File root.obscpio of Package opensuse-dovecot-image

Overview Repositories Revisions Requests Users Attributes Meta

File root.obscpio of Package opensuse-dovecot-image

07070100000000000081ED000000000000000000000001665440D000002668000000000000000000000000000000000000001300000000root/entrypoint.sh#!/bin/bash

DEBUG=${DEBUG:-"0"}

[ "${DEBUG}" = "1" ] && set -x

export PATH=/usr/sbin:/sbin:${PATH}

DOVECOT_RUN_DIR=${DOVECOT_RUN_DIR:-"/run/dovecot"}
DOVECOT_CERTS_DIR=${DOVECOT_CERTS_DIR:-"/etc/certs"}

# Generic values
USE_VMAIL_USER=${USE_VMAIL_USER:-"1"}
VMAIL_UID=${VMAIL_UID:-"5000"}
ENABLE_IMAP=${ENABLE_IMAP:-"1"}
ENABLE_POP3=${ENABLE_POP3:-"0"}
ENABLE_LMTP=${ENABLE_LMTP:-"0"}
ENABLE_SIEVE=${ENABLE_SIEVE:-"1"}
ENABLE_MANAGESIEVE=${ENABLE_MANAGESIEVE:-"0"}

# TLS
DOVECOT_TLS=${DOVECOT_TLS:-"1"}
DOVECOT_TLS_CA_CRT=${DOVECOT_TLS_CA_CRT:-"${DOVECOT_CERTS_DIR}/dovecot-ca.crt"}
DOVECOT_TLS_CA_KEY=${DOVECOT_TLS_CA_KEY:-"${DOVECOT_CERTS_DIR}/dovecot-ca.key"}
DOVECOT_TLS_CRT=${DOVECOT_TLS_CRT:-"${DOVECOT_CERTS_DIR}/dovecot-tls.crt"}
DOVECOT_TLS_KEY=${DOVECOT_TLS_KEY:-"${DOVECOT_CERTS_DIR}/dovecot-tls.key"}
DOVECOT_TLS_DH_PARAM=${DOVECOT_TLS_DH_PARAM:-"${DOVECOT_CERTS_DIR}/dovecot-dhparam.pem"}

DOVECOT_TLS_ENFORCE=${DOVECOT_TLS_ENFORCE:-"1"}
DOVECOT_TLS_CIPHER_SUITE=${DOVECOT_TLS_CIPHER_SUITE:-"HIGH:-VERS-TLS-ALL:+VERS-TLS1.2:+VERS-TLS1.3:!SSLv3:!SSLv2:!ADH"}

# LDAP
USE_LDAP=${USE_LDAP:-"0"}
LDAP_HOSTS=${LDAP_HOSTS:-"localhost"}
LDAP_BASE_DN=${LDAP_BASE_DN:-"ou=mail,dc=example,dc=org"}
LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=mailAccountReader,ou=Manager,dc=example,dc=org"}
LDAP_BIND_PASSWORD_FILE=${LDAP_BIND_PASSWORD_FILE:-"/etc/dovecot-secrets/LDAP_BIND_PASSWORD"}
LDAP_USE_TLS=${LDAP_USE_TLS:-"1"}
LDAP_TLS_CA_CRT=${LDAP_TLS_CA_CRT:-""}

setup_timezone() {
    if [ -n "$TZ" ]; then
	TZ_FILE="/usr/share/zoneinfo/$TZ"
	if [ -f "$TZ_FILE" ]; then
	    echo "Setting container timezone to: $TZ"
	    ln -snf "$TZ_FILE" /etc/localtime
	else
	    echo "Cannot set timezone \"$TZ\": timezone does not exist."
	fi
    fi
}

# usage: file_env VAR [DEFAULT]
#    ie: file_env 'DOVECOT_ADMIN_PASSWORD' 'example'
# (will allow for "$DOVECOT_ADMIN_PASSWORD_FILE" to fill in the value of
#  "$DOVECOT_ADMIN_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
    var="$1"
    fileVar="${var}_FILE"
    def="${2:-}"
    if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
        echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
        exit 1
    fi
    val="$def"
    if [ "${!var:-}" ]; then
        val="${!var}"
    elif [ "${!fileVar:-}" ]; then
        val="$(< "${!fileVar}")"
    fi
    export "$var"="$val"
    unset "$fileVar"
}

setup_vmail_user() {

# setup vmail user. If not needed, setup /var/spool/vmail
    # for local delivery.

if [ "${USE_VMAIL_USER}" = "1" ]; then

# Create the vmail user with the requested UID
	if [ -x /usr/sbin/adduser ]; then
            adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u "${VMAIL_UID}" -s /sbin/nologin vmail
	else
            useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u "${VMAIL_UID}" vmail
	fi
	if [ $? -ne 0 ]; then
            echo "ERROR: creating of vmail user failed! Aborting."
            exit 1
	fi

