docker/docker-mail
1
0
Fork 0
Code Issues 4 Pull Requests Actions Projects Releases 6 Wiki Activity

build: Initial mail server docker image #6

Merged
jon_nfc merged 19 commits from 1-initial-container into development 2022-02-14 06:10:14 +00:00
Conversation 58 Commits 19 Files Changed 60 +2643 -10
60 changed files with 2643 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
.gitlab-ci.yml
View File

@ -13,7 +13,7 @@ variables:
include: include:
- project: nofusscomputing/projects/gitlab-ci - project: nofusscomputing/projects/gitlab-ci
ref: ce1cc017e26ff7f6cee586cc7d98e4d292275672 ref: 36ce0b0b76e6769c7a2e0d4ea0f3fcd2cc2d6bb1
file: file:
- conventional_commits/.gitlab-ci.yml - conventional_commits/.gitlab-ci.yml
- validation/.gitlab-ci.yml - validation/.gitlab-ci.yml
@ -27,12 +27,90 @@ Markdown Linting:
extends: extends:
- .Lint_Markdown - .Lint_Markdown
Docker Container:
stage: build
image: docker:latest
services:
- docker:19.03.12-dind
before_script:
- docker info
# - docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- apk update
- apk add --update --no-cache python3 git && ln -sf python3 /usr/bin/python
- python3 -m ensurepip
- pip3 install -r gitlab-ci/gitlab_release/requirements.txt
- pip3 install gitlab-ci/gitlab_release/python-module/cz_nfc/.
script: |
docker build . \
--label org.opencontainers.image.created="$(date '+%Y-%m-%d %H:%M:%S%:z')" \
--label org.opencontainers.image.documentation="$CI_PROJECT_URL/pages" \
--label org.opencontainers.image.source="$CI_PROJECT_URL" \
--label org.opencontainers.image.url="$CI_PROJECT_URL/-/releases/v$(cz -n cz_nfc version --project)" \
--label org.opencontainers.image.version="$(cz -n cz_nfc version --project)" \
--label org.opencontainers.image.revision="$CI_COMMIT_SHA" \
--no-cache \
--tag $CI_REGISTRY_IMAGE/docker-mail:$CI_COMMIT_SHA;
docker image inspect $CI_REGISTRY_IMAGE/docker-mail:$CI_COMMIT_SHA;
docker push $CI_REGISTRY_IMAGE/docker-mail:$CI_COMMIT_SHA;
# after_script:
# - docker push $CI_REGISTRY_IMAGE/docker-mail:$CI_COMMIT_SHA
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
when: never
- if: $CI_COMMIT_TAG
when: on_success
- if: '$CI_COMMIT_BRANCH != "master"'
when: manual
- when: never
Gitlab Release: Gitlab Release:
extends: extends:
- .gitlab_release - .gitlab_release
Docker Hub:
stage: publish
image: docker:latest
services:
- docker:19.03.12-dind
before_script:
- export
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
- docker pull $CI_REGISTRY_IMAGE/docker-mail:$CI_COMMIT_SHA
- docker logout $CI_REGISTRY
script:
# - Release_TAG=$(cat $CI_PROJECT_DIR/dist/version)
- docker login docker.io -u $NFC_DOCKERHUB_USERNAME -p $NFC_DOCKERHUB_TOKEN
# - if [ "m$(echo $CI_BUILD_REF_NAME | grep rc)" == "m$CI_BUILD_REF_NAME" ]; then Branch_TAG=dev; else Branch_TAG=stable; fi
- echo Branch tag is $Branch_TAG
- docker image ls
- docker image tag $CI_REGISTRY_IMAGE/docker-mail:$CI_COMMIT_SHA nofusscomputing/docker-mail:$CI_COMMIT_TAG
- docker image ls
- docker push nofusscomputing/docker-mail:$CI_COMMIT_TAG
rules:
- if: $CI_COMMIT_TAG
when: on_success
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: never
needs: [ "Docker Container" ]
environment:
name: DockerHub
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
when: never
- if: $CI_COMMIT_TAG
when: on_success
- when: never
Github (Push --mirror): Github (Push --mirror):
variables: variables:
GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/docker-mail.git" GIT_SYNC_URL: "https://$GITHUB_USERNAME_ROBOT:$GITHUB_TOKEN_ROBOT@github.com/NoFussComputing/docker-mail.git"

2
.gitmodules vendored
View File

@ -1,4 +1,4 @@
[submodule "gitlab-ci"] [submodule "gitlab-ci"]
path = gitlab-ci path = gitlab-ci
url = https://gitlab.com/nofusscomputing/projects/gitlab-ci.git url = https://gitlab.com/nofusscomputing/projects/gitlab-ci.git
branch = master branch = development

19
.markdownlint.json Normal file
View File

@ -0,0 +1,19 @@
{
"line-length": false,
"MD007": {
"indent": 4
},
"MD033": {
"allowed_elements": [ "div", "s", "span", "u", "p", "br" ]
},
"blanks-around-headings":{
"lines_above": 2,
"lines_below": 1
},
"MD012": {
"maximum": 2
},
"comment": {
"MD012": "MD012 max=2 added so that headings can have two lines above for clarity."
}
}

7
.vscode/extensions.json vendored Normal file
View File

@ -0,0 +1,7 @@
{
"recommendations": [
"davidanson.vscode-markdownlint",
"gitlab.gitlab-workflow",
"ms-azuretools.vscode-docker"
]
}

71
README.md
View File

@ -1,8 +1,6 @@
# README.md
<div align="center" width="100%"> <div align="center" width="100%">
# No Fuss Computing - Docker Mail Server # No Fuss Computing - Docker Mail Server
<br> <br>
@ -22,13 +20,13 @@ This project is hosted on [Gitlab](https://gitlab.com/nofusscomputing/projects/d
---- ----
**Stable Branch** .**Stable Branch**
![Gitlab build status - stable](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Dmaster&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fmaster%2F.cz.yaml) ![Gitlab build status - stable](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Dmaster&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fmaster%2F.cz.yaml)
---- ----
**Development Branch** .**Development Branch**
![Gitlab build status - development](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Ddevelopment&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fdevelopment%2F.cz.yaml) ![Gitlab build status - development](https://img.shields.io/badge/dynamic/json?color=ff782e&label=Build&query=0.status&url=https%3A%2F%2Fgitlab.com%2Fapi%2Fv4%2Fprojects%2F33611657%2Fpipelines%3Fref%3Ddevelopment&logo=gitlab&style=plastic) ![branch release version](https://img.shields.io/badge/dynamic/yaml?color=ff782e&logo=gitlab&style=plastic&label=Release&query=%24.commitizen.version&url=https%3A%2F%2Fgitlab.com%2Fnofusscomputing%2Fprojects%2Fdocker-mail%2F-%2Fraw%2Fdevelopment%2F.cz.yaml)
@ -45,3 +43,66 @@ links:
- [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests) - [Merge Requests (Pull Requests)](https://gitlab.com/nofusscomputing/projects/docker-mail/-/merge_requests)
## Features
This docker container is intended to be a fully fledged E-Mail Server. Dovecot acts as the IMAP Server and Local Delivery agent. Postfix is intended to be the MTA utilising Dovecot's LMTP service for local delivery. User management is via LDAP and a working directory server is required to use this image.
- Mail Server - _Dovecot_
- IMAP Server on tcp/993
- Acts as Local Delivery Agent (LDA) via LMTP
- Group E-Mail Boxes
- Mail Aliasing. _(User can have multiple E-Mail Addresses)_
- Ability to Share Mailboxes
- redirection of spam to Spam folder
- manage sieve server
- New user welcome email
- SMTP Server _Postfix_
- Acts as Mail Transfer Agent (MTA)
- filters file extensions
- [Remove/cleans headers](https://gitlab.com/nofusscomputing/projects/docker-mail/-/blob/master/include/etc/postfix/header_checks_privacy) that contain potentially sensitive information
- Spam filtering
- General Features:
- Automatic Backups of container data
- rotation of old logs
- All Data exposed as separate docker volumes so you don't loose data
## Using this container
Currently this container is **not ready for production.**
### Useful Commands
Share a Mailbox
``` bash
doveadm acl add -u {user_name_sharing} INBOX user={user to share with} lookup read write write-seen write-deleted insert post expunge create delete admin
```
or you can use the provided helper script `group-mailbox.sh {user_name_sharing} {user to share with}`. This command will share the all of the default folders _Archives, Drafts, Inbox, Sent, Spam and Trash_.
| :alert: NOTE!! |
|:----|
| `{user_name_sharing}` must be specified as a full E-Mail address. <br> `{user to share with}` must be specified as the user name only (without the `@domainname.tld`)|

197
dockerfile Normal file
View File

@ -0,0 +1,197 @@
FROM debian:bullseye-slim
LABEL \
#org.opencontainers.image.created="" \ # set during build with $(date --rfc-3339=seconds) \
org.opencontainers.image.authors="No Fuss Computing" \
#org.opencontainers.image.url="" # $CI_PROJECT_URL/-/releases/$CI_COMMIT_TAG set during build from url\
#org.opencontainers.image.documentation="" # $CI_PROJECT_URL/pages Set URL during build \
#org.opencontainers.image.source="" # $CI_PROJECT_URL Set URL during build \
#org.opencontainers.image.version="" \ # $(cz -n cz_nfc version --project) ) Set during build from .cz.yml
#org.opencontainers.image.revision="" # $CI_COMMIT_SHA set during build from git commit \
org.opencontainers.image.vendor="No Fuss Computing" \
#License(s) under which contained software is distributed as an SPDX License Expression.
org.opencontainers.image.licenses="" \
org.opencontainers.image.title="No Fuss Computings docker mail server" \
org.opencontainers.image.description="A Complete mailserver in a container"
# Install dependencies
RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install \
curl \
gpg \
gpg-agent \
apt-transport-https \
ca-certificates \
supervisor
RUN curl https://repo.dovecot.org/DOVECOT-REPO-GPG | gpg --import && \
gpg --export ED409DA1 > /etc/apt/trusted.gpg.d/dovecot.gpg
RUN echo "deb https://repo.dovecot.org/ce-2.3-latest/debian/bullseye bullseye main" > /etc/apt/sources.list.d/dovecot.list
RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install \
# System Apps
cron \
rsyslog \
logrotate \
# Dovecot
dovecot-core=2:2.3.18-4+debian11 \
dovecot-imapd=2:2.3.18-4+debian11 \
dovecot-lmtpd=2:2.3.18-4+debian11 \
dovecot-ldap=2:2.3.18-4+debian11 \
dovecot-sieve=2:2.3.18-4+debian11 \
dovecot-managesieved=2:2.3.18-4+debian11 \
# Postfix
postfix=3.5.6-1+b1 \
postfix-ldap=3.5.6-1+b1 \
libsasl2-modules \
sasl2-bin \
# Amavis
amavisd-new=1:2.11.1-5 \
spamassassin=3.4.6-1 \
spamc=3.4.6-1 \
# Amavis decoders
arj bzip2 cabextract cpio file gzip nomarch pax unzip zip xzdec lrzip lzop rpm2cpio unrar-free p7zip-full lz4 \
# clamav=0.103.5+dfsg-0+deb11u1 \
# clamav-daemon=0.103.5+dfsg-0+deb11u1 \
libmailtools-perl=2.21-1 \
fam=2.7.0-17.3 \
libnet-dns-perl=1.29-1 \
# Fetchmail
fetchmail=6.4.16-4+deb11u1 \
# Perl Modules for fetchmail.pl
# DBI
libdbix-easy-perl \
# LockFile::Simple
liblockfile-simple-perl \
# DBD::mysql
libclass-dbi-mysql-perl \
# Sys::Syslog
liblogger-syslog-perl \
# LockFile::Simple
libio-lockedfile-perl
# Cleanup, remove cron jobs not required
RUN rm -f /etc/cron.d/e2scrub_all \
&& rm -f /etc/cron.daily/apt-compat \
&& rm -f /etc/cron.daily/dpkg
COPY include/ /
RUN chmod +x /docker-entrypoint.sh \
# Create vmail user for system
&& groupadd -g 5000 vmail \
&& useradd -g vmail -u 5000 vmail -d /var/vmail \
# Ensure Backup directory is created
&& mkdir /backup \
&& chown root:root /backup \
&& chmod 700 /backup \
# create SSL directory for ssl certificates
&& mkdir -p /ssl \
# Ensure scripts are executable
&& chmod +x /bin/backup.sh \
# Dovecot related commands
&& mkdir -p /srv/mail \
&& chown vmail:vmail /srv/mail \
&& chmod 765 -R /srv/mail \
&& mkdir -p /ssl/dovecot \
&& chown dovecot:dovecot -R /etc/dovecot/ \
&& chgrp postfix -R /etc/dovecot/sieve/ \
&& chmod 0755 -R /etc/dovecot/sieve/ \
# ensure dovecot related scripts are executable
&& chmod +x /bin/quota-warning.sh \
&& chmod +x /bin/welcome-email.sh \
&& chmod +x /bin/group-mailbox.sh \
&& chmod 744 /etc/dovecot/dovecot-acl \
# Postfix related commands
&& usermod -a -G vmail postfix \
&& mkdir -p /ssl/postfix \
&& ln -s /etc/dovecot/dovecot-ldap.conf.ext /etc/dovecot/dovecot-ldap-userdb.conf.ext \
# ensure postfix related scripts are executable
&& chmod +x /bin/postfix.sh \
# check if needed
&& mkdir -p /var/spool/postfix/private/dovecot \
&& chown postfix:postfix /var/spool/postfix/private/dovecot \
&& chown vmail:vmail /var/lib/dovecot \
# Spammassassin related Commands
&& mkdir -p /var/spool/spamassassin \
&& chmod 777 /var/spool/spamassassin \
# Ensure spamassassin related scripts are executable
&& chmod +x /bin/spam-learn.sh \
# fetchmail.pl setup
&& curl -o /bin/fetchmail.pl https://raw.githubusercontent.com/postfixadmin/postfixadmin/8f20c96278a694a7e0bb570f1d56c208105e5a14/ADDITIONS/fetchmail.pl \
&& chmod +x /bin/fetchmail.pl \
&& mkdir -p /var/run/fetchmail \
&& mkdir -p /var/lock/fetchmail
# Setup data volumes
VOLUME /srv/mail /ssl /var/spool/spamassassin /backup /var/log
# Configure postfix
RUN postconf -e "maillog_file=/var/log/postfix.log" \
# Postfix to use dovecot LMTP
&& postconf -e "virtual_transport=lmtp:unix:private/lda" \
# # Only allow a user to send from email address' they own
# && postconf -e "smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps" \
# Only allow specified domains for usage
&& postconf -e "virtual_mailbox_domains=ldap:/etc/postfix/ldap/virtual_email_domains" \
# postfix user mapping
&& postconf -e "virtual_alias_maps=ldap:/etc/postfix/ldap/virtual_alias_maps" \
# by default encryption is optional
&& postconf -e "smtpd_tls_security_level=may" \
# log outbound tls connection information
&& postconf -e "smtpd_tls_loglevel=1" \
# try tls connection outbound
&& postconf -e "smtp_tls_security_level=may" \
# log inbound tls connection information
&& postconf -e "smtp_tls_loglevel=1" \
# Only authenticate over tls
&& postconf -e "smtpd_tls_auth_only=yes" \
# all smtpd actions need to be filtered
&& postconf -e "content_filter=amavis:[127.0.0.1]:10024" \
# not give away os, set clean banner
&& postconf -e "smtpd_banner=$myhostname ESMTP " \
# Dont give away that postfix is used
&& postconf -e "mail_name=server" \
# create privacy header check db
&& postmap /etc/postfix/header_checks_privacy \
# create clean header check db
&& postmap /etc/postfix/header_checks_outbound \
# Clean outbound headers
&& postconf -e "smtp_header_checks=regexp:/etc/postfix/header_checks_outbound" \
# Add To, From, Date and Message-id headers if missing
&& postconf -e "always_add_missing_headers=yes" \
# Only add missing headers for authenticated users (mail users) and my networks and mail orginating from localhost
&& postconf -e "local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces" \
# check quota before delivery
&& postconf -e "smtpd_recipient_restrictions=check_policy_service=inet:localhost:12340" \
# set tls settings
&& postconf -e "smtpd_tls_cert_file=/ssl/postfix/cert.pem" \
&& postconf -e "smtpd_tls_key_file=/ssl/postfix/key.pem" \
&& postconf -e "smtpd_helo_required = yes" \
&& postconf -e "smtpd_delay_reject = yes" \
&& postconf -e "disable_vrfy_command = yes" \
# use secure protocols and cyphers
&& postconf -e "smtpd_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
&& postconf -e "smtp_tls_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1" \
&& postconf -e "smtpd_tls_mandatory_ciphers=high" \
&& postconf -e "smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1"
EXPOSE 25 587 993 4190
ENTRYPOINT ["/docker-entrypoint.sh"]
# testing software
RUN apt update && DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends install \
procps \
vim \
iputils-ping \
python3-ldap
# && freshclam

2
gitlab-ci

Submodule gitlab-ci updated: ce1cc017e2...36ce0b0b76

53
include/bin/backup.sh Normal file
View File

@ -0,0 +1,53 @@
#!/bin/bash
set -e
backup_version=1.0
back_file_name="mail_server-$backup_version-$(date +%Y-%m-%d-%H%M-%Z).tar.gz"
start=$(date '+%s')
includes=(/srv/mail)
includes+=(/ssl)
includes+=(/var/spool/spamassassin)
includes+=(/var/log)
includes+=(/var/lib/amavis)
backup_command="tar -czpvf $back_file_name ${includes[@]}"
cd /tmp
echo "$backup_command"
if ! $backup_command; then
status="tar failed"
elif ! mv "/tmp/$back_file_name" /backup/ ; then
status="mv failed"
else
status="success: version=$backup_version size=$(stat -c%s /backup/$back_file_name) duration=$((`date '+%s'` - $start)) command='$backup_command'"
fi
logger -t backup "$status"
if [ "0$POST_MASTER_EMAIL" != "0" ]; then
cat << EOF | /usr/lib/dovecot/dovecot-lda -d "${POST_MASTER_EMAIL}" -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
To: ${POST_MASTER_EMAIL}
From: Mail Server <NO-REPLY@$(hostname -f)>
Subject: Backup $(date +%Y-%m-%d-%H:%M-%Z)
Server backups have occured on $(hostname -f)
Summary:
$status
EOF
fi

