Accueil Explorer Aide
Connexion
mirrors
/
mailcow-dockerized
miroir de https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Fichiers Tickets 0 Wiki
Aborescence: de03e4178a
Branches Tags
mailcow-dockeri...
/
data
/
Dockerfiles
/
dovecot
/
docker-entrypoint.sh

docker-entrypoint.sh 10 KB
Historique Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243 
  1. #!/bin/bash
    2. 

  2. set -e
    3. 

  3. 

  4. # Wait for MySQL to warm-up
    5. 

  5. while ! mysqladmin status --socket=/var/run/mysqld/mysqld.sock -u${DBUSER} -p${DBPASS} --silent; do
    6. 

  6.   echo "Waiting for database to come up..."
    7. 

  7.   sleep 2
    8. 

  8. done
    9. 

  9. 

  10. # Hard-code env vars to scripts due to cron not passing them to the scripts
    11. 

  11. sed -i "s/__DBUSER__/${DBUSER}/g" /usr/local/bin/imapsync_cron.pl
    12. 

  12. sed -i "s/__DBPASS__/${DBPASS}/g" /usr/local/bin/imapsync_cron.pl
    13. 

  13. sed -i "s/__DBNAME__/${DBNAME}/g" /usr/local/bin/imapsync_cron.pl
    14. 

  14. 

  15. sed -i "s/__DBUSER__/${DBUSER}/g" /usr/local/bin/quarantine_notify.py
    16. 

  16. sed -i "s/__DBPASS__/${DBPASS}/g" /usr/local/bin/quarantine_notify.py
    17. 

  17. sed -i "s/__DBNAME__/${DBNAME}/g" /usr/local/bin/quarantine_notify.py
    18. 

  18. 

  19. sed -i "s/__DBUSER__/${DBUSER}/g" /usr/local/bin/clean_q_aged.sh
    20. 

  20. sed -i "s/__DBPASS__/${DBPASS}/g" /usr/local/bin/clean_q_aged.sh
    21. 

  21. sed -i "s/__DBNAME__/${DBNAME}/g" /usr/local/bin/clean_q_aged.sh
    22. 

  22. 

  23. sed -i "s/__LOG_LINES__/${LOG_LINES}/g" /usr/local/bin/trim_logs.sh
    24. 

  24. 

  25. # Create missing directories
    26. 

  26. [[ ! -d /usr/local/etc/dovecot/sql/ ]] && mkdir -p /usr/local/etc/dovecot/sql/
    27. 

  27. [[ ! -d /var/vmail/_garbage ]] && mkdir -p /var/vmail/_garbage
    28. 

  28. [[ ! -d /var/vmail/sieve ]] && mkdir -p /var/vmail/sieve
    29. 

  29. [[ ! -d /etc/sogo ]] && mkdir -p /etc/sogo
    30. 

  30. [[ ! -d /var/volatile ]] && mkdir -p /var/volatile
    31. 

  31. 

  32. # Set Dovecot sql config parameters, escape " in db password
    33. 

  33. DBPASS=$(echo ${DBPASS} | sed 's/"/\\"/g')
    34. 

  34. 

  35. # Create quota dict for Dovecot
    36. 

  36. cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-quota.conf
    37. 

  37. connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
    38. 

  38. map {
    39. 

  39.   pattern = priv/quota/storage
    40. 

  40.   table = quota2
    41. 

  41.   username_field = username
    42. 

  42.   value_field = bytes
    43. 

  43. }
    44. 

  44. map {
    45. 

  45.   pattern = priv/quota/messages
    46. 

  46.   table = quota2
    47. 

  47.   username_field = username
    48. 

  48.   value_field = messages
    49. 

  49. }
    50. 

  50. EOF
    51. 

  51. 

  52. # Create dict used for sieve pre and postfilters
    53. 

  53. cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_before.conf
    54. 

  54. connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
    55. 

  55. map {
    56. 

  56.   pattern = priv/sieve/name/\$script_name
    57. 

  57.   table = sieve_before
    58. 

  58.   username_field = username
    59. 

  59.   value_field = id
    60. 

  60.   fields {
    61. 

  61.     script_name = \$script_name
    62. 

  62.   }
    63. 

  63. }
    64. 

  64. map {
    65. 

  65.   pattern = priv/sieve/data/\$id
    66. 

  66.   table = sieve_before
    67. 

  67.   username_field = username
    68. 

  68.   value_field = script_data
    69. 

  69.   fields {
    70. 

  70.     id = \$id
    71. 

  71.   }
    72. 

  72. }
    73. 

  73. EOF
    74. 

  74. 

  75. cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve_after.conf
    76. 

  76. connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
    77. 

  77. map {
    78. 

  78.   pattern = priv/sieve/name/\$script_name
    79. 

  79.   table = sieve_after
    80. 

  80.   username_field = username
    81. 

  81.   value_field = id
    82. 

  82.   fields {
    83. 

  83.     script_name = \$script_name
    84. 

  84.   }
    85. 

  85. }
    86. 

  86. map {
    87. 

  87.   pattern = priv/sieve/data/\$id
    88. 

  88.   table = sieve_after
    89. 

  89.   username_field = username
    90. 

  90.   value_field = script_data
    91. 

  91.   fields {
    92. 

  92.     id = \$id
    93. 

  93.   }
    94. 

  94. }
    95. 

  95. EOF
    96. 

  96. 

  97. echo -n ${ACL_ANYONE} > /usr/local/etc/dovecot/acl_anyone
    98. 

  98. 

  99. if [[ "${SKIP_SOLR}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
    100. 

  100. echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify' > /usr/local/etc/dovecot/mail_plugins
    101. 

  101. echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log' > /usr/local/etc/dovecot/mail_plugins_imap
    102. 

  102. echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl' > /usr/local/etc/dovecot/mail_plugins_lmtp
    103. 

  103. else
    104. 

  104. echo -n 'quota acl zlib listescape mail_crypt mail_crypt_acl mail_log notify fts fts_solr' > /usr/local/etc/dovecot/mail_plugins
    105. 

  105. echo -n 'quota imap_quota imap_acl acl zlib imap_zlib imap_sieve listescape mail_crypt mail_crypt_acl notify mail_log fts fts_solr' > /usr/local/etc/dovecot/mail_plugins_imap
    106. 

  106. echo -n 'quota sieve acl zlib listescape mail_crypt mail_crypt_acl fts fts_solr' > /usr/local/etc/dovecot/mail_plugins_lmtp
    107. 

  107. fi
    108. 

  108. chmod 644 /usr/local/etc/dovecot/mail_plugins /usr/local/etc/dovecot/mail_plugins_imap /usr/local/etc/dovecot/mail_plugins_lmtp /templates/quarantine.tpl
    109. 

  109. 

  110. cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-userdb.conf
    111. 

  111. driver = mysql
    112. 

  112. connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
    113. 

  113. user_query = SELECT CONCAT(JSON_UNQUOTE(JSON_EXTRACT(attributes, '$.mailbox_format')), mailbox_path_prefix, '%d/%n/${MAILDIR_SUB}:VOLATILEDIR=/var/volatile/%u') AS mail, 5000 AS uid, 5000 AS gid, concat('*:bytes=', quota) AS quota_rule FROM mailbox WHERE username = '%u' AND active = '1'
    114. 

  114. iterate_query = SELECT username FROM mailbox WHERE active='1';
    115. 

  115. EOF
    116. 

  116. 

  117. # Create pass dict for Dovecot
    118. 

  118. cat <<EOF > /usr/local/etc/dovecot/sql/dovecot-dict-sql-passdb.conf
    119. 

  119. driver = mysql
    120. 

  120. connect = "host=/var/run/mysqld/mysqld.sock dbname=${DBNAME} user=${DBUSER} password=${DBPASS}"
    121. 

  121. default_pass_scheme = SSHA256
    122. 

  122. password_query = SELECT password FROM mailbox WHERE active = '1' AND username = '%u' AND domain IN (SELECT domain FROM domain WHERE domain='%d' AND active='1') AND JSON_EXTRACT(attributes, '$.force_pw_update') NOT LIKE '%%1%%'
    123. 

  123. EOF
    124. 

  124. 

  125. # Migrate old sieve_after file
    126. 

  126. [[ -f /usr/local/etc/dovecot/sieve_after ]] && mv /usr/local/etc/dovecot/sieve_after /usr/local/etc/dovecot/global_sieve_after
    127. 

  127. # Create global sieve scripts
    128. 

  128. cat /usr/local/etc/dovecot/global_sieve_after > /var/vmail/sieve/global_sieve_after.sieve
    129. 

  129. cat /usr/local/etc/dovecot/global_sieve_before > /var/vmail/sieve/global_sieve_before.sieve
    130. 

  130. 

  131. # Check permissions of vmail/attachments directory.
    132. 

  132. # Do not do this every start-up, it may take a very long time. So we use a stat check here.
    133. 

  133. if [[ $(stat -c %U /var/vmail/) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail ; fi
    134. 

  134. if [[ $(stat -c %U /var/vmail/_garbage) != "vmail" ]] ; then chown -R vmail:vmail /var/vmail/_garbage ; fi
    135. 

  135. if [[ $(stat -c %U /var/attachments) != "vmail" ]] ; then chown -R vmail:vmail /var/attachments ; fi
    136. 

  136. 

  137. # Cleanup random user maildirs
    138. 

  138. rm -rf /var/vmail/mailcow.local/*
    139. 

  139. 

  140. 

  141. # Create random master for SOGo sieve features
    142. 

  142. RAND_USER=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 16 | head -n 1)
    143. 

  143. RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 24 | head -n 1)
    144. 

  144. 

  145. echo ${RAND_USER}@mailcow.local:{SHA1}$(echo -n ${RAND_PASS} | sha1sum | awk '{print $1}') > /usr/local/etc/dovecot/dovecot-master.passwd
    146. 

  146. echo ${RAND_USER}@mailcow.local::5000:5000:::: > /usr/local/etc/dovecot/dovecot-master.userdb
    147. 

  147. echo ${RAND_USER}@mailcow.local:${RAND_PASS} > /etc/sogo/sieve.creds
    148. 

  148. 

  149. if [[ -z ${MAILDIR_SUB} ]]; then
    150. 

  150.   MAILDIR_SUB_SHARED=
    151. 

  151. else
    152. 

  152.   MAILDIR_SUB_SHARED=/${MAILDIR_SUB}
    153. 

  153. fi
    154. 

  154. cat <<EOF > /usr/local/etc/dovecot/shared_namespace.conf
    155. 

  155. # Auto-generated file
    156. 

  156. namespace {
    157. 

  157.     type = shared
    158. 

  158.     separator = /
    159. 

  159.     prefix = Shared/%%u/
    160. 

  160.     location = maildir:%%h${MAILDIR_SUB_SHARED}:INDEX=~${MAILDIR_SUB_SHARED}/Shared/%%u;CONTROL=~${MAILDIR_SUB_SHARED}/Shared/%%u
    161. 

  161.     subscriptions = no
    162. 

  162.     list = children
    163. 

  163. }
    164. 

  164. EOF
    165. 

  165. 

  166. if [[ "${ALLOW_ADMIN_EMAIL_LOGIN}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
    167. 

  167.     # Create random master Password for SOGo 'login as user' via proxy auth
    168. 

  168.     RAND_PASS=$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 32 | head -n 1)
    169. 

  169.     echo -n ${RAND_PASS} > /etc/phpfpm/sogo-sso.pass
    170. 

  170.     cat <<EOF > /usr/local/etc/dovecot/sogo-sso.conf
    171. 

  171. passdb {
    172. 

  172.   driver = static
    173. 

  173.   args = allow_real_nets=${IPV4_NETWORK}.248/32 password={plain}${RAND_PASS}
    174. 

  174. }
    175. 

  175. EOF
    176. 

  176. else
    177. 

  177.     rm -f /usr/local/etc/dovecot/sogo-sso.pass
    178. 

  178.     rm -f /usr/local/etc/dovecot/sogo-sso.conf
    179. 

  179. fi
    180. 

  180. 

  181. # 401 is user dovecot
    182. 

  182. if [[ ! -s /mail_crypt/ecprivkey.pem || ! -s /mail_crypt/ecpubkey.pem ]]; then
    183. 

  183. 	openssl ecparam -name prime256v1 -genkey | openssl pkey -out /mail_crypt/ecprivkey.pem
    184. 

  184. 	openssl pkey -in /mail_crypt/ecprivkey.pem -pubout -out /mail_crypt/ecpubkey.pem
    185. 

  185. 	chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
    186. 

  186. else
    187. 

  187. 	chown 401 /mail_crypt/ecprivkey.pem /mail_crypt/ecpubkey.pem
    188. 

  188. fi
    189. 

  189. 

  190. # Compile sieve scripts
    191. 

  191. sievec /var/vmail/sieve/global_sieve_before.sieve
    192. 

  192. sievec /var/vmail/sieve/global_sieve_after.sieve
    193. 

  193. sievec /usr/local/lib/dovecot/sieve/report-spam.sieve
    194. 

  194. sievec /usr/local/lib/dovecot/sieve/report-ham.sieve
    195. 

  195. 

  196. # Fix permissions
    197. 

  197. chown root:root /usr/local/etc/dovecot/sql/*.conf
    198. 

  198. chown root:dovecot /usr/local/etc/dovecot/sql/dovecot-dict-sql-sieve* /usr/local/etc/dovecot/sql/dovecot-dict-sql-quota*
    199. 

  199. chmod 640 /usr/local/etc/dovecot/sql/*.conf
    200. 

  200. chown -R vmail:vmail /var/vmail/sieve
    201. 

  201. chown -R vmail:vmail /var/volatile
    202. 

  202. adduser vmail tty
    203. 

  203. chmod g+rw /dev/console
    204. 

  204. chown root:tty /dev/console
    205. 

  205. chmod +x /usr/local/lib/dovecot/sieve/rspamd-pipe-ham \
    206. 

  206.   /usr/local/lib/dovecot/sieve/rspamd-pipe-spam \
    207. 

  207.   /usr/local/bin/imapsync_cron.pl \
    208. 

  208.   /usr/local/bin/postlogin.sh \
    209. 

  209.   /usr/local/bin/imapsync \
    210. 

  210.   /usr/local/bin/trim_logs.sh \
    211. 

  211.   /usr/local/bin/sa-rules.sh \
    212. 

  212.   /usr/local/bin/clean_q_aged.sh \
    213. 

  213.   /usr/local/bin/maildir_gc.sh \
    214. 

  214.   /usr/local/sbin/stop-supervisor.sh \
    215. 

  215.   /usr/local/bin/quota_notify.py
    216. 

  216. 

  217. # Setup cronjobs
    218. 

  218. echo '* * * * *    root  /usr/local/bin/imapsync_cron.pl 2>&1 | /usr/bin/logger' > /etc/cron.d/imapsync
    219. 

  219. #echo '30 3 * * *   vmail /usr/local/bin/doveadm quota recalc -A' > /etc/cron.d/dovecot-sync
    220. 

  220. echo '* * * * *    vmail /usr/local/bin/trim_logs.sh >> /dev/console 2>&1' > /etc/cron.d/trim_logs
    221. 

  221. echo '25 * * * *   vmail /usr/local/bin/maildir_gc.sh >> /dev/console 2>&1' > /etc/cron.d/maildir_gc
    222. 

  222. echo '30 1 * * *   root  /usr/local/bin/sa-rules.sh  >> /dev/console 2>&1' > /etc/cron.d/sa-rules
    223. 

  223. echo '0 2 * * *    root  /usr/bin/curl http://solr:8983/solr/dovecot-fts/update?optimize=true >> /dev/console 2>&1' > /etc/cron.d/solr-optimize
    224. 

  224. echo '*/20 * * * * vmail /usr/local/bin/quarantine_notify.py >> /dev/console 2>&1' > /etc/cron.d/quarantine_notify
    225. 

  225. echo '15 4 * * * vmail /usr/local/bin/clean_q_aged.sh >> /dev/console 2>&1' > /etc/cron.d/clean_q_aged
    226. 

  226. # Fix more than 1 hardlink issue
    227. 

  227. touch /etc/crontab /etc/cron.*/*
    228. 

  228. 

  229. # Clean old PID if any
    230. 

  230. [[ -f /usr/local/var/run/dovecot/master.pid ]] && rm /usr/local/var/run/dovecot/master.pid
    231. 

  231. 

  232. # Clean stopped imapsync jobs
    233. 

  233. rm -f /tmp/imapsync_busy.lock
    234. 

  234. IMAPSYNC_TABLE=$(mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "SHOW TABLES LIKE 'imapsync'" -Bs)
    235. 

  235. [[ ! -z ${IMAPSYNC_TABLE} ]] && mysql --socket=/var/run/mysqld/mysqld.sock -u ${DBUSER} -p${DBPASS} ${DBNAME} -e "UPDATE imapsync SET is_running='0'"
    236. 

  236. 

  237. # Envsubst maildir_gc
    238. 

  238. echo "$(envsubst < /usr/local/bin/maildir_gc.sh)" > /usr/local/bin/maildir_gc.sh
    239. 

  239. 

  240. # Collect SA rules once now
    241. 

  241. /usr/local/bin/sa-rules.sh
    242. 

  242. 

  243. exec "$@"
    244.