.org/testing/postfix-policyd-spf-python/policyd-spf.conf.5.en.html
+
+debugLevel = 1 
+TestOnly = 1
+
+# Don't bounce mail (False). to bounce mail set to Fail
+HELO_reject = False
+Mail_From_reject = False
+
+PermError_reject = False
+TempError_Defer = False
+
+skip_addresses = 127.0.0.0/8,::ffff:127.0.0.0/104,::1
+
+

include/etc/postfix/header_checks_outbound

@@ -0,0 +1,14 @@
+#
+#  Header Checks for outbound E-Mail
+#
+# Checks for outbound mail
+#
+
+#
+# Remove spam headers as they are applicable for local users only.
+#
+/^X-Spam-Flag:/    IGNORE
+/^X-Spam-Score:/   IGNORE
+/^X-Spam-Level:/   IGNORE
+/^X-Spam-Status:/  IGNORE
+

include/etc/postfix/header_checks_privacy

@@ -0,0 +1,32 @@
+#
+#  Privacy Header Checks
+#
+
+#
+# Hide the software the sender is using
+#
+/^User-Agent:/  IGNORE
+
+#
+# Remove Date from header.
+# 
+# The date that the client users is often in their own timezone.
+# this is not desirable, so removing and having the server re-add
+# the date header, enables hiding the users timezone.
+#
+# NOTE: postfix requires the following settings:
+#  - always_add_missing_headers=yes
+#  - local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces
+#
+# These settings will add the date back to the E-Mail header using the servers timezone.
+#
+/^Date:/        IGNORE
+
+#
+# Remove the sender IP Address and Any hostname and replace with localhost
+#
+/^Received:\sfrom [^ ]+ \([^ ]+ \[[IPv0-9a-f:.]+\]\)(\s+.* \(server\) with .+)$/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$1
+
+
+
+

include/etc/postfix/ldap/smtpd_sender_login_maps

@@ -0,0 +1,16 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = ou=Users,dc=example,dc=org
+
+
+query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
+
+result_attribute = uid

include/etc/postfix/ldap/smtpd_sender_login_maps_groups

@@ -0,0 +1,17 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = ou=Groups,dc=example,dc=org
+
+
+query_filter = (&(objectClass=PostfixBookMailAccount)(objectClass=posixGroup)(|(mail=%s)(mailAlias=%s)))
+
+
+result_attribute = memberUid

include/etc/postfix/ldap/virtual_alias_domains

@@ -0,0 +1,17 @@
+server_host = ldap://172.20.0.4
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+
+search_base = ou=mail,dc=example,dc=org
+
+query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
+
+result_attribute = dc
+

include/etc/postfix/ldap/virtual_alias_maps

@@ -0,0 +1,18 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = dc=example,dc=org
+#scope = sub
+
+
+query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
+
+result_attribute = mail
+

include/etc/postfix/ldap/virtual_email_domains

@@ -0,0 +1,18 @@
+server_host = ldap://openldap
+start_tls = no
+version = 3
+#tls_ca_cert_file = /etc/ldap/tls/CA.pem
+#tls_require_cert = yes
+
+bind = yes
+bind_dn = cn=admin,dc=example,dc=org
+bind_pw = admin
+
+search_base = ou=mail,dc=example,dc=org
+scope = sub
+
+
+query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
+
+result_attribute = dc
+

