From 3673286224a854f200f4adf279d3ef68376e0aab Mon Sep 17 00:00:00 2001
From: David Beniamine <david.beniamine@tetras-libre.fr>
Date: Mon, 22 Nov 2021 00:12:05 +0100
Subject: [PATCH] =?UTF-8?q?WIP=C2=A0postfix+sympa?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .gitignore                                    |  5 +-
 docker-compose.yml                            | 19 +++++-
 docker/entrypoint.sh                          | 31 ----------
 docker/postfix/Dockerfile                     | 12 ++++
 docker/postfix/etc/aliases                    | 16 +++++
 docker/postfix/etc/postfix/global_alias       |  1 +
 docker/postfix/etc/postfix/main.cf.append     | 22 +++++++
 docker/postfix/etc/postfix/master.cf.append   | 16 +++++
 docker/postfix/etc/service/postfix/run.config |  2 +
 .../etc/service/postfix/run.initialization    |  3 +
 docker/{ => sympa}/Dockerfile                 |  3 +
 docker/sympa/entrypoint.sh                    | 58 +++++++++++++++++++
 12 files changed, 153 insertions(+), 35 deletions(-)
 delete mode 100755 docker/entrypoint.sh
 create mode 100644 docker/postfix/Dockerfile
 create mode 100644 docker/postfix/etc/aliases
 create mode 100644 docker/postfix/etc/postfix/global_alias
 create mode 100644 docker/postfix/etc/postfix/main.cf.append
 create mode 100644 docker/postfix/etc/postfix/master.cf.append
 create mode 100644 docker/postfix/etc/service/postfix/run.config
 create mode 100644 docker/postfix/etc/service/postfix/run.initialization
 rename docker/{ => sympa}/Dockerfile (92%)
 create mode 100755 docker/sympa/entrypoint.sh

diff --git a/.gitignore b/.gitignore
index 776a5c6..d1977dd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
-.sw?
+.*.sw?
 .env
-etc/ 
+postfix/
+sympa/
diff --git a/docker-compose.yml b/docker-compose.yml
index 90c7999..29192f9 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,10 +2,10 @@ version: "3"
 
 services:
   sympa:
-    build: ./docker
+    build: ./docker/sympa
     restart: always
     volumes:
-      - "./etc:/etc/sympa"
+      - "./sympa:/etc/sympa"
       - "spool_sympa:/var/spool/sympa"
       - "spool_nullmailer:/var/spool/nullmailer"
       - "lib_sympa:/var/lib/sympa"
@@ -26,6 +26,20 @@ services:
     ports:
       - '8081:80'
 
