From e85a2a7e9903e7c00c2db3b23b0e3c0352d538c0 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Wed, 4 Jan 2023 11:01:50 +0100 Subject: [PATCH] Step1: expose managesieve, make the webmails use it --- core/dovecot/conf/dovecot.conf | 6 ++++++ core/nginx/Dockerfile | 5 +++-- core/nginx/conf/nginx.conf | 21 +++++++++++++++++++++ webmails/roundcube/config/config.inc.php | 2 +- webmails/snappymail/defaults/default.json | 4 ++-- 5 files changed, 33 insertions(+), 5 deletions(-) diff --git a/core/dovecot/conf/dovecot.conf b/core/dovecot/conf/dovecot.conf index 60c94238..c60f7491 100644 --- a/core/dovecot/conf/dovecot.conf +++ b/core/dovecot/conf/dovecot.conf @@ -135,10 +135,16 @@ service lmtp { service managesieve-login { inet_listener sieve { port = 4190 + haproxy = yes } } +protocol sieve { + ssl = no +} + service managesieve { + process_limit = 1024 } plugin { diff --git a/core/nginx/Dockerfile b/core/nginx/Dockerfile index f271fc07..27757920 100644 --- a/core/nginx/Dockerfile +++ b/core/nginx/Dockerfile @@ -17,7 +17,8 @@ ARG VERSION LABEL version=$VERSION RUN set -euxo pipefail \ - ; apk add --no-cache certbot nginx nginx-mod-mail openssl + ; apk add --no-cache certbot nginx nginx-mod-http-brotli nginx-mod-stream nginx-mod-mail openssl \ + ; rm /etc/nginx/conf.d/stream.conf COPY conf/ /conf/ COPY --from=static /static/ /static/ @@ -25,7 +26,7 @@ COPY *.py / RUN echo $VERSION >/version -EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 10025/tcp 10143/tcp +EXPOSE 80/tcp 443/tcp 110/tcp 143/tcp 465/tcp 587/tcp 993/tcp 995/tcp 25/tcp 14190/tcp 10025/tcp 10143/tcp HEALTHCHECK --start-period=60s CMD curl -skfLo /dev/null http://localhost/health VOLUME ["/certs", "/overrides"] diff --git a/core/nginx/conf/nginx.conf b/core/nginx/conf/nginx.conf index d1b4923e..44fca726 100644 --- a/core/nginx/conf/nginx.conf +++ b/core/nginx/conf/nginx.conf @@ -1,9 +1,11 @@ # Basic configuration user nginx; worker_processes auto; +pcre_jit on; error_log /dev/stderr notice; pid /var/run/nginx.pid; load_module "modules/ngx_mail_module.so"; +load_module "modules/ngx_stream_module.so"; events { worker_connections 1024; @@ -275,6 +277,25 @@ http { include /etc/nginx/conf.d/*.conf; } +stream { + log_format main '$remote_addr [$time_local] ' + '$protocol $status $bytes_sent $bytes_received ' + '$session_time "$upstream_addr" ' + '"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"'; + access_log /dev/stdout main; + + # managesieve + server { + listen 14190; + resolver {{ RESOLVER }} valid=30s; + + proxy_connect_timeout 1s; + proxy_timeout 1m; + proxy_protocol on; + proxy_pass {{ IMAP_ADDRESS }}:4190; + } +} + mail { server_name {{ HOSTNAMES.split(",")[0] }}; auth_http http://127.0.0.1:8000/auth/email; diff --git a/webmails/roundcube/config/config.inc.php b/webmails/roundcube/config/config.inc.php index 665ef1ad..f271eebc 100644 --- a/webmails/roundcube/config/config.inc.php +++ b/webmails/roundcube/config/config.inc.php @@ -28,7 +28,7 @@ $config['default_host'] = '{{ FRONT_ADDRESS or "front" }}'; $config['default_port'] = '10143'; // Sieve script management -$config['managesieve_host'] = '{{ IMAP_ADDRESS or "imap" }}'; +$config['managesieve_host'] = '{{ FRONT_ADDRESS or "front" }}:14190'; // We access the IMAP and SMTP servers locally with internal names, SSL // will obviously fail but this sounds better than allowing insecure login diff --git a/webmails/snappymail/defaults/default.json b/webmails/snappymail/defaults/default.json index ecbf116c..0d49bfb4 100644 --- a/webmails/snappymail/defaults/default.json +++ b/webmails/snappymail/defaults/default.json @@ -32,8 +32,8 @@ "usePhpMail": false }, "Sieve": { - "host": "{{ IMAP_ADDRESS }}", - "port": 4190, + "host": "{{ FRONT_ADDRESS }}", + "port": 14190, "secure": 0, "shortLogin": false, "ssl": {