docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

build: Initial mail server docker image #6

Merged
jon_nfc merged 19 commits from 1-initial-container into development 2022-02-14 06:10:14 +00:00
Conversation 58 Commits 19 Files Changed 60 +1623
38 changed files with 1623 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit df8997f07d - Show all commits

106
dockerfile
View File

@ -10,13 +10,119 @@ RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends
ca-certificates \ ca-certificates \
supervisor supervisor
RUN curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg
RUN echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list
RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install \ RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install \
# System Apps # System Apps
cron \ cron \
rsyslog \ rsyslog \
logrotate \ logrotate \
# Dovecot
dovecot-core=2:2.3.18-4+debian11 \
dovecot-imapd=2:2.3.18-4+debian11 \
dovecot-lmtpd=2:2.3.18-4+debian11 \
dovecot-ldap=2:2.3.18-4+debian11 \
dovecot-sieve=2:2.3.18-4+debian11 \
dovecot-managesieved=2:2.3.18-4+debian11 \
# Postfix
postfix=3.5.6-1+b1 \
postfix-ldap=3.5.6-1+b1 \
libsasl2-modules \
sasl2-bin \
# Cleanup, remove cron jobs not required # Cleanup, remove cron jobs not required
RUN rm -f /etc/cron.d/e2scrub_all \ RUN rm -f /etc/cron.d/e2scrub_all \
&& rm -f /etc/cron.daily/apt-compat \ && rm -f /etc/cron.daily/apt-compat \
&& rm -f /etc/cron.daily/dpkg && rm -f /etc/cron.daily/dpkg
COPY include/ /
RUN chmod +x /docker-entrypoint.sh \
# Create vmail user for system
&& groupadd -g 5000 vmail \
&& useradd -g vmail -u 5000 vmail -d /var/vmail \
# create SSL directory for ssl certificates
&& mkdir -p /ssl \
# Dovecot related commands
&& mkdir -p /srv/mail \
&& chown vmail:vmail /srv/mail \
&& chmod 765 -R /srv/mail \
&& mkdir -p /ssl/dovecot \
&& chown dovecot:dovecot -R /etc/dovecot/ \
&& chgrp postfix -R /etc/dovecot/sieve/ \
&& chmod 0755 -R /etc/dovecot/sieve/ \
# ensure dovecot related scripts are executable
&& chmod +x /bin/quota-warning.sh \
&& chmod +x /bin/welcome-email.sh \
&& chmod 744 /etc/dovecot/dovecot-acl \
# Postfix related commands
&& usermod -a -G vmail postfix \
&& mkdir -p /ssl/postfix \
&& ln -s /etc/dovecot/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap-userdb.conf.ext \
# ensure postfix related scripts are executable
&& chmod +x /bin/postfix.sh \
# check if needed
&& mkdir -p /var/spool/postfix/private/dovecot \
&& chown postfix:postfix /var/spool/postfix/private/dovecot \
&& chown vmail:vmail /var/lib/dovecot \
# Setup data volumes
VOLUME /srv/mail /ssl /var/log
# Configure postfix
RUN postconf -e "maillog_file=/var/log/postfix.log" \
# Postfix to use dovecot LMTP
&& postconf -e "virtual_transport=lmtp:unix:private/lda" \
# # Only allow a user to send from email address' they own
# && postconf -e "smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps" \
# Only allow specified domains for usage
&& postconf -e "virtual_mailbox_domains=ldap:/etc/postfix/ldap/virtual_email_domains" \
# postfix user mapping
&& postconf -e "virtual_alias_maps=ldap:/etc/postfix/ldap/virtual_alias_maps" \
# by default encryption is optional
&& postconf -e "smtpd_tls_security_level=may" \
# log outbound tls connection information
&& postconf -e "smtpd_tls_loglevel=1" \
# try tls connection outbound
&& postconf -e "smtp_tls_security_level=may" \
# log inbound tls connection information
&& postconf -e "smtp_tls_loglevel=1" \
# Only authenticate over tls
&& postconf -e "smtpd_tls_auth_only=yes" \
# all smtpd actions need to be filtered
&& postconf -e "content_filter=amavis:[127.0.0.1]:10024" \
# not give away os, set clean banner
&& postconf -e "smtpd_banner=$myhostname ESMTP " \
# Dont give away that postfix is used
&& postconf -e "mail_name=server" \
# create privacy header check db
&& postmap /etc/postfix/header_checks_privacy \
# create clean header check db
&& postmap /etc/postfix/header_checks_outbound \
# Clean outbound headers
&& postconf -e "smtp_header_checks=regexp:/etc/postfix/header_checks_outbound" \
# Add To, From, Date and Message-id headers if missing
&& postconf -e "always_add_missing_headers=yes" \
# Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost
&& postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \
# check quota before delivery
&& postconf -e "smtpd_recipient_restrictions=check_policy_service=inet:localhost:12340" \
# set tls settings
&& postconf -e "smtpd_tls_cert_file=/ssl/postfix/cert.pem" \
&& postconf -e "smtpd_tls_key_file=/ssl/postfix/key.pem" \
&& postconf -e "smtpd_helo_required = yes" \
&& postconf -e "smtpd_delay_reject = yes" \
&& postconf -e "disable_vrfy_command = yes" \
# use secure protocols and cyphers
&& postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
&& postconf -e "smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
&& postconf -e "smtpd_tls_mandatory_ciphers=high" \
&& postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1"
EXPOSE 25 587 993 4190
ENTRYPOINT ["/docker-entrypoint.sh"]

