migration develop-sympa vers sympa2

1 year ago · 045bb92718
15 changed files with 301 additions and 256 deletions
--- a/dockers/sympa/Dockerfile
+++ b/dockers/sympa/Dockerfile
@ -4,7 +4,10 @@
 # le fichier preseed contient l' installation en mysql, mais il faudra revenir dessus en lancant sympa_wizard
 # ne pas oublier de verifier la fin du fichier sympa.conf qui doit contenir les lignes contenu dans le sympa.sh

-FROM debian:buster
+# Fanch janvier 2022
+# migration en bullseye, tentative de rendre générique
+
+FROM debian:bullseye

 ########################################
 # APT local cache
@ -12,11 +15,11 @@ FROM debian:buster
 COPY .dummy .apt-mirror-confi[g] .proxy-confi[g] /
 RUN cp /.proxy-config /etc/profile.d/proxy.sh 2> /dev/null || true
 RUN if [ -f /.apt-mirror-config ] ; then . /.apt-mirror-config && sed -i \
-    -e "s/deb.debian.org/${APT_MIRROR_DEBIAN}/g" \
-    -e "s/security.debian.org/${APT_MIRROR_DEBIAN_SECURITY}/g" \
-    -e "s/archive.ubuntu.com/${APT_MIRROR_UBUNTU}/g" \
-    -e "s/security.ubuntu.com/${APT_MIRROR_UBUNTU_SECURITY}/g" \
-    /etc/apt/sources.list; fi
+	-e "s%s\?://deb.debian.org%://${APT_MIRROR_DEBIAN}%g" \
+	-e "s%s\?://security.debian.org%://${APT_MIRROR_DEBIAN_SECURITY}%g" \
+	-e "s%s\?://archive.ubuntu.com%://${APT_MIRROR_UBUNTU}%g" \
+	-e "s%s\?://security.ubuntu.com%://${APT_MIRROR_UBUNTU_SECURITY}%g" \
+	/etc/apt/sources.list; fi

 ########################################
 RUN apt-get update
@ -29,33 +32,30 @@ RUN update-locale LANG=fr_FR.UTF-8
 RUN echo sympa >/etc/hostname

 COPY dockers/sympa/config/sympa.preseed /tmp/sympa.preseed
-
 RUN debconf-set-selections < /tmp/sympa.preseed
-RUN apt-get -y install anacron rsyslog procps apt-utils dos2unix apg gawk altermime libboost-program-options-dev libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev
-#RUN apt-get -y install cpanminus nginx spawn-fcgi
-RUN apt-get -y install cpanminus apache2 spawn-fcgi libapache2-mod-fcgid libfcgi-perl
-#cette ligne est peut être a virer
-#RUN apt-get -y install emacs elpa-php-mode vim nano mailutils bsd-mailx vim 
-RUN apt-get -y install vim nano mailutils bsd-mailx vim 
-RUN apt-get -y install postfix
-RUN apt-get -y install supervisor
-RUN apt-get -y install mariadb-client
-
-RUN apt-get -y install logrotate
-
-RUN a2enmod rewrite ssl
+
+#RUN apt-get -y install anacron rsyslog procps apt-utils apg gawk altermime libboost-program-options-dev \
+#	 libboost-system-dev libboost-filesystem-dev libcurl4-gnutls-dev cpanminus apache2 spawn-fcgi \
+#	 libapache2-mod-fcgid libfcgi-perl vim nano mailutils bsd-mailx postfix supervisor mariadb-client \
+#	 apt-utils
+
+RUN DEBIAN_FRONTEND=noninteractive apt-get -y install --no-install-recommends sympa apache2 postfix supervisor anacron spawn-fcgi libapache2-mod-fcgid
+
+RUN a2enmod rewrite ssl proxy_fcgi
 RUN a2ensite default-ssl
+RUN a2enconf sympa-soap

