From 0e526af58a7561faf036af33a2036a6725e5089d Mon Sep 17 00:00:00 2001 From: root Date: Wed, 25 Sep 2024 14:44:10 +0000 Subject: [PATCH] Updated Roundcube SSO config --- lib/roundcube.sh | 44 ++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 42 insertions(+), 2 deletions(-) diff --git a/lib/roundcube.sh b/lib/roundcube.sh index bb7a727..d911e81 100644 --- a/lib/roundcube.sh +++ b/lib/roundcube.sh @@ -26,7 +26,6 @@ services: ipv4_address: 172.99.0.47 extra_hosts: - "authelia.$DOMAIN:$EXTERNALIP" - - "mail.$DOMAIN:$EXTERNALIP" env_file: - ./.env volumes: @@ -133,6 +132,7 @@ uninstall_roundcube() { # Delete the DNS record docker exec pdns pdnsutil delete-rrset $DOMAIN roundcube A + docker exec pdns pdnsutil delete-rrset $DOMAIN webmail A # Uninstall the SSO configuration if it exists in authelia (authelia must exist too) if [[ $(grep "### Roundcube" /federated/apps/authelia/data/config/idproviders.yml 2>/dev/null) ]]; then @@ -162,11 +162,12 @@ cat >> /federated/apps/authelia/data/config/idproviders.yml </dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/roundcube/docker-compose.yml + [[ ! $(grep extra_hosts /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/restart: always/a \ extra_hosts:\n\ - \"authelia.$DOMAIN:$EXTERNALIP\"" /federated/apps/mail/docker-compose.yml + sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\ \$config['oauth_provider_name'] = 'Authelia'; \n\ \$config['oauth_client_id'] = 'roundcube'; \n\ @@ -182,10 +187,45 @@ sed -i "/?php/a \ \$config['oauth_provider'] = 'generic'; \n\ \$config['oauth_token_uri'] = 'https://authelia.$DOMAIN/api/oidc/token'; \n\ \$config['oauth_identity_uri'] = 'https://authelia.$DOMAIN/api/oidc/userinfo'; \n\ \$config['oauth_identity_fields'] = ['email']; \n\ + \$config['oauth_verify_peer'] = false; \n\ \$config['use_https'] = true; \n\ \$config['oauth_scope'] = 'email openid profile'; \n\ \$config['oauth_login_redirect'] = false;" /federated/apps/roundcube/data/var/www/html/config/config.inc.php +# Disable Spamassasin, enable Rspamd, and insert OAUTH2 configuration in mail server +sed -i "s/ENABLE_SPAMASSASSIN=.*/ENABLE_SPAMASSASSIN=0/g" /federated/apps/mail/.env +sed -i "s/ENABLE_SPAMASSASSIN_KAM=.*/#ENABLE_SPAMASSASSIN_KAM=0/g" /federated/apps/mail/.env +sed -i "s/SPAMASSASSIN_SPAM_TO_INBOX=.*/#SPAMASSASSIN_SPAM_TO_INBOX=0/g" /federated/apps/mail/.env +sed -i "s/ENABLE_AMAVIS=.*/ENABLE_AMAVIS=0/g" /federated/apps/mail/.env +sed -i "s/ENABLE_CLAMAV=.*/ENABLE_CLAMAV=1/g" /federated/apps/mail/.env +sed -i "s/ENABLE_POSTGREY=.*/ENABLE_POSTGREY=0/g" /federated/apps/mail/.env +sed -i "/ENABLE_POSTGREY=0/a \ENABLE_RSPAMD=1\nRSPAMD_GREYLISTING=1\nENABLE_AMAVIS=0" /federated/apps/mail/.env +sed -i "/LOG_LEVEL=debug/a \ENABLE_OAUTH2=1\nOAUTH2_INTROSPECTION_URL=https://roundcube:$ROUNDCUBE_CLIENT_SECRET@authelia.$DOMAIN/api/oidc/introspection\nOAUTH2_USERNAME_ATTRIBUTE=username\nOAUTH2_INTROSPECTION_MODE=post" /federated/apps/mail/.env + +cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF' +smtpd_sasl_auth_enable = yes +smtpd_sasl_path = private/auth +smtpd_sasl_security_options = noanonymous, noplaintext +smtpd_sasl_tls_security_options = noanonymous +smtpd_sasl_type = dovecot +smtpd_tls_auth_only = yes +EOF + +#[[ ! -d "/federated/apps/mail/data/etc/dovecot/conf.d" ]] && mkdir /federated/apps/mail/data/etc/dovecot/conf.d +cat > /federated/apps/mail/data/etc/dovecot/conf.d/95-roundcube.conf <<'EOF' +service auth { + unix_listener /var/spool/postfix/private/auth { + group = postfix + mode = 0666 + user = postfix + } +} +EOF + +[[ ! $(grep 95-roundcube.conf /federated/apps/mail/docker-compose.yml 2>/dev/null) ]] && sed -i "/volumes:/a \ - ./data/etc/dovecot/conf.d/95-roundcube.conf:/etc/dovecot/conf.d/95-roundcube.conf" /federated/apps/mail/docker-compose.yml + /federated/bin/stop roundcube /federated/bin/start roundcube + /federated/bin/stop mail + /federated/bin/start mail }