14
include/bin/postfix.sh Normal file
View File

@ -0,0 +1,14 @@
#! /bin/bash
trap "service postfix stop" SIGINT
trap "service postfix stop" SIGTERM
trap "service postfix reload" SIGHUP
service postfix start
# wait until postfix is dead (triggered by trap)
while kill -0 "$(< /var/spool/postfix/pid/master.pid)"
do
sleep 5
done

20
include/bin/quota-warning.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
From: Postmaster <NO-REPLY@$(hostname -f)>
Subject: Mailbox Quota Warning
Hi,
Just wanted to let you know that Your mailbox is now $PERCENT% full.
Note: This is an automated message. Please do not respond to it.
TIP:
EOF

36
include/bin/welcome-email.sh Normal file
View File

@ -0,0 +1,36 @@
#!/bin/sh
set -e
USER=$1
cat << EOF | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
From: Postmaster <NO-REPLY@$(hostname -f)>
Subject: New User Welcome
Hi,
This E-Mail has been sent to inform you of some of the ins and outs of this E-Mail server.
Features available to you:
- IMAP Sieve
- Spam automatically sent to your spam folder
- Ability to share your E-mail folders with other users
Quota
=====
Your mailbox has a set quota that should be visible in your E-Mail client. A quota is the storage space that your E-Mails use. It is your responsability to keep you storage below your allocated quota, or you won't be able to send or receive E-Mails.
Spam
====
Spam is defined as unwanted messages, which sometimes contains malicious software. It's advised if you receive a message you think is spam, don't open it. Move it to your spam folder. Any spam that we detect, will automatically delivered to your spam folder. If we miss a spam messages, as stated earlier, please move it to your spam folder.
We have a learning bot that automagically uses your spam folder to learn why it is spam. After our AI learns, it will be better next time at catching the spam messages so you don't have to.
$(if [ "0$POST_MASTER_EMAIL" != "0" ]; then echo "If you have any concerns, please email the postmaster ($POST_MASTER_EMAIL)."; fi )
EOF

85
include/docker-entrypoint.sh Normal file
View File

@ -0,0 +1,85 @@
#!/bin/bash
set -e
if [ "0$POST_MASTER_EMAIL" != "0" ]; then export MAILTO="$POST_MASTER_EMAIL"; fi
# Populate this file so cron has access to env vars. thanks to https://stackoverflow.com/a/41938139
printenv | grep -v "no_proxy" > /etc/environment
# compile sieve scripts
for file in /etc/dovecot/sieve/*.sieve ;
do
sievec $file;
done
if [ "$1" == "setup" ]; then
postconf -e "myhostname = $(`echo hostname -f`)"
if [ ! -f /ssl/dovecot/key.pem ]; then
echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
openssl req -nodes -new -x509 -keyout /ssl/dovecot/key.pem -out /ssl/dovecot/cert.pem -subj '/CN=localhost'
fi
if [ ! -f /ssl/dovecot/dh.pem ]; then
echo "[Information] Creating DHPEM Key"
openssl dhparam -out /ssl/dovecot/dh.pem 4096
fi
echo "[Information] Start dovecot"
supervisorctl start dovecot
sed -i -r -e 's/^manpage_directory/#manpage_directory/' /etc/postfix/main.cf.proto
sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files
sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files.d/*
if [ ! -f /ssl/postfix/key.pem ]; then
echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
openssl req -nodes -new -x509 -keyout /ssl/postfix/key.pem -out /ssl/postfix/cert.pem -subj '/CN=localhost'
fi
echo "[Information] set postfix permissions"
postfix set-permissions create-missing
postmap /etc/postfix/header_checks_outbound
postmap /etc/postfix/header_checks_privacy
echo "[Information] start postfix"
# supervisorctl start amavis
supervisorctl start postfix
else
exec "$@"
fi

