diff --git a/docker/imap/Dockerfile b/docker/imap/Dockerfile index 8e0667fe..c3b49b0e 100644 --- a/docker/imap/Dockerfile +++ b/docker/imap/Dockerfile @@ -1,80 +1,83 @@ FROM apheleia/almalinux9 WORKDIR /root/ RUN dnf -y install \ --setopt 'tsflags=nodocs' \ git \ autoconf \ automake \ bison \ cyrus-sasl-devel \ flex \ gcc \ gcc-c++ \ gperf \ jansson-devel \ libbsd-devel \ libtool \ libicu-devel \ libuuid-devel \ openssl-devel \ pkgconfig \ sqlite-devel \ brotli-devel \ libzstd-devel \ libical-devel \ libxml2-devel \ libnghttp2-devel \ shapelib \ zlib-devel \ pcre-devel \ perl-devel \ cyrus-sasl \ cyrus-sasl-plain \ perl-Cyrus \ rsync && \ dnf clean all ARG GIT_REF=dev/kolab-3.6 ARG GIT_REMOTE=https://git.kolab.org/source/cyrus-imapd ADD build.sh /build.sh RUN /build.sh COPY /rootfs / VOLUME [ "/var/spool/imap" ] VOLUME [ "/var/lib/imap" ] RUN id default || (groupadd -g 1001 default && useradd -d /opt/app-root/ -u 1001 -g 1001 default) RUN mkdir -p /opt/app-root/src RUN PATHS=(/run /run/saslauthd /var/run /var/lib/imap /var/spool/imap /etc/pki/cyrus-imapd /opt/app-root) && \ mkdir -p ${PATHS[@]} && \ chmod 777 ${PATHS[@]} && \ chown -R 1001:0 ${PATHS[@]} && \ chmod -R g=u ${PATHS[@]} RUN touch /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem RUN PATHS=(/etc /etc/passwd /etc/saslauthd.conf /etc/cyrus.conf /etc/imapd.conf /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem) && \ chown 1001:0 ${PATHS[@]} && \ chmod g=u ${PATHS[@]} USER 1001 WORKDIR /opt/app-root/src ENV SERVICES_PORT=8000 ENV IMAPD_CONF=/etc/imapd.conf ENV CYRUS_CONF=/etc/cyrus.conf ENV SERVERLIST=imap-backend ENV MUPDATE=imap-mupdate ENV SERVERNAME=imap-backend +ENV MAXLOGINS_PER_USER=50 # Seems to be required on ppc64le only? Not sure why ENV LD_LIBRARY_PATH=/usr/lib/ # ENV TLS_SERVER_CA_FILE # ENV APP_SERVICES_DOMAIN +# ENV ROLE +# ENV WITH_TLS CMD ["/init.sh"] EXPOSE 11143/tcp 11993/tcp 11080/tcp 11443/tcp 11024/tcp 4190/tcp diff --git a/docker/imap/rootfs/etc/cyrus-backend.conf b/docker/imap/rootfs/etc/cyrus-backend.conf deleted file mode 100644 index a808e442..00000000 --- a/docker/imap/rootfs/etc/cyrus-backend.conf +++ /dev/null @@ -1,42 +0,0 @@ -START { - # do not delete this entry! - recover cmd="ctl_cyrusdb -r" - - mupdatepush cmd="ctl_mboxlist -m" -} - -SERVICES { - - http cmd="httpd" listen="http" proto="tcp" prefork=5 - imap cmd="imapd" listen="imap" proto="tcp" prefork=5 - # https cmd="httpd -s" listen="https" proto="tcp" prefork=5 - # imaps cmd="imapd -s" listen="imaps" proto="tcp" prefork=1 - sieve cmd="timsieved" listen="sieve" proto="tcp" prefork=0 - lmtp cmd="lmtpd" listen="lmtp" proto="tcp" prefork=1 - # lmtpunix cmd="lmtpd" listen="/run/cyrus/socket/lmtp" prefork=1 - syncserver cmd="sync_server" listen="csync" -} - -EVENTS { - # this is required - checkpoint cmd="ctl_cyrusdb -c" period="39" - - # Expire deleted folders older than 28 days. - deleteprune cmd="cyr_expire -E 4 -D 28" at="0400" - - # Expire deleted messages older than 28 days. - expungeprune cmd="cyr_expire -E 4 -X 28" at="0132" - - # this is only necessary if caching TLS sessions - tlsprune cmd="tls_prune" at="0400" - - # this is only necessary if using duplicate delivery suppression - delprune cmd="cyr_expire -E 3" at="0400" - -} - -DAEMON { - # this is only necessary if using idled for IMAP IDLE - idled cmd="idled" - -} diff --git a/docker/imap/rootfs/etc/cyrus-frontend.conf b/docker/imap/rootfs/etc/cyrus-frontend.conf deleted file mode 100644 index 7b614e7d..00000000 --- a/docker/imap/rootfs/etc/cyrus-frontend.conf +++ /dev/null @@ -1,25 +0,0 @@ -START { - # do not delete this entry! - recover cmd="ctl_cyrusdb -r" - - -} - -SERVICES { - mupdate cmd="mupdate" listen=3905 prefork=1 - - imap cmd="proxyd" listen="imap" proto="tcp" prefork=1 maxchild=4096 - # imaps cmd="proxyd -s" listen="imaps" proto="tcp" prefork=1 maxchild=4096 - http cmd="httpd" listen="http" prefork=0 - # https cmd="httpd -s" listen="https" prefork=0 - sieve cmd="timsieved" listen="sieve" proto="tcp" prefork=1 - lmtp cmd="lmtpproxyd -a" listen="lmtp" proto="tcp" prefork=2 -} - -EVENTS { - # this is required - checkpoint cmd="ctl_cyrusdb -c" period="30" - - # this is only necessary if caching TLS sessions - tlsprune cmd="tls_prune" at="0400" -} diff --git a/docker/imap/rootfs/etc/cyrus.conf b/docker/imap/rootfs/etc/cyrus.conf index 4ef209c2..cc01a17c 100644 --- a/docker/imap/rootfs/etc/cyrus.conf +++ b/docker/imap/rootfs/etc/cyrus.conf @@ -1,41 +1,44 @@ START { # do not delete this entry! recover cmd="ctl_cyrusdb -r" statscleanup cmd="promstatsd -c" - #mupdatepush cmd="ctl_mboxlist -m" + # WITH_MUPDATE mupdatepush cmd="ctl_mboxlist -m" } SERVICES { - - http cmd="httpd" listen=0.0.0.0:11080 proto="tcp" prefork=5 - imap cmd="imapd" listen=0.0.0.0:11143 proto="tcp" prefork=5 - # https cmd="httpd -s" listen=0.0.0.0:11443 proto="tcp" prefork=5 - # imaps cmd="imapd -s" listen=0.0.0.0:11993 proto="tcp" prefork=1 + # ROLE_FRONTEND mupdate cmd="mupdate" listen=3905 prefork=1 + http cmd="httpd" listen=0.0.0.0:11080 proto="tcp" prefork=1 + # ROLE_BACKEND imap cmd="imapd" listen=0.0.0.0:11143 proto="tcp" prefork=1 + # ROLE_FRONTEND imap cmd="proxyd" listen=0.0.0.0:11143 proto="tcp" prefork=1 + # WITH_TLS https cmd="httpd -s" listen=0.0.0.0:11443 proto="tcp" prefork=1 + # ROLE_BACKEND_WITH_TLS imaps cmd="imapd -s" listen=0.0.0.0:11993 proto="tcp" prefork=1 + # ROLE_FRONTEND_WITH_TLS imaps cmd="proxyd -s" listen=0.0.0.0:11993 proto="tcp" prefork=1 sieve cmd="timsieved" listen=0.0.0.0:4190 proto="tcp" prefork=0 # lmtp without authentication required (-a) - lmtp cmd="lmtpd -a" listen=0.0.0.0:11024 proto="tcp" prefork=1 + # ROLE_BACKEND lmtp cmd="lmtpd -a" listen=0.0.0.0:11024 proto="tcp" prefork=1 + # ROLE_FRONTEND lmtp cmd="lmtpproxyd -a" listen=0.0.0.0:11024 proto="tcp" prefork=1 } EVENTS { # this is required checkpoint cmd="ctl_cyrusdb -c" period="39" # Expire deleted folders older than 28 days. - deleteprune cmd="cyr_expire -E 4 -D 28" at="0400" + # ROLE_BACKEND deleteprune cmd="cyr_expire -E 4 -D 28" at="0400" # Expire deleted messages older than 28 days. - expungeprune cmd="cyr_expire -E 4 -X 28" at="0132" + # ROLE_BACKEND expungeprune cmd="cyr_expire -E 4 -X 28" at="0132" # this is only necessary if caching TLS sessions tlsprune cmd="tls_prune" at="0400" # this is only necessary if using duplicate delivery suppression - delprune cmd="cyr_expire -E 3" at="0400" + # ROLE_BACKEND delprune cmd="cyr_expire -E 3" at="0400" } DAEMON { # this is only necessary if using idled for IMAP IDLE idled cmd="idled" promstatsd cmd="promstatsd" } diff --git a/docker/imap/rootfs/etc/imapd-backend.conf b/docker/imap/rootfs/etc/imapd-backend.conf deleted file mode 100644 index d15c169b..00000000 --- a/docker/imap/rootfs/etc/imapd-backend.conf +++ /dev/null @@ -1,104 +0,0 @@ -servername: imap-backend -configdirectory: /var/lib/imap -defaultpartition: default -metapartition_files: annotations cache expunge header index -partition-default: /var/spool/imap/ -sievedir: /var/lib/imap/sieve -annotation_definitions: /etc/imapd.annotations.conf - -autocreate_quota: 5242880 -autocreate_inbox_folders: Drafts | Trash | Sent -autocreate_subscribe_folders: Drafts | Trash | Sent -# Set specialuse flags -xlist-drafts: Drafts -xlist-sent: Sent -xlist-trash: Trash - -idlesocket: /var/lib/imap/socket/idle -disable_shared_namespace: 0 -disable_user_namespace: 0 -duplicate_db_path: /run/cyrus/db/deliver.db -mboxname_lockpath: /run/cyrus/lock -proc_path: /run/cyrus/proc -# Apparently does not work -##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db -statuscache_db_path: /run/cyrus/db/statuscache.db -temp_path: /tmp -tls_sessions_db_path: /run/cyrus/db/tls_sessions.db - -sendmail: /usr/sbin/sendmail -admins: IMAP_ADMIN_LOGIN -sasl_pwcheck_method: saslauthd -sasl_mech_list: PLAIN LOGIN -allowplaintext: yes - -lmtp_over_quota_perm_failure: 1 - -# tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -# tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -# tls_server_ca_file: /etc/pki/tls/certs/cyrus-imapd.ca.cert - -# tls_client_certs: off - -# tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES - -# tls_prefer_server_ciphers: 1 -# tls_versions: tls1_3 - -maxlogins_per_user: 50 -proxyd_disable_mailbox_referrals: 0 - - -httpmodules: caldav carddav domainkey freebusy ischedule rss webdav - - - -unixhierarchysep: 1 -virtdomains: userid -sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date -allowallsubscribe: 0 -anyoneuseracl: 0 -allowusermoves: 1 -altnamespace: 1 -disconnect_on_vanished_mailbox: 1 -hashimapspool: 1 -anysievefolder: 1 -fulldirhash: 0 -sieve_maxscripts: 150 -sieve_maxscriptsize: 128 -sieveusehomedir: 0 -sieve_allowreferrals: 0 -sieve_utf8fileinto: 1 -lmtp_downcase_rcpt: 1 -lmtp_fuzzy_mailbox_match: 1 -username_tolower: 1 -deletedprefix: DELETED -delete_mode: delayed -expunge_mode: delayed -postuser: shared -tcp_keepalive: 1 - -syslog_prefix: cyrus-imapd - -calendar_default_displayname: test -addressbook_default_displayname: test - -# mupdate is enabled -mupdate_config: standard -mupdate_server: imap-mupdate -mupdate_port: 3905 -mupdate_authname: IMAP_ADMIN_LOGIN -mupdate_username: IMAP_ADMIN_LOGIN -mupdate_password: IMAP_ADMIN_PASSWORD - -# proxy authentication for these users -proxyservers: IMAP_ADMIN_LOGIN - -# sync is enabled -#sync_try_imap: 0 -#sync_log_chain: false -#sync_authname: cyrus -#sync_password: simple123 -#sync_log: 1 -#sync_repeat_interval: 10 -#sync_shutdown_file: /var/lib/imap/sync_shutdown diff --git a/docker/imap/rootfs/etc/imapd-frontend.conf b/docker/imap/rootfs/etc/imapd-frontend.conf deleted file mode 100644 index 1810f637..00000000 --- a/docker/imap/rootfs/etc/imapd-frontend.conf +++ /dev/null @@ -1,82 +0,0 @@ -servername: SERVERNAME -configdirectory: /var/lib/imap - -autocreate_quota: 5242880 - -idlesocket: /var/lib/imap/socket/idle -disable_shared_namespace: 0 -disable_user_namespace: 0 -duplicate_db_path: /var/lib/imap/deliver.db -mboxname_lockpath: /var/lib/imap/lock -proc_path: /var/lib/imap/proc -# Apparently does not work -##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db -statuscache_db_path: /var/lib/imap/statuscache.db -temp_path: /tmp -tls_sessions_db_path: /run/cyrus/db/tls_sessions.db -annotation_definitions: /etc/imapd.annotations.conf - -sendmail: /usr/sbin/sendmail -admins: IMAP_ADMIN_LOGIN -sasl_pwcheck_method: saslauthd -sasl_mech_list: PLAIN LOGIN -allowplaintext: yes - -lmtp_over_quota_perm_failure: 1 - -tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem -tls_server_ca_file: TLS_SERVER_CA_FILE - -tls_client_certs: off -tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES -tls_prefer_server_ciphers: 1 -sieve_tls_versions: tls1_0 tls1_1 tls1_2 -tls_versions: tls1_3 -maxlogins_per_user: 50 -# Disable mailbox referrals for all clients, as the referrals will point -# addresses the client cannot reach. -proxyd_disable_mailbox_referrals: 1 - -serverlist: SERVERLIST - -httpmodules: caldav carddav domainkey freebusy ischedule rss webdav - -unixhierarchysep: 1 -virtdomains: userid -sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date -allowallsubscribe: 0 -anyoneuseracl: 0 -allowusermoves: 1 -altnamespace: 1 -disconnect_on_vanished_mailbox: 1 -hashimapspool: 1 -anysievefolder: 1 -fulldirhash: 0 -sieve_maxscripts: 150 -sieve_maxscriptsize: 128 -sieveusehomedir: 0 -sieve_allowreferrals: 0 -sieve_utf8fileinto: 1 -lmtp_downcase_rcpt: 1 -lmtp_fuzzy_mailbox_match: 1 -username_tolower: 1 -deletedprefix: DELETED -delete_mode: delayed -expunge_mode: delayed -postuser: shared -tcp_keepalive: 1 - -syslog_prefix: cyrus-imapd - -# mupdate is enabled -#mupdate_config: standard -mupdate_server: MUPDATE -mupdate_port: 3905 -mupdate_authname: IMAP_ADMIN_LOGIN -mupdate_username: IMAP_ADMIN_LOGIN -mupdate_password: IMAP_ADMIN_PASSWORD - -# proxy authentication against backends -proxy_authname: IMAP_ADMIN_LOGIN -proxy_password: IMAP_ADMIN_PASSWORD diff --git a/docker/imap/rootfs/etc/imapd.conf b/docker/imap/rootfs/etc/imapd.conf index 423a5fbb..34f78884 100644 --- a/docker/imap/rootfs/etc/imapd.conf +++ b/docker/imap/rootfs/etc/imapd.conf @@ -1,79 +1,104 @@ servername: SERVERNAME configdirectory: /var/lib/imap defaultpartition: default metapartition_files: annotations cache expunge header index partition-default: /var/spool/imap/ metapartition-default: /var/spool/imap/ sievedir: /var/lib/imap/sieve annotation_definitions: /etc/imapd.annotations.conf autocreate_quota: 5242880 autocreate_inbox_folders: Drafts | Trash | Sent autocreate_subscribe_folders: Drafts | Trash | Sent # Set specialuse flags xlist-drafts: Drafts xlist-sent: Sent xlist-trash: Trash +# +# WITH_TLS tls_server_cert: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +# WITH_TLS tls_server_key: /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +# WITH_TLS tls_server_ca_file: TLS_SERVER_CA_FILE +# WITH_TLS +# WITH_TLS tls_client_certs: off +# WITH_TLS tls_ciphers: kEECDH:+kEECDH+SHA:kEDH:+kEDH+SHA:kECDH:+kECDH+SHA:kRSA:+kRSA+SHA:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES +# WITH_TLS tls_prefer_server_ciphers: 1 +# WITH_TLS sieve_tls_versions: tls1_0 tls1_1 tls1_2 +# WITH_TLS tls_versions: tls1_3 idlesocket: /var/lib/imap/socket/idle disable_shared_namespace: 0 disable_user_namespace: 0 duplicate_db_path: /run/cyrus/db/deliver.db mboxname_lockpath: /run/cyrus/lock proc_path: /run/cyrus/proc # Apparently does not work ##ptscache_db_path: /var/tmp/cyrus-imapd/ptscache.db statuscache_db_path: /run/cyrus/db/statuscache.db temp_path: /tmp tls_sessions_db_path: /run/cyrus/db/tls_sessions.db sendmail: /usr/sbin/sendmail admins: IMAP_ADMIN_LOGIN sasl_pwcheck_method: saslauthd sasl_mech_list: PLAIN LOGIN sasl_saslauthd_path: /run/saslauthd/mux allowplaintext: yes lmtp_over_quota_perm_failure: 1 -maxlogins_per_user: 50 +maxlogins_per_user: MAXLOGINS_PER_USER +# Disable mailbox referrals for all clients, as the referrals will point +# addresses the client cannot reach. proxyd_disable_mailbox_referrals: 0 httpmodules: caldav carddav domainkey freebusy ischedule rss webdav prometheus caldav_allowcalendaradmin: 1 unixhierarchysep: 1 virtdomains: userid sieve_extensions: fileinto reject envelope body vacation imap4flags include regex subaddress relational copy date allowallsubscribe: 0 anyoneuseracl: 0 allowusermoves: 1 altnamespace: 1 disconnect_on_vanished_mailbox: 1 hashimapspool: 1 anysievefolder: 1 fulldirhash: 0 sieve_maxscripts: 150 sieve_maxscriptsize: 128 sieveusehomedir: 0 sieve_allowreferrals: 0 sieve_utf8fileinto: 1 lmtp_downcase_rcpt: 1 lmtp_fuzzy_mailbox_match: 1 username_tolower: 1 deletedprefix: DELETED delete_mode: delayed expunge_mode: delayed postuser: shared tcp_keepalive: 1 prometheus_enabled: 1 syslog_prefix: cyrus-imapd calendar_default_displayname: Calendar addressbook_default_displayname: Addressbook debug: 0 chatty: 1 + +# proxy authentication for these users +# ROLE_BACKEND proxyservers: IMAP_ADMIN_LOGIN + +# WITH_MUPDATE mupdate_server: MUPDATE +# WITH_MUPDATE mupdate_port: 3905 +# WITH_MUPDATE mupdate_authname: IMAP_ADMIN_LOGIN +# WITH_MUPDATE mupdate_username: IMAP_ADMIN_LOGIN +# WITH_MUPDATE mupdate_password: IMAP_ADMIN_PASSWORD +# +# ROLE_FRONTEND # proxy authentication against backends +# ROLE_FRONTEND proxy_authname: IMAP_ADMIN_LOGIN +# ROLE_FRONTEND proxy_password: IMAP_ADMIN_PASSWORD diff --git a/docker/imap/rootfs/init.sh b/docker/imap/rootfs/init.sh index 38050195..feae66f7 100755 --- a/docker/imap/rootfs/init.sh +++ b/docker/imap/rootfs/init.sh @@ -1,49 +1,99 @@ #!/bin/bash set -e sed -i -r \ -e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \ -e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \ -e "s|MUPDATE|$MUPDATE|g" \ -e "s|SERVERLIST|$SERVERLIST|g" \ -e "s|SERVERNAME|$SERVERNAME|g" \ + -e "s|MAXLOGINS_PER_USER|$MAXLOGINS_PER_USER|g" \ -e "s|TLS_SERVER_CA_FILE|$TLS_SERVER_CA_FILE|g" \ $IMAPD_CONF + sed -i -r \ -e "s|APP_SERVICES_DOMAIN|$APP_SERVICES_DOMAIN|g" \ -e "s|SERVICES_PORT|$SERVICES_PORT|g" \ /etc/saslauthd.conf if [[ "$CYRUS_CONF" != "/etc/cyrus.conf" ]]; then cp "$CYRUS_CONF" /etc/cyrus.conf fi if [[ "$IMAPD_CONF" != "/etc/imapd.conf" ]]; then cp "$IMAPD_CONF" /etc/imapd.conf fi mkdir -p /var/lib/imap/socket mkdir -p /var/lib/imap/db -if [[ -f ${SSL_CERTIFICATE} ]]; then - cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem +if [[ "$WITH_TLS" == "true" ]]; then + if [[ -f ${SSL_CERTIFICATE} ]]; then + cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem + fi + sed -i \ + -e "s|# WITH_TLS ||g" \ + /etc/imapd.conf + sed -i \ + -e "s|# WITH_TLS ||g" \ + /etc/cyrus.conf +fi +if [[ "$ROLE" == "frontend" ]]; then + sed -i \ + -e "s|# WITH_MUPDATE ||g" \ + -e "s|# ROLE_FRONTEND ||g" \ + /etc/imapd.conf + sed -i \ + -e "s|# ROLE_FRONTEND ||g" \ + /etc/cyrus.conf + if [[ "$WITH_TLS" == "true" ]]; then + sed -i \ + -e "s|# ROLE_FRONTEND_WITH_TLS ||g" \ + /etc/cyrus.conf + fi +elif [[ "$ROLE" == "backend" ]]; then + sed -i \ + -e "s|# WITH_MUPDATE ||g" \ + -e "s|# ROLE_BACKEND ||g" \ + /etc/imapd.conf + sed -i \ + -e "s|# WITH_MUPDATE ||g" \ + -e "s|# ROLE_BACKEND ||g" \ + /etc/cyrus.conf + if [[ "$WITH_TLS" == "true" ]]; then + sed -i \ + -e "s|# ROLE_BACKEND_WITH_TLS ||g" \ + /etc/cyrus.conf + fi +else + sed -i \ + -e "s|# ROLE_BACKEND ||g" \ + /etc/imapd.conf + sed -i \ + -e "s|# ROLE_BACKEND ||g" \ + /etc/cyrus.conf + if [[ "$WITH_TLS" == "true" ]]; then + sed -i \ + -e "s|# ROLE_BACKEND_WITH_TLS ||g" \ + /etc/cyrus.conf + fi fi /usr/sbin/saslauthd -m /run/saslauthd -a httpform -d & # Can't run as user because of /dev/ permissions so far. # Cyrus imap only logs to /dev/log, no way around it it seems. # sudo rsyslogd -# Cyrus needs an entry in /etc/passwd. THe alternative would be perhaps the nss_wrapper +# Cyrus needs an entry in /etc/passwd. The alternative would perhaps be the nss_wrapper. # https://docs.openshift.com/container-platform/3.11/creating_images/guidelines.html#openshift-specific-guidelines # FIXME: This probably currently just works because we make /etc/ writable, which I suppose we shouldn't. ID=$(id -u) GID=$(id -g) echo "$ID:x:$ID:$GID::/opt/app-root/:/bin/bash" > /etc/passwd exec env CYRUS_VERBOSE=1 CYRUS_USER="$ID" /usr/libexec/master -D -p /var/run/master.pid