207 lines
6.9 KiB
Bash
207 lines
6.9 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Federated Stack Mail
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_mail() {
|
|
echo -ne "\n* Configuring fstack/mail container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "fstack/mail" ]; then
|
|
mkdir -p fstack/mail/data/root/certs &> /dev/null
|
|
mkdir -p fstack/mail/data/var/mail &> /dev/null
|
|
mkdir -p fstack/mail/data/var/mail-state &> /dev/null
|
|
mkdir -p fstack/mail/data/var/log/mail &> /dev/null
|
|
mkdir -p fstack/mail/data/tmp/docker-mailserver &> /dev/null
|
|
mkdir -p fstack/mail/data/etc/apache2/sites-enabled &> /dev/null
|
|
cp -rf fstack/dns/data/etc/letsencrypt/archive/$DOMAIN/*.pem fstack/mail/data/root/certs/
|
|
fi
|
|
|
|
# DOMAIN_ARRAY=(${DOMAIN//./ })
|
|
# DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
|
# DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
|
|
|
cat > fstack/mail/docker-compose.yml <<EOF
|
|
version: '3.8'
|
|
|
|
services:
|
|
mail:
|
|
image: docker.io/mailserver/docker-mailserver:latest
|
|
container_name: mail
|
|
hostname: mail.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
networks:
|
|
fstack:
|
|
ipv4_address: 172.99.0.13
|
|
ports:
|
|
- "25:25"
|
|
- "143:143"
|
|
- "465:465"
|
|
- "587:587"
|
|
- "993:993"
|
|
volumes:
|
|
- ./data/root/certs:/root/certs
|
|
- ./data/var/mail:/var/mail/
|
|
- ./data/var/mail-state:/var/mail-state/
|
|
- ./data/var/log/mail:/var/log/mail/
|
|
- ./data/tmp/docker-mailserver:/tmp/docker-mailserver/
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- ENABLE_SPAMASSASSIN=1
|
|
- SPAMASSASSIN_SPAM_TO_INBOX=1
|
|
- ENABLE_CLAMAV=0
|
|
- ENABLE_FAIL2BAN=0
|
|
- ENABLE_POSTGREY=1
|
|
- ONE_DIR=1
|
|
- DMS_DEBUG=0
|
|
- LOG_LEVEL=debug
|
|
- ENABLE_LDAP=1
|
|
- SSL_TYPE=manual
|
|
- SSL_CERT_PATH=/root/certs/fullchain1.pem
|
|
- SSL_KEY_PATH=/root/certs/privkey1.pem
|
|
- LDAP_START_TLS=yes
|
|
- DOVECOT_TLS=yes
|
|
- SASLAUTHD_LDAP_START_TLS=yes
|
|
- LDAP_SERVER_HOST=ldap.$DOMAIN
|
|
- LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
- LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
- LDAP_BIND_PW=$ADMINPASS
|
|
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
|
|
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
|
|
- LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
|
|
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
|
|
# DOVECOT
|
|
- DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
|
|
- DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
|
|
- DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
|
|
# SASLAUTHD
|
|
- ENABLE_SASLAUTHD=1
|
|
- SASLAUTHD_MECHANISMS=ldap
|
|
- SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
|
|
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
- SASLAUTHD_LDAP_PASSWORD=$ADMINPASS
|
|
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
- SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
|
|
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
|
|
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_PTRACE
|
|
|
|
webmail:
|
|
image: roundcube/roundcubemail:latest
|
|
container_name: webmail
|
|
hostname: webmail.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
networks:
|
|
fstack:
|
|
ipv4_address: 172.99.0.14
|
|
ports:
|
|
- 9002:80
|
|
- 9443:443
|
|
volumes:
|
|
- ./data/root/certs:/root/certs
|
|
- ./data/etc/apache2/sites-enabled:/etc/apache2/sites-enabled
|
|
- ./data/var/roundcube:/var/roundcube
|
|
environment:
|
|
- ROUNDCUBEMAIL_DEFAULT_HOST=tls://mail.$DOMAIN
|
|
- ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.$DOMAIN
|
|
- ROUNDCUBEMAIL_UPLOAD_MAX_FILESIZE=4096M
|
|
depends_on:
|
|
- mail
|
|
|
|
networks:
|
|
fstack:
|
|
external: true
|
|
EOF
|
|
|
|
cat > fstack/mail/data/etc/apache2/sites-enabled/000-default.conf <<'EOF'
|
|
LoadModule ssl_module /usr/lib/apache2/modules/mod_ssl.so
|
|
|
|
<VirtualHost *:80>
|
|
ServerAdmin admin@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
|
|
<VirtualHost *:443>
|
|
SSLEngine on
|
|
SSLCertificateFile /root/certs/fullchain1.pem
|
|
SSLCertificateKeyFile /root/certs/privkey1.pem
|
|
|
|
ServerAdmin admin@localhost
|
|
DocumentRoot /var/www/html
|
|
ErrorLog ${APACHE_LOG_DIR}/error.log
|
|
CustomLog ${APACHE_LOG_DIR}/access.log combined
|
|
</VirtualHost>
|
|
EOF
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
|
|
start_mail() {
|
|
echo -ne "\n* Starting fstack/mail service.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ $DEBUG ]; then
|
|
# Start fstack/mail with output to console for debug
|
|
docker-compose -f fstack/mail/docker-compose.yml -p mail up
|
|
[ $? -eq 0 ] && echo -ne "done.\n" || fail "There was a problem starting service fstack/mail"
|
|
else
|
|
docker-compose -f fstack/mail/docker-compose.yml -p mail up -d &> /dev/null
|
|
|
|
# Keep trying mail port 25 to make sure it's up
|
|
# before we proceed
|
|
RETRY="23"
|
|
while [ $RETRY -gt 0 ]; do
|
|
nc -z 172.99.0.13 25 &> /dev/null
|
|
if [ $? -eq 0 ]; then
|
|
break
|
|
else
|
|
if [ "$RETRY" == 1 ]; then
|
|
docker-compose -f fstack/mail/docker-compose.yml -p mail down &> /dev/null
|
|
kill -9 $SPINPID &> /dev/null
|
|
fail "There was a problem starting service fstack/mail\nCheck the output of 'docker logs mail' or turn on\ndebug with -d"
|
|
fi
|
|
((RETRY--))
|
|
sleep 7
|
|
fi
|
|
done
|
|
fi
|
|
|
|
# Generate the DKIM DNS key
|
|
docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't generate DKIM record"
|
|
|
|
# Insert the DKIM DNS TXT entry into fstack/dns container
|
|
cat fstack/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt >> fstack/dns/data/etc/bind/zones/$DOMAIN
|
|
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into fstack/dns container"
|
|
|
|
# Insert the DMARC DNS TXT entry into fstack/dns container
|
|
echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> fstack/dns/data/etc/bind/zones/$DOMAIN
|
|
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into fstack/dns container"
|
|
|
|
# Reload DNS configuration in fstack/dns container
|
|
docker exec -it dns rndc reload $DOMAIN &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run rndc reload DOMAIN on fstack/dns container"
|
|
|
|
docker exec -it dns rndc reload &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run rndc reload on fstack/dns container"
|
|
|
|
# Enable SSL module in fstack/webmail
|
|
docker exec -it webmail a2enmod ssl &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run a2enmod ssl in fstack/webmail container"
|
|
|
|
docker exec -it webmail service apache2 restart
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|