fixed logging in spampd and postfix

2023-10-26 20:55:23 +00:00
parent 991905dd4f
commit f808ebae4a
13 changed files with 168 additions and 29 deletions
--- a/postfix/Dockerfile
+++ b/postfix/Dockerfile
@@ -4,15 +4,24 @@ FROM ubuntu:20.04
 ENV TZ Europe/Berlin 
 RUN <<EOF
 apt-get update
-apt-get install -y postfix bind9-dnsutils
+apt-get install -y postfix bind9-dnsutils 
+apt-get install -y rsyslog 
 # cleanup
 apt-get autoclean
 rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache ~/.npm
 EOF
 COPY etc/postfix/ /etc/postfix/
 COPY etc/ssl/ /etc/ssl/
+# https://github.com/moby/moby/issues/31243#issuecomment-406879017
+RUN <<EOF
+sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
+sed -i 's|-/var/log/syslog|/dev/stdout|' /etc/rsyslog.d/50-default.conf
+usermod -G tty syslog
+# chown -R postfix /var/spool/postfix
+EOF
 COPY --chmod=0775 entrypoint.sh /entrypoint.sh
 EXPOSE 25
+EXPOSE 10026
 VOLUME /var/spool/postfix
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["postfix", "start-fg"]
--- a/postfix/entrypoint.sh
+++ b/postfix/entrypoint.sh
@@ -1,12 +1,14 @@
 #!/usr/bin/env sh
 set -e
-# https://github.com/moby/moby/issues/31243
-chmod o+w /dev/stdout
+# https://github.com/moby/moby/issues/31243#issuecomment-406879017
+# /usr/sbin/rsyslogd
+chmod 777 /var/log
+service rsyslog start
 # https://serverfault.com/questions/1003885/postfix-in-docker-host-or-domain-name-not-found-dns-and-docker
 cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
+cp -r /etc/ssl/usr-local-share-ca-certificates/* /usr/local/share/ca-certificates/
+update-ca-certificates
 postmap /etc/postfix/virtual
 postmap /etc/postfix/vmailbox
 postmap /etc/postfix/relay_clientcerts
-cp -r /etc/ssl/usr-local-share-ca-certificates/* /usr/local/share/ca-certificates/
-update-ca-certificates
 exec "$@"
--- a/postfix/etc/postfix/main.cf
+++ b/postfix/etc/postfix/main.cf
@@ -1,7 +1,9 @@
 # See /usr/share/postfix/main.cf.dist for a commented, more complete version
 smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
 biff = no
-maillog_file = /dev/stdout
+# maillog_file = /dev/stdout
+# maillog_file=/var/log/postfix.log
+# maillog_file_permissions=0644

 # appending .domain is the MUA's job.
 append_dot_mydomain = no
@@ -14,11 +16,11 @@ readme_directory = no
 compatibility_level = 2

 # local domains
-myhostname = mta.zntrl.de
-mydestination = $mydomain, localhost.$mydomain, localhost
+myhostname = nuc0.zntrl.de
+mydestination = $myhostname, localhost.$mydomain, localhost
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-myorigin = zntrl.de
+myorigin = $mydomain
 # mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 # trusts all hosts in the kopano docker network
 mynetworks_style = subnet
@@ -29,6 +31,7 @@ virtual_mailbox_maps = hash:/etc/postfix/vmailbox
 virtual_alias_maps = hash:/etc/postfix/virtual
 # virtual_transport = lmtp:unix:/var/spool/kopano/dagent.sock
 virtual_transport = lmtp:dagent:2003
+lmtp_tls_loglevel = 1

 # default outbound transport for all domains, use one relay for all domains
 # authenticates to relay.zntrl.de for authorisation to relay mail, see also: SMTP (outbound)
@@ -37,17 +40,18 @@ default_transport = smtp:[relay.zntrl.de]:465
 # SMTPD (inbound) TLS parameters
 smtpd_tls_CApath = /etc/ssl/certs
 smtpd_tls_CAfile = /usr/local/share/ca-certificates/kopano-ca.crt
-smtpd_tls_key_file=/etc/ssl/private/zntrl.key
-smtpd_tls_cert_file=/etc/ssl/zntrl.crt
-smtpd_tls_security_level=may
+smtpd_tls_key_file = /etc/ssl/private/zntrl.key
+smtpd_tls_cert_file = /etc/ssl/zntrl.crt
+smtpd_tls_security_level = may
 smtpd_tls_loglevel = 1

