Adds opendkim and opendmarc

e34d7dac · Pierre Ozoux · d97aa9d3 · e34d7dac · e34d7dac · e34d7dac
Commit e34d7dac authored 10 years ago by Pierre Ozoux
--- a/dockerfiles/email/postfix/Dockerfile
+++ b/dockerfiles/email/postfix/Dockerfile
@@ -6,7 +6,10 @@ RUN apt-get update && \
      postfix-pcre \
      postfix-mysql \
      supervisor \
-      ca-certificates && \
+      ca-certificates \
+      opendkim \
+      opendkim-tools \
+      opendmarc && \
    rm -rf /var/lib/apt/lists/*

 COPY install.sh /install.sh
@@ -24,7 +27,7 @@ RUN \
    smtpd_banner="\$myhostname ESMTP Hi, I'm a hosted by an IndieHoster (Debian/Postfix; see https://indiehosters.net/)" \
    mydestination=localhost && \
  /opt/editconf.py /etc/postfix/master.cf -s -w \
-    "submission=inet n       -       -       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
+    "submission=inet n       -       -       -       -       smtpd -o syslog_name=postfix/submission -o smtpd_milters=inet:127.0.0.1:8891 -o smtpd_tls_ciphers=high -o smtpd_tls_protocols=!SSLv2,!SSLv3 -o cleanup_service_name=authclean" && \
  /opt/editconf.py /etc/postfix/master.cf -s -w \
    "authclean=unix  n       -       -       -       0       cleanup -o header_checks=pcre:/etc/postfix/outgoing_mail_header_filters" && \
 /opt/editconf.py /etc/postfix/main.cf \
@@ -56,7 +59,21 @@ RUN \
    virtual_alias_maps=mysql:/etc/postfix/virtual-alias-maps.cf \ 
    local_recipient_maps=\$virtual_mailbox_maps && \
  /opt/editconf.py /etc/postfix/main.cf \
-    mynetworks="127.0.0.0/8 172.17.42.0/24"
+    mynetworks="127.0.0.0/8 172.17.42.0/24" && \
+  /opt/editconf.py /etc/opendmarc.conf -s \
+    "Syslog=true" \
+    "Socket=inet:8893@[127.0.0.1]" && \
+  /opt/editconf.py /etc/postfix/main.cf \
+    "smtpd_milters=inet:127.0.0.1:8891 inet:127.0.0.1:8893"\
+    non_smtpd_milters=\$smtpd_milters \
+    milter_default_action=accept && \
+  echo "MinimumKeyBits          1024" >> /etc/opendkim && \
+  echo "ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+  echo "InternalHosts           refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim && \
+  echo "KeyTable                refile:/etc/opendkim/KeyTable" >> /etc/opendkim && \
+  echo "SigningTable            refile:/etc/opendkim/SigningTable" >> /etc/opendkim && \
+  echo "Socket                  inet:8891@localhost" >> /etc/opendkim && \
+  echo "RequireSafeKeys         false" >> /etc/opendkim

 #RUN /opt/editconf.py /etc/postfix/main.cf \
 #smtp_tls_security_level=dane \

--- a/dockerfiles/email/postfix/install.sh
+++ b/dockerfiles/email/postfix/install.sh
@@ -16,7 +16,10 @@ sed -i "s/##HOSTNAME##/$HOSTNAME/" /etc/postfix/main.cf

 /opt/mysql-check.sh

-chown -R postfix:postfix /var/spool/postfix/dovecot
+if [ ! -f /etc/opendkim/TrustedHosts ]; then
+  mkdir -p /etc/opendkim
+  echo "127.0.0.1" > /etc/opendkim/TrustedHosts
+fi

-EOF
+chown -R postfix:postfix /var/spool/postfix/dovecot

--- a/unit-files/postfix.service
+++ b/unit-files/postfix.service
@@ -24,6 +24,7 @@ ExecStart=/usr/bin/docker run \
  -v /data/runtime/postfix:/data \
  -v /data/runtime/mail:/var/mail \
  -v /data/domains/mail/TLS:/ssl \
+  -v /data/domains/mail/opendkim:/etc/opendkim \
  --volumes-from=dovecot \
  -p 25:25 \
  -p 587:587 \

--- a/utils/add_email_to.sh
+++ b/utils/add_email_to.sh
 #!/bin/bash -ex

-DOMAIN=$1
+EMAIL=$1
 PASSWORD=`echo $RANDOM date | md5sum | base64 | cut -c-10`
 MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`

+DOMAIN=$(echo ${EMAIL} | cut -f2 -d@)
+
 /usr/bin/docker run \
  --rm \
  --name add_email_support_to_$DOMAIN \
  --link mysql-mail:db \
-  pierreozoux/mysql \
+  indiepaas/mysql \
    mysql \
      -uadmin \
      -p$MYSQL_PASS \
      -h db \
-        -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');" \
        -e "INSERT INTO servermail.virtual_users (domain_id, password , email) \
          VALUES( \
            (SELECT id FROM servermail.virtual_domains WHERE name='$DOMAIN'), \
            ENCRYPT('$PASSWORD', CONCAT('\$6\$', SUBSTRING(SHA(RAND()), -16))), \
-            'contact@$DOMAIN');"
+            '$EMAIL');"
+
+echo "Email added with success"
+echo "Pass: $PASSWORD"
+

--- a/utils/add_email_alias.sh
+++ b/utils/add_email_alias.sh
@@ -9,7 +9,7 @@ MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
  --rm \
  --name add_email_support_to_$DOMAIN \
  --link mysql-mail:db \
-  pierreozoux/mysql \
+  indiepaas/mysql \
    mysql \
      -uadmin \
      -p$MYSQL_PASS \

--- a/utils/add_email_support.sh
+++ b/utils/add_email_support.sh
+#!/bin/bash -ex
+
+DOMAIN=$1
+MYSQL_PASS=`cat /data/domains/mail/mysql/.env | cut -d= -f2`
+
+/usr/bin/docker run \
+  --rm \
+  --name add_email_support_to_$DOMAIN \
+  --link mysql-mail:db \
+  indiepaas/mysql \
+    mysql \
+      -uadmin \
+      -p$MYSQL_PASS \
+      -h db \
+        -e "INSERT INTO servermail.virtual_domains (name) VALUES ('$DOMAIN');"
+
+mkdir -p /data/domains/mail/opendkim/keys/$DOMAIN
+
+/usr/bin/docker run \
+  --rm \
+  --name opendkim-genkey \
+  indiepaas/postfix \
+    /usr/bin/opendkim-genkey -D /etc/opendkim/keys/$DOMAIN/ -d $DOMAIN -s mail && chown -R opendkim: /etc/opendkim/keys
+
+mv /data/domains/mail/opendkim/keys/$DOMAIN/mail.private /data/domains/mail/opendkim/keys/$DOMAIN/mail
+
+echo mail._domainkey.$DOMAIN $DOMAIN:mail:/etc/opendkim/keys/$DOMAIN/mail >> /data/domains/mail/opendkim/KeyTable
+
+echo *@$DOMAIN mail._domainkey.$DOMAIN >> /data/domains/mail/opendkim/SigningTable
+
+echo $DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+echo galaxy.$DOMAIN >> /data/domains/mail/opendkim/TrustedHosts
+
+echo "Domain installed with success."
+echo "Please add the followig records to it's DNS."
+
+cat /data/domains/mail/opendkim/keys/$DOMAIN/mail.txt
+
+echo "And don't forget spf :)"
+