Fábio Kaiser Rauber
8 years ago
6 changed files with 163 additions and 0 deletions
@ -0,0 +1,10 @@ |
|||||
|
FROM alpine |
||||
|
|
||||
|
RUN apk add --no-cache bash postfix postfix-pcre rsyslog |
||||
|
|
||||
|
COPY conf /etc/postfix |
||||
|
COPY rsyslog.conf /etc/rsyslog.conf |
||||
|
|
||||
|
COPY start.sh /start.sh |
||||
|
|
||||
|
CMD ["/start.sh"] |
@ -0,0 +1,57 @@ |
|||||
|
############### |
||||
|
# General |
||||
|
############### |
||||
|
|
||||
|
# Main domain and hostname |
||||
|
mydomain = {{ DOMAIN }} |
||||
|
myhostname = {{ HOSTNAME }} |
||||
|
myorigin = $mydomain |
||||
|
|
||||
|
# Message size limit |
||||
|
message_size_limit = {{ MESSAGE_SIZE_LIMIT }} |
||||
|
|
||||
|
# Relayed networks |
||||
|
mynetworks = 127.0.0.1/32 [::1]/128 {{ RELAYNETS }} |
||||
|
|
||||
|
# Empty alias list to override the configuration variable and disable NIS |
||||
|
alias_maps = |
||||
|
|
||||
|
# Only accept virtual emails |
||||
|
mydestination = |
||||
|
|
||||
|
# Relayhost if any is configured |
||||
|
relayhost = {{ RELAYHOST }} |
||||
|
|
||||
|
############### |
||||
|
# Restrictions |
||||
|
############### |
||||
|
|
||||
|
# Delay all rejects until all information can be logged |
||||
|
smtpd_delay_reject = yes |
||||
|
|
||||
|
# Allowed senders are: the user or one of the alias destinations |
||||
|
smtpd_sender_login_maps = $virtual_alias_maps |
||||
|
|
||||
|
# Helo restrictions are specified for smtp only in master.cf |
||||
|
smtpd_helo_required = yes |
||||
|
|
||||
|
# Sender restrictions |
||||
|
smtpd_sender_restrictions = |
||||
|
permit_mynetworks, |
||||
|
reject_non_fqdn_sender, |
||||
|
reject_unknown_sender_domain, |
||||
|
reject_unlisted_sender, |
||||
|
reject_sender_login_mismatch, |
||||
|
permit |
||||
|
|
||||
|
# Recipient restrictions: |
||||
|
smtpd_recipient_restrictions = |
||||
|
reject_unauth_pipelining, |
||||
|
reject_non_fqdn_recipient, |
||||
|
reject_unknown_recipient_domain, |
||||
|
permit_mynetworks, |
||||
|
permit |
||||
|
|
||||
|
############### |
||||
|
# Extra Settings |
||||
|
############### |
@ -0,0 +1,42 @@ |
|||||
|
# service type private unpriv chroot wakeup maxproc command + args |
||||
|
# (yes) (yes) (yes) (never) (100) |
||||
|
|
||||
|
# Exposed SMTP services |
||||
|
smtp inet n - n - - smtpd |
||||
|
-o smtpd_sender_restrictions=permit_mynetworks,permit |
||||
|
submission inet n - n - - smtpd |
||||
|
# -o smtpd_tls_security_level=encrypt |
||||
|
# -o smtpd_sasl_auth_enable=yes |
||||
|
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
||||
|
-o cleanup_service_name=outclean |
||||
|
#smtps inet n - n - - smtpd |
||||
|
# -o smtpd_tls_security_level=encrypt |
||||
|
# -o smtpd_sasl_auth_enable=yes |
||||
|
# -o smtpd_tls_wrappermode=yes |
||||
|
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
||||
|
-o cleanup_service_name=outclean |
||||
|
|
||||
|
# Additional services |
||||
|
outclean unix n - n - 0 cleanup |
||||
|
-o header_checks=pcre:/etc/postfix/outclean_header_filter |
||||
|
|
||||
|
# Internal postfix services |
||||
|
pickup unix n - n 60 1 pickup |
||||
|
cleanup unix n - n - 0 cleanup |
||||
|
qmgr unix n - n 300 1 qmgr |
||||
|
tlsmgr unix - - n 1000? 1 tlsmgr |
||||
|
rewrite unix - - n - - trivial-rewrite |
||||
|
bounce unix - - n - 0 bounce |
||||
|
defer unix - - n - 0 bounce |
||||
|
trace unix - - n - 0 bounce |
||||
|
verify unix - - n - 1 verify |
||||
|
flush unix n - n 1000? 0 flush |
||||
|
proxymap unix - - n - - proxymap |
||||
|
smtp unix - - n - - smtp |
||||
|
relay unix - - n - - smtp |
||||
|
error unix - - n - - error |
||||
|
retry unix - - n - - error |
||||
|
discard unix - - n - - discard |
||||
|
lmtp unix - - n - - lmtp |
||||
|
anvil unix - - n - 1 anvil |
||||
|
scache unix - - n - 1 scache |
@ -0,0 +1,17 @@ |
|||||
|
# This configuration was copied from Mailinabox. The original version is available at: |
||||
|
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters |
||||
|
|
||||
|
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header |
||||
|
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is |
||||
|
# where the user's home IP address would be. |
||||
|
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1 |
||||
|
|
||||
|
# Remove other typically private information. |
||||
|
/^\s*User-Agent:/ IGNORE |
||||
|
/^\s*X-Enigmail:/ IGNORE |
||||
|
/^\s*X-Mailer:/ IGNORE |
||||
|
/^\s*X-Originating-IP:/ IGNORE |
||||
|
/^\s*X-Pgp-Agent:/ IGNORE |
||||
|
|
||||
|
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)). |
||||
|
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1 |
@ -0,0 +1,4 @@ |
|||||
|
$ModLoad imuxsock |
||||
|
$template noTimestampFormat,"%syslogtag%%msg%\n" |
||||
|
$ActionFileDefaultTemplate noTimestampFormat |
||||
|
*.*;auth,authpriv.none /dev/stdout |
@ -0,0 +1,33 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
# Substitute configuration |
||||
|
for VARIABLE in `env | cut -f1 -d=`; do |
||||
|
sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /etc/postfix/*.cf |
||||
|
done |
||||
|
|
||||
|
# Override Postfix configuration |
||||
|
if [ -f /overrides/postfix.cf ]; then |
||||
|
while read line; do |
||||
|
postconf -e "$line" |
||||
|
done < /overrides/postfix.cf |
||||
|
echo "Loaded '/overrides/postfix.cf'" |
||||
|
else |
||||
|
echo "No extra postfix settings loaded because optional '/overrides/postfix.cf' not provided." |
||||
|
fi |
||||
|
|
||||
|
# Include table-map files |
||||
|
if ls -A /overrides/*.map 1> /dev/null 2>&1; then |
||||
|
cp /overrides/*.map /etc/postfix/ |
||||
|
postmap /etc/postfix/*.map |
||||
|
rm /etc/postfix/*.map |
||||
|
chown root:root /etc/postfix/*.db |
||||
|
chmod 0600 /etc/postfix/*.db |
||||
|
echo "Loaded 'map files'" |
||||
|
else |
||||
|
echo "No extra map files loaded because optional '/overrides/*.map' not provided." |
||||
|
fi |
||||
|
|
||||
|
# Actually run Postfix |
||||
|
rm -f /var/run/rsyslogd.pid |
||||
|
/usr/lib/postfix/master & |
||||
|
rsyslogd -n |
Loading…
Reference in new issue