2017-03-02 18:23:23 +08:00
#!/bin/bash
set -e
2018-06-04 01:22:44 +08:00
# Wait for MySQL to warm-up
2018-10-11 17:53:22 +08:00
while ! mysqladmin status --socket= /var/run/mysqld/mysqld.sock -u${ DBUSER } -p${ DBPASS } --silent; do
2018-06-04 01:22:44 +08:00
echo "Waiting for database to come up..."
sleep 2
done
2020-04-14 23:32:15 +08:00
# Do not attempt to write to slave
if [ [ ! -z ${ REDIS_SLAVEOF_IP } ] ] ; then
REDIS_CMDLINE = " redis-cli -h ${ REDIS_SLAVEOF_IP } -p ${ REDIS_SLAVEOF_PORT } "
else
REDIS_CMDLINE = "redis-cli -h redis -p 6379"
fi
until [ [ $( ${ REDIS_CMDLINE } PING) = = "PONG" ] ] ; do
echo "Waiting for Redis..."
sleep 2
done
${ REDIS_CMDLINE } SET DOVECOT_REPL_HEALTH 1 > /dev/null
2017-04-06 04:25:16 +08:00
# Create missing directories
2019-07-29 03:34:42 +08:00
[ [ ! -d /etc/dovecot/sql/ ] ] && mkdir -p /etc/dovecot/sql/
2019-12-06 17:20:06 +08:00
[ [ ! -d /etc/dovecot/lua/ ] ] && mkdir -p /etc/dovecot/lua/
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
[ [ ! -d /var/vmail/_garbage ] ] && mkdir -p /var/vmail/_garbage
2017-04-04 02:06:49 +08:00
[ [ ! -d /var/vmail/sieve ] ] && mkdir -p /var/vmail/sieve
[ [ ! -d /etc/sogo ] ] && mkdir -p /etc/sogo
2018-11-12 16:49:23 +08:00
[ [ ! -d /var/volatile ] ] && mkdir -p /var/volatile
2017-03-09 00:58:00 +08:00
2017-03-06 17:33:44 +08:00
# Set Dovecot sql config parameters, escape " in db password
2017-03-02 18:23:23 +08:00
DBPASS = $( echo ${ DBPASS } | sed 's/"/\\"/g' )
2017-03-06 17:33:44 +08:00
2017-04-04 02:06:49 +08:00
# Create quota dict for Dovecot
2020-01-29 17:30:06 +08:00
if [ [ " ${ MASTER } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
QUOTA_TABLE = quota2
else
QUOTA_TABLE = quota2replica
fi
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-quota.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2017-03-06 17:33:44 +08:00
map {
pattern = priv/quota/storage
2020-01-29 17:30:06 +08:00
table = ${ QUOTA_TABLE }
2017-03-06 17:33:44 +08:00
username_field = username
value_field = bytes
}
map {
pattern = priv/quota/messages
2020-01-29 17:30:06 +08:00
table = ${ QUOTA_TABLE }
2017-03-06 17:33:44 +08:00
username_field = username
value_field = messages
}
EOF
2020-02-26 02:38:20 +08:00
# Write last logins to Redis
if [ [ ! -z ${ REDIS_SLAVEOF_IP } ] ] ; then
cp /etc/syslog-ng/syslog-ng-redis_slave.conf /etc/syslog-ng/syslog-ng.conf
2020-03-26 04:24:41 +08:00
echo -n " redis:host= ${ REDIS_SLAVEOF_IP } :port= ${ REDIS_SLAVEOF_PORT } " > /etc/dovecot/last_login
2020-02-26 02:38:20 +08:00
else
echo -n " redis:host= ${ IPV4_NETWORK } .249:port=6379 " > /etc/dovecot/last_login
fi
2017-11-04 03:25:38 +08:00
# Create dict used for sieve pre and postfilters
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2017-11-04 03:25:38 +08:00
map {
pattern = priv/sieve/name/\$ script_name
table = sieve_before
username_field = username
value_field = id
fields {
script_name = \$ script_name
}
}
map {
pattern = priv/sieve/data/\$ id
table = sieve_before
username_field = username
value_field = script_data
fields {
id = \$ id
}
}
EOF
