mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-15 03:44:56 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

change if style (#3361)

Browse source
This commit is contained in:
Casper 2023-05-24 09:06:59 +02:00 committed by GitHub
parent 0e592aa911
commit cf74127f78
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
58 changed files with 297 additions and 594 deletions
Download patch file Download diff file Expand all files Collapse all files

6
target/scripts/startup/check-stack.sh
View file

@ -21,8 +21,7 @@ function _check_improper_restart
{
_log 'debug' 'Checking for improper restart'
if [[ -f /CONTAINER_START ]]
then
if [[ -f /CONTAINER_START ]]; then
_log 'warn' 'This container was (likely) improperly restarted which can result in undefined behavior'
_log 'warn' 'Please destroy the container properly and then start DMS again'
fi
@ -36,8 +35,7 @@ function _check_hostname
_log 'debug' "Hostname has been set to ${HOSTNAME}"
# HOSTNAME should be an FQDN (eg: hostname.domain)
if ! grep -q -E '^(\S+[.]\S+)$' <<< "${HOSTNAME}"
then
if ! grep -q -E '^(\S+[.]\S+)$' <<< "${HOSTNAME}"; then
_dms_panic__general 'Setting hostname/domainname is required'
fi
}

6
target/scripts/startup/daemons-stack.sh
View file

@ -26,8 +26,7 @@ function _default_start_daemon
RESULT=$(supervisorctl start "${1}" 2>&1)
# shellcheck disable=SC2181
if [[ ${?} -ne 0 ]]
then
if [[ ${?} -ne 0 ]]; then
_log 'error' "${RESULT}"
_dms_panic__fail_init "${1}"
fi
@ -61,8 +60,7 @@ function _start_daemon_postfix
function _start_daemon_fetchmail
{
if [[ ${FETCHMAIL_PARALLEL} -eq 1 ]]
then
if [[ ${FETCHMAIL_PARALLEL} -eq 1 ]]; then
local COUNTER=0
for _ in /etc/fetchmailrc.d/fetchmail-*.rc
do

12
target/scripts/startup/setup-stack.sh
View file

@ -32,8 +32,7 @@ function _early_supervisor_setup
{
SUPERVISOR_LOGLEVEL="${SUPERVISOR_LOGLEVEL:-warn}"
if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf
then
if ! grep -q "loglevel = ${SUPERVISOR_LOGLEVEL}" /etc/supervisor/supervisord.conf; then
case "${SUPERVISOR_LOGLEVEL}" in
( 'critical' | 'error' | 'info' | 'debug' )
sed -i -E \
@ -64,8 +63,7 @@ function _setup_timezone
local ZONEINFO_FILE="/usr/share/zoneinfo/${TZ}"
if [[ ! -e ${ZONEINFO_FILE} ]]
then
if [[ ! -e ${ZONEINFO_FILE} ]]; then
_log 'warn' "Cannot find timezone '${TZ}'"
return 1
fi
@ -87,8 +85,7 @@ function _setup_apply_fixes_after_configuration
touch /dev/shm/supervisor.sock
_log 'debug' 'Checking /var/mail permissions'
if ! _chown_var_mail_if_necessary
then
if ! _chown_var_mail_if_necessary; then
_dms_panic__general 'Failed to fix /var/mail permissions'
fi
@ -100,8 +97,7 @@ function _run_user_patches
{
local USER_PATCHES='/tmp/docker-mailserver/user-patches.sh'
if [[ -f ${USER_PATCHES} ]]
then
if [[ -f ${USER_PATCHES} ]]; then
_log 'debug' 'Applying user patches'
/bin/bash "${USER_PATCHES}"
else

15
target/scripts/startup/setup.d/dmarc_dkim_spf.sh
View file

@ -8,8 +8,7 @@
# `smtpd_milters` milters options.
function _setup_opendkim
{
if [[ ${ENABLE_OPENDKIM} -eq 1 ]]
then
if [[ ${ENABLE_OPENDKIM} -eq 1 ]]; then
_log 'debug' 'Configuring DKIM'
mkdir -p /etc/opendkim/keys/
@ -24,8 +23,7 @@ function _setup_opendkim
/etc/postfix/main.cf
# check if any keys are available
if [[ -e /tmp/docker-mailserver/opendkim/KeyTable ]]
then
if [[ -e /tmp/docker-mailserver/opendkim/KeyTable ]]; then
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
_log 'trace' "DKIM keys added for: $(find /etc/opendkim/keys/ -maxdepth 1 -type f -printf '%f ')"
chown -R opendkim:opendkim /etc/opendkim/
@ -35,8 +33,7 @@ function _setup_opendkim
fi
# setup nameservers parameter from /etc/resolv.conf if not defined
if ! grep -q '^Nameservers' /etc/opendkim.conf
then
if ! grep -q '^Nameservers' /etc/opendkim.conf; then
local NAMESERVER_IPS
NAMESERVER_IPS=$(grep '^nameserver' /etc/resolv.conf | awk -F " " '{print $2}' | paste -sd ',' -)
echo "Nameservers ${NAMESERVER_IPS}" >>/etc/opendkim.conf
@ -59,8 +56,7 @@ function _setup_opendkim
# `smtpd_milters` milters options.
function _setup_opendmarc
{
if [[ ${ENABLE_OPENDMARC} -eq 1 ]]
then
if [[ ${ENABLE_OPENDMARC} -eq 1 ]]; then
# TODO When disabling SPF is possible, add a check whether DKIM and SPF is disabled
# for DMARC to work, you should have at least one enabled
# (see RFC 7489 https://www.rfc-editor.org/rfc/rfc7489#page-24)
@ -89,8 +85,7 @@ function _setup_opendmarc
# using Rspamd, you will likely want to turn that off.
function _setup_policyd_spf
{
if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]
then
if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]; then
_log 'debug' 'Configuring policyd-spf'
cat >>/etc/postfix/master.cf <<EOF

