2017-03-02 18:23:23 +08:00
#!/bin/bash
set -e
2018-06-04 01:22:44 +08:00
# Wait for MySQL to warm-up
2018-10-11 17:53:22 +08:00
while ! mysqladmin status --socket= /var/run/mysqld/mysqld.sock -u${ DBUSER } -p${ DBPASS } --silent; do
2018-06-04 01:22:44 +08:00
echo "Waiting for database to come up..."
sleep 2
done
2019-01-29 07:11:12 +08:00
# Hard-code env vars to scripts due to cron not passing them to the scripts
sed -i " s/__DBUSER__/ ${ DBUSER } /g " /usr/local/bin/imapsync_cron.pl
sed -i " s/__DBPASS__/ ${ DBPASS } /g " /usr/local/bin/imapsync_cron.pl
sed -i " s/__DBNAME__/ ${ DBNAME } /g " /usr/local/bin/imapsync_cron.pl
sed -i " s/__DBUSER__/ ${ DBUSER } /g " /usr/local/bin/quarantine_notify.py
sed -i " s/__DBPASS__/ ${ DBPASS } /g " /usr/local/bin/quarantine_notify.py
sed -i " s/__DBNAME__/ ${ DBNAME } /g " /usr/local/bin/quarantine_notify.py
sed -i " s/__LOG_LINES__/ ${ LOG_LINES } /g " /usr/local/bin/trim_logs.sh
2017-03-02 18:23:23 +08:00
2017-04-06 04:25:16 +08:00
# Create missing directories
2017-04-04 02:06:49 +08:00
[ [ ! -d /usr/local/etc/dovecot/sql/ ] ] && mkdir -p /usr/local/etc/dovecot/sql/
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
[ [ ! -d /var/vmail/_garbage ] ] && mkdir -p /var/vmail/_garbage
2017-04-04 02:06:49 +08:00
[ [ ! -d /var/vmail/sieve ] ] && mkdir -p /var/vmail/sieve
[ [ ! -d /etc/sogo ] ] && mkdir -p /etc/sogo
2018-11-12 16:49:23 +08:00
[ [ ! -d /var/volatile ] ] && mkdir -p /var/volatile
2017-03-09 00:58:00 +08:00
2017-03-06 17:33:44 +08:00
# Set Dovecot sql config parameters, escape " in db password
2017-03-02 18:23:23 +08:00
DBPASS = $( echo ${ DBPASS } | sed 's/"/\\"/g' )
2017-03-06 17:33:44 +08:00
2017-04-04 02:06:49 +08:00
# Create quota dict for Dovecot
2017-11-04 03:25:38 +08:00
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-quota.conf
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2017-03-06 17:33:44 +08:00
map {
pattern = priv/quota/storage
table = quota2
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
table = quota2
username_field = username
value_field = messages
}
EOF
2017-11-04 03:25:38 +08:00
# Create dict used for sieve pre and postfilters
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2017-11-04 03:25:38 +08:00
map {
pattern = priv/sieve/name/\$ script_name
table = sieve_before
username_field = username
value_field = id
fields {
script_name = \$ script_name
}
}
map {
pattern = priv/sieve/data/\$ id
table = sieve_before
username_field = username
value_field = script_data
fields {
id = \$ id
}
}
EOF
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2017-11-04 03:25:38 +08:00
map {
pattern = priv/sieve/name/\$ script_name
table = sieve_after
username_field = username
value_field = id
fields {
script_name = \$ script_name
}
}
map {
pattern = priv/sieve/data/\$ id
table = sieve_after
username_field = username
value_field = script_data
fields {
id = \$ id
}
}
EOF
2018-11-18 20:31:09 +08:00
echo -n ${ ACL_ANYONE } > /usr/local/etc/dovecot/acl_anyone
2017-11-04 03:25:38 +08:00
2019-01-29 07:11:12 +08:00
if [ [ " ${ SKIP_SOLR } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify' > /usr/local/etc/dovecot/mail_plugins
echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log' > /usr/local/etc/dovecot/mail_plugins_imap
echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl' > /usr/local/etc/dovecot/mail_plugins_lmtp
else
echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr' > /usr/local/etc/dovecot/mail_plugins
echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr' > /usr/local/etc/dovecot/mail_plugins_imap
echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl fts fts_solr' > /usr/local/etc/dovecot/mail_plugins_lmtp
fi
chmod 644 /usr/local/etc/dovecot/mail_plugins /usr/local/etc/dovecot/mail_plugins_imap /usr/local/etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
2018-07-12 06:23:12 +08:00
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
2017-03-06 17:33:44 +08:00
driver = mysql
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2018-11-26 16:44:41 +08:00
user_query = SELECT CONCAT( JSON_UNQUOTE( JSON_EXTRACT( attributes, '$.mailbox_format' ) ) , mailbox_path_prefix, '%d/%n/:VOLATILEDIR=/var/volatile/%u' ) AS mail, 5000 AS uid, 5000 AS gid, concat( '*:bytes=' , quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
2017-03-06 17:33:44 +08:00
iterate_query = SELECT username FROM mailbox WHERE active = '1' ;
EOF
2017-03-02 18:23:23 +08:00
2018-07-12 06:46:17 +08:00
# Create pass dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
2018-07-12 06:23:12 +08:00
driver = mysql
2018-11-26 16:11:22 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2018-07-12 06:23:12 +08:00
default_pass_scheme = SSHA256
2018-12-06 23:49:14 +08:00
password_query = SELECT password FROM mailbox WHERE active = '1' AND username = '%u' AND domain IN ( SELECT domain FROM domain WHERE domain = '%d' AND active = '1' ) AND JSON_EXTRACT( attributes, '$.force_pw_update' ) NOT LIKE '%%1%%'
2018-07-12 06:23:12 +08:00
EOF
2017-04-04 02:06:49 +08:00
# Create global sieve_after script
cat /usr/local/etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
2018-11-12 16:49:23 +08:00
# Check permissions of vmail/attachments directory.
2017-03-02 18:23:23 +08:00
# Do not do this every start-up, it may take a very long time. So we use a stat check here.
if [ [ $( stat -c %U /var/vmail/) != "vmail" ] ] ; then chown -R vmail:vmail /var/vmail ; fi
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
if [ [ $( stat -c %U /var/vmail/_garbage) != "vmail" ] ] ; then chown -R vmail:vmail /var/vmail/_garbage ; fi
2018-11-12 16:49:23 +08:00
if [ [ $( stat -c %U /var/attachments) != "vmail" ] ] ; then chown -R vmail:vmail /var/attachments ; fi
2017-03-02 18:23:23 +08:00
# Create random master for SOGo sieve features
RAND_USER = $( cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1)
RAND_PASS = $( cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1)
2018-08-28 23:14:05 +08:00
2018-11-12 16:49:23 +08:00
echo ${ RAND_USER } @mailcow.local:{ SHA1} $( echo -n ${ RAND_PASS } | sha1sum | awk '{print $1}' ) > /usr/local/etc/dovecot/dovecot-master.passwd
2018-12-14 02:52:44 +08:00
echo ${ RAND_USER } @mailcow.local::5000:5000:::: > /usr/local/etc/dovecot/dovecot-master.userdb
2018-08-28 23:14:05 +08:00
echo ${ RAND_USER } @mailcow.local:${ RAND_PASS } > /etc/sogo/sieve.creds
2017-03-02 18:23:23 +08:00
2017-04-06 04:25:16 +08:00
# 401 is user dovecot
2018-10-07 21:09:21 +08:00
