diff --git a/Dockerfile b/Dockerfile index f4437048..d7dd15a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get -y upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ - opendkim opendkim-tools + opendkim opendkim-tools opendmarc RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* # Configures Saslauthd @@ -40,6 +40,10 @@ ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts ADD postfix/opendkim.conf /etc/opendkim.conf ADD postfix/default-opendkim /etc/default/opendkim +# Configure DMARC (opendmarc) +ADD postfix/opendmarc.conf /etc/opendmarc.conf +ADD postfix/default-opendmarc /etc/default/opendmarc + # Configures Postfix ADD postfix/main.cf /etc/postfix/main.cf diff --git a/README.md b/README.md index d54d3b66..5c206942 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ Includes: - spamassasin - clamav with automatic updates - opendkim +- opendmarc (basic setup) - [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates - optional pop3 server (add `-e ENABLE_POP3=1` to enable pop3 server) diff --git a/postfix/default-opendmarc b/postfix/default-opendmarc new file mode 100644 index 00000000..896f5839 --- /dev/null +++ b/postfix/default-opendmarc @@ -0,0 +1,11 @@ +# Command-line options specified here will override the contents of +# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options. +#DAEMON_OPTS="" +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +#SOCKET="local:/var/run/opendmarc/opendmarc.sock" # default +#SOCKET="inet:54321" # listen on all interfaces on port 54321 +#SOCKET="inet:12345@localhost" # listen on loopback on port 12345 +#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 +SOCKET="inet:54321@localhost" \ No newline at end of file diff --git a/postfix/main.cf b/postfix/main.cf index c0fbc9e6..593b6394 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -61,5 +61,5 @@ content_filter = smtp-amavis:[127.0.0.1]:10024 # Milters used by DKIM milter_protocol = 2 milter_default_action = accept -smtpd_milters = inet:localhost:12301 -non_smtpd_milters = inet:localhost:12301 +smtpd_milters = inet:localhost:12301,inet:localhost:54321 +non_smtpd_milters = inet:localhost:12301,inet:localhost:54321 diff --git a/postfix/opendmarc.conf b/postfix/opendmarc.conf new file mode 100644 index 00000000..89bce44d --- /dev/null +++ b/postfix/opendmarc.conf @@ -0,0 +1,8 @@ + +PidFile /var/run/opendmarc.pid +RejectFailures false +Syslog true +UMask 0002 +UserID opendmarc:opendmarc +IgnoreHosts /etc/opendmarc/ignore.hosts +HistoryFile /var/run/opendmarc/opendmarc.dat \ No newline at end of file diff --git a/start-mailserver.sh b/start-mailserver.sh index 29e85cf8..e5f25489 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -97,6 +97,20 @@ chown -R opendkim:opendkim /etc/opendkim/ # And make sure permissions are right chmod -R 0700 /etc/opendkim/keys/ +# DMARC +# if ther is no AuthservID create it +if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then + echo "AuthservID $hostname" >> /etc/opendmarc.conf +fi +if [ `cat /etc/opendmarc.conf | grep -w TrustedAuthservIDs | wc -l` -eq 0 ]; then + echo "TrustedAuthservIDs $hostname" >> /etc/opendmarc.conf +fi +if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then + mkdir -p /etc/opendmarc/ + echo "localhost" >> /etc/opendmarc/ignore.hosts +fi + + # SSL Configuration case $DMS_SSL in @@ -188,6 +202,7 @@ fi /etc/init.d/clamav-daemon start /etc/init.d/amavis start /etc/init.d/opendkim start +/etc/init.d/opendmarc start /etc/init.d/postfix start echo "Listing SASL users"