mirror of
https://github.com/deuill/coreos-home-server.git
synced 2024-09-21 13:40:45 +00:00
dovecot: Activate FTS, ManagedSieve plugins
This commit enables FTS via Xapian, and exposes the port required for ManagedSieve integration with Dovecot; additionally, bugs in the integration of LMTP with RSpamd have been fixed. In support of these changes, configuration files that were previously split into container-based and service-based are now consolidated, and we now ensure that only our own container-based configuration is used when running Dovecot.
This commit is contained in:
parent
d2b2476cf6
commit
5367d2650e
@ -3,14 +3,15 @@ ARG VERSION=2.3.13
|
|||||||
|
|
||||||
RUN apt-get update -y && apt-get install -y --no-install-recommends \
|
RUN apt-get update -y && apt-get install -y --no-install-recommends \
|
||||||
dovecot-imapd=1:${VERSION}* dovecot-lmtpd=1:${VERSION}* dovecot-mysql=1:${VERSION}* \
|
dovecot-imapd=1:${VERSION}* dovecot-lmtpd=1:${VERSION}* dovecot-mysql=1:${VERSION}* \
|
||||||
dovecot-sieve=1:${VERSION}* dovecot-managesieved=1:${VERSION}* \
|
dovecot-sieve=1:${VERSION}* dovecot-managesieved=1:${VERSION}* dovecot-fts-xapian \
|
||||||
gettext ca-certificates curl
|
gettext ca-certificates curl
|
||||||
|
|
||||||
|
RUN rm -Rf /etc/dovecot
|
||||||
COPY container/config /etc/dovecot
|
COPY container/config /etc/dovecot
|
||||||
COPY container/run-dovecot /run-dovecot
|
COPY container/run-dovecot /run-dovecot
|
||||||
|
|
||||||
RUN addgroup --system --gid 5000 virtual
|
RUN addgroup --system --gid 5000 virtual
|
||||||
RUN adduser --system --uid 5000 --ingroup virtual --home /var/mail/virtual virtual
|
RUN adduser --system --uid 5000 --ingroup virtual --home /var/mail/virtual virtual
|
||||||
|
|
||||||
EXPOSE 24 143 993 3659
|
EXPOSE 24 143 993 3659 4190
|
||||||
ENTRYPOINT ["/run-dovecot"]
|
ENTRYPOINT ["/run-dovecot"]
|
||||||
|
@ -0,0 +1,9 @@
|
|||||||
|
# Use Xapian as the default full-text-search backend.
|
||||||
|
mail_plugins = $mail_plugins fts fts_xapian
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
fts = xapian
|
||||||
|
fts_xapian = partial=3 full=20 verbose=0
|
||||||
|
fts_autoindex = yes
|
||||||
|
fts_enforced = yes
|
||||||
|
}
|
10
config/service/dovecot/container/config/conf.d/85-lmtp.conf
Normal file
10
config/service/dovecot/container/config/conf.d/85-lmtp.conf
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
protocols = $protocols lmtp
|
||||||
|
|
||||||
|
service lmtp {
|
||||||
|
user = virtual
|
||||||
|
group = virtual
|
||||||
|
|
||||||
|
inet_listener lmtp {
|
||||||
|
port = 24
|
||||||
|
}
|
||||||
|
}
|
31
config/service/dovecot/container/config/conf.d/90-sieve.conf
Normal file
31
config/service/dovecot/container/config/conf.d/90-sieve.conf
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
protocols = $protocols sieve
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
mail_plugins = $mail_plugins imap_sieve
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol lmtp {
|
||||||
|
mail_plugins = $mail_plugins sieve
|
||||||
|
}
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
# Setup default plugins and extensions.
|
||||||
|
sieve_plugins = sieve_imapsieve sieve_extprograms
|
||||||
|
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
|
||||||
|
sieve_pipe_bin_dir = /etc/dovecot/scripts
|
||||||
|
|
||||||
|
# Read Sieve scripts from pre-defined directories.
|
||||||
|
sieve_before = /etc/dovecot/sieve.before.d
|
||||||
|
sieve_after = /etc/dovecot/sieve.after.d
|
||||||
|
|
||||||
|
# From elsewhere to Junk folder.
|
||||||
|
imapsieve_mailbox1_name = INBOX.Junk
|
||||||
|
imapsieve_mailbox1_causes = COPY
|
||||||
|
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
|
||||||
|
|
||||||
|
# From Junk folder to elsewhere.
|
||||||
|
imapsieve_mailbox2_name = *
|
||||||
|
imapsieve_mailbox2_from = INBOX.Junk
|
||||||
|
imapsieve_mailbox2_causes = COPY
|
||||||
|
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
|
||||||
|
}
|
@ -3,5 +3,6 @@ driver = mysql
|
|||||||
connect = "host=${DOVECOT_DATABASE_HOST} dbname=${DOVECOT_DATABASE_NAME} user=${DOVECOT_DATABASE_USERNAME} password=${DOVECOT_DATABASE_PASSWORD}"
|
connect = "host=${DOVECOT_DATABASE_HOST} dbname=${DOVECOT_DATABASE_NAME} user=${DOVECOT_DATABASE_USERNAME} password=${DOVECOT_DATABASE_PASSWORD}"
|
||||||
|
|
||||||
default_pass_scheme = SHA512-CRYPT
|
default_pass_scheme = SHA512-CRYPT
|
||||||
password_query = SELECT username AS user, password, CONCAT(home, '/', maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid FROM users WHERE username = '%u'
|
iterate_query = SELECT username FROM users
|
||||||
user_query = SELECT CONCAT(home, '/', maildir) AS home, uid, gid, CONCAT('maildir:', home, '/', maildir) AS mail FROM users WHERE username = '%u'
|
user_query = SELECT CONCAT(home, '/', maildir) AS home, uid, gid, CONCAT('maildir:', home, '/', maildir) AS mail FROM users WHERE username = '%u'
|
||||||
|
password_query = SELECT username AS user, password, CONCAT(home, '/', maildir) AS userdb_home, uid AS userdb_uid, gid AS userdb_gid FROM users WHERE username = '%u'
|
||||||
|
@ -8,6 +8,11 @@
|
|||||||
log_path = /dev/stderr
|
log_path = /dev/stderr
|
||||||
auth_verbose = yes
|
auth_verbose = yes
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename
|
||||||
|
mail_log_fields = uid box msgid size
|
||||||
|
}
|
||||||
|
|
||||||
# Mail directory.
|
# Mail directory.
|
||||||
mail_location = maildir:/var/mail/virtual/%u
|
mail_location = maildir:/var/mail/virtual/%u
|
||||||
mail_privileged_group = virtual
|
mail_privileged_group = virtual
|
||||||
@ -58,26 +63,17 @@ namespace inbox {
|
|||||||
# ----------------------
|
# ----------------------
|
||||||
|
|
||||||
# Enabled protocols.
|
# Enabled protocols.
|
||||||
protocols = imap lmtp sieve
|
protocols = imap
|
||||||
|
|
||||||
# Enable SSL and STARTTLS.
|
# Enable SSL and STARTTLS.
|
||||||
ssl = yes
|
ssl = yes
|
||||||
|
ssl_min_protocol = TLSv1.2
|
||||||
|
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
|
||||||
|
ssl_prefer_server_ciphers = no
|
||||||
|
|
||||||
ssl_cert = </etc/ssl/private/certificates/${DOVECOT_HOST}.crt
|
ssl_cert = </etc/ssl/private/certificates/${DOVECOT_HOST}.crt
|
||||||
ssl_key = </etc/ssl/private/certificates/${DOVECOT_HOST}.key
|
ssl_key = </etc/ssl/private/certificates/${DOVECOT_HOST}.key
|
||||||
|
|
||||||
protocol lmtp {
|
|
||||||
mail_plugins = $mail_plugins sieve
|
|
||||||
}
|
|
||||||
|
|
||||||
service lmtp {
|
|
||||||
user = virtual
|
|
||||||
group = virtual
|
|
||||||
|
|
||||||
inet_listener lmtp {
|
|
||||||
port = 24
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
protocol imap {
|
protocol imap {
|
||||||
mail_max_userip_connections = 25
|
mail_max_userip_connections = 25
|
||||||
}
|
}
|
||||||
|
@ -5,5 +5,5 @@ if test "${1}" != "ham" -a "${1}" != "spam"; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
source /etc/dovecot/rspamd/rspamd.env
|
source /etc/dovecot/rspamd.env
|
||||||
curl --silent -H "Deliver-To: ${USER}" -H "password: ${RSPAMD_CONTROLLER_PASSWORD}" --data-binary @- "${RSPAMD_CONTROLLER_HOST}:${RSPAMD_CONTROLLER_PORT}/learn${1}"
|
curl --silent -H "Deliver-To: ${USER}" -H "password: ${RSPAMD_CONTROLLER_PASSWORD}" --data-binary @- "${RSPAMD_CONTROLLER_HOST}:${RSPAMD_CONTROLLER_PORT}/learn${1}"
|
@ -1,23 +1,16 @@
|
|||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
# Prepare configuration files for environment variable substitution.
|
# Prepare configuration files for environment variable substitution.
|
||||||
ENV_NAMES="`env | awk -F '=' '{printf "$%s ", $1}'`"
|
ENV_NAMES="$(env | awk -F= '{printf "$%s ", $1}')"
|
||||||
for file in /etc/dovecot/*.template; do
|
for file in /etc/dovecot/*.template; do
|
||||||
envsubst "$ENV_NAMES" < "$file" > "`echo $file | awk -F '.template$' '{print $1}'`"
|
envsubst "$ENV_NAMES" < "$file" > "$(echo "$file" | awk -F '.template$' '{print $1}')"
|
||||||
done
|
done
|
||||||
|
|
||||||
# Prepare other configuration.
|
|
||||||
mkdir -p /var/lib/dovecot/script /var/lib/dovecot/sieve
|
|
||||||
install -m 0755 /etc/dovecot/conf.d/*.script /var/lib/dovecot/script
|
|
||||||
install -m 0644 /etc/dovecot/conf.d/*.sieve /var/lib/dovecot/sieve
|
|
||||||
|
|
||||||
# Compile Sieve scripts.
|
# Compile Sieve scripts.
|
||||||
find /etc/dovecot/sieve.* -name '*.sieve' | xargs -I@ sievec @
|
find /etc/dovecot -name '*.sieve' -execdir sievec {} \;
|
||||||
find /var/lib/dovecot/sieve -name '*.sieve' | xargs -I@ sievec @
|
|
||||||
|
|
||||||
# Set up environment variables for Rspamd.
|
# Set up environment variables for Rspamd integration.
|
||||||
mkdir -p /etc/dovecot/rspamd
|
env | awk -F_ '$1 == "RSPAMD" {print $0}' > /etc/dovecot/rspamd.env
|
||||||
env | awk -F '_' '$1 == "RSPAMD" {print $0}' > /etc/dovecot/rspamd/rspamd.env
|
|
||||||
|
|
||||||
# Run Dovecot daemon.
|
# Run Dovecot daemon.
|
||||||
/usr/sbin/dovecot -F
|
/usr/sbin/dovecot -F
|
||||||
|
@ -1,25 +0,0 @@
|
|||||||
protocol imap {
|
|
||||||
mail_plugins = $mail_plugins imap_sieve
|
|
||||||
}
|
|
||||||
|
|
||||||
plugin {
|
|
||||||
# Setup default plugins and extensions.
|
|
||||||
sieve_plugins = sieve_imapsieve sieve_extprograms
|
|
||||||
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
|
|
||||||
sieve_pipe_bin_dir = /var/lib/dovecot/script
|
|
||||||
|
|
||||||
# Read Sieve scripts from pre-defined directories.
|
|
||||||
sieve_before = /etc/dovecot/sieve.before.d
|
|
||||||
sieve_after = /etc/dovecot/sieve.after.d
|
|
||||||
|
|
||||||
# From elsewhere to Junk folder.
|
|
||||||
imapsieve_mailbox1_name = INBOX.Junk
|
|
||||||
imapsieve_mailbox1_causes = COPY
|
|
||||||
imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/learn-spam.sieve
|
|
||||||
|
|
||||||
# From Junk folder to elsewhere.
|
|
||||||
imapsieve_mailbox2_name = *
|
|
||||||
imapsieve_mailbox2_from = INBOX.Junk
|
|
||||||
imapsieve_mailbox2_causes = COPY
|
|
||||||
imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/learn-ham.sieve
|
|
||||||
}
|
|
@ -8,5 +8,7 @@ systemd:
|
|||||||
units:
|
units:
|
||||||
- name: dovecot-firstboot.target
|
- name: dovecot-firstboot.target
|
||||||
enabled: true
|
enabled: true
|
||||||
|
- name: dovecot-fts-optimize.timer
|
||||||
|
enabled: true
|
||||||
- name: dovecot.service
|
- name: dovecot.service
|
||||||
enabled: true
|
enabled: true
|
||||||
|
12
config/service/dovecot/systemd/dovecot-fts-optimize.service
Normal file
12
config/service/dovecot/systemd/dovecot-fts-optimize.service
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Optimize Dovecot FTS Index
|
||||||
|
Wants=dovecot.service
|
||||||
|
After=dovecot.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
SyslogIdentifier=%N
|
||||||
|
ExecStart=/bin/podman exec dovecot doveadm fts optimize -A
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
@ -0,0 +1,9 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Optimize Dovecot FTS Index
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=daily
|
||||||
|
Persistent=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
@ -12,10 +12,9 @@ Environment=PODMAN_SYSTEMD_UNIT=%n
|
|||||||
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
ExecStart=/bin/podman run --replace --name %N --net internal --sdnotify=conmon \
|
||||||
--env-file %E/coreos-home-server/%N/%N.env \
|
--env-file %E/coreos-home-server/%N/%N.env \
|
||||||
--env-file %E/coreos-home-server/rspamd/rspamd.env \
|
--env-file %E/coreos-home-server/rspamd/rspamd.env \
|
||||||
--publish 143:143 --publish 993:993 \
|
--publish 143:143 --publish 993:993 --publish 4190:4190 \
|
||||||
--volume %N:/var/mail:z \
|
--volume %N:/var/mail:z \
|
||||||
--volume letsencrypt:/etc/ssl/private:z \
|
--volume letsencrypt:/etc/ssl/private:z,ro \
|
||||||
--volume %E/coreos-home-server/%N/service/config:/etc/%N/conf.d:z,ro \
|
|
||||||
localhost/%N:latest
|
localhost/%N:latest
|
||||||
ExecStop=/bin/podman stop --ignore --time 10 %N
|
ExecStop=/bin/podman stop --ignore --time 10 %N
|
||||||
ExecStopPost=/bin/podman rm --ignore --force %N
|
ExecStopPost=/bin/podman rm --ignore --force %N
|
||||||
|
Loading…
Reference in New Issue
Block a user