[Dovecot] Allow setting ACL_ANYONE in mailcow.conf
This commit is contained in:
André Peters
@@ -53,9 +53,6 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
|
||||
libjson-c-dev \
|
||||
&& addgroup --system --gid 700 clamav \
|
||||
&& adduser --system --no-create-home --home /var/lib/clamav --uid 700 --gid 700 --disabled-login clamav \
|
||||
&& mkdir -p /run/clamav /var/lib/clamav \
|
||||
&& chown clamav:clamav /run/clamav /var/lib/clamav \
|
||||
&& chmod 750 /run/clamav \
|
||||
&& rm -rf /tmp/* /var/tmp/*
|
||||
|
||||
COPY bootstrap.sh ./
|
||||
|
||||
@@ -14,6 +14,10 @@ if [[ ! -f /var/lib/clamav/whitelist.ign2 ]]; then
|
||||
echo "Example-Signature.Ignore-1" > /var/lib/clamav/whitelist.ign2
|
||||
fi
|
||||
chown clamav:clamav /var/lib/clamav/whitelist.ign2
|
||||
mkdir -p /run/clamav /var/lib/clamav
|
||||
chown clamav:clamav /run/clamav /var/lib/clamav
|
||||
chmod 750 /run/clamav
|
||||
chmod 755 /var/lib/clamav
|
||||
|
||||
dos2unix /var/lib/clamav/whitelist.ign2
|
||||
sed -i '/^\s*$/d' /var/lib/clamav/whitelist.ign2
|
||||
|
||||
@@ -97,6 +97,7 @@ RUN echo '30 3 * * * vmail /usr/local/bin/doveadm quota recalc -A' > /etc/cron.
|
||||
RUN echo '* * * * * vmail /usr/local/bin/trim_logs.sh >> /dev/console 2>&1' > /etc/cron.d/trim_logs
|
||||
RUN echo '25 * * * * vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc
|
||||
RUN echo '30 1 * * * root /usr/local/bin/sa-rules.sh >> /dev/console 2>&1' > /etc/cron.d/sa-rules
|
||||
RUN echo '0 2 * * * root /usr/bin/curl http://solr:8983/solr/dovecot/update?optimize=true >> /dev/console 2>&1' > /etc/cron.d/solr-optimize
|
||||
COPY trim_logs.sh /usr/local/bin/trim_logs.sh
|
||||
COPY syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
|
||||
COPY imapsync /usr/local/bin/imapsync
|
||||
|
||||
@@ -85,6 +85,7 @@ map {
|
||||
}
|
||||
EOF
|
||||
|
||||
echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone
|
||||
|
||||
# Create userdb dict for Dovecot
|
||||
cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
|
||||
|
||||
@@ -167,9 +167,17 @@ echo ' </dict>
|
||||
chown sogo:sogo -R /var/lib/sogo/
|
||||
chmod 600 /var/lib/sogo/GNUstep/Defaults/sogod.plist
|
||||
|
||||
# Patch ACLs (comment this out to enable any or authenticated targets for ACL)
|
||||
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||
# Patch ACLs
|
||||
if [[ ${ACL_ANYONE} == 'allow' ]]; then
|
||||
#enable any or authenticated targets for ACL
|
||||
if patch -R -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||
patch -R /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||
fi
|
||||
else
|
||||
#disable any or authenticated targets for ACL
|
||||
if patch -sfN --dry-run /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff > /dev/null; then
|
||||
patch /usr/lib/GNUstep/SOGo/Templates/UIxAclEditor.wox < /acl.diff;
|
||||
fi
|
||||
fi
|
||||
|
||||
# Copy logo, if any
|
||||
|
||||
9
data/Dockerfiles/solr/Dockerfile
Normal file
9
data/Dockerfiles/solr/Dockerfile
Normal file
@@ -0,0 +1,9 @@
|
||||
FROM solr:7-alpine
|
||||
USER root
|
||||
COPY docker-entrypoint.sh /
|
||||
|
||||
RUN apk --no-cache add su-exec curl \
|
||||
&& chmod +x /docker-entrypoint.sh \
|
||||
&& /docker-entrypoint.sh --bootstrap
|
||||
|
||||
ENTRYPOINT ["/docker-entrypoint.sh"]
|
||||
195
data/Dockerfiles/solr/docker-entrypoint.sh
Executable file
195
data/Dockerfiles/solr/docker-entrypoint.sh
Executable file
@@ -0,0 +1,195 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
|
||||
echo "SKIP_SOLR=y, skipping Solr..."