if [ ! -d /var/spool/vmail ]; then
            mkdir -p /var/spool/vmail
	fi
	# Fix permissions in every case.
	chown vmail:vmail /var/spool/vmail
	chmod 775 /var/spool/vmail

sed -i -e "s|^#mail_uid =.*|mail_uid = vmail|g" /etc/dovecot/conf.d/10-mail.conf
	sed -i -e "s|^#mail_gid =.*|mail_gid = vmail|g" /etc/dovecot/conf.d/10-mail.conf
    else
	if [ ! -d /var/spool/vmail ]; then
            mkdir -p /var/spool/vmail
	fi
	# Fix permissions in every case.
	chmod 1777 /var/spool/vmail
    fi
}

setup_default_config() {

mkdir -p "${DOVECOT_RUN_DIR}"

[ -z "$(ls -A /etc/dovecot)" ] || return

# Only continue
    cp -a /usr/share/dovecot/example-config/* /etc/dovecot/

if [ "${DEBUG}" = "1" ]; then
	# Enable some debug informations in conf.d/10-logging.conf
	sed -i -e 's|^#auth_debug =.*|auth_debug = yes|g' /etc/dovecot/conf.d/10-logging.conf
	sed -i -e 's|^#mail_debug =.*|mail_debug = yes|g' /etc/dovecot/conf.d/10-logging.conf
	sed -i -e 's|^#verbose_ssl =.*|verbose_ssl = yes|g' /etc/dovecot/conf.d/10-logging.conf
    fi

# Don't allow plaintext authentication
    sed -i -e 's|^#disable_plaintext_auth =.*|disable_plaintext_auth = yes|g' /etc/dovecot/conf.d/10-auth.conf

# Where to find the mailfolders and which uid/gid to use
    echo "mail_home=/var/spool/vmail/%n" >> /etc/dovecot/conf.d/10-mail.conf
    sed -i -e 's|^#mail_location =.*|mail_location = maildir:~/Maildir|g' /etc/dovecot/conf.d/10-mail.conf

echo -e "#default_process_limit = 100\n#default_client_limit = 1000\n" > /etc/dovecot/conf.d/10-master.conf

local PROTOCOLS=""
    if [ "${ENABLE_IMAP}" = "1" ]; then
	PROTOCOLS="imap ${PROTOCOLS}"
	cat << 'EOT' >> /etc/dovecot/conf.d/10-master.conf
service imap-login {
    inet_listener imap {
        port = 143
    }
    inet_listener imaps {
        port = 993
        ssl = yes
    }

service_count = 1
    process_min_avail = 1
}

EOT
    fi

if [ "${ENABLE_POP3}" = "1" ]; then
	PROTOCOLS="pop3 ${PROTOCOLS}"
	cat << 'EOT' >> /etc/dovecot/conf.d/10-master.conf
service pop3-login {
  inet_listener pop3 {
    port = 110
  }
  inet_listener pop3s {
    port = 995
    ssl = yes
  }
}

EOT
    fi

if [ "${ENABLE_LMTP}" = "1" ]; then
	PROTOCOLS="lmtp ${PROTOCOLS}"
	echo "service lmtp {" >> /etc/dovecot/conf.d/10-master.conf
	[ "${USE_VMAIL_USER}" = "1" ]  && echo "  user = vmail" >> /etc/dovecot/conf.d/10-master.conf
	cat << 'EOT' >> /etc/dovecot/conf.d/10-master.conf
  inet_listener lmtp {
    # address = 192.168.0.24 127.0.0.1 ::1
    port = 24
  }
}
EOT

if [ "${ENABLE_SIEVE}" = "1" ]; then
	    cat << 'EOT' > /etc/dovecot/conf.d/20-lmtp.conf
protocol lmtp {
  #mail_fsync = optimized
  mail_plugins = $mail_plugins sieve
}
EOT
	    sed -i -e 's|sieve =.*|sieve = file:/var/spool/vmail/%n/sieve;active=/var/spool/vmail/%n/.dovecot.sieve|g' /etc/dovecot/conf.d/90-sieve.conf

if [ "${ENABLE_MANAGESIEVE}" = "1" ]; then
		cat << 'EOT' > /etc/dovecot/conf.d/20-managesieve.conf
protocols = $protocols sieve

service managesieve-login {
  inet_listener sieve {
    port = 4190
  }

# Number of connections to handle before starting a new process. Typically
  # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
  # is faster. <doc/wiki/LoginProcess.txt>
  service_count = 1
}
EOT
	    fi
	fi
    fi

sed -i -e "s|^#protocols =.*|protocols = ${PROTOCOLS}|g" /etc/dovecot/dovecot.conf
}

setup_ldap() {
    [ "${USE_LDAP}" = "1" ] || return

echo "Configure LDAP..."

