Browse Source

Initial commit

master
Fábio Kaiser Rauber 8 years ago
parent
commit
87b0b35d80
  1. 10
      Dockerfile
  2. 57
      conf/main.cf
  3. 42
      conf/master.cf
  4. 17
      conf/outclean_header_filter
  5. 4
      rsyslog.conf
  6. 33
      start.sh

10
Dockerfile

@ -0,0 +1,10 @@
FROM alpine
RUN apk add --no-cache bash postfix postfix-pcre rsyslog
COPY conf /etc/postfix
COPY rsyslog.conf /etc/rsyslog.conf
COPY start.sh /start.sh
CMD ["/start.sh"]

57
conf/main.cf

@ -0,0 +1,57 @@
###############
# General
###############
# Main domain and hostname
mydomain = {{ DOMAIN }}
myhostname = {{ HOSTNAME }}
myorigin = $mydomain
# Message size limit
message_size_limit = {{ MESSAGE_SIZE_LIMIT }}
# Relayed networks
mynetworks = 127.0.0.1/32 [::1]/128 {{ RELAYNETS }}
# Empty alias list to override the configuration variable and disable NIS
alias_maps =
# Only accept virtual emails
mydestination =
# Relayhost if any is configured
relayhost = {{ RELAYHOST }}
###############
# Restrictions
###############
# Delay all rejects until all information can be logged
smtpd_delay_reject = yes
# Allowed senders are: the user or one of the alias destinations
smtpd_sender_login_maps = $virtual_alias_maps
# Helo restrictions are specified for smtp only in master.cf
smtpd_helo_required = yes
# Sender restrictions
smtpd_sender_restrictions =
permit_mynetworks,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
reject_unlisted_sender,
reject_sender_login_mismatch,
permit
# Recipient restrictions:
smtpd_recipient_restrictions =
reject_unauth_pipelining,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
permit_mynetworks,
permit
###############
# Extra Settings
###############

42
conf/master.cf

@ -0,0 +1,42 @@
# service type private unpriv chroot wakeup maxproc command + args
# (yes) (yes) (yes) (never) (100)
# Exposed SMTP services
smtp inet n - n - - smtpd
-o smtpd_sender_restrictions=permit_mynetworks,permit
submission inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o cleanup_service_name=outclean
#smtps inet n - n - - smtpd
# -o smtpd_tls_security_level=encrypt
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_tls_wrappermode=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o cleanup_service_name=outclean
# Additional services
outclean unix n - n - 0 cleanup
-o header_checks=pcre:/etc/postfix/outclean_header_filter
# Internal postfix services
pickup unix n - n 60 1 pickup
cleanup unix n - n - 0 cleanup
qmgr unix n - n 300 1 qmgr
tlsmgr unix - - n 1000? 1 tlsmgr
rewrite unix - - n - - trivial-rewrite
bounce unix - - n - 0 bounce
defer unix - - n - 0 bounce
trace unix - - n - 0 bounce
verify unix - - n - 1 verify
flush unix n - n 1000? 0 flush
proxymap unix - - n - - proxymap
smtp unix - - n - - smtp
relay unix - - n - - smtp
error unix - - n - - error
retry unix - - n - - error
discard unix - - n - - discard
lmtp unix - - n - - lmtp
anvil unix - - n - 1 anvil
scache unix - - n - 1 scache

17
conf/outclean_header_filter

@ -0,0 +1,17 @@
# This configuration was copied from Mailinabox. The original version is available at:
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is
# where the user's home IP address would be.
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1
# Remove other typically private information.
/^\s*User-Agent:/ IGNORE
/^\s*X-Enigmail:/ IGNORE
/^\s*X-Mailer:/ IGNORE
/^\s*X-Originating-IP:/ IGNORE
/^\s*X-Pgp-Agent:/ IGNORE
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)).
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1

4
rsyslog.conf

@ -0,0 +1,4 @@
$ModLoad imuxsock
$template noTimestampFormat,"%syslogtag%%msg%\n"
$ActionFileDefaultTemplate noTimestampFormat
*.*;auth,authpriv.none /dev/stdout

33
start.sh

@ -0,0 +1,33 @@
#!/bin/bash
# Substitute configuration
for VARIABLE in `env | cut -f1 -d=`; do
sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /etc/postfix/*.cf
done
# Override Postfix configuration
if [ -f /overrides/postfix.cf ]; then
while read line; do
postconf -e "$line"
done < /overrides/postfix.cf
echo "Loaded '/overrides/postfix.cf'"
else
echo "No extra postfix settings loaded because optional '/overrides/postfix.cf' not provided."
fi
# Include table-map files
if ls -A /overrides/*.map 1> /dev/null 2>&1; then
cp /overrides/*.map /etc/postfix/
postmap /etc/postfix/*.map
rm /etc/postfix/*.map
chown root:root /etc/postfix/*.db
chmod 0600 /etc/postfix/*.db
echo "Loaded 'map files'"
else
echo "No extra map files loaded because optional '/overrides/*.map' not provided."
fi
# Actually run Postfix
rm -f /var/run/rsyslogd.pid
/usr/lib/postfix/master &
rsyslogd -n
Loading…
Cancel
Save