31
include/etc/dovecot/conf.d/10-auth.conf Normal file
View File

@ -0,0 +1,31 @@
##
## Authentication processes
##
#auth_verbose = yes
#auth_debug=yes
#disable_plaintext_auth = yes
#auth_mechanisms = plain login
auth_mechanisms = plain
mail_access_groups=vmail
mail_uid=vmail
mail_gid=vmail
auth_username_format = %Lu
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
}
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}

95
include/etc/dovecot/conf.d/10-logging.conf Normal file
View File

@ -0,0 +1,95 @@
##
## Log destination.
##
log_path=/var/log/dovecot.log
##
## Logging verbosity and debugging.
##
# Log filter is a space-separated list conditions. If any of the conditions
# match, the log filter matches (i.e. they're ORed together). Parenthesis
# are supported if multiple conditions need to be matched together.
#
# See https://doc.dovecot.org/configuration_manual/event_filter/ for details.
#
# For example: event=http_request_* AND category=error AND category=storage
#
# Filter to specify what debug logging to enable. This will eventually replace
# mail_debug and auth_debug settings.
#log_debug =
# Crash after logging a matching event. For example category=error will crash
# any time an error is logged, which can be useful for debugging.
#log_core_filter =
# Log unsuccessful authentication attempts and the reasons why they failed.
#auth_verbose = no
# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
#auth_verbose_passwords = no
# Even more verbose logging for debugging purposes. Shows for example SQL
# queries.
#auth_debug = no
# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Enabling this also enables auth_debug.
#auth_debug_passwords = no
# Enable mail process debugging. This can help you figure out why Dovecot
# isn't finding your mails.
#mail_debug = no
# Show protocol level SSL errors.
#verbose_ssl = no
# mail_log plugin provides more event logging for mail processes.
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
##
## Log formatting.
##
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "
# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
# Login log format. %s contains login_log_format_elements string, %$ contains
# the data we want to log.
#login_log_format = %$: %s
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
# possible variables you can use.
#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
# Format to use for logging mail deliveries:
# %$ - Delivery status message (e.g. "saved to INBOX")
# %m / %{msgid} - Message-ID
# %s / %{subject} - Subject
# %f / %{from} - From address
# %p / %{size} - Physical size
# %w / %{vsize} - Virtual size
# %e / %{from_envelope} - MAIL FROM envelope
# %{to_envelope} - RCPT TO envelope
# %{delivery_time} - How many milliseconds it took to deliver the mail
# %{session_time} - How long LMTP session took, not including delivery_time
# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
#deliver_log_format = msgid=%m: %$

13
include/etc/dovecot/conf.d/10-mail.conf Normal file
View File

@ -0,0 +1,13 @@
##
## Mailbox locations and namespaces
##
mail_home = /srv/mail/%u
mail_location = maildir:~/mail:LAYOUT=fs
mailbox_list_index = yes
mail_shared_explicit_inbox = yes

79
include/etc/dovecot/conf.d/10-master.conf Normal file
View File

@ -0,0 +1,79 @@
##
## Services
##
mail_plugins = $mail_plugins acl quota welcome
service auth {
unix_listener /var/spool/postfix/private/dovecot/auth {
#mode = 0660
mode=0777
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode=0777
}
}
service imap {
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
service_count = 1
process_min_avail = 1
}
#service imap-postlogin {
# all post-login scripts are executed via script-login binary
# executable = script-login -d /etc/dovecot/acl_groups.py
# the script process runs as the user specified here (v2.0.14+):
# user = $default_internal_user
# this UNIX socket listener must use the same name as given to imap executable
# unix_listener imap-postlogin {
# }
#}
service lmtp {
unix_listener /var/spool/postfix/private/lda {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service submission-login {
inet_listener submission {
#port = 587
}
}

17
include/etc/dovecot/conf.d/10-ssl.conf Normal file
View File

@ -0,0 +1,17 @@
##
## SSL settings
##
#verbose_ssl = yes
ssl = required
ssl_prefer_server_ciphers = yes
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </ssl/dovecot/dh.pem
ssl_cert = </ssl/dovecot/cert.pem
ssl_key = </ssl/dovecot/key.pem

