mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
* making postsrsd optional * added tests, added documentation
This commit is contained in:
parent
a420b15370
commit
2167108ec0
|
@ -45,6 +45,11 @@ TLS_LEVEL=
|
||||||
# Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
|
# Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
|
||||||
SPOOF_PROTECTION=
|
SPOOF_PROTECTION=
|
||||||
|
|
||||||
|
# Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
|
||||||
|
# - **0** => Disabled
|
||||||
|
# - 1 => Enabled
|
||||||
|
ENABLE_SRS=0
|
||||||
|
|
||||||
# 1 => Enables POP3 service
|
# 1 => Enables POP3 service
|
||||||
# empty => disables POP3
|
# empty => disables POP3
|
||||||
ENABLE_POP3=
|
ENABLE_POP3=
|
||||||
|
|
1
Makefile
1
Makefile
|
@ -31,6 +31,7 @@ run:
|
||||||
-e SA_KILL=3.0 \
|
-e SA_KILL=3.0 \
|
||||||
-e SA_SPAM_SUBJECT="SPAM: " \
|
-e SA_SPAM_SUBJECT="SPAM: " \
|
||||||
-e VIRUSMAILS_DELETE_DELAY=7 \
|
-e VIRUSMAILS_DELETE_DELAY=7 \
|
||||||
|
-e ENABLE_SRS=1 \
|
||||||
-e SASL_PASSWD="external-domain.com username:password" \
|
-e SASL_PASSWD="external-domain.com username:password" \
|
||||||
-e ENABLE_MANAGESIEVE=1 \
|
-e ENABLE_MANAGESIEVE=1 \
|
||||||
--cap-add=SYS_PTRACE \
|
--cap-add=SYS_PTRACE \
|
||||||
|
|
|
@ -83,6 +83,10 @@ You're done!
|
||||||
|
|
||||||
And don't forget to have a look at the remaining functions of the `setup.sh` script
|
And don't forget to have a look at the remaining functions of the `setup.sh` script
|
||||||
|
|
||||||
|
#### SPF/Forwarding Problems
|
||||||
|
|
||||||
|
If you got any problems with SPF and/or forwarding mails, give [SRS](https://github.com/roehling/postsrsd/blob/master/README.md) a try. You enable SRS by setting `ENABLE_SRS=1`. See the variable description for further information.
|
||||||
|
|
||||||
#### For informational purposes:
|
#### For informational purposes:
|
||||||
|
|
||||||
Your config folder will be mounted in `/tmp/docker-mailserver/`. To understand how things work on boot, please have a look at [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh)
|
Your config folder will be mounted in `/tmp/docker-mailserver/`. To understand how things work on boot, please have a look at [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh)
|
||||||
|
@ -260,6 +264,11 @@ Configures the handling of creating mails with forged sender addresses.
|
||||||
- **empty** => Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address. See also [Wikipedia](https://en.wikipedia.org/wiki/Email_spoofing)(not recommended, but default for backwards compatibility reasons)
|
- **empty** => Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address. See also [Wikipedia](https://en.wikipedia.org/wiki/Email_spoofing)(not recommended, but default for backwards compatibility reasons)
|
||||||
- 1 => (recommended) Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with [extension delimiters](http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
|
- 1 => (recommended) Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with [extension delimiters](http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
|
||||||
|
|
||||||
|
##### ENABLE_SRS
|
||||||
|
Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
|
||||||
|
- **0** => Disabled
|
||||||
|
- 1 => Enabled
|
||||||
|
|
||||||
##### PERMIT_DOCKER
|
##### PERMIT_DOCKER
|
||||||
|
|
||||||
Set different options for mynetworks option (can be overwrite in postfix-main.cf)
|
Set different options for mynetworks option (can be overwrite in postfix-main.cf)
|
||||||
|
|
|
@ -26,6 +26,7 @@ services:
|
||||||
- OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
|
- OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
|
||||||
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
|
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
|
||||||
- POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
|
- POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
|
||||||
|
- ENABLE_SRS=${ENABLE_SRS}
|
||||||
- REPORT_RECIPIENT=${REPORT_RECIPIENT}
|
- REPORT_RECIPIENT=${REPORT_RECIPIENT}
|
||||||
- REPORT_INTERVAL=${REPORT_INTERVAL}
|
- REPORT_INTERVAL=${REPORT_INTERVAL}
|
||||||
- SMTP_ONLY=${SMTP_ONLY}
|
- SMTP_ONLY=${SMTP_ONLY}
|
||||||
|
|
|
@ -30,6 +30,7 @@ services:
|
||||||
- SSL_TYPE=${SSL_TYPE}
|
- SSL_TYPE=${SSL_TYPE}
|
||||||
- TLS_LEVEL=${TLS_LEVEL}
|
- TLS_LEVEL=${TLS_LEVEL}
|
||||||
- SPOOF_PROTECTION=${SPOOF_PROTECTION}
|
- SPOOF_PROTECTION=${SPOOF_PROTECTION}
|
||||||
|
- ENABLE_SRS=${ENABLE_SRS}
|
||||||
- PERMIT_DOCKER=${PERMIT_DOCKER}
|
- PERMIT_DOCKER=${PERMIT_DOCKER}
|
||||||
- VIRUSMAILS_DELETE_DELAY=${VIRUSMAILS_DELETE_DELAY}
|
- VIRUSMAILS_DELETE_DELAY=${VIRUSMAILS_DELETE_DELAY}
|
||||||
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${ENABLE_POSTFIX_VIRTUAL_TRANSPORT}
|
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${ENABLE_POSTFIX_VIRTUAL_TRANSPORT}
|
||||||
|
|
|
@ -97,9 +97,3 @@ policyd-spf_time_limit = 3600
|
||||||
|
|
||||||
# Remove unwanted headers that reveail our privacy
|
# Remove unwanted headers that reveail our privacy
|
||||||
smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
|
smtp_header_checks = pcre:/etc/postfix/maps/sender_header_filter.pcre
|
||||||
|
|
||||||
# postSRSd rules to process spf mail forwarding
|
|
||||||
sender_canonical_maps = tcp:localhost:10001
|
|
||||||
sender_canonical_classes = envelope_sender
|
|
||||||
recipient_canonical_maps = tcp:localhost:10002
|
|
||||||
recipient_canonical_classes = envelope_recipient,header_recipient
|
|
||||||
|
|
|
@ -27,6 +27,7 @@ DEFAULT_VARS["POSTMASTER_ADDRESS"]="${POSTMASTER_ADDRESS:="postmaster@domain.com
|
||||||
DEFAULT_VARS["POSTSCREEN_ACTION"]="${POSTSCREEN_ACTION:="enforce"}"
|
DEFAULT_VARS["POSTSCREEN_ACTION"]="${POSTSCREEN_ACTION:="enforce"}"
|
||||||
DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
|
DEFAULT_VARS["SPOOF_PROTECTION"]="${SPOOF_PROTECTION:="0"}"
|
||||||
DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
|
DEFAULT_VARS["TLS_LEVEL"]="${TLS_LEVEL:="modern"}"
|
||||||
|
DEFAULT_VARS["ENABLE_SRS"]="${ENABLE_SRS:="0"}"
|
||||||
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
|
