[Dovecot] Allow setting ACL_ANYONE in mailcow.conf

master
André Peters 2019-01-16 10:50:34 +01:00 committed by andryyy
commit f3dfe346bf
17 changed files with 392 additions and 16 deletions

1
.gitignore vendored
View File

@ -22,6 +22,7 @@ data/conf/rspamd/override.d/*
data/conf/nginx/*.conf data/conf/nginx/*.conf
data/conf/nginx/*.custom data/conf/nginx/*.custom
data/conf/nginx/*.bak data/conf/nginx/*.bak
data/conf/dovecot/acl_anyone
data/conf/dovecot/extra.conf data/conf/dovecot/extra.conf
data/conf/rspamd/custom/* data/conf/rspamd/custom/*
data/conf/portainer/ data/conf/portainer/

View File

@ -53,9 +53,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
libjson-c-dev \ libjson-c-dev \
&& addgroup --system --gid 700 clamav \ && addgroup --system --gid 700 clamav \
&& adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \ && adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
&& mkdir -p /run/clamav /var/lib/clamav \
&& chown clamav:clamav /run/clamav /var/lib/clamav \
&& chmod 750 /run/clamav \
&& rm -rf /tmp/* /var/tmp/* && rm -rf /tmp/* /var/tmp/*
COPY bootstrap.sh ./ COPY bootstrap.sh ./

View File

@ -14,6 +14,10 @@ if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2 echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2
fi fi
chown clamav:clamav /var/lib/clamav/whitelist.ign2 chown clamav:clamav /var/lib/clamav/whitelist.ign2
mkdir -p /run/clamav /var/lib/clamav
chown clamav:clamav /run/clamav /var/lib/clamav
chmod 750 /run/clamav
chmod 755 /var/lib/clamav
dos2unix /var/lib/clamav/whitelist.ign2 dos2unix /var/lib/clamav/whitelist.ign2
sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2 sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2

View File

@ -97,6 +97,7 @@ RUN echo '30 3 * * * vmail /usr/local/bin/doveadm quota recalc -A' > /etc/cron.
RUN echo '* * * * * vmail /usr/local/bin/trim_logs.sh >> /dev/console 2>&1' > /etc/cron.d/trim_logs RUN echo '* * * * * vmail /usr/local/bin/trim_logs.sh >> /dev/console 2>&1' > /etc/cron.d/trim_logs
RUN echo '25 * * * * vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc RUN echo '25 * * * * vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc
RUN echo '30 1 * * * root /usr/local/bin/sa-rules.sh >> /dev/console 2>&1' > /etc/cron.d/sa-rules RUN echo '30 1 * * * root /usr/local/bin/sa-rules.sh >> /dev/console 2>&1' > /etc/cron.d/sa-rules
RUN echo '0 2 * * * root /usr/bin/curl http://solr:8983/solr/dovecot/update?optimize=true >> /dev/console 2>&1' > /etc/cron.d/solr-optimize
COPY trim_logs.sh /usr/local/bin/trim_logs.sh COPY trim_logs.sh /usr/local/bin/trim_logs.sh
COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
COPY imapsync /usr/local/bin/imapsync COPY imapsync /usr/local/bin/imapsync

View File

@ -85,6 +85,7 @@ map {
} }
EOF EOF
echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone
# Create userdb dict for Dovecot # Create userdb dict for Dovecot
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf

View File

@ -167,9 +167,17 @@ echo ' </dict>
chown sogo:sogo -R /var/lib/sogo/ chown sogo:sogo -R /var/lib/sogo/
chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
# Patch ACLs (comment this out to enable any or authenticated targets for ACL) # Patch ACLs
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then if [[ ${ACL_ANYONE} == 'allow' ]]; then
#enable any or authenticated targets for ACL
if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
fi
else
#disable any or authenticated targets for ACL
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff; patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
fi
fi fi
# Copy logo, if any # Copy logo, if any

View File

@ -0,0 +1,9 @@
FROM solr:7-alpine
USER root
COPY docker-entrypoint.sh /
RUN apk --no-cache add su-exec curl \
&& chmod +x /docker-entrypoint.sh \
&& /docker-entrypoint.sh --bootstrap
ENTRYPOINT ["/docker-entrypoint.sh"]

View File

@ -0,0 +1,195 @@
#!/bin/bash
if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
echo "SKIP_SOLR=y, skipping Solr..."
sleep 365d
exit 0
fi
set -e
# allow easier debugging with `docker run -e VERBOSE=yes`
if [[ "$VERBOSE" = "yes" ]]; then
set -x
fi
# run the optional initdb
. /opt/docker-solr/scripts/run-initdb
function solr_config() {
curl -XPOST http://localhost:8983/solr/dovecot/schema -H 'Content-type:application/json' -d '{
"add-field-type":{
"name":"long",
"class":"solr.TrieLongField"
},
"add-field-type":{
"name":"text",
"class":"solr.TextField",
"positionIncrementGap":100,
"indexAnalyser":{
"tokenizer":{
"class":"solr.StandardTokenizerFactory"
},
"filter":{
"class":"solr.WordDelimiterFilterFactory",
"generateWordParts":1,
"generateNumberParts":1,
"catenateWorks":1,
"catenateNumbers":1,
"catenateAll":0
},
"filter":{
"class":"solr.LowerCaseFilterFactory"
},
"filter":{
"class":"solr.KeywordMarkerFilterFactory",
"protected":"protwords.txt"
}
},
"queryAnalyzer":{
"tokenizer":{
"class":"solr.StandardTokenizerFactory"
},
"filter":{
"synonyms":"synonyms.txt",
"ignoreCase":true,
"expand":true
},
"filter":{
"class":"solr.LowerCaseFilterFactory"
},
"filter":{
"class":"solr.WordDelimiterFilterFactory",
"generateWordParts":1,
"generateNumberParts":1,
"catenateWords":0,
"catenateNumbers":0,
"catenateAll":0,
"splitOnCaseChange":1
}
}
},
"add-field":{
"name":"uid",
"type":"long",
"indexed":true,
"stored":true,
"required":true
},
"add-field":{
"name":"box",
"type":"string",
"indexed":true,
"stored":true,
"required":true
},
"add-field":{
"name":"user",
"type":"string",
"indexed":true,
"stored":true,
"required":true
},
"add-field":{
"name":"hdr",
"type":"text",
"indexed":true,
"stored":false
},
"add-field":{
"name":"body",
"type":"text",
"indexed":true,
"stored":false
},
"add-field":{
"name":"from",
"type":"text",
"indexed":true,
"stored":false
},
"add-field":{
"name":"to",
"type":"text",
"indexed":true,
"stored":false
},
"add-field":{
"name":"cc",
"type":"text",
"indexed":true,
"stored":false
},
"add-field":{
"name":"bcc",
"type":"text",
"indexed":true,
"stored":false
},
"add-field":{
"name":"subject",
"type":"text",
"indexed":true,
"stored":false
}
}'
curl -XPOST http://localhost:8983/solr/dovecot/config -H 'Content-type:application/json' -d '{
"update-requesthandler":{
"name":"/select",
"class":"solr.SearchHandler",
"defaults":{
"wt":"xml"
}
}
}'
curl -XPOST http://localhost:8983/solr/dovecot/config/updateHandler -d '{
"set-property": {
"updateHandler.autoSoftCommit.maxDocs":500,
"updateHandler.autoSoftCommit.maxTime":120000,
"updateHandler.autoCommit.maxDocs":200,
"updateHandler.autoCommit.maxTime":1800000,
"updateHandler.autoCommit.openSearcher":false
}
}'
}
# fixing volume permission
[[ -d /opt/solr/server/solr/dovecot/data ]] && chown -R solr:solr /opt/solr/server/solr/dovecot/data
sed -i 's/#SOLR_HEAP="512m"/SOLR_HEAP="'${SOLR_HEAP:-1024}'m"/g' /opt/solr/bin/solr.in.sh
# start a Solr so we can use the Schema API, but only on localhost,
# so that clients don't see Solr until we have configured it.
echo "Starting local Solr instance to setup configuration"
su-exec solr start-local-solr
# keep a sentinel file so we don't try to create the core a second time
# for example when we restart a container.
SENTINEL=/opt/docker-solr/core_created
if [[ -f ${SENTINEL} ]]; then
echo "skipping core creation"
else
echo "Creating core \"dovecot\""
su-exec solr /opt/solr/bin/solr create -c "dovecot"
# See https://github.com/docker-solr/docker-solr/issues/27
echo "Checking core"
while ! wget -O - 'http://localhost:8983/solr/admin/cores?action=STATUS' | grep -q instanceDir; do
echo "Could not find any cores, waiting..."
sleep 5
done
echo "Created core \"dovecot\""
touch ${SENTINEL}
fi
echo "Starting configuration"
solr_config
echo "Stopping local Solr"
su-exec solr stop-local-solr
if [[ "${1}" == "--bootstrap" ]]; then
exit 0
else
exec su-exec solr solr-foreground
fi

View File

@ -20,7 +20,7 @@ disable_plaintext_auth = yes
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k" login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
mail_home = /var/vmail/%d/%n mail_home = /var/vmail/%d/%n
mail_location = maildir:~/ mail_location = maildir:~/
mail_plugins = quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify mail_plugins = quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr
mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix: mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
mail_attachment_dir = /var/attachments mail_attachment_dir = /var/attachments
mail_attachment_min_size = 128k mail_attachment_min_size = 128k
@ -279,7 +279,7 @@ userdb {
} }
protocol imap { protocol imap {
imap_metadata = yes imap_metadata = yes
mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr
} }
mail_attribute_dict = file:%h/dovecot-attributes mail_attribute_dict = file:%h/dovecot-attributes
protocol lmtp { protocol lmtp {
@ -291,9 +291,12 @@ protocol sieve {
} }
plugin { plugin {
# Allow "any" or "authenticated" to be used in ACLs # Allow "any" or "authenticated" to be used in ACLs
#acl_anyone = allow acl_anyone = </usr/local/etc/dovecot/acl_anyone
acl_shared_dict = file:/var/vmail/shared-mailboxes.db acl_shared_dict = file:/var/vmail/shared-mailboxes.db
acl = vfile acl = vfile
fts = solr
fts_autoindex = yes
fts_solr = url=http://solr:8983/solr/dovecot/
quota = dict:Userquota::proxy::sqlquota quota = dict:Userquota::proxy::sqlquota
quota_rule2 = Trash:storage=+100%% quota_rule2 = Trash:storage=+100%%
sieve = /var/vmail/sieve/%u.sieve sieve = /var/vmail/sieve/%u.sieve

View File

@ -51,6 +51,7 @@ $raw_data = mb_convert_encoding($raw_data_content, 'HTML-ENTITIES', "UTF-8");
$headers = getallheaders(); $headers = getallheaders();
$qid = $headers['X-Rspamd-Qid']; $qid = $headers['X-Rspamd-Qid'];
$subject = $headers['X-Rspamd-Subject'];
$score = $headers['X-Rspamd-Score']; $score = $headers['X-Rspamd-Score'];
$rcpts = $headers['X-Rspamd-Rcpt']; $rcpts = $headers['X-Rspamd-Rcpt'];
$user = $headers['X-Rspamd-User']; $user = $headers['X-Rspamd-User'];
@ -188,10 +189,11 @@ foreach (json_decode($rcpts, true) as $rcpt) {
foreach ($rcpt_final_mailboxes as $rcpt) { foreach ($rcpt_final_mailboxes as $rcpt) {
error_log("QUARANTINE: quarantine pipe: processing quarantine message for rcpt " . $rcpt); error_log("QUARANTINE: quarantine pipe: processing quarantine message for rcpt " . $rcpt);
try { try {
$stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`) $stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `subject`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
VALUES (:qid, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)"); VALUES (:qid, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)");
$stmt->execute(array( $stmt->execute(array(
':qid' => $qid, ':qid' => $qid,
':subject' => $subject,
':score' => $score, ':score' => $score,
':sender' => $sender, ':sender' => $sender,
':rcpt' => $rcpt, ':rcpt' => $rcpt,

View File

@ -15,6 +15,7 @@
SOGoFoldersSendEMailNotifications = YES; SOGoFoldersSendEMailNotifications = YES;
SOGoForwardEnabled = YES; SOGoForwardEnabled = YES;
SOGoUIAdditionalJSFiles = (js/custom-sogo.js); SOGoUIAdditionalJSFiles = (js/custom-sogo.js);
SOGoEnablePublicAccess = YES;
// Multi-domain setup // Multi-domain setup
// Domains are isolated, you can define visibility options here. // Domains are isolated, you can define visibility options here.

File diff suppressed because one or more lines are too long

View File

@ -1465,4 +1465,39 @@ function getGUID() {
.substr($charid,16, 4).$hyphen .substr($charid,16, 4).$hyphen
.substr($charid,20,12); .substr($charid,20,12);
} }
function solr_status() {
$curl = curl_init();
$endpoint = 'http://solr:8983/solr/admin/cores';
$params = array(
'action' => 'STATUS',
'core' => 'dovecot',
'indexInfo' => 'true'
);
$url = $endpoint . '?' . http_build_query($params);
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_POST, 0);
curl_setopt($curl, CURLOPT_TIMEOUT, 20);
$response = curl_exec($curl);
if ($response === false) {
$err = curl_error($curl);
curl_close($curl);
// logger(array('return' => array(
// 'type' => 'danger',
// 'log' => array(__FUNCTION__, $action, $service_name, $attr1, $attr2, $extra_headers),
// 'msg' => $err,
// )));
return $err;
}
else {
curl_close($curl);
// logger(array('return' => array(
// 'type' => 'success',
// 'log' => array(__FUNCTION__, $action, $service_name, $attr1, $attr2, $extra_headers),
// )));
$status = json_decode($response, true);
return (!empty($status['status']['dovecot'])) ? $status['status']['dovecot'] : false;
}
return false;
}
?> ?>

