2018-03-08 15:45:31 +01:00
|
|
|
FROM alpine:latest
|
|
|
|
|
|
|
|
|
|
RUN apk add --no-cache \
|
2018-03-15 16:32:17 +01:00
|
|
|
supervisor \
|
|
|
|
|
rsyslog \
|
|
|
|
|
ca-certificates \
|
|
|
|
|
postfix \
|
|
|
|
|
postfix-pcre \
|
|
|
|
|
openssl
|
|
|
|
|
|
|
|
|
|
RUN echo '' > /etc/postfix/main.cf \
|
|
|
|
|
&& postconf -e myorigin='$myhostname' \
|
|
|
|
|
&& postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
|
|
|
|
|
&& postconf -e smtpd_relay_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
|
|
|
|
|
&& postconf -e smtpd_recipient_restrictions='check_recipient_access hash:/etc/postfix/access_recipient, check_sender_access hash:/etc/postfix/access_sender, check_helo_access hash:/etc/postfix/access_helo, check_client_access cidr:/etc/postfix/access_client, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:postgrey:25 reject_unverified_recipient, permit' \
|
|
|
|
|
&& postconf -e recipient_delimiter='+' \
|
|
|
|
|
&& postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \
|
|
|
|
|
&& postconf -e smtpd_use_tls='yes' \
|
|
|
|
|
&& postconf -e smtpd_tls_security_level='may' \
|
|
|
|
|
&& postconf -e smtpd_tls_auth_only='yes' \
|
|
|
|
|
&& postconf -e smtpd_tls_loglevel='1' \
|
|
|
|
|
&& postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
|
|
|
|
|
&& postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
|
|
|
|
|
&& postconf -e smtpd_tls_mandatory_ciphers='medium' \
|
|
|
|
|
&& postconf -e tls_medium_cipherlist='AES128+EECDH:AES128+EDH' \
|
|
|
|
|
&& postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
|
|
|
|
|
&& postconf -e smtpd_tls_dh512_param_file='/etc/postfix/dh-params/512.pem' \
|
|
|
|
|
&& postconf -e smtpd_tls_eecdh_grade='strong' \
|
|
|
|
|
&& postconf -e tls_preempt_cipherlist='yes' \
|
|
|
|
|
&& postconf -e smtpd_sasl_auth_enable='yes' \
|
|
|
|
|
&& postconf -e smtpd_sasl_type='dovecot' \
|
|
|
|
|
&& postconf -e smtpd_sasl_path='inet:dovecot:100' \
|
|
|
|
|
&& postconf -e virtual_transport='lmtp:[dovecot]' \
|
|
|
|
|
&& postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
|
|
|
|
|
&& postconf -e virtual_mailbox_domains='/etc/postfix/domains' \
|
|
|
|
|
&& postconf -e smtp_tls_security_level='may' \
|
|
|
|
|
&& postconf -e disable_vrfy_command='yes' \
|
|
|
|
|
&& postconf -e enable_long_queue_ids='yes' \
|
|
|
|
|
&& postconf -e strict_rfc821_envelopes='yes'
|
|
|
|
|
|
|
|
|
|
# && postconf -e smtpd_recipient_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
|
|
|
|
|
|
|
|
|
|
COPY master.cf /etc/postfix/master.cf
|
|
|
|
|
COPY smtp_header_checks /etc/postfix/smtp_header_checks
|
2018-03-08 15:45:31 +01:00
|
|
|
|
|
|
|
|
COPY postfix.sh /postfix.sh
|
|
|
|
|
COPY supervisord.conf /etc/supervisord.conf
|
|
|
|
|
|
|
|
|
|
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
|
|
|
|
|
|
2018-03-15 16:32:17 +01:00
|
|
|
VOLUME ["/etc/postfix/dh-params/"]
|
|
|
|
|
VOLUME ["/var/spool/postfix"]
|
2018-03-08 15:45:31 +01:00
|
|
|
|
|
|
|
|
EXPOSE 25 587
|
