-
Notifications
You must be signed in to change notification settings - Fork 4
/
Dockerfile.dovecot
141 lines (131 loc) · 4.99 KB
/
Dockerfile.dovecot
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
FROM alpine:3.19
RUN apk update && apk upgrade --purge \
&& mkdir -p /etc/dovecot/certs \
&& echo "ssl = no" > /etc/dovecot/dovecot.conf \
&& apk add --no-cache dovecot dovecot-pigeonhole-plugin dovecot-fts-xapian dovecot-submissiond dovecot-pop3d dovecot-lmtpd ca-certificates gettext rspamd-client poppler-utils curl unzip \
&& apk add catdoc --update-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing/ --allow-untrusted \
&& adduser -D -G users -u 5000 vmail
VOLUME ["/mail"]
VOLUME ["/users"]
VOLUME ["/etc/auth"]
VOLUME ["/etc/dovecot/certs"]
ENV DOMAIN\
MSA_HOST\
MSA_PORT\
MSA_AUTH\
MSA_USER\
MSA_PASSWORD\
MSA_TLS
RUN echo -e "\
require [\"vnd.dovecot.pipe\", \"copy\", \"imapsieve\", \"environment\", \"variables\"];\n\
if environment :matches \"imap.user\" \"*\" {set \"username\" \"\${1}\";}\n\
pipe :copy \"learn-spam.sh\" [ \"\${username}\" ];\n\
" > /usr/lib/dovecot/sieve/report-spam.sieve
RUN echo -e "\
require [\"vnd.dovecot.pipe\", \"copy\", \"imapsieve\", \"environment\", \"variables\"];\n\
if environment :matches \"imap.mailbox\" \"*\" {set \"mailbox\" \"\${1}\";}\n\
if string \"\${mailbox}\" \"Trash\" { stop;}\n\
if environment :matches \"imap.user\" \"*\" {set \"username\" \"\${1}\";}\n\
pipe :copy \"learn-ham.sh\" [ \"\${username}\" ];\n\
" > /usr/lib/dovecot/sieve/report-ham.sieve
RUN mkdir -p /usr/lib/dovecot/sieve/global/ && echo -e "\
require \"fileinto\";\
if header :contains \"X-Rspamd-Bar\" \"++++++++++\" { fileinto \"Spam\";}\
" > /usr/lib/dovecot/sieve/global/file-spam.sieve
RUN echo -e "#!/bin/sh\nexec /usr/bin/rspamc learn_spam -h rspamd" > /usr/lib/dovecot/sieve/learn-spam.sh \
&& echo -e "#!/bin/sh\nexec /usr/bin/rspamc learn_ham -h rspamd" > /usr/lib/dovecot/sieve/learn-ham.sh \
&& chmod +x /usr/lib/dovecot/sieve/learn-*.sh \
&& chown vmail:users /usr/lib/dovecot/sieve /usr/lib/dovecot/sieve/global
RUN echo -e "\
log_path=/dev/stderr\n\
protocols = imap pop3 lmtp submission sieve\n\
ssl = yes\n\
ssl_cert = </etc/dovecot/certs/dovecot.pem\n\
ssl_key = </etc/dovecot/certs/dovecot.key\n\
ssl_dh = </etc/dovecot/certs/dh.pem\n\
ssl_client_ca_dir = /etc/ssl/certs/\n\
ssl_client_ca_file = /etc/ssl/certs/ca-certificates.crt\n\
postmaster_address = postmaster@\$DOMAIN\n\
disable_plaintext_auth=no\n\
auth_mechanisms = plain login\n\
#mail_debug = yes\n\
auth_verbose=yes\n\
#verbose_ssl=yes\n\
maildir_very_dirty_syncs = yes\n\
mail_home = /users/%n\n\
mail_location = maildir:/mail/%n\n\
mail_plugins=fts fts_xapian\n\
passdb {\n\
args = scheme=BLF-CRYPT username_format=%n /etc/auth/passwords\n\
driver = passwd-file\n\
}\n\
userdb {\n\
args = username_format=%n /etc/auth/users\n\
driver = passwd-file\n\
default_fields = uid=vmail gid=users \n\
}\n\
protocol imap {\n\
mail_plugins = \$mail_plugins imap_sieve\n\
}\n\
protocol lmtp {\n\
ssl = no\n\
mail_plugins = \$mail_plugins sieve\n\
}\n\
service lmtp {\n\
inet_listener lmtp {\n\
address = * ::\n\
port =24\n\
}\n\
}\n\
plugin {\n\
sieve = file:~/sieve;active=~/.dovecot.sieve\n\
sieve_after = /usr/lib/dovecot/sieve/global/file-spam.sieve\n\
sieve_plugins = sieve_imapsieve sieve_extprograms\n\
\n\
# From elsewhere to Spam folder\n\
imapsieve_mailbox1_name = Spam\n\
imapsieve_mailbox1_causes = COPY\n\
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve\n\
\n\
# From Spam folder to elsewhere\n\
imapsieve_mailbox2_name = *\n\
imapsieve_mailbox2_from = Spam\n\
imapsieve_mailbox2_causes = COPY\n\
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve\n\
\n\
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve\n\
\n\
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment\n\
\n\
fts = xapian\n\
fts_xapian = partial=3 full=20\n\
fts_autoindex=yes\n\
fts_autoindex_exclude = \Junk\n\
fts_autoindex_exclude2 = \Trash\n\
fts_decoder = decode2text\n\
fts_enforced = yes\n\
}\n\
service indexer-worker {\n\
vsz_limit = 500M # TODO make it a variable\n\
}\n\
service decode2text {\n\
executable = script /usr/libexec/dovecot/decode2text.sh\n\
user = dovecot\n\
unix_listener decode2text {\n\
mode = 0666\n\
}\n\
}\n\
submission_relay_host = \$MSA_HOST\n\
submission_relay_port = \$MSA_PORT\n\
submission_relay_user = \$MSA_USER\n\
submission_relay_password = \$MSA_PASSWORD\n\
submission_relay_ssl = \$MSA_TLS \n\
submission_relay_ssl_verify = yes\n\
" > /etc/dovecot/dovecot.conf.temp
EXPOSE 24 110 143 587 4190
CMD chown vmail /mail /users \
&& envsubst < /etc/dovecot/dovecot.conf.temp > /etc/dovecot/dovecot.conf \
&& { if ! ls /etc/dovecot/certs/dovecot.key 2>/dev/null; then openssl req -new -x509 -nodes -config /etc/dovecot/dovecot-openssl.cnf -out /etc/dovecot/certs/dovecot.pem -keyout /etc/dovecot/certs/dovecot.key -days 365; fi; } \
&& { if ! ls /etc/dovecot/certs/dh.pem 2>/dev/null; then openssl dhparam -out /etc/dovecot/certs/dh.pem 2048; fi; } \
&& chmod 0400 /etc/dovecot/certs/dovecot.key \
&& exec dovecot -F