139 lines
4.9 KiB
Bash
139 lines
4.9 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Mail Service
|
|
|
|
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
|
|
|
config_mail() {
|
|
echo -ne "\n* Configuring /federated/apps/mail container.."
|
|
spin &
|
|
SPINPID=$!
|
|
|
|
if [ ! -d "/federated/apps/mail" ]; then
|
|
mkdir -p /federated/apps/mail/data/root/certs &> /dev/null
|
|
mkdir -p /federated/apps/mail/data/var/mail &> /dev/null
|
|
mkdir -p /federated/apps/mail/data/var/mail-state &> /dev/null
|
|
mkdir -p /federated/apps/mail/data/var/log/mail &> /dev/null
|
|
mkdir -p /federated/apps/mail/data/tmp/docker-mailserver &> /dev/null
|
|
cp /federated/apps/certs/certs/$DOMAIN.crt /federated/apps/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/
|
|
fi
|
|
|
|
DOMAIN_ARRAY=(${DOMAIN//./ })
|
|
DOMAIN_FIRST=${DOMAIN_ARRAY[0]}
|
|
DOMAIN_LAST=${DOMAIN_ARRAY[1]}
|
|
|
|
cat > /federated/apps/mail/docker-compose.yml <<EOF
|
|
version: '3.7'
|
|
|
|
services:
|
|
mail:
|
|
image: docker.io/mailserver/docker-mailserver:\${IMAGE_VERSION}
|
|
container_name: mail
|
|
hostname: mail.$DOMAIN
|
|
domainname: $DOMAIN
|
|
restart: always
|
|
networks:
|
|
federated:
|
|
ipv4_address: 172.99.0.13
|
|
ports:
|
|
- "25:25"
|
|
- "143:143"
|
|
- "465:465"
|
|
- "587:587"
|
|
- "993:993"
|
|
volumes:
|
|
- ./data/root/certs:/root/certs
|
|
- ./data/var/mail:/var/mail/
|
|
- ./data/var/mail-state:/var/mail-state/
|
|
- ./data/var/log/mail:/var/log/mail/
|
|
- ./data/tmp/docker-mailserver:/tmp/docker-mailserver/
|
|
- /etc/localtime:/etc/localtime:ro
|
|
env_file:
|
|
- ./.env
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_PTRACE
|
|
|
|
networks:
|
|
federated:
|
|
external: true
|
|
EOF
|
|
|
|
cat > /federated/apps/mail/.env <<EOF
|
|
IMAGE_VERSION="11.3.1"
|
|
ENABLE_SPAMASSASSIN=1
|
|
ENABLE_SPAMASSASSIN_KAM=1
|
|
SPAMASSASSIN_SPAM_TO_INBOX=1
|
|
ENABLE_CLAMAV=0
|
|
ENABLE_FAIL2BAN=1
|
|
ENABLE_POSTGREY=1
|
|
ONE_DIR=1
|
|
DMS_DEBUG=0
|
|
LOG_LEVEL=debug
|
|
ENABLE_LDAP=1
|
|
SSL_TYPE=manual
|
|
SSL_CERT_PATH=/root/certs/$DOMAIN.crt
|
|
SSL_KEY_PATH=/root/certs/$DOMAIN.key
|
|
LDAP_START_TLS=yes
|
|
DOVECOT_TLS=yes
|
|
SASLAUTHD_LDAP_START_TLS=yes
|
|
LDAP_SERVER_HOST=ldap.$DOMAIN
|
|
LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
LDAP_BIND_PW=$LDAP_SECRET
|
|
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
|
|
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
|
|
LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
|
|
LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
|
|
# DOVECOT
|
|
DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
|
|
DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
|
|
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
|
|
# SASLAUTHD
|
|
ENABLE_SASLAUTHD=1
|
|
SASLAUTHD_MECHANISMS=ldap
|
|
SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
|
|
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
|
|
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=$DOMAIN_FIRST,dc=$DOMAIN_LAST
|
|
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
|
|
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
|
|
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
|
|
EOF
|
|
chmod 600 /federated/apps/mail/.env
|
|
|
|
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
|
|
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch
|
|
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
|
|
EOF
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|
|
start_mail() {
|
|
# Start service with command to make sure it's up before proceeding
|
|
start_service "mail" "nc -z 172.99.0.13 25 &> /dev/null"
|
|
|
|
# Generate the DKIM DNS key
|
|
docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't generate DKIM record"
|
|
|
|
# Insert the DKIM DNS TXT entry into /federated/apps/dns container
|
|
cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN
|
|
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/dns container"
|
|
|
|
# Insert the DMARC DNS TXT entry into /federated/apps/dns container
|
|
echo "_dmarc.$DOMAIN. IN TXT \"v=DMARC1; p=none; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\"" >> /federated/apps/dns/data/etc/bind/zones/$DOMAIN
|
|
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/dns container"
|
|
|
|
# Reload DNS configuration in /federated/apps/dns container
|
|
docker exec -it dns rndc reload $DOMAIN &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run rndc reload DOMAIN on /federated/apps/dns container"
|
|
|
|
docker exec -it dns rndc reload &> /dev/null
|
|
[ $? -ne 0 ] && fail "Couldn't run rndc reload on /federated/apps/dns container"
|
|
|
|
kill -9 $SPINPID &> /dev/null
|
|
echo -ne "done."
|
|
}
|