if [ [ ! -s /mail_crypt/ecprivkey.pem || ! -s /mail_crypt/ecpubkey.pem ] ] ; then
2017-04-04 02:06:49 +08:00
openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
openssl pkey -in /mail_crypt/ecprivkey.pem -pubout -out /mail_crypt/ecpubkey.pem
2017-04-06 04:25:16 +08:00
chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
else
chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
2017-04-04 02:06:49 +08:00
fi
2017-04-06 04:25:16 +08:00
# Compile sieve scripts
sievec /var/vmail/sieve/global.sieve
sievec /usr/local/lib/dovecot/sieve/report-spam.sieve
sievec /usr/local/lib/dovecot/sieve/report-ham.sieve
# Fix permissions
2018-10-12 16:57:00 +08:00
chown root:root /usr/local/etc/dovecot/sql/*.conf
chown root:dovecot /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve* /usr/local/etc/dovecot/sql/dovecot-dict-sql-quota*
chmod 640 /usr/local/etc/dovecot/sql/*.conf
2017-04-06 04:25:16 +08:00
chown -R vmail:vmail /var/vmail/sieve
2018-11-12 16:49:23 +08:00
chown -R vmail:vmail /var/volatile
adduser vmail tty
chmod g+rw /dev/console
2019-01-29 07:11:12 +08:00
chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \
/usr/local/lib/dovecot/sieve/rspamd-pipe-spam \
/usr/local/bin/imapsync_cron.pl \
/usr/local/bin/postlogin.sh \
/usr/local/bin/imapsync \
/usr/local/bin/trim_logs.sh \
/usr/local/bin/sa-rules.sh \
/usr/local/bin/maildir_gc.sh \
2019-02-05 07:00:22 +08:00
/usr/local/sbin/stop-supervisor.sh \
/usr/local/bin/quota_notify.py
2019-01-29 07:11:12 +08:00
# Setup cronjobs
echo '* * * * * root /usr/local/bin/imapsync_cron.pl 2>&1 | /usr/bin/logger' > /etc/cron.d/imapsync
echo '30 3 * * * vmail /usr/local/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
echo '* * * * * vmail /usr/local/bin/trim_logs.sh >> /dev/console 2>&1' > /etc/cron.d/trim_logs
echo '25 * * * * vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc
echo '30 1 * * * root /usr/local/bin/sa-rules.sh >> /dev/console 2>&1' > /etc/cron.d/sa-rules
echo '0 2 * * * root /usr/bin/curl http://solr:8983/solr/dovecot/update?optimize=true >> /dev/console 2>&1' > /etc/cron.d/solr-optimize
echo '*/20 * * * * vmail /usr/local/bin/quarantine_notify.py >> /dev/console 2>&1' > /etc/cron.d/quarantine_notify
2017-04-06 04:25:16 +08:00
2017-05-10 03:29:51 +08:00
# Fix more than 1 hardlink issue
touch /etc/crontab /etc/cron.*/*
2017-04-06 04:25:16 +08:00
2017-07-31 14:17:56 +08:00
# Clean old PID if any
[ [ -f /usr/local/var/run/dovecot/master.pid ] ] && rm /usr/local/var/run/dovecot/master.pid
2018-06-04 01:22:44 +08:00
# Clean stopped imapsync jobs
2018-07-28 04:19:14 +08:00
rm -f /tmp/imapsync_busy.lock
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
IMAPSYNC_TABLE = $( mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } -e "SHOW TABLES LIKE 'imapsync'" -Bs)
[ [ ! -z ${ IMAPSYNC_TABLE } ] ] && mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } -e "UPDATE imapsync SET is_running='0'"
2018-06-04 01:22:44 +08:00
2018-11-26 16:11:22 +08:00
# Envsubst maildir_gc
2019-02-13 00:11:04 +08:00
echo " $( envsubst < /usr/local/bin/maildir_gc.sh) " > /usr/local/bin/maildir_gc.sh
2018-11-26 16:11:22 +08:00
2018-10-02 15:32:51 +08:00
# Collect SA rules once now
/usr/local/bin/sa-rules.sh
2017-03-02 18:23:23 +08:00
exec " $@ "