Merge pull request #67 from bilak/master

Added DMARC (opendmarc) support with basic setup
This commit is contained in:
Thomas VIAL 2016-01-26 22:10:52 +01:00
commit 7fdcfe3f1b
6 changed files with 42 additions and 3 deletions

View file

@ -7,7 +7,7 @@ RUN apt-get -y upgrade
RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \ RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
opendkim opendkim-tools opendkim opendkim-tools opendmarc
RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*
# Configures Saslauthd # Configures Saslauthd
@ -40,6 +40,10 @@ ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
ADD postfix/opendkim.conf /etc/opendkim.conf ADD postfix/opendkim.conf /etc/opendkim.conf
ADD postfix/default-opendkim /etc/default/opendkim ADD postfix/default-opendkim /etc/default/opendkim
# Configure DMARC (opendmarc)
ADD postfix/opendmarc.conf /etc/opendmarc.conf
ADD postfix/default-opendmarc /etc/default/opendmarc
# Configures Postfix # Configures Postfix
ADD postfix/main.cf /etc/postfix/main.cf ADD postfix/main.cf /etc/postfix/main.cf

View file

@ -14,6 +14,7 @@ Includes:
- spamassasin - spamassasin
- clamav with automatic updates - clamav with automatic updates
- opendkim - opendkim
- opendmarc (basic setup)
- [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates - [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates
- optional pop3 server (add `-e ENABLE_POP3=1` to enable pop3 server) - optional pop3 server (add `-e ENABLE_POP3=1` to enable pop3 server)

11
postfix/default-opendmarc Normal file
View file

@ -0,0 +1,11 @@
# Command-line options specified here will override the contents of
# /etc/opendmarc.conf. See opendmarc(8) for a complete list of options.
#DAEMON_OPTS=""
#
# Uncomment to specify an alternate socket
# Note that setting this will override any Socket value in opendkim.conf
#SOCKET="local:/var/run/opendmarc/opendmarc.sock" # default
#SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:54321@localhost"

View file

@ -61,5 +61,5 @@ content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM # Milters used by DKIM
milter_protocol = 2 milter_protocol = 2
milter_default_action = accept milter_default_action = accept
smtpd_milters = inet:localhost:12301 smtpd_milters = inet:localhost:12301,inet:localhost:54321
non_smtpd_milters = inet:localhost:12301 non_smtpd_milters = inet:localhost:12301,inet:localhost:54321

8
postfix/opendmarc.conf Normal file
View file

@ -0,0 +1,8 @@
PidFile /var/run/opendmarc.pid
RejectFailures false
Syslog true
UMask 0002
UserID opendmarc:opendmarc
IgnoreHosts /etc/opendmarc/ignore.hosts
HistoryFile /var/run/opendmarc/opendmarc.dat

View file

@ -97,6 +97,20 @@ chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right # And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/ chmod -R 0700 /etc/opendkim/keys/
# DMARC
# if ther is no AuthservID create it
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
echo "AuthservID $hostname" >> /etc/opendmarc.conf
fi
if [ `cat /etc/opendmarc.conf | grep -w TrustedAuthservIDs | wc -l` -eq 0 ]; then
echo "TrustedAuthservIDs $hostname" >> /etc/opendmarc.conf
fi
if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
mkdir -p /etc/opendmarc/
echo "localhost" >> /etc/opendmarc/ignore.hosts
fi
# SSL Configuration # SSL Configuration
case $DMS_SSL in case $DMS_SSL in
@ -188,6 +202,7 @@ fi
/etc/init.d/clamav-daemon start /etc/init.d/clamav-daemon start
/etc/init.d/amavis start /etc/init.d/amavis start
/etc/init.d/opendkim start /etc/init.d/opendkim start
/etc/init.d/opendmarc start
/etc/init.d/postfix start /etc/init.d/postfix start
echo "Listing SASL users" echo "Listing SASL users"