Merge branch 'dkim'

18724cb7 · Pierre Ozoux · b5db839b · 745e44fe · 18724cb7 · 18724cb7
Commit 18724cb7 authored 9 years ago by Pierre Ozoux
--- a/dockerfiles/email/postfix/Dockerfile
+++ b/dockerfiles/email/postfix/Dockerfile
@@ -6,7 +6,10 @@ RUN apt-get update && \
      postfix-pcre \
      postfix-mysql \
      supervisor \
-      ca-certificates && \
+      ca-certificates \
+      opendkim \
+      opendkim-tools \
+      opendmarc && \
    rm -rf /var/lib/apt/lists/*

 COPY install.sh /install.sh
@@ -14,6 +17,7 @@ COPY postfix_outgoing_mail_header_filters /etc/postfix/outgoing_mail_header_filt
 COPY virtual-mailbox-domains.cf /etc/postfix/virtual-mailbox-domains.cf
 COPY virtual-mailbox-maps.cf /etc/postfix/virtual-mailbox-maps.cf
 COPY virtual-alias-maps.cf /etc/postfix/virtual-alias-maps.cf
+COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf

 RUN \
  chmod u+x /install.sh && \
@@ -23,7 +27,7 @@ RUN \
    smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
    mydestination=localhost && \
  /opt/editconf.py /etc/postfix/master.cf -s -w \
-    "submission=inet n       -       -       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
+    "submission=inet n       -       -       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
  /opt/editconf.py /etc/postfix/master.cf -s -w \
    "authclean=unix  n       -       -       -       0       cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
 /opt/editconf.py /etc/postfix/main.cf \
@@ -55,7 +59,21 @@ RUN \
    virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \ 
    local_recipient_maps=\$virtual_mailbox_maps && \
  /opt/editconf.py /etc/postfix/main.cf \
-    mynetworks="127.0.0.0/8 172.17.42.0/24"
+    mynetworks="127.0.0.0/8 172.17.42.0/24" && \
+  /opt/editconf.py /etc/opendmarc.conf -s \
+    "Syslog=true" \
+    "Socket=inet:8893@[127.0.0.1]" && \
+  /opt/editconf.py /etc/postfix/main.cf \
+    "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
+    non_smtpd_milters=\$smtpd_milters \
+    milter_default_action=accept && \
+  echo "MinimumKeyBits          1024" >> /etc/opendkim && \
+  echo "ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+  echo "InternalHosts           refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+  echo "KeyTable                refile:/etc/opendkim/KeyTable" >> /etc/opendkim && \
+  echo "SigningTable            refile:/etc/opendkim/SigningTable" >> /etc/opendkim && \
+  echo "Socket                  inet:8891@localhost" >> /etc/opendkim && \
+  echo "RequireSafeKeys         false" >> /etc/opendkim

 #RUN /opt/editconf.py /etc/postfix/main.cf \
 #smtp_tls_security_level=dane \

--- a/dockerfiles/email/postfix/install.sh
+++ b/dockerfiles/email/postfix/install.sh
@@ -16,18 +16,10 @@ sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf

 /opt/mysql-check.sh

-chown -R postfix:postfix /var/spool/postfix/dovecot
-
-#supervisor
-cat > /etc/supervisor/conf.d/supervisord.conf <<EOF
-[supervisord]
-nodaemon=true
+if [ ! -f /etc/opendkim/TrustedHosts ]; then
+  mkdir -p /etc/opendkim
+  echo "127.0.0.1" > /etc/opendkim/TrustedHosts
+fi

-[program:postfix]
-process_name = master
-command = /etc/init.d/postfix start
-startsecs = 0
-autorestart = false
-
-EOF
+chown -R postfix:postfix /var/spool/postfix/dovecot

--- a/dockerfiles/email/postfix/supervisord.conf
+++ b/dockerfiles/email/postfix/supervisord.conf
+[supervisord]
+nodaemon=true
+
+[program:postfix]
+process_name = postfix
+command = /etc/init.d/postfix start
+startsecs = 0
+autorestart = false
+
+[program:opendkim]
+process_name = opendkim
+command = /etc/init.d/opendkim start
+startsecs = 0
+autorestart = false
+
+[program:opendmarc]
+process_name = opendmarc
+command = /etc/init.d/opendmarc start
+startsecs = 0
+autorestart = false
+
--- a/dockerfiles/load-balancer/haproxy/README.md
+++ b/dockerfiles/load-balancer/haproxy/README.md
@@ -9,7 +9,7 @@ docker run\
  -v /haproxy-config:/etc/haproxy\
  -p 80:80\
  -p 443:443\
-  pierreozoux/haproxy
+  indiepaas/haproxy
 ```

-Have a look to [pierreozoux/confd](https://registry.hub.docker.com/u/pierreozoux/confd/) to have automatic configuration of HAproxy backed by `etcd` or `consul`.
+Have a look to [indiepaas/confd](https://registry.hub.docker.com/u/indiepaas/confd/) to have automatic configuration of HAproxy backed by `etcd` or `consul`.
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -19,7 +19,7 @@ docker pull ibuildthecloud/systemd-docker
 # Create Directory structure
 mkdir -p /data/domains
 mkdir -p /data/runtime/haproxy/approved-certs
-git clone https://github.com/pierreozoux/IndiePaaS.git /data/indiehosters
+git clone https://github.com/indiepaas/IndiePaaS.git /data/indiehosters

 # Install unit-files
 cp /data/indiehosters/unit-files/* /etc/systemd/system && systemctl daemon-reload

--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/docker run \
  -v /data/runtime/postfix:/data \
  -v /data/runtime/mail:/var/mail \
  -v /data/domains/mail/TLS:/ssl \
+  -v /data/domains/mail/opendkim:/etc/opendkim \
  --volumes-from=dovecot \
  -p 25:25 \
  -p 587:587 \

--- a/utils/add_email_to.sh
+++ b/utils/add_email_to.sh
 #!/bin/bash -ex

-DOMAIN=$1
+EMAIL=$1
 PASSWORD=`echo $RANDOM date | md5sum | base64 | cut -c-10`
 MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`

+DOMAIN=$(echo ${EMAIL} | cut -f2 -d@)
+
 /usr/bin/docker run \
  --rm \
  --name add_email_support_to_$DOMAIN \
  --link mysql-mail:db \
-  pierreozoux/mysql \
+  indiepaas/mysql \
    mysql \
      -uadmin \
      -p$MYSQL_PASS \
      -h db \
-        -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');" \
        -e "INSERT INTO servermail.virtual_users (domain_id, password , email) \
          VALUES( \
            (SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
            ENCRYPT('$PASSWORD', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), \
-            'contact@$DOMAIN');"
+            '$EMAIL');"
+
+echo "Email added with success"
+echo "Pass: $PASSWORD"
+

--- a/utils/add_email_alias.sh
+++ b/utils/add_email_alias.sh
@@ -9,7 +9,7 @@ MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
  --rm \
  --name add_email_support_to_$DOMAIN \
  --link mysql-mail:db \
-  pierreozoux/mysql \
+  indiepaas/mysql \
    mysql \
      -uadmin \
      -p$MYSQL_PASS \

--- a/utils/add_email_support.sh
+++ b/utils/add_email_support.sh
+#!/bin/bash -ex
+
+DOMAIN=$1
+MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+
+/usr/bin/docker run \
+  --rm \
+  --name add_email_support_to_$DOMAIN \
+  --link mysql-mail:db \
+  indiepaas/mysql \
+    mysql \
+      -uadmin \
+      -p$MYSQL_PASS \
+      -h db \
+        -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');"
+
+mkdir -p /data/domains/mail/opendkim/keys/$DOMAIN
+
+/usr/bin/docker run \
+  --rm \
+  --name opendkim-genkey \
+  indiepaas/postfix \
+    /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$DOMAIN/ -d $DOMAIN -s mail && chown -R opendkim: /etc/opendkim/keys
+
+mv /data/domains/mail/opendkim/keys/$DOMAIN/mail.private /data/domains/mail/opendkim/keys/$DOMAIN/mail
+
+echo mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail >> /data/domains/mail/opendkim/KeyTable
+
+echo *@$DOMAIN mail._domainkey.$DOMAIN >> /data/domains/mail/opendkim/SigningTable
+
+echo $DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+echo galaxy.$DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+
+echo "Domain installed with success."
+echo "Please add the followig records to it's DNS."
+
+cat /data/domains/mail/opendkim/keys/$DOMAIN/mail.txt
+
+echo "And don't forget spf :)"
+