include/etc/postfix/master.cf

@@ -0,0 +1,177 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+#smtp      inet  n       -       y       -       -       smtpd
+smtp      inet  n       -       y       -       1       postscreen
+smtpd     pass  -       -       y       -       -       smtpd
+  -o syslog_name=postfix/inbound
+  -o smtpd_tls_security_level=may
+
+#dnsblog   unix  -       -       y       -       0       dnsblog
+#tlsproxy  unix  -       -       y       -       0       tlsproxy
+submission inet n       -       y       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_tls_auth_only=yes
+  -o smtpd_sasl_type=dovecot
+  -o smtpd_sasl_path=private/dovecot/auth
+  -o smtpd_sasl_security_options=noanonymous
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps,ldap:/etc/postfix/ldap/smtpd_sender_login_maps_groups
+  -o smtpd_sender_restrictions=reject_sender_login_mismatch
+  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,check_policy_service,unix:private/quota,permit_sasl_authenticated,reject
+  -o cleanup_service_name=privacy
+  -o content_filter=amavis:[127.0.0.1]:10023
+
+amavis unix -      -       n     -       2  smtp
+  -o syslog_name=postfix/$service_name
+  -o smtp_data_done_timeout=1200
+  -o smtp_send_xforward_command=yes
+  -o disable_dns_lookups=yes
+  -o max_use=20
+  -o content_filter=
+
+127.0.0.1:10025 inet n  -       n     -       -  smtpd
+  -o syslog_name=amavis
+  -o content_filter=
+  -o local_recipient_maps=
+  -o relay_recipient_maps=
+  -o smtpd_restriction_classes=
+  -o smtpd_delay_reject=no
+  -o smtpd_client_restrictions=permit_mynetworks,reject
+  -o smtpd_helo_restrictions=
+  -o smtpd_sender_restrictions=
+  -o smtpd_recipient_restrictions=permit_mynetworks,reject
+  -o smtpd_data_restrictions=reject_unauth_pipelining
+  -o smtpd_end_of_data_restrictions=
+  -o mynetworks=127.0.0.0/8
+  -o smtpd_error_sleep_time=0
+  -o smtpd_soft_error_limit=1001
+  -o smtpd_hard_error_limit=1000
+  -o smtpd_client_connection_count_limit=0
+  -o smtpd_client_connection_rate_limit=0
+  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
+  -o content_filter=
+
+policyd-spf unix -     n       n       -       2       spawn
+  user=policyd-spf argv=/usr/bin/policyd-spf
+
+#spamassassin unix -     n       n       -       -       pipe 
+#  user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+
+#smtps     inet  n       -       y       -       -       smtpd
+#  -o syslog_name=postfix/smtps
+#  -o smtpd_tls_wrappermode=yes
+#  -o smtpd_sasl_auth_enable=yes
+#  -o smtpd_reject_unlisted_recipient=no
+#  -o smtpd_client_restrictions=$mua_client_restrictions
+#  -o smtpd_helo_restrictions=$mua_helo_restrictions
+#  -o smtpd_sender_restrictions=$mua_sender_restrictions
+#  -o smtpd_recipient_restrictions=
+#  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+#  -o milter_macro_daemon_name=ORIGINATING
+
+
+
+#628       inet  n       -       y       -       -       qmqpd
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+privacy   unix  n       -       n       -       0       cleanup
+  -o syslog_name=postfix/$service_name
+  -o header_checks=regexp:/etc/postfix/header_checks_privacy
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+
+smtp      unix  -       -       y       -       -       smtp
+  -o syslog_name=postfix/$service_name
+
+relay     unix  -       -       y       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix -       n       n       -       2       pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
+

