libre.sh/compose-website
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Moves email as a separate module

Browse source
This commit is contained in:
pierreozoux 2015-09-06 13:15:35 +01:00
parent 4d8dfbc1be
commit 5ff9769075
20 changed files with 0 additions and 568 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
dockerfiles/email/base-email/Dockerfile
View file

@ -1,15 +0,0 @@
FROM debian:jessie
ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update && \
apt-get install -q -y \
python3 \
mysql-client \
wget curl && \
rm -rf /var/lib/apt/lists/*
COPY editconf.py /opt/editconf.py
COPY mysql-check.sh /opt/mysql-check.sh
RUN chmod u+x /opt/editconf.py && \
chmod u+x /opt/mysql-check.sh

127
dockerfiles/email/base-email/editconf.py
View file

@ -1,127 +0,0 @@
#!/usr/bin/python3
#
# This is a helper tool for editing configuration files during the setup
# process. The tool is given new values for settings as command-line
# arguments. It comments-out existing setting values in the configuration
# file and adds new values either after their former location or at the
# end.
#
# The configuration file has settings that look like:
#
# NAME=VALUE
#
# If the -s option is given, then space becomes the delimiter, i.e.:
#
# NAME VALUE
#
# If the -w option is given, then setting lines continue onto following
# lines while the lines start with whitespace, e.g.:
#
# NAME VAL
# UE
import sys, re
# sanity check
if len(sys.argv) < 3:
print("usage: python3 editconf.py /etc/file.conf [-s] [-w] [-t] NAME=VAL [NAME=VAL ...]")
sys.exit(1)
# parse command line arguments
filename = sys.argv[1]
settings = sys.argv[2:]
delimiter = "="
delimiter_re = r"\s*=\s*"
comment_char = "#"
folded_lines = False
testing = False
while settings[0][0] == "-" and settings[0] != "--":
opt = settings.pop(0)
if opt == "-s":
# Space is the delimiter
delimiter = " "
delimiter_re = r"\s+"
elif opt == "-w":
# Line folding is possible in this file.
folded_lines = True
elif opt == "-c":
# Specifies a different comment character.
comment_char = settings.pop(0)
elif opt == "-t":
testing = True
else:
print("Invalid option.")
sys.exit(1)
# create the new config file in memory
found = set()
buf = ""
input_lines = list(open(filename))
while len(input_lines) > 0:
line = input_lines.pop(0)
# If this configuration file uses folded lines, append any folded lines
# into our input buffer.
if folded_lines and line[0] not in (comment_char, " ", ""):
while len(input_lines) > 0 and input_lines[0][0] in " \t":
line += input_lines.pop(0)
# See if this line is for any settings passed on the command line.
for i in range(len(settings)):
# Check that this line contain this setting from the command-line arguments.
name, val = settings[i].split("=", 1)
m = re.match(
"(\s*)"
+ "(" + re.escape(comment_char) + "\s*)?"
+ re.escape(name) + delimiter_re + "(.*?)\s*$",
line, re.S)
if not m: continue
indent, is_comment, existing_val = m.groups()
# If this is already the setting, do nothing.
if is_comment is None and existing_val == val:
# It may be that we've already inserted this setting higher
# in the file so check for that first.
if i in found: break
buf += line
found.add(i)
break
# comment-out the existing line (also comment any folded lines)
if is_comment is None:
buf += comment_char + line.rstrip().replace("\n", "\n" + comment_char) + "\n"
else:
# the line is already commented, pass it through
buf += line
# if this option oddly appears more than once, don't add the setting again
if i in found:
break
# add the new setting
buf += indent + name + delimiter + val + "\n"
# note that we've applied this option
found.add(i)
break
else:
# If did not match any setting names, pass this line through.
buf += line
# Put any settings we didn't see at the end of the file.
for i in range(len(settings)):
if i not in found:
name, val = settings[i].split("=", 1)
buf += name + delimiter + val + "\n"
if not testing:
# Write out the new file.
with open(filename, "w") as f:
f.write(buf)
else:
# Just print the new file to stdout.
print(buf)

