eliseuamaro
/
gnu-social
forked from GNUsocial/gnu-social
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[DOCKER][MAIL] Removed unused config files and scripts 

Now user is created on setup and dockerfile
This commit is contained in:
Pastilhas 2020-11-22 21:45:43 +00:00 committed by Hugo Sales
parent 0518bc2c6b
commit 2c3599721e
Signed by untrusted user: someonewithpc
GPG Key ID: 7D0C7EAFC9D835A0
21 changed files with 46 additions and 878 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
docker/mail/Dockerfile
View File

@ -24,26 +24,29 @@ RUN \
# Setup folders and users
RUN \
groupadd -g 2222 vmail \
&& useradd -d /var/mail -M -s /usr/sbin/nologin -u 2222 -g 2222 vmail \
&& mkdir -p -m 751 "/var/mail/" \
&& mkdir -p -m 755 "/etc/mail/" \
&& useradd -d "/var/mail" -M -s "/usr/sbin/nologin" -u 2222 -g 2222 vmail \
&& usermod -aG vmail postfix \
&& usermod -aG vmail dovecot \
&& usermod -aG vmail opendkim\
&& mkdir -p -m 751 /var/mail/ \
&& mkdir -p -m 755 /etc/mail/ \
&& chown vmail:vmail /var/mail
&& chown vmail:vmail "/var/mail"
# Copy config files
COPY rootfs/ /
RUN \
touch /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd \
&& postmap /etc/mail/aliases && postmap /etc/mail/domains && postmap /etc/mail/mailboxes
chmod +x "/etc/service/postfix/run" \
&& chmod +x "/etc/service/dovecot/run" \
&& chmod +x "/etc/service/opendkim/run" \
&& chmod +x "/etc/service/rsyslog/run"
# Prepare user
RUN \
chmod +x /etc/service/postfix/run \
&& chmod +x /etc/service/dovecot/run \
&& chmod +x /etc/service/opendkim/run \
&& chmod +x /etc/service/rsyslog/run
mkdir -p "/var/mail/${DOMAINNAME}" \
&& mkdir -p "/var/mail/${DOMAINPART}/${USER@*}" \
&& chown vmail:vmail "/var/mail/${DOMAINNAME}" \
&& chown vmail:vmail "/var/mail/${DOMAINPART}/${USER@*}"
# Expose ports
EXPOSE 25 110 143 587 993 995

48
docker/mail/rootfs/etc/mail/dovecot/15-lda.conf
View File

@ -1,48 +0,0 @@
##
## LDA specific settings (also used by LMTP)
##
# Address to use when sending rejection mails.
# Default is postmaster@<your domain>. %d expands to recipient domain.
#postmaster_address =
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
# in LMTP replies. Default is the system's real hostname@domain.
#hostname =
# If user is over quota, return with temporary failure instead of
# bouncing the mail.
#quota_full_tempfail = no
# Binary to use for sending mails.
#sendmail_path = /usr/sbin/sendmail
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
#submission_host =
# Subject: header to use for rejection mails. You can use the same variables
# as for rejection_reason below.
#rejection_subject = Rejected: %s
# Human readable error message for rejection mails. You can use variables:
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
# Delimiter character between local-part and detail in email address.
#recipient_delimiter = +
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
# A commonly used header for this is X-Original-To.
#lda_original_recipient_header =
# Should saving a mail to a nonexistent mailbox automatically create it?
lda_mailbox_autocreate = yes
# Should automatically created mailboxes be also automatically subscribed?
#lda_mailbox_autosubscribe = no
protocol lda {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}

