This repository has been archived on 2021-02-06. You can view files and clone it, but cannot push or open issues or pull requests.
mail/postfix/Dockerfile

55 lines
3.2 KiB
Docker
Raw Normal View History

2018-03-08 15:45:31 +01:00
FROM alpine:latest
RUN apk add --no-cache \
2018-03-15 16:32:17 +01:00
supervisor \
rsyslog \
ca-certificates \
postfix \
postfix-pcre \
openssl
RUN echo '' > /etc/postfix/main.cf \
&& postconf -e myorigin='$myhostname' \
&& postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
&& postconf -e smtpd_relay_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
&& postconf -e smtpd_recipient_restrictions='check_recipient_access hash:/etc/postfix/access_recipient, check_sender_access hash:/etc/postfix/access_sender, check_helo_access hash:/etc/postfix/access_helo, check_client_access cidr:/etc/postfix/access_client, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:postgrey:25 reject_unverified_recipient, permit' \
&& postconf -e recipient_delimiter='+' \
&& postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \
&& postconf -e smtpd_use_tls='yes' \
&& postconf -e smtpd_tls_security_level='may' \
&& postconf -e smtpd_tls_auth_only='yes' \
&& postconf -e smtpd_tls_loglevel='1' \
&& postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
&& postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
&& postconf -e smtpd_tls_mandatory_ciphers='medium' \
&& postconf -e tls_medium_cipherlist='AES128+EECDH:AES128+EDH' \
&& postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
&& postconf -e smtpd_tls_dh512_param_file='/etc/postfix/dh-params/512.pem' \
&& postconf -e smtpd_tls_eecdh_grade='strong' \
&& postconf -e tls_preempt_cipherlist='yes' \
&& postconf -e smtpd_sasl_auth_enable='yes' \
&& postconf -e smtpd_sasl_type='dovecot' \
&& postconf -e smtpd_sasl_path='inet:dovecot:100' \
&& postconf -e virtual_transport='lmtp:[dovecot]' \
&& postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
&& postconf -e virtual_mailbox_domains='/etc/postfix/domains' \
&& postconf -e smtp_tls_security_level='may' \
&& postconf -e disable_vrfy_command='yes' \
&& postconf -e enable_long_queue_ids='yes' \
&& postconf -e strict_rfc821_envelopes='yes'
# && postconf -e smtpd_recipient_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
COPY master.cf /etc/postfix/master.cf
COPY smtp_header_checks /etc/postfix/smtp_header_checks
2018-03-08 15:45:31 +01:00
COPY postfix.sh /postfix.sh
COPY supervisord.conf /etc/supervisord.conf
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
2018-03-15 16:32:17 +01:00
VOLUME ["/etc/postfix/dh-params/"]
VOLUME ["/var/spool/postfix"]
2018-03-08 15:45:31 +01:00
EXPOSE 25 587