mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Merge pull request #56 from bilak/master
#55 - added DKIM support -i 55
This commit is contained in:
commit
06281f7823
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -2,3 +2,4 @@
|
||||||
docker-compose.yml
|
docker-compose.yml
|
||||||
postfix/ssl/*
|
postfix/ssl/*
|
||||||
letsencrypt/
|
letsencrypt/
|
||||||
|
.idea
|
||||||
|
|
13
Dockerfile
13
Dockerfile
|
@ -4,7 +4,10 @@ MAINTAINER Thomas VIAL
|
||||||
# Packages
|
# Packages
|
||||||
RUN apt-get update -q --fix-missing
|
RUN apt-get update -q --fix-missing
|
||||||
RUN apt-get -y upgrade
|
RUN apt-get -y upgrade
|
||||||
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat
|
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
|
||||||
|
courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
|
||||||
|
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
|
||||||
|
opendkim opendkim-tools
|
||||||
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
|
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
|
||||||
|
|
||||||
# Configures Saslauthd
|
# Configures Saslauthd
|
||||||
|
@ -30,6 +33,14 @@ RUN chmod 644 /etc/clamav/freshclam.conf
|
||||||
RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab -
|
RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab -
|
||||||
RUN freshclam
|
RUN freshclam
|
||||||
|
|
||||||
|
# Configure DKIM (opendkim)
|
||||||
|
RUN mkdir -p /etc/opendkim/keys
|
||||||
|
ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
|
||||||
|
# DKIM config files
|
||||||
|
ADD postfix/opendkim.conf /etc/opendkim.conf
|
||||||
|
ADD postfix/default-opendkim /etc/default/opendkim
|
||||||
|
|
||||||
|
|
||||||
# Configures Postfix
|
# Configures Postfix
|
||||||
ADD postfix/main.cf /etc/postfix/main.cf
|
ADD postfix/main.cf /etc/postfix/main.cf
|
||||||
ADD postfix/master.cf /etc/postfix/master.cf
|
ADD postfix/master.cf /etc/postfix/master.cf
|
||||||
|
|
7
Makefile
7
Makefile
|
@ -11,7 +11,12 @@ run:
|
||||||
cp test/accounts.cf postfix/
|
cp test/accounts.cf postfix/
|
||||||
cp test/virtual postfix/
|
cp test/virtual postfix/
|
||||||
# Run container
|
# Run container
|
||||||
docker run -d --name mail -v "`pwd`/postfix":/tmp/postfix -v "`pwd`/spamassassin":/tmp/spamassassin -v "`pwd`/test":/tmp/test -h mail.my-domain.com -t $(NAME):$(VERSION)
|
docker run -d --name mail \
|
||||||
|
-v "`pwd`/postfix":/tmp/postfix \
|
||||||
|
-v "`pwd`/spamassassin":/tmp/spamassassin \
|
||||||
|
-v "`pwd`/test":/tmp/test \
|
||||||
|
-h mail.my-domain.com \
|
||||||
|
-t $(NAME):$(VERSION)
|
||||||
sleep 25
|
sleep 25
|
||||||
|
|
||||||
prepare:
|
prepare:
|
||||||
|
|
|
@ -13,6 +13,7 @@ Includes:
|
||||||
- amavis
|
- amavis
|
||||||
- spamassasin
|
- spamassasin
|
||||||
- clamav with automatic updates
|
- clamav with automatic updates
|
||||||
|
- opendkim
|
||||||
|
|
||||||
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
|
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
|
||||||
|
|
||||||
|
@ -29,6 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
|
||||||
- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
|
- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
|
||||||
- [includes integration tests](https://travis-ci.org/tomav/docker-mailserver)
|
- [includes integration tests](https://travis-ci.org/tomav/docker-mailserver)
|
||||||
- [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
|
- [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
|
||||||
|
- dkim public key will be echoed to log. If you have your previous configuration, you can mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
|
||||||
|
|
||||||
## installation
|
## installation
|
||||||
|
|
||||||
|
|
2
postfix/TrustedHosts
Normal file
2
postfix/TrustedHosts
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
127.0.0.1
|
||||||
|
localhost
|
12
postfix/default-opendkim
Normal file
12
postfix/default-opendkim
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# Command-line options specified here will override the contents of
|
||||||
|
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
|
||||||
|
#DAEMON_OPTS=""
|
||||||
|
#
|
||||||
|
# Uncomment to specify an alternate socket
|
||||||
|
# Note that setting this will override any Socket value in opendkim.conf
|
||||||
|
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
|
||||||
|
#SOCKET="inet:54321" # listen on all interfaces on port 54321
|
||||||
|
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
|
||||||
|
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
|
||||||
|
|
||||||
|
SOCKET="inet:12301@localhost"
|
|
@ -58,3 +58,8 @@ virtual_gid_maps = static:5000
|
||||||
# Additional option for filtering
|
# Additional option for filtering
|
||||||
content_filter = smtp-amavis:[127.0.0.1]:10024
|
content_filter = smtp-amavis:[127.0.0.1]:10024
|
||||||
|
|
||||||
|
# Milters used by DKIM
|
||||||
|
milter_protocol = 2
|
||||||
|
milter_default_action = accept
|
||||||
|
smtpd_milters = inet:localhost:12301
|
||||||
|
non_smtpd_milters = inet:localhost:12301
|
||||||
|
|
21
postfix/opendkim.conf
Normal file
21
postfix/opendkim.conf
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
AutoRestart Yes
|
||||||
|
AutoRestartRate 10/1h
|
||||||
|
UMask 002
|
||||||
|
Syslog yes
|
||||||
|
SyslogSuccess Yes
|
||||||
|
LogWhy Yes
|
||||||
|
|
||||||
|
Canonicalization relaxed/simple
|
||||||
|
|
||||||
|
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
||||||
|
InternalHosts refile:/etc/opendkim/TrustedHosts
|
||||||
|
KeyTable refile:/etc/opendkim/KeyTable
|
||||||
|
SigningTable refile:/etc/opendkim/SigningTable
|
||||||
|
|
||||||
|
Mode sv
|
||||||
|
PidFile /var/run/opendkim/opendkim.pid
|
||||||
|
SignatureAlgorithm rsa-sha256
|
||||||
|
|
||||||
|
UserID opendkim:opendkim
|
||||||
|
|
||||||
|
Socket inet:12301@localhost
|
|
@ -1,4 +1,4 @@
|
||||||
#!/bin/sh
|
#!/bin/bash
|
||||||
|
|
||||||
die () {
|
die () {
|
||||||
echo >&2 "$@"
|
echo >&2 "$@"
|
||||||
|
@ -56,6 +56,48 @@ echo "Postfix configurations"
|
||||||
touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
|
touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
|
||||||
touch /etc/postfix/virtual && postmap /etc/postfix/virtual
|
touch /etc/postfix/virtual && postmap /etc/postfix/virtual
|
||||||
|
|
||||||
|
# DKIM
|
||||||
|
grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
|
||||||
|
mkdir -p /etc/opendkim/keys/$domainname
|
||||||
|
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
|
||||||
|
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
|
||||||
|
pushd /etc/opendkim/keys/$domainname
|
||||||
|
opendkim-genkey --subdomains --domain=$domainname --selector=mail
|
||||||
|
popd
|
||||||
|
echo ""
|
||||||
|
echo "DKIM PUBLIC KEY ################################################################"
|
||||||
|
cat /etc/opendkim/keys/$domainname/mail.txt
|
||||||
|
echo "################################################################################"
|
||||||
|
fi
|
||||||
|
# Write to KeyTable if necessary
|
||||||
|
keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
|
||||||
|
if [ ! -f "/etc/opendkim/KeyTable" ]; then
|
||||||
|
echo "Creating DKIM KeyTable"
|
||||||
|
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
|
||||||
|
else
|
||||||
|
if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
|
||||||
|
echo $keytableentry >> /etc/opendkim/KeyTable
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
# Write to SigningTable if necessary
|
||||||
|
signingtableentry="*@$domainname mail._domainkey.$domainname"
|
||||||
|
if [ ! -f "/etc/opendkim/SigningTable" ]; then
|
||||||
|
echo "Creating DKIM SigningTable"
|
||||||
|
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
