From d486615eb93051fee796b5fdc2c64e3f8dc05f03 Mon Sep 17 00:00:00 2001
From: grayhook <s@marinkevich.ru>
Date: Thu, 5 Jun 2025 10:05:36 +0700
Subject: [PATCH] minimal working setup

---
 Dockerfile          |  33 ++++++++++++++++
 EltexRootCA.crt     |  35 +++++++++++++++++
 docker-compose.yml  |  12 ++++++
 entrypoint.sh       |  50 +++++++++++++++++++++++
 fetchmailrc         |   4 ++
 sieve/default.sieve | 111 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 245 insertions(+)
 create mode 100644 Dockerfile
 create mode 100644 EltexRootCA.crt
 create mode 100644 docker-compose.yml
 create mode 100644 entrypoint.sh
 create mode 100644 fetchmailrc
 create mode 100755 sieve/default.sieve

diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..6af8779
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,33 @@
+FROM debian:stable-slim
+
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+      dovecot-core dovecot-imapd dovecot-sieve dovecot-managesieved \
+      fetchmail mailutils && \
+    rm -rf /var/lib/apt/lists/*
+
+# Пользователь
+RUN useradd -m mailuser -p "${PROXYPASSHASH}"
+
+# Копируем конфиги
+COPY fetchmailrc /home/mailuser/.fetchmailrc
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod 600 /home/mailuser/.fetchmailrc && \
+    mkdir -p /home/mailuser/sieve && \
+    mkdir -p /var/mail/mailuser && \
+    chown -R mailuser:mailuser /home/mailuser && \
+    chown -R mailuser:mailuser /var/mail/mailuser && \
+    chmod +x /entrypoint.sh
+
+# Dovecot конфиги
+RUN echo 'protocol lda {\n  mail_plugins = $mail_plugins sieve\n}' > /etc/dovecot/conf.d/15-lda.conf && \
+    echo 'plugin {\n  sieve = /home/mailuser/sieve/default.sieve\n  sieve_extensions = +fileinto +copy +flags +imapflags +vacation +relational +regex +body +enotify +environment +variables\n}' > /etc/dovecot/conf.d/90-sieve.conf && \
+    sed -e 's/mbox:~\/mail/maildir:\/var\/mail\/%u/g' -i /etc/dovecot/conf.d/10-mail.conf
+RUN usermod -aG dovecot mailuser
+
+
+COPY EltexRootCA.crt /usr/local/share/ca-certificates/
+RUN update-ca-certificates
+
+EXPOSE 143
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/EltexRootCA.crt b/EltexRootCA.crt
new file mode 100644
index 0000000..ee9f3ac
--- /dev/null
+++ b/EltexRootCA.crt
@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGFTCCA/2gAwIBAgIJANEBowj4YBI5MA0GCSqGSIb3DQEBCwUAMIGgMQswCQYD
+VQQGEwJSVTEbMBkGA1UECAwSUnVzc2lhbiBGZWRlcmF0aW9uMRQwEgYDVQQHDAtO
+b3Zvc2liaXJzazESMBAGA1UECgwJRWx0ZXggQ28uMREwDwYDVQQLDAhFbHRleCBP
+VDEWMBQGA1UEAwwNRWx0ZXggUm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQYWRtaW5z
+QGVsdGV4LmxvYzAeFw0xOTExMDgwODEzMzVaFw0zOTExMDMwODEzMzVaMIGgMQsw
+CQYDVQQGEwJSVTEbMBkGA1UECAwSUnVzc2lhbiBGZWRlcmF0aW9uMRQwEgYDVQQH
+DAtOb3Zvc2liaXJzazESMBAGA1UECgwJRWx0ZXggQ28uMREwDwYDVQQLDAhFbHRl
+eCBPVDEWMBQGA1UEAwwNRWx0ZXggUm9vdCBDQTEfMB0GCSqGSIb3DQEJARYQYWRt
+aW5zQGVsdGV4LmxvYzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJWa
+DXldyb7cutccc8BnMFU29K1DF0rx108s6UGNmE65UTIM7nph+X1BVfo2rOUJzGuY
+fJwJQhLK0TL8f1vVGMgGX2hEv2Uz7E7x9t0gKJHq+12QXF4YM9TpVLqlwtoIOLPR
+MnpRM0D7ryuQllzg7IB26TNPK6r7FiwDtK5mBjTZfqlBlPhPDyI4El+ou/rtKhGt
+rLhsZ287je5S+EzXq0dh9PYHP3vcQGyJ344LsTwKz8AB6wmo4MSRvV9/5Sswj5Oe
+jXgFWWEofXx2m8KlWbBYnCGKdNqCPJClxRrO2YHoIMvwWq107b8jFIHC7MzgtK3Z
+jOjkh0d9dauCsbbBguouQbg3uz32lATSGWZnYk/DB9vVKmDvheQvxf2czib/DyXB
+hkdN3rZSh8PiyNOtlbh7zTGIYt4EoQk91kBfo8rNBNAfJZ0ngwYdSZSKIhTGqr66
+HyLz2aEXNmP26ryuKgipFOcJZvl9ziat/UaoPoAvSt9Lu3VSfZaJJRlSYljILPAM
+BDfj/Y+alOnOwKAoEbknGAXb/DdMos6JSC7Cf7JkMZafpLG6tbBRYlMLoSP1osaJ
+wDJvBEJB1BtRL38w88kvfA5HjnFqWRkovyhVjiJvYaDs68eGMs86T4CTRCWwrzom
+F0vPynih7aKGNR94PuA8QgxLRtBC9nuUGMuStgYTAgMBAAGjUDBOMB0GA1UdDgQW
+BBQtblkm26sPaZpB2Xj1TWmZvYYbkzAfBgNVHSMEGDAWgBQtblkm26sPaZpB2Xj1
+TWmZvYYbkzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQAOEx2ythPO
+ClEKFkoGx3EYQo74GDWF8xNHGQjwuVS3Kojsg/cICEFlU0SEuMoYbrFY2P0Rh4Ru
+NmpwO1EJ5//UfFIWy24PApoqR8jDA7RPYQaqLiPQPuGOhKdfXopQwHXFRiPfJs4M
+ZWi/srafiHqUsiVSlO92ugAanvmTMFYiKMAoyBfaloOQ8xLjWiKo652iU7G3TBqc
+BOw5h71aZoXqdtBaKKHTDe2rcwat02KzeXvtL+/C6xdn6BTmXc3ByniScjA6ahmz
+s70QKUq4l4boeQReKz7f5xpHHn7kMcfOvXe82dMK2LxDxWchUNt+lBwWH6ozK6fv
+xf47EwoKAbfKG7GJXTJIOm+lrhqTvpC2XUh/FGr5QUU8gVx04qNaySqVfh7/YgcC
+H3gMgMvSCnP+XwLezqc2M13oW1KPm6gTrQ1A9YyDE5sqUPH6iJWE9p9jVH7Ds/i/
+Sc0iw64I0nrJE2cr5ck2MFAiVjpOCn9zLrKr1KQ7t2H0KzLLYI0LDOtZdfUQGUSK
+nSFFbtc3BMfHRAB3+RDBZ5KIER7dGVKE/0nDEQZo0lmfLTQMOvo8DIw/YfAQnW+I
+hq5TMN7e7oxFDSO3PGAdfVu2J+lIu82F6djFD0FVmnWCHcDJ1VmqwFKjng/FzweO
+xMVGtdxq/YKfRA/oZN6laDd4Zev2XiRDhw==
+-----END CERTIFICATE-----
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..e832612
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,12 @@
+version: '3.8'
+
+services:
+  mailproxy:
+    build: .
