Upgrade mail server & roundcube

pull/1/head
Davide Polonio 2020-11-29 12:14:23 +00:00
parent 99bc8bef80
commit d93c9d40ed
2 changed files with 297 additions and 266 deletions

View File

@ -1,7 +1,7 @@
version: '3.7' version: '3.7'
services: services:
mail: mail:
image: tvial/docker-mailserver:release-v7.0.1 image: tvial/docker-mailserver:release-v7.2.0
hostname: ${HOSTNAME} hostname: ${HOSTNAME}
domainname: ${DOMAINNAME} domainname: ${DOMAINNAME}
container_name: ${CONTAINER_NAME} container_name: ${CONTAINER_NAME}
@ -38,7 +38,7 @@ services:
- internal - internal
roundcube: roundcube:
image: roundcube/roundcubemail:1.4.8-apache image: roundcube/roundcubemail:1.4.9-apache
restart: always restart: always
depends_on: depends_on:
- mail - mail

View File

@ -1,77 +1,109 @@
#!/bin/sh #! /bin/bash
## # Wrapper for various setup scripts
# Wrapper for various setup scripts included in the docker-mailserver # included in docker-mailserver
#
CRI= SCRIPT='SETUP'
_check_root() { set -euEo pipefail
if [[ $EUID -ne 0 ]]; then trap '__log_err ${FUNCNAME[0]:-"?"} ${_:-"?"} ${LINENO:-"?"} ${?:-"?"}' ERR
echo "Curently docker-mailserver doesn't support podman's rootless mode, please run this script as root user." trap '_unset_vars || :' EXIT
exit 1
function __log_err
{
local FUNC_NAME LINE EXIT_CODE
FUNC_NAME="${1} / ${2}"
LINE="${3}"
EXIT_CODE="${4}"
printf "\n \e[1m\e[31mUNCHECKED ERROR\e[0m\n%s\n%s\n%s\n%s\n\n" \
" script = ${SCRIPT,,}.sh" \
" function = ${FUNC_NAME}" \
" line = ${LINE}" \
" exit code = ${EXIT_CODE}"
}
function _unset_vars
{
unset CDIR CRI INFO IMAGE_NAME CONTAINER_NAME DEFAULT_CONFIG_PATH
unset USE_CONTAINER WISHED_CONFIG_PATH CONFIG_PATH VOLUME USE_TTY
unset SCRIPT USING_SELINUX
}
function _get_current_directory
{
if dirname "$(readlink -f "${0}")" &>/dev/null
then
CDIR="$(cd "$(dirname "$(readlink -f "${0}")")" && pwd)"
elif realpath -e -L "${0}" &>/dev/null
then
CDIR="$(realpath -e -L "${0}")"
CDIR="${CDIR%/setup.sh}"
fi fi
} }
if [ -z "$CRI" ]; then CDIR="$(pwd)"
if [ ! -z "$(command -v docker)" ]; then _get_current_directory
CRI=docker
elif [ ! -z "$(command -v podman)" ]; then
CRI=podman
_check_root
else
echo "No Support Container Runtime Interface Detected."
exit 1
fi
fi
INFO=$($CRI ps \ CRI=
--no-trunc \ INFO=
--format "{{.Image}};{{.Names}}" \ IMAGE_NAME=
--filter label=org.label-schema.name="docker-mailserver" | \ CONTAINER_NAME='mail'
tail -1) DEFAULT_CONFIG_PATH="${CDIR}/config"
IMAGE_NAME=${INFO%;*}
CONTAINER_NAME=${INFO#*;}
DEFAULT_CONFIG_PATH="$(pwd)/config"
USE_CONTAINER=false USE_CONTAINER=false
WISHED_CONFIG_PATH=
CONFIG_PATH=
VOLUME=
USE_TTY=
USING_SELINUX=
_update_config_path() { function _check_root
if [ ! -z "$CONTAINER_NAME" ]; then {
VOLUME=$(docker inspect $CONTAINER_NAME \ if [[ ${EUID} -ne 0 ]]
then
echo "Curently docker-mailserver doesn't support podman's rootless mode, please run this script as root user."
return 1
fi
}
function _update_config_path
{
if [[ -n ${CONTAINER_NAME} ]]
then
VOLUME=$(${CRI} inspect "${CONTAINER_NAME}" \
--format="{{range .Mounts}}{{ println .Source .Destination}}{{end}}" | \ --format="{{range .Mounts}}{{ println .Source .Destination}}{{end}}" | \
grep "/tmp/docker-mailserver$" 2>/dev/null) grep "/tmp/docker-mailserver$" 2>/dev/null)
fi fi
if [ ! -z "$VOLUME" ]; then if [[ -n ${VOLUME} ]]
CONFIG_PATH=$(echo $VOLUME | awk '{print $1}') then
CONFIG_PATH=$(echo "${VOLUME}" | awk '{print $1}')
fi fi
} }
if [ -z "$IMAGE_NAME" ]; then function _inspect
if [ "$CRI" = "docker" ]; then {
IMAGE_NAME=tvial/docker-mailserver:latest if _docker_image_exists "${IMAGE_NAME}"
elif [ "$CRI" = "podman" ]; then then
IMAGE_NAME=docker.io/tvial/docker-mailserver:latest echo "Image: ${IMAGE_NAME}"
fi
fi
_inspect() {
if _docker_image_exists "$IMAGE_NAME"; then
echo "Image: $IMAGE_NAME"
else else
echo "Image: '$IMAGE_NAME' cant be found." echo "Image: '${IMAGE_NAME}' cant be found."
fi fi
if [ -n "$CONTAINER_NAME" ]; then
echo "Container: $CONTAINER_NAME" if [[ -n ${CONTAINER_NAME} ]]
echo "Config mount: $CONFIG_PATH" then
echo "Container: ${CONTAINER_NAME}"
echo "Config mount: ${CONFIG_PATH}"
else else
echo "Container: Not running, please start docker-mailserver." echo "Container: Not running, please start docker-mailserver."
fi fi
} }
_usage() { function _usage
echo "Usage: $0 [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args] {
echo "${SCRIPT,,}.sh Bootstrapping Script
Usage: ${0} [-i IMAGE_NAME] [-c CONTAINER_NAME] <subcommand> <subcommand> [args]
OPTIONS: OPTIONS:
@ -81,266 +113,265 @@ OPTIONS:
-c CONTAINER_NAME The name of the running container. -c CONTAINER_NAME The name of the running container.
-p PATH config folder path (default: $(pwd)/config) -p PATH Config folder path (default: ${CDIR}/config)
-h Show this help dialogue
-z Allow container access to the bind mount content
that is shared among multiple containers
on a SELinux-enabled host.
-Z Allow container access to the bind mount content
that is private and unshared with other containers
on a SELinux-enabled host.
SUBCOMMANDS: SUBCOMMANDS:
email: email:
$0 email add <email> [<password>] ${0} email add <email> [<password>]
$0 email update <email> [<password>] ${0} email update <email> [<password>]
$0 email del <email> ${0} email del <email>
$0 email restrict <add|del|list> <send|receive> [<email>] ${0} email restrict <add|del|list> <send|receive> [<email>]
$0 email list ${0} email list
alias: alias:
$0 alias add <email> <recipient> ${0} alias add <email> <recipient>
$0 alias del <email> <recipient> ${0} alias del <email> <recipient>
$0 alias list ${0} alias list
quota: quota:
$0 quota set <email> [<quota>] ${0} quota set <email> [<quota>]
$0 quota del <email> ${0} quota del <email>
config: config:
$0 config dkim <keysize> (default: 2048) ${0} config dkim <keysize> (default: 2048)
$0 config ssl <fqdn> ${0} config ssl <fqdn>
relay: relay:
$0 relay add-domain <domain> <host> [<port>] ${0} relay add-domain <domain> <host> [<port>]
$0 relay add-auth <domain> <username> [<password>] ${0} relay add-auth <domain> <username> [<password>]
$0 relay exclude-domain <domain> ${0} relay exclude-domain <domain>
debug: debug:
$0 debug fetchmail ${0} debug fetchmail
$0 debug fail2ban [<unban> <ip-address>] ${0} debug fail2ban [<unban> <ip-address>]
$0 debug show-mail-logs ${0} debug show-mail-logs
$0 debug inspect ${0} debug inspect
$0 debug login <commands> ${0} debug login <commands>
help: Show this help dialogue
" "
exit 1
} }
_docker_image_exists() { function _docker_image_exists
if ${CRI} history -q "$1" >/dev/null 2>&1; then {
if ${CRI} history -q "${1}" >/dev/null 2>&1
then
return 0 return 0
else else
return 1 return 1
fi fi
} }
if tty -s ; then function _docker_image
USE_TTY="-ti" {
fi if ${USE_CONTAINER}
then
_docker_image() { # reuse existing container specified on command line
if [ "$USE_CONTAINER" = true ]; then ${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" "${@}"
# Reuse existing container specified on command line
${CRI} exec ${USE_TTY} "$CONTAINER_NAME" "$@"
else else
# Start temporary container with specified image # start temporary container with specified image
if ! _docker_image_exists "$IMAGE_NAME"; then if ! _docker_image_exists "${IMAGE_NAME}"
echo "Image '$IMAGE_NAME' not found. Pulling ..." then
${CRI} pull "$IMAGE_NAME" echo "Image '${IMAGE_NAME}' not found. Pulling ..."
${CRI} pull "${IMAGE_NAME}"
fi fi
${CRI} run \ ${CRI} run --rm \
--rm \ -v "${CONFIG_PATH}":/tmp/docker-mailserver"${USING_SELINUX}" \
-v "$CONFIG_PATH":/tmp/docker-mailserver \ "${USE_TTY}" "${IMAGE_NAME}" "${@}"
${USE_TTY} "$IMAGE_NAME" $@
fi fi
} }
_docker_container() { function _docker_container
if [ -n "$CONTAINER_NAME" ]; then {
${CRI} exec ${USE_TTY} "$CONTAINER_NAME" "$@" if [[ -n ${CONTAINER_NAME} ]]
then
${CRI} exec "${USE_TTY}" "${CONTAINER_NAME}" "${@}"
else else
echo "The docker-mailserver is not running!" echo "The docker-mailserver is not running!"
exit 1 exit 5
fi fi
} }
while getopts ":c:i:p:" OPT; do function _main
case $OPT in {
c) if [[ -n $(command -v docker) ]]
CONTAINER_NAME="$OPTARG" then
USE_CONTAINER=true # Container specified, connect to running instance CRI=docker
elif [[ -n $(command -v podman) ]]
then
CRI=podman
_check_root
else
echo "No supported Container Runtime Interface detected."
exit 10
fi
INFO=$(${CRI} ps \
--no-trunc \
--format "{{.Image}};{{.Names}}" \
--filter label=org.label-schema.name="docker-mailserver" | \
tail -1)
IMAGE_NAME=${INFO%;*}
CONTAINER_NAME=${INFO#*;}
if [[ -z ${IMAGE_NAME} ]]
then
if [[ ${CRI} == "docker" ]]
then
IMAGE_NAME=tvial/docker-mailserver:latest
elif [[ ${CRI} == "podman" ]]
then
IMAGE_NAME=docker.io/tvial/docker-mailserver:latest
fi
fi
if tty -s
then
USE_TTY="-ti"
fi
local OPTIND
while getopts ":c:i:p:hzZ" OPT
do
case ${OPT} in
i ) IMAGE_NAME="${OPTARG}" ;;
z ) USING_SELINUX=":z" ;;
Z ) USING_SELINUX=":Z" ;;
c )
# container specified, connect to running instance
CONTAINER_NAME="${OPTARG}"
USE_CONTAINER=true
;; ;;
i)
IMAGE_NAME="$OPTARG" h )
;; _usage
p) return
case "$OPTARG" in
/*)
WISHED_CONFIG_PATH="$OPTARG"
;;
*)
WISHED_CONFIG_PATH="$(pwd)/$OPTARG"
;; ;;
p )
case "${OPTARG}" in
/* ) WISHED_CONFIG_PATH="${OPTARG}" ;;
* ) WISHED_CONFIG_PATH="${CDIR}/${OPTARG}" ;;
esac esac
if [ ! -d "$WISHED_CONFIG_PATH" ]; then
if [[ ! -d ${WISHED_CONFIG_PATH} ]]
then
echo "Directory doesn't exist" echo "Directory doesn't exist"
_usage _usage
exit 1 exit 40
fi fi
;; ;;
\?)
echo "Invalid option: -$OPTARG" >&2
;;
esac
done
if [ ! -n "$WISHED_CONFIG_PATH" ]; then * )
echo "Invalid option: -${OPTARG}" >&2
;;
esac
done
shift $(( OPTIND - 1 ))
if [[ -z ${WISHED_CONFIG_PATH} ]]
then
# no wished config path # no wished config path
_update_config_path _update_config_path
if [ ! -n "$CONFIG_PATH" ]; then if [[ -z ${CONFIG_PATH} ]]
CONFIG_PATH=$DEFAULT_CONFIG_PATH then
CONFIG_PATH=${DEFAULT_CONFIG_PATH}
fi
else
CONFIG_PATH=${WISHED_CONFIG_PATH}
fi fi
else
CONFIG_PATH=$WISHED_CONFIG_PATH
fi
shift $((OPTIND-1))
case $1 in case ${1:-} in
email) email)
shift shift ; case ${1:-} in
case $1 in add ) shift ; _docker_image addmailuser "${@}" ;;
add) update ) shift ; _docker_image updatemailuser "${@}" ;;
shift del ) shift ; _docker_image delmailuser "${@}" ;;
_docker_image addmailuser $@ restrict ) shift ; _docker_container restrict-access "${@}" ;;
;; list ) _docker_image listmailuser ;;
update) * ) _usage ;;
shift
_docker_image updatemailuser $@
;;
del)
shift
_docker_image delmailuser $@
;;
restrict)
shift
_docker_container restrict-access $@
;;
list)
_docker_image listmailuser
;;
*)
_usage
;;
esac esac
;; ;;
alias) alias)
shift shift ; case ${1:-} in
case $1 in add ) shift ; _docker_image addalias "${1}" "${2}" ;;
add) del ) shift ; _docker_image delalias "${1}" "${2}" ;;
shift list ) shift ; _docker_image listalias ;;
_docker_image addalias $@ * ) _usage ;;
;;
del)
shift
_docker_image delalias $@
;;
list)
shift
_docker_image listalias $@
;;
*)
_usage
;;
esac esac
;; ;;
quota) quota)
shift shift ; case ${1:-} in
case $1 in set ) shift ; _docker_image setquota "${@}" ;;
set) del ) shift ; _docker_image delquota "${@}" ;;
shift * ) _usage ;;
_docker_image setquota $@
;;
del)
shift
_docker_image delquota $@
;;
*)
_usage
;;
esac esac
;; ;;
config) config)
shift shift ; case ${1:-} in
case $1 in dkim ) _docker_image generate-dkim-config "${2:-2048}" ;;
dkim) ssl ) _docker_image generate-ssl-certificate "${2}" ;;
_docker_image generate-dkim-config $2 * ) _usage ;;
;;
ssl)
_docker_image generate-ssl-certificate "$2"
;;
*)
_usage
;;
esac esac
;; ;;
relay) relay)
shift shift ; case ${1:-} in
case $1 in add-domain ) shift ; _docker_image addrelayhost "${@}" ;;
add-domain) add-auth ) shift ; _docker_image addsaslpassword "${@}" ;;
shift exclude-domain ) shift ; _docker_image excluderelaydomain "${@}" ;;
_docker_image addrelayhost $@ * ) _usage ;;
;;
add-auth)
shift
_docker_image addsaslpassword $@
;;
exclude-domain)
shift
_docker_image excluderelaydomain $@
;;
*)
_usage
;;
esac esac
;; ;;
debug) debug)
shift ; case ${1:-} in
fetchmail ) _docker_image debug-fetchmail ;;
fail2ban ) shift ; _docker_container fail2ban "${@}" ;;
show-mail-logs ) _docker_container cat /var/log/mail/mail.log ;;
inspect ) _inspect ;;
login )
shift shift
case $1 in if [[ -z ${1:-''} ]]
fetchmail) then
_docker_image debug-fetchmail
;;
fail2ban)
shift
_docker_container fail2ban $@
;;
show-mail-logs)
_docker_container cat /var/log/mail/mail.log
;;
inspect)
_inspect
;;
login)
shift
if [ -z "$1" ]; then
_docker_container /bin/bash _docker_container /bin/bash
else else
_docker_container /bin/bash -c "$@" _docker_container /bin/bash -c "${@}"
fi fi
;; ;;
*) * ) _usage ; exit 1 ;;
_usage
;;
esac esac
;; ;;
*) help ) _usage ;;
_usage * ) _usage ; exit 1 ;;
;; esac
esac }
_main "${@}"