include/etc/spamassassin/local.cf

@@ -0,0 +1,119 @@
+# This is the right place to customize your installation of SpamAssassin.
+#
+# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
+# tweaked.
+#
+# Only a small subset of options are listed below
+#
+###########################################################################
+
+#    A 'contact address' users should contact for more info. (replaces
+#    _CONTACTADDRESS_ in the report template)
+# report_contact youremailaddress@domain.tld
+
+
+#   Add *****SPAM***** to the Subject header of spam e-mails
+#
+# rewrite_header Subject *****SPAM*****
+
+
+#   Save spam messages as a message/rfc822 MIME attachment instead of
+#   modifying the original message (0: off, 2: use text/plain instead)
+#
+report_safe 2
+
+
+#   Set which networks or hosts are considered 'trusted' by your mail
+#   server (i.e. not spammers)
+#
+# trusted_networks 212.17.35.
+
+
+#   Set file-locking method (flock is not safe over NFS, but is faster)
+#
+# lock_method flock
+
+
+#   Set the threshold at which a message is considered spam (default: 5.0)
+#
+required_score 5.0
+
+
+#   Use Bayesian classifier (default: 1)
+#
+use_bayes 1
+
+
+#   Bayesian classifier auto-learning (default: 1)
+#
+bayes_auto_learn 1
+
+bayes_path /var/spool/spamassassin/bayes
+
+bayes_file_mode 775
+
+
+
+#   Set headers which may provide inappropriate cues to the Bayesian
+#   classifier
+#
+# bayes_ignore_header X-Bogosity
+# bayes_ignore_header X-Spam-Flag
+# bayes_ignore_header X-Spam-Status
+
+
+#   Whether to decode non- UTF-8 and non-ASCII textual parts and recode
+#   them to UTF-8 before the text is given over to rules processing.
+#
+# normalize_charset 1
+
+#   Textual body scan limit    (default: 50000)
+#
+#   Amount of data per email text/* mimepart, that will be run through body
+#   rules.  This enables safer and faster scanning of large messages,
+#   perhaps having very large textual attachments.  There should be no need
+#   to change this well tested default.
+#
+# body_part_scan_size 50000
+
+#   Textual rawbody data scan limit    (default: 500000)
+#
+#   Amount of data per email text/* mimepart, that will be run through
+#   rawbody rules.
+#
+# rawbody_part_scan_size 500000
+
+#   Some shortcircuiting, if the plugin is enabled
+# 
+ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
+#
+#   default: strongly-whitelisted mails are *really* whitelisted now, if the
+#   shortcircuiting plugin is active, causing early exit to save CPU load.
+#   Uncomment to turn this on
+#
+#   SpamAssassin tries hard not to launch DNS queries before priority -100. 
+#   If you want to shortcircuit without launching unneeded queries, make
+#   sure such rule priority is below -100. These examples are already:
+#
+# shortcircuit USER_IN_WHITELIST       on
+# shortcircuit USER_IN_DEF_WHITELIST   on
+# shortcircuit USER_IN_ALL_SPAM_TO     on
+# shortcircuit SUBJECT_IN_WHITELIST    on
+
+#   the opposite; blacklisted mails can also save CPU
+#
+# shortcircuit USER_IN_BLACKLIST       on
+# shortcircuit USER_IN_BLACKLIST_TO    on
+# shortcircuit SUBJECT_IN_BLACKLIST    on
+
+#   if you have taken the time to correctly specify your "trusted_networks",
+#   this is another good way to save CPU
+#
+# shortcircuit ALL_TRUSTED             on
+
+#   and a well-trained bayes DB can save running rules, too
+#
+# shortcircuit BAYES_99                spam
+# shortcircuit BAYES_00                ham
+
+endif # Mail::SpamAssassin::Plugin::Shortcircuit

include/etc/supervisor/conf.d/supervisord.conf

@@ -0,0 +1,77 @@
+[supervisord]
+#daemon=false
+nodaemon = true
+pidfile=/var/run/supervisord.pid
+
+[program:init]
+startsecs=0
+stopwaitsecs=55
+command=/docker-entrypoint.sh setup
+autorestart=false
+autostart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+
+[program:rsyslog]
+startsecs=0
+stopwaitsecs=55
+autostart=true
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/rsyslogd -n
+
+[program:cron]
+startsecs=0
+stopwaitsecs=55
+autostart=true
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/cron -f
+
+
+[program:amavis]
+startsecs=0
+stopwaitsecs=55
+autostart=false
+autorestart=true
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/usr/sbin/amavisd-new foreground
+
+
+[program:dovecot]
+startsecs=0
+stopwaitsecs=55
+command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
+autorestart=true
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+
+
+
+[program:postfix]
+startsecs=0
+stopwaitsecs=55
+#command=/usr/lib/postfix/sbin/master -vv -c /etc/postfix -d
+#command=postfix -vv -c /etc/postfix start-fg
+command=/bin/postfix.sh
+autorestart=true
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+
+
+
+
+
+[program:spamassassin]
+#directory=/etc/dovecot
+command=spamd --username debian-spamd --nouser-config --syslog stderr --pidfile /var/run/spamd.pid --helper-home-dir /var/lib/spamassassin --ip-address --allowed-ips 0.0.0.0/0
+autorestart=false
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+

