diff --git a/dockerfiles/email/postfix/Dockerfile b/dockerfiles/email/postfix/Dockerfile
index 3f211dc5ba91836468ce56f6d98d5764ae606853..5fb169afd91eea0927803eb2d6730b383bff2e2b 100644
--- a/dockerfiles/email/postfix/Dockerfile
+++ b/dockerfiles/email/postfix/Dockerfile
@@ -6,7 +6,10 @@ RUN apt-get update && \
postfix-pcre \
postfix-mysql \
supervisor \
- ca-certificates && \
+ ca-certificates \
+ opendkim \
+ opendkim-tools \
+ opendmarc && \
rm -rf /var/lib/apt/lists/*
COPY install.sh /install.sh
@@ -14,6 +17,7 @@ COPY postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filt
COPY virtual-mailbox-domains.cf /etc/postfix/virtual-mailbox-domains.cf
COPY virtual-mailbox-maps.cf /etc/postfix/virtual-mailbox-maps.cf
COPY virtual-alias-maps.cf /etc/postfix/virtual-alias-maps.cf
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN \
chmod u+x /install.sh && \
@@ -23,7 +27,7 @@ RUN \
smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
mydestination=localhost && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
- "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
+ "submission=inet n - - - - smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
/opt/editconf.py /etc/postfix/master.cf -s -w \
"authclean=unix n - - - 0 cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
/opt/editconf.py /etc/postfix/main.cf \
@@ -55,7 +59,21 @@ RUN \
virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \
local_recipient_maps=\$virtual_mailbox_maps && \
/opt/editconf.py /etc/postfix/main.cf \
- mynetworks="127.0.0.0/8 172.17.42.0/24"
+ mynetworks="127.0.0.0/8 172.17.42.0/24" && \
+ /opt/editconf.py /etc/opendmarc.conf -s \
+ "Syslog=true" \
+ "Socket=inet:8893@[127.0.0.1]" && \
+ /opt/editconf.py /etc/postfix/main.cf \
+ "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
+ non_smtpd_milters=\$smtpd_milters \
+ milter_default_action=accept && \
+ echo "MinimumKeyBits 1024" >> /etc/opendkim && \
+ echo "ExternalIgnoreList refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+ echo "InternalHosts refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+ echo "KeyTable refile:/etc/opendkim/KeyTable" >> /etc/opendkim && \
+ echo "SigningTable refile:/etc/opendkim/SigningTable" >> /etc/opendkim && \
+ echo "Socket inet:8891@localhost" >> /etc/opendkim && \
+ echo "RequireSafeKeys false" >> /etc/opendkim
#RUN /opt/editconf.py /etc/postfix/main.cf \
#smtp_tls_security_level=dane \
diff --git a/dockerfiles/email/postfix/install.sh b/dockerfiles/email/postfix/install.sh
index d4d7633ba22fc13a6c1471f02104092a3f4f5d5d..f7cb48b1681978d0fd68f1316ed11f449e9b9eb4 100644
--- a/dockerfiles/email/postfix/install.sh
+++ b/dockerfiles/email/postfix/install.sh
@@ -16,18 +16,10 @@ sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf
/opt/mysql-check.sh
-chown -R postfix:postfix /var/spool/postfix/dovecot
-
-#supervisor
-cat > /etc/supervisor/conf.d/supervisord.conf <<EOF
-[supervisord]
-nodaemon=true
+if [ ! -f /etc/opendkim/TrustedHosts ]; then
+ mkdir -p /etc/opendkim
+ echo "127.0.0.1" > /etc/opendkim/TrustedHosts
+fi
-[program:postfix]
-process_name = master
-command = /etc/init.d/postfix start
-startsecs = 0
-autorestart = false
-
-EOF
+chown -R postfix:postfix /var/spool/postfix/dovecot
diff --git a/dockerfiles/email/postfix/supervisord.conf b/dockerfiles/email/postfix/supervisord.conf
new file mode 100644
index 0000000000000000000000000000000000000000..51213337a301310c2509c898a4c1ffb779e79b74
--- /dev/null
+++ b/dockerfiles/email/postfix/supervisord.conf
@@ -0,0 +1,21 @@
+[supervisord]
+nodaemon=true
+
+[program:postfix]
+process_name = postfix
+command = /etc/init.d/postfix start
+startsecs = 0
+autorestart = false
+
+[program:opendkim]
+process_name = opendkim
+command = /etc/init.d/opendkim start
+startsecs = 0
+autorestart = false
+
+[program:opendmarc]
+process_name = opendmarc
+command = /etc/init.d/opendmarc start
+startsecs = 0
+autorestart = false
+
diff --git a/dockerfiles/load-balancer/haproxy/README.md b/dockerfiles/load-balancer/haproxy/README.md
index e98557c38c5c9d58239851f57793549bbb04fbf0..801db3c2bd7ac0d9867a19b8f10ffc359521b695 100644
--- a/dockerfiles/load-balancer/haproxy/README.md
+++ b/dockerfiles/load-balancer/haproxy/README.md
@@ -9,7 +9,7 @@ docker run\
-v /haproxy-config:/etc/haproxy\
-p 80:80\
-p 443:443\
- pierreozoux/haproxy
+ indiepaas/haproxy
```
-Have a look to [pierreozoux/confd](https://registry.hub.docker.com/u/pierreozoux/confd/) to have automatic configuration of HAproxy backed by `etcd` or `consul`.
+Have a look to [indiepaas/confd](https://registry.hub.docker.com/u/indiepaas/confd/) to have automatic configuration of HAproxy backed by `etcd` or `consul`.
diff --git a/scripts/install.sh b/scripts/install.sh
index fa50658d5a0586c4f54abc73df446566751549e7..33ed94e996efa55a9c71b2c2270a0dc9b8d544e5 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -19,7 +19,7 @@ docker pull ibuildthecloud/systemd-docker
# Create Directory structure
mkdir -p /data/domains
mkdir -p /data/runtime/haproxy/approved-certs
-git clone https://github.com/pierreozoux/IndiePaaS.git /data/indiehosters
+git clone https://github.com/indiepaas/IndiePaaS.git /data/indiehosters
# Install unit-files
cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-reload
diff --git a/unit-files/postfix.service b/unit-files/postfix.service
index 99f821c51b88f60dacfac47e537ec565d5f8fa39..cf470f50a39e920d885c078cbd3c05c638e3495a 100644
--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/docker run \
-v /data/runtime/postfix:/data \
-v /data/runtime/mail:/var/mail \
-v /data/domains/mail/TLS:/ssl \
+ -v /data/domains/mail/opendkim:/etc/opendkim \
--volumes-from=dovecot \
-p 25:25 \
-p 587:587 \
diff --git a/utils/add_email_to.sh b/utils/add_email.sh
similarity index 79%
rename from utils/add_email_to.sh
rename to utils/add_email.sh
index ffb79f695115737b60e6905176b7736058e1fb05..7db0d0d1ecf213580c569597a2b6454f9bb6aca1 100755
--- a/utils/add_email_to.sh
+++ b/utils/add_email.sh
@@ -1,22 +1,27 @@
#!/bin/bash -ex
-DOMAIN=$1
+EMAIL=$1
PASSWORD=`echo $RANDOM date | md5sum | base64 | cut -c-10`
MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+DOMAIN=$(echo ${EMAIL} | cut -f2 -d@)
+
/usr/bin/docker run \
--rm \
--name add_email_support_to_$DOMAIN \
--link mysql-mail:db \
- pierreozoux/mysql \
+ indiepaas/mysql \
mysql \
-uadmin \
-p$MYSQL_PASS \
-h db \
- -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');" \
-e "INSERT INTO servermail.virtual_users (domain_id, password , email) \
VALUES( \
(SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
ENCRYPT('$PASSWORD', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), \
- 'contact@$DOMAIN');"
+ '$EMAIL');"
+
+echo "Email added with success"
+echo "Pass: $PASSWORD"
+
diff --git a/utils/add_email_alias.sh b/utils/add_email_alias.sh
index 60036b242cfcff01739e7babc4badc70ebff804e..5bd7ab160e62874ef57d34e7bdf48b1d266b2e1e 100755
--- a/utils/add_email_alias.sh
+++ b/utils/add_email_alias.sh
@@ -9,7 +9,7 @@ MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
--rm \
--name add_email_support_to_$DOMAIN \
--link mysql-mail:db \
- pierreozoux/mysql \
+ indiepaas/mysql \
mysql \
-uadmin \
-p$MYSQL_PASS \
diff --git a/utils/add_email_support.sh b/utils/add_email_support.sh
new file mode 100755
index 0000000000000000000000000000000000000000..3c8643fd934534992e2a0be53615ac9970225096
--- /dev/null
+++ b/utils/add_email_support.sh
@@ -0,0 +1,40 @@
+#!/bin/bash -ex
+
+DOMAIN=$1
+MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+
+/usr/bin/docker run \
+ --rm \
+ --name add_email_support_to_$DOMAIN \
+ --link mysql-mail:db \
+ indiepaas/mysql \
+ mysql \
+ -uadmin \
+ -p$MYSQL_PASS \
+ -h db \
+ -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');"
+
+mkdir -p /data/domains/mail/opendkim/keys/$DOMAIN
+
+/usr/bin/docker run \
+ --rm \
+ --name opendkim-genkey \
+ indiepaas/postfix \
+ /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$DOMAIN/ -d $DOMAIN -s mail && chown -R opendkim: /etc/opendkim/keys
+
+mv /data/domains/mail/opendkim/keys/$DOMAIN/mail.private /data/domains/mail/opendkim/keys/$DOMAIN/mail
+
+echo mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail >> /data/domains/mail/opendkim/KeyTable
+
+echo *@$DOMAIN mail._domainkey.$DOMAIN >> /data/domains/mail/opendkim/SigningTable
+
+echo $DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+echo galaxy.$DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+
+echo "Domain installed with success."
+echo "Please add the followig records to it's DNS."
+
+cat /data/domains/mail/opendkim/keys/$DOMAIN/mail.txt
+
+echo "And don't forget spf :)"
+