[DOCKER][MAIL] Switched named volume to shared volume and changed env vars to env file
This commit is contained in:
parent
0137a68ccb
commit
93939d8b25
21
bin/setup_mail
Normal file
21
bin/setup_mail
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
printf "Domain root: "
|
||||||
|
read -r domain_root
|
||||||
|
printf "Subdomain (can be empty): "
|
||||||
|
read -r sub_domain
|
||||||
|
|
||||||
|
if [ -z "$sub_domain" ]
|
||||||
|
then
|
||||||
|
domain="${domain_root}"
|
||||||
|
else
|
||||||
|
domain="${sub_domain}.${domain_root}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat > ./docker/mail/mail.env <<EOF
|
||||||
|
#!/bin/sh
|
||||||
|
DOMAINNAME=${domain_root}
|
||||||
|
MAILNAME=${domain}
|
||||||
|
SSL_CERT=/etc/letsencrypt/live/${domain_root}/fullchain.pem
|
||||||
|
SSL_KEY=/etc/letsencrypt/live/${domain_root}/privkey.pem
|
||||||
|
EOF
|
|
@ -86,25 +86,19 @@ services:
|
||||||
|
|
||||||
mail:
|
mail:
|
||||||
build: docker/mail
|
build: docker/mail
|
||||||
environment:
|
|
||||||
DOMAINNAME: mail.test
|
|
||||||
MAILNAME: mail.mail.test
|
|
||||||
POSTMASTER: postmaster@mail.test
|
|
||||||
env_file:
|
env_file:
|
||||||
- ./docker/bootstrap/bootstrap.env
|
- ./docker/mail/mail.env
|
||||||
ports:
|
ports:
|
||||||
- 25:25
|
- 25:25
|
||||||
- 143:143
|
- 143:143
|
||||||
- 587:587
|
- 587:587
|
||||||
- 993:993
|
- 993:993
|
||||||
volumes:
|
volumes:
|
||||||
- maildata:/var/mail
|
- ./docker/mail/mail:/var/mail
|
||||||
- mailconf:/etc/mail
|
- ./docker/mail/config:/etc/mail
|
||||||
# Certbot
|
# Certbot
|
||||||
- ./docker/certbot/www:/var/www/certbot
|
- ./docker/certbot/www:/var/www/certbot
|
||||||
- ./docker/certbot/.files:/etc/letsencrypt
|
- ./docker/certbot/.files:/etc/letsencrypt
|
||||||
|
|
||||||
volumes:
|
volumes:
|
||||||
database:
|
database:
|
||||||
maildata:
|
|
||||||
mailconf:
|
|
||||||
|
|
|
@ -1,46 +1,36 @@
|
||||||
FROM debian:buster-slim
|
FROM debian:buster-slim
|
||||||
|
|
||||||
ENV \
|
ENV DEBIAN_FRONTEND=noninteractive
|
||||||
DEBIAN_FRONTEND=noninteractive \
|
|
||||||
DOMAINNAME=example.com \
|
|
||||||
MAILNAME=mail \
|
|
||||||
POSTMASTER=postmaster@example.com \
|
|
||||||
SSL_CERT=/etc/ssl/cert.pem \
|
|
||||||
SSL_KEY=/etc/ssl/key.pem
|
|
||||||
|
|
||||||
# Install packages
|
# Install packages
|
||||||
RUN \
|
RUN \
|
||||||
apt-get update \
|
apt-get update \
|
||||||
&& apt-get upgrade -y \
|
&& apt-get upgrade -y \
|
||||||
&& apt-get install -y --no-install-recommends \
|
&& apt-get install -y --no-install-recommends \
|
||||||
postfix \
|
|
||||||
telnet \
|
|
||||||
dovecot-core \
|
dovecot-core \
|
||||||
dovecot-pop3d \
|
|
||||||
dovecot-imapd \
|
dovecot-imapd \
|
||||||
dovecot-lmtpd \
|
dovecot-lmtpd \
|
||||||
supervisor \
|
dovecot-pop3d \
|
||||||
rsyslog \
|
|
||||||
opendkim \
|
opendkim \
|
||||||
opendkim-tools \
|
opendkim-tools \
|
||||||
openssl \
|
openssl \
|
||||||
|
postfix \
|
||||||
|
rsyslog \
|
||||||
|
supervisor \
|
||||||
|
telnet \
|
||||||
&& apt-get autoclean \
|
&& apt-get autoclean \
|
||||||
&& apt-get autoremove
|
&& apt-get autoremove
|
||||||
|
|
||||||
# Setup folders and users
|
# Setup folders and users
|
||||||
RUN \
|
RUN \
|
||||||
rm /etc/postfix/main.cf /etc/postfix/master.cf /etc/dovecot/dovecot.conf /etc/dovecot/conf.d/* /etc/rsyslog.conf /etc/rsyslog.d/* \
|
groupadd -g 2222 vmail \
|
||||||
&& groupadd -g 2222 vmail \
|
|
||||||
&& useradd -d /var/mail -M -s /usr/sbin/nologin -u 2222 -g 2222 vmail \
|
&& useradd -d /var/mail -M -s /usr/sbin/nologin -u 2222 -g 2222 vmail \
|
||||||
&& usermod -aG vmail postfix \
|
&& usermod -aG vmail postfix \
|
||||||
&& usermod -aG vmail dovecot \
|
&& usermod -aG vmail dovecot \
|
||||||
&& usermod -aG vmail opendkim\
|
&& usermod -aG vmail opendkim\
|
||||||
&& mkdir -p -m 751 /var/mail/ \
|
&& mkdir -p -m 751 /var/mail/ \
|
||||||
&& mkdir -p -m 755 /etc/mail/ \
|
&& mkdir -p -m 755 /etc/mail/ \
|
||||||
&& mkdir -p -m 755 /etc/ssl/ \
|
&& chown vmail:vmail /var/mail
|
||||||
&& mkdir -p -m 700 /etc/opendkim/keys \
|
|
||||||
&& chown vmail:vmail /var/mail \
|
|
||||||
&& chown opendkim:opendkim /etc/opendkim/keys
|
|
||||||
|
|
||||||
# Copy config files
|
# Copy config files
|
||||||
COPY rootfs/ /
|
COPY rootfs/ /
|
||||||
|
|
0
docker/mail/config/aliases
Normal file
0
docker/mail/config/aliases
Normal file
BIN
docker/mail/config/aliases.db
Normal file
BIN
docker/mail/config/aliases.db
Normal file
Binary file not shown.
0
docker/mail/config/domains
Normal file
0
docker/mail/config/domains
Normal file
BIN
docker/mail/config/domains.db
Normal file
BIN
docker/mail/config/domains.db
Normal file
Binary file not shown.
