[DOCKER][MAIL] Fixed small bugs in config and scripts

2020-11-02 16:40:20 +00:00 · 2020-11-02 16:40:20 +00:00 · 11dbbef351
parent c2e6e3706f
commit 11dbbef351
4 changed files with 31 additions and 14 deletions
--- a/docker/mail/rootfs/etc/dovecot/dovecot.conf
+++ b/docker/mail/rootfs/etc/dovecot/dovecot.conf
@ -1,8 +1,8 @@
 protocols = imap pop3 lmtp
 ssl = yes
-ssl_cert = </etc/ssl/mailcerts/mail.crt
+ssl_cert = </etc/ssl/mail.crt
-ssl_key = </etc/ssl/mailcerts/mail.key 
+ssl_key = </etc/ssl/mail.key 
 ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
 listen = *, ::
@ -11,28 +11,32 @@ dict {
  #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
 }
-disable_plaintext_auth = yes
+disable_plaintext_auth = no
 auth_mechanisms = plain login
 mail_access_groups = vmail
 default_login_user = vmail
 first_valid_uid = 2222
 first_valid_gid = 2222
 mail_location = maildir:/var/mail/%d/%n
 auth_verbose_passwords = sha1
 auth_debug = yes
 passdb { 
 	driver = passwd-file
-	args = scheme=SHA1 /etc/mail/passwd
+	args = scheme=SHA512-CRYPT /etc/mail/passwd
 }
 userdb {
 	driver = static
 	args = uid=2222 gid=2222 home=/var/mail/%d/%n allow_all_users=yes
 	auth_verbose = yes
 }
 service auth {
 	unix_listener auth-client {
 		user = postfix
 		group = postfix
 		mode = 0660
 		user = postfix
 	}
 	user = root
 }
@ -51,6 +55,19 @@ protocol imap {
 	mail_max_userip_connections = 30
 }
 service stats {
    unix_listener stats-reader {
        user = vmail
        group = vmail
        mode = 0660
    }
    unix_listener stats-writer {
        user = vmail
        group = vmail
        mode = 0660
    }
 }
 !include_try conf.d/*.conf
 !include_try local.conf
--- a/docker/mail/rootfs/etc/postfix/main.cf
+++ b/docker/mail/rootfs/etc/postfix/main.cf
@ -64,8 +64,8 @@ smtpd_sasl_local_domain = $mydomain
 broken_sasl_auth_clients = yes
 smtpd_tls_security_level = may
-smtpd_tls_key_file = /etc/ssl/mailcerts/mail.key
+smtpd_tls_key_file = /etc/ssl/mail.key
-smtpd_tls_cert_file = /etc/ssl/mailcerts/mail_chained.crt
+smtpd_tls_cert_file = /etc/ssl/mail.crt
 smtpd_tls_loglevel = 1
 smtpd_tls_session_cache_timeout = 3600s
 smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
--- a/docker/mail/rootfs/usr/bin/new-user.sh
+++ b/docker/mail/rootfs/usr/bin/new-user.sh
@ -7,8 +7,8 @@ then
  exit 1;
 fi
-DOMAINPART=$(echo $1 | sed -e "s/^.*\@//")
+DOMAINPART=$(echo "$1" | sed -e "s/^.*\@//")
-USERPART=$(echo $1 | sed -e "s/\@.*$//")
+USERPART=$(echo "$1" | sed -e "s/\@.*$//")
 if ! grep -q "^$DOMAINPART" /etc/mail/domains 
 then
@ -16,7 +16,7 @@ then
 	exit 1
 fi
-PASSHASH=$(doveadm pw -s SHA512-CRYPT)
+PASSHASH=$(doveadm pw -s SHA512-CRYPT -p "$2")
 /usr/bin/new-alias.sh "$1" "$1"
 echo "$1  $DOMAINPART/$USERPART/" >> /etc/mail/mailboxes
--- a/docker/mail/rootfs/usr/bin/start.sh
+++ b/docker/mail/rootfs/usr/bin/start.sh
@ -19,11 +19,11 @@ sed -i -e "s/#HOSTNAME/$MAILNAME/" /etc/opendkim/TrustedHosts
 if [ ! -e /etc/ssl/.ssl-generated ]
 then
 	openssl genrsa -des3 -passout pass:asdf -out /etc/ssl/mail.pass.key 2048 && \
-	openssl rsa -passin pass:asdf -in /etc/ssl/mail.pass.key -out /etc/ssl/mail.key
+	openssl rsa -passin pass:asdf -in /etc/ssl/mail.pass.key -out "$SSL_KEY"
 	rm /etc/ssl/mail.pass.key
-	openssl req -new -key /etc/ssl/mail.key -out /etc/ssl/mail.csr \
+	openssl req -new -key "$SSL_KEY" -out /etc/ssl/mail.csr \
-	  -subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAIL_HOSTNAME_FQDN"
+	  -subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAILNAME"
-	openssl x509 -req -days 365 -in /etc/ssl/mail.csr -signkey /etc/ssl/mail.key -out /etc/ssl/mail.crt
+	openssl x509 -req -days 365 -in /etc/ssl/mail.csr -signkey "$SSL_KEY" -out "$SSL_CERT"
 	echo "Do not remove this file." >> /etc/ssl/.ssl-generated
 fi