andreas/kopano-docker
1
0
Fork 0
Code Issues 8 Pull Requests Packages Projects 1 Releases Wiki Activity

fixed logging in spampd and postfix

Browse Source
This commit is contained in:
andreas
2023-10-26 20:55:23 +00:00
parent 991905dd4f
commit f808ebae4a
13 changed files with 168 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docker-compose.yml
View File

@@ -83,6 +83,7 @@ services:
- traefik
postfix:
build: ./postfix
tty: true
image: baloan/postfix
ports:
- 8025:25
@@ -90,6 +91,7 @@ services:
- spool:/var/spool/postfix
spampd:
build: ./spampd
tty: true
image: baloan/spampd
volumes:
- spamassassin:/var/lib/spamassassin

33
etc-baloghs/postfix/master.cf
View File

@@ -9,7 +9,9 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
smtp inet n - n - - smtpd
-o content_filter=scan:localhost:10025
-o receive_override_options=no_address_mappings
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
@@ -65,3 +67,32 @@ lmtp unix - - n - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# ====================================================================
# Interfaces to non-Postfix software. Be sure to examine the manual
# pages of the non-Postfix software to find out what options it wants.
#
# Many of the following services use the Postfix pipe(8) delivery
# agent. See the pipe(8) man page for information about ${recipient}
# and other message envelope options.
# ====================================================================
#
# Kopano mail delivery agent
#
kopano unix - n n - 10 pipe
flags=DRhu user=vmail argv=/usr/sbin/kopano-dagent ${user}
#
# Proxy receiver, see https://cwiki.apache.org/confluence/display/spamassassin/IntegratePostfixViaSpampd
#
localhost:10026 inet n - n - 10 smtpd
-o content_filter=
-o myhostname=kopano.baloghs.de
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_tls_security_level=none
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject

17
etc-zntrl/postfix/main.cf
View File

@@ -1,7 +1,9 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
maillog_file = /dev/stdout
# maillog_file = /dev/stdout
# maillog_file=/var/log/postfix.log
# maillog_file_permissions=0644
# appending .domain is the MUA's job.
append_dot_mydomain = no
@@ -14,11 +16,11 @@ readme_directory = no
compatibility_level = 2
# local domains
myhostname = mta.zntrl.de
mydestination = $mydomain, localhost.$mydomain, localhost
myhostname = nuc0.zntrl.de
mydestination = $myhostname, localhost.$mydomain, localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zntrl.de
myorigin = $mydomain
# mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# trusts all hosts in the kopano docker network
mynetworks_style = subnet
@@ -29,6 +31,7 @@ virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
# virtual_transport = lmtp:unix:/var/spool/kopano/dagent.sock
virtual_transport = lmtp:dagent:2003
lmtp_tls_loglevel = 1
# default outbound transport for all domains, use one relay for all domains
# authenticates to relay.zntrl.de for authorisation to relay mail, see also: SMTP (outbound)
@@ -46,9 +49,9 @@ smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_una
# SMTP (outbound)
smtp_tls_CApath=/etc/ssl/certs
smtd_tls_CAfile = /usr/local/share/ca-certificates/kopano-ca.crt
smtd_tls_key_file = /etc/ssl/private/zntrl.key
smtd_tls_cert_file = /etc/ssl/zntrl.crt
smtp_tls_CAfile = /usr/local/share/ca-certificates/kopano-ca.crt
smtp_tls_key_file = /etc/ssl/private/zntrl.key
smtp_tls_cert_file = /etc/ssl/zntrl.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

17
etc-zntrl/postfix/master.cf
View File

@@ -10,6 +10,8 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
-o content_filter=scan:kopano-spampd-1:10025
-o receive_override_options=no_address_mappings
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
@@ -65,3 +67,18 @@ lmtp unix - - n - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# Proxy receiver, see https://cwiki.apache.org/confluence/display/spamassassin/IntegratePostfixViaSpampd
#
10026 inet n - n - 10 smtpd
-o content_filter=
-o myhostname=mta.zntrl.de
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_tls_security_level=none
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject

9
postfix/Dockerfile
View File

@@ -5,14 +5,23 @@ ENV TZ Europe/Berlin
RUN <<EOF
apt-get update
apt-get install -y postfix bind9-dnsutils
apt-get install -y rsyslog
# cleanup
apt-get autoclean
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache ~/.npm
EOF
COPY etc/postfix/ /etc/postfix/
COPY etc/ssl/ /etc/ssl/
# https://github.com/moby/moby/issues/31243#issuecomment-406879017
RUN <<EOF
sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
sed -i 's|-/var/log/syslog|/dev/stdout|' /etc/rsyslog.d/50-default.conf
usermod -G tty syslog
# chown -R postfix /var/spool/postfix
EOF
COPY --chmod=0775 entrypoint.sh /entrypoint.sh
EXPOSE 25
EXPOSE 10026
VOLUME /var/spool/postfix
ENTRYPOINT ["/entrypoint.sh"]
CMD ["postfix", "start-fg"]

10
postfix/entrypoint.sh
View File

@@ -1,12 +1,14 @@
#!/usr/bin/env sh
set -e
# https://github.com/moby/moby/issues/31243
chmod o+w /dev/stdout
# https://github.com/moby/moby/issues/31243#issuecomment-406879017
# /usr/sbin/rsyslogd
chmod 777 /var/log
service rsyslog start
# https://serverfault.com/questions/1003885/postfix-in-docker-host-or-domain-name-not-found-dns-and-docker
cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
cp -r /etc/ssl/usr-local-share-ca-certificates/* /usr/local/share/ca-certificates/
update-ca-certificates
postmap /etc/postfix/virtual
postmap /etc/postfix/vmailbox
postmap /etc/postfix/relay_clientcerts
cp -r /etc/ssl/usr-local-share-ca-certificates/* /usr/local/share/ca-certificates/
update-ca-certificates
exec "$@"

16
postfix/etc/postfix/main.cf
View File

@@ -1,7 +1,9 @@
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
maillog_file = /dev/stdout
# maillog_file = /dev/stdout
# maillog_file=/var/log/postfix.log
# maillog_file_permissions=0644
# appending .domain is the MUA's job.
append_dot_mydomain = no
@@ -14,11 +16,11 @@ readme_directory = no
compatibility_level = 2
# local domains
myhostname = mta.zntrl.de
mydestination = $mydomain, localhost.$mydomain, localhost
myhostname = nuc0.zntrl.de
mydestination = $myhostname, localhost.$mydomain, localhost
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
myorigin = zntrl.de
myorigin = $mydomain
# mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
# trusts all hosts in the kopano docker network
mynetworks_style = subnet
@@ -29,6 +31,7 @@ virtual_mailbox_maps = hash:/etc/postfix/vmailbox
virtual_alias_maps = hash:/etc/postfix/virtual
# virtual_transport = lmtp:unix:/var/spool/kopano/dagent.sock
virtual_transport = lmtp:dagent:2003
lmtp_tls_loglevel = 1
# default outbound transport for all domains, use one relay for all domains
# authenticates to relay.zntrl.de for authorisation to relay mail, see also: SMTP (outbound)
@@ -46,8 +49,9 @@ smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_una
# SMTP (outbound)
smtp_tls_CApath=/etc/ssl/certs
smtd_tls_key_file=/etc/ssl/private/zntrl.key
smtd_tls_cert_file=/etc/ssl/zntrl.crt
smtp_tls_CAfile = /usr/local/share/ca-certificates/kopano-ca.crt
smtp_tls_key_file = /etc/ssl/private/zntrl.key
smtp_tls_cert_file = /etc/ssl/zntrl.crt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_wrappermode = yes
smtp_tls_security_level = encrypt

17
postfix/etc/postfix/master.cf
View File

@@ -10,6 +10,8 @@
# (yes) (yes) (no) (never) (100)
# ==========================================================================
smtp inet n - y - - smtpd
-o content_filter=scan:spampd:10025
-o receive_override_options=no_address_mappings
#smtp inet n - y - 1 postscreen
#smtpd pass - - y - - smtpd
#dnsblog unix - - y - 0 dnsblog
@@ -65,3 +67,18 @@ lmtp unix - - n - - lmtp
anvil unix - - y - 1 anvil
scache unix - - y - 1 scache
postlog unix-dgram n - n - 1 postlogd
#
# Proxy receiver, see https://cwiki.apache.org/confluence/display/spamassassin/IntegratePostfixViaSpampd
#
10026 inet n - n - 10 smtpd
-o content_filter=
-o myhostname=mta.zntrl.de
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
-o smtpd_tls_security_level=none
-o receive_override_options=no_unknown_recipient_checks,no_header_body_checks,no_milters
-o smtpd_helo_restrictions=
-o smtpd_client_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_relay_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject

52
postfix/etc/ssl/private/zntrl-key-certs.pem Normal file
View File

@@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCsW2Y5dguEpUKq
mlVH9IlaKz2bYg4h0NLrRQlHiVn60zDCvk5wYpAGbjYK/G2ztNKYaM8Alx+ErWES
Q8VPTm3kfeMWAvk5wlKPdfdZ9j2mLt0nJsn3YbjZS1CswbrloEro5CeuYQRk8Vi8
52vTpqV/m5mgZ8O7/Gq8kXhbGnq/If9nZnVf880q7ANZaZUcllWpWXx0B8GvkU6K
BvUaKHD7IvEbUjx5FFjpjp4r0IoofnLFQD4Fn/Mqm5SX0vzY8ceYV8Ab1ivIPM0/
VtANMEtkkql18KCATwlGlBWaeidJFnG7UMPZvCc0rOqTTxxG33k4zFb6ACfttiuA
8w3ZnZStAgMBAAECggEAVChMwcHh3eLTqnmxKnE8n8p9SmGWhOxyEG6lGUj3poF4
TZ6erkFyEbG+sZ6P8i9YpRKIAMHJof8GZuSwcwjYn7jYKOdKyekYZvQy0rppX7uC
QJuwAhq1J2Se/7uYhoa+DPlaZsr4WlF+Ar7851t3c9eGK8x+xkt50pk1K0bCqJAk
AxLKykJcXorCXGUGvAqx+dgQCf7AsNnXggYAPRz5gEfioNB4SZpLT1f+J7dJO0td
7oWRchS687H2E1wrHUzWwqiv1cDZqUS9xvjWq4lcAv+Tua3sejJ4RlVkfFIAcJof
gKNB7L+WJGHcJUufXhdVajyoPU/ezHXKBQNKIj8gAQKBgQDS0mJ6nS03rbQsz4M2
xEZxodIMlLpDJJJ43S2vPQWpOXUdqoAkpWHD6/XWh/lZjJiLVg3p6i3mL/OwJ9/q
6C6FZF4oLSztYz7WIaw2sXBVQBOZY0pbk385rzBL48Xzsj8ayYS5nKEfg6FDXn1v
yLIOj5vbkbl9A0gFSZYoaSm1pQKBgQDRStlfZHZnJVpkDKgisDyUHwAwn7JF15VL
uWmjiO8ktN4vyX/45fseYrC8YNph3ksUBvoCQQcxxpWjXuhUjX/FJqragTczTjiI
biAfNh4b7oQAQTpxqPrtWE3w/vjV31UprKeq4O75lHAAPLFhaDxdVhnOZkqJ680z
keFiESWEaQKBgQCXUr2vJxyqx3r5YyXa7L1nmPCNaT/dK+Ya7R96lkF2+zAOUDDU
nQT0vWzjRQx884cXFHi+OwIhJLA09BosoeWqh6VyDyMdbcxPpTHYvDpWZrzqr7NS
0idS/2WaQ272Ai57isRC+qNIXJInKi69SwBLpVcJHqtWiUFr0ir+7KUspQKBgQCX
XL+Kmth6zmvp8bFjrPuS0DzN7aD7m+dwZX6989moPVp3Sw5PTtxnZE6XXqBxqVe4
+zayjJ8MY6dzCL+T7uXaCpYEAvGOHGMMYEDA8d2iq8QxfvsqmmAnaPatdWk3HBa2
VhTIo3aRb8X0lfBfFwiZJBzzxczgpHW6dyV+TBJLCQKBgQCBWYyXE41rel5baKu5
IHCziXVwxh2Vv/xcL4YGDXAXvZ1wbtfYWu8K3Brxn/LMdEYZ+RLDGk5Tr5Vp25AD
4a4CxQffTSjaF86Ggda0O+cOKgnsNmEiFqwqnstVonY1pZyctA9stjyi66lmG/0n
/3Hx0yfA8f+7za/1VkFq+hfrow==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIEEzCCAvugAwIBAgIBCTANBgkqhkiG9w0BAQsFADCBiDESMBAGCgmSJomT8ixk
ARkWAmRlMRMwEQYKCZImiZPyLGQBGRYDZHRzMSAwHgYDVQQKDBdEaWdpdGFsIFRy
dXN0IFNvbHV0aW9uczEiMCAGA1UECwwZSW5mb3JtYXRpb24gU2VjdXJpdHkgVW5p
dDEXMBUGA1UEAwwORFRTIFNpZ25pbmcgQ0EwHhcNMjMxMDI0MjA1MTE0WhcNMzMx
MDIzMjA1MTE0WjB/MRIwEAYKCZImiZPyLGQBGRYCZGUxEzARBgoJkiaJk/IsZAEZ
FgNkdHMxIDAeBgNVBAoMF0RpZ2l0YWwgVHJ1c3QgU29sdXRpb25zMSIwIAYDVQQL
DBlJbmZvcm1hdGlvbiBTZWN1cml0eSBVbml0MQ4wDAYDVQQDDAV6bnRybDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKxbZjl2C4SlQqqaVUf0iVorPZti
DiHQ0utFCUeJWfrTMMK+TnBikAZuNgr8bbO00phozwCXH4StYRJDxU9ObeR94xYC
+TnCUo9191n2PaYu3ScmyfdhuNlLUKzBuuWgSujkJ65hBGTxWLzna9OmpX+bmaBn
w7v8aryReFsaer8h/2dmdV/zzSrsA1lplRyWValZfHQHwa+RTooG9RoocPsi8RtS
PHkUWOmOnivQiih+csVAPgWf8yqblJfS/Njxx5hXwBvWK8g8zT9W0A0wS2SSqXXw
oIBPCUaUFZp6J0kWcbtQw9m8JzSs6pNPHEbfeTjMVvoAJ+22K4DzDdmdlK0CAwEA
AaOBjzCBjDAOBgNVHQ8BAf8EBAMCBaAwCQYDVR0TBAIwADAdBgNVHSUEFjAUBggr
BgEFBQcDAQYIKwYBBQUHAwIwHQYDVR0OBBYEFDh4xiNAE6GoEy/Gkazg2SI74yfT
MB8GA1UdIwQYMBaAFMXqQJ46ZTJeP6u7xKLgrr0zjwk6MBAGA1UdEQQJMAeCBXpu
dHJsMA0GCSqGSIb3DQEBCwUAA4IBAQCrezrrYsAeWzVNv1SGQCsC+Oc+Viyba78u
BRaYT4h41sxVMYMSqylIdq6gAmBZU1Zwrj1+abT0drlCZb+wK2rVzQqg7ldhpFI7
Fq6bz7M6DBdOSf4aB7Uz7oSP72ACsrLd9v6GQ2LwlH4njZhYPJQR8gzi0ANyBCAI
W9Ih91D1xgq5R1DmQX/DC7WU1qQhrlzxzcN1LTWI+GNdpjP/ej3PGfg5FNVLrSKj
lcugumrchZZ6iVjCFCc2zlZZNlHPeh4dLkll8g8h2FLh1xnn9KA1/o5GMLm6Y69Q
vnW52LhdAuRW81AaU/Z2hdCZz0WenQO+dH1GaR/fMcSYlfWbk6uR
-----END CERTIFICATE-----

