Francois Lesueur
1 year ago
15 changed files with 301 additions and 256 deletions
@ -0,0 +1,11 @@ |
|||
# Robot aliases for Sympa. |
|||
sympa: "| /usr/lib/sympa/bin/queue sympa@MAILNAME.DOMAINNAME" |
|||
listmaster: "| /usr/lib/sympa/bin/queue listmaster@MAILNAME.DOMAINNAME" |
|||
bounce: "| /usr/lib/sympa/bin/bouncequeue sympa@MAILNAME.DOMAINNAME" |
|||
abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@MAILNAME.DOMAINNAME" |
|||
sympa-request: postmaster |
|||
sympa-owner: postmaster |
|||
#listserv: sympa |
|||
#listserv-request: sympa-request |
|||
#majordomo: sympa |
|||
#listserv-owner: sympa-owner |
@ -0,0 +1,32 @@ |
|||
#! /bin/bash |
|||
|
|||
# You cannot start postfix in some foreground mode and |
|||
# it's more or less important that docker doesn't kill |
|||
# postfix and its chilren if you stop the container. |
|||
# |
|||
# Use this script with supervisord and it will take |
|||
# care about starting and stopping postfix correctly. |
|||
# |
|||
# supervisord config snippet for postfix-wrapper: |
|||
# |
|||
# [program:postfix] |
|||
# process_name = postfix |
|||
# command = /path/to/postfix-wrapper.sh |
|||
# startsecs = 0 |
|||
# autorestart = false |
|||
# |
|||
|
|||
trap "service postfix stop" SIGINT |
|||
trap "service postfix stop" SIGTERM |
|||
trap "service postfix reload" SIGHUP |
|||
|
|||
service postfix start |
|||
|
|||
# lets give postfix some time to start |
|||
sleep 60 |
|||
|
|||
# wait until postfix is dead (triggered by trap) |
|||
while kill -0 "$(< /var/spool/postfix/pid/master.pid)" |
|||
do |
|||
sleep 5 |
|||
done |
@ -1,4 +1,48 @@ |
|||
#!/bin/bash |
|||
|
|||
echo "Configuring for ${DOMAIN_SYMPA}" |
|||
sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/postfix/main.cf |
|||
sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/sympa/sympa/sympa.conf |
|||
sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/mailname |
|||
sed -i -e "s/ADMIN_EMAIL/$ADMINEMAIL/g" /etc/aliases |
|||
|
|||
|
|||
sed -i -e "s%ENVKEY%$KEY%g" /etc/postfix/main.cf |
|||
sed -i -e "s%ENVCERT%$CERT%g" /etc/postfix/main.cf |
|||
|
|||
sed -i -e "s%ENVKEY%$KEY%g" /etc/apache2/sites-available/default-ssl.conf |
|||
sed -i -e "s%ENVCERT%$CERT%g" /etc/apache2/sites-available/default-ssl.conf |
|||
sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/apache2/sites-available/000-default.conf |
|||
sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /var/www/html/index.html |
|||
|
|||
sed -i -e "s/MAILNAME.DOMAINNAME/${DOMAIN_SYMPA}/g" /etc/sympa/aliases.sympa.postfix |
|||
postalias hash:/etc/sympa/aliases.sympa.postfix |
|||
/usr/lib/sympa/bin/sympa_newaliases.pl |
|||
|
|||
# sed -i -e "s/LISTMASTERS/$LISTMASTERS/g" /etc/sympa/sympa/sympa.conf |
|||
|
|||
# Passage de SQLite à MySQL |
|||
sed -i -e "s/db_name.*//g" /etc/sympa/sympa/sympa.conf |
|||
sed -i -e "s/db_type.*//g" /etc/sympa/sympa/sympa.conf |
|||
echo -e "db_type mysql\ndb_host db\ndb_port 3306\ndb_name ${MYSQL_DATABASE}\ndb_user ${MYSQL_USER}\ndb_passwd ${MYSQL_PASSWORD}" >> /etc/sympa/sympa/sympa.conf |
|||
|
|||
# set des listmasters |
|||
sed -i -e "s/listmaster.*//g" /etc/sympa/sympa/sympa.conf |
|||
echo -e "listmaster $LISTMASTERS" >> /etc/sympa/sympa/sympa.conf |
|||
|
|||
# passage en https |
|||
sed -i -e "s/http:/https:/g" /etc/sympa/sympa/sympa.conf |
|||
|
|||
# Initialisation/Vérification de la database |
|||
until /usr/lib/sympa/bin/sympa.pl --health_check # creates the database if needed, wait for the DB to be ready |
|||
do |
|||
sleep 0.1 |
|||
done |
|||
|
|||
# préparation du SOAP |
|||
sed -i -e "s%SOAP_USER%${SOAP_USER}%g" /etc/sympa/trusted_applications.conf |
|||
MD5PASS=$(/usr/lib/sympa/bin/sympa.pl --md5_digest=${SOAP_PASSWORD} | cut -d':' -f2 | sed -e "s/[[:space:]]*//g") |
|||
sed -i -e "s%SOAP_MD5PASS%${MD5PASS}%g" /etc/sympa/trusted_applications.conf |
|||
|
|||
echo "Starting supervisord" |
|||
supervisord -n -c /etc/supervisord.conf |
|||
|
@ -1,37 +1,90 @@ |
|||
[supervisord] |
|||
nodaemon=true ; (start in foreground if true;default false) |
|||
user = root |
|||
loglevel = warn |
|||
nodaemon = true |
|||
strip_ansi = true |
|||
logfile = /var/log/supervisor/supervisord.log ; default $CWD/supervisord.log |
|||
pidfile = /var/run/supervisord.pid ; default supervisord.pid |
|||
childlogdir = /var/log/supervisor ; default $TEMP ('AUTO' child log dir) |
|||
|
|||
[unix_http_server] |
|||
file = /dev/shm/supervisor.sock |
|||
chmod = 0700 |
|||
chown = nobody:nogroup |
|||
username = docker-mailserver |
|||
password = docker-mailserver-password |
|||
|
|||
[supervisorctl] |
|||
serverurl = unix:///dev/shm/supervisor.sock ; use a 'unix://' path for a unix socket |
|||
username = docker-mailserver |
|||
password = docker-mailserver-password |
|||
|
|||
; must remain in config file for RPC (supervisorctl/web interface) to work, additional |
|||
; interfaces may be added by defining them in separate rpcinterface: sections |
|||
[rpcinterface:supervisor] |
|||
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface |
|||
|
|||
|
|||
[program:rsyslog] |
|||
command=/etc/init.d/rsyslog restart |
|||
#command=/etc/init.d/rsyslog restart |
|||
command=/usr/sbin/rsyslogd -n |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:postfix] |
|||
command=/etc/init.d/postfix restart |
|||
startsecs=0 |
|||
stopwaitsecs=55 |
|||
autostart=true |
|||
autorestart=true |
|||
command=/usr/local/bin/postfix-wrapper.sh |
|||
#command=/usr/lib/postfix/sbin/master -d |
|||
#command=/etc/init.d/postfix restart |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:apache2] |
|||
command=/etc/init.d/apache2 restart |
|||
#command=/etc/init.d/apache2 restart |
|||
command=/usr/sbin/apache2ctl -c "ErrorLog /dev/stdout" -DFOREGROUND |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:cron] |
|||
command=/etc/init.d/cron restart |
|||
[program:anacron] |
|||
#command=/etc/init.d/anacron restart |
|||
command=/usr/sbin/anacron -sd |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-fcgi] |
|||
command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8442 /usr/lib/cgi-bin/sympa/wwsympa.fcgi |
|||
[program:sympa-outgoing] |
|||
command=/usr/lib/sympa/bin/bulk.pl -F |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-archive] |
|||
command=/usr/lib/sympa/bin/archived.pl -F |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-bounce] |
|||
command=/usr/lib/sympa/bin/bounced.pl -F |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-task] |
|||
command=/usr/lib/sympa/bin/task_manager.pl -F |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-stop] |