76
docker/mail/rootfs/etc/mail/dovecot/20-managesieve.conf
View File

@ -1,76 +0,0 @@
##
## ManageSieve specific settings
##
# Uncomment to enable managesieve protocol:
protocols = $protocols sieve
# Service definitions
service managesieve-login {
inet_listener sieve {
port = 4190
}
#inet_listener sieve_deprecated {
# port = 2000
#}
# Number of connections to handle before starting a new process. Typically
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
# is faster. <doc/wiki/LoginProcess.txt>
service_count = 1
# Number of processes to always keep waiting for more connections.
#process_min_avail = 0
# If you set service_count=0, you probably need to grow this.
#vsz_limit = 64M
}
service managesieve {
# Max. number of ManageSieve processes (connections)
process_limit = 1024
}
# Service configuration
protocol sieve {
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
# not involve overly long command lines, so this setting will not normally
# need adjustment
#managesieve_max_line_length = 65536
# Maximum number of ManageSieve connections allowed for a user from each IP
# address.
# NOTE: The username is compared case-sensitively.
#mail_max_userip_connections = 10
# Space separated list of plugins to load (none known to be useful so far).
# Do NOT try to load IMAP plugins here.
#mail_plugins =
# MANAGESIEVE logout format string:
# %i - total number of bytes read from client
# %o - total number of bytes sent to client
#managesieve_logout_format = bytes=%i/%o
# To fool ManageSieve clients that are focused on CMU's timesieved you can
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
# For example: 'Cyrus timsieved v2.2.13'
#managesieve_implementation_string = Dovecot Pigeonhole
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
# before login. If left unassigned these will be reported dynamically
# according to what the Sieve interpreter supports by default (after login
# this may differ depending on the user).
#managesieve_sieve_capability =
#managesieve_notify_capability =
# The maximum number of compile errors that are returned to the client upon
# script upload or script verification.
#managesieve_max_compile_errors = 5
# Refer to 90-sieve.conf for script quota configuration and configuration of
# Sieve execution limits.
}

44
docker/mail/rootfs/etc/mail/dovecot/90-sieve-extprograms.conf
View File

@ -1,44 +0,0 @@
# Sieve Extprograms plugin configuration
# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
# sieve_extensions or sieve_global_extensions settings. Restricting these
# extensions to a global context using sieve_global_extensions is recommended.
plugin {
# The directory where the program sockets are located for the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each unix socket contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_socket_dir = sieve-pipe
#sieve_filter_socket_dir = sieve-filter
#sieve_execute_socket_dir = sieve-execute
# The directory where the scripts are located for direct execution by the
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
# respectively. The name of each script contained in that directory
# directly maps to a program-name referenced from the Sieve script.
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
}
# An example program service called 'do-something' to pipe messages to
#service do-something {
# Define the executed script as parameter to the sieve service
#executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
# Use some unprivileged user for executing the program
#user = dovenull
# The unix socket located in the sieve_pipe_socket_dir (as defined in the
# plugin {} section above)
#unix_listener sieve-pipe/do-something {
# LDA/LMTP must have access
# user = vmail
# mode = 0600
#}
#}