|
||||
sleep 365d
|
||||
exit 0
|
||||
fi
|
||||
|
||||
set -e
|
||||
|
||||
# allow easier debugging with `docker run -e VERBOSE=yes`
|
||||
if [[ "$VERBOSE" = "yes" ]]; then
|
||||
set -x
|
||||
fi
|
||||
|
||||
# run the optional initdb
|
||||
. /opt/docker-solr/scripts/run-initdb
|
||||
|
||||
function solr_config() {
|
||||
curl -XPOST http://localhost:8983/solr/dovecot/schema -H 'Content-type:application/json' -d '{
|
||||
"add-field-type":{
|
||||
"name":"long",
|
||||
"class":"solr.TrieLongField"
|
||||
},
|
||||
"add-field-type":{
|
||||
"name":"text",
|
||||
"class":"solr.TextField",
|
||||
"positionIncrementGap":100,
|
||||
"indexAnalyser":{
|
||||
"tokenizer":{
|
||||
"class":"solr.StandardTokenizerFactory"
|
||||
},
|
||||
"filter":{
|
||||
"class":"solr.WordDelimiterFilterFactory",
|
||||
"generateWordParts":1,
|
||||
"generateNumberParts":1,
|
||||
"catenateWorks":1,
|
||||
"catenateNumbers":1,
|
||||
"catenateAll":0
|
||||
},
|
||||
"filter":{
|
||||
"class":"solr.LowerCaseFilterFactory"
|
||||
},
|
||||
"filter":{
|
||||
"class":"solr.KeywordMarkerFilterFactory",
|
||||
"protected":"protwords.txt"
|
||||
}
|
||||
},
|
||||
"queryAnalyzer":{
|
||||
"tokenizer":{
|
||||
"class":"solr.StandardTokenizerFactory"
|
||||
},
|
||||
"filter":{
|
||||
"synonyms":"synonyms.txt",
|
||||
"ignoreCase":true,
|
||||
"expand":true
|
||||
},
|
||||
"filter":{
|
||||
"class":"solr.LowerCaseFilterFactory"
|
||||
},
|
||||
"filter":{
|
||||
"class":"solr.WordDelimiterFilterFactory",
|
||||
"generateWordParts":1,
|
||||
"generateNumberParts":1,
|
||||
"catenateWords":0,
|
||||
"catenateNumbers":0,
|
||||
"catenateAll":0,
|
||||
"splitOnCaseChange":1
|
||||
}
|
||||
}
|
||||
},
|
||||
"add-field":{
|
||||
"name":"uid",
|
||||
"type":"long",
|
||||
"indexed":true,
|
||||
"stored":true,
|
||||
"required":true
|
||||
},
|
||||
"add-field":{
|
||||
"name":"box",
|
||||
"type":"string",
|
||||
"indexed":true,
|
||||
"stored":true,
|
||||
"required":true
|
||||
},
|
||||
"add-field":{
|
||||
"name":"user",
|
||||
"type":"string",
|
||||
"indexed":true,
|
||||
"stored":true,
|
||||
"required":true
|
||||
},
|
||||
"add-field":{
|
||||
"name":"hdr",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
|
||||
},
|
||||
"add-field":{
|
||||
"name":"body",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
},
|
||||
"add-field":{
|
||||
"name":"from",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
},
|
||||
"add-field":{
|
||||
"name":"to",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
},
|
||||
"add-field":{
|
||||
"name":"cc",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
},
|
||||
"add-field":{
|
||||
"name":"bcc",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
},
|
||||
"add-field":{
|
||||
"name":"subject",
|
||||
"type":"text",
|
||||
"indexed":true,
|
||||
"stored":false
|
||||
}
|
||||
}'
|
||||
|
||||
curl -XPOST http://localhost:8983/solr/dovecot/config -H 'Content-type:application/json' -d '{
|
||||
"update-requesthandler":{
|
||||
"name":"/select",
|
||||
"class":"solr.SearchHandler",
|
||||
"defaults":{
|
||||
"wt":"xml"
|
||||
}
|
||||
}
|
||||
}'
|
||||
|
||||
curl -XPOST http://localhost:8983/solr/dovecot/config/updateHandler -d '{
|
||||
"set-property": {
|
||||
"updateHandler.autoSoftCommit.maxDocs":500,
|
||||
"updateHandler.autoSoftCommit.maxTime":120000,
|
||||
"updateHandler.autoCommit.maxDocs":200,
|
||||
"updateHandler.autoCommit.maxTime":1800000,
|
||||
"updateHandler.autoCommit.openSearcher":false
|
||||
}
|
||||
}'
|
||||
}
|
||||
|
||||
# fixing volume permission
|
||||
[[ -d /opt/solr/server/solr/dovecot/data ]] && chown -R solr:solr /opt/solr/server/solr/dovecot/data
|
||||
sed -i 's/#SOLR_HEAP="512m"/SOLR_HEAP="'${SOLR_HEAP:-1024}'m"/g' /opt/solr/bin/solr.in.sh