23
dockerfiles/email/base-email/mysql-check.sh
View file

@ -1,23 +0,0 @@
#!/bin/bash -eux
source /etc/environment
echo "=> Trying to connect to MySQL/MariaDB using:"
echo "========================================================================"
echo " Database Host Address: $DB_HOST"
echo " Database Port number: $DB_PORT"
echo " Database Username: $DB_USER"
echo " Database Password: $DB_PASS"
echo "========================================================================"
for ((i=0;i<10;i++))
do
DB_CONNECTABLE=$(mysql -u$DB_USER -p$DB_PASS -h$DB_HOST -P$DB_PORT -e 'status' >/dev/null 2>&1; echo "$?")
if [[ DB_CONNECTABLE -eq 0 ]]; then
exit 0
fi
sleep 5
done
exit 1

8
dockerfiles/email/dovecot/99-local-auth.conf
View file

@ -1,8 +0,0 @@
service auth {
unix_listener /var/spool/postfix/dovecot/auth {
mode = 0666
user = postfix
group = postfix
}
}

7
dockerfiles/email/dovecot/99-local-lmtp.conf
View file

@ -1,7 +0,0 @@
service lmtp {
unix_listener /var/spool/postfix/dovecot/lmtp {
mode = 0600
user = postfix
group = postfix
}
}

56
dockerfiles/email/dovecot/Dockerfile
View file

@ -1,56 +0,0 @@
FROM indiepaas/base-email
RUN apt-get update && \
apt-get install -q -y \
dovecot-core \
dovecot-imapd \
dovecot-lmtpd \
dovecot-mysql && \
rm -rf /var/lib/apt/lists/*
COPY 99-local-lmtp.conf /etc/dovecot/conf.d/99-local-lmtp.conf
COPY auth-sql.conf.ext /etc/dovecot/conf.d/auth-sql.conf.ext
COPY dovecot-sql.conf.ext /etc/dovecot/dovecot-sql.conf.ext
COPY 99-local-auth.conf /etc/dovecot/conf.d/99-local-auth.conf
COPY init.sql /init.sql
COPY startup.sh /startup.sh
RUN \
groupadd -r postfix && \
useradd -r -g postfix postfix && \
chmod u+x /startup.sh && \
/opt/editconf.py /etc/dovecot/conf.d/10-master.conf \
default_process_limit=250 && \
/opt/editconf.py /etc/sysctl.conf \
fs.inotify.max_user_instances=1024 && \
/opt/editconf.py /etc/dovecot/conf.d/10-mail.conf \
mail_location=maildir:/mail/mailboxes/%d/%n \
mail_privileged_group=mail \
first_valid_uid=0 && \
/opt/editconf.py /etc/dovecot/conf.d/10-auth.conf \
disable_plaintext_auth=yes \
'auth_mechanisms=plain login' && \
/opt/editconf.py /etc/dovecot/conf.d/10-ssl.conf \
ssl=required \
'ssl_cert=</ssl/ssl_certificate.pem' \
'ssl_key=</ssl/ssl_private_key.pem' \
'ssl_protocols=!SSLv3 !SSLv2' \
'ssl_cipher_list=TLSv1+HIGH !SSLv2 !RC4 !aNULL !eNULL !3DES @STRENGTH' && \
/opt/editconf.py /etc/dovecot/conf.d/20-imap.conf \
imap_idle_notify_interval="4 mins" && \
sed -i "s/#port = 143/port = 0/" /etc/dovecot/conf.d/10-master.conf && \
sed -i "s/#port = 110/port = 0/" /etc/dovecot/conf.d/10-master.conf && \
sed -i "s/#*\(\!include auth-system.conf.ext\)/#\1/" /etc/dovecot/conf.d/10-auth.conf && \
sed -i "s/#\(\!include auth-sql.conf.ext\)/\1/" /etc/dovecot/conf.d/10-auth.conf && \
mkdir -p /mail/mailboxes && \
chown -R mail:dovecot /etc/dovecot && \
chown -R mail.mail /mail/mailboxes && \
chmod -R o-rwx /etc/dovecot && \
chmod 0600 /etc/dovecot/dovecot-sql.conf.ext
ENTRYPOINT ["/startup.sh"]
VOLUME ["/var/spool/postfix/dovecot"]
EXPOSE 993

