[Dovecot] Filter by compose project name, create trusted map for SOGo IP, run DNS check before starting service

data/Dockerfiles/dovecot/docker-entrypoint.sh

@@ -7,6 +7,11 @@ while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${D
   sleep 2
 done
 
+until dig +short mailcow.email @unbound > /dev/null; do
+  echo "Waiting for DNS..."
+  sleep 1
+done
+
 # Do not attempt to write to slave
 if [[ ! -z ${REDIS_SLAVEOF_IP} ]]; then
   REDIS_CMDLINE="redis-cli -h ${REDIS_SLAVEOF_IP} -p ${REDIS_SLAVEOF_PORT}"
@@ -235,6 +240,13 @@ namespace {
 }
 EOF
 
+cat <<EOF > /etc/dovecot/sogo_trusted_ip.conf
+# Autogenerated by mailcow
+remote ${IPV4_NETWORK}.248 {
+  disable_plaintext_auth = no
+}
+EOF
+
 if [[ "${ALLOW_ADMIN_EMAIL_LOGIN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
     # Create random master Password for SOGo 'login as user' via proxy auth
     RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)

data/Dockerfiles/dovecot/sa-rules.sh

@@ -31,8 +31,8 @@ sed -i -e 's/\([^\\]\)\$\([^\/]\)/\1\\$\2/g' /etc/rspamd/custom/sa-rules
 if [[ "$(cat /etc/rspamd/custom/sa-rules | md5sum | cut -d' ' -f1)" != "${HASH_SA_RULES}" ]]; then
   CONTAINER_NAME=rspamd-mailcow
   CONTAINER_ID=$(curl --silent --insecure https://dockerapi/containers/json | \
-    jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], id: .Id}" | \
-    jq -rc "select( .name | tostring | contains(\"${CONTAINER_NAME}\")) | .id")
+    jq -r ".[] | {name: .Config.Labels[\"com.docker.compose.service\"], project: .Config.Labels[\"com.docker.compose.project\"], id: .Id}" | \
+    jq -rc "select( .name | tostring | contains(\"${CONTAINER_NAME}\")) | select( .project | tostring | contains(\"${COMPOSE_PROJECT_NAME}\")) | .id")
   if [[ ! -z ${CONTAINER_ID} ]]; then
     curl --silent --insecure -XPOST --connect-timeout 15 --max-time 120 https://dockerapi/containers/${CONTAINER_ID}/restart
   fi