[DOCKER][MAIL] Fixed small bugs in config and scripts

This commit is contained in:
Pastilhas 2020-11-02 16:40:20 +00:00 committed by Hugo Sales
parent c2e6e3706f
commit 11dbbef351
Signed by: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
4 changed files with 31 additions and 14 deletions

View File

@ -1,8 +1,8 @@
protocols = imap pop3 lmtp protocols = imap pop3 lmtp
ssl = yes ssl = yes
ssl_cert = </etc/ssl/mailcerts/mail.crt ssl_cert = </etc/ssl/mail.crt
ssl_key = </etc/ssl/mailcerts/mail.key ssl_key = </etc/ssl/mail.key
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
listen = *, :: listen = *, ::
@ -11,28 +11,32 @@ dict {
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
} }
disable_plaintext_auth = yes disable_plaintext_auth = no
auth_mechanisms = plain login auth_mechanisms = plain login
mail_access_groups = vmail mail_access_groups = vmail
default_login_user = vmail default_login_user = vmail
first_valid_uid = 2222 first_valid_uid = 2222
first_valid_gid = 2222 first_valid_gid = 2222
mail_location = maildir:/var/mail/%d/%n mail_location = maildir:/var/mail/%d/%n
auth_verbose_passwords = sha1
auth_debug = yes
passdb { passdb {
driver = passwd-file driver = passwd-file
args = scheme=SHA1 /etc/mail/passwd args = scheme=SHA512-CRYPT /etc/mail/passwd
} }
userdb { userdb {
driver = static driver = static
args = uid=2222 gid=2222 home=/var/mail/%d/%n allow_all_users=yes args = uid=2222 gid=2222 home=/var/mail/%d/%n allow_all_users=yes
auth_verbose = yes
} }
service auth { service auth {
unix_listener auth-client { unix_listener auth-client {
user = postfix
group = postfix group = postfix
mode = 0660 mode = 0660
user = postfix
} }
user = root user = root
} }
@ -51,6 +55,19 @@ protocol imap {
mail_max_userip_connections = 30 mail_max_userip_connections = 30
} }
service stats {
unix_listener stats-reader {
user = vmail
group = vmail
mode = 0660
}
unix_listener stats-writer {
user = vmail
group = vmail
mode = 0660
}
}
!include_try conf.d/*.conf !include_try conf.d/*.conf
!include_try local.conf !include_try local.conf

View File

@ -64,8 +64,8 @@ smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes broken_sasl_auth_clients = yes
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/ssl/mailcerts/mail.key smtpd_tls_key_file = /etc/ssl/mail.key
smtpd_tls_cert_file = /etc/ssl/mailcerts/mail_chained.crt smtpd_tls_cert_file = /etc/ssl/mail.crt
smtpd_tls_loglevel = 1 smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache

View File

@ -7,8 +7,8 @@ then
exit 1; exit 1;
fi fi
DOMAINPART=$(echo $1 | sed -e "s/^.*\@//") DOMAINPART=$(echo "$1" | sed -e "s/^.*\@//")
USERPART=$(echo $1 | sed -e "s/\@.*$//") USERPART=$(echo "$1" | sed -e "s/\@.*$//")
if ! grep -q "^$DOMAINPART" /etc/mail/domains if ! grep -q "^$DOMAINPART" /etc/mail/domains
then then
@ -16,7 +16,7 @@ then
exit 1 exit 1
fi fi
PASSHASH=$(doveadm pw -s SHA512-CRYPT) PASSHASH=$(doveadm pw -s SHA512-CRYPT -p "$2")
/usr/bin/new-alias.sh "$1" "$1" /usr/bin/new-alias.sh "$1" "$1"
echo "$1 $DOMAINPART/$USERPART/" >> /etc/mail/mailboxes echo "$1 $DOMAINPART/$USERPART/" >> /etc/mail/mailboxes

View File

@ -19,11 +19,11 @@ sed -i -e "s/#HOSTNAME/$MAILNAME/" /etc/opendkim/TrustedHosts
if [ ! -e /etc/ssl/.ssl-generated ] if [ ! -e /etc/ssl/.ssl-generated ]
then then
openssl genrsa -des3 -passout pass:asdf -out /etc/ssl/mail.pass.key 2048 && \ openssl genrsa -des3 -passout pass:asdf -out /etc/ssl/mail.pass.key 2048 && \
openssl rsa -passin pass:asdf -in /etc/ssl/mail.pass.key -out /etc/ssl/mail.key openssl rsa -passin pass:asdf -in /etc/ssl/mail.pass.key -out "$SSL_KEY"
rm /etc/ssl/mail.pass.key rm /etc/ssl/mail.pass.key
openssl req -new -key /etc/ssl/mail.key -out /etc/ssl/mail.csr \ openssl req -new -key "$SSL_KEY" -out /etc/ssl/mail.csr \
-subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAIL_HOSTNAME_FQDN" -subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAILNAME"
openssl x509 -req -days 365 -in /etc/ssl/mail.csr -signkey /etc/ssl/mail.key -out /etc/ssl/mail.crt openssl x509 -req -days 365 -in /etc/ssl/mail.csr -signkey "$SSL_KEY" -out "$SSL_CERT"
echo "Do not remove this file." >> /etc/ssl/.ssl-generated echo "Do not remove this file." >> /etc/ssl/.ssl-generated
fi fi