47
include/bin/group-mailbox.sh Normal file
View File

@ -0,0 +1,47 @@
#!/bin/sh
set -e
MAILBOX_USER=$1
USER_LOGIN_NAME=$2
if [ "0$MAILBOX_USER" = "0" ]; then
echo " You must specify a mailbox to share";
elif [ "0$USER_LOGIN_NAME" = "0" ]; then
echo " You must specify a user the mailbox is to be shared with";
else
doveadm acl add -u $MAILBOX_USER Inbox user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
doveadm acl add -u $MAILBOX_USER Archive user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
doveadm acl add -u $MAILBOX_USER Drafts user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
doveadm acl add -u $MAILBOX_USER Sent user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
doveadm acl add -u $MAILBOX_USER Spam user=$USER_LOGIN_NAME lookup read write write-seen write-deleted insert post expunge create delete
cat << EOF | /usr/lib/dovecot/dovecot-lda -d ${$USER_LOGIN_NAME} -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
From: Postmaster <NO-REPLY@$(hostname -f)>
Subject: New Shared Mailbox ($MAILBOX_USER)
Hi,
Just letting you known that mailbox $MAILBOX_USER, has been shared with you.
You have visibility of the following folders
- Inbox
- Archive
- Drafts
- Sent
- Spam
EOF
fi

14
include/bin/postfix.sh Normal file
View File

@ -0,0 +1,14 @@
#! /bin/bash
trap "service postfix stop" SIGINT
trap "service postfix stop" SIGTERM
trap "service postfix reload" SIGHUP
service postfix start
# wait until postfix is dead (triggered by trap)
while kill -0 "$(< /var/spool/postfix/pid/master.pid)"
do
sleep 5
done

20
include/bin/quota-warning.sh Normal file
View File

@ -0,0 +1,20 @@
#!/bin/sh
PERCENT=$1
USER=$2
cat << EOF | /usr/lib/dovecot/dovecot-lda -d $USER -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
From: Postmaster <NO-REPLY@$(hostname -f)>
Subject: Mailbox Quota Warning
Hi,
Just wanted to let you know that Your mailbox is now $PERCENT% full.
Note: This is an automated message. Please do not respond to it.
TIP:
EOF

52
include/bin/spam-learn.sh Normal file
View File

@ -0,0 +1,52 @@
#!/bin/bash
set -e
start=$(date '+%s')
POSTMASTER="${1}"
# for testing script
#POSTMASTER=postmaster@example.org
HAM_REPORT=''
SPAM_REPORT=''
for i in /srv/mail/* ; do
if [ -d "$i" ]; then
HAM_REPORT=$(printf "$HAM_REPORT\n\nMailbox: $i\n $(sa-learn --ham --showdots --no-sync $i/mail/cur)\n")
SPAM_REPORT=$(printf "$SPAM_REPORT\n\nMailbox: $i\n $(sa-learn --spam --showdots --no-sync $i/mail/Spam/cur)\n")
fi
done
if [ "0$POST_MASTER_EMAIL" != "0" ]; then
cat << EOF | /usr/lib/dovecot/dovecot-lda -d "${POST_MASTER_EMAIL}" -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
To: ${POST_MASTER_EMAIL}
From: Mail Server <NO-REPLY@$(hostname -f)>
Subject: Spam Learning Report $(date +%Y-%m-%d-%H:%M-%Z)
Command: /bin/spam-learn.sh
Scan duration: $((`date '+%s'` - $start))
****************** Ham Scan ******************
$HAM_REPORT
****************** Spam Scan ******************
$SPAM_REPORT
EOF
fi

36
include/bin/welcome-email.sh Normal file
View File

@ -0,0 +1,36 @@
#!/bin/sh
set -e
USER=$1
cat << EOF | /usr/lib/dovecot/dovecot-lda -d ${USER} -o "plugin/quota=maildir:User quota:noenforcing"
Auto-Submitted: auto-generated
Date: $(date +'%a, %-d %b %Y %H:%M:%S %z')
From: Postmaster <NO-REPLY@$(hostname -f)>
Subject: New User Welcome
Hi,
This E-Mail has been sent to inform you of some of the ins and outs of this E-Mail server.
Features available to you:
- IMAP Sieve
- Spam automatically sent to your spam folder
- Ability to share your E-mail folders with other users
Quota
=====
Your mailbox has a set quota that should be visible in your E-Mail client. A quota is the storage space that your E-Mails use. It is your responsability to keep you storage below your allocated quota, or you won't be able to send or receive E-Mails.
Spam
====
Spam is defined as unwanted messages, which sometimes contains malicious software. It's advised if you receive a message you think is spam, don't open it. Move it to your spam folder. Any spam that we detect, will automatically delivered to your spam folder. If we miss a spam messages, as stated earlier, please move it to your spam folder.
We have a learning bot that automagically uses your spam folder to learn why it is spam. After our AI learns, it will be better next time at catching the spam messages so you don't have to.
$(if [ "0$POST_MASTER_EMAIL" != "0" ]; then echo "If you have any concerns, please email the postmaster ($POST_MASTER_EMAIL)."; fi )
EOF

101
include/docker-entrypoint.sh Normal file
View File

@ -0,0 +1,101 @@
#!/bin/bash
set -e
if [ "0$POST_MASTER_EMAIL" != "0" ]; then export MAILTO="$POST_MASTER_EMAIL"; fi
# Populate this file so cron has access to env vars. thanks to https://stackoverflow.com/a/41938139
printenv | grep -v "no_proxy" > /etc/environment
if [ -f "/var/run/amavis/amavisd.pid" ]; then rm /var/run/amavis/amavisd.pid; fi
if [ "$1" == "" ]; then
echo "Setup server type ($SERVERTYPE)"
echo "[Information] starting supervisor daemon"
/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
bash
fi
# compile sieve scripts
for file in /etc/dovecot/sieve/*.sieve ;
do
sievec $file;
done
mkdir -p /var/lock/fetchmail
if [ "$1" == "setup" ]; then
postconf -e "myhostname = $(`echo hostname -f`)"
if [ ! -f /ssl/dovecot/key.pem ]; then
echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
openssl req -nodes -new -x509 -keyout /ssl/dovecot/key.pem -out /ssl/dovecot/cert.pem -subj '/CN=localhost'
fi
if [ ! -f /ssl/dovecot/dh.pem ]; then
echo "[Information] Creating DHPEM Key"
openssl dhparam -out /ssl/dovecot/dh.pem 4096
fi
echo "[Information] Start dovecot"
supervisorctl start dovecot
sed -i -r -e 's/^manpage_directory/#manpage_directory/' /etc/postfix/main.cf.proto
sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files
sed -i -r -e 's/^\$manpage_directory/#$manpage_directory/' /etc/postfix/postfix-files.d/*
if [ ! -f /ssl/postfix/key.pem ]; then
echo "[WARNING] Creating Self-signed TLS Cert. Consider using letsencrypt or another trusted CA"
openssl req -nodes -new -x509 -keyout /ssl/postfix/key.pem -out /ssl/postfix/cert.pem -subj '/CN=localhost'
fi
echo "[Information] set postfix permissions"
postfix set-permissions create-missing
postmap /etc/postfix/header_checks_outbound
postmap /etc/postfix/header_checks_privacy
echo "[Information] start postfix"
# supervisorctl start amavis
supervisorctl start postfix
else
exec "$@"
fi

27
include/etc/amavis/conf.d/15-content_filter_mode Normal file
View File

@ -0,0 +1,27 @@
use strict;
# You can modify this file to re-enable SPAM checking through spamassassin
# and to re-enable antivirus checking.
#
# Default antivirus checking mode
# Please note, that anti-virus checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:
#@bypass_virus_checks_maps = (
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
#
# Default SPAM checking mode
# Please note, that anti-spam checking is DISABLED by
# default.
# If You wish to enable it, please uncomment the following lines:
@bypass_spam_checks_maps = (
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
1; # ensure a defined return

39
include/etc/amavis/conf.d/50-user Normal file
View File

@ -0,0 +1,39 @@
use strict;
#
# Place your configuration directives here. They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#
# Higher log level to get expected messages at startup
$log_level = 2;
$X_HEADER_LINE = "Virus Scanning product";
$virus_admin = "postmaster";
$banned_admin = "postmaster";
$final_virus_destiny = D_DISCARD; # (data not lost, see virus quarantine)
$final_banned_destiny = D_DISCARD;
$final_spam_destiny = D_PASS;
$final_bad_header_destiny = D_PASS;
$sa_spam_subject_tag = '';
$sa_tag_level_deflt = -999; # add spam info headers if at, or above that level
$sa_tag2_level_deflt = 6.31; # add 'spam detected' headers at that level
$sa_kill_level_deflt = 6.31; # triggers spam evasive actions
$sa_dsn_cutoff_level = 10; # spam level beyond which a DSN is not sent
$spam_quarantine_to = undef;
# disable the "Received" headers to be added to the mail header
$allowed_added_header_fields{lc('Received')} = 0;
#------------ Do not modify anything below this line -------------
1; # ensure a defined return

6
include/etc/cron.d/container_backup Normal file
View File

@ -0,0 +1,6 @@
#
# Backup the docker container
#
# m h dom mon dow user command
01 0,3,6,9,12,15,18,21 * * * root /bin/backup.sh >/dev/null 2>&1

6
include/etc/cron.d/fetchmail Normal file
View File

@ -0,0 +1,6 @@
#
# SpamAssassin Bayes learning from mailboxes
#
# m h dom mon dow user command
#20,50 * * * * root if [ "0$USE_FETCHMAIL_PL" != "0" ]; then /bin/fetchmail.pl 2>&1; fi

6
include/etc/cron.d/sa-learn Normal file
View File

@ -0,0 +1,6 @@
#
# SpamAssassin Bayes learning from mailboxes
#
# m h dom mon dow user command
30 0,3,6,9,12,15,18,21 * * * root /bin/spam-learn.sh >/dev/null 2>&1

