refactor(): migrate to s6 and rspamd #122

hardware · Jun 18, 2017 · 6b8e1e6 · 6b8e1e6
1 parent 2fc7b6a
commit 6b8e1e6
Show file tree

Hide file tree

Showing 52 changed files with 261 additions and 1,057 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -2,9 +2,5 @@ language: bash
 sudo: required
 services:
 - docker
-before_install:
-- docker --version
 script:
 - make all
-after_script:
-- docker images
diff --git a/Dockerfile b/Dockerfile
@@ -1,82 +1,24 @@
-FROM debian:stretch-slim
+FROM hardware/s6-rspamd
 
 LABEL description "Simple and full-featured mail server using Docker" \
       maintainer="Hardware <contact@meshup.net>"
 
-ARG TINI_VER=0.14.0
+ARG DEBIAN_FRONTEND=noninteractive
 
-# https://pgp.mit.edu/pks/lookup?search=0x0B588DFF0527A9B7&fingerprint=on&op=index
-# pub  4096R/7001A4E5 2012-07-23 Thomas Orozco <thomas@orozco.fr>
-ARG TINI_GPG_SHORTID="0x0527A9B7"
-ARG TINI_GPG_FINGERPRINT="6380 DC42 8747 F6C3 93FE  ACA5 9A84 159D 7001 A4E5"
-ARG TINI_SHA256_HASH="420e47096487f72e3e48cca85ce379f18f9c6d2c3809ecc4bcf34e2b35f7c490"
-
-RUN BUILD_DEPS=" \
-    wget" \
- && apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y -q --no-install-recommends \
-    ${BUILD_DEPS} \
-    postfix \
-    postfix-mysql \
-    postfix-pcre \
-    postgrey \
-    gross \
-    dovecot-core \
-    dovecot-imapd \
-    dovecot-lmtpd \
-    dovecot-mysql \
-    dovecot-sieve \
-    dovecot-managesieved \
-    dovecot-pop3d \
-    opendkim \
-    opendkim-tools \
-    opendmarc \
-    amavisd-new \
-    amavisd-milter \
-    spamassassin \
+RUN apt-get update && apt-get install -y -q --no-install-recommends \
+    postfix postfix-mysql postfix-pcre libsasl2-modules \
+    dovecot-core dovecot-imapd dovecot-lmtpd dovecot-mysql dovecot-sieve dovecot-managesieved dovecot-pop3d \
+    fetchmail libdbi-perl libdbd-mysql-perl liblockfile-simple-perl \
     clamav-daemon \
-    clamav-milter \
-    libsasl2-modules \
-    libsys-syslog-perl \
-    libmail-spf-perl \
-    libhttp-message-perl \
-    fetchmail \
-    libdbi-perl \
-    libdbd-mysql-perl \
-    liblockfile-simple-perl \
-    altermime \
-    supervisor \
-    openssl \
-    rsyslog \
-    python-pip \
-    python-setuptools \
-    pigz \
-    pxz \
-    pbzip2 \
-    dnsutils \
-    ca-certificates \
-    gnupg \
-    dirmngr \
+    python-pip python-setuptools \
+    rsyslog dnsutils curl \
  && pip install envtpl \
- && cd /tmp \
- && wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb \
- && wget -q https://github.com/krallin/tini/releases/download/v$TINI_VER/tini_$TINI_VER.deb.asc \
- && echo "Verifying both integrity and authenticity of tini_${TINI_VER}.deb..." \
- && CHECKSUM=$(sha256sum tini_${TINI_VER}.deb | awk '{print $1}') \
- && if [ "${CHECKSUM}" != "${TINI_SHA256_HASH}" ]; then echo "Warning! tini_${TINI_VER}.deb checksum does not match!" && exit 1; fi \
- && gpg --keyserver keys.gnupg.net --recv-keys ${TINI_GPG_SHORTID} \
- && FINGERPRINT="$(LANG=C gpg --verify tini_${TINI_VER}.deb.asc tini_${TINI_VER}.deb 2>&1 \
-  | sed -n "s#Primary key fingerprint: \(.*\)#\1#p")" \
- && if [ -z "${FINGERPRINT}" ]; then echo "Warning! tini_${TINI_VER}.deb.asc invalid GPG signature!" && exit 1; fi \
- && if [ "${FINGERPRINT}" != "${TINI_GPG_FINGERPRINT}" ]; then echo "Warning! tini_${TINI_VER}.deb.asc wrong GPG fingerprint!" && exit 1; fi \
- && echo "All seems good, now unpacking tini_${TINI_VER}.deb..." \
- && dpkg -i tini_$TINI_VER.deb \
- && apt-get purge -y ${BUILD_DEPS} \
  && apt-get autoremove -y \
  && apt-get clean \
  && rm -rf /tmp/* /var/lib/apt/lists/* /var/cache/debconf/*-old
 
-VOLUME /var/mail /etc/opendkim/keys /etc/letsencrypt
-EXPOSE 25 143 465 587 993 4190
-
 COPY rootfs /
-CMD ["tini","--","startup"]
+RUN chmod +x /usr/local/bin /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
+VOLUME /var/mail /etc/letsencrypt
+EXPOSE 25 143 465 587 993 4190
+CMD ["run.sh"]
diff --git a/docker-compose.sample.yml b/docker-compose.sample.yml
@@ -1,35 +1,36 @@
-version: '2'
+version: '2.1'
+
 services:
   mailserver:
     image: hardware/mailserver
     container_name: mailserver
-    domainname: domain.tld                # Mail server FQDN & reverse = mail.domain.tld.
+    domainname: domain.tld                  # Mail server FQDN & reverse = mail.domain.tld.
     hostname: mail
     # restart: always
-    # extra_hosts:                        - Required for external database (on other server or for local database on host)
-    #  - "mariadb:xx.xx.xx.xx"            - Replace with IP address of MariaDB server
+    # extra_hosts:                          - Required for external database (on other server or for local database on host)
+    #  - "mariadb:xx.xx.xx.xx"              - Replace with IP address of MariaDB server
     ports:
-      - "25:25"     # SMTP                - Required
-    # - "110:110"   # POP3       STARTTLS - Optional - For webmails/desktop clients
-      - "143:143"   # IMAP       STARTTLS - Optional - For webmails/desktop clients
-    # - "465:465"   # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
-      - "587:587"   # Submission STARTTLS - Optional - For webmails/desktop clients
-      - "993:993"   # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
-    # - "995:995"   # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
-      - "4190:4190" # SIEVE      STARTTLS - Optional - Recommended for mail filtering
+      - "25:25"       # SMTP                - Required
+    # - "110:110"     # POP3       STARTTLS - Optional - For webmails/desktop clients
+      - "143:143"     # IMAP       STARTTLS - Optional - For webmails/desktop clients
+    # - "465:465"     # SMTPS      SSL/TLS  - Optional - Enabled for compatibility reason, otherwise disabled
+      - "587:587"     # Submission STARTTLS - Optional - For webmails/desktop clients
+      - "993:993"     # IMAPS      SSL/TLS  - Optional - For webmails/desktop clients
+    # - "995:995"     # POP3S      SSL/TLS  - Optional - For webmails/desktop clients
+      - "4190:4190"   # SIEVE      STARTTLS - Optional - Recommended for mail filtering
+      - "11334:11334" # HTTP                - Optional - Rspamd WebUI
     environment:
       - DBPASS=xxxxxxx
+      - RSPAMD_PASSWORD=xxxxxxx   # Rspamd WebUI password
     # - ENABLE_POP3=true          # Enable POP3 protocol
-    # - GREYLISTING=gross         # Enable gross greylisting policy server
     # - DISABLE_CLAMAV=true       # Disable virus scanning
-    # - DISABLE_SPAMASSASSIN=true # Disable SPAM checking
     # - DISABLE_SIEVE=true        # Disable ManageSieve protocol
     volumes:
       - /mnt/docker/mail:/var/mail
-      - /mnt/docker/mail/opendkim:/etc/opendkim/keys
     # - /mnt/docker/nginx/certs:/etc/letsencrypt
     depends_on:
       - mariadb
+      - redis
 
   # Administration interface
   # https://github.com/hardware/postfixadmin
@@ -112,3 +113,16 @@ services:
       - MYSQL_PASSWORD=xxxxxxx
     volumes:
       - /mnt/docker/mysql/db:/var/lib/mysql
+
+  # Cache Database
+  # https://github.com/docker-library/redis.
+  # https://redis.io/
+  redis:
+    image: redis:3.2-alpine
+    container_name: redis
+    # restart: always
+    command: redis-server --appendonly yes
+    sysctls:
+      - net.core.somaxconn=1024
+    volumes:
+      - /mnt/docker/redis/db/:/data
diff --git a/rootfs/etc/amavis/conf.d/05-domain_id b/rootfs/etc/amavis/conf.d/05-domain_id
diff --git a/rootfs/etc/amavis/conf.d/05-node_id b/rootfs/etc/amavis/conf.d/05-node_id
diff --git a/rootfs/etc/amavis/conf.d/15-content_filter_mode b/rootfs/etc/amavis/conf.d/15-content_filter_mode