mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Added a way to generate and configure a specific SSL certificate for postfix #14
This commit is contained in:
parent
63a7be0e97
commit
a848a55177
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,2 +1,3 @@
|
||||||
.DS_Store
|
.DS_Store
|
||||||
docker-compose.yml
|
docker-compose.yml
|
||||||
|
postfix/ssl/*
|
|
@ -33,6 +33,8 @@ RUN freshclam
|
||||||
ADD postfix/main.cf /etc/postfix/main.cf
|
ADD postfix/main.cf /etc/postfix/main.cf
|
||||||
ADD postfix/master.cf /etc/postfix/master.cf
|
ADD postfix/master.cf /etc/postfix/master.cf
|
||||||
ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf
|
ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf
|
||||||
|
ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate
|
||||||
|
RUN chmod +x /usr/local/bin/generate-ssl-certificate
|
||||||
|
|
||||||
# Start-mailserver script
|
# Start-mailserver script
|
||||||
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
|
ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh
|
||||||
|
|
18
README.md
18
README.md
|
@ -61,6 +61,24 @@ Volumes allow to:
|
||||||
|
|
||||||
docker-compose up -d mail
|
docker-compose up -d mail
|
||||||
|
|
||||||
|
# configure ssl
|
||||||
|
|
||||||
|
## generate ssl certificate
|
||||||
|
|
||||||
|
You can easily generate en SSL certificate by using the following command:
|
||||||
|
|
||||||
|
docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate
|
||||||
|
|
||||||
|
# will generate:
|
||||||
|
# postfix/ssl/mail.my-domain.com.key
|
||||||
|
# postfix/ssl/mail.my-domain.com.csr
|
||||||
|
|
||||||
|
Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
|
||||||
|
|
||||||
|
## configure ssl certificate (convention over configuration)
|
||||||
|
|
||||||
|
If a matching certificate (with `.key` and `.csr` files) is found in `postfix/ssl`, it will be automatically configured in postfix. You just have to place `mail.my-domain.com.key` and `mail.my-domain.com.csr` for domain `mail.my-domain.com` in `postfix/ssl` folder.
|
||||||
|
|
||||||
# client configuration
|
# client configuration
|
||||||
|
|
||||||
# imap
|
# imap
|
||||||
|
|
4
bin/generate-ssl-certificate
Normal file
4
bin/generate-ssl-certificate
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
FQDN=$(hostname)
|
||||||
|
openssl req -new -newkey rsa:2048 -nodes -keyout /ssl/$FQDN.key -out /ssl/$FQDN.csr
|
|
@ -8,8 +8,6 @@ mail:
|
||||||
- "143:143"
|
- "143:143"
|
||||||
- "587:587"
|
- "587:587"
|
||||||
- "993:993"
|
- "993:993"
|
||||||
environment:
|
|
||||||
docker_mail_domain: "my-domain.com"
|
|
||||||
volumes:
|
volumes:
|
||||||
- ./spamassassin:/tmp/spamassassin/:ro
|
- ./spamassassin:/tmp/spamassassin/
|
||||||
- ./postfix:/tmp/postfix/:ro
|
- ./postfix:/tmp/postfix/
|
||||||
|
|
|
@ -2,8 +2,10 @@
|
||||||
|
|
||||||
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
|
echo "Regenerating postfix 'vmailbox' and 'virtual' for given users"
|
||||||
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
|
echo "# WARNING: this file is auto-generated. Modify accounts.cf in postfix directory on host" > /etc/postfix/vmailbox
|
||||||
|
|
||||||
# Checking that /tmp/postfix/accounts.cf ends with a newline
|
# Checking that /tmp/postfix/accounts.cf ends with a newline
|
||||||
sed -i -e '$a\' /tmp/postfix/accounts.cf
|
sed -i -e '$a\' /tmp/postfix/accounts.cf
|
||||||
|
|
||||||
# Creating users
|
# Creating users
|
||||||
while IFS=$'|' read login pass
|
while IFS=$'|' read login pass
|
||||||
do
|
do
|
||||||
|
@ -30,6 +32,14 @@ postmap /etc/postfix/virtual
|
||||||
sed -i -r 's/DOCKER_MAIL_DOMAIN/'"$(hostname -d)"'/g' /etc/postfix/main.cf
|
sed -i -r 's/DOCKER_MAIL_DOMAIN/'"$(hostname -d)"'/g' /etc/postfix/main.cf
|
||||||
cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp
|
cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp
|
||||||
|
|
||||||
|
# Adding SSL certificate if name provided as $docker_mail_cert env
|
||||||
|
if [ -e "/tmp/postfix/ssl/$(hostname).csr" ]; then
|
||||||
|
echo "Adding $(hostname) csr/key SSL certificate"
|
||||||
|
cp -r /tmp/postfix/ssl /etc/postfix/ssl
|
||||||
|
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$docker_mail_cert'.csr/g' /etc/postfix/main.cf
|
||||||
|
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$docker_mail_cert'.key/g' /etc/postfix/main.cf
|
||||||
|
fi
|
||||||
|
|
||||||
echo "Fixing permissions"
|
echo "Fixing permissions"
|
||||||
chown -R 5000:5000 /var/mail
|
chown -R 5000:5000 /var/mail
|
||||||
mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav
|
mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav
|
||||||
|
|
Loading…
Reference in a new issue