diff --git a/Makefile b/Makefile index 05029946..aed0b797 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,7 @@ build: run: # Copy test files cp test/accounts.cf postfix/ + cp test/main.cf postfix/ cp test/virtual postfix/ # Run containers docker run -d --name mail \ @@ -18,6 +19,7 @@ run: -e SA_TAG=1.0 \ -e SA_TAG2=2.0 \ -e SA_KILL=3.0 \ + -e SASL_PASSWD=testing \ -h mail.my-domain.com -t $(NAME) docker run -d --name mail_pop3 \ -v "`pwd`/postfix":/tmp/postfix \ @@ -36,11 +38,11 @@ run: fixtures: # Sending test mails - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/non-existing-user.txt" # Wait for mails to be analyzed sleep 10 @@ -51,6 +53,6 @@ tests: clean: # Get default files back - git checkout postfix/accounts.cf postfix/virtual + git checkout postfix/accounts.cf postfix/main.cf postfix/virtual # Remove running test containers docker rm -f mail mail_pop3 mail_smtponly diff --git a/README.md b/README.md index 0cd895f9..6fdb8edf 100644 --- a/README.md +++ b/README.md @@ -97,6 +97,9 @@ Example: * *6.31* (default) => add 'spam detected' headers at that level * SA_KILL * *6.31* (default) => triggers spam evasive actions) +* SASL_PASSWORD + * *empty* (default) => No sasl_passwd will be created + * *string* => A /etc/postfix/sasl_passwd will be created with that content and postmap will be run on it Please read [how the container starts](https://github.com/tomav/docker-mailserver/blob/master/start-mailserver.sh) to understand what's expected. diff --git a/postfix/master.cf b/postfix/master.cf index 8804f632..b2fe0de9 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -72,6 +72,7 @@ smtp-amavis unix - - - - 2 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 + -o smtp_tls_security_level=none 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= @@ -92,3 +93,4 @@ smtp-amavis unix - - - - 2 smtp -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks + -o smtp_tls_security_level=none diff --git a/postfix/opendkim.conf b/postfix/opendkim.conf index 05c9d340..f8c1b6c3 100644 --- a/postfix/opendkim.conf +++ b/postfix/opendkim.conf @@ -4,6 +4,7 @@ UMask 002 Syslog yes SyslogSuccess Yes LogWhy Yes +RemoveOldSignatures Yes Canonicalization relaxed/simple @@ -18,4 +19,4 @@ SignatureAlgorithm rsa-sha256 UserID opendkim:opendkim -Socket inet:12301@localhost \ No newline at end of file +Socket inet:12301@localhost diff --git a/start-mailserver.sh b/start-mailserver.sh index e8668a36..46f1ff45 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -196,6 +196,26 @@ case $DMS_SSL in esac +if [ -f /tmp/postfix/main.cf ]; then + while read line; do + postconf -e "$line" + done < /tmp/postfix/main.cf + echo "Loaded '/tmp/postfix/main.cf'" +else + echo "'/tmp/postfix/main.cf' not provided. No extra postfix settings loaded." +fi + +if [ ! -z "$SASL_PASSWD" ]; then + echo "$SASL_PASSWD" > /etc/postfix/sasl_passwd + postmap hash:/etc/postfix/sasl_passwd + rm /etc/postfix/sasl_passwd + chown root:root /etc/postfix/sasl_passwd.db + chmod 0600 /etc/postfix/sasl_passwd.db + echo "Loaded SASL_PASSWORD" +else + echo "==> Warning: 'SASL_PASSWORD' is not provided. /etc/postfix/sasl_passwd not created." +fi + echo "Fixing permissions" chown -R 5000:5000 /var/mail mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav diff --git a/test/main.cf b/test/main.cf new file mode 100644 index 00000000..37155392 --- /dev/null +++ b/test/main.cf @@ -0,0 +1,2 @@ +max_idle = 600s +readme_directory = /tmp diff --git a/test/tests.bats b/test/tests.bats index be681fb1..8cfe488e 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -105,6 +105,11 @@ [ "$status" -eq 0 ] } +@test "checking sasl: sasl_passwd.db exists" { + run docker exec mail [ -f /etc/postfix/sasl_passwd.db ] + [ "$status" -eq 0 ] +} + # # smtp # @@ -217,6 +222,13 @@ [ "${lines[1]}" = "otherdomain.tld" ] } +@test "checking postfix: main.cf overrides" { + run docker exec mail grep -q 'max_idle = 600s' /tmp/postfix/main.cf + [ "$status" -eq 0 ] + run docker exec mail grep -q 'readme_directory = /tmp' /tmp/postfix/main.cf + [ "$status" -eq 0 ] +} + # # spamassassin #