Update check (#1951)

* mail binary

* initial work

* make env vars available

* typo

* some fixes

* make script ugly, to satisfy linter..

* mailserver.env updated

* Version to welcome message added

* remove VERSION file references

* VERSION --> DMS_VERSION

* fetch remote version

* variable usage

* Quoting added

* edge test & docu

* dash removed

* subject changed

* re-add VERSION

* VERSION added

* new file:   VERSION

* rewrite

* unnecessary additions from fail2ban PR removed

* UPDATE_CHECK_INTERVAL added

* syntax check & _log function

* comment added

* final commit
This commit is contained in:
Casper 2021-05-19 21:18:06 +02:00 committed by GitHub
parent 225e21edb7
commit bab0277723
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
9 changed files with 109 additions and 15 deletions

View file

@ -1,2 +1,3 @@
*
!target
!VERSION

View file

@ -45,7 +45,7 @@ RUN \
apt-get -y install postfix >/dev/null && \
apt-get -y --no-install-recommends install \
# A - D
altermime amavisd-new apt-transport-https arj binutils bzip2 \
altermime amavisd-new apt-transport-https arj binutils bzip2 bsd-mailx \
ca-certificates cabextract clamav clamav-daemon cpio curl \
dovecot-core dovecot-imapd dovecot-ldap dovecot-lmtpd \
dovecot-managesieved dovecot-pop3d dovecot-sieve dovecot-solr \
@ -59,9 +59,8 @@ RUN \
pax pflogsumm postgrey p7zip-full postfix-ldap postfix-pcre \
postfix-policyd-spf-python postsrsd pyzor \
razor rpm2cpio rsyslog sasl2-bin spamassassin supervisor \
unrar-free unzip whois xz-utils \
unrar-free unzip whois xz-utils && \
# Fail2Ban
gpg gpg-agent >/dev/null && \
gpg --keyserver ${FAIL2BAN_GPG_PUBLIC_KEY_SERVER} \
--recv-keys ${FAIL2BAN_GPG_PUBLIC_KEY_ID} &>/dev/null && \
curl -Lkso fail2ban.deb ${FAIL2BAN_DEB_URL} && \
@ -75,7 +74,6 @@ RUN \
echo "ERROR: Wrong GPG fingerprint!" 2>&1; exit 1; fi && \
dpkg -i fail2ban.deb &>/dev/null && \
rm fail2ban.deb fail2ban.deb.asc && \
apt-get -qq -y purge gpg gpg-agent &>/dev/null && \
# cleanup
apt-get -qq autoremove &>/dev/null && \
apt-get -qq autoclean && \
@ -154,6 +152,9 @@ COPY \
./target/docker-configomat/configomat.sh \
/usr/local/bin/
COPY \
./VERSION /
RUN \
chmod +x /usr/local/bin/* && \
rm -rf /usr/share/locale/* && \
@ -162,13 +163,7 @@ RUN \
touch /var/log/auth.log && \
update-locale && \
rm /etc/postsrsd.secret && \
rm /etc/cron.daily/00logwatch && \
if [[ ${VCS_VER} =~ ^refs/tags/v.+ ]]; then \
echo "export DMS_VERSION='${VCS_VER:11}'" >>/root/.bashrc; \
else \
echo "export DMS_VERSION='${VCS_REF}'" >>/root/.bashrc; \
fi
rm /etc/cron.daily/00logwatch
#
# PostSRSD, Postgrey & Amavis

1
VERSION Normal file
View file

@ -0,0 +1 @@
9.1.0

View file

@ -193,6 +193,19 @@ Set the message size limit for all users. If set to zero, the size will be unlim
- **empty** => postmaster@domain.com
- => Specify the postmaster address
##### ENABLE_UPDATE_CHECK
Check for updates on container start and then once a day. If an update is available, a mail is send to POSTMASTER_ADDRESS.
- 0 => Update check disabled
- **1** => Update check enabled
##### UPDATE_CHECK_INTERVAL
Customize the update check interval. Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
- **1d** => Check for updates once a day
##### POSTSCREEN_ACTION
- **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.

View file

@ -32,6 +32,16 @@ ONE_DIR=0
# => Specify the postmaster address
POSTMASTER_ADDRESS=
# Check for updates on container start and then once a day
# If an update is available, a mail is send to POSTMASTER_ADDRESS
# 0 => Update check disabled
# 1 => Update check enabled
ENABLE_UPDATE_CHECK=1
# Customize the update check interval.
# Number + Suffix. Suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
UPDATE_CHECK_INTERVAL=1d
# Set different options for mynetworks option (can be overwrite in postfix-main.cf)
# **WARNING**: Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or
# `connected-networks` option, can create an open relay

View file

@ -33,6 +33,7 @@ VARS[ENABLE_QUOTAS]="${ENABLE_QUOTAS:=1}"
VARS[ENABLE_SASLAUTHD]="${ENABLE_SASLAUTHD:=0}"
VARS[ENABLE_SPAMASSASSIN]="${ENABLE_SPAMASSASSIN:=0}"
VARS[ENABLE_SRS]="${ENABLE_SRS:=0}"
VARS[ENABLE_UPDATE_CHECK]="${ENABLE_UPDATE_CHECK:=1}"
VARS[FAIL2BAN_BLOCKTYPE]="${FAIL2BAN_BLOCKTYPE:=drop}"
VARS[FETCHMAIL_POLL]="${FETCHMAIL_POLL:=300}"
VARS[FETCHMAIL_PARALLEL]="${FETCHMAIL_PARALLEL:=0}"
@ -64,6 +65,7 @@ VARS[SRS_SENDER_CLASSES]="${SRS_SENDER_CLASSES:=envelope_sender}"
VARS[SSL_TYPE]="${SSL_TYPE:=}"
VARS[SUPERVISOR_LOGLEVEL]="${SUPERVISOR_LOGLEVEL:=warn}"
VARS[TLS_LEVEL]="${TLS_LEVEL:=modern}"
VARS[UPDATE_CHECK_INTERVAL]="${UPDATE_CHECK_INTERVAL:=1d}"
VARS[VIRUSMAILS_DELETE_DELAY]="${VIRUSMAILS_DELETE_DELAY:=7}"
export HOSTNAME DOMAINNAME CHKSUM_FILE
@ -168,6 +170,7 @@ function register_functions
_register_start_daemon '_start_daemons_rsyslog'
[[ ${SMTP_ONLY} -ne 1 ]] && _register_start_daemon '_start_daemons_dovecot'
[[ ${ENABLE_UPDATE_CHECK} -eq 1 ]] && _register_start_daemon '_start_daemons_update_check'
# needs to be started before SASLauthd
_register_start_daemon '_start_daemons_opendkim'
@ -249,16 +252,13 @@ function _defunc
# shellcheck source=./startup/daemons-stack.sh
. /usr/local/bin/daemons-stack.sh
# source DMS_VERSION variable
. /root/.bashrc
#
# ? << Sourcing all stacks
#
# ? >> Executing all stacks
#
_notify 'tasklog' "Welcome to docker-mailserver ${DMS_VERSION}"
_notify 'tasklog' "Welcome to docker-mailserver $(</VERSION)"
_notify 'inf' 'ENVIRONMENT'
[[ ${DMS_DEBUG} -eq 1 ]] && printenv

View file

@ -152,3 +152,9 @@ function _start_changedetector
_notify 'task' 'Starting changedetector'
supervisorctl start changedetector
}
function _start_daemons_update_check
{
_notify 'task' 'Starting update-check'
supervisorctl start update-check
}

60
target/scripts/update-check.sh Executable file
View file

@ -0,0 +1,60 @@
#! /bin/bash
VERSION=$(</VERSION)
VERSION_URL="https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/VERSION"
CHANGELOG="https://github.com/docker-mailserver/docker-mailserver/blob/master/CHANGELOG.md"
function _log
{
DATE=$(date '+%F %T')
echo "${DATE} ${1}"
}
# check for correct syntax
# number + suffix. suffix must be 's' for seconds, 'm' for minutes, 'h' for hours or 'd' for days.
if [[ ! ${UPDATE_CHECK_INTERVAL} =~ ^[0-9]+[smhd]{1}$ ]]
then
_log "Error: Invalid UPDATE_CHECK_INTERVAL value: ${UPDATE_CHECK_INTERVAL}"
_log "Info: Fallback to daily update checks"
UPDATE_CHECK_INTERVAL="1d"
fi
while true
do
# get remote version information
LATEST=$(curl -Lsf "${VERSION_URL}")
# did we get a valid response?
if [[ ${LATEST} =~ ^[0-9]+\.[0-9]+\.[0-9]+$ ]]
then
_log "Info: Remote version information fetched"
# compare versions
if dpkg --compare-versions "${VERSION}" lt "${LATEST}"
then
# send mail notification to postmaster
read -r -d '' MAIL << EOM
Hello ${POSTMASTER_ADDRESS}!
There is a docker-mailserver update available on your host: $(hostname -f)
Current version: ${VERSION}
Latest version: ${LATEST}
Changelog: ${CHANGELOG}
EOM
echo "${MAIL}" | mail -s "Mailserver update available! [ ${VERSION} --> ${LATEST} ]" "${POSTMASTER_ADDRESS}" && \
_log "Info: Update available [ ${VERSION} --> ${LATEST} ]" && \
# only notify once
exit 0
else
_log "Info: No update available"
fi
else
_log "Error: Update check failed."
fi
# check again in one day
sleep "${UPDATE_CHECK_INTERVAL}"
done

View file

@ -132,3 +132,11 @@ autorestart=unexpected
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/usr/local/bin/postsrsd-wrapper.sh
[program:update-check]
startsecs=0
stopwaitsecs=55
autostart=false
stdout_logfile=/var/log/supervisor/%(program_name)s.log
stderr_logfile=/var/log/supervisor/%(program_name)s.log
command=/bin/bash -l -c /usr/local/bin/update-check.sh