containers
/
mail
Archived
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

dreckiger commit

master
Simon Bruder 2018-03-24 17:52:46 +00:00
parent 7d184f1a43
commit 0d17808d1c
14 changed files with 91 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
TODO Normal file
View File

@ -0,0 +1,2 @@
* backscatter test
* open relay test

10
docker-compose.yml
View File

@ -6,14 +6,18 @@ services:
env_file:
- ssl.env
- postfix.env
- ldap.env
volumes:
- ./aliases:/etc/postfix/virtual
- ./domains:/etc/postfix/domains
- /var/lib/acme/:/var/lib/acme/:ro
- /var/lib/docker-volumes/mail/queue/:/var/spool/postfix
- postfix-dh:/etc/postfix/dh-params
networks:
mail:
auth:
ports:
- "25:25"
- "587:587"
depends_on:
- postgrey
- dovecot
@ -34,9 +38,12 @@ services:
volumes:
- /var/lib/docker-volumes/mail/vmail/:/var/vmail/
- /var/lib/acme/:/var/lib/acme/:ro
- dovecot-dh:/var/lib/dovecot/
networks:
mail:
auth:
ports:
- "143:143"
rainloop:
image: runningman84/rainloop
@ -56,3 +63,4 @@ networks:
volumes:
postfix-dh: {}
dovecot-dh: {}

2
dovecot/10-logging.conf
View File

@ -1,7 +1,5 @@
log_path = /dev/stdout
#auth_verbose = yes
plugin {
# Events to log. Also available: flag_change append
#mail_log_events = delete undelete expunge copy mailbox_delete mailbox_rename

3
dovecot/Dockerfile
View File

@ -19,6 +19,7 @@ COPY entrypoint.sh /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
VOLUME ["/var/lib/dovecot"]
VOLUME ["/var/vmail"]
EXPOSE 24 100 143
EXPOSE 143

11
dovecot/entrypoint.sh
View File

@ -6,9 +6,9 @@ base = $LDAP_BASE
auth_bind = yes
user_filter = (&(objectClass=posixAccount)(mail=%u))
pass_filter = (&(objectClass=posixAccount)(mail=%u))
#user_attrs = \
# =home=/var/vmail/%d/%n, \
# =mail=maildir:/var/vmail/%d/%n/Maildir
user_attrs = \
=home=/var/vmail/%d/%n, \
=mail=maildir:/var/vmail/%d/%n/Maildir
DOVECOTLDAP
cat > /etc/dovecot/conf.d/10-ssl.conf << SSL
@ -19,6 +19,9 @@ ssl_key = <$TLS_KEY
ssl_dh_parameters_length = 2048
SSL
echo -e "auth_verbose=yes\nauth_debug=yes\nauth_debug_passwords=yes" >> /etc/dovecot/dovecot.conf
# debugging
#echo -e "auth_verbose=yes\nauth_debug=yes\nauth_debug_passwords=yes" >> /etc/dovecot/dovecot.conf
[ -e /var/lib/dovecot/instances ] && rm -rf /var/lib/dovecot/instances
exec dovecot -F

4
newaliases.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
sudo chown root:root aliases
docker-compose exec postfix postmap /etc/postfix/virtual
sudo chown $USER:$USER aliases

13
postfix.env
View File

@ -1,5 +1,12 @@
MYHOSTNAME=mail.kegelschiene.com
MYDOMAIN=mail.kegelschiene.com
MAIL_NAME="sbrudermail"
# FQDN!
MYHOSTNAME=home.sbruder.de
# Without first part
MYDOMAIN=sbruder.de
# Used in EHLO
MAIL_NAME=sbrudermail
MESSAGE_SIZE_LIMIT=15360000
DOMAINS=kegelschiene.com
POSTMASTER=hanstest@kegelschiene.com