2
postfix/scratchpad.sh
View File

@@ -6,7 +6,7 @@ mkdir etc
cp -r ~/kopano-docker/etc-zntrl/postfix etc
cp -r ~/kopano-docker/etc-zntrl/ssl etc
docker build -t baloan/postfix .
docker run -d --name postfix -v/root/kopano/postfix/etc/postfix:/etc/postfix -p8025:25 postfix
docker run -t --rm --name postfix -vkopano_spool:/var/spool/postfix -p8025:25 baloan/postfix
docker logs -f postfix
docker exec -it postfix sh

5
spampd/Dockerfile
View File

@@ -15,8 +15,11 @@ sed -e's/LISTENHOST=127.0.0.1/LISTENHOST=0.0.0.0/' \
-e's/CHILDREN=3/CHILDREN=2/' \
-e's|ADDOPTS=""|ADDOPTS="--homedir=/var/lib/spamassassin/.spamassassin"|' \
-i /etc/default/spampd
# https://github.com/moby/moby/issues/31243#issuecomment-406879017
sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
ln -sf /dev/stdout /var/log/syslog
sed -e's|-/var/log/syslog|/dev/stdout|' \
-i /etc/rsyslog.d/50-default.conf
usermod -G tty syslog
usermod debian-spamd -l spamd -s /bin/bash
groupmod debian-spamd -n spamd
mkdir /var/run/spampd

3
spampd/entrypoint.sh
View File

@@ -1,7 +1,6 @@
#!/usr/bin/env sh
set -e
# https://github.com/moby/moby/issues/31243
chmod o+w /dev/stdout
# https://github.com/moby/moby/issues/31243#issuecomment-406879017
/usr/sbin/rsyslogd
# su spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys"
exec "$@"

6
spampd/scratchpad.sh
View File

@@ -2,11 +2,11 @@
# export DOCKER_BUILDKIT=1
# docker run -d --name apache -p80:80 -v/root/kopano/dist:/var/www httpd
docker rm spampd
docker build -t spampd .
docker build -t baloan/spampd .
docker run -t --rm --name spampd baloan/spampd
docker run -it --rm --name spampd spampd
docker run --rm --name spampd spampd
docker logs -f spampd
docker exec -it spampd sh
docker exec -it spampd bash
docker container prune -f
docker kill spampd