From 07ec823f45c2a72a04a489e7abe48b6c362322cb Mon Sep 17 00:00:00 2001 From: bilak Date: Tue, 26 Jan 2016 18:26:50 +0100 Subject: [PATCH 1/3] - added DMARC (opendmarc) support with basic setup --- Dockerfile | 6 +++++- README.md | 1 + postfix/default-opendmarc | 11 +++++++++++ postfix/main.cf | 4 ++-- postfix/opendmarc.conf | 8 ++++++++ start-mailserver.sh | 15 +++++++++++++++ 6 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 postfix/default-opendmarc create mode 100644 postfix/opendmarc.conf diff --git a/Dockerfile b/Dockerfile index f4437048..d7dd15a9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -7,7 +7,7 @@ RUN apt-get -y upgrade RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ - opendkim opendkim-tools + opendkim opendkim-tools opendmarc RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* # Configures Saslauthd @@ -40,6 +40,10 @@ ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts ADD postfix/opendkim.conf /etc/opendkim.conf ADD postfix/default-opendkim /etc/default/opendkim +# Configure DMARC (opendmarc) +ADD postfix/opendmarc.conf /etc/opendmarc.conf +ADD postfix/default-opendmarc /etc/default/opendmarc + # Configures Postfix ADD postfix/main.cf /etc/postfix/main.cf diff --git a/README.md b/README.md index d54d3b66..5c206942 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,7 @@ Includes: - spamassasin - clamav with automatic updates - opendkim +- opendmarc (basic setup) - [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates - optional pop3 server (add `-e ENABLE_POP3=1` to enable pop3 server) diff --git a/postfix/default-opendmarc b/postfix/default-opendmarc new file mode 100644 index 00000000..896f5839 --- /dev/null +++ b/postfix/default-opendmarc @@ -0,0 +1,11 @@ +# Command-line options specified here will override the contents of +# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options. +#DAEMON_OPTS="" +# +# Uncomment to specify an alternate socket +# Note that setting this will override any Socket value in opendkim.conf +#SOCKET="local:/var/run/opendmarc/opendmarc.sock" # default +#SOCKET="inet:54321" # listen on all interfaces on port 54321 +#SOCKET="inet:12345@localhost" # listen on loopback on port 12345 +#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 +SOCKET="inet:54321@localhost" \ No newline at end of file diff --git a/postfix/main.cf b/postfix/main.cf index c0fbc9e6..593b6394 100644 --- a/postfix/main.cf +++ b/postfix/main.cf @@ -61,5 +61,5 @@ content_filter = smtp-amavis:[127.0.0.1]:10024 # Milters used by DKIM milter_protocol = 2 milter_default_action = accept -smtpd_milters = inet:localhost:12301 -non_smtpd_milters = inet:localhost:12301 +smtpd_milters = inet:localhost:12301,inet:localhost:54321 +non_smtpd_milters = inet:localhost:12301,inet:localhost:54321 diff --git a/postfix/opendmarc.conf b/postfix/opendmarc.conf new file mode 100644 index 00000000..89bce44d --- /dev/null +++ b/postfix/opendmarc.conf @@ -0,0 +1,8 @@ + +PidFile /var/run/opendmarc.pid +RejectFailures false +Syslog true +UMask 0002 +UserID opendmarc:opendmarc +IgnoreHosts /etc/opendmarc/ignore.hosts +HistoryFile /var/run/opendmarc/opendmarc.dat \ No newline at end of file diff --git a/start-mailserver.sh b/start-mailserver.sh index 29e85cf8..9fa9c260 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -97,6 +97,20 @@ chown -R opendkim:opendkim /etc/opendkim/ # And make sure permissions are right chmod -R 0700 /etc/opendkim/keys/ +# DMARC +# if ther is no AuthservID create it +if [ `cat /etc/opendmarc.conf | grep AuthservID | wc -l` -gt 0 ]; then + echo "AuthservID $hostname" >> /etc/opendmarc.conf +fi +if [ `cat /etc/opendmarc.conf | grep TrustedAuthservIDs | wc -l` -gt 0 ]; then + echo "TrustedAuthservIDs $hostname" >> /etc/opendmarc.conf +fi +if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then + mkdir -p /etc/opendmarc/ + echo "localhost" >> /etc/opendmarc/ignore.hosts +fi + + # SSL Configuration case $DMS_SSL in @@ -188,6 +202,7 @@ fi /etc/init.d/clamav-daemon start /etc/init.d/amavis start /etc/init.d/opendkim start +/etc/init.d/opendmarc start /etc/init.d/postfix start echo "Listing SASL users" From b73e602e3ebaeb51a828d07adb5c02d01b2cad74 Mon Sep 17 00:00:00 2001 From: bilak Date: Tue, 26 Jan 2016 18:53:57 +0100 Subject: [PATCH 2/3] - fixed equal sign --- start-mailserver.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/start-mailserver.sh b/start-mailserver.sh index 9fa9c260..d35f712d 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -99,10 +99,10 @@ chmod -R 0700 /etc/opendkim/keys/ # DMARC # if ther is no AuthservID create it -if [ `cat /etc/opendmarc.conf | grep AuthservID | wc -l` -gt 0 ]; then +if [ `cat /etc/opendmarc.conf | grep AuthservID | wc -l` -eq 0 ]; then echo "AuthservID $hostname" >> /etc/opendmarc.conf fi -if [ `cat /etc/opendmarc.conf | grep TrustedAuthservIDs | wc -l` -gt 0 ]; then +if [ `cat /etc/opendmarc.conf | grep TrustedAuthservIDs | wc -l` -eq 0 ]; then echo "TrustedAuthservIDs $hostname" >> /etc/opendmarc.conf fi if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then From cc7270a22bf84025e70eb3607c1beda4b492885f Mon Sep 17 00:00:00 2001 From: bilak Date: Tue, 26 Jan 2016 19:03:12 +0100 Subject: [PATCH 3/3] - improved searching strings inside file (seraching for whole words) --- start-mailserver.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/start-mailserver.sh b/start-mailserver.sh index d35f712d..e5f25489 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -99,10 +99,10 @@ chmod -R 0700 /etc/opendkim/keys/ # DMARC # if ther is no AuthservID create it -if [ `cat /etc/opendmarc.conf | grep AuthservID | wc -l` -eq 0 ]; then +if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then echo "AuthservID $hostname" >> /etc/opendmarc.conf fi -if [ `cat /etc/opendmarc.conf | grep TrustedAuthservIDs | wc -l` -eq 0 ]; then +if [ `cat /etc/opendmarc.conf | grep -w TrustedAuthservIDs | wc -l` -eq 0 ]; then echo "TrustedAuthservIDs $hostname" >> /etc/opendmarc.conf fi if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then