105
docker/mail/rootfs/etc/mail/dovecot/90-sieve.conf
View File

@ -1,105 +0,0 @@
##
## Settings for the Sieve interpreter
##
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
# by adding it to the respective mail_plugins= settings.
plugin {
# The path to the user's main active script. If ManageSieve is used, this the
# location of the symbolic link controlled by ManageSieve.
sieve = ~/.dovecot.sieve
# The default Sieve script when the user has none. This is a path to a global
# sieve script file, which gets executed ONLY if user's private Sieve script
# doesn't exist. Be sure to pre-compile this script manually using the sievec
# command line tool.
# --> See sieve_before fore executing scripts before the user's personal
# script.
#sieve_default = /var/lib/dovecot/sieve/default.sieve
# Directory for :personal include scripts for the include extension. This
# is also where the ManageSieve service stores the user's scripts.
sieve_dir = ~/sieve
# Directory for :global include scripts for the include extension.
#sieve_global_dir =
# Path to a script file or a directory containing script files that need to be
# executed before the user's script. If the path points to a directory, all
# the Sieve scripts contained therein (with the proper .sieve extension) are
# executed. The order of execution within a directory is determined by the
# file names, using a normal 8bit per-character comparison. Multiple script
# file or directory paths can be specified by appending an increasing number.
#sieve_before =
#sieve_before2 =
#sieve_before3 = (etc...)
# Identical to sieve_before, only the specified scripts are executed after the
# user's script (only when keep is still in effect!). Multiple script file or
# directory paths can be specified by appending an increasing number.
#sieve_after =
#sieve_after2 =
#sieve_after2 = (etc...)
# Which Sieve language extensions are available to users. By default, all
# supported extensions are available, except for deprecated extensions or
# those that are still under development. Some system administrators may want
# to disable certain Sieve extensions or enable those that are not available
# by default. This setting can use '+' and '-' to specify differences relative
# to the default. For example `sieve_extensions = +imapflags' will enable the
# deprecated imapflags extension in addition to all extensions were already
# enabled by default.
#sieve_extensions = +notify +imapflags
# Which Sieve language extensions are ONLY available in global scripts. This
# can be used to restrict the use of certain Sieve extensions to administrator
# control, for instance when these extensions can cause security concerns.
# This setting has higher precedence than the `sieve_extensions' setting
# (above), meaning that the extensions enabled with this setting are never
# available to the user's personal script no matter what is specified for the
# `sieve_extensions' setting. The syntax of this setting is similar to the
# `sieve_extensions' setting, with the difference that extensions are
# enabled or disabled for exclusive use in global scripts. Currently, no
# extensions are marked as such by default.
#sieve_global_extensions =
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
# setting, the used plugins can be specified. Check the Dovecot wiki
# (wiki2.dovecot.org) or the pigeonhole website
# (http://pigeonhole.dovecot.org) for available plugins.
# The sieve_extprograms plugin is included in this release.
#sieve_plugins =
# The separator that is expected between the :user and :detail
# address parts introduced by the subaddress extension. This may
# also be a sequence of characters (e.g. '--'). The current
# implementation looks for the separator from the left of the
# localpart and uses the first one encountered. The :user part is
# left of the separator and the :detail part is right. This setting
# is also used by Dovecot's LMTP service.
#recipient_delimiter = +
# The maximum size of a Sieve script. The compiler will refuse to compile any
# script larger than this limit. If set to 0, no limit on the script size is
# enforced.
#sieve_max_script_size = 1M
# The maximum number of actions that can be performed during a single script
# execution. If set to 0, no limit on the total number of actions is enforced.
#sieve_max_actions = 32
# The maximum number of redirect actions that can be performed during a single
# script execution. If set to 0, no redirect actions are allowed.
#sieve_max_redirects = 4
# The maximum number of personal Sieve scripts a single user can have. If set
# to 0, no limit on the number of scripts is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_scripts = 0
# The maximum amount of disk storage a single user's scripts may occupy. If
# set to 0, no limit on the used amount of disk storage is enforced.
# (Currently only relevant for ManageSieve)
#sieve_quota_max_storage = 0
}

73
docker/mail/rootfs/etc/mail/dovecot/dovecot.conf
View File

@ -1,73 +0,0 @@
protocols = imap pop3 lmtp
ssl = yes
ssl_cert = </etc/ssl/mail.crt
ssl_key = </etc/ssl/mail.key
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
listen = *, ::
dict {
#quota = mysql:/etc/mail/dovecot/dovecot-dict-sql.conf.ext
#expire = sqlite:/etc/mail/dovecot/dovecot-dict-sql.conf.ext
}
disable_plaintext_auth = no
auth_mechanisms = plain login
mail_access_groups = vmail
default_login_user = vmail
first_valid_uid = 2222
first_valid_gid = 2222
mail_location = maildir:/var/mail/%d/%n
auth_verbose_passwords = sha1
auth_debug = yes
passdb {
driver = passwd-file
args = scheme=SHA512-CRYPT /etc/mail/passwd
}
userdb {
driver = static
args = uid=2222 gid=2222 home=/var/mail/%d/%n allow_all_users=yes
auth_verbose = yes
}
service auth {
unix_listener auth-client {
user = postfix
group = postfix
mode = 0660
}
user = root
}
service imap-login {
process_min_avail = 1
user = vmail
}
protocol lmtp {
postmaster_address = %POSTMASTER_ADDRESS%
mail_plugins = $mail_plugins sieve
}
protocol imap {
mail_max_userip_connections = 30
}
service stats {
unix_listener stats-reader {
user = vmail
group = vmail
mode = 0660
}
unix_listener stats-writer {
user = vmail
group = vmail
mode = 0660
}
}
!include_try conf.d/*.conf
!include_try local.conf

