github-com-docker-mailserver/docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00
Code Issues Projects Releases Wiki Activity

Fixes #14 with SSL configuration

Browse source
This commit is contained in:
Thomas VIAL 2015-08-18 20:43:42 +02:00
parent 4de6cea033
commit ea830f5ec6
3 changed files with 24 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
bin/generate-ssl-certificate
View file

@ -1,4 +1,17 @@
#!/bin/sh #!/bin/sh
FQDN=$(hostname) FQDN=$(hostname)
openssl req -new -newkey rsa:2048 -nodes -keyout /ssl/$FQDN.key -out /ssl/$FQDN.csr
cd /ssl
# Create CA certificate
/usr/lib/ssl/misc/CA.pl -newca
# Create an unpassworded private key and create an unsigned public key certificate
openssl req -new -nodes -keyout /ssl/$FQDN-key.pem -out /ssl/$FQDN-req.pem -days 3652
# Sign the public key certificate with CA certificate
openssl ca -out /ssl/$FQDN-cert.pem -infiles /ssl/$FQDN-req.pem
# Combine certificates for courier
cat /ssl/$FQDN-key.pem /ssl/$FQDN-cert.pem >> /ssl/$FQDN-combined.pem
# chmod 644 /etc/postfix/foo-cert.pem /etc/postfix/cacert.pem
# chmod 400 /etc/postfix/foo-key.pem

2
postfix/main.cf
View file

@ -20,6 +20,8 @@ inet_protocols = all
# TLS parameters # TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
#smtpd_tls_CAfile=
#smtp_tls_CAfile=
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtpd_use_tls=yes smtpd_use_tls=yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination

14
start-mailserver.sh
View file

@ -33,15 +33,17 @@ sed -i -r 's/DOCKER_MAIL_DOMAIN/'"$(hostname -d)"'/g' /etc/postfix/main.cf
cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp cat /tmp/vhost.tmp | sort | uniq >> /etc/postfix/vhost && rm /tmp/vhost.tmp
# Adding SSL certificate if provided in 'postfix/ssl' folder # Adding SSL certificate if provided in 'postfix/ssl' folder
if [ -e "/tmp/postfix/ssl/$(hostname).csr" ]; then if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ]; then
echo "Adding $(hostname) csr/key SSL certificate" echo "Adding $(hostname) SSL certificate"
cp -r /tmp/postfix/ssl /etc/postfix/ssl cp -r /tmp/postfix/ssl /etc/postfix/ssl
# Postfix configuration # Postfix configuration
sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'.csr/g' /etc/postfix/main.cf sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf
sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'.key/g' /etc/postfix/main.cf sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
ln -s /etc/postfix/ssl/$(hostname).csr /etc/ssl/certs/$(hostname).pem sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf
sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/demoCA\/cacert.pem/g' /etc/postfix/main.cf
ln -s /etc/postfix/ssl/demoCA/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
# Courier configuration # Courier configuration
sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/ssl\/certs\/'$(hostname)'.pem/g' /etc/courier/imapd-ssl sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
fi fi
echo "Fixing permissions" echo "Fixing permissions"