45
target/scripts/startup/setup.d/dovecot.sh
View file

@ -14,8 +14,7 @@ function _setup_dovecot
sed -i -e 's|#ssl = yes|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
sed -i 's|^postmaster_address = .*$|postmaster_address = '"${POSTMASTER_ADDRESS}"'|g' /etc/dovecot/conf.d/15-lda.conf
if ! grep -q -E '^stats_writer_socket_path=' /etc/dovecot/dovecot.conf
then
if ! grep -q -E '^stats_writer_socket_path=' /etc/dovecot/dovecot.conf; then
printf '\n%s\n' 'stats_writer_socket_path=' >>/etc/dovecot/dovecot.conf
fi
@ -39,8 +38,7 @@ function _setup_dovecot
esac
if [[ ${ENABLE_POP3} -eq 1 ]]
then
if [[ ${ENABLE_POP3} -eq 1 ]]; then
_log 'debug' 'Enabling POP3 services'
mv /etc/dovecot/protocols.d/pop3d.protocol.disab /etc/dovecot/protocols.d/pop3d.protocol
fi
@ -55,30 +53,25 @@ function _setup_dovecot_sieve
# enable Managesieve service by setting the symlink
# to the configuration file Dovecot will actually find
if [[ ${ENABLE_MANAGESIEVE} -eq 1 ]]
then
if [[ ${ENABLE_MANAGESIEVE} -eq 1 ]]; then
_log 'trace' 'Sieve management enabled'
mv /etc/dovecot/protocols.d/managesieved.protocol.disab /etc/dovecot/protocols.d/managesieved.protocol
fi
if [[ -d /tmp/docker-mailserver/sieve-filter ]]
then
if [[ -d /tmp/docker-mailserver/sieve-filter ]]; then
cp /tmp/docker-mailserver/sieve-filter/* /usr/lib/dovecot/sieve-filter/
fi
if [[ -d /tmp/docker-mailserver/sieve-pipe ]]
then
if [[ -d /tmp/docker-mailserver/sieve-pipe ]]; then
cp /tmp/docker-mailserver/sieve-pipe/* /usr/lib/dovecot/sieve-pipe/
fi
if [[ -f /tmp/docker-mailserver/before.dovecot.sieve ]]
then
if [[ -f /tmp/docker-mailserver/before.dovecot.sieve ]]; then
cp \
/tmp/docker-mailserver/before.dovecot.sieve \
/usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve
sievec /usr/lib/dovecot/sieve-global/before/50-before.dovecot.sieve
fi
if [[ -f /tmp/docker-mailserver/after.dovecot.sieve ]]
then
if [[ -f /tmp/docker-mailserver/after.dovecot.sieve ]]; then
cp \
/tmp/docker-mailserver/after.dovecot.sieve \
/usr/lib/dovecot/sieve-global/after/50-after.dovecot.sieve
@ -95,11 +88,9 @@ function _setup_dovecot_quota
_log 'debug' 'Setting up Dovecot quota'
# Dovecot quota is disabled when using LDAP or SMTP_ONLY or when explicitly disabled.
if [[ ${ACCOUNT_PROVISIONER} != 'FILE' ]] || [[ ${SMTP_ONLY} -eq 1 ]] || [[ ${ENABLE_QUOTAS} -eq 0 ]]
then
if [[ ${ACCOUNT_PROVISIONER} != 'FILE' ]] || [[ ${SMTP_ONLY} -eq 1 ]] || [[ ${ENABLE_QUOTAS} -eq 0 ]]; then
# disable dovecot quota in docevot confs
if [[ -f /etc/dovecot/conf.d/90-quota.conf ]]
then
if [[ -f /etc/dovecot/conf.d/90-quota.conf ]]; then
mv /etc/dovecot/conf.d/90-quota.conf /etc/dovecot/conf.d/90-quota.conf.disab
sed -i \
"s|mail_plugins = \$mail_plugins quota|mail_plugins = \$mail_plugins|g" \
@ -112,8 +103,7 @@ function _setup_dovecot_quota
# disable quota policy check in postfix
sed -i "s|check_policy_service inet:localhost:65265||g" /etc/postfix/main.cf
else
if [[ -f /etc/dovecot/conf.d/90-quota.conf.disab ]]
then
if [[ -f /etc/dovecot/conf.d/90-quota.conf.disab ]]; then
mv /etc/dovecot/conf.d/90-quota.conf.disab /etc/dovecot/conf.d/90-quota.conf
sed -i \
"s|mail_plugins = \$mail_plugins|mail_plugins = \$mail_plugins quota|g" \
@ -134,8 +124,7 @@ function _setup_dovecot_quota
"s|quota_rule = \*:storage=.*|quota_rule = *:storage=${MAILBOX_LIMIT_MB}$([[ ${MAILBOX_LIMIT_MB} -eq 0 ]] && echo "" || echo "M")|g" \
/etc/dovecot/conf.d/90-quota.conf
if [[ -d /tmp/docker-mailserver ]] && [[ ! -f /tmp/docker-mailserver/dovecot-quotas.cf ]]
then
if [[ -d /tmp/docker-mailserver ]] && [[ ! -f /tmp/docker-mailserver/dovecot-quotas.cf ]]; then
_log 'trace' "'/tmp/docker-mailserver/dovecot-quotas.cf' is not provided. Using default quotas."
: >/tmp/docker-mailserver/dovecot-quotas.cf
fi
@ -154,8 +143,7 @@ function _setup_dovecot_local_user
_log 'debug' 'Setting up Dovecot Local User'
if [[ ! -f /tmp/docker-mailserver/postfix-accounts.cf ]]
then
if [[ ! -f /tmp/docker-mailserver/postfix-accounts.cf ]]; then
_log 'trace' "No mail accounts to create - '/tmp/docker-mailserver/postfix-accounts.cf' is missing"
fi
@ -165,8 +153,7 @@ function _setup_dovecot_local_user
for (( COUNTER = 11 ; COUNTER >= 0 ; COUNTER-- ))
do
if [[ $(grep -cE '.+@.+\|' /tmp/docker-mailserver/postfix-accounts.cf 2>/dev/null || printf '%s' '0') -ge 1 ]]
then
if [[ $(grep -cE '.+@.+\|' /tmp/docker-mailserver/postfix-accounts.cf 2>/dev/null || printf '%s' '0') -ge 1 ]]; then
return 0
else
_log 'warn' "You need at least one mail account to start Dovecot ($(( ( COUNTER + 1 ) * SLEEP_PERIOD ))s left for account creation before shutdown)"
@ -190,11 +177,9 @@ function _setup_dovecot_inet_protocols
local PROTOCOL
# https://dovecot.org/doc/dovecot-example.conf
if [[ ${DOVECOT_INET_PROTOCOLS} == "ipv4" ]]
then
if [[ ${DOVECOT_INET_PROTOCOLS} == "ipv4" ]]; then
PROTOCOL='*' # IPv4 only
elif [[ ${DOVECOT_INET_PROTOCOLS} == "ipv6" ]]
then
elif [[ ${DOVECOT_INET_PROTOCOLS} == "ipv6" ]]; then
PROTOCOL='[::]' # IPv6 only
else
# Unknown value, panic.

24
target/scripts/startup/setup.d/fetchmail.sh
View file

@ -2,8 +2,7 @@
function _setup_fetchmail
{
if [[ ${ENABLE_FETCHMAIL} -eq 1 ]]
then
if [[ ${ENABLE_FETCHMAIL} -eq 1 ]]; then
_log 'trace' 'Enabling and configuring Fetchmail'
local CONFIGURATION FETCHMAILRC
@ -11,8 +10,7 @@ function _setup_fetchmail
CONFIGURATION='/tmp/docker-mailserver/fetchmail.cf'
FETCHMAILRC='/etc/fetchmailrc'
if [[ -f ${CONFIGURATION} ]]
then
if [[ -f ${CONFIGURATION} ]]; then
cat /etc/fetchmailrc_general "${CONFIGURATION}" >"${FETCHMAILRC}"
else
cat /etc/fetchmailrc_general >"${FETCHMAILRC}"
@ -27,8 +25,7 @@ function _setup_fetchmail
function _setup_fetchmail_parallel
{
if [[ ${FETCHMAIL_PARALLEL} -eq 1 ]]
then
if [[ ${FETCHMAIL_PARALLEL} -eq 1 ]]; then
_log 'trace' 'Enabling and configuring Fetchmail parallel'
mkdir /etc/fetchmailrc.d/
@ -44,16 +41,13 @@ function _setup_fetchmail_parallel
local FETCHMAILRCD='/etc/fetchmailrc.d'
local DEFAULT_FILE="${FETCHMAILRCD}/defaults"
if [[ ! -r ${FETCHMAILRC} ]]
then
if [[ ! -r ${FETCHMAILRC} ]]; then
_log 'warn' "File '${FETCHMAILRC}' not found"
return 1
fi
if [[ ! -d ${FETCHMAILRCD} ]]
then
if ! mkdir "${FETCHMAILRCD}"
then
if [[ ! -d ${FETCHMAILRCD} ]]; then
if ! mkdir "${FETCHMAILRCD}"; then
_log 'warn' "Unable to create folder '${FETCHMAILRCD}'"
return 1
fi
@ -62,8 +56,7 @@ function _setup_fetchmail_parallel
local COUNTER=0 SERVER=0
while read -r LINE
do
if [[ ${LINE} =~ poll ]]
then
if [[ ${LINE} =~ poll ]]; then
# If we read "poll" then we reached a new server definition
# We need to create a new file with fetchmail defaults from
# /etc/fetcmailrc
@ -71,8 +64,7 @@ function _setup_fetchmail_parallel
SERVER=1
cat "${DEFAULT_FILE}" >"${FETCHMAILRCD}/fetchmail-${COUNTER}.rc"
echo "${LINE}" >>"${FETCHMAILRCD}/fetchmail-${COUNTER}.rc"
elif [[ ${SERVER} -eq 0 ]]
then
elif [[ ${SERVER} -eq 0 ]]; then
# We have not yet found "poll". Let's assume we are still reading
# the default settings from /etc/fetchmailrc file
echo "${LINE}" >>"${DEFAULT_FILE}"

9
target/scripts/startup/setup.d/getmail.sh
View file

@ -2,8 +2,7 @@
function _setup_getmail
{
if [[ ${ENABLE_GETMAIL} -eq 1 ]]
then
if [[ ${ENABLE_GETMAIL} -eq 1 ]]; then
_log 'trace' 'Preparing Getmail configuration'
local GETMAILRC ID CONFIGS
@ -17,8 +16,7 @@ function _setup_getmail
# Add a unique `message_log` config, then append users own config to the end.
for FILE in /tmp/docker-mailserver/getmail-*.cf
do
if [[ -f ${FILE} ]]
then
if [[ -f ${FILE} ]]; then
CONFIGS=1
ID=$(cut -d '-' -f 3 <<< "${FILE}" | cut -d '.' -f 1)
local GETMAIL_CONFIG="${GETMAILRC}/getmailrc-${ID}"
@ -29,8 +27,7 @@ function _setup_getmail
fi
done
if [[ ${CONFIGS} -eq 1 ]]
then
if [[ ${CONFIGS} -eq 1 ]]; then
cat >/etc/cron.d/getmail << EOF
*/${GETMAIL_POLL} * * * * root /usr/local/bin/getmail-cron
EOF

15
target/scripts/startup/setup.d/ldap.sh
View file

@ -8,8 +8,7 @@ function _setup_ldap
for i in 'users' 'groups' 'aliases' 'domains'
do
local FPATH="/tmp/docker-mailserver/ldap-${i}.cf"
if [[ -f ${FPATH} ]]
then
if [[ -f ${FPATH} ]]; then
cp "${FPATH}" "/etc/postfix/ldap-${i}.cf"
fi
done
@ -46,8 +45,7 @@ function _setup_ldap
# Add protocol to DOVECOT_URIS so that we can use dovecot's "uris" option:
# https://doc.dovecot.org/configuration_manual/authentication/ldap/
if [[ ${DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]} != *'://'* ]]
then
if [[ ${DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]} != *'://'* ]]; then
DOVECOT_LDAP_MAPPING['DOVECOT_URIS']="ldap://${DOVECOT_LDAP_MAPPING["DOVECOT_URIS"]}"
fi
@ -68,22 +66,19 @@ function _setup_ldap
_log 'trace' "Configuring LDAP"
if [[ -f /etc/postfix/ldap-users.cf ]]
then
if [[ -f /etc/postfix/ldap-users.cf ]]; then
postconf 'virtual_mailbox_maps = ldap:/etc/postfix/ldap-users.cf'
else
_log 'warn' "'/etc/postfix/ldap-users.cf' not found"
fi
if [[ -f /etc/postfix/ldap-domains.cf ]]
then
if [[ -f /etc/postfix/ldap-domains.cf ]]; then
postconf 'virtual_mailbox_domains = /etc/postfix/vhost, ldap:/etc/postfix/ldap-domains.cf'
else
_log 'warn' "'/etc/postfix/ldap-domains.cf' not found"
fi
if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]
then
if [[ -f /etc/postfix/ldap-aliases.cf ]] && [[ -f /etc/postfix/ldap-groups.cf ]]; then
postconf 'virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf, ldap:/etc/postfix/ldap-groups.cf'
else
_log 'warn' "'/etc/postfix/ldap-aliases.cf' and / or '/etc/postfix/ldap-groups.cf' not found"

3
target/scripts/startup/setup.d/log.sh
View file

@ -96,8 +96,7 @@ function _setup_logwatch
LOGWATCH_FILE="/etc/cron.${LOGWATCH_INTERVAL}/logwatch"
INTERVAL='--range Yesterday'
if [[ ${LOGWATCH_INTERVAL} == 'weekly' ]]
then
if [[ ${LOGWATCH_INTERVAL} == 'weekly' ]]; then
INTERVAL="--range 'between -7 days and -1 days'"
fi

18
target/scripts/startup/setup.d/mail_state.sh
View file

@ -8,8 +8,7 @@ function _setup_save_states
STATEDIR='/var/mail-state'
if [[ ${ONE_DIR} -eq 1 ]] && [[ -d ${STATEDIR} ]]
then
if [[ ${ONE_DIR} -eq 1 ]] && [[ -d ${STATEDIR} ]]; then
_log 'debug' "Consolidating all state onto ${STATEDIR}"
# Always enabled features:
@ -42,13 +41,11 @@ function _setup_save_states
DESTDIR="${DEST%/*}"
mkdir -p "${DESTDIR}"
if [[ -f ${DEST} ]]
then
if [[ -f ${DEST} ]]; then
_log 'trace' "Destination ${DEST} exists, linking ${SERVICEFILE} to it"
# Original content from image no longer relevant, remove it:
rm -f "${SERVICEFILE}"
elif [[ -f "${SERVICEFILE}" ]]
then
elif [[ -f "${SERVICEFILE}" ]]; then
_log 'trace' "Moving ${SERVICEFILE} to ${DEST}"
# Empty volume was mounted, or new content from enabling a feature ENV:
mv "${SERVICEFILE}" "${DEST}"
@ -66,13 +63,11 @@ function _setup_save_states
# If relevant content is found in /var/mail-state (presumably a volume mount),
# use it instead. Otherwise copy over any missing directories checked.
if [[ -d ${DEST} ]]
then
if [[ -d ${DEST} ]]; then
_log 'trace' "Destination ${DEST} exists, linking ${SERVICEDIR} to it"
# Original content from image no longer relevant, remove it:
rm -rf "${SERVICEDIR}"
elif [[ -d ${SERVICEDIR} ]]
then
elif [[ -d ${SERVICEDIR} ]]; then
_log 'trace' "Moving contents of ${SERVICEDIR} to ${DEST}"
# Empty volume was mounted, or new content from enabling a feature ENV:
mv "${SERVICEDIR}" "${DEST}"
@ -117,8 +112,7 @@ function _setup_save_states
# Ref: https://github.com/docker-mailserver/docker-mailserver/pull/3149#issuecomment-1454981309
chmod 1730 "${STATEDIR}/spool-postfix/maildrop"
chmod 2710 "${STATEDIR}/spool-postfix/public"
elif [[ ${ONE_DIR} -eq 1 ]]
then
elif [[ ${ONE_DIR} -eq 1 ]]; then
_log 'warn' "'ONE_DIR=1' but no volume was mounted to '${STATEDIR}'"
else
_log 'debug' 'Not consolidating state (because it has been disabled)'

3
target/scripts/startup/setup.d/networking.sh
View file

@ -19,8 +19,7 @@ function _setup_docker_permit
grep 'inet ' | sed 's|[^0-9\.\/]*||g' | cut -d '/' -f 1)
CONTAINER_NETWORK=$(echo "${CONTAINER_IP}" | cut -d '.' -f1-2).0.0
if [[ -z ${CONTAINER_IP} ]]
then
if [[ -z ${CONTAINER_IP} ]]; then
_log 'error' 'Detecting the container IP address failed'
_dms_panic__misconfigured 'NETWORK_INTERFACE' 'Network Setup [docker_permit]'
fi

39
target/scripts/startup/setup.d/postfix.sh
View file

@ -15,8 +15,7 @@ function _setup_postfix_early
postconf "myhostname = ${HOSTNAME}"
postconf "mydomain = ${DOMAINNAME}"
if [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]]
then
if [[ ${POSTFIX_INET_PROTOCOLS} != 'all' ]]; then
__postfix__log 'trace' 'Setting up POSTFIX_INET_PROTOCOLS option'
postconf "inet_protocols = ${POSTFIX_INET_PROTOCOLS}"
fi
@ -25,16 +24,14 @@ function _setup_postfix_early
postconf 'smtputf8_enable = no'
__postfix__log 'trace' "Configuring SASLauthd"
if [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && [[ ! -f /etc/postfix/sasl/smtpd.conf ]]
then
if [[ ${ENABLE_SASLAUTHD} -eq 1 ]] && [[ ! -f /etc/postfix/sasl/smtpd.conf ]]; then
cat >/etc/postfix/sasl/smtpd.conf << EOF
pwcheck_method: saslauthd
mech_list: plain login
EOF
fi
if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]
then
if [[ ${ENABLE_SASLAUTHD} -eq 0 ]] && [[ ${SMTP_ONLY} -eq 1 ]]; then
sed -i -E \
's|^smtpd_sasl_auth_enable =.*|smtpd_sasl_auth_enable = no|g' \
/etc/postfix/main.cf
@ -61,8 +58,7 @@ EOF
__postfix__log 'trace' "Configuring virtual mailbox size limit to '${POSTFIX_MAILBOX_SIZE_LIMIT}'"
postconf "virtual_mailbox_limit = ${POSTFIX_MAILBOX_SIZE_LIMIT}"
if [[ ${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME} -eq 1 ]]
then
if [[ ${POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME} -eq 1 ]]; then
__postfix__log 'trace' 'Enabling reject_unknown_client_hostname to dms_smtpd_sender_restrictions'
sedfile -i -E \
's|^(dms_smtpd_sender_restrictions = .*)|\1, reject_unknown_client_hostname|' \
@ -75,21 +71,18 @@ function _setup_postfix_late
_log 'debug' 'Configuring Postfix (late setup)'
__postfix__log 'trace' 'Configuring user access'
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]
then
if [[ -f /tmp/docker-mailserver/postfix-send-access.cf ]]; then
sed -i -E 's|(smtpd_sender_restrictions =)|\1 check_sender_access texthash:/tmp/docker-mailserver/postfix-send-access.cf,|' /etc/postfix/main.cf
fi
if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]
then
if [[ -f /tmp/docker-mailserver/postfix-receive-access.cf ]]; then
sed -i -E 's|(smtpd_recipient_restrictions =)|\1 check_recipient_access texthash:/tmp/docker-mailserver/postfix-receive-access.cf,|' /etc/postfix/main.cf
fi
__postfix__log 'trace' 'Configuring relay host'
_setup_relayhost
if [[ -n ${POSTFIX_DAGENT} ]]
then
if [[ -n ${POSTFIX_DAGENT} ]]; then
__postfix__log 'trace' "Changing virtual transport to '${POSTFIX_DAGENT}'"
# Default value in main.cf should be 'lmtp:unix:/var/run/dovecot/lmtp'
postconf "virtual_transport = ${POSTFIX_DAGENT}"
@ -102,8 +95,7 @@ function __postfix__setup_override_configuration
{
__postfix__log 'debug' 'Overriding / adjusting configuration with user-supplied values'
if [[ -f /tmp/docker-mailserver/postfix-main.cf ]]
then
if [[ -f /tmp/docker-mailserver/postfix-main.cf ]]; then
cat /tmp/docker-mailserver/postfix-main.cf >>/etc/postfix/main.cf
_adjust_mtime_for_postfix_maincf
@ -117,12 +109,10 @@ function __postfix__setup_override_configuration
__postfix__log 'trace' "No extra Postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' was not provided"
fi
if [[ -f /tmp/docker-mailserver/postfix-master.cf ]]
then
if [[ -f /tmp/docker-mailserver/postfix-master.cf ]]; then
while read -r LINE
do
if [[ ${LINE} =~ ^[0-9a-z] ]]
then
if [[ ${LINE} =~ ^[0-9a-z] ]]; then
postconf -P "${LINE}"
fi
done < /tmp/docker-mailserver/postfix-master.cf
@ -155,21 +145,18 @@ function _setup_SRS
POSTSRSD_SECRET_FILE='/etc/postsrsd.secret'
if [[ -n ${SRS_SECRET} ]]
then
if [[ -n ${SRS_SECRET} ]]; then
(
umask 0077
echo "${SRS_SECRET}" | tr ',' '\n' >"${POSTSRSD_SECRET_FILE}"
)
else
if [[ ! -f ${POSTSRSD_SECRET_FILE} ]]
then
if [[ ! -f ${POSTSRSD_SECRET_FILE} ]]; then
__generate_secret "${POSTSRSD_SECRET_FILE}"
fi
fi
if [[ -n ${SRS_EXCLUDE_DOMAINS} ]]
then
if [[ -n ${SRS_EXCLUDE_DOMAINS} ]]; then
sedfile -i -E \
"s|^#?(SRS_EXCLUDE_DOMAINS=).*|\1${SRS_EXCLUDE_DOMAINS}|" \
/etc/default/postsrsd

3
target/scripts/startup/setup.d/saslauthd.sh
View file

@ -5,8 +5,7 @@ function _setup_saslauthd
{
_log 'debug' 'Setting up SASLAUTHD'
if [[ ! -f /etc/saslauthd.conf ]]
then
if [[ ! -f /etc/saslauthd.conf ]]; then
_log 'trace' 'Creating /etc/saslauthd.conf'
cat > /etc/saslauthd.conf << EOF
ldap_servers: ${SASLAUTHD_LDAP_SERVER}

81
target/scripts/startup/setup.d/security/misc.sh
View file

@ -25,8 +25,7 @@ function _setup_security_stack
function __setup__security__postgrey
{
if [[ ${ENABLE_POSTGREY} -eq 1 ]]
then
if [[ ${ENABLE_POSTGREY} -eq 1 ]]; then
_log 'debug' 'Enabling and configuring Postgrey'
sedfile -i -E \
@ -37,18 +36,15 @@ function __setup__security__postgrey
"s|\"--inet=127.0.0.1:10023\"|\"--inet=127.0.0.1:10023 --delay=${POSTGREY_DELAY} --max-age=${POSTGREY_MAX_AGE} --auto-whitelist-clients=${POSTGREY_AUTO_WHITELIST_CLIENTS}\"|" \
/etc/default/postgrey
if ! grep -i 'POSTGREY_TEXT' /etc/default/postgrey
then
if ! grep -i 'POSTGREY_TEXT' /etc/default/postgrey; then
printf 'POSTGREY_TEXT=\"%s\"\n\n' "${POSTGREY_TEXT}" >>/etc/default/postgrey
fi
if [[ -f /tmp/docker-mailserver/whitelist_clients.local ]]
then
if [[ -f /tmp/docker-mailserver/whitelist_clients.local ]]; then
cp -f /tmp/docker-mailserver/whitelist_clients.local /etc/postgrey/whitelist_clients.local
fi
if [[ -f /tmp/docker-mailserver/whitelist_recipients ]]
then
if [[ -f /tmp/docker-mailserver/whitelist_recipients ]]; then
cp -f /tmp/docker-mailserver/whitelist_recipients /etc/postgrey/whitelist_recipients
fi
else
@ -64,8 +60,7 @@ function __setup__security__postscreen
-e "s|postscreen_greet_action = enforce|postscreen_greet_action = ${POSTSCREEN_ACTION}|" \
-e "s|postscreen_bare_newline_action = enforce|postscreen_bare_newline_action = ${POSTSCREEN_ACTION}|" /etc/postfix/main.cf
if [[ ${ENABLE_DNSBL} -eq 0 ]]
then
if [[ ${ENABLE_DNSBL} -eq 0 ]]; then
_log 'debug' 'Disabling Postscreen DNSBLs'
postconf 'postscreen_dnsbl_action = ignore'
postconf 'postscreen_dnsbl_sites = '
@ -76,8 +71,7 @@ function __setup__security__postscreen
function __setup__security__spamassassin
{
if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
then
if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]; then
_log 'debug' 'Enabling and configuring SpamAssassin'
# shellcheck disable=SC2016
@ -94,8 +88,7 @@ function __setup__security__spamassassin
's|invoke-rc.d spamassassin reload|/etc/init\.d/spamassassin reload|g' \
/etc/cron.daily/spamassassin
if [[ ${SA_SPAM_SUBJECT} == 'undef' ]]
then
if [[ ${SA_SPAM_SUBJECT} == 'undef' ]]; then
# shellcheck disable=SC2016
sed -i -r 's|^\$sa_spam_subject_tag (.*);|\$sa_spam_subject_tag = undef;|g' /etc/amavis/conf.d/20-debian_defaults
else
@ -104,27 +97,23 @@ function __setup__security__spamassassin
fi
# activate short circuits when SA BAYES is certain it has spam or ham.
if [[ ${SA_SHORTCIRCUIT_BAYES_SPAM} -eq 1 ]]
then
if [[ ${SA_SHORTCIRCUIT_BAYES_SPAM} -eq 1 ]]; then
# automatically activate the Shortcircuit Plugin
sed -i -r 's|^# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit|loadplugin Mail::SpamAssassin::Plugin::Shortcircuit|g' /etc/spamassassin/v320.pre
sed -i -r 's|^# shortcircuit BAYES_99|shortcircuit BAYES_99|g' /etc/spamassassin/local.cf
fi
if [[ ${SA_SHORTCIRCUIT_BAYES_HAM} -eq 1 ]]
then
if [[ ${SA_SHORTCIRCUIT_BAYES_HAM} -eq 1 ]]; then
# automatically activate the Shortcircuit Plugin
sed -i -r 's|^# loadplugin Mail::SpamAssassin::Plugin::Shortcircuit|loadplugin Mail::SpamAssassin::Plugin::Shortcircuit|g' /etc/spamassassin/v320.pre
sed -i -r 's|^# shortcircuit BAYES_00|shortcircuit BAYES_00|g' /etc/spamassassin/local.cf
fi
if [[ -e /tmp/docker-mailserver/spamassassin-rules.cf ]]
then
if [[ -e /tmp/docker-mailserver/spamassassin-rules.cf ]]; then
cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
fi
if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]]
then
if [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 1 ]]; then
_log 'trace' 'Configuring Spamassassin/Amavis to send SPAM to inbox'
_log 'debug' 'SPAM_TO_INBOX=1 is set. SA_KILL will be ignored.'
@ -137,8 +126,7 @@ function __setup__security__spamassassin
sed -i "s|\$final_bad_header_destiny.*=.*$|\$final_bad_header_destiny = D_BOUNCE;|g" /etc/amavis/conf.d/49-docker-mailserver
fi
if [[ ${ENABLE_SPAMASSASSIN_KAM} -eq 1 ]]
then
if [[ ${ENABLE_SPAMASSASSIN_KAM} -eq 1 ]]; then
_log 'trace' 'Configuring Spamassassin KAM'
local SPAMASSASSIN_KAM_CRON_FILE=/etc/cron.daily/spamassassin_kam
@ -151,8 +139,7 @@ RESULT=$(sa-update --gpgkey 24C063D8 --channel kam.sa-channels.mcgrail.com 2>&1)
EXIT_CODE=${?}
# see https://spamassassin.apache.org/full/3.1.x/doc/sa-update.html#exit_codes
if [[ ${EXIT_CODE} -ge 4 ]]
then
if [[ ${EXIT_CODE} -ge 4 ]]; then
echo -e "Updating SpamAssassin KAM failed:\n${RESULT}\n" >&2
exit 1
fi
@ -172,8 +159,7 @@ EOF
function __setup__security__clamav
{
if [[ ${ENABLE_CLAMAV} -eq 1 ]]
then
if [[ ${ENABLE_CLAMAV} -eq 1 ]]; then
_log 'debug' 'Enabling and configuring ClamAV'
local FILE
@ -184,19 +170,16 @@ function __setup__security__clamav
chmod 640 "${FILE}"
done
if [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]]
then
if [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]]; then
_log 'trace' "Setting ClamAV message scan size limit to '${CLAMAV_MESSAGE_SIZE_LIMIT}'"
# do a short sanity check: ClamAV does not support setting a maximum size greater than 4000M (at all)
if [[ $(numfmt --from=si "${CLAMAV_MESSAGE_SIZE_LIMIT}") -gt $(numfmt --from=si 4000M) ]]
then
if [[ $(numfmt --from=si "${CLAMAV_MESSAGE_SIZE_LIMIT}") -gt $(numfmt --from=si 4000M) ]]; then
_log 'warn' "You set 'CLAMAV_MESSAGE_SIZE_LIMIT' to a value larger than 4 Gigabyte, but the maximum value is 4000M for this value - you should correct your configuration"
fi
# For more details, see
# https://github.com/docker-mailserver/docker-mailserver/pull/3341
if [[ $(numfmt --from=si "${CLAMAV_MESSAGE_SIZE_LIMIT}") -ge $(numfmt --from=iec 2G) ]]
then
if [[ $(numfmt --from=si "${CLAMAV_MESSAGE_SIZE_LIMIT}") -ge $(numfmt --from=iec 2G) ]]; then
_log 'warn' "You set 'CLAMAV_MESSAGE_SIZE_LIMIT' to a value larger than 2 Gibibyte but ClamAV does not scan files larger or equal to 2 Gibibyte"
fi
@ -216,22 +199,18 @@ function __setup__security__clamav
function __setup__security__fail2ban
{
if [[ ${ENABLE_FAIL2BAN} -eq 1 ]]
then
if [[ ${ENABLE_FAIL2BAN} -eq 1 ]]; then
_log 'debug' 'Enabling and configuring Fail2Ban'
if [[ -e /tmp/docker-mailserver/fail2ban-fail2ban.cf ]]
then
if [[ -e /tmp/docker-mailserver/fail2ban-fail2ban.cf ]]; then
cp /tmp/docker-mailserver/fail2ban-fail2ban.cf /etc/fail2ban/fail2ban.local
fi
if [[ -e /tmp/docker-mailserver/fail2ban-jail.cf ]]
then
if [[ -e /tmp/docker-mailserver/fail2ban-jail.cf ]]; then
cp /tmp/docker-mailserver/fail2ban-jail.cf /etc/fail2ban/jail.d/user-jail.local
fi
if [[ ${FAIL2BAN_BLOCKTYPE} != 'reject' ]]
then
if [[ ${FAIL2BAN_BLOCKTYPE} != 'reject' ]]; then
echo -e '[Init]\nblocktype = drop' >/etc/fail2ban/action.d/nftables-common.local
fi
@ -244,11 +223,9 @@ function __setup__security__fail2ban
function __setup__security__amavis
{
if [[ ${ENABLE_AMAVIS} -eq 1 ]]
then
if [[ ${ENABLE_AMAVIS} -eq 1 ]]; then
_log 'debug' 'Configuring Amavis'
if [[ -f /tmp/docker-mailserver/amavis.cf ]]
then
if [[ -f /tmp/docker-mailserver/amavis.cf ]]; then
cp /tmp/docker-mailserver/amavis.cf /etc/amavis/conf.d/50-user
fi
@ -269,13 +246,11 @@ function __setup__security__amavis
mv /etc/cron.d/amavisd-new /etc/cron.d/amavisd-new.disabled
chmod 0 /etc/cron.d/amavisd-new.disabled
if [[ ${ENABLE_CLAMAV} -eq 1 ]] && [[ ${ENABLE_RSPAMD} -eq 0 ]]
then
if [[ ${ENABLE_CLAMAV} -eq 1 ]] && [[ ${ENABLE_RSPAMD} -eq 0 ]]; then
_log 'warn' 'ClamAV will not work when Amavis & rspamd are disabled. Enable either Amavis or rspamd to fix it.'
fi
if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
then
if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]; then
_log 'warn' 'Spamassassin will not work when Amavis is disabled. Enable Amavis to fix it.'
fi
fi
@ -284,8 +259,7 @@ function __setup__security__amavis
# We can use Sieve to move spam emails to the "Junk" folder.
function _setup_spam_to_junk
{
if [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]
then
if [[ ${MOVE_SPAM_TO_JUNK} -eq 1 ]]; then
_log 'debug' 'Spam emails will be moved to the Junk folder'
cat >/usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve << EOF
require ["fileinto","mailbox"];
@ -298,8 +272,7 @@ EOF
sievec /usr/lib/dovecot/sieve-global/after/spam_to_junk.sieve
chown dovecot:root /usr/lib/dovecot/sieve-global/after/spam_to_junk.{sieve,svbin}
if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 0 ]]
then
if [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]] && [[ ${SPAMASSASSIN_SPAM_TO_INBOX} -eq 0 ]]; then
_log 'warning' "'SPAMASSASSIN_SPAM_TO_INBOX=0' but it is required to be 1 for 'MOVE_SPAM_TO_JUNK=1' to work"
fi
else

