Switch to python and Jinja2 for the dovecot container

master
kaiyou 7 years ago
parent a11eb4ba35
commit 13b9a9207d

@ -3,12 +3,10 @@ FROM alpine:edge
RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \ RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
&& apk add --no-cache \ && apk add --no-cache \
dovecot dovecot-sqlite dovecot-pigeonhole-plugin dovecot-pigeonhole-plugin-extdata \ dovecot dovecot-sqlite dovecot-pigeonhole-plugin dovecot-pigeonhole-plugin-extdata \
rspamd-client@testing \ rspamd-client@testing python py-jinja2
bash
COPY conf /etc/dovecot COPY conf /conf
COPY sieve /var/lib/dovecot COPY sieve /var/lib/dovecot
COPY start.py /start.py
COPY start.sh /start.sh CMD /start.py
CMD ["/start.sh"]

@ -3,7 +3,7 @@ connect = /data/main.db
# Return the user hashed password # Return the user hashed password
password_query = \ password_query = \
SELECT password \ SELECT NULL as password, 'Y' as nopassword, '{{ FRONT_ADDRESS }}' as allow_nets \
FROM user \ FROM user \
WHERE user.email = '%u' WHERE user.email = '%u'

@ -52,27 +52,11 @@ namespace inbox {
} }
} }
###############
# TLS
###############
ssl = yes
ssl_cert = </certs/cert.pem
ssl_key = </certs/key.pem
# This will be enabled once 2.3 is released
# ssl_dh = </certs/dhparam.pem
# In the meanwhile:
ssl_dh_parameters_length = 2048
# TLS hardening is based on the following documentation:
# https://bettercrypto.org/static/applied-crypto-hardening.pdf
ssl_protocols=!SSLv3 !SSLv2
ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
ssl_prefer_server_ciphers = yes
ssl_options = no_compression
############### ###############
# Authentication # Authentication
############### ###############
auth_mechanisms = plain login auth_mechanisms = plain login
disable_plaintext_auth = no
passdb { passdb {
driver = sql driver = sql
@ -88,10 +72,6 @@ service auth {
user = dovecot user = dovecot
unix_listener auth-userdb { unix_listener auth-userdb {
} }
inet_listener {
port = 2102
}
} }
service auth-worker { service auth-worker {
@ -119,9 +99,6 @@ service imap-login {
inet_listener imap { inet_listener imap {
port = 143 port = 143
} }
inet_listener imaps {
port = 993
}
} }
############### ###############

@ -0,0 +1,20 @@
#!/usr/bin/python
import jinja2
import os
import socket
import glob
convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ))
# Actual startup script
os.environ["FRONT_ADDRESS"] = socket.gethostbyname("front")
for postfix_file in glob.glob("/conf/*.cf"):
convert(postfix_file, os.path.join("/etc/postfix", os.path.basename(postfix_file)))
convert("/conf/rsyslog.conf", "/etc/rsyslog.conf")
# Run postfix
os.system("chown -R mail:mail /mail /var/lib/dovecot")
os.execv("/usr/sbin/dovecot" ["dovecot", "-c", "/etc/dovecot/dovecot.conf", "-F"])

@ -1,13 +0,0 @@
#!/bin/bash
# Substitute configuration
for VARIABLE in `env | cut -f1 -d=`; do
sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /etc/dovecot/*.conf
done
# Fix permissions
chown -R mail:mail /mail
chown -R mail:mail /var/lib/dovecot
# Run dovecot
exec /usr/sbin/dovecot -c /etc/dovecot/dovecot.conf -F
Loading…
Cancel
Save