View File

@ -3,7 +3,7 @@ function init_db_schema() {
try { try {
global $pdo; global $pdo;
$db_version = "15122018_0717"; $db_version = "14012019_0717";
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'"); $stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC)); $num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
@ -226,6 +226,7 @@ function init_db_schema() {
"cols" => array( "cols" => array(
"id" => "INT NOT NULL AUTO_INCREMENT", "id" => "INT NOT NULL AUTO_INCREMENT",
"qid" => "VARCHAR(30) NOT NULL", "qid" => "VARCHAR(30) NOT NULL",
"subject" => "VARCHAR(500)",
"score" => "FLOAT(8,2)", "score" => "FLOAT(8,2)",
"ip" => "VARBINARY(16)", "ip" => "VARBINARY(16)",
"action" => "CHAR(20) NOT NULL DEFAULT 'unknown'", "action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",

View File

@ -55,7 +55,7 @@ services:
- redis - redis
clamd-mailcow: clamd-mailcow:
image: mailcow/clamd:1.18 image: mailcow/clamd:1.20
build: ./data/Dockerfiles/clamd build: ./data/Dockerfiles/clamd
restart: always restart: always
environment: environment:
@ -128,6 +128,7 @@ services:
- API_KEY=${API_KEY:-invalid} - API_KEY=${API_KEY:-invalid}
- API_ALLOW_FROM=${API_ALLOW_FROM:-invalid} - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
- COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized} - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
- SKIP_SOLR=${SKIP_SOLR:-y}
restart: always restart: always
dns: dns:
- ${IPV4_NETWORK:-172.22.1}.254 - ${IPV4_NETWORK:-172.22.1}.254
@ -137,7 +138,7 @@ services:
- phpfpm - phpfpm
sogo-mailcow: sogo-mailcow:
image: mailcow/sogo:1.49 image: mailcow/sogo:1.50
build: ./data/Dockerfiles/sogo build: ./data/Dockerfiles/sogo
environment: environment:
- DBNAME=${DBNAME} - DBNAME=${DBNAME}
@ -146,6 +147,7 @@ services:
- TZ=${TZ} - TZ=${TZ}
- LOG_LINES=${LOG_LINES:-9999} - LOG_LINES=${LOG_LINES:-9999}
- MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME} - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
- ACL_ANYONE=${ACL_ANYONE:-disallow}
volumes: volumes:
- ./data/conf/sogo/:/etc/sogo/ - ./data/conf/sogo/:/etc/sogo/
- ./data/web/inc/init_db.inc.php:/init_db.inc.php - ./data/web/inc/init_db.inc.php:/init_db.inc.php
@ -161,7 +163,7 @@ services:
- sogo - sogo
dovecot-mailcow: dovecot-mailcow:
image: mailcow/dovecot:1.52 image: mailcow/dovecot:1.54
build: ./data/Dockerfiles/dovecot build: ./data/Dockerfiles/dovecot
cap_add: cap_add:
- NET_BIND_SERVICE - NET_BIND_SERVICE
@ -182,6 +184,7 @@ services:
- DBPASS=${DBPASS} - DBPASS=${DBPASS}
- TZ=${TZ} - TZ=${TZ}
- MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440} - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-1440}
- ACL_ANYONE=${ACL_ANYONE:-disallow}
ports: ports:
- "${DOVEADM_PORT:-127.0.0.1:19991}:12345" - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
- "${IMAP_PORT:-143}:143" - "${IMAP_PORT:-143}:143"
@ -373,7 +376,7 @@ services:
- watchdog - watchdog
dockerapi-mailcow: dockerapi-mailcow:
image: mailcow/dockerapi:1.24 image: mailcow/dockerapi:1.25
restart: always restart: always
build: ./data/Dockerfiles/dockerapi build: ./data/Dockerfiles/dockerapi
oom_kill_disable: true oom_kill_disable: true
@ -389,6 +392,23 @@ services:
aliases: aliases:
- dockerapi - dockerapi
solr-mailcow:
image: mailcow/solr:1.0
build: ./data/Dockerfiles/solr
restart: always
volumes:
- solr-vol-1:/opt/solr/server/solr/dovecot/data
dns:
- 172.22.1.254
dns_search: mailcow-network
environment:
- SOLR_HEAP=${SOLR_HEAP:-1024}
- SKIP_SOLR=${SKIP_SOLR:-y}
networks:
mailcow-network:
aliases:
- solr
ipv6nat: ipv6nat:
depends_on: depends_on:
- unbound-mailcow - unbound-mailcow
@ -406,6 +426,7 @@ services:
- netfilter-mailcow - netfilter-mailcow
- watchdog-mailcow - watchdog-mailcow
- dockerapi-mailcow - dockerapi-mailcow
- solr-mailcow
image: robbertkl/ipv6nat image: robbertkl/ipv6nat
restart: always restart: always
privileged: true privileged: true
@ -433,5 +454,6 @@ volumes:
mysql-socket-vol-1: mysql-socket-vol-1:
redis-vol-1: redis-vol-1:
rspamd-vol-1: rspamd-vol-1:
solr-vol-1:
postfix-vol-1: postfix-vol-1:
crypt-vol-1: crypt-vol-1:

