Merge pull request #56 from bilak/master

#55 - added DKIM support -i 55
This commit is contained in:
Thomas VIAL 2016-01-26 12:27:54 +01:00
commit 06281f7823
9 changed files with 113 additions and 9 deletions

1
.gitignore vendored
View file

@ -2,3 +2,4 @@
docker-compose.yml docker-compose.yml
postfix/ssl/* postfix/ssl/*
letsencrypt/ letsencrypt/
.idea

View file

@ -4,7 +4,10 @@ MAINTAINER Thomas VIAL
# Packages # Packages
RUN apt-get update -q --fix-missing RUN apt-get update -q --fix-missing
RUN apt-get -y upgrade RUN apt-get -y upgrade
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
opendkim opendkim-tools
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
# Configures Saslauthd # Configures Saslauthd
@ -30,6 +33,14 @@ RUN chmod 644 /etc/clamav/freshclam.conf
RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab - RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab -
RUN freshclam RUN freshclam
# Configure DKIM (opendkim)
RUN mkdir -p /etc/opendkim/keys
ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
# DKIM config files
ADD postfix/opendkim.conf /etc/opendkim.conf
ADD postfix/default-opendkim /etc/default/opendkim
# Configures Postfix # Configures Postfix
ADD postfix/main.cf /etc/postfix/main.cf ADD postfix/main.cf /etc/postfix/main.cf
ADD postfix/master.cf /etc/postfix/master.cf ADD postfix/master.cf /etc/postfix/master.cf

View file

@ -11,7 +11,12 @@ run:
cp test/accounts.cf postfix/ cp test/accounts.cf postfix/
cp test/virtual postfix/ cp test/virtual postfix/
# Run container # Run container
docker run -d --name mail -v "`pwd`/postfix":/tmp/postfix -v "`pwd`/spamassassin":/tmp/spamassassin -v "`pwd`/test":/tmp/test -h mail.my-domain.com -t $(NAME):$(VERSION) docker run -d --name mail \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-h mail.my-domain.com \
-t $(NAME):$(VERSION)
sleep 25 sleep 25
prepare: prepare:

View file

@ -13,6 +13,7 @@ Includes:
- amavis - amavis
- spamassasin - spamassasin
- clamav with automatic updates - clamav with automatic updates
- opendkim
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/) Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
@ -29,6 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates - ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
- [includes integration tests](https://travis-ci.org/tomav/docker-mailserver) - [includes integration tests](https://travis-ci.org/tomav/docker-mailserver)
- [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/) - [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
- dkim public key will be echoed to log. If you have your previous configuration, you can mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
## installation ## installation

2
postfix/TrustedHosts Normal file
View file

@ -0,0 +1,2 @@
127.0.0.1
localhost

12
postfix/default-opendkim Normal file
View file

@ -0,0 +1,12 @@
# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:12301@localhost"

View file

@ -58,3 +58,8 @@ virtual_gid_maps = static:5000
# Additional option for filtering # Additional option for filtering
content_filter = smtp-amavis:[127.0.0.1]:10024 content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

21
postfix/opendkim.conf Normal file
View file

@ -0,0 +1,21 @@
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost

View file

@ -1,4 +1,4 @@
#!/bin/sh #!/bin/bash
die () { die () {
echo >&2 "$@" echo >&2 "$@"
@ -56,6 +56,48 @@ echo "Postfix configurations"
touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
touch /etc/postfix/virtual && postmap /etc/postfix/virtual touch /etc/postfix/virtual && postmap /etc/postfix/virtual
# DKIM
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
mkdir -p /etc/opendkim/keys/$domainname
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
pushd /etc/opendkim/keys/$domainname
opendkim-genkey --subdomains --domain=$domainname --selector=mail
popd
echo ""
echo "DKIM PUBLIC KEY ################################################################"
cat /etc/opendkim/keys/$domainname/mail.txt
echo "################################################################################"
fi
# Write to KeyTable if necessary
keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
if [ ! -f "/etc/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
else
if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
echo $keytableentry >> /etc/opendkim/KeyTable
fi
fi
# Write to SigningTable if necessary
signingtableentry="*@$domainname mail._domainkey.$domainname"
if [ ! -f "/etc/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
else
if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
echo $signingtableentry >> /etc/opendkim/SigningTable
fi
fi
done
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
# SSL Configuration # SSL Configuration
case $DMS_SSL in case $DMS_SSL in
"letsencrypt" ) "letsencrypt" )
@ -66,7 +108,7 @@ case $DMS_SSL in
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf
# Courier configuration # Courier configuration
cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem cat "/etc/letsencrypt/live/$(hostname)/privkey.pem" "/etc/letsencrypt/live/$(hostname)/cert.pem" > "/etc/letsencrypt/live/$(hostname)/combined.pem"
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl
echo "SSL configured with letsencrypt certificates" echo "SSL configured with letsencrypt certificates"
@ -75,15 +117,15 @@ case $DMS_SSL in
"self-signed" ) "self-signed" )
# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder # Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \ if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \ && [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \
&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \ && [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then && [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
echo "Adding $(hostname) SSL certificate" echo "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl mkdir -p /etc/postfix/ssl
cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl cp "/tmp/postfix/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl cp "/tmp/postfix/ssl/$(hostname)-key.pem" /etc/postfix/ssl
cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl cp "/tmp/postfix/ssl/$(hostname)-combined.pem" /etc/postfix/ssl
cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
# Postfix configuration # Postfix configuration
@ -91,10 +133,12 @@ case $DMS_SSL in
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$(hostname).pem"
# Courier configuration # Courier configuration
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
echo "SSL configured with self-signed/custom certificates"
fi fi
;; ;;
@ -126,6 +170,7 @@ cron
/etc/init.d/spamassassin start /etc/init.d/spamassassin start
/etc/init.d/clamav-daemon start /etc/init.d/clamav-daemon start
/etc/init.d/amavis start /etc/init.d/amavis start
/etc/init.d/opendkim start
/etc/init.d/postfix start /etc/init.d/postfix start
echo "Listing SASL users" echo "Listing SASL users"