9
dockerfiles/email/dovecot/auth-sql.conf.ext
View file

@ -1,9 +0,0 @@
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
userdb {
driver = static
args = uid=mail gid=mail home=/mail/mailboxes/%d/%n
}

5
dockerfiles/email/dovecot/dovecot-sql.conf.ext
View file

@ -1,5 +0,0 @@
driver = mysql
connect = host=##DB_HOST## dbname=servermail user=##DB_USER## password=##DB_PASS##
default_pass_scheme = SHA512-CRYPT
password_query = SELECT email as user, password FROM virtual_users WHERE email='%u';

27
dockerfiles/email/dovecot/init.sql
View file

@ -1,27 +0,0 @@
USE servermail;
CREATE TABLE `virtual_domains` (
`id` INT NOT NULL AUTO_INCREMENT,
`name` VARCHAR(50) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `name` (`name`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_users` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`password` VARCHAR(106) NOT NULL,
`email` VARCHAR(120) NOT NULL,
PRIMARY KEY (`id`),
UNIQUE KEY `email` (`email`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
CREATE TABLE `virtual_aliases` (
`id` INT NOT NULL AUTO_INCREMENT,
`domain_id` INT NOT NULL,
`source` varchar(100) NOT NULL,
`destination` varchar(100) NOT NULL,
PRIMARY KEY (`id`),
FOREIGN KEY (domain_id) REFERENCES virtual_domains(id) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

36
dockerfiles/email/dovecot/startup.sh
View file

@ -1,36 +0,0 @@
#!/bin/bash -eux
export DB_PORT=3306
export DB_HOST=db
export DB_USER=admin
echo $HOSTNAME
sed -i "s/##DB_HOST##/$DB_HOST/" /etc/dovecot/dovecot-sql.conf.ext
sed -i "s/##DB_USER##/$DB_USER/" /etc/dovecot/dovecot-sql.conf.ext
sed -i "s/##DB_PASS##/$DB_PASS/" /etc/dovecot/dovecot-sql.conf.ext
/opt/editconf.py /etc/dovecot/conf.d/15-lda.conf postmaster_address=postmaster@$HOSTNAME
/opt/mysql-check.sh
DB_EXISTS=$(mysql -u$DB_USER -p$DB_PASS -h$DB_HOST -P$DB_PORT -e "SHOW DATABASES LIKE 'servermail';" 2>&1 |grep servermail > /dev/null ; echo "$?")
if [[ DB_EXISTS -eq 1 ]]; then
echo "=> Creating database servermail"
RET=$(mysql -u$DB_USER -p$DB_PASS -h$DB_HOST -P$DB_PORT -e "CREATE DATABASE servermail")
if [[ RET -ne 0 ]]; then
echo "Cannot create database for emails"
exit RET
fi
echo "=> Loading initial database data to servermail"
RET=$(mysql -u$DB_USER -p$DB_PASS -h$DB_HOST -P$DB_PORT servermail < /init.sql)
if [[ RET -ne 0 ]]; then
echo "Cannot load initial database data for emails"
exit RET
fi
echo "=> Done!"
else
echo "=> Skipped creation of database servermail it already exists."
fi
dovecot -F

17
dockerfiles/email/dovecot/user.sql
View file

@ -1,17 +0,0 @@
INSERT INTO `servermail`.`virtual_domains`
(`id` ,`name`)
VALUES
('1', 'example.com'),
('2', 'hostname.example.com');
INSERT INTO `servermail`.`virtual_users`
(`id`, `domain_id`, `password` , `email`)
VALUES
('1', '1', ENCRYPT('firstpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email1@example.com'),
('2', '1', ENCRYPT('secondpassword', CONCAT('$6$', SUBSTRING(SHA(RAND()), -16))), 'email2@example.com');
INSERT INTO `servermail`.`virtual_aliases`
(`id`, `domain_id`, `source`, `destination`)
VALUES
('1', '1', 'alias@example.com', 'email1@example.com');

85
dockerfiles/email/postfix/Dockerfile
View file

@ -1,85 +0,0 @@
FROM indiepaas/base-email
RUN apt-get update && \
apt-get install -q -y \
postfix \
postfix-pcre \
postfix-mysql \
supervisor \
ca-certificates \
opendkim \
opendkim-tools \
opendmarc && \
rm -rf /var/lib/apt/lists/*
COPY install.sh /install.sh
COPY postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
COPY virtual-mailbox-domains.cf /etc/postfix/virtual-mailbox-domains.cf
COPY virtual-mailbox-maps.cf /etc/postfix/virtual-mailbox-maps.cf
COPY virtual-alias-maps.cf /etc/postfix/virtual-alias-maps.cf
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN \
chmod u+x /install.sh && \
/opt/editconf.py /etc/postfix/main.cf \
inet_interfaces=all \
myhostname=##HOSTNAME##\
smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
mydestination=localhost && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
"submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
"authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
/opt/editconf.py /etc/postfix/main.cf \
smtpd_tls_security_level=may\
smtpd_tls_auth_only=yes \
smtpd_tls_cert_file=/ssl/ssl_certificate.pem \
smtpd_tls_key_file=/ssl/ssl_private_key.pem \
smtpd_tls_dh1024_param_file=/ssl/dh2048.pem \
smtpd_tls_received_header=yes && \
/opt/editconf.py /etc/postfix/main.cf \
smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination && \
/opt/editconf.py /etc/postfix/main.cf \
smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt \
smtp_tls_loglevel=2 && \
/opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025 && \
/opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:unix:dovecot/lmtp && \
/opt/editconf.py /etc/postfix/main.cf \
smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_rhsbl_sender dbl.spamhaus.org" \
smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient && \
/opt/editconf.py /etc/postfix/main.cf \
message_size_limit=134217728 && \
/opt/editconf.py /etc/postfix/main.cf \
smtpd_sasl_type=dovecot \
smtpd_sasl_path=dovecot/auth \
smtpd_sasl_auth_enable=yes && \
/opt/editconf.py /etc/postfix/main.cf \
virtual_mailbox_domains=mysql:/etc/postfix/virtual-mailbox-domains.cf \
virtual_mailbox_maps=mysql:/etc/postfix/virtual-mailbox-maps.cf \
virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \
local_recipient_maps=\$virtual_mailbox_maps && \
/opt/editconf.py /etc/postfix/main.cf \
mynetworks="127.0.0.0/8 172.17.42.0/24" && \
/opt/editconf.py /etc/opendmarc.conf -s \
"Syslog=true" \
"Socket=inet:8893@[127.0.0.1]" && \
/opt/editconf.py /etc/postfix/main.cf \
"smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
non_smtpd_milters=\$smtpd_milters \
milter_default_action=accept && \
echo "MinimumKeyBits 1024" >> /etc/opendkim.conf && \
echo "ExternalIgnoreList refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf && \
echo "InternalHosts refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf && \
echo "KeyTable refile:/etc/opendkim/KeyTable" >> /etc/opendkim.conf && \
echo "SigningTable refile:/etc/opendkim/SigningTable" >> /etc/opendkim.conf && \
echo "Socket inet:8891@localhost" >> /etc/opendkim.conf && \
echo "RequireSafeKeys false" >> /etc/opendkim.conf
#RUN /opt/editconf.py /etc/postfix/main.cf \
#smtp_tls_security_level=dane \
#smtp_dns_support_level=dnssec
VOLUME ["/var/spool/postfix/"]
CMD /install.sh;/usr/bin/supervisord -c /etc/supervisor/supervisord.conf

25
dockerfiles/email/postfix/install.sh
View file

@ -1,25 +0,0 @@
#!/bin/bash -eux
export DB_PORT=3306
export DB_HOST=db
export DB_USER=admin
echo $HOSTNAME
sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-mailbox-domains.cf
sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-mailbox-domains.cf
sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-mailbox-maps.cf
sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-mailbox-maps.cf
sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-alias-maps.cf
sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-alias-maps.cf
sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/virtual-alias-maps.cf
sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf
/opt/mysql-check.sh
if [ ! -f /etc/opendkim/TrustedHosts ]; then
mkdir -p /etc/opendkim
echo "127.0.0.1" > /etc/opendkim/TrustedHosts
fi
chown -R postfix:postfix /var/spool/postfix/dovecot

11
dockerfiles/email/postfix/postfix_outgoing_mail_header_filters
View file

@ -1,11 +0,0 @@
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
# where the user's home IP address would be.
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (unknown [127.0.0.1])$1
# Remove other typically private information.
/^\s*User-Agent:/ IGNORE
/^\s*X-Enigmail:/ IGNORE
/^\s*X-Mailer:/ IGNORE
/^\s*X-Originating-IP:/ IGNORE

21
dockerfiles/email/postfix/supervisord.conf
View file

@ -1,21 +0,0 @@
[supervisord]
nodaemon=true
[program:postfix]
process_name = postfix
command = /etc/init.d/postfix start
startsecs = 0
autorestart = false
[program:opendkim]
process_name = opendkim
command = /etc/init.d/opendkim start
startsecs = 0
autorestart = false
[program:opendmarc]
process_name = opendmarc
command = /etc/init.d/opendmarc start
startsecs = 0
autorestart = false

6
dockerfiles/email/postfix/virtual-alias-maps.cf
View file

@ -1,6 +0,0 @@
user = ##DB_USER##
password = ##DB_PASS##
hosts = db
dbname = servermail
query = SELECT destination FROM virtual_aliases WHERE source='%s'

6
dockerfiles/email/postfix/virtual-mailbox-domains.cf
View file

@ -1,6 +0,0 @@
user = ##DB_USER##
password = ##DB_PASS##
hosts = db
dbname = servermail
query = SELECT 1 FROM virtual_domains WHERE name='%s'

6
dockerfiles/email/postfix/virtual-mailbox-maps.cf
View file

@ -1,6 +0,0 @@
user = ##DB_USER##
password = ##DB_PASS##
hosts = db
dbname = servermail
query = SELECT 1 FROM virtual_users WHERE email='%s'

40
unit-files/dovecot.service
View file

@ -1,40 +0,0 @@
[Unit]
Description=%p
# Requirements
Requires=docker.service
Requires=mysql@mail.service
Requires=backup@mail.timer
# Dependency ordering
After=docker.service
After=mysql@mail.service
Before=backup@mail.timer
[Service]
Restart=always
RestartSec=10
TimeoutStartSec=60
TimeoutStopSec=15
Type=notify
NotifyAccess=all
ExecStartPre=/usr/bin/docker run --rm -v /opt/bin:/opt/bin ibuildthecloud/systemd-docker
ExecStartPre=-/usr/bin/docker kill dovecot
ExecStartPre=-/usr/bin/docker rm dovecot
ExecStart=/bin/bash -euxc ' \
/opt/bin/systemd-docker --env run \
--rm \
--name dovecot \
-v /data/domains/mail/dovecot/mail:/mail \
-v /data/domains/mail/TLS:/ssl \
-v /data/runtime/dev/log:/dev/log \
--env-file=/data/domains/mail/.env \
--link mysql-mail:db \
-p 993:993 \
indiepaas/dovecot'
ExecReload=/usr/bin/docker restart dovecot
ExecStop=/usr/bin/docker stop dovecot
[Install]
WantedBy=multi-user.target

38
unit-files/postfix.service
View file

@ -1,38 +0,0 @@
[Unit]
Description=%p
# Requirements
Requires=docker.service
Requires=dovecot.service
# Dependency ordering
After=docker.service
After=rsyslog.service
After=dovecot.service
[Service]
Restart=always
RestartSec=20
TimeoutStartSec=0
ExecStartPre=-/usr/bin/docker kill %p
ExecStartPre=-/usr/bin/docker rm %p
ExecStart=/usr/bin/docker run \
--rm \
--name %p \
--env-file=/data/domains/mail/.env \
-v /data/runtime/dev/log:/dev/log \
-v /data/runtime/postfix:/data \
-v /data/runtime/mail:/var/mail \
-v /data/domains/mail/TLS:/ssl \
-v /data/domains/mail/opendkim:/etc/opendkim \
--volumes-from=dovecot \
-p 25:25 \
-p 587:587 \
--link=mysql-mail:db \
indiepaas/postfix
ExecReload=/usr/bin/docker restart %p
ExecStop=/usr/bin/docker stop %p
[Install]
WantedBy=multi-user.target