Send and receive is working, not with mailing list yet

Signed-off-by: James Ketrenos <james_git@ketrenos.com>

docker-compose.yml

@@ -41,8 +41,8 @@ services:
       - 465:465 # postfix smtps
       - 587:587 # postfix submission
     volumes:
-      - /home/jketreno/docker/mailman/core/var/data/postfix_lmtp:/opt/mailman/postfix_lmtp:ro # Used for LMTP to ketrenet-mailman-core
-      - /home/jketreno/docker/mailman/core/var/data/postfix_domains:/opt/mailman/postfix_domains:ro # Used for LMTP to ketrenet-mailman-core
+      - /home:/home:rw # User home directories for Maildir access
+      - /home/jketreno/docker/webserver/data/mailman/core/var/data/postfix_lmtp:/opt/mailman/postfix_lmtp:ro # Used for LMTP to ketrenet-mailman-core
       - /home/jketreno/docker/webserver/keys/cron/etc/letsencrypt/live:/etc/letsencrypt/live:ro
       - /home/jketreno/docker/webserver/keys/cron/etc/letsencrypt/archive:/etc/letsencrypt/archive:ro
       - /home/jketreno/docker/webserver/mail/etc/mailname:/etc/mailname:ro
@@ -56,16 +56,15 @@ services:
       - /home/jketreno/docker/webserver/mail/etc/opendkim:/etc/opendkim:ro
       - /home/jketreno/docker/webserver/mail/etc/postfix:/etc/postfix:rw
       - /home/jketreno/docker/webserver/mail/etc/milter-greylist:/etc/milter-greylist:ro
+      - /home/jketreno/docker/webserver/data/mail/var/lib/milter-greylist:/var/lib/milter-greylist:rw
+      - /home/jketreno/docker/webserver/mail/etc/default/milter-greylist:/etc/default/milter-greylist:ro
       - /home/jketreno/docker/webserver/mail/entrypoint.sh:/entrypoint.sh:ro
       - /home/jketreno/docker/webserver/data/log:/var/log:rw
       - /home/jketreno/docker/webserver/data/mail/var/mail:/var/mail:rw
       - /home/jketreno/docker/webserver/data/mail/var/spool/mail:/var/spool/mail:rw
-      - /home/jketreno/docker/webserver/data/mail/var/lib/milter-greylist:/var/lib/milter-greylist:rw
-      - /home:/home:rw
       - /home/jketreno/docker/webserver/www:/var/www:ro
       - /home/jketreno/docker/webserver/data/mail/var/lib/clamav:/var/lib/clamav:rw
       - /home/jketreno/docker/webserver/mail/etc/rsyslog.conf:/etc/rsyslog.conf:ro
-      - /home/jketreno/docker/webserver/mail/etc/default/milter-greylist:/etc/default/milter-greylist:ro
       # Keys
       - /home/jketreno/docker/webserver/keys/mail/etc/dkimkeys:/etc/dkimkeys:ro
       - /home/jketreno/docker/webserver/keys/mail/etc/spamassassin/sa-update-keys/:/etc/spamassassin/sa-update-keys:rw

mail/Dockerfile.mail

@@ -32,4 +32,9 @@ RUN apt-get -q update \
 COPY ./Dockerfile.mail /Dockerfile
 COPY ./entrypoint.sh /entrypoint.sh
 
+# Change ownership of /opt/mailman so that entrypoint.sh
+# can watch the postfix_lmtp file and postmap it to a DB 
+# file
+RUN mkdir /opt/mailman && chown 100:65533 /opt/mailman
+
 ENTRYPOINT [ "/entrypoint.sh" ]

mail/entrypoint.sh

@@ -1,43 +1,75 @@
 #!/bin/bash
+fail() {
+  echo "FAIL: ${*}" >&2
+  exit 1
+}
+
 # clamav needs access to read the spool files from amavis
-usermod -a -G amavis clamav
+if ! usermod -a -G amavis clamav; then
+  fail "usermod -a -G amavis clamav"
+fi
 
 # postfix needs access to the opendkim socket
-usermod -a -G opendkim postfix
+if ! usermod -a -G opendkim postfix; then
+  fail "usermod -a -G opendkim postfix"
+fi
 
 # clamd couldn't access amavis/tmp
-chmod g+rx /var/lib/amavis/tmp
+if ! chmod g+rx /var/lib/amavis/tmp; then
+  fail "chmod g+rx /var/lib/amavis/tmp"
+fi
 
 # directory is not being created by /etc/init.d/opendkim
 for dir in opendkim ilter-greylist; do
   if [[ ! -d "/var/spool/${dir}" ]]; then
-    mkdir -p "/var/spool/postfix/${dir}"
+    if ! mkdir -p "/var/spool/postfix/${dir}"; then
+      fail "mkdir -p /var/spool/postfix/${dir}"
+    fi
   fi
 done
-chown opendkim:opendkim /var/spool/postfix/opendkim
+if ! chown opendkim:opendkim /var/spool/postfix/opendkim; then
+  fail "chown opendkim:opendkim /var/spool/postfix/opendkim"
+fi
 
 # opendkim needs to read its private data
-chown -R opendkim:root /etc/opendkim-private
+if ! chown -R opendkim:root /etc/opendkim-private; then
+  fail "chown -R opendkim:root /etc/opendkim-private"
+fi
+
+if ! chown root:root /var/log; then
+  fail "chown root:root /var/log"
+fi
 
-chown root:root /var/log
 for log in syslog "mail.*" "dovecot*.log" auth.log; do
-  touch /var/log/${log}
-  chmod a+rwX /var/log/${log}
+  if ! touch "/var/log/${log}"; then
+    fail "touch /var/log/${log}"
+  fi
+  if ! chmod a+rwX "/var/log/${log}"; then
+    fail "chmod a+rwX /var/log/${log}"
+  fi
 done
 
 if [[ -e /run/rsyslogd.pid ]]; then
-  rm /run/rsyslogd.pid
+  if ! rm /run/rsyslogd.pid; then
+    fail "rm /run/rsyslogd.pid"
+  fi
 fi
 
 if [[ -e /var/run/dovecot/master.pid ]]; then
-  rm /var/run/dovecot/master.pid
+  if ! rm /var/run/dovecot/master.pid; then
+    fail "rm /var/run/dovecot/master.pid"
+  fi
 fi
 
 # Set opendkim.sock ownership and permissions
 
 find /var/log -name 'dovecot*' | while read -r file; do
-  chown dovecot:postfix "${file}"
-  chmod g+rwX "${file}"
+  if ! chown dovecot:postfix "${file}"; then
+    fail "chown dovecot:postfix ${file}"
+  fi
+  if ! chmod g+rwX "${file}"; then
+    fail "chmod g+rwX ${file}"
+  fi
 done
 
 if false; then
@@ -56,9 +88,21 @@ if false; then
   sed -i -E 's,(passwd|group|shadow|gshadow):.*files$,\1: files [NOTFOUND=return] system\1: files,g' /etc/nsswitch.conf
 else
   # use ldap
-  sed -i -E 's#^base dc=example.*#base dc=ketrenos,dc=net#g' /etc/ldap.conf
-  sed -i -E 's#^uri ldap.*#uri ldap://192.168.1.78/#g' /etc/ldap.conf
-  sed -i -E 's#(passwd|group|shadow|gshadow):.*files$#\1: files ldap#g' /etc/nsswitch.conf
+  if ! sed -i -E 's#^base dc=example.*#base dc=ketrenos,dc=net#g' /etc/ldap.conf; then
+    fail "sed 1"
+  fi
+
+  if ! sed -i -E 's#^uri ldap.*#uri ldap://192.168.1.78/#g' /etc/ldap.conf; then
+    fail "sed 2"
+  fi
+
+  if ! sed -i -E 's#(passwd|group|shadow|gshadow):.*files$#\1: files ldap#g' /etc/nsswitch.conf; then
+    fail "sed 3"
+  fi
+fi
+
+if ! postmap /opt/mailman/postfix_lmtp; then
+  fail "postmap /opt/mailman/postfix_lmtp"
 fi
 
 while true; do 
@@ -84,6 +128,9 @@ done &
 # greylist.conf is installed into /etc/milter-greylist, however
 # /etc/init.d/milter-greylist uses the default, which looks in
 # /etc/mail/greylist.conf
+if [[ -e /etc/mail/greylist.conf ]]; then
+  rm /etc/mail/greylist.conf
+fi
 ln -s ../milter-greylist/greylist.conf /etc/mail/greylist.conf
 while true; do
   /usr/sbin/milter-greylist -D -P /var/run/greylist.pid -u postfix -p /var/spool/postfix/milter-greylist/milter-greylist.sock
@@ -135,7 +182,14 @@ done &
 #
 # Watch for letsencrypt changes and if they occur, restart nginx and apache2
 #
-while inotifywait -e modify /etc/letsencrypt/archive; do 
-  /etc/init.d/dovecot restart
-  /etc/init.d/postfix restart
+while true; do
+  inotifywait -e modify /etc/letsencrypt/archive /opt/mailman/postfix_lmtp | while read -r file status; do 
+    if [[ "${file}" == "/opt/mailman/postfix_lmtp" ]]; then
+      postmap /opt/mailman/postfix_lmtp
+      /etc/init.d/postfix reload
+    else
+      /etc/init.d/dovecot restart
+      /etc/init.d/postfix restart
+    fi
+  done
 done

mail/etc/dovecot/conf.d/10-logging.conf

@@ -49,7 +49,7 @@ auth_debug_passwords = no
 
 # Enable mail process debugging. This can help you figure out why Dovecot
 # isn't finding your mails.
-mail_debug = yes
+mail_debug = no
 
 # Show protocol level SSL errors.
 verbose_ssl = no

mail/etc/postfix/main.cf

@@ -23,8 +23,8 @@ unverified_sender_defer_code = 250
 # Disable the biff service (notify users of new mail)
 biff = no
 
-# Set the maximum message size to 200M to handle large emails
-message_size_limit = 200M
+# Set the maximum message size to 200MB (in bytes)
+message_size_limit = 209715200
 
 # Don't append the domain to usernames automatically
 append_dot_mydomain = no
@@ -87,7 +87,8 @@ unknown_local_recipient_reject_code = 550
 owner_request_special = no
 transport_maps = hash:/opt/mailman/postfix_lmtp
 local_recipient_maps = hash:/opt/mailman/postfix_lmtp
-relay_domains = hash:/opt/mailman/postfix_domains
+# relay_domains is set for more than just mailman ketrenos.com
+# relay_domains = hash:/opt/mailman/postfix_domains
 
 # Origin domain for outgoing mail
 myorigin = /etc/mailname

mail/etc/postfix/master.cf

@@ -19,7 +19,7 @@
 #  -o smtpd_data_restrictions=
 #  -o smtpd_end_of_data_restrictions=
 submission inet  n       -       y       -       -       smtpd
-smtps      inet  n       -       y       -       -       smtpd
+#smtps      inet  n       -       y       -       -       smtpd
 #  -o smtpd_tls_wrappermode=yes
 #  -o smtpd_sasl_auth_enable=yes
 #  -o smtpd_client_restrictions=permit_sasl_authenticated,reject