Page Menu
Home
Phorge
Search
Configure Global Search
Log In
Files
F236971
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
20 KB
Referenced Files
None
Subscribers
None
View Options
diff --git a/docker/kolab/Dockerfile b/docker/kolab/Dockerfile
index fe6b4550..b16c40c2 100644
--- a/docker/kolab/Dockerfile
+++ b/docker/kolab/Dockerfile
@@ -1,83 +1,91 @@
FROM almalinux:8
LABEL maintainer="contact@apheleia-it.ch"
LABEL dist=centos8
LABEL tier=${TIER}
ENV SYSTEMD_PAGER=''
ENV DISTRO=centos8
ENV LANG=en_US.utf8
ENV LC_ALL=en_US.utf8
# Add EPEL.
RUN dnf -y install dnf-plugin-config-manager && \
dnf config-manager --set-enabled powertools && \
dnf -y install epel-release && \
dnf -y module enable 389-ds:1.4/default && \
dnf -y module enable mariadb:10.3 && \
dnf -y install iputils vim-enhanced bind-utils && \
dnf clean all
RUN rpm --import /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
# Install kolab
RUN rpm --import https://mirror.apheleia-it.ch/repos/Kolab:/16/key.asc && \
rpm -Uvh https://mirror.apheleia-it.ch/repos/Kolab:/16/kolab-16-for-el8.rpm
RUN sed -i -e '/^ssl/d' /etc/yum.repos.d/kolab*.repo && \
dnf config-manager --enable kolab-16-testing &&\
- dnf -y --setopt tsflags= install kolab patch &&\
+ dnf -y --setopt tsflags= install kolab kolab-webadmin patch &&\
dnf clean all
COPY kolab-init.service /etc/systemd/system/kolab-init.service
COPY kolab-setenv.service /etc/systemd/system/kolab-setenv.service
COPY utils /root/utils
RUN systemctl disable dnf-makecache.timer dbus; systemctl enable kolab-setenv kolab-init
RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=permissive/g' /etc/selinux/config 2>/dev/null || :
COPY /rootfs /
COPY kolab-init.sh /usr/local/sbin/
RUN chmod 750 /usr/local/sbin/kolab-init.sh
COPY kolab.conf /etc/kolab/kolab.conf
COPY cyrus.conf /etc/cyrus.conf
COPY imapd.conf /etc/imapd.conf
COPY imapd.annotations.conf /etc/imapd.annotations.conf
COPY guam.conf /etc/guam/sys.config
ARG DB_KOLAB_DATABASE
ARG DB_KOLAB_USERNAME
ARG DB_KOLAB_PASSWORD
ARG LDAP_HOST
ARG LDAP_ADMIN_BIND_DN
ARG LDAP_ADMIN_BIND_PW
ARG LDAP_SERVICE_BIND_PW
ARG IMAP_ADMIN_LOGIN
ARG IMAP_ADMIN_PASSWORD
RUN sed -i -r \
-e "s|DB_KOLAB_DATABASE|$DB_KOLAB_DATABASE|g" \
-e "s|DB_KOLAB_USERNAME|$DB_KOLAB_USERNAME|g" \
-e "s|DB_KOLAB_PASSWORD|$DB_KOLAB_PASSWORD|g" \
-e "s|LDAP_HOST|$LDAP_HOST|g" \
-e "s|LDAP_ADMIN_BIND_DN|$LDAP_ADMIN_BIND_DN|g" \
-e "s|LDAP_ADMIN_BIND_PW|$LDAP_ADMIN_BIND_PW|g" \
-e "s|LDAP_SERVICE_BIND_PW|$LDAP_SERVICE_BIND_PW|g" \
-e "s|IMAP_ADMIN_LOGIN|$IMAP_ADMIN_LOGIN|g" \
-e "s|IMAP_ADMIN_PASSWORD|$IMAP_ADMIN_PASSWORD|g" \
/etc/kolab/kolab.conf
+RUN sed -i -r \
+ -e "s|LDAP_HOST|$LDAP_HOST|g" \
+ -e "s|LDAP_SERVICE_BIND_PW|$LDAP_SERVICE_BIND_PW|g" \
+ /etc/postfix/ldap/*
+
RUN mkdir -p /imapdata/{spool,lib} && \
rm -rf /var/spool/imap && ln -s /imapdata/spool /var/spool/imap && \
mv /var/lib/imap /var/lib/imap-bak && ln -s /imapdata/lib /var/lib/imap && \
chmod -R 777 /imapdata && \
chown cyrus:mail /var/spool/imap /var/lib/imap
+RUN dnf -y install selinux-policy-minimum
+RUN sed -i -r -e 's/^SELINUX=.*$/SELINUX=disabled/g' /etc/selinux/config 2>/dev/null || :
+
VOLUME [ "/sys/fs/cgroup" ]
VOLUME [ "/imapdata" ]
WORKDIR /root/
CMD ["/lib/systemd/systemd"]
EXPOSE 10143/tcp 10465/tcp 10587/tcp 11143/tcp 11993/tcp
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/local_recipient_maps.cf b/docker/kolab/rootfs/etc/postfix/ldap/local_recipient_maps.cf
index 1ddf6d1d..61e360be 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/local_recipient_maps.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/local_recipient_maps.cf
@@ -1,14 +1,14 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
query_filter = (&(|(mail=%s)(alias=%s))(|(objectclass=kolabinetorgperson)(|(objectclass=kolabgroupofuniquenames)(objectclass=kolabgroupofurls))(|(|(objectclass=groupofuniquenames)(objectclass=groupofurls))(objectclass=kolabsharedfolder))(objectclass=kolabsharedfolder))(!(inetuserstatus:1.2.840.113556.1.4.803:=4)))
result_attribute = mail
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_distgroups.cf b/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_distgroups.cf
index 0b67082a..60ab56b2 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_distgroups.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_distgroups.cf
@@ -1,19 +1,19 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
# This finds the mail enabled distribution group LDAP entry
query_filter = (&(|(mail=%s)(alias=%s))(objectClass=kolabgroupofuniquenames)(objectclass=groupofuniquenames)(!(objectclass=groupofurls)))
# From this type of group, get all uniqueMember DNs
special_result_attribute = uniqueMember
# Only from those DNs, get the mail
result_attribute =
leaf_result_attribute = mail
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf b/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf
index 48233127..09d88b89 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/mailenabled_dynamic_distgroups.cf
@@ -1,19 +1,19 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
# This finds the mail enabled dynamic distribution group LDAP entry
query_filter = (&(|(mail=%s)(alias=%s))(objectClass=kolabgroupofuniquenames)(objectClass=groupOfURLs))
# From this type of group, get all memberURL searches/references
special_result_attribute = memberURL
# Only from those DNs, get the mail
result_attribute =
leaf_result_attribute = mail
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/mydestination.cf b/docker/kolab/rootfs/etc/postfix/ldap/mydestination.cf
index 3a0b6489..c3d37187 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/mydestination.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/mydestination.cf
@@ -1,12 +1,12 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = ou=Domains,dc=mgmt,dc=com
scope = sub
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
query_filter = (&(associatedDomain=%s)(inetdomainstatus:1.2.840.113556.1.4.803:=18)(!(inetdomainstatus:1.2.840.113556.1.4.803:=4)))
result_attribute = associateddomain
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/transport_maps.cf b/docker/kolab/rootfs/etc/postfix/ldap/transport_maps.cf
index 848b9333..2f3e3c03 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/transport_maps.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/transport_maps.cf
@@ -1,15 +1,15 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
query_filter = (&(|(mailAlternateAddress=%s)(alias=%s)(mail=%s))(objectclass=kolabinetorgperson))
result_attribute = mail
result_format = lmtp:unix:/var/lib/imap/socket/lmtp
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps.cf b/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps.cf
index 1553f8fb..c32f0614 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps.cf
@@ -1,14 +1,14 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
query_filter = (&(|(mail=%s)(alias=%s))(objectclass=kolabinetorgperson))
result_attribute = mail
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf b/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf
index 52d9df53..bbb52642 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_mailforwarding.cf
@@ -1,14 +1,14 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
query_filter = (&(|(mail=%s)(alias=%s))(objectclass=mailrecipient)(objectclass=inetorgperson)(mailforwardingaddress=*))
result_attribute = mailForwardingAddress
diff --git a/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf b/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf
index 85637e36..1c087b69 100644
--- a/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf
+++ b/docker/kolab/rootfs/etc/postfix/ldap/virtual_alias_maps_sharedfolders.cf
@@ -1,15 +1,15 @@
-server_host = 127.0.0.1
+server_host = LDAP_HOST
server_port = 389
version = 3
search_base = dc=hosted,dc=com
scope = sub
domain = ldap:/etc/postfix/ldap/mydestination.cf
bind_dn = uid=kolab-service,ou=Special Users,dc=mgmt,dc=com
-bind_pw =
+bind_pw = LDAP_SERVICE_BIND_PW
query_filter = (&(|(mail=%s)(alias=%s))(objectclass=kolabsharedfolder)(kolabFolderType=mail))
result_attribute = kolabtargetfolder
result_format = "shared+%s"
diff --git a/docker/kolab/rootfs/etc/postfix/master.cf b/docker/kolab/rootfs/etc/postfix/master.cf
