From 5e883b6f5167d2d14168babb6f66030f03db487b Mon Sep 17 00:00:00 2001 From: andryyy Date: Mon, 12 Dec 2016 21:53:58 +0100 Subject: [PATCH] Some last changes --- .gitignore | 2 ++ 000-build-certs.sh | 16 +++++++++++ 002-build-pdns.sh | 3 -- 003-build-sql.sh | 5 ++-- 004-build-redis.sh | 1 - 005-build-rspamd.sh | 9 +++--- 006-build-php-fpm.sh | 6 ++-- 007-build-nginx.sh | 1 - 008-build-rmilter.sh | 3 +- 011-build-memcached.sh | 1 - README.md | 52 ++++++++++++++-------------------- data/assets/ssl/.empty | 0 data/assets/ssl/dhparams.pem | 8 ------ data/assets/ssl/mail.crt | 32 --------------------- data/assets/ssl/mail.key | 51 --------------------------------- data/conf/dovecot/dovecot.conf | 4 +-- data/conf/nginx/site.conf | 4 +-- data/conf/pdns/recursor.conf | 2 +- data/conf/postfix/main.cf | 8 +++--- data/web/inc/functions.inc.php | 30 ++++++++++++++------ data/web/inc/vars.inc.php | 2 -- port-check.sh | 4 ++- 22 files changed, 84 insertions(+), 160 deletions(-) create mode 100755 000-build-certs.sh create mode 100644 data/assets/ssl/.empty delete mode 100644 data/assets/ssl/dhparams.pem delete mode 100644 data/assets/ssl/mail.crt delete mode 100644 data/assets/ssl/mail.key diff --git a/.gitignore b/.gitignore index b94bd4c7..aa81f546 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,6 @@ data/db/mysql/* +data/assets/ssl/* +!data/assets/ssl/.empty !data/db/mysql/.mysql_data data/db/redis/* !data/db/redis/.redis_data diff --git a/000-build-certs.sh b/000-build-certs.sh new file mode 100755 index 00000000..12ae26ff --- /dev/null +++ b/000-build-certs.sh @@ -0,0 +1,16 @@ +#!/bin/bash +. mailcow.conf + +openssl dhparam -out data/assets/ssl/dhparams.pem 2048 + +docker run \ + --rm \ + -v ${PWD}/data/assets/ssl:/certs \ + ehazlett/certm \ + -d /certs ca generate -o=mailcow + +docker run \ + --rm \ + -v ${PWD}/data/assets/ssl:/certs \ + ehazlett/certm \ + -d /certs client generate --common-name=${MAILCOW_HOSTNAME} -o=mailcow diff --git a/002-build-pdns.sh b/002-build-pdns.sh index 7facd965..75d1aa3f 100755 --- a/002-build-pdns.sh +++ b/002-build-pdns.sh @@ -25,12 +25,9 @@ else build fi -sed -i "s#allow-from.*#allow-from=127.0.0.0/8 ${DOCKER_SUBNET}#" data/conf/pdns/recursor.conf - docker run \ -v ${PWD}/data/conf/pdns/:/etc/powerdns/ \ --network=${DOCKER_NETWORK} \ - --network-alias pdns \ -h pdns \ --name ${NAME} \ -d pdns diff --git a/003-build-sql.sh b/003-build-sql.sh index 723b303e..dba79c3e 100755 --- a/003-build-sql.sh +++ b/003-build-sql.sh @@ -83,12 +83,11 @@ fi docker run \ -v ${PWD}/data/db/mysql/:/var/lib/mysql/ \ - -v ${PWD}/data/conf/mysql/:/etc/mysql/conf.d/ \ - -v ${PWD}/data/assets/mysql:/assets \ + -v ${PWD}/data/conf/mysql/:/etc/mysql/conf.d/:ro \ + -v ${PWD}/data/assets/mysql:/assets:ro \ --name=${NAME} \ --network=${DOCKER_NETWORK} \ -h mysql \ - --network-alias mysql \ -e MYSQL_ROOT_PASSWORD=${DBROOT} \ -e MYSQL_DATABASE=${DBNAME} \ -e MYSQL_USER=${DBUSER} \ diff --git a/004-build-redis.sh b/004-build-redis.sh index d8be7e10..b0cd6046 100755 --- a/004-build-redis.sh +++ b/004-build-redis.sh @@ -34,6 +34,5 @@ docker run \ -v ${PWD}/data/db/redis/:/data/ \ --network=${DOCKER_NETWORK} \ -h redis \ - --network-alias redis \ --name=${NAME} \ -d redis:${REDISVERS} --appendonly yes diff --git a/005-build-rspamd.sh b/005-build-rspamd.sh index 233a60e2..dd8c3963 100755 --- a/005-build-rspamd.sh +++ b/005-build-rspamd.sh @@ -32,15 +32,14 @@ else fi docker run \ - -v ${PWD}/data/conf/rspamd/override.d/:/etc/rspamd/override.d/ \ - -v ${PWD}/data/conf/rspamd/local.d/:/etc/rspamd/local.d/ \ - -v ${PWD}/data/conf/rspamd/lua/:/etc/rspamd/lua/ \ + -v ${PWD}/data/conf/rspamd/override.d/:/etc/rspamd/override.d/ro \ + -v ${PWD}/data/conf/rspamd/local.d/:/etc/rspamd/local.d/ro \ + -v ${PWD}/data/conf/rspamd/lua/:/etc/rspamd/lua/:ro \ -v ${PWD}/data/dkim/txt/:/etc/rspamd/dkim/txt/:ro \ -v ${PWD}/data/dkim/keys/:/etc/rspamd/dkim/keys/:ro \ --dns=${PDNS_IP} \ - --dns-search=${DOCKER_NETWORK} \ + --dns-search=${DOCKER_NETWORK} \ --network=${DOCKER_NETWORK} \ - --network-alias rspamd \ -h rspamd \ --name ${NAME} \ -d rspamd diff --git a/006-build-php-fpm.sh b/006-build-php-fpm.sh index 8391574f..ce68bc0d 100755 --- a/006-build-php-fpm.sh +++ b/006-build-php-fpm.sh @@ -22,10 +22,12 @@ docker run \ -v ${PWD}/data/conf/rspamd/dynmaps:/dynmaps:ro \ -v ${PWD}/data/dkim/:/shared/dkim/ \ -d --network=${DOCKER_NETWORK} \ - --name ${NAME} --network-alias phpfpm -h phpfpm php:${PHPVERS} + --name ${NAME} \ + -h phpfpm \ + php:${PHPVERS} echo "Installing intl and mysql pdo extension..." -docker exec ${NAME} /bin/bash -c "apt-get update && apt-get install -y zlib1g-dev libicu-dev g++ libidn11-dev dovecot-core" +docker exec ${NAME} /bin/bash -c "apt-get update && apt-get install -y zlib1g-dev libicu-dev g++ libidn11-dev" docker exec ${NAME} docker-php-ext-configure intl pdo pdo_mysql docker exec ${NAME} docker-php-ext-install intl pdo pdo_mysql echo "Restarting container..." diff --git a/007-build-nginx.sh b/007-build-nginx.sh index 3772f2aa..e0efdefc 100755 --- a/007-build-nginx.sh +++ b/007-build-nginx.sh @@ -31,7 +31,6 @@ docker run \ -v ${PWD}/data/assets/ssl/:/etc/ssl/mail/:ro \ -v ${PWD}/data/conf/nginx/:/etc/nginx/conf.d/:ro \ --network=${DOCKER_NETWORK} \ - --network-alias nginx \ -h nginx \ -d nginx:${NGINXVERS} diff --git a/008-build-rmilter.sh b/008-build-rmilter.sh index 41df41fe..09766758 100755 --- a/008-build-rmilter.sh +++ b/008-build-rmilter.sh @@ -26,9 +26,8 @@ else fi docker run \ - -v ${PWD}/data/conf/rmilter/:/etc/rmilter.conf.d/ \ + -v ${PWD}/data/conf/rmilter/:/etc/rmilter.conf.d/:ro \ --network=${DOCKER_NETWORK} \ - --network-alias rmilter \ -h rmilter \ --name ${NAME} \ -d rmilter diff --git a/011-build-memcached.sh b/011-build-memcached.sh index 13a2c8cb..6e73aef5 100755 --- a/011-build-memcached.sh +++ b/011-build-memcached.sh @@ -21,6 +21,5 @@ fi docker run \ --network=${DOCKER_NETWORK} \ -h memcached \ - --network-alias memcached \ --name=${NAME} \ -d memcached diff --git a/README.md b/README.md index c3fc2a13..c06fab9e 100644 --- a/README.md +++ b/README.md @@ -7,22 +7,22 @@ All configurations were written with security in mind. ### Exposed ports: -| Service | External bindings | Internal bindings | -|:----------------------|:---------------------------------------------|:-------------------------------| -| Postfix | 25/tcp, 465/tcp, 587/tcp | 588/tcp | -| Dovecot | 110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp | 24/tcp, 10001/tcp | -| Nginx | 443/tcp | 80/tcp, 8081/tcp | -| PowerDNS Recursor | - | 53/udp | -| Rspamd | - | 11333/tcp, 11334/tcp | -| MariaDB | - | 3306/tcp | -| Rmilter | - | 9000/tcp | -| PHP FPM | - | 9000/tcp | -| SOGo | - | 9000/tcp | -| Redis | - | 6379/tcp | -| Memcached | - | 11211/tcp | +| Service | Hostname, Alias | External bindings | Internal bindings | +|:-------------|:-------------------------------|:---------------------------------------------|:-------------------------------| +| Postfix | ${MAILCOW_HOSTNAME}, postfix | 25/tcp, 465/tcp, 587/tcp | 588/tcp | +| Dovecot | ${MAILCOW_HOSTNAME}, dovecot | 110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp | 24/tcp, 10001/tcp | +| Nginx | nginx | 443/tcp | 80/tcp, 8081/tcp | +| PowerDNS | pdns | - | 53/udp | +| Rspamd | rspamd | - | 11333/tcp, 11334/tcp | +| MariaDB | mysql | - | 3306/tcp | +| Rmilter | rmilter | - | 9000/tcp | +| PHP FPM | phpfpm | - | 9000/tcp | +| SOGo | sogo | - | 9000/tcp | +| Redis | redis | - | 6379/tcp | +| Memcached | memcached | - | 11211/tcp | - -All containers share a network "mailcow-network" (name can be changed, but remove all containers and rebuild them after changing). +All containers share a network ${MAILCOW_NETWORK} (name can be changed, but remove all containers and rebuild them after changing). +IPs are dynamic and taken from subnet ${DOCKER_SUBNET}. ## Installation @@ -59,16 +59,8 @@ docker restart rspamd-mailcow Open https://${MAILCOW_HOSTNAME}/rspamd in a browser. -### SSL (or: How to use Let's Encrypt) -mailcow dockerized comes with a self-signed certificate. Certificates and DH parameters are saved as `data/assets/ssl/{dhparams.pem,mail.