Rebase Dovecot on Stretch slim, build from stable source with latest stable Pigeonhole for antispam replacement
This commit is contained in:
parent
abcdf841cd
commit
58d86dadce
@ -1,33 +1,30 @@
|
||||
FROM ubuntu:xenial
|
||||
FROM debian:stretch-slim
|
||||
#ubuntu:xenial
|
||||
MAINTAINER Andre Peters <andre.peters@servercow.de>
|
||||
|
||||
ENV DEBIAN_FRONTEND noninteractive
|
||||
ENV LC_ALL C
|
||||
ENV DOVECOT_VERSION 2.2.28
|
||||
ENV PIGEONHOLE_VERSION 0.4.17
|
||||
|
||||
RUN dpkg-divert --local --rename --add /sbin/initctl \
|
||||
&& ln -sf /bin/true /sbin/initctl \
|
||||
&& dpkg-divert --local --rename --add /usr/bin/ischroot \
|
||||
&& ln -sf /bin/true /usr/bin/ischroot
|
||||
|
||||
RUN apt-get update
|
||||
RUN apt-get -y install dovecot-common \
|
||||
dovecot-core \
|
||||
dovecot-imapd \
|
||||
dovecot-lmtpd \
|
||||
dovecot-managesieved \
|
||||
dovecot-sieve \
|
||||
dovecot-mysql \
|
||||
dovecot-pop3d \
|
||||
dovecot-dev \
|
||||
RUN apt-get update \
|
||||
&& apt-get -y install libpam-dev \
|
||||
default-libmysqlclient-dev \
|
||||
lzma-dev \
|
||||
liblz-dev \
|
||||
libbz2-dev \
|
||||
liblz4-dev \
|
||||
liblzma-dev \
|
||||
build-essential \
|
||||
autotools-dev \
|
||||
automake \
|
||||
syslog-ng \
|
||||
syslog-ng-core \
|
||||
ca-certificates \
|
||||
supervisor \
|
||||
wget \
|
||||
curl \
|
||||
build-essential \
|
||||
autotools-dev \
|
||||
automake \
|
||||
libssl-dev \
|
||||
libauthen-ntlm-perl \
|
||||
libcrypt-ssleay-perl \
|
||||
libdigest-hmac-perl \
|
||||
@ -52,36 +49,57 @@ RUN apt-get -y install dovecot-common \
|
||||
make \
|
||||
cpanminus
|
||||
|
||||
|
||||
RUN wget https://www.dovecot.org/releases/2.2/dovecot-$DOVECOT_VERSION.tar.gz -O - | tar xvz \
|
||||
&& cd dovecot-$DOVECOT_VERSION \
|
||||
&& ./configure --with-mysql --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib \
|
||||
&& make -j3 \
|
||||
&& make install \
|
||||
&& make clean
|
||||
|
||||
RUN wget https://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION.tar.gz -O - | tar xvz \
|
||||
&& cd dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
|
||||
&& ./configure \
|
||||
&& make -j3 \
|
||||
&& make install \
|
||||
&& make clean
|
||||
|
||||
RUN sed -i -E 's/^(\s*)system\(\);/\1unix-stream("\/dev\/log");/' /etc/syslog-ng/syslog-ng.conf
|
||||
RUN cpanm Data::Uniqid Mail::IMAPClient String::Util
|
||||
RUN echo '* * * * * root /usr/local/bin/imapsync_cron.pl' > /etc/cron.d/imapsync
|
||||
RUN echo '30 3 * * * vmail /usr/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
|
||||
|
||||
WORKDIR /tmp
|
||||
|
||||
RUN wget http://hg.dovecot.org/dovecot-antispam-plugin/archive/tip.tar.gz -O - | tar xvz \
|
||||
&& cd /tmp/dovecot-antispam* \
|
||||
&& ./autogen.sh \
|
||||
&& ./configure --prefix=/usr \
|
||||
&& make \
|
||||
&& make install
|
||||
|
||||
COPY ./imapsync /usr/local/bin/imapsync
|
||||
COPY ./postlogin.sh /usr/local/bin/postlogin.sh
|
||||
COPY ./imapsync_cron.pl /usr/local/bin/imapsync_cron.pl
|
||||
COPY ./rspamd-pipe /usr/local/bin/rspamd-pipe
|
||||
COPY ./report-spam.sieve /usr/local/lib/dovecot/sieve/report-spam.sieve
|
||||
COPY ./report-ham.sieve /usr/local/lib/dovecot/sieve/report-ham.sieve
|
||||
COPY ./rspamd-pipe-ham /usr/local/lib/dovecot/sieve/rspamd-pipe-ham
|
||||
COPY ./rspamd-pipe-spam /usr/local/lib/dovecot/sieve/rspamd-pipe-spam
|
||||
COPY ./docker-entrypoint.sh /
|
||||
COPY ./supervisord.conf /etc/supervisor/supervisord.conf
|
||||
|
||||
RUN chmod +x /usr/local/bin/rspamd-pipe
|
||||
RUN chmod +x /usr/local/bin/imapsync_cron.pl
|
||||
RUN chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \
|
||||
/usr/local/lib/dovecot/sieve/rspamd-pipe-spam \
|
||||
/usr/local/bin/imapsync_cron.pl \
|
||||
/usr/local/bin/postlogin.sh \
|
||||
/usr/local/bin/imapsync
|
||||
|
||||
RUN groupadd -g 5000 vmail
|
||||
RUN useradd -g vmail -u 5000 vmail -d /var/vmail
|
||||
RUN groupadd -g 5000 vmail \
|
||||
&& groupadd -g 142 dovecot \
|
||||
&& groupadd -g 143 dovenull \
|
||||
&& useradd -g vmail -u 5000 vmail -d /var/vmail \
|
||||
&& useradd -c "Dovecot unprivileged user" -d /dev/null -u 142 -g dovecot -s /bin/false dovecot \
|
||||
&& useradd -c "Dovecot login user" -d /dev/null -u 143 -g dovenull -s /bin/false dovenull
|
||||
|
||||
EXPOSE 24 10001
|
||||
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
CMD exec /usr/bin/supervisord -c /etc/supervisor/supervisord.conf
|
||||
|
||||
RUN apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
|
||||
RUN apt-get clean \
|
||||
&& rm -rf /var/lib/apt/lists/* \
|
||||
/tmp/* \
|
||||
/var/tmp/* \
|
||||
/dovecot-2.2-pigeonhole-$PIGEONHOLE_VERSION \
|
||||
/dovecot-$DOVECOT_VERSION
|
||||
|
@ -6,12 +6,16 @@ sed -i "/^\$DBUSER/c\\\$DBUSER='${DBUSER}';" /usr/local/bin/imapsync_cron.pl
|
||||
sed -i "/^\$DBPASS/c\\\$DBPASS='${DBPASS}';" /usr/local/bin/imapsync_cron.pl
|
||||
sed -i "/^\$DBNAME/c\\\$DBNAME='${DBNAME}';" /usr/local/bin/imapsync_cron.pl
|
||||
|
||||
[[ ! -d /etc/dovecot/sql/ ]] && mkdir -p /etc/dovecot/sql/
|
||||
# Create SQL dict directory for Dovecot
|
||||
[[ ! -d /usr/local/etc/dovecot/sql/ ]] && mkdir -p /usr/local/etc/dovecot/sql/
|
||||
[[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
|
||||
[[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
|
||||
|
||||
# Set Dovecot sql config parameters, escape " in db password
|
||||
DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g')
|
||||
|
||||
cat <<EOF > /etc/dovecot/sql/dovecot-dict-sql.conf
|
||||
# Create quota dict for Dovecot
|
||||
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql.conf
|
||||
connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
|
||||
map {
|
||||
pattern = priv/quota/storage
|
||||
@ -27,7 +31,8 @@ map {
|
||||
}
|
||||
EOF
|
||||
|
||||
cat <<EOF > /etc/dovecot/sql/dovecot-mysql.conf
|
||||
# Create user and pass dict for Dovecot
|
||||
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-mysql.conf
|
||||
driver = mysql
|
||||
connect = "host=mysql dbname=${DBNAME} user=${DBNAME} password=${DBPASS}"
|
||||
default_pass_scheme = SSHA256
|
||||
@ -36,19 +41,32 @@ user_query = SELECT CONCAT('maildir:/var/vmail/',maildir) AS mail, 5000 AS uid,
|
||||
iterate_query = SELECT username FROM mailbox WHERE active='1';
