github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

improve OpenDKIM and OpenDMARC milters integration (#361)

Browse source
This commit is contained in:
Kai Ren 2016-10-25 09:57:08 +03:00 committed by Thomas VIAL
parent a62062c382
commit 9111a92b18
10 changed files with 24 additions and 44 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Dockerfile
View file

@ -83,6 +83,7 @@ COPY target/opendkim/default-opendkim /etc/default/opendkim
# Configure DMARC (opendmarc) # Configure DMARC (opendmarc)
COPY target/opendmarc/opendmarc.conf /etc/opendmarc.conf COPY target/opendmarc/opendmarc.conf /etc/opendmarc.conf
COPY target/opendmarc/default-opendmarc /etc/default/opendmarc COPY target/opendmarc/default-opendmarc /etc/default/opendmarc
COPY target/opendmarc/ignore.hosts /etc/opendmarc/ignore.hosts
# Configure fetchmail # Configure fetchmail
COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general COPY target/fetchmail/fetchmailrc /etc/fetchmailrc_general

2
target/opendkim/default-opendkim
View file

@ -9,4 +9,4 @@
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345 #SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 #SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:12301@localhost" SOCKET="inet:8891@localhost"

4
target/opendkim/opendkim.conf
View file

@ -4,7 +4,7 @@ UMask 002
Syslog yes Syslog yes
SyslogSuccess Yes SyslogSuccess Yes
LogWhy Yes LogWhy Yes
RemoveOldSignatures Yes RemoveOldSignatures Yes
Canonicalization relaxed/simple Canonicalization relaxed/simple
@ -19,4 +19,4 @@ SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim UserID opendkim:opendkim
Socket inet:12301@localhost Socket inet:8891@localhost

3
target/opendmarc/default-opendmarc
View file

@ -8,4 +8,5 @@
#SOCKET="inet:54321" # listen on all interfaces on port 54321 #SOCKET="inet:54321" # listen on all interfaces on port 54321
#SOCKET="inet:12345@localhost" # listen on loopback on port 12345 #SOCKET="inet:12345@localhost" # listen on loopback on port 12345
#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345 #SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
SOCKET="inet:54321@localhost"
SOCKET="inet:8893@localhost"

1
target/opendmarc/ignore.hosts Normal file
View file

@ -0,0 +1 @@
localhost

18
target/opendmarc/opendmarc.conf
View file

@ -1,8 +1,12 @@
UserID opendmarc:opendmarc
UMask 0002
PidFile /var/run/opendmarc.pid
Syslog true
PidFile /var/run/opendmarc.pid RejectFailures false
RejectFailures false
Syslog true IgnoreHosts /etc/opendmarc/ignore.hosts
UMask 0002 HistoryFile /var/run/opendmarc/opendmarc.dat
UserID opendmarc:opendmarc
IgnoreHosts /etc/opendmarc/ignore.hosts AuthservID HOSTNAME
HistoryFile /var/run/opendmarc/opendmarc.dat TrustedAuthservIDs HOSTNAME

8
target/postfix/main.cf
View file

@ -67,7 +67,9 @@ virtual_alias_maps = hash:/etc/postfix/virtual
content_filter = smtp-amavis:[127.0.0.1]:10024 content_filter = smtp-amavis:[127.0.0.1]:10024
# Milters used by DKIM # Milters used by DKIM
milter_protocol = 2 milter_protocol = 6
milter_default_action = accept milter_default_action = accept
smtpd_milters = inet:localhost:12301,inet:localhost:54321 dkim_milter = inet:localhost:8891
non_smtpd_milters = inet:localhost:12301,inet:localhost:54321 dmarc_milter = inet:localhost:8893
smtpd_milters = $dkim_milter,$dmarc_milter
non_smtpd_milters = $dkim_milter

2
target/postfix/master.cf
View file

@ -93,5 +93,5 @@ smtp-amavis unix - - - - 2 smtp
-o smtpd_hard_error_limit=1000 -o smtpd_hard_error_limit=1000
-o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_count_limit=0
-o smtpd_client_connection_rate_limit=0 -o smtpd_client_connection_rate_limit=0
-o receive_override_options=no_header_body_checks,no_unknown_recipient_checks -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks,no_milters
-o smtp_tls_security_level=none -o smtp_tls_security_level=none

13
target/start-mailserver.sh
View file

@ -109,19 +109,6 @@ else
echo "No DKIM key provided. Check the documentation to find how to get your keys." echo "No DKIM key provided. Check the documentation to find how to get your keys."
fi fi
# DMARC
# if there is no AuthservID create it
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
echo "AuthservID $(hostname)" >> /etc/opendmarc.conf
fi
if [ `cat /etc/opendmarc.conf | grep -w TrustedAuthservIDs | wc -l` -eq 0 ]; then
echo "TrustedAuthservIDs $(hostname)" >> /etc/opendmarc.conf
fi
if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
mkdir -p /etc/opendmarc/
echo "localhost" >> /etc/opendmarc/ignore.hosts
fi
# SSL Configuration # SSL Configuration
case $SSL_TYPE in case $SSL_TYPE in
"letsencrypt" ) "letsencrypt" )

16
test/tests.bats
View file

@ -379,22 +379,6 @@
[ "$output" -eq 4 ] [ "$output" -eq 4 ]
} }
#
# opendmarc
#
@test "checking opendkim: server fqdn should be added to /etc/opendmarc.conf as AuthservID" {
run docker exec mail grep ^AuthservID /etc/opendmarc.conf
[ "$status" -eq 0 ]
[ "$output" = "AuthservID mail.my-domain.com" ]
}
@test "checking opendkim: server fqdn should be added to /etc/opendmarc.conf as TrustedAuthservIDs" {
run docker exec mail grep ^TrustedAuthservID /etc/opendmarc.conf
[ "$status" -eq 0 ]
[ "$output" = "TrustedAuthservIDs mail.my-domain.com" ]
}
# #
# ssl # ssl
# #