Fixes, working rspamd settings, generate DKIM keys in PHP

This commit is contained in:
andryyy 2016-12-10 21:49:41 +01:00
parent a7a597fead
commit 42a64b45d7
13 changed files with 58 additions and 37 deletions

View File

@ -1,10 +1,12 @@
# mailcow-dockerized
## Configuration
## Installation
1. Open mailcow.conf and change stuff, do not touch versions, do not use special chars in passwords for now.
1. Open mailcow.conf and change stuff, do not use special chars in passwords. This will be fixed soon.
2. ./build-all.sh
2. Run ./build-all.sh
3. Set a rspamd controller password (see section "rspamd")
Done.
@ -22,6 +24,12 @@ The default username for mailcow is `admin` with password `moohoo`.
No persistent data is deleted at any time.
If an image exists, you will be asked wether or not to repull/rebuild it.
### Logs
You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter reponses.
When a process dies, the container dies, too. Except for Postfix' container.
### MySQL
Connect to MySQL database:
@ -50,23 +58,28 @@ Connect to redis database:
Use rspamadm:
```
docker exec -it rspamd-mailcow /bin/bash -c "rspamadm --help"
docker exec -it rspamd-mailcow rspamadm --help
```
Use rspamc:
```
docker exec -it rspamd-mailcow /bin/bash -c "rspamc --help"
docker exec -it rspamd-mailcow rspamc --help
```
Set rspamd controller password:
```
docker exec -it rspamd-mailcow /bin/bash -c "rspamadm pw"
# Generate hash
docker exec -it rspamd-mailcow rspamadm pw
```
Copy given hash to data/conf/rspamd/override.d/worker-controller.inc:
Replace given hash in data/conf/rspamd/override.d/worker-controller.inc:
```
...
enable_password = "myhash";
....
```
Restart rspamd:
```
docker restart rspamd-mailcow
```
### Remove persistent data

View File

@ -1,7 +1,6 @@
#!/bin/bash
. mailcow.conf
./build-network.sh
source mailcow.conf
NAME="dovecot-mailcow"
@ -48,5 +47,4 @@ docker run \
-h ${MAILCOW_HOSTNAME} \
-d dovecot
echo "Fixing permissions..."
chown -R 5000:5000 data/vmail
/bin/bash ./fix-permissions.sh

View File

@ -38,3 +38,5 @@ docker run \
echo "Installaing SOGo web resource files..."
docker exec -it ${NAME} /bin/bash -c 'apt-key adv --keyserver keys.gnupg.net --recv-key 0x810273C4 && apt-get update && apt-get -y --force-yes install apt-transport-https'
docker exec -it ${NAME} /bin/bash -c 'echo "deb http://packages.inverse.ca/SOGo/nightly/3/debian/ jessie jessie" > /etc/apt/sources.list.d/sogo.list && apt-get update && apt-get -y --force-yes install sogo'
/bin/bash ./fix-permissions.sh

View File

@ -36,3 +36,5 @@ docker run \
--name ${NAME} \
-d rspamd
/bin/bash ./fix-permissions.sh

View File

@ -9,10 +9,4 @@ trap "postfix reload" SIGHUP
# start postfix
postfix -c /opt/postfix/conf start
# lets give postfix some time to start
sleep 3
# wait until postfix is dead (triggered by trap)
while kill -0 $(cat /var/spool/postfix/pid/master.pid); do
sleep 5
done
sleep infinity

View File

@ -9,6 +9,8 @@ RUN apt-get update \
&& apt-get update \
&& apt-get --no-install-recommends -y --force-yes install rspamd
RUN echo '.include $LOCAL_CONFDIR/local.d/rspamd.conf.local' > /etc/rspamd/rspamd.conf.local
CMD ["/usr/bin/rspamd","-f", "-u", "_rspamd", "-g", "_rspamd"]
USER _rspamd

View File

@ -1,3 +1,8 @@
actions {
reject = 15;
add_header = 5;
greylist = 4;
}
symbol "MAILCOW_AUTH" {
description = "mailcow authenticated";
score = -20.0;

View File

@ -0,0 +1 @@
settings = "http://nginx:8081/settings.php";

View File

@ -10,5 +10,3 @@ rspamd_config.MAILCOW_AUTH = {
rspamd_config.MAILCOW_MOO = function (task)
return true
end
rspamd_config:add_map('http://nginx:8081/settings.php', "settings map", process_map)

View File

@ -160,7 +160,7 @@ function dkim_table($action, $item) {
case "add":
$domain = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['domain']);
$selector = preg_replace('/[^A-Za-z0-9._\-]/', '_', $item['dkim']['selector']);
$key_length = $item['dkim']['key_size'];
$key_length = intval($item['dkim']['key_size']);
if (!ctype_alnum($selector) || !is_valid_domain_name($domain) || !is_numeric($key_length)) {
$_SESSION['return'] = array(
'type' => 'danger',
@ -178,13 +178,22 @@ function dkim_table($action, $item) {
break;
}
// Should be done native in PHP soon
$privKey = shell_exec("openssl genrsa -out /tmp/dkim-private.pem " . escapeshellarg($key_length) . " -outform PEM && cat /tmp/dkim-private.pem");
$pubKey = shell_exec('openssl rsa -in /tmp/dkim-private.pem -pubout -outform PEM 2>/dev/null | sed -e "1d" -e "\$d" | tr -d "\n"');
shell_exec('rm /tmp/dkim-private.pem');
$config = array(
"digest_alg" => "sha256",
"private_key_bits" => $key_length,
"private_key_type" => OPENSSL_KEYTYPE_RSA,
);
$keypair_ressource = openssl_pkey_new($config);
$key_details = openssl_pkey_get_details($keypair_ressource);
$pubKey = implode(array_slice(
array_filter(
explode(PHP_EOL, $key_details['key'])
), 1, -1)
);
// Save public key to file
file_put_contents($GLOBALS['MC_DKIM_TXTS'] . '/' . $selector . '_' . $domain, $pubKey);
file_put_contents($GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.' . $selector, $privKey);
// Save private key to file
openssl_pkey_export_to_file($keypair_ressource, $GLOBALS['MC_DKIM_KEYS'] . '/' . $domain . '.' . $selector);
$_SESSION['return'] = array(
'type' => 'success',

View File

@ -1,4 +1,2 @@
#!/bin/bash
chown -R 5000:5000 data/vmail
chown -R 33:33 data/dkim

View File

@ -5,13 +5,14 @@
MAILCOW_HOSTNAME=mail.mailcow.de
# mailcow SQL database configuration
# SQL database configuration
DBNAME=mailcow
DBUSER=mailcow
DBPASS=mysafepasswd
DBROOT=myverysafepasswd
# MySQL
# Tested with MySQL 5.5
DBVERS=5.5
# SOGo configuration
@ -19,11 +20,12 @@ SOGOCHILDS=20
# Webserver configuration
# Default port binding for Nginx is 443
#
PHPVERS="5.6-fpm"
NGINXVERS="stable"
# You should leave that alone
# Can also be 1.2.3.4:25 for specific binding
# Can also be 11.22.33.44:25 or 0.0.0.0:465 etc. for specific binding
SMTP_PORT=25
SMTPS_PORT=465
SUBMISSION_PORT=587

View File

@ -1,3 +0,0 @@
#!/bin/bash
# Soon