2
include/etc/default/spamassassin Normal file
View File

@ -0,0 +1,2 @@
OPTIONS="--create-prefs --max-children 5 --username debian-spamd --helper-home-dir /home/spamd/ -s /var/log/spamd.log"
CRON=1

31
include/etc/dovecot/conf.d/10-auth.conf Normal file
View File

@ -0,0 +1,31 @@
##
## Authentication processes
##
#auth_verbose = yes
#auth_debug=yes
#disable_plaintext_auth = yes
#auth_mechanisms = plain login
auth_mechanisms = plain
mail_access_groups=vmail
mail_uid=vmail
mail_gid=vmail
auth_username_format = %Lu
userdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap-userdb.conf.ext
}
passdb {
driver = ldap
args = /etc/dovecot/dovecot-ldap.conf.ext
}

95
include/etc/dovecot/conf.d/10-logging.conf Normal file
View File

@ -0,0 +1,95 @@
##
## Log destination.
##
log_path=/var/log/dovecot.log
##
## Logging verbosity and debugging.
##
# Log filter is a space-separated list conditions. If any of the conditions
# match, the log filter matches (i.e. they're ORed together). Parenthesis
# are supported if multiple conditions need to be matched together.
#
# See https://doc.dovecot.org/configuration_manual/event_filter/ for details.
#
# For example: event=http_request_* AND category=error AND category=storage
#
# Filter to specify what debug logging to enable. This will eventually replace
# mail_debug and auth_debug settings.
#log_debug =
# Crash after logging a matching event. For example category=error will crash
# any time an error is logged, which can be useful for debugging.
#log_core_filter =
# Log unsuccessful authentication attempts and the reasons why they failed.
#auth_verbose = no
# In case of password mismatches, log the attempted password. Valid values are
# no, plain and sha1. sha1 can be useful for detecting brute force password
# attempts vs. user simply trying the same password over and over again.
# You can also truncate the value to n chars by appending ":n" (e.g. sha1:6).
#auth_verbose_passwords = no
# Even more verbose logging for debugging purposes. Shows for example SQL
# queries.
#auth_debug = no
# In case of password mismatches, log the passwords and used scheme so the
# problem can be debugged. Enabling this also enables auth_debug.
#auth_debug_passwords = no
# Enable mail process debugging. This can help you figure out why Dovecot
# isn't finding your mails.
#mail_debug = no
# Show protocol level SSL errors.
#verbose_ssl = no
# mail_log plugin provides more event logging for mail processes.
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
# Available fields: uid, box, msgid, from, subject, size, vsize, flags
# size and vsize are available only for expunge and copy events.
#mail_log_fields = uid box msgid size
}
##
## Log formatting.
##
# Prefix for each line written to log file. % codes are in strftime(3)
# format.
#log_timestamp = "%b %d %H:%M:%S "
# Space-separated list of elements we want to log. The elements which have
# a non-empty variable value are joined together to form a comma-separated
# string.
#login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c
# Login log format. %s contains login_log_format_elements string, %$ contains
# the data we want to log.
#login_log_format = %$: %s
# Log prefix for mail processes. See doc/wiki/Variables.txt for list of
# possible variables you can use.
#mail_log_prefix = "%s(%u)<%{pid}><%{session}>: "
# Format to use for logging mail deliveries:
# %$ - Delivery status message (e.g. "saved to INBOX")
# %m / %{msgid} - Message-ID
# %s / %{subject} - Subject
# %f / %{from} - From address
# %p / %{size} - Physical size
# %w / %{vsize} - Virtual size
# %e / %{from_envelope} - MAIL FROM envelope
# %{to_envelope} - RCPT TO envelope
# %{delivery_time} - How many milliseconds it took to deliver the mail
# %{session_time} - How long LMTP session took, not including delivery_time
# %{storage_id} - Backend-specific ID for mail, e.g. Maildir filename
#deliver_log_format = msgid=%m: %$

13
include/etc/dovecot/conf.d/10-mail.conf Normal file
View File

@ -0,0 +1,13 @@
##
## Mailbox locations and namespaces
##
mail_home = /srv/mail/%u
mail_location = maildir:~/mail:LAYOUT=fs
mailbox_list_index = yes
mail_shared_explicit_inbox = yes

79
include/etc/dovecot/conf.d/10-master.conf Normal file
View File

@ -0,0 +1,79 @@
##
## Services
##
mail_plugins = $mail_plugins acl quota welcome
service auth {
unix_listener /var/spool/postfix/private/dovecot/auth {
#mode = 0660
mode=0777
user = postfix
group = postfix
}
unix_listener auth-userdb {
mode=0777
}
}
service imap {
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
ssl = yes
}
service_count = 1
process_min_avail = 1
}
#service imap-postlogin {
# all post-login scripts are executed via script-login binary
# executable = script-login -d /etc/dovecot/acl_groups.py
# the script process runs as the user specified here (v2.0.14+):
# user = $default_internal_user
# this UNIX socket listener must use the same name as given to imap executable
# unix_listener imap-postlogin {
# }
#}
service lmtp {
unix_listener /var/spool/postfix/private/lda {
group = postfix
mode = 0600
user = postfix
}
}
service pop3-login {
inet_listener pop3 {
#port = 110
}
inet_listener pop3s {
#port = 995
#ssl = yes
}
}
service submission-login {
inet_listener submission {
#port = 587
}
}

17
include/etc/dovecot/conf.d/10-ssl.conf Normal file
View File

@ -0,0 +1,17 @@
##
## SSL settings
##
#verbose_ssl = yes
ssl = required
ssl_prefer_server_ciphers = yes
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = </ssl/dovecot/dh.pem
ssl_cert = </ssl/dovecot/cert.pem
ssl_key = </ssl/dovecot/key.pem

49
include/etc/dovecot/conf.d/15-lda.conf Normal file
View File

@ -0,0 +1,49 @@
##
## LDA specific settings (also used by LMTP)
##
# Address to use when sending rejection mails.
# Default is postmaster@%d. %d expands to recipient domain.
#postmaster_address =
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
#hostname =
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
#quota_full_tempfail = no
# Binary to use for sending mails.
#sendmail_path = /usr/sbin/sendmail
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
#submission_host =
# Subject: header to use for rejection mails. You can use the same variables
# as for rejection_reason below.
#rejection_subject = Rejected: %s
# Human readable error message for rejection mails. You can use variables:
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
# Delimiter character between local-part and detail in email address.
#recipient_delimiter = +
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# A commonly used header for this is X-Original-To.
#lda_original_recipient_header =
# Should saving a mail to a nonexistent mailbox automatically create it?
lda_mailbox_autocreate = yes
# Should automatically created mailboxes be also automatically subscribed?
lda_mailbox_autosubscribe = yes
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}

75
include/etc/dovecot/conf.d/15-mailboxes.conf Normal file
View File

@ -0,0 +1,75 @@
##
## Mailbox definitions
##
namespace inbox {
prefix =
type = private
separator = /
inbox = yes
list = yes
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe # autocreate and autosubscribe the Sent mailbox
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
autoexpunge = 60d
}
mailbox Trash {
auto = subscribe
autoexpunge = 120d
special_use = \Trash
}
mailbox virtual/All { # if you have a virtual "All messages" mailbox
auto = no
special_use = \All
}
# If you have a virtual "Flagged" mailbox:
#mailbox virtual/Flagged {
# special_use = \Flagged
# comment = All my flagged messages
#}
# If you have a virtual "Important" mailbox:
#mailbox virtual/Important {
# special_use = \Important
# comment = All my important messages
#}
}
# Shared mailbox
namespace {
type = shared
separator = /
prefix = shared/%%n@%%d/
location = maildir:%%h/mail:LAYOUT=fs:INDEXPVT=%h/mail/shared/%%n@%%d
subscriptions = no
list = children
}

22
include/etc/dovecot/conf.d/20-imap.conf Normal file
View File

@ -0,0 +1,22 @@
##
## IMAP specific settings
##
# If nothing happens for this long while client is IDLEing, move the connection
# to imap-hibernate process and close the old imap process. This saves memory,
# because connections use very little memory in imap-hibernate process. The
# downside is that recreating the imap process back uses some resources.
imap_hibernate_timeout = 5M
# Maximum IMAP command line length. Some clients generate very long command
# lines with huge mailboxes, so you may need to raise this if you get
# "Too long argument" or "IMAP command line too large" errors often.
#imap_max_line_length = 64k
protocol imap {
imap_client_workarounds = tb-extra-mailbox-sep tb-lsub-flags
mail_plugins = $mail_plugins imap_acl imap_quota
}

18
include/etc/dovecot/conf.d/20-lmtp.conf Normal file
View File

@ -0,0 +1,18 @@
##
## LMTP specific settings
##
# Verify quota before replying to RCPT TO. This adds a small overhead.
lmtp_rcpt_check_quota = yes
# Add "Received:" header to mails delivered.
#lmtp_add_received_header = no
protocol lmtp {
info_log_path = /var/log/dovecot-lmtp.log
# postmaster_address = postmaster@example.org
mail_plugins = $mail_plugins sieve
}

85
include/etc/dovecot/conf.d/20-managesieve.conf Normal file
View File

@ -0,0 +1,85 @@
##
## ManageSieve specific settings
##
# Uncomment to enable managesieve protocol:
#protocols = $protocols sieve
# Service definitions
service managesieve-login {
inet_listener sieve {
port = 4190
}
#inet_listener sieve_deprecated {
# port = 2000
#}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
service_count = 1
# Number of processes to always keep waiting for more connections.
process_min_avail = 1
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
service managesieve {
# Max. number of ManageSieve processes (connections)
process_limit = 100
}
# Service configuration
protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
# not involve overly long command lines, so this setting will not normally
# need adjustment
managesieve_max_line_length = 65536
# Maximum number of ManageSieve connections allowed for a user from each IP
# address.
# NOTE: The username is compared case-sensitively.
mail_max_userip_connections = 5
# Space separated list of plugins to load (none known to be useful so far).
# Do NOT try to load IMAP plugins here.
#mail_plugins =
# MANAGESIEVE logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
# %{put_bytes} - Number of bytes saved using PUTSCRIPT command
# %{put_count} - Number of scripts saved using PUTSCRIPT command
# %{get_bytes} - Number of bytes read using GETCRIPT command
# %{get_count} - Number of scripts read using GETSCRIPT command
# %{get_bytes} - Number of bytes processed using CHECKSCRIPT command
# %{get_count} - Number of scripts checked using CHECKSCRIPT command
# %{deleted_count} - Number of scripts deleted using DELETESCRIPT command
# %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command
managesieve_logout_format = bytes=%i/%o
# To fool ManageSieve clients that are focused on CMU's timesieved you can
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
# For example: 'Cyrus timsieved v2.2.13'
#managesieve_implementation_string = Dovecot Pigeonhole
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after login
# this may differ depending on the user).
#managesieve_sieve_capability =
#managesieve_notify_capability =
# The maximum number of compile errors that are returned to the client upon
# script upload or script verification.
#managesieve_max_compile_errors = 5
# Refer to 90-sieve.conf for script quota configuration and configuration of
# Sieve execution limits.
}

28
include/etc/dovecot/conf.d/90-acl.conf Normal file
View File

@ -0,0 +1,28 @@
##
## Mailbox access control lists.
##
# vfile backend reads ACLs from "dovecot-acl" file from mail directory.
# You can also optionally give a global ACL directory path where ACLs are
# applied to all users' mailboxes. The global ACL directory contains
# one file for each mailbox, eg. INBOX or sub.mailbox. cache_secs parameter
# specifies how many seconds to wait between stat()ing dovecot-acl file
# to see if it changed.
plugin {
# Per-user ACL:
acl = vfile
# (if yes) Creates an issue where shared folders inbox folder is
# shown but clicking on the root folder, also displays the contents
# of the inbox.
#acl_defaults_from_inbox = yes
acl = vfile:/etc/dovecot/dovecot-acl:cache_secs=60
}
plugin {
acl_shared_dict = file:/srv/mail/shared-mailboxes
}

21
include/etc/dovecot/conf.d/90-plugin.conf Normal file
View File

@ -0,0 +1,21 @@
##
## Plugin settings
##
plugin {
welcome_script = welcome %u
welcome_wait = no
}
service welcome {
executable = script /bin/welcome-email.sh
user = dovecot
unix_listener welcome {
user = dovecot
group = postfix
mode = 0766
}
}

85
include/etc/dovecot/conf.d/90-quota.conf Normal file
View File

@ -0,0 +1,85 @@
##
## Quota configuration.
##
# Note that you also have to enable quota plugin in mail_plugins setting.
# <doc/wiki/Quota.txt>
##
## Quota limits
##
plugin {
quota = maildir:User quota
quota_rule = *:storage=200M
quota_rule2 = Trash:storage=+50M
quota_grace = 10%%
quota_max_mail_size = 25M
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
plugin {
quota = maildir:Shared quota:ns=shared/
quota_rule = *:storage=200M
quota_max_mail_size = 25M
quota_status_success = DUNNO
quota_status_nouser = DUNNO
quota_status_overquota = "552 5.2.2 Mailbox is full"
}
##
## Quota warnings
##
# You can execute a given command when user exceeds a specified quota limit.
# Each quota root has separate limits. Only the command for the first
# exceeded limit is executed, so put the highest limit first.
# The commands are executed via script service by connecting to the named
# UNIX socket (quota-warning below).
# Note that % needs to be escaped as %%, otherwise "% " expands to empty.
plugin {
quota_warning = storage=50%% quota-warning 50 %u
quota_warning2 = storage=80%% quota-warning 80 %u
quota_warning2 = storage=90%% quota-warning 90 %u
quota_warning3 = storage=95%% quota-warning 95 %u
}
# Example quota-warning service. The unix listener's permissions should be
# set in a way that mail processes can connect to it. Below example assumes
# that mail processes run as vmail user. If you use mode=0666, all system users
# can generate quota warnings to anyone.
service quota-warning {
executable = script /bin/quota-warning.sh
# user = vmail
unix_listener quota-warning {
user = dovecot
group = vmail
mode = 0766
}
}
service quota-status {
executable = quota-status -p postfix
inet_listener {
port = 12340
# You can choose any port you want
}
client_limit = 1
}

45
include/etc/dovecot/conf.d/90-sieve-extprograms.conf Normal file
View File

@ -0,0 +1,45 @@
# Sieve Extprograms plugin configuration
# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
# sieve_extensions or sieve_global_extensions settings. Restricting these
# extensions to a global context using sieve_global_extensions is recommended.
plugin {
# The directory where the program sockets are located for the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each unix socket contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_socket_dir = sieve-pipe
#sieve_filter_socket_dir = sieve-filter
#sieve_execute_socket_dir = sieve-execute
# The directory where the scripts are located for direct execution by the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each script contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
}
# An example program service called 'do-something' to pipe messages to
#service do-something {
# Define the executed script as parameter to the sieve service
#executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
# Use some unprivileged user for executing the program
#user = dovenull
# The unix socket located in the sieve_pipe_socket_dir (as defined in the
# plugin {} section above)
#unix_listener sieve-pipe/do-something {
# LDA/LMTP must have access
# user = vmail
# mode = 0600
#}
#}

