Better logging, better config

2015-07-27 11:39:32 +01:00 · 2015-07-27 11:39:32 +01:00 · 8b2ef783ef
commit 8b2ef783ef
parent 1199b08e22
12 changed files with 106 additions and 34 deletions
--- a/amavis/Dockerfile
+++ b/amavis/Dockerfile
@ -21,6 +21,7 @@ RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register &&
 COPY ./config/05-node_id /etc/amavis/conf.d/05-node_id
 COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode
 COPY ./config/50-user /etc/amavis/conf.d/50-user
 COPY ./config/rsyslog.conf /etc/rsyslog.conf
 # Nice place for your settings
 VOLUME ["/mail_settings"]
@ -32,4 +33,4 @@ RUN chmod 755 /boot
 ENV AMAVIS=true
 EXPOSE 10024
-ENTRYPOINT ./boot; amavisd-new foreground
+ENTRYPOINT ./boot; amavisd-new; rsyslogd -n
--- a/amavis/boot
+++ b/amavis/boot
@ -14,10 +14,3 @@ sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/
 sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i
 sed "/# DOCKERMAIL DOMAINS START/a $first_fqdn" /etc/amavis/conf.d/05-node_id -i
 sed "/# DOCKERMAIL DOMAINS START/a $domain_acl" /etc/amavis/conf.d/50-user -i
 ln -sf /dev/stdout /var/log/razor-agent.log
 ln -sf /dev/stdout /var/log/mail.log
 ln -sf /dev/stdout /var/log/mail.info
 ln -sf /dev/stdout /var/log/mail.warn
 ln -sf /dev/stderr /var/log/mail.err
--- a/amavis/config/50-user
+++ b/amavis/config/50-user
@ -18,8 +18,8 @@ $notify_method = $forward_method;
 # Bind on all interfaces (needed to expose this to linked containers)
 $inet_socket_bind = '0.0.0.0';
-# Accept incoming requests from all addresses (change if used outside of linked containers!)
+# Accept incoming requests from private ip range
-@inet_acl = qw( ::/0 );
+@inet_acl = qw(172.0.0.0/8);
 #------------ Do not modify anything below this line -------------
 1;  # ensure a defined return
--- a/amavis/config/rsyslog.conf
+++ b/amavis/config/rsyslog.conf
@ -0,0 +1,28 @@
 #  /etc/rsyslog.conf    Configuration file for rsyslog.
 #
 #                       For more information see
 #                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
 #
 #  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
 #################
 #### MODULES ####
 #################
 $ModLoad imuxsock # provides support for local system logging
 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
 # Filter duplicated messages
 $RepeatedMsgReduction on
 #
 # Where to place spool and state files
 #
 $WorkDirectory /var/spool/rsyslog
 # Write everything to stdout
 $template fmt,"%timestamp:::date-rfc3164%\n"
 *.* /dev/stdout
--- a/email_core/Dockerfile
+++ b/email_core/Dockerfile
@ -18,14 +18,15 @@ ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf
 RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
 # Dovecot configuration
-ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
+COPY ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
-ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
+COPY ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
-ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
+COPY ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
-ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
+COPY ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
-ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
+COPY ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
-ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
+COPY ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
 # Uncomment to add verbose logging
-# ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
+# COPY ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
 COPY ./config/rsyslog.conf /etc/rsyslog.conf
 # Nice place for your settings
 VOLUME ["/mail_settings"]
@ -44,4 +45,4 @@ RUN groupadd -g 5000 vmail
 RUN useradd -g vmail -u 5000 vmail -d /vmail -m
 EXPOSE 25 143 587
-ENTRYPOINT /boot; service postfix start; dovecot -F
+ENTRYPOINT /boot; service postfix start; service dovecot start; rsyslogd -n
--- a/email_core/boot
+++ b/email_core/boot
@ -47,10 +47,6 @@ chmod u+w /vmail
 # Add password file
 cp /mail_settings/passwords /etc/dovecot/passwd
 ln -sf /dev/stdout /var/log/mail.log
 ln -sf /dev/stdout /var/log/mail.info
 ln -sf /dev/stdout /var/log/mail.warn
 ln -sf /dev/stderr /var/log/mail.err
 # Run boot scripts
 for SCRIPT in /boot.d/*
--- a/email_core/boot.d/amavis
+++ b/email_core/boot.d/amavis
@ -15,8 +15,8 @@ function remove_amavis () {
    sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i
  fi
  # master.cf
-  sed '/^pickup/,/^cleanup/{//!d}' POSTFIX_MASTER_CF -i
+  sed '/^pickup/,/^cleanup/{//!d}' "$POSTFIX_MASTER_CF" -i
-  sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" POSTFIX_MASTER_CF -i
+  sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MASTER_CF" -i
 }
 function add_amavis () {
@ -43,14 +43,14 @@ function add_amavis () {
    echo "  -o relay_recipient_maps=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_restriction_classes=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_delay_reject=no" >> $POSTFIX_MASTER_CF
-    echo "  -o smtpd_client_restrictions=" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_client_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_helo_restrictions=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_sender_restrictions=" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_data_restrictions=reject_unauth_pipelining" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_end_of_data_restrictions=" >> $POSTFIX_MASTER_CF
    # Allow the private ip range 172.x.x.x that Docker apparently uses
-    echo "  -o mynetworks=127.0.0.0/8,172.0.0.0/8" >> $POSTFIX_MASTER_CF
+    echo "  -o mynetworks=172.0.0.0/8" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_error_sleep_time=0" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_soft_error_limit=1001" >> $POSTFIX_MASTER_CF
    echo "  -o smtpd_hard_error_limit=1000" >> $POSTFIX_MASTER_CF
--- a/email_core/config/postfix.main.cf
+++ b/email_core/config/postfix.main.cf
@ -31,7 +31,7 @@ alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydestination = /etc/mailname, localhost.localdomain, localhost
 relayhost =
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = 127.0.0.0/8 172.0.0.0/8
 mailbox_size_limit = 0
 recipient_delimiter = +
@ -49,7 +49,7 @@ smtpd_helo_restrictions = permit
 smtpd_sender_restrictions = permit
 # Only accept mail where this server is the final destination
-smtpd_relay_restrictions = permit_auth_destination, reject
+smtpd_relay_restrictions = permit_auth_destination, permit_mynetworks, reject
 # Mail thats not for us gets filtered out by smtpd_relay_restrictions
 # When the mail is for us, we just accept everything. (could add spam blocklists/user checking etc. here)
--- a/email_core/config/rsyslog.conf
+++ b/email_core/config/rsyslog.conf
@ -0,0 +1,28 @@
 #  /etc/rsyslog.conf    Configuration file for rsyslog.
 #
 #                       For more information see
 #                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
 #
 #  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
 #################
 #### MODULES ####
 #################
 $ModLoad imuxsock # provides support for local system logging
 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
 # Filter duplicated messages
 $RepeatedMsgReduction on
 #
 # Where to place spool and state files
 #
 $WorkDirectory /var/spool/rsyslog
 # Write everything to stdout
 $template fmt,"%timestamp:::date-rfc3164%\n"
 *.* /dev/stdout
--- a/opendkim/Dockerfile
+++ b/opendkim/Dockerfile
@ -9,6 +9,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
 COPY ./config/rsyslog.conf /etc/rsyslog.conf
 # Nice place for your settings
 VOLUME ["/mail_settings"]
@ -19,4 +21,4 @@ RUN chmod 755 /boot
 ENV OPEN_DKIM=true
 EXPOSE 8891
-ENTRYPOINT /boot; opendkim -f -p inet:8891@0.0.0.0
+ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n
--- a/opendkim/boot
+++ b/opendkim/boot
@ -5,8 +5,3 @@ cp /mail_settings/opendkim.conf /etc/opendkim.conf
 cp /mail_settings/mail.private /etc/dkim.key
 chown root:root /etc/dkim.key
 chmod 600 /etc/dkim.key
 ln -sf /dev/stdout /var/log/mail.log
 ln -sf /dev/stdout /var/log/mail.info
 ln -sf /dev/stdout /var/log/mail.warn
 ln -sf /dev/stderr /var/log/mail.err
--- a/opendkim/config/rsyslog.conf
+++ b/opendkim/config/rsyslog.conf
@ -0,0 +1,28 @@
 #  /etc/rsyslog.conf    Configuration file for rsyslog.
 #
 #                       For more information see
 #                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
 #
 #  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
 #################
 #### MODULES ####
 #################
 $ModLoad imuxsock # provides support for local system logging
 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################
 # Filter duplicated messages
 $RepeatedMsgReduction on
 #
 # Where to place spool and state files
 #
 $WorkDirectory /var/spool/rsyslog
 # Write everything to stdout
 $template fmt,"%timestamp:::date-rfc3164%\n"
 *.* /dev/stdout