mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Added better check on self-signed certs. for #14
This commit is contained in:
Thomas VIAL
parent
725d648708
commit
c95dea76f6
|
|
@ -22,7 +22,7 @@ Additional informations:
|
||||||
- aliases and fowards/redirects are managed in `./postfix/virtual`
|
- aliases and fowards/redirects are managed in `./postfix/virtual`
|
||||||
- antispam are rules are managed in `./spamassassin/rules.cf`
|
- antispam are rules are managed in `./spamassassin/rules.cf`
|
||||||
- files must be mounted to `/tmp` in your container (see `docker-compose.yml` template)
|
- files must be mounted to `/tmp` in your container (see `docker-compose.yml` template)
|
||||||
- ssl is strongly recommended, you can provide a specific certificate (csr/key files), see below
|
- ssl is strongly recommended, you can provide a specific certificate, see below
|
||||||
|
|
||||||
## installation
|
## installation
|
||||||
|
|
||||||
|
|
@ -80,15 +80,16 @@ You can easily generate a self-signed SSL certificate by using the following com
|
||||||
|
|
||||||
# will generate:
|
# will generate:
|
||||||
# postfix/ssl/mail.my-domain.com-key.pem (used in postfix)
|
# postfix/ssl/mail.my-domain.com-key.pem (used in postfix)
|
||||||
# postfix/ssl/mail.my-domain.com-req.pem
|
# postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files)
|
||||||
# postfix/ssl/mail.my-domain.com-cert.pem (used in postfix)
|
# postfix/ssl/mail.my-domain.com-cert.pem (used in postfix)
|
||||||
# postfix/ssl/mail.my-domain.com-combined.pem (used for courier)
|
# postfix/ssl/mail.my-domain.com-combined.pem (used in courier)
|
||||||
|
# postfix/ssl/demoCA/cacert.pem (certificate authority)
|
||||||
|
|
||||||
Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
|
Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
|
||||||
|
|
||||||
## configure ssl certificate (convention over configuration)
|
## configure ssl certificate (convention over configuration)
|
||||||
|
|
||||||
If a matching certificate (with `.key` and `.csr` files) is found in `postfix/ssl`, it will be automatically configured in postfix. You just have to place `mail.my-domain.com.key` and `mail.my-domain.com.csr` for domain `mail.my-domain.com` in `postfix/ssl` folder.
|
If a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
|
||||||
|
|
||||||
# client configuration
|
# client configuration
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -31,16 +31,25 @@ postmap /etc/postfix/vmailbox
|
||||||
postmap /etc/postfix/virtual
|
postmap /etc/postfix/virtual
|
||||||
cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp
|
cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp
|
||||||
|
|
||||||
# Adding SSL certificate if provided in 'postfix/ssl' folder
|
# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
|
||||||
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ]; then
|
if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
|
||||||
|
&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \
|
||||||
|
&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
|
||||||
|
&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
|
||||||
echo "Adding $(hostname) SSL certificate"
|
echo "Adding $(hostname) SSL certificate"
|
||||||
cp -r /tmp/postfix/ssl /etc/postfix/ssl
|
mkdir -p /etc/postfix/ssl
|
||||||
|
cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
|
||||||
|
cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
|
||||||
|
cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
|
||||||
|
cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
|
||||||
|
|
||||||
# Postfix configuration
|
# Postfix configuration
|
||||||
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf
|
||||||
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
|
||||||
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf
|
||||||
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf
|
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf
|
||||||
ln -s /etc/postfix/ssl/demoCA/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
|
ln -s /etc/postfix/ssl/demoCA/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
|
||||||
|
|
||||||
# Courier configuration
|
# Courier configuration
|
||||||
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
|
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
|
||||||
fi
|
fi
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue