Move all directories per theme

services/fetchmail/Dockerfile

@@ -0,0 +1,7 @@
+FROM python:alpine
+
+RUN apk add --no-cache fetchmail ca-certificates
+
+COPY fetchmail.py /fetchmail.py
+
+CMD ["/fetchmail.py"]

services/fetchmail/fetchmail.py

@@ -0,0 +1,92 @@
+#!/usr/bin/env python
+
+import sqlite3
+import time
+import os
+import tempfile
+import shlex
+import subprocess
+
+
+FETCHMAIL = """
+fetchmail -N \
+    --sslcertck --sslcertpath /etc/ssl/certs \
+    -f {}
+"""
+
+RC_LINE = """
+poll "{host}" proto {protocol}  port {port}
+    user "{username}" password "{password}"
+    is "{user_email}"
+    smtphost "smtp"
+    {options}
+    sslproto 'AUTO'
+"""
+
+
+def escape_rc_string(arg):
+    return arg.replace("\\", "\\\\").replace('"', '\\"')
+
+
+def fetchmail(fetchmailrc):
+    with tempfile.NamedTemporaryFile() as handler:
+        handler.write(fetchmailrc.encode("utf8"))
+        handler.flush()
+        command = FETCHMAIL.format(shlex.quote(handler.name))
+        output = subprocess.check_output(command, shell=True)
+        return output
+
+
+def run(connection, cursor, debug):
+    cursor.execute("""
+        SELECT user_email, protocol, host, port, tls, username, password, keep
+        FROM fetch
+    """)
+    for line in cursor.fetchall():
+        fetchmailrc = ""
+        user_email, protocol, host, port, tls, username, password, keep = line
+        options = "options antispam 501, 504, 550, 553, 554"
+        options += " ssl" if tls else ""
+        options += " keep" if keep else " fetchall"
+        fetchmailrc += RC_LINE.format(
+            user_email=escape_rc_string(user_email),
+            protocol=protocol,
+            host=escape_rc_string(host),
+            port=port,
+            username=escape_rc_string(username),
+            password=escape_rc_string(password),
+            options=options
+        )
+        if debug:
+            print(fetchmailrc)
+        try:
+            print(fetchmail(fetchmailrc))
+            error_message = ""
+        except subprocess.CalledProcessError as error:
+            error_message = error.output.decode("utf8")
+            # No mail is not an error
+            if not error_message.startswith("fetchmail: No mail"):
+                print(error_message)
+            user_info = "for %s at %s" % (user_email, host)
+            # Number of messages seen is not a error as well
+            if ("messages" in error_message and
+                    "(seen " in error_message and
+                    user_info in error_message):
+                print(error_message)
+        finally:
+            cursor.execute("""
+                UPDATE fetch SET error=?, last_check=datetime('now')
+                WHERE user_email=?
+            """, (error_message.split("\n")[0], user_email))
+            connection.commit()
+
+
+if __name__ == "__main__":
+    debug = os.environ.get("DEBUG", None) == "True"
+    db_path = os.environ.get("DB_PATH", "/data/main.db")
+    connection = sqlite3.connect(db_path)
+    while True:
+        cursor = connection.cursor()
+        run(connection, cursor, debug)
+        cursor.close()
+        time.sleep(int(os.environ.get("FETCHMAIL_DELAY", 60)))

services/rmilter/Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:edge
+
+RUN echo "@testing http://nl.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
+ && apk add --no-cache rmilter@testing rsyslog bash
+
+COPY rmilter.conf /etc/rmilter.conf
+COPY rmilter-clamav.conf /etc/rmilter-clamav.conf
+COPY rsyslog.conf /etc/rsyslog.conf
+
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]

services/rmilter/rmilter-clamav.conf

@@ -0,0 +1,18 @@
+clamav {
+	# servers - clamav socket definitions in format:
+	servers = antivirus:3310;
+	# connect_timeout - timeout in miliseconds for connecting to clamav
+	connect_timeout = 1s;
+	# port_timeout - timeout in miliseconds for waiting for clamav port response
+	port_timeout = 4s;
+	# results_timeout - timeout in miliseconds for waiting for clamav response
+	results_timeout = 20s;
+	# error_time - time in seconds during which we are counting errors
+	error_time = 10;
+	# dead_time - time in seconds during which we are thinking that server is down
+	dead_time = 300;
+	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
+	# Default: 10
+	maxerrors = 10;
+};
+

services/rmilter/rmilter.conf

@@ -0,0 +1,113 @@
+# pidfile - path to pid file
+pidfile = /run/rmilter.pid;
+
+# bind_socket - socket credits for local bind:
+bind_socket = inet:9900
+
+# tempdir - path to directory that contains temporary files
+tempdir = /tmp;
+
+# tempfiles_mode - set permission for temp files
+tempfiles_mode = 00600;
+
+# max_size - maximum size of scanned mail with clamav and dcc
+max_size = 10M;
+
+# strict_auth - strict checks for mails from authenticated senders
+strict_auth = no;
+
+# use_dcc - whether use or not dcc system
+use_dcc = no;
+use_redis = yes;
+
+spamd {
+	# servers - spamd socket definitions in format:
+	servers = r:antispam:11333;
+	# connect_timeout - timeout in milliseconds for connecting to spamd
+	connect_timeout = 1s;
+	# results_timeout - timeout in milliseconds for waiting for spamd response
+	results_timeout = 20s;
+	# error_time - time in seconds during which we are counting errors
+	error_time = 10;
+	# dead_time - time in seconds during which we are thinking that server is down
+	dead_time = 300;
+	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
+	maxerrors = 10;
+	# reject_message - reject message for spam
+	reject_message = "Spam message rejected; If this is not spam contact abuse";
+	# whitelist - list of ips or nets that should be not checked with spamd
+	whitelist = 127.0.0.1/32, [::1]/128, {{ WHITELIST }};
+	# rspamd_metric - metric for using with rspamd
+	rspamd_metric = "default";
+  # Do not reject, add header
+  spamd_never_reject = yes;
+	# Add extended spam headers
+	extended_spam_headers = yes;
+};
+
+redis {
+	# servers_grey - redis servers for greylisting in format:
+	servers_grey = redis:6379;
+	# servers_white - redis servers for whitelisting in format similar to that is used
+	servers_white = redis:6379;
+	# servers_limits - redis servers used for limits storing, can not be mirrored
+	servers_limits = redis:6379;
+	# servers_id - redis servers used for message id storing, can not be mirrored
+	servers_id = redis:6379;
+	# id_prefix - prefix for extracting message ids from redis
+	id_prefix = "message_id.";
+	# grey_prefix - prefix for extracting greylisted records from redis
+	grey_prefix = "grey.";
+	# id_prefix - prefix for extracting whitelisted records from redis
+	white_prefix = "white.";
+	# connect_timeout - timeout in miliseconds for waiting for redis
+	connect_timeout = 1s;
+	# error_time - time in seconds during which we are counting errors
+	error_time = 10;
+	# dead_time - time in seconds during which we are thinking that server is down
+	dead_time = 300;
+	# maxerrors - maximum number of errors that can occur during error_time to make us thinking that
+	maxerrors = 10;
+};
+
+# limits section
+limits {
+	# Whitelisted ip or networks
+	limit_whitelist = 127.0.0.1, [::1]/128, {{ WHITELIST }};
+	# Whitelisted recipients
+	limit_whitelist_rcpt =  postmaster, mailer-daemon;
+	# Addrs for bounce checks
+	limit_bounce_addrs = postmaster, mailer-daemon, symantec_antivirus_for_smtp_gateways, <>, null, fetchmail-daemon;
+	# Limit for bounce mail
+	limit_bounce_to = 5:0.000277778;
+	# Limit for bounce mail per one source ip
+	limit_bounce_to_ip = 5:0.000277778;
+	# Limit for all mail per recipient
+	limit_to = 20:0.016666667;
+	# Limit for all mail per one source ip
+	limit_to_ip = 30:0.025;
+	# Limit for all mail per one source ip and from address
+	limit_to_ip_from = 100:0.033333333;
+};
+
+
+greylisting {
+	timeout = 300s;
+	expire = 3d;
+	whitelist = 127.0.0.1, [::1]/128, {{ WHITELIST }};
+};
+
+dkim {
+	domain {
+		key = /dkim;
+    domain = "*";
+    selector = "dkim";
+	};
+  header_canon = relaxed;
+  body_canon = relaxed;
+  sign_alg = sha256;
+  auth_only = yes;
+  sign_networks = 127.0.0.1, [::1]/128, {{ WHITELIST }};
+};
+
+.try_include /overrides/rmilter.conf

services/rmilter/rsyslog.conf

@@ -0,0 +1,4 @@
+$ModLoad imuxsock
+$template noTimestampFormat,"%syslogtag%%msg%\n"
+$ActionFileDefaultTemplate noTimestampFormat
+*.*;auth,authpriv.none /dev/stdout

services/rmilter/start.sh

@@ -0,0 +1,16 @@
+#!/bin/bash
+
+export WHITELIST=$(echo "$RELAYNETS" | sed 's/ /,/g')
+
+# Substitute configuration
+for VARIABLE in `env | cut -f1 -d=`; do
+  sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /etc/rmilter.conf
+done
+
+rm -f /var/run/rsyslogd.pid
+if [ "$ANTIVIRUS" == "clamav" ];
+then
+	echo ".try_include /etc/rmilter-clamav.conf" >>  /etc/rmilter.conf
+fi
+rmilter -c /etc/rmilter.conf
+rsyslogd -n

services/rspamd/Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:edge
+
+# We have to upgrade musl, or rspamd will not work.
+RUN echo 'http://dl-cdn.alpinelinux.org/alpine/edge/testing' >> /etc/apk/repositories \
+ && apk add --no-cache rspamd rsyslog ca-certificates
+
+RUN mkdir /run/rspamd
+
+COPY conf/ /etc/rspamd
+COPY start.sh /start.sh
+
+CMD ["/start.sh"]

services/rspamd/conf/worker-controller.conf

@@ -0,0 +1,11 @@
+worker {
+    bind_socket = "*:11334";
+    type = "controller";
+    count = 1;
+    password = "mailu";
+    secure_ip = "127.0.0.1";
+    secure_ip = "::1";
+    static_dir = "${WWWDIR}";
+    .include(try=true; priority=1) "$LOCAL_CONFDIR/local.d/worker-controller.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-controller.inc"
+}

services/rspamd/conf/worker-normal.conf

@@ -0,0 +1,6 @@
+worker {
+    bind_socket = "*:11333";
+    .include "$CONFDIR/worker-normal.inc"
+    .include(try=true; priority=1,duplicate=merge) "$LOCAL_CONFDIR/local.d/worker-normal.inc"
+    .include(try=true; priority=10) "$LOCAL_CONFDIR/override.d/worker-normal.inc"
+}

services/rspamd/start.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+rspamd -i
+tail -f /var/log/rspamd/rspamd.log