# Disable enabled auth includes and add ldap
    sed -i -e 's|^!include$.*$|#!include\1|g' /etc/dovecot/conf.d/10-auth.conf
    echo "!include auth-ldap.conf.ext" >> /etc/dovecot/conf.d/10-auth.conf

sed -i -e "s|^#hosts =.*|hosts = ${LDAP_HOSTS}|g" /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e "s|^base =.*|base = ${LDAP_BASE_DN}|g" /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e 's|^#ldap_version =.*|ldap_version = 3|g' /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e "s|^#dn =.*|dn = ${LDAP_BIND_DN}|g" /etc/dovecot/dovecot-ldap.conf.ext
    file_env LDAP_BIND_PASSWORD
    sed -i -e "s|^#dnpass =.*|dnpass = ${LDAP_BIND_PASSWORD}|g" /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e 's|^#auth_bind =.*|auth_bind = yes|g' /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e "s|^#auth_bind_userdn =.*|auth_bind_userdn = uid=%u,${LDAP_BASE_DN}|g" /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e 's|^#scope =.*|scope = subtree|g' /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e 's|^#user_attrs =.*|user_attrs = uidNumber=uid,gidNumber=gid|g' /etc/dovecot/dovecot-ldap.conf.ext
    sed -i -e 's/^#user_filter =.*/user_filter = (\&(objectClass=posixAccount)(|(uid=%u)(maildrop=%u)))/g' /etc/dovecot/dovecot-ldap.conf.ext
    if [ "${LDAP_USE_TLS}" = "1" ]; then
	sed -i -e 's|^#tls =.*|tls = yes|g' /etc/dovecot/dovecot-ldap.conf.ext
	if [ -n "${LDAP_TLS_CA_CRT}" ]; then
	    sed -i -e "s|^#tls_ca_cert_file =.*|tls_ca_cert_file = ${LDAP_TLS_CA_CRT}|g" /etc/dovecot/dovecot-ldap.conf.ext
	fi
    fi
# XXX tls_require_cert = hard
}

function setup_tls() {
    [ "${DOVECOT_TLS}" = "1" ] || return

echo "Add TLS config..."

mkdir -p "${DOVECOT_CERTS_DIR}"
    if [ ! -e "$DOVECOT_TLS_CRT" ] || [ ! -e "$DOVECOT_TLS_KEY" ]; then
	if ! /common-scripts/ssl-helper "$DOVECOT_TLS_CRT" "$DOVECOT_TLS_KEY" "$DOVECOT_TLS_CA_CRT" "$DOVECOT_TLS_CA_KEY"; then
	    exit 1
	fi
    fi

# create DHParamFile if not found
    if [ ! -f "${DOVECOT_TLS_DH_PARAM}" ]; then
        openssl genpkey -genparam -algorithm DH \
                -out "${DOVECOT_TLS_DH_PARAM}" \
                -pkeyopt dh_paramgen_prime_len:2048
        chmod 600 "${DOVECOT_TLS_DH_PARAM}"
    fi

sed -i -e "s|^ssl_cipher_list =.*|ssl_cipher_list = ${DOVECOT_TLS_CIPHER_SUITE}|g" /etc/dovecot/conf.d/10-ssl.conf
    sed -i -e 's|^ssl_prefer_server_ciphers =.*|ssl_prefer_server_ciphers = yes|g' /etc/dovecot/conf.d/10-ssl.conf
    sed -i -e "s|^#ssl_cert =.*|ssl_cert = <${DOVECOT_TLS_CRT}|g" /etc/dovecot/conf.d/10-ssl.conf
    sed -i -e "s|^#ssl_key =.*|ssl_key = <${DOVECOT_TLS_KEY}|g" /etc/dovecot/conf.d/10-ssl.conf
    sed -i -e "s|^#ssl_dh =.*|ssl_dh = <${DOVECOT_TLS_DH_PARAM}|g" /etc/dovecot/conf.d/10-ssl.conf

# Enforce TLS
    if [ "${DOVECOT_TLS_ENFORCE}" = "1" ]; then
        echo "Enforce TLS..."
	sed -i -e 's|^#ssl =.*|ssl = required|g' /etc/dovecot/conf.d/10-ssl.conf
    fi
}

###
### Main function
###

# if command starts with an option, prepend dovecot
if [ "${1:0:1}" = '-' ]; then
        set -- /usr/sbin/dovecot "$@"
fi

# Generic setup
setup_timezone
setup_default_config
setup_vmail_user
setup_ldap
setup_tls
echo "Updating certificate store..."
update-ca-certificates

exec "$@"
07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000B00000000TRAILER!!!20 blocks

Places

File root.obscpio of Package opensuse-dovecot-image

Places