FROM alpine

RUN apk add --no-cache \
        ca-certificates \
        openssl \
        postfix \
        postfix-ldap \
        postfix-pcre

RUN echo '' > /etc/postfix/main.cf \
    && postconf -e myorigin='$mydomain' \
    && postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
    && postconf -e smtpd_recipient_restrictions=' \
        check_sender_access hash:/etc/postfix/access_sender, \
        reject_non_fqdn_sender, \
        reject_non_fqdn_recipient, \
        reject_unknown_sender_domain, \
        reject_unknown_recipient_domain, \
        permit_sasl_authenticated, \
        permit_mynetworks, \
        reject_unauth_destination, \
        reject_rbl_client zen.spamhaus.org, \
        reject_rbl_client ix.dnsbl.manitu.net, \
        reject_unverified_recipient, \
        permit \
       ' \
    && postconf -e recipient_delimiter='+' \
    && postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \
    && postconf -e smtpd_use_tls='yes' \
    && postconf -e smtpd_tls_loglevel='1' \
    && postconf -e smtpd_tls_key_file='/tls/key.pem' \
    && postconf -e smtpd_tls_cert_file='/tls/fullchain.pem' \
    && postconf -e smtpd_tls_security_level='may' \
    && postconf -e smtpd_tls_auth_only='yes' \
    && postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
    && postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
    && postconf -e smtpd_tls_mandatory_ciphers='high' \
    && postconf -e smtpd_tls_exclude_ciphers='aNULL' \
    && postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
    && postconf -e smtpd_tls_eecdh_grade='strong' \
    && postconf -e smtpd_tls_CApath='/etc/ssl/certs' \
    && postconf -e smtp_tls_loglevel='1' \
    && postconf -e smtp_tls_security_level='may' \
    && postconf -e smtp_tls_mandatory_ciphers='medium' \
    && postconf -e smtp_tls_CApath='/etc/ssl/certs' \
    && postconf -e tls_preempt_cipherlist='yes' \
    && postconf -e smtpd_sasl_auth_enable='yes' \
    && postconf -e smtpd_sasl_type='dovecot' \
    && postconf -e smtpd_sasl_path='inet:dovecot:100' \
    && postconf -e virtual_transport='lmtp:[dovecot]' \
    && postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
    && postconf -e virtual_mailbox_maps='ldap:/etc/postfix/virtual_mailbox_maps.cf' \
    && postconf -e virtual_mailbox_limit='0' \
    && postconf -e disable_vrfy_command='yes' \
    && postconf -e enable_long_queue_ids='yes' \
    && postconf -e strict_rfc821_envelopes='yes' \
    && postconf -e maillog_file='/dev/stdout' \
    && touch /etc/postfix/virtual_mailbox_maps.cf \
    && postfix check \
    && newaliases \
    && touch /etc/postfix/access_sender

RUN cp -r /var/spool/postfix /var/spool/postfix-skel

COPY master.cf /etc/postfix/
COPY smtp_header_checks /etc/postfix/
COPY virtual_mailbox_maps.cf /etc/postfix/

COPY scripts /usr/local/bin/

ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]

EXPOSE 25 587