From 97c2fe9fe1be21f427cb48a325ca851804251448 Mon Sep 17 00:00:00 2001 From: andryyy Date: Sun, 28 Jul 2019 21:34:42 +0200 Subject: [PATCH] [Dovecot] Install from repository --- data/Dockerfiles/dovecot/Dockerfile | 79 ++++++++----------- data/Dockerfiles/dovecot/docker-entrypoint.sh | 62 +++++++-------- data/Dockerfiles/dovecot/quota_notify.py | 2 +- data/Dockerfiles/dovecot/supervisord.conf | 2 +- data/Dockerfiles/dovecot/syslog-ng.conf | 4 +- 5 files changed, 68 insertions(+), 81 deletions(-) diff --git a/data/Dockerfiles/dovecot/Dockerfile b/data/Dockerfiles/dovecot/Dockerfile index af91e8ba3..8bc60d9f0 100644 --- a/data/Dockerfiles/dovecot/Dockerfile +++ b/data/Dockerfiles/dovecot/Dockerfile @@ -3,33 +3,36 @@ LABEL maintainer "Andre Peters " ARG DEBIAN_FRONTEND=noninteractive ENV LC_ALL C -ENV DOVECOT_VERSION 2.3.7 -ENV PIGEONHOLE_VERSION 0.5.7 -RUN apt-get update && apt-get -y --no-install-recommends install \ - automake \ - autotools-dev \ - build-essential \ +# Add groups and users before installing Dovecot to not break compatibility +RUN groupadd -g 5000 vmail \ + && groupadd -g 401 dovecot \ + && groupadd -g 402 dovenull \ + && useradd -g vmail -u 5000 vmail -d /var/vmail \ + && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \ + && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \ + && touch /etc/default/locale \ + && apt-get update \ + && apt-get -y --no-install-recommends install \ + apt-transport-https \ ca-certificates \ cpanminus \ cron \ curl \ - default-libmysqlclient-dev \ dnsutils \ + dirmngr \ gettext \ + gnupg2 \ jq \ libauthen-ntlm-perl \ - libbz2-dev \ libcgi-pm-perl \ libcrypt-openssl-rsa-perl \ libcrypt-ssleay-perl \ - libcurl4-openssl-dev \ libdata-uniqid-perl \ libdbd-mysql-perl \ libdbi-perl \ libdigest-hmac-perl \ libdist-checkconflicts-perl \ - libexpat1-dev \ libfile-copy-recursive-perl \ libfile-tail-perl \ libhtml-parser-perl \ @@ -39,24 +42,18 @@ RUN apt-get update && apt-get -y --no-install-recommends install \ libio-tee-perl \ libipc-run-perl \ libjson-webtoken-perl \ - libldap2-dev \ liblockfile-simple-perl \ - liblz-dev \ - liblz4-dev \ - liblzma-dev \ libmail-imapclient-perl \ libmodule-implementation-perl \ libmodule-scandeps-perl \ libnet-ssleay-perl \ libpackage-stash-perl \ libpackage-stash-xs-perl \ - libpam-dev \ libpar-packer-perl \ libparse-recdescent-perl \ libproc-processtable-perl \ libreadonly-perl \ libregexp-common-perl \ - libssl-dev \ libsys-meminfo-perl \ libterm-readkey-perl \ libtest-deep-perl \ @@ -72,8 +69,6 @@ RUN apt-get update && apt-get -y --no-install-recommends install \ libunicode-string-perl \ liburi-perl \ libwww-perl \ - lzma-dev \ - make \ mysql-client \ procps \ python-html2text \ @@ -85,31 +80,23 @@ RUN apt-get update && apt-get -y --no-install-recommends install \ syslog-ng \ syslog-ng-core \ syslog-ng-mod-redis \ - && rm -rf /var/lib/apt/lists/* \ - && curl https://dovecot.org/releases/2.3/dovecot-$DOVECOT_VERSION.tar.gz | tar xvz \ - && cd dovecot-$DOVECOT_VERSION \ - && ./configure --with-solr --with-mysql --with-ldap --with-lzma --with-lz4 --with-ssl=openssl --with-notify=inotify --with-storages=mdbox,sdbox,maildir,mbox,imapc,pop3c --with-bzlib --with-zlib --enable-hardening \ - && make -j3 \ - && make install \ - && make clean \ - && cd .. && rm -rf dovecot-$DOVECOT_VERSION \ - && curl https://pigeonhole.dovecot.org/releases/2.3/dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION.tar.gz | tar xvz \ - && cd dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION \ - && ./configure \ - && make -j3 \ - && make install \ - && make clean \ - && cd .. \ - && rm -rf dovecot-2.3-pigeonhole-$PIGEONHOLE_VERSION \ - && groupadd -g 5000 vmail \ - && groupadd -g 401 dovecot \ - && groupadd -g 402 dovenull \ - && useradd -g vmail -u 5000 vmail -d /var/vmail \ - && useradd -c "Dovecot unprivileged user" -d /dev/null -u 401 -g dovecot -s /bin/false dovecot \ - && useradd -c "Dovecot login user" -d /dev/null -u 402 -g dovenull -s /bin/false dovenull \ - && touch /etc/default/locale \ - && apt-get purge -y build-essential automake autotools-dev default-libmysqlclient-dev libbz2-dev libcurl4-openssl-dev libexpat1-dev liblz-dev liblz4-dev liblzma-dev libpam-dev libssl-dev lzma-dev \ + && apt-key adv --fetch-keys https://repo.dovecot.org/DOVECOT-REPO-GPG \ + && echo 'deb https://repo.dovecot.org/ce-2.3-latest/debian/stretch stretch main' > /etc/apt/sources.list.d/dovecot.list \ + && apt-get update \ + && apt-get -y --no-install-recommends install \ + dovecot-lua \ + dovecot-managesieved \ + dovecot-sieve \ + dovecot-lmtpd \ + dovecot-ldap \ + dovecot-mysql \ + dovecot-core \ + dovecot-pop3d \ + dovecot-imapd \ + dovecot-solr \ && apt-get autoremove --purge -y \ + && apt-get autoclean \ + && rm -rf /var/lib/apt/lists/* \ && rm -rf /tmp/* /var/tmp/* /etc/cron.daily/* COPY trim_logs.sh /usr/local/bin/trim_logs.sh @@ -118,10 +105,10 @@ COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf COPY imapsync /usr/local/bin/imapsync COPY postlogin.sh /usr/local/bin/postlogin.sh COPY imapsync_cron.pl /usr/local/bin/imapsync_cron.pl -COPY report-spam.sieve /usr/local/lib/dovecot/sieve/report-spam.sieve -COPY report-ham.sieve /usr/local/lib/dovecot/sieve/report-ham.sieve -COPY rspamd-pipe-ham /usr/local/lib/dovecot/sieve/rspamd-pipe-ham -COPY rspamd-pipe-spam /usr/local/lib/dovecot/sieve/rspamd-pipe-spam +COPY report-spam.sieve /usr/lib/dovecot/sieve/report-spam.sieve +COPY report-ham.sieve /usr/lib/dovecot/sieve/report-ham.sieve +COPY rspamd-pipe-ham /usr/lib/dovecot/sieve/rspamd-pipe-ham +COPY rspamd-pipe-spam /usr/lib/dovecot/sieve/rspamd-pipe-spam COPY sa-rules.sh /usr/local/bin/sa-rules.sh COPY maildir_gc.sh /usr/local/bin/maildir_gc.sh COPY docker-entrypoint.sh / diff --git a/data/Dockerfiles/dovecot/docker-entrypoint.sh b/data/Dockerfiles/dovecot/docker-entrypoint.sh index 25286e8b5..df3e37d04 100755 --- a/data/Dockerfiles/dovecot/docker-entrypoint.sh +++ b/data/Dockerfiles/dovecot/docker-entrypoint.sh @@ -23,7 +23,7 @@ sed -i "s/__DBNAME__/${DBNAME}/g" /usr/local/bin/clean_q_aged.sh sed -i "s/__LOG_LINES__/${LOG_LINES}/g" /usr/local/bin/trim_logs.sh # Create missing directories -[[ ! -d /usr/local/etc/dovecot/sql/ ]] && mkdir -p /usr/local/etc/dovecot/sql/ +[[ ! -d /etc/dovecot/sql/ ]] && mkdir -p /etc/dovecot/sql/ [[ ! -d /var/vmail/_garbage ]] && mkdir -p /var/vmail/_garbage [[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve [[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo @@ -33,7 +33,7 @@ sed -i "s/__LOG_LINES__/${LOG_LINES}/g" /usr/local/bin/trim_logs.sh DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g') # Create quota dict for Dovecot -cat < /usr/local/etc/dovecot/sql/dovecot-dict-sql-quota.conf +cat < /etc/dovecot/sql/dovecot-dict-sql-quota.conf # Autogenerated by mailcow connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}" map { @@ -51,7 +51,7 @@ map { EOF # Create dict used for sieve pre and postfilters -cat < /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf +cat < /etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf # Autogenerated by mailcow connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}" map { @@ -74,7 +74,7 @@ map { } EOF -cat < /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf +cat < /etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf # Autogenerated by mailcow connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}" map { @@ -97,20 +97,20 @@ map { } EOF -echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone +echo -n ${ACL_ANYONE} > /etc/dovecot/acl_anyone if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then -echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify' > /usr/local/etc/dovecot/mail_plugins -echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log' > /usr/local/etc/dovecot/mail_plugins_imap -echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl' > /usr/local/etc/dovecot/mail_plugins_lmtp +echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify' > /etc/dovecot/mail_plugins +echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log' > /etc/dovecot/mail_plugins_imap +echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl' > /etc/dovecot/mail_plugins_lmtp else -echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr' > /usr/local/etc/dovecot/mail_plugins -echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr' > /usr/local/etc/dovecot/mail_plugins_imap -echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl fts fts_solr' > /usr/local/etc/dovecot/mail_plugins_lmtp +echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr' > /etc/dovecot/mail_plugins +echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr' > /etc/dovecot/mail_plugins_imap +echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl fts fts_solr' > /etc/dovecot/mail_plugins_lmtp fi -chmod 644 /usr/local/etc/dovecot/mail_plugins /usr/local/etc/dovecot/mail_plugins_imap /usr/local/etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl +chmod 644 /etc/dovecot/mail_plugins /etc/dovecot/mail_plugins_imap /etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl -cat < /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf +cat < /etc/dovecot/sql/dovecot-dict-sql-userdb.conf # Autogenerated by mailcow driver = mysql connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}" @@ -119,7 +119,7 @@ iterate_query = SELECT username FROM mailbox WHERE active='1'; EOF # Create pass dict for Dovecot -cat < /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf +cat < /etc/dovecot/sql/dovecot-dict-sql-passdb.conf # Autogenerated by mailcow driver = mysql connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}" @@ -128,10 +128,10 @@ password_query = SELECT password FROM mailbox WHERE active = '1' AND username = EOF # Migrate old sieve_after file -[[ -f /usr/local/etc/dovecot/sieve_after ]] && mv /usr/local/etc/dovecot/sieve_after /usr/local/etc/dovecot/global_sieve_after +[[ -f /etc/dovecot/sieve_after ]] && mv /etc/dovecot/sieve_after /etc/dovecot/global_sieve_after # Create global sieve scripts -cat /usr/local/etc/dovecot/global_sieve_after > /var/vmail/sieve/global_sieve_after.sieve -cat /usr/local/etc/dovecot/global_sieve_before > /var/vmail/sieve/global_sieve_before.sieve +cat /etc/dovecot/global_sieve_after > /var/vmail/sieve/global_sieve_after.sieve +cat /etc/dovecot/global_sieve_before > /var/vmail/sieve/global_sieve_before.sieve # Check permissions of vmail/attachments directory. # Do not do this every start-up, it may take a very long time. So we use a stat check here. @@ -147,8 +147,8 @@ rm -rf /var/vmail/mailcow.local/* RAND_USER=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1) RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1) -echo ${RAND_USER}@mailcow.local:{SHA1}$(echo -n ${RAND_PASS} | sha1sum | awk '{print $1}') > /usr/local/etc/dovecot/dovecot-master.passwd -echo ${RAND_USER}@mailcow.local::5000:5000:::: > /usr/local/etc/dovecot/dovecot-master.userdb +echo ${RAND_USER}@mailcow.local:{SHA1}$(echo -n ${RAND_PASS} | sha1sum | awk '{print $1}') > /etc/dovecot/dovecot-master.passwd +echo ${RAND_USER}@mailcow.local::5000:5000:::: > /etc/dovecot/dovecot-master.userdb echo ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/sieve.creds if [[ -z ${MAILDIR_SUB} ]]; then @@ -156,7 +156,7 @@ if [[ -z ${MAILDIR_SUB} ]]; then else MAILDIR_SUB_SHARED=/${MAILDIR_SUB} fi -cat < /usr/local/etc/dovecot/shared_namespace.conf +cat < /etc/dovecot/shared_namespace.conf # Autogenerated by mailcow namespace { type = shared @@ -172,7 +172,7 @@ if [[ "${ALLOW_ADMIN_EMAIL_LOGIN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then # Create random master Password for SOGo 'login as user' via proxy auth RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1) echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass - cat < /usr/local/etc/dovecot/sogo-sso.conf + cat < /etc/dovecot/sogo-sso.conf # Autogenerated by mailcow passdb { driver = static @@ -180,8 +180,8 @@ passdb { } EOF else - rm -f /usr/local/etc/dovecot/sogo-sso.pass - rm -f /usr/local/etc/dovecot/sogo-sso.conf + rm -f /etc/dovecot/sogo-sso.pass + rm -f /etc/dovecot/sogo-sso.conf fi # 401 is user dovecot @@ -196,20 +196,20 @@ fi # Compile sieve scripts sievec /var/vmail/sieve/global_sieve_before.sieve sievec /var/vmail/sieve/global_sieve_after.sieve -sievec /usr/local/lib/dovecot/sieve/report-spam.sieve -sievec /usr/local/lib/dovecot/sieve/report-ham.sieve +sievec /usr/lib/dovecot/sieve/report-spam.sieve +sievec /usr/lib/dovecot/sieve/report-ham.sieve # Fix permissions -chown root:root /usr/local/etc/dovecot/sql/*.conf -chown root:dovecot /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve* /usr/local/etc/dovecot/sql/dovecot-dict-sql-quota* -chmod 640 /usr/local/etc/dovecot/sql/*.conf +chown root:root /etc/dovecot/sql/*.conf +chown root:dovecot /etc/dovecot/sql/dovecot-dict-sql-sieve* /etc/dovecot/sql/dovecot-dict-sql-quota* +chmod 640 /etc/dovecot/sql/*.conf chown -R vmail:vmail /var/vmail/sieve chown -R vmail:vmail /var/volatile adduser vmail tty chmod g+rw /dev/console chown root:tty /dev/console -chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \ - /usr/local/lib/dovecot/sieve/rspamd-pipe-spam \ +chmod +x /usr/lib/dovecot/sieve/rspamd-pipe-ham \ + /usr/lib/dovecot/sieve/rspamd-pipe-spam \ /usr/local/bin/imapsync_cron.pl \ /usr/local/bin/postlogin.sh \ /usr/local/bin/imapsync \ @@ -233,7 +233,7 @@ echo '15 4 * * * vmail /usr/local/bin/clean_q_aged.sh >> /dev/console 2>&1' > /e touch /etc/crontab /etc/cron.*/* # Clean old PID if any -[[ -f /usr/local/var/run/dovecot/master.pid ]] && rm /usr/local/var/run/dovecot/master.pid +[[ -f /var/run/dovecot/master.pid ]] && rm /var/run/dovecot/master.pid # Clean stopped imapsync jobs rm -f /tmp/imapsync_busy.lock diff --git a/data/Dockerfiles/dovecot/quota_notify.py b/data/Dockerfiles/dovecot/quota_notify.py index f5df76399..669adec2c 100755 --- a/data/Dockerfiles/dovecot/quota_notify.py +++ b/data/Dockerfiles/dovecot/quota_notify.py @@ -54,7 +54,7 @@ try: msg.attach(text_part) msg.attach(html_part) msg['To'] = username - p = Popen(['/usr/local/libexec/dovecot/dovecot-lda', '-d', username, '-o', '"plugin/quota=maildir:User quota:noenforcing"'], stdout=PIPE, stdin=PIPE, stderr=STDOUT) + p = Popen(['/usr/lib/dovecot/dovecot-lda', '-d', username, '-o', '"plugin/quota=maildir:User quota:noenforcing"'], stdout=PIPE, stdin=PIPE, stderr=STDOUT) p.communicate(input=msg.as_string()) except Exception as ex: diff --git a/data/Dockerfiles/dovecot/supervisord.conf b/data/Dockerfiles/dovecot/supervisord.conf index 2e3026a0e..2d91b55a5 100644 --- a/data/Dockerfiles/dovecot/supervisord.conf +++ b/data/Dockerfiles/dovecot/supervisord.conf @@ -12,7 +12,7 @@ stderr_logfile_maxbytes=0 autostart=true [program:dovecot] -command=/usr/local/sbin/dovecot -F +command=/usr/sbin/dovecot -F autorestart=true [program:cron] diff --git a/data/Dockerfiles/dovecot/syslog-ng.conf b/data/Dockerfiles/dovecot/syslog-ng.conf index d788d3e09..b4bc71565 100644 --- a/data/Dockerfiles/dovecot/syslog-ng.conf +++ b/data/Dockerfiles/dovecot/syslog-ng.conf @@ -31,10 +31,10 @@ destination d_redis_f2b_channel { ); }; filter f_mail { facility(mail); }; -filter f_not_watchdog { not message("172\.22\.1\.248"); }; +#filter f_not_watchdog { not message("172\.22\.1\.248"); }; log { source(s_src); - filter(f_not_watchdog); +# filter(f_not_watchdog); destination(d_stdout); filter(f_mail); destination(d_redis_ui_log);