|
||||||
|
else
|
||||||
|
if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
|
||||||
|
echo $signingtableentry >> /etc/opendkim/SigningTable
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
echo "Changing permissions on /etc/opendkim"
|
||||||
|
# chown entire directory
|
||||||
|
chown -R opendkim:opendkim /etc/opendkim/
|
||||||
|
# And make sure permissions are right
|
||||||
|
chmod -R 0700 /etc/opendkim/keys/
|
||||||
|
|
||||||
|
|
||||||
# SSL Configuration
|
# SSL Configuration
|
||||||
case $DMS_SSL in
|
case $DMS_SSL in
|
||||||
"letsencrypt" )
|
"letsencrypt" )
|
||||||
|
@ -66,7 +108,7 @@ case $DMS_SSL in
|
||||||
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf
|
||||||
|
|
||||||
# Courier configuration
|
# Courier configuration
|
||||||
cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
|
cat "/etc/letsencrypt/live/$(hostname)/privkey.pem" "/etc/letsencrypt/live/$(hostname)/cert.pem" > "/etc/letsencrypt/live/$(hostname)/combined.pem"
|
||||||
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl
|
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl
|
||||||
|
|
||||||
echo "SSL configured with letsencrypt certificates"
|
echo "SSL configured with letsencrypt certificates"
|
||||||
|
@ -75,15 +117,15 @@ case $DMS_SSL in
|
||||||
|
|
||||||
"self-signed" )
|
"self-signed" )
|
||||||
# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
|
# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
|
||||||
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
|
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
|
||||||
&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \
|
&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \
|
||||||
&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
|
&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
|
||||||
&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
|
&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
|
||||||
echo "Adding $(hostname) SSL certificate"
|
echo "Adding $(hostname) SSL certificate"
|
||||||
mkdir -p /etc/postfix/ssl
|
mkdir -p /etc/postfix/ssl
|
||||||
cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
|
cp "/tmp/postfix/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
|
||||||
cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
|
cp "/tmp/postfix/ssl/$(hostname)-key.pem" /etc/postfix/ssl
|
||||||
cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
|
cp "/tmp/postfix/ssl/$(hostname)-combined.pem" /etc/postfix/ssl
|
||||||
cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
|
cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
|
||||||
|
|
||||||
# Postfix configuration
|
# Postfix configuration
|
||||||
|
@ -91,10 +133,12 @@ case $DMS_SSL in
|
||||||
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
|
||||||
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
|
||||||
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
|
||||||
ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
|
ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$(hostname).pem"
|
||||||
|
|
||||||
# Courier configuration
|
# Courier configuration
|
||||||
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
|
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
|
||||||
|
|
||||||
|
echo "SSL configured with self-signed/custom certificates"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
;;
|
;;
|
||||||
|
@ -126,6 +170,7 @@ cron
|
||||||
/etc/init.d/spamassassin start
|
/etc/init.d/spamassassin start
|
||||||
/etc/init.d/clamav-daemon start
|
/etc/init.d/clamav-daemon start
|
||||||
/etc/init.d/amavis start
|
/etc/init.d/amavis start
|
||||||
|
/etc/init.d/opendkim start
|
||||||
/etc/init.d/postfix start
|
/etc/init.d/postfix start
|
||||||
|
|
||||||
echo "Listing SASL users"
|
echo "Listing SASL users"
|
||||||
|
|
Loading…
Reference in a new issue