diff --git a/Dockerfile b/Dockerfile index 55dcf094..a9e211cc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get -y upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix dovecot-core dovecot-imapd dovecot-pop3d \ supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ - opendkim opendkim-tools opendmarc curl fail2ban + opendkim opendkim-tools opendmarc curl fail2ban sasl2-bin RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* # Configures Dovecot @@ -47,23 +47,20 @@ ADD target/bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate RUN chmod +x /usr/local/bin/generate-ssl-certificate # Get LetsEncrypt signed certificate -RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem -RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem +RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem +RUN curl -s https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem # Start-mailserver script ADD target/start-mailserver.sh /usr/local/bin/start-mailserver.sh RUN chmod +x /usr/local/bin/start-mailserver.sh # SMTP ports -EXPOSE 25 -EXPOSE 587 +EXPOSE 25 587 # IMAP ports -EXPOSE 143 -EXPOSE 993 +EXPOSE 143 993 # POP3 ports -EXPOSE 110 -EXPOSE 995 +EXPOSE 110 995 CMD /usr/local/bin/start-mailserver.sh diff --git a/Makefile b/Makefile index 31019432..e9af7d82 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,8 @@ BRANCH := $(shell git rev-parse --abbrev-ref HEAD) NAME = tvial/docker-mailserver:$(BRANCH) -# all: build-no-cache run fixtures tests clean -#all-no-build: run fixtures tests clean -all: build-no-cache +all: build-no-cache run fixtures tests clean +all-fast: build run fixtures tests clean build-no-cache: docker build --no-cache -t $(NAME) . diff --git a/target/postfix/main.cf b/target/postfix/main.cf index 37155392..0235711d 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -1,2 +1,65 @@ -max_idle = 600s -readme_directory = /tmp +# See /usr/share/postfix/main.cf.dist for a commented, more complete version + +smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) +biff = no +append_dot_mydomain = no +readme_directory = no + +# Basic configuration +# myhostname = +alias_maps = hash:/etc/aliases +alias_database = hash:/etc/aliases +mydestination = +relayhost = +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16 +mailbox_size_limit = 0 +recipient_delimiter = + +inet_interfaces = all +inet_protocols = all + +# TLS parameters +smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem +smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key +#smtpd_tls_CAfile= +#smtp_tls_CAfile= +smtpd_tls_security_level = may +smtpd_use_tls=yes +smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination +smtpd_recipient_restrictions = permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination +smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination +smtpd_sender_restrictions = permit_mynetworks +smtp_tls_security_level = may +smtp_tls_loglevel = 1 +tls_ssl_options = NO_COMPRESSION +tls_high_cipherlist=EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA +smtpd_tls_protocols=!SSLv2,!SSLv3 +smtp_tls_protocols=!SSLv2,!SSLv3 +smtpd_tls_mandatory_ciphers = high +smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtpd_tls_exclude_ciphers = aNULL, LOW, EXP, MEDIUM, ADH, AECDH, MD5, DSS, ECDSA, CAMELLIA128, 3DES, CAMELLIA256, RSA+AES, eNULL + +# SASL +smtpd_sasl_auth_enable = yes +smtpd_sasl_path = /var/spool/postfix/private/auth +smtpd_sasl_type = dovecot + +smtpd_sasl_security_options = noanonymous +smtpd_sasl_local_domain = $myhostname +broken_sasl_auth_clients = yes + +# Mail directory +virtual_mailbox_base = /var/mail +virtual_mailbox_domains = /etc/postfix/vhost +virtual_mailbox_maps = hash:/etc/postfix/vmailbox +virtual_alias_maps = hash:/etc/postfix/virtual +virtual_uid_maps = static:5000 +virtual_gid_maps = static:5000 + +# Additional option for filtering +content_filter = smtp-amavis:[127.0.0.1]:10024 + +# Milters used by DKIM +milter_protocol = 2 +milter_default_action = accept +smtpd_milters = inet:localhost:12301,inet:localhost:54321 +non_smtpd_milters = inet:localhost:12301,inet:localhost:54321