10
docker/mail/rootfs/etc/mail/opendkim/TrustedHosts
View File

@ -1,10 +0,0 @@
# OPENDKIM TRUSTED HOSTS
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
# option in /etc/mail/opendkim.conf then restart OpenDKIM. Additional hosts
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
# The localhost IP (127.0.0.1) should always be the first entry in this file.
127.0.0.1
::1
172.17.0.0/16
fe80::/64
#HOSTNAME

128
docker/mail/rootfs/etc/mail/opendkim/opendkim.conf
View File

@ -1,128 +0,0 @@
## BASIC OPENDKIM CONFIGURATION FILE
## See opendkim.conf(5) or /usr/share/doc/opendkim/opendkim.conf.sample for more
## BEFORE running OpenDKIM you must:
## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM
## - generate keys for your domain (if signing)
## - edit your DNS records to publish your public keys (if signing)
## See /usr/share/doc/opendkim/INSTALL for detailed instructions.
## DEPRECATED CONFIGURATION OPTIONS
##
## The following configuration options are no longer valid. They should be
## removed from your existing configuration file to prevent potential issues.
## Failure to do so may result in opendkim being unable to start.
##
## Removed in 2.10.0:
## AddAllSignatureResults
## ADSPAction
## ADSPNoSuchDomain
## BogusPolicy
## DisableADSP
## LDAPSoftStart
## LocalADSP
## NoDiscardableMailTo
## On-PolicyError
## SendADSPReports
## UnprotectedPolicy
## CONFIGURATION OPTIONS
## Specifies the path to the process ID file.
PidFile /var/run/opendkim/opendkim.pid
## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
## messages.
Mode s
## Log activity to the system log.
Syslog yes
## Log additional entries indicating successful signing or verification of messages.
SyslogSuccess yes
## If logging is enabled, include detailed logging about why or why not a message was
## signed or verified. This causes an increase in the amount of log data generated
## for each message, so set this to No (or comment it out) if it gets too noisy.
LogWhy yes
## Attempt to become the specified user before starting operations.
UserID opendkim:opendkim
## Create a socket through which your MTA can communicate.
Socket inet:8891@localhost
## Required to use local socket with MTAs that access the socket as a non-
## privileged user (e.g. Postfix)
Umask 002
## This specifies a text file in which to store DKIM transaction statistics.
## OpenDKIM must be manually compiled with --enable-stats to enable this feature.
# Statistics /var/spool/opendkim/stats.dat
## Specifies whether or not the filter should generate report mail back
## to senders when verification fails and an address for such a purpose
## is provided. See opendkim.conf(5) for details.
# SendReports yes
## Specifies the sending address to be used on From: headers of outgoing
## failure reports. By default, the e-mail address of the user executing
## the filter is used (executing_user@hostname).
# ReportAddress "Example.com Postmaster" <postmaster@example.com>
## Add a DKIM-Filter header field to messages passing through this filter
## to identify messages it has processed.
SoftwareHeader yes
## SIGNING OPTIONS
## Selects the canonicalization method(s) to be used when signing messages.
Canonicalization relaxed/simple
## Domain(s) whose mail should be signed by this filter. Mail from other domains will
## be verified rather than being signed. Uncomment and use your domain name.
## This parameter is not required if a SigningTable is in use.
Domain file:/etc/mail/domains
## Defines the name of the selector to be used when signing messages.
Selector default
## Specifies the minimum number of key bits for acceptable keys and signatures.
MinimumKeyBits 1024
## Gives the location of a private key to be used for signing ALL messages. This
## directive is ignored if KeyTable is enabled.
KeyFile /var/opendkim/keys/default.private
## Gives the location of a file mapping key names to signing keys. In simple terms,
## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
## directive in the configuration file. Requires SigningTable be enabled.
# KeyTable /etc/mail/opendkim/KeyTable
## Defines a table used to select one or more signatures to apply to a message based
## on the address found in the From: header field. In simple terms, this tells
## OpenDKIM how to use your keys. Requires KeyTable be enabled.
# SigningTable refile:/etc/mail/opendkim/SigningTable
## Identifies a set of "external" hosts that may send mail through the server as one
## of the signing domains without credentials as such.
# ExternalIgnoreList refile:/etc/mail/opendkim/TrustedHosts
## Identifies a set "internal" hosts whose mail should be signed rather than verified.
InternalHosts refile:/etc/mail/opendkim/TrustedHosts
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
## whose mail should be neither signed nor verified by this filter. See man
## page for file format.
# PeerList X.X.X.X
## Always oversign From (sign using actual From and a null From to prevent
## malicious signatures header fields (From and/or others) between the signer
## and the verifier. From is oversigned by default in the Fedora package
## because it is often the identity key used by reputation systems and thus
## somewhat security sensitive.
OversignHeaders From

77
docker/mail/rootfs/etc/mail/postfix/main.cf
View File

@ -1,77 +0,0 @@
## STANDARD POSTFIX CONFIG PARAMS ###
queue_directory = /var/spool/postfix
command_directory = /usr/sbin
daemon_directory = /usr/lib/postfix/sbin
data_directory = /var/lib/postfix
mail_owner = postfix
myhostname = %MAIL_HOSTNAME%
mydomain = %MAIL_HOSTNAME_FQDN%
myorigin = $myhostname
inet_interfaces = all
inet_protocols = all
mydestination = $myhostname, localhost.$mydomain, localhost
unknown_local_recipient_reject_code = 550
mynetworks = 127.0.0.0/8, [::1]/128
alias_maps = hash:/etc/mail/postfix/aliases
mailbox_command = /usr/lib/dovecot/deliver
debug_peer_level = 2
debugger_command =
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
sendmail_path = /usr/sbin/sendmail.postfix
newaliases_path = /usr/bin/newaliases.postfix
mailq_path = /usr/bin/mailq.postfix
setgid_group = postdrop
html_directory = no
manpage_directory = /usr/share/man
sample_directory = /usr/share/doc/postfix-2.10.1/samples
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtp_tls_protocols = !SSLv2
smtp_tls_exclude_ciphers = EXPORT, LOW
### VIRTUAL MAIL CONFIG PARAMS ###
relay_domains = *
virtual_alias_maps = hash:/etc/mail/aliases
virtual_mailbox_domains = hash:/etc/mail/domains
virtual_mailbox_maps = hash:/etc/mail/mailboxes
virtual_mailbox_base = /var/mail
virtual_minimum_uid = 2222
virtual_transport = dovecot
virtual_uid_maps = static:2222
virtual_gid_maps = static:2222
dovecot_destination_recipient_limit = 1
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = /var/run/dovecot/auth-client
smtpd_sasl_security_options = noanonymous
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
smtpd_sasl_local_domain = $mydomain
broken_sasl_auth_clients = yes
smtpd_tls_security_level = may
smtpd_tls_key_file = /etc/ssl/mail.key
smtpd_tls_cert_file = /etc/ssl/mail.crt
smtpd_tls_loglevel = 1
smtpd_tls_session_cache_timeout = 3600s
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
smtpd_tls_protocols = $smtp_tls_protocols
tls_random_source = dev:/dev/urandom
tls_random_exchange_name = /var/lib/postfix/prng_exch
smtpd_tls_auth_only = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination

126
docker/mail/rootfs/etc/mail/postfix/master.cf
View File

@ -1,126 +0,0 @@
#
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
#
# Do not forget to execute "postfix reload" after editing this file.
#
# ==========================================================================
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# ==========================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
submission inet n - n - - smtpd
# -o syslog_name=postfix/submission
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_reject_unlisted_recipient=no
# -o smtpd_client_restrictions=$mua_client_restrictions
# -o smtpd_helo_restrictions=$mua_helo_restrictions
# -o smtpd_sender_restrictions=$mua_sender_restrictions
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
smtps inet n - n - - smtpd
-o syslog_name=postfix/smtps
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_reject_unlisted_recipient=no
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
#qmgr unix n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# maildrop. See the Postfix MAILDROP_README file for details.
# Also specify in main.cf: maildrop_destination_recipient_limit=1
#
#maildrop unix - n n - - pipe
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
#
# ====================================================================
#
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
#
# Specify in cyrus.conf:
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
#
# Specify in main.cf one or more of the following:
# mailbox_transport = lmtp:inet:localhost
# virtual_transport = lmtp:inet:localhost
#
# ====================================================================
#
# Cyrus 2.1.5 (Amos Gouaux)
# Also specify in main.cf: cyrus_destination_recipient_limit=1
#
#cyrus unix - n n - - pipe
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
#
# ====================================================================
#
# Old example of delivery via Cyrus.
#
#old-cyrus unix - n n - - pipe
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
#
# ====================================================================
#
# See the Postfix UUCP_README file for configuration details.
#
#uucp unix - n n - - pipe
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
#
# ====================================================================
#
# Other external delivery methods.
#
#ifmail unix - n n - - pipe
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
#
#bsmtp unix - n n - - pipe
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
#
#scalemail-backend unix - n n - 2 pipe
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
# ${nexthop} ${user} ${extension}
#
#mailman unix - n n - - pipe
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
# ${nexthop} ${user}
dovecot unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}

91
docker/mail/rootfs/etc/mail/rsyslogd/rsyslog.conf
View File

@ -1,91 +0,0 @@
# rsyslog configuration file
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
#### MODULES ####
# The imjournal module bellow is now used as a message source instead of imuxsock.
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
#$ModLoad imjournal # provides access to the systemd journal
#$ModLoad imklog # reads kernel messages (the same are read from journald)
#$ModLoad immark # provides --MARK-- message capability
# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# Provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
#### GLOBAL DIRECTIVES ####
# Where to place auxiliary files
#$WorkDirectory /var/lib/rsyslog
# Use default timestamp format
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
# File syncing capability is disabled by default. This feature is usually not required,
# not useful and an extreme performance hit
#$ActionFileEnableSync on
# Include all config files in /etc/mail/rsyslog.d/
$IncludeConfig /etc/mail/rsyslog.d/*.conf
# Turn off message reception via local log socket;
# local messages are retrieved through imjournal now.
$OmitLocalLogging off
# File to store the position in the journal
# $IMJournalStateFile imjournal.state
#### RULES ####
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
# ### begin forwarding rule ###
# The statement between the begin ... end define a SINGLE forwarding
# rule. They belong together, do NOT split them. If you create multiple
# forwarding rules, duplicate the whole block!
# Remote Logging (we use TCP for reliable delivery)
#
# An on-disk queue is created for this action. If the remote host is
# down, messages are spooled to disk and sent when it is up again.
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
#$ActionQueueType LinkedList # run asynchronously
#$ActionResumeRetryCount -1 # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
#*.* @@remote-host:514
# ### end of the forwarding rule ###