mkdocs.yml

@@ -0,0 +1,33 @@
+INHERIT: website-template/mkdocs.yml
+
+docs_dir: 'docs'
+
+repo_name: Docker-Mail
+repo_url: https://gitlab.com/nofusscomputing/projects/docker-mail
+edit_uri: '/-/ide/project/nofusscomputing/projects/docker-mail/edit/development/-/docs/'
+
+nav:
+- Home: index.md
+
+- Articles: 
+
+  - articles/index.md
+
+- Projects: 
+
+  - projects/index.md
+
+  - Docker-Mail: 
+
+    - projects/docker-mail/index.md
+
+    - projects/docker-mail/dkim.md
+
+    - projects/docker-mail/spf.md
+
+- Operations: 
+
+  - operations/index.md
+
+- Contact Us: contact.md
+

requirements.txt

@@ -0,0 +1,2 @@
+pymdown-extensions==9.5
+Pygments==2.13.0

test/.env

@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=mail

test/config.inc.php

@@ -0,0 +1,36 @@
+<?php
+    $config['plugins'] = array(
+	'fetchmail',
+        'contextmenu'
+);
+    $config['log_driver'] = 'stdout';
+    $config['zipdownload_selection'] = true;
+    $config['des_key'] = '2A9UVzfF6nsNucrunVIQ+AL/';
+    include(__DIR__ . '/config.docker.inc.php');
+    $config['imap_conn_options'] = array(
+           'ssl'         => array(
+           'verify_peer'  => false,
+           'allow_self_signed' => true,
+           'peer_name'         => 'localhost',
+           )
+    );
+
+     $config['smtp_conn_options'] = array(
+            'ssl'         => array(
+            'verify_peer'  => false,
+           'allow_self_signed' => true,
+           'peer_name'         => 'localhost',
+     ),
+   );
+
+    $config['layout'] = 'list';
+
+     $config['managesieve_host'] = 'tls://mail';
+
+     $config['managesieve_conn_options'] = array(
+     'ssl'         => array(
+       'verify_peer'  => true,
+       'allow_self_signed' => true,
+       'peer_name'         => 'localhost',
+     ),
+   );

test/docker-compose.yml

@@ -0,0 +1,192 @@
+#
+# upgrade: docker-compose run --rm sentry upgrade
+#
+
+version: '2.2'
+services:
+
+  openldap:
+    image: osixia/openldap:1.5.0
+    container_name: openldap
+    domainname: "example.org" # important: same as hostname
+    hostname: "example.org"
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 100MB
+    environment:
+        LDAP_LOG_LEVEL: "256"
+        LDAP_ORGANISATION: "Example"
+        LDAP_DOMAIN: "example.org"
+        LDAP_BASE_DN: ""
+        LDAP_ADMIN_PASSWORD: "admin"
+        LDAP_CONFIG_PASSWORD: "config"
+        LDAP_READONLY_USER: "false"
+        LDAP_READONLY_USER_USERNAME: "readonly"
+        LDAP_READONLY_USER_PASSWORD: "readonly"
+        LDAP_RFC2307BIS_SCHEMA: "false"
+        LDAP_BACKEND: "mdb"
+        LDAP_TLS: "true"
+        LDAP_TLS_CRT_FILENAME: "ldap.crt"
+        LDAP_TLS_KEY_FILENAME: "ldap.key"
+        LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
+        LDAP_TLS_ENFORCE: "false"
+        LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
+        LDAP_TLS_PROTOCOL_MIN: "3.1"
+        LDAP_TLS_VERIFY_CLIENT: "demand"
+        LDAP_REPLICATION: "false"
+        #LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
+        #LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
+        #docker-compose.ymlLDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
+        KEEP_EXISTING_CONFIG: "false"
+        LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
+        LDAP_SSL_HELPER_PREFIX: "ldap"
+    tty: true
+    stdin_open: true
+    volumes:
+      - ldap_data:/var/lib/ldap
+      - ldap_config:/etc/ldap/slapd.d
+      - ldap_certs:/container/service/slapd/assets/certs/
+      - ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/
+    expose:
+      - 389
+      - 636
+    networks:
+      - default
+
+  phpldapadmin:
+    image: osixia/phpldapadmin:latest
+    container_name: phpldapadmin
+    depends_on:
+      - openldap
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 100MB
+    environment:
+      PHPLDAPADMIN_LDAP_HOSTS: openldap
+      PHPLDAPADMIN_HTTPS: "false"
+    ports:
+      - "127.0.0.1:8080:80"
+    networks:
+      - default
+
+
+  mail: 
+    image: test/mail:latest
+    container_name: mail
+    depends_on:
+      - openldap
+    links:
+      - mysql
+    build:
+      context: .
+      dockerfile: dockerfile
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 512MB
+    hostname: test.nodomain.org
+    volumes:
+      - mail_store:/srv/mail:rw
+      - mail_ssl:/certs
+      - sa_learn:/var/spool/spamassassin
+      - mail_backup:/backup
+      - mail_log:/var/log
+    ports:
+      # SMTP
+      - '25:25'
+      # IMAP
+      - "993:993"
+      # Submission
+      - "587:587"
+      # ManageSieve
+      - "4190:4190"
+    environment:
+      POST_MASTER_EMAIL: postmaster@example.org
+      USE_FETCHMAIL_PL: "true"
+    networks:
+      - default
+
+  mysql:
+    image: mysql:5.7
+    container_name: mysql
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 350MB
+    volumes:
+      - mysql_data:/var/lib/mysql
+    expose:
+      - 5432
+      - 3306
+    environment:
+      - MYSQL_ROOT_PASSWORD=admin
+      - MYSQL_DATABASE=roundcube
+      - MYSQL_USER=roundcube
+      - MYSQL_PASSWORD=roundcube
+
+  roundcube:
+    image: roundcube/roundcubemail:1.5.x-fpm-alpine
+    container_name: roundcube
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 100MB
+    depends_on:
+      - mysql
+      - mail
+    links:
+      - mysql
+    expose:
+      - 9000
+    volumes:
+      - roundcube_www:/var/www/html
+      - ./config.inc.php:/var/www/html/config/config.inc.php:ro
+    environment:
+      - ROUNDCUBEMAIL_DB_TYPE=mysql
+      - ROUNDCUBEMAIL_DB_HOST=mysql
+      - ROUNDCUBEMAIL_DB_NAME=roundcube
+      - ROUNDCUBEMAIL_DB_USER=roundcube
+      - ROUNDCUBEMAIL_DB_PASSWORD=roundcube
+      - ROUNDCUBEMAIL_SKIN=larry
+      - ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail
+      - ROUNDCUBEMAIL_SMTP_SERVER=tls://mail
+      - ROUNDCUBEMAIL_PLUGINS=acl,additional_message_headers,managesieve,show_additional_headers
+
+  nginx:
+    image: nginx:1.21-alpine
+    container_name: nginx
+    restart: unless-stopped
+    cpus: 2
+    mem_limit: 100MB
+    ports:
+      - 80:80
+      # If you need SSL connection
+      # - '443:443'
+    depends_on:
+      - roundcube
+    links:
+      - roundcube
+    volumes:
+      - roundcube_www:/var/www/html
+      - ./nginx/templates:/etc/nginx/templates
+      - ngnix_log:/var/log
+      # Provide a custom nginx conf
+      # - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
+      # If you need SSL connection, you can provide your own certificates
+      # - ./certs:/etc/letsencrypt
+      # - ./certs-data:/data/letsencrypt
+    environment:
+      - NGINX_HOST=localhost # set your local domain or your live domain
+      - NGINX_PHP_CGI=roundcube:9000 # same as roundcubemail container name
+
+volumes:
+  ldap_data:
+  ldap_config:
+  ldap_certs:
+  mail_store:
+  mail_ssl:
+  clamav_db:
+  sa_learn:
+  mail_backup:
+  mail_log:
+  mysql_data:
+  roundcube_www:
+  nginx_www:
+  ngnix_log:

