removed policyd

data/Dockerfiles/policyd/Dockerfile

@@ -1,19 +0,0 @@
-FROM docker.io/1and1internet/ubuntu-16-apache-php-7.1:latest
-ARG DEBIAN_FRONTEND=noninteractive
-COPY files /
-RUN \
-  groupadd cbpolicyd && \
-  useradd -g cbpolicyd cbpolicyd && \
-  apt-get update && \
-  apt-get -o Dpkg::Options::=--force-confdef -y install gettext-base postfix-cluebringer postfix-cluebringer-mysql postfix-cluebringer-webui -y && \
-  apt-get -y clean && \
-  rm -rf /var/lib/apt/lists/* /etc/cluebringer && \
-  mkdir --mode=0775 /etc/cluebringer && \
-  cp /usr/share/doc/postfix-cluebringer/database/policyd-db.mysql.gz /tmp/ && \
-  cp -r /usr/share/postfix-cluebringer-webui/webui/* /var/www/html/ && \
-  gunzip /tmp/policyd-db.mysql.gz && \
-  sed -i -e 's/TYPE=InnoDB/ENGINE=InnoDB/g' /tmp/policyd-db.mysql && \
-  chmod -R 0755 /hooks && \
-  chmod -R 0777 /var/www/html && \
-  chmod 0666 /var/log/cbpolicyd.log
-EXPOSE 10031 8080 8443

data/Dockerfiles/policyd/files/etc/supervisor/conf.d/apache-2.4.conf

@@ -1,12 +0,0 @@
-[program:apache-2.4]
-command=/bin/bash -c "source /etc/apache2/envvars && exec /usr/sbin/apache2 -DFOREGROUND"
-autostart=true
-autorestart=true
-startretries=3
-
-# Redirect output so we can see it using "docker logs"
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-

data/Dockerfiles/policyd/files/etc/supervisor/conf.d/cbpolicyd.conf

@@ -1,12 +0,0 @@
-[program:cbpolicyd]
-command=/usr/sbin/cbpolicyd --fg --config=/etc/cluebringer/cluebringer.conf
-autostart=true
-autorestart=true
-startretries=3
-
-# Redirect output so we can see it using "docker logs"
-stdout_logfile=/dev/stdout
-stdout_logfile_maxbytes=0
-stderr_logfile=/dev/stderr
-stderr_logfile_maxbytes=0
-

data/Dockerfiles/policyd/files/hooks/supervisord-pre.d/50_install_cluebringer_db

@@ -1,48 +0,0 @@
-#!/bin/bash
-set -eo pipefail
-
-# Password protect webui
-echo Creating webui user
-echo $WEBUI_PASSWORD | htpasswd -ci /var/www/html/.htpasswd webui
-
-# Checking for DB liveness before continuing with DB set up.
-count=0
-while [ $count -lt 4 ]; do
-  if [[ $(mysql -h$CLUEBRINGER_DB_HOST -uroot -p$MYSQL_ROOT_PASSWORD -e "select 1" &>/dev/null ; echo $?) -ne 0 ]]; then
-    echo "Waiting for DB to be ready."
-    sleep 15
-    let count+=1
-  else
-    echo "DB appears to be ready."
-    break
-  fi
-done
-# Die if DB doesn't come up in time.
-if [ $count -eq 4 ]; then
-  echo "!!!WARNING!!! DB didn't come up in time."
-  exit 0
-fi
-
-# Set up DB if it's empty.
-if [[ $(mysql -N -h$CLUEBRINGER_DB_HOST -uroot -p$MYSQL_ROOT_PASSWORD -e "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema = '$MYSQL_DATABASE';") == 0 ]]; then
-  echo "Setting up cluebringer DB."
-
-  # Set up DB and User
-  if [[ $(mysql -N -h$CLUEBRINGER_DB_HOST -uroot -p$MYSQL_ROOT_PASSWORD -e "create database $MYSQL_DATABASE;use $MYSQL_DATABASE;CREATE USER '$MYSQL_USER'@'%' IDENTIFIED BY '$MYSQL_PASSWORD';GRANT ALL PRIVILEGES ON $MYSQL_DATABASE.* TO '$MYSQL_USER'@'%';") -ne 0 ]]; then
-    echo "Can't create DB and Policyd DB user!"
-    exit 0
-  fi
-
-  # Add our policys from sql if they exist.
-  if [[ -e /tmpl/cluebringer/import/policy.sql ]]; then
-    echo "Importing our configuration."
-    mysql -h$CLUEBRINGER_DB_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE < /tmpl/cluebringer/import/policy.sql
-    echo "Done."
-  else
-    echo "Additional sql configuration no found importing standart configuration."
-    mysql -h$CLUEBRINGER_DB_HOST -u$MYSQL_USER -p$MYSQL_PASSWORD $MYSQL_DATABASE < /tmp/policyd-db.mysql
-  fi
-else
-  echo "Cluebringer DB not empty, exiting."
-  exit 0
-fi

data/Dockerfiles/policyd/files/hooks/supervisord-pre.d/51_configure_policyd

@@ -1,14 +0,0 @@
-#!/bin/bash
-
-set -eu
-
-export DOLLAR=$
-export MYSQL_DATABASE=${MYSQL_DATABASE}
-export MYSQL_USER=${MYSQL_USER}
-export MYSQL_PASSWORD=${MYSQL_PASSWORD}
-export CLUEBRINGER_DB_BACKEND=${CLUEBRINGER_DB_BACKEND}
-export CLUEBRINGER_DB_PORT=${CLUEBRINGER_DB_PORT}
-export CLUEBRINGER_DB_HOST=${CLUEBRINGER_DB_HOST}
-
-envsubst < /tmpl/cluebringer/cluebringer.conf > /etc/cluebringer/cluebringer.conf
-envsubst < /tmpl/cluebringer/cluebringer-webui.conf > /etc/cluebringer/cluebringer-webui.conf

data/Dockerfiles/policyd/files/tmpl/cluebringer/cluebringer-webui.conf

@@ -1,16 +0,0 @@
-<?php
-
-# mysql:host=xx;dbname=yyy
-# pgsql:host=xx;dbname=yyy
-# sqlite:////full/unix/path/to/file.db?mode=0666
-#
-#$DB_DSN="sqlite:////tmp/cluebringer.sqlite";
-#$DB_DSN="pgsql:host=xx;dbname=yyy";
-#$DB_DSN="mysql:host=xx;dbname=yyy";
-
-${DOLLAR}DB_DSN="${CLUEBRINGER_DB_BACKEND}:host=${CLUEBRINGER_DB_HOST};dbname=${MYSQL_DATABASE}";
-${DOLLAR}DB_USER="${MYSQL_USER}";
-${DOLLAR}DB_PASS="${MYSQL_PASSWORD}";
-
-
-?>

data/Dockerfiles/policyd/files/tmpl/cluebringer/cluebringer.conf

@@ -1,192 +0,0 @@
-#
-# Server configuration
-#
-[server]
-
-# Protocols to load
-protocols=<<EOT
-Postfix
-Bizanga
-EOT
-
-# Modules to load
-modules=<<EOT
-Core
-AccessControl
-CheckHelo
-CheckSPF
-Greylisting
-Quotas
-EOT
-
-# User to run this daemon as
-user=root
-#group=
-
-# Filename to store pid of parent process
-pid_file=/var/run/cluebringer/cbpolicyd.pid
-
-# Uncommenting the below option will prevent cbpolicyd going into the background
-background=no
-
-# Preforking configuration
-#
-# min_server		- Minimum servers to keep around
-# min_spare_servers	- Minimum spare servers to keep around ready to
-# 			  handle requests
-# max_spare_servers	- Maximum spare servers to have around doing nothing
-# max_servers		- Maximum servers alltogether
-# max_requests		- Maximum number of requests each child will serve
-#
-# One may want to use the following as a rough guideline...
-# Small mailserver:  2, 2, 4, 10, 1000
-# Medium mailserver: 4, 4, 12, 25, 1000
-# Large mailserver: 8, 8, 16, 64, 1000
-#
-min_servers=4
-min_spare_servers=4
-max_spare_servers=12
-max_servers=25
-max_requests=1000
-
-
-
-# Log level:
-# 0 - Errors only
-# 1 - Warnings and errors
-# 2 - Notices, warnings, errors
-# 3 - Info, notices, warnings, errors
-# 4 - Debugging
-log_level=4
-
-# File to log to instead of stdout
-log_file=/var/log/cbpolicyd.log
-
-# Log destination for mail logs...
-# main		- Default. Log to policyd's main log mechanism, accepts NO args
-# syslog	- log mail via syslog
-#			format: log_mail=facility@method,args
-#
-# Valid methods for syslog:
-# native	- Let Sys::Syslog decide
-# unix		- Unix socket
-# udp		- UDP socket
-# stream	- Stream (for Solaris)
-#
-# Example: unix native
-#log_mail=mail@syslog:native
-#
-# Example: unix socket
-#log_mail=mail@syslog:unix
-#
-# Example: udp
-#log_mail=mail@syslog:udp,127.0.0.1
-#
-# Example: Solaris
-#log_mail=local0@syslog:stream,/dev/log
-#log_mail=maillog
-log_mail=main
-#mail@syslog:native
-
-# Things to log in extreme detail
-# modules 	- Log detailed module running information
-# tracking 	- Log detailed tracking information
-# policies 	- Log policy resolution
-# protocols 	- Log general protocol info, but detailed
-# bizanga 	- Log the bizanga protocol
-#
-# There is no default for this configuration option. Options can be
-# separated by commas. ie. protocols,modules
-#
-#log_detail=
-
-# IP to listen on, * for all
-host=*
-# host=0.0.0.0
-
-# Port to run on
-port=10031
-
-# Timeout in communication with clients
-#timeout=120
-
-# cidr_allow/cidr_deny
-# Comma, whitespace or semi-colon separated. Contains a CIDR block to
-# compare the clients IP to.  If cidr_allow or cidr_deny options are
-# given, the incoming client must match a cidr_allow and not match a
-# cidr_deny or the client connection will be closed.
-#cidr_allow=0.0.0.0/0
-#cidr_deny=
-
-
-
-[database]
-#DSN=DBI:SQLite:dbname=policyd.sqlite
-#DSN=DBI:mysql:database=policyd;host=localhost
-#DSN=DBI:Pg:database=policyd;host=localhost
-#DSN=DBI:_DBC_DBTYPE_:dbname=_DBC_DBNAME_;host=_DBC_DBSERVER_
-## Debian
-# DB_Type can be one of - pgsql, mysql or sqlite3
-# DB_Host is ignored for sqlite3. For pgsql and mysql it should be left
-#         unset or as 'localhost' if you wish to use unix sockets to communicate
-#         with the database. To use TCP/IP to connect to a local database set
-#         '127.0.0.1' as the value. Otherwise use the hostname or IP address of
-#         the database server.
-# DB_Port is ignored for sqlite3. For pgsql it will default to '5432' and
-#         for mysql the default is '3306'. If you are running your database server
-#         on a non-standard port you should set it's value here.
-# DB_Name defaults to '/var/lib/cluebringer/cluebringer.db' for sqlite3, if you
-#         wish to use another file for the database set it's full path here and
-#         ensure that the cluebringer user can read and write not only the file
-#         but the directory it lives in. For pgsql and mysql this will
-#         default to 'cluebringer', otherwise you should set the name of the
-#         database here.
-
-DSN=DBI:${CLUEBRINGER_DB_BACKEND}:database=${MYSQL_DATABASE};host=${CLUEBRINGER_DB_HOST}
-DB_Type=${CLUEBRINGER_DB_BACKEND}
-DB_Host=${CLUEBRINGER_DB_HOST}
-DB_Port=${CLUEBRINGER_DB_PORT}
-DB_Name=${MYSQL_DATABASE}
-Username=${MYSQL_USER}
-Password=${MYSQL_PASSWORD}
-
-
-# What do we do when we have a database connection problem
-# tempfail	- Return temporary failure
-# pass		- Return success
-bypass_mode=tempfail
-
-# How many seconds before we retry a DB connection
-bypass_timeout=30
-
-
-
-# Access Control module
-[AccessControl]
-enable=1
-
-# Accounting module
-[Accounting]
-enable=1
-
-# Greylisting module
-[Greylisting]
-enable=1
-
-
-# CheckHelo module
-[CheckHelo]
-enable=1
-
-
-# CheckSPF module
-[CheckSPF]
-enable=1
-
-
-# Quotas module
-[Quotas]
-enable=1
-
-
-

data/Dockerfiles/policyd/files/var/www/html/.htaccess

@@ -1,4 +0,0 @@
-AuthType Basic
-AuthName "Password Protected Area"
-AuthUserFile /var/www/html/.htpasswd
-Require valid-user

data/conf/postfix/main.cf

@@ -81,7 +81,7 @@ smtpd_error_sleep_time = 10s
 smtpd_hard_error_limit = ${stress?1}${stress:5}
 smtpd_helo_required = yes
 smtpd_proxy_timeout = 600s
-smtpd_recipient_restrictions = check_policy_service inet:172.22.1.200:10031, permit_mynetworks, permit_sasl_authenticated, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination
+smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, check_recipient_access proxy:mysql:/opt/postfix/conf/sql/mysql_tls_enforce_in_policy.cf, reject_invalid_helo_hostname, reject_unknown_reverse_client_hostname, reject_unauth_destination
 smtpd_sasl_auth_enable = yes
 smtpd_sasl_authenticated_header = yes
 smtpd_sasl_path = inet:dovecot:10001

docker-compose.yml

@@ -210,33 +210,6 @@ services:
           aliases:
             - dovecot
 
-    policyd-mailcow:
-      hostname: policyd
-      container_name: policyd-mailcow
-      build: ./data/Dockerfiles/policyd
-      image: policyd-mailcow:1.00
-      ports:
-        # - "10031:10031"
-        - "9080:8080"
-        - "9443:8443"
-      user: "1000000"
-      environment:
-        - "SUPERVISORD_LOGLEVEL=${POLICYD_SUPERVISORD_LOGLEVEL:-debug}"
-        - "CLUEBRINGER_DB_HOST=mysql"
-        - "MYSQL_ROOT_PASSWORD=${DBROOT}" 
-        - "MYSQL_DATABASE=${POLICYD_MYSQL_DATABASE:-cluebringer}" 
-        - "MYSQL_USER=${POLICYD_MYSQL_USER:-cluebringer}" 
-        - "MYSQL_PASSWORD=${POLICYD_MYSQL_PASSWORD}" 
-        - "CLUEBRINGER_DB_BACKEND=${POLICYD_DB_BACKEND:-mysql}" 
-        - "CLUEBRINGER_DB_PORT=${INTERNAL_MYSQL_PORT:-3306}" 
-        - "WEBUI_PASSWORD=${POLICYD_WEBUI_PASSWORD}"
-      networks:
-          mailcow-network:
-            ipv4_address: ${IPV4_NETWORK:-172.22.1}.200
-            aliases:
-              - policyd
-
-
     postfix-mailcow:
       image: mailcow/postfix:1.29
       build: ./data/Dockerfiles/postfix

generate_config.sh

@@ -140,18 +140,6 @@ SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
 
-# ------------------------------
-# POLCIYD (Cluebringer) CONFIGURATION
-# ------------------------------
-
-POLICYD_SUPERVISORD_LOGLEVEL=debug
-POLICYD_MYSQL_DATABASE=cluebringer
-POLICYD_MYSQL_USER=cluebringer
-POLICYD_MYSQL_PASSWORD=asnRTXvDtbI8h7naFtB97wNNcoXq
-POLICYD_DB_BACKEND=mysql
-POLICYD_WEBUI_PASSWORD=HPAA297BUcgSYf3AiftHQUjS3KVd
-INTERNAL_MYSQL_PORT=3306
-
 # Your timezone
 
 TZ=${MAILCOW_TZ}