57
target/scripts/startup/setup.d/security/rspamd.sh
View file

@ -3,8 +3,7 @@
# Function called during global setup to handle the complete setup of Rspamd.
function _setup_rspamd
{
if _env_var_expect_zero_or_one 'ENABLE_RSPAMD' && [[ ${ENABLE_RSPAMD} -eq 1 ]]
then
if _env_var_expect_zero_or_one 'ENABLE_RSPAMD' && [[ ${ENABLE_RSPAMD} -eq 1 ]]; then
_log 'debug' 'Enabling and configuring Rspamd'
__rspamd__log 'trace' '---------- Setup started ----------'
@ -44,8 +43,7 @@ function __rspamd__helper__enable_disable_module
local LOCAL_OR_OVERRIDE=${3:-local}
local MESSAGE='Enabling'
if [[ ! ${ENABLE_MODULE} =~ ^(true|false)$ ]]
then
if [[ ! ${ENABLE_MODULE} =~ ^(true|false)$ ]]; then
__rspamd__log 'warn' "__rspamd__helper__enable_disable_module got non-boolean argument for deciding whether module should be enabled or not"
return 1
fi
@ -75,39 +73,32 @@ function __rspamd__run_early_setup_and_checks
mkdir -p /var/lib/rspamd/
: >/var/lib/rspamd/stats.ucl
if [[ -d ${RSPAMD_DMS_OVERRIDE_D} ]]
then
if [[ -d ${RSPAMD_DMS_OVERRIDE_D} ]]; then
__rspamd__log 'debug' "Found directory '${RSPAMD_DMS_OVERRIDE_D}' - linking it to '${RSPAMD_OVERRIDE_D}'"
if rmdir "${RSPAMD_OVERRIDE_D}" 2>/dev/null
then
if rmdir "${RSPAMD_OVERRIDE_D}" 2>/dev/null; then
ln -s "${RSPAMD_DMS_OVERRIDE_D}" "${RSPAMD_OVERRIDE_D}"
else
__rspamd__log 'warn' "Could not remove '${RSPAMD_OVERRIDE_D}' (not empty? not a directory?; did you restart properly?) - not linking '${RSPAMD_DMS_OVERRIDE_D}'"
fi
fi
if [[ ${ENABLE_AMAVIS} -eq 1 ]] || [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]
then
if [[ ${ENABLE_AMAVIS} -eq 1 ]] || [[ ${ENABLE_SPAMASSASSIN} -eq 1 ]]; then
__rspamd__log 'warn' 'Running Amavis/SA & Rspamd at the same time is discouraged'
fi
if [[ ${ENABLE_OPENDKIM} -eq 1 ]]
then
if [[ ${ENABLE_OPENDKIM} -eq 1 ]]; then
__rspamd__log 'warn' 'Running OpenDKIM & Rspamd at the same time is discouraged - we recommend Rspamd for DKIM checks (enabled with Rspamd by default) & signing'
fi
if [[ ${ENABLE_OPENDMARC} -eq 1 ]]
then
if [[ ${ENABLE_OPENDMARC} -eq 1 ]]; then
__rspamd__log 'warn' 'Running OpenDMARC & Rspamd at the same time is discouraged - we recommend Rspamd for DMARC checks (enabled with Rspamd by default)'
fi
if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]
then
if [[ ${ENABLE_POLICYD_SPF} -eq 1 ]]; then
__rspamd__log 'warn' 'Running policyd-spf & Rspamd at the same time is discouraged - we recommend Rspamd for SPF checks (enabled with Rspamd by default)'
fi
if [[ ${ENABLE_POSTGREY} -eq 1 ]] && [[ ${RSPAMD_GREYLISTING} -eq 1 ]]
then
if [[ ${ENABLE_POSTGREY} -eq 1 ]] && [[ ${RSPAMD_GREYLISTING} -eq 1 ]]; then
__rspamd__log 'warn' 'Running Postgrey & Rspamd at the same time is discouraged - we recommend Rspamd for greylisting'
fi
}
@ -116,8 +107,7 @@ function __rspamd__run_early_setup_and_checks
# supply a configuration for our local Redis instance which is started later.
function __rspamd__setup_redis
{
if _env_var_expect_zero_or_one 'ENABLE_RSPAMD_REDIS' && [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]]
then
if _env_var_expect_zero_or_one 'ENABLE_RSPAMD_REDIS' && [[ ${ENABLE_RSPAMD_REDIS} -eq 1 ]]; then
__rspamd__log 'debug' 'Internal Redis is enabled, adding configuration'
cat >"${RSPAMD_LOCAL_D}/redis.conf" << "EOF"
# documentation: https://rspamd.com/doc/configuration/redis.html
@ -158,15 +148,13 @@ function __rspamd__setup_postfix
# If ClamAV is enabled, we will integrate it into Rspamd.
function __rspamd__setup_clamav
{
if _env_var_expect_zero_or_one 'ENABLE_CLAMAV' && [[ ${ENABLE_CLAMAV} -eq 1 ]]
then
if _env_var_expect_zero_or_one 'ENABLE_CLAMAV' && [[ ${ENABLE_CLAMAV} -eq 1 ]]; then
__rspamd__log 'debug' 'Enabling ClamAV integration'
sedfile -i -E 's|^(enabled).*|\1 = true;|g' "${RSPAMD_LOCAL_D}/antivirus.conf"
# Rspamd uses ClamAV's UNIX socket, and to be able to read it, it must be in the same group
usermod -a -G clamav _rspamd
if [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]]
then
if [[ ${CLAMAV_MESSAGE_SIZE_LIMIT} != '25M' ]]; then
local SIZE_IN_BYTES
SIZE_IN_BYTES=$(numfmt --from=si "${CLAMAV_MESSAGE_SIZE_LIMIT}")
__rspamd__log 'trace' "Adjusting maximum size for ClamAV to ${SIZE_IN_BYTES} bytes (${CLAMAV_MESSAGE_SIZE_LIMIT})"
@ -211,8 +199,7 @@ function __rspamd__setup_default_modules
# from or to the "Junk" folder, and learning them as ham or spam.
function __rspamd__setup_learning
{
if _env_var_expect_zero_or_one 'RSPAMD_LEARN' && [[ ${RSPAMD_LEARN} -eq 1 ]]
then
if _env_var_expect_zero_or_one 'RSPAMD_LEARN' && [[ ${RSPAMD_LEARN} -eq 1 ]]; then
__rspamd__log 'debug' 'Setting up intelligent learning of spam and ham'
local SIEVE_PIPE_BIN_DIR='/usr/lib/dovecot/sieve-pipe'
@ -256,8 +243,7 @@ EOF
# https://rspamd.com/doc/modules/greylisting.html).
function __rspamd__setup_greylisting
{
if _env_var_expect_zero_or_one 'RSPAMD_GREYLISTING' && [[ ${RSPAMD_GREYLISTING} -eq 1 ]]
then
if _env_var_expect_zero_or_one 'RSPAMD_GREYLISTING' && [[ ${RSPAMD_GREYLISTING} -eq 1 ]]; then
__rspamd__log 'debug' 'Enabling greylisting'
sedfile -i -E "s|(enabled =).*|\1 true;|g" "${RSPAMD_LOCAL_D}/greylist.conf"
else
@ -272,12 +258,10 @@ function __rspamd__setup_greylisting
function __rspamd__setup_hfilter_group
{
local MODULE_FILE="${RSPAMD_LOCAL_D}/hfilter_group.conf"
if _env_var_expect_zero_or_one 'RSPAMD_HFILTER' && [[ ${RSPAMD_HFILTER} -eq 1 ]]
then
if _env_var_expect_zero_or_one 'RSPAMD_HFILTER' && [[ ${RSPAMD_HFILTER} -eq 1 ]]; then
__rspamd__log 'debug' 'Hfilter (group) module is enabled'
# Check if we received a number first
if _env_var_expect_integer 'RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE' && [[ ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE} -ne 6 ]]
then
if _env_var_expect_integer 'RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE' && [[ ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE} -ne 6 ]]; then
__rspamd__log 'trace' "Adjusting score for 'HFILTER_HOSTNAME_UNKNOWN' in Hfilter group module to ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE}"
sed -i -E \
"s|(.*score =).*(# __TAG__HFILTER_HOSTNAME_UNKNOWN)|\1 ${RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE}; \2|g" \
@ -321,8 +305,7 @@ function __rspamd__handle_user_modules_adjustments
local FILE="${RSPAMD_OVERRIDE_D}/${MODULE_FILE}"
[[ -f ${FILE} ]] || touch "${FILE}"
if grep -q -E "${OPTION}.*=.*" "${FILE}"
then
if grep -q -E "${OPTION}.*=.*" "${FILE}"; then
__rspamd__log 'trace' "Overwriting option '${OPTION}' with value '${VALUE}' for ${MODULE_LOG_NAME}"
sed -i -E "s|([[:space:]]*${OPTION}).*|\1 = ${VALUE};|g" "${FILE}"
else
@ -336,15 +319,13 @@ function __rspamd__handle_user_modules_adjustments
# We check for usage of the previous location of the commands file.
# This can be removed after the release of v14.0.0.
if [[ -f ${RSPAMD_CUSTOM_COMMANDS_FILE_OLD} ]]
then
if [[ -f ${RSPAMD_CUSTOM_COMMANDS_FILE_OLD} ]]; then
__rspamd__log 'warn' "Detected usage of old file location for modules adjustment ('${RSPAMD_CUSTOM_COMMANDS_FILE_OLD}') - please use the new location ('${RSPAMD_CUSTOM_COMMANDS_FILE}')"
__rspamd__log 'warn' "Using old file location now (deprecated) - this will prevent startup in v13.0.0"
RSPAMD_CUSTOM_COMMANDS_FILE=${RSPAMD_CUSTOM_COMMANDS_FILE_OLD}
fi
if [[ -f "${RSPAMD_CUSTOM_COMMANDS_FILE}" ]]
then
if [[ -f "${RSPAMD_CUSTOM_COMMANDS_FILE}" ]]; then
__rspamd__log 'debug' "Found file '${RSPAMD_CUSTOM_COMMANDS_FILE}' - parsing and applying it"
while read -r COMMAND ARGUMENT1 ARGUMENT2 ARGUMENT3