|
||||
EOF
|
||||
|
||||
[[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
|
||||
[[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
|
||||
cat /etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
|
||||
# Create global sieve_after script
|
||||
cat /usr/local/etc/dovecot/sieve_after > /var/vmail/sieve/global.sieve
|
||||
|
||||
# Compile sieve scripts
|
||||
sievec /var/vmail/sieve/global.sieve
|
||||
sievec /usr/local/lib/dovecot/sieve/report-spam.sieve
|
||||
sievec /usr/local/lib/dovecot/sieve/report-ham.sieve
|
||||
|
||||
# Fix sieve permission
|
||||
chown -R vmail:vmail /var/vmail/sieve
|
||||
|
||||
# Check permissions of vmail directory.
|
||||
# Do not do this every start-up, it may take a very long time. So we use a stat check here.
|
||||
if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi
|
||||
|
||||
# Create random master for SOGo sieve features
|
||||
RAND_USER=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1)
|
||||
RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1)
|
||||
echo ${RAND_USER}:$(doveadm pw -s SHA1 -p ${RAND_PASS}) > /etc/dovecot/dovecot-master.passwd
|
||||
echo ${RAND_USER}:$(doveadm pw -s SHA1 -p ${RAND_PASS}) > /usr/local/etc/dovecot/dovecot-master.passwd
|
||||
echo ${RAND_USER}:${RAND_PASS} > /etc/sogo/sieve.creds
|
||||
|
||||
if [[ ! -f /mail_crypt/ecprivkey.pem || ! -f /mail_crypt/ecpubkey.pem ]]; then
|
||||
openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
|
||||
openssl pkey -in /mail_crypt/ecprivkey.pem -pubout -out /mail_crypt/ecpubkey.pem
|
||||
chown -R dovecot -R /mail_crypt/
|
||||
chattr + /mail_crypt/ecpubkey.pem /mail_crypt/ecprivkey.pem
|
||||
fi
|
||||
|
||||
exec "$@"
|
||||
|
11
data/Dockerfiles/dovecot/report-ham.sieve
Normal file
11
data/Dockerfiles/dovecot/report-ham.sieve
Normal file
@ -0,0 +1,11 @@
|
||||
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"];
|
||||
|
||||
if environment :matches "imap.mailbox" "*" {
|
||||
set "mailbox" "${1}";
|
||||
}
|
||||
|
||||
if string "${mailbox}" "Trash" {
|
||||
stop;
|
||||
}
|
||||
|
||||
pipe :copy "rspamd-pipe-ham";
|
3
data/Dockerfiles/dovecot/report-spam.sieve
Normal file
3
data/Dockerfiles/dovecot/report-spam.sieve
Normal file
@ -0,0 +1,3 @@
|
||||
require ["vnd.dovecot.pipe", "copy"];
|
||||
|
||||
pipe :copy "rspamd-pipe-spam";
|
@ -1,8 +0,0 @@
|
||||
#!/bin/bash
|
||||
if [[ ${2} == "learn_spam" ]]; then
|
||||
/usr/bin/curl --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
|
||||
elif [[ ${2} == "learn_ham" ]]; then
|
||||
/usr/bin/curl --data-binary @- http://rspamd:11334/learnham < /dev/stdin
|
||||
fi
|
||||
# Always return 0 to satisfy Dovecot...
|
||||
exit 0
|
4
data/Dockerfiles/dovecot/rspamd-pipe-ham
Executable file
4
data/Dockerfiles/dovecot/rspamd-pipe-ham
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnham < /dev/stdin
|
||||
# Always return 0 to satisfy Dovecot...
|
||||
exit 0
|
4
data/Dockerfiles/dovecot/rspamd-pipe-spam
Executable file
4
data/Dockerfiles/dovecot/rspamd-pipe-spam
Executable file
@ -0,0 +1,4 @@
|
||||
#!/bin/bash
|
||||
/usr/bin/curl -s --data-binary @- http://rspamd:11334/learnspam < /dev/stdin
|
||||
# Always return 0 to satisfy Dovecot...
|
||||
exit 0
|
@ -8,7 +8,7 @@ autostart=true
|
||||
stdout_syslog=true
|
||||
|
||||
[program:dovecot]
|
||||
command=/usr/sbin/dovecot -F
|
||||
command=/usr/local/sbin/dovecot -F
|
||||
autorestart=true
|
||||
|
||||
[program:logfiles]
|
||||
|
@ -26,6 +26,7 @@ services:
|
||||
volumes:
|
||||
- mysql-vol-1:/var/lib/mysql/
|
||||
- ./data/conf/mysql/:/etc/mysql/conf.d/:ro
|
||||
- ./data/assets/reset_mysql.sh:/reset_mysql.sh
|
||||
dns:
|
||||
- 172.22.1.254
|
||||
dns_search: mailcow-network
|
||||
@ -151,14 +152,16 @@ services:
|
||||
depends_on:
|
||||
- bind9-mailcow
|
||||
volumes:
|
||||
- ./data/conf/dovecot:/etc/dovecot
|
||||
- ./data/conf/dovecot:/usr/local/etc/dovecot
|
||||
- ./data/assets/ssl:/etc/ssl/mail/:ro
|
||||
- ./data/conf/sogo/:/etc/sogo/
|
||||
- vmail-vol-1:/var/vmail
|
||||
- crypt-vol-1:/mail_crypt/
|
||||
environment:
|
||||
- DBNAME=${DBNAME}
|
||||
- DBUSER=${DBUSER}
|
||||
- DBPASS=${DBPASS}
|
||||
- MAIL_CRYPT=${MAIL_CRYPT:-NO}
|
||||
ports:
|
||||
- "${IMAP_PORT:-143}:143"
|
||||
- "${IMAPS_PORT:-993}:993"
|
||||
@ -266,3 +269,4 @@ volumes:
|
||||
redis-vol-1:
|
||||
rspamd-vol-1:
|
||||
postfix-vol-1:
|
||||
crypt-vol-1:
|
||||
|
Loading…
Reference in New Issue
Block a user