diff --git a/dockerfiles/email/postfix/Dockerfile b/dockerfiles/email/postfix/Dockerfile index a6ba749ce083ec41e36dfb49b3d2e0d23b028dd1..f6c317ba2bc0c7f0bac9c53c45598ad78e8f376f 100644 --- a/dockerfiles/email/postfix/Dockerfile +++ b/dockerfiles/email/postfix/Dockerfile @@ -1,25 +1,67 @@ -FROM debian:jessie +FROM pierreozoux/base-email -# Borrows from https://registry.hub.docker.com/u/previousnext/postfix -# Borrows from https://registry.hub.docker.com/u/catatnight/postfix +RUN apt-get update && \ + apt-get install -q -y \ + postfix \ + postfix-pcre \ + postfix-mysql \ + supervisor \ + ca-certificates && \ + rm -rf /var/lib/apt/lists/* -ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update \ - && echo "postfix postfix/main_mailer_type string 'Internet site'" | debconf-set-selections \ - && echo "postfix postfix/mailname string 'HOSTNAME.EXAMPLE.COM'" | debconf-set-selections \ - && echo "postfix postfix/root_address string 'ROOTMAIL@EXAMPLE.COM'" | debconf-set-selections \ - && apt-get install -q -y \ - postfix \ - supervisor \ - && rm -rf /var/lib/apt/lists/* +COPY install.sh /install.sh +COPY postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters +COPY virtual-mailbox-domains.cf /etc/postfix/virtual-mailbox-domains.cf +COPY virtual-mailbox-maps.cf /etc/postfix/virtual-mailbox-maps.cf +COPY virtual-alias-maps.cf /etc/postfix/virtual-alias-maps.cf -COPY install.sh install.sh +RUN \ + chmod u+x /install.sh && \ + /opt/editconf.py /etc/postfix/main.cf \ + inet_interfaces=all \ + myhostname=##HOSTNAME##\ + smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \ + mydestination=localhost && \ + /opt/editconf.py /etc/postfix/master.cf -s -w \ + "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \ + /opt/editconf.py /etc/postfix/master.cf -s -w \ + "authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_tls_security_level=may\ + smtpd_tls_auth_only=yes \ + smtpd_tls_cert_file=/ssl/ssl_certificate.pem \ + smtpd_tls_key_file=/ssl/ssl_private_key.pem \ + smtpd_tls_dh1024_param_file=/ssl/dh2048.pem \ + smtpd_tls_received_header=yes && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt \ + smtp_tls_loglevel=2 && \ + /opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025 && \ + /opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:unix:dovecot/lmtp && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_rhsbl_sender dbl.spamhaus.org" \ + smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient && \ + /opt/editconf.py /etc/postfix/main.cf \ + message_size_limit=134217728 && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_sasl_type=dovecot \ + smtpd_sasl_path=dovecot/auth \ + smtpd_sasl_auth_enable=yes && \ + /opt/editconf.py /etc/postfix/main.cf \ + virtual_mailbox_domains=mysql:/etc/postfix/virtual-mailbox-domains.cf \ + virtual_mailbox_maps=mysql:/etc/postfix/virtual-mailbox-maps.cf \ + virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \ + local_recipient_maps=\$virtual_mailbox_maps && \ + /opt/editconf.py /etc/postfix/main.cf \ + mynetworks="127.0.0.0/8 172.17.42.0/24" -RUN chmod 755 /install.sh +#RUN /opt/editconf.py /etc/postfix/main.cf \ +#smtp_tls_security_level=dane \ +#smtp_dns_support_level=dnssec VOLUME ["/var/spool/postfix/"] -EXPOSE 25 - CMD /install.sh;/usr/bin/supervisord -c /etc/supervisor/supervisord.conf diff --git a/dockerfiles/email/postfix/install.sh b/dockerfiles/email/postfix/install.sh old mode 100755 new mode 100644 index d08694bbf21030f3e351b0a51da2a5ff7e627396..d4d7633ba22fc13a6c1471f02104092a3f4f5d5d --- a/dockerfiles/email/postfix/install.sh +++ b/dockerfiles/email/postfix/install.sh @@ -1,9 +1,22 @@ -#!/bin/bash +#!