12
target/scripts/startup/setup.d/security/spoofing.sh
View file

@ -2,21 +2,17 @@
function _setup_spoof_protection
{
if [[ ${SPOOF_PROTECTION} -eq 1 ]]
then
if [[ ${SPOOF_PROTECTION} -eq 1 ]]; then
_log 'trace' 'Enabling and configuring spoof protection'
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]
then
if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]
then
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]; then
if [[ -z ${LDAP_QUERY_FILTER_SENDERS} ]]; then
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-users.cf ldap:/etc/postfix/ldap-aliases.cf ldap:/etc/postfix/ldap-groups.cf'
else
postconf 'smtpd_sender_login_maps = ldap:/etc/postfix/ldap-senders.cf'
fi
else
if [[ -f /etc/postfix/regexp ]]
then
if [[ -f /etc/postfix/regexp ]]; then
postconf 'smtpd_sender_login_maps = unionmap:{ texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre, pcre:/etc/postfix/regexp }'
else
postconf 'smtpd_sender_login_maps = texthash:/etc/postfix/virtual, hash:/etc/aliases, pcre:/etc/postfix/maps/sender_login_maps.pcre'

18
target/scripts/startup/variables-stack.sh
View file

@ -15,8 +15,7 @@ function _early_variables_setup
# completely with a single version.
function __environment_variables_backwards_compatibility
{
if [[ ${ENABLE_LDAP:-0} -eq 1 ]]
then
if [[ ${ENABLE_LDAP:-0} -eq 1 ]]; then
_log 'warn' "'ENABLE_LDAP=1' is deprecated (and will be removed in v13.0.0) => use 'ACCOUNT_PROVISIONER=LDAP' instead"
ACCOUNT_PROVISIONER='LDAP'
fi
@ -165,8 +164,7 @@ function _environment_variables_saslauthd
# SASL ENV for configuring an LDAP specific
# `saslauthd.conf` via `setup-stack.sh:_setup_sasulauthd()`
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]
then
if [[ ${ACCOUNT_PROVISIONER} == 'LDAP' ]]; then
_log 'trace' 'Setting SASLSAUTH-LDAP variables nnow'
VARS[SASLAUTHD_LDAP_AUTH_METHOD]="${SASLAUTHD_LDAP_AUTH_METHOD:=bind}"
@ -179,32 +177,28 @@ function _environment_variables_saslauthd
VARS[SASLAUTHD_LDAP_START_TLS]="${SASLAUTHD_LDAP_START_TLS:=no}"
VARS[SASLAUTHD_LDAP_TLS_CHECK_PEER]="${SASLAUTHD_LDAP_TLS_CHECK_PEER:=no}"
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]]
then
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_FILE} ]]; then
SASLAUTHD_LDAP_TLS_CACERT_FILE=''
else
SASLAUTHD_LDAP_TLS_CACERT_FILE="ldap_tls_cacert_file: ${SASLAUTHD_LDAP_TLS_CACERT_FILE}"
fi
VARS[SASLAUTHD_LDAP_TLS_CACERT_FILE]="${SASLAUTHD_LDAP_TLS_CACERT_FILE}"
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]]
then
if [[ -z ${SASLAUTHD_LDAP_TLS_CACERT_DIR} ]]; then
SASLAUTHD_LDAP_TLS_CACERT_DIR=''
else
SASLAUTHD_LDAP_TLS_CACERT_DIR="ldap_tls_cacert_dir: ${SASLAUTHD_LDAP_TLS_CACERT_DIR}"
fi
VARS[SASLAUTHD_LDAP_TLS_CACERT_DIR]="${SASLAUTHD_LDAP_TLS_CACERT_DIR}"
if [[ -z ${SASLAUTHD_LDAP_PASSWORD_ATTR} ]]
then
if [[ -z ${SASLAUTHD_LDAP_PASSWORD_ATTR} ]]; then
SASLAUTHD_LDAP_PASSWORD_ATTR=''
else
SASLAUTHD_LDAP_PASSWORD_ATTR="ldap_password_attr: ${SASLAUTHD_LDAP_PASSWORD_ATTR}"
fi
VARS[SASLAUTHD_LDAP_PASSWORD_ATTR]="${SASLAUTHD_LDAP_PASSWORD_ATTR}"
if [[ -z ${SASLAUTHD_LDAP_MECH} ]]
then
if [[ -z ${SASLAUTHD_LDAP_MECH} ]]; then
SASLAUTHD_LDAP_MECH=''
else
SASLAUTHD_LDAP_MECH="ldap_mech: ${SASLAUTHD_LDAP_MECH}"