DEFAULT_VARS["REPORT_RECIPIENT"]="${REPORT_RECIPIENT:="0"}"
|
||||||
DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}"
|
DEFAULT_VARS["REPORT_INTERVAL"]="${REPORT_INTERVAL:="daily"}"
|
||||||
##########################################################################
|
##########################################################################
|
||||||
|
@ -126,6 +127,11 @@ function register_functions() {
|
||||||
_register_setup_function "_setup_spoof_protection"
|
_register_setup_function "_setup_spoof_protection"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$ENABLE_SRS" = 1 ]; then
|
||||||
|
_register_setup_function "_setup_SRS"
|
||||||
|
_register_start_daemon "_start_daemons_postsrsd"
|
||||||
|
fi
|
||||||
|
|
||||||
_register_setup_function "_setup_postfix_access_control"
|
_register_setup_function "_setup_postfix_access_control"
|
||||||
|
|
||||||
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
|
if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then
|
||||||
|
@ -733,6 +739,14 @@ function _setup_postfix_aliases() {
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _setup_SRS() {
|
||||||
|
notify 'task' 'Setting up SRS'
|
||||||
|
postconf -e "sender_canonical_maps = tcp:localhost:10001"
|
||||||
|
postconf -e "sender_canonical_classes = envelope_sender"
|
||||||
|
postconf -e "recipient_canonical_maps = tcp:localhost:10002"
|
||||||
|
postconf -e "recipient_canonical_classes = envelope_recipient,header_recipient"
|
||||||
|
}
|
||||||
|
|
||||||
function _setup_dkim() {
|
function _setup_dkim() {
|
||||||
notify 'task' 'Setting up DKIM'
|
notify 'task' 'Setting up DKIM'
|
||||||
|
|
||||||
|
@ -1292,6 +1306,11 @@ function _start_daemons_opendmarc() {
|
||||||
supervisorctl start opendmarc
|
supervisorctl start opendmarc
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function _start_daemons_postsrsd(){
|
||||||
|
notify 'task' 'Starting postsrsd ' 'n'
|
||||||
|
supervisorctl start postsrsd
|
||||||
|
}
|
||||||
|
|
||||||
function _start_daemons_postfix() {
|
function _start_daemons_postfix() {
|
||||||
notify 'task' 'Starting postfix' 'n'
|
notify 'task' 'Starting postfix' 'n'
|
||||||
supervisorctl start postfix
|
supervisorctl start postfix
|
||||||
|
|
|
@ -124,7 +124,7 @@ command=/usr/local/bin/check-for-changes.sh
|
||||||
|
|
||||||
[program:postsrsd]
|
[program:postsrsd]
|
||||||
startsecs=0
|
startsecs=0
|
||||||
autostart=true
|
autostart=false
|
||||||
autorestart=unexpected
|
autorestart=unexpected
|
||||||
stdout_logfile=/var/log/supervisor/%(program_name)s.log
|
stdout_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
stderr_logfile=/var/log/supervisor/%(program_name)s.log
|
||||||
|
|
|
@ -790,6 +790,26 @@ load 'test_helper/bats-assert/load'
|
||||||
assert_success
|
assert_success
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#
|
||||||
|
# postsrsd
|
||||||
|
#
|
||||||
|
|
||||||
|
@test "checking SRS: main.cf entries" {
|
||||||
|
run docker exec mail grep "sender_canonical_maps = tcp:localhost:10001" /etc/postfix/main.cf
|
||||||
|
assert_success
|
||||||
|
run docker exec mail grep "sender_canonical_classes = envelope_sender" /etc/postfix/main.cf
|
||||||
|
assert_success
|
||||||
|
run docker exec mail grep "recipient_canonical_maps = tcp:localhost:10002" /etc/postfix/main.cf
|
||||||
|
assert_success
|
||||||
|
run docker exec mail grep "recipient_canonical_classes = envelope_recipient,header_recipient" /etc/postfix/main.cf
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
|
@test "checking SRS: postsrsd running" {
|
||||||
|
run docker exec mail /bin/sh -c "ps aux | grep ^postsrsd"
|
||||||
|
assert_success
|
||||||
|
}
|
||||||
|
|
||||||
#
|
#
|
||||||
# fail2ban
|
# fail2ban
|
||||||
#
|
#
|
||||||
|
|
Loading…
Reference in a new issue