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2017-11-04 03:25:38 +08:00
map {
pattern = priv/sieve/name/\$ script_name
table = sieve_after
username_field = username
value_field = id
fields {
script_name = \$ script_name
}
}
map {
pattern = priv/sieve/data/\$ id
table = sieve_after
username_field = username
value_field = script_data
fields {
id = \$ id
}
}
EOF
2019-07-29 03:34:42 +08:00
echo -n ${ ACL_ANYONE } > /etc/dovecot/acl_anyone
2017-11-04 03:25:38 +08:00
2019-01-29 07:11:12 +08:00
if [ [ " ${ SKIP_SOLR } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
2020-02-26 02:38:20 +08:00
echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify replication last_login' > /etc/dovecot/mail_plugins
echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify replication mail_log last_login' > /etc/dovecot/mail_plugins_imap
2020-02-05 17:56:44 +08:00
echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl notify replication' > /etc/dovecot/mail_plugins_lmtp
2019-01-29 07:11:12 +08:00
else
2020-02-26 02:38:20 +08:00
echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr replication last_login' > /etc/dovecot/mail_plugins
echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr replication last_login' > /etc/dovecot/mail_plugins_imap
2020-02-05 17:56:44 +08:00
echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl fts fts_solr notify replication' > /etc/dovecot/mail_plugins_lmtp
2019-01-29 07:11:12 +08:00
fi
2019-07-29 03:34:42 +08:00
chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
2019-01-29 07:11:12 +08:00
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-userdb.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2017-03-06 17:33:44 +08:00
driver = mysql
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2019-03-18 21:09:32 +08:00
user_query = SELECT CONCAT( JSON_UNQUOTE( JSON_EXTRACT( attributes, '$.mailbox_format' ) ) , mailbox_path_prefix, '%d/%n/${MAILDIR_SUB}:VOLATILEDIR=/var/volatile/%u' ) AS mail, 5000 AS uid, 5000 AS gid, concat( '*:bytes=' , quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
2017-03-06 17:33:44 +08:00
iterate_query = SELECT username FROM mailbox WHERE active = '1' ;
EOF
2017-03-02 18:23:23 +08:00
2018-07-12 06:46:17 +08:00
# Create pass dict for Dovecot
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql-passdb.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2018-07-12 06:23:12 +08:00
driver = mysql
2018-11-26 16:11:22 +08:00
connect = " host=/var/run/mysqld/mysqld.sock dbname= ${ DBNAME } user= ${ DBUSER } password= ${ DBPASS } "
2018-07-12 06:23:12 +08:00
default_pass_scheme = SSHA256
2018-12-06 23:49:14 +08:00
password_query = SELECT password FROM mailbox WHERE active = '1' AND username = '%u' AND domain IN ( SELECT domain FROM domain WHERE domain = '%d' AND active = '1' ) AND JSON_EXTRACT( attributes, '$.force_pw_update' ) NOT LIKE '%%1%%'
2018-07-12 06:23:12 +08:00
EOF
2019-12-06 17:20:06 +08:00
cat <<EOF > /etc/dovecot/lua/app-passdb.lua
2019-12-04 01:50:45 +08:00
function auth_password_verify( req, pass)
2019-12-05 04:47:25 +08:00
if req.domain = = nil then
