mail/postfix/Dockerfile

FROM alpine

RUN apk add --no-cache \
        ca-certificates \
        openssl \
        postfix \
        postfix-ldap \
        postfix-pcre

RUN echo '' > /etc/postfix/main.cf \
    && postconf -e myorigin='$mydomain' \
    && postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
    && postconf -e smtpd_recipient_restrictions=' \
        check_sender_access hash:/etc/postfix/access_sender, \
        reject_non_fqdn_sender, \
        reject_non_fqdn_recipient, \
        reject_unknown_sender_domain, \
        reject_unknown_recipient_domain, \
        permit_sasl_authenticated, \
        permit_mynetworks, \
        reject_unauth_destination, \
        reject_rbl_client zen.spamhaus.org, \
        reject_rbl_client ix.dnsbl.manitu.net, \
        reject_unverified_recipient, \
        permit \
       ' \
    && postconf -e recipient_delimiter='+' \
    && postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \
    && postconf -e smtpd_use_tls='yes' \
    && postconf -e smtpd_tls_loglevel='1' \
    && postconf -e smtpd_tls_key_file='/tls/key.pem' \
    && postconf -e smtpd_tls_cert_file='/tls/fullchain.pem' \
    && postconf -e smtpd_tls_security_level='may' \
    && postconf -e smtpd_tls_auth_only='yes' \
    && postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
    && postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
    && postconf -e smtpd_tls_mandatory_ciphers='high' \
    && postconf -e smtpd_tls_exclude_ciphers='aNULL' \
    && postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
    && postconf -e smtpd_tls_eecdh_grade='strong' \
    && postconf -e smtpd_tls_CApath='/etc/ssl/certs' \
    && postconf -e smtp_tls_loglevel='1' \
    && postconf -e smtp_tls_security_level='may' \
    && postconf -e smtp_tls_mandatory_ciphers='medium' \
    && postconf -e smtp_tls_CApath='/etc/ssl/certs' \
    && postconf -e tls_preempt_cipherlist='yes' \
    && postconf -e smtpd_sasl_auth_enable='yes' \
    && postconf -e smtpd_sasl_type='dovecot' \
    && postconf -e smtpd_sasl_path='inet:dovecot:100' \
    && postconf -e virtual_transport='lmtp:[dovecot]' \
    && postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
    && postconf -e virtual_mailbox_maps='ldap:/etc/postfix/virtual_mailbox_maps.cf' \
    && postconf -e virtual_mailbox_limit='0' \
    && postconf -e disable_vrfy_command='yes' \
    && postconf -e enable_long_queue_ids='yes' \
    && postconf -e strict_rfc821_envelopes='yes' \
    && postconf -e maillog_file='/dev/stdout' \
    && touch /etc/postfix/virtual_mailbox_maps.cf \
    && postfix check \
    && newaliases \
    && touch /etc/postfix/access_sender

RUN cp -r /var/spool/postfix /var/spool/postfix-skel

COPY master.cf /etc/postfix/
COPY smtp_header_checks /etc/postfix/
COPY virtual_mailbox_maps.cf /etc/postfix/

COPY scripts /usr/local/bin/

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

EXPOSE 25 587
postfix 3.4 is now in latest alpine 2019-07-11 22:21:07 +02:00			`FROM alpine`
init 2018-03-08 15:45:31 +01:00
			`RUN apk add --no-cache \`
update 2019-03-31 00:16:15 +01:00			`ca-certificates \`
			`openssl \`
			`postfix \`
			`postfix-ldap \`
			`postfix-pcre`
dreckiger commit 2018-03-24 18:52:46 +01:00
working state 2018-03-15 16:32:17 +01:00			`RUN echo '' > /etc/postfix/main.cf \`
dreckiger commit 2018-03-24 18:52:46 +01:00			`&& postconf -e myorigin='$mydomain' \`
working state 2018-03-15 16:32:17 +01:00			`&& postconf -e mynetworks='127.0.0.0/8 [::1]/128' \`
update 2019-03-31 00:16:15 +01:00			`&& postconf -e smtpd_recipient_restrictions=' \`
Add option to block specific senders 2019-08-01 14:04:30 +02:00			`check_sender_access hash:/etc/postfix/access_sender, \`
update 2019-03-31 00:16:15 +01:00			`reject_non_fqdn_sender, \`
			`reject_non_fqdn_recipient, \`
			`reject_unknown_sender_domain, \`
			`reject_unknown_recipient_domain, \`
			`permit_sasl_authenticated, \`
			`permit_mynetworks, \`
			`reject_unauth_destination, \`
			`reject_rbl_client zen.spamhaus.org, \`
			`reject_rbl_client ix.dnsbl.manitu.net, \`
			`reject_unverified_recipient, \`
			`permit \`
			`' \`
working state 2018-03-15 16:32:17 +01:00			`&& postconf -e recipient_delimiter='+' \`
			`&& postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \`
			`&& postconf -e smtpd_use_tls='yes' \`
Log TLS information at each connection This is handy to verify wether a given mail was sent encrypted. 2019-08-03 17:40:13 +02:00			`&& postconf -e smtpd_tls_loglevel='1' \`
Change TLS certificate name 2020-02-09 14:53:03 +01:00			`&& postconf -e smtpd_tls_key_file='/tls/key.pem' \`
			`&& postconf -e smtpd_tls_cert_file='/tls/fullchain.pem' \`
working state 2018-03-15 16:32:17 +01:00			`&& postconf -e smtpd_tls_security_level='may' \`
			`&& postconf -e smtpd_tls_auth_only='yes' \`
			`&& postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \`
			`&& postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \`
update 2019-03-31 00:16:15 +01:00			`&& postconf -e smtpd_tls_mandatory_ciphers='high' \`
			`&& postconf -e smtpd_tls_exclude_ciphers='aNULL' \`
working state 2018-03-15 16:32:17 +01:00			`&& postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \`
			`&& postconf -e smtpd_tls_eecdh_grade='strong' \`
Verify TLS certificates for outgoing mail 2019-08-03 17:40:51 +02:00			`&& postconf -e smtpd_tls_CApath='/etc/ssl/certs' \`
Log TLS information at each connection This is handy to verify wether a given mail was sent encrypted. 2019-08-03 17:40:13 +02:00			`&& postconf -e smtp_tls_loglevel='1' \`
update 2019-03-31 00:16:15 +01:00			`&& postconf -e smtp_tls_security_level='may' \`
			`&& postconf -e smtp_tls_mandatory_ciphers='medium' \`
Verify TLS certificates for outgoing mail 2019-08-03 17:40:51 +02:00			`&& postconf -e smtp_tls_CApath='/etc/ssl/certs' \`
working state 2018-03-15 16:32:17 +01:00			`&& postconf -e tls_preempt_cipherlist='yes' \`
			`&& postconf -e smtpd_sasl_auth_enable='yes' \`
			`&& postconf -e smtpd_sasl_type='dovecot' \`
			`&& postconf -e smtpd_sasl_path='inet:dovecot:100' \`
			`&& postconf -e virtual_transport='lmtp:[dovecot]' \`
			`&& postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \`
update 2019-03-31 00:16:15 +01:00			`&& postconf -e virtual_mailbox_maps='ldap:/etc/postfix/virtual_mailbox_maps.cf' \`
dreckiger commit 2018-03-24 18:52:46 +01:00			`&& postconf -e virtual_mailbox_limit='0' \`
working state 2018-03-15 16:32:17 +01:00			`&& postconf -e disable_vrfy_command='yes' \`
			`&& postconf -e enable_long_queue_ids='yes' \`
dreckiger commit 2018-03-24 18:52:46 +01:00			`&& postconf -e strict_rfc821_envelopes='yes' \`
update 2019-03-31 00:16:15 +01:00			`&& postconf -e maillog_file='/dev/stdout' \`
Check postfix configuration at build 2019-08-03 17:41:41 +02:00			`&& touch /etc/postfix/virtual_mailbox_maps.cf \`
			`&& postfix check \`
Add option to block specific senders 2019-08-01 14:04:30 +02:00			`&& newaliases \`
			`&& touch /etc/postfix/access_sender`
init 2018-03-08 15:45:31 +01:00
update 2019-03-31 00:16:15 +01:00			`RUN cp -r /var/spool/postfix /var/spool/postfix-skel`
init 2018-03-08 15:45:31 +01:00
update 2019-03-31 00:16:15 +01:00			`COPY master.cf /etc/postfix/`
			`COPY smtp_header_checks /etc/postfix/`
			`COPY virtual_mailbox_maps.cf /etc/postfix/`
dreckiger commit 2018-03-24 18:52:46 +01:00
update 2019-03-31 00:16:15 +01:00			`COPY scripts /usr/local/bin/`
init 2018-03-08 15:45:31 +01:00
update 2019-03-31 00:16:15 +01:00			`ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]`
init 2018-03-08 15:45:31 +01:00
			`EXPOSE 25 587`