diff --git a/Dockerfiles/Dockerfile b/Dockerfiles/Dockerfile index 1feca3f..c3904f8 100644 --- a/Dockerfiles/Dockerfile +++ b/Dockerfiles/Dockerfile @@ -6,7 +6,12 @@ # Run all applications in one container. FROM ubuntu:jammy MAINTAINER Zhang Huangbin -EXPOSE 80 443 25 465 587 143 993 110 995 4190 +EXPOSE 389 636 #ldap/ldaps +EXPOSE 25 465 587 #smtp/smtps +EXPOSE 143 993 #imap/imaps +EXPOSE 7791 #iredadmin +EXPOSE 20000 #SOGo +EXPOSE 19999 #Netdata Monitor ARG ENTRYPOINTS_DIR=/docker/entrypoints ARG SCRIPTS_DIR=/docker/scripts @@ -41,7 +46,9 @@ COPY ./config/. / # entrypoint scripts # COPY ./entrypoints/. ${ENTRYPOINTS_DIR}/ -COPY ./settings.conf ${ENTRYPOINTS_DIR}/ +#####################SETTING UNIFICATION###################### +COPY ./iredmail-docker.conf ${ENTRYPOINTS_DIR}/ +############################################################## # Main entrypoint script. COPY ./entrypoints/all_in_one.sh /entrypoint.sh diff --git a/config/etc/memcached.conf b/config/etc/memcached.conf new file mode 100755 index 0000000..f96d4e2 --- /dev/null +++ b/config/etc/memcached.conf @@ -0,0 +1 @@ +-l 127.0.0.1 diff --git a/config/etc/sogo/sogo.conf b/config/etc/sogo/sogo.conf new file mode 100755 index 0000000..d75e4f3 --- /dev/null +++ b/config/etc/sogo/sogo.conf @@ -0,0 +1,400 @@ +{ + // + // - Official SOGo document: http://sogo.nu/support/index.html#/documentation + // - Mailing list: http://sogo.nu/support/index.html#/community + // + + // Daemon address and port + WOPort = 0.0.0.0:20000; + + // PID file + //WOPidFile = /var/run/sogo/sogo.pid; + + // Log file + //WOLogFile = /var/log/sogo/sogo.log; + + // Enable verbose logging. Reference: + // http://www.sogo.nu/nc/support/faq/article/how-to-enable-more-verbose-logging-in-sogo.html + //SOGoDebugRequests = YES; + //SOGoEASDebugEnabled = YES; + //ImapDebugEnabled = YES; + //LDAPDebugEnabled = YES; + //MySQL4DebugEnabled = YES; + //PGDebugEnabled = YES; + + // Define the URL to online help for SOGo. When set, an additional icon + // will appear near the logout button in SOGo's web interface. The URL + // will always be open in a blank target. + //SOGoHelpURL = ''; + + // set the maximum allowed size for content being sent to SOGo, this can + // also limit the file attachment size being uploaded to SOGo when + // composing a mail. + // The value is in kilobyte. Default is 0 or disabled (unlimit). + WOMaxUploadSize = 15360; + + // Parameter used to set the maximum allowed email message size when + // composing a mail. + // The value is in kilobytes. By default, the value is 0, or disabled so + // no limit will be set. + SOGoMaximumMessageSizeLimit = 15360; + + // Performance Tuning + // + // The amount of instances of SOGo that will be spawned to handle multiple + // requests simultaneously. When started from the init script, that amount + // is overriden by the `PREFORK=` setting in /etc/sysconfig/sogo or + // /etc/default/sogo. A value of 3 is a reasonable default for low usage. + // The maximum value depends on the CPU and IO power provided by your + // machine: a value set too high will actually decrease performances under + // high load. + // + // You should have at least one child per EAS device configured to use + // "push". You must also have more children than you have EAS devices + // configured to use "push" - in order to handle normal SOGo requests to + // its Web or DAV interfaces. + // + // Defaults to 1 when unset, increase it if you see below error message in + // sogo log file: 'No child available to handle incoming request' + // + // WARNING: + // - on RHEL/CentOS, this setting is controlled by parameter + // 'PREFORK=' defined in /etc/sysconfig/sogo. + // - on Debian/Ubuntu, this setting is controlled by parameter + // 'PREFORK=' defined in /etc/default/sogo. + WOWorkersCount = 10; + + // Parameter used to set the maximum amount of time, in seconds, SOGo will + // wait before replying to a Ping command. + // If not set, it defaults to 10 seconds. + SOGoMaximumPingInterval = 3540; + + // Parameter used to set the maximum amount of time, in seconds, SOGo will + // wait before replying to a Sync command. + // If not set, it defaults to 30 seconds. + SOGoMaximumSyncInterval = 3540; + + // Parameter used to set the maximum amount of time, in seconds, SOGo will + // wait before doing an internal check for data changes (add, delete, and + // update). This parameter must be lower than SOGoMaximumSyncInterval and + // SOGoMaximumPingInterval. + // If not set, it defaults to 10 seconds. + SOGoInternalSyncInterval = 30; + + // Specifies the number of minutes after which a busy child process will be + // killed by the parent process. + // Defaults to 10 (minutes). + WOWatchDogRequestTimeout = 61; + + // Overwrite the maximum number of items returned during a Sync operation. + // Defaults to 0, which means no overwrite is performed. + // Setting this parameter to a value greater than 512 will have unexpected + // behaviour with various ActiveSync clients. + //SOGoMaximumSyncWindowSize = 100; + + // Overwrite the maximum response size during a Sync operation. + // The value is in kilobytes. Setting this to 512 means the response size + // will be of 524288 bytes or less (or a bit greater if needed for syncing + // one item). Note that if you set the value too low and a mail message + // (or any other object like calendar events, tasks and contacts) surpasses + // it, it will still be synced but only this item will be. + // Defaults to 0, which means no overwrite is performed. + // + // Say you have these five mails and you set the limit to 512KB: + // 1. 250 KB + // 2. 250 KB + // 3. 25 KB + // 4. 750 KB + // 5. 10 KB + // Sync iteration no. 1 will pick message 1, 2 and 3. + // Sync iteration no. 2 will pick message 4. + // Sync iteration no. 3 will pick message 5. + SOGoMaximumSyncResponseSize = 2048; + + // The maximum amount of memory (in megabytes) that a child can use. + // Reaching that value will force children processes to restart, in order + // to preserve system memory. + // + // Error message when it reaches the value: + // "terminating app, vMem size limit (xxx MB) has been reached (currently xxx MB)" + // + // Defaults to 384. + SxVMemLimit = 500; + + // Enable XSRF (also known as CSRF) protection. + SOGoXSRFValidationEnabled = YES; + + // IMAP connection pool. + // Your performance will slightly increase, as you won't open a new + // connection for every access to your IMAP server. + // But you will get a lot of simultaneous open connections to your IMAP + // server, so make sure he can handle them. + // For debugging it is reasonable to turn pooling off. + //NGImap4DisableIMAP4Pooling = NO; + + SOGoProfileURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_user_profile"; + OCSFolderInfoURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_folder_info"; + OCSSessionsFolderURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_sessions_folder"; + OCSEMailAlarmsFolderURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_alarms_folder"; + + // With 3 parameters below, SOGo requires only 9 SQL tables in total + // instead of creating 4 SQL tables for each user. + OCSCacheFolderURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_cache_folder"; + OCSStoreURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_store"; + OCSAclURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/sogo_acl"; + + // Default language in the web interface + SOGoLanguage = English; + + // Specify which module to show after login: Calendar, Mail, Contacts. + SOGoLoginModule = Mail; + + // Must login with full email address + SOGoForceExternalLoginWithEmail = YES; + + // Allow user to change full name and email address. + SOGoMailCustomFromEnabled = NO; + + // IMAP server + // Local connection is considered as secure by Dovecot, so 'imap://' is fine. + // With remote IMAP server, use 'imaps://PH_IMAP_SERVER:143/?tls=YES' instead; + SOGoIMAPServer = "imap://127.0.0.1:143/?tls=YES&tlsVerifyMode=allowInsecureLocalhost"; + + // Allow user to add other IMAP accounts that will be visible from the SOGo + // Webmail interface. + // Default is NO. + //SOGoMailAuxiliaryUserAccountsEnabled = YES; + + // SMTP server + SOGoSMTPServer = "smtp://127.0.0.1:587/?tls=YES&tlsVerifyMode=allowInsecureLocalhost"; + SOGoMailingMechanism = smtp; + SOGoSMTPAuthenticationType = PLAIN; + + // Enable managesieve service + // + // WARNING: Sieve scripts generated by SOGo is not compatible with Roundcube + // webmail, don't use sieve service in both webmails, otherwise + // it will be messy. + // FYI: https://docs.iredmail.org/why.no.sieve.support.in.sogo.html + // + //SOGoSieveServer = "sieve://127.0.0.1:4190/?tls=YES&tlsVerifyMode=allowInsecureLocalhost"; + //SOGoSieveScriptsEnabled = YES; + //SOGoVacationEnabled = YES; + //SOGoForwardEnabled = YES; + SOGoSieveFolderEncoding = UTF-8; + + // Memcached + SOGoMemcachedHost = 127.0.0.1; + + // Parameter used to set which usernames require administrative privileges + // over all the users tables. For example, this could be used to post + // events in the users calendar without requiring the user to configure + // his/her ACLs. In this case you will need to specify those superuser's + // usernames like this : + // SOGoSuperUsernames = ([,, ...]); + //SOGoSuperUsernames = (); + + SOGoTimeZone = "America/New_York"; + + SOGoFirstDayOfWeek = 1; + + SOGoRefreshViewCheck = every_5_minutes; + SOGoMailReplyPlacement = below; + + // Disable gravatar + SOGoExternalAvatarsEnabled = NO; + SOGoGravatarEnabled = NO; + + // Control WebDAV access to the Calendar / Contacts collections. + // This can be used to deny access to these resources from Thunderbird + // Lightning for example. + // Defaults to YES when unset. + //SOGoCalendarDAVAccessEnabled = NO; + //SOGoAddressBookDAVAccessEnabled = NO; + + // Allow users to share publicly (ie., requiring not authentication) their + // calendars and address books. + // Defaults to NO when unset. + //SOGoEnablePublicAccess = YES; + + // + // Notifications + // + // Enable email-based alarms on events and tasks. + SOGoEnableEMailAlarms = YES; + + // Notify meeting participants + SOGoAppointmentSendEMailNotifications = YES; + + // Notify if a calendar or an address book has been created. + SOGoFoldersSendEMailNotifications = YES; + + // Notify involved users of a calendar or address book's ACLs. + SOGoACLsSendEMailNotifications = YES; + + // Notify when a modification is being done to his/her own calendar by someone else. + SOGoNotifyOnExternalModifications = YES; + + // NOTE: PostgreSQL cannot update view in iRedMail + SOGoPasswordChangeEnabled = YES; + + // Authentication using SQL + SOGoUserSources = ( + { + type = sql; + id = users; + viewURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/users"; + canAuthenticate = YES; + + // The algorithm used for password encryption when changing + // passwords without Password Policies enabled. + // Possible values are: plain, crypt, md5-crypt, ssha, ssha512. + userPasswordAlgorithm = ssha512; + prependPasswordScheme = YES; + + // Use `vmail.mailbox` as per-domain address book. + isAddressBook = YES; + displayName = "Domain Address Book"; + SOGoEnableDomainBasedUID = YES; + DomainFieldName = "domain"; + + // Listing of this LDAP source is only possible when performing a + // search (respecting the SOGoSearchMinimumWordLength parameter) + // or when explicitely typing a single dot. + // Defaults to YES when unset. + // + // WARNING: if you have many accounts in this address book, it may + // reach server-side query size limit, or cause + // performance issue. + listRequiresDot = NO; + + ModulesConstraints = { + Mail = { c_webmail = y; }; + Calendar = { c_calendar = y; }; + ActiveSync = { c_activesync = y; }; + }; + }, + + //{ + // displayName = "Global Address Book"; + // type = sql; + // id = global_address_book; + // viewURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/PH_SOGO_DB_VIEW_AUTH"; + // canAuthenticate = NO; + // isAddressBook = YES; + // listRequiresDot = NO; + // SOGoEnableDomainBasedUID = YES; + // DomainFieldName = "domain"; + //}, + + // Display mailing aliases in address book. + // You need to create SQL view 'sogo.aliases' first. + // + // For MySQL: + // + // CREATE VIEW sogo.aliases (c_uid, c_name, c_password, c_cn, mail, domain) + // AS SELECT address, name, '', name, address, domain + // FROM vmail.alias WHERE active=1; + // + //{ + // displayName = "Mailing Lists"; + // type = sql; + // id = aliases; + // viewURL = "mysql://sogo:PH_SOGO_DB_PASSWD@127.0.0.1:3306/sogo/PH_SOGO_DB_VIEW_ALIASES"; + // canAuthenticate = NO; + // isAddressBook = YES; + // listRequiresDot = NO; + // SOGoEnableDomainBasedUID = YES; + // DomainFieldName = "domain"; + //}, + ); + + + // Authentication using LDAP + /* LDAP backend + SOGoUserSources = ( + { + // Used for user authentication + type = ldap; + id = users; + canAuthenticate = YES; + isAddressBook = NO; + displayName = "LDAP Authentication"; + + hostname = "PH_LDAP_URI"; + baseDN = "domainName=%d,PH_LDAP_BASEDN"; + bindDN = "PH_LDAP_BINDDN"; + bindPassword = "PH_LDAP_BINDPW"; + filter = "objectClass=mailUser AND accountStatus=active AND enabledService=mail AND enabledService=sogo"; + scope = SUB; + + // always keep binding to the LDAP server using the DN of the + // currently authenticated user. bindDN and bindPassword are still + // required to find DN of the user. + // Note: with default LDAP acl configured by iRedMail, user doesn't + // have privilege to query PH_LDAP_BASEDN. + // so this doesn't work. + bindAsCurrentUser = YES; + + // The algorithm used for password encryption when changing + // passwords without Password Policies enabled. + // Possible values are: plain, crypt, md5-crypt, ssha, ssha512. + userPasswordAlgorithm = ssha512; + + CNFieldName = cn; + IDFieldName = mail; + // value of UIDFieldName must be unique on entire server + UIDFieldName = mail; + IMAPLoginFieldName = mail; + MailFieldNames = (mail); + bindFields = (mail); + + ModulesConstraints = { + Mail = { enabledService = sogowebmail; }; + Calendar = { enabledService = sogocalendar; }; + ActiveSync = { enabledService = sogoactivesync; }; + }; + }, + { + // Used for global address book + type = ldap; + id = global_addressbook; + canAuthenticate = NO; + isAddressBook = YES; + displayName = "Global Address Book"; + bindAsCurrentUser = YES; + + // Listing of this LDAP source is only possible when performing a + // search (respecting the SOGoSearchMinimumWordLength parameter) + // or when explicitely typing a single dot. + // Defaults to YES when unset. + // + // WARNING: if you have many accounts in this address book, it may + // reach server-side query size limit, or cause + // performance issue. + listRequiresDot = NO; + + hostname = "PH_LDAP_URI"; + baseDN = "domainName=%d,PH_LDAP_BASEDN"; + bindDN = "PH_LDAP_BINDDN"; + bindPassword = "PH_LDAP_BINDPW"; + filter = "((enabledService=mail AND accountStatus=active AND enabledService=displayedInGlobalAddressBook) AND ((objectClass=mailUser AND enabledService=sogo) OR (objectClass=mailList) OR (objectClass=mailAlias)))"; + scope = SUB; + + IDFieldName = mail; + bindFields = (mail); + // value of UID field must be unique on whole server. + UIDFieldName = mail; + IMAPLoginFieldName = mail; + + CNFieldName = cn; + SearchFieldNames = (cn, sn, displayName, telephoneNumber, mail, shadowAddress, departmentNumber); + + // Resources management (Free/Busy) + // Reference: https://docs.iredmail.org/sogo.manage.resources.html + KindFieldName = "Kind"; + MultipleBookingsFieldName = "MultipleBookings"; + } + ); + LDAP backend */ +} diff --git a/config/etc/supervisor/conf-available/memcache.conf b/config/etc/supervisor/conf-available/memcache.conf new file mode 100755 index 0000000..4a681dd --- /dev/null +++ b/config/etc/supervisor/conf-available/memcache.conf @@ -0,0 +1,14 @@ +; +;This file is managed by iRedMail Team with Ansible, +;please do __NOT__ modify it manually. +; + +[program:memcache] +command=memcached +priority=50 +user=memcache +startsecs=0 +autostart=true +autorestart=true +stdout_syslog=true +stderr_syslog=true diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100755 index 0000000..c3a4fce --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,62 @@ +version: '3' + +services: + iredmail: + container_name: iredmail + #image: iredmail/mariadb:stable + restart: always + build: + context: . + dockerfile: ./Dockerfiles/Dockerfile + #network_mode: bridge + ports: + - 25:25/tcp #smtp + - 465:465/tcp #smtps ssl + - 587:587/tcp #smtps tls + - 143:143/tcp #imap tls + - 993:993/tcp #imap ssl + #- 110:110/tcp #pop3 tls + #- 995:995/tcp #pop3 ssl + - 7790:7790/tcp #mlmmjadmin + - 7791:7791/tcp #iredadmin http + - 9001:9001/tcp #php-fpm for external nginx + - 20000:20000/tcp #SOGo + #expose: + #- 19999 #netdata monitor + volumes: + ##################### For TLS ##################### + - /etc/letsencrypt/live/YOUR-DOMAIN/privkey.pem:/opt/iredmail/ssl/key.pem:ro + - /etc/letsencrypt/live/YOUR-DOMAIN/cert.pem:/opt/iredmail/ssl/cert.pem:ro + - /etc/letsencrypt/live/YOUR-DOMAIN/fullchain.pem:/opt/iredmail/ssl/fullchain.pem:ro + ##################### For SSL ##################### + #- /etc/ssl/dh2048_param.pem:/opt/iredmail/ssl/dhparam2048.pem:ro + #- /etc/ssl/dh512_param.pem:/opt/iredmail/ssl/dhparam512.pem:ro + ################## For TimeZone ################### + - /etc/localtime:/etc/localtime:ro + ################# For Data Backup ################# + - ./data/backup-mysql:/var/vmail/backup/mysql:rw + - ./data/mailboxes:/var/vmail/vmail1:rw + - ./data/mlmmj:/var/vmail/mlmmj:rw + - ./data/mlmmj-archive:/var/vmail/mlmmj-archive:rw + - ./data/imapsieve_copy:/var/vmail/imapsieve_copy:rw + - ./data/custom:/opt/iredmail/custom:rw + - ./data/ssl:/opt/iredmail/ssl:rw + - ./data/mysql:/var/lib/mysql:rw + - ./data/clamav:/var/lib/clamav:rw + - ./data/sa_rules:/var/lib/spamassassin:rw + - ./data/postfix_queue:/var/spool/postfix:rw + ################ SOGo Resource Link ############### + #- /usr/lib/GNUstep/SOGo:/usr/lib/GNUstep/SOGo_nginx:rw + environment: + - TZ=Asia/Seoul + env_file: + - ./iredmail-docker.conf + entrypoint: /bin/bash "/entrypoint.sh" + command: /usr/bin/supervisord -c "/etc/supervisor/supervisord.conf" + cap_add: + - NET_ADMIN # For Fail2Ban, But Not Recommend + +networks: + default: + external: + name: docker-net diff --git a/entrypoints/all_in_one.sh b/entrypoints/all_in_one.sh index 332c5f4..1ae97ef 100644 --- a/entrypoints/all_in_one.sh +++ b/entrypoints/all_in_one.sh @@ -7,7 +7,9 @@ # ENTRYPOINTS_DIR="/docker/entrypoints" -SETTINGS_CONF="${ENTRYPOINTS_DIR}/settings.conf" +#####################SETTING UNIFICATION###################### +SETTINGS_CONF="${ENTRYPOINTS_DIR}/iredmail-docker.conf" +############################################################## . ${ENTRYPOINTS_DIR}/functions.sh @@ -61,6 +63,18 @@ install -d -m 0755 /var/run/supervisord /var/log/supervisor LOG "Remove leftover pid files which may cause service fail to start." find /run -name "*.pid" | xargs rm -f {} + +################ Pure Docker Permission Problem ################ +################## For Volume Bind Rebuilding ################## +chmod 0755 -R /usr/ #python, perl... etc not excute when not root +chmod 755 /etc/ /etc/postfix #sogo, postfix or other chdir() not work +chmod 755 /etc/dovecot #iredadmin login problem, chdir() not work +chmod 755 /var /var/spool #/var/run, /var/spool, /var/log ... etc chdir() not work error +chmod 775 /var/vmail #dovecot chdir() not work +chmod 777 /opt /opt/iredmail /opt/www /opt/www/roundcubemail /opt/mlmmjadmin #amavis, iredadmin chdir() not work... +################################################################ + + # Store FQDN in /etc/mailname. # FYI: https://wiki.debian.org/EtcMailName echo "${HOSTNAME}" > /etc/mailname @@ -86,20 +100,21 @@ if [[ X"${USE_IREDAPD}" == X'YES' ]]; then fi if [[ X"${USE_ANTISPAM}" == X'YES' ]]; then - run_entrypoint ${ENTRYPOINTS_DIR}/clamav.sh run_entrypoint ${ENTRYPOINTS_DIR}/antispam.sh SUP_SERVICES="${SUP_SERVICES} clamav amavisd" fi -# Nginx & php-fpm -if [[ X"${USE_ROUNDCUBE}" == X'YES' ]]; then +# Nginx +if [[ X"${USE_NGINX}" == X'YES' ]]; then run_entrypoint ${ENTRYPOINTS_DIR}/nginx.sh - run_entrypoint ${ENTRYPOINTS_DIR}/phpfpm.sh + SUP_SERVICES="${SUP_SERVICES} nginx" fi +# php-fpm if [[ X"${USE_ROUNDCUBE}" == X'YES' ]]; then + run_entrypoint ${ENTRYPOINTS_DIR}/phpfpm.sh run_entrypoint ${ENTRYPOINTS_DIR}/roundcube.sh - SUP_SERVICES="${SUP_SERVICES} nginx phpfpm" + SUP_SERVICES="${SUP_SERVICES} phpfpm" fi if [[ X"${USE_FAIL2BAN}" == X'YES' ]]; then @@ -112,6 +127,13 @@ if [[ X"${USE_IREDADMIN}" == X'YES' ]]; then SUP_SERVICES="${SUP_SERVICES} iredadmin" fi +########################SOGO INSERTED######################### +if [[ X"${USE_SOGO}" == X'YES' ]]; then + run_entrypoint ${ENTRYPOINTS_DIR}/sogo.sh + SUP_SERVICES="${SUP_SERVICES} memcache sogo" +fi +############################################################## + for srv in ${SUP_SERVICES}; do ln -sf /etc/supervisor/conf-available/${srv}.conf /etc/supervisor/conf.d/${srv}.conf done diff --git a/entrypoints/antispam.sh b/entrypoints/antispam.sh index 0b9691d..747709e 100644 --- a/entrypoints/antispam.sh +++ b/entrypoints/antispam.sh @@ -31,6 +31,16 @@ CLAMAV_DB_DIR="/var/lib/clamav" chown ${SYS_USER_ROOT}:${SYS_GROUP_AMAVISD} ${AMAVISD_CONF} +############### Permission Problem ############### +AMAVISD_CONF_DIR="/etc/amavis" +chmod 755 -R ${AMAVISD_CONF_DIR} +SPAMASSASSIN_CONF_DIR="/etc/spamassassin" +chmod 755 -R ${SPAMASSASSIN_CONF_DIR} + +# For SECURE PASSWORD +chmod 750 -R ${AMAVISD_CONF} ${SPAMASSASSIN_CONF_LOCAL} +################################################## + for d in \ ${AMAVISD_SPOOL_DIR} \ ${AMAVISD_TEMP_DIR} \ @@ -39,7 +49,10 @@ for d in \ ${AMAVISD_VAR_DIR}; do [[ -d ${d} ]] || mkdir -p ${d} chown ${SYS_USER_AMAVISD}:${SYS_GROUP_AMAVISD} ${d} - chmod 0770 ${d} + ##### permission problem ##### + #chmod 0770 ${d} + chmod 0775 ${d} + ############################## done # Amavisd @@ -56,19 +69,27 @@ usermod -G ${SYS_GROUP_AMAVISD} ${SYS_USER_CLAMAV} # Generate DKIM key for first mail domain. [[ -f ${DKIM_KEY} ]] || /usr/sbin/amavisd-new genrsa ${DKIM_KEY} 1024 -touch_files ${SYS_USER_AMAVISD} ${SYS_GROUP_AMAVISD} 0400 ${DKIM_KEY} +touch_files ${SYS_USER_AMAVISD} ${SYS_GROUP_AMAVISD} 0770 ${DKIM_KEY} # Update parameters. ${CMD_SED} "s#PH_HOSTNAME#${HOSTNAME}#g" ${AMAVISD_CONF} ${CMD_SED} "s#PH_FIRST_MAIL_DOMAIN#${FIRST_MAIL_DOMAIN}#g" ${AMAVISD_CONF} -${CMD_SED} "s#PH_SQL_SERVER_ADDRESS#${SQL_SERVER_ADDRESS}#g" ${AMAVISD_CONF} ${SPAMASSASSIN_CONF_LOCAL} -${CMD_SED} "s#PH_SQL_SERVER_PORT#${SQL_SERVER_PORT}#g" ${AMAVISD_CONF} ${SPAMASSASSIN_CONF_LOCAL} +#################Always update SQL password################# +_amavis_dbi_string="DBI:mysql:database=amavisd;host=PH_SQL_SERVER_ADDRESS;port=PH_SQL_SERVER_PORT', 'amavisd', '${AMAVISD_DB_PASSWORD}']);" +${CMD_SED} "s#DBI:mysql:database=amavisd.*#${_amavis_dbi_string}#g" ${AMAVISD_CONF} -${CMD_SED} "s#PH_AMAVISD_DB_PASSWORD#${AMAVISD_DB_PASSWORD}#g" ${AMAVISD_CONF} +${CMD_SED} "s#bayes_sql_password.*#bayes_sql_password ${SA_BAYES_DB_PASSWORD}#g" ${SPAMASSASSIN_CONF_LOCAL} +############################################################ -${CMD_SED} "s#PH_SA_BAYES_DB_PASSWORD#${SA_BAYES_DB_PASSWORD}#g" ${SPAMASSASSIN_CONF_LOCAL} +${CMD_SED} "s#PH_SQL_SERVER_ADDRESS#${SQL_SERVER_ADDRESS}#g" ${AMAVISD_CONF} ${SPAMASSASSIN_CONF_LOCAL} +${CMD_SED} "s#PH_SQL_SERVER_PORT#${SQL_SERVER_PORT}#g" ${AMAVISD_CONF} ${SPAMASSASSIN_CONF_LOCAL} # Run `sa-update` if no rules yet. -LOG "Run 'sa-update' (required by SpamAssassin)." +LOG "Run 'sa-update' (required by Amavisd)." sa-update -v + +if [[ ! -f "${CLAMAV_DB_DIR}/main.cvd" ]] && [[ ! -f "${CLAMAV_DB_DIR}/bytecode.cvd" ]]; then + LOG "Run 'freshclam' (required by ClamAV)." + freshclam +fi diff --git a/entrypoints/clamav.sh b/entrypoints/clamav.sh index dfd8c5c..764b448 100644 --- a/entrypoints/clamav.sh +++ b/entrypoints/clamav.sh @@ -48,3 +48,10 @@ install -d -o clamav -g clamav -m 0755 /run/clamav/ echo "* Run freshclam in background." freshclam --checks=1 --daemon --user=${CLAMAV_USER} --config-file=${FRESHCLAM_CONF} + +if [[ X"${_ready_to_start}" == X'YES' ]]; then + echo "* Starting clamd..." + clamd --config-file=/etc/clamav/clamd.conf --foreground +fi + +echo "* Exit." diff --git a/entrypoints/dovecot.sh b/entrypoints/dovecot.sh index 316a436..6dd6881 100644 --- a/entrypoints/dovecot.sh +++ b/entrypoints/dovecot.sh @@ -62,7 +62,10 @@ chmod 0644 ${SSL_DHPARAM2048_FILE} # Make sure mailboxes directory has correct owner/group and permission. # Note: If there're many mailboxes, `chown/chmod -R` will take a long time. chown ${SYS_USER_VMAIL}:${SYS_GROUP_VMAIL} ${MAILBOXES_DIR} -chmod 0700 ${MAILBOXES_DIR} + +################## dovecot Permission Problme ################## +chmod 0775 -R ${MAILBOXES_DIR} +################################################################ # Enable some modular config files. for f in service-imap-hibernate.conf stats.conf; do diff --git a/entrypoints/iredadmin.sh b/entrypoints/iredadmin.sh index 66a74ca..c29690b 100644 --- a/entrypoints/iredadmin.sh +++ b/entrypoints/iredadmin.sh @@ -25,6 +25,11 @@ require_non_empty_var IREDADMIN_DB_PASSWORD ${IREDADMIN_DB_PASSWORD} [[ -d ${IREDADMIN_CUSTOM_CONF_DIR} ]] || mkdir -p ${IREDADMIN_CUSTOM_CONF_DIR} [[ -f ${IREDADMIN_CUSTOM_CONF} ]] || touch ${IREDADMIN_CUSTOM_CONF} +################## IRedAdmin PERMISSION PROBLEM ################## +chown ${SYS_USER_IREDADMIN}:${SYS_GROUP_IREDADMIN} -R ${IREDADMIN_WEB_ROOTDIR_SYMLINK} +chmod 0755 -R ${IREDADMIN_WEB_ROOTDIR_SYMLINK} +################################################################## + chown ${SYS_USER_IREDADMIN}:${SYS_GROUP_IREDADMIN} ${IREDADMIN_CONF} ${IREDADMIN_CUSTOM_CONF} chmod 0400 ${IREDADMIN_CONF} ${IREDADMIN_CUSTOM_CONF} @@ -60,6 +65,23 @@ else update_iredadmin_setting iredapd_enabled False bool fi +#################### IRedAdmin External NGINX #################### +_iredadmin_uwsgi="/opt/www/iredadmin/rc_scripts/uwsgi/debian.ini" +_supervisor_uwsgi="/etc/supervisor/conf-available/iredadmin.conf" + +# Listen from ALL +_uwsgi_socket="uwsgi-socket = 0.0.0.0:7791" + +# External --static-map Add +_iredadmin_cmd="command=/usr/bin/uwsgi --ini /opt/www/iredadmin/rc_scripts/uwsgi/debian.ini --static-map /iredadmin/static=/opt/www/iredadmin/static" + +if [[ X"${USE_NGINX}" == X'NO' ]]; then + ${CMD_SED} "s#uwsgi-socket =.*#${_uwsgi_socket}#g" ${_iredadmin_uwsgi} + + ${CMD_SED} "s#command=.*#${_iredadmin_cmd}#g" ${_supervisor_uwsgi} +fi +################################################################## + if [[ X"${FAIL2BAN_STORE_BANNED_IP_IN_DB}" == X'YES' ]]; then update_iredadmin_setting fail2ban_db_password ${FAIL2BAN_DB_PASSWORD} else diff --git a/entrypoints/mlmmj.sh b/entrypoints/mlmmj.sh index c540036..6eb48cc 100644 --- a/entrypoints/mlmmj.sh +++ b/entrypoints/mlmmj.sh @@ -19,3 +19,8 @@ touch_files ${SYS_USER_MLMMJ} ${SYS_GROUP_MLMMJ} 0550 /usr/bin/mlmmj-amime-recei # Always set correct owner/group and permission of the data directories. chown ${SYS_USER_MLMMJ}:${SYS_GROUP_MLMMJ} ${MLMMJ_SPOOL_DIR} ${MLMMJ_ARCHIVE_DIR} + +############### Mlmmjadmin Permission Problem ############### +chmod 775 -R ${MLMMJ_SPOOL_DIR} +chmod 775 /usr/bin/mlmmj-amime-receive +############################################################# diff --git a/entrypoints/phpfpm.sh b/entrypoints/phpfpm.sh index d853611..46082e4 100644 --- a/entrypoints/phpfpm.sh +++ b/entrypoints/phpfpm.sh @@ -10,3 +10,17 @@ install -d -o ${SYS_USER_SYSLOG} -g ${SYS_GROUP_SYSLOG} -m 0755 /var/log/php-fpm install -d -o ${SYS_USER_NGINX} -g ${SYS_GROUP_NGINX} -m 0755 /run/php + + +#################### phpfpm External NGINX #################### +_roundcube_phpfpm="/etc/php/8.1/fpm/pool.d/www.conf" + +_phpfpm_listen_cmd="listen = 0.0.0.0:9001" +_phpfpm_resource_limit_cmd="security.limit_extensions = " + +if [[ X"${USE_NGINX}" == X'NO' ]]; then + ${CMD_SED} "s#listen =.*#${_phpfpm_listen_cmd}#g" ${_roundcube_phpfpm} + + ${CMD_SED} "s#security.limit_extensions =.*#${_phpfpm_resource_limit_cmd}#g" ${_roundcube_phpfpm} +fi +############################################################### \ No newline at end of file diff --git a/entrypoints/postfix.sh b/entrypoints/postfix.sh index d231828..53b26e5 100644 --- a/entrypoints/postfix.sh +++ b/entrypoints/postfix.sh @@ -18,9 +18,11 @@ SSL_DHPARAM512_FILE='/opt/iredmail/ssl/dhparam512.pem' SSL_DHPARAM2048_FILE='/opt/iredmail/ssl/dhparam2048.pem' # Update message size limit. -_size="$((MESSAGE_SIZE_LIMIT_IN_MB * 1024 * 1024))" -${CMD_SED} "s#^mailbox_size_limit.*#mailbox_size_limit = ${_size}#g" ${POSTFIX_CONF_MAIN_CF} -${CMD_SED} "s#^message_size_limit.*#message_size_limit = ${_size}#g" ${POSTFIX_CONF_MAIN_CF} +_mailbox_size="$((MAILBOX_SIZE_LIMIT_IN_MB * 1024 * 1024))" +_message_size="$((MESSAGE_SIZE_LIMIT_IN_MB * 1024 * 1024))" +${CMD_SED} "s#^mailbox_size_limit.*#mailbox_size_limit = ${_mailbox_size}#g" ${POSTFIX_CONF_MAIN_CF} +${CMD_SED} "s#^message_size_limit.*#message_size_limit = ${_message_size}#g" ${POSTFIX_CONF_MAIN_CF} + if [[ X"${USE_IREDAPD}" == X'NO' ]]; then LOG "Disable iRedAPD." @@ -40,6 +42,9 @@ if [[ X"${USE_ANTISPAM}" != X'YES' ]]; then fi chown ${SYS_USER_ROOT}:${SYS_GROUP_POSTFIX} ${POSTFIX_USERDB_LOOKUP_CONF_DIR}/*.cf +################## POSTFIX PERMISSION PROBLEM ################## +chmod 775 -R ${POSTFIX_USERDB_LOOKUP_CONF_DIR} +################################################################ install -d -o ${SYS_USER_ROOT} -g ${SYS_GROUP_ROOT} -m 0755 ${POSTFIX_CUSTOM_CONF_DIR} install -d -o ${SYS_USER_ROOT} -g ${SYS_GROUP_ROOT} -m 0755 ${POSTFIX_CUSTOM_DISCLAIMER_DIR} @@ -140,7 +145,9 @@ ${CMD_SED} "s#PH_HOSTNAME#${HOSTNAME}#g" ${POSTFIX_CONF_MAIN_CF} ${CMD_SED} "s#PH_SQL_SERVER_ADDRESS#${SQL_SERVER_ADDRESS}#g" ${POSTFIX_USERDB_LOOKUP_CONF_DIR}/*.cf ${CMD_SED} "s#PH_SQL_SERVER_PORT#${SQL_SERVER_PORT}#g" ${POSTFIX_USERDB_LOOKUP_CONF_DIR}/*.cf -${CMD_SED} "s#PH_VMAIL_DB_PASSWORD#${VMAIL_DB_PASSWORD}#g" ${POSTFIX_USERDB_LOOKUP_CONF_DIR}/*.cf +#################Always update SQL password################# +${CMD_SED} "s#password.*#password = ${VMAIL_DB_PASSWORD}#g" ${POSTFIX_USERDB_LOOKUP_CONF_DIR}/*.cf +############################################################ # Use custom main.cf/master.cf if [ -f ${POSTFIX_CUSTOM_CONF_MAIN_CF} ]; then diff --git a/entrypoints/roundcube.sh b/entrypoints/roundcube.sh index fc722e5..7a13a24 100644 --- a/entrypoints/roundcube.sh +++ b/entrypoints/roundcube.sh @@ -69,3 +69,9 @@ gen_symlink_of_nginx_tmpl default-ssl roundcube 90-roundcube create_rc_symlink_subdir ${ROUNDCUBE_CUSTOM_PLUGINS_DIR} ${ROUNDCUBE_DOCUMENT_ROOT_SYMLINK}/plugins create_rc_symlink_subdir ${ROUNDCUBE_CUSTOM_SKINS_DIR} ${ROUNDCUBE_DOCUMENT_ROOT_SYMLINK}/skins ln -sf ${ROUNDCUBE_CUSTOM_IMAGES_DIR} ${ROUNDCUBE_DOCUMENT_ROOT_SYMLINK}/images + + +################## Roundcube PERMISSION PROBLEM ################## +chown ${SYS_USER_NGINX}:${SYS_GROUP_NGINX} -R ${ROUNDCUBE_DOCUMENT_ROOT} ${ROUNDCUBE_DOCUMENT_ROOT_SYMLINK} ${ROUNDCUBE_CUSTOM_CONF_DIR} +################################################################## + diff --git a/entrypoints/sogo.sh b/entrypoints/sogo.sh index 2b9c025..b9bec2b 100644 --- a/entrypoints/sogo.sh +++ b/entrypoints/sogo.sh @@ -9,14 +9,45 @@ . /docker/entrypoints/functions.sh SOGO_CONF="/etc/sogo/sogo.conf" +SOGO_CONF_DIR="/etc/sogo" + +DB_NAME="sogo" +DB_USER="sogo" _size="$((MESSAGE_SIZE_LIMIT_IN_MB * 1024))" ${CMD_SED} "s#\(.*WOMaxUploadSize.*\)=.*#\1 = ${_size};#g" ${SOGO_CONF} ${CMD_SED} "s#\(.*SOGoMaximumMessageSizeLimit.*\)=.*#\1 = ${_size};#g" ${SOGO_CONF} -# Supervisor -install -d -m 0755 /var/run/supervisord /var/log/supervisor -SUP_SERVICES="cron rsyslog sogo" -#for srv in ${SUP_SERVICES}; do -# ln -sf /etc/supervisor/${srv}.conf /etc/supervisor/conf.d/${srv}.conf -#done +###################SOGo SQL ALWAYS UPDATE################### +${CMD_SED} "s#\(.*SOGoProfileURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_user_profile\";#g" ${SOGO_CONF} +${CMD_SED} "s#\(.*OCSFolderInfoURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_folder_info\";#g" ${SOGO_CONF} +${CMD_SED} "s#\(.*OCSSessionsFolderURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_sessions_folder\";#g" ${SOGO_CONF} +${CMD_SED} "s#\(.*OCSEMailAlarmsFolderURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_alarms_folder\";#g" ${SOGO_CONF} + +### With 3 parameters below, SOGo requires only 9 SQL tables in total +### instead of creating 4 SQL tables for each user. +${CMD_SED} "s#\(.*OCSCacheFolderURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_cache_folder\";#g" ${SOGO_CONF} +${CMD_SED} "s#\(.*OCSStoreURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_store\";#g" ${SOGO_CONF} +${CMD_SED} "s#\(.*OCSAclURL.*\)=.*#\1 = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/sogo_acl\";#g" ${SOGO_CONF} + +### // Authentication using SQL +### SOGoUserSources +${CMD_SED} "s#viewURL.*users.*#viewURL = \"mysql://${DB_USER}:${SOGO_DB_PASSWORD}@127.0.0.1:3306/${DB_NAME}/users\";#g" ${SOGO_CONF} +############################################################ + + +################## SOGo PERMISSION PROBLEM ################## +chown ${SYS_USER_SOGO}:${SYS_GROUP_SOGO} -R ${SOGO_CONF_DIR} +chmod 0755 -R ${SOGO_CONF_DIR} +############################################################# + +###################### SOGo External NGINX ####################### +_internal_sogo_dir="/usr/lib/GNUstep/SOGo" +_external_sogo_dir="/usr/lib/GNUstep/SOGo_nginx" +if [[ X"${USE_NGINX}" == X'NO' ]]; then + [[ -d ${_external_sogo_dir} ]] || mkdir -p ${_external_sogo_dir} + + cp -Rp ${_internal_sogo_dir}/. ${_external_sogo_dir} +fi +################################################################## + diff --git a/iredmail-docker.conf b/iredmail-docker.conf index e4cce61..ff30928 100644 --- a/iredmail-docker.conf +++ b/iredmail-docker.conf @@ -1,4 +1,102 @@ +# All default settings. +# +# Unificated with setting.conf. + +############################## +# REQUIRED +############################## +# Server hostname and first mail domain HOSTNAME=d.x.io FIRST_MAIL_DOMAIN=a.io FIRST_MAIL_DOMAIN_ADMIN_PASSWORD=www ROUNDCUBE_DES_KEY=custom-e985c3se82KJG5Tvt + +# The secret string used to encrypt/decrypt Roundcube session data. +# You can generate random string with command `openssl rand -base64 24` as the +# des key. +# Every time this key changed, all Roundcube session data becomes invalid and +# users will be forced to re-login. +ROUNDCUBE_DES_KEY= + +############################## +# OPTIONAL +############################## +# Server admin's email address. +# If not set, `postmaster@${FIRST_MAIL_DOMAIN}` will be used. +POSTMASTER_EMAIL= + +# Directory used to store all users' mailboxes. +MAILBOXES_DIR=/var/vmail/vmail1 + +# +# SQL server. +# +SQL_SERVER_ADDRESS=127.0.0.1 +SQL_SERVER_PORT=3306 + +# +# Passwords. +# Set random passwords for ALL MySQL root user each time the container starts. +# +# Available values: YES, NO. +MYSQL_USE_RANDOM_PASSWORDS=YES + +# Passwords for SQL users: +# root, vmail, vmailadmin, amavisd, roundcube, iredapd, fail2ban. +# +# If value is not empty, it will be used and not use random password while +# `MYSQL_USE_RANDOM_PASSWORDS=YES`. +MYSQL_ROOT_PASSWORD= +VMAIL_DB_PASSWORD= +VMAIL_DB_ADMIN_PASSWORD= +AMAVISD_DB_PASSWORD= +ROUNDCUBE_DB_PASSWORD= +IREDAPD_DB_PASSWORD= +IREDADMIN_DB_PASSWORD= +FAIL2BAN_DB_PASSWORD= +SA_BAYES_DB_PASSWORD= +##################### SOGo MYSQL INSERTED #################### +SOGO_DB_PASSWORD= +##################### SOGo MYSQL INSERTED #################### + +# API tokens. +MLMMJADMIN_API_TOKEN= + +# +# Enable/disable components +# +USE_IREDAPD=YES +USE_ANTISPAM=YES +USE_FAIL2BAN=YES +USE_NGINX=NO +USE_ROUNDCUBE=YES +USE_IREDADMIN=YES + +# SOGo requires another container: https://hub.docker.com/r/iredmail/sogo +USE_SOGO=YES + +# +# Enable/disable features +# +# Send /root/iRedMail.tips to postmaster@ each time launching the container. +MAIL_THE_TIP_FILE=YES + +FAIL2BAN_STORE_BANNED_IP_IN_DB=YES +POSTFIX_ENABLE_SRS=YES +IREDAPD_SRS_SECRET= + +# Mail message size (in MB). +MESSAGE_SIZE_LIMIT_IN_MB=50 + +##################### POSTFIX MAILBOX SIZE #################### +MAILBOX_SIZE_LIMIT_IN_MB=0 #RECOMMENDED +############################################################ + +# Upload size limited by Nginx and php-fpm. +# Note: if you use webmail, it should be larger than `MESSAGE_SIZE_LIMIT_IN_MB`. +WEB_UPLOAD_SIZE_LIMIT_IN_MB=30 + +# Memcached cache size. +MEMCACHED_CACHE_SIZE_IN_MB=64 + +############################## diff --git a/scripts/install_all_pkgs.sh b/scripts/install_all_pkgs.sh index 4ef2716..afb27db 100644 --- a/scripts/install_all_pkgs.sh +++ b/scripts/install_all_pkgs.sh @@ -48,15 +48,35 @@ PIP_MODULES="web.py>=0.62" # Required directories. export WEB_APP_ROOTDIR="/opt/www" -# Upgrade all packages. -apt-get update && apt-get upgrade -y - +# Install packages. echo "Install base packages." -apt-get install -y apt-utils rsyslog +apt-get update && apt-get install -y --no-install-recommends apt-utils rsyslog echo "Install packages: ${PKGS_ALL}" apt-get update && apt-get upgrade -y && apt-get install -y --no-install-recommends ${PKGS_ALL} +########################SOGO INSERTED######################### +echo "Update SOGo nightly Archive." +export SOGo_NIGHTLY="https://packages.inverse.ca/SOGo/nightly/5/ubuntu/ focal focal" +echo "deb ${SOGo_NIGHTLY}" >> /etc/apt/sources.list.d/SOGo.list +## Add key 19CDA6A9810273C4: public key "Inverse Support (package signing) " imported +#apt-key adv --keyserver hkp://keyserver.ubuntu.com --recv-key 19CDA6A9810273C4 +PKGS_SOGo="sogo sogo-activesync sope4.9-gdl1-mysql memcached" #sogo-eala rms-notify sogo-tool + +# Add OpenPGP Key +wget -O- 'http://pgp.mit.edu/pks/lookup?op=get&search=0xCB2D3A2AA0030E2C' | gpg --dearmor | apt-key add - +wget -O- 'https://keys.openpgp.org/vks/v1/by-fingerprint/74FFC6D72B925A34B5D356BDF8A27B36A6E2EAE9' | gpg --dearmor | apt-key add - + + +# Create temporary file /usr/share/doc/sogo/test.sh to avoid an error in the +# post-install script of SOGo package. +mkdir -p /usr/share/doc/sogo/ \ + && touch /usr/share/doc/sogo/test.sh +echo "Install packages: ${PKGS_SOGo}" +apt-get update && apt-get install -y --no-install-recommends ${PKGS_SOGo} +############################################################## + + # Install Python modules. /usr/bin/pip3 install \ --no-cache-dir \ diff --git a/scripts/mariadb/pre_start/sogo_db.sh b/scripts/mariadb/pre_start/sogo_db.sh new file mode 100755 index 0000000..866fead --- /dev/null +++ b/scripts/mariadb/pre_start/sogo_db.sh @@ -0,0 +1,30 @@ +#!/bin/bash +# Author: ChangWuk Kim + +# +# This file is managed by iRedMail Team with Ansible, +# but I modify it manually... +# + +. /docker/entrypoints/functions.sh + +PRE_START_SCRIPT_DIR="/docker/mariadb/pre_start" + +DB_NAME="sogo" +DB_USER="sogo" + +cmd_mysql="mysql -u root" +cmd_mysql_db="mysql -u root ${DB_NAME}" +cd ${PRE_START_SCRIPT_DIR} + +if [[ X"${USE_SOGO}" == X'YES' ]]; then + ${cmd_mysql} -e "SHOW DATABASES" |grep "${DB_NAME}" &>/dev/null + if [[ X"$?" != X'0' ]]; then + LOG "+ Create database ${DB_NAME}." + ${cmd_mysql} -e "CREATE DATABASE IF NOT EXISTS ${DB_NAME} DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci; CREATE VIEW ${DB_NAME}.users (c_uid, c_name, c_password, c_cn, mail, domain, c_webmail, c_calendar, c_activesync) AS SELECT username, username, password, name, username, domain, enablesogowebmail, enablesogocalendar, enablesogoactivesync FROM vmail.mailbox WHERE enablesogo=1 AND active=1;" + fi + + # Allow user to update password. + create_sql_user ${DB_USER} ${SOGO_DB_PASSWORD} + ${cmd_mysql} -e "GRANT ALL ON ${DB_NAME}.* TO ${DB_NAME}@'%' IDENTIFIED BY '${SOGO_DB_PASSWORD}'; GRANT SELECT ON vmail.mailbox TO ${DB_NAME}@'%'; FLUSH PRIVILEGES;" +fi diff --git a/settings.conf b/settings.conf deleted file mode 100644 index f084c46..0000000 --- a/settings.conf +++ /dev/null @@ -1,97 +0,0 @@ -# -# This file is managed by iRedMail Team with Ansible, -# please do __NOT__ modify it manually. -# - -# All default settings. -# -# To override any of them, please write same parameter name in -# `iredmail-docker.conf` with the custom value, then load -# `iredmail-docker.conf` as docker env file with the `--env-file` argument. - -############################## -# REQUIRED -############################## -# Server hostname and first mail domain -HOSTNAME= -FIRST_MAIL_DOMAIN= -FIRST_MAIL_DOMAIN_ADMIN_PASSWORD= - -# The secret string used to encrypt/decrypt Roundcube session data. -# You can generate random string with command `openssl rand -base64 24` as the -# des key. -# Every time this key changed, all Roundcube session data becomes invalid and -# users will be forced to re-login. -ROUNDCUBE_DES_KEY= - -############################## -# OPTIONAL -############################## -# Server admin's email address. -# If not set, `postmaster@${FIRST_MAIL_DOMAIN}` will be used. -POSTMASTER_EMAIL= - -# Directory used to store all users' mailboxes. -MAILBOXES_DIR=/var/vmail/vmail1 - -# -# SQL server. -# -SQL_SERVER_ADDRESS=127.0.0.1 -SQL_SERVER_PORT=3306 - -# -# Passwords. -# Set random passwords for ALL MySQL root user each time the container starts. -# -# Available values: YES, NO. -MYSQL_USE_RANDOM_PASSWORDS=YES - -# Passwords for SQL users: -# root, vmail, vmailadmin, amavisd, roundcube, iredapd, fail2ban. -# -# If value is not empty, it will be used and not use random password while -# `MYSQL_USE_RANDOM_PASSWORDS=YES`. -MYSQL_ROOT_PASSWORD= -VMAIL_DB_PASSWORD= -VMAIL_DB_ADMIN_PASSWORD= -AMAVISD_DB_PASSWORD= -ROUNDCUBE_DB_PASSWORD= -IREDAPD_DB_PASSWORD= -IREDADMIN_DB_PASSWORD= -FAIL2BAN_DB_PASSWORD= -SA_BAYES_DB_PASSWORD= - -# API tokens. -MLMMJADMIN_API_TOKEN= - -# -# Enable/disable components -# -USE_IREDAPD=YES -USE_ANTISPAM=YES -USE_FAIL2BAN=YES -USE_ROUNDCUBE=YES -USE_IREDADMIN=YES - -# -# Enable/disable features -# -# Send /root/iRedMail.tips to postmaster@ each time launching the container. -MAIL_THE_TIP_FILE=YES - -FAIL2BAN_STORE_BANNED_IP_IN_DB=YES -POSTFIX_ENABLE_SRS=YES -IREDAPD_SRS_SECRET= - -# Mail message size (in MB). -MESSAGE_SIZE_LIMIT_IN_MB=50 - -# Upload size limited by Nginx and php-fpm. -# Note: if you use webmail, it should be larger than `MESSAGE_SIZE_LIMIT_IN_MB`. -WEB_UPLOAD_SIZE_LIMIT_IN_MB=30 - -# Memcached cache size. -MEMCACHED_CACHE_SIZE_IN_MB=64 - -##############################