diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile index 0f2a3bb2..10604748 100644 --- a/data/Dockerfiles/dovecot/Dockerfile +++ b/data/Dockerfiles/dovecot/Dockerfile @@ -3,18 +3,17 @@ LABEL maintainer "Andre Peters " ARG DEBIAN_FRONTEND=noninteractive ENV LC_ALL C -ENV DOVECOT_VERSION 2.3.0 -ENV PIGEONHOLE_VERSION 0.5.0.1 -ENV ACLOCAL_DIR=m4 -ENV ACLOCAL="aclocal -Im4" +ENV DOVECOT_VERSION 2.2.33.2 +ENV PIGEONHOLE_VERSION 0.4.21 + RUN apt-get update && apt-get -y --no-install-recommends install \ - automake \ - autotools-dev \ - build-essential \ - ca-certificates \ - cpanminus \ - wget \ - default-libmysqlclient-dev \ + automake \ + autotools-dev \ + build-essential \ + ca-certificates \ + cpanminus \ + curl \ + default-libmysqlclient-dev \ libjson-webtoken-perl \ libcgi-pm-perl \ libcrypt-openssl-rsa-perl \ @@ -25,67 +24,60 @@ RUN apt-get update && apt-get -y --no-install-recommends install \ libsys-meminfo-perl \ libtest-mockobject-perl \ libwww-perl \ - libauthen-ntlm-perl \ - libbz2-dev \ - libcrypt-ssleay-perl \ - libdbd-mysql-perl \ - libdbi-perl \ - libdigest-hmac-perl \ - libfile-copy-recursive-perl \ - libio-compress-perl \ - libio-socket-inet6-perl \ - libio-socket-ssl-perl \ - libio-tee-perl \ - libipc-run-perl \ - liblockfile-simple-perl \ - liblz-dev \ - liblz4-dev \ - liblzma-dev \ - libmodule-scandeps-perl \ - libnet-ssleay-perl \ - libpam-dev \ - libpar-packer-perl \ - libreadonly-perl \ - libssl-dev \ - libterm-readkey-perl \ - libtest-pod-perl \ - libtest-simple-perl \ - libunicode-string-perl \ + libauthen-ntlm-perl \ + libbz2-dev \ + libcrypt-ssleay-perl \ + libdbd-mysql-perl \ + libdbi-perl \ + libdigest-hmac-perl \ + libfile-copy-recursive-perl \ + libio-compress-perl \ + libio-socket-inet6-perl \ + libio-socket-ssl-perl \ + libio-tee-perl \ + libipc-run-perl \ + liblockfile-simple-perl \ + liblz-dev \ + liblz4-dev \ + liblzma-dev \ + libmodule-scandeps-perl \ + libnet-ssleay-perl \ + libpam-dev \ + libpar-packer-perl \ + libreadonly-perl \ + libssl-dev \ + libterm-readkey-perl \ + libtest-pod-perl \ + libtest-simple-perl \ + libunicode-string-perl \ libproc-processtable-perl \ - liburi-perl \ - lzma-dev \ - git \ - make \ - autoconf \ - automake \ - pkgconf \ - libtool \ - gettext \ + liburi-perl \ + lzma-dev \ + make \ procps \ - supervisor \ + supervisor \ cron \ - syslog-ng \ - syslog-ng-core \ - syslog-ng-mod-redis \ - && rm -rf /var/lib/apt/lists/* + syslog-ng \ + syslog-ng-core \ + syslog-ng-mod-redis \ + && rm -rf /var/lib/apt/lists/* -RUN git clone https://github.com/dovecot/core.git dovecot \ - && cd dovecot \ - && ./autogen.sh \ - && PANDOC=false ./configure --enable-maintainer-mode --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \ - && make -j3 \ - && make install \ - && make clean \ - && cd .. && rm -rf dovecot \ - && wget -O - https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz \ - && cd dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION \ - && ./configure \ - && make -j3 \ - && make install \ - && make clean \ - && cd .. \ - && rm -rf dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION +RUN curl https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz \ + && cd dovecot-$DOVECOT_VERSION \ + && ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \ + && make -j3 \ + && make install \ + && make clean \ + && cd .. && rm -rf dovecot-$DOVECOT_VERSION \ + && curl https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz \ + && cd dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \ + && ./configure \ + && make -j3 \ + && make install \ + && make clean \ + && cd .. \ + && rm -rf dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION RUN cpanm Data::Uniqid Mail::IMAPClient String::Util RUN echo '* * * * * root /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync @@ -103,25 +95,26 @@ COPY docker-entrypoint.sh / COPY supervisord.conf /etc/supervisor/supervisord.conf RUN chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \ - /usr/local/lib/dovecot/sieve/rspamd-pipe-spam \ - /usr/local/bin/imapsync_cron.pl \ - /usr/local/bin/postlogin.sh \ - /usr/local/bin/imapsync + /usr/local/lib/dovecot/sieve/rspamd-pipe-spam \ + /usr/local/bin/imapsync_cron.pl \ + /usr/local/bin/postlogin.sh \ + /usr/local/bin/imapsync RUN groupadd -g 5000 vmail \ - && groupadd -g 401 dovecot \ - && groupadd -g 402 dovenull \ - && useradd -g vmail -u 5000 vmail -d /var/vmail \ - && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \ - && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull + && groupadd -g 401 dovecot \ + && groupadd -g 402 dovenull \ + && useradd -g vmail -u 5000 vmail -d /var/vmail \ + && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \ + && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull RUN touch /etc/default/locale RUN apt-get purge -y build-essential automake autotools-dev \ - && apt-get autoremove --purge -y + && apt-get autoremove --purge -y ENTRYPOINT ["/docker-entrypoint.sh"] CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf RUN rm -rf \ - /tmp/* \ - /var/tmp/* + /tmp/* \ + /var/tmp/* + diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index 33280c69..d35f0186 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -14,16 +14,22 @@ login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k" mail_home = /var/vmail/%d/%n mail_location = maildir:~/ mail_plugins = quota acl zlib listescape #mail_crypt + # Dovecot 2.2 -#ssl_protocols = !SSLv3 +ssl_protocols = !SSLv3 # Dovecot 2.3 -ssl_min_protocol = TLSv1 +#ssl_min_protocol = TLSv1 + ssl_prefer_server_ciphers = yes ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA + # Default in Dovecot 2.3 ssl_options = no_compression + # New in Dovecot 2.3 -ssl_dh=