FROM alpine:latest

RUN apk add --no-cache \
    supervisor \
    rsyslog \
    ca-certificates \
    postfix \
    postfix-pcre \
    postfix-ldap \
    openssl

COPY rsyslog.conf /etc/rsyslog.conf

RUN echo '' > /etc/postfix/main.cf \
    && postconf -e myorigin='$mydomain' \
    && postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
    && postconf -e smtpd_relay_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
    && postconf -e smtpd_recipient_restrictions='check_recipient_access hash:/etc/postfix/access_recipient, check_sender_access hash:/etc/postfix/access_sender, check_helo_access hash:/etc/postfix/access_helo, check_client_access cidr:/etc/postfix/access_client, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:postgrey:25 reject_unverified_recipient, permit' \
    && postconf -e recipient_delimiter='+' \
    && postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \
    && postconf -e smtpd_use_tls='yes' \
    && postconf -e smtpd_tls_security_level='may' \
    && postconf -e smtpd_tls_auth_only='yes' \
    && postconf -e smtpd_tls_loglevel='1' \
    && postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
    && postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
    && postconf -e smtpd_tls_mandatory_ciphers='medium' \
    && postconf -e tls_medium_cipherlist='AES128+EECDH:AES128+EDH' \
    && postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
    && postconf -e smtpd_tls_dh512_param_file='/etc/postfix/dh-params/512.pem' \
    && postconf -e smtpd_tls_eecdh_grade='strong' \
    && postconf -e tls_preempt_cipherlist='yes' \
    && postconf -e smtpd_sasl_auth_enable='yes' \
    && postconf -e smtpd_sasl_type='dovecot' \
    && postconf -e smtpd_sasl_path='inet:dovecot:100' \
    && postconf -e virtual_transport='lmtp:[dovecot]' \
    && postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
    && postconf -e virtual_mailbox_maps='ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf' \
    && postconf -e virtual_mailbox_limit='0' \
    && postconf -e smtp_tls_security_level='may' \
    && postconf -e disable_vrfy_command='yes' \
    && postconf -e enable_long_queue_ids='yes' \
    && postconf -e strict_rfc821_envelopes='yes' \
    && echo 'MAILER-DAEMON: postmaster\npostmaster: root' > /etc/postfix/aliases

COPY master.cf /etc/postfix/master.cf
COPY smtp_header_checks /etc/postfix/smtp_header_checks

COPY postfix.sh /postfix.sh
COPY supervisord.conf /etc/supervisord.conf

COPY ldap /etc/postfix/ldap

ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]

VOLUME ["/etc/postfix/dh-params/"]
VOLUME ["/var/spool/postfix"]

EXPOSE 25 587