Enable proxy protocol support for sieve protocol. See docker-mailserver#156.

Author: cfis

charts/docker-mailserver/README.md

@@ -268,6 +268,6 @@ In addition to tests above, a "snapshot" test is created for each manifest file.
 If you're comfortable with the changes to the saved snapshot, then regenerate the snapshots, by running the following from the root of the repo
 
 ```console
-$helm plugin install https://github.com/lrills/helm-unittest
-$helm unittest helm-chart/docker-mailserver
+helm plugin install https://github.com/helm-unittest/helm-unittest.git
+helm unittest -u charts/docker-mailserver
 ```

charts/docker-mailserver/templates/deployment.yaml

@@ -249,6 +249,10 @@ spec:
         {{- if and (.Values.deployment.env.ENABLE_MANAGESIEVE) (not .Values.deployment.env.SMTP_ONLY) }}
             - name: managesieve
               containerPort: 4190  
+          {{- if .Values.proxyProtocol.enabled }}
+            - name: managesieve-proxy
+              containerPort: 14190
+          {{- end }}   
         {{- end }}  
 
 {{- if .Values.metrics.enabled }}

charts/docker-mailserver/templates/service.yaml

@@ -118,23 +118,28 @@ spec:
     {{- end }}   
   {{- end }}   
 
-    {{- if .Values.deployment.env.ENABLE_RSPAMD }}
+  {{- if .Values.deployment.env.ENABLE_RSPAMD }}
     - name: rspamd
       targetPort: rspamd
       port: 11334  
-    {{- end }}   
+  {{- end }}   
 
-    {{- if and (.Values.deployment.env.ENABLE_MANAGESIEVE) (not .Values.deployment.env.SMTP_ONLY) }}
+  {{- if and (.Values.deployment.env.ENABLE_MANAGESIEVE) (not .Values.deployment.env.SMTP_ONLY) }}
     - name: managesieve
       targetPort: managesieve
       port: 4190  
+    {{- if .Values.proxyProtocol.enabled }}
+    - name: managesieve-proxy
+      targetPort: managesieve-proxy
+      port: 14190
     {{- end }}   
+  {{- end }}   
 
-    {{- if .Values.metrics.enabled }}
+  {{- if .Values.metrics.enabled }}
     - name: metrics
       port: 9154
       targetPort: 9154       
-    {{- end }}
+  {{- end }}
 
   type: {{ default "ClusterIP" .Values.service.type }}
   {{- if eq .Values.service.type "LoadBalancer" }}