+  postfix:
+    build: ./docker/postfix
+    volumes:
+      - "./sympa/shared:/etc/sympa/shared"
+      - "./postfix/log:/var/log/postfix"
+      - "spool_postfix:/var/spool/postfix"
+    environment:
+      POSTFIX_VIRTUAL_DOMAINS:
+      MAILNAME:
+      MY_NETWORKS:
+      ROOT_ALIAS:
+      MY_DESTINATION:
+
+
   pgsql:
     image: postgres
     restart: always
@@ -39,5 +53,6 @@ services:
 volumes:
   pgdata:
   spool_sympa:
+  spool_postfix:
   spool_nullmailer:
   lib_sympa:
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
deleted file mode 100755
index 00918dc..0000000
--- a/docker/entrypoint.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-# Populate volume
-if [ -z "$(ls /etc/sympa/)" ]; then
-	cp -pr /etc/sympa.sample/* /etc/sympa/
-fi
-
-# Replace configurations by env
-conf_file=/etc/sympa/sympa/sympa.conf
-for var in $(env | grep '^SYMPA'); do
-	config=$(echo $var | sed 's/^SYMPA_\([^=]*\).*/\L\1/')
-	value=$(echo $var | sed 's/^[^=]*=\(.*\)/\1/')
-	sed -i -e "s#^$config\t.*#$config\t$value#" $conf_file
-	if [ -z "$(grep "^$config" $conf_file)" ];
-	then
-		echo -e "$config\t$value" >> $conf_file
-	fi
-done
-
-# Fix permissions
-chown -R sympa:sympa /etc/sympa/
-
-/bin/mkdir -p /run/sympa
-/bin/chown sympa:sympa /run/sympa
-
-# Launch services
-syslogd
-
-sudo -u sympa /usr/lib/sympa/bin/sympa_msg.pl
-/usr/bin/sympa --health_check
-exec apache2ctl -DFOREGROUND
diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
new file mode 100644
index 0000000..cce82f4
--- /dev/null
+++ b/docker/postfix/Dockerfile
@@ -0,0 +1,12 @@
+# Dockerfile inspired from https://github.com/cloyne/docker-postfix
+FROM tozd/postfix:ubuntu-focal
+
+VOLUME /etc/sympa/shared
+
+RUN apt-get update -q -q && \
+ apt-get install adduser openssh-client --yes --force-yes && \
+ adduser --system --group mailpipe --no-create-home --home /nonexistent && \
+ cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
+ cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
+
+COPY ./etc /etc
diff --git a/docker/postfix/etc/aliases b/docker/postfix/etc/aliases
new file mode 100644
index 0000000..7e5a812
--- /dev/null
+++ b/docker/postfix/etc/aliases
@@ -0,0 +1,16 @@
+# You probably want to edit /etc/postfix/global_alias instead,
+# that file is used for e-mail coming externally.
+
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: webmaster
+ftp: root
+abuse: root
+noc: root
+security: root
+postfix: root
diff --git a/docker/postfix/etc/postfix/global_alias b/docker/postfix/etc/postfix/global_alias
new file mode 100644
index 0000000..bbb3322
--- /dev/null
+++ b/docker/postfix/etc/postfix/global_alias
@@ -0,0 +1 @@
+/^(mailer-daemon|postmaster|nobody|hostmaster|usenet|news|webmaster|www|ftp|abuse|noc|security|postfix|root)@/	root
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
new file mode 100644
index 0000000..e0ad4b5
--- /dev/null
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -0,0 +1,22 @@
+
+# main.cf.append is appended to main.cf when running a Docker image.
+# To modify everything below here modify main.cf.append and run a Docker
+# image again.
+
+virtual_mailbox_domains = POSTFIX_VIRTUAL_DOMAINS
+
+virtual_minimum_uid = 65534
+virtual_uid_maps = static:65534
+virtual_gid_maps = static:65534
+virtual_mailbox_base = /tmp
+
+virtual_alias_maps =
+  regexp:/etc/postfix/global_alias
+  regexp:/etc/sympa/shared/sympa_rewrite
+transport_maps =
+  regexp:/etc/sympa/shared/sympa_transport
+
+sympa_destination_recipient_limit = 1
+sympadomain_destination_recipient_limit = 1
+sympabounce_destination_recipient_limit = 1
+sympabouncedomain_destination_recipient_limit = 1
diff --git a/docker/postfix/etc/postfix/master.cf.append b/docker/postfix/etc/postfix/master.cf.append
new file mode 100644
index 0000000..fd0c6cc
--- /dev/null
+++ b/docker/postfix/etc/postfix/master.cf.append
@@ -0,0 +1,16 @@
+# master.cf.append is appended to master.cf when running a Docker image.
+# To modify everything below here modify master.cf.append and run a Docker
+# image again.
+
+sympa	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa queue ${recipient}
+sympadomain	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa queue sympa@${domain}
+sympabounce	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue ${user}@${domain}
+sympabouncedomain	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}
diff --git a/docker/postfix/etc/service/postfix/run.config b/docker/postfix/etc/service/postfix/run.config
new file mode 100644
index 0000000..6459d84
--- /dev/null
+++ b/docker/postfix/etc/service/postfix/run.config
@@ -0,0 +1,2 @@
+sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append > /etc/postfix/main.cf
+cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append > /etc/postfix/master.cf
diff --git a/docker/postfix/etc/service/postfix/run.initialization b/docker/postfix/etc/service/postfix/run.initialization
new file mode 100644
index 0000000..c710aa3
--- /dev/null
+++ b/docker/postfix/etc/service/postfix/run.initialization
@@ -0,0 +1,3 @@
+if [ -e /etc/sympa/shared/id_rsa ]; then
+  chown mailpipe /etc/sympa/shared/id_rsa*
+fi
diff --git a/docker/Dockerfile b/docker/sympa/Dockerfile
similarity index 92%
rename from docker/Dockerfile
rename to docker/sympa/Dockerfile
index a2344fe..837456f 100644
--- a/docker/Dockerfile
+++ b/docker/sympa/Dockerfile
@@ -10,6 +10,7 @@ RUN  apt-get -y install \
 	libapache2-mod-fcgid \
 	libdbd-pg-perl \
 	libfcgi-perl \
+	openssh-server \
 	sudo
 
