From a848a55177d3bb191cfb30fbb592920f1a40b392 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Tue, 18 Aug 2015 13:13:08 +0200 Subject: [PATCH] Added a way to generate and configure a specific SSL certificate for postfix #14 --- .gitignore | 1 + Dockerfile | 2 ++ README.md | 18 ++++++++++++++++++ bin/generate-ssl-certificate | 4 ++++ docker-compose.yml.dist | 6 ++---- start-mailserver.sh | 10 ++++++++++ 6 files changed, 37 insertions(+), 4 deletions(-) create mode 100644 bin/generate-ssl-certificate diff --git a/.gitignore b/.gitignore index 423d89e9..1c3101d7 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .DS_Store docker-compose.yml +postfix/ssl/* \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 9dad19b3..05bdbd23 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,6 +33,8 @@ RUN freshclam ADD postfix/main.cf /etc/postfix/main.cf ADD postfix/master.cf /etc/postfix/master.cf ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf +ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate +RUN chmod +x /usr/local/bin/generate-ssl-certificate # Start-mailserver script ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh diff --git a/README.md b/README.md index bfeea09a..5ce8729a 100644 --- a/README.md +++ b/README.md @@ -61,6 +61,24 @@ Volumes allow to: docker-compose up -d mail +# configure ssl + +## generate ssl certificate + +You can easily generate en SSL certificate by using the following command: + + docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate + + # will generate: + # postfix/ssl/mail.my-domain.com.key + # postfix/ssl/mail.my-domain.com.csr + +Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument. + +## configure ssl certificate (convention over configuration) + +If a matching certificate (with `.key` and `.csr` files) is found in `postfix/ssl`, it will be automatically configured in postfix. You just have to place `mail.my-domain.com.key` and `mail.my-domain.com.csr` for domain `mail.my-domain.com` in `postfix/ssl` folder. + # client configuration # imap diff --git a/bin/generate-ssl-certificate b/bin/generate-ssl-certificate new file mode 100644 index 00000000..c65bc445 --- /dev/null +++ b/bin/generate-ssl-certificate @@ -0,0 +1,4 @@ +#!/bin/sh + +FQDN=$(hostname) +openssl req -new -newkey rsa:2048 -nodes -keyout /ssl/$FQDN.key -out /ssl/$FQDN.csr \ No newline at end of file diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist index 2dc2afe6..6f3ba3b4 100644 --- a/docker-compose.yml.dist +++ b/docker-compose.yml.dist @@ -8,8 +8,6 @@ mail: - "143:143" - "587:587" - "993:993" - environment: - docker_mail_domain: "my-domain.com" volumes: - - ./spamassassin:/tmp/spamassassin/:ro - - ./postfix:/tmp/postfix/:ro + - ./spamassassin:/tmp/spamassassin/ + - ./postfix:/tmp/postfix/ diff --git a/start-mailserver.sh b/start-mailserver.sh index dc64c045..e362b594 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -2,8 +2,10 @@ echo "Regenerating postfix 'vmailbox' and 'virtual' for given users" echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox + # Checking that /tmp/postfix/accounts.cf ends with a newline sed -i -e '$a\' /tmp/postfix/accounts.cf + # Creating users while IFS=$'|' read login pass do @@ -30,6 +32,14 @@ postmap /etc/postfix/virtual sed -i -r 's/DOCKER_MAIL_DOMAIN/'"$(hostname -d)"'/g' /etc/postfix/main.cf cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp +# Adding SSL certificate if name provided as $docker_mail_cert env +if [ -e "/tmp/postfix/ssl/$(hostname).csr" ]; then + echo "Adding $(hostname) csr/key SSL certificate" + cp -r /tmp/postfix/ssl /etc/postfix/ssl + sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$docker_mail_cert'.csr/g' /etc/postfix/main.cf + sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$docker_mail_cert'.key/g' /etc/postfix/main.cf +fi + echo "Fixing permissions" chown -R 5000:5000 /var/mail mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav