paxton
/
mailcow
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rebase Dovecot on Stretch slim, build from stable source with latest stable Pigeonhole for antispam replacement

master
andryyy 2017-04-03 20:06:49 +02:00
parent abcdf841cd
commit 58d86dadce
9 changed files with 105 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

86
data/Dockerfiles/dovecot/Dockerfile
View File

@ -1,33 +1,30 @@
FROM ubuntu:xenial FROM debian:stretch-slim
#ubuntu:xenial
MAINTAINER Andre Peters <andre.peters@servercow.de> MAINTAINER Andre Peters <andre.peters@servercow.de>
ENV DEBIAN_FRONTEND noninteractive ENV DEBIAN_FRONTEND noninteractive
ENV LC_ALL C ENV LC_ALL C
ENV DOVECOT_VERSION 2.2.28
ENV PIGEONHOLE_VERSION 0.4.17
RUN dpkg-divert --local --rename --add /sbin/initctl \ RUN apt-get update \
&& ln -sf /bin/true /sbin/initctl \ && apt-get -y install libpam-dev \
&& dpkg-divert --local --rename --add /usr/bin/ischroot \ default-libmysqlclient-dev \
&& ln -sf /bin/true /usr/bin/ischroot lzma-dev \
liblz-dev \
RUN apt-get update libbz2-dev \
RUN apt-get -y install dovecot-common \ liblz4-dev \
dovecot-core \ liblzma-dev \
dovecot-imapd \ build-essential \
dovecot-lmtpd \ autotools-dev \
dovecot-managesieved \ automake \
dovecot-sieve \
dovecot-mysql \
dovecot-pop3d \
dovecot-dev \
syslog-ng \ syslog-ng \
syslog-ng-core \ syslog-ng-core \
ca-certificates \ ca-certificates \
supervisor \ supervisor \
wget \ wget \
curl \ curl \
build-essential \ libssl-dev \
autotools-dev \
automake \
libauthen-ntlm-perl \ libauthen-ntlm-perl \
libcrypt-ssleay-perl \ libcrypt-ssleay-perl \
libdigest-hmac-perl \ libdigest-hmac-perl \
@ -52,36 +49,57 @@ RUN apt-get -y install dovecot-common \
make \ make \
cpanminus cpanminus
RUN wget https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz -O - | tar xvz \
&& cd dovecot-$DOVECOT_VERSION \
&& ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
&& make -j3 \
&& make install \
&& make clean
RUN wget https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz -O - | tar xvz \
&& cd dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
&& ./configure \
&& make -j3 \
&& make install \
&& make clean
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
RUN cpanm Data::Uniqid Mail::IMAPClient String::Util RUN cpanm Data::Uniqid Mail::IMAPClient String::Util
RUN echo '* * * * * root /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync RUN echo '* * * * * root /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync
RUN echo '30 3 * * * vmail /usr/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync RUN echo '30 3 * * * vmail /usr/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
WORKDIR /tmp
RUN wget http://hg.dovecot.org/dovecot-antispam-plugin/archive/tip.tar.gz -O - | tar xvz \
&& cd /tmp/dovecot-antispam* \
&& ./autogen.sh \
&& ./configure --prefix=/usr \
&& make \
&& make install
COPY ./imapsync /usr/local/bin/imapsync COPY ./imapsync /usr/local/bin/imapsync
COPY ./postlogin.sh /usr/local/bin/postlogin.sh COPY ./postlogin.sh /usr/local/bin/postlogin.sh
COPY ./imapsync_cron.pl /usr/local/bin/imapsync_cron.pl COPY ./imapsync_cron.pl /usr/local/bin/imapsync_cron.pl
COPY ./rspamd-pipe /usr/local/bin/rspamd-pipe COPY ./report-spam.sieve /usr/local/lib/dovecot/sieve/report-spam.sieve
COPY ./report-ham.sieve /usr/local/lib/dovecot/sieve/report-ham.sieve
COPY ./rspamd-pipe-ham /usr/local/lib/dovecot/sieve/rspamd-pipe-ham
COPY ./rspamd-pipe-spam /usr/local/lib/dovecot/sieve/rspamd-pipe-spam
COPY ./docker-entrypoint.sh / COPY ./docker-entrypoint.sh /
COPY ./supervisord.conf /etc/supervisor/supervisord.conf COPY ./supervisord.conf /etc/supervisor/supervisord.conf
RUN chmod +x /usr/local/bin/rspamd-pipe RUN chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \
RUN chmod +x /usr/local/bin/imapsync_cron.pl /usr/local/lib/dovecot/sieve/rspamd-pipe-spam \
/usr/local/bin/imapsync_cron.pl \
/usr/local/bin/postlogin.sh \
/usr/local/bin/imapsync
RUN groupadd -g 5000 vmail RUN groupadd -g 5000 vmail \
RUN useradd -g vmail -u 5000 vmail -d /var/vmail && groupadd -g 142 dovecot \
&& groupadd -g 143 dovenull \
&& useradd -g vmail -u 5000 vmail -d /var/vmail \
&& useradd -c "Dovecot unprivileged user" -d /dev/null -u 142 -g dovecot -s /bin/false dovecot \
&& useradd -c "Dovecot login user" -d /dev/null -u 143 -g dovenull -s /bin/false dovenull
EXPOSE 24 10001 EXPOSE 24 10001
ENTRYPOINT ["/docker-entrypoint.sh"] ENTRYPOINT ["/docker-entrypoint.sh"]
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* RUN apt-get clean \
&& rm -rf /var/lib/apt/lists/* \
/tmp/* \
/var/tmp/* \
/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
/dovecot-$DOVECOT_VERSION

32
data/Dockerfiles/dovecot/docker-entrypoint.sh
View File

@ -6,12 +6,16 @@ sed -i "/^\$DBUSER/c\\\$DBUSER='${DBUSER}';" /usr/local/bin/imapsync_cron.pl
sed -i "/^\$DBPASS/c\\\$DBPASS='${DBPASS}';" /usr/local/bin/imapsync_cron.pl sed -i "/^\$DBPASS/c\\\$DBPASS='${DBPASS}';" /usr/local/bin/imapsync_cron.pl
sed -i "/^\$DBNAME/c\\\$DBNAME='${DBNAME}';" /usr/local/bin/imapsync_cron.pl sed -i "/^\$DBNAME/c\\\$DBNAME='${DBNAME}';" /usr/local/bin/imapsync_cron.pl
[[ ! -d /etc/dovecot/sql/ ]] && mkdir -p /etc/dovecot/sql/ # Create SQL dict directory for Dovecot
[[ ! -d /usr/local/etc/dovecot/sql/ ]] && mkdir -p /usr/local/etc/dovecot/sql/
[[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
[[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
# Set Dovecot sql config parameters, escape " in db password # Set Dovecot sql config parameters, escape " in db password
DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g') DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g')
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql.conf # Create quota dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql.conf
connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}" connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
map { map {
pattern = priv/quota/storage pattern = priv/quota/storage
@ -27,7 +31,8 @@ map {
} }
EOF EOF
cat <<EOF > /etc/dovecot/sql/dovecot-mysql.conf # Create user and pass dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-mysql.conf
driver = mysql driver = mysql
connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}" connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
default_pass_scheme = SSHA256 default_pass_scheme = SSHA256
@ -36,19 +41,32 @@ user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid,
iterate_query = SELECT username FROM mailbox WHERE active='1'; iterate_query = SELECT username FROM mailbox WHERE active='1';
EOF EOF
[[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve # Create global sieve_after script
[[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo cat /usr/local/etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
cat /etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
# Compile sieve scripts
sievec /var/vmail/sieve/global.sieve sievec /var/vmail/sieve/global.sieve
sievec /usr/local/lib/dovecot/sieve/report-spam.sieve
sievec /usr/local/lib/dovecot/sieve/report-ham.sieve
# Fix sieve permission
chown -R vmail:vmail /var/vmail/sieve chown -R vmail:vmail /var/vmail/sieve
# Check permissions of vmail directory.
# Do not do this every start-up, it may take a very long time. So we use a stat check here. # Do not do this every start-up, it may take a very long time. So we use a stat check here.
if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi
# Create random master for SOGo sieve features # Create random master for SOGo sieve features
RAND_USER=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1) RAND_USER=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1)
RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1) RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1)
echo ${RAND_USER}:$(doveadm pw -s SHA1 -p ${RAND_PASS}) > /etc/dovecot/dovecot-master.passwd echo ${RAND_USER}:$(doveadm pw -s SHA1 -p ${RAND_PASS}) > /usr/local/etc/dovecot/dovecot-master.passwd
echo ${RAND_USER}:${RAND_PASS} > /etc/sogo/sieve.creds echo ${RAND_USER}:${RAND_PASS} > /etc/sogo/sieve.creds
if [[ ! -f /mail_crypt/ecprivkey.pem || ! -f /mail_crypt/ecpubkey.pem ]]; then
openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
openssl pkey -in /mail_crypt/ecprivkey.pem -pubout -out /mail_crypt/ecpubkey.pem
chown -R dovecot -R /mail_crypt/
chattr + /mail_crypt/ecpubkey.pem /mail_crypt/ecprivkey.pem
fi
exec "$@" exec "$@"

11
data/Dockerfiles/dovecot/report-ham.sieve 100644
View File

@ -0,0 +1,11 @@
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
pipe :copy "rspamd-pipe-ham";

3
data/Dockerfiles/dovecot/report-spam.sieve 100644
View File

@ -0,0 +1,3 @@
require ["vnd.dovecot.pipe", "copy"];
pipe :copy "rspamd-pipe-spam";

8
data/Dockerfiles/dovecot/rspamd-pipe
View File

@ -1,8 +0,0 @@
#!/bin/bash
if [[ ${2} == "learn_spam" ]]; then
/usr/bin/curl --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
elif [[ ${2} == "learn_ham" ]]; then
/usr/bin/curl --data-binary @- http://rspamd:11334/learnham < /dev/stdin
fi
# Always return 0 to satisfy Dovecot...
exit 0

4
data/Dockerfiles/dovecot/rspamd-pipe-ham 100755
View File

@ -0,0 +1,4 @@
#!/bin/bash
/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnham < /dev/stdin
# Always return 0 to satisfy Dovecot...
exit 0

4
data/Dockerfiles/dovecot/rspamd-pipe-spam 100755
View File

@ -0,0 +1,4 @@
#!/bin/bash
/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
# Always return 0 to satisfy Dovecot...
exit 0

2
data/Dockerfiles/dovecot/supervisord.conf
View File

@ -8,7 +8,7 @@ autostart=true
stdout_syslog=true stdout_syslog=true
[program:dovecot] [program:dovecot]
command=/usr/sbin/dovecot -F command=/usr/local/sbin/dovecot -F
autorestart=true autorestart=true
[program:logfiles] [program:logfiles]

6
docker-compose.yml
View File

@ -26,6 +26,7 @@ services:
volumes: volumes:
- mysql-vol-1:/var/lib/mysql/ - mysql-vol-1:/var/lib/mysql/
- ./data/conf/mysql/:/etc/mysql/conf.d/:ro - ./data/conf/mysql/:/etc/mysql/conf.d/:ro
- ./data/assets/reset_mysql.sh:/reset_mysql.sh
dns: dns:
- 172.22.1.254 - 172.22.1.254
dns_search: mailcow-network dns_search: mailcow-network
@ -151,14 +152,16 @@ services:
depends_on: depends_on:
- bind9-mailcow - bind9-mailcow
volumes: volumes:
- ./data/conf/dovecot:/etc/dovecot - ./data/conf/dovecot:/usr/local/etc/dovecot
- ./data/assets/ssl:/etc/ssl/mail/:ro - ./data/assets/ssl:/etc/ssl/mail/:ro
- ./data/conf/sogo/:/etc/sogo/ - ./data/conf/sogo/:/etc/sogo/
- vmail-vol-1:/var/vmail - vmail-vol-1:/var/vmail
- crypt-vol-1:/mail_crypt/
environment: environment:
- DBNAME=${DBNAME} - DBNAME=${DBNAME}
- DBUSER=${DBUSER} - DBUSER=${DBUSER}
- DBPASS=${DBPASS} - DBPASS=${DBPASS}
- MAIL_CRYPT=${MAIL_CRYPT:-NO}
ports: ports:
- "${IMAP_PORT:-143}:143" - "${IMAP_PORT:-143}:143"
- "${IMAPS_PORT:-993}:993" - "${IMAPS_PORT:-993}:993"
@ -266,3 +269,4 @@ volumes:
redis-vol-1: redis-vol-1:
rspamd-vol-1: rspamd-vol-1:
postfix-vol-1: postfix-vol-1:
crypt-vol-1: