From c62d78497ccfb9beb73ac0f996bfdc9f7d2de22c Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 25 May 2022 01:51:51 +0200
Subject: [PATCH] feat(dovecot): Add container image for dovecot

---
 images/dovecot/.release            |   1 +
 images/dovecot/Containerfile       |  45 +++++++++++
 images/dovecot/Makefile            |   2 +
 images/dovecot/README.md           |  20 +++++
 images/dovecot/config/dovecot.conf | 126 +++++++++++++++++++++++++++++
 5 files changed, 194 insertions(+)
 create mode 100644 images/dovecot/.release
 create mode 100644 images/dovecot/Containerfile
 create mode 100644 images/dovecot/Makefile
 create mode 100644 images/dovecot/README.md
 create mode 100644 images/dovecot/config/dovecot.conf

diff --git a/images/dovecot/.release b/images/dovecot/.release
new file mode 100644
index 000000000..85f180f38
--- /dev/null
+++ b/images/dovecot/.release
@@ -0,0 +1 @@
+release=0.1.0
diff --git a/images/dovecot/Containerfile b/images/dovecot/Containerfile
new file mode 100644
index 000000000..3dc9c8e4a
--- /dev/null
+++ b/images/dovecot/Containerfile
@@ -0,0 +1,45 @@
+FROM docker.io/library/alpine:3.16.0
+
+# Update base system
+RUN apk update
+RUN apk add --no-cache ca-certificates
+RUN update-ca-certificates
+
+# Disable Dovecot TLS during installation to prevent key from being pregenerated
+RUN mkdir -p /etc/dovecot && echo "ssl = no" > /etc/dovecot/local.conf
+
+# Install all alpine dovecot packages (except documentation and development files)
+RUN apk add --no-cache \
+	dovecot \
+	dovecot-pigeonhole-plugin \
+	dovecot-lmtpd
+
+COPY config/dovecot.conf /etc/dovecot/
+
+ENV USER=vmail
+ENV UID=5000
+ENV GID=5000
+
+RUN addgroup --gid "$GID" "$USER" \
+    && adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "$(pwd)" \
+    --ingroup "$USER" \
+    --no-create-home \
+    --uid "$UID" \
+    "$USER"
+
+VOLUME /srv/mail
+
+#    24: LMTP
+#   110: POP3 (StartTLS)
+#   143: IMAP4 (StartTLS)
+#   993: IMAP (SSL, deprecated)
+#   995: POP3 (SSL, deprecated)
+#  4190: ManageSieve (StartTLS)
+#  9090: Metrics (Prometheus compatible)
+# 12345: SASL Auth (for Postfix)
+EXPOSE 24 110 143 993 995 4190 12345
+
+ENTRYPOINT ["/usr/sbin/dovecot", "-F"]
diff --git a/images/dovecot/Makefile b/images/dovecot/Makefile
new file mode 100644
index 000000000..d433bc8ba
--- /dev/null
+++ b/images/dovecot/Makefile
@@ -0,0 +1,2 @@
+include ../.utils/container-build.mk
+include ../../utils/help.mk
diff --git a/images/dovecot/README.md b/images/dovecot/README.md
new file mode 100644
index 000000000..bcc8cad94
--- /dev/null
+++ b/images/dovecot/README.md
@@ -0,0 +1,20 @@
+dovecot
+===
+
+Simple dovecot container, build with the intend to be used in combination with Kubernetes. This means the image on its own might not be useful. It doesn't come with external database backend.
+
+Expectations
+---
+
+This container image expects some paths to be in place:
+
+|Path | Usage |
+|-----|-------|
+|`/srv/mail/mailboxes/`|Storage for recieved emails|
+|`/srv/passdb/`|Password database storage using `passwd` backend|
+|`/srv/tls/`|TLS key and certificate used for TLS enabled services|
+
+References
+---
+
+This image is heavily inspired by https://github.com/mum-project/docker-images/tree/master/postfix
diff --git a/images/dovecot/config/dovecot.conf b/images/dovecot/config/dovecot.conf
new file mode 100644
index 000000000..2a2bf3208
--- /dev/null
+++ b/images/dovecot/config/dovecot.conf
@@ -0,0 +1,126 @@
+auth_mechanisms = plain login
+disable_plaintext_auth = no
+info_log_path = /dev/stdout
+log_path = /dev/stderr
+
+## Mailbox location
+
+mail_gid = vmail
+mail_home = /srv/mail/mailboxes/%d/%n
+mail_location = maildir:~/mail:LAYOUT=fs
+mail_privileged_group = vmail
+mail_uid = vmail
+
+## Sieve
+
+managesieve_notify_capability = mailto
+managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
+
+## Inbox
+
+namespace inbox {
+  inbox = yes
+  location =
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+  mailbox Sent {
+    auto = subscribe
+    special_use = \Sent
+  }
+  mailbox Spam {
+    auto = subscribe
+    special_use = \Junk
+  }
+  mailbox Trash {
+    auto = subscribe
+    special_use = \Trash
+  }
+  prefix =
+}
+
+## Authentication
+
+passdb {
+  args = scheme=ARGON2ID /srv/passdb/passwd
+  driver = passwd-file
+}
+
+## Plugins
+
+plugin {
+  imapsieve_mailbox1_before = file:/srv/mail/sieve/global/learn-spam.sieve
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_name = Spam
+  imapsieve_mailbox2_before = file:/srv/mail/sieve/global/learn-ham.sieve
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_from = Spam
+  imapsieve_mailbox2_name = *
+  quota = maildir:User quota
+  quota_exceeded_message = User %u has exhausted allowed storage space.
+  sieve = file:/srv/mail/sieve/%d/%n/scripts;active=/srv/mail/sieve/%d/%n/active-script.sieve
+  sieve_before = /srv/mail/sieve/global/spam-global.sieve
+  sieve_global_extensions = +vnd.dovecot.pipe
+  sieve_pipe_bin_dir = /usr/bin
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+}
+
+## Services
+
+protocols = imap lmtp sieve
+service auth {
+  inet_listener {
+    port = 12345
+  }
+  vsz_limit = 2 G
+}
+service imap-login {
+  inet_listener imap {
+    port = 143
+  }
+}
+service lmtp {
+  inet_listener lmtp {
+    port = 24
+  }
+}
+service managesieve-login {
+  inet_listener sieve {
+    port = 4190
+  }
+}
+service stats {
+  inet_listener http {
+    port = 9090
+  }
+}
+
+## TLS
+
+ssl = required
+ssl_cert = </srv/tls/tls.crt
+ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
+ssl_key = </srv/tls/tls.key
+ssl_prefer_server_ciphers = yes
+
+## Users
+
+userdb {
+  args = uid=5000 gid=5000 home=/srv/mail/mailboxes/%d/%n allow_all_users=yes
+  driver = static
+}
+
+verbose_proctitle = yes
+
+## Protocols
+
+protocol imap {
+  imap_idle_notify_interval = 29 mins
+  mail_max_userip_connections = 20
+  mail_plugins = " quota imap_quota imap_sieve"
+}
+protocol lmtp {
+  mail_plugins = " sieve"
+  postmaster_address = postmaster@mysystems.tld
+}
-- 
GitLab