15
postfix/Dockerfile
View File

@ -6,10 +6,13 @@ RUN apk add --no-cache \
ca-certificates \
postfix \
postfix-pcre \
postfix-ldap \
openssl
COPY rsyslog.conf /etc/rsyslog.conf
RUN echo '' > /etc/postfix/main.cf \
&& postconf -e myorigin='$myhostname' \
&& postconf -e myorigin='$mydomain' \
&& postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
&& postconf -e smtpd_relay_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
&& postconf -e smtpd_recipient_restrictions='check_recipient_access hash:/etc/postfix/access_recipient, check_sender_access hash:/etc/postfix/access_sender, check_helo_access hash:/etc/postfix/access_helo, check_client_access cidr:/etc/postfix/access_client, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination, reject_rbl_client zen.spamhaus.org, reject_rbl_client ix.dnsbl.manitu.net, check_policy_service inet:postgrey:25 reject_unverified_recipient, permit' \
@ -32,13 +35,15 @@ RUN echo '' > /etc/postfix/main.cf \
&& postconf -e smtpd_sasl_path='inet:dovecot:100' \
&& postconf -e virtual_transport='lmtp:[dovecot]' \
&& postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
&& postconf -e virtual_mailbox_domains='/etc/postfix/domains' \
&& postconf -e virtual_mailbox_maps='ldap:/etc/postfix/ldap/virtual_mailbox_maps.cf' \
&& postconf -e virtual_mailbox_limit='0' \
&& postconf -e smtp_tls_security_level='may' \
&& postconf -e disable_vrfy_command='yes' \
&& postconf -e enable_long_queue_ids='yes' \
&& postconf -e strict_rfc821_envelopes='yes'
&& postconf -e strict_rfc821_envelopes='yes' \
&& echo 'MAILER-DAEMON: postmaster\npostmaster: root' > /etc/postfix/aliases
# && postconf -e smtpd_recipient_restrictions='permit_sasl_authenticated, permit_mynetworks, reject_unlisted_sender, reject_unlisted_recipient, reject_unknown_sender_domain, reject_unknown_recipient_domain, reject_invalid_hostname, reject_non_fqdn_sender, reject_non_fqdn_recipient, reject_unauth_destination, reject_unknown_hostname' \
# && postconf -e virtual_mailbox_maps='ldap:/etc/postfix/ldap/mailbox.cf' \
COPY master.cf /etc/postfix/master.cf
COPY smtp_header_checks /etc/postfix/smtp_header_checks
@ -46,6 +51,8 @@ COPY smtp_header_checks /etc/postfix/smtp_header_checks
COPY postfix.sh /postfix.sh
COPY supervisord.conf /etc/supervisord.conf
COPY ldap /etc/postfix/ldap
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
VOLUME ["/etc/postfix/dh-params/"]

4
postfix/ldap/virtual_alias_maps.cf Normal file
View File

@ -0,0 +1,4 @@
server_host = @@SERVER_HOST@@
search_base = @@SEARCH_BASE@@
query_filter = mail=%s
result_attribute = mail

10
postfix/ldap/virtual_mailbox_maps.cf Normal file
View File

@ -0,0 +1,10 @@
server_host = @@SERVER_HOST@@
server_port = 389
version = 3
bind = no
search_base = @@SEARCH_BASE@@
scope = sub
query_filter = (mail=%s)
result_attribute= mail
result_format = %d/%u/Maildir/
debuglevel = 0

23
postfix/postfix.sh
View File

@ -11,14 +11,31 @@ postconf -e message_size_limit="$MESSAGE_SIZE_LIMIT"
postconf -e smtpd_tls_key_file="$TLS_KEY"
postconf -e smtpd_tls_cert_file="$TLS_FULLCHAIN"
postmap /etc/postfix/virtual
postmap /etc/postfix/domains
postconf -e virtual_mailbox_domains="$DOMAINS"
for hash in access_recipient access_sender access_helo;do #virtual;do
touch /etc/postfix/$hash
postmap /etc/postfix/$hash
done
# set ldap search base
sed -i \
-e "s/@@SEARCH_BASE@@/${LDAP_BASE}/g" \
-e "s/@@SERVER_HOST@@/${LDAP_SERVER}/g" \
/etc/postfix/ldap/virtual_mailbox_maps.cf
# is cidr, so not included in the hash section
touch /etc/postfix/access_client
echo "MAILER-DAEMON: postmaster\npostmaster: $POSTMASTER" > /etc/postfix/aliases
newaliases
# is mounted, so no default structure
(
cd /var/spool/postfix
chown postfix:postfix .
for dir in active bounce corrupt defer deferred flush hold incoming maildrop pid private public saved trace; do
for dir in active bounce corrupt defer deferred flush hold incoming maildrop pid private public saved trace; do
mkdir -p $dir
chown postfix:postfix $dir
done

10
postfix/rsyslog.conf Normal file
View File

@ -0,0 +1,10 @@
$ModLoad immark.so # provides --MARK-- message capability
$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$template CustomFormat,"%timegenerated% %syslogtag%%msg%\n"
$ActionFileDefaultTemplate CustomFormat
mail.* -/var/log/maillog

2
postgrey/Dockerfile
View File

@ -5,5 +5,3 @@ RUN apk add --no-cache \
postgrey
ENTRYPOINT ["postgrey", "--inet=0.0.0.0:25", "--auto-whitelist-clients"]
EXPOSE 25

4
ssl.env
View File

@ -1,2 +1,2 @@
TLS_FULLCHAIN=/var/lib/acme/live/mail.kegelschiene.com/fullchain
TLS_KEY=/var/lib/acme/live/mail.kegelschiene.com/privkey
TLS_FULLCHAIN=/var/lib/acme/live/home.sbruder.de/fullchain
TLS_KEY=/var/lib/acme/live/home.sbruder.de/privkey