test/ldif/example.org.ldif

@@ -0,0 +1,111 @@
+# LDIF Export for dc=example,dc=org
+# Server: openldap (openldap)
+# Search Scope: sub
+# Search Filter: (objectClass=*)
+# Total Entries: 8
+#
+# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on August 2, 2021 1:20 am
+# Version: 1.2.5
+
+version: 1
+
+
+# Entry 2: ou=Groups,dc=example,dc=org
+dn: ou=Groups,dc=example,dc=org
+objectclass: organizationalUnit
+objectclass: top
+ou: Groups
+
+# Entry 3: cn=posix group 1,ou=Groups,dc=example,dc=org
+dn: cn=posix group 1,ou=Groups,dc=example,dc=org
+cn: posix group 1
+gidnumber: 500
+memberuid: posix.user1
+memberuid: posix.user2
+objectclass: posixGroup
+objectclass: top
+
+# Entry 4: cn=posix group 2,ou=Groups,dc=example,dc=org
+dn: cn=posix group 2,ou=Groups,dc=example,dc=org
+cn: posix group 2
+gidnumber: 501
+memberuid: posix.user1
+objectclass: posixGroup
+objectclass: top
+
+# Entry 5: cn=posix group 3,ou=Groups,dc=example,dc=org
+dn: cn=posix group 3,ou=Groups,dc=example,dc=org
+cn: posix group 3
+gidnumber: 502
+memberuid: posix.user2
+objectclass: posixGroup
+objectclass: top
+
+# Entry 6: ou=Users,dc=example,dc=org
+dn: ou=Users,dc=example,dc=org
+objectclass: organizationalUnit
+objectclass: top
+ou: Users
+
+# Entry 7: cn=posix user1,ou=Users,dc=example,dc=org
+dn: cn=posix user1,ou=Users,dc=example,dc=org
+cn: posix user1
+gidnumber: 500
+givenname: posix
+homedirectory: /home/users/posix.user1
+mail: test@example.org
+mailalias: test1@example.org
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+objectclass: PostfixBookMailAccount
+sn: user1
+uid: posix.user1
+uidnumber: 1000
+userpassword: {MD5}fGoYCzaJagqMAnh+6vsOTA==
+
+
+
+# Entry 8: cn=posix user2,ou=Users,dc=example,dc=org
+dn: cn=posix user2,ou=Users,dc=example,dc=org
+cn: posix user2
+gidnumber: 500
+givenname: posix
+homedirectory: /home/users/posix.user2
+mail: posix.user2@example.org
+objectclass: inetOrgPerson
+objectclass: posixAccount
+objectclass: top
+sn: user2
+uid: posix.user2
+uidnumber: 1001
+userpassword: {MD5}bLdfZSqbUnmOts8iAQV8cw==
+
+
+
+
+
+# Entry 1: ou=mail,dc=example,dc=org
+dn: ou=mail,dc=example,dc=org
+objectclass: organizationalUnit
+objectclass: top
+ou: mail
+
+# Entry 2: dc=example.org,ou=mail,dc=example,dc=org
+dn: dc=example.org,ou=mail,dc=example,dc=org
+dc: example.org
+objectclass: dNSDomain
+objectclass: top
+
+
+# Entry 1: cn=support,ou=Groups,dc=example,dc=org
+dn: cn=support,ou=Groups,dc=example,dc=org
+cn: support
+gidnumber: 503
+mail: support@example.org
+memberuid: posix.user1
+objectclass: posixGroup
+objectclass: top
+objectclass: PostfixBookMailAccount
+
+

test/nginx/templates/default.conf.template

@@ -0,0 +1,18 @@
+server {
+    index index.php index.html;
+    server_name php-docker.local;
+    error_log  /var/log/nginx/error.log;
+    access_log /var/log/nginx/access-roundcube.log;
+    root /var/www/html;
+
+    location ~ \.php$ {
+        try_files $uri =404;
+        fastcgi_split_path_info ^(.+\.php)(/.+)$;
+        fastcgi_pass ${NGINX_PHP_CGI};
+        fastcgi_index index.php;
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+    }
+}
+