charts/docker-mailserver/tests/__snapshot__/configmap_test.yaml.snap

@@ -2,7 +2,30 @@ manifest should match snapshot:
   1: |
     apiVersion: v1
     data:
-      dovecot.cf: "\nhaproxy_trusted_networks = 10.0.0.0/8 192.168.0.0/16 172.16.0.0/16\nservice imap-login {\n    inet_listener imap {\n        port = 143\n    }\n  \n    inet_listener imaps {\n        port = 993\n        ssl = yes\n    }\n  \n    inet_listener imap_proxy {\n        haproxy = yes\n        port = 10143\n        ssl = no\n    }\n\n    inet_listener imaps_proxy {\n        haproxy = yes\n        port = 10993\n        ssl = yes\n    }\n}\n"
+      dovecot.cf: |2
+        haproxy_trusted_networks = 10.0.0.0/8 192.168.0.0/16 172.16.0.0/12
+        service imap-login {
+            inet_listener imap {
+                port = 143
+            }
+
+            inet_listener imaps {
+                port = 993
+                ssl = yes
+            }
+
+            inet_listener imap_proxy {
+                haproxy = yes
+                port = 10143
+                ssl = no
+            }
+
+            inet_listener imaps_proxy {
+                haproxy = yes
+                port = 10993
+                ssl = yes
+            }
+        }
     kind: ConfigMap
     metadata:
       labels:
@@ -26,7 +49,49 @@ manifest should match snapshot:
   3: |
     apiVersion: v1
     data:
-      user-patches.sh: "#!/bin/bash\n# Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!\ncat <<EOS >> /etc/postfix/master.cf\n\n# Submission with proxy\n10587     inet  n       -       n       -       -       smtpd\n  -o syslog_name=postfix/submission\n  -o smtpd_tls_security_level=encrypt\n  -o smtpd_sasl_auth_enable=yes\n  -o smtpd_sasl_type=dovecot\n  -o smtpd_reject_unlisted_recipient=no\n  -o smtpd_sasl_authenticated_header=yes\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n  -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n  -o smtpd_discard_ehlo_keywords=\n  -o milter_macro_daemon_name=ORIGINATING\n  -o cleanup_service_name=sender-cleanup\n  -o smtpd_upstream_proxy_protocol=haproxy  \n\n# Submissions with proxy\n10465     inet  n       -       n       -       -       smtpd\n  -o syslog_name=postfix/submissions\n  -o smtpd_tls_wrappermode=yes\n  -o smtpd_sasl_auth_enable=yes\n  -o smtpd_sasl_type=dovecot\n  -o smtpd_reject_unlisted_recipient=no\n  -o smtpd_sasl_authenticated_header=yes\n  -o smtpd_client_restrictions=permit_sasl_authenticated,reject\n  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject\n  -o smtpd_sender_restrictions=\\$mua_sender_restrictions\n  -o smtpd_discard_ehlo_keywords=\n  -o milter_macro_daemon_name=ORIGINATING\n  -o cleanup_service_name=sender-cleanup\n  -o smtpd_upstream_proxy_protocol=haproxy\n\n# Smtp with proxy\n12525     inet  n       -       n       -       1       postscreen\n  -o syslog_name=postfix/smtp-proxy\n  -o postscreen_upstream_proxy_protocol=haproxy\n  -o postscreen_cache_map=btree:$data_directory/postscreen_10025_cache\nEOS\n"
+      user-patches.sh: |
+        #!/bin/bash
+        # Make sure to keep this file in sync with https://github.com/docker-mailserver/docker-mailserver/blob/master/target/postfix/master.cf!
+        cat <<EOS >> /etc/postfix/master.cf
+
+        # Submission with proxy
+        10587     inet  n       -       n       -       -       smtpd
+          -o syslog_name=postfix/submission
+          -o smtpd_tls_security_level=encrypt
+          -o smtpd_sasl_auth_enable=yes
+          -o smtpd_sasl_type=dovecot
+          -o smtpd_reject_unlisted_recipient=no
+          -o smtpd_sasl_authenticated_header=yes
+          -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+          -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+          -o smtpd_sender_restrictions=\$mua_sender_restrictions
+          -o smtpd_discard_ehlo_keywords=
+          -o milter_macro_daemon_name=ORIGINATING
+          -o cleanup_service_name=sender-cleanup
+          -o smtpd_upstream_proxy_protocol=haproxy
+
+        # Submissions with proxy
+        10465     inet  n       -       n       -       -       smtpd
+          -o syslog_name=postfix/submissions
+          -o smtpd_tls_wrappermode=yes
+          -o smtpd_sasl_auth_enable=yes
+          -o smtpd_sasl_type=dovecot
+          -o smtpd_reject_unlisted_recipient=no
+          -o smtpd_sasl_authenticated_header=yes
+          -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+          -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
+          -o smtpd_sender_restrictions=\$mua_sender_restrictions
+          -o smtpd_discard_ehlo_keywords=
+          -o milter_macro_daemon_name=ORIGINATING
+          -o cleanup_service_name=sender-cleanup
+          -o smtpd_upstream_proxy_protocol=haproxy
+
+        # Smtp with proxy
+        12525     inet  n       -       n       -       1       postscreen
+          -o syslog_name=postfix/smtp-proxy
+          -o postscreen_upstream_proxy_protocol=haproxy
+          -o postscreen_cache_map=btree:$data_directory/postscreen_10025_cache
+        EOS
     kind: ConfigMap
     metadata:
       labels:

charts/docker-mailserver/values.yaml

@@ -541,6 +541,18 @@ configMaps:
             }
         }
         {{- end -}}
+
+        {{- if and (.Values.deployment.env.ENABLE_MANAGESIEVE) (not .Values.deployment.env.SMTP_ONLY) }}
+        service managesieve-login {
+            inet_listener sieve {
+                port = 4190
+            }
+
+            inet_listener sieve_proxy {
+                port = 14190
+            }
+        }
+        {{- end -}}
       {{- end -}}
 
   fts-xapian-plugin.conf: