feat(dovecot): Add container image for dovecot

c62d7849 · Sheogorath · df408bdd · c62d7849 · c62d7849 · c62d7849
Verified Commit c62d7849 authored 2 years ago by Sheogorath
--- a/images/dovecot/.release
+++ b/images/dovecot/.release
+release=0.1.0
--- a/images/dovecot/Containerfile
+++ b/images/dovecot/Containerfile
+FROM docker.io/library/alpine:3.16.0
+# Update base system
+RUN apk update
+RUN apk add --no-cache ca-certificates
+RUN update-ca-certificates
+# Disable Dovecot TLS during installation to prevent key from being pregenerated
+RUN mkdir -p /etc/dovecot && echo "ssl = no" > /etc/dovecot/local.conf
+# Install all alpine dovecot packages (except documentation and development files)
+RUN apk add --no-cache \
+	dovecot \
+	dovecot-pigeonhole-plugin \
+	dovecot-lmtpd
+COPY config/dovecot.conf /etc/dovecot/
+ENV USER=vmail
+ENV UID=5000
+ENV GID=5000
+RUN addgroup --gid "$GID" "$USER" \
+    && adduser \
+    --disabled-password \
+    --gecos "" \
+    --home "$(pwd)" \
+    --ingroup "$USER" \
+    --no-create-home \
+    --uid "$UID" \
+    "$USER"
+VOLUME /srv/mail
+#    24: LMTP
+#   110: POP3 (StartTLS)
+#   143: IMAP4 (StartTLS)
+#   993: IMAP (SSL, deprecated)
+#   995: POP3 (SSL, deprecated)
+#  4190: ManageSieve (StartTLS)
+#  9090: Metrics (Prometheus compatible)
+# 12345: SASL Auth (for Postfix)
+EXPOSE 24 110 143 993 995 4190 12345
+ENTRYPOINT ["/usr/sbin/dovecot", "-F"]
--- a/images/dovecot/Makefile
+++ b/images/dovecot/Makefile
+include ../.utils/container-build.mk
+include ../../utils/help.mk
--- a/images/dovecot/README.md
+++ b/images/dovecot/README.md
+dovecot
+===
+Simple dovecot container, build with the intend to be used in combination with Kubernetes. This means the image on its own might not be useful. It doesn't come with external database backend.
+Expectations
+---
+This container image expects some paths to be in place:
+|Path | Usage |
+|-----|-------|
+|`/srv/mail/mailboxes/`|Storage for recieved emails|
+|`/srv/passdb/`|Password database storage using `passwd` backend|
+|`/srv/tls/`|TLS key and certificate used for TLS enabled services|
+References
+---
+This image is heavily inspired by https://github.com/mum-project/docker-images/tree/master/postfix
--- a/images/dovecot/config/dovecot.conf
+++ b/images/dovecot/config/dovecot.conf
+auth_mechanisms = plain login
+disable_plaintext_auth = no
+info_log_path = /dev/stdout
+log_path = /dev/stderr
+## Mailbox location
+mail_gid = vmail
+mail_home = /srv/mail/mailboxes/%d/%n
+mail_location = maildir:~/mail:LAYOUT=fs
+mail_privileged_group = vmail
+mail_uid = vmail
+## Sieve
+managesieve_notify_capability = mailto
+managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
+## Inbox
+namespace inbox {
+  inbox = yes
+  location =
+  mailbox Drafts {
+    auto = subscribe
+    special_use = \Drafts
+  }
+  mailbox Sent {
+    auto = subscribe
+    special_use = \Sent
+  }
+  mailbox Spam {
+    auto = subscribe
+    special_use = \Junk
+  }
+  mailbox Trash {
+    auto = subscribe
+    special_use = \Trash
+  }
+  prefix =
+}
+## Authentication
+passdb {
+  args = scheme=ARGON2ID /srv/passdb/passwd
+  driver = passwd-file
+}
+## Plugins
+plugin {
+  imapsieve_mailbox1_before = file:/srv/mail/sieve/global/learn-spam.sieve
+  imapsieve_mailbox1_causes = COPY
+  imapsieve_mailbox1_name = Spam
+  imapsieve_mailbox2_before = file:/srv/mail/sieve/global/learn-ham.sieve
+  imapsieve_mailbox2_causes = COPY
+  imapsieve_mailbox2_from = Spam
+  imapsieve_mailbox2_name = *
+  quota = maildir:User quota
+  quota_exceeded_message = User %u has exhausted allowed storage space.
+  sieve = file:/srv/mail/sieve/%d/%n/scripts;active=/srv/mail/sieve/%d/%n/active-script.sieve
+  sieve_before = /srv/mail/sieve/global/spam-global.sieve
+  sieve_global_extensions = +vnd.dovecot.pipe
+  sieve_pipe_bin_dir = /usr/bin
+  sieve_plugins = sieve_imapsieve sieve_extprograms
+}
+## Services
+protocols = imap lmtp sieve
+service auth {
+  inet_listener {
+    port = 12345
+  }
+  vsz_limit = 2 G
+}
+service imap-login {
+  inet_listener imap {
+    port = 143
+  }
+}
+service lmtp {
+  inet_listener lmtp {
+    port = 24
+  }
+}
+service managesieve-login {
+  inet_listener sieve {
+    port = 4190
+  }
+}
+service stats {
+  inet_listener http {
+    port = 9090
+  }
+}
+## TLS
+ssl = required
+ssl_cert = </srv/tls/tls.crt
+ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
+ssl_key = </srv/tls/tls.key
+ssl_prefer_server_ciphers = yes
+## Users
+userdb {
+  args = uid=5000 gid=5000 home=/srv/mail/mailboxes/%d/%n allow_all_users=yes
+  driver = static
+}
+verbose_proctitle = yes
+## Protocols
+protocol imap {
+  imap_idle_notify_interval = 29 mins
+  mail_max_userip_connections = 20
+  mail_plugins = " quota imap_quota imap_sieve"
+}
+protocol lmtp {
+  mail_plugins = " sieve"
+  postmaster_address = postmaster@mysystems.tld
+}