 RUN sed \
-    -e 's%SSLCertificateKeyFile\s.*$%SSLCertificateKeyFile   /etc/letsencrypt/live/kaz.bzh/privkey.pem%g' \
-    -e 's%SSLCertificateFile\s.*$%SSLCertificateFile      /etc/letsencrypt/live/kaz.bzh/fullchain.pem%g' \
+    -e 's%SSLCertificateKeyFile\s.*$%SSLCertificateKeyFile   ENVKEY%g' \
+    -e 's%SSLCertificateFile\s.*$%SSLCertificateFile      ENVCERT%g' \
    -i /etc/apache2/sites-available/default-ssl.conf
 RUN sed \
-    -e '/ServerName/a	Redirect / https://listes.kaz.bzh/' \
+    -e '/ServerName/a	Redirect / https://MAILNAME.DOMAINNAME/' \
    -i /etc/apache2/sites-available/000-default.conf
-RUN echo '<head>\n  <meta http-equiv="Refresh" content="0; URL=https://listes.kaz.bzh/wws" />\n</head>\n' > /var/www/html/index.html
+RUN echo '<head>\n  <meta http-equiv="Refresh" content="0; URL=https://MAILNAME.DOMAINNAME/wws" />\n</head>\n' > /var/www/html/index.html
+RUN sed -e 's%ScriptAlias.*%ProxyPass "/wws" "fcgi://localhost:8442/"%' -i /etc/apache2/conf-enabled/sympa.conf
+RUN sed -e 's%ScriptAlias.*%ProxyPass "/sympasoap" "fcgi://localhost:8443/"%' -i /etc/apache2/conf-enabled/sympa-soap.conf

-RUN apt-get -y install apt-utils

 # creation du user filter,son repertoire home, copie des fichiers pour faire fonctionner le shrinker
 RUN mkdir /home/filter && useradd -d /home/filter filter && chown filter /home/filter
@ -66,15 +66,12 @@ RUN chown filter /home/filter/* && chmod 755 /home/filter/*
 RUN mkdir -p /var/log/mail
 RUN touch /var/log/mail/filter.log && chown filter /var/log/mail/filter.log && chmod 777 /var/log/mail/filter.log
 RUN mkdir -p /var/spool/filter && chmod 775 /var/spool/filter && chown filter /var/spool/filter
-RUN mkdir -p /var/log/mail/pb ; chmod a+rwx /var/log/mail/pb

 # pour le confort : modif du .bashrc de root
 RUN sed -i 's/# alias/alias/g' /root/.bashrc
 RUN sed -i 's/# export/export/g' /root/.bashrc
 RUN sed -i 's/# eval/eval/g' /root/.bashrc

-#RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sympa || true
-
 COPY dockers/sympa/config/supervisord.conf /etc/supervisord.conf

 RUN touch /var/log/sympa.log
@ -83,24 +80,40 @@ RUN echo "local1.* 		-/var/log/sympa.log" >>/etc/rsyslog.conf

 # configuration de postfix
 COPY dockers/sympa/config/postfix.sh /tmp
-RUN sh /tmp/postfix.sh
+RUN bash /tmp/postfix.sh

 # # modif des fichiers de postfix pour filter
 RUN cat /home/filter/master.cf.update >>/etc/postfix/master.cf
 RUN sed -i 's/^\(smtp .*smtpd\)$/\1\n\t-o content_filter=filter:dummy/' /etc/postfix/master.cf

-COPY dockers/sympa/config/sympa.sh /tmp
+# je commente, j'intègre le contenu dans le dockerfile
+# COPY dockers/sympa/config/sympa.sh /tmp

 # pour qu'admin@kaz.bzh recoivent les mails d'anomalie
-RUN echo "root: admin@kaz.bzh" >> /etc/aliases
-RUN postalias /etc/aliases
+RUN echo "root: ADMIN_EMAIL" >> /etc/aliases
+RUN postalias hash:/etc/aliases
+
+# Configuration de sympa
+RUN echo aliases_program postalias >>/etc/sympa/sympa/sympa.conf
+RUN echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf
+RUN echo soap_url /sympasoap >>/etc/sympa/sympa/sympa.conf
+RUN cp /usr/share/doc/sympa/examples/script/sympa_soap_client.pl.gz /usr/lib/sympa/bin/
+RUN gunzip /usr/lib/sympa/bin/sympa_soap_client.pl.gz
+RUN chmod +x /usr/lib/sympa/bin/sympa_soap_client.pl
+
+COPY dockers/sympa/config/aliases.sympa.postfix /etc/sympa/aliases.sympa.postfix
+COPY dockers/sympa/config/trusted_applications.conf /etc/sympa/trusted_applications.conf
+
+
+RUN postconf "alias_maps = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix,hash:/etc/mail/sympa/aliases"
+RUN postconf "alias_database = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix"
+RUN postalias hash:/etc/sympa/aliases.sympa.postfix
+# RUN /usr/lib/sympa/bin/sympa_newaliases.pl

