Fixes, working rspamd settings, generate DKIM keys in PHP
parent
a7a597fead
commit
42a64b45d7
31
README.md
31
README.md
|
@ -1,10 +1,12 @@
|
||||||
# mailcow-dockerized
|
# mailcow-dockerized
|
||||||
|
|
||||||
## Configuration
|
## Installation
|
||||||
|
|
||||||
1. Open mailcow.conf and change stuff, do not touch versions, do not use special chars in passwords for now.
|
1. Open mailcow.conf and change stuff, do not use special chars in passwords. This will be fixed soon.
|
||||||
|
|
||||||
2. ./build-all.sh
|
2. Run ./build-all.sh
|
||||||
|
|
||||||
|
3. Set a rspamd controller password (see section "rspamd")
|
||||||
|
|
||||||
Done.
|
Done.
|
||||||
|
|
||||||
|
@ -22,6 +24,12 @@ The default username for mailcow is `admin` with password `moohoo`.
|
||||||
No persistent data is deleted at any time.
|
No persistent data is deleted at any time.
|
||||||
If an image exists, you will be asked wether or not to repull/rebuild it.
|
If an image exists, you will be asked wether or not to repull/rebuild it.
|
||||||
|
|
||||||
|
### Logs
|
||||||
|
|
||||||
|
You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter reponses.
|
||||||
|
|
||||||
|
When a process dies, the container dies, too. Except for Postfix' container.
|
||||||
|
|
||||||
### MySQL
|
### MySQL
|
||||||
|
|
||||||
Connect to MySQL database:
|
Connect to MySQL database:
|
||||||
|
@ -50,23 +58,28 @@ Connect to redis database:
|
||||||
|
|
||||||
Use rspamadm:
|
Use rspamadm:
|
||||||
```
|
```
|
||||||
docker exec -it rspamd-mailcow /bin/bash -c "rspamadm --help"
|
docker exec -it rspamd-mailcow rspamadm --help
|
||||||
```
|
```
|
||||||
|
|
||||||
Use rspamc:
|
Use rspamc:
|
||||||
```
|
```
|
||||||
docker exec -it rspamd-mailcow /bin/bash -c "rspamc --help"
|
docker exec -it rspamd-mailcow rspamc --help
|
||||||
```
|
```
|
||||||
|
|
||||||
Set rspamd controller password:
|
Set rspamd controller password:
|
||||||
```
|
```
|
||||||
docker exec -it rspamd-mailcow /bin/bash -c "rspamadm pw"
|
# Generate hash
|
||||||
|
docker exec -it rspamd-mailcow rspamadm pw
|
||||||
```
|
```
|
||||||
Copy given hash to data/conf/rspamd/override.d/worker-controller.inc:
|
|
||||||
|
Replace given hash in data/conf/rspamd/override.d/worker-controller.inc:
|
||||||
```
|
```
|
||||||
...
|
|
||||||
enable_password = "myhash";
|
enable_password = "myhash";
|
||||||
....
|
```
|
||||||
|
|
||||||
|
Restart rspamd:
|
||||||
|
```
|
||||||
|
docker restart rspamd-mailcow
|
||||||
```
|
```
|
||||||
|
|
||||||
### Remove persistent data
|
### Remove persistent data
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
. mailcow.conf
|
source mailcow.conf
|
||||||
./build-network.sh
|
|
||||||
|
|
||||||
NAME="dovecot-mailcow"
|
NAME="dovecot-mailcow"
|
||||||
|
|
||||||
|
@ -48,5 +47,4 @@ docker run \
|
||||||
-h ${MAILCOW_HOSTNAME} \
|
-h ${MAILCOW_HOSTNAME} \
|
||||||
-d dovecot
|
-d dovecot
|
||||||
|
|
||||||
echo "Fixing permissions..."
|
/bin/bash ./fix-permissions.sh
|
||||||
chown -R 5000:5000 data/vmail
|
|
||||||
|
|
|
@ -38,3 +38,5 @@ docker run \
|
||||||
echo "Installaing SOGo web resource files..."
