From 88d71ce832993329e8680fe7de24d7ed0b00a6cc Mon Sep 17 00:00:00 2001 From: hasufell Date: Fri, 2 Oct 2015 15:07:59 +0200 Subject: [PATCH] Add spamassasin/pyzor/razor support and cleanup Dockerfile and config --- core/Dockerfile | 79 ++++++++++--------- core/boot | 3 + core/boot.d/spamassasin | 8 ++ core/config/{ => dovecot}/dovecot.auth | 0 core/config/{ => dovecot}/dovecot.imap | 0 core/config/{ => dovecot}/dovecot.lda | 3 + core/config/{ => dovecot}/dovecot.logging | 0 core/config/{ => dovecot}/dovecot.mail | 0 core/config/{ => dovecot}/dovecot.managesieve | 0 core/config/{ => dovecot}/dovecot.master | 0 core/config/{ => dovecot}/dovecot.sieve | 0 core/config/{ => dovecot}/dovecot.ssl | 0 core/config/example/spam-global.sieve | 5 ++ core/config/paludis/keywords.conf.d/mail.conf | 1 + core/config/paludis/sets/mail.conf | 5 ++ core/config/paludis/sets/tools.conf | 2 + core/config/paludis/use.conf.d/global.conf | 1 + core/config/paludis/use.conf.d/mail.conf | 2 + core/config/{ => postfix}/postfix.main.cf | 0 .../{ => postfix}/postfix.master.cf.append | 6 +- core/config/spamassasin/pyzor.servers | 1 + .../spamassasin/spamassasin.local.append | 7 ++ core/config/supervisord.conf | 7 +- 23 files changed, 91 insertions(+), 39 deletions(-) create mode 100755 core/boot.d/spamassasin rename core/config/{ => dovecot}/dovecot.auth (100%) rename core/config/{ => dovecot}/dovecot.imap (100%) rename core/config/{ => dovecot}/dovecot.lda (70%) rename core/config/{ => dovecot}/dovecot.logging (100%) rename core/config/{ => dovecot}/dovecot.mail (100%) rename core/config/{ => dovecot}/dovecot.managesieve (100%) rename core/config/{ => dovecot}/dovecot.master (100%) rename core/config/{ => dovecot}/dovecot.sieve (100%) rename core/config/{ => dovecot}/dovecot.ssl (100%) create mode 100644 core/config/example/spam-global.sieve create mode 100644 core/config/paludis/keywords.conf.d/mail.conf create mode 100644 core/config/paludis/sets/mail.conf create mode 100644 core/config/paludis/sets/tools.conf create mode 100644 core/config/paludis/use.conf.d/global.conf create mode 100644 core/config/paludis/use.conf.d/mail.conf rename core/config/{ => postfix}/postfix.main.cf (100%) rename core/config/{ => postfix}/postfix.master.cf.append (72%) create mode 100644 core/config/spamassasin/pyzor.servers create mode 100644 core/config/spamassasin/spamassasin.local.append diff --git a/core/Dockerfile b/core/Dockerfile index bfa7ded..c74716b 100644 --- a/core/Dockerfile +++ b/core/Dockerfile @@ -1,33 +1,28 @@ FROM hasufell/gentoo-amd64-paludis:latest MAINTAINER Julian Ospald "hasufell@posteo.de" -# check these with "cave show " -RUN echo -e "*/* acl bash-completion ipv6 kmod openrc pcre readline unicode \ - zlib pam ssl sasl bzip2 urandom crypt tcpd \ - -acpi -cairo -consolekit -cups -dbus -dri -gnome -gnutls -gtk -ogg -opengl \ - -pdf -policykit -qt3support -qt5 -qt4 -sdl -sound -systemd -truetype -vim \ - -vim-syntax -wayland -X" \ - >> /etc/paludis/use.conf +##### PACKAGE INSTALLATION ##### -RUN mkdir -p /etc/paludis/use.conf.d && echo -e \ - "net-mail/dovecot cydir imapc maildir managesieve mbox mdbox pam pop3c \ - sieve sqlite \ - \n \ - \nmail-mta/postfix dovecot-sasl mbox sasl" \ - >> /etc/paludis/use.conf.d/mail.conf +# copy paludis config +COPY ./config/paludis /etc/paludis # update world with our USE flags RUN chgrp paludisbuild /dev/tty && cave resolve -c world -x -# install dovecot -RUN chgrp paludisbuild /dev/tty && cave resolve -z net-mail/dovecot mail-mta/postfix -x +# install mail set +RUN chgrp paludisbuild /dev/tty && cave resolve -c mail -x -# install tools -RUN chgrp paludisbuild /dev/tty && cave resolve -z app-admin/supervisor sys-process/htop -x +# install tools set +RUN chgrp paludisbuild /dev/tty && cave resolve -c tools -x # update etc files... hope this doesn't screw up RUN etc-update --automode -5 +################################ + + +##### APPLICATION CONFIG ##### + # create dovecot certificates RUN mkdir -p /var/tmp/dovecot-cert RUN cp /usr/share/doc/dovecot-*/mkcert.sh /var/tmp/dovecot-cert/ ; \ @@ -43,27 +38,45 @@ WORKDIR / RUN rm -r /var/tmp/dovecot-cert # create postfix certificates -RUN openssl req -new -x509 -nodes -out /etc/ssl/certs/postfix.pem -keyout /etc/ssl/private/postfix.key -days 3650 -subj '/CN=www.example.com' +RUN openssl req -new -x509 -nodes -out /etc/ssl/certs/postfix.pem -keyout \ + /etc/ssl/private/postfix.key -days 3650 -subj '/CN=www.example.com' # Postfix configuration -ADD ./config/postfix.main.cf /etc/postfix/main.cf -ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf +ADD ./config/postfix/postfix.main.cf /etc/postfix/main.cf +ADD ./config/postfix/postfix.master.cf.append /etc/postfix/master-additional.cf RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf +RUN sed -r -i -e \ + '/^smtp[[:space:]]+inet[[:space:]]+/a\ -o content_filter=spamassassin' \ + /etc/postfix/master.cf RUN newaliases -oA/etc/mail/aliases # Dovecot configuration -COPY ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf -COPY ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf -COPY ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf -COPY ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf -COPY ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf -COPY ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf -COPY ./config/dovecot.sieve /etc/dovecot/conf.d/90-sieve.conf -COPY ./config/dovecot.managesieve /etc/dovecot/conf.d/20-managesieve.conf +COPY ./config/dovecot/dovecot.mail /etc/dovecot/conf.d/10-mail.conf +COPY ./config/dovecot/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf +COPY ./config/dovecot/dovecot.auth /etc/dovecot/conf.d/10-auth.conf +COPY ./config/dovecot/dovecot.master /etc/dovecot/conf.d/10-master.conf + +COPY ./config/dovecot/dovecot.lda /etc/dovecot/conf.d/15-lda.conf +COPY ./config/dovecot/dovecot.imap /etc/dovecot/conf.d/20-imap.conf +COPY ./config/dovecot/dovecot.sieve /etc/dovecot/conf.d/90-sieve.conf +COPY ./config/dovecot/dovecot.managesieve \ + /etc/dovecot/conf.d/20-managesieve.conf # Uncomment to add verbose logging -COPY ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf +COPY ./config/dovecot/dovecot.logging /etc/dovecot/conf.d/10-logging.conf + +# spamassasin configuration +COPY ./config/spamassasin/spamassasin.local.append \ + /etc/spamassassin/local.cf.append +RUN mkdir /etc/spamassassin/.pyzor /etc/spamassassin/.razor +COPY ./config/spamassasin/pyzor.servers /etc/spamassassin/.pyzor/servers +RUN cat /etc/spamassassin/local.cf.append >> /etc/spamassassin/local.cf + +# supervisord configuration COPY ./config/supervisord.conf /etc/supervisord.conf +############################## + + # Nice place for your settings VOLUME ["/mail_settings"] @@ -73,18 +86,10 @@ RUN chmod 755 /boot COPY boot.d /boot.d RUN chmod -R 755 /boot.d - # Add user vmail that owns mail RUN groupadd -g 5000 vmail RUN useradd -g vmail -u 5000 vmail -d /vmail -m -# create global sieve folder/rule -RUN mkdir -p /vmail/sieve && echo -e "require \"fileinto\";\ -\nif header :contains \"X-Spam-Flag\" \"YES\" {\ -\n fileinto \"Spam\";\ -\n}" > /vmail/sieve/spam-global.sieve && \ - chown -R vmail:vmail /vmail/sieve/ - # Volume to store email VOLUME ["/vmail"] diff --git a/core/boot b/core/boot index 7176689..86ace8c 100755 --- a/core/boot +++ b/core/boot @@ -25,6 +25,9 @@ postmap /etc/postfix/virtual postmap /etc/postfix/virtual-mailbox-maps chown -R postfix:postfix /etc/postfix +# add global sieve script +mkdir -p /vmail/sieve && cp /mail_settings/spam-global.sieve /vmail/sieve/ + # Make user vmail own all mail folders chown -R vmail:vmail /vmail chmod u+w /vmail diff --git a/core/boot.d/spamassasin b/core/boot.d/spamassasin new file mode 100755 index 0000000..e2bf1aa --- /dev/null +++ b/core/boot.d/spamassasin @@ -0,0 +1,8 @@ +#!/bin/bash + +sa-update + +razor-admin -home=/etc/spamassassin/.razor -register +razor-admin -home=/etc/spamassassin/.razor -create +razor-admin -home=/etc/spamassassin/.razor -discover + diff --git a/core/config/dovecot.auth b/core/config/dovecot/dovecot.auth similarity index 100% rename from core/config/dovecot.auth rename to core/config/dovecot/dovecot.auth diff --git a/core/config/dovecot.imap b/core/config/dovecot/dovecot.imap similarity index 100% rename from core/config/dovecot.imap rename to core/config/dovecot/dovecot.imap diff --git a/core/config/dovecot.lda b/core/config/dovecot/dovecot.lda similarity index 70% rename from core/config/dovecot.lda rename to core/config/dovecot/dovecot.lda index a71b7af..3cbdc1b 100644 --- a/core/config/dovecot.lda +++ b/core/config/dovecot/dovecot.lda @@ -1,3 +1,6 @@ +lda_mailbox_autocreate = yes +lda_mailbox_autosubscribe = yes + protocol lda { hostname = mail.docker.container postmaster_address = postmaster@mail.docker.container diff --git a/core/config/dovecot.logging b/core/config/dovecot/dovecot.logging similarity index 100% rename from core/config/dovecot.logging rename to core/config/dovecot/dovecot.logging diff --git a/core/config/dovecot.mail b/core/config/dovecot/dovecot.mail similarity index 100% rename from core/config/dovecot.mail rename to core/config/dovecot/dovecot.mail diff --git a/core/config/dovecot.managesieve b/core/config/dovecot/dovecot.managesieve similarity index 100% rename from core/config/dovecot.managesieve rename to core/config/dovecot/dovecot.managesieve diff --git a/core/config/dovecot.master b/core/config/dovecot/dovecot.master similarity index 100% rename from core/config/dovecot.master rename to core/config/dovecot/dovecot.master diff --git a/core/config/dovecot.sieve b/core/config/dovecot/dovecot.sieve similarity index 100% rename from core/config/dovecot.sieve rename to core/config/dovecot/dovecot.sieve diff --git a/core/config/dovecot.ssl b/core/config/dovecot/dovecot.ssl similarity index 100% rename from core/config/dovecot.ssl rename to core/config/dovecot/dovecot.ssl diff --git a/core/config/example/spam-global.sieve b/core/config/example/spam-global.sieve new file mode 100644 index 0000000..9da1578 --- /dev/null +++ b/core/config/example/spam-global.sieve @@ -0,0 +1,5 @@ +require "fileinto"; + +if header :contains "X-Spam-Flag" "YES" { + fileinto "Spam"; +} diff --git a/core/config/paludis/keywords.conf.d/mail.conf b/core/config/paludis/keywords.conf.d/mail.conf new file mode 100644 index 0000000..83bfacd --- /dev/null +++ b/core/config/paludis/keywords.conf.d/mail.conf @@ -0,0 +1 @@ +dev-python/pyzor ~amd64 diff --git a/core/config/paludis/sets/mail.conf b/core/config/paludis/sets/mail.conf new file mode 100644 index 0000000..159ca55 --- /dev/null +++ b/core/config/paludis/sets/mail.conf @@ -0,0 +1,5 @@ +* net-mail/dovecot +* mail-mta/postfix +* mail-filter/spamassassin +* dev-python/pyzor +* mail-filter/razor diff --git a/core/config/paludis/sets/tools.conf b/core/config/paludis/sets/tools.conf new file mode 100644 index 0000000..1dc41b9 --- /dev/null +++ b/core/config/paludis/sets/tools.conf @@ -0,0 +1,2 @@ +* app-admin/supervisor +* sys-process/htop diff --git a/core/config/paludis/use.conf.d/global.conf b/core/config/paludis/use.conf.d/global.conf new file mode 100644 index 0000000..a054939 --- /dev/null +++ b/core/config/paludis/use.conf.d/global.conf @@ -0,0 +1 @@ +*/* acl bash-completion ipv6 kmod openrc pcre readline unicode zlib pam ssl sasl bzip2 urandom crypt tcpd -acpi -cairo -consolekit -cups -dbus -dri -gnome -gnutls -gtk -ogg -opengl -pdf -policykit -qt3support -qt5 -qt4 -sdl -sound -systemd -truetype -vim -vim-syntax -wayland -X diff --git a/core/config/paludis/use.conf.d/mail.conf b/core/config/paludis/use.conf.d/mail.conf new file mode 100644 index 0000000..f65c3d6 --- /dev/null +++ b/core/config/paludis/use.conf.d/mail.conf @@ -0,0 +1,2 @@ +net-mail/dovecot cydir imapc maildir managesieve mbox mdbox pam pop3c sieve sqlite +nmail-mta/postfix dovecot-sasl mbox sasl diff --git a/core/config/postfix.main.cf b/core/config/postfix/postfix.main.cf similarity index 100% rename from core/config/postfix.main.cf rename to core/config/postfix/postfix.main.cf diff --git a/core/config/postfix.master.cf.append b/core/config/postfix/postfix.master.cf.append similarity index 72% rename from core/config/postfix.master.cf.append rename to core/config/postfix/postfix.master.cf.append index 6fdc4a7..853764f 100644 --- a/core/config/postfix.master.cf.append +++ b/core/config/postfix/postfix.master.cf.append @@ -1,5 +1,5 @@ dovecot unix - n n - - pipe - flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} + flags=DRhu user=vmail:vmail argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} # we need to be permissive with the helo restrictions since the client can only # authenticate after HELO has been sent @@ -13,3 +13,7 @@ submission inet n - n - - smtpd -o smtpd_sender_restrictions=permit_sasl_authenticated,reject -o smtpd_relay_restrictions=permit_sasl_authenticated,reject -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject + +spamassassin unix - n n - - pipe + user=vmail:vmail argv=/usr/bin/spamc -f -e + /usr/sbin/sendmail -oi -f ${sender} ${recipient} diff --git a/core/config/spamassasin/pyzor.servers b/core/config/spamassasin/pyzor.servers new file mode 100644 index 0000000..efd1e74 --- /dev/null +++ b/core/config/spamassasin/pyzor.servers @@ -0,0 +1 @@ +public.pyzor.org:24441 diff --git a/core/config/spamassasin/spamassasin.local.append b/core/config/spamassasin/spamassasin.local.append new file mode 100644 index 0000000..2edca31 --- /dev/null +++ b/core/config/spamassasin/spamassasin.local.append @@ -0,0 +1,7 @@ + +# you should leave this untouched +razor_config /etc/spamassassin/.razor/razor-agent.conf +pyzor_options --homedir /etc/spamassassin/.pyzor + +# here goes your whitelist stuff for example +# whitelist_from user@example.com diff --git a/core/config/supervisord.conf b/core/config/supervisord.conf index 8a99140..2748fb9 100644 --- a/core/config/supervisord.conf +++ b/core/config/supervisord.conf @@ -1,11 +1,16 @@ [supervisord] nodaemon=true +[program:spamassasin] +command=/usr/sbin/spamd +startsecs=2 +autorestart=true + [program:postfix] process_name=master directory=/etc/postfix command=/usr/sbin/postfix -c /etc/postfix start -startsecs=0 +startsecs=1 autorestart=false [program:dovecot]