diff options
author | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-18 16:46:21 +0100 |
---|---|---|
committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2021-01-18 16:46:21 +0100 |
commit | 2c2efdc27684c1382a4949cff8fe06ee36c0f4c0 (patch) | |
tree | c01dd9454deeec6f43ce5ccd94d12138e6f9ea18 /app/email/build/dovecot | |
parent | 6c8c861dd50aebf4a12232ecc1fab12c5f83bf03 (diff) | |
parent | ad6017eea058f7cb6fdf078783f992a4f45a3e15 (diff) | |
download | infrastructure-2c2efdc27684c1382a4949cff8fe06ee36c0f4c0.tar.gz infrastructure-2c2efdc27684c1382a4949cff8fe06ee36c0f4c0.zip |
Merge branch 'master' of git.deuxfleurs.fr:Deuxfleurs/infrastructure
Diffstat (limited to 'app/email/build/dovecot')
-rw-r--r-- | app/email/build/dovecot/.gitignore | 1 | ||||
-rw-r--r-- | app/email/build/dovecot/Dockerfile | 17 | ||||
-rw-r--r-- | app/email/build/dovecot/README.md | 18 | ||||
-rw-r--r-- | app/email/build/dovecot/conf/all_before.sieve | 5 | ||||
-rw-r--r-- | app/email/build/dovecot/conf/dovecot-ldap.sample.conf | 8 | ||||
-rw-r--r-- | app/email/build/dovecot/conf/dovecot.conf | 79 | ||||
-rw-r--r-- | app/email/build/dovecot/conf/report-ham.sieve | 17 | ||||
-rw-r--r-- | app/email/build/dovecot/conf/report-spam.sieve | 9 | ||||
-rwxr-xr-x | app/email/build/dovecot/entrypoint.sh | 27 |
9 files changed, 181 insertions, 0 deletions
diff --git a/app/email/build/dovecot/.gitignore b/app/email/build/dovecot/.gitignore new file mode 100644 index 0000000..71a04e2 --- /dev/null +++ b/app/email/build/dovecot/.gitignore @@ -0,0 +1 @@ +dovecot-ldap.conf diff --git a/app/email/build/dovecot/Dockerfile b/app/email/build/dovecot/Dockerfile new file mode 100644 index 0000000..9b87627 --- /dev/null +++ b/app/email/build/dovecot/Dockerfile @@ -0,0 +1,17 @@ +FROM amd64/debian:stretch + +RUN apt-get update && \ + apt-get install -y \ + dovecot-antispam \ + dovecot-core \ + dovecot-imapd \ + dovecot-ldap \ + dovecot-managesieved \ + dovecot-sieve \ + dovecot-lmtpd && \ + rm -rf /etc/dovecot/* +RUN useradd mailstore +COPY ./conf/* /etc/dovecot/ +COPY entrypoint.sh /usr/local/bin/entrypoint + +ENTRYPOINT ["/usr/local/bin/entrypoint"] diff --git a/app/email/build/dovecot/README.md b/app/email/build/dovecot/README.md new file mode 100644 index 0000000..8c9f372 --- /dev/null +++ b/app/email/build/dovecot/README.md @@ -0,0 +1,18 @@ +``` +sudo docker build -t superboum/amd64_dovecot:v2 . +``` + + +``` +sudo docker run -t -i \ + -e TLSINFO="/C=FR/ST=Bretagne/L=Rennes/O=Deuxfleurs/CN=www.deuxfleurs.fr" \ + -p 993:993 \ + -p 143:143 \ + -p 24:24 \ + -p 1337:1337 \ + -v /mnt/glusterfs/email/ssl:/etc/ssl/ \ + -v /mnt/glusterfs/email/mail:/var/mail \ + -v `pwd`/dovecot-ldap.conf:/etc/dovecot/dovecot-ldap.conf \ + superboum/amd64_dovecot:v1 \ + dovecot -F +``` diff --git a/app/email/build/dovecot/conf/all_before.sieve b/app/email/build/dovecot/conf/all_before.sieve new file mode 100644 index 0000000..7d2e57e --- /dev/null +++ b/app/email/build/dovecot/conf/all_before.sieve @@ -0,0 +1,5 @@ +require ["fileinto", "mailbox"]; +if header :contains "X-Spam-Flag" "YES" { + fileinto :create "Junk"; +} + diff --git a/app/email/build/dovecot/conf/dovecot-ldap.sample.conf b/app/email/build/dovecot/conf/dovecot-ldap.sample.conf new file mode 100644 index 0000000..472d5e8 --- /dev/null +++ b/app/email/build/dovecot/conf/dovecot-ldap.sample.conf @@ -0,0 +1,8 @@ +hosts = ldap.example.com +dn = cn=admin,dc=example,dc=com +dnpass = s3cr3t +base = dc=example,dc=com +scope = subtree +user_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com))) +pass_filter = (&(mail=%u)(&(objectClass=inetOrgPerson)(memberOf=cn=email,ou=groups,dc=example,dc=com))) +user_attrs = mail=/var/mail/%{ldap:mail} diff --git a/app/email/build/dovecot/conf/dovecot.conf