|
echo "Installaing SOGo web resource files..."
|
||||||
docker exec -it ${NAME} /bin/bash -c 'apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 && apt-get update && apt-get -y --force-yes install apt-transport-https'
|
docker exec -it ${NAME} /bin/bash -c 'apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 && apt-get update && apt-get -y --force-yes install apt-transport-https'
|
||||||
docker exec -it ${NAME} /bin/bash -c 'echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list && apt-get update && apt-get -y --force-yes install sogo'
|
docker exec -it ${NAME} /bin/bash -c 'echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list && apt-get update && apt-get -y --force-yes install sogo'
|
||||||
|
|
||||||
|
/bin/bash ./fix-permissions.sh
|
||||||
|
|
|
@ -36,3 +36,5 @@ docker run \
|
||||||
--name ${NAME} \
|
--name ${NAME} \
|
||||||
-d rspamd
|
-d rspamd
|
||||||
|
|
||||||
|
/bin/bash ./fix-permissions.sh
|
||||||
|
|
||||||
|
|
|
@ -9,10 +9,4 @@ trap "postfix reload" SIGHUP
|
||||||
# start postfix
|
# start postfix
|
||||||
postfix -c /opt/postfix/conf start
|
postfix -c /opt/postfix/conf start
|
||||||
|
|
||||||
# lets give postfix some time to start
|
sleep infinity
|
||||||
sleep 3
|
|
||||||
|
|
||||||
# wait until postfix is dead (triggered by trap)
|
|
||||||
while kill -0 $(cat /var/spool/postfix/pid/master.pid); do
|
|
||||||
sleep 5
|
|
||||||
done
|
|
||||||
|
|
|
@ -9,6 +9,8 @@ RUN apt-get update \
|
||||||
&& apt-get update \
|
&& apt-get update \
|
||||||
&& apt-get --no-install-recommends -y --force-yes install rspamd
|
&& apt-get --no-install-recommends -y --force-yes install rspamd
|
||||||
|
|
||||||
|
RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local
|
||||||
|
|
||||||
CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"]
|
CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"]
|
||||||
|
|
||||||
USER _rspamd
|
USER _rspamd
|
||||||
|
|
|
@ -1,3 +1,8 @@
|
||||||
|
actions {
|
||||||
|
reject = 15;
|
||||||
|
add_header = 5;
|
||||||
|
greylist = 4;
|
||||||
|
}
|
||||||
symbol "MAILCOW_AUTH" {
|
symbol "MAILCOW_AUTH" {
|
||||||
description = "mailcow authenticated";
|
description = "mailcow authenticated";
|
||||||
score = -20.0;
|
score = -20.0;
|
||||||
|
|
|
@ -0,0 +1 @@
|
||||||
|
settings = "http://nginx:8081/settings.php";
|
|
@ -10,5 +10,3 @@ rspamd_config.MAILCOW_AUTH = {
|
||||||
rspamd_config.MAILCOW_MOO = function (task)
|
rspamd_config.MAILCOW_MOO = function (task)
|
||||||
return true
|
return true
|
||||||
end
|
end
|
||||||
|
|
||||||
rspamd_config:add_map('http://nginx:8081/settings.php', "settings map", process_map)
|
|
||||||
|
|
|
@ -160,7 +160,7 @@ function dkim_table($action, $item) {
|
||||||
case "add":
|
case "add":
|
||||||
$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
|
$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
|
||||||
$selector = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['selector']);
|
$selector = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['selector']);
|
||||||
$key_length = $item['dkim']['key_size'];
|
$key_length = intval($item['dkim']['key_size']);
|
||||||
if (!ctype_alnum($selector) || !is_valid_domain_name($domain) || !is_numeric($key_length)) {
|
if (!ctype_alnum($selector) || !is_valid_domain_name($domain) || !is_numeric($key_length)) {
|
||||||
$_SESSION['return'] = array(
|
$_SESSION['return'] = array(
|
||||||
'type' => 'danger',
|
'type' => 'danger',
|
||||||
|
@ -178,13 +178,22 @@ function dkim_table($action, $item) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Should be done native in PHP soon
|
$config = array(
|
||||||
$privKey = shell_exec("openssl genrsa -out /tmp/dkim-private.pem " . escapeshellarg($key_length) . " -outform PEM && cat /tmp/dkim-private.pem");
|
"digest_alg" => "sha256",
|
||||||
$pubKey = shell_exec('openssl rsa -in /tmp/dkim-private.pem -pubout -outform PEM 2>/dev/null | sed -e "1d" -e "\$d" | tr -d "\n"');
|
"private_key_bits" => $key_length,
|
||||||
shell_exec('rm /tmp/dkim-private.pem');
|
"private_key_type" => OPENSSL_KEYTYPE_RSA,
|
||||||
|
);
|
||||||
|
$keypair_ressource = openssl_pkey_new($config);
|
||||||
|
$key_details = openssl_pkey_get_details($keypair_ressource);
|
||||||
|
$pubKey = implode(array_slice(
|
||||||
|
array_filter(
|
||||||
|
explode(PHP_EOL, $key_details['key'])
|
||||||
|
), 1, -1)
|
||||||
|
);
|
||||||
|
// Save public key to file
|
||||||
file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $selector . '_' . $domain, $pubKey);
|
file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $selector . '_' . $domain, $pubKey);
|
||||||
file_put_contents($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.' . $selector, $privKey);
|
// Save private key to file
|
||||||
|
openssl_pkey_export_to_file($keypair_ressource, $GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.' . $selector);
|
||||||
|
|
||||||
$_SESSION['return'] = array(
|
$_SESSION['return'] = array(
|
||||||
'type' => 'success',
|
'type' => 'success',
|
||||||
|
|
|
@ -1,4 +1,2 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
chown -R 5000:5000 data/vmail
|
chown -R 5000:5000 data/vmail
|
||||||
chown -R 33:33 data/dkim
|
chown -R 33:33 data/dkim
|
||||||
|
|
|
@ -5,13 +5,14 @@
|
||||||
|
|
||||||
MAILCOW_HOSTNAME=mail.mailcow.de
|
MAILCOW_HOSTNAME=mail.mailcow.de
|
||||||
|
|
||||||
# mailcow SQL database configuration
|
# SQL database configuration
|
||||||
|
|
||||||
DBNAME=mailcow
|
DBNAME=mailcow
|
||||||
DBUSER=mailcow
|
DBUSER=mailcow
|
||||||
DBPASS=mysafepasswd
|
DBPASS=mysafepasswd
|
||||||
DBROOT=myverysafepasswd
|
DBROOT=myverysafepasswd
|
||||||
|
|
||||||
# MySQL
|
# MySQL
|
||||||
|
# Tested with MySQL 5.5
|
||||||
DBVERS=5.5
|
DBVERS=5.5
|
||||||
|
|
||||||
# SOGo configuration
|
# SOGo configuration
|
||||||
|
@ -19,11 +20,12 @@ SOGOCHILDS=20
|
||||||
|
|
||||||
# Webserver configuration
|
# Webserver configuration
|
||||||
# Default port binding for Nginx is 443
|
# Default port binding for Nginx is 443
|
||||||
|
#
|
||||||
PHPVERS="5.6-fpm"
|
PHPVERS="5.6-fpm"
|
||||||
NGINXVERS="stable"
|
NGINXVERS="stable"
|
||||||
|
|
||||||
# You should leave that alone
|
# You should leave that alone
|
||||||
# Can also be 1.2.3.4:25 for specific binding
|
# Can also be 11.22.33.44:25 or 0.0.0.0:465 etc. for specific binding
|
||||||
SMTP_PORT=25
|
SMTP_PORT=25
|
||||||
SMTPS_PORT=465
|
SMTPS_PORT=465
|
||||||
SUBMISSION_PORT=587
|
SUBMISSION_PORT=587
|
||||||
|
|
|
@ -1,3 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Soon
|
|
Loading…
Reference in New Issue