{crt,key}}`. - -First you should renew the DH parameters. -Soem say you should use 4096, but be prepared for a long waiting period when generating such a file. - -Assuming you are in the mailcow root folder: -``` -openssl dhparam -out ./data/assets/ssl/dhparams.pem 2048 -``` +### SSL (and: How to use Let's Encrypt) +mailcow dockerized generates a CA named "mailcow" with a self-signed server certificate in `data/assets/ssl` via `000-build-certs.sh`. Get the certbot client: ``` @@ -87,8 +79,8 @@ certbot-auto certonly \ Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: ``` -mv data/assets/ssl/mail.{crt,crt_old} -mv data/assets/ssl/mail.{key,key_old} +mv data/assets/ssl/cert.{pem,pem.backup} +mv data/assets/ssl/key.{pem,pem.backup} ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/mail.crt ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/mail.key ``` @@ -113,11 +105,11 @@ When renewing certificates, run the last two steps (link + restart) as post-hook No persistent data is deleted at any time. If an image exists, you will be asked wether or not to repull/rebuild it. +Build files are numbered "nnn" for dependencies. + ### Logs -You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter reponses. - -When a process dies, the container dies, too. Except for Postfix' container. +You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter responses. ### MariaDB diff --git a/data/assets/ssl/.empty b/data/assets/ssl/.empty new file mode 100644 index 00000000..e69de29b diff --git a/data/assets/ssl/dhparams.pem b/data/assets/ssl/dhparams.pem deleted file mode 100644 index cb1aba14..00000000 --- a/data/assets/ssl/dhparams.pem +++ /dev/null @@ -1,8 +0,0 @@ ------BEGIN DH PARAMETERS----- -MIIBCAKCAQEAytfW/P+fV4BLTcJhlHG49Vq7hQrmyUPP+NZ/6MUIG8FNlFaXxbFl -NtarS/gfOpj+Q5LhS91gToQOqJIij03Jr7t3PdUkkDuIs11y5Ux6zsEQdBhok+yY -tYvdYT4lbex1dLX36u/tn2VnPdh2jLltRjWN2jiUxjh/O+vXtfej8u4Rc2oOOOFS -f0e2Ye2WeWXvQlhkcGu87kKIqklxbjmqVtE1fx5Ydvrl1P/HQiCq4YQLIx5skgQn -e4LyvBdiuA44v1WhXSa0Lb4PcXUQcGhesGJZ/A3M1K/h/ZO47oUyL93odyAO8x3e -mLHHsOWAh5MGO0ID2jANwuziri5LEeW4+wIBAg== ------END DH PARAMETERS----- diff --git a/data/assets/ssl/mail.crt b/data/assets/ssl/mail.crt deleted file mode 100644 index c8529427..00000000 --- a/data/assets/ssl/mail.crt +++ /dev/null @@ -1,32 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIFezCCA2OgAwIBAgIJALl64rYl1fjjMA0GCSqGSIb3DQEBCwUAMFQxCzAJBgNV -BAYTAkRFMQwwCgYDVQQIDANOUlcxCzAJBgNVBAcMAktSMRIwEAYDVQQKDAlTZXJ2 -ZXJjb3cxFjAUBgNVBAMMDW1haWxjb3cubG9jYWwwHhcNMTYxMjA4MjEzMDM2WhcN -MjYxMjA2MjEzMDM2WjBUMQswCQYDVQQGEwJERTEMMAoGA1UECAwDTlJXMQswCQYD -VQQHDAJLUjESMBAGA1UECgwJU2VydmVyY293MRYwFAYDVQQDDA1tYWlsY293Lmxv -Y2FsMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvd/79BmtXZcgzwJw -8i76C8e0waehYypibOkBqnFi4bF6Q7mhB1j/bA4LmXG4UpcX7ULlDozzaM7Hfi9Q -v1STYR/S9ShXZNStwDYibOa1q/FG+b4qTjtFiWBW8wH/XxIv6JHX8/IjqwHIs/3B -EVEl0LEs1RdNMKgSEJ9wbK3q+0pOvw9B6FnhCE2414SE1e7wYL50+NaKTHQcbft3 -ZcRGDTEh4euRKMmVTrBwmpYnNtiljJvHU4F9cdAFg8ZailwJerod1VXB93YX3Jtc -qRQ9akNjFzLQ/6a4PhKAB8uaStEzri0yBdp+O0Qs/tbloAArAJW3dgE7Omxzso79 -Du4idDHyRmcLu5rsQzST+7kwaCHHWQ4c2mjlhibICGMUzwks39s1QI8CtjmU6AIy -7F/XpYAJ70Fl7qy99ugrz8X50cPBFtLTYX18wZTUjl/s4qy+JPvUBt2MALPj/YnR -fXck/emkwscmE1UhaycMW4U21/+5gOhWpFIBCKWnsvRn0SHi7lUzuWBnXvL5tmrA -gsaFrm/L2JhW2WerZ61UpOVookYtUbk4Hr+Pq6yTgJShUw2i/B71Qr173PIxRV7u -1qJeOWY3UMPLcfiAnEZFAo7cfLRvqZmHiNp6lALdmoiWllnVvzcRwR/DBvg4gaFt -R6FeLDArhCdu04WENTd5E3XHRrUCAwEAAaNQME4wHQYDVR0OBBYEFFBMhsQlfxCI -1GaT1ZGvGheUOGRkMB8GA1UdIwQYMBaAFFBMhsQlfxCI1GaT1ZGvGheUOGRkMAwG -A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBADujbXk9XVhkF6/WVTxANXVB -tpIojCPEsXYqEhvMGtDGfqd8sJlEWM0vmuUvM52G7ULMf8aVfiOhLUkEFWpadL9v -/uZ8EPUc+ZWxxBOEnJbszqrxs94u7K9dxmQnL1rjrW1UtkrT0ptuzJBBQcjdicwe -VIl5Cn/eq+mkKZRVlctGtD4r1z8u5rUHoOE4RCOU5mfSafu15zzwiglh9wLuuXHC -bi7Onau9gB1EfmhZwUAL2xZZwvlNGRc6Dz1LG+OXVIOgRHeyfnZQa1ErC4FY5J0Y -NR+KT7JQW9zivyu0MsV3E2J7GzRAywKyP0m/F/qHJFWxPymILAyWVUlwtJswR5sE -bT19zPeajrVrbpUMtQv3FhFObtSyw/eI/yRWUuhBapkk95DWl7OkffkQ5OUHG+fs -QWj1d2Mdhf+jkpgqyL1DyPILsG7ADT0dL/3kZoJf1wjeqNfW3dDo0Ex9DlbznP2h -ldnMeIQYuyNBqzNfaZGW2WManwHWtASV2Hn76QMVrMfLDnf3RRdEUplW3fsIfLQ0 -f2YVunLJNvll+2QGdCkmJUbLEvvvWmz0Ve+RalGtKi+VTd2I3u4fvFsAXad48wwq -oK5xd6Se0MsTkcOukaPEkggjffmITyg5Hpqmg1yBSoaH5D/wujTy9X3QcQA30fU/ -ttoPblK2hlItcK4hHnkK ------END CERTIFICATE----- diff --git a/data/assets/ssl/mail.key b/data/assets/ssl/mail.key deleted file mode 100644 index 6ec56d8b..00000000 --- a/data/assets/ssl/mail.key +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKAIBAAKCAgEAvd/79BmtXZcgzwJw8i76C8e0waehYypibOkBqnFi4bF6Q7mh -B1j/bA4LmXG4UpcX7ULlDozzaM7Hfi9Qv1STYR/S9ShXZNStwDYibOa1q/FG+b4q -TjtFiWBW8wH/XxIv6JHX8/IjqwHIs/3BEVEl0LEs1RdNMKgSEJ9wbK3q+0pOvw9B -6FnhCE2414SE1e7wYL50+NaKTHQcbft3ZcRGDTEh4euRKMmVTrBwmpYnNtiljJvH -U4F9cdAFg8ZailwJerod1VXB93YX3JtcqRQ9akNjFzLQ/6a4PhKAB8uaStEzri0y -Bdp+O0Qs/tbloAArAJW3dgE7Omxzso79Du4idDHyRmcLu5rsQzST+7kwaCHHWQ4c -2mjlhibICGMUzwks39s1QI8CtjmU6AIy7F/XpYAJ70Fl7qy99ugrz8X50cPBFtLT -YX18wZTUjl/s4qy+JPvUBt2MALPj/YnRfXck/emkwscmE1UhaycMW4U21/+5gOhW -pFIBCKWnsvRn0SHi7lUzuWBnXvL5tmrAgsaFrm/L2JhW2WerZ61UpOVookYtUbk4 -Hr+Pq6yTgJShUw2i/B71Qr173PIxRV7u1qJeOWY3UMPLcfiAnEZFAo7cfLRvqZmH -iNp6lALdmoiWllnVvzcRwR/DBvg4gaFtR6FeLDArhCdu04WENTd5E3XHRrUCAwEA -AQKCAgEArhCYOb8QX6wcN6pVQLAwKnx6CM5T9UT11kIFdOtdaun42/1g0guUnMqD -d7f48j3xgWDB/ATbYEmwOM3HiJ9QPMmf63+AHr+aSYtXI96czXPzTSA4SF+t77KS -A1Thd5aEtQB+qPRiHnMUO211gRqTQC4sm20xJlntta90sSz/Lj+A0UZ7dTZwRdx6 -h5jE7hqN4yK2uSh0wIHxTiIp4vF8Brv0A9igynOCnRDDKfRdHrqdibmFkdgz2BKL -+7HrbsvRJOFaWCi2GNX6KhODbr1PUAtW2/2J+9QrMzxigsL0P4JpjlOAeD1FW6+0 -UCtRdsywn2ihN10JnxWtOxQ6iWVlzut52uDnwUa09GThSVnurJihV9mSWyk9lNuy -0kILtSmYn6UbokOgmfjH0E2Ks1qbskD8GlI9g/wkhs5YC+ZYW2MP9FG39n4/QSnk -boOTqht8JylWPVyzmvvcRf5nfEOZ5mF82L28Y/OfPn0gakYARxn1EnzpguF3ffFD -NEn9lWzEAbldlnDslzi6YPOeyQwA6iLCesag5LSGdADrM7kAGHksJggeUb02BSd6 -Nmy6MVMF6tzQYdaqgKXoqKs5nRJLZR1k70ftju2UNWEN24aUd6U2lDOlkaYoucSk -NohTUKXX0dibSGd9eU7hCNS75YoG1x2gCEOatVelG4EZQfIU/EECggEBAN6gBjv4 -kDuIZ1wk0BBt/ijARH8FAzHm0hr8oyWpq6Sdrq5y9iAbvFNwEXJ/ft6NNcCF9maT -e5oG5NpoaV0FN5W8qQ8rGnESV/fZOxJEr1yJPEq4yDIspHEXkBjvTgYWjuXRve9n -NtsSv1crRFxW5IizPkZklbJUZD7oH5iHB15UGfdpKr5Fx3JpsaXht3dMEJ4YQetF -Mr9jcBGwYCYmlWgpKkD+HadgjbNdG4ztKTFEU7/ElEIIR86IDcqJsz0XsmZIjwUU -3lsPhVo8Km8ohvGA/WqAaf6ebN9PXjiUFXfjHlveHPTtrd5MCutnxUk0kY4/srmB -5avH3bxXbKiufiMCggEBANpXEGY9f020vHFUC0vNOeCym8XuXqFyvx6Cl6tTlj8S -dZCWoHljnJg2HbbJcdh92rri9f+ahNNpZ9/0PQi9yBThWt9aP90Tw3+BhxUyvlPL -FsFX5IdNq403Ls9iyZuj1Rf9lc65d9lr7TVC5CMI7+BN3CftjvOw3yGucJno+MLW -AvENx3+NnZ2Hy9nNJp54lbDJe8anP57kvDIKcbmmvVW2ktQKcZqAyBUq0E8mOtkz -66ZRV+/pSnwugb0Eols3s54OvtOoGBnq1r8GVhf/x23J0UvBoHqqURQFJ5oTKxQW -zAJ7suGn3xUKBOatypXgg8ZL67rQqo0PxoNK0RcJuUcCggEAHWrf6ATMalF39wEW -TVV7hD8DzhUHewyZLt+7XzqwZ6w+bObcBxojJJNmes7GIPpf4/TPvnY2mv/WNdYe -NiB+W9b2L/7uG4rk/OdDmwJgecXYpbcNHTQw9pC6hdD5amyIrW2tv3jQEtrDVe1t -txX0VOv6iqq37Tyhkn5xzmHpY1mRpNPMxh/KXyAATX8qEyWF/J4P99rI/elR4cSA -sAnhLEZkQvpRSNDFaLIg9dpQ2yXAO1LqlF8rverUh7LycFw1QrbLz0wWpcnDQU05 -/j5Itpjo463cU7zzff6q4KcQvyrP1Cvhf6v4katSthCcTTQZF8brAwBbLPvYHQ8g -WJnWKQKCAQAVJ8ZxAZhqIQ75NBl8GMB44xVw0i3dGs8l16V2djzik5lMjyuxV1N+ -9A9g/JfJUDh3TzJit8gS6+2ip3madTkDvOofJhF2DEou+o/qH+aNG+pyhV+hNIdg -wW4Jrhq2t+MX1fxD8XiJWom7VWXhdyY255RjUgM93W9hRhOm9gnUZwQV8y3XUBNr -hhLcYaJSTIDEhmE12FKzxJnvh0+Jm3xQ58XGQdTMEZpRYrqYUK33Ca7ViKAqoMIU -0jTD6cUJbZY7xFX9EBZ1vGleTPDelmvuWVWsL3CrMgF1HSK/LQhJhAP0YaPtdWSK -F1RuPXyZlQ1vkz+d9EXyMQsdAYzM3KZVAoIBAF0gvM4fY0EvSDKevWnZtLyINHZV -TC2HhElAREmblbziQ1GO00nCw+RXYmA7fMHuMNnHMcB/QubpMQxEPetAbtcX9jXW -iBNIpHTQwNWBe+IGd1I7n6FA6Cqis4tdNFmaWxXv1aMpzU7K/aVcO3sK3SsjSy6A -4bDJ9mlGCnIv5zc1on3lpMARBUGRF8mAQ6ejMuUjubtPa8cSUhUv3hoH0xG9bLJh -0VDZ6bZ7QFLpNxFUlX7muSj8DNsjR77TBuN+Buk+pI68GDl6177Gm6UkZRYx4yi5 -xFCP9932L2tufcQaRsiIHdNEFAGMMPe2M22DUmSI0cSNgx4xKuLGJI4PkTM= ------END RSA PRIVATE KEY----- diff --git a/data/conf/dovecot/dovecot.conf b/data/conf/dovecot/dovecot.conf index 4faa9147..2f962781 100644 --- a/data/conf/dovecot/dovecot.conf +++ b/data/conf/dovecot/dovecot.conf @@ -183,8 +183,8 @@ service lmtp { user = vmail } listen = *,[::] -ssl_cert = array('pipe', 'r'), 1 => array('pipe', 'w'), 2 => array('pipe', 'w')); $pipes = array(); @@ -76,7 +88,7 @@ function check_login($user, $pass) { $stmt->execute(array(':user' => $user)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); foreach ($rows as $row) { - if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) { + if (verify_ssha256($row['password'], $pass) !== false) { unset($_SESSION['ldelay']); return "admin"; } @@ -88,7 +100,7 @@ function check_login($user, $pass) { $stmt->execute(array(':user' => $user)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); foreach ($rows as $row) { - if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) { + if (doveadm_authenticate($row['password'], $pass) !== false) { unset($_SESSION['ldelay']); return "domainadmin"; } @@ -99,7 +111,7 @@ function check_login($user, $pass) { $stmt->execute(array(':user' => $user)); $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); foreach ($rows as $row) { - if (doveadm_authenticate($row['password'], $GLOBALS['HASHING'], $pass) !== false) { + if (doveadm_authenticate($row['password'], $pass) !== false) { unset($_SESSION['ldelay']); return "user"; } diff --git a/data/web/inc/vars.inc.php b/data/web/inc/vars.inc.php index 6a033d4a..158729c9 100644 --- a/data/web/inc/vars.inc.php +++ b/data/web/inc/vars.inc.php @@ -31,6 +31,4 @@ $DEFAULT_LANG = "en"; // See https://bootswatch.com/ $DEFAULT_THEME = "lumen"; -$HASHING = "SSHA256"; - ?> diff --git a/port-check.sh b/port-check.sh index 5ab28883..4e854459 100755 --- a/port-check.sh +++ b/port-check.sh @@ -2,9 +2,11 @@ . mailcow.conf +if [[ -z $(which ss) ]]; then echo "Please install the ss util first."; exit 1; fi + for port in ${SMTP_PORT} ${SMTPS_PORT} ${SUBMISSION_PORT} ${IMAP_PORT} ${IMAPS_PORT} ${POP_PORT} ${POPS_PORT} ${SIEVE_PORT} 443; do if [[ ! -z $(ss -tlnp "( sport = :$port )" 2> /dev/null | grep LISTEN | grep -vi docker) ]]; then - echo "Port $port is in use by other process." + echo "Port $port is in use by another process." err=1 fi done