Dockerfile

FROM indiepaas/base-email

RUN apt-get update && \
    apt-get install -q -y \
      postfix \
      postfix-pcre \
      postfix-mysql \
      supervisor \
      ca-certificates \
      opendkim \
      opendkim-tools \
      opendmarc && \
    rm -rf /var/lib/apt/lists/*

COPY install.sh /install.sh
COPY postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters
COPY virtual-mailbox-domains.cf /etc/postfix/virtual-mailbox-domains.cf
COPY virtual-mailbox-maps.cf /etc/postfix/virtual-mailbox-maps.cf
COPY virtual-alias-maps.cf /etc/postfix/virtual-alias-maps.cf
COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf

RUN \
  chmod u+x /install.sh && \
  /opt/editconf.py /etc/postfix/main.cf \
    inet_interfaces=all \
    myhostname=##HOSTNAME##\
    smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
    mydestination=localhost && \
  /opt/editconf.py /etc/postfix/master.cf -s -w \
    "submission=inet n       -       -       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
  /opt/editconf.py /etc/postfix/master.cf -s -w \
    "authclean=unix  n       -       -       -       0       cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
 /opt/editconf.py /etc/postfix/main.cf \
    smtpd_tls_security_level=may\
    smtpd_tls_auth_only=yes \
    smtpd_tls_cert_file=/ssl/ssl_certificate.pem \
    smtpd_tls_key_file=/ssl/ssl_private_key.pem \
    smtpd_tls_dh1024_param_file=/ssl/dh2048.pem \
    smtpd_tls_received_header=yes && \
  /opt/editconf.py /etc/postfix/main.cf \
    smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination && \
  /opt/editconf.py /etc/postfix/main.cf \
    smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt \
    smtp_tls_loglevel=2 && \
  /opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025 && \
  /opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:unix:dovecot/lmtp && \
  /opt/editconf.py /etc/postfix/main.cf \
    smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_rhsbl_sender dbl.spamhaus.org" \
    smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient && \
  /opt/editconf.py /etc/postfix/main.cf \
    message_size_limit=134217728 && \
  /opt/editconf.py /etc/postfix/main.cf \
    smtpd_sasl_type=dovecot \
    smtpd_sasl_path=dovecot/auth \
    smtpd_sasl_auth_enable=yes && \
  /opt/editconf.py /etc/postfix/main.cf \
    virtual_mailbox_domains=mysql:/etc/postfix/virtual-mailbox-domains.cf \
    virtual_mailbox_maps=mysql:/etc/postfix/virtual-mailbox-maps.cf \
    virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \ 
    local_recipient_maps=\$virtual_mailbox_maps && \
  /opt/editconf.py /etc/postfix/main.cf \
    mynetworks="127.0.0.0/8 172.17.42.0/24" && \
  /opt/editconf.py /etc/opendmarc.conf -s \
    "Syslog=true" \
    "Socket=inet:8893@[127.0.0.1]" && \
  /opt/editconf.py /etc/postfix/main.cf \
    "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
    non_smtpd_milters=\$smtpd_milters \
    milter_default_action=accept && \
  echo "MinimumKeyBits          1024" >> /etc/opendkim.conf && \
  echo "ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf && \
  echo "InternalHosts           refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf && \
  echo "KeyTable                refile:/etc/opendkim/KeyTable" >> /etc/opendkim.conf && \
  echo "SigningTable            refile:/etc/opendkim/SigningTable" >> /etc/opendkim.conf && \
  echo "Socket                  inet:8891@localhost" >> /etc/opendkim.conf && \
  echo "RequireSafeKeys         false" >> /etc/opendkim.conf

#RUN /opt/editconf.py /etc/postfix/main.cf \
#smtp_tls_security_level=dane \
#smtp_dns_support_level=dnssec

VOLUME ["/var/spool/postfix/"]

CMD /install.sh;/usr/bin/supervisord -c /etc/supervisor/supervisord.conf