|
||||
|
||||
# start a Solr so we can use the Schema API, but only on localhost,
|
||||
# so that clients don't see Solr until we have configured it.
|
||||
echo "Starting local Solr instance to setup configuration"
|
||||
su-exec solr start-local-solr
|
||||
|
||||
# keep a sentinel file so we don't try to create the core a second time
|
||||
# for example when we restart a container.
|
||||
SENTINEL=/opt/docker-solr/core_created
|
||||
if [[ -f ${SENTINEL} ]]; then
|
||||
echo "skipping core creation"
|
||||
else
|
||||
echo "Creating core \"dovecot\""
|
||||
su-exec solr /opt/solr/bin/solr create -c "dovecot"
|
||||
|
||||
# See https://github.com/docker-solr/docker-solr/issues/27
|
||||
echo "Checking core"
|
||||
while ! wget -O - 'http://localhost:8983/solr/admin/cores?action=STATUS' | grep -q instanceDir; do
|
||||
echo "Could not find any cores, waiting..."
|
||||
sleep 5
|
||||
done
|
||||
echo "Created core \"dovecot\""
|
||||
touch ${SENTINEL}
|
||||
fi
|
||||
|
||||
echo "Starting configuration"
|
||||
solr_config
|
||||
echo "Stopping local Solr"
|
||||
su-exec solr stop-local-solr
|
||||
if [[ "${1}" == "--bootstrap" ]]; then
|
||||
exit 0
|
||||
else
|
||||
exec su-exec solr solr-foreground
|
||||
fi
|
||||
@@ -20,7 +20,7 @@ disable_plaintext_auth = yes
|
||||
login_log_format_elements = "user=<%u> method=%m rip=%r lip=%l mpid=%e %c %k"
|
||||
mail_home = /var/vmail/%d/%n
|
||||
mail_location = maildir:~/
|
||||
mail_plugins = quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify
|
||||
mail_plugins = quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr
|
||||
mail_attachment_fs = crypt:set_prefix=mail_crypt_global:posix:
|
||||
mail_attachment_dir = /var/attachments
|
||||
mail_attachment_min_size = 128k
|
||||
@@ -279,7 +279,7 @@ userdb {
|
||||
}
|
||||
protocol imap {
|
||||
imap_metadata = yes
|
||||
mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log
|
||||
mail_plugins = quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr
|
||||
}
|
||||
mail_attribute_dict = file:%h/dovecot-attributes
|
||||
protocol lmtp {
|
||||
@@ -291,9 +291,12 @@ protocol sieve {
|
||||
}
|
||||
plugin {
|
||||
# Allow "any" or "authenticated" to be used in ACLs
|
||||
#acl_anyone = allow
|
||||
acl_anyone = </usr/local/etc/dovecot/acl_anyone
|
||||
acl_shared_dict = file:/var/vmail/shared-mailboxes.db
|
||||
acl = vfile
|
||||
fts = solr
|
||||
fts_autoindex = yes
|
||||
fts_solr = url=http://solr:8983/solr/dovecot/
|
||||
quota = dict:Userquota::proxy::sqlquota
|
||||
quota_rule2 = Trash:storage=+100%%
|
||||
sieve = /var/vmail/sieve/%u.sieve
|
||||
|
||||
@@ -51,6 +51,7 @@ $raw_data = mb_convert_encoding($raw_data_content, 'HTML-ENTITIES', "UTF-8");
|
||||
$headers = getallheaders();
|
||||
|
||||
$qid = $headers['X-Rspamd-Qid'];
|
||||
$subject = $headers['X-Rspamd-Subject'];
|
||||
$score = $headers['X-Rspamd-Score'];
|
||||
$rcpts = $headers['X-Rspamd-Rcpt'];
|
||||
$user = $headers['X-Rspamd-User'];
|
||||
@@ -188,10 +189,11 @@ foreach (json_decode($rcpts, true) as $rcpt) {
|
||||
foreach ($rcpt_final_mailboxes as $rcpt) {
|
||||
error_log("QUARANTINE: quarantine pipe: processing quarantine message for rcpt " . $rcpt);
|
||||
try {
|
||||
$stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
|
||||
$stmt = $pdo->prepare("INSERT INTO `quarantine` (`qid`, `subject`, `score`, `sender`, `rcpt`, `symbols`, `user`, `ip`, `msg`, `action`)
|
||||
VALUES (:qid, :score, :sender, :rcpt, :symbols, :user, :ip, :msg, :action)");
|
||||
$stmt->execute(array(
|
||||
':qid' => $qid,
|
||||
':subject' => $subject,
|
||||
':score' => $score,
|
||||
':sender' => $sender,
|
||||
':rcpt' => $rcpt,
|
||||
|
||||
@@ -15,6 +15,7 @@
|
||||
SOGoFoldersSendEMailNotifications = YES;
|
||||
SOGoForwardEnabled = YES;
|
||||
SOGoUIAdditionalJSFiles = (js/custom-sogo.js);
|
||||
SOGoEnablePublicAccess = YES;
|
||||
|
||||
// Multi-domain setup
|
||||
// Domains are isolated, you can define visibility options here.
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -1465,4 +1465,39 @@ function getGUID() {
|
||||
.substr($charid,16, 4).$hyphen
|
||||
.substr($charid,20,12);
|
||||
}
|
||||
function solr_status() {
|
||||
$curl = curl_init();
|
||||
$endpoint = 'http://solr:8983/solr/admin/cores';
|
||||
$params = array(
|
||||
'action' => 'STATUS',
|
||||
'core' => 'dovecot',
|
||||
'indexInfo' => 'true'
|
||||
);
|
||||
$url = $endpoint . '?' . http_build_query($params);
|
||||
curl_setopt($curl, CURLOPT_URL, $url);
|
||||
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
|
||||
curl_setopt($curl, CURLOPT_POST, 0);
|
||||
curl_setopt($curl, CURLOPT_TIMEOUT, 20);
|
||||
$response = curl_exec($curl);
|
||||
if ($response === false) {
|
||||
$err = curl_error($curl);
|
||||
curl_close($curl);
|
||||
// logger(array('return' => array(
|
||||
// 'type' => 'danger',
|
||||
// 'log' => array(__FUNCTION__, $action, $service_name, $attr1, $attr2, $extra_headers),
|
||||
// 'msg' => $err,
|
||||
// )));
|
||||
return $err;
|
||||
}
|
||||
else {
|
||||
curl_close($curl);
|
||||
// logger(array('return' => array(
|
||||
// 'type' => 'success',
|
||||
// 'log' => array(__FUNCTION__, $action, $service_name, $attr1, $attr2, $extra_headers),
|
||||
// )));
|
||||
$status = json_decode($response, true);
|
||||
return (!empty($status['status']['dovecot'])) ? $status['status']['dovecot'] : false;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
|
||||
@@ -3,7 +3,7 @@ function init_db_schema() {
|
||||
try {
|
||||
global $pdo;
|
||||
|
||||
$db_version = "15122018_0717";
|
||||
$db_version = "14012019_0717";
|
||||
|
||||
$stmt = $pdo->query("SHOW TABLES LIKE 'versions'");
|
||||
$num_results = count($stmt->fetchAll(PDO::FETCH_ASSOC));
|
||||
@@ -226,6 +226,7 @@ function init_db_schema() {
|
||||
"cols" => array(
|
||||
"id" => "INT NOT NULL AUTO_INCREMENT",
|
||||
"qid" => "VARCHAR(30) NOT NULL",
|
||||
"subject" => "VARCHAR(500)",
|
||||
"score" => "FLOAT(8,2)",
|
||||
"ip" => "VARBINARY(16)",
|
||||
"action" => "CHAR(20) NOT NULL DEFAULT 'unknown'",
|
||||
|
||||
Reference in New Issue
Block a user