+    container_name: mail-proxy
+    ports:
+      - "10.47.0.86:9993:993"  # IMAP наружу
+    volumes:
+      - ./maildata:/var/mail/mailuser
+      - ./sieve:/home/mailuser/sieve
+#restart: unless-stopped
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..3f6c6f7
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+
+# Компиляция sieve
+#runuser -u mailuser -- sievec /home/mailuser/sieve/default.sieve
+
+chown -R mailuser:mailuser /home/mailuser
+chown -R mailuser:mailuser /var/mail/mailuser
+
+# Убедимся, что Maildir существует
+echo "mailuser
+  mailuser/.INBOX
+  mailuser/.010_my
+  mailuser/.020_piecedukes
+  mailuser/.030_ras4et
+  mailuser/.040_wiki
+  mailuser/.050_mailings
+  mailuser/.060_new
+  mailuser/.070_closed
+  mailuser/.080_ESR-XXXX
+  mailuser/.100_gitlab
+  mailuser/.100_gitlab.010_kern
+  mailuser/.100_gitlab.020_base
+  mailuser/.100_gitlab.030_apps
+  mailuser/.100_gitlab.040_smth
+  mailuser/.100_gitlab.050_auto
+  mailuser/.110_HR
+  mailuser/.120_OT
+  mailuser/.120_OT.supply
+  mailuser/.120_OT.servers
+  mailuser/.120_OT.web
+  mailuser/.130_PVS
+  mailuser/.140_versions
+  mailuser/.140_others
+  mailuser/.140_others.Time
+  mailuser/.140_others.Jenkins
+  mailuser/.140_others.Zabbix
+  mailuser/.140_others.WLC
+  mailuser/.140_others.SoftWLC
+  mailuser/.140_others.WEB
+  mailuser/.140_others.ECCM" | while read x; do for y in cur new tmp; do \
+    su - mailuser -c "mkdir -p /var/mail/${x}/${y}"; \
+done; done
+
+# Запуск dovecot
+service dovecot restart
+
+# Запуск fetchmail
+runuser -u mailuser -- fetchmail -f /home/mailuser/.fetchmailrc -d 60  -v --nodetach
+#sleep 5000
diff --git a/fetchmailrc b/fetchmailrc
new file mode 100644
index 0000000..6d8649b
--- /dev/null
+++ b/fetchmailrc
@@ -0,0 +1,4 @@
+poll pop3.eltex.loc protocol pop3
+    user "${USERNAME}@eltex.loc" password "${USERPASS}"
+    ssl
+    mda "/usr/lib/dovecot/dovecot-lda -d mailuser"
diff --git a/sieve/default.sieve b/sieve/default.sieve
new file mode 100755
index 0000000..2300014
--- /dev/null
+++ b/sieve/default.sieve
@@ -0,0 +1,111 @@
+require ["body","fileinto","imap4flags"];
+# rule:[ras4et]
+if header :contains "subject" "Расчётный листок"
+{
+	fileinto "040_ras4et";
+	addflag "\\Flagged";
+	stop;
+}
+# rule:[jenkins]
+if anyof (header :contains "from" "ESR Jenkins", body :text :contains "ESR Jenkins обновил", body :text :contains "была обновлена (ESR Jenkins)")
+{
+	fileinto "140_others/Jenkins";
+	stop;
+}
+# rule:[time]
+if header :contains "subject" "Уведомление по отработанному времени"
+{
+	fileinto "140_others/Time";
+	addflag "\\Flagged";
+	stop;
+}
+# rule:[wiki]
+if header :contains "subject" "Wiki-страница"
+{
+	fileinto "040_wiki";
+	stop;
+}
+# rule:[gitlab jenkins]
+if allof (header :contains "from" "gitlab", header :contains "from" "Jenkins")
+{
+	fileinto "100_gitlab/050_auto";
+}
+# rule:[gitlab base]
+if header :contains "subject" "ESR Base"
+{
+	fileinto "100_gitlab/020_base";
+	stop;
+}
+# rule:[gitlab kernel]
+if header :contains "subject" "ESR Kernel"
+{
+	fileinto "100_gitlab/010_kernel";
+	stop;
+}
+# rule:[sWLC]
+if header :contains "subject" "SoftWLC"
+{
+	fileinto "140_others/SoftWLC";
+	stop;
+}
+# rule:[esrwlc]
+if header :contains "subject" "ESR:WLC"
+{
+	fileinto "140_others/WLC";
+	stop;
+}
+# rule:[ECCM]
+if header :contains "subject" "ECCM"
+{
+	fileinto "140_others/ECCM";
+	stop;
+}
+# rule:[gitlab all other]
+if header :contains "from" "gitlab"
+{
+	fileinto "100_gitlab";
+	stop;
+}
+# rule:[hr]
+if header :contains "subject" "Программисты, инженеры HW"
+{
+	fileinto "110_HR";
+	stop;
+}
+# rule:[моё]
+if body :text :contains "Сергей Маринкевич"
+{
+	fileinto "010_my";
+	stop;
+}
+# rule:[пиздюки]
+if anyof (body :text :contains "Тимур Сайботалов", body :text :contains "Олег Сердитов", body :text :contains "Андрей Журавлёв")
+{
+	fileinto "020_piecedukes";
+	stop;
+}
+# rule:[new]
+if header :contains "subject" "(New)"
+{
+	fileinto "060_new";
+	stop;
+}
+# rule:[Closed]
+if header :contains "subject" "(Closed)"
+{
+	fileinto "070_closed";
+	stop;
+}
+# rule:[версии]
+if header :contains "subject" "- версия:"
+{
+	fileinto "140_versions";
+	stop;
+}
+# rule:[mailings]
+if allof (not header :contains "from" "red.eltex.loc", not header :contains "from" "gitlab")
+{
+	fileinto "050_mailings";
+	setflag "\\Flagged";
+	stop;
+}