diff --git a/bin/podman_shared b/bin/podman_shared index 33227509..810a86b7 100644 --- a/bin/podman_shared +++ b/bin/podman_shared @@ -1,413 +1,414 @@ #!/bin/bash PODMAN=podman if [ -d /etc/letsencrypt ]; then LETSENCRYPT_VOLUME="-v /etc/letsencrypt/:/etc/letsencrypt/:ro" fi podman__build() { path=$1 shift name=$1 shift if [[ "$CACHE_REGISTRY" != "" ]]; then CACHE_ARGS="--layers --cache-from=$CACHE_REGISTRY/$name --cache-to=$CACHE_REGISTRY/$name --cache-ttl=24h" fi podman build $@ $CACHE_ARGS $path -t $name } podman__build_base() { podman__build docker/base/ apheleia/almalinux9 -f almalinux9 podman__build docker/swoole apheleia/swoole } podman__build_webapp() { podman__build docker/webapp kolab-webapp --ulimit nofile=65535:65535 \ ${KOLAB_GIT_REMOTE:+"--build-arg=GIT_REMOTE=$KOLAB_GIT_REMOTE"} \ ${KOLAB_GIT_REF:+"--build-arg=GIT_REF=$KOLAB_GIT_REF"} } podman__build_meet() { podman__build docker/meet kolab-meet --ulimit nofile=65535:65535 \ ${KOLAB_GIT_REMOTE:+"--build-arg=GIT_REMOTE=$KOLAB_GIT_REMOTE"} \ ${KOLAB_GIT_REF:+"--build-arg=GIT_REF=$KOLAB_GIT_REF"} } podman__build_roundcube() { podman__build docker/roundcube roundcube --ulimit nofile=65535:65535 \ ${GIT_REMOTE_ROUNDCUBEMAIL:+"--build-arg=GIT_REMOTE_ROUNDCUBEMAIL=$GIT_REMOTE_ROUNDCUBEMAIL"} \ ${GIT_REF_ROUNDCUBEMAIL:+"--build-arg=GIT_REF_ROUNDCUBEMAIL=$GIT_REF_ROUNDCUBEMAIL"} \ ${GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS:+"--build-arg=GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS=$GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS"} \ ${GIT_REF_ROUNDCUBEMAIL_PLUGINS:+"--build-arg=GIT_REF_ROUNDCUBEMAIL_PLUGINS=$GIT_REF_ROUNDCUBEMAIL_PLUGINS"} \ ${GIT_REMOTE_CHWALA:+"--build-arg=GIT_REMOTE_CHWALA=$GIT_REMOTE_CHWALA"} \ ${GIT_REF_CHWALA:+"--build-arg=GIT_REF_CHWALA=$GIT_REF_CHWALA"} \ ${GIT_REMOTE_SYNCROTON:+"--build-arg=GIT_REMOTE_SYNCROTON=$GIT_REMOTE_SYNCROTON"} \ ${GIT_REF_SYNCROTON:+"--build-arg=GIT_REF_SYNCROTON=$GIT_REF_SYNCROTON"} \ ${GIT_REMOTE_AUTOCONF:+"--build-arg=GIT_REMOTE_AUTOCONF=$GIT_REMOTE_AUTOCONF"} \ ${GIT_REF_AUTOCONF:+"--build-arg=GIT_REF_AUTOCONF=$GIT_REF_AUTOCONF"} \ ${GIT_REMOTE_IRONY:+"--build-arg=GIT_REMOTE_IRONY=$GIT_REMOTE_IRONY"} \ ${GIT_REF_IRONY:+"--build-arg=GIT_REF_IRONY=$GIT_REF_IRONY"} \ ${GIT_REMOTE_FREEBUSY:+"--build-arg=GIT_REMOTE_FREEBUSY=$GIT_REMOTE_FREEBUSY"} \ ${GIT_REF_FREEBUSY:+"--build-arg=GIT_REF_FREEBUSY=$GIT_REF_FREEBUSY"} } podman__build_postfix() { podman__build docker/postfix kolab-postfix } podman__build_imap() { podman__build docker/imap kolab-imap \ ${IMAP_GIT_REMOTE:+"--build-arg=GIT_REMOTE=$IMAP_GIT_REMOTE"} \ ${IMAP_GIT_REF:+"--build-arg=GIT_REF=$IMAP_GIT_REF"} } podman__build_amavis() { podman__build docker/amavis kolab-amavis } podman__build_proxy() { podman__build docker/proxy kolab-proxy } podman__build_collabora() { podman build docker/collabora -t kolab-collabora --build-arg=REPOSITORY="https://www.collaboraoffice.com/repos/CollaboraOnline/23.05-CODE/CODE-rpm/" } podman__build_coturn() { podman build docker/coturn -t kolab-coturn } podman__build_utils() { podman build docker/utils -t kolab-utils } podman__build_all() { podman__build_base podman__build_webapp podman__build_meet podman__build_postfix podman__build_imap podman__build_amavis podman__build_collabora podman build docker/mariadb -t mariadb podman build docker/redis -t redis podman__build_proxy podman__build_coturn podman__build_utils podman build docker/fluentbit -t fluentbit podman build docker/synapse -t synapse podman build docker/element -t element podman__build_roundcube podman build docker/ldap -t ldap } kolab__validate() { POD=$1 $PODMAN exec $POD-imap testsaslauthd -u cyrus-admin -p simple123 $PODMAN exec $POD-imap testsaslauthd -u "john@kolab.org" -p simple123 # Ensure the inbox is created FOUND=false for i in {1..60}; do if $PODMAN exec $POD-imap bash -c 'echo "lm" | cyradm --auth PLAIN -u cyrus-admin -w simple123 --port 11143 localhost | grep "user/john@kolab.org"'; then echo "Found mailbox"; FOUND=true break else echo "Waiting for mailbox"; sleep 1; fi done if ! $FOUND; then echo "Failed to find the inbox for john@kolab.org" exit 1 fi } podman__is_ready() { if [[ "$(timeout 5 podman wait --condition running $1)" != "-1" ]]; then echo "Container $1 is not running" return 1 fi # We can only wait for healthy if healthcheck is available return 0 } podman__healthcheck() { for CONTAINER in $@; do echo "Waiting for ${CONTAINER} to become healthy" while [ $(podman healthcheck run ${CONTAINER}) ]; do echo -n "."; sleep 5; done echo # Abort if the container failed to start if ! podman__is_ready $CONTAINER; then exit 1 fi done } podman__run() { NAME=$1 shift if [[ "$DEBUG_ARGS" != "" ]]; then RUN_ARGS=$DEBUG_ARGS else RUN_ARGS="-dt --pod $POD --name $POD-$NAME" fi $PODMAN run $RUN_ARGS --replace "$@" } podman__run_proxy() { podman__run proxy \ -v $CERTS_PATH:/etc/certs:ro \ $LETSENCRYPT_VOLUME \ -e APP_WEBSITE_DOMAIN \ -e SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE} \ -e SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY} \ -e WEBAPP_BACKEND="http://localhost:8000" \ -e MEET_BACKEND="http://localhost:12080" \ -e ROUNDCUBE_BACKEND="http://localhost:8080" \ -e DAV_BACKEND="http://localhost:11080" \ -e DAV_PATH="/dav" \ -e COLLABORA_BACKEND="http://localhost:9980" \ -e SIEVE_BACKEND="localhost:4190" \ kolab-proxy:latest $@ } podman__run_roundcube() { podman__run roundcube \ -v ./ext:/src.orig:ro \ -e APP_DOMAIN \ -e DES_KEY \ -e DB_HOST \ -e DB_RC_DATABASE="roundcube" \ -e DB_RC_USERNAME="roundcube" \ -e DB_RC_PASSWORD="${DB_PASSWORD:?"missing env variable"}" \ -e IMAP_HOST=127.0.0.1 \ -e IMAP_PORT=11143 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ -e SUBMISSION_HOST=127.0.0.1 \ -e SUBMISSION_ENCRYPTION=starttls \ -e SUBMISSION_PORT=10587 \ -e IMAP_DEBUG \ -e LOG_DRIVER=stdout \ -e KOLAB_FILES_SERVER_URL=http://localhost:8080/chwala \ -e FILEAPI_WOPI_OFFICE=http://localhost:9980 \ -e FILEAPI_KOLABFILES_BASEURI=http://localhost:8000/api \ -e FILE_API_SERVER_URL=http://localhost:8080/chwala/api/ \ -e KOLAB_ADDRESSBOOK_CARDDAV_SERVER=http://localhost:11080/dav \ -e CALENDAR_CALDAV_SERVER=http://localhost:11080/dav \ -e TASKLIST_CALDAV_SERVER=http://localhost:11080/dav \ -e REDIS_HOST=localhost \ -e REDIS_PASSWORD="${REDIS_PASSWORD:?"missing env variable"}" \ roundcube:latest $@ } podman__run_mariadb() { podman__run mariadb \ $MARIADB_STORAGE \ -e MYSQL_ROOT_PASSWORD=${DB_ROOT_PASSWORD:?"missing env variable"} \ -e TZ="+02:00" \ -e DB_HKCCP_DATABASE="kolabdev" \ -e DB_HKCCP_USERNAME="kolabdev" \ -e DB_HKCCP_PASSWORD=${DB_PASSWORD:?"missing env variable"} \ -e DB_KOLAB_DATABASE="kolab" \ -e DB_KOLAB_USERNAME="kolab" \ -e DB_KOLAB_PASSWORD=${DB_PASSWORD:?"missing env variable"} \ -e DB_RC_DATABASE="roundcube" \ -e DB_RC_USERNAME="roundcube" \ -e DB_RC_PASSWORD=${DB_PASSWORD:?"missing env variable"} \ --health-cmd "mysqladmin -u root ping && test -e /tmp/initialized" \ mariadb:latest $@ } podman__run_ldap() { podman__run ldap \ $LDAP_STORAGE \ -e APP_DOMAIN \ -e LDAP_BASE_DN="dc=mgmt,dc=com" \ -e LDAP_DOMAIN_BASE_DN="ou=Domains,dc=mgmt,dc=com" \ -e LDAP_HOSTS=ldap \ -e LDAP_PORT=389 \ -e LDAP_SERVICE_BIND_DN="uid=kolab-service,ou=Special Users,dc=mgmt,dc=com" \ -e LDAP_SERVICE_BIND_PW="simple123" \ -e LDAP_USE_SSL=false \ -e LDAP_USE_TLS=false \ -e LDAP_ADMIN_BIND_DN="cn=Directory Manager" \ -e LDAP_ADMIN_BIND_PW="simple123" \ -e LDAP_ADMIN_ROOT_DN="dc=mgmt,dc=com" \ -e LDAP_HOSTED_BIND_DN="uid=hosted-kolab-service,ou=Special Users,dc=mgmt,dc=com" \ -e LDAP_HOSTED_BIND_PW="simple123" \ -e LDAP_HOSTED_ROOT_DN="dc=hosted,dc=com" \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ --health-cmd "systemctl status dirsrv@kolab || exit 1" \ ldap:latest $@ } podman__run_redis() { podman__run redis \ $REDIS_STORAGE \ -e REDIS_PASSWORD="${REDIS_PASSWORD:?"missing env variable"}" \ --health-cmd "redis-cli ping || exit 1" \ redis:latest $@ } podman__run_minio() { podman__run minio \ $MINIO_STORAGE \ -e MINIO_ROOT_USER=${MINIO_USER:?"missing env variable"} \ -e MINIO_ROOT_PASSWORD=${MINIO_PASSWORD:?"missing env variable"} \ --health-cmd "mc ready local || exit 1" \ --entrypoint sh \ quay.io/minio/minio:latest -c 'mkdir -p /data/kolab && minio server /data --console-address ":9001"' } podman__run_webapp() { # We run with a fixed config.demo overlay and override the environment with ci/env podman__run webapp \ --env-file=$ENV_FILE \ -v ./src:/src/kolabsrc.orig:ro \ -v ./$CONFIG/src:/src/overlay:ro \ -e NOENVFILE=true \ -e APP_SERVICES_ALLOWED_DOMAINS="webapp,localhost,services.$HOST" \ -e KOLAB_ROLE=combined \ -e PASSPORT_PRIVATE_KEY="$PASSPORT_PRIVATE_KEY" \ -e PASSPORT_PUBLIC_KEY="$PASSPORT_PUBLIC_KEY" \ -e MINIO_ENDPOINT="http://localhost:9000" \ -e MEET_SERVER_URLS="http://127.0.0.1:12080/meetmedia/api/" \ -e MEET_SERVER_VERIFY_TLS=false \ --health-cmd "./artisan octane:status || exit 1" \ kolab-webapp:latest } podman__run_imap() { podman__run imap \ $IMAP_SPOOL_STORAGE \ $IMAP_LIB_STORAGE \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ --health-cmd "test -e /run/saslauthd/mux && kill -0 \$(cat /var/run/master.pid)" \ kolab-imap:latest $@ } podman__run_postfix() { podman__run postfix \ --privileged \ $POSTFIX_SPOOL_STORAGE \ $POSTFIX_LIB_STORAGE \ -v $CERTS_PATH:/etc/certs:ro \ $LETSENCRYPT_VOLUME \ -e SSL_CERTIFICATE="$KOLAB_SSL_CERTIFICATE" \ -e SSL_CERTIFICATE_FULLCHAIN="$KOLAB_SSL_CERTIFICATE_FULLCHAIN" \ -e SSL_CERTIFICATE_KEY="$KOLAB_SSL_CERTIFICATE_KEY" \ -e APP_DOMAIN \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e AMAVIS_HOST=127.0.0.1 \ -e DB_HOST=127.0.0.1 \ -e DB_USERNAME \ -e DB_PASSWORD \ -e DB_DATABASE \ -e LMTP_DESTINATION="localhost:11024" \ + -e WITH_CONTENTFILTER \ --health-cmd "test -e /run/saslauthd/mux && kill -0 \$(cat /var/spool/postfix/pid/master.pid)" \ kolab-postfix:latest $@ } podman__run_amavis() { podman__run amavis \ -e APP_DOMAIN \ -e POSTFIX_HOST=localhost \ -e DB_HOST=localhost \ -e DB_USERNAME \ -e DB_PASSWORD \ -e DB_DATABASE \ kolab-amavis:latest $@ } podman__run_collabora() { podman__run collabora \ --privileged \ -e ALLOWED_HOSTS=${APP_DOMAIN} \ kolab-collabora:latest $@ } podman__run_synapse() { podman__run synapse \ $SYNAPSE_STORAGE \ -v $CERTS_PATH:/etc/certs:ro \ -e APP_DOMAIN \ -e KOLAB_URL="http://127.0.0.1:8000" \ -e SYNAPSE_OAUTH_CLIENT_ID="${PASSPORT_SYNAPSE_OAUTH_CLIENT_ID:?"missing env variable"}" \ -e SYNAPSE_OAUTH_CLIENT_SECRET="${PASSPORT_SYNAPSE_OAUTH_CLIENT_SECRET:?"missing env variable"}" \ synapse:latest $@ } podman__run_element() { podman__run element \ -e APP_DOMAIN \ element:latest $@ } podman__run_vector() { podman__run vector \ vector:latest $@ } podman__run_meet() { podman__run meet \ -v ./meet/server:/src/meet:ro \ -e WEBRTC_LISTEN_IP=0.0.0.0 \ -e WEBRTC_ANNOUNCED_ADDRESS=${PUBLIC_IP:?"missing env variable"} \ -e PUBLIC_DOMAIN=$APP_DOMAIN \ -e LISTENING_HOST=127.0.0.1 \ -e LISTENING_PORT=12080 \ -e DEBUG="*" \ -e TURN_SERVER=none \ -e AUTH_TOKEN=${MEET_SERVER_TOKEN} \ -e WEBHOOK_TOKEN=${MEET_WEBHOOK_TOKEN} \ -e WEBHOOK_URL=$APP_DOMAIN/api/webhooks/meet \ -e SSL_CERT=none \ -e FORCE_WSS=true \ kolab-meet:latest $@ } function pin_commit() { git ls-remote --exit-code -h "$1" "refs/heads/$2" | awk '{print $1}' } pin_git_refs() { echo "Pinning commits" # This are the pinned commits that are going to be used for the base images export KOLAB_GIT_REMOTE=https://git.kolab.org/source/kolab export KOLAB_GIT_REF=$(pin_commit "$KOLAB_GIT_REMOTE" "master") export GIT_REMOTE_ROUNDCUBEMAIL=https://git.kolab.org/source/roundcubemail.git export GIT_REF_ROUNDCUBEMAIL=$(pin_commit "$GIT_REMOTE_ROUNDCUBEMAIL" "dev/kolab-1.5") export GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS=https://git.kolab.org/diffusion/RPK/roundcubemail-plugins-kolab.git export GIT_REF_ROUNDCUBEMAIL_PLUGINS=$(pin_commit "$GIT_REMOTE_ROUNDCUBEMAIL_PLUGINS" "master") export GIT_REMOTE_CHWALA=https://git.kolab.org/diffusion/C/chwala.git export GIT_REF_CHWALA=$(pin_commit "$GIT_REMOTE_CHWALA" "master") export GIT_REMOTE_SYNCROTON=https://git.kolab.org/diffusion/S/syncroton.git export GIT_REF_SYNCROTON=$(pin_commit "$GIT_REMOTE_SYNCROTON" "master") export GIT_REMOTE_AUTOCONF=https://git.kolab.org/diffusion/AC/autoconf.git export GIT_REF_AUTOCONF=$(pin_commit "$GIT_REMOTE_AUTOCONF" "master") export GIT_REMOTE_IRONY=https://git.kolab.org/source/iRony.git export GIT_REF_IRONY=$(pin_commit "$GIT_REMOTE_IRONY" "master") export GIT_REMOTE_FREEBUSY=https://git.kolab.org/diffusion/F/freebusy.git export GIT_REF_FREEBUSY=$(pin_commit "$GIT_REMOTE_FREEBUSY" "master") export IMAP_GIT_REMOTE=https://git.kolab.org/source/cyrus-imapd export IMAP_GIT_REF=$(pin_commit "$IMAP_GIT_REMOTE" "dev/kolab-3.6") } diff --git a/ci/testctl b/ci/testctl index 40304a07..3baeabe3 100755 --- a/ci/testctl +++ b/ci/testctl @@ -1,530 +1,532 @@ #!/bin/bash base_dir="$(dirname $(realpath "$0"))" pushd "${base_dir}" pushd .. set -e PASSPORT_PRIVATE_KEY="-----BEGIN PRIVATE KEY----- MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQCmYeRp7XXnPe8w X0iOJRpeskfUuOJ/Gqz5dsMIWFB6fPaI5/9tkMEyp+vCEF7eFXLBrXeQi6F/VNmV wn+dGEQhkhuDoEXr8Z4c333wLH8iOEF4WQbt/WF3ERdjmJt3vKry8B/OLNmmcK7j 4sz828h6L2ZT6GPcbGsNukxBMcIMOpflo0SLHy4VThdo6b1Q4nD2K/PX1ypyfFao nj3OfHBdSVLmTgd7BvB/azYFYWHP4INY8cylZWItDXuqPlBGSU2ff2xTKY/WRco/ djvrO9bM1WeI+8W36EeLHERru1QRpN22TgWCQ2dbLRsVrsMg8Ly6SMe8ceDXQt5C LKAN24jFt1UnBgr+qK1TrxkBtu5+V2WPYWhUvBLI/2qnFQh1GiWMKinWQO7rFCIC rRUcQBUu2AylmG0P/oPjPrjhAnxq3HguOn8cS1OeBpOH7+8tz0CeEdyVfT8maVs/ VWRZbEb0UjFLRNU+iVEGzz3jyQuKhOJ/2WuW0mJzF3pPQ64Dl+fLyXqF1KXNoPem evmmRjCZWfkWAEAWd3+yRfoOxGz55vaU1qGS81lnXnP1R5TZGXon24HHS9uRwHt6 JII+FEwgqr8K2TISDPxx7iQbXx8kcMUMBJG8aNoG73WVXmHs0uaEUsXMy9vtegeu //IPpNUTlbjsn8Ot+t68mTNLUZX74wIDAQABAoICAE5fZT8KVlPfJiikcWJXktTR aKmIj1Qs5ha6PQNUyk/wRhbWJUjge0jXtWNb37v/4WbexafGRgPbHYUAMal3kTw4 /RHi8JzD2uUh10pHQ3mEgz5jvTJkfMEfwWMuMulTazj1KB4vnTRb9t2saz+ebZA0 fKCAom1leoXkX+ADxrKI9Rz766EWxlfNyZQnKgCMMYabzIg6t6lm7VEO/PEjR7CB hfWrArYOXkG+6BrftLm9OVGv0GSGXZj4NWzLXnfFNrWvSYDg3nqhtDNxh6b2MGeb DGKHqipHVU/vOEGA44hOHwutM8YY5voZRJ1RjWOaUmPzPXaEM9NiEZydNaVhaEpq m7jNpu7S5xa2Eodt2iz2uQhnDHrYnGVCH5psal6TZAo9APWwwBOsFQ+nXwjxTeL9 +3JL6+jrP0eqzNVhl8c0cHJnBDpSVNG734RsK8XOxmJyq3Xt8Roi3Ud7gjy/FGpv XgzDpkFvd5uETn1VIuAfirm7MD8RbTIZAWCgqCrE7NuXOcnBGHuC955KF8OAx8np 8yCtlmBSXKifoIeeyu32L8s3g7md+xRuaU8yRtuClTLKG+6oRZYcaFNcVKKZzyu5 xnxUS6Haphd5/LhgnA3ujXkkNPdmHxPvJOWYABSNFeXzNF1npL/4wFLNvppMCPR1 v7M7AnbvyEvKm1Q2ePe9AoIBAQDigI4AJIaHeQiuqFSIWhm8NYkOZF0jfvWM7K8v 1IAE0WATP8KbeTINS2fUYZrNFs7S66Pl1WdPH7atVoi7QVcIoFhlYYRqILETpKJr z0dFLIiaajzQ9kTPzhLRDGBhO3TKb7RpFndYAuxzSw1C/3JHb4crD8kDIB8xVoba xvsXdVssqBQgScUrj1Ff4ZPtFhqLPsWnvdBpbM6LV/2t/CnTu4qU2szJZQNGP1Qf gEapbuZC6YFahXDTgYFTfn/vKzyKb/Fiskz3Rs9jgY08gRxIandeUqJIEoJi+CwZ q6twD8qKzGhB9nxSAOwhJzDg4SyhNnRQt5X8XQWVjpxs3HxnAoIBAQC8DPsIDN5r 7joZj5d4/k8Yg+q1ecySm9zYy9Lzf0WUFgRu9NW9UeUPRjGXhNo5VOxxB62rMZCJ E81ItxUVQwHH4S62ycBPbsYEapE/itS+KdEzWQP2u3HAkLD3N28snMlIhTJR8fXB GasWngs9Q7uB7Wk0niKa8T7fBDx9pOyjMlIPwo0lZCrUAnmjOgZ+RvvuGDgqpDdp h7JUxtFmsWPgBFNZtr5BTRcr5hWRoSXJgQODqpTQHjQddMWy7LCJg3qKLiKVIOd5 +iGzhUIZzo95FYiyt8Ojdt3Y0k5J99NOrOwAPNLvbC5TTshtA144E9uwEqBbTm+S RtLZeVBWZ1clAoIBAQC0j26jxnpH/MBjG2Vn3Quu8a50fqWQ6mCtGvD83BXBwXcp YSat8gtodbgrojNZUtlFYvug+GIGvW1O+TC+tfO/uLM+/mIkiDMhSZkBAJf8GOg8 0HvyyJ9KWSi+5XLfkBomVq4nJ/Wzf4Em16mWwzRCpjHGriq8BxtWpXeTaBQ6Ox+X ldWVd7lqZDGmkZju4zP91OiUM8i0gjyU8GwWCnL9iv+KcnHWCmR1134kLool/3Yn 2SV5F+89bHvAJ5OtAXadlWeEGkcoyJYC6P/CP9pgEB9gXddoRPkUFGpzfFqKVsxL oW9rRicM6BdUxn08h8SgL1zCC9fQ+ga9lpY0Yf/5AoIBAH7S5k5El5EE5mwsukRg hqmK9jUUAtLxiR0xQYD02dEIlE7cknYPEEOf3HxKnf5Cdv+35PlrAQZhs3YR+4cO XNoX1TBzml434BZEZNcM43Oosi1GIHU7b3kmXCMuYK0exGVDZ296lnp3vDoRtpTH 5GK44dYZvE7w2qz/p2g5XVqm6k80r4qDJps7XBuoW464gtnNvbuMas6iNLQWLk1q 32fKowgDRga2XiU+FFfV7a0bdGpNFfXSGOWwxlBobpsfb/pXKP2YZmSOPEJdYfoT pBFOY5Xcd3X8CZxcIW6jVABggP2cB8pvFEMdA/D5b4a0Zdo2ha1ulbJ6T2NZ/MN5 CH0CggEBAMLRnxLQRCgdyrYroqdSBU85fAk0uU//rn7i/1vQG6pUy4Dq6W/yBhFV /Fph6c9NXHUUbM3HlvyY2Ht4aUQl8d50wsyU6enxvpdwzti6N2WXyrEX4WtVqgNP OKHEu+mii3m6kOfvDD97AT4hAGzCZR4lkb06t49y7ua4NRZaKTrTiG3g2uTtBR81 /w1GtL+DNUEFzO1Iy2dscWxr76I+ZX6VlFHGneUlhyN9VJk8WHVI5xpVV9y7ay3I jXXFDgNqjqiSC6BU7iYpkVEKl/hvaGJU7CKLKFbxzBgseyY/7XsMHvWbwjK8a0Lm bakhie7hJBP7BoOup+dD5NQPlXBQ434= -----END PRIVATE KEY-----" PASSPORT_PUBLIC_KEY="-----BEGIN PUBLIC KEY----- MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEApmHkae115z3vMF9IjiUa XrJH1Ljifxqs+XbDCFhQenz2iOf/bZDBMqfrwhBe3hVywa13kIuhf1TZlcJ/nRhE IZIbg6BF6/GeHN998Cx/IjhBeFkG7f1hdxEXY5ibd7yq8vAfzizZpnCu4+LM/NvI ei9mU+hj3GxrDbpMQTHCDDqX5aNEix8uFU4XaOm9UOJw9ivz19cqcnxWqJ49znxw XUlS5k4Hewbwf2s2BWFhz+CDWPHMpWViLQ17qj5QRklNn39sUymP1kXKP3Y76zvW zNVniPvFt+hHixxEa7tUEaTdtk4FgkNnWy0bFa7DIPC8ukjHvHHg10LeQiygDduI xbdVJwYK/qitU68ZAbbufldlj2FoVLwSyP9qpxUIdRoljCop1kDu6xQiAq0VHEAV LtgMpZhtD/6D4z644QJ8atx4Ljp/HEtTngaTh+/vLc9AnhHclX0/JmlbP1VkWWxG 9FIxS0TVPolRBs8948kLioTif9lrltJicxd6T0OuA5fny8l6hdSlzaD3pnr5pkYw mVn5FgBAFnd/skX6DsRs+eb2lNahkvNZZ15z9UeU2Rl6J9uBx0vbkcB7eiSCPhRM IKq/CtkyEgz8ce4kG18fJHDFDASRvGjaBu91lV5h7NLmhFLFzMvb7XoHrv/yD6TV E5W47J/DrfrevJkzS1GV++MCAwEAAQ== -----END PUBLIC KEY-----" export HOST=kolab.local export APP_WEBSITE_DOMAIN="$HOST" export APP_DOMAIN=$HOST export DES_KEY=kBxUM/53N9p9abusAoT0ZEAxwI2pxFz/ export DB_HOST=127.0.0.1 export KOLAB_SSL_CERTIFICATE=/etc/certs/kolab.local.cert export KOLAB_SSL_CERTIFICATE_KEY=/etc/certs/kolab.local.key export IMAP_HOST=localhost export IMAP_PORT=11143 export IMAP_ADMIN_LOGIN=cyrus-admin export IMAP_ADMIN_PASSWORD=simple123 export MAIL_HOST=localhost export MAIL_PORT=10587 export IMAP_DEBUG=true export DAV_URI=http://localhost:11080/dav/ export FILEAPI_WOPI_OFFICE=https://$HOST export CALENDAR_CALDAV_SERVER=http://localhost:11080/dav export KOLAB_ADDRESSBOOK_CARDDAV_SERVER=http://localhost:11080/dav export DB_ROOT_PASSWORD=simple123 export DB_HKCCP_PASSWORD=simple123 export DB_KOLAB_PASSWORD=simple123 export DB_RC_PASSWORD=simple123 export DB_PASSWORD=simple123 export DB_USERNAME=kolabdev export DB_DATABASE=kolabdev export MINIO_ROOT_USER=minio export MINIO_ROOT_PASSWORD=simple123 export MINIO_USER=minio export MINIO_PASSWORD=simple123 export MEET_SERVER_TOKEN=simple123 export MEET_WEBHOOK_TOKEN=simple123 export PUBLIC_IP=127.0.0.1 export REDIS_PASSWORD=simple123 export CERTS_PATH=./ci/certs export IMAP_SPOOL_STORAGE=--mount=type=tmpfs,tmpfs-size=128M,tmpfs-mode=777,destination=/var/spool/imap,U=true,notmpcopyup export IMAP_LIB_STORAGE=--mount=type=tmpfs,tmpfs-size=128M,tmpfs-mode=777,destination=/var/lib/imap,U=true,notmpcopyup export SYNAPSE_STORAGE=--mount=type=tmpfs,tmpfs-size=128M,tmpfs-mode=777,destination=/data,U=true,notmpcopyup export MARIADB_STORAGE=--mount=type=tmpfs,tmpfs-size=512M,destination=/var/lib/mysql,U=true export REDIS_STORAGE=--mount=type=tmpfs,tmpfs-size=128M,destination=/var/lib/redis,U=true export MINIO_STORAGE=--mount=type=tmpfs,tmpfs-size=128M,destination=/data,U=true export LDAP_STORAGE=--mount=type=tmpfs,tmpfs-size=128M,destination=/ldapdata,U=true,notmpcopyup export PASSPORT_SYNAPSE_OAUTH_CLIENT_ID=2909ca4f-df7e-45fe-b355-e7c195aef112 export PASSPORT_SYNAPSE_OAUTH_CLIENT_SECRET=2URb+3JGJM9wPuDnlUSTPOw2mqmHsoOV8NXanx9xwQM= +export WITH_CONTENTFILTER=true + export ENV_FILE=ci/env export PODMAN_IGNORE_CGROUPSV1_WARNING=true PODMAN="podman" source bin/podman_shared # Teardown the currently running environments (both the tests and dev pod) kolab__teardown() { $PODMAN pod rm --force tests $PODMAN pod rm --force dev } podman__build_tests() { podman__build docker/tests kolab-tests --ulimit nofile=65535:65535 } # Build all containers required for testing kolab__build() { pin_git_refs if [[ $1 != "" ]]; then if declare -f "podman__build_$1" >/dev/null 2>&1; then podman__build_$1 else podman__build docker/$1 $1 fi else podman__build_base podman__build_webapp podman__build_meet podman__build_imap podman__build docker/mariadb mariadb podman__build docker/redis redis podman__build_proxy podman__build docker/synapse synapse podman__build docker/element element podman__build_roundcube podman__build_tests env CERT_DIR=ci/certs APP_DOMAIN=$HOST bin/regen-certs fi } # Setup the test environment in the "tests" pod. kolab__setup() { echo "Build" kolab__build echo "Setup" export POD=tests # Create the pod first $PODMAN pod create --replace --name $POD podman__run_mariadb podman__run_redis podman__healthcheck $POD-mariadb $POD-redis podman__run_imap podman__healthcheck $POD-imap export CONFIG=config.demo podman__run_webapp podman__healthcheck $POD-webapp # Ensure all commands are processed echo "Flushing work queue" $PODMAN exec -ti $POD-webapp ./artisan queue:work --stop-when-empty podman__run_minio podman__healthcheck $POD-minio # Validate the test environment kolab__validate $POD } # Execute a testsuite (testsuite|quicktest|tests/Feature/Jobs/WalletCheckTest.php). Requires setup to have been executed previously to prepare the "tests" pod. kolab__test() { export POD=tests $PODMAN run -ti --pod tests --name $POD-kolab-tests --replace \ --env-file=ci/env \ -v ./src:/src/kolabsrc.orig:ro \ -e APP_SERVICES_DOMAINS="localhost" \ -e PASSPORT_PRIVATE_KEY="$PASSPORT_PRIVATE_KEY" \ -e PASSPORT_PUBLIC_KEY="$PASSPORT_PUBLIC_KEY" \ -e APP_URL="http://kolab.local" \ -e APP_PUBLIC_URL="http://kolab.local" \ -e APP_HEADER_CSP="" \ -e APP_HEADER_XFO="" \ -e ASSET_URL="http://kolab.local" \ -e MEET_SERVER_URLS="http://kolab.local/meetmedia/api/" \ -e DAV_URI \ kolab-tests:latest /init.sh $@ } # Validate that the proxy works kolab__proxytest() { # Without element $PODMAN run -ti --rm \ -v ./ci/certs/:/etc/certs/:ro \ -e APP_WEBSITE_DOMAIN \ -e SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE} \ -e SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY} \ -e WEBAPP_BACKEND="http://localhost:8000" \ -e MEET_BACKEND="http://localhost:12080" \ -e ROUNDCUBE_BACKEND="http://localhost:8080" \ -e DAV_BACKEND="http://localhost:11080" \ -e COLLABORA_BACKEND="http://localhost:9980" \ -e SIEVE_BACKEND="localhost:4190" \ kolab-proxy:latest /init.sh validate # With element $PODMAN run -ti --rm \ -v ./ci/certs/:/etc/certs/:ro \ -e APP_WEBSITE_DOMAIN \ -e SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE} \ -e SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY} \ -e WEBAPP_BACKEND="http://localhost:8000" \ -e MEET_BACKEND="http://localhost:12080" \ -e ROUNDCUBE_BACKEND="http://localhost:8080" \ -e DAV_BACKEND="http://localhost:11080" \ -e COLLABORA_BACKEND="http://localhost:9980" \ -e SIEVE_BACKEND="localhost:4190" \ -e ELEMENT_BACKEND=http://element:8880 \ -e MATRIX_BACKEND=http://synapse:8008 \ kolab-proxy:latest /init.sh validate } # Validate that imap works kolab__imaptest() { # With tls $PODMAN run -ti --rm \ -v ./ci/certs/:/etc/certs/:ro \ $IMAP_SPOOL_STORAGE \ $IMAP_LIB_STORAGE \ -e SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE} \ -e SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY} \ -e TLS_SERVER_CA_FILE=${KOLAB_SSL_CERTIFICATE_KEY} \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ -e WITH_TLS="true" \ kolab-imap:latest /init.sh validate # Without tls $PODMAN run -ti --rm \ $IMAP_SPOOL_STORAGE \ $IMAP_LIB_STORAGE \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ kolab-imap:latest /init.sh validate # Frontend with tls $PODMAN run -ti --rm \ -v ./ci/certs/:/etc/certs/:ro \ $IMAP_SPOOL_STORAGE \ $IMAP_LIB_STORAGE \ -e SSL_CERTIFICATE=${KOLAB_SSL_CERTIFICATE} \ -e SSL_CERTIFICATE_KEY=${KOLAB_SSL_CERTIFICATE_KEY} \ -e TLS_SERVER_CA_FILE=${KOLAB_SSL_CERTIFICATE_KEY} \ -e APP_SERVICES_DOMAIN="localhost" \ -e SERVICES_PORT=8000 \ -e IMAP_ADMIN_LOGIN \ -e IMAP_ADMIN_PASSWORD \ -e ROLE="frontend" \ -e WITH_TLS="true" \ kolab-imap:latest /init.sh validate } # Lint the kolab4 codebase kolab__lint() { $PODMAN run --rm -ti \ -v ./src:/src/kolabsrc.orig:ro \ kolab-tests:latest /init.sh lint } # Setup the test environment and run a complete kolab4 testsuite kolab__testrun() { echo "Setup" kolab__setup echo "Test" kolab__test testsuite } # Setup the test environment and run all available testsuites (including roundcube etc.) kolab__testrun_complete() { echo "Setup" kolab__setup echo "Test" kolab__test lint kolab__test testsuite kolab__rctest syncroton lint kolab__rctest syncroton testsuite kolab__rctest irony lint # kolab__rctest irony testsuite kolab__rctest roundcubemail-plugins-kolab lint # kolab__rctest roundcubemail-plugins-kolab testsuite } # Get a shell inside the container. Without arguments his gives you a shell in the test container, with argument inside one of the containers in the dev pod. kolab__shell() { if [[ $1 != "" ]]; then POD="dev" container=$1 shift command podman exec -ti $POD-$container /bin/bash else kolab__test shell fi } # Run the roundcube testsuite kolab__rctest() { export POD=tests DEBUG_ARGS="-ti --rm --pod tests --name debug-$1 -e KOLABOBJECTS_COMPAT_MODE=true -e DEBUG_USERS=john@kolab.org" podman__run_roundcube ./init.sh $@ } # Get a shell inside the roundcube test container to run/debug tests kolab__rcshell() { export POD=tests DEBUG_ARGS="-ti --rm --pod tests --name debug-$1 -e KOLABOBJECTS_COMPAT_MODE=true -e DEBUG_USERS=john@kolab.org" podman__run_roundcube ./init.sh $@ } # Validate a deployment, currently only used for test pod kolab__validate() { POD=$1 $PODMAN exec $POD-imap testsaslauthd -u cyrus-admin -p simple123 $PODMAN exec $POD-imap testsaslauthd -u "john@kolab.org" -p simple123 # Ensure the inbox is created FOUND=false for i in {1..60}; do if $PODMAN exec $POD-imap bash -c 'echo "lm" | cyradm --auth PLAIN -u cyrus-admin -w simple123 --port 11143 localhost | grep "user/john@kolab.org"'; then echo "Found mailbox"; FOUND=true break else echo "Waiting for mailbox"; sleep 1; fi done if ! $FOUND; then echo "Failed to find the inbox for john@kolab.org" exit 1 fi } kolab__mailtransporttest() { POD=${POD:-dev} if $PODMAN run --rm -ti --pod=$POD kolab-utils:latest ./mailtransporttest.py --timeout 1 --sender-username admin@kolab.local --sender-password simple123 --sender-host localhost --sender-port 6465 --recipient-username noreply@kolab.local --recipient-password simple123 --recipient-host localhost --recipient-port 6993 --validate; then echo "Success" else exit 1 fi } # Deploy a test deployment in the "dev" pod kolab__deploy() { export POD=dev if [ `getenforce` == "Enforcing" ]; then # Patches on how to correctly configure selinux are welcome echo "selinux breaks networking, please disable" exit 1 fi # Create the pod first $PODMAN pod create \ --replace \ --add-host=kolab.local:127.0.0.1 \ --publish "443:6443" \ --publish "465:6465" \ --publish "587:6587" \ --publish "143:6143" \ --publish "993:6993" \ --publish "6379:6379" \ --publish "3306:3306" \ --publish "11080:11080" \ --publish "11143:11143" \ --publish "11993:11993" \ --publish "44444:44444/udp" \ --publish "44444:44444/tcp" \ --name $POD podman__run_mariadb podman__run_redis podman__healthcheck $POD-mariadb $POD-redis # IMAP must be avialable for the seeder podman__run_imap podman__healthcheck $POD-imap export CONFIG=config.prod podman__run_webapp podman__healthcheck $POD-webapp # Ensure all commands are processed echo "Flushing work queue" $PODMAN exec -ti $POD-webapp ./artisan queue:work --stop-when-empty $PODMAN exec $POD-webapp ./artisan user:password "admin@kolab.local" "simple123" podman__run_synapse podman__run_element podman__run_minio podman__healthcheck $POD-minio podman__run_meet podman__run_roundcube podman__run_proxy podman__run_postfix podman__run_amavis podman__run_collabora echo "Deployment complete" } # Re-run a container in the dev pod kolab__run() { POD=dev if [ "$1" == "--build" ]; then shift kolab__build $1 fi podman__run_$1 } kolab__debug() { DEBUG_ARGS="-ti --rm --name debug-$1" podman__run_$1 /bin/bash } # Monitor vue files for changes, and automatically reload the dev webapp container if anything changes. Requires "entr" on the host. kolab__watch() { trap 'kill $(jobs -p) 2>/dev/null' EXIT find src/resources/ src/app -regex '.*\.\(vue\|php\|js\)$' | entr podman exec -ti dev-webapp bash -c "/update-source.sh; ./artisan octane:reload" & podman exec -ti dev-webapp npm run watch } # Get the host to trust the generated ca kolab__add_ca_trust() { sudo trust anchor --store ci/certs/ca.cert sudo update-ca-trust } # Generate mail in the admin inbox kolab__generate_mail() { $PODMAN run --pod=dev -t --rm kolab-utils:latest ./generatemail.py --maxAttachmentSize=3 --type=mail --count 100 --username admin@kolab.local --password simple123 --host localhost --port 11143 INBOX } # Trigger an activesync sync on the admin inbox kolab__syncroton_sync() { $PODMAN run -t --network=host --add-host=kolab.local:127.0.0.1 --rm kolab-utils:latest ./activesynccli.py --host kolab.local --user admin@kolab.local --password simple123 sync 38b950ebd62cd9a66929c89615d0fc04 } # Access logs of container kolab__logs() { POD=dev command podman logs --tail=1000 -f $POD-$1 } # Mysql shell kolab__db() { POD=${POD:-dev} $PODMAN exec -ti $POD-mariadb /bin/bash -c "mysql -h 127.0.0.1 -u kolabdev --password=simple123 --auto-rehash kolabdev" } kolab__rcdb() { POD=${POD:-dev} $PODMAN exec -ti $POD-mariadb /bin/bash -c "mysql -h 127.0.0.1 -u roundcube --password=simple123 --auto-rehash roundcube" } kolab__help() { cat </dev/null 2>&1; then "kolab__$cmdname" "${@:1}" else echo "Function $cmdname not recognized" >&2 kolab__help exit 1 fi diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile index 7a09c849..10a11f53 100644 --- a/docker/postfix/Dockerfile +++ b/docker/postfix/Dockerfile @@ -1,32 +1,33 @@ FROM apheleia/almalinux9 RUN dnf -y install \ python3 \ python3-requests \ postfix \ postfix-mysql \ cyrus-sasl \ cyrus-sasl-plain && \ dnf clean all WORKDIR /root/ COPY /rootfs / VOLUME [ "/var/spool/postfix" ] VOLUME [ "/var/lib/postfix" ] ENV SERVICES_PORT=8000 # ENV APP_SERVICES_DOMAIN # ENV APP_DOMAIN # ENV LMTP_DESTINATION ENV MYNETWORKS="172.0.0.0/8,127.0.0.0/8" ENV AMAVIS_HOST="amavis" # ENV DB_HOST # ENV DB_USERNAME # ENV DB_PASSWORD # ENV DB_DATABASE +ENV WITH_CONTENTFILTER=false CMD ["/init.sh"] EXPOSE 10025/tcp 10587/tcp 11465/tcp 11587/tcp diff --git a/docker/postfix/rootfs/etc/postfix/master.cf b/docker/postfix/rootfs/etc/postfix/master.cf index 101bb090..3792abb1 100644 --- a/docker/postfix/rootfs/etc/postfix/master.cf +++ b/docker/postfix/rootfs/etc/postfix/master.cf @@ -1,186 +1,184 @@ # Postfix master process configuration file. For details on the format # of the file, see the master(5) manual page (command: "man 5 master"). # Do not forget to execute "postfix reload" after editing this file. # ============================================================================== # service type private unpriv chroot wakeup maxproc command # (yes) (yes) (yes) (never) (100) + args # ============================================================================== postlog unix-dgram n - n - 1 postlogd # Inbound, port 25, no tls 10025 inet n - n - - smtpd -o content_filter=smtp-amavis:[AMAVIS_HOST]:13024 -o cleanup_service_name=cleanup_inbound # Internal Submission, no tls, no starttls 10587 inet n - - - - smtpd -o syslog_name=postfix/submission -o cleanup_service_name=cleanup_submission -o content_filter=smtp-amavis:[AMAVIS_HOST]:13026 -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions=$submission_data_restrictions -o smtpd_recipient_restrictions=$submission_recipient_restrictions -o smtpd_sender_restrictions=$submission_sender_restrictions -o smtpd_client_restrictions=$submission_client_restrictions -o smtpd_helo_restrictions=$submission_helo_restrictions -o smtpd_helo_required=yes -o smtpd_peername_lookup=no # External submission, starttls 0.0.0.0:11587 inet n - n - - smtpd -o cleanup_service_name=cleanup_submission -o syslog_name=postfix/submission -o content_filter=smtp-amavis:[AMAVIS_HOST]:13026 #-o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_authenticated_header=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_data_restrictions=$submission_data_restrictions -o smtpd_recipient_restrictions=$submission_recipient_restrictions -o smtpd_sender_restrictions=$submission_sender_restrictions # External submission, ssl 0.0.0.0:11465 inet n - n - - smtpd -o cleanup_service_name=cleanup_submission -o rewrite_service_name=rewrite_submission -o syslog_name=postfix/smtps -o content_filter=smtp-amavis:[AMAVIS_HOST]:13026 -o mydestination= -o local_recipient_maps= -o relay_domains= -o relay_recipient_maps= -o smtpd_tls_security_level=encrypt -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_sasl_authenticated_header=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject -o smtpd_sender_restrictions=$submission_sender_restrictions -o smtpd_recipient_restrictions=$submission_recipient_restrictions -o smtpd_data_restrictions=$submission_data_restrictions pickup fifo n - n 60 1 pickup # This avoids that we have an endless loop after our script content filter -o content_filter= cleanup unix n - n - 0 cleanup cleanup_inbound unix n - n - 0 cleanup -o header_checks=regexp:/etc/postfix/header_checks.inbound -o mime_header_checks=regexp:/etc/postfix/header_checks.inbound cleanup_submission unix n - n - 0 cleanup -o header_checks=regexp:/etc/postfix/header_checks.submission -o mime_header_checks=regexp:/etc/postfix/header_checks.submission cleanup_internal unix n - n - 0 cleanup -o header_checks=regexp:/etc/postfix/header_checks.internal -o mime_header_checks=regexp:/etc/postfix/header_checks.internal qmgr fifo n - n 300 1 qmgr tlsmgr unix - - n 1000? 1 tlsmgr rewrite unix - - n - - trivial-rewrite bounce unix - - n - 0 bounce defer unix - - n - 0 bounce trace unix - - n - 0 bounce verify unix - - n - 1 verify flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - n - - smtp relay unix - - n - - smtp showq unix n - n - - showq error unix - - n - - error retry unix - - n - - error discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - n - - lmtp anvil unix - - n - 1 anvil scache unix - - n - 1 scache # Filter email through Amavisd smtp-amavis unix - - n - 3 smtp -o smtp_data_done_timeout=1800 -o disable_dns_lookups=yes -o smtp_send_xforward_command=yes -o max_use=20 # -o smtp_bind_address=127.0.0.1 # Listener to re-inject email from Amavisd into Postfix 0.0.0.0:13025 inet n - n - 100 smtpd -o cleanup_service_name=cleanup_internal -o local_recipient_maps= -o relay_recipient_maps= - # To disable the kolab content filter, set an empty content filter here. -o content_filter=policy_mailfilter:dummy - # -o content_filter= -o smtpd_restriction_classes= -o smtpd_client_restrictions= -o smtpd_helo_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject -o mynetworks=MYNETWORKS -o smtpd_authorized_xforward_hosts=MYNETWORKS -o syslog_name=postfix/amavis # Filter email through Wallace # smtp-wallace unix - - n - 3 smtp # -o default_destination_recipient_limit=1 # -o smtp_data_done_timeout=1800 # -o disable_dns_lookups=yes # -o smtp_send_xforward_command=yes # -o max_use=20 # Listener to re-inject email from Wallace into Postfix # 127.0.0.1:10028 inet n - n - 100 smtpd # -o cleanup_service_name=cleanup_internal # -o content_filter= # -o local_recipient_maps= # -o relay_recipient_maps= # -o smtpd_restriction_classes= # -o smtpd_client_restrictions= # -o smtpd_helo_restrictions= # -o smtpd_sender_restrictions= # -o smtpd_recipient_restrictions=permit_mynetworks,reject # -o mynetworks=127.0.0.0/8 # -o smtpd_authorized_xforward_hosts=127.0.0.0/8 # Filter email through Amavisd # amavis unix - - n - 3 smtp # -o disable_dns_lookups=yes # -o max_use=20 # -o smtp_bind_address=127.0.0.1 # -o smtp_data_done_timeout=1800 # -o smtp_send_xforward_command=yes # -o smtp_tls_security_level=none # Reinjection from amavis # 127.0.0.1:10025 inet n - n - 100 smtpd # -o cleanup_service_name=cleanup_outbound # -o content_filter= # -o local_recipient_maps= # -o mydestination= # -o mynetworks=127.0.0.0/8 # -o relay_domains= # -o relay_recipient_maps= # -o smtpd_authorized_xforward_hosts=127.0.0.0/8 # -o smtpd_restriction_classes= # -o smtpd_client_restrictions= # -o smtpd_data_restrictions= # -o smtpd_helo_restrictions= # -o smtpd_sender_restrictions= # -o smtpd_recipient_restrictions=permit_mynetworks,reject # -o syslog_name=postfix/amavis # Outbound policy_ratelimit unix - n n - - spawn user=nobody argv=/usr/libexec/postfix/kolab_policy_ratelimit # Inbound policy_greylist unix - n n - - spawn user=nobody argv=/usr/libexec/postfix/kolab_policy_greylist # Inbound policy_spf unix - n n - - spawn user=nobody argv=/usr/libexec/postfix/kolab_policy_spf # Mailfilter via commandline, to be reinjected via sendmail. policy_mailfilter unix - n n - 10 pipe flags=Rq user=nobody null_sender= argv=/usr/libexec/postfix/kolab_contentfilter_cli.py -f ${sender} -- ${recipient} diff --git a/docker/postfix/rootfs/init.sh b/docker/postfix/rootfs/init.sh index ca5ca870..2989b909 100755 --- a/docker/postfix/rootfs/init.sh +++ b/docker/postfix/rootfs/init.sh @@ -1,60 +1,68 @@ #!/bin/bash set -e if [[ -f ${SSL_CERTIFICATE} ]]; then cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/tls/private/postfix.pem chown postfix:mail /etc/pki/tls/private/postfix.pem chmod 655 /etc/pki/tls/private/postfix.pem fi chown -R postfix:mail /var/lib/postfix chown -R postfix:mail /var/spool/postfix /usr/sbin/postfix set-permissions sed -i -r \ -e "s|APP_SERVICES_DOMAIN|$APP_SERVICES_DOMAIN|g" \ -e "s|SERVICES_PORT|$SERVICES_PORT|g" \ /etc/saslauthd.conf /usr/sbin/saslauthd -m /run/saslauthd -a httpform -d & # If host mounting /var/spool/postfix, we need to delete old pid file before # starting services rm -f /var/spool/postfix/pid/master.pid /usr/libexec/postfix/aliasesdb /usr/libexec/postfix/chroot-update sed -i -r \ -e "s|LMTP_DESTINATION|${LMTP_DESTINATION:?"env required"}|g" \ -e "s|APP_DOMAIN|${APP_DOMAIN:?"env required"}|g" \ -e "s|MYNETWORKS|${MYNETWORKS:?"env required"}|g" \ -e "s|AMAVIS_HOST|${AMAVIS_HOST:?"env required"}|g" \ /etc/postfix/main.cf sed -i -r \ -e "s|MYNETWORKS|${MYNETWORKS:?"env requried"}|g" \ -e "s|AMAVIS_HOST|${AMAVIS_HOST:?"env requried"}|g" \ /etc/postfix/master.cf + +if [ "$WITH_CONTENTFILTER" != "true" ]; then + echo "Disabling kolab content filter" + sed -i -r \ + -e "s|content_filter=policy_mailfilter:dummy|content_filter=|g" \ + /etc/postfix/master.cf +fi + sed -i -r \ -e "s|SERVICES_HOST|http://$APP_SERVICES_DOMAIN:$SERVICES_PORT|g" \ /usr/libexec/postfix/kolab_policy* sed -i -r \ -e "s|SERVICES_HOST|http://$APP_SERVICES_DOMAIN:$SERVICES_PORT|g" \ /usr/libexec/postfix/kolab_contentfilter* sed -i -r \ -e "s|DB_HOST|${DB_HOST:?"env required"}|g" \ -e "s|DB_USERNAME|${DB_USERNAME:?"env required"}|g" \ -e "s|DB_PASSWORD|${DB_PASSWORD:?"env required"}|g" \ -e "s|DB_DATABASE|${DB_DATABASE:?"env required"}|g" \ /etc/postfix/sql/* # echo "/$APP_DOMAIN/ lmtp:$LMTP_DESTINATION" >> /etc/postfix/transport # postmap /etc/postfix/transport /usr/sbin/postfix check exec /usr/sbin/postfix -c /etc/postfix start-fg