 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

 # SMTP (outbound)
 smtp_tls_CApath=/etc/ssl/certs
-smtd_tls_key_file=/etc/ssl/private/zntrl.key
-smtd_tls_cert_file=/etc/ssl/zntrl.crt
+smtp_tls_CAfile = /usr/local/share/ca-certificates/kopano-ca.crt
+smtp_tls_key_file = /etc/ssl/private/zntrl.key
+smtp_tls_cert_file = /etc/ssl/zntrl.crt
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 smtp_tls_wrappermode = yes
 smtp_tls_security_level = encrypt
--- a/postfix/etc/postfix/master.cf
+++ b/postfix/etc/postfix/master.cf
@@ -10,6 +10,8 @@
 #               (yes)   (yes)   (no)    (never) (100)
 # ==========================================================================
 smtp      inet  n       -       y       -       -       smtpd
+  -o content_filter=scan:spampd:10025
+  -o receive_override_options=no_address_mappings
 #smtp      inet  n       -       y       -       1       postscreen
 #smtpd     pass  -       -       y       -       -       smtpd
 #dnsblog   unix  -       -       y       -       0       dnsblog
@@ -65,3 +67,18 @@ lmtp      unix  -       -       n       -       -       lmtp
 anvil     unix  -       -       y       -       1       anvil
 scache    unix  -       -       y       -       1       scache
 postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# Proxy receiver, see https://cwiki.apache.org/confluence/display/spamassassin/IntegratePostfixViaSpampd
+#
+10026     inet  n       -       n       -       10      smtpd
+  -o content_filter=
+  -o myhostname=mta.zntrl.de
+  -o mynetworks=127.0.0.0/8
+  -o smtpd_authorized_xforward_hosts=127.0.0.0/8
+  -o smtpd_tls_security_level=none
+  -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
+  -o smtpd_helo_restrictions=
+  -o smtpd_client_restrictions=
+  -o smtpd_sender_restrictions=
+  -o smtpd_relay_restrictions=
+  -o smtpd_recipient_restrictions=permit_mynetworks,reject
--- a/postfix/etc/ssl/private/zntrl-key-certs.pem
+++ b/postfix/etc/ssl/private/zntrl-key-certs.pem
@@ -0,0 +1,52 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCsW2Y5dguEpUKq
+mlVH9IlaKz2bYg4h0NLrRQlHiVn60zDCvk5wYpAGbjYK/G2ztNKYaM8Alx+ErWES
+Q8VPTm3kfeMWAvk5wlKPdfdZ9j2mLt0nJsn3YbjZS1CswbrloEro5CeuYQRk8Vi8
+52vTpqV/m5mgZ8O7/Gq8kXhbGnq/If9nZnVf880q7ANZaZUcllWpWXx0B8GvkU6K
+BvUaKHD7IvEbUjx5FFjpjp4r0IoofnLFQD4Fn/Mqm5SX0vzY8ceYV8Ab1ivIPM0/
+VtANMEtkkql18KCATwlGlBWaeidJFnG7UMPZvCc0rOqTTxxG33k4zFb6ACfttiuA
+8w3ZnZStAgMBAAECggEAVChMwcHh3eLTqnmxKnE8n8p9SmGWhOxyEG6lGUj3poF4
+TZ6erkFyEbG+sZ6P8i9YpRKIAMHJof8GZuSwcwjYn7jYKOdKyekYZvQy0rppX7uC
+QJuwAhq1J2Se/7uYhoa+DPlaZsr4WlF+Ar7851t3c9eGK8x+xkt50pk1K0bCqJAk
+AxLKykJcXorCXGUGvAqx+dgQCf7AsNnXggYAPRz5gEfioNB4SZpLT1f+J7dJO0td
+7oWRchS687H2E1wrHUzWwqiv1cDZqUS9xvjWq4lcAv+Tua3sejJ4RlVkfFIAcJof
+gKNB7L+WJGHcJUufXhdVajyoPU/ezHXKBQNKIj8gAQKBgQDS0mJ6nS03rbQsz4M2
+xEZxodIMlLpDJJJ43S2vPQWpOXUdqoAkpWHD6/XWh/lZjJiLVg3p6i3mL/OwJ9/q
+6C6FZF4oLSztYz7WIaw2sXBVQBOZY0pbk385rzBL48Xzsj8ayYS5nKEfg6FDXn1v
+yLIOj5vbkbl9A0gFSZYoaSm1pQKBgQDRStlfZHZnJVpkDKgisDyUHwAwn7JF15VL
+uWmjiO8ktN4vyX/45fseYrC8YNph3ksUBvoCQQcxxpWjXuhUjX/FJqragTczTjiI
+biAfNh4b7oQAQTpxqPrtWE3w/vjV31UprKeq4O75lHAAPLFhaDxdVhnOZkqJ680z
+keFiESWEaQKBgQCXUr2vJxyqx3r5YyXa7L1nmPCNaT/dK+Ya7R96lkF2+zAOUDDU
+nQT0vWzjRQx884cXFHi+OwIhJLA09BosoeWqh6VyDyMdbcxPpTHYvDpWZrzqr7NS
+0idS/2WaQ272Ai57isRC+qNIXJInKi69SwBLpVcJHqtWiUFr0ir+7KUspQKBgQCX
+XL+Kmth6zmvp8bFjrPuS0DzN7aD7m+dwZX6989moPVp3Sw5PTtxnZE6XXqBxqVe4
+zayjJ8MY6dzCL+T7uXaCpYEAvGOHGMMYEDA8d2iq8QxfvsqmmAnaPatdWk3HBa2
+VhTIo3aRb8X0lfBfFwiZJBzzxczgpHW6dyV+TBJLCQKBgQCBWYyXE41rel5baKu5
+IHCziXVwxh2Vv/xcL4YGDXAXvZ1wbtfYWu8K3Brxn/LMdEYZ+RLDGk5Tr5Vp25AD
+4a4CxQffTSjaF86Ggda0O+cOKgnsNmEiFqwqnstVonY1pZyctA9stjyi66lmG/0n
+/3Hx0yfA8f+7za/1VkFq+hfrow==
+-----END PRIVATE KEY-----
+-----BEGIN CERTIFICATE-----
+MIIEEzCCAvugAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBiDESMBAGCgmSJomT8ixk
+ARkWAmRlMRMwEQYKCZImiZPyLGQBGRYDZHRzMSAwHgYDVQQKDBdEaWdpdGFsIFRy
+dXN0IFNvbHV0aW9uczEiMCAGA1UECwwZSW5mb3JtYXRpb24gU2VjdXJpdHkgVW5p
+dDEXMBUGA1UEAwwORFRTIFNpZ25pbmcgQ0EwHhcNMjMxMDI0MjA1MTE0WhcNMzMx
+MDIzMjA1MTE0WjB/MRIwEAYKCZImiZPyLGQBGRYCZGUxEzARBgoJkiaJk/IsZAEZ
+FgNkdHMxIDAeBgNVBAoMF0RpZ2l0YWwgVHJ1c3QgU29sdXRpb25zMSIwIAYDVQQL
+DBlJbmZvcm1hdGlvbiBTZWN1cml0eSBVbml0MQ4wDAYDVQQDDAV6bnRybDCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxbZjl2C4SlQqqaVUf0iVorPZti
+DiHQ0utFCUeJWfrTMMK+TnBikAZuNgr8bbO00phozwCXH4StYRJDxU9ObeR94xYC
+TnCUo9191n2PaYu3ScmyfdhuNlLUKzBuuWgSujkJ65hBGTxWLzna9OmpX+bmaBn
+w7v8aryReFsaer8h/2dmdV/zzSrsA1lplRyWValZfHQHwa+RTooG9RoocPsi8RtS
+PHkUWOmOnivQiih+csVAPgWf8yqblJfS/Njxx5hXwBvWK8g8zT9W0A0wS2SSqXXw
+oIBPCUaUFZp6J0kWcbtQw9m8JzSs6pNPHEbfeTjMVvoAJ+22K4DzDdmdlK0CAwEA
+AaOBjzCBjDAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggr
+BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDh4xiNAE6GoEy/Gkazg2SI74yfT
+MB8GA1UdIwQYMBaAFMXqQJ46ZTJeP6u7xKLgrr0zjwk6MBAGA1UdEQQJMAeCBXpu
+dHJsMA0GCSqGSIb3DQEBCwUAA4IBAQCrezrrYsAeWzVNv1SGQCsC+Oc+Viyba78u
+BRaYT4h41sxVMYMSqylIdq6gAmBZU1Zwrj1+abT0drlCZb+wK2rVzQqg7ldhpFI7
+Fq6bz7M6DBdOSf4aB7Uz7oSP72ACsrLd9v6GQ2LwlH4njZhYPJQR8gzi0ANyBCAI
+W9Ih91D1xgq5R1DmQX/DC7WU1qQhrlzxzcN1LTWI+GNdpjP/ej3PGfg5FNVLrSKj
+lcugumrchZZ6iVjCFCc2zlZZNlHPeh4dLkll8g8h2FLh1xnn9KA1/o5GMLm6Y69Q
+vnW52LhdAuRW81AaU/Z2hdCZz0WenQO+dH1GaR/fMcSYlfWbk6uR
+-----END CERTIFICATE-----
--- a/postfix/scratchpad.sh
+++ b/postfix/scratchpad.sh
@@ -6,7 +6,7 @@ mkdir etc
 cp -r ~/kopano-docker/etc-zntrl/postfix etc
 cp -r ~/kopano-docker/etc-zntrl/ssl etc
 docker build -t baloan/postfix .
-docker run -d --name postfix -v/root/kopano/postfix/etc/postfix:/etc/postfix -p8025:25 postfix 
+docker run -t --rm --name postfix -vkopano_spool:/var/spool/postfix -p8025:25 baloan/postfix 
 docker logs -f postfix
 docker exec -it postfix sh