210
include/etc/dovecot/conf.d/90-sieve.conf Normal file
View File

@ -0,0 +1,210 @@
##
## Settings for the Sieve interpreter
##
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
# by adding it to the respective mail_plugins= settings.
# The Sieve interpreter can retrieve Sieve scripts from several types of
# locations. The default `file' location type is a local filesystem path
# pointing to a Sieve script file or a directory containing multiple Sieve
# script files. More complex setups can use other location types such as
# `ldap' or `dict' to fetch Sieve scripts from remote databases.
#
# All settings that specify the location of one ore more Sieve scripts accept
# the following syntax:
#
# location = [<type>:]path[;<option>[=<value>][;...]]
#
# If the type prefix is omitted, the script location type is 'file' and the
# location is interpreted as a local filesystem path pointing to a Sieve script
# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
# information.
plugin {
# The location of the user's main Sieve script or script storage. The LDA
# Sieve plugin uses this to find the active script for Sieve filtering at
# delivery. The "include" extension uses this location for retrieving
# :personal" scripts. This is also where the ManageSieve service will store
# the user's scripts, if supported.
#
# Currently only the 'file:' location type supports ManageSieve operation.
# Other location types like 'dict:' and 'ldap:' can currently only
# be used as a read-only script source ().
#
# For the 'file:' type: use the ';active=' parameter to specify where the
# active script symlink is located.
# For other types: use the ';name=' parameter to specify the name of the
# default/active script.
sieve = file:~/sieve;active=~/.dovecot.sieve
# The default Sieve script when the user has none. This is the location of a
# global sieve script file, which gets executed ONLY if user's personal Sieve
# script doesn't exist. Be sure to pre-compile this script manually using the
# sievec command line tool if the binary is not stored in a global location.
# --> See sieve_before for executing scripts before the user's personal
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
# The name by which the default Sieve script (as configured by the
# sieve_default setting) is visible to the user through ManageSieve.
#sieve_default_name =
# Location for ":global" include scripts as used by the "include" extension.
#sieve_global_path =
# The location of a Sieve script that is run for any message that is about to
# be discarded; i.e., it is not delivered anywhere by the normal Sieve
# execution. This only happens when the "implicit keep" is canceled, by e.g.
# the "discard" action, and no actions that deliver the message are executed.
# This "discard script" can prevent discarding the message, by executing
# alternative actions. If the discard script does nothing, the message is
# still discarded as it would be when no discard script is configured.
#sieve_discard =
# Location Sieve of scripts that need to be executed before the user's
# personal script. If a 'file' location path points to a directory, all the
# Sieve scripts contained therein (with the proper `.sieve' extension) are
# executed. The order of execution within that directory is determined by the
# file names, using a normal 8bit per-character comparison.
#
# Multiple script locations can be specified by appending an increasing number
# to the setting name. The Sieve scripts found from these locations are added
# to the script execution sequence in the specified order. Reading the
# numbered sieve_before settings stops at the first missing setting, so no
# numbers may be skipped.
#sieve_before = /var/lib/dovecot/sieve.d/
#sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
#sieve_before3 = (etc...)
sieve_before = /etc/dovecot/sieve
# Identical to sieve_before, only the specified scripts are executed after the
# user's script (only when keep is still in effect!). Multiple script
# locations can be specified by appending an increasing number.
#sieve_after =
#sieve_after2 =
#sieve_after2 = (etc...)
# Which Sieve language extensions are available to users. By default, all
# supported extensions are available, except for deprecated extensions or
# those that are still under development. Some system administrators may want
# to disable certain Sieve extensions or enable those that are not available
# by default. This setting can use '+' and '-' to specify differences relative
# to the default. For example `sieve_extensions = +imapflags' will enable the
# deprecated imapflags extension in addition to all extensions were already
# enabled by default.
#sieve_extensions = +notify +imapflags
sieve_extensions=-vacation, -enotify, -editheader, imap4flags
# Which Sieve language extensions are ONLY available in global scripts. This
# can be used to restrict the use of certain Sieve extensions to administrator
# control, for instance when these extensions can cause security concerns.
# This setting has higher precedence than the `sieve_extensions' setting
# (above), meaning that the extensions enabled with this setting are never
# available to the user's personal script no matter what is specified for the
# `sieve_extensions' setting. The syntax of this setting is similar to the
# `sieve_extensions' setting, with the difference that extensions are
# enabled or disabled for exclusive use in global scripts. Currently, no
# extensions are marked as such by default.
#sieve_global_extensions =
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
# setting, the used plugins can be specified. Check the Dovecot wiki
# (wiki2.dovecot.org) or the pigeonhole website
# (http://pigeonhole.dovecot.org) for available plugins.
# The sieve_extprograms plugin is included in this release.
#sieve_plugins =
sieve_plugins = sieve_extprograms
# The maximum size of a Sieve script. The compiler will refuse to compile any
# script larger than this limit. If set to 0, no limit on the script size is
# enforced.
#sieve_max_script_size = 1M
# The maximum number of actions that can be performed during a single script
# execution. If set to 0, no limit on the total number of actions is enforced.
#sieve_max_actions = 32
# The maximum number of redirect actions that can be performed during a single
# script execution. If set to 0, no redirect actions are allowed.
#sieve_max_redirects = 4
# The maximum number of personal Sieve scripts a single user can have. If set
# to 0, no limit on the number of scripts is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_scripts = 0
# The maximum amount of disk storage a single user's scripts may occupy. If
# set to 0, no limit on the used amount of disk storage is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_storage = 0
# The primary e-mail address for the user. This is used as a default when no
# other appropriate address is available for sending messages. If this setting
# is not configured, either the postmaster or null "<>" address is used as a
# sender, depending on the action involved. This setting is important when
# there is no message envelope to extract addresses from, such as when the
# script is executed in IMAP.
#sieve_user_email =
# The path to the file where the user log is written. If not configured, a
# default location is used. If the main user's personal Sieve (as configured
# with sieve=) is a file, the logfile is set to <filename>.log by default. If
# it is not a file, the default user log file is ~/.dovecot.sieve.log.
#sieve_user_log =
# Specifies what envelope sender address is used for redirected messages.
# The following values are supported for this setting:
#
# "sender" - The sender address is used (default).
# "recipient" - The final recipient address is used.
# "orig_recipient" - The original recipient is used.
# "user_email" - The user's primary address is used. This is
# configured with the "sieve_user_email" setting. If
# that setting is unconfigured, "user_mail" is equal to
# "recipient".
# "postmaster" - The postmaster_address configured for the LDA.
# "<user@domain>" - Redirected messages are always sent from user@domain.
# The angle brackets are mandatory. The null "<>" address
# is also supported.
#
# This setting is ignored when the envelope sender is "<>". In that case the
# sender of the redirected message is also always "<>".
#sieve_redirect_envelope_from = sender
## TRACE DEBUGGING
# Trace debugging provides detailed insight in the operations performed by
# the Sieve script. These settings apply to both the LDA Sieve plugin and the
# IMAPSIEVE plugin.
#
# WARNING: On a busy server, this functionality can quickly fill up the trace
# directory with a lot of trace files. Enable this only temporarily and as
# selective as possible.
# The directory where trace files are written. Trace debugging is disabled if
# this setting is not configured or if the directory does not exist. If the
# path is relative or it starts with "~/" it is interpreted relative to the
# current user's home directory.
#sieve_trace_dir =
# The verbosity level of the trace messages. Trace debugging is disabled if
# this setting is not configured. Possible values are:
#
# "actions" - Only print executed action commands, like keep,
# fileinto, reject and redirect.
# "commands" - Print any executed command, excluding test commands.
# "tests" - Print all executed commands and performed tests.
# "matching" - Print all executed commands, performed tests and the
# values matched in those tests.
#sieve_trace_level =
# Enables highly verbose debugging messages that are usually only useful for
# developers.
#sieve_trace_debug = no
# Enables showing byte code addresses in the trace output, rather than only
# the source line numbers.
#sieve_trace_addresses = no
}

7
include/etc/dovecot/dovecot-acl Normal file
View File

@ -0,0 +1,7 @@
INBOX.Archive owner lrwstipek
INBOX.Drafts owner lrwstipek
INBOX.Spam owner lrwstipek
INBOX.Sent owner lrwstipek
INBOX.Trash owner lrwstipek
#* owner akxeilprwts

24
include/etc/dovecot/dovecot-ldap.conf.ext Normal file
View File

@ -0,0 +1,24 @@
uris = ldap://openldap
dn = cn=admin,dc=example,dc=org
dnpass = admin
debug_level = 0
auth_bind = no
ldap_version = 3
base = dc=example,dc=org
scope = subtree
user_attrs = uid=user=%{ldap:uid}, memberUid=user=%{ldap:mail}, mail=home=/srv/mail/%{ldap:mail}, mail=mailHomeDirectory=maildir:~/mail:LAYOUT=fs, mailQuota=quota_rule=*:bytes=%$
user_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)(cn=%u)))
pass_filter = (&(objectClass=PostfixBookMailAccount)(|(uid=%u)(mail=%u)))
iterate_attrs = mail=user
iterate_filter = (objectClass=PostfixBookMailAccount)

2
include/etc/dovecot/protocols.d/imap.protocol Normal file
View File

@ -0,0 +1,2 @@
protocols = $protocols imap

2
include/etc/dovecot/protocols.d/lmtp.protocol Normal file
View File

@ -0,0 +1,2 @@
protocols = $protocols lmtp

2
include/etc/dovecot/protocols.d/sieve.protocol Normal file
View File

@ -0,0 +1,2 @@
protocols = $protocols sieve

11
include/etc/dovecot/sieve/00-fileto-spam.sieve Normal file
View File

@ -0,0 +1,11 @@
require ["fileinto", "mailbox"];
if exists "X-Spam-Flag" {
if header :contains "X-Spam-Flag" "NO" {
} else {
fileinto :create "Spam";
stop;
}
}

14
include/etc/logrotate.d/dovecot Normal file
View File

@ -0,0 +1,14 @@
/var/log/dovecot.log
{
rotate 30
daily
missingok
notifempty
compress
delaycompress
extension log
create 0644 dovecot dovecot
postrotate
supervisorctl restart dovecot
endscript
}

14
include/etc/logrotate.d/postfix Normal file
View File

@ -0,0 +1,14 @@
/var/log/postfix.log
{
rotate 30
daily
missingok
notifempty
compress
delaycompress
extension log
create 0644 postfix postfix
postrotate
supervisorctl restart postfix
endscript
}

28
include/etc/logrotate.d/rsyslog Normal file
View File

@ -0,0 +1,28 @@
/var/log/syslog
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
/var/log/lastlog
/var/log/faillog
{
rotate 30
daily
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
supervisorctl restart rsyslog
supervisorctl restart amavis
endscript
}

24
include/etc/mail/postfixadmin/fetchmail.conf Normal file
View File

@ -0,0 +1,24 @@
# database settings
# database backend - uncomment one of these
our $db_type = 'mysql';
#my $db_type = 'mysql';
# host name
our $db_host="mysql";
# database name
our $db_name="roundcube";
# database username
our $db_username="roundcube";
# database password
our $db_password="roundcube";
# Where to create a lockfile; please ensure path exists.
our $run_dir="/var/lock/fetchmail";
# in case you want to use dovecot deliver to put the mail directly into the users mailbox,
# set "mda" in the fetchmail table to the keyword "dovecot".
# Where the delivery binary is located
$dovecot_deliver = "/usr/lib/dovecot/dovecot-lda";

14
include/etc/postfix/header_checks_outbound Normal file
View File

@ -0,0 +1,14 @@
#
# Header Checks for outbound E-Mail
#
# Checks for outbound mail
#
#
# Remove spam headers as they are applicable for local users only.
#
/^X-Spam-Flag:/ IGNORE
/^X-Spam-Score:/ IGNORE
/^X-Spam-Level:/ IGNORE
/^X-Spam-Status:/ IGNORE

32
include/etc/postfix/header_checks_privacy Normal file
View File

@ -0,0 +1,32 @@
#
# Privacy Header Checks
#
#
# Hide the software the sender is using
#
/^User-Agent:/ IGNORE
#
# Remove Date from header.
#
# The date that the client users is often in their own timezone.
# this is not desirable, so removing and having the server re-add
# the date header, enables hiding the users timezone.
#
# NOTE: postfix requires the following settings:
# - always_add_missing_headers=yes
# - local_header_rewrite_clients=permit_sasl_authenticated,permit_mynetworks,permit_inet_interfaces
#
# These settings will add the date back to the E-Mail header using the servers timezone.
#
/^Date:/ IGNORE
#
# Remove the sender IP Address and Any hostname and replace with localhost
#
/^Received:\sfrom [^ ]+ \([^ ]+ \[[IPv0-9a-f:.]+\]\)(\s+.* \(server\) with .+)$/ REPLACE Received: from [127.0.0.1] (localhost [127.0.0.1])$1

16
include/etc/postfix/ldap/smtpd_sender_login_maps Normal file
View File

@ -0,0 +1,16 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=Users,dc=example,dc=org
query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
result_attribute = uid

17
include/etc/postfix/ldap/smtpd_sender_login_maps_groups Normal file
View File

@ -0,0 +1,17 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=Groups,dc=example,dc=org
query_filter = (&(objectClass=PostfixBookMailAccount)(objectClass=posixGroup)(|(mail=%s)(mailAlias=%s)))
result_attribute = memberUid

17
include/etc/postfix/ldap/virtual_alias_domains Normal file
View File

@ -0,0 +1,17 @@
server_host = ldap://172.20.0.4
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=mail,dc=example,dc=org
query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
result_attribute = dc

18
include/etc/postfix/ldap/virtual_alias_maps Normal file
View File

@ -0,0 +1,18 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = dc=example,dc=org
#scope = sub
query_filter = (&(objectClass=PostfixBookMailAccount)(|(mail=%s)(mailAlias=%s)))
result_attribute = mail

18
include/etc/postfix/ldap/virtual_email_domains Normal file
View File

@ -0,0 +1,18 @@
server_host = ldap://openldap
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/tls/CA.pem
#tls_require_cert = yes
bind = yes
bind_dn = cn=admin,dc=example,dc=org
bind_pw = admin
search_base = ou=mail,dc=example,dc=org
scope = sub
query_filter = (&(ObjectClass=dNSDomain)(dc=%s))
result_attribute = dc

175
include/etc/postfix/master.cf Normal file
View File

@ -0,0 +1,175 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master" or
# on-line: http://www.postfix.org/master.5.html).
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
#smtp inet n - y - - smtpd
smtp inet n - y - 1 postscreen
smtpd pass - - y - - smtpd
-o syslog_name=postfix/inbound
-o smtpd_tls_security_level=may
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unauth_destination,permit_auth_destination,reject
#dnsblog unix - - y - 0 dnsblog
#tlsproxy unix - - y - 0 tlsproxy
submission inet n - y - - smtpd
-o syslog_name=postfix/submission
-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_tls_auth_only=yes
-o smtpd_sasl_type=dovecot
-o smtpd_sasl_path=private/dovecot/auth
-o smtpd_sasl_security_options=noanonymous
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_login_maps=ldap:/etc/postfix/ldap/smtpd_sender_login_maps,ldap:/etc/postfix/ldap/smtpd_sender_login_maps_groups
-o smtpd_sender_restrictions=reject_sender_login_mismatch
-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
-o cleanup_service_name=privacy
amavis unix - - n - 2 smtp
-o syslog_name=postfix/$service_name
-o smtp_data_done_timeout=1200
-o smtp_send_xforward_command=yes
-o disable_dns_lookups=yes
-o max_use=20
-o content_filter=
127.0.0.1:10025 inet n - n - - smtpd
-o syslog_name=amavis
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_delay_reject=no
-o smtpd_client_restrictions=permit_mynetworks,reject
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o smtpd_data_restrictions=reject_unauth_pipelining
-o smtpd_end_of_data_restrictions=
-o mynetworks=127.0.0.0/8
-o smtpd_error_sleep_time=0
-o smtpd_soft_error_limit=1001
-o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks
-o content_filter=
#spamassassin unix - n n - - pipe
# user=debian-spamd argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
#smtps inet n - y - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=
# -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - y - - qmqpd
pickup unix n - y 60 1 pickup
cleanup unix n - y - 0 cleanup
privacy unix n - n - 0 cleanup
-o syslog_name=postfix/$service_name
-o header_checks=regexp:/etc/postfix/header_checks_privacy
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - y 1000? 1 tlsmgr
rewrite unix - - y - - trivial-rewrite
bounce unix - - y - 0 bounce
defer unix - - y - 0 bounce
trace unix - - y - 0 bounce
verify unix - - y - 1 verify
flush unix n - y 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - y - - smtp
-o syslog_name=postfix/$service_name
relay unix - - y - - smtp
-o syslog_name=postfix/$service_name
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - y - - showq
error unix - - y - - error
retry unix - - y - - error
discard unix - - y - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - y - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
maildrop unix - n n - - pipe
flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# flags=DRX user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
uucp unix - n n - - pipe
flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# Other external delivery methods.
#
ifmail unix - n n - - pipe
flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
bsmtp unix - n n - - pipe
flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
scalemail-backend unix - n n - 2 pipe
flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
mailman unix - n n - - pipe
flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}

119
include/etc/spamassassin/local.cf Normal file
View File

@ -0,0 +1,119 @@
# This is the right place to customize your installation of SpamAssassin.
#
# See 'perldoc Mail::SpamAssassin::Conf' for details of what can be
# tweaked.
#
# Only a small subset of options are listed below
#
###########################################################################
# A 'contact address' users should contact for more info. (replaces
# _CONTACTADDRESS_ in the report template)
# report_contact youremailaddress@domain.tld
# Add *****SPAM***** to the Subject header of spam e-mails
#
# rewrite_header Subject *****SPAM*****
# Save spam messages as a message/rfc822 MIME attachment instead of
# modifying the original message (0: off, 2: use text/plain instead)
#
report_safe 2
# Set which networks or hosts are considered 'trusted' by your mail
# server (i.e. not spammers)
#
# trusted_networks 212.17.35.
# Set file-locking method (flock is not safe over NFS, but is faster)
#
# lock_method flock
# Set the threshold at which a message is considered spam (default: 5.0)
#
required_score 5.0
# Use Bayesian classifier (default: 1)
#
use_bayes 1
# Bayesian classifier auto-learning (default: 1)
#
bayes_auto_learn 1
bayes_path /var/spool/spamassassin/bayes
bayes_file_mode 775
# Set headers which may provide inappropriate cues to the Bayesian
# classifier
#
# bayes_ignore_header X-Bogosity
# bayes_ignore_header X-Spam-Flag
# bayes_ignore_header X-Spam-Status
# Whether to decode non- UTF-8 and non-ASCII textual parts and recode
# them to UTF-8 before the text is given over to rules processing.
#
# normalize_charset 1
# Textual body scan limit (default: 50000)
#
# Amount of data per email text/* mimepart, that will be run through body
# rules. This enables safer and faster scanning of large messages,
# perhaps having very large textual attachments. There should be no need
# to change this well tested default.
#
# body_part_scan_size 50000
# Textual rawbody data scan limit (default: 500000)
#
# Amount of data per email text/* mimepart, that will be run through
# rawbody rules.
#
# rawbody_part_scan_size 500000
# Some shortcircuiting, if the plugin is enabled
#
ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
#
# default: strongly-whitelisted mails are *really* whitelisted now, if the
# shortcircuiting plugin is active, causing early exit to save CPU load.
# Uncomment to turn this on
#
# SpamAssassin tries hard not to launch DNS queries before priority -100.
# If you want to shortcircuit without launching unneeded queries, make
# sure such rule priority is below -100. These examples are already:
#
# shortcircuit USER_IN_WHITELIST on
# shortcircuit USER_IN_DEF_WHITELIST on
# shortcircuit USER_IN_ALL_SPAM_TO on
# shortcircuit SUBJECT_IN_WHITELIST on
# the opposite; blacklisted mails can also save CPU
#
# shortcircuit USER_IN_BLACKLIST on
# shortcircuit USER_IN_BLACKLIST_TO on
# shortcircuit SUBJECT_IN_BLACKLIST on
# if you have taken the time to correctly specify your "trusted_networks",
# this is another good way to save CPU
#
# shortcircuit ALL_TRUSTED on
# and a well-trained bayes DB can save running rules, too
#
# shortcircuit BAYES_99 spam
# shortcircuit BAYES_00 ham
endif # Mail::SpamAssassin::Plugin::Shortcircuit

77
include/etc/supervisor/conf.d/supervisord.conf Normal file
View File

@ -0,0 +1,77 @@
[supervisord]
#daemon=false
nodaemon = true
pidfile=/var/run/supervisord.pid
[program:init]
startsecs=0
stopwaitsecs=55
command=/docker-entrypoint.sh setup
autorestart=false
autostart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
[program:rsyslog]
startsecs=0
stopwaitsecs=55
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/rsyslogd -n
[program:cron]
startsecs=0
stopwaitsecs=55
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/cron -f
[program:amavis]
startsecs=0
stopwaitsecs=55
autostart=true
autorestart=true
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/sbin/amavisd-new foreground
[program:dovecot]
startsecs=0
stopwaitsecs=55
command=/usr/sbin/dovecot -F -c /etc/dovecot/dovecot.conf
autorestart=true
autostart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
[program:postfix]
startsecs=0
stopwaitsecs=55
#command=/usr/lib/postfix/sbin/master -vv -c /etc/postfix -d
#command=postfix -vv -c /etc/postfix start-fg
command=/bin/postfix.sh
autorestart=true
autostart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
[program:spamassassin]
#directory=/etc/dovecot
command=spamd --username debian-spamd --nouser-config --syslog stderr --pidfile /var/run/spamd.pid --helper-home-dir /var/lib/spamassassin --ip-address --allowed-ips 0.0.0.0/0
autorestart=false
autostart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log

1
test/.env Executable file
View File

@ -0,0 +1 @@
COMPOSE_PROJECT_NAME=mail

36
test/config.inc.php Normal file
View File

@ -0,0 +1,36 @@
<?php
$config['plugins'] = array(
'fetchmail',
'contextmenu'
);
$config['log_driver'] = 'stdout';
$config['zipdownload_selection'] = true;
$config['des_key'] = '2A9UVzfF6nsNucrunVIQ+AL/';
include(__DIR__ . '/config.docker.inc.php');
$config['imap_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
'peer_name' => 'localhost',
)
);
$config['smtp_conn_options'] = array(
'ssl' => array(
'verify_peer' => false,
'allow_self_signed' => true,
'peer_name' => 'localhost',
),
);
$config['layout'] = 'list';
$config['managesieve_host'] = 'tls://mail';
$config['managesieve_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'allow_self_signed' => true,
'peer_name' => 'localhost',
),
);

