docker-mailserver · tomav · Aug 7, 2017 · Jun 3, 2017 · Jun 6, 2017 · Jun 7, 2017
diff --git a/Dockerfile b/Dockerfile
@@ -4,6 +4,13 @@ MAINTAINER Thomas VIAL
 ENV DEBIAN_FRONTEND noninteractive
 ENV VIRUSMAILS_DELETE_DELAY=7
 ENV ONE_DIR=0
+ENV ENABLE_POSTGREY=0
+ENV POSTGREY_DELAY=300
+ENV POSTGREY_MAX_AGE=35
+ENV POSTGREY_TEXT="Delayed by postgrey"
+
+ENV SASLAUTHD_MECHANISMS=pam
+ENV SASLAUTHD_MECH_OPTIONS=""
 
 # Packages
 RUN apt-get update -q --fix-missing && \
@@ -47,6 +54,7 @@ RUN apt-get update -q --fix-missing && \
     rsyslog \
     sasl2-bin \
     spamassassin \
+    supervisor \
     postgrey \
     unzip \
     && \
@@ -68,7 +76,11 @@ RUN apt-get update -q --fix-missing && \
 
 RUN echo "0 0,6,12,18 * * * /usr/bin/freshclam --quiet" > /etc/cron.d/freshclam && \
   chmod 644 /etc/clamav/freshclam.conf && \
-  freshclam
+  freshclam && \
+  sed -i 's/Foreground false/Foreground true/g' /etc/clamav/clamd.conf && \
+  sed -i 's/AllowSupplementaryGroups false/AllowSupplementaryGroups true/g' /etc/clamav/clamd.conf && \
+  mkdir /var/run/clamav && \
+  chown -R clamav:root /var/run/clamav
 
 # Configures Dovecot
 COPY target/dovecot/auth-passwdfile.inc target/dovecot/??-*.conf /etc/dovecot/conf.d/
@@ -110,7 +122,7 @@ RUN sed -i -r 's/#(@|   \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_fil
 # Configure Fail2ban
 COPY target/fail2ban/jail.conf /etc/fail2ban/jail.conf
 COPY target/fail2ban/filter.d/dovecot.conf /etc/fail2ban/filter.d/dovecot.conf
-RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf
+RUN echo "ignoreregex =" >> /etc/fail2ban/filter.d/postfix-sasl.conf && mkdir /var/run/fail2ban
 
 # Enables Pyzor and Razor
 USER amavis
@@ -132,6 +144,7 @@ COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts
 # Configure fetchmail
 COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general
 RUN sed -i 's/START_DAEMON=no/START_DAEMON=yes/g' /etc/default/fetchmail
+RUN mkdir /var/run/fetchmail && chown fetchmail /var/run/fetchmail
 
 # Configures Postfix
 COPY target/postfix/main.cf target/postfix/master.cf /etc/postfix/
@@ -159,12 +172,15 @@ RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > /et
 
 COPY ./target/bin /usr/local/bin
 # Start-mailserver script
-COPY ./target/start-mailserver.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
+COPY ./target/start-mailserver.sh ./target/fail2ban-wrapper.sh ./target/postfix-wrapper.sh ./target/docker-configomat/configomat.sh /usr/local/bin/
 RUN chmod +x /usr/local/bin/*
 
-EXPOSE 25 587 143 993 110 995 4190
+# Configure supervisor
+COPY target/supervisor/* /etc/supervisor/conf.d/
 
-CMD /usr/local/bin/start-mailserver.sh
+EXPOSE 25 587 143 993 110 995 4190
 
+CMD supervisord -c /etc/supervisor/supervisord.conf
 
 ADD target/filebeat.yml.tmpl /etc/filebeat/filebeat.yml.tmpl
+
diff --git a/Makefile b/Makefile
@@ -40,7 +40,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-v "`pwd`/test/config/letsencrypt":/etc/letsencrypt/live \
 		-e ENABLE_POP3=1 \
-		-e DMS_DEBUG=1 \
+		-e DMS_DEBUG=0 \
 		-e SSL_TYPE=letsencrypt \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
@@ -49,6 +49,7 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e SMTP_ONLY=1 \
 		-e PERMIT_DOCKER=network \
+		-e DMS_DEBUG=0 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-t $(NAME)
 	sleep 15
@@ -63,6 +64,7 @@ run:
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e PERMIT_DOCKER=network \
+		-e DMS_DEBUG=0 \
 		-e OVERRIDE_HOSTNAME=mail.my-domain.com \
 		-h mail.my-domain.com \
 		-t $(NAME)
@@ -79,13 +81,15 @@ run:
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_FETCHMAIL=1 \
 		--cap-add=NET_ADMIN \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_disabled_clamav_spamassassin \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_CLAMAV=0 \
 		-e ENABLE_SPAMASSASSIN=0 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name mail_manual_ssl \
@@ -94,6 +98,7 @@ run:
 		-e SSL_TYPE=manual \
 		-e SSL_CERT_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/fullchain.pem \
 		-e SSL_KEY_PATH=/tmp/docker-mailserver/letsencrypt/mail.my-domain.com/privkey.pem \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
 	docker run -d --name ldap_for_mail \
@@ -120,6 +125,7 @@ run:
 		-e SASLAUTHD_LDAP_PASSWORD=admin \
 		-e SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain \
 		-e [email protected] \
+		-e DMS_DEBUG=0 \
 		--link ldap_for_mail:ldap \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 15
@@ -130,15 +136,16 @@ run:
 		-e SASLAUTHD_MECHANISMS=rimap \
 		-e SASLAUTHD_MECH_OPTIONS=127.0.0.1 \
 		-e [email protected] \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
-	# Wait for containers to fully start
 	sleep 15
 	docker run -d --name mail_lmtp_ip \
 		-v "`pwd`/test/config":/tmp/docker-mailserver \
 		-v "`pwd`/test/config/dovecot-lmtp":/etc/dovecot \
 		-v "`pwd`/test":/tmp/docker-mailserver-test \
 		-e ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1 \
 		-e POSTFIX_DAGENT=lmtp:127.0.0.1:24 \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 30
 	docker run -d --name mail_with_postgrey \
@@ -148,6 +155,7 @@ run:
 		-e POSTGREY_DELAY=15 \
 		-e POSTGREY_MAX_AGE=35 \
 		-e POSTGREY_TEXT="Delayed by postgrey" \
+		-e DMS_DEBUG=0 \
 		-h mail.my-domain.com -t $(NAME)
 	sleep 20
 
@@ -179,7 +187,7 @@ fixtures:
 
 	docker exec mail_override_hostname /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user1.txt"
 	# Wait for mails to be analyzed
-	sleep 20
+	sleep 40
 
 tests:
 	# Start tests

diff --git a/setup.sh b/setup.sh
@@ -7,7 +7,7 @@
 INFO=$(docker ps \
   --no-trunc \
   --format="{{.Image}}\t{{.Names}}\t{{.Command}}" | \
-  grep '/bin/sh -c /usr/local/bin/start-mailserver.sh')
+  grep "/bin/sh -c 'supervisord -c /etc/supervisor/supervisord.conf'")
 
 IMAGE_NAME=$(echo $INFO | awk '{print $1}')
 CONTAINER_NAME=$(echo $INFO | awk '{print $2}')

diff --git a/target/fail2ban-wrapper.sh b/target/fail2ban-wrapper.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# fail2ban-wrapper.sh, version 0.0.1
+#
+# You cannot start fail2ban in some foreground mode and
+# it's more or less important that docker doesn't kill
+# fail2ban and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping fail2ban correctly.
+#
+# supervisord config snippet for fail2ban-wrapper:
+#
+# [program:fail2ban]
+# process_name = fail2ban
+# command = /path/to/fail2ban-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "/usr/bin/fail2ban-client stop" SIGINT
+trap "/usr/bin/fail2ban-client stop" SIGTERM
+trap "/usr/bin/fail2ban-client reload" SIGHUP
+
+# start fail2ban
+/usr/bin/fail2ban-client start
+
+# lets give fail2ban some time to start
+sleep 5
+
+# wait until fail2ban is dead (triggered by trap)
+while kill -0 "`cat /var/run/fail2ban/fail2ban.pid`"; do
+  sleep 5
+done
+
diff --git a/target/postfix-wrapper.sh b/target/postfix-wrapper.sh
@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+# postfix-wrapper.sh, version 0.1.0
+#
+# You cannot start postfix in some foreground mode and
+# it's more or less important that docker doesn't kill
+# postfix and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping postfix correctly.
+#
+# supervisord config snippet for postfix-wrapper:
+#
+# [program:postfix]
+# process_name = postfix
+# command = /path/to/postfix-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+# start postfix
+service postfix start
+
+# lets give postfix some time to start
+sleep 5
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "`cat /var/spool/postfix/pid/master.pid`"; do
+  sleep 5
+done
+