FROM alpine:latest RUN apk add --no-cache \ supervisor \ rsyslog \ ca-certificates \ postfix \ postfix-pcre \ postfix-ldap \ openssl COPY rsyslog.conf /etc/rsyslog.conf RUN echo '' > /etc/postfix/main.cf \ && postconf -e myorigin='$mydomain' \ && postconf -e mynetworks='127.0.0.0/8 [::1]/128' \ && postconf -e smtpd_relay_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \ && postconf -e smtpd_recipient_restrictions='check_recipient_access hash:/etc/postfix/access_recipient, check_sender_access hash:/etc/postfix/access_sender, check_helo_access hash:/etc/postfix/access_helo, check_client_access cidr:/etc/postfix/access_client, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:postgrey:25 reject_unverified_recipient, permit' \ && postconf -e recipient_delimiter='+' \ && postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \ && postconf -e smtpd_use_tls='yes' \ && postconf -e smtpd_tls_security_level='may' \ && postconf -e smtpd_tls_auth_only='yes' \ && postconf -e smtpd_tls_loglevel='1' \ && postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \ && postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \ && postconf -e smtpd_tls_mandatory_ciphers='medium' \ && postconf -e tls_medium_cipherlist='AES128+EECDH:AES128+EDH' \ && postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \ && postconf -e smtpd_tls_dh512_param_file='/etc/postfix/dh-params/512.pem' \ && postconf -e smtpd_tls_eecdh_grade='strong' \ && postconf -e tls_preempt_cipherlist='yes' \ && postconf -e smtpd_sasl_auth_enable='yes' \ && postconf -e smtpd_sasl_type='dovecot' \ && postconf -e smtpd_sasl_path='inet:dovecot:100' \ && postconf -e virtual_transport='lmtp:[dovecot]' \ && postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \ && postconf -e virtual_mailbox_maps='ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf' \ && postconf -e virtual_mailbox_limit='0' \ && postconf -e smtp_tls_security_level='may' \ && postconf -e disable_vrfy_command='yes' \ && postconf -e enable_long_queue_ids='yes' \ && postconf -e strict_rfc821_envelopes='yes' \ && echo 'MAILER-DAEMON: postmaster\npostmaster: root' > /etc/postfix/aliases COPY master.cf /etc/postfix/master.cf COPY smtp_header_checks /etc/postfix/smtp_header_checks COPY postfix.sh /postfix.sh COPY supervisord.conf /etc/supervisord.conf COPY ldap /etc/postfix/ldap ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] VOLUME ["/etc/postfix/dh-params/"] VOLUME ["/var/spool/postfix"] EXPOSE 25 587