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
end
2020-02-21 00:48:57 +08:00
if cur = = nil then
script_init( )
end
2019-12-04 01:50:45 +08:00
local cur,errorString = con:execute( string.format( [ [ SELECT mailbox, password FROM app_passwd
WHERE mailbox = '%s'
AND active = '1'
AND domain IN ( SELECT domain FROM domain WHERE domain = '%s' AND active = '1' ) ] ] , con:escape( req.user) , con:escape( req.domain) ) )
local row = cur:fetch ( { } , "a" )
while row do
if req.password_verify( req, row.password, pass) = = 1 then
cur:close( )
return dovecot.auth.PASSDB_RESULT_OK, "password=" .. pass
end
row = cur:fetch ( row, "a" )
end
2019-12-05 04:47:25 +08:00
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "No such user"
2019-12-04 01:50:45 +08:00
end
2020-02-05 17:56:44 +08:00
function auth_passdb_lookup( req)
return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, ""
end
2019-12-04 01:50:45 +08:00
function script_init( )
mysql = require "luasql.mysql"
env = mysql.mysql( )
2020-01-29 17:30:06 +08:00
con = env:connect( "__DBNAME__" ,"__DBUSER__" ,"__DBPASS__" ,"localhost" )
2019-12-04 01:50:45 +08:00
return 0
end
function script_deinit( )
con:close( )
env:close( )
end
2019-12-02 17:53:25 +08:00
EOF
2019-06-01 19:53:24 +08:00
# Migrate old sieve_after file
2019-07-29 03:34:42 +08:00
[ [ -f /etc/dovecot/sieve_after ] ] && mv /etc/dovecot/sieve_after /etc/dovecot/global_sieve_after
2019-06-01 19:53:24 +08:00
# Create global sieve scripts
2019-07-29 03:34:42 +08:00
cat /etc/dovecot/global_sieve_after > /var/vmail/sieve/global_sieve_after.sieve
cat /etc/dovecot/global_sieve_before > /var/vmail/sieve/global_sieve_before.sieve
2017-04-04 02:06:49 +08:00
2018-11-12 16:49:23 +08:00
# Check permissions of vmail/attachments directory.
2017-03-02 18:23:23 +08:00
# Do not do this every start-up, it may take a very long time. So we use a stat check here.
if [ [ $( stat -c %U /var/vmail/) != "vmail" ] ] ; then chown -R vmail:vmail /var/vmail ; fi
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
if [ [ $( stat -c %U /var/vmail/_garbage) != "vmail" ] ] ; then chown -R vmail:vmail /var/vmail/_garbage ; fi
2018-11-12 16:49:23 +08:00
if [ [ $( stat -c %U /var/attachments) != "vmail" ] ] ; then chown -R vmail:vmail /var/attachments ; fi
2017-03-02 18:23:23 +08:00
2019-03-27 23:37:15 +08:00
# Cleanup random user maildirs
rm -rf /var/vmail/mailcow.local/*
2019-10-19 18:48:56 +08:00
# create sni configuration
echo "" > /etc/dovecot/sni.conf
for cert_dir in /etc/ssl/mail/*/ ; do
if [ [ ! -f ${ cert_dir } domains ] ] || [ [ ! -f ${ cert_dir } cert.pem ] ] || [ [ ! -f ${ cert_dir } key.pem ] ] ; then
continue
fi
domains = ( $( cat ${ cert_dir } domains) )
for domain in ${ domains [@] } ; do
echo 'local_name ' ${ domain } ' {' >> /etc/dovecot/sni.conf;
echo ' ssl_cert = <' ${ cert_dir } 'cert.pem' >> /etc/dovecot/sni.conf;
echo ' ssl_key = <' ${ cert_dir } 'key.pem' >> /etc/dovecot/sni.conf;
echo '}' >> /etc/dovecot/sni.conf;
done
done
2019-03-27 23:37:15 +08:00
2017-03-02 18:23:23 +08:00
# Create random master for SOGo sieve features
RAND_USER = $( cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1)
RAND_PASS = $( cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1)
2018-08-28 23:14:05 +08:00
2020-02-05 17:56:44 +08:00
echo ${ RAND_USER } @mailcow.local:{ SHA1} $( echo -n ${ RAND_PASS } | sha1sum | awk '{print $1}' ) :::::: > /etc/dovecot/dovecot-master.passwd
2019-07-29 03:34:42 +08:00
echo ${ RAND_USER } @mailcow.local::5000:5000:::: > /etc/dovecot/dovecot-master.userdb
2018-08-28 23:14:05 +08:00
echo ${ RAND_USER } @mailcow.local:${ RAND_PASS } > /etc/sogo/sieve.creds
2017-03-02 18:23:23 +08:00
2019-05-19 05:01:05 +08:00
if [ [ -z ${ MAILDIR_SUB } ] ] ; then
MAILDIR_SUB_SHARED =
else
MAILDIR_SUB_SHARED = /${ MAILDIR_SUB }
fi
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/shared_namespace.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2019-05-19 05:01:05 +08:00
namespace {
type = shared
separator = /
prefix = Shared/%%u/
2019-12-25 17:34:08 +08:00
location = maildir:%%h${ MAILDIR_SUB_SHARED } :INDEX= ~${ MAILDIR_SUB_SHARED } /Shared/%%u
2019-05-19 05:01:05 +08:00
subscriptions = no
list = children
}
EOF
2019-02-26 16:02:35 +08:00
if [ [ " ${ ALLOW_ADMIN_EMAIL_LOGIN } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
# Create random master Password for SOGo 'login as user' via proxy auth
RAND_PASS = $( cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
echo -n ${ RAND_PASS } > /etc/phpfpm/sogo-sso.pass
2019-07-29 03:34:42 +08:00
cat <<EOF > /etc/dovecot/sogo-sso.conf
2019-07-08 13:56:41 +08:00
# Autogenerated by mailcow
2019-02-26 16:02:35 +08:00
passdb {
driver = static
args = allow_real_nets = ${ IPV4_NETWORK } .248/32 password = { plain} ${ RAND_PASS }
}
EOF
else
2019-07-29 03:34:42 +08:00
rm -f /etc/dovecot/sogo-sso.pass
rm -f /etc/dovecot/sogo-sso.conf
2019-02-26 16:02:35 +08:00
fi
2019-12-04 01:50:45 +08:00
# Hard-code env vars to scripts due to cron not passing them to the scripts
2019-12-06 17:20:06 +08:00
sed -i " s/__DBUSER__/ ${ DBUSER } /g " /usr/local/bin/imapsync_cron.pl /usr/local/bin/quarantine_notify.py /usr/local/bin/clean_q_aged.sh /etc/dovecot/lua/app-passdb.lua
sed -i " s/__DBPASS__/ ${ DBPASS } /g " /usr/local/bin/imapsync_cron.pl /usr/local/bin/quarantine_notify.py /usr/local/bin/clean_q_aged.sh /etc/dovecot/lua/app-passdb.lua
sed -i " s/__DBNAME__/ ${ DBNAME } /g " /usr/local/bin/imapsync_cron.pl /usr/local/bin/quarantine_notify.py /usr/local/bin/clean_q_aged.sh /etc/dovecot/lua/app-passdb.lua
2019-12-04 01:50:45 +08:00
sed -i " s/__LOG_LINES__/ ${ LOG_LINES } /g " /usr/local/bin/trim_logs.sh
2020-02-05 17:56:44 +08:00
if [ [ " ${ MASTER } " = ~ ^( [ nN] [ oO] | [ nN] ) +$ ] ] ; then
2020-01-29 17:30:06 +08:00
# Toggling MASTER will result in a rebuild of containers, so the quota script will be recreated
cat <<'EOF' > /usr/local/bin/quota_notify.py
#!/usr/bin/python3
import sys
sys.exit( )
EOF
fi
2019-12-04 01:50:45 +08:00
2017-04-06 04:25:16 +08:00
# 401 is user dovecot
2018-10-07 21:09:21 +08:00
if [ [ ! -s /mail_crypt/ecprivkey.pem || ! -s /mail_crypt/ecpubkey.pem ] ] ; then
