Better logging, better config

This commit is contained in:
Val 2015-07-27 11:39:32 +01:00
parent 1199b08e22
commit 8b2ef783ef
12 changed files with 106 additions and 34 deletions

View File

@ -21,6 +21,7 @@ RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register &&
COPY ./config/05-node_id /etc/amavis/conf.d/05-node_id
COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode
COPY ./config/50-user /etc/amavis/conf.d/50-user
COPY ./config/rsyslog.conf /etc/rsyslog.conf
# Nice place for your settings
VOLUME ["/mail_settings"]
@ -32,4 +33,4 @@ RUN chmod 755 /boot
ENV AMAVIS=true
EXPOSE 10024
ENTRYPOINT ./boot; amavisd-new foreground
ENTRYPOINT ./boot; amavisd-new; rsyslogd -n

View File

@ -14,10 +14,3 @@ sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/
sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i
sed "/# DOCKERMAIL DOMAINS START/a $first_fqdn" /etc/amavis/conf.d/05-node_id -i
sed "/# DOCKERMAIL DOMAINS START/a $domain_acl" /etc/amavis/conf.d/50-user -i
ln -sf /dev/stdout /var/log/razor-agent.log
ln -sf /dev/stdout /var/log/mail.log
ln -sf /dev/stdout /var/log/mail.info
ln -sf /dev/stdout /var/log/mail.warn
ln -sf /dev/stderr /var/log/mail.err

View File

@ -18,8 +18,8 @@ $notify_method = $forward_method;
# Bind on all interfaces (needed to expose this to linked containers)
$inet_socket_bind = '0.0.0.0';
# Accept incoming requests from all addresses (change if used outside of linked containers!)
@inet_acl = qw( ::/0 );
# Accept incoming requests from private ip range
@inet_acl = qw(172.0.0.0/8);
#------------ Do not modify anything below this line -------------
1; # ensure a defined return

View File

@ -0,0 +1,28 @@
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
###########################
#### GLOBAL DIRECTIVES ####
###########################
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
# Write everything to stdout
$template fmt,"%timestamp:::date-rfc3164%\n"
*.* /dev/stdout

View File

@ -18,14 +18,15 @@ ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf
RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
# Dovecot configuration
ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
COPY ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
COPY ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
COPY ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
COPY ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
COPY ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
COPY ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
# Uncomment to add verbose logging
# ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
# COPY ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
COPY ./config/rsyslog.conf /etc/rsyslog.conf
# Nice place for your settings
VOLUME ["/mail_settings"]
@ -44,4 +45,4 @@ RUN groupadd -g 5000 vmail
RUN useradd -g vmail -u 5000 vmail -d /vmail -m
EXPOSE 25 143 587
ENTRYPOINT /boot; service postfix start; dovecot -F
ENTRYPOINT /boot; service postfix start; service dovecot start; rsyslogd -n

View File

@ -47,10 +47,6 @@ chmod u+w /vmail
# Add password file
cp /mail_settings/passwords /etc/dovecot/passwd
ln -sf /dev/stdout /var/log/mail.log
ln -sf /dev/stdout /var/log/mail.info
ln -sf /dev/stdout /var/log/mail.warn
ln -sf /dev/stderr /var/log/mail.err
# Run boot scripts
for SCRIPT in /boot.d/*

View File

@ -15,8 +15,8 @@ function remove_amavis () {
sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i
fi
# master.cf
sed '/^pickup/,/^cleanup/{//!d}' POSTFIX_MASTER_CF -i
sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" POSTFIX_MASTER_CF -i
sed '/^pickup/,/^cleanup/{//!d}' "$POSTFIX_MASTER_CF" -i
sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MASTER_CF" -i
}
function add_amavis () {
@ -43,14 +43,14 @@ function add_amavis () {
echo " -o relay_recipient_maps=" >> $POSTFIX_MASTER_CF
echo " -o smtpd_restriction_classes=" >> $POSTFIX_MASTER_CF
echo " -o smtpd_delay_reject=no" >> $POSTFIX_MASTER_CF
echo " -o smtpd_client_restrictions=" >> $POSTFIX_MASTER_CF
echo " -o smtpd_client_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
echo " -o smtpd_helo_restrictions=" >> $POSTFIX_MASTER_CF
echo " -o smtpd_sender_restrictions=" >> $POSTFIX_MASTER_CF
echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
echo " -o smtpd_data_restrictions=reject_unauth_pipelining" >> $POSTFIX_MASTER_CF
echo " -o smtpd_end_of_data_restrictions=" >> $POSTFIX_MASTER_CF
# Allow the private ip range 172.x.x.x that Docker apparently uses
echo " -o mynetworks=127.0.0.0/8,172.0.0.0/8" >> $POSTFIX_MASTER_CF
echo " -o mynetworks=172.0.0.0/8" >> $POSTFIX_MASTER_CF
echo " -o smtpd_error_sleep_time=0" >> $POSTFIX_MASTER_CF
echo " -o smtpd_soft_error_limit=1001" >> $POSTFIX_MASTER_CF
echo " -o smtpd_hard_error_limit=1000" >> $POSTFIX_MASTER_CF

View File

@ -31,7 +31,7 @@ alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = /etc/mailname, localhost.localdomain, localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks = 127.0.0.0/8 172.0.0.0/8
mailbox_size_limit = 0
recipient_delimiter = +
@ -49,7 +49,7 @@ smtpd_helo_restrictions = permit
smtpd_sender_restrictions = permit
# Only accept mail where this server is the final destination
smtpd_relay_restrictions = permit_auth_destination, reject
smtpd_relay_restrictions = permit_auth_destination, permit_mynetworks, reject
# Mail thats not for us gets filtered out by smtpd_relay_restrictions
# When the mail is for us, we just accept everything. (could add spam blocklists/user checking etc. here)

View File

@ -0,0 +1,28 @@
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
###########################
#### GLOBAL DIRECTIVES ####
###########################
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
# Write everything to stdout
$template fmt,"%timestamp:::date-rfc3164%\n"
*.* /dev/stdout

View File

@ -9,6 +9,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
COPY ./config/rsyslog.conf /etc/rsyslog.conf
# Nice place for your settings
VOLUME ["/mail_settings"]
@ -19,4 +21,4 @@ RUN chmod 755 /boot
ENV OPEN_DKIM=true
EXPOSE 8891
ENTRYPOINT /boot; opendkim -f -p inet:8891@0.0.0.0
ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n

View File

@ -5,8 +5,3 @@ cp /mail_settings/opendkim.conf /etc/opendkim.conf
cp /mail_settings/mail.private /etc/dkim.key
chown root:root /etc/dkim.key
chmod 600 /etc/dkim.key
ln -sf /dev/stdout /var/log/mail.log
ln -sf /dev/stdout /var/log/mail.info
ln -sf /dev/stdout /var/log/mail.warn
ln -sf /dev/stderr /var/log/mail.err

View File

@ -0,0 +1,28 @@
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#
# Default logging rules can be found in /etc/rsyslog.d/50-default.conf
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
###########################
#### GLOBAL DIRECTIVES ####
###########################
# Filter duplicated messages
$RepeatedMsgReduction on
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
# Write everything to stdout
$template fmt,"%timestamp:::date-rfc3164%\n"
*.* /dev/stdout