Better logging, better config

2015-07-27 11:39:32 +01:00 · 2015-07-27 11:39:32 +01:00 · 8b2ef783ef
parent 1199b08e22
commit 8b2ef783ef
12 changed files with 106 additions and 34 deletions
--- a/amavis/Dockerfile
+++ b/amavis/Dockerfile
@ -21,6 +21,7 @@ RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register &&
 COPY ./config/05-node_id /etc/amavis/conf.d/05-node_id
 COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode
 COPY ./config/50-user /etc/amavis/conf.d/50-user
+COPY ./config/rsyslog.conf /etc/rsyslog.conf

 # Nice place for your settings
 VOLUME ["/mail_settings"]
@ -32,4 +33,4 @@ RUN chmod 755 /boot
 ENV AMAVIS=true

 EXPOSE 10024
-ENTRYPOINT ./boot; amavisd-new foreground
+ENTRYPOINT ./boot; amavisd-new; rsyslogd -n
--- a/amavis/boot
+++ b/amavis/boot
@ -14,10 +14,3 @@ sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/
 sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i
 sed "/# DOCKERMAIL DOMAINS START/a $first_fqdn" /etc/amavis/conf.d/05-node_id -i
 sed "/# DOCKERMAIL DOMAINS START/a $domain_acl" /etc/amavis/conf.d/50-user -i
-
-
-ln -sf /dev/stdout /var/log/razor-agent.log
-ln -sf /dev/stdout /var/log/mail.log
-ln -sf /dev/stdout /var/log/mail.info
-ln -sf /dev/stdout /var/log/mail.warn
-ln -sf /dev/stderr /var/log/mail.err
--- a/amavis/config/50-user
+++ b/amavis/config/50-user
@ -18,8 +18,8 @@ $notify_method = $forward_method;

 # Bind on all interfaces (needed to expose this to linked containers)
 $inet_socket_bind = '0.0.0.0';
-# Accept incoming requests from all addresses (change if used outside of linked containers!)
-@inet_acl = qw( ::/0 );
+# Accept incoming requests from private ip range
+@inet_acl = qw(172.0.0.0/8);

 #------------ Do not modify anything below this line -------------
 1;  # ensure a defined return
--- a/amavis/config/rsyslog.conf
+++ b/amavis/config/rsyslog.conf
@ -0,0 +1,28 @@
+#  /etc/rsyslog.conf    Configuration file for rsyslog.
+#
+#                       For more information see
+#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+#
+#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+# Filter duplicated messages
+$RepeatedMsgReduction on
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+# Write everything to stdout
+$template fmt,"%timestamp:::date-rfc3164%\n"
+*.* /dev/stdout
--- a/email_core/Dockerfile
+++ b/email_core/Dockerfile
@ -18,14 +18,15 @@ ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf
 RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf

 # Dovecot configuration
-ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
-ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
-ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
-ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
-ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
-ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
+COPY ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
+COPY ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
+COPY ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
+COPY ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
+COPY ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
+COPY ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
 # Uncomment to add verbose logging
-# ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
+# COPY ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
+COPY ./config/rsyslog.conf /etc/rsyslog.conf

 # Nice place for your settings
 VOLUME ["/mail_settings"]
@ -44,4 +45,4 @@ RUN groupadd -g 5000 vmail
 RUN useradd -g vmail -u 5000 vmail -d /vmail -m

 EXPOSE 25 143 587
-ENTRYPOINT /boot; service postfix start; dovecot -F
+ENTRYPOINT /boot; service postfix start; service dovecot start; rsyslogd -n
--- a/email_core/boot
+++ b/email_core/boot
@ -47,10 +47,6 @@ chmod u+w /vmail
 # Add password file
 cp /mail_settings/passwords /etc/dovecot/passwd

-ln -sf /dev/stdout /var/log/mail.log
-ln -sf /dev/stdout /var/log/mail.info
-ln -sf /dev/stdout /var/log/mail.warn
-ln -sf /dev/stderr /var/log/mail.err

 # Run boot scripts
 for SCRIPT in /boot.d/*
--- a/email_core/boot.d/amavis
+++ b/email_core/boot.d/amavis
@ -15,8 +15,8 @@ function remove_amavis () {
    sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i
  fi
  # master.cf
-  sed '/^pickup/,/^cleanup/{//!d}' POSTFIX_MASTER_CF -i
-  sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" POSTFIX_MASTER_CF -i
+  sed '/^pickup/,/^cleanup/{//!d}' "$POSTFIX_MASTER_CF" -i
+  sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MASTER_CF" -i
 }

 function add_amavis () {
@ -43,14 +43,14 @@ function add_amavis () {
    echo "  -o relay_recipient_maps=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_restriction_classes=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_delay_reject=no" >> $POSTFIX_MASTER_CF
-    echo "  -o smtpd_client_restrictions=" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_client_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_helo_restrictions=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_sender_restrictions=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_data_restrictions=reject_unauth_pipelining" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_end_of_data_restrictions=" >> $POSTFIX_MASTER_CF
    # Allow the private ip range 172.x.x.x that Docker apparently uses
-    echo "  -o mynetworks=127.0.0.0/8,172.0.0.0/8" >> $POSTFIX_MASTER_CF
+    echo "  -o mynetworks=172.0.0.0/8" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_error_sleep_time=0" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_soft_error_limit=1001" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_hard_error_limit=1000" >> $POSTFIX_MASTER_CF
--- a/email_core/config/postfix.main.cf
+++ b/email_core/config/postfix.main.cf
@ -31,7 +31,7 @@ alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = /etc/mailname, localhost.localdomain, localhost
 relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = 127.0.0.0/8 172.0.0.0/8
 mailbox_size_limit = 0
 recipient_delimiter = +

@ -49,7 +49,7 @@ smtpd_helo_restrictions = permit
 smtpd_sender_restrictions = permit

 # Only accept mail where this server is the final destination
-smtpd_relay_restrictions = permit_auth_destination, reject
+smtpd_relay_restrictions = permit_auth_destination, permit_mynetworks, reject

 # Mail thats not for us gets filtered out by smtpd_relay_restrictions
 # When the mail is for us, we just accept everything. (could add spam blocklists/user checking etc. here)
--- a/email_core/config/rsyslog.conf
+++ b/email_core/config/rsyslog.conf
@ -0,0 +1,28 @@
+#  /etc/rsyslog.conf    Configuration file for rsyslog.
+#
+#                       For more information see
+#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+#
+#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+# Filter duplicated messages
+$RepeatedMsgReduction on
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+# Write everything to stdout
+$template fmt,"%timestamp:::date-rfc3164%\n"
+*.* /dev/stdout
--- a/opendkim/Dockerfile
+++ b/opendkim/Dockerfile
@ -9,6 +9,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

+COPY ./config/rsyslog.conf /etc/rsyslog.conf
+
 # Nice place for your settings
 VOLUME ["/mail_settings"]

@ -19,4 +21,4 @@ RUN chmod 755 /boot
 ENV OPEN_DKIM=true

 EXPOSE 8891
-ENTRYPOINT /boot; opendkim -f -p inet:8891@0.0.0.0
+ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n
--- a/opendkim/boot
+++ b/opendkim/boot
@ -5,8 +5,3 @@ cp /mail_settings/opendkim.conf /etc/opendkim.conf
 cp /mail_settings/mail.private /etc/dkim.key
 chown root:root /etc/dkim.key
 chmod 600 /etc/dkim.key
-
-ln -sf /dev/stdout /var/log/mail.log
-ln -sf /dev/stdout /var/log/mail.info
-ln -sf /dev/stdout /var/log/mail.warn
-ln -sf /dev/stderr /var/log/mail.err
--- a/opendkim/config/rsyslog.conf
+++ b/opendkim/config/rsyslog.conf
@ -0,0 +1,28 @@
+#  /etc/rsyslog.conf    Configuration file for rsyslog.
+#
+#                       For more information see
+#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
+#
+#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
+
+
+#################
+#### MODULES ####
+#################
+
+$ModLoad imuxsock # provides support for local system logging
+
+###########################
+#### GLOBAL DIRECTIVES ####
+###########################
+
+# Filter duplicated messages
+$RepeatedMsgReduction on
+#
+# Where to place spool and state files
+#
+$WorkDirectory /var/spool/rsyslog
+
+# Write everything to stdout
+$template fmt,"%timestamp:::date-rfc3164%\n"
+*.* /dev/stdout