From 273565d75d693bb15e5312b9ca237b56bcd29cc6 Mon Sep 17 00:00:00 2001
From: ppom <picasoft@ppom.me>
Date: Sun, 21 Apr 2024 19:35:22 +0200
Subject: [PATCH] =?UTF-8?q?MTA:=20Gros=20refactor:=20passage=20=C3=A0=20su?=
=?UTF-8?q?pervisord=20pour=20lancer=20les=20processus?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
- On n'utilise plus les mécanismes de init.d
- On lance tout directement avec supervisord
- On arrête de lancer des services dans config.sh
- On log sur stdout et ça part dans loki
work-in-progress: Rien n'est testé pour l'instant
avec @r01 && @rdelaage
---
docker-compose.yml | 1 +
pica-mail-mta/CHANGELOG.md | 20 ----
pica-mail-mta/Dockerfile | 31 +++---
pica-mail-mta/config.sh | 66 +++++--------
pica-mail-mta/entrypoint.sh | 5 +-
pica-mail-mta/etc/opendkim.conf | 23 +++++
pica-mail-mta/etc/opendmarc.conf | 10 ++
.../{spam => etc/opendmarc}/ignore.hosts | 0
pica-mail-mta/etc/pica-mail-supervisord.conf | 42 ++++++++
pica-mail-mta/etc/postfix/master.cf | 36 +++++++
pica-mail-mta/saslauthd-postfix | 25 -----
pica-mail-mta/spam/opendkim | 22 -----
pica-mail-mta/spam/opendkim.conf | 98 -------------------
pica-mail-mta/spam/opendmarc | 22 -----
pica-mail-mta/spam/opendmarc.conf | 93 ------------------
.../local_mailbox_ldap_sasl/Dockerfile | 0
.../local_mailbox_ldap_sasl/README.md | 0
.../local_mailbox_ldap_sasl/entrypoint2.sh | 0
.../local_mailbox_ldap_sasl/local_users | 0
.../local_mailbox_ldap_sasl/saslauthd-postfix | 0
.../local_mailbox_unix_sasl/Dockerfile | 0
.../local_mailbox_unix_sasl/README.md | 0
.../local_mailbox_unix_sasl/entrypoint2.sh | 0
.../local_mailbox_unix_sasl/local_users | 0
.../local_mailbox_unix_sasl/saslauthd-postfix | 0
.../{ => tests}/minimal-postfix/Dockerfile | 0
.../{ => tests}/sasl-test/Dockerfile | 0
pica-mail-mta/{ => tests}/sasl-test/README.md | 0
.../{ => tests}/sasl-test/entrypoint2.sh | 0
.../sasl-test/ldap-virtual-mailbox-maps | 0
.../{ => tests}/sasl-test/saslauthd-postfix | 0
.../test-auth_local_user/Dockerfile | 0
.../test-auth_local_user/README.md | 0
.../test-auth_local_user/entrypoint2.sh | 0
.../test-auth_local_user/local_users | 0
35 files changed, 156 insertions(+), 338 deletions(-)
delete mode 100644 pica-mail-mta/CHANGELOG.md
create mode 100644 pica-mail-mta/etc/opendkim.conf
create mode 100644 pica-mail-mta/etc/opendmarc.conf
rename pica-mail-mta/{spam => etc/opendmarc}/ignore.hosts (100%)
create mode 100644 pica-mail-mta/etc/pica-mail-supervisord.conf
create mode 100644 pica-mail-mta/etc/postfix/master.cf
delete mode 100644 pica-mail-mta/saslauthd-postfix
delete mode 100644 pica-mail-mta/spam/opendkim
delete mode 100644 pica-mail-mta/spam/opendkim.conf
delete mode 100644 pica-mail-mta/spam/opendmarc
delete mode 100644 pica-mail-mta/spam/opendmarc.conf
rename pica-mail-mta/{ => tests}/local_mailbox_ldap_sasl/Dockerfile (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_ldap_sasl/README.md (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_ldap_sasl/entrypoint2.sh (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_ldap_sasl/local_users (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_ldap_sasl/saslauthd-postfix (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_unix_sasl/Dockerfile (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_unix_sasl/README.md (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_unix_sasl/entrypoint2.sh (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_unix_sasl/local_users (100%)
rename pica-mail-mta/{ => tests}/local_mailbox_unix_sasl/saslauthd-postfix (100%)
rename pica-mail-mta/{ => tests}/minimal-postfix/Dockerfile (100%)
rename pica-mail-mta/{ => tests}/sasl-test/Dockerfile (100%)
rename pica-mail-mta/{ => tests}/sasl-test/README.md (100%)
rename pica-mail-mta/{ => tests}/sasl-test/entrypoint2.sh (100%)
rename pica-mail-mta/{ => tests}/sasl-test/ldap-virtual-mailbox-maps (100%)
rename pica-mail-mta/{ => tests}/sasl-test/saslauthd-postfix (100%)
rename pica-mail-mta/{ => tests}/test-auth_local_user/Dockerfile (100%)
rename pica-mail-mta/{ => tests}/test-auth_local_user/README.md (100%)
rename pica-mail-mta/{ => tests}/test-auth_local_user/entrypoint2.sh (100%)
rename pica-mail-mta/{ => tests}/test-auth_local_user/local_users (100%)
diff --git a/docker-compose.yml b/docker-compose.yml
index 2e7b4e9..a631671 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -94,6 +94,7 @@ services:
# Préfixe DKIM, utilise pour identifier la clef
DKIM_SELECTOR: mar24
labels:
+ loki.keep-logs: true
traefik.http.routers.pica-mail-mta.rule: Host(`mail.picasoft.net`)
traefik.enable: true
tls-certs-monitor.enable: true
diff --git a/pica-mail-mta/CHANGELOG.md b/pica-mail-mta/CHANGELOG.md
deleted file mode 100644
index 99c57f6..0000000
--- a/pica-mail-mta/CHANGELOG.md
+++ /dev/null
@@ -1,20 +0,0 @@
-# v1.0.3
-
-- Re-open port 25 for incoming mails
-- Move away ENV from Dockerfile (better to have only one self-documented place, ie Compose)
-- Remove `smtps` service from `master.cf` as it is obsolete and not mapped to any host port
-- Remove `virtual_minimum_uid` already set to the default and does not seem useful without `virtual_uid_maps`
-- Remove unused files (old private key, old rsyslog config)
-- Try to clarify some comments (not sure they are tho)
-- Fix syntax for milter filters (from Romain's hotfix on monitoring)
-# v1.0.2
-
-Support for LDAPS
-
-# v1.0.1
-
-Update path for certificates, use environment variables for flexibilibity
-
-# v1.0
-
-Version initiale
diff --git a/pica-mail-mta/Dockerfile b/pica-mail-mta/Dockerfile
index a36bb29..840334c 100644
--- a/pica-mail-mta/Dockerfile
+++ b/pica-mail-mta/Dockerfile
@@ -6,23 +6,24 @@ ENV DEBIAN_FRONTEND noninteractive
RUN apt-get update -y \
&& apt-get install -y \
- less pflogsumm postfix postfix-ldap libsasl2-modules sasl2-bin opendkim opendkim-tools rsyslog opendmarc ca-certificates procps \
+ ca-certificates \
+ less \
+ libsasl2-modules \
+ opendkim \
+ opendkim-tools \
+ opendmarc \
+ pflogsumm \
+ postfix \
+ postfix-ldap \
+ procps \
+ sasl2-bin \
+ supervisor \
&& rm -rf /var/lib/apt/lists/*
-# Copy DKIM and DMARC conf
-COPY spam/opendkim.conf /etc/
-COPY spam/opendmarc.conf /etc/
-COPY spam/opendkim /etc/default/opendkim
-COPY spam/opendmarc /etc/default/opendmarc
-RUN mkdir /etc/opendmarc
-COPY --chown=opendmarc:opendmarc spam/ignore.hosts /etc/opendmarc/ignore.hosts
+# Merge local etc with container etc
+COPY --chown=root:root etc/ /etc/
-# Copy authentication daemon configuration
-COPY saslauthd-postfix /etc/default/
-
-# Copy scripts for building configuration at startup
-COPY opendkim-tables.sh /
-COPY config.sh /
-COPY entrypoint.sh /
+COPY entrypoint.sh config.sh opendkim-tables.sh /
ENTRYPOINT ["/entrypoint.sh"]
+CMD ["supervisord", "-n", "-c", "/etc/pica-mail-supervisord.conf"]
diff --git a/pica-mail-mta/config.sh b/pica-mail-mta/config.sh
index 18dcd28..70387b3 100755
--- a/pica-mail-mta/config.sh
+++ b/pica-mail-mta/config.sh
@@ -1,5 +1,7 @@
#!/bin/bash
+set -e -o pipefail
+
# postconf permet de modifier /etc/postfix/main.cf
# 1. Identité
@@ -26,6 +28,7 @@ postconf -e "smtpd_sender_login_maps = ldap:/etc/postfix/ldap-virtual-mailbox-ma
# (avec la requête LDAP_VIRTUAL_MAILBOX_FILTER),
# on récupère son UID pour remplir la table (ce qui explique pourquoi
# un utilisateur a le droit de n'envoyer que pour lui même)
+umask 037
cat <<EOF >> /etc/postfix/ldap-virtual-mailbox-maps
server_host = ${LDAP_PROTOCOL}://${LDAP_SERVER_HOSTNAME}:${LDAP_PORT}
search_base = ${LDAP_SEARCH_BASE}
@@ -38,6 +41,7 @@ result_attribute = uid
# Section LDAP SSL AND STARTTLS PARAMETERS
version = 3
EOF
+chown root:postfix /etc/postfix/ldap-virtual-mailbox-maps
# On fait confiance à l'hôte local, utile pour faire du debug
postconf -e "mynetworks = 127.0.0.0/8"
@@ -73,9 +77,7 @@ pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
EOF
# Fichiers de config et socket utilisés par le démon de saslauthd créé pour postfix (voir fichier copié dans le Dockerfile)
-dpkg-statoverride --add root sasl 710 /var/spool/postfix/var/run/saslauthd
adduser postfix sasl
-service saslauthd restart
# Activation du SASL
postconf -e 'smtpd_sasl_local_domain = '
postconf -e 'smtpd_sasl_auth_enable = yes'
@@ -84,14 +86,9 @@ postconf -e 'smtpd_tls_auth_only = yes'
# Autorise l'auth depuis des clients connus comme obsolètes/non standard (outlook) mais ne présentant pas de faille de sécurité
postconf -e 'broken_sasl_auth_clients = yes'
-# Indique que la source des utilisateurs SASL est un serveur LDAP
-cat <<EOF >> /etc/default/saslauthd-postfix
-MECHANISMS="ldap"
-MECH_OPTIONS=""
-EOF
-# On enlève le démon saslauthd par défaut de debian (nous utilisons le fichier saslauthd-postfix)
-rm /etc/default/saslauthd
# Configuration de ce serveur LDAP
+groupadd saslauthd
+adduser --system --no-create-home --ingroup saslauthd saslauthd
cat <<EOF >> /etc/saslauthd.conf
ldap_servers: ${LDAP_PROTOCOL}://${LDAP_SERVER_HOSTNAME}:${LDAP_PORT}
ldap_bind_dn: ${LDAP_BIND_DN}
@@ -99,9 +96,7 @@ ldap_bind_pw: ${LDAP_BIND_PW}
ldap_search_base: ${LDAP_SEARCH_BASE}
ldap_filter: ${LDAP_SASL_FILTER}
EOF
-# Prise en compte de la config SASL
-service saslauthd restart
-service postfix restart
+chown root:saslauthd /etc/saslauthd.conf
# 5. Configuration DMARC
cat <<EOF >> /etc/opendmarc.conf
@@ -117,53 +112,46 @@ EOF
/opendkim-tables.sh
postconf -e "milter_default_action = accept"
postconf -e "milter_protocol = 6"
-postconf -e "smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock"
-postconf -e "non_smtpd_milters = unix:/opendkim/opendkim.sock, unix:/opendmarc/opendmarc.sock"
+postconf -e "smtpd_milters = unix:/var/run/opendkim/opendkim.sock, unix:/var/run/opendmarc/opendmarc.sock"
+postconf -e "non_smtpd_milters = unix:/var/run/opendkim/opendkim.sock, unix:/var/run/opendmarc/opendmarc.sock"
# 7. Répertoires pour les sockets et permissions en général
-chown -R postfix /var/spool/postfix
-mkdir /var/spool/postfix/opendkim
-mkdir /var/spool/postfix/opendmarc
-chown -R opendmarc:opendmarc /etc/opendmarc
-chown -R opendkim:opendkim /etc/opendkim.conf /etc/dkimkeys
-chown opendmarc:opendmarc /etc/opendmarc.conf
-chown opendkim:postfix /var/spool/postfix/opendkim
-chown opendmarc:postfix /var/spool/postfix/opendmarc
+
+# add users to groups
+adduser postfix opendkim
+adduser postfix opendmarc
+adduser opendmarc postdrop
+
+mkdir /var/run/postfix
+postconf -e "queue_directory=/var/run/postfix"
+
+chown postfix:postfix /var/run/postfix
+chown opendkim:opendkim /etc/dkimkeys
+chown opendkim:postfix /var/run/opendkim
+chown opendmarc:postfix /var/run/opendmarc
+chown saslauthd:postfix /var/run/saslauthd
+
# Workaround pour un problème de permission
touch /var/log/opendmarc.log
chown opendmarc:opendmarc /var/log/opendmarc.log
-adduser postfix opendkim
-adduser postfix opendmarc
# So that opendmarc can write to maildrop folder
-adduser opendmarc postdrop
+
+# configuration des logs vers stdout
+postconf -e "maillog_file=/dev/stdout"
# 8. Chiffrement
# SSL : récupération des certificats (qui seront utilisés pour la connexion SMTP)
postconf -e "smtpd_tls_cert_file = ${SSL_CERT}"
postconf -e "smtpd_tls_key_file = ${SSL_KEY}"
-# Activation du port 587 (port "submission")
-cat <<EOF >> /etc/postfix/master.cf
-submission inet n - y - - smtpd
-EOF
# Autorise TLS pour des mails entrants et sortants mais n'interdit pas le clair lorsque ce n'est pas disponible
postconf -e "smtp_tls_security_level=may"
postconf -e "smtpd_tls_security_level=may"
-# 9. Logs
-# On garde les fichiers de logs pour les monter dans l'exporter
-chown postfix:postfix /var/log/mail.log
-chown opendmarc:postfix /var/log/opendmarc.log
-
# 10. Socket TCP/IP
# On est obligé d'utiliser ipv4 pour la local delivery car les docker network ne supportent pas iPv6 par défaut
postconf -e "inet_protocols = ipv4"
-postfix reload
-# Il est nécessaire de stopper le démon pour effectivement modifier les sockets TCP/IP (par défaut IPv6)
-service postfix stop
-# Au cas où le démon postfix aurait été lancé indépendamment de systemd
-postfix stop
# 11. Rate limiting : vise à éviter le blacklist tout en gardant une fréquence d'envoi raisonnable
# Abaisse de 20 à 2 le nombre de connexion concurrentes à un même domaine
diff --git a/pica-mail-mta/entrypoint.sh b/pica-mail-mta/entrypoint.sh
index be45acf..306a99e 100755
--- a/pica-mail-mta/entrypoint.sh
+++ b/pica-mail-mta/entrypoint.sh
@@ -1,6 +1,3 @@
#!/bin/bash
/config.sh
-/usr/sbin/rsyslogd -iNONE
-service opendmarc start
-service opendkim start
-/usr/lib/postfix/sbin/master -c /etc/postfix -d 2>&1
+exec "$@"
diff --git a/pica-mail-mta/etc/opendkim.conf b/pica-mail-mta/etc/opendkim.conf
new file mode 100644
index 0000000..b8fed76
--- /dev/null
+++ b/pica-mail-mta/etc/opendkim.conf
@@ -0,0 +1,23 @@
+Syslog false
+UMask 002
+Socket local:/var/run/opendkim/opendkim.sock
+OversignHeaders From
+TrustAnchorFile /usr/share/dns/root.key
+
+# ce qui suit provient de la configuration donnee
+# par : https://www.postfix.io/how-to-configure-opendkim-with-postfix/
+#Map AuthorDomains to RSA keys.
+KeyTable /etc/dkimkeys/rsakeys.table
+SigningTable refile:/etc/dkimkeys/signingdomains.table
+
+# "simple" recommended by DKIMCore
+Canonicalization simple
+
+Mode sv
+SubDomains no
+AutoRestart yes
+AutoRestartRate 10/1M
+Background false
+DNSTimeout 5
+SignatureAlgorithm rsa-sha256
+RequireSafeKeys false
diff --git a/pica-mail-mta/etc/opendmarc.conf b/pica-mail-mta/etc/opendmarc.conf
new file mode 100644
index 0000000..71801ff
--- /dev/null
+++ b/pica-mail-mta/etc/opendmarc.conf
@@ -0,0 +1,10 @@
+#sera généré par conf.sh en fonction des variables d'environnement
+#AuthservID mail.test.picasoft.net
+FailureReports true
+RejectFailures false
+Socket local:/var/run/opendmarc/opendmarc.sock
+Syslog false
+UMask 0002
+PublicSuffixList /usr/share/publicsuffix/
+HistoryFile /var/log/opendmarc.log
+IgnoreHosts /etc/opendmarc/ignore.hosts
diff --git a/pica-mail-mta/spam/ignore.hosts b/pica-mail-mta/etc/opendmarc/ignore.hosts
similarity index 100%
rename from pica-mail-mta/spam/ignore.hosts
rename to pica-mail-mta/etc/opendmarc/ignore.hosts
diff --git a/pica-mail-mta/etc/pica-mail-supervisord.conf b/pica-mail-mta/etc/pica-mail-supervisord.conf
new file mode 100644
index 0000000..4ff620d
--- /dev/null
+++ b/pica-mail-mta/etc/pica-mail-supervisord.conf
@@ -0,0 +1,42 @@
+[supervisord]
+nodaemon=true
+user=root
+
+[program:opendkim]
+command=/usr/sbin/opendkim -x /etc/opendkim.conf
+user=opendkim
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:opendmarc]
+command=/usr/sbin/opendmarc -f -c /etc/opendmarc.conf
+user=opendmarc
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+
+[program:saslauthd]
+command=/usr/sbin/saslauthd -V -d -n 1 -a ldap -m /var/run/saslauthd
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+user=saslauthd
+
+[program:postfix]
+command=postfix start-fg -c /etc/postfix
+autostart=true
+autorestart=unexpected
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
diff --git a/pica-mail-mta/etc/postfix/master.cf b/pica-mail-mta/etc/postfix/master.cf
new file mode 100644
index 0000000..52f01f7
--- /dev/null
+++ b/pica-mail-mta/etc/postfix/master.cf
@@ -0,0 +1,36 @@
+#
+# Postfix master process configuration file. For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# ==========================================================================
+# service type private unpriv chroot wakeup maxproc command + args
+# (yes) (yes) (no) (never) (100)
+# ==========================================================================
+smtp inet n - n - - smtpd
+pickup unix n - n 60 1 pickup
+cleanup unix n - n - 0 cleanup
+qmgr unix n - n 300 1 qmgr
+#qmgr unix n - n 300 1 oqmgr
+tlsmgr unix - - n 1000? 1 tlsmgr
+rewrite unix - - n - - trivial-rewrite
+bounce unix - - n - 0 bounce
+defer unix - - n - 0 bounce
+trace unix - - n - 0 bounce
+verify unix - - n - 1 verify
+flush unix n - n 1000? 0 flush
+proxymap unix - - n - - proxymap
+proxywrite unix - - n - 1 proxymap
+smtp unix - - n - - smtp
+relay unix - - n - - smtp
+showq unix n - n - - showq
+error unix - - n - - error
+retry unix - - n - - error
+discard unix - - n - - discard
+local unix - n n - - local
+virtual unix - n n - - virtual
+lmtp unix - - n - - lmtp
+anvil unix - - n - 1 anvil
+scache unix - - n - 1 scache
+postlog unix-dgram n - n - 1 postlogd
+submission inet n - n - - smtpd
diff --git a/pica-mail-mta/saslauthd-postfix b/pica-mail-mta/saslauthd-postfix
deleted file mode 100644
index 460bb4c..0000000
--- a/pica-mail-mta/saslauthd-postfix
+++ /dev/null
@@ -1,25 +0,0 @@
-# Should saslauthd run automatically on startup? (default: no)
-START=yes
-
-# Description of this saslauthd instance. Recommended.
-# (suggestion: SASL Authentication Daemon)
-DESC="SASL Auth. Daemon for Postfix"
-
-# Short name of this saslauthd instance. Strongly recommended.
-# (suggestion: saslauthd)
-NAME="saslauthd-postf"
-
-# Which authentication mechanisms should saslauthd use? (default: pam)
-# Exemple: MECHANISMS="pam"
-#paramètre par défaut enlevé, il sera inséré lors de l'entrypoint
-
-# Additional options for this mechanism. (default: none)
-# See the saslauthd man page for information about mech-specific options.
-# Exemple: MECH_OPTIONS=""
-
-# How many saslauthd processes should we run? (default: 5)
-# A value of 0 will fork a new process for each connection.
-THREADS=5
-
-# Option -m sets working dir for saslauthd (contains socket)
-OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" # postfix/smtp in chroot()
diff --git a/pica-mail-mta/spam/opendkim b/pica-mail-mta/spam/opendkim
deleted file mode 100644
index c347238..0000000
--- a/pica-mail-mta/spam/opendkim
+++ /dev/null
@@ -1,22 +0,0 @@
-# Command-line options specified here will override the contents of
-# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
-#DAEMON_OPTS=""
-# Change to /var/spool/postfix/var/run/opendkim to use a Unix socket with
-# postfix in a chroot:
-#RUNDIR=/var/spool/postfix/var/run/opendkim
-RUNDIR=/var/spool/postfix/opendkim
-#
-# Uncomment to specify an alternate socket
-# Note that setting this will override any Socket value in opendkim.conf
-# default:
-SOCKET=local:$RUNDIR/opendkim.sock
-# listen on all interfaces on port 54321:
-#SOCKET=inet:54321
-# listen on loopback on port 12345:
-#SOCKET=inet:12345@localhost
-# listen on 192.0.2.1 on port 12345:
-#SOCKET=inet:12345@192.0.2.1
-USER=opendkim
-GROUP=opendkim
-PIDFILE=$RUNDIR/$NAME.pid
-EXTRAAFTER=
diff --git a/pica-mail-mta/spam/opendkim.conf b/pica-mail-mta/spam/opendkim.conf
deleted file mode 100644
index b3f9e09..0000000
--- a/pica-mail-mta/spam/opendkim.conf
+++ /dev/null
@@ -1,98 +0,0 @@
-# This is a basic configuration that can easily be adapted to suit a standard
-# installation. For more advanced options, see opendkim.conf(5) and/or
-# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
-
-# Log to syslog
-Syslog yes
-# Required to use local socket with MTAs that access the socket as a non-
-# privileged user (e.g. Postfix)
-UMask 002
-
-# Sign for example.com with key in /etc/dkimkeys/dkim.key using
-# selector '2007' (e.g. 2007._domainkey.example.com)
-#Domain example.com
-#KeyFile /etc/dkimkeys/dkim.key
-#Selector 2007
-
-# Commonly-used options; the commented-out versions show the defaults.