|||
command=/etc/init.d/sympa stop |
|||
[program:sympa] |
|||
command=/usr/lib/sympa/bin/sympa_msg.pl --foreground |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-fcgi] |
|||
command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8442 /usr/lib/cgi-bin/sympa/wwsympa.fcgi |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
|||
[program:sympa-start] |
|||
command=/etc/init.d/sympa start |
|||
[program:sympa-soap-fcgi] |
|||
command=/usr/bin/spawn-fcgi -n -u sympa -g sympa -a 127.0.0.1 -p 8443 /usr/lib/cgi-bin/sympa/sympa_soap_server.fcgi |
|||
stdout_events_enabled=true |
|||
stderr_events_enabled=true |
|||
|
@ -1,73 +1,10 @@ |
|||
postfix postfix/mailname string listes.kaz.bzh |
|||
postfix postfix/mailname string MAILNAME.DOMAINNAME |
|||
postfix postfix/main_mailer_type string 'Pas de configuration' |
|||
|
|||
sympa sympa/dbconfig-install boolean true |
|||
#sympa sympa/database-type select sqlite3 |
|||
sympa sympa/db/dbname string sympa |
|||
sympa sympa/remote/host string db |
|||
sympa sympa/database-type select MySQL |
|||
sympa sympa/mysql/admin-pass string sympa |
|||
sympa sympa/mysql/admin-user string root |
|||
sympa sympa/mysql/app-pass string sympa |
|||
sympa wwsympa/webserver_type select Apache 2 |
|||
sympa sympa/database-type select sqlite3 |
|||
sympa sympa/sympa_newaliases-wrapper-setuid-root boolean true |
|||
sympa sympa/language select fr |
|||
sympa wwsympa/wwsympa_url string http://listes.kaz.bzh/wws |
|||
sympa wwsympa/fastcgi boolean true |
|||
sympa wwsympa/remove_spool boolean false |
|||
sympa sympa/listmaster string didier@kaz.bzh,francois@kaz.bzh, fabrice@kaz.bzh |
|||
sympa sympa/hostname string listes.kaz.bzh |
|||
|
|||
|
|||
# sympa sympa/app-password-confirm password |
|||
# sympa sympa/password-confirm password |
|||
|
|||
# # Database type to be used by sympa: |
|||
# #sympa sympa/database-type select sqlite3 |
|||
|
|||
# # Delete the database for sympa? |
|||
# sympa sympa/purge boolean false |
|||
# sympa sympa/language select fr |
|||
|
|||
# #sympa sympa/passwords-do-not-match error |
|||
# sympa sympa/remove-error select abort |
|||
# sympa wwsympa/wwsympa_url string http://listes.kaz.bzh/wws |
|||
|
|||
# # SQLite database name for sympa: |
|||
# sympa sympa/db/dbname string sympa |
|||
|
|||
# sympa sympa/database-type select mysql |
|||
# sympa sympa/mysql/admin-pass string sympa |
|||
# sympa sympa/mysql/admin-user string root |
|||
# sympa sympa/mysql/app-pass string sympa |
|||
sympa sympa/listmaster string LISTMASTERS |
|||
|
|||
# # Reinstall database for sympa? |
|||
# sympa sympa/dbconfig-reinstall boolean false |
|||
# sympa sympa/internal/skip-preseed boolean false |
|||
|
|||
# # Back up the database for sympa before upgrading? |
|||
# sympa sympa/upgrade-backup boolean true |
|||
|
|||
# # Deconfigure database for sympa with dbconfig-common? |
|||
# sympa sympa/dbconfig-remove boolean true |
|||
# sympa sympa/internal/reconfiguring boolean false |
|||
|
|||
# # Do you want the sympa SOAP server to be used? |
|||
# sympa sympa/use_soap boolean false |
|||
# sympa sympa/upgrade-error select abort |
|||
# sympa wwsympa/fastcgi boolean true |
|||
# sympa sympa/remove_spool boolean false |
|||
# sympa wwsympa/remove_spool boolean false |
|||
# sympa sympa/missing-db-package-error select abort |
|||
# sympa sympa/listmaster string francois@kaz.bzh |
|||
# sympa sympa/hostname string listes.kaz.bzh |
|||
|
|||
# # Perform upgrade on database for sympa with dbconfig-common? |
|||
# sympa sympa/dbconfig-upgrade boolean true |
|||
|
|||
# # Configure database for sympa with dbconfig-common? |
|||
# sympa sympa/dbconfig-install boolean true |
|||
# sympa sympa/install-error select abort |
|||
|
|||
# # SQLite storage directory for sympa: |
|||
# #sympa sympa/db/basepath string /var/lib/dbconfig-common/sqlite3/sympa |
|||
sympa wwsympa/webserver_type select Apache 2 |
|||
sympa sympa/use_soap boolean false |
|||
|
@ -1,30 +0,0 @@ |
|||
echo "" >>/etc/sympa/sympa/sympa.conf |
|||
echo domain listes.kaz.bzh>>/etc/sympa/sympa/sympa.conf |
|||
echo aliases_program postalias >>/etc/sympa/sympa/sympa.conf |
|||
echo sendmail /usr/sbin/sendmail >>/etc/sympa/sympa/sympa.conf |
|||
|
|||
cat > /etc/sympa/aliases.sympa.postfix << EOF |
|||
# Robot aliases for Sympa. |
|||
sympa: "| /usr/lib/sympa/bin/queue sympa@listes.kaz.bzh" |
|||
listmaster: "| /usr/lib/sympa/bin/queue listmaster@listes.kaz.bzh" |
|||
bounce: "| /usr/lib/sympa/bin/bouncequeue sympa@listes.kaz.bzh" |
|||
abuse-feedback-report: "| /usr/lib/sympa/bin/bouncequeue sympa@listes.kaz.bzh" |
|||
sympa-request: postmaster |
|||
sympa-owner: postmaster |
|||
#listserv: sympa |
|||
#listserv-request: sympa-request |
|||
#majordomo: sympa |
|||
#listserv-owner: sympa-owner |
|||
EOF |
|||
|
|||
postconf "alias_maps = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix,hash:/etc/mail/sympa/aliases" |
|||
postconf "alias_database = hash:/etc/aliases,hash:/etc/sympa/aliases.sympa.postfix" |
|||
postalias hash:/etc/sympa/aliases.sympa.postfix |
|||
/usr/lib/sympa/bin/sympa_newaliases.pl |
|||
chmod 644 /etc/sympa/sympa/sympa.conf |
|||
|
|||
|
|||
#docker exec -ti sympaDB exec mysql -u root --password=sympa CREATE DATABASE IF NOT EXISTS sympa; |
|||
#docker exec -ti sympaDB exec mysql -u root --password=sympa GRANT ALL PRIVILEGES ON sympa.* TO sympa@localhost IDENTIFIED BY 'sympa'; |
|||
#/usr/lib/sympa/bin/sympa.pl --health_check |
|||
|
@ -0,0 +1,5 @@ |
|||
trusted_application |
|||
name SOAP_USER |
|||
md5password SOAP_MD5PASS |
|||
# the md5 digest of the application pasword. You can get it with sympa.pl --md5_digest=<the password> |
|||
proxy_for_variables USER_EMAIL,remote_host |
@ -0,0 +1,17 @@ |
|||
#!/bin/bash |
|||
|
|||
KAZ_ROOT=$(cd $(dirname $0)/../..; pwd) |
|||
. "${KAZ_ROOT}/bin/.commonFunctions.sh" |
|||
setKazVars |
|||
|
|||
cd $(dirname $0) |
|||
. "${DOCKERS_ENV}" |
|||
. "${KAZ_KEY_DIR}/SetAllPass.sh" |
|||
|
|||
DockerServName="${sympaServName}" |
|||
|
|||
checkDockerRunning "${DockerServName}" "Sympa" || exit |
|||
|
|||
printKazMsg "\n *** Premier lancement de Sympa" |
|||
|
|||
# docker exec "${DockerServName}" bash -c "DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sympa || echo ok" |
@ -1,35 +0,0 @@ |
|||
myhostname = /etc/mailname |
|||
smtpd_banner = $myhostname ESMTP |
|||
biff = no |
|||
append_dot_mydomain = no |
|||
readme_directory = no |
|||
alias_maps = hash:/etc/aliases |
|||
alias_database = hash:/etc/aliases |
|||
mydestination = $myhostname, localhost.$mydomain, localhost |
|||
mydomain = listes.kaz.bzh |
|||
mynetworks = 127.0.0.0/8 [::1]/128 |
|||
mailbox_size_limit = 0 |
|||
recipient_delimiter = + |
|||
inet_interfaces = all |
|||
inet_protocols = all |
|||
|
|||
|
|||
# Settings to prevent SPAM early |
|||
smtpd_helo_required = yes |
|||
smtpd_delay_reject = yes |
|||
smtpd_helo_restrictions = permit_mynetworks, reject_invalid_helo_hostname, permit |
|||
smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination |
|||
smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining, reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_recipient_domain |
|||
smtpd_client_restrictions = permit_mynetworks, reject_unauth_destination, reject_unauth_pipelining |
|||
smtpd_sender_restrictions = permit_mynetworks, reject_unknown_sender_domain |
|||
disable_vrfy_command = yes |
|||
|
|||
# Postscreen settings to drop zombies/open relays/spam early |
|||
postscreen_dnsbl_action = enforce |
|||
postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4 |
|||
postscreen_dnsbl_threshold = 3 |
|||
postscreen_dnsbl_whitelist_threshold = -1 |
|||
postscreen_greet_action = enforce |
|||
postscreen_bare_newline_action = enforce |
|||
smtputf8_enable = no |
|||
compatibility_level = 2 |
@ -1,9 +0,0 @@ |
|||
modiier le master avec ça |
|||
|
|||
smtp inet n - n - 1 smtpd |
|||
|
|||
-o content_filter=filter:dummy |
|||
|
|||
filter unix - n n - 10 pipe |
|||
flags=Rq user=filter null_sender= |
|||
argv=/home/filter/filter.sh -f ${sender} -- ${recipient} |
@ -1,9 +0,0 @@ |
|||
postconf "postscreen_dnsbl_action = enforce" |
|||
postconf "postscreen_dnsbl_sites = zen.spamhaus.org*3 bl.mailspike.net b.barracudacentral.org*2 bl.spameatingmonkey.net dnsbl.sorbs.net psbl.surriel.com list.dnswl.org=127.0.[0..255].0*-2 list.dnswl.org=127.0.[0..255].1*-3 list.dnswl.org=127.0.[0..255].[2..3]*-4" |
|||
postconf "postscreen_dnsbl_threshold = 3" |
|||
postconf "postscreen_dnsbl_whitelist_threshold = -1" |
|||
postconf "postscreen_greet_action = enforce" |
|||
postconf "postscreen_bare_newline_action = enforce" |
|||
postconf "smtputf8_enable = no" |
|||
postconf "smtpd_tls_cert_file=/etc/letsencrypt/live/kaz.bzh/fullchain.pm" |
|||
postconf "smtpd_tls_key_file=/etc/letsencrypt/live/kaz.bzh/privkey.pem" |
@ -0,0 +1,16 @@ |
|||
#!/bin/bash |
|||
# à lancer sur l'hôte pour paramétrer iptables |
|||
# ça peut brailler car certaines choses devraient être faites une et une seule fois, mais ce script peut être réappelé à chaque lancement du docker. |
|||
|
|||
#cleaning, may throw errors at first launch |
|||
#iptables -t nat -D POSTROUTING -o ens18 -j ipbis |
|||
#iptables -t nat -F ipbis |
|||
#iptables -t nat -X ipbis |
|||
|
|||
iptables -t nat -N ipbis |
|||
iptables -t nat -F ipbis |
|||
iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.sympaNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'` |
|||
iptables -t nat -I ipbis -o ens18 -p tcp --source `docker inspect -f '{{.NetworkSettings.Networks.jirafeauNet.IPAddress}}' sympaServ` -j SNAT --to `ifconfig ens18:0 | grep "inet" | awk '{print $2}'` |
|||
iptables -t nat -A ipbis -j RETURN |
|||
iptables -t nat -D POSTROUTING -o ens18 -j ipbis |
|||
iptables -t nat -I POSTROUTING -o ens18 -j ipbis |
Loading…
Reference in new issue