diff --git a/README.md b/README.md index 2ef601ec..b929d1e5 100644 --- a/README.md +++ b/README.md @@ -1,10 +1,12 @@ # mailcow-dockerized -## Configuration +## Installation -1. Open mailcow.conf and change stuff, do not touch versions, do not use special chars in passwords for now. +1. Open mailcow.conf and change stuff, do not use special chars in passwords. This will be fixed soon. -2. ./build-all.sh +2. Run ./build-all.sh + +3. Set a rspamd controller password (see section "rspamd") Done. @@ -22,6 +24,12 @@ The default username for mailcow is `admin` with password `moohoo`. No persistent data is deleted at any time. If an image exists, you will be asked wether or not to repull/rebuild it. +### Logs + +You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter reponses. + +When a process dies, the container dies, too. Except for Postfix' container. + ### MySQL Connect to MySQL database: @@ -50,23 +58,28 @@ Connect to redis database: Use rspamadm: ``` -docker exec -it rspamd-mailcow /bin/bash -c "rspamadm --help" +docker exec -it rspamd-mailcow rspamadm --help ``` Use rspamc: ``` -docker exec -it rspamd-mailcow /bin/bash -c "rspamc --help" +docker exec -it rspamd-mailcow rspamc --help ``` Set rspamd controller password: ``` -docker exec -it rspamd-mailcow /bin/bash -c "rspamadm pw" +# Generate hash +docker exec -it rspamd-mailcow rspamadm pw ``` -Copy given hash to data/conf/rspamd/override.d/worker-controller.inc: + +Replace given hash in data/conf/rspamd/override.d/worker-controller.inc: ``` -... enable_password = "myhash"; -.... +``` + +Restart rspamd: +``` +docker restart rspamd-mailcow ``` ### Remove persistent data diff --git a/build-dovecot.sh b/build-dovecot.sh index 6363d698..259a334d 100755 --- a/build-dovecot.sh +++ b/build-dovecot.sh @@ -1,7 +1,6 @@ #!/bin/bash -. mailcow.conf -./build-network.sh +source mailcow.conf NAME="dovecot-mailcow" @@ -48,5 +47,4 @@ docker run \ -h ${MAILCOW_HOSTNAME} \ -d dovecot -echo "Fixing permissions..." -chown -R 5000:5000 data/vmail +/bin/bash ./fix-permissions.sh diff --git a/build-nginx.sh b/build-nginx.sh index 694c9c2b..f4f2c608 100755 --- a/build-nginx.sh +++ b/build-nginx.sh @@ -38,3 +38,5 @@ docker run \ echo "Installaing SOGo web resource files..." docker exec -it ${NAME} /bin/bash -c 'apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 && apt-get update && apt-get -y --force-yes install apt-transport-https' docker exec -it ${NAME} /bin/bash -c 'echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list && apt-get update && apt-get -y --force-yes install sogo' + +/bin/bash ./fix-permissions.sh diff --git a/build-rspamd.sh b/build-rspamd.sh index edee5cf4..006196fc 100755 --- a/build-rspamd.sh +++ b/build-rspamd.sh @@ -36,3 +36,5 @@ docker run \ --name ${NAME} \ -d rspamd +/bin/bash ./fix-permissions.sh + diff --git a/data/Dockerfiles/postfix/postfix.sh b/data/Dockerfiles/postfix/postfix.sh index eabed030..e2cf2b5b 100755 --- a/data/Dockerfiles/postfix/postfix.sh +++ b/data/Dockerfiles/postfix/postfix.sh @@ -9,10 +9,4 @@ trap "postfix reload" SIGHUP # start postfix postfix -c /opt/postfix/conf start -# lets give postfix some time to start -sleep 3 - -# wait until postfix is dead (triggered by trap) -while kill -0 $(cat /var/spool/postfix/pid/master.pid); do - sleep 5 -done +sleep infinity diff --git a/data/Dockerfiles/rspamd/Dockerfile b/data/Dockerfiles/rspamd/Dockerfile index 225d9edf..0e965bf9 100644 --- a/data/Dockerfiles/rspamd/Dockerfile +++ b/data/Dockerfiles/rspamd/Dockerfile @@ -9,6 +9,8 @@ RUN apt-get update \ && apt-get update \ && apt-get --no-install-recommends -y --force-yes install rspamd +RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local + CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"] USER _rspamd diff --git a/data/conf/rspamd/local.d/metrics.conf b/data/conf/rspamd/local.d/metrics.conf index 4c60ca44..4fd0953c 100644 --- a/data/conf/rspamd/local.d/metrics.conf +++ b/data/conf/rspamd/local.d/metrics.conf @@ -1,3 +1,8 @@ +actions { + reject = 15; + add_header = 5; + greylist = 4; +} symbol "MAILCOW_AUTH" { description = "mailcow authenticated"; score = -20.0; diff --git a/data/conf/rspamd/local.d/rspamd.conf.local b/data/conf/rspamd/local.d/rspamd.conf.local new file mode 100644 index 00000000..4449f091 --- /dev/null +++ b/data/conf/rspamd/local.d/rspamd.conf.local @@ -0,0 +1 @@ +settings = "http://nginx:8081/settings.php"; diff --git a/data/conf/rspamd/lua/rspamd.local.lua b/data/conf/rspamd/lua/rspamd.local.lua index 97c6af3d..292b7d08 100644 --- a/data/conf/rspamd/lua/rspamd.local.lua +++ b/data/conf/rspamd/lua/rspamd.local.lua @@ -10,5 +10,3 @@ rspamd_config.MAILCOW_AUTH = { rspamd_config.MAILCOW_MOO = function (task) return true end - -rspamd_config:add_map('http://nginx:8081/settings.php', "settings map", process_map) diff --git a/data/web/inc/functions.inc.php b/data/web/inc/functions.inc.php index 0b918792..09a258d4 100644 --- a/data/web/inc/functions.inc.php +++ b/data/web/inc/functions.inc.php @@ -160,7 +160,7 @@ function dkim_table($action, $item) { case "add": $domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']); $selector = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['selector']); - $key_length = $item['dkim']['key_size']; + $key_length = intval($item['dkim']['key_size']); if (!ctype_alnum($selector) || !is_valid_domain_name($domain) || !is_numeric($key_length)) { $_SESSION['return'] = array( 'type' => 'danger', @@ -178,13 +178,22 @@ function dkim_table($action, $item) { break; } - // Should be done native in PHP soon - $privKey = shell_exec("openssl genrsa -out /tmp/dkim-private.pem " . escapeshellarg($key_length) . " -outform PEM && cat /tmp/dkim-private.pem"); - $pubKey = shell_exec('openssl rsa -in /tmp/dkim-private.pem -pubout -outform PEM 2>/dev/null | sed -e "1d" -e "\$d" | tr -d "\n"'); - shell_exec('rm /tmp/dkim-private.pem'); - + $config = array( + "digest_alg" => "sha256", + "private_key_bits" => $key_length, + "private_key_type" => OPENSSL_KEYTYPE_RSA, + ); + $keypair_ressource = openssl_pkey_new($config); + $key_details = openssl_pkey_get_details($keypair_ressource); + $pubKey = implode(array_slice( + array_filter( + explode(PHP_EOL, $key_details['key']) + ), 1, -1) + ); + // Save public key to file file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $selector . '_' . $domain, $pubKey); - file_put_contents($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.' . $selector, $privKey); + // Save private key to file + openssl_pkey_export_to_file($keypair_ressource, $GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.' . $selector); $_SESSION['return'] = array( 'type' => 'success', diff --git a/fix-permissions.sh b/fix-permissions.sh index 17cfa2a3..7017fd1f 100755 --- a/fix-permissions.sh +++ b/fix-permissions.sh @@ -1,4 +1,2 @@ -#!/bin/bash - chown -R 5000:5000 data/vmail chown -R 33:33 data/dkim diff --git a/mailcow.conf b/mailcow.conf index 73ae16b3..8fee38ed 100644 --- a/mailcow.conf +++ b/mailcow.conf @@ -5,13 +5,14 @@ MAILCOW_HOSTNAME=mail.mailcow.de -# mailcow SQL database configuration - +# SQL database configuration DBNAME=mailcow DBUSER=mailcow DBPASS=mysafepasswd DBROOT=myverysafepasswd + # MySQL +# Tested with MySQL 5.5 DBVERS=5.5 # SOGo configuration @@ -19,11 +20,12 @@ SOGOCHILDS=20 # Webserver configuration # Default port binding for Nginx is 443 +# PHPVERS="5.6-fpm" NGINXVERS="stable" # You should leave that alone -# Can also be 1.2.3.4:25 for specific binding +# Can also be 11.22.33.44:25 or 0.0.0.0:465 etc. for specific binding SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 diff --git a/print-status.sh b/print-status.sh deleted file mode 100755 index 7e2dc4a0..00000000 --- a/print-status.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/bash - -# Soon