 RUN apt-get -y install --no-install-recommends sympa
@@ -24,6 +25,8 @@ RUN echo "local1.* -/var/log/sympa.log" >> /etc/syslog.conf
 
 RUN cp -r /etc/sympa /etc/sympa.sample
 
+COPY run.sh /opt/sympa_run.sh
+
 COPY entrypoint.sh /entrypoint
 
 ENTRYPOINT /entrypoint
diff --git a/docker/sympa/entrypoint.sh b/docker/sympa/entrypoint.sh
new file mode 100755
index 0000000..37acf30
--- /dev/null
+++ b/docker/sympa/entrypoint.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Populate volume
+if [ -z "$(ls /etc/sympa/)" ]; then
+	cp -pr /etc/sympa.sample/* /etc/sympa/
+fi
+
+# Replace configurations by env
+conf_file=/etc/sympa/sympa/sympa.conf
+for var in $(env | grep '^SYMPA'); do
+	config=$(echo $var | sed 's/^SYMPA_\([^=]*\).*/\L\1/')
+	value=$(echo $var | sed 's/^[^=]*=\(.*\)/\1/')
+	sed -i -e "s#^$config\t.*#$config\t$value#" $conf_file
+	if [ -z "$(grep "^$config" $conf_file)" ];
+	then
+		echo -e "$config\t$value" >> $conf_file
+	fi
+done
+
+cp /opt/sympa_run.sh /etc/sympa/run.sh
+chmod +x  /etc/sympa/run.sh
+# Fix permissions
+chown -R sympa:sympa /etc/sympa/
+
+/bin/mkdir -p /run/sympa
+/bin/chown sympa:sympa /run/sympa
+
+# Launch services
+syslogd
+
+# So that Postfix can connect into us to deliver e-mail to mailing lists. /etc/sympa/shared is a
+# volume shared with the Postfix container which contains the SSH key that container should use
+# when connecting to this container.
+mkdir -p /etc/sympa/shared
+# If SSH keys do not exist, create them.
+if [ ! -e /etc/sympa/shared/id_rsa ]; then
+	ssh-keygen -t rsa -f /etc/sympa/shared/id_rsa -N ''
+fi
+
+rm -f /etc/sympa/shared/known_hosts
+echo -n 'sympa ' > /etc/sympa/shared/known_hosts
+cat /etc/ssh/ssh_host_rsa_key.pub >> /etc/sympa/shared/known_hosts
+# Allow sympa user to ssh
+usermod -s /bin/sh sympa
+
+mkdir -p /var/lib/sympa/.ssh
+echo -n 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/etc/sympa/run.sh" ' > /var/lib/sympa/.ssh/authorized_keys
+cat /etc/sympa/shared/id_rsa.pub >> /var/lib/sympa/.ssh/authorized_keys
+
+# Remove any stale config binaries.
+rm -f /etc/sympa/*/*.bin
+
+sudo -u sympa /usr/lib/sympa/bin/sympa_automatic.pl --foreground 2>&1 &
+sudo -u sympa /usr/lib/sympa/bin/sympa_msg.pl
+/usr/bin/sympa --health_check
+mkdir -p /var/run/sshd
+/usr/sbin/sshd -D -e &
+exec apache2ctl -DFOREGROUND
-- 
GitLab