2017-04-04 02:06:49 +08:00
openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
openssl pkey -in /mail_crypt/ecprivkey.pem -pubout -out /mail_crypt/ecpubkey.pem
2017-04-06 04:25:16 +08:00
chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
else
chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
2017-04-04 02:06:49 +08:00
fi
2017-04-06 04:25:16 +08:00
# Compile sieve scripts
2019-06-01 19:53:24 +08:00
sievec /var/vmail/sieve/global_sieve_before.sieve
sievec /var/vmail/sieve/global_sieve_after.sieve
2019-07-29 03:34:42 +08:00
sievec /usr/lib/dovecot/sieve/report-spam.sieve
sievec /usr/lib/dovecot/sieve/report-ham.sieve
2017-04-06 04:25:16 +08:00
# Fix permissions
2019-07-29 03:34:42 +08:00
chown root:root /etc/dovecot/sql/*.conf
2019-12-06 17:20:06 +08:00
chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* /etc/dovecot/lua/app-passdb.lua
chmod 640 /etc/dovecot/sql/*.conf /etc/dovecot/lua/app-passdb.lua
2017-04-06 04:25:16 +08:00
chown -R vmail:vmail /var/vmail/sieve
2018-11-12 16:49:23 +08:00
chown -R vmail:vmail /var/volatile
adduser vmail tty
chmod g+rw /dev/console
2019-05-30 00:02:14 +08:00
chown root:tty /dev/console
2019-07-29 03:34:42 +08:00
chmod +x /usr/lib/dovecot/sieve/rspamd-pipe-ham \
/usr/lib/dovecot/sieve/rspamd-pipe-spam \
2019-01-29 07:11:12 +08:00
/usr/local/bin/imapsync_cron.pl \
/usr/local/bin/postlogin.sh \
/usr/local/bin/imapsync \
/usr/local/bin/trim_logs.sh \
/usr/local/bin/sa-rules.sh \
2019-06-02 03:23:43 +08:00
/usr/local/bin/clean_q_aged.sh \
2019-01-29 07:11:12 +08:00
/usr/local/bin/maildir_gc.sh \
2019-02-05 07:00:22 +08:00
/usr/local/sbin/stop-supervisor.sh \
2020-04-14 18:48:57 +08:00
/usr/local/bin/quota_notify.py \
/usr/local/bin/repl_health.sh
2019-01-29 07:11:12 +08:00
2020-01-29 17:30:06 +08:00
if [ [ " ${ MASTER } " = ~ ^( [ yY] [ eE] [ sS] | [ yY] ) +$ ] ] ; then
2019-01-29 07:11:12 +08:00
# Setup cronjobs
echo '* * * * * root /usr/local/bin/imapsync_cron.pl 2>&1 | /usr/bin/logger' > /etc/cron.d/imapsync
2019-05-28 02:29:55 +08:00
#echo '30 3 * * * vmail /usr/local/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
2019-01-29 07:11:12 +08:00
echo '* * * * * vmail /usr/local/bin/trim_logs.sh >> /dev/console 2>&1' > /etc/cron.d/trim_logs
echo '25 * * * * vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc
echo '30 1 * * * root /usr/local/bin/sa-rules.sh >> /dev/console 2>&1' > /etc/cron.d/sa-rules
2019-03-10 16:35:26 +08:00
echo '0 2 * * * root /usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true >> /dev/console 2>&1' > /etc/cron.d/solr-optimize
2019-01-29 07:11:12 +08:00
echo '*/20 * * * * vmail /usr/local/bin/quarantine_notify.py >> /dev/console 2>&1' > /etc/cron.d/quarantine_notify
2019-06-02 03:23:43 +08:00
echo '15 4 * * * vmail /usr/local/bin/clean_q_aged.sh >> /dev/console 2>&1' > /etc/cron.d/clean_q_aged
2020-04-14 18:48:57 +08:00
echo '*/5 * * * * vmail /usr/local/bin/repl_health.sh >> /dev/console 2>&1' > /etc/cron.d/repl_health
2020-01-29 17:30:06 +08:00
else
echo '25 * * * * vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc
echo '30 1 * * * root /usr/local/bin/sa-rules.sh >> /dev/console 2>&1' > /etc/cron.d/sa-rules
echo '0 2 * * * root /usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true >> /dev/console 2>&1' > /etc/cron.d/solr-optimize
2020-04-14 18:48:57 +08:00
echo '*/5 * * * * vmail /usr/local/bin/repl_health.sh >> /dev/console 2>&1' > /etc/cron.d/repl_health
2020-01-29 17:30:06 +08:00
fi
2017-04-06 04:25:16 +08:00
2020-04-14 18:48:57 +08:00
# Fix more than 1 hardlink issue
touch /etc/crontab /etc/cron.*/*
2017-07-31 14:17:56 +08:00
# Clean old PID if any
2019-07-29 03:34:42 +08:00
[ [ -f /var/run/dovecot/master.pid ] ] && rm /var/run/dovecot/master.pid
2017-07-31 14:17:56 +08:00
2018-06-04 01:22:44 +08:00
# Clean stopped imapsync jobs
2018-07-28 04:19:14 +08:00
rm -f /tmp/imapsync_busy.lock
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-30 04:01:23 +08:00
IMAPSYNC_TABLE = $( mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } -e "SHOW TABLES LIKE 'imapsync'" -Bs)
[ [ ! -z ${ IMAPSYNC_TABLE } ] ] && mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } -e "UPDATE imapsync SET is_running='0'"
2018-06-04 01:22:44 +08:00
2018-11-26 16:11:22 +08:00
# Envsubst maildir_gc
2019-02-13 00:11:04 +08:00
echo " $( envsubst < /usr/local/bin/maildir_gc.sh) " > /usr/local/bin/maildir_gc.sh
2018-11-26 16:11:22 +08:00
2020-02-05 17:56:44 +08:00
# GUID generation
2020-03-08 23:51:30 +08:00
while [ [ ${ VERSIONS_OK } != 'OK' ] ] ; do
if [ [ ! -z $( mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } -B -e " SELECT 'OK' FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = \" ${ DBNAME } \" AND TABLE_NAME = 'versions' " ) ] ] ; then
VERSIONS_OK = OK
else
echo "Waiting for versions table to be created..."
sleep 3
fi
done
PUBKEY_MCRYPT = $( doveconf -P | grep -i mail_crypt_global_public_key 2> /dev/null| cut -d '<' -f2)
2019-08-09 20:11:36 +08:00
if [ -f ${ PUBKEY_MCRYPT } ] ; then
2019-08-11 03:03:18 +08:00
GUID = $( cat <( echo ${ MAILCOW_HOSTNAME } ) /mail_crypt/ecpubkey.pem | sha256sum | cut -d ' ' -f1 | tr -cd "[a-fA-F0-9.:/] " )
2019-08-09 20:11:36 +08:00
if [ ${# GUID } -eq 64 ] ; then
mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } << EOF
REPLACE INTO versions ( application, version) VALUES ( "GUID" , " ${ GUID } " ) ;
EOF
else
mysql --socket= /var/run/mysqld/mysqld.sock -u ${ DBUSER } -p${ DBPASS } ${ DBNAME } << EOF
REPLACE INTO versions ( application, version) VALUES ( "GUID" , "INVALID" ) ;
EOF
fi
fi
2018-10-02 15:32:51 +08:00
# Collect SA rules once now
/usr/local/bin/sa-rules.sh
2019-10-18 18:01:47 +08:00
# Run hooks
for file in /hooks/*; do
if [ -x " ${ file } " ] ; then
echo " Running hook ${ file } "
" ${ file } "
fi
done
2019-12-05 17:14:41 +08:00
# For some strange, unknown and stupid reason, Dovecot may run into a race condition, when this file is not touched before it is read by dovecot/auth
# May be related to something inside Docker, I seriously don't know
2019-12-06 17:20:06 +08:00
touch /etc/dovecot/lua/app-passdb.lua
2019-12-05 17:14:41 +08:00
2017-03-02 18:23:23 +08:00
exec " $@ "