github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Allow configuring SRS secrets using the environment (#885)

Browse source
This commit is contained in:
James 2018-03-08 15:51:10 -06:00 committed by Johan Smits
parent d691b8df6f
commit 2e8bb4ae34
3 changed files with 28 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
.env.dist
View file

@ -237,3 +237,18 @@ SASLAUTHD_LDAP_FILTER=
# empty => No sasl_passwd will be created
# string => `/etc/postfix/sasl_passwd` will be created with the string as password
SASL_PASSWD=
# -----------------------------------------------------------------------------------------------------------------------------
# ---------------- SRS section --------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
# empty => Envelope sender will be rewritten for all domains
# provide comma separated list of domains to exclude from rewriting
SRS_EXCLUDE_DOMAINS=
# empty => generated when the image is built
# provide a secret to use in base64
# you may specify multiple keys, comma separated. the first one is used for
# signing and the remaining will be used for verification. this is how you
# rotate and expire keys
SRS_SECRET=

8
README.md
View file

@ -505,3 +505,11 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
- **empty** => Envelope sender will be rewritten for all domains
- provide comma seperated list of domains to exclude from rewriting
##### SRS_SECRET
- **empty** => generated when the image is built
- provide a secret to use in base64 **(recommended)**
- you may specify multiple keys, comma separated. the first one is used for signing and the remaining will be used for verification. this is how you rotate and expire keys
- if you have a cluster/swarm make sure the same keys are on all nodes
- example command to generate a key: `dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64`

7
target/postsrsd-wrapper.sh
View file

@ -1,12 +1,15 @@
#!/usr/bin/env bash
# postsrsd-wrapper.sh, version 0.2.0
# postsrsd-wrapper.sh, version 0.2.1
DOMAINNAME="$(hostname -d)"
sed -i -e "s/localdomain/$DOMAINNAME/g" /etc/default/postsrsd
if [ -n "$SRS_SECRET" ]; then
echo "$SRS_SECRET" | tr ',' '\n' > /etc/postsrsd.secret
fi
if [ -n "$SRS_EXCLUDE_DOMAINS" ]; then
sed -i -e "s/^#\?SRS_EXCLUDE_DOMAINS=.*$/SRS_EXCLUDE_DOMAINS=$SRS_EXCLUDE_DOMAINS/g" /etc/default/postsrsd
fi
/etc/init.d/postsrsd start