From e34d7dacdcfb9947856d4fd56ebf62b96b0b326e Mon Sep 17 00:00:00 2001
From: pierreozoux <pierre@ozoux.net>
Date: Fri, 3 Apr 2015 09:40:42 +0100
Subject: [PATCH] Adds opendkim and opendmarc
---
dockerfiles/email/postfix/Dockerfile | 23 ++++++++++++--
dockerfiles/email/postfix/install.sh | 7 +++--
unit-files/postfix.service | 1 +
utils/{add_email_to.sh => add_email.sh} | 13 +++++---
utils/add_email_alias.sh | 2 +-
utils/add_email_support.sh | 40 +++++++++++++++++++++++++
6 files changed, 76 insertions(+), 10 deletions(-)
rename utils/{add_email_to.sh => add_email.sh} (79%)
create mode 100755 utils/add_email_support.sh
diff --git a/dockerfiles/email/postfix/Dockerfile b/dockerfiles/email/postfix/Dockerfile
index 73b9ee1..5fb169a 100644
--- a/dockerfiles/email/postfix/Dockerfile
+++ b/dockerfiles/email/postfix/Dockerfile
@@ -6,7 +6,10 @@ RUN apt-get update && \
postfix-pcre \
postfix-mysql \
supervisor \
- ca-certificates && \
+ ca-certificates \
+ opendkim \
+ opendkim-tools \
+ opendmarc && \
rm -rf /var/lib/apt/lists/*
COPY install.sh /install.sh
@@ -24,7 +27,7 @@ RUN \
smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
mydestination=localhost && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
- "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
+ "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
"authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
/opt/editconf.py /etc/postfix/main.cf \
@@ -56,7 +59,21 @@ RUN \
virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \
local_recipient_maps=\$virtual_mailbox_maps && \
/opt/editconf.py /etc/postfix/main.cf \
- mynetworks="127.0.0.0/8 172.17.42.0/24"
+ mynetworks="127.0.0.0/8 172.17.42.0/24" && \
+ /opt/editconf.py /etc/opendmarc.conf -s \
+ "Syslog=true" \
+ "Socket=inet:8893@[127.0.0.1]" && \
+ /opt/editconf.py /etc/postfix/main.cf \
+ "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
+ non_smtpd_milters=\$smtpd_milters \
+ milter_default_action=accept && \
+ echo "MinimumKeyBits 1024" >> /etc/opendkim && \
+ echo "ExternalIgnoreList refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+ echo "InternalHosts refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+ echo "KeyTable refile:/etc/opendkim/KeyTable" >> /etc/opendkim && \
+ echo "SigningTable refile:/etc/opendkim/SigningTable" >> /etc/opendkim && \
+ echo "Socket inet:8891@localhost" >> /etc/opendkim && \
+ echo "RequireSafeKeys false" >> /etc/opendkim
#RUN /opt/editconf.py /etc/postfix/main.cf \
#smtp_tls_security_level=dane \
diff --git a/dockerfiles/email/postfix/install.sh b/dockerfiles/email/postfix/install.sh
index d62a5ad..f7cb48b 100644
--- a/dockerfiles/email/postfix/install.sh
+++ b/dockerfiles/email/postfix/install.sh
@@ -16,7 +16,10 @@ sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf
/opt/mysql-check.sh
-chown -R postfix:postfix /var/spool/postfix/dovecot
+if [ ! -f /etc/opendkim/TrustedHosts ]; then
+ mkdir -p /etc/opendkim
+ echo "127.0.0.1" > /etc/opendkim/TrustedHosts
+fi
-EOF
+chown -R postfix:postfix /var/spool/postfix/dovecot
diff --git a/unit-files/postfix.service b/unit-files/postfix.service
index 99f821c..cf470f5 100644
--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/docker run \
-v /data/runtime/postfix:/data \
-v /data/runtime/mail:/var/mail \
-v /data/domains/mail/TLS:/ssl \
+ -v /data/domains/mail/opendkim:/etc/opendkim \
--volumes-from=dovecot \
-p 25:25 \
-p 587:587 \
diff --git a/utils/add_email_to.sh b/utils/add_email.sh
similarity index 79%
rename from utils/add_email_to.sh
rename to utils/add_email.sh
index ffb79f6..7db0d0d 100755
--- a/utils/add_email_to.sh
+++ b/utils/add_email.sh
@@ -1,22 +1,27 @@
#!/bin/bash -ex
-DOMAIN=$1
+EMAIL=$1
PASSWORD=`echo $RANDOM date | md5sum | base64 | cut -c-10`
MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+DOMAIN=$(echo ${EMAIL} | cut -f2 -d@)
+
/usr/bin/docker run \
--rm \
--name add_email_support_to_$DOMAIN \
--link mysql-mail:db \
- pierreozoux/mysql \
+ indiepaas/mysql \
mysql \
-uadmin \
-p$MYSQL_PASS \
-h db \
- -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');" \
-e "INSERT INTO servermail.virtual_users (domain_id, password , email) \
VALUES( \
(SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
ENCRYPT('$PASSWORD', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), \
- 'contact@$DOMAIN');"
+ '$EMAIL');"
+
+echo "Email added with success"
+echo "Pass: $PASSWORD"
+
diff --git a/utils/add_email_alias.sh b/utils/add_email_alias.sh
index 60036b2..5bd7ab1 100755
--- a/utils/add_email_alias.sh
+++ b/utils/add_email_alias.sh
@@ -9,7 +9,7 @@ MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
--rm \
--name add_email_support_to_$DOMAIN \
--link mysql-mail:db \
- pierreozoux/mysql \
+ indiepaas/mysql \
mysql \
-uadmin \
-p$MYSQL_PASS \
diff --git a/utils/add_email_support.sh b/utils/add_email_support.sh
new file mode 100755
index 0000000..3c8643f
--- /dev/null
+++ b/utils/add_email_support.sh
@@ -0,0 +1,40 @@
+#!/bin/bash -ex
+
+DOMAIN=$1
+MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+
+/usr/bin/docker run \
+ --rm \
+ --name add_email_support_to_$DOMAIN \
+ --link mysql-mail:db \
+ indiepaas/mysql \
+ mysql \
+ -uadmin \
+ -p$MYSQL_PASS \
+ -h db \
+ -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');"
+
+mkdir -p /data/domains/mail/opendkim/keys/$DOMAIN
+
+/usr/bin/docker run \
+ --rm \
+ --name opendkim-genkey \
+ indiepaas/postfix \
+ /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$DOMAIN/ -d $DOMAIN -s mail && chown -R opendkim: /etc/opendkim/keys
+
+mv /data/domains/mail/opendkim/keys/$DOMAIN/mail.private /data/domains/mail/opendkim/keys/$DOMAIN/mail
+
+echo mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail >> /data/domains/mail/opendkim/KeyTable
+
+echo *@$DOMAIN mail._domainkey.$DOMAIN >> /data/domains/mail/opendkim/SigningTable
+
+echo $DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+echo galaxy.$DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+
+echo "Domain installed with success."
+echo "Please add the followig records to it's DNS."
+
+cat /data/domains/mail/opendkim/keys/$DOMAIN/mail.txt
+
+echo "And don't forget spf :)"
+
--
GitLab