letsencrypt & traefik wildcard support

set SSL_DOMAIN=*.example.com to extract a wildcard certificate from traefiks acme.json store

target/check-for-changes.sh

@@ -64,7 +64,11 @@ if [[ $chksum == *"FAIL"* ]]; then
           flock -e 200
 
   if [[ $chksum == *"/etc/letsencrypt/acme.json: FAILED"* ]]; then
-    (extractCertsFromAcmeJson "$HOSTNAME" || extractCertsFromAcmeJson "$DOMAINNAME")
+    for certdomain in $SSL_DOMAIN $HOSTNAME $DOMAINNAME; do
+      if extractCertsFromAcmeJson "$certdomain"; then
+        break
+      fi
+    done
   fi
 
 	#regen postix aliases.

test/config/dovecot-lmtp/conf.d/10-auth.conf

@@ -7,7 +7,7 @@
 # matches the local IP (ie. you're connecting from the same computer), the
 # connection is considered secure and plaintext authentication is allowed.
 # See also ssl=required setting.
-#disable_plaintext_auth = yes
+disable_plaintext_auth = no
 
 # Authentication cache size (e.g. 10M). 0 means it's disabled. Note that
 # bsdauth, PAM and vpopmail require cache_key to be set for caching to be used.
@@ -121,7 +121,7 @@ auth_mechanisms = plain login
 
 #!include auth-system.conf.ext
 #!include auth-sql.conf.ext
-######!include auth-ldap.conf.ext
+#######!include auth-ldap.conf.ext
 !include auth-passwdfile.inc
 #!include auth-checkpassword.conf.ext
 #!include auth-vpopmail.conf.ext

test/config/dovecot-lmtp/conf.d/10-ssl.conf

@@ -3,7 +3,7 @@
 ##
 
 # SSL/TLS support: yes, no, required. <doc/wiki/SSL.txt>
-ssl = required
+ssl = yes
 
 # PEM encoded X.509 SSL/TLS certificate and private key. They're opened before
 # dropping root privileges, so keep the key file unreadable by anyone but

test/config/dovecot-lmtp/conf.d/15-lda.conf

@@ -4,11 +4,11 @@
 
 # Address to use when sending rejection mails.
 # Default is postmaster@<your domain>. %d expands to recipient domain.
-postmaster_address = postmaster@domain.com
+postmaster_address = postmaster@my-domain.com
 
 # Hostname to use in various parts of sent mails (e.g. in Message-Id) and
 # in LMTP replies. Default is the system's real hostname@domain.
-#hostname = 
+hostname = mail.my-domain.com
 
 # If user is over quota, return with temporary failure instead of
 # bouncing the mail.

test/config/dovecot-lmtp/conf.d/90-quota.conf

@@ -15,7 +15,7 @@
 # to give additional 100 MB when saving to Trash:
 
 plugin {
-  #quota_rule = *:storage=1G
+  #quota_rule = *:storage=0
   #quota_rule2 = Trash:storage=+100M
 
   # LDA/LMTP allows saving the last mail to bring user from under quota to
@@ -75,6 +75,6 @@ plugin {
 plugin {
   #quota = dict:user::proxy::quota
   #quota2 = dict:domain:%d:proxy::quota_domain
-  #quota_rule = *:storage=102400
+  #quota_rule = *:storage=0
   #quota2_rule = *:storage=1048576
 }

test/config/dovecot-lmtp/local.conf

@@ -1 +1,2 @@
 mail_max_userip_connections = 69
+recipient_delimiter = ~

test/mail_ssl_letsencrypt.bats

@@ -34,6 +34,7 @@ function setup_file() {
     -v "`pwd`/test/test-files":/tmp/docker-mailserver-test:ro \
     -e DMS_DEBUG=0 \
     -e SSL_TYPE=letsencrypt \
+    -e "SSL_DOMAIN=*.example.com" \
     -h mail.my-domain.com -t ${NAME}
 
   wait_for_finished_setup_in_container mail_lets_acme_json
@@ -114,7 +115,7 @@ function teardown_file() {
   cp "`pwd`/test/config/letsencrypt/acme-changed.json" "`pwd`/test/config/acme.json"
   sleep 11
   run docker exec mail_lets_acme_json /bin/bash -c "supervisorctl tail changedetector"
-  assert_output --partial "Cert found in /etc/letsencrypt/acme.json for mail.my-domain.com"
+  assert_output --partial "Cert found in /etc/letsencrypt/acme.json for *.example.com"
   assert_output --partial "postfix: stopped"
   assert_output --partial "postfix: started"
   assert_output --partial "Update checksum"