73
docker/mail/config/dovecot/dovecot.conf
Normal file
73
docker/mail/config/dovecot/dovecot.conf
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
protocols = imap pop3 lmtp
|
||||||
|
|
||||||
|
ssl = yes
|
||||||
|
ssl_cert = </etc/letsencrypt/live/social.org/fullchain.pem
|
||||||
|
ssl_key = </etc/letsencrypt/live/social.org/privkey.pem
|
||||||
|
ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
||||||
|
|
||||||
|
listen = *, ::
|
||||||
|
dict {
|
||||||
|
#quota = mysql:/etc/mail/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
#expire = sqlite:/etc/mail/dovecot/dovecot-dict-sql.conf.ext
|
||||||
|
}
|
||||||
|
|
||||||
|
disable_plaintext_auth = no
|
||||||
|
auth_mechanisms = plain login
|
||||||
|
mail_access_groups = vmail
|
||||||
|
default_login_user = vmail
|
||||||
|
first_valid_uid = 2222
|
||||||
|
first_valid_gid = 2222
|
||||||
|
mail_location = maildir:/var/mail/%d/%n
|
||||||
|
auth_verbose_passwords = sha1
|
||||||
|
auth_debug = yes
|
||||||
|
|
||||||
|
|
||||||
|
passdb {
|
||||||
|
driver = passwd-file
|
||||||
|
args = scheme=SHA512-CRYPT /etc/mail/passwd
|
||||||
|
}
|
||||||
|
userdb {
|
||||||
|
driver = static
|
||||||
|
args = uid=2222 gid=2222 home=/var/mail/%d/%n allow_all_users=yes
|
||||||
|
auth_verbose = yes
|
||||||
|
}
|
||||||
|
|
||||||
|
service auth {
|
||||||
|
unix_listener auth-client {
|
||||||
|
user = postfix
|
||||||
|
group = postfix
|
||||||
|
mode = 0660
|
||||||
|
}
|
||||||
|
user = root
|
||||||
|
}
|
||||||
|
|
||||||
|
service imap-login {
|
||||||
|
process_min_avail = 1
|
||||||
|
user = vmail
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol lmtp {
|
||||||
|
postmaster_address =
|
||||||
|
mail_plugins = $mail_plugins sieve
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
mail_max_userip_connections = 30
|
||||||
|
}
|
||||||
|
|
||||||
|
service stats {
|
||||||
|
unix_listener stats-reader {
|
||||||
|
user = vmail
|
||||||
|
group = vmail
|
||||||
|
mode = 0660
|
||||||
|
}
|
||||||
|
|
||||||
|
unix_listener stats-writer {
|
||||||
|
user = vmail
|
||||||
|
group = vmail
|
||||||
|
mode = 0660
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
!include_try conf.d/*.conf
|
||||||
|
!include_try local.conf
|
0
docker/mail/config/mailboxes
Normal file
0
docker/mail/config/mailboxes
Normal file
|
@ -1,13 +1,13 @@
|
||||||
# OPENDKIM TRUSTED HOSTS
|
# OPENDKIM TRUSTED HOSTS
|
||||||
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
|
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
|
||||||
# option in /etc/opendkim.conf then restart OpenDKIM. Additional hosts
|
# option in /etc/mail/opendkim.conf then restart OpenDKIM. Additional hosts
|
||||||
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
|
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
|
||||||
# The localhost IP (127.0.0.1) should always be the first entry in this file.
|
# The localhost IP (127.0.0.1) should always be the first entry in this file.
|
||||||
127.0.0.1
|
127.0.0.1
|
||||||
::1
|
::1
|
||||||
172.17.0.0/16
|
172.17.0.0/16
|
||||||
fe80::/64
|
fe80::/64
|
||||||
%MAIL_HOSTNAME_FQDN%
|
social.org
|
||||||
|
|
||||||
#host.example.com
|
#host.example.com
|
||||||
#192.168.1.0/24
|
#192.168.1.0/24
|
|
@ -101,19 +101,19 @@ KeyFile /var/opendkim/keys/default.private
|
||||||
## Gives the location of a file mapping key names to signing keys. In simple terms,
|
## Gives the location of a file mapping key names to signing keys. In simple terms,
|
||||||
## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
|
## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
|
||||||
## directive in the configuration file. Requires SigningTable be enabled.
|
## directive in the configuration file. Requires SigningTable be enabled.
|
||||||
# KeyTable /etc/opendkim/KeyTable
|
# KeyTable /etc/mail/opendkim/KeyTable
|
||||||
|
|
||||||
## Defines a table used to select one or more signatures to apply to a message based
|
## Defines a table used to select one or more signatures to apply to a message based
|
||||||
## on the address found in the From: header field. In simple terms, this tells
|
## on the address found in the From: header field. In simple terms, this tells
|
||||||
## OpenDKIM how to use your keys. Requires KeyTable be enabled.
|
## OpenDKIM how to use your keys. Requires KeyTable be enabled.
|
||||||
# SigningTable refile:/etc/opendkim/SigningTable
|
# SigningTable refile:/etc/mail/opendkim/SigningTable
|
||||||
|
|
||||||
## Identifies a set of "external" hosts that may send mail through the server as one
|
## Identifies a set of "external" hosts that may send mail through the server as one
|
||||||
## of the signing domains without credentials as such.
|
## of the signing domains without credentials as such.
|
||||||
# ExternalIgnoreList refile:/etc/opendkim/TrustedHosts
|
# ExternalIgnoreList refile:/etc/mail/opendkim/TrustedHosts
|
||||||
|
|
||||||
## Identifies a set "internal" hosts whose mail should be signed rather than verified.
|
## Identifies a set "internal" hosts whose mail should be signed rather than verified.
|
||||||
InternalHosts refile:/etc/opendkim/TrustedHosts
|
InternalHosts refile:/etc/mail/opendkim/TrustedHosts
|
||||||
|
|
||||||
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
|
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
|
||||||
## whose mail should be neither signed nor verified by this filter. See man
|
## whose mail should be neither signed nor verified by this filter. See man
|
0
docker/mail/config/passwd
Normal file
0
docker/mail/config/passwd
Normal file
|
@ -13,8 +13,7 @@ inet_protocols = all
|
||||||
mydestination = $myhostname, localhost.$mydomain, localhost
|
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
unknown_local_recipient_reject_code = 550
|
unknown_local_recipient_reject_code = 550
|
||||||
mynetworks = 127.0.0.0/8, [::1]/128
|
mynetworks = 127.0.0.0/8, [::1]/128
|
||||||
alias_maps = hash:/etc/postfix/aliases
|
alias_maps = hash:/etc/mail/postfix/aliases
|
||||||
alias_database = $alias_maps
|
|
||||||
|
|
||||||
mailbox_command = /usr/lib/dovecot/deliver
|
mailbox_command = /usr/lib/dovecot/deliver
|
||||||
|
|
|
@ -32,8 +32,8 @@ $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||||
# not useful and an extreme performance hit
|
# not useful and an extreme performance hit
|
||||||
#$ActionFileEnableSync on
|
#$ActionFileEnableSync on
|
||||||
|
|
||||||
# Include all config files in /etc/rsyslog.d/
|
# Include all config files in /etc/mail/rsyslog.d/
|
||||||
$IncludeConfig /etc/rsyslog.d/*.conf
|
$IncludeConfig /etc/mail/rsyslog.d/*.conf
|
||||||
|
|
||||||
# Turn off message reception via local log socket;
|
# Turn off message reception via local log socket;
|
||||||
# local messages are retrieved through imjournal now.
|
# local messages are retrieved through imjournal now.
|
|
@ -19,7 +19,7 @@ autorestart=true
|
||||||
stdout_logfile=/dev/fd/1
|
stdout_logfile=/dev/fd/1
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
redirect_stderr=true
|
redirect_stderr=true
|
||||||
command=opendkim -x /etc/opendkim/opendkim.conf
|
command=/usr/sbin/opendkim -x /etc/mail/opendkim/opendkim.conf
|
||||||
|
|
||||||
[program:postfix]
|
[program:postfix]
|
||||||
autostart=false
|
autostart=false
|
||||||
|
@ -27,7 +27,7 @@ autorestart=true
|
||||||
stdout_logfile=/dev/fd/1
|
stdout_logfile=/dev/fd/1
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
redirect_stderr=true
|
redirect_stderr=true
|
||||||
command=postfix -c /etc/postfix/postfix.conf
|
command=postfix -c /etc/mail/postfix/postfix.conf
|
||||||
|
|
||||||
[program:dovecot]
|
[program:dovecot]
|
||||||
autostart=false
|
autostart=false
|
||||||
|
@ -35,7 +35,7 @@ autorestart=true
|
||||||
stdout_logfile=/dev/fd/1
|
stdout_logfile=/dev/fd/1
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
redirect_stderr=true
|
redirect_stderr=true
|
||||||
command=dovecot -c /etc/dovecot/dovecot.conf
|
command=dovecot -c /etc/mail/dovecot/dovecot.conf
|
||||||
|
|
||||||
[program:rsyslog]
|
[program:rsyslog]
|
||||||
autostart=false
|
autostart=false
|
||||||
|
@ -43,4 +43,4 @@ autorestart=true
|
||||||
stdout_logfile=/dev/fd/1
|
stdout_logfile=/dev/fd/1
|
||||||
stdout_logfile_maxbytes=0
|
stdout_logfile_maxbytes=0
|
||||||
redirect_stderr=true
|
redirect_stderr=true
|
||||||
command=rsyslog -f /etc/rsyslog/rsyslog.conf
|
command=rsyslog -f /etc/mail/rsyslogd/rsyslog.conf
|
|
@ -16,6 +16,7 @@ then
|
||||||
then
|
then
|
||||||
docker exec mail new-user "${*,3}"
|
docker exec mail new-user "${*,3}"
|
||||||
elif [ "$2" == "alias" ]
|
elif [ "$2" == "alias" ]
|
||||||
|
then
|
||||||
docker exec mail new-alias "${*,3}"
|
docker exec mail new-alias "${*,3}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
48
docker/mail/rootfs/etc/mail/dovecot/15-lda.conf
Normal file
48
docker/mail/rootfs/etc/mail/dovecot/15-lda.conf
Normal file
|
@ -0,0 +1,48 @@
|
||||||
|
##
|
||||||
|
## LDA specific settings (also used by LMTP)
|
||||||
|
##
|
||||||
|
|
||||||
|
# Address to use when sending rejection mails.
|
||||||
|
# Default is postmaster@<your domain>. %d expands to recipient domain.
|
||||||
|
#postmaster_address =
|
||||||
|
|
||||||
|
# Hostname to use in various parts of sent mails (e.g. in Message-Id) and
|
||||||
|
# in LMTP replies. Default is the system's real hostname@domain.
|
||||||
|
#hostname =
|
||||||
|
|
||||||
|
# If user is over quota, return with temporary failure instead of
|
||||||
|
# bouncing the mail.
|
||||||
|
#quota_full_tempfail = no
|
||||||
|
|
||||||
|
# Binary to use for sending mails.
|
||||||
|
#sendmail_path = /usr/sbin/sendmail
|
||||||
|
|
||||||
|
# If non-empty, send mails via this SMTP host[:port] instead of sendmail.
|
||||||
|
#submission_host =
|
||||||
|
|
||||||
|
# Subject: header to use for rejection mails. You can use the same variables
|
||||||
|
# as for rejection_reason below.
|
||||||
|
#rejection_subject = Rejected: %s
|
||||||
|
|
||||||
|
# Human readable error message for rejection mails. You can use variables:
|
||||||
|
# %n = CRLF, %r = reason, %s = original subject, %t = recipient
|
||||||
|
#rejection_reason = Your message to <%t> was automatically rejected:%n%r
|
||||||
|
|
||||||
|
# Delimiter character between local-part and detail in email address.
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# Header where the original recipient address (SMTP's RCPT TO: address) is taken
|
||||||
|
# from if not available elsewhere. With dovecot-lda -a parameter overrides this.
|
||||||
|
# A commonly used header for this is X-Original-To.
|
||||||
|
#lda_original_recipient_header =
|
||||||
|
|
||||||
|
# Should saving a mail to a nonexistent mailbox automatically create it?
|
||||||
|
lda_mailbox_autocreate = yes
|
||||||
|
|
||||||
|
# Should automatically created mailboxes be also automatically subscribed?
|
||||||
|
#lda_mailbox_autosubscribe = no
|
||||||
|
|
||||||
|
protocol lda {
|
||||||
|
# Space separated list of plugins to load (default is global mail_plugins).
|
||||||
|
mail_plugins = $mail_plugins sieve
|
||||||
|
}
|
76
docker/mail/rootfs/etc/mail/dovecot/20-managesieve.conf
Normal file
76
docker/mail/rootfs/etc/mail/dovecot/20-managesieve.conf
Normal file
|
@ -0,0 +1,76 @@
|
||||||
|
##
|
||||||
|
## ManageSieve specific settings
|
||||||
|
##
|
||||||
|
|
||||||
|
# Uncomment to enable managesieve protocol:
|
||||||
|
protocols = $protocols sieve
|
||||||
|
|
||||||
|
# Service definitions
|
||||||
|
|
||||||
|
service managesieve-login {
|
||||||
|
inet_listener sieve {
|
||||||
|
port = 4190
|
||||||
|
}
|
||||||
|
|
||||||
|
#inet_listener sieve_deprecated {
|
||||||
|
# port = 2000
|
||||||
|
#}
|
||||||
|
|
||||||
|
# Number of connections to handle before starting a new process. Typically
|
||||||
|
# the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
|
||||||
|
# is faster. <doc/wiki/LoginProcess.txt>
|
||||||
|
service_count = 1
|
||||||
|
|
||||||
|
# Number of processes to always keep waiting for more connections.
|
||||||
|
#process_min_avail = 0
|
||||||
|
|
||||||
|
# If you set service_count=0, you probably need to grow this.
|
||||||
|
#vsz_limit = 64M
|
||||||
|
}
|
||||||
|
|
||||||
|
service managesieve {
|
||||||
|
# Max. number of ManageSieve processes (connections)
|
||||||
|
process_limit = 1024
|
||||||
|
}
|
||||||
|
|
||||||
|
# Service configuration
|
||||||
|
|
||||||
|
protocol sieve {
|
||||||
|
# Maximum ManageSieve command line length in bytes. ManageSieve usually does
|
||||||
|
# not involve overly long command lines, so this setting will not normally
|
||||||
|
# need adjustment
|
||||||
|
#managesieve_max_line_length = 65536
|
||||||
|
|
||||||
|
# Maximum number of ManageSieve connections allowed for a user from each IP
|
||||||
|
# address.
|
||||||
|
# NOTE: The username is compared case-sensitively.
|
||||||
|
#mail_max_userip_connections = 10
|
||||||
|
|
||||||
|
# Space separated list of plugins to load (none known to be useful so far).
|
||||||
|
# Do NOT try to load IMAP plugins here.
|
||||||
|
#mail_plugins =
|
||||||
|
|
||||||
|
# MANAGESIEVE logout format string:
|
||||||
|
# %i - total number of bytes read from client
|
||||||
|
# %o - total number of bytes sent to client
|
||||||
|
#managesieve_logout_format = bytes=%i/%o
|
||||||
|
|
||||||
|
# To fool ManageSieve clients that are focused on CMU's timesieved you can
|
||||||
|
# specify the IMPLEMENTATION capability that Dovecot reports to clients.
|
||||||
|
# For example: 'Cyrus timsieved v2.2.13'
|
||||||
|
#managesieve_implementation_string = Dovecot Pigeonhole
|
||||||
|
|
||||||
|
# Explicitly specify the SIEVE and NOTIFY capability reported by the server
|
||||||
|
# before login. If left unassigned these will be reported dynamically
|
||||||
|
# according to what the Sieve interpreter supports by default (after login
|
||||||
|
# this may differ depending on the user).
|
||||||
|
#managesieve_sieve_capability =
|
||||||
|
#managesieve_notify_capability =
|
||||||
|
|
||||||
|
# The maximum number of compile errors that are returned to the client upon
|
||||||
|
# script upload or script verification.
|
||||||
|
#managesieve_max_compile_errors = 5
|
||||||
|
|
||||||
|
# Refer to 90-sieve.conf for script quota configuration and configuration of
|
||||||
|
# Sieve execution limits.
|
||||||
|
}
|
|
@ -0,0 +1,44 @@
|
||||||
|
# Sieve Extprograms plugin configuration
|
||||||
|
|
||||||
|
# Don't forget to add the sieve_extprograms plugin to the sieve_plugins setting.
|
||||||
|
# Also enable the extensions you need (one or more of vnd.dovecot.pipe,
|
||||||
|
# vnd.dovecot.filter and vnd.dovecot.execute) by adding these to the
|
||||||
|
# sieve_extensions or sieve_global_extensions settings. Restricting these
|
||||||
|
# extensions to a global context using sieve_global_extensions is recommended.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
|
||||||
|
# The directory where the program sockets are located for the
|
||||||
|
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
|
||||||
|
# respectively. The name of each unix socket contained in that directory
|
||||||
|
# directly maps to a program-name referenced from the Sieve script.
|
||||||
|
#sieve_pipe_socket_dir = sieve-pipe
|
||||||
|
#sieve_filter_socket_dir = sieve-filter
|
||||||
|
#sieve_execute_socket_dir = sieve-execute
|
||||||
|
|
||||||
|
# The directory where the scripts are located for direct execution by the
|
||||||
|
# vnd.dovecot.pipe, vnd.dovecot.filter and vnd.dovecot.execute extension
|
||||||
|
# respectively. The name of each script contained in that directory
|
||||||
|
# directly maps to a program-name referenced from the Sieve script.
|
||||||
|
#sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe
|
||||||
|
#sieve_filter_bin_dir = /usr/lib/dovecot/sieve-filter
|
||||||
|
#sieve_execute_bin_dir = /usr/lib/dovecot/sieve-execute
|
||||||
|
}
|
||||||
|
|
||||||
|
# An example program service called 'do-something' to pipe messages to
|
||||||
|
#service do-something {
|
||||||
|
# Define the executed script as parameter to the sieve service
|
||||||
|
#executable = script /usr/lib/dovecot/sieve-pipe/do-something.sh
|
||||||
|
|
||||||
|
# Use some unprivileged user for executing the program
|
||||||
|
#user = dovenull
|
||||||
|
|
||||||
|
# The unix socket located in the sieve_pipe_socket_dir (as defined in the
|
||||||
|
# plugin {} section above)
|
||||||
|
#unix_listener sieve-pipe/do-something {
|
||||||
|
# LDA/LMTP must have access
|
||||||
|
# user = vmail
|
||||||
|
# mode = 0600
|
||||||
|
#}
|
||||||
|
#}
|
||||||
|
|
105
docker/mail/rootfs/etc/mail/dovecot/90-sieve.conf
Normal file
105
docker/mail/rootfs/etc/mail/dovecot/90-sieve.conf
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
##
|
||||||
|
## Settings for the Sieve interpreter
|
||||||
|
##
|
||||||
|
|
||||||
|
# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
|
||||||
|
# by adding it to the respective mail_plugins= settings.
|
||||||
|
|
||||||
|
plugin {
|
||||||
|
# The path to the user's main active script. If ManageSieve is used, this the
|
||||||
|
# location of the symbolic link controlled by ManageSieve.
|
||||||
|
sieve = ~/.dovecot.sieve
|
||||||
|
|
||||||
|
# The default Sieve script when the user has none. This is a path to a global
|
||||||
|
# sieve script file, which gets executed ONLY if user's private Sieve script
|
||||||
|
# doesn't exist. Be sure to pre-compile this script manually using the sievec
|
||||||
|
# command line tool.
|
||||||
|
# --> See sieve_before fore executing scripts before the user's personal
|
||||||
|
# script.
|
||||||
|
#sieve_default = /var/lib/dovecot/sieve/default.sieve
|
||||||
|
|
||||||
|
# Directory for :personal include scripts for the include extension. This
|
||||||
|
# is also where the ManageSieve service stores the user's scripts.
|
||||||
|
sieve_dir = ~/sieve
|
||||||
|
|
||||||
|
# Directory for :global include scripts for the include extension.
|
||||||
|
#sieve_global_dir =
|
||||||
|
|
||||||
|
# Path to a script file or a directory containing script files that need to be
|
||||||
|
# executed before the user's script. If the path points to a directory, all
|
||||||
|
# the Sieve scripts contained therein (with the proper .sieve extension) are
|
||||||
|
# executed. The order of execution within a directory is determined by the
|
||||||
|
# file names, using a normal 8bit per-character comparison. Multiple script
|
||||||
|
# file or directory paths can be specified by appending an increasing number.
|
||||||
|
#sieve_before =
|
||||||
|
#sieve_before2 =
|
||||||
|
#sieve_before3 = (etc...)
|
||||||
|
|
||||||
|
# Identical to sieve_before, only the specified scripts are executed after the
|
||||||
|
# user's script (only when keep is still in effect!). Multiple script file or
|
||||||
|
# directory paths can be specified by appending an increasing number.
|
||||||
|
#sieve_after =
|
||||||
|
#sieve_after2 =
|
||||||
|
#sieve_after2 = (etc...)
|
||||||
|
|
||||||
|
# Which Sieve language extensions are available to users. By default, all
|
||||||
|
# supported extensions are available, except for deprecated extensions or
|
||||||
|
# those that are still under development. Some system administrators may want
|
||||||
|
# to disable certain Sieve extensions or enable those that are not available
|
||||||
|
# by default. This setting can use '+' and '-' to specify differences relative
|
||||||
|
# to the default. For example `sieve_extensions = +imapflags' will enable the
|
||||||
|
# deprecated imapflags extension in addition to all extensions were already
|
||||||
|
# enabled by default.
|
||||||
|
#sieve_extensions = +notify +imapflags
|
||||||
|
|
||||||
|
# Which Sieve language extensions are ONLY available in global scripts. This
|
||||||
|
# can be used to restrict the use of certain Sieve extensions to administrator
|
||||||
|
# control, for instance when these extensions can cause security concerns.
|
||||||
|
# This setting has higher precedence than the `sieve_extensions' setting
|
||||||
|
# (above), meaning that the extensions enabled with this setting are never
|
||||||
|
# available to the user's personal script no matter what is specified for the
|
||||||
|
# `sieve_extensions' setting. The syntax of this setting is similar to the
|
||||||
|
# `sieve_extensions' setting, with the difference that extensions are
|
||||||
|
# enabled or disabled for exclusive use in global scripts. Currently, no
|
||||||
|
# extensions are marked as such by default.
|
||||||
|
#sieve_global_extensions =
|
||||||
|
|
||||||
|
# The Pigeonhole Sieve interpreter can have plugins of its own. Using this
|
||||||
|
# setting, the used plugins can be specified. Check the Dovecot wiki
|
||||||
|
# (wiki2.dovecot.org) or the pigeonhole website
|
||||||
|
# (http://pigeonhole.dovecot.org) for available plugins.
|
||||||
|
# The sieve_extprograms plugin is included in this release.
|
||||||
|
#sieve_plugins =
|
||||||
|
|
||||||
|
# The separator that is expected between the :user and :detail
|
||||||
|
# address parts introduced by the subaddress extension. This may
|
||||||
|
# also be a sequence of characters (e.g. '--'). The current
|
||||||
|
# implementation looks for the separator from the left of the
|
||||||
|
# localpart and uses the first one encountered. The :user part is
|
||||||
|
# left of the separator and the :detail part is right. This setting
|
||||||
|
# is also used by Dovecot's LMTP service.
|
||||||
|
#recipient_delimiter = +
|
||||||
|
|
||||||
|
# The maximum size of a Sieve script. The compiler will refuse to compile any
|
||||||
|
# script larger than this limit. If set to 0, no limit on the script size is
|
||||||
|
# enforced.
|
||||||
|
#sieve_max_script_size = 1M
|
||||||
|
|
||||||
|
# The maximum number of actions that can be performed during a single script
|
||||||
|
# execution. If set to 0, no limit on the total number of actions is enforced.
|
||||||
|
#sieve_max_actions = 32
|
||||||
|
|
||||||
|
# The maximum number of redirect actions that can be performed during a single
|
||||||
|
# script execution. If set to 0, no redirect actions are allowed.
|
||||||
|
#sieve_max_redirects = 4
|
||||||
|
|
||||||
|
# The maximum number of personal Sieve scripts a single user can have. If set
|
||||||
|
# to 0, no limit on the number of scripts is enforced.
|
||||||
|
# (Currently only relevant for ManageSieve)
|
||||||
|
#sieve_quota_max_scripts = 0
|
||||||
|
|
||||||
|
# The maximum amount of disk storage a single user's scripts may occupy. If
|
||||||
|
# set to 0, no limit on the used amount of disk storage is enforced.
|
||||||
|
# (Currently only relevant for ManageSieve)
|
||||||
|
#sieve_quota_max_storage = 0
|
||||||
|
}
|
|
@ -7,8 +7,8 @@ ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
|
||||||
|
|
||||||
listen = *, ::
|
listen = *, ::
|
||||||
dict {
|
dict {
|
||||||
#quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
|
#quota = mysql:/etc/mail/dovecot/dovecot-dict-sql.conf.ext
|
||||||
#expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
|
#expire = sqlite:/etc/mail/dovecot/dovecot-dict-sql.conf.ext
|
||||||
}
|
}
|
||||||
|
|
||||||
disable_plaintext_auth = no
|
disable_plaintext_auth = no
|
13
docker/mail/rootfs/etc/mail/opendkim/TrustedHosts
Normal file
13
docker/mail/rootfs/etc/mail/opendkim/TrustedHosts
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
# OPENDKIM TRUSTED HOSTS
|
||||||
|
# To use this file, uncomment the #ExternalIgnoreList and/or the #InternalHosts
|
||||||
|
# option in /etc/mail/opendkim.conf then restart OpenDKIM. Additional hosts
|
||||||
|
# may be added on separate lines (IP addresses, hostnames, or CIDR ranges).
|
||||||
|
# The localhost IP (127.0.0.1) should always be the first entry in this file.
|
||||||
|
127.0.0.1
|
||||||
|
::1
|
||||||
|
172.17.0.0/16
|
||||||
|
fe80::/64
|
||||||
|
#HOSTNAME
|
||||||
|
|
||||||
|
#host.example.com
|
||||||
|
#192.168.1.0/24
|
128
docker/mail/rootfs/etc/mail/opendkim/opendkim.conf
Normal file
128
docker/mail/rootfs/etc/mail/opendkim/opendkim.conf
Normal file
|
@ -0,0 +1,128 @@
|
||||||
|
## BASIC OPENDKIM CONFIGURATION FILE
|
||||||
|
## See opendkim.conf(5) or /usr/share/doc/opendkim/opendkim.conf.sample for more
|
||||||
|
|
||||||
|
## BEFORE running OpenDKIM you must:
|
||||||
|
|
||||||
|
## - make your MTA (Postfix, Sendmail, etc.) aware of OpenDKIM
|
||||||
|
## - generate keys for your domain (if signing)
|
||||||
|
## - edit your DNS records to publish your public keys (if signing)
|
||||||
|
|
||||||
|
## See /usr/share/doc/opendkim/INSTALL for detailed instructions.
|
||||||
|
|
||||||
|
## DEPRECATED CONFIGURATION OPTIONS
|
||||||
|
##
|
||||||
|
## The following configuration options are no longer valid. They should be
|
||||||
|
## removed from your existing configuration file to prevent potential issues.
|
||||||
|
## Failure to do so may result in opendkim being unable to start.
|
||||||
|
##
|
||||||
|
## Removed in 2.10.0:
|
||||||
|
## AddAllSignatureResults
|
||||||
|
## ADSPAction
|
||||||
|
## ADSPNoSuchDomain
|
||||||
|
## BogusPolicy
|
||||||
|
## DisableADSP
|
||||||
|
## LDAPSoftStart
|
||||||
|
## LocalADSP
|
||||||
|
## NoDiscardableMailTo
|
||||||
|
## On-PolicyError
|
||||||
|
## SendADSPReports
|
||||||
|
## UnprotectedPolicy
|
||||||
|
|
||||||
|
## CONFIGURATION OPTIONS
|
||||||
|
|
||||||
|
## Specifies the path to the process ID file.
|
||||||
|
PidFile /var/run/opendkim/opendkim.pid
|
||||||
|
|
||||||
|
## Selects operating modes. Valid modes are s (sign) and v (verify). Default is v.
|
||||||
|
## Must be changed to s (sign only) or sv (sign and verify) in order to sign outgoing
|
||||||
|
## messages.
|
||||||
|
Mode s
|
||||||
|
|
||||||
|
## Log activity to the system log.
|
||||||
|
Syslog yes
|
||||||
|
|
||||||
|
## Log additional entries indicating successful signing or verification of messages.
|
||||||
|
SyslogSuccess yes
|
||||||
|
|
||||||
|
## If logging is enabled, include detailed logging about why or why not a message was
|
||||||
|
## signed or verified. This causes an increase in the amount of log data generated
|
||||||
|
## for each message, so set this to No (or comment it out) if it gets too noisy.
|
||||||
|
LogWhy yes
|
||||||
|
|
||||||
|
## Attempt to become the specified user before starting operations.
|
||||||
|
UserID opendkim:opendkim
|
||||||
|
|
||||||
|
## Create a socket through which your MTA can communicate.
|
||||||
|
Socket inet:8891@localhost
|
||||||
|
|
||||||
|
## Required to use local socket with MTAs that access the socket as a non-
|
||||||
|
## privileged user (e.g. Postfix)
|
||||||
|
Umask 002
|
||||||
|
|
||||||
|
## This specifies a text file in which to store DKIM transaction statistics.
|
||||||
|
## OpenDKIM must be manually compiled with --enable-stats to enable this feature.
|
||||||
|
# Statistics /var/spool/opendkim/stats.dat
|
||||||
|
|
||||||
|
## Specifies whether or not the filter should generate report mail back
|
||||||
|
## to senders when verification fails and an address for such a purpose
|
||||||
|
## is provided. See opendkim.conf(5) for details.
|
||||||
|
# SendReports yes
|
||||||
|
|
||||||
|
## Specifies the sending address to be used on From: headers of outgoing
|
||||||
|
## failure reports. By default, the e-mail address of the user executing
|
||||||
|
## the filter is used (executing_user@hostname).
|
||||||
|
# ReportAddress "Example.com Postmaster" <postmaster@example.com>
|
||||||
|
|
||||||
|
## Add a DKIM-Filter header field to messages passing through this filter
|
||||||
|
## to identify messages it has processed.
|
||||||
|
SoftwareHeader yes
|
||||||
|
|
||||||
|
## SIGNING OPTIONS
|
||||||
|
|
||||||
|
## Selects the canonicalization method(s) to be used when signing messages.
|
||||||
|
Canonicalization relaxed/simple
|
||||||
|
|
||||||
|
## Domain(s) whose mail should be signed by this filter. Mail from other domains will
|
||||||
|
## be verified rather than being signed. Uncomment and use your domain name.
|
||||||
|
## This parameter is not required if a SigningTable is in use.
|
||||||
|
Domain file:/etc/mail/domains
|
||||||
|
|
||||||
|
|
||||||
|
## Defines the name of the selector to be used when signing messages.
|
||||||
|
Selector default
|
||||||
|
|
||||||
|
## Specifies the minimum number of key bits for acceptable keys and signatures.
|
||||||
|
MinimumKeyBits 1024
|
||||||
|
|
||||||
|
## Gives the location of a private key to be used for signing ALL messages. This
|
||||||
|
## directive is ignored if KeyTable is enabled.
|
||||||
|
KeyFile /var/opendkim/keys/default.private
|
||||||
|
|
||||||
|
## Gives the location of a file mapping key names to signing keys. In simple terms,
|
||||||
|
## this tells OpenDKIM where to find your keys. If present, overrides any KeyFile
|
||||||
|
## directive in the configuration file. Requires SigningTable be enabled.
|
||||||
|
# KeyTable /etc/mail/opendkim/KeyTable
|
||||||
|
|
||||||
|
## Defines a table used to select one or more signatures to apply to a message based
|
||||||
|
## on the address found in the From: header field. In simple terms, this tells
|
||||||
|
## OpenDKIM how to use your keys. Requires KeyTable be enabled.
|
||||||
|
# SigningTable refile:/etc/mail/opendkim/SigningTable
|
||||||
|
|
||||||
|
## Identifies a set of "external" hosts that may send mail through the server as one
|
||||||
|
## of the signing domains without credentials as such.
|
||||||
|
# ExternalIgnoreList refile:/etc/mail/opendkim/TrustedHosts
|
||||||
|
|
||||||
|
## Identifies a set "internal" hosts whose mail should be signed rather than verified.
|
||||||
|
InternalHosts refile:/etc/mail/opendkim/TrustedHosts
|
||||||
|
|
||||||
|
## Contains a list of IP addresses, CIDR blocks, hostnames or domain names
|
||||||
|
## whose mail should be neither signed nor verified by this filter. See man
|
||||||
|
## page for file format.
|
||||||
|
# PeerList X.X.X.X
|
||||||
|
|
||||||
|
## Always oversign From (sign using actual From and a null From to prevent
|
||||||
|
## malicious signatures header fields (From and/or others) between the signer
|
||||||
|
## and the verifier. From is oversigned by default in the Fedora package
|
||||||
|
## because it is often the identity key used by reputation systems and thus
|
||||||
|
## somewhat security sensitive.
|
||||||
|
OversignHeaders From
|
77
docker/mail/rootfs/etc/mail/postfix/main.cf
Normal file
77
docker/mail/rootfs/etc/mail/postfix/main.cf
Normal file
|
@ -0,0 +1,77 @@
|
||||||
|
## STANDARD POSTFIX CONFIG PARAMS ###
|
||||||
|
|
||||||
|
queue_directory = /var/spool/postfix
|
||||||
|
command_directory = /usr/sbin
|
||||||
|
daemon_directory = /usr/lib/postfix/sbin
|
||||||
|
data_directory = /var/lib/postfix
|
||||||
|
mail_owner = postfix
|
||||||
|
myhostname = %MAIL_HOSTNAME%
|
||||||
|
mydomain = %MAIL_HOSTNAME_FQDN%
|
||||||
|
myorigin = $myhostname
|
||||||
|
inet_interfaces = all
|
||||||
|
inet_protocols = all
|
||||||
|
mydestination = $myhostname, localhost.$mydomain, localhost
|
||||||
|
unknown_local_recipient_reject_code = 550
|
||||||
|
mynetworks = 127.0.0.0/8, [::1]/128
|
||||||
|
alias_maps = hash:/etc/mail/postfix/aliases
|
||||||
|
|
||||||
|
mailbox_command = /usr/lib/dovecot/deliver
|
||||||
|
|
||||||
|
debug_peer_level = 2
|
||||||
|
debugger_command =
|
||||||
|
PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
|
||||||
|
ddd $daemon_directory/$process_name $process_id & sleep 5
|
||||||
|
sendmail_path = /usr/sbin/sendmail.postfix
|
||||||
|
newaliases_path = /usr/bin/newaliases.postfix
|
||||||
|
mailq_path = /usr/bin/mailq.postfix
|
||||||
|
setgid_group = postdrop
|
||||||
|
html_directory = no
|
||||||
|
manpage_directory = /usr/share/man
|
||||||
|
sample_directory = /usr/share/doc/postfix-2.10.1/samples
|
||||||
|
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
|
||||||
|
|
||||||
|
smtp_tls_security_level = may
|
||||||
|
smtp_tls_loglevel = 1
|
||||||
|
smtp_tls_protocols = !SSLv2
|
||||||
|
smtp_tls_exclude_ciphers = EXPORT, LOW
|
||||||
|
|
||||||
|
### VIRTUAL MAIL CONFIG PARAMS ###
|
||||||
|
relay_domains = *
|
||||||
|
virtual_alias_maps = hash:/etc/mail/aliases
|
||||||
|
virtual_mailbox_domains = hash:/etc/mail/domains
|
||||||
|
virtual_mailbox_maps = hash:/etc/mail/mailboxes
|
||||||
|
|
||||||
|
virtual_mailbox_base = /var/mail
|
||||||
|
virtual_minimum_uid = 2222
|
||||||
|
virtual_transport = dovecot
|
||||||
|
virtual_uid_maps = static:2222
|
||||||
|
virtual_gid_maps = static:2222
|
||||||
|
|
||||||
|
dovecot_destination_recipient_limit = 1
|
||||||
|
|
||||||
|
milter_protocol = 2
|
||||||
|
milter_default_action = accept
|
||||||
|
smtpd_milters = inet:localhost:8891
|
||||||
|
non_smtpd_milters = inet:localhost:8891
|
||||||
|
|
||||||
|
smtpd_sasl_auth_enable = yes
|
||||||
|
smtpd_sasl_type = dovecot
|
||||||
|
smtpd_sasl_path = /var/run/dovecot/auth-client
|
||||||
|
smtpd_sasl_security_options = noanonymous
|
||||||
|
smtpd_sasl_tls_security_options = $smtpd_sasl_security_options
|
||||||
|
smtpd_sasl_local_domain = $mydomain
|
||||||
|
broken_sasl_auth_clients = yes
|
||||||
|
|
||||||
|
smtpd_tls_security_level = may
|
||||||
|
smtpd_tls_key_file = /etc/ssl/mail.key
|
||||||
|
smtpd_tls_cert_file = /etc/ssl/mail.crt
|
||||||
|
smtpd_tls_loglevel = 1
|
||||||
|
smtpd_tls_session_cache_timeout = 3600s
|
||||||
|
smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
|
||||||
|
smtpd_tls_protocols = $smtp_tls_protocols
|
||||||
|
tls_random_source = dev:/dev/urandom
|
||||||
|
tls_random_exchange_name = /var/lib/postfix/prng_exch
|
||||||
|
smtpd_tls_auth_only = yes
|
||||||
|
|
||||||
|
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
||||||
|
smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
|
126
docker/mail/rootfs/etc/mail/postfix/master.cf
Normal file
126
docker/mail/rootfs/etc/mail/postfix/master.cf
Normal file
|
@ -0,0 +1,126 @@
|
||||||
|
#
|
||||||
|
# Postfix master process configuration file. For details on the format
|
||||||
|
# of the file, see the master(5) manual page (command: "man 5 master").
|
||||||
|
#
|
||||||
|
# Do not forget to execute "postfix reload" after editing this file.
|
||||||
|
#
|
||||||
|
# ==========================================================================
|
||||||
|
# service type private unpriv chroot wakeup maxproc command + args
|
||||||
|
# (yes) (yes) (yes) (never) (100)
|
||||||
|
# ==========================================================================
|
||||||
|
smtp inet n - n - - smtpd
|
||||||
|
#smtp inet n - n - 1 postscreen
|
||||||
|
#smtpd pass - - n - - smtpd
|
||||||
|
#dnsblog unix - - n - 0 dnsblog
|
||||||
|
#tlsproxy unix - - n - 0 tlsproxy
|
||||||
|
submission inet n - n - - smtpd
|
||||||
|
# -o syslog_name=postfix/submission
|
||||||
|
# -o smtpd_tls_security_level=encrypt
|
||||||
|
# -o smtpd_sasl_auth_enable=yes
|
||||||
|
# -o smtpd_reject_unlisted_recipient=no
|
||||||
|
# -o smtpd_client_restrictions=$mua_client_restrictions
|
||||||
|
# -o smtpd_helo_restrictions=$mua_helo_restrictions
|
||||||
|
# -o smtpd_sender_restrictions=$mua_sender_restrictions
|
||||||
|
# -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||||
|
# -o milter_macro_daemon_name=ORIGINATING
|
||||||
|
smtps inet n - n - - smtpd
|
||||||
|
-o syslog_name=postfix/smtps
|
||||||
|
-o smtpd_tls_wrappermode=yes
|
||||||
|
-o smtpd_sasl_auth_enable=yes
|
||||||
|
-o smtpd_reject_unlisted_recipient=no
|
||||||
|
-o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
|
||||||
|
-o milter_macro_daemon_name=ORIGINATING
|
||||||
|
#628 inet n - n - - qmqpd
|
||||||
|
pickup unix n - n 60 1 pickup
|
||||||
|
cleanup unix n - n - 0 cleanup
|
||||||
|
qmgr unix n - n 300 1 qmgr
|
||||||
|
#qmgr unix n - n 300 1 oqmgr
|
||||||
|
tlsmgr unix - - n 1000? 1 tlsmgr
|
||||||
|
rewrite unix - - n - - trivial-rewrite
|
||||||
|
bounce unix - - n - 0 bounce
|
||||||
|
defer unix - - n - 0 bounce
|
||||||
|
trace unix - - n - 0 bounce
|
||||||
|
verify unix - - n - 1 verify
|
||||||
|
flush unix n - n 1000? 0 flush
|
||||||
|
proxymap unix - - n - - proxymap
|
||||||
|
proxywrite unix - - n - 1 proxymap
|
||||||
|
smtp unix - - n - - smtp
|
||||||
|
relay unix - - n - - smtp
|
||||||
|
# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
|
||||||
|
showq unix n - n - - showq
|
||||||
|
error unix - - n - - error
|
||||||
|
retry unix - - n - - error
|
||||||
|
discard unix - - n - - discard
|
||||||
|
local unix - n n - - local
|
||||||
|
virtual unix - n n - - virtual
|
||||||
|
lmtp unix - - n - - lmtp
|
||||||
|
anvil unix - - n - 1 anvil
|
||||||
|
scache unix - - n - 1 scache
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
# Interfaces to non-Postfix software. Be sure to examine the manual
|
||||||
|
# pages of the non-Postfix software to find out what options it wants.
|
||||||
|
#
|
||||||
|
# Many of the following services use the Postfix pipe(8) delivery
|
||||||
|
# agent. See the pipe(8) man page for information about ${recipient}
|
||||||
|
# and other message envelope options.
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# maildrop. See the Postfix MAILDROP_README file for details.
|
||||||
|
# Also specify in main.cf: maildrop_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#maildrop unix - n n - - pipe
|
||||||
|
# flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
|
||||||
|
#
|
||||||
|
# Specify in cyrus.conf:
|
||||||
|
# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
|
||||||
|
#
|
||||||
|
# Specify in main.cf one or more of the following:
|
||||||
|
# mailbox_transport = lmtp:inet:localhost
|
||||||
|
# virtual_transport = lmtp:inet:localhost
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Cyrus 2.1.5 (Amos Gouaux)
|
||||||
|
# Also specify in main.cf: cyrus_destination_recipient_limit=1
|
||||||
|
#
|
||||||
|
#cyrus unix - n n - - pipe
|
||||||
|
# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Old example of delivery via Cyrus.
|
||||||
|
#
|
||||||
|
#old-cyrus unix - n n - - pipe
|
||||||
|
# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user}
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# See the Postfix UUCP_README file for configuration details.
|
||||||
|
#
|
||||||
|
#uucp unix - n n - - pipe
|
||||||
|
# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
|
||||||
|
#
|
||||||
|
# ====================================================================
|
||||||
|
#
|
||||||
|
# Other external delivery methods.
|
||||||
|
#
|
||||||
|
#ifmail unix - n n - - pipe
|
||||||
|
# flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
|
||||||
|
#
|
||||||
|
#bsmtp unix - n n - - pipe
|
||||||
|
# flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient
|
||||||
|
#
|
||||||
|
#scalemail-backend unix - n n - 2 pipe
|
||||||
|
# flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store
|
||||||
|
# ${nexthop} ${user} ${extension}
|
||||||
|
#
|
||||||
|
#mailman unix - n n - - pipe
|
||||||
|
# flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
|
||||||
|
# ${nexthop} ${user}
|
||||||
|
dovecot unix - n n - - pipe
|
||||||
|
flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
|
91
docker/mail/rootfs/etc/mail/rsyslogd/rsyslog.conf
Normal file
91
docker/mail/rootfs/etc/mail/rsyslogd/rsyslog.conf
Normal file
|
@ -0,0 +1,91 @@
|
||||||
|
# rsyslog configuration file
|
||||||
|
|
||||||
|
# For more information see /usr/share/doc/rsyslog-*/rsyslog_conf.html
|
||||||
|
# If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
|
||||||
|
|
||||||
|
#### MODULES ####
|
||||||
|
|
||||||
|
# The imjournal module bellow is now used as a message source instead of imuxsock.
|
||||||
|
$ModLoad imuxsock # provides support for local system logging (e.g. via logger command)
|
||||||
|
#$ModLoad imjournal # provides access to the systemd journal
|
||||||
|
#$ModLoad imklog # reads kernel messages (the same are read from journald)
