bero/test
1
0
Fork 0
Code Issues 52 Pull Requests 3 Actions Packages Projects Releases Wiki Activity
test/lib/mail.sh
Derek Crudgington cc6fef50f0 Second round of powerdns and traefik install
2023-05-12 19:39:45 +00:00

136 lines
5.3 KiB
Bash
Raw Blame History

#!/bin/bash
#
# Mail Service
PATH=$HOME/.docker/cli-plugins:/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
config_mail() {
echo -ne "\n* Configuring /federated/apps/mail container.."
spin &
SPINPID=$!
if [ ! -d "/federated/apps/mail" ]; then
mkdir -p /federated/apps/mail/data/root/certs &> /dev/null
mkdir -p /federated/apps/mail/data/var/mail &> /dev/null
mkdir -p /federated/apps/mail/data/var/mail-state &> /dev/null
mkdir -p /federated/apps/mail/data/var/log/mail &> /dev/null
mkdir -p /federated/apps/mail/data/tmp/docker-mailserver &> /dev/null
cp /federated/certs/certs/$DOMAIN.crt /federated/certs/private/$DOMAIN.key /federated/apps/mail/data/root/certs/
fi
cat > /federated/apps/mail/docker-compose.yml <<EOF
version: '3.7'
services:
mail:
image: docker.io/mailserver/docker-mailserver:\${IMAGE_VERSION}
container_name: mail
hostname: mail.$DOMAIN
domainname: $DOMAIN
restart: always
networks:
federated:
ipv4_address: 172.99.0.16
ports:
- "25:25"
- "143:143"
- "465:465"
- "587:587"
- "993:993"
volumes:
- ./data/root/certs:/root/certs
- ./data/var/mail:/var/mail/
- ./data/var/mail-state:/var/mail-state/
- ./data/var/log/mail:/var/log/mail/
- ./data/tmp/docker-mailserver:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
env_file:
- ./.env
cap_add:
- NET_ADMIN
- SYS_PTRACE
networks:
federated:
external: true
EOF
LDAP_SECRET=`cat /federated/apps/ldap/.ldap.secret`
cat > /federated/apps/mail/.env <<EOF
IMAGE_VERSION="11.3.1"
ENABLE_SPAMASSASSIN=1
ENABLE_SPAMASSASSIN_KAM=1
SPAMASSASSIN_SPAM_TO_INBOX=1
ENABLE_CLAMAV=0
ENABLE_FAIL2BAN=1
ENABLE_POSTGREY=1
ONE_DIR=1
DMS_DEBUG=0
LOG_LEVEL=debug
ENABLE_LDAP=1
SSL_TYPE=manual
SSL_CERT_PATH=/root/certs/$DOMAIN.crt
SSL_KEY_PATH=/root/certs/$DOMAIN.key
LDAP_START_TLS=yes
DOVECOT_TLS=yes
SASLAUTHD_LDAP_START_TLS=yes
LDAP_SERVER_HOST=ldap.$DOMAIN
LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
LDAP_BIND_PW=$LDAP_SECRET
LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=inetOrgPerson)(mailEnabled=TRUE)))
LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
# DOVECOT
DOVECOT_PASS_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(uid=%n))
DOVECOT_USER_ATTRS=homeDirectory=home,=uid=5000,=gid=5000
# SASLAUTHD
ENABLE_SASLAUTHD=1
SASLAUTHD_MECHANISMS=ldap
SASLAUTHD_LDAP_SERVER=ldap.$DOMAIN
SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=federatedcomputer,dc=cloud
SASLAUTHD_LDAP_PASSWORD=$LDAP_SECRET
SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=federatedcomputer,dc=cloud
SASLAUTHD_LDAP_FILTER=(&(objectClass=inetOrgPerson)(uid=%U))
POSTMASTER_ADDRESS=postmaster@localhost.localdomain
POSTFIX_MESSAGE_SIZE_LIMIT=100000000
EOF
chmod 600 /federated/apps/mail/.env
cat > /federated/apps/mail/data/tmp/docker-mailserver/postfix-main.cf <<'EOF'
smtpd_sender_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unknown_reverse_client_hostname, reject_unknown_client_hostname
smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, check_policy_service unix:private/policyd-spf, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain, check_policy_service inet:127.0.0.1:10023, reject_rhsbl_helo dbl.spamhaus.org, reject_rhsbl_reverse_client dbl.spamhaus.org, reject_rhsbl_sender dbl.spamhaus.org, reject_rbl_client zen.spamhaus.org
smtpd_sender_login_maps = ldap:/etc/postfix/ldap-aliases.cf
EOF
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
start_mail() {
# Grab the container IP from docker-compose above
SERVICE_IP=`grep ipv4_address /federated/apps/mail/docker-compose.yml | awk '{ print $2 }'`
# Start service with command to make sure it's up before proceeding
start_service "mail" "nc -z $SERVICE_IP 25 &> /dev/null"
# Generate the DKIM DNS key
docker exec -it mail setup config dkim keysize 2048 domain $DOMAIN &> /dev/null
[ $? -ne 0 ] && fail "Couldn't generate DKIM record"
# Insert the DKIM DNS TXT entry into /federated/apps/pdns container
DKIM_RECORD_STRIP=`cat /federated/apps/mail/data/tmp/docker-mailserver/opendkim/keys/$DOMAIN/mail.txt | sed 's/.*(//'`
DKIM_RECORD=`echo $DKIM_RECORD_STRIP | sed 's/).*//'`
docker exec -it pdns pdnsutil add-record $DOMAIN mail._domainkey TXT 86400 "$DKIM_RECORD"
[ $? -ne 0 ] && fail "Couldn't insert DKIM record into /federated/apps/pdns container"
# Insert the DMARC DNS TXT entry into /federated/apps/dns container
docker exec -it pdns pdnsutil add-record $DOMAIN _dmarc TXT 86400 "\"v=DMARC1; p=quarantine; rua=mailto:admin@$DOMAIN; ruf=mailto:admin@$DOMAIN; sp=none; ri=86400\""
[ $? -ne 0 ] && fail "Couldn't insert DMARC record into /federated/apps/pdns container"
kill -9 $SPINPID &> /dev/null
echo -ne "done."
}
Reference in New Issue View Git Blame Copy Permalink