49
include/etc/dovecot/conf.d/15-lda.conf Normal file
View File

@ -0,0 +1,49 @@
##
## LDA specific settings (also used by LMTP)
##
# Address to use when sending rejection mails.
# Default is postmaster@%d. %d expands to recipient domain.
#postmaster_address =
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
#hostname =
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
#quota_full_tempfail = no
# Binary to use for sending mails.
#sendmail_path = /usr/sbin/sendmail
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
#submission_host =
# Subject: header to use for rejection mails. You can use the same variables
# as for rejection_reason below.
#rejection_subject = Rejected: %s
# Human readable error message for rejection mails. You can use variables:
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
# Delimiter character between local-part and detail in email address.
#recipient_delimiter = +
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# A commonly used header for this is X-Original-To.
#lda_original_recipient_header =
# Should saving a mail to a nonexistent mailbox automatically create it?
lda_mailbox_autocreate = yes
# Should automatically created mailboxes be also automatically subscribed?
lda_mailbox_autosubscribe = yes
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}

75
include/etc/dovecot/conf.d/15-mailboxes.conf Normal file
View File

@ -0,0 +1,75 @@
##
## Mailbox definitions
##
namespace inbox {
prefix =
type = private
separator = /
inbox = yes
list = yes
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
autoexpunge = 60d
}
mailbox Trash {
auto = subscribe
autoexpunge = 120d
special_use = \Trash
}
mailbox virtual/All { # if you have a virtual "All messages" mailbox
auto = no
special_use = \All
}
# If you have a virtual "Flagged" mailbox:
#mailbox virtual/Flagged {
# special_use = \Flagged
# comment = All my flagged messages
#}
# If you have a virtual "Important" mailbox:
#mailbox virtual/Important {
# special_use = \Important
# comment = All my important messages
#}
}
# Shared mailbox
namespace {
type = shared
separator = /
prefix = shared/%%n@%%d/
location = maildir:%%h/mail:LAYOUT=fs:INDEXPVT=%h/mail/shared/%%n@%%d
subscriptions = no
list = children
}

22
include/etc/dovecot/conf.d/20-imap.conf Normal file
View File

@ -0,0 +1,22 @@
##
## IMAP specific settings
##
# If nothing happens for this long while client is IDLEing, move the connection
# to imap-hibernate process and close the old imap process. This saves memory,
# because connections use very little memory in imap-hibernate process. The
# downside is that recreating the imap process back uses some resources.
imap_hibernate_timeout = 5M
# Maximum IMAP command line length. Some clients generate very long command
# lines with huge mailboxes, so you may need to raise this if you get
# "Too long argument" or "IMAP command line too large" errors often.
#imap_max_line_length = 64k
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
mail_plugins = $mail_plugins imap_acl imap_quota
}

18
include/etc/dovecot/conf.d/20-lmtp.conf Normal file
View File

@ -0,0 +1,18 @@
##
## LMTP specific settings
##
# Verify quota before replying to RCPT TO. This adds a small overhead.
lmtp_rcpt_check_quota = yes
# Add "Received:" header to mails delivered.
#lmtp_add_received_header = no
protocol lmtp {
info_log_path = /var/log/dovecot-lmtp.log
# postmaster_address = postmaster@example.org
mail_plugins = $mail_plugins sieve
}

85
include/etc/dovecot/conf.d/20-managesieve.conf Normal file
View File

@ -0,0 +1,85 @@
##
## ManageSieve specific settings
##
# Uncomment to enable managesieve protocol:
#protocols = $protocols sieve
# Service definitions
service managesieve-login {
inet_listener sieve {
port = 4190
}
#inet_listener sieve_deprecated {
# port = 2000
#}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
service_count = 1
# Number of processes to always keep waiting for more connections.
process_min_avail = 1
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
service managesieve {
# Max. number of ManageSieve processes (connections)
process_limit = 100
}
# Service configuration
protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
# not involve overly long command lines, so this setting will not normally
# need adjustment
managesieve_max_line_length = 65536
# Maximum number of ManageSieve connections allowed for a user from each IP
# address.
# NOTE: The username is compared case-sensitively.
mail_max_userip_connections = 5
# Space separated list of plugins to load (none known to be useful so far).
# Do NOT try to load IMAP plugins here.
#mail_plugins =
# MANAGESIEVE logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
# %{put_count} - Number of scripts saved using PUTSCRIPT command
# %{get_bytes} - Number of bytes read using GETCRIPT command
# %{get_count} - Number of scripts read using GETSCRIPT command
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
managesieve_logout_format = bytes=%i/%o
# To fool ManageSieve clients that are focused on CMU's timesieved you can
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
# For example: 'Cyrus timsieved v2.2.13'
#managesieve_implementation_string = Dovecot Pigeonhole
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after login
# this may differ depending on the user).
#managesieve_sieve_capability =
#managesieve_notify_capability =
# The maximum number of compile errors that are returned to the client upon
# script upload or script verification.
#managesieve_max_compile_errors = 5
# Refer to 90-sieve.conf for script quota configuration and configuration of
# Sieve execution limits.
}

