From 03e6e982755e35bed10df9a6947e3308ffe1d170 Mon Sep 17 00:00:00 2001 From: pierreozoux <pierre@ozoux.net> Date: Thu, 5 Mar 2015 17:30:46 +0000 Subject: [PATCH] Upgrades postfix --- dockerfiles/email/postfix/Dockerfile | 74 +++++++++++++++---- dockerfiles/email/postfix/install.sh | 42 +++++------ .../postfix_outgoing_mail_header_filters | 11 +++ .../email/postfix/virtual-alias-maps.cf | 6 ++ .../email/postfix/virtual-mailbox-domains.cf | 6 ++ .../email/postfix/virtual-mailbox-maps.cf | 6 ++ unit-files/postfix.service | 11 ++- 7 files changed, 114 insertions(+), 42 deletions(-) mode change 100755 => 100644 dockerfiles/email/postfix/install.sh create mode 100644 dockerfiles/email/postfix/postfix_outgoing_mail_header_filters create mode 100644 dockerfiles/email/postfix/virtual-alias-maps.cf create mode 100644 dockerfiles/email/postfix/virtual-mailbox-domains.cf create mode 100644 dockerfiles/email/postfix/virtual-mailbox-maps.cf diff --git a/dockerfiles/email/postfix/Dockerfile b/dockerfiles/email/postfix/Dockerfile index a6ba749..f6c317b 100644 --- a/dockerfiles/email/postfix/Dockerfile +++ b/dockerfiles/email/postfix/Dockerfile @@ -1,25 +1,67 @@ -FROM debian:jessie +FROM pierreozoux/base-email -# Borrows from https://registry.hub.docker.com/u/previousnext/postfix -# Borrows from https://registry.hub.docker.com/u/catatnight/postfix +RUN apt-get update && \ + apt-get install -q -y \ + postfix \ + postfix-pcre \ + postfix-mysql \ + supervisor \ + ca-certificates && \ + rm -rf /var/lib/apt/lists/* -ENV DEBIAN_FRONTEND noninteractive -RUN apt-get update \ - && echo "postfix postfix/main_mailer_type string 'Internet site'" | debconf-set-selections \ - && echo "postfix postfix/mailname string 'HOSTNAME.EXAMPLE.COM'" | debconf-set-selections \ - && echo "postfix postfix/root_address string 'ROOTMAIL@EXAMPLE.COM'" | debconf-set-selections \ - && apt-get install -q -y \ - postfix \ - supervisor \ - && rm -rf /var/lib/apt/lists/* +COPY install.sh /install.sh +COPY postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filters +COPY virtual-mailbox-domains.cf /etc/postfix/virtual-mailbox-domains.cf +COPY virtual-mailbox-maps.cf /etc/postfix/virtual-mailbox-maps.cf +COPY virtual-alias-maps.cf /etc/postfix/virtual-alias-maps.cf -COPY install.sh install.sh +RUN \ + chmod u+x /install.sh && \ + /opt/editconf.py /etc/postfix/main.cf \ + inet_interfaces=all \ + myhostname=##HOSTNAME##\ + smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \ + mydestination=localhost && \ + /opt/editconf.py /etc/postfix/master.cf -s -w \ + "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \ + /opt/editconf.py /etc/postfix/master.cf -s -w \ + "authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_tls_security_level=may\ + smtpd_tls_auth_only=yes \ + smtpd_tls_cert_file=/ssl/ssl_certificate.pem \ + smtpd_tls_key_file=/ssl/ssl_private_key.pem \ + smtpd_tls_dh1024_param_file=/ssl/dh2048.pem \ + smtpd_tls_received_header=yes && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_relay_restrictions=permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt \ + smtp_tls_loglevel=2 && \ + /opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:[127.0.0.1]:10025 && \ + /opt/editconf.py /etc/postfix/main.cf virtual_transport=lmtp:unix:dovecot/lmtp && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_sender_restrictions="reject_non_fqdn_sender,reject_unknown_sender_domain,reject_rhsbl_sender dbl.spamhaus.org" \ + smtpd_recipient_restrictions=permit_sasl_authenticated,permit_mynetworks,"reject_rbl_client zen.spamhaus.org",reject_unlisted_recipient && \ + /opt/editconf.py /etc/postfix/main.cf \ + message_size_limit=134217728 && \ + /opt/editconf.py /etc/postfix/main.cf \ + smtpd_sasl_type=dovecot \ + smtpd_sasl_path=dovecot/auth \ + smtpd_sasl_auth_enable=yes && \ + /opt/editconf.py /etc/postfix/main.cf \ + virtual_mailbox_domains=mysql:/etc/postfix/virtual-mailbox-domains.cf \ + virtual_mailbox_maps=mysql:/etc/postfix/virtual-mailbox-maps.cf \ + virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \ + local_recipient_maps=\$virtual_mailbox_maps && \ + /opt/editconf.py /etc/postfix/main.cf \ + mynetworks="127.0.0.0/8 172.17.42.0/24" -RUN chmod 755 /install.sh +#RUN /opt/editconf.py /etc/postfix/main.cf \ +#smtp_tls_security_level=dane \ +#smtp_dns_support_level=dnssec VOLUME ["/var/spool/postfix/"] -EXPOSE 25 - CMD /install.sh;/usr/bin/supervisord -c /etc/supervisor/supervisord.conf diff --git a/dockerfiles/email/postfix/install.sh b/dockerfiles/email/postfix/install.sh old mode 100755 new mode 100644 index d08694b..d4d7633 --- a/dockerfiles/email/postfix/install.sh +++ b/dockerfiles/email/postfix/install.sh @@ -1,9 +1,22 @@ -#!/bin/bash +#!/bin/bash -eux -#judgement -if [[ -a /etc/supervisor/conf.d/supervisord.conf ]]; then - exit 0 -fi +export DB_PORT=3306 +export DB_HOST=db +export DB_USER=admin +echo $HOSTNAME + +sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-mailbox-domains.cf +sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-mailbox-domains.cf +sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-mailbox-maps.cf +sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-mailbox-maps.cf +sed -i "s/##DB_USER##/$DB_USER/" /etc/postfix/virtual-alias-maps.cf +sed -i "s/##DB_PASS##/$DB_PASS/" /etc/postfix/virtual-alias-maps.cf +sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/virtual-alias-maps.cf +sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf + +/opt/mysql-check.sh + +chown -R postfix:postfix /var/spool/postfix/dovecot #supervisor cat > /etc/supervisor/conf.d/supervisord.conf <<EOF @@ -18,22 +31,3 @@ autorestart = false EOF -# put the same FQDN in /data/hostname and in reverse DNS -# for the public IP address on which this server will be -# receiving smtp traffic. -cp /data/hostname /etc/mailname -/usr/sbin/postconf -e "myhostname=`cat /data/hostname`" - -# put all relevant domains in /data/destinations. -/usr/sbin/postconf -e "virtual_alias_domains=`cat /data/destinations`" - -# put your forwarding addresses in /data/forwards. -cp /data/forwards /etc/postfix/virtual -/usr/sbin/postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" - -# accept mails from docker networked machines: -/usr/sbin/postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.42.0/24" - -# configure virtual -postmap /etc/postfix/virtual - diff --git a/dockerfiles/email/postfix/postfix_outgoing_mail_header_filters b/dockerfiles/email/postfix/postfix_outgoing_mail_header_filters new file mode 100644 index 0000000..f1d00fc --- /dev/null +++ b/dockerfiles/email/postfix/postfix_outgoing_mail_header_filters @@ -0,0 +1,11 @@ +# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header +# because OpenDKIM requires that a header be present when signing outbound mail. The first line is +# where the user's home IP address would be. +/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (unknown [127.0.0.1])$1 + +# Remove other typically private information. +/^\s*User-Agent:/ IGNORE +/^\s*X-Enigmail:/ IGNORE +/^\s*X-Mailer:/ IGNORE +/^\s*X-Originating-IP:/ IGNORE + diff --git a/dockerfiles/email/postfix/virtual-alias-maps.cf b/dockerfiles/email/postfix/virtual-alias-maps.cf new file mode 100644 index 0000000..0508510 --- /dev/null +++ b/dockerfiles/email/postfix/virtual-alias-maps.cf @@ -0,0 +1,6 @@ +user = ##DB_USER## +password = ##DB_PASS## +hosts = db +dbname = servermail +query = SELECT destination FROM virtual_aliases WHERE source='%s' + diff --git a/dockerfiles/email/postfix/virtual-mailbox-domains.cf b/dockerfiles/email/postfix/virtual-mailbox-domains.cf new file mode 100644 index 0000000..ed53fb6 --- /dev/null +++ b/dockerfiles/email/postfix/virtual-mailbox-domains.cf @@ -0,0 +1,6 @@ +user = ##DB_USER## +password = ##DB_PASS## +hosts = db +dbname = servermail +query = SELECT 1 FROM virtual_domains WHERE name='%s' + diff --git a/dockerfiles/email/postfix/virtual-mailbox-maps.cf b/dockerfiles/email/postfix/virtual-mailbox-maps.cf new file mode 100644 index 0000000..fb98758 --- /dev/null +++ b/dockerfiles/email/postfix/virtual-mailbox-maps.cf @@ -0,0 +1,6 @@ +user = ##DB_USER## +password = ##DB_PASS## +hosts = db +dbname = servermail +query = SELECT 1 FROM virtual_users WHERE email='%s' + diff --git a/unit-files/postfix.service b/unit-files/postfix.service index f321094..532dd05 100644 --- a/unit-files/postfix.service +++ b/unit-files/postfix.service @@ -3,10 +3,12 @@ Description=%p # Requirements Requires=docker.service +Requires=dovecot.service # Dependency ordering After=docker.service After=rsyslog.service +After=dovecot.service [Service] Restart=always @@ -17,10 +19,15 @@ ExecStartPre=-/usr/bin/docker rm %p ExecStart=/usr/bin/docker run \ --rm \ --name %p \ + --env-file=/data/domains/mail/.env \ -v /data/runtime/dev/log:/dev/log \ - -v /data/runtime/postfix/:/data \ - -v /data/runtime/postfix-spool/:/var/spool/postfix \ + -v /data/runtime/postfix:/data \ + -v /data/runtime/mail:/var/mail \ + -v /data/domains/mail/TLS:/ssl \ + --volumes-from=dovecot \ -p 25:25 \ + -p 587:587 \ + -link=mysql-mail:db \ pierreozoux/postfix ExecReload=/usr/bin/docker restart %p ExecStop=/usr/bin/docker stop %p -- GitLab