Update check (#1951)

* mail binary * initial work * make env vars available * typo * some fixes * make script ugly, to satisfy linter.. * mailserver.env updated * Version to welcome message added * remove VERSION file references * VERSION --> DMS_VERSION * fetch remote version * variable usage * Quoting added * edge test & docu * dash removed * subject changed * re-add VERSION * VERSION added * new file: VERSION * rewrite * unnecessary additions from fail2ban PR removed * UPDATE_CHECK_INTERVAL added * syntax check & _log function * comment added * final commit
2025-10-31 00:17:45 +02:00 · 2021-05-19 21:18:06 +02:00
parent 225e21edb7
commit bab0277723
9 changed files with 109 additions and 15 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,3 @@
 *
 !target
+!VERSION
--- a/17
+++ b/17
@@ -45,7 +45,7 @@ RUN \
  apt-get -y install postfix >/dev/null && \
  apt-get -y --no-install-recommends install \
  # A - D
-  altermime amavisd-new apt-transport-https arj binutils bzip2 \
+  altermime amavisd-new apt-transport-https arj binutils bzip2 bsd-mailx \
  ca-certificates cabextract clamav clamav-daemon cpio curl \
  dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd \
  dovecot-managesieved dovecot-pop3d dovecot-sieve dovecot-solr \
@@ -59,9 +59,8 @@ RUN \
  pax pflogsumm postgrey p7zip-full postfix-ldap postfix-pcre \
  postfix-policyd-spf-python postsrsd pyzor \
  razor rpm2cpio rsyslog sasl2-bin spamassassin supervisor \
-  unrar-free unzip whois xz-utils \
+  unrar-free unzip whois xz-utils && \
  # Fail2Ban
-  gpg gpg-agent >/dev/null && \
  gpg --keyserver ${FAIL2BAN_GPG_PUBLIC_KEY_SERVER} \
    --recv-keys ${FAIL2BAN_GPG_PUBLIC_KEY_ID} &>/dev/null && \
  curl -Lkso fail2ban.deb ${FAIL2BAN_DEB_URL} && \
@@ -75,7 +74,6 @@ RUN \
    echo "ERROR: Wrong GPG fingerprint!" 2>&1; exit 1; fi && \
  dpkg -i fail2ban.deb &>/dev/null && \
  rm fail2ban.deb fail2ban.deb.asc && \
-  apt-get -qq -y purge gpg gpg-agent &>/dev/null && \
  # cleanup
  apt-get -qq autoremove &>/dev/null && \
  apt-get -qq autoclean && \
@@ -154,6 +152,9 @@ COPY \
  ./target/docker-configomat/configomat.sh \
  /usr/local/bin/

+COPY \
+  ./VERSION /
+
 RUN \
  chmod +x /usr/local/bin/* && \
  rm -rf /usr/share/locale/* && \
@@ -162,13 +163,7 @@ RUN \
  touch /var/log/auth.log && \
  update-locale && \
  rm /etc/postsrsd.secret && \
-  rm /etc/cron.daily/00logwatch && \
-  if [[ ${VCS_VER} =~ ^refs/tags/v.+ ]]; then \
-    echo "export DMS_VERSION='${VCS_VER:11}'" >>/root/.bashrc; \
-  else \
-    echo "export DMS_VERSION='${VCS_REF}'" >>/root/.bashrc; \
-  fi
-
+  rm /etc/cron.daily/00logwatch

 # –––––––––––––––––––––––––––––––––––––––––––––––
 # ––– PostSRSD, Postgrey & Amavis –––––––––––––––
--- a/1
+++ b/1
@@ -0,0 +1 @@
+9.1.0
--- a/docs/content/config/environment.md
+++ b/docs/content/config/environment.md
@@ -193,6 +193,19 @@ Set the message size limit for all users. If set to zero, the size will be unlim
 - **empty** => postmaster@domain.com
 - => Specify the postmaster address

+##### ENABLE_UPDATE_CHECK
+
+Check for updates on container start and then once a day. If an update is available, a mail is send to POSTMASTER_ADDRESS.
+
+- 0 => Update check disabled
+- **1** => Update check enabled
+
+##### UPDATE_CHECK_INTERVAL
+
+Customize the update check interval. Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
+
+- **1d** => Check for updates once a day
+
 ##### POSTSCREEN_ACTION

 - **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.
--- a/mailserver.env
+++ b/mailserver.env
@@ -32,6 +32,16 @@ ONE_DIR=0
 # => Specify the postmaster address
 POSTMASTER_ADDRESS=

+# Check for updates on container start and then once a day
+# If an update is available, a mail is send to POSTMASTER_ADDRESS
+# 0 => Update check disabled
+# 1 => Update check enabled
+ENABLE_UPDATE_CHECK=1
+
+# Customize the update check interval.
+# Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
+UPDATE_CHECK_INTERVAL=1d
+
 # Set different options for mynetworks option (can be overwrite in postfix-main.cf)
 # **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
 # `connected-networks` option, can create an open relay
--- a/target/scripts/start-mailserver.sh
+++ b/target/scripts/start-mailserver.sh
@@ -33,6 +33,7 @@ VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
 VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
 VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
 VARS[ENABLE_SRS]="${ENABLE_SRS:=0}"
+VARS[ENABLE_UPDATE_CHECK]="${ENABLE_UPDATE_CHECK:=1}"
 VARS[FAIL2BAN_BLOCKTYPE]="${FAIL2BAN_BLOCKTYPE:=drop}"
 VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}"
 VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}"
@@ -64,6 +65,7 @@ VARS[SRS_SENDER_CLASSES]="${SRS_SENDER_CLASSES:=envelope_sender}"
 VARS[SSL_TYPE]="${SSL_TYPE:=}"
 VARS[SUPERVISOR_LOGLEVEL]="${SUPERVISOR_LOGLEVEL:=warn}"
 VARS[TLS_LEVEL]="${TLS_LEVEL:=modern}"
+VARS[UPDATE_CHECK_INTERVAL]="${UPDATE_CHECK_INTERVAL:=1d}"
 VARS[VIRUSMAILS_DELETE_DELAY]="${VIRUSMAILS_DELETE_DELAY:=7}"

 export HOSTNAME DOMAINNAME CHKSUM_FILE
@@ -168,6 +170,7 @@ function register_functions
  _register_start_daemon '_start_daemons_rsyslog'

  [[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemons_dovecot'
+  [[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemons_update_check'

  # needs to be started before SASLauthd
  _register_start_daemon '_start_daemons_opendkim'
@@ -249,16 +252,13 @@ function _defunc
 # shellcheck source=./startup/daemons-stack.sh
 . /usr/local/bin/daemons-stack.sh

-# source DMS_VERSION variable
-. /root/.bashrc
-
 # ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
 # ? << Sourcing all stacks
 # ––
 # ? >> Executing all stacks
 # ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

-_notify 'tasklog' "Welcome to docker-mailserver ${DMS_VERSION}"
+_notify 'tasklog' "Welcome to docker-mailserver $(</VERSION)"
 _notify 'inf' 'ENVIRONMENT'
 [[ ${DMS_DEBUG} -eq 1 ]] && printenv

--- a/target/scripts/startup/daemons-stack.sh
+++ b/target/scripts/startup/daemons-stack.sh
@@ -152,3 +152,9 @@ function _start_changedetector
  _notify 'task' 'Starting changedetector'
  supervisorctl start changedetector
 }
+
+function _start_daemons_update_check
+{
+  _notify 'task' 'Starting update-check'
+  supervisorctl start update-check
+}
--- a/target/scripts/update-check.sh
+++ b/target/scripts/update-check.sh
@@ -0,0 +1,60 @@
+#! /bin/bash
+
+VERSION=$(</VERSION)
+VERSION_URL="https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/VERSION"
+CHANGELOG="https://github.com/docker-mailserver/docker-mailserver/blob/master/CHANGELOG.md"
+
+function _log
+{
+  DATE=$(date '+%F %T')
+  echo "${DATE} ${1}"
+}
+
+# check for correct syntax
+# number + suffix. suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
+if [[ ! ${UPDATE_CHECK_INTERVAL} =~ ^[0-9]+[smhd]{1}$ ]]
+then
+  _log "Error: Invalid UPDATE_CHECK_INTERVAL value: ${UPDATE_CHECK_INTERVAL}"
+  _log "Info: Fallback to daily update checks"
+  UPDATE_CHECK_INTERVAL="1d"
+fi
+
+while true
+do
+  # get remote version information
+  LATEST=$(curl -Lsf "${VERSION_URL}")
+
+  # did we get a valid response?
+  if [[ ${LATEST} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]
+  then
+    _log "Info: Remote version information fetched"
+
+    # compare versions
+    if dpkg --compare-versions "${VERSION}" lt "${LATEST}"
+    then
+      # send mail notification to postmaster
+      read -r -d '' MAIL << EOM
+Hello ${POSTMASTER_ADDRESS}!
+
+There is a docker-mailserver update available on your host: $(hostname -f)
+
+Current version: ${VERSION}
+Latest  version: ${LATEST}
+
+Changelog: ${CHANGELOG}
+EOM
+      echo "${MAIL}" | mail -s "Mailserver update available! [ ${VERSION} --> ${LATEST} ]" "${POSTMASTER_ADDRESS}" && \
+
+      _log "Info: Update available [ ${VERSION} --> ${LATEST} ]" && \
+
+      # only notify once
+      exit 0
+    else
+      _log "Info: No update available"
+    fi
+  else
+    _log "Error: Update check failed."
+  fi
+  # check again in one day
+  sleep "${UPDATE_CHECK_INTERVAL}"
+done
--- a/target/supervisor/conf.d/supervisor-app.conf
+++ b/target/supervisor/conf.d/supervisor-app.conf
@@ -132,3 +132,11 @@ autorestart=unexpected
 stdout_logfile=/var/log/supervisor/%(program_name)s.log
 stderr_logfile=/var/log/supervisor/%(program_name)s.log
 command=/usr/local/bin/postsrsd-wrapper.sh
+
+[program:update-check]
+startsecs=0
+stopwaitsecs=55
+autostart=false
+stdout_logfile=/var/log/supervisor/%(program_name)s.log
+stderr_logfile=/var/log/supervisor/%(program_name)s.log
+command=/bin/bash -l -c /usr/local/bin/update-check.sh