28
include/etc/dovecot/conf.d/90-acl.conf Normal file
View File

@ -0,0 +1,28 @@
##
## Mailbox access control lists.
##
# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
# You can also optionally give a global ACL directory path where ACLs are
# applied to all users' mailboxes. The global ACL directory contains
# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
# specifies how many seconds to wait between stat()ing dovecot-acl file
# to see if it changed.
plugin {
# Per-user ACL:
acl = vfile
# (if yes) Creates an issue where shared folders inbox folder is
# shown but clicking on the root folder, also displays the contents
# of the inbox.
#acl_defaults_from_inbox = yes
acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=60
}
plugin {
acl_shared_dict = file:/srv/mail/shared-mailboxes
}

21
include/etc/dovecot/conf.d/90-plugin.conf Normal file
View File

@ -0,0 +1,21 @@
##
## Plugin settings
##
plugin {
welcome_script = welcome %u
welcome_wait = no
}
service welcome {
executable = script /bin/welcome-email.sh
user = dovecot
unix_listener welcome {
user = dovecot
group = postfix
mode = 0766
}
}

85
include/etc/dovecot/conf.d/90-quota.conf Normal file
View File

@ -0,0 +1,85 @@
##
## Quota configuration.
##
# Note that you also have to enable quota plugin in mail_plugins setting.
# <doc/wiki/Quota.txt>
##
## Quota limits
##
plugin {
quota = maildir:User quota
quota_rule = *:storage=200M
quota_rule2 = Trash:storage=+50M
quota_grace = 10%%
quota_max_mail_size = 25M
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
plugin {
quota = maildir:Shared quota:ns=shared/
quota_rule = *:storage=200M
quota_max_mail_size = 25M
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
##
## Quota warnings
##
# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is executed, so put the highest limit first.
# The commands are executed via script service by connecting to the named
# UNIX socket (quota-warning below).
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
plugin {
quota_warning = storage=50%% quota-warning 50 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning2 = storage=90%% quota-warning 90 %u
quota_warning3 = storage=95%% quota-warning 95 %u
}
# Example quota-warning service. The unix listener's permissions should be
# set in a way that mail processes can connect to it. Below example assumes
# that mail processes run as vmail user. If you use mode=0666, all system users
# can generate quota warnings to anyone.
service quota-warning {
executable = script /bin/quota-warning.sh
# user = vmail
unix_listener quota-warning {
user = dovecot
group = vmail
mode = 0766
}
}
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}

45
include/etc/dovecot/conf.d/90-sieve-extprograms.conf Normal file
View File

@ -0,0 +1,45 @@
# Sieve Extprograms plugin configuration
# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
# sieve_extensions or sieve_global_extensions settings. Restricting these
# extensions to a global context using sieve_global_extensions is recommended.
plugin {
# The directory where the program sockets are located for the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each unix socket contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_socket_dir = sieve-pipe
#sieve_filter_socket_dir = sieve-filter
#sieve_execute_socket_dir = sieve-execute
# The directory where the scripts are located for direct execution by the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each script contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
}
# An example program service called 'do-something' to pipe messages to
#service do-something {
# Define the executed script as parameter to the sieve service
#executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
# Use some unprivileged user for executing the program
#user = dovenull
# The unix socket located in the sieve_pipe_socket_dir (as defined in the
# plugin {} section above)
#unix_listener sieve-pipe/do-something {
# LDA/LMTP must have access
# user = vmail
# mode = 0600
#}
#}

210
include/etc/dovecot/conf.d/90-sieve.conf Normal file
View File

@ -0,0 +1,210 @@
##
## Settings for the Sieve interpreter
##
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
# by adding it to the respective mail_plugins= settings.
# The Sieve interpreter can retrieve Sieve scripts from several types of
# locations. The default `file' location type is a local filesystem path
# pointing to a Sieve script file or a directory containing multiple Sieve
# script files. More complex setups can use other location types such as
# `ldap' or `dict' to fetch Sieve scripts from remote databases.
#
# All settings that specify the location of one ore more Sieve scripts accept
# the following syntax:
#
# location = [<type>:]path[;<option>[=<value>][;...]]
#
# If the type prefix is omitted, the script location type is 'file' and the
# location is interpreted as a local filesystem path pointing to a Sieve script
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
# information.
plugin {
# The location of the user's main Sieve script or script storage. The LDA
# Sieve plugin uses this to find the active script for Sieve filtering at
# delivery. The "include" extension uses this location for retrieving
# :personal" scripts. This is also where the ManageSieve service will store
# the user's scripts, if supported.
#
# Currently only the 'file:' location type supports ManageSieve operation.
# Other location types like 'dict:' and 'ldap:' can currently only
# be used as a read-only script source ().
#
# For the 'file:' type: use the ';active=' parameter to specify where the
# active script symlink is located.
# For other types: use the ';name=' parameter to specify the name of the
# default/active script.
sieve = file:~/sieve;active=~/.dovecot.sieve
# The default Sieve script when the user has none. This is the location of a
# global sieve script file, which gets executed ONLY if user's personal Sieve
# script doesn't exist. Be sure to pre-compile this script manually using the
# sievec command line tool if the binary is not stored in a global location.
# --> See sieve_before for executing scripts before the user's personal
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
# The name by which the default Sieve script (as configured by the
# sieve_default setting) is visible to the user through ManageSieve.
#sieve_default_name =
# Location for ":global" include scripts as used by the "include" extension.
#sieve_global_path =
# The location of a Sieve script that is run for any message that is about to
# be discarded; i.e., it is not delivered anywhere by the normal Sieve
# execution. This only happens when the "implicit keep" is canceled, by e.g.
# the "discard" action, and no actions that deliver the message are executed.
# This "discard script" can prevent discarding the message, by executing
# alternative actions. If the discard script does nothing, the message is
# still discarded as it would be when no discard script is configured.
#sieve_discard =
# Location Sieve of scripts that need to be executed before the user's
# personal script. If a 'file' location path points to a directory, all the
# Sieve scripts contained therein (with the proper `.sieve' extension) are
# executed. The order of execution within that directory is determined by the
# file names, using a normal 8bit per-character comparison.
#
# Multiple script locations can be specified by appending an increasing number
# to the setting name. The Sieve scripts found from these locations are added
# to the script execution sequence in the specified order. Reading the
# numbered sieve_before settings stops at the first missing setting, so no
# numbers may be skipped.
#sieve_before = /var/lib/dovecot/sieve.d/
#sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
#sieve_before3 = (etc...)
sieve_before = /etc/dovecot/sieve
# Identical to sieve_before, only the specified scripts are executed after the
# user's script (only when keep is still in effect!). Multiple script
# locations can be specified by appending an increasing number.
#sieve_after =
#sieve_after2 =
#sieve_after2 = (etc...)
# Which Sieve language extensions are available to users. By default, all
# supported extensions are available, except for deprecated extensions or
# those that are still under development. Some system administrators may want
# to disable certain Sieve extensions or enable those that are not available
# by default. This setting can use '+' and '-' to specify differences relative
# to the default. For example `sieve_extensions = +imapflags' will enable the
# deprecated imapflags extension in addition to all extensions were already
# enabled by default.
#sieve_extensions = +notify +imapflags
sieve_extensions=-vacation, -enotify, -editheader, imap4flags
# Which Sieve language extensions are ONLY available in global scripts. This
# can be used to restrict the use of certain Sieve extensions to administrator
# control, for instance when these extensions can cause security concerns.
# This setting has higher precedence than the `sieve_extensions' setting
# (above), meaning that the extensions enabled with this setting are never
# available to the user's personal script no matter what is specified for the
# `sieve_extensions' setting. The syntax of this setting is similar to the
# `sieve_extensions' setting, with the difference that extensions are
# enabled or disabled for exclusive use in global scripts. Currently, no
# extensions are marked as such by default.
#sieve_global_extensions =
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
# setting, the used plugins can be specified. Check the Dovecot wiki
# (wiki2.dovecot.org) or the pigeonhole website
# (http://pigeonhole.dovecot.org) for available plugins.
# The sieve_extprograms plugin is included in this release.
#sieve_plugins =
sieve_plugins = sieve_extprograms
# The maximum size of a Sieve script. The compiler will refuse to compile any
# script larger than this limit. If set to 0, no limit on the script size is
# enforced.
#sieve_max_script_size = 1M
# The maximum number of actions that can be performed during a single script
# execution. If set to 0, no limit on the total number of actions is enforced.
#sieve_max_actions = 32
# The maximum number of redirect actions that can be performed during a single
# script execution. If set to 0, no redirect actions are allowed.
#sieve_max_redirects = 4
# The maximum number of personal Sieve scripts a single user can have. If set
# to 0, no limit on the number of scripts is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_scripts = 0
# The maximum amount of disk storage a single user's scripts may occupy. If
# set to 0, no limit on the used amount of disk storage is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_storage = 0
# The primary e-mail address for the user. This is used as a default when no
# other appropriate address is available for sending messages. If this setting
# is not configured, either the postmaster or null "<>" address is used as a
# sender, depending on the action involved. This setting is important when
# there is no message envelope to extract addresses from, such as when the
# script is executed in IMAP.
#sieve_user_email =
# The path to the file where the user log is written. If not configured, a
# default location is used. If the main user's personal Sieve (as configured
# with sieve=) is a file, the logfile is set to <filename>.log by default. If
# it is not a file, the default user log file is ~/.dovecot.sieve.log.
#sieve_user_log =
# Specifies what envelope sender address is used for redirected messages.
# The following values are supported for this setting:
#
# "sender" - The sender address is used (default).
# "recipient" - The final recipient address is used.
# "orig_recipient" - The original recipient is used.
# "user_email" - The user's primary address is used. This is
# configured with the "sieve_user_email" setting. If
# that setting is unconfigured, "user_mail" is equal to
# "recipient".
# "postmaster" - The postmaster_address configured for the LDA.
# "<user@domain>" - Redirected messages are always sent from user@domain.
# The angle brackets are mandatory. The null "<>" address
# is also supported.
#
# This setting is ignored when the envelope sender is "<>". In that case the
# sender of the redirected message is also always "<>".
#sieve_redirect_envelope_from = sender
## TRACE DEBUGGING
# Trace debugging provides detailed insight in the operations performed by
# the Sieve script. These settings apply to both the LDA Sieve plugin and the
# IMAPSIEVE plugin.
#
# WARNING: On a busy server, this functionality can quickly fill up the trace
# directory with a lot of trace files. Enable this only temporarily and as
# selective as possible.
# The directory where trace files are written. Trace debugging is disabled if
# this setting is not configured or if the directory does not exist. If the
# path is relative or it starts with "~/" it is interpreted relative to the
# current user's home directory.
#sieve_trace_dir =
# The verbosity level of the trace messages. Trace debugging is disabled if
# this setting is not configured. Possible values are:
#
# "actions" - Only print executed action commands, like keep,
# fileinto, reject and redirect.
# "commands" - Print any executed command, excluding test commands.
# "tests" - Print all executed commands and performed tests.
# "matching" - Print all executed commands, performed tests and the
# values matched in those tests.
#sieve_trace_level =
# Enables highly verbose debugging messages that are usually only useful for
# developers.
#sieve_trace_debug = no
# Enables showing byte code addresses in the trace output, rather than only
# the source line numbers.
#sieve_trace_addresses = no
}

7
include/etc/dovecot/dovecot-acl Normal file
View File

@ -0,0 +1,7 @@
INBOX.Archive owner lrwstipek
INBOX.Drafts owner lrwstipek
INBOX.Spam owner lrwstipek
INBOX.Sent owner lrwstipek
INBOX.Trash owner lrwstipek
#* owner akxeilprwts

24
include/etc/dovecot/dovecot-ldap.conf.ext Normal file
View File

@ -0,0 +1,24 @@
uris = ldap://openldap
dn = cn=admin,dc=example,dc=org
dnpass = admin
debug_level = 0
auth_bind = no
ldap_version = 3
base = dc=example,dc=org
scope = subtree
user_attrs = uid=user=%{ldap:uid}, memberUid=user=%{ldap:mail}, mail=home=/srv/mail/%{ldap:mail}, mail=mailHomeDirectory=maildir:~/mail:LAYOUT=fs, mailQuota=quota_rule=*:bytes=%$
user_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)(cn=%u)))
pass_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)))
iterate_attrs = mail=user
iterate_filter = (objectClass=PostfixBookMailAccount)

2
include/etc/dovecot/protocols.d/imap.protocol Normal file
View File

@ -0,0 +1,2 @@
protocols = $protocols imap

2
include/etc/dovecot/protocols.d/lmtp.protocol Normal file
View File

@ -0,0 +1,2 @@
protocols = $protocols lmtp

2
include/etc/dovecot/protocols.d/sieve.protocol Normal file
View File

@ -0,0 +1,2 @@
protocols = $protocols sieve

11
include/etc/dovecot/sieve/00-fileto-spam.sieve Normal file
View File

@ -0,0 +1,11 @@
require ["fileinto", "mailbox"];
if exists "X-Spam-Flag" {
if header :contains "X-Spam-Flag" "NO" {
} else {
fileinto :create "Spam";
stop;
}
}

14
include/etc/logrotate.d/dovecot Normal file
View File

@ -0,0 +1,14 @@
/var/log/dovecot.log
{
rotate 30
daily
missingok
notifempty
compress
delaycompress
extension log
create 0644 dovecot dovecot
postrotate
supervisorctl restart dovecot
endscript
}

14
include/etc/logrotate.d/postfix Normal file
View File

@ -0,0 +1,14 @@
/var/log/postfix.log
{
rotate 30
daily
missingok
notifempty
compress
delaycompress
extension log
create 0644 postfix postfix
postrotate
supervisorctl restart postfix
endscript
}

5
include/etc/logrotate.d/rsyslog
View File

@ -1,4 +1,8 @@
/var/log/syslog /var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log /var/log/daemon.log
/var/log/kern.log /var/log/kern.log
/var/log/auth.log /var/log/auth.log
@ -19,5 +23,6 @@
sharedscripts sharedscripts
postrotate postrotate
supervisorctl restart rsyslog supervisorctl restart rsyslog
supervisorctl restart amavis
endscript endscript
} }

14
include/etc/postfix/header_checks_outbound Normal file
View File

@ -0,0 +1,14 @@
#
# Header Checks for outbound E-Mail
#
# Checks for outbound mail
#
#
# Remove spam headers as they are applicable for local users only.
#
/^X-Spam-Flag:/ IGNORE
/^X-Spam-Score:/ IGNORE
/^X-Spam-Level:/ IGNORE
/^X-Spam-Status:/ IGNORE

32
include/etc/postfix/header_checks_privacy Normal file
View File

@ -0,0 +1,32 @@
#
# Privacy Header Checks
#
#
# Hide the software the sender is using
#
/^User-Agent:/ IGNORE
#
# Remove Date from header.
#
# The date that the client users is often in their own timezone.
# this is not desirable, so removing and having the server re-add
# the date header, enables hiding the users timezone.
#
# NOTE: postfix requires the following settings:
# - always_add_missing_headers=yes
# - local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces
#
# These settings will add the date back to the E-Mail header using the servers timezone.
#
/^Date:/ IGNORE
#
# Remove the sender IP Address and Any hostname and replace with localhost
#
/^Received:\sfrom [^ ]+ \([^ ]+ \[[IPv0-9a-f:.]+\]\)(\s+.* \(server\) with .+)$/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$1

16
include/etc/postfix/ldap/smtpd_sender_login_maps Normal file
View File

@ -0,0 +1,16 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=Users,dc=example,dc=org
query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
result_attribute = uid

17
include/etc/postfix/ldap/smtpd_sender_login_maps_groups Normal file
View File

@ -0,0 +1,17 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=Groups,dc=example,dc=org
query_filter = (&(objectClass=PostfixBookMailAccount)(objectClass=posixGroup)(|(mail=%s)(mailAlias=%s)))
result_attribute = memberUid

17
include/etc/postfix/ldap/virtual_alias_domains Normal file
View File

@ -0,0 +1,17 @@
server_host = ldap://172.20.0.4
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=mail,dc=example,dc=org
query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
result_attribute = dc

18
include/etc/postfix/ldap/virtual_alias_maps Normal file
View File

@ -0,0 +1,18 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = dc=example,dc=org
#scope = sub
query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
result_attribute = mail

18
include/etc/postfix/ldap/virtual_email_domains Normal file
View File

@ -0,0 +1,18 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=mail,dc=example,dc=org
scope = sub
query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
result_attribute = dc

175
include/etc/postfix/master.cf Normal file
View File

@ -0,0 +1,175 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
#smtp inet n - y - - smtpd
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
-o syslog_name=postfix/inbound
-o smtpd_tls_security_level=may
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,permit_auth_destination,reject
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/dovecot/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps,ldap:/etc/postfix/ldap/smtpd_sender_login_maps_groups
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o cleanup_service_name=privacy
amavis unix - - n - 2 smtp
-o syslog_name=postfix/$service_name
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o content_filter=
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=amavis
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-o content_filter=
#spamassassin unix - n n - - pipe
# user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
privacy unix n - n - 0 cleanup
-o syslog_name=postfix/$service_name
-o header_checks=regexp:/etc/postfix/header_checks_privacy
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
-o syslog_name=postfix/$service_name
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

33
include/etc/supervisor/conf.d/supervisord.conf
View File

@ -3,6 +3,14 @@
nodaemon = true nodaemon = true
pidfile=/var/run/supervisord.pid pidfile=/var/run/supervisord.pid
[program:init]
startsecs=0
stopwaitsecs=55
command=/docker-entrypoint.sh setup
autorestart=false
autostart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
[program:rsyslog] [program:rsyslog]
startsecs=0 startsecs=0
@ -21,3 +29,28 @@ autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/cron -f command=/usr/sbin/cron -f
[program:dovecot]
startsecs=0
stopwaitsecs=55
command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
autorestart=true
autostart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
[program:postfix]
startsecs=0
stopwaitsecs=55
#command=/usr/lib/postfix/sbin/master -vv -c /etc/postfix -d
#command=postfix -vv -c /etc/postfix start-fg
command=/bin/postfix.sh
autorestart=true
autostart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log