2
docker/mail/rootfs/etc/service/dovecot/run
View File

@ -1,6 +1,6 @@
#!/bin/sh
PID=$(pgrep dovecot)
if [ -z $PID ]
if [ -z ${PID} ]
then
exec /usr/sbin/dovecot -c /etc/mail/dovecot/dovecot.conf
fi

2
docker/mail/rootfs/etc/service/opendkim/run
View File

@ -1,6 +1,6 @@
#!/bin/sh
PID=$(pgrep opendkim)
if [ -z $PID ]
if [ -z ${PID} ]
then
exec /usr/sbin/opendkim -x /etc/mail/opendkim/opendkim.conf
fi

2
docker/mail/rootfs/etc/service/postfix/run
View File

@ -1,6 +1,6 @@
#!/bin/sh
PID=$(pgrep master)
if [ -z $PID ]
if [ -z ${PID} ]
then
exec /usr/sbin/postfix start -c /etc/mail/postfix
fi

2
docker/mail/rootfs/etc/service/rsyslog/run
View File

@ -1,6 +1,6 @@
#!/bin/sh
PID=$(pgrep rsyslog)
if [ -z $PID ]
if [ -z ${PID} ]
then
exec /usr/sbin/rsyslogd -f /etc/mail/rsyslogd/rsyslog.conf
fi

22
docker/mail/rootfs/usr/bin/new-alias.sh
View File

@ -1,22 +0,0 @@
#!/bin/sh
USAGE="Usage: $0 ALIAS TARGET";
if [ -z "$2" ]
then
echo "$USAGE";
exit 1;
fi
DOMAINPART=$(echo $1 | sed -e "s/^.*\@//")
if ! grep -q "^$DOMAINPART" /etc/mail/domains
then
echo "This server is not responsible for the domain of this alias."
exit 1
fi
echo "$1 $2" >> /etc/mail/aliases
postmap /etc/mail/aliases
postfix reload
echo "Alias added."

16
docker/mail/rootfs/usr/bin/new-domain.sh
View File

@ -1,16 +0,0 @@
#!/bin/sh
USAGE="Usage: $0 DOMAIN";
if [ -z "$1" ]
then
echo "$USAGE";
exit 1;
fi
echo "$1 #OK" >> /etc/mail/domains
postmap /etc/mail/domains
mkdir "/var/mail/$1"
chown vmail:vmail "/var/mail/$1"
postfix reload
echo "Domain added."

30
docker/mail/rootfs/usr/bin/new-user.sh
View File

@ -1,30 +0,0 @@
#!/bin/sh
USAGE="Usage: $0 EMAIL PASSWORD";
if [ -z "$2" ]
then
echo "$USAGE";
exit 1;
fi
DOMAINPART=$(echo "$1" | sed -e "s/^.*\@//")
USERPART=$(echo "$1" | sed -e "s/\@.*$//")
if ! grep -q "^$DOMAINPART" /etc/mail/domains
then
echo "This server is not responsible for the domain of this user."
exit 1
fi
PASSHASH=$(doveadm pw -s SHA512-CRYPT -p "$2")
/usr/bin/new-alias.sh "$1" "$1"
echo "$1 $DOMAINPART/$USERPART/" >> /etc/mail/mailboxes
postmap /etc/mail/mailboxes
echo "$1:$PASSHASH" >> /etc/mail/passwd
mkdir "/var/mail/$DOMAINPART/$USERPART"
chown vmail:vmail "/var/mail/$DOMAINPART/$USERPART"
postfix reload
dovecot reload
echo "User added"

8
docker/mail/rootfs/usr/bin/start.sh
View File

@ -14,11 +14,9 @@ then
opendkim-genkey -d "$DOMAINNAME" -D "/var/opendkim/keys"
fi
# Prepare postfix
if [ ! -d "/var/mail/$DOMAINNAME" ]
then
/usr/bin/new-domain.sh "$DOMAINNAME"
fi
postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
postfix reload
dovecot reload
# Run services
s6-svscan /etc/service

