From 3ea30ef05112232c8e2917e657d1fec3b9530016 Mon Sep 17 00:00:00 2001 From: Val Date: Tue, 14 Jul 2015 23:37:13 +0100 Subject: [PATCH] Amavis --- README.md | 2 +- amavis/Dockerfile | 5 +- amavis/boot | 7 +++ amavis/config/15-content_filter_mode | 27 +++++++++ amavis/config/50-user | 21 +++++++ amavis/config/amavis-content_filter_mode | 0 docker-compose.yml | 5 ++ email_core/boot.d/amavis | 75 ++++++++++++++++++++++++ email_core/boot.d/opendkim | 12 +--- start.sh | 15 +++++ test.sh | 8 +++ 11 files changed, 166 insertions(+), 11 deletions(-) create mode 100644 amavis/config/15-content_filter_mode create mode 100644 amavis/config/50-user delete mode 100644 amavis/config/amavis-content_filter_mode create mode 100644 email_core/boot.d/amavis create mode 100755 start.sh create mode 100755 test.sh diff --git a/README.md b/README.md index 8e39aaa..042ea61 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Dockermail +Dockermail - MAJOR RESTRUCTURE GOING ON, WORK IN PROGRESS! ========== A secure, minimal-configuration mail service in docker containers. diff --git a/amavis/Dockerfile b/amavis/Dockerfile index 9c7845a..25e5722 100644 --- a/amavis/Dockerfile +++ b/amavis/Dockerfile @@ -17,7 +17,8 @@ RUN apt-get update && apt-get install -y \ # Set up razor and pyzor RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register && pyzor discover -COPY ./config/amavis-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode +COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode +COPY ./config/50-user /etc/amavis/conf.d/50-user # Nice place for your settings VOLUME ["/mail_settings"] @@ -28,4 +29,6 @@ RUN chmod 755 /boot ENV AMAVIS=true +EXPOSE 10024 + ENTRYPOINT ./boot; service rsyslog start; amavisd foreground diff --git a/amavis/boot b/amavis/boot index a9bf588..ad4f96e 100644 --- a/amavis/boot +++ b/amavis/boot @@ -1 +1,8 @@ #!/bin/bash + +readarray -t domains < /mail_settings/domains +domain_suffix=$(printf ", \"%s\"" "${domains[@]}") +domain_string="@local_domains_acl = ( \".$mydomain\" $domain_suffix );" + +sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i +sed "/# DOCKERMAIL DOMAINS START/a $domain_string/" /etc/amavis/conf.d/50-user -i diff --git a/amavis/config/15-content_filter_mode b/amavis/config/15-content_filter_mode new file mode 100644 index 0000000..4812090 --- /dev/null +++ b/amavis/config/15-content_filter_mode @@ -0,0 +1,27 @@ +use strict; + +# You can modify this file to re-enable SPAM checking through spamassassin +# and to re-enable antivirus checking. + +# +# Default antivirus checking mode +# Please note, that anti-virus checking is DISABLED by +# default. +# If You wish to enable it, please uncomment the following lines: + + +#@bypass_virus_checks_maps = ( +# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re); + + +# +# Default SPAM checking mode +# Please note, that anti-spam checking is DISABLED by +# default. +# If You wish to enable it, please uncomment the following lines: + + +bypass_spam_checks_maps = ( + \%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re); + +1; # ensure a defined return diff --git a/amavis/config/50-user b/amavis/config/50-user new file mode 100644 index 0000000..881d88f --- /dev/null +++ b/amavis/config/50-user @@ -0,0 +1,21 @@ +use strict; + +# +# Place your configuration directives here. They will override those in +# earlier files. +# +# See /usr/share/doc/amavisd-new/ for documentation and examples of +# the directives you can use in this file +# + +# DOCKERMAIL DOMAINS START +# DOCKERMAIL DOMAINS END + +# See http://opensource.apple.com/source/amavisd/amavisd-114/amavisd/amavisd-new-2.4.4/amavisd.conf-sample +# for details on asterisk reinjection configuration +$forward_method = 'smtp:*:*'; +$notify_method = 'smtp:*:*'; + + +#------------ Do not modify anything below this line ------------- +1; # ensure a defined return diff --git a/amavis/config/amavis-content_filter_mode b/amavis/config/amavis-content_filter_mode deleted file mode 100644 index e69de29..0000000 diff --git a/docker-compose.yml b/docker-compose.yml index 9641f63..bf5de4c 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,12 @@ emailcore: - /opt/dockermail/vmail:/vmail links: - opendkim + - amavis opendkim: build: ./opendkim volumes: - /opt/dockermail/settings:/mail_settings +amavis: + build: ./amavis + volumes: + - /opt/dockermail/settings:/mail_settings diff --git a/email_core/boot.d/amavis b/email_core/boot.d/amavis new file mode 100644 index 0000000..8bbc0a5 --- /dev/null +++ b/email_core/boot.d/amavis @@ -0,0 +1,75 @@ +#!/bin/bash +echo 'Running amavis boot script' + +POSTFIX_MAIN_CF=/etc/postfix/main.cf +POSTFIX_MASTER_CF=/etc/postfix/master.cf + +env_dump=$(printenv) + +AMAVIS_CONFIG_HEADER="# Amavis - dockermail - start" +AMAVIS_CONFIG_FOOTER="# Amavis - dockermail - end" + +function remove_amavis () { + # main.cf + if grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then + sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i + fi + # master.cf + sed '/^pickup/,/^cleanup/{//!d}' POSTFIX_MASTER_CF -i + sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" POSTFIX_MASTER_CF -i +} + +function add_amavis () { + # main.cf + if ! grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then + echo "$AMAVIS_CONFIG_HEADER" >> "$POSTFIX_MAIN_CF" + echo "content_filter = smtp-amavis:[amavis]:10024" >> "$POSTFIX_MAIN_CF" + echo "$AMAVIS_CONFIG_FOOTER" >> "$POSTFIX_MAIN_CF" + else + echo "Warning: $POSTFIX_MAIN_CF already contains Amavis configuration, skipping" + fi + # master.cf + if ! grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MASTER_CF"; then + sed "/^pickup.*/a \ -o content_filter= \n -o receive_override_options=no_header_body_checks/" POSTFIX_MASTER_CF -i + echo "$AMAVIS_CONFIG_HEADER" >> POSTFIX_MASTER_CF + echo "smtp-amavis unix - - - - 2 smtp" >> POSTFIX_MASTER_CF + echo " -o smtp_data_done_timeout=1200" >> POSTFIX_MASTER_CF + echo " -o smtp_send_xforward_command=yes" >> POSTFIX_MASTER_CF + echo " -o disable_dns_lookups=yes" >> POSTFIX_MASTER_CF + echo " -o max_use=20" >> POSTFIX_MASTER_CF + echo "0.0.0.0:10025 inet n - - - - smtpd" >> POSTFIX_MASTER_CF + echo " -o content_filter=" >> POSTFIX_MASTER_CF + echo " -o local_recipient_maps=" >> POSTFIX_MASTER_CF + echo " -o relay_recipient_maps=" >> POSTFIX_MASTER_CF + echo " -o smtpd_restriction_classes=" >> POSTFIX_MASTER_CF + echo " -o smtpd_delay_reject=no" >> POSTFIX_MASTER_CF + echo " -o smtpd_client_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF + echo " -o smtpd_helo_restrictions=" >> POSTFIX_MASTER_CF + echo " -o smtpd_sender_restrictions=" >> POSTFIX_MASTER_CF + echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF + echo " -o smtpd_data_restrictions=reject_unauth_pipelining" >> POSTFIX_MASTER_CF + echo " -o smtpd_end_of_data_restrictions=" >> POSTFIX_MASTER_CF + echo " -o