index 5944ff96..06ecf014 100644
--- a/docker/kolab/rootfs/etc/postfix/master.cf
+++ b/docker/kolab/rootfs/etc/postfix/master.cf
@@ -1,137 +1,137 @@
# Postfix master process configuration file. For details on the format
# of the file, see the master(5) manual page (command: "man 5 master").
# Do not forget to execute "postfix reload" after editing this file.
# ==============================================================================
# service type private unpriv chroot wakeup maxproc command
# (yes) (yes) (yes) (never) (100) + args
# ==============================================================================
smtp inet n - n - - smtpd
#smtp inet n - n - 1 postscreen
#smtpd pass - - n - - smtpd
#dnsblog unix - - n - 0 dnsblog
#tlsproxy unix - - n - 0 tlsproxy
#smtps inet n - n - - smtpd
# -o syslog_name=postfix/smtps
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
#628 inet n - n - - qmqpd
pickup fifo n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/header_checks.inbound
-o mime_header_checks=regexp:/etc/postfix/header_checks.inbound
cleanup_internal unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/header_checks.internal
-o mime_header_checks=regexp:/etc/postfix/header_checks.internal
cleanup_submission unix n - n - 0 cleanup
-o header_checks=regexp:/etc/postfix/header_checks.submission
-o mime_header_checks=regexp:/etc/postfix/header_checks.submission
qmgr fifo n - n 300 1 qmgr
#qmgr fifo n - n 300 1 oqmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
proxywrite unix - - n - 1 proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
showq unix n - n - - showq
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
local unix - n n - - local
virtual unix - n n - - virtual
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache
# Filter email through Amavisd
smtp-amavis unix - - n - 3 smtp
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
-o smtp_bind_address=127.0.0.1
# Listener to re-inject email from Amavisd into Postfix
127.0.0.1:10025 inet n - n - 100 smtpd
-o cleanup_service_name=cleanup_internal
-o content_filter=smtp-wallace:[127.0.0.1]:10026
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
# Filter email through Wallace
smtp-wallace unix - - n - 3 smtp
-o default_destination_recipient_limit=1
-o smtp_data_done_timeout=1800
-o disable_dns_lookups=yes
-o smtp_send_xforward_command=yes
-o max_use=20
# Listener to re-inject email from Wallace into Postfix
127.0.0.1:10027 inet n - n - 100 smtpd
-o cleanup_service_name=cleanup_internal
-o content_filter=
-o local_recipient_maps=
-o relay_recipient_maps=
-o smtpd_restriction_classes=
-o smtpd_client_restrictions=
-o smtpd_helo_restrictions=
-o smtpd_sender_restrictions=
-o smtpd_recipient_restrictions=permit_mynetworks,reject
-o mynetworks=127.0.0.0/8
-o smtpd_authorized_xforward_hosts=127.0.0.0/8
recipient_policy unix - n n - - spawn
user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient
recipient_policy_incoming unix - n n - - spawn
user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-recipient --allow-unauthenticated
sender_policy unix - n n - - spawn
user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender
sender_policy_incoming unix - n n - - spawn
user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --allow-unauthenticated
submission_policy unix - n n - - spawn
user=kolab-n argv=/usr/libexec/postfix/kolab_smtp_access_policy --verify-sender --verify-recipient
-127.0.0.1:10587 inet n - n - - smtpd
+0.0.0.0:10587 inet n - n - - smtpd
-o cleanup_service_name=cleanup_submission
-o syslog_name=postfix/submission
#-o smtpd_tls_security_level=encrypt
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_authenticated_header=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_data_restrictions=$submission_data_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_sender_restrictions=$submission_sender_restrictions
-127.0.0.1:10465 inet n - n - - smtpd
+0.0.0.0:10465 inet n - n - - smtpd
-o cleanup_service_name=cleanup_submission
-o rewrite_service_name=rewrite_submission
-o syslog_name=postfix/smtps
-o mydestination=
-o local_recipient_maps=
-o relay_domains=
-o relay_recipient_maps=
#-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_authenticated_header=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o smtpd_sender_restrictions=$submission_sender_restrictions
-o smtpd_recipient_restrictions=$submission_recipient_restrictions
-o smtpd_data_restrictions=$submission_data_restrictions
diff --git a/docker/kolab/utils/03-setup-kolab.sh b/docker/kolab/utils/03-setup-kolab.sh
index ba4a65d1..e81aef75 100755
--- a/docker/kolab/utils/03-setup-kolab.sh
+++ b/docker/kolab/utils/03-setup-kolab.sh
@@ -1,53 +1,72 @@
#!/bin/bash
. ./settings.sh
echo ${CMD} | tee -a /root/setup-kolab.log
echo -n "Wait for MariaDB container: " | tee -a /root/setup-kolab.log
while ! mysqladmin -u root ping > /dev/null 2>&1 ; do
echo -n '.'
sleep 3
done | tee -a /root/setup-kolab.log
echo "OK!" | tee -a /root/setup-kolab.log
echo -n "Wait for DS389 container: " | tee -a /root/setup-kolab.log
while ! ldapsearch -h ${LDAP_HOST} -D "${LDAP_ADMIN_BIND_DN}" -w "${LDAP_ADMIN_BIND_PW}" -b "" -s base > /dev/null 2>&1 ; do
echo -n '.'
sleep 3
done | tee -a /root/setup-kolab.log
echo "OK!" | tee -a /root/setup-kolab.log
+# Initialize the db
+cat > /tmp/kolab-setup-my.cnf << EOF
+[client]
+host=${DB_HOST}
+user=root
+password=${DB_ROOT_PASSWORD}
+EOF
+
+mysql --defaults-file=/tmp/kolab-setup-my.cnf <<EOF
+CREATE DATABASE IF NOT EXISTS $DB_KOLAB_DATABASE;
+CREATE USER IF NOT EXISTS $DB_KOLAB_USERNAME@'%' IDENTIFIED BY '$DB_KOLAB_PASSWORD';
+ALTER USER $DB_KOLAB_USERNAME@'%' IDENTIFIED BY '$DB_KOLAB_PASSWORD';
+GRANT ALL PRIVILEGES ON $DB_KOLAB_DATABASE.* TO $DB_KOLAB_USERNAME@'%';
+FLUSH PRIVILEGES;
+EOF
+
+# We need the webadmin package for this file
+cat /usr/share/doc/kolab-webadmin/kolab_wap.sql | mysql --defaults-file=/tmp/kolab-setup-my.cnf "$DB_KOLAB_DATABASE"
+
cat ${SSL_CERTIFICATE} ${SSL_CERTIFICATE_FULLCHAIN} ${SSL_CERTIFICATE_KEY} > /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
chown cyrus:mail /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem
cp /etc/pki/cyrus-imapd/cyrus-imapd.bundle.pem /etc/pki/tls/private/postfix.pem
chown postfix:mail /etc/pki/tls/private/postfix.pem
chmod 655 /etc/pki/tls/private/postfix.pem
systemctl enable --now postfix
systemctl enable --now wallace
# setup imap
if [ -f "/var/lib/imap/db" ]; then
echo "IMAP directory exists, nothing to do"
else
echo "Initializing IMAP volume"
cp -ar /var/lib/imap-bak/* /var/lib/imap/
systemctl start cyrus-imapd
fi
# Setup httpform auth against kolab
sed -i "s/MECH=.*/MECH=httpform/" /etc/sysconfig/saslauthd
cat > /etc/saslauthd.conf << EOF
httpform_host: services.${APP_DOMAIN}
httpform_port: 8000
httpform_uri: /api/webhooks/cyrus-sasl
httpform_data: %u %r %p
EOF
systemctl restart saslauthd
systemctl enable --now guam
File Metadata
Details
Attached
Mime Type
text/x-diff
Expires
Fri, May 16, 1:57 AM (14 h, 33 m)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
178342
Default Alt Text
(20 KB)
Attached To
Mode
R2 kolab
Attached
Detach File
Event Timeline
Log In to Comment