View File

@ -48,6 +48,39 @@ while [ -z "${MAILCOW_TZ}" ]; do
fi fi
done done
MEM_TOTAL=$(awk '/MemTotal/ {print $2}' /proc/meminfo)
if [ ${MEM_TOTAL} -le "1572864" ]; then
echo "Installed memory is less than 1.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
read -r -p "Do you want to disable ClamAV now? ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf. [Y/n] " response
case $response in
[nN][oO]|[nN])
SKIP_CLAMD=n
;;
*)
SKIP_CLAMD=y
;;
esac
else
SKIP_CLAMD=n
fi
if [ ${MEM_TOTAL} -le "6815744" ]; then
echo "Installed memory is less than 6.5 GiB. It is highly recommended to disable Solr to prevent out-of-memory situations."
echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set according to your expected load in mailcow.conf."
read -r -p "Do you want to disable Solr now (recommended)? Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf. [Y/n] " response
case $response in
[nN][oO]|[nN])
SKIP_SOLR=n
;;
*)
SKIP_SOLR=y
;;
esac
else
SKIP_SOLR=n
fi
[ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
cat << EOF > mailcow.conf cat << EOF > mailcow.conf
@ -145,6 +178,13 @@ SKIP_IP_CHECK=n
SKIP_CLAMD=n SKIP_CLAMD=n
# Skip Solr on low-memory systems
SKIP_SOLR=${SKIP_SOLR}
# Solr heap size in MB, there is no recommendation, please see Solr docs.
# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
SOLR_HEAP=1024
# Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental) # Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental)
USE_WATCHDOG=n USE_WATCHDOG=n

View File

@ -121,6 +121,9 @@ CONFIG_ARRAY=(
"API_KEY" "API_KEY"
"API_ALLOW_FROM" "API_ALLOW_FROM"
"MAILDIR_GC_TIME" "MAILDIR_GC_TIME"
"ACL_ANYONE"
"SOLR_HEAP"
"SKIP_SOLR"
) )
sed -i '$a\' mailcow.conf sed -i '$a\' mailcow.conf
@ -202,6 +205,26 @@ for option in ${CONFIG_ARRAY[@]}; do
echo '# Check interval is hourly' >> mailcow.conf echo '# Check interval is hourly' >> mailcow.conf
echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
fi fi
elif [[ ${option} == "ACL_ANYONE" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf"
echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
' >> mailcow.conf
echo '# When enabled, ACL can be created, that apply to "All authenticated users"
' >> mailcow.conf
echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
' >> mailcow.conf
echo '# Otherwise a user might share data with too many other users.
' >> mailcow.conf
echo 'ACL_ANYONE=disallow' >> mailcow.conf
fi
elif [[ ${option} == "SOLR_HEAP" ]]; then
if ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf"
echo '# Solr heap size, there is no recommendation, please see Solr docs.' >> mailcow.conf
echo '# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.' >> mailcow.conf
echo "SOLR_HEAP=1024" >> mailcow.conf
fi
elif ! grep -q ${option} mailcow.conf; then elif ! grep -q ${option} mailcow.conf; then
echo "Adding new option \"${option}\" to mailcow.conf" echo "Adding new option \"${option}\" to mailcow.conf"
echo "${option}=n" >> mailcow.conf echo "${option}=n" >> mailcow.conf