mynetworks=127.0.0.0/8 amavis" >> POSTFIX_MASTER_CF + echo " -o smtpd_error_sleep_time=0" >> POSTFIX_MASTER_CF + echo " -o smtpd_soft_error_limit=1001" >> POSTFIX_MASTER_CF + echo " -o smtpd_hard_error_limit=1000" >> POSTFIX_MASTER_CF + echo " -o smtpd_client_connection_count_limit=0" >> POSTFIX_MASTER_CF + echo " -o smtpd_client_connection_rate_limit=0" >> POSTFIX_MASTER_CF + echo " -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" >> POSTFIX_MASTER_CF + echo "$AMAVIS_CONFIG_FOOTER" >> POSTFIX_MASTER_CF + else + echo "Warning: $POSTFIX_MASTER_CF already contains Amavis configuration, skipping" + fi +} + +if [[ $env_dump =~ ^(.+AMAVIS)= ]] ; then + if [ ! -z "${BASH_REMATCH[1]}" ]; then + echo "AMAVIS env set, enabling email signing" + add_amavis + fi +else + echo "Cant find OPEN_DKIM env, signing will be disabled" + remove_amavis +fi + +echo 'Finished amavis boot script' diff --git a/email_core/boot.d/opendkim b/email_core/boot.d/opendkim index 9c854cb..b2de81f 100755 --- a/email_core/boot.d/opendkim +++ b/email_core/boot.d/opendkim @@ -10,22 +10,17 @@ OPENDKIM_CONFIG_FOOTER="# OpenDKIM - dockermail - end" function remove_opendkim () { if grep -q "$OPENDKIM_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then - sed "/$OPENDKIM_CONFIG_HEADER/,/$OPENDKIM_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" + sed "/$OPENDKIM_CONFIG_HEADER/,/$OPENDKIM_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i fi } function add_opendkim () { if ! grep -q "$OPENDKIM_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then echo "$OPENDKIM_CONFIG_HEADER" >> "$POSTFIX_MAIN_CF" - echo "milter_default_action = accept" >> "$POSTFIX_MAIN_CF" echo "milter_protocol = 2" >> "$POSTFIX_MAIN_CF" - - if [[ $env_dump =~ ^.*PORT_8891_TCP_ADDR=([0-9\.]*) ]] ; then - echo "smtpd_milters = inet:${BASH_REMATCH[1]}:8891" >> "$POSTFIX_MAIN_CF" - echo "non_smtpd_milters = inet:${BASH_REMATCH[1]}:8891" >> "$POSTFIX_MAIN_CF" - fi - + echo "smtpd_milters = inet:opendkim:8891" >> "$POSTFIX_MAIN_CF" + echo "non_smtpd_milters = inet:opendkim:8891" >> "$POSTFIX_MAIN_CF" echo "$OPENDKIM_CONFIG_FOOTER" >> "$POSTFIX_MAIN_CF" else echo "Warning: $POSTFIX_MAIN_CF already contains OpenDKIM configuration, skipping" @@ -35,7 +30,6 @@ function add_opendkim () { if [[ $env_dump =~ ^(.+OPEN_DKIM)= ]] ; then if [ ! -z "${BASH_REMATCH[1]}" ]; then echo "OPEN_DKIM env set, enabling email signing" - remove_opendkim # Remove first, to refresh IP info add_opendkim fi else diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..f1d78a1 --- /dev/null +++ b/start.sh @@ -0,0 +1,15 @@ +docker stop dockermail_core +docker rm dockermail_core + +docker stop dockermail_opendkim +docker rm dockermail_opendkim + +docker run -d -v /opt/dockermail/settings:/mail_settings --name dockermail_opendkim dockermail_opendkim +docker run -d \ + -v /opt/dockermail/settings:/mail_settings \ + -v /opt/dockermail/vmail:/vmail \ + -p 25:25 \ + -p 143:143 \ + -p 587:587 \ + --link dockermail_opendkim:opendkim \ + --name dockermail_core dockermail_emailcore diff --git a/test.sh b/test.sh new file mode 100755 index 0000000..6c290ca --- /dev/null +++ b/test.sh @@ -0,0 +1,8 @@ +export DOCKERMAIL_OPENDKIM_PORT_8891_TCP_ADDR=172.17.0.10 +# re=^.*PORT_8891_TCP_ADDR=(.*)$ +# echo "$( printenv | sed 's||1|' )" +# +if [[ $(printenv) =~ ^.*PORT_8891_TCP_ADDR=([0-9\.]*) ]] ; then + echo "${BASH_REMATCH[1]}" + echo "=====================" +fi