/bin/bash -eux -#judgement -if [[ -a /etc/supervisor/conf.d/supervisord.conf ]]; then - exit 0 -fi +export DB_PORT=3306 +export DB_HOST=db +export DB_USER=admin +echo $HOSTNAME + +sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-mailbox-domains.cf +sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-mailbox-domains.cf +sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-mailbox-maps.cf +sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-mailbox-maps.cf +sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-alias-maps.cf +sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-alias-maps.cf +sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/virtual-alias-maps.cf +sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf + +/opt/mysql-check.sh + +chown -R postfix:postfix /var/spool/postfix/dovecot #supervisor cat > /etc/supervisor/conf.d/supervisord.conf <<EOF @@ -18,22 +31,3 @@ autorestart = false EOF -# put the same FQDN in /data/hostname and in reverse DNS -# for the public IP address on which this server will be -# receiving smtp traffic. -cp /data/hostname /etc/mailname -/usr/sbin/postconf -e "myhostname=`cat /data/hostname`" - -# put all relevant domains in /data/destinations. -/usr/sbin/postconf -e "virtual_alias_domains=`cat /data/destinations`" - -# put your forwarding addresses in /data/forwards. -cp /data/forwards /etc/postfix/virtual -/usr/sbin/postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" - -# accept mails from docker networked machines: -/usr/sbin/postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.42.0/24" - -# configure virtual -postmap /etc/postfix/virtual - diff --git a/dockerfiles/email/postfix/postfix_outgoing_mail_header_filters b/dockerfiles/email/postfix/postfix_outgoing_mail_header_filters new file mode 100644 index 0000000000000000000000000000000000000000..f1d00fc6fb3c6cb5dfcdf7976d57d780e82e6996 --- /dev/null +++ b/dockerfiles/email/postfix/postfix_outgoing_mail_header_filters @@ -0,0 +1,11 @@ +# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header +# because OpenDKIM requires that a header be present when signing outbound mail. The first line is +# where the user's home IP address would be. +/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (unknown [127.0.0.1])$1 + +# Remove other typically private information. +/^\s*User-Agent:/ IGNORE +/^\s*X-Enigmail:/ IGNORE +/^\s*X-Mailer:/ IGNORE +/^\s*X-Originating-IP:/ IGNORE + diff --git a/dockerfiles/email/postfix/virtual-alias-maps.cf b/dockerfiles/email/postfix/virtual-alias-maps.cf new file mode 100644 index 0000000000000000000000000000000000000000..050851077b558590c68f00fdfdad5f60211d8d32 --- /dev/null +++ b/dockerfiles/email/postfix/virtual-alias-maps.cf @@ -0,0 +1,6 @@ +user = ##DB_USER## +password = ##DB_PASS## +hosts = db +dbname = servermail +query = SELECT destination FROM virtual_aliases WHERE source='%s' + diff --git a/dockerfiles/email/postfix/virtual-mailbox-domains.cf b/dockerfiles/email/postfix/virtual-mailbox-domains.cf new file mode 100644 index 0000000000000000000000000000000000000000..ed53fb649e07aff4778dbc2749270c7dfd867abe --- /dev/null +++ b/dockerfiles/email/postfix/virtual-mailbox-domains.cf @@ -0,0 +1,6 @@ +user = ##DB_USER## +password = ##DB_PASS## +hosts = db +dbname = servermail +query = SELECT 1 FROM virtual_domains WHERE name='%s' + diff --git a/dockerfiles/email/postfix/virtual-mailbox-maps.cf b/dockerfiles/email/postfix/virtual-mailbox-maps.cf new file mode 100644 index 0000000000000000000000000000000000000000..fb98758106cd12c3d7842bdf047dbe3585a87042 --- /dev/null +++ b/dockerfiles/email/postfix/virtual-mailbox-maps.cf @@ -0,0 +1,6 @@ +user = ##DB_USER## +password = ##DB_PASS## +hosts = db +dbname = servermail +query = SELECT 1 FROM virtual_users WHERE email='%s' + diff --git a/unit-files/postfix.service b/unit-files/postfix.service index f321094858d49869cf4a60855b25f277477c79aa..532dd059f56c1bb67ff12aa03144e86836701344 100644 --- a/unit-files/postfix.service +++ b/unit-files/postfix.service @@ -3,10 +3,12 @@ Description=%p # Requirements Requires=docker.service +Requires=dovecot.service # Dependency ordering After=docker.service After=rsyslog.service +After=dovecot.service [Service] Restart=always @@ -17,10 +19,15 @@ ExecStartPre=-/usr/bin/docker rm %p ExecStart=/usr/bin/docker run \ --rm \ --name %p \ + --env-file=/data/domains/mail/.env \ -v /data/runtime/dev/log:/dev/log \ - -v /data/runtime/postfix/:/data \ - -v /data/runtime/postfix-spool/:/var/spool/postfix \ + -v /data/runtime/postfix:/data \ + -v /data/runtime/mail:/var/mail \ + -v /data/domains/mail/TLS:/ssl \ + --volumes-from=dovecot \ -p 25:25 \ + -p 587:587 \ + -link=mysql-mail:db \ pierreozoux/postfix ExecReload=/usr/bin/docker restart %p ExecStop=/usr/bin/docker stop %p