192
test/docker-compose.yml Executable file
View File

@ -0,0 +1,192 @@
#
# upgrade: docker-compose run --rm sentry upgrade
#
version: '2.2'
services:
openldap:
image: osixia/openldap:1.5.0
container_name: openldap
domainname: "example.org" # important: same as hostname
hostname: "example.org"
restart: unless-stopped
cpus: 2
mem_limit: 100MB
environment:
LDAP_LOG_LEVEL: "256"
LDAP_ORGANISATION: "Example"
LDAP_DOMAIN: "example.org"
LDAP_BASE_DN: ""
LDAP_ADMIN_PASSWORD: "admin"
LDAP_CONFIG_PASSWORD: "config"
LDAP_READONLY_USER: "false"
LDAP_READONLY_USER_USERNAME: "readonly"
LDAP_READONLY_USER_PASSWORD: "readonly"
LDAP_RFC2307BIS_SCHEMA: "false"
LDAP_BACKEND: "mdb"
LDAP_TLS: "true"
LDAP_TLS_CRT_FILENAME: "ldap.crt"
LDAP_TLS_KEY_FILENAME: "ldap.key"
LDAP_TLS_CA_CRT_FILENAME: "ca.crt"
LDAP_TLS_ENFORCE: "false"
LDAP_TLS_CIPHER_SUITE: "SECURE256:-VERS-SSL3.0"
LDAP_TLS_PROTOCOL_MIN: "3.1"
LDAP_TLS_VERIFY_CLIENT: "demand"
LDAP_REPLICATION: "false"
#LDAP_REPLICATION_CONFIG_SYNCPROV: "binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical"
#LDAP_REPLICATION_DB_SYNCPROV: "binddn="cn=admin,$LDAP_BASE_DN" bindmethod=simple credentials=$LDAP_ADMIN_PASSWORD searchbase="$LDAP_BASE_DN" type=refreshAndPersist interval=00:00:00:10 retry="60 +" timeout=1 starttls=critical"
#docker-compose.ymlLDAP_REPLICATION_HOSTS: "#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']"
KEEP_EXISTING_CONFIG: "false"
LDAP_REMOVE_CONFIG_AFTER_SETUP: "false"
LDAP_SSL_HELPER_PREFIX: "ldap"
tty: true
stdin_open: true
volumes:
- ldap_data:/var/lib/ldap
- ldap_config:/etc/ldap/slapd.d
- ldap_certs:/container/service/slapd/assets/certs/
- ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom/
expose:
- 389
- 636
networks:
- default
phpldapadmin:
image: osixia/phpldapadmin:latest
container_name: phpldapadmin
depends_on:
- openldap
restart: unless-stopped
cpus: 2
mem_limit: 100MB
environment:
PHPLDAPADMIN_LDAP_HOSTS: openldap
PHPLDAPADMIN_HTTPS: "false"
ports:
- "127.0.0.1:8080:80"
networks:
- default
mail:
image: test/mail:latest
container_name: mail
depends_on:
- openldap
links:
- mysql
build:
context: .
dockerfile: dockerfile
restart: unless-stopped
cpus: 2
mem_limit: 512MB
hostname: mail.nofusscomputing.com
volumes:
- mail_store:/srv/mail:rw
- mail_ssl:/ssl
- sa_learn:/var/spool/spamassassin
- mail_backup:/backup
- mail_log:/var/log
ports:
# SMTP
- '25:25'
# IMAP
- "993:993"
# Submission
- "587:587"
# ManageSieve
- "4190:4190"
environment:
POST_MASTER_EMAIL: postmaster@example.org
USE_FETCHMAIL_PL: "true"
networks:
- default
mysql:
image: mysql:5.7
container_name: mysql
restart: unless-stopped
cpus: 2
mem_limit: 350MB
volumes:
- mysql_data:/var/lib/mysql
expose:
- 5432
- 3306
environment:
- MYSQL_ROOT_PASSWORD=admin
- MYSQL_DATABASE=roundcube
- MYSQL_USER=roundcube
- MYSQL_PASSWORD=roundcube
roundcube:
image: roundcube/roundcubemail:1.5.x-fpm-alpine
container_name: roundcube
restart: unless-stopped
cpus: 2
mem_limit: 100MB
depends_on:
- mysql
- mail
links:
- mysql
expose:
- 9000
volumes:
- roundcube_www:/var/www/html
- ./config.inc.php:/var/www/html/config/config.inc.php:ro
environment:
- ROUNDCUBEMAIL_DB_TYPE=mysql
- ROUNDCUBEMAIL_DB_HOST=mysql
- ROUNDCUBEMAIL_DB_NAME=roundcube
- ROUNDCUBEMAIL_DB_USER=roundcube
- ROUNDCUBEMAIL_DB_PASSWORD=roundcube
- ROUNDCUBEMAIL_SKIN=larry
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail
- ROUNDCUBEMAIL_SMTP_SERVER=tls://mail
- ROUNDCUBEMAIL_PLUGINS=acl,additional_message_headers,managesieve,show_additional_headers
nginx:
image: nginx:1.21-alpine
container_name: nginx
restart: unless-stopped
cpus: 2
mem_limit: 100MB
ports:
- 80:80
# If you need SSL connection
# - '443:443'
depends_on:
- roundcube
links:
- roundcube
volumes:
- roundcube_www:/var/www/html
- ./nginx/templates:/etc/nginx/templates
- ngnix_log:/var/log
# Provide a custom nginx conf
# - ./nginx/nginx.conf:/etc/nginx/nginx.conf:ro
# If you need SSL connection, you can provide your own certificates
# - ./certs:/etc/letsencrypt
# - ./certs-data:/data/letsencrypt
environment:
- NGINX_HOST=localhost # set your local domain or your live domain
- NGINX_PHP_CGI=roundcube:9000 # same as roundcubemail container name
volumes:
ldap_data:
ldap_config:
ldap_certs:
mail_store:
mail_ssl:
clamav_db:
sa_learn:
mail_backup:
mail_log:
mysql_data:
roundcube_www:
nginx_www:
ngnix_log:

111
test/ldif/example.org.ldif Executable file
View File

@ -0,0 +1,111 @@
# LDIF Export for dc=example,dc=org
# Server: openldap (openldap)
# Search Scope: sub
# Search Filter: (objectClass=*)
# Total Entries: 8
#
# Generated by phpLDAPadmin (http://phpldapadmin.sourceforge.net) on August 2, 2021 1:20 am
# Version: 1.2.5
version: 1
# Entry 2: ou=Groups,dc=example,dc=org
dn: ou=Groups,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: Groups
# Entry 3: cn=posix group 1,ou=Groups,dc=example,dc=org
dn: cn=posix group 1,ou=Groups,dc=example,dc=org
cn: posix group 1
gidnumber: 500
memberuid: posix.user1
memberuid: posix.user2
objectclass: posixGroup
objectclass: top
# Entry 4: cn=posix group 2,ou=Groups,dc=example,dc=org
dn: cn=posix group 2,ou=Groups,dc=example,dc=org
cn: posix group 2
gidnumber: 501
memberuid: posix.user1
objectclass: posixGroup
objectclass: top
# Entry 5: cn=posix group 3,ou=Groups,dc=example,dc=org
dn: cn=posix group 3,ou=Groups,dc=example,dc=org
cn: posix group 3
gidnumber: 502
memberuid: posix.user2
objectclass: posixGroup
objectclass: top
# Entry 6: ou=Users,dc=example,dc=org
dn: ou=Users,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: Users
# Entry 7: cn=posix user1,ou=Users,dc=example,dc=org
dn: cn=posix user1,ou=Users,dc=example,dc=org
cn: posix user1
gidnumber: 500
givenname: posix
homedirectory: /home/users/posix.user1
mail: test@example.org
mailalias: test1@example.org
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
objectclass: PostfixBookMailAccount
sn: user1
uid: posix.user1
uidnumber: 1000
userpassword: {MD5}fGoYCzaJagqMAnh+6vsOTA==
# Entry 8: cn=posix user2,ou=Users,dc=example,dc=org
dn: cn=posix user2,ou=Users,dc=example,dc=org
cn: posix user2
gidnumber: 500
givenname: posix
homedirectory: /home/users/posix.user2
mail: posix.user2@example.org
objectclass: inetOrgPerson
objectclass: posixAccount
objectclass: top
sn: user2
uid: posix.user2
uidnumber: 1001
userpassword: {MD5}bLdfZSqbUnmOts8iAQV8cw==
# Entry 1: ou=mail,dc=example,dc=org
dn: ou=mail,dc=example,dc=org
objectclass: organizationalUnit
objectclass: top
ou: mail
# Entry 2: dc=example.org,ou=mail,dc=example,dc=org
dn: dc=example.org,ou=mail,dc=example,dc=org
dc: example.org
objectclass: dNSDomain
objectclass: top
# Entry 1: cn=support,ou=Groups,dc=example,dc=org
dn: cn=support,ou=Groups,dc=example,dc=org
cn: support
gidnumber: 503
mail: support@example.org
memberuid: posix.user1
objectclass: posixGroup
objectclass: top
objectclass: PostfixBookMailAccount

18
test/nginx/templates/default.conf.template Executable file
View File

@ -0,0 +1,18 @@
server {
index index.php index.html;
server_name php-docker.local;
error_log /var/log/nginx/error.log;
access_log /var/log/nginx/access-roundcube.log;
root /var/www/html;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass ${NGINX_PHP_CGI};
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
}