|
||||||
|
#$ModLoad immark # provides --MARK-- message capability
|
||||||
|
|
||||||
|
# Provides UDP syslog reception
|
||||||
|
#$ModLoad imudp
|
||||||
|
#$UDPServerRun 514
|
||||||
|
|
||||||
|
# Provides TCP syslog reception
|
||||||
|
#$ModLoad imtcp
|
||||||
|
#$InputTCPServerRun 514
|
||||||
|
|
||||||
|
|
||||||
|
#### GLOBAL DIRECTIVES ####
|
||||||
|
|
||||||
|
# Where to place auxiliary files
|
||||||
|
#$WorkDirectory /var/lib/rsyslog
|
||||||
|
|
||||||
|
# Use default timestamp format
|
||||||
|
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
|
||||||
|
|
||||||
|
# File syncing capability is disabled by default. This feature is usually not required,
|
||||||
|
# not useful and an extreme performance hit
|
||||||
|
#$ActionFileEnableSync on
|
||||||
|
|
||||||
|
# Include all config files in /etc/mail/rsyslog.d/
|
||||||
|
$IncludeConfig /etc/mail/rsyslog.d/*.conf
|
||||||
|
|
||||||
|
# Turn off message reception via local log socket;
|
||||||
|
# local messages are retrieved through imjournal now.
|
||||||
|
$OmitLocalLogging off
|
||||||
|
|
||||||
|
# File to store the position in the journal
|
||||||
|
# $IMJournalStateFile imjournal.state
|
||||||
|
|
||||||
|
|
||||||
|
#### RULES ####
|
||||||
|
|
||||||
|
# Log all kernel messages to the console.
|
||||||
|
# Logging much else clutters up the screen.
|
||||||
|
#kern.* /dev/console
|
||||||
|
|
||||||
|
# Log anything (except mail) of level info or higher.
|
||||||
|
# Don't log private authentication messages!
|
||||||
|
*.info;mail.none;authpriv.none;cron.none /var/log/messages
|
||||||
|
|
||||||
|
# The authpriv file has restricted access.
|
||||||
|
authpriv.* /var/log/secure
|
||||||
|
|
||||||
|
# Log all the mail messages in one place.
|
||||||
|
mail.* -/var/log/maillog
|
||||||
|
|
||||||
|
|
||||||
|
# Log cron stuff
|
||||||
|
cron.* /var/log/cron
|
||||||
|
|
||||||
|
# Everybody gets emergency messages
|
||||||
|
*.emerg :omusrmsg:*
|
||||||
|
|
||||||
|
# Save news errors of level crit and higher in a special file.
|
||||||
|
uucp,news.crit /var/log/spooler
|
||||||
|
|
||||||
|
# Save boot messages also to boot.log
|
||||||
|
local7.* /var/log/boot.log
|
||||||
|
|
||||||
|
|
||||||
|
# ### begin forwarding rule ###
|
||||||
|
# The statement between the begin ... end define a SINGLE forwarding
|
||||||
|
# rule. They belong together, do NOT split them. If you create multiple
|
||||||
|
# forwarding rules, duplicate the whole block!
|
||||||
|
# Remote Logging (we use TCP for reliable delivery)
|
||||||
|
#
|
||||||
|
# An on-disk queue is created for this action. If the remote host is
|
||||||
|
# down, messages are spooled to disk and sent when it is up again.
|
||||||
|
#$ActionQueueFileName fwdRule1 # unique name prefix for spool files
|
||||||
|
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
||||||
|
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
||||||
|
#$ActionQueueType LinkedList # run asynchronously
|
||||||
|
#$ActionResumeRetryCount -1 # infinite retries if host is down
|
||||||
|
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
||||||
|
#*.* @@remote-host:514
|
||||||
|
# ### end of the forwarding rule ###
|
46
docker/mail/rootfs/etc/mail/supervisord/supervisord.conf
Normal file
46
docker/mail/rootfs/etc/mail/supervisord/supervisord.conf
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
[unix_http_server]
|
||||||
|
file=/tmp/supervisor.sock
|
||||||
|
|
||||||
|
[supervisord]
|
||||||
|
nodaemon=true
|
||||||
|
user=root
|
||||||
|
loglevel=warn
|
||||||
|
|
||||||
|
[supervisorctl]
|
||||||
|
serverurl=unix:///tmp/supervisor.sock
|
||||||
|
user=root
|
||||||
|
|
||||||
|
[rpcinterface:supervisor]
|
||||||
|
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
|
||||||
|
|
||||||
|
[program:opendkim]
|
||||||
|
autostart=false
|
||||||
|
autorestart=true
|
||||||
|
stdout_logfile=/dev/fd/1
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
redirect_stderr=true
|
||||||
|
command=/usr/sbin/opendkim -x /etc/mail/opendkim/opendkim.conf
|
||||||
|
|
||||||
|
[program:postfix]
|
||||||
|
autostart=false
|
||||||
|
autorestart=true
|
||||||
|
stdout_logfile=/dev/fd/1
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
redirect_stderr=true
|
||||||
|
command=postfix -c /etc/mail/postfix/postfix.conf
|
||||||
|
|
||||||
|
[program:dovecot]
|
||||||
|
autostart=false
|
||||||
|
autorestart=true
|
||||||
|
stdout_logfile=/dev/fd/1
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
redirect_stderr=true
|
||||||
|
command=dovecot -c /etc/mail/dovecot/dovecot.conf
|
||||||
|
|
||||||
|
[program:rsyslog]
|
||||||
|
autostart=false
|
||||||
|
autorestart=true
|
||||||
|
stdout_logfile=/dev/fd/1
|
||||||
|
stdout_logfile_maxbytes=0
|
||||||
|
redirect_stderr=true
|
||||||
|
command=rsyslog -f /etc/mail/rsyslogd/rsyslog.conf
|
|
@ -1,32 +1,24 @@
|
||||||
#!/bin/sh
|
#!/bin/sh
|
||||||
|
|
||||||
CERTBOT="/etc/letsencrypt/live/$domain/fullchain.pem"
|
|
||||||
KEYBOT="/etc/letsencrypt/live/$domain/privkey.pem"
|
|
||||||
|
|
||||||
# Config postfix
|
# Config postfix
|
||||||
postconf -e myhostname="$MAILNAME"
|
postconf -e myhostname="$MAILNAME"
|
||||||
postconf -e mydomain="$DOMAINNAME"
|
postconf -e mydomain="$DOMAINNAME"
|
||||||
postconf -e smtpd_tls_cert_file="$CERTBOT"
|
postconf -e smtpd_tls_cert_file="$SSL_CERT"
|
||||||
postconf -e smtpd_tls_key_file="$KEYBOT"
|
postconf -e smtpd_tls_key_file="$SSL_KEY"
|
||||||
|
|
||||||
# Config dovecot
|
# Config dovecot
|
||||||
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$CERTBOT#" /etc/dovecot/dovecot.conf
|
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$SSL_CERT#" /etc/mail/dovecot/dovecot.conf
|
||||||
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$KEYBOT#" /etc/dovecot/dovecot.conf
|
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$SSL_KEY#" /etc/mail/dovecot/dovecot.conf
|
||||||
sed -i -e "s#^\s*hostname\s*=.*#hostname = $MAILNAME#" /etc/dovecot/dovecot.conf
|
sed -i -e "s#^\s*hostname\s*=.*#hostname = $MAILNAME#" /etc/mail/dovecot/dovecot.conf
|
||||||
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = $POSTMASTER#" /etc/dovecot/dovecot.conf
|
sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = $POSTMASTER#" /etc/mail/dovecot/dovecot.conf
|
||||||
|
|
||||||
# Config dkim
|
# Config dkim
|
||||||
sed -i -e "s/#HOSTNAME/$MAILNAME/" /etc/opendkim/TrustedHosts
|
sed -i -e "s/#HOSTNAME/$MAILNAME/" /etc/mail/opendkim/TrustedHosts
|
||||||
|
|
||||||
# Run openssl
|
# Run openssl
|
||||||
if [ $signed -eq 0 ]
|
if [ ! -e "$SSL_CERT" ]
|
||||||
then
|
then
|
||||||
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout "$SSL_KEY" -out "$SSL_CERT" \
|
mkdir -p "$(dirname $SSL_CERT)" "$(dirname $SSL_KEY)"
|
||||||
-subj "/C=UK/ST=England/L=London/O=OrgName/OU=IT Department/CN=$MAILNAME"
|
openssl req -x509 -nodes -newkey rsa:2018 -days 365 -keyout "$SSL_CERT" -out "$SSL_KEY"
|
||||||
postconf -e smtpd_tls_cert_file="$SSL_CERT"
|
|
||||||
postconf -e smtpd_tls_key_file="$SSL_KEY"
|
|
||||||
sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <$SSL_CERT#" /etc/dovecot/dovecot.conf
|
|
||||||
sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <$SSL_KEY#" /etc/dovecot/dovecot.conf
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Run opendkim
|
# Run opendkim
|
||||||
|
@ -45,8 +37,8 @@ fi
|
||||||
|
|
||||||
|
|
||||||
# Start services
|
# Start services
|
||||||
rsyslogd -f /etc/rsyslogd/rsyslog.conf
|
rsyslogd -f /etc/mail/rsyslogd/rsyslog.conf
|
||||||
/usr/sbin/opendkim -x /etc/opendkim/opendkim.conf
|
/usr/sbin/opendkim -x /etc/mail/opendkim/opendkim.conf
|
||||||
/usr/sbin/dovecot -c /etc/dovecot/dovecot.conf
|
/usr/sbin/dovecot -c /etc/mail/dovecot/dovecot.conf
|
||||||
/usr/sbin/postfix start -c /etc/postfix
|
/usr/sbin/postfix start -c /etc/mail/postfix
|
||||||
supervisord -c /etc/supervisord/supervisord.conf
|
supervisord -c /etc/mail/supervisord/supervisord.conf
|
||||||
|
|
Loading…
Reference in New Issue
Block a user