-#Canonicalization simple
-#Mode sv
-#SubDomains no
-
-# Socket smtp://localhost
-#
-# ## Socket socketspec
-# ##
-# ## Names the socket where this filter should listen for milter connections
-# ## from the MTA. Required. Should be in one of these forms:
-# ##
-# ## inet:port@address to listen on a specific interface
-# ## inet:port to listen on all interfaces
-# ## local:/path/to/socket to listen on a UNIX domain socket
-#
-#Socket inet:8892@localhost
-Socket local:/var/spool/postfix/opendkim/opendkim.sock
-
-## PidFile filename
-### default (none)
-###
-### Name of the file where the filter should write its pid before beginning
-### normal operations.
-#
-PidFile /var/spool/postfix/opendkim/opendkim.pid
-
-
-# Always oversign From (sign using actual From and a null From to prevent
-# malicious signatures header fields (From and/or others) between the signer
-# and the verifier. From is oversigned by default in the Debian pacakge
-# because it is often the identity key used by reputation systems and thus
-# somewhat security sensitive.
-OversignHeaders From
-
-## ResolverConfiguration filename
-## default (none)
-##
-## Specifies a configuration file to be passed to the Unbound library that
-## performs DNS queries applying the DNSSEC protocol. See the Unbound
-## documentation at http://unbound.net for the expected content of this file.
-## The results of using this and the TrustAnchorFile setting at the same
-## time are undefined.
-## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
-## unbound package
-
-# ResolverConfiguration /etc/unbound/unbound.conf
-
-## TrustAnchorFile filename
-## default (none)
-##
-## Specifies a file from which trust anchor data should be read when doing
-## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
-## at http://unbound.net for the expected format of this file.
-
-TrustAnchorFile /usr/share/dns/root.key
-
-## Userid userid
-### default (none)
-###
-### Change to user "userid" before starting normal operation? May include
-### a group ID as well, separated from the userid by a colon.
-#
-UserID opendkim
-
-# ce qui suit provient de la configuration donnee
-# par : https://www.postfix.io/how-to-configure-opendkim-with-postfix/
-#Map AuthorDomains to RSA keys.
-KeyTable /etc/dkimkeys/rsakeys.table
-SigningTable refile:/etc/dkimkeys/signingdomains.table
-
-# "simple" recommended by DKIMCore
-Canonicalization simple
-
-Mode sv
-SubDomains no
-AutoRestart yes
-AutoRestartRate 10/1M
-Background yes
-DNSTimeout 5
-SignatureAlgorithm rsa-sha256
-RequireSafeKeys false
diff --git a/pica-mail-mta/spam/opendmarc b/pica-mail-mta/spam/opendmarc
deleted file mode 100644
index 5f1511e..0000000
--- a/pica-mail-mta/spam/opendmarc
+++ /dev/null
@@ -1,22 +0,0 @@
-# Command-line options specified here will override the contents of
-# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options.
-#DAEMON_OPTS=""
-# Change to /var/spool/postfix/var/run/opendmarc to use a Unix socket with
-# postfix in a chroot:
-#RUNDIR=/var/spool/postfix/var/run/opendmarc
-RUNDIR=/var/spool/postfix/opendmarc
-#
-# Uncomment to specify an alternate socket
-# Note that setting this will override any Socket value in opendkim.conf
-# default:
-SOCKET=local:$RUNDIR/opendmarc.sock
-# listen on all interfaces on port 54321:
-#SOCKET=inet:54321
-# listen on loopback on port 12345:
-#SOCKET=inet:12345@localhost
-# listen on 192.0.2.1 on port 12345:
-#SOCKET=inet:12345@192.0.2.1
-USER=opendmarc
-GROUP=opendmarc
-PIDFILE=$RUNDIR/$NAME.pid
-EXTRAAFTER=
diff --git a/pica-mail-mta/spam/opendmarc.conf b/pica-mail-mta/spam/opendmarc.conf
deleted file mode 100644
index f1772b3..0000000
--- a/pica-mail-mta/spam/opendmarc.conf
+++ /dev/null
@@ -1,93 +0,0 @@
-# This is a basic configuration that can easily be adapted to suit a standard
-# installation. For more advanced options, see opendkim.conf(5) and/or
-# /usr/share/doc/opendmarc/examples/opendmarc.conf.sample.
-
-## AuthservID (string)
-## defaults to MTA name
-#
-#sera généré par conf.sh en fonction des variables d'environnement
-#AuthservID mail.test.picasoft.net
-
-## FailureReports { true | false }
-## default "false"
-##
-FailureReports true
-
-PidFile /var/spool/postifx/opendmarc/opendmarc.pid
-
-## RejectFailures { true | false }
-## default "false"
-##
-RejectFailures false
-
-## Socket socketspec
-## default (none)
-##
-## Specifies the socket that should be established by the filter to receive
-## connections from sendmail(8) in order to provide service. socketspec is
-## in one of two forms: local:path, which creates a UNIX domain socket at
-## the specified path, or inet:port[@host] or inet6:port[@host] which creates
-## a TCP socket on the specified port for the appropriate protocol family.
-## If the host is not given as either a hostname or an IP address, the
-## socket will be listening on all interfaces. This option is mandatory
-## either in the configuration file or on the command line. If an IP
-## address is used, it must be enclosed in square brackets.
-#
-Socket local:/var/spool/postfix/opendmarc/opendmarc.sock
-
-## Syslog { true | false }
-## default "false"
-##
-## Log via calls to syslog(3) any interesting activity.
-#
-Syslog true
-
-## SyslogFacility facility-name
-## default "mail"
-##
-## Log via calls to syslog(3) using the named facility. The facility names
-## are the same as the ones allowed in syslog.conf(5).
-#
-# SyslogFacility mail
-
-## TrustedAuthservIDs string
-## default HOSTNAME
-##
-## Specifies one or more "authserv-id" values to trust as relaying true
-## upstream DKIM and SPF results. The default is to use the name of
-## the MTA processing the message. To specify a list, separate each entry
-## with a comma. The key word "HOSTNAME" will be replaced by the name of
-## the host running the filter as reported by the gethostname(3) function.
-#
-#sera écrit par le script config.sh en fonction des variables d'environnement
-#TrustedAuthservIDs mail.test.picasoft.net
-
-
-## UMask mask
-## default (none)
-##
-## Requests a specific permissions mask to be used for file creation. This
-## only really applies to creation of the socket when Socket specifies a
-## UNIX domain socket, and to the HistoryFile and PidFile (if any); temporary
-## files are normally created by the mkstemp(3) function that enforces a
-## specific file mode on creation regardless of the process umask. See
-## umask(2) for more information.
-#
-UMask 0002
-
-## UserID user[:group]
-## default (none)
-##
-## Attempts to become the specified userid before starting operations.
-## The process will be assigned all of the groups and primary group ID of
-## the named userid unless an alternate group is specified.
-#
-UserID opendmarc
-
-## Path to system copy of PSL (needed to determine organizational domain)
-#
-PublicSuffixList /usr/share/publicsuffix/
-
-HistoryFile /var/log/opendmarc.log
-
-IgnoreHosts /etc/opendmarc/ignore.hosts
diff --git a/pica-mail-mta/local_mailbox_ldap_sasl/Dockerfile b/pica-mail-mta/tests/local_mailbox_ldap_sasl/Dockerfile
similarity index 100%
rename from pica-mail-mta/local_mailbox_ldap_sasl/Dockerfile
rename to pica-mail-mta/tests/local_mailbox_ldap_sasl/Dockerfile
diff --git a/pica-mail-mta/local_mailbox_ldap_sasl/README.md b/pica-mail-mta/tests/local_mailbox_ldap_sasl/README.md
similarity index 100%
rename from pica-mail-mta/local_mailbox_ldap_sasl/README.md
rename to pica-mail-mta/tests/local_mailbox_ldap_sasl/README.md
diff --git a/pica-mail-mta/local_mailbox_ldap_sasl/entrypoint2.sh b/pica-mail-mta/tests/local_mailbox_ldap_sasl/entrypoint2.sh
similarity index 100%
rename from pica-mail-mta/local_mailbox_ldap_sasl/entrypoint2.sh
rename to pica-mail-mta/tests/local_mailbox_ldap_sasl/entrypoint2.sh
diff --git a/pica-mail-mta/local_mailbox_ldap_sasl/local_users b/pica-mail-mta/tests/local_mailbox_ldap_sasl/local_users
similarity index 100%
rename from pica-mail-mta/local_mailbox_ldap_sasl/local_users
rename to pica-mail-mta/tests/local_mailbox_ldap_sasl/local_users
diff --git a/pica-mail-mta/local_mailbox_ldap_sasl/saslauthd-postfix b/pica-mail-mta/tests/local_mailbox_ldap_sasl/saslauthd-postfix
similarity index 100%
rename from pica-mail-mta/local_mailbox_ldap_sasl/saslauthd-postfix
rename to pica-mail-mta/tests/local_mailbox_ldap_sasl/saslauthd-postfix
diff --git a/pica-mail-mta/local_mailbox_unix_sasl/Dockerfile b/pica-mail-mta/tests/local_mailbox_unix_sasl/Dockerfile
similarity index 100%
rename from pica-mail-mta/local_mailbox_unix_sasl/Dockerfile
rename to pica-mail-mta/tests/local_mailbox_unix_sasl/Dockerfile
diff --git a/pica-mail-mta/local_mailbox_unix_sasl/README.md b/pica-mail-mta/tests/local_mailbox_unix_sasl/README.md
similarity index 100%
rename from pica-mail-mta/local_mailbox_unix_sasl/README.md
rename to pica-mail-mta/tests/local_mailbox_unix_sasl/README.md
diff --git a/pica-mail-mta/local_mailbox_unix_sasl/entrypoint2.sh b/pica-mail-mta/tests/local_mailbox_unix_sasl/entrypoint2.sh
similarity index 100%
rename from pica-mail-mta/local_mailbox_unix_sasl/entrypoint2.sh
rename to pica-mail-mta/tests/local_mailbox_unix_sasl/entrypoint2.sh
diff --git a/pica-mail-mta/local_mailbox_unix_sasl/local_users b/pica-mail-mta/tests/local_mailbox_unix_sasl/local_users
similarity index 100%
rename from pica-mail-mta/local_mailbox_unix_sasl/local_users
rename to pica-mail-mta/tests/local_mailbox_unix_sasl/local_users
diff --git a/pica-mail-mta/local_mailbox_unix_sasl/saslauthd-postfix b/pica-mail-mta/tests/local_mailbox_unix_sasl/saslauthd-postfix
similarity index 100%
rename from pica-mail-mta/local_mailbox_unix_sasl/saslauthd-postfix
rename to pica-mail-mta/tests/local_mailbox_unix_sasl/saslauthd-postfix
diff --git a/pica-mail-mta/minimal-postfix/Dockerfile b/pica-mail-mta/tests/minimal-postfix/Dockerfile
similarity index 100%
rename from pica-mail-mta/minimal-postfix/Dockerfile
rename to pica-mail-mta/tests/minimal-postfix/Dockerfile
diff --git a/pica-mail-mta/sasl-test/Dockerfile b/pica-mail-mta/tests/sasl-test/Dockerfile
similarity index 100%
rename from pica-mail-mta/sasl-test/Dockerfile
rename to pica-mail-mta/tests/sasl-test/Dockerfile
diff --git a/pica-mail-mta/sasl-test/README.md b/pica-mail-mta/tests/sasl-test/README.md
similarity index 100%
rename from pica-mail-mta/sasl-test/README.md
rename to pica-mail-mta/tests/sasl-test/README.md
diff --git a/pica-mail-mta/sasl-test/entrypoint2.sh b/pica-mail-mta/tests/sasl-test/entrypoint2.sh
similarity index 100%
rename from pica-mail-mta/sasl-test/entrypoint2.sh
rename to pica-mail-mta/tests/sasl-test/entrypoint2.sh
diff --git a/pica-mail-mta/sasl-test/ldap-virtual-mailbox-maps b/pica-mail-mta/tests/sasl-test/ldap-virtual-mailbox-maps
similarity index 100%
rename from pica-mail-mta/sasl-test/ldap-virtual-mailbox-maps
rename to pica-mail-mta/tests/sasl-test/ldap-virtual-mailbox-maps
diff --git a/pica-mail-mta/sasl-test/saslauthd-postfix b/pica-mail-mta/tests/sasl-test/saslauthd-postfix
similarity index 100%
rename from pica-mail-mta/sasl-test/saslauthd-postfix
rename to pica-mail-mta/tests/sasl-test/saslauthd-postfix
diff --git a/pica-mail-mta/test-auth_local_user/Dockerfile b/pica-mail-mta/tests/test-auth_local_user/Dockerfile
similarity index 100%
rename from pica-mail-mta/test-auth_local_user/Dockerfile
rename to pica-mail-mta/tests/test-auth_local_user/Dockerfile
diff --git a/pica-mail-mta/test-auth_local_user/README.md b/pica-mail-mta/tests/test-auth_local_user/README.md
similarity index 100%
rename from pica-mail-mta/test-auth_local_user/README.md
rename to pica-mail-mta/tests/test-auth_local_user/README.md
diff --git a/pica-mail-mta/test-auth_local_user/entrypoint2.sh b/pica-mail-mta/tests/test-auth_local_user/entrypoint2.sh
similarity index 100%
rename from pica-mail-mta/test-auth_local_user/entrypoint2.sh
rename to pica-mail-mta/tests/test-auth_local_user/entrypoint2.sh
diff --git a/pica-mail-mta/test-auth_local_user/local_users b/pica-mail-mta/tests/test-auth_local_user/local_users
similarity index 100%
rename from pica-mail-mta/test-auth_local_user/local_users
rename to pica-mail-mta/tests/test-auth_local_user/local_users
--
GitLab