mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
- added DKIM support
This commit is contained in:
parent
f866359809
commit
5176ac03b5
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -2,3 +2,4 @@
|
|||
docker-compose.yml
|
||||
postfix/ssl/*
|
||||
letsencrypt/
|
||||
.idea
|
||||
|
|
13
Dockerfile
13
Dockerfile
|
@ -4,7 +4,10 @@ MAINTAINER Thomas VIAL
|
|||
# Packages
|
||||
RUN apt-get update -q --fix-missing
|
||||
RUN apt-get -y upgrade
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat
|
||||
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
|
||||
courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
|
||||
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
|
||||
opendkim opendkim-tools
|
||||
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
|
||||
|
||||
# Configures Saslauthd
|
||||
|
@ -30,6 +33,14 @@ RUN chmod 644 /etc/clamav/freshclam.conf
|
|||
RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab -
|
||||
RUN freshclam
|
||||
|
||||
# Configure DKIM (opendkim)
|
||||
RUN mkdir -p /etc/opendkim/keys
|
||||
ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
|
||||
# DKIM config files
|
||||
ADD postfix/opendkim.conf /etc/opendkim.conf
|
||||
ADD postfix/default-opendkim /etc/default/opendkim
|
||||
|
||||
|
||||
# Configures Postfix
|
||||
ADD postfix/main.cf /etc/postfix/main.cf
|
||||
ADD postfix/master.cf /etc/postfix/master.cf
|
||||
|
|
8
Makefile
8
Makefile
|
@ -11,7 +11,13 @@ run:
|
|||
cp test/accounts.cf postfix/
|
||||
cp test/virtual postfix/
|
||||
# Run container
|
||||
docker run -d --name mail -v "`pwd`/postfix":/tmp/postfix -v "`pwd`/spamassassin":/tmp/spamassassin -v "`pwd`/test":/tmp/test -h mail.my-domain.com -t $(NAME):$(VERSION)
|
||||
docker run -d --name mail \
|
||||
-v "`pwd`/postfix":/tmp/postfix \
|
||||
-v "`pwd`/spamassassin":/tmp/spamassassin \
|
||||
-v "`pwd`/test":/tmp/test \
|
||||
-h mail.my-domain.com \
|
||||
-e domainname=my-domain.com \
|
||||
-t $(NAME):$(VERSION)
|
||||
sleep 25
|
||||
|
||||
prepare:
|
||||
|
|
|
@ -13,6 +13,7 @@ Includes:
|
|||
- amavis
|
||||
- spamassasin
|
||||
- clamav with automatic updates
|
||||
- opendkim
|
||||
|
||||
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
|
||||
|
||||
|
@ -29,6 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
|
|||
- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
|
||||
- [includes integration tests](https://travis-ci.org/tomav/docker-mailserver)
|
||||
- [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
|
||||
- dkim public key will be echoed to log. If you have your previous configuration, you cant mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
|
||||
|
||||
## installation
|
||||
|
||||
|
@ -46,6 +48,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
|
|||
-v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \
|
||||
-p "25:25" -p "143:143" -p "587:587" -p "993:993" \
|
||||
-e DMS_SSL=letsencrypt \
|
||||
-e domainname=domain.com \
|
||||
-h mail.domain.com \
|
||||
-t tvial/docker-mailserver
|
||||
|
||||
|
|
2
postfix/TrustedHosts
Normal file
2
postfix/TrustedHosts
Normal file
|
@ -0,0 +1,2 @@
|
|||
127.0.0.1
|
||||
localhost
|
12
postfix/default-opendkim
Normal file
12
postfix/default-opendkim
Normal file
|
@ -0,0 +1,12 @@
|
|||
# Command-line options specified here will override the contents of
|
||||
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
|
||||
#DAEMON_OPTS=""
|
||||
#
|
||||
# Uncomment to specify an alternate socket
|
||||
# Note that setting this will override any Socket value in opendkim.conf
|
||||
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
|
||||
#SOCKET="inet:54321" # listen on all interfaces on port 54321
|
||||
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
|
||||
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
|
||||
|
||||
SOCKET="inet:12301@localhost"
|
|
@ -59,3 +59,8 @@ virtual_gid_maps = static:5000
|
|||
# Additional option for filtering
|
||||
content_filter = smtp-amavis:[127.0.0.1]:10024
|
||||
|
||||
# Milters used by DKIM
|
||||
milter_protocol = 2
|
||||
milter_default_action = accept
|
||||
smtpd_milters = inet:localhost:12301
|
||||
non_smtpd_milters = inet:localhost:12301
|
||||
|
|
21
postfix/opendkim.conf
Normal file
21
postfix/opendkim.conf
Normal file
|
@ -0,0 +1,21 @@
|
|||
AutoRestart Yes
|
||||
AutoRestartRate 10/1h
|
||||
UMask 002
|
||||
Syslog yes
|
||||
SyslogSuccess Yes
|
||||
LogWhy Yes
|
||||
|
||||
Canonicalization relaxed/simple
|
||||
|
||||
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
||||
InternalHosts refile:/etc/opendkim/TrustedHosts
|
||||
KeyTable refile:/etc/opendkim/KeyTable
|
||||
SigningTable refile:/etc/opendkim/SigningTable
|
||||
|
||||
Mode sv
|
||||
PidFile /var/run/opendkim/opendkim.pid
|
||||
SignatureAlgorithm rsa-sha256
|
||||
|
||||
UserID opendkim:opendkim
|
||||
|
||||
Socket inet:12301@localhost
|
|
@ -1,10 +1,55 @@
|
|||
#!/bin/sh
|
||||
#!/bin/bash
|
||||
|
||||
die () {
|
||||
echo >&2 "$@"
|
||||
exit 1
|
||||
}
|
||||
|
||||
# DKIM Setup
|
||||
mkdir -p /etc/opendkim/keys/$domainname
|
||||
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
|
||||
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
|
||||
pushd /etc/opendkim/keys/$domainname
|
||||
opendkim-genkey --subdomains --domain=$domainname --selector=mail
|
||||
popd
|
||||
echo ""
|
||||
echo "DKIM PUBLIC KEY ################################################################"
|
||||
cat /etc/opendkim/keys/$domainname/mail.txt
|
||||
echo "################################################################################"
|
||||
fi
|
||||
# Write to KeyTable if necessary
|
||||
if [ ! -f "/etc/opendkim/KeyTable" ]; then
|
||||
echo "Creating DKIM KeyTable"
|
||||
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
|
||||
fi
|
||||
# Write to SigningTable if necessary
|
||||
if [ ! -f "/etc/opendkim/SigningTable" ]; then
|
||||
echo "Creating DKIM SigningTable"
|
||||
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
|
||||
fi
|
||||
echo "Changing permissions on /etc/opendkim"
|
||||
# chown entire directory
|
||||
chown -R opendkim:opendkim /etc/opendkim/
|
||||
# And make sure permissions are right
|
||||
chmod -R 0700 /etc/opendkim/keys/
|
||||
|
||||
# Opendkim:
|
||||
echo ""
|
||||
echo "opendkim.conf"
|
||||
cat /etc/opendkim.conf
|
||||
echo ""
|
||||
echo "TrustedHosts"
|
||||
cat /etc/opendkim/TrustedHosts
|
||||
echo ""
|
||||
echo "SigningTable"
|
||||
cat /etc/opendkim/SigningTable
|
||||
echo ""
|
||||
echo "KeyTable"
|
||||
cat /etc/opendkim/KeyTable
|
||||
echo ""
|
||||
|
||||
|
||||
|
||||
if [ -f /tmp/postfix/accounts.cf ]; then
|
||||
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
|
||||
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
|
||||
|
@ -66,7 +111,7 @@ case $DMS_SSL in
|
|||
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf
|
||||
|
||||
# Courier configuration
|
||||
cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
|
||||
cat "/etc/letsencrypt/live/$(hostname)/privkey.pem" "/etc/letsencrypt/live/$(hostname)/cert.pem" > "/etc/letsencrypt/live/$(hostname)/combined.pem"
|
||||
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl
|
||||
|
||||
echo "SSL configured with letsencrypt certificates"
|
||||
|
@ -75,15 +120,15 @@ case $DMS_SSL in
|
|||
|
||||
"self-signed" )
|
||||
# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
|
||||
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
|
||||
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
|
||||
&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \
|
||||
&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
|
||||
&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
|
||||
echo "Adding $(hostname) SSL certificate"
|
||||
mkdir -p /etc/postfix/ssl
|
||||
cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
|
||||
cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
|
||||
cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
|
||||
cp "/tmp/postfix/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
|
||||
cp "/tmp/postfix/ssl/$(hostname)-key.pem" /etc/postfix/ssl
|
||||
cp "/tmp/postfix/ssl/$(hostname)-combined.pem" /etc/postfix/ssl
|
||||
cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
|
||||
|
||||
# Postfix configuration
|
||||
|
@ -91,10 +136,12 @@ case $DMS_SSL in
|
|||
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
|
||||
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
|
||||
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
|
||||
ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
|
||||
ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$(hostname).pem"
|
||||
|
||||
# Courier configuration
|
||||
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
|
||||
|
||||
echo "SSL configured with self-signed/custom certificates"
|
||||
fi
|
||||
|
||||
;;
|
||||
|
@ -126,6 +173,7 @@ cron
|
|||
/etc/init.d/spamassassin start
|
||||
/etc/init.d/clamav-daemon start
|
||||
/etc/init.d/amavis start
|
||||
/etc/init.d/opendkim start
|
||||
/etc/init.d/postfix start
|
||||
|
||||
echo "Listing SASL users"
|
||||
|
|
Loading…
Reference in a new issue