first commit

dockers/sympa/.env

@@ -0,0 +1 @@
+../../config/dockers.env

dockers/sympa/Dockerfile

@@ -0,0 +1,127 @@
+# Didier le 28 avril 2021
+# conf postfix ok
+# sympa ne fonctionne pas en auto, lancer le contenu de la dernire ligne dans le container
+# le fichier preseed contient l' installation en mysql, mais il faudra revenir dessus en lancant sympa_wizard
+# ne pas oublier de verifier la fin du fichier sympa.conf qui doit contenir les lignes contenu dans le sympa.sh
+
+# Fanch janvier 2022
+# migration en bullseye, tentative de rendre générique
+FROM debian:bullseye
+
+########################################
+# APT local cache
+# work around because COPY failed if no source file
+COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] /
+RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true
+RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \
+    -e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
+    -e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
+    -e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
+    -e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
+    /etc/apt/sources.list; fi
+
+########################################
+RUN apt-get update \
+    && apt-get install -y locales locales-all \
+    && sed -i '/fr_FR.UTF-8/s/^# //g' /etc/locale.gen && locale-gen
+ENV LC_ALL fr_FR.UTF-8
+ENV LANG fr_FR.UTF-8
+ENV LANGUAGE fr_FR:fr
+RUN update-locale LANG=fr_FR.UTF-8 \
+    && echo sympa >/etc/hostname
+
+RUN apt-get -y install libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev
+#RUN apt-get -y install emacs elpa-php-mode
+RUN apt-get -y install procps dos2unix
+
+# creation du user filter,son repertoire home, copie des fichiers
+RUN mkdir /home/filter ; useradd -d /home/filter filter ; chown filter /home/filter
+RUN apt-get install -y --fix-missing doxygen dos2unix git \
+    build-essential make g++ libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev libssl-dev
+WORKDIR /home/
+RUN git clone https://git.kaz.bzh/KAZ/depollueur.git
+WORKDIR /home/depollueur/
+RUN make
+RUN cp build/out/* /home/filter/
+RUN cp src/bash/* /home/filter/
+
+RUN chown filter /home/filter/*; chmod 755 /home/filter/*
+
+# creation du repertoire filter et application des bons droits pour le filtre
+RUN mkdir -p /var/log/mail; touch /var/log/mail/filter.log ; chown filter /var/log/mail/filter.log ; chmod 777 /var/log/mail/filter.log
+RUN mkdir -p /var/spool/filter ; chmod 775 /var/spool/filter ; chown filter /var/spool/filter
+RUN mkdir -p /var/log/mail/pb ; chmod a+rwx /var/log/mail/pb
+
+COPY dockers/sympa/config/sympa.preseed /tmp/sympa.preseed
+RUN debconf-set-selections < /tmp/sympa.preseed \
+    && apt-get update \
+    && DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends sympa apache2 postfix supervisor anacron spawn-fcgi libapache2-mod-fcgid apg curl \
+    && a2enmod rewrite ssl proxy_fcgi \
+    && a2ensite default-ssl \
+    && a2enconf sympa-soap \
+    \
+    && sed \
+    -e 's%SSLCertificateKeyFile\s.*$%SSLCertificateKeyFile   ENVKEY%g' \
+    -e 's%SSLCertificateFile\s.*$%SSLCertificateFile      ENVCERT%g' \
+    -i /etc/apache2/sites-available/default-ssl.conf \
+    && sed \
+    -e '/ServerName/a	Redirect / https://MAILNAME.DOMAINNAME/' \
+    -i /etc/apache2/sites-available/000-default.conf \
+    && echo '<head>\n  <meta http-equiv="Refresh" content="0; URL=https://MAILNAME.DOMAINNAME/wws" />\n</head>\n' > /var/www/html/index.html \
+    && sed -e 's%ScriptAlias.*%ProxyPass "/wws" "fcgi://localhost:8442/"%' -i /etc/apache2/conf-enabled/sympa.conf \
+    && sed -e 's%ScriptAlias.*%ProxyPass "/sympasoap" "fcgi://localhost:8443/"%' -i /etc/apache2/conf-enabled/sympa-soap.conf
+
+# pour le confort : modif du .bashrc de root
+RUN sed -i 's/# alias/alias/g' /root/.bashrc \
+    && sed -i 's/# export/export/g' /root/.bashrc \
+    && sed -i 's/# eval/eval/g' /root/.bashrc
+
+COPY dockers/sympa/config/supervisord.conf /etc/supervisord.conf
+
+RUN touch /var/log/sympa.log \
+    && chmod 640 /var/log/sympa.log \
+    && echo "local1.* 		-/var/log/sympa.log" >>/etc/rsyslog.conf
+
+# configuration de postfix
+COPY dockers/sympa/config/transport /etc/postfix/
+COPY dockers/sympa/config/postfix.sh /tmp
+RUN bash /tmp/postfix.sh
+
+# # modif des fichiers de postfix pour filter
+RUN cat /home/filter/master.cf.update >>/etc/postfix/master.cf \
+    && sed -i 's/^\(smtp .*smtpd\)$/\1\n\t-o content_filter=filter:dummy/' /etc/postfix/master.cf
+
+# pour qu'admin@kaz.bzh recoivent les mails d'anomalie
+RUN echo "root: ADMIN_EMAIL" >> /etc/aliases \
+    && postalias hash:/etc/aliases
+
+# Configuration de sympa
+RUN echo aliases_program postalias >>/etc/sympa/sympa/sympa.conf \
+    && echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf \
+    && echo soap_url /sympasoap >>/etc/sympa/sympa/sympa.conf \
+    && echo dmarc_protection.mode dmarc_reject >>/etc/sympa/sympa/sympa.conf \
+    && cp /usr/share/doc/sympa/examples/script/sympa_soap_client.pl.gz /usr/lib/sympa/bin/ \
+    && gunzip /usr/lib/sympa/bin/sympa_soap_client.pl.gz \
+    && chmod +x /usr/lib/sympa/bin/sympa_soap_client.pl \
+    && chown sympa:sympa /usr/lib/sympa/lib/sympa/* \
+    && chmod u+s /usr/lib/sympa/lib/sympa/*
+
+COPY dockers/sympa/config/aliases.sympa.postfix /etc/sympa/aliases.sympa.postfix
+COPY dockers/sympa/config/trusted_applications.conf /etc/sympa/trusted_applications.conf
+
+
+RUN postconf "alias_maps = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix,hash:/etc/mail/sympa/aliases" \
+    && postconf "alias_database = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix" \
+    && postalias hash:/etc/sympa/aliases.sympa.postfix \
+    && usermod -a -G sympa postfix
+
+COPY dockers/sympa/config/postfix-wrapper.sh /usr/local/bin/
+RUN chmod a+x /usr/local/bin/postfix-wrapper.sh
+
+COPY dockers/sympa/config/start.sh /
+ENTRYPOINT ["/bin/bash", "/start.sh"]
+
+EXPOSE 80 443 25
+
+# docs sympa : https://listes.renater.fr/sympa/arc/sympa-fr/2021-02/msg00026.html
+# https://listes.renater.fr/sympa/arc/sympa-fr/2012-05/msg00042.html

dockers/sympa/alerting/filter.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+FILTER=$(docker exec sympaServ cat /var/log/mail.err | grep filter.sh)
+COUNT=$(docker exec sympaServ cat /var/log/mail.err | grep -c filter.sh)
+
+if [ "$COUNT" -gt 2 ]; then
+	echo $FILTER
+    echo "alerte filter sympa : $COUNT"
+fi

dockers/sympa/alerting/mailq.sh

@@ -0,0 +1,9 @@
+#!/bin/bash
+
+QUEUE=$(docker exec sympaServ mailq | grep "^[A-F0-9]")
+COUNT=$(docker exec sympaServ mailq | grep -c "^[A-F0-9]")
+
+if [ "$COUNT" -gt 4 ]; then
+	echo $QUEUE
+    echo "alerte mailq sympa : $COUNT"
+fi

dockers/sympa/alerting/sympa.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+#  supervision de sympa
+#KAZ_ROOT=$(cd "$(dirname $0)"/..; pwd)
+KAZ_ROOT=/kaz
+. $KAZ_ROOT/bin/.commonFunctions.sh
+setKazVars
+
+. $DOCKERS_ENV
+. $KAZ_ROOT/secret/SetAllPass.sh
+
+DOCKER_CMD="docker exec sympaServ"
+URL_AGORA=$(echo $matterHost).$(echo $domain)
+
+docker exec ${mattermostServName} bin/mmctl --suppress-warnings auth login $httpProto://$URL_AGORA --name local-server --username $mattermost_user --password $mattermost_pass >/dev/null 2>&1
+
+DateFrom() {
+	OLDLANG=$LANG
+	LANG=C
+	declare -A TABDATE
+	TABDATE[0,1]=Jan
+	TABDATE[0,2]=Feb
+	TABDATE[0,3]=Mar
+	TABDATE[0,4]=Apr
+	TABDATE[0,5]=May
+	TABDATE[0,6]=Jun
+	TABDATE[0,7]=Jul
+	TABDATE[0,8]=Aug
+	TABDATE[0,9]=Sep
+	TABDATE[0,10]=Oct
+	TABDATE[0,11]=Nov
+	TABDATE[0,12]=Dec
+
+	MOISCOURANT=$(date +%m | sed -e 's/^0//')
+	MOISPRECEDENT=$(expr ${MOISCOURANT} - 1 )
+	JOURCOURANT=$(date +%d)
+	HEUREPRECEDENTE=$(date -d '6 hour ago' +%H)
+
+	GAMMEDATE=$(echo ${TABDATE[0,$MOISCOURANT]} ${JOURCOURANT};echo "|";echo ${TABDATE[0,$MOISPRECEDENT]} ${JOURCOURANT})
+	LANG=$OLDLANG
+	if [ "$1" = "-h" ]
+	then
+		echo "${TABDATE[0,$MOISCOURANT]} ${JOURCOURANT} ${HEUREPRECEDENTE}"
+	else
+		echo ${GAMMEDATE}
+	fi
+}
+
+PERIODE_RECHERCHE=$(DateFrom -h)
+echo "Recherche à partir de ${PERIODE_RECHERCHE} heure(s)"
+
+OLDIFS=$IFS
+IFS=" "
+
+FILTER_ERR=$(${DOCKER_CMD} grep -E "${PERIODE_RECHERCHE}" /var/log/mail.err | grep filter.sh | awk '{print $4}' | sort -u)
+COUNT_FILTER=$(${DOCKER_CMD} grep -E "${PERIODE_RECHERCHE}" /var/log/mail.err | grep filter.sh | awk '{print $4}' | sort -u | wc -w)
+
+if [ "$COUNT_FILTER" -gt 1 ]
+then
+   echo "---------------------------------------------------------- "
+   echo $FILTER_ERR
+   docker exec mattermostServ bin/mmctl post create kaz:Sysadmin-alertes --message "Recherche à partir de ${PERIODE_RECHERCHE} Heure(s)" >/dev/null 2>&1
+   docker exec mattermostServ bin/mmctl post create kaz:Sysadmin-alertes --message "L' id message(s): $FILTER_ERR" >/dev/null 2>&1
+   echo "---------------------------------------------------------- "
+   echo "alerte filter sympa : $COUNT_FILTER "
+   docker exec mattermostServ bin/mmctl post create kaz:Sysadmin-alertes --message "alerte filter sympa : $COUNT_FILTER" >/dev/null 2>&1
+fi
+
+
+QUEUE_MAIL=$(${DOCKER_CMD} mailq | grep @)
+COUNT_MAILQ=$(${DOCKER_CMD} mailq | grep -v makerspace56 | grep -c "^[A-F0-9]")
+
+if [ "$COUNT_MAILQ" -gt 50 ]; then
+   echo "---------------------------------------------------------- "
+   echo ${QUEUE_MAIL}
+   echo "---------------------------------------------------------- "
+   echo "alerte mailq sympa : ${COUNT_MAILQ}"
+   docker exec  mattermostServ bin/mmctl post create kaz:Sysadmin-alertes --message "Recherche de ${PERIODE_RECHERCHE}" >/dev/null 2>&1
+   docker exec  mattermostServ bin/mmctl post create kaz:Sysadmin-alertes --message "${QUEUE_MAIL}" >/dev/null 2>&1
+   docker exec  mattermostServ bin/mmctl post create kaz:Sysadmin-alertes --message "alerte mailq sympa : ${COUNT_MAILQ}" >/dev/null 2>&1
+fi

dockers/sympa/build.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+
+printKazMsg "\n  *** Création du Dockerfile Sympa"
+
+cd "${KAZ_ROOT}"
+docker build --no-cache -t sympakaz . -f dockers/sympa/Dockerfile

dockers/sympa/config/aliases.sympa.postfix

@@ -0,0 +1,11 @@
+# Robot aliases for Sympa.
+sympa:                 "| /usr/lib/sympa/bin/queue sympa@MAILNAME.DOMAINNAME"
+listmaster:            "| /usr/lib/sympa/bin/queue listmaster@MAILNAME.DOMAINNAME"
+bounce:                "| /usr/lib/sympa/bin/bouncequeue sympa@MAILNAME.DOMAINNAME"
+abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@MAILNAME.DOMAINNAME"
+sympa-request:         postmaster
+sympa-owner:           postmaster
+#listserv:             sympa
+#listserv-request:     sympa-request
+#majordomo:            sympa
+#listserv-owner:       sympa-owner

dockers/sympa/config/postfix-wrapper.sh

@@ -0,0 +1,32 @@
+#! /bin/bash
+
+# You cannot start postfix in some foreground mode and
+# it's more or less important that docker doesn't kill
+# postfix and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping postfix correctly.
+#
+# supervisord config snippet for postfix-wrapper:
+#
+# [program:postfix]
+# process_name = postfix
+# command = /path/to/postfix-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+service postfix start
+
+# lets give postfix some time to start
+sleep 60
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "$(< /var/spool/postfix/pid/master.pid)"
+do
+  sleep 5
+done

dockers/sympa/config/postfix.sh

@@ -0,0 +1,41 @@
+#!/bin/bash
+
+postconf "postscreen_dnsbl_action = enforce"
+postconf "smtpd_banner = ESMTP"
+postconf "postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4"
+postconf "postscreen_dnsbl_threshold = 3"
+postconf "postscreen_dnsbl_whitelist_threshold = -1"
+postconf "postscreen_greet_action = enforce"
+postconf "postscreen_bare_newline_action = enforce"
+postconf "smtputf8_enable = no"
+postconf "smtpd_tls_cert_file=ENVCERT"
+postconf "smtpd_tls_key_file=ENVKEY"
+postconf "myhostname = MAILNAME.DOMAINNAME"
+postconf "transport_maps = hash:/etc/postfix/transport"
+postconf "message_size_limit = 1024000000"
+postconf "slow_destination_concurrency_limit = 2"
+postconf "slow_destination_recipient_limit = 20"
+postconf "slow_destination_rate_delay = 5s"
+postconf "slow_destination_concurrency_failed_cohort_limit=10"
+postconf "veryslow_destination_concurrency_limit = 2"
+postconf "veryslow_destination_recipient_limit = 2"
+postconf "veryslow_destination_rate_delay = 10s"
+postconf "veryslow_destination_concurrency_failed_cohort_limit=10"
+
+postmap /etc/postfix/transport
+
+grep "slow_destination" /etc/postfix/master.cf >/dev/null 2>&1
+if [ "$?" -ne "0" ]
+then
+	echo -e "slow    unix    -       -       n       -       5       smtp\n \
+	-o syslog_name=postfix-slow" \
+	 >>/etc/postfix/master.cf
+fi
+
+grep "veryslow_destination" /etc/postfix/master.cf >/dev/null 2>&1
+if [ "$?" -ne "0" ]
+then
+	echo -e "veryslow    unix    -       -       n       -       5       smtp\n \
+	-o syslog_name=postfix-veryslow" \
+	 >>/etc/postfix/master.cf
+fi

dockers/sympa/config/start.sh

@@ -0,0 +1,51 @@
+#!/bin/bash
+
+echo "Configuring for ${DOMAIN_SYMPA}"
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/postfix/main.cf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/sympa/sympa/sympa.conf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/mailname
+sed -i -e "s/ADMIN_EMAIL/$ADMINEMAIL/g" /etc/aliases
+postalias /etc/aliases
+
+
+sed -i -e "s%ENVKEY%$KEY%g" /etc/postfix/main.cf
+sed -i -e "s%ENVCERT%$CERT%g" /etc/postfix/main.cf
+
+sed -i -e "s%ENVKEY%$KEY%g" /etc/apache2/sites-available/default-ssl.conf
+sed -i -e "s%ENVCERT%$CERT%g" /etc/apache2/sites-available/default-ssl.conf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/apache2/sites-available/000-default.conf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /var/www/html/index.html
+
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/sympa/aliases.sympa.postfix
+postalias hash:/etc/sympa/aliases.sympa.postfix
+/usr/lib/sympa/bin/sympa_newaliases.pl
+
+postmap /etc/postfix/transport
+
+# sed -i -e "s/LISTMASTERS/$LISTMASTERS/g" /etc/sympa/sympa/sympa.conf
+
+# Passage de SQLite à MySQL
+sed -i -e "s/db_name.*//g" /etc/sympa/sympa/sympa.conf
+sed -i -e "s/db_type.*//g" /etc/sympa/sympa/sympa.conf
+echo -e "db_type	mysql\ndb_host	db\ndb_port	3306\ndb_name	${MYSQL_DATABASE}\ndb_user	${MYSQL_USER}\ndb_passwd	${MYSQL_PASSWORD}" >> /etc/sympa/sympa/sympa.conf
+
+# set des listmasters
+sed -i -e "s/listmaster.*//g" /etc/sympa/sympa/sympa.conf
+echo -e "listmaster $LISTMASTERS" >> /etc/sympa/sympa/sympa.conf
+
+# passage en https
+sed -i -e "s/http:/https:/g" /etc/sympa/sympa/sympa.conf
+
+# Initialisation/Vérification de la database
+until /usr/lib/sympa/bin/sympa.pl --health_check # creates the database if needed, wait for the DB to be ready
+do
+  sleep 0.1
+done
+
+# préparation du SOAP
+sed -i -e "s%SOAP_USER%${SOAP_USER}%g" /etc/sympa/trusted_applications.conf
+MD5PASS=$(/usr/lib/sympa/bin/sympa.pl --md5_digest=${SOAP_PASSWORD} | cut -d':' -f2 | sed -e "s/[[:space:]]*//g")
+sed -i -e "s%SOAP_MD5PASS%${MD5PASS}%g" /etc/sympa/trusted_applications.conf
+
+echo "Starting supervisord"
+supervisord -n -c /etc/supervisord.conf

dockers/sympa/config/supervisord.conf

@@ -0,0 +1,90 @@
+[supervisord]
+user = root
+loglevel = warn
+nodaemon = true
+strip_ansi = true
+logfile = /var/log/supervisor/supervisord.log      ; default $CWD/supervisord.log
+pidfile = /var/run/supervisord.pid                 ; default supervisord.pid
+childlogdir = /var/log/supervisor                  ; default $TEMP ('AUTO' child log dir)
+
+[unix_http_server]
+file = /dev/shm/supervisor.sock
+chmod = 0700
+chown = nobody:nogroup
+username = docker-mailserver
+password = docker-mailserver-password
+
+[supervisorctl]
+serverurl = unix:///dev/shm/supervisor.sock        ; use a 'unix://' path for a unix socket
+username = docker-mailserver
+password = docker-mailserver-password
+
+; must remain in config file for RPC (supervisorctl/web interface) to work, additional
+; interfaces may be added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+
+
+[program:rsyslog]
+#command=/etc/init.d/rsyslog restart
+command=/usr/sbin/rsyslogd -n
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:postfix]
+startsecs=0
+stopwaitsecs=55
+autostart=true
+autorestart=true
+command=/usr/local/bin/postfix-wrapper.sh
+#command=/usr/lib/postfix/sbin/master -d
+#command=/etc/init.d/postfix restart
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:apache2]
+#command=/etc/init.d/apache2 restart
+command=/usr/sbin/apache2ctl -c "ErrorLog /dev/stdout" -DFOREGROUND
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:anacron]
+#command=/etc/init.d/anacron restart
+command=/usr/sbin/anacron -sd
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-outgoing]
+command=/usr/lib/sympa/bin/bulk.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-archive]
+command=/usr/lib/sympa/bin/archived.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-bounce]
+command=/usr/lib/sympa/bin/bounced.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-task]
+command=/usr/lib/sympa/bin/task_manager.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa]
+command=/usr/lib/sympa/bin/sympa_msg.pl --foreground
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-fcgi]
+command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8442 /usr/lib/cgi-bin/sympa/wwsympa.fcgi
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-soap-fcgi]
+command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8443 /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi
+stdout_events_enabled=true
+stderr_events_enabled=true

dockers/sympa/config/sympa.preseed

@@ -0,0 +1,15 @@
+postfix	postfix/mailname		string		MAILNAME.DOMAINNAME
+postfix	postfix/main_mailer_type	string		'Pas de configuration'
+
+sympa	sympa/dbconfig-install		boolean		true
+sympa	sympa/database-type		select		sqlite3
+sympa	sympa/sympa_newaliases-wrapper-setuid-root	boolean	true
+sympa	sympa/listmaster		string		LISTMASTERS
+
+sympa	wwsympa/webserver_type		select		Apache 2
+sympa	sympa/use_soap			boolean		false
+
+# à garder dans un coin
+# sympa sympa/use_wwsympa boolean true
+# sympa wwsympa/fastcgi boolean true
+# sympa sympa/use_soap boolean true

dockers/sympa/config/transport

@@ -0,0 +1,13 @@
+orange.fr       veryslow:
+orange.com      veryslow:
+wanadoo.com     veryslow:
+wanadoo.fr      veryslow:
+gmail.com	slow:
+yahoo.com  	slow:
+yahoo.fr	slow:
+outlook.com	veryslow:
+outlook.fr  veryslow:
+hotmail.fr	veryslow:
+hotmail.com	veryslow:
+live.com	veryslow:
+live.fr   veryslow:

dockers/sympa/config/trusted_applications.conf

@@ -0,0 +1,5 @@
+trusted_application
+  name SOAP_USER
+  md5password SOAP_MD5PASS
+  # the md5 digest of the application pasword. You can get it with sympa.pl --md5_digest=<the password>
+  proxy_for_variables USER_EMAIL,remote_host

dockers/sympa/docker-compose.yml

@@ -0,0 +1,72 @@
+version: '3.3'
+
+services:
+
+  mail:
+    image: sympakaz:latest
+    container_name: ${sympaServName}
+    restart: ${restartPolicy}
+    depends_on:
+      - db
+    networks:
+      - sympaNet
+      - jirafeauNet
+    links:
+      - db
+    external_links:
+      - db:${fileHost}
+      - ${jirafeauServName}:${fileHost}
+    ports:
+      - ${SYMPA_IP}:25:25
+      - ${SYMPA_IP}:80:80
+      - ${SYMPA_IP}:443:443
+    env_file:
+      - ../../secret/env-${sympaServName}
+    environment:
+      - DOMAIN_SYMPA=${domain_sympa}
+    volumes:
+      - sympaLog:/var/log
+      - sympaIcons:/usr/share/sympa/static_content/icons
+      - sympaVar:/var/lib/sympa
+      - sympaSpool:/var/spool/sympa
+      - sympaPostfixSpool:/var/spool/postfix
+      - sympaEtcMail:/etc/mail
+      - filterConfig:/home/filter/config/
+      - ./config/transport:/etc/postfix/transport:rw
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/letsencrypt:/etc/letsencrypt:ro
+
+  db:
+    image: mariadb:10.5
+    container_name: ${sympaDBName}
+    restart: ${restartPolicy}
+    networks:
+      - sympaNet
+    env_file:
+      - ../../secret/env-${sympaDBName}
+    volumes:
+      - sympaDB:/var/lib/mysql
+      - /home/sauve/:/svg/
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+
+
+volumes:
+  sympaDB:
+  sympaLog:
+  sympaIcons:
+  sympaVar:
+  sympaSpool:
+  sympaPostfixSpool:
+  sympaEtcMail:
+  filterConfig:
+    external: true
+
+networks:
+  sympaNet:
+    external: true
+    name: sympaNet
+  jirafeauNet:
+    external: true
+    name: jirafeauNet

dockers/sympa/first.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+
+cd $(dirname $0)
+. "${DOCKERS_ENV}"
+. "${KAZ_KEY_DIR}/SetAllPass.sh"
+
+DockerServName="${sympaServName}"
+
+checkDockerRunning "${DockerServName}" "Sympa" || exit
+
+printKazMsg "\n  *** Premier lancement de Sympa"
+
+# docker exec "${DockerServName}" bash -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sympa || echo ok"

dockers/sympa/reload.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+
+# mis à jour du filtre (si pas de ./build)
+cd $(dirname $0)/..
+for i in eMailShrinker filter.sh filterTest.sh; do
+    docker cp "postfix/filter/$i" sympaServ:/home/filter/
+done
+#Correction des droits sur le filter.sh
+docker exec  sympaServ chmod a+rx /home/filter/filter.sh /home/filter/filterTest.sh

dockers/sympa/updateFirewall.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+# à lancer sur l'hôte pour paramétrer iptables
+# ça peut brailler car certaines choses devraient être faites une et une seule fois, mais ce script peut être réappelé à chaque lancement du docker.
+
+#cleaning, may throw errors at first launch
+#iptables -t nat -D POSTROUTING -o ens18 -j ipbis
+#iptables -t nat -F ipbis
+#iptables -t nat -X ipbis
+
+iptables -t nat -N ipbis
+iptables -t nat -F ipbis
+iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.sympaNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
+iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.jirafeauNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
+iptables -t nat -A ipbis -j RETURN
+iptables -t nat -D POSTROUTING -o ens18 -j ipbis
+iptables -t nat -I POSTROUTING -o ens18 -j ipbis