-################################################## SYMPA ###############################################################################"
-# une fois le container créé, lancer cette ligne de commae à la main dans le container pour installer sympa
-#RUN DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sympa || echo ok
-############################################### Fin de conf Sympa ##############################################################################
+COPY dockers/sympa/config/postfix-wrapper.sh /usr/local/bin/
+RUN chmod a+x /usr/local/bin/postfix-wrapper.sh

 COPY dockers/sympa/config/start.sh /
-CMD ["/bin/bash", "/start.sh"]
+ENTRYPOINT ["/bin/bash", "/start.sh"]

-EXPOSE 80
+EXPOSE 80 443 25
--- a/dockers/sympa/config/aliases.sympa.postfix
+++ b/dockers/sympa/config/aliases.sympa.postfix
@ -0,0 +1,11 @@
+# Robot aliases for Sympa.
+sympa:                 "| /usr/lib/sympa/bin/queue sympa@MAILNAME.DOMAINNAME"
+listmaster:            "| /usr/lib/sympa/bin/queue listmaster@MAILNAME.DOMAINNAME"
+bounce:                "| /usr/lib/sympa/bin/bouncequeue sympa@MAILNAME.DOMAINNAME"
+abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@MAILNAME.DOMAINNAME"
+sympa-request:         postmaster
+sympa-owner:           postmaster
+#listserv:             sympa
+#listserv-request:     sympa-request
+#majordomo:            sympa
+#listserv-owner:       sympa-owner
--- a/dockers/sympa/config/postfix-wrapper.sh
+++ b/dockers/sympa/config/postfix-wrapper.sh
@ -0,0 +1,32 @@
+#! /bin/bash
+
+# You cannot start postfix in some foreground mode and
+# it's more or less important that docker doesn't kill
+# postfix and its chilren if you stop the container.
+#
+# Use this script with supervisord and it will take
+# care about starting and stopping postfix correctly.
+#
+# supervisord config snippet for postfix-wrapper:
+#
+# [program:postfix]
+# process_name = postfix
+# command = /path/to/postfix-wrapper.sh
+# startsecs = 0
+# autorestart = false
+#
+
+trap "service postfix stop" SIGINT
+trap "service postfix stop" SIGTERM
+trap "service postfix reload" SIGHUP
+
+service postfix start
+
+# lets give postfix some time to start
+sleep 60
+
+# wait until postfix is dead (triggered by trap)
+while kill -0 "$(< /var/spool/postfix/pid/master.pid)"
+do
+  sleep 5
+done
--- a/dockers/sympa/config/postfix.sh
+++ b/dockers/sympa/config/postfix.sh
@ -1,3 +1,5 @@
+#!/bin/bash
+
 postconf "postscreen_dnsbl_action = enforce"
 postconf "smtpd_banner = ESMTP"
 postconf "postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4"
@ -6,7 +8,28 @@ postconf "postscreen_dnsbl_whitelist_threshold = -1"
 postconf "postscreen_greet_action = enforce"
 postconf "postscreen_bare_newline_action = enforce"
 postconf "smtputf8_enable = no"
-postconf "smtpd_tls_cert_file=/etc/letsencrypt/live/kaz.bzh/fullchain.pem"
-postconf "smtpd_tls_key_file=/etc/letsencrypt/live/kaz.bzh/privkey.pem"
+postconf "smtpd_tls_cert_file=ENVCERT"
+postconf "smtpd_tls_key_file=ENVKEY"
+postconf "myhostname = MAILNAME.DOMAINNAME"
+postconf "transport_maps = hash:/etc/postfix/transport"
+postconf "slow_destination_recipient_limit = 20"
+postconf "slow_destination_concurrency_limit = 2"
+postconf "message_size_limit = 1024000000"

+echo -e "orange.fr       slow:\n \
+  orange.com      slow:\n \
+  wanadoo.com     slow:\n \
+  wanadoo.fr      slow:\n \
+  gmail.com  slow:\n \
+  yahoo.com  :slow" > /etc/postfix/transport
+postmap /etc/postfix/transport

+grep "slow_destination" /etc/postfix/master.cf >/dev/null 2>&1
+if [ "$?" -ne "0" ]
+then
+	echo -e "slow    unix    -       -       n       -       5       smtp\n \
+	-o syslog_name=postfix-slow\n \
+	-o smtp_destination_concurrency_limit=2\n \
+	-o slow_destination_rate_delay=2s" \
+	 >>/etc/postfix/master.cf
+fi
--- a/dockers/sympa/config/start.sh
+++ b/dockers/sympa/config/start.sh
@ -1,4 +1,48 @@
 #!/bin/bash

+echo "Configuring for ${DOMAIN_SYMPA}"
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/postfix/main.cf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/sympa/sympa/sympa.conf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/mailname
+sed -i -e "s/ADMIN_EMAIL/$ADMINEMAIL/g" /etc/aliases
+
+
+sed -i -e "s%ENVKEY%$KEY%g" /etc/postfix/main.cf
+sed -i -e "s%ENVCERT%$CERT%g" /etc/postfix/main.cf
+
+sed -i -e "s%ENVKEY%$KEY%g" /etc/apache2/sites-available/default-ssl.conf
+sed -i -e "s%ENVCERT%$CERT%g" /etc/apache2/sites-available/default-ssl.conf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/apache2/sites-available/000-default.conf
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /var/www/html/index.html
+
+sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/sympa/aliases.sympa.postfix
+postalias hash:/etc/sympa/aliases.sympa.postfix
+/usr/lib/sympa/bin/sympa_newaliases.pl
+
+# sed -i -e "s/LISTMASTERS/$LISTMASTERS/g" /etc/sympa/sympa/sympa.conf
+
+# Passage de SQLite à MySQL
+sed -i -e "s/db_name.*//g" /etc/sympa/sympa/sympa.conf
+sed -i -e "s/db_type.*//g" /etc/sympa/sympa/sympa.conf
+echo -e "db_type	mysql\ndb_host	db\ndb_port	3306\ndb_name	${MYSQL_DATABASE}\ndb_user	${MYSQL_USER}\ndb_passwd	${MYSQL_PASSWORD}" >> /etc/sympa/sympa/sympa.conf
+
+# set des listmasters
+sed -i -e "s/listmaster.*//g" /etc/sympa/sympa/sympa.conf
+echo -e "listmaster $LISTMASTERS" >> /etc/sympa/sympa/sympa.conf
+
+# passage en https
+sed -i -e "s/http:/https:/g" /etc/sympa/sympa/sympa.conf
+
+# Initialisation/Vérification de la database
+until /usr/lib/sympa/bin/sympa.pl --health_check # creates the database if needed, wait for the DB to be ready
+do
+  sleep 0.1
+done
+
+# préparation du SOAP
+sed -i -e "s%SOAP_USER%${SOAP_USER}%g" /etc/sympa/trusted_applications.conf
+MD5PASS=$(/usr/lib/sympa/bin/sympa.pl --md5_digest=${SOAP_PASSWORD} | cut -d':' -f2 | sed -e "s/[[:space:]]*//g")
+sed -i -e "s%SOAP_MD5PASS%${MD5PASS}%g" /etc/sympa/trusted_applications.conf
+
 echo "Starting supervisord"
 supervisord -n -c /etc/supervisord.conf
--- a/dockers/sympa/config/supervisord.conf
+++ b/dockers/sympa/config/supervisord.conf
@ -1,37 +1,90 @@
 [supervisord]
-nodaemon=true               ; (start in foreground if true;default false)
+user = root
+loglevel = warn
+nodaemon = true
+strip_ansi = true
+logfile = /var/log/supervisor/supervisord.log      ; default $CWD/supervisord.log
+pidfile = /var/run/supervisord.pid                 ; default supervisord.pid
+childlogdir = /var/log/supervisor                  ; default $TEMP ('AUTO' child log dir)
+
+[unix_http_server]
+file = /dev/shm/supervisor.sock
+chmod = 0700
+chown = nobody:nogroup
+username = docker-mailserver
+password = docker-mailserver-password
+
+[supervisorctl]
+serverurl = unix:///dev/shm/supervisor.sock        ; use a 'unix://' path for a unix socket
+username = docker-mailserver
+password = docker-mailserver-password
+
+; must remain in config file for RPC (supervisorctl/web interface) to work, additional
+; interfaces may be added by defining them in separate rpcinterface: sections
+[rpcinterface:supervisor]
+supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
+

 [program:rsyslog]
-command=/etc/init.d/rsyslog restart
+#command=/etc/init.d/rsyslog restart
+command=/usr/sbin/rsyslogd -n
 stdout_events_enabled=true
 stderr_events_enabled=true

 [program:postfix]
-command=/etc/init.d/postfix restart
+startsecs=0
+stopwaitsecs=55
+autostart=true
+autorestart=true
+command=/usr/local/bin/postfix-wrapper.sh
+#command=/usr/lib/postfix/sbin/master -d
+#command=/etc/init.d/postfix restart
 stdout_events_enabled=true
 stderr_events_enabled=true

 [program:apache2]
-command=/etc/init.d/apache2 restart
+#command=/etc/init.d/apache2 restart
+command=/usr/sbin/apache2ctl -c "ErrorLog /dev/stdout" -DFOREGROUND
 stdout_events_enabled=true
 stderr_events_enabled=true

-[program:cron]
-command=/etc/init.d/cron restart
+[program:anacron]
+#command=/etc/init.d/anacron restart
+command=/usr/sbin/anacron -sd
 stdout_events_enabled=true
 stderr_events_enabled=true

-[program:sympa-fcgi]
-command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8442 /usr/lib/cgi-bin/sympa/wwsympa.fcgi
+[program:sympa-outgoing]
+command=/usr/lib/sympa/bin/bulk.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-archive]
+command=/usr/lib/sympa/bin/archived.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-bounce]
+command=/usr/lib/sympa/bin/bounced.pl -F
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-task]
+command=/usr/lib/sympa/bin/task_manager.pl -F
 stdout_events_enabled=true
 stderr_events_enabled=true

-[program:sympa-stop]
-command=/etc/init.d/sympa stop
+[program:sympa]
+command=/usr/lib/sympa/bin/sympa_msg.pl --foreground
+stdout_events_enabled=true
+stderr_events_enabled=true
+
+[program:sympa-fcgi]
+command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8442 /usr/lib/cgi-bin/sympa/wwsympa.fcgi
 stdout_events_enabled=true
 stderr_events_enabled=true

-[program:sympa-start]
-command=/etc/init.d/sympa start
+[program:sympa-soap-fcgi]
+command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8443 /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi
 stdout_events_enabled=true
 stderr_events_enabled=true
--- a/dockers/sympa/config/sympa.preseed
+++ b/dockers/sympa/config/sympa.preseed
@ -1,73 +1,10 @@
-postfix	postfix/mailname		string		listes.kaz.bzh
+postfix	postfix/mailname		string		MAILNAME.DOMAINNAME
 postfix	postfix/main_mailer_type	string		'Pas de configuration'

