74 lines
2.9 KiB
Docker
74 lines
2.9 KiB
Docker
FROM alpine
|
|
|
|
RUN apk add --no-cache \
|
|
ca-certificates \
|
|
openssl \
|
|
postfix \
|
|
postfix-ldap \
|
|
postfix-pcre
|
|
|
|
RUN echo '' > /etc/postfix/main.cf \
|
|
&& postconf -e myorigin='$mydomain' \
|
|
&& postconf -e mynetworks='127.0.0.0/8 [::1]/128' \
|
|
&& postconf -e smtpd_recipient_restrictions=' \
|
|
check_sender_access hash:/etc/postfix/access_sender, \
|
|
reject_non_fqdn_sender, \
|
|
reject_non_fqdn_recipient, \
|
|
reject_unknown_sender_domain, \
|
|
reject_unknown_recipient_domain, \
|
|
permit_sasl_authenticated, \
|
|
permit_mynetworks, \
|
|
reject_unauth_destination, \
|
|
reject_rbl_client zen.spamhaus.org, \
|
|
reject_rbl_client ix.dnsbl.manitu.net, \
|
|
reject_unverified_recipient, \
|
|
permit \
|
|
' \
|
|
&& postconf -e recipient_delimiter='+' \
|
|
&& postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \
|
|
&& postconf -e smtpd_use_tls='yes' \
|
|
&& postconf -e smtpd_tls_loglevel='1' \
|
|
&& postconf -e smtpd_tls_key_file='/tls/key.pem' \
|
|
&& postconf -e smtpd_tls_cert_file='/tls/fullchain.pem' \
|
|
&& postconf -e smtpd_tls_security_level='may' \
|
|
&& postconf -e smtpd_tls_auth_only='yes' \
|
|
&& postconf -e smtpd_tls_mandatory_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
|
|
&& postconf -e smtpd_tls_protocols='!SSLv2,!SSLv3,!TLSv1,!TLSv1.1' \
|
|
&& postconf -e smtpd_tls_mandatory_ciphers='high' \
|
|
&& postconf -e smtpd_tls_exclude_ciphers='aNULL' \
|
|
&& postconf -e smtpd_tls_dh1024_param_file='/etc/postfix/dh-params/2048.pem' \
|
|
&& postconf -e smtpd_tls_eecdh_grade='strong' \
|
|
&& postconf -e smtpd_tls_CApath='/etc/ssl/certs' \
|
|
&& postconf -e smtp_tls_loglevel='1' \
|
|
&& postconf -e smtp_tls_security_level='may' \
|
|
&& postconf -e smtp_tls_mandatory_ciphers='medium' \
|
|
&& postconf -e smtp_tls_CApath='/etc/ssl/certs' \
|
|
&& postconf -e tls_preempt_cipherlist='yes' \
|
|
&& postconf -e smtpd_sasl_auth_enable='yes' \
|
|
&& postconf -e smtpd_sasl_type='dovecot' \
|
|
&& postconf -e smtpd_sasl_path='inet:dovecot:100' \
|
|
&& postconf -e virtual_transport='lmtp:[dovecot]' \
|
|
&& postconf -e virtual_alias_maps='hash:/etc/postfix/virtual' \
|
|
&& postconf -e virtual_mailbox_maps='ldap:/etc/postfix/virtual_mailbox_maps.cf' \
|
|
&& postconf -e virtual_mailbox_limit='0' \
|
|
&& postconf -e disable_vrfy_command='yes' \
|
|
&& postconf -e enable_long_queue_ids='yes' \
|
|
&& postconf -e strict_rfc821_envelopes='yes' \
|
|
&& postconf -e maillog_file='/dev/stdout' \
|
|
&& touch /etc/postfix/virtual_mailbox_maps.cf \
|
|
&& postfix check \
|
|
&& newaliases \
|
|
&& touch /etc/postfix/access_sender
|
|
|
|
RUN cp -r /var/spool/postfix /var/spool/postfix-skel
|
|
|
|
COPY master.cf /etc/postfix/
|
|
COPY smtp_header_checks /etc/postfix/
|
|
COPY virtual_mailbox_maps.cf /etc/postfix/
|
|
|
|
COPY scripts /usr/local/bin/
|
|
|
|
ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
|
|
|
|
EXPOSE 25 587
|