b/app/email/build/dovecot/conf/dovecot.conf new file mode 100644 index 0000000..0d5068c --- /dev/null +++ b/app/email/build/dovecot/conf/dovecot.conf @@ -0,0 +1,79 @@ +auth_mechanisms = plain login +auth_username_format = %u +log_timestamp = "%Y-%m-%d %H:%M:%S " +mail_location = maildir:/var/mail/%u +mail_privileged_group = mail + +log_path = /dev/stderr +info_log_path = /dev/stdout +debug_log_path = /dev/stdout + +protocols = imap sieve lmtp + +ssl_cert = < /etc/ssl/certs/dovecot.crt +ssl_key = < /etc/ssl/private/dovecot.key + +service auth { + inet_listener { + port = 1337 + } +} + +passdb { + args = /etc/dovecot/dovecot-ldap.conf + driver = ldap +} + +service lmtp { + inet_listener lmtp { + address = 0.0.0.0 + port = 24 + } +} + +service imap-login { + inet_listener imap { + port = 143 + } + inet_listener imaps { + port = 993 + } +} + +userdb { + args = uid=mailstore gid=mailstore home=/var/mail/%u + driver = static +} + +protocol imap { + mail_plugins = $mail_plugins imap_sieve +} + +protocol lda { + auth_socket_path = /var/run/dovecot/auth-master + info_log_path = /var/log/dovecot-deliver.log + log_path = /var/log/dovecot-deliver-errors.log + postmaster_address = postmaster@deuxfleurs.fr + mail_plugins = $mail_plugins sieve +} + +plugin { + sieve = file:~/sieve;active=~/dovecot.sieve + sieve_before = /etc/dovecot/all_before.sieve + + # antispam learn + sieve_plugins = sieve_imapsieve sieve_extprograms + sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.debug + sieve_pipe_bin_dir = /usr/bin + + imapsieve_mailbox1_name = Junk + imapsieve_mailbox1_causes = COPY FLAG APPEND + imapsieve_mailbox1_before = file:/etc/dovecot/report-spam.sieve + + imapsieve_mailbox2_name = * + imapsieve_mailbox2_from = Spam + imapsieve_mailbox2_causes = COPY APPEND + imapsieve_mailbox2_before = file:/etc/dovecot/report-ham.sieve + +} + diff --git a/app/email/build/dovecot/conf/report-ham.sieve b/app/email/build/dovecot/conf/report-ham.sieve new file mode 100644 index 0000000..c5a994a --- /dev/null +++ b/app/email/build/dovecot/conf/report-ham.sieve @@ -0,0 +1,17 @@ +require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"]; + +if environment :matches "imap.mailbox" "*" { + set "mailbox" "${1}"; +} + +if string "${mailbox}" "Trash" { + stop; +} + +if environment :matches "imap.user" "*" { + set "username" "${1}"; +} + +pipe :copy "sa-learn" [ "--ham", "-u", "debian-spamd" ]; +debug_log "ham reported by ${username}"; + diff --git a/app/email/build/dovecot/conf/report-spam.sieve b/app/email/build/dovecot/conf/report-spam.sieve new file mode 100644 index 0000000..1be7389 --- /dev/null +++ b/app/email/build/dovecot/conf/report-spam.sieve @@ -0,0 +1,9 @@ +require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables", "vnd.dovecot.debug"]; + +if environment :matches "imap.user" "*" { + set "username" "${1}"; +} + +pipe :copy "sa-learn" [ "--spam", "-u", "debian-spamd"]; +debug_log "spam reported by ${username}"; + diff --git a/app/email/build/dovecot/entrypoint.sh b/app/email/build/dovecot/entrypoint.sh new file mode 100755 index 0000000..2165d8f --- /dev/null +++ b/app/email/build/dovecot/entrypoint.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +if [[ ! -f /etc/ssl/certs/dovecot.crt || ! -f /etc/ssl/private/dovecot.key ]]; then + cd /root + openssl req \ + -new \ + -newkey rsa:4096 \ + -days 3650 \ + -nodes \ + -x509 \ + -subj ${TLSINFO} \ + -keyout dovecot.key \ + -out dovecot.crt + + mkdir -p /etc/ssl/{certs,private}/ + + cp dovecot.crt /etc/ssl/certs/dovecot.crt + cp dovecot.key /etc/ssl/private/dovecot.key + chmod 400 /etc/ssl/certs/dovecot.crt + chmod 400 /etc/ssl/private/dovecot.key +fi + +if [[ $(stat -c '%U' /var/mail/) != "mailstore" ]]; then + chown -R mailstore /var/mail +fi + +exec "$@" |