- added DKIM support

This commit is contained in:
bilak 2016-01-20 16:41:34 +01:00
parent f866359809
commit 5176ac03b5
9 changed files with 118 additions and 9 deletions

1
.gitignore vendored
View file

@ -2,3 +2,4 @@
docker-compose.yml
postfix/ssl/*
letsencrypt/
.idea

View file

@ -4,7 +4,10 @@ MAINTAINER Thomas VIAL
# Packages
RUN apt-get update -q --fix-missing
RUN apt-get -y upgrade
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
opendkim opendkim-tools
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
# Configures Saslauthd
@ -30,6 +33,14 @@ RUN chmod 644 /etc/clamav/freshclam.conf
RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab -
RUN freshclam
# Configure DKIM (opendkim)
RUN mkdir -p /etc/opendkim/keys
ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
# DKIM config files
ADD postfix/opendkim.conf /etc/opendkim.conf
ADD postfix/default-opendkim /etc/default/opendkim
# Configures Postfix
ADD postfix/main.cf /etc/postfix/main.cf
ADD postfix/master.cf /etc/postfix/master.cf

View file

@ -11,7 +11,13 @@ run:
cp test/accounts.cf postfix/
cp test/virtual postfix/
# Run container
docker run -d --name mail -v "`pwd`/postfix":/tmp/postfix -v "`pwd`/spamassassin":/tmp/spamassassin -v "`pwd`/test":/tmp/test -h mail.my-domain.com -t $(NAME):$(VERSION)
docker run -d --name mail \
-v "`pwd`/postfix":/tmp/postfix \
-v "`pwd`/spamassassin":/tmp/spamassassin \
-v "`pwd`/test":/tmp/test \
-h mail.my-domain.com \
-e domainname=my-domain.com \
-t $(NAME):$(VERSION)
sleep 25
prepare:

View file

@ -13,6 +13,7 @@ Includes:
- amavis
- spamassasin
- clamav with automatic updates
- opendkim
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
@ -29,6 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
- [includes integration tests](https://travis-ci.org/tomav/docker-mailserver)
- [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
- dkim public key will be echoed to log. If you have your previous configuration, you cant mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`
## installation
@ -46,6 +48,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
-v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \
-p "25:25" -p "143:143" -p "587:587" -p "993:993" \
-e DMS_SSL=letsencrypt \
-e domainname=domain.com \
-h mail.domain.com \
-t tvial/docker-mailserver

2
postfix/TrustedHosts Normal file
View file

@ -0,0 +1,2 @@
127.0.0.1
localhost

12
postfix/default-opendkim Normal file
View file

@ -0,0 +1,12 @@
# Command-line options specified here will override the contents of
# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:12301@localhost"

View file

@ -59,3 +59,8 @@ virtual_gid_maps = static:5000
# Additional option for filtering
content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM
milter_protocol = 2
milter_default_action = accept
smtpd_milters = inet:localhost:12301
non_smtpd_milters = inet:localhost:12301

21
postfix/opendkim.conf Normal file
View file

@ -0,0 +1,21 @@
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
InternalHosts refile:/etc/opendkim/TrustedHosts
KeyTable refile:/etc/opendkim/KeyTable
SigningTable refile:/etc/opendkim/SigningTable
Mode sv
PidFile /var/run/opendkim/opendkim.pid
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket inet:12301@localhost

View file

@ -1,10 +1,55 @@
#!/bin/sh
#!/bin/bash
die () {
echo >&2 "$@"
exit 1
}
# DKIM Setup
mkdir -p /etc/opendkim/keys/$domainname
if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
pushd /etc/opendkim/keys/$domainname
opendkim-genkey --subdomains --domain=$domainname --selector=mail
popd
echo ""
echo "DKIM PUBLIC KEY ################################################################"
cat /etc/opendkim/keys/$domainname/mail.txt
echo "################################################################################"
fi
# Write to KeyTable if necessary
if [ ! -f "/etc/opendkim/KeyTable" ]; then
echo "Creating DKIM KeyTable"
echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
fi
# Write to SigningTable if necessary
if [ ! -f "/etc/opendkim/SigningTable" ]; then
echo "Creating DKIM SigningTable"
echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
fi
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
# Opendkim:
echo ""
echo "opendkim.conf"
cat /etc/opendkim.conf
echo ""
echo "TrustedHosts"
cat /etc/opendkim/TrustedHosts
echo ""
echo "SigningTable"
cat /etc/opendkim/SigningTable
echo ""
echo "KeyTable"
cat /etc/opendkim/KeyTable
echo ""
if [ -f /tmp/postfix/accounts.cf ]; then
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
@ -66,7 +111,7 @@ case $DMS_SSL in
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf
# Courier configuration
cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
cat "/etc/letsencrypt/live/$(hostname)/privkey.pem" "/etc/letsencrypt/live/$(hostname)/cert.pem" > "/etc/letsencrypt/live/$(hostname)/combined.pem"
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl
echo "SSL configured with letsencrypt certificates"
@ -75,15 +120,15 @@ case $DMS_SSL in
"self-signed" )
# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \
&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
echo "Adding $(hostname) SSL certificate"
mkdir -p /etc/postfix/ssl
cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
cp "/tmp/postfix/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
cp "/tmp/postfix/ssl/$(hostname)-key.pem" /etc/postfix/ssl
cp "/tmp/postfix/ssl/$(hostname)-combined.pem" /etc/postfix/ssl
cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
# Postfix configuration
@ -91,10 +136,12 @@ case $DMS_SSL in
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$(hostname).pem"
# Courier configuration
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
echo "SSL configured with self-signed/custom certificates"
fi
;;
@ -126,6 +173,7 @@ cron
/etc/init.d/spamassassin start
/etc/init.d/clamav-daemon start
/etc/init.d/amavis start
/etc/init.d/opendkim start
/etc/init.d/postfix start
echo "Listing SASL users"