 sympa	sympa/dbconfig-install		boolean		true
-#sympa	sympa/database-type		select		sqlite3
-sympa	sympa/db/dbname			string		sympa
-sympa	sympa/remote/host		string		db
-sympa	sympa/database-type		select		MySQL
-sympa	sympa/mysql/admin-pass		string		sympa
-sympa	sympa/mysql/admin-user		string		root
-sympa	sympa/mysql/app-pass		string		sympa
-sympa	wwsympa/webserver_type		select		Apache 2
+sympa	sympa/database-type		select		sqlite3
 sympa	sympa/sympa_newaliases-wrapper-setuid-root	boolean	true
-sympa	sympa/language			select		fr
-sympa	wwsympa/wwsympa_url		string		http://listes.kaz.bzh/wws
-sympa	wwsympa/fastcgi			boolean		true
-sympa	wwsympa/remove_spool		boolean		false
-sympa	sympa/listmaster		string		didier@kaz.bzh,francois@kaz.bzh, fabrice@kaz.bzh
-sympa	sympa/hostname			string		listes.kaz.bzh
-
-
-# sympa	sympa/app-password-confirm	password	
-# sympa	sympa/password-confirm		password	
-
-# # Database type to be used by sympa:
-# #sympa	sympa/database-type		select		sqlite3
-
-# # Delete the database for sympa?
-# sympa	sympa/purge			boolean		false
-# sympa	sympa/language			select		fr
-
-# #sympa	sympa/passwords-do-not-match	error	
-# sympa	sympa/remove-error		select		abort
-# sympa	wwsympa/wwsympa_url		string		http://listes.kaz.bzh/wws
-
-# # SQLite database name for sympa:
-# sympa	sympa/db/dbname			string		sympa
-
-# sympa	sympa/database-type		select		mysql
-# sympa	sympa/mysql/admin-pass		string		sympa
-# sympa	sympa/mysql/admin-user		string		root
-# sympa	sympa/mysql/app-pass		string		sympa
+sympa	sympa/listmaster		string		LISTMASTERS

-# # Reinstall database for sympa?
-# sympa	sympa/dbconfig-reinstall	boolean		false
-# sympa	sympa/internal/skip-preseed	boolean		false
-
-# # Back up the database for sympa before upgrading?
-# sympa	sympa/upgrade-backup		boolean		true
-
-# # Deconfigure database for sympa with dbconfig-common?
-# sympa	sympa/dbconfig-remove		boolean		true
-# sympa	sympa/internal/reconfiguring	boolean		false
-
-# # Do you want the sympa SOAP server to be used?
-# sympa	sympa/use_soap			boolean		false
-# sympa	sympa/upgrade-error		select		abort
-# sympa	wwsympa/fastcgi			boolean		true
-# sympa	sympa/remove_spool		boolean		false
-# sympa	wwsympa/remove_spool		boolean		false
-# sympa	sympa/missing-db-package-error	select		abort
-# sympa	sympa/listmaster		string		francois@kaz.bzh
-# sympa	sympa/hostname			string		listes.kaz.bzh
-
-# # Perform upgrade on database for sympa with dbconfig-common?
-# sympa	sympa/dbconfig-upgrade		boolean		true
-
-# # Configure database for sympa with dbconfig-common?
-# sympa	sympa/dbconfig-install		boolean		true
-# sympa	sympa/install-error		select		abort
-
-# # SQLite storage directory for sympa:
-# #sympa	sympa/db/basepath		string		/var/lib/dbconfig-common/sqlite3/sympa
+sympa	wwsympa/webserver_type		select		Apache 2
+sympa	sympa/use_soap			boolean		false
--- a/dockers/sympa/config/sympa.sh
+++ b/dockers/sympa/config/sympa.sh
@ -1,30 +0,0 @@
-echo "" >>/etc/sympa/sympa/sympa.conf
-echo domain  listes.kaz.bzh>>/etc/sympa/sympa/sympa.conf
-echo aliases_program postalias >>/etc/sympa/sympa/sympa.conf
-echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf
-
-cat > /etc/sympa/aliases.sympa.postfix << EOF
-# Robot aliases for Sympa.
-sympa:                 "| /usr/lib/sympa/bin/queue sympa@listes.kaz.bzh"
-listmaster:            "| /usr/lib/sympa/bin/queue listmaster@listes.kaz.bzh"
-bounce:                "| /usr/lib/sympa/bin/bouncequeue sympa@listes.kaz.bzh"
-abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@listes.kaz.bzh"
-sympa-request:         postmaster
-sympa-owner:           postmaster
-#listserv:             sympa
-#listserv-request:     sympa-request
-#majordomo:            sympa
-#listserv-owner:       sympa-owner
-EOF
-
-postconf "alias_maps = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix,hash:/etc/mail/sympa/aliases"
-postconf "alias_database = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix"
-postalias hash:/etc/sympa/aliases.sympa.postfix
-/usr/lib/sympa/bin/sympa_newaliases.pl
-chmod 644 /etc/sympa/sympa/sympa.conf
-
-
-#docker exec -ti sympaDB exec mysql -u root --password=sympa CREATE DATABASE IF NOT EXISTS sympa;
-#docker exec -ti sympaDB exec mysql -u root --password=sympa GRANT ALL PRIVILEGES ON sympa.* TO sympa@localhost IDENTIFIED BY 'sympa'; 
-#/usr/lib/sympa/bin/sympa.pl --health_check
-
--- a/dockers/sympa/config/trusted_applications.conf
+++ b/dockers/sympa/config/trusted_applications.conf
@ -0,0 +1,5 @@
+trusted_application
+  name SOAP_USER
+  md5password SOAP_MD5PASS
+  # the md5 digest of the application pasword. You can get it with sympa.pl --md5_digest=<the password>
+  proxy_for_variables USER_EMAIL,remote_host
--- a/dockers/sympa/docker-compose.yml
+++ b/dockers/sympa/docker-compose.yml
@ -1,30 +1,16 @@
 version: '3.3'

 services:
-  # la DB est-elle utile ?
-  db:
-    image: mariadb:10.5
-    container_name: ${sympaDBName}
-    restart: ${restartPolicy}
-    networks:
-      - sympaNet
-    env_file:
-      - ../../secret/env-${sympaDBName}
-    volumes:
-      - sympaDB:/var/lib/mysql
-      - /home/sauve/:/svg/
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro

  mail:
-    image: sympakaz
+    image: sympakaz:latest
    container_name: ${sympaServName}
    restart: ${restartPolicy}
+    depends_on:
+      - db
    networks:
      - sympaNet
      - jirafeauNet
-    depends_on:
-      - db
    links:
      - db
    external_links:
@ -32,52 +18,43 @@ services:
      - ${jirafeauServName}:${fileHost}
    ports:
      - ${SYMPA_IP}:25:25
-      #- ${SYMPA_IP}:143:143
-      #- ${SYMPA_IP}:587:587
-      #- ${SYMPA_IP}:993:993
      - ${SYMPA_IP}:80:80
      - ${SYMPA_IP}:443:443
+    env_file:
+      - ../../secret/env-${sympaServName}
+    environment:
+      - DOMAIN_SYMPA=${sympaHost}.${domain_sympa}
    volumes:
-      - sympaState:/var/mail-state
      - sympaLog:/var/log
-      - sympaEtc:/etc
-      - sympaUsr:/usr
-      - sympaHome:/home
-      - sympaVar:/var
-      # - sympaSympa:/etc/sympa
-      # - sympaMail:/etc/mail/sympa
-      # - sympaVarLib:/var/lib/sympa
-      # - sympaSpool:/var/spool/sympa
-      # - sympaCgi:/usr/lib/cgi-bin/sympa
-      # - sympaLib:/usr/lib/sympa
-      # - sympaShare:/usr/share/sympa
-      # - ./config/nginx.conf:/etc/nginx/sites-available/default:ro
-      #- /etc/localtime:/etc/localtime:ro
-      #- /etc/timezone:/etc/timezone:ro
-      #- /etc/ssl:/etc/ssl:ro
+      - sympaVar:/var/lib/sympa
+      - sympaSpool:/var/spool/sympa
+      - sympaEtcMail:/etc/mail
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
      - /etc/letsencrypt:/etc/letsencrypt:ro
-    environment:
-      - DOMAINNAME=${domain}
-    #   - HOSTNAME=${sympaHost}
-    #   - CONTAINER_NAME=${sympaServName}
-    # env_file:
-    #   - ../../secret/env-${sympaServName}
+
+  db:
+    image: mariadb:10.5
+    container_name: ${sympaDBName}
+    restart: ${restartPolicy}
+    networks:
+      - sympaNet
+    env_file:
+      - ../../secret/env-${sympaDBName}
+    volumes:
+      - sympaDB:/var/lib/mysql
+      - /home/sauve/:/svg/
+      - /etc/localtime:/etc/localtime:ro
+      - /etc/timezone:/etc/timezone:ro
+

 volumes:
  sympaDB:
-  sympaState:
  sympaLog:
-  sympaEtc:
-  sympaUsr:
  sympaVar:
-  sympaHome:
-  # sympaSympa:
-  # sympaMail:
-  # sympaVarLib:
-  # sympaSpool:
-  # sympaCgi:
-  # sympaLib:
-  # sympaShare:
+  sympaSpool:
+  sympaEtcMail:
+

 networks:
  sympaNet:
--- a/dockers/sympa/first.sh
+++ b/dockers/sympa/first.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+KAZ_ROOT=$(cd $(dirname $0)/../..; pwd)
+. "${KAZ_ROOT}/bin/.commonFunctions.sh"
+setKazVars
+
+cd $(dirname $0)
+. "${DOCKERS_ENV}"
+. "${KAZ_KEY_DIR}/SetAllPass.sh"
+
+DockerServName="${sympaServName}"
+
+checkDockerRunning "${DockerServName}" "Sympa" || exit
+
+printKazMsg "\n  *** Premier lancement de Sympa"
+
+# docker exec "${DockerServName}" bash -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sympa || echo ok"
--- a/dockers/sympa/postfix/main.cf
+++ b/dockers/sympa/postfix/main.cf
@ -1,35 +0,0 @@
-myhostname = /etc/mailname
-smtpd_banner = $myhostname ESMTP
-biff = no
-append_dot_mydomain = no
-readme_directory = no
-alias_maps = hash:/etc/aliases
-alias_database = hash:/etc/aliases
-mydestination = $myhostname, localhost.$mydomain, localhost
-mydomain = listes.kaz.bzh
-mynetworks = 127.0.0.0/8 [::1]/128
-mailbox_size_limit = 0
-recipient_delimiter = +
-inet_interfaces = all
-inet_protocols = all
-
-
-# Settings to prevent SPAM early
-smtpd_helo_required = yes
-smtpd_delay_reject = yes
-smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit
-smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination
-smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain
-smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining
-smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain
-disable_vrfy_command = yes
-
-# Postscreen settings to drop zombies/open relays/spam early
-postscreen_dnsbl_action = enforce
-postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4
-postscreen_dnsbl_threshold = 3
-postscreen_dnsbl_whitelist_threshold = -1
-postscreen_greet_action = enforce
-postscreen_bare_newline_action = enforce
-smtputf8_enable = no
-compatibility_level = 2
--- a/dockers/sympa/postfix/master.cf
+++ b/dockers/sympa/postfix/master.cf
@ -1,9 +0,0 @@
-modiier le master avec ça 
-
-smtp       inet n       -       n       -       1       smtpd
-
-  -o content_filter=filter:dummy
-
-filter    unix  -       n       n       -       10      pipe
-    flags=Rq user=filter null_sender=
-    argv=/home/filter/filter.sh -f ${sender} -- ${recipient}
--- a/dockers/sympa/postfix/postfix.sh
+++ b/dockers/sympa/postfix/postfix.sh
@ -1,9 +0,0 @@
-postconf "postscreen_dnsbl_action = enforce"
-postconf "postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4"
-postconf "postscreen_dnsbl_threshold = 3"
-postconf "postscreen_dnsbl_whitelist_threshold = -1"
-postconf "postscreen_greet_action = enforce"
-postconf "postscreen_bare_newline_action = enforce"
-postconf "smtputf8_enable = no"
-postconf "smtpd_tls_cert_file=/etc/letsencrypt/live/kaz.bzh/fullchain.pm"
-postconf "smtpd_tls_key_file=/etc/letsencrypt/live/kaz.bzh/privkey.pem"
--- a/dockers/sympa/updateFirewall.sh
+++ b/dockers/sympa/updateFirewall.sh
@ -0,0 +1,16 @@
+#!/bin/bash
+# à lancer sur l'hôte pour paramétrer iptables
+# ça peut brailler car certaines choses devraient être faites une et une seule fois, mais ce script peut être réappelé à chaque lancement du docker.
+
+#cleaning, may throw errors at first launch
+#iptables -t nat -D POSTROUTING -o ens18 -j ipbis
+#iptables -t nat -F ipbis
+#iptables -t nat -X ipbis
+
+iptables -t nat -N ipbis
+iptables -t nat -F ipbis
+iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.sympaNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
+iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.jirafeauNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'`
+iptables -t nat -A ipbis -j RETURN
+iptables -t nat -D POSTROUTING -o ens18 -j ipbis
+iptables -t nat -I POSTROUTING -o ens18 -j ipbis