35
docker/mail/setup.sh
View File

@ -1,18 +1,24 @@
#!/bin/sh
cd "${0%/*}"
printf "Domain root: "
read -r domain_root
printf "Subdomain (can be empty): "
read -r sub_domain
if [ -z "$sub_domain" ]
printf "E-mail user (name without @domain): "
read -r user
printf "E-mail pass: "
read -r pass
if [ -z "${sub_domain}" ]
then
domain="${domain_root}"
else
domain="${sub_domain}.${domain_root}"
fi
cat > ./docker/mail/mail.env <<EOF
cat > mail.env <<EOF
#!/bin/sh
DOMAINNAME=${domain_root}
MAILNAME=${domain}
@ -25,19 +31,26 @@ MAILNAME="${domain}"
SSL_CERT="/etc/letsencrypt/live/${domain_root}/fullchain.pem"
SSL_KEY="/etc/letsencrypt/live/${domain_root}/privkey.pem"
USER="${user}@${DOMAINNAME}"
PASS=$(mkpasswd -m sha-512 -S "" -R 5000 ${pass})
# Config postfix
sed -i -e "s#^\s*myhostname\s*=.*#myhostname = $MAILNAME#" ./docker/mail/config/postfix/main.cf
sed -i -e "s#^\s*mydomain\s*=.*#mydomain = $DOMAINNAME#" ./docker/mail/config/postfix/main.cf
sed -i -e "s#^\s*smtpd_tls_cert_file\s*=.*#smtpd_tls_cert_file = $SSL_CERT#" ./docker/mail/config/postfix/main.cf
sed -i -e "s#^\s*smtpd_tls_key_file\s*=.*#smtpd_tls_key_file = $SSL_KEY#" ./docker/mail/config/postfix/main.cf
sed -i -e "s#^\s*myhostname\s*=.*#myhostname = ${MAILNAME}#" config/postfix/main.cf
sed -i -e "s#^\s*mydomain\s*=.*#mydomain = ${DOMAINNAME}#" config/postfix/main.cf
sed -i -e "s#^\s*smtpd_tls_cert_file\s*=.*#smtpd_tls_cert_file = ${SSL_CERT}#" config/postfix/main.cf
sed -i -e "s#^\s*smtpd_tls_key_file\s*=.*#smtpd_tls_key_file = ${SSL_KEY}#" config/postfix/main.cf
# Config dovecot
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$SSL_CERT#" ./docker/mail/config/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$SSL_KEY#" ./docker/mail/config/dovecot/dovecot.conf
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = postmaster@$DOMAINNAME#" ./docker/mail/config/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <${SSL_CERT}#" config/dovecot/dovecot.conf
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <${SSL_KEY}#" config/dovecot/dovecot.conf
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = postmaster@${DOMAINNAME}#" config/dovecot/dovecot.conf
# Config dkim
sed -i -e "s/^.*#HOSTNAME/$MAILNAME#HOSTNAME/" ./docker/mail/config/opendkim/TrustedHosts
sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" config/opendkim/TrustedHosts
# Prepare mail user
touch /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
touch config/aliases config/domains config/mailboxes config/passwd
echo "${DOMAINNAME} #OK" >> config/domains
echo "${USER} ${USER}" >> config/aliases
echo "${USER} ${DOMAINNAME}/${user}/" >> config/mailboxes
echo "${USER}:${PASSHASH}" >> config/passwd

2
plugins/Poll/Poll.php
View File

@ -133,7 +133,7 @@ class Poll extends Module
$form = Form::create($formOptions);
$formView = $form->createView();
$ret = self::noteActionHandle($request, $form, $note, 'pollresponse', /** TODO Documentation */ function ($note, $data) {
$ret = self::noteActionHandle($request, $form, $note, 'pollresponse', /** TODO needs documentation */ function ($note, $data) {
$user = Common::ensureLoggedIn();
try {