Fábio Kaiser Rauber
8 years ago
6 changed files with 163 additions and 0 deletions
@ -0,0 +1,10 @@ |
|||
FROM alpine |
|||
|
|||
RUN apk add --no-cache bash postfix postfix-pcre rsyslog |
|||
|
|||
COPY conf /etc/postfix |
|||
COPY rsyslog.conf /etc/rsyslog.conf |
|||
|
|||
COPY start.sh /start.sh |
|||
|
|||
CMD ["/start.sh"] |
@ -0,0 +1,57 @@ |
|||
############### |
|||
# General |
|||
############### |
|||
|
|||
# Main domain and hostname |
|||
mydomain = {{ DOMAIN }} |
|||
myhostname = {{ HOSTNAME }} |
|||
myorigin = $mydomain |
|||
|
|||
# Message size limit |
|||
message_size_limit = {{ MESSAGE_SIZE_LIMIT }} |
|||
|
|||
# Relayed networks |
|||
mynetworks = 127.0.0.1/32 [::1]/128 {{ RELAYNETS }} |
|||
|
|||
# Empty alias list to override the configuration variable and disable NIS |
|||
alias_maps = |
|||
|
|||
# Only accept virtual emails |
|||
mydestination = |
|||
|
|||
# Relayhost if any is configured |
|||
relayhost = {{ RELAYHOST }} |
|||
|
|||
############### |
|||
# Restrictions |
|||
############### |
|||
|
|||
# Delay all rejects until all information can be logged |
|||
smtpd_delay_reject = yes |
|||
|
|||
# Allowed senders are: the user or one of the alias destinations |
|||
smtpd_sender_login_maps = $virtual_alias_maps |
|||
|
|||
# Helo restrictions are specified for smtp only in master.cf |
|||
smtpd_helo_required = yes |
|||
|
|||
# Sender restrictions |
|||
smtpd_sender_restrictions = |
|||
permit_mynetworks, |
|||
reject_non_fqdn_sender, |
|||
reject_unknown_sender_domain, |
|||
reject_unlisted_sender, |
|||
reject_sender_login_mismatch, |
|||
permit |
|||
|
|||
# Recipient restrictions: |
|||
smtpd_recipient_restrictions = |
|||
reject_unauth_pipelining, |
|||
reject_non_fqdn_recipient, |
|||
reject_unknown_recipient_domain, |
|||
permit_mynetworks, |
|||
permit |
|||
|
|||
############### |
|||
# Extra Settings |
|||
############### |
@ -0,0 +1,42 @@ |
|||
# service type private unpriv chroot wakeup maxproc command + args |
|||
# (yes) (yes) (yes) (never) (100) |
|||
|
|||
# Exposed SMTP services |
|||
smtp inet n - n - - smtpd |
|||
-o smtpd_sender_restrictions=permit_mynetworks,permit |
|||
submission inet n - n - - smtpd |
|||
# -o smtpd_tls_security_level=encrypt |
|||
# -o smtpd_sasl_auth_enable=yes |
|||
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
|||
-o cleanup_service_name=outclean |
|||
#smtps inet n - n - - smtpd |
|||
# -o smtpd_tls_security_level=encrypt |
|||
# -o smtpd_sasl_auth_enable=yes |
|||
# -o smtpd_tls_wrappermode=yes |
|||
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject |
|||
-o cleanup_service_name=outclean |
|||
|
|||
# Additional services |
|||
outclean unix n - n - 0 cleanup |
|||
-o header_checks=pcre:/etc/postfix/outclean_header_filter |
|||
|
|||
# Internal postfix services |
|||
pickup unix n - n 60 1 pickup |
|||
cleanup unix n - n - 0 cleanup |
|||
qmgr unix n - n 300 1 qmgr |
|||
tlsmgr unix - - n 1000? 1 tlsmgr |
|||
rewrite unix - - n - - trivial-rewrite |
|||
bounce unix - - n - 0 bounce |
|||
defer unix - - n - 0 bounce |
|||
trace unix - - n - 0 bounce |
|||
verify unix - - n - 1 verify |
|||
flush unix n - n 1000? 0 flush |
|||
proxymap unix - - n - - proxymap |
|||
smtp unix - - n - - smtp |
|||
relay unix - - n - - smtp |
|||
error unix - - n - - error |
|||
retry unix - - n - - error |
|||
discard unix - - n - - discard |
|||
lmtp unix - - n - - lmtp |
|||
anvil unix - - n - 1 anvil |
|||
scache unix - - n - 1 scache |
@ -0,0 +1,17 @@ |
|||
# This configuration was copied from Mailinabox. The original version is available at: |
|||
# https://raw.githubusercontent.com/mail-in-a-box/mailinabox/master/conf/postfix_outgoing_mail_header_filters |
|||
|
|||
# Remove the first line of the Received: header. Note that we cannot fully remove the Received: header |
|||
# because OpenDKIM requires that a header be present when signing outbound mail. The first line is |
|||
# where the user's home IP address would be. |
|||
/^\s*Received:[^\n]*(.*)/ REPLACE Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])$1 |
|||
|
|||
# Remove other typically private information. |
|||
/^\s*User-Agent:/ IGNORE |
|||
/^\s*X-Enigmail:/ IGNORE |
|||
/^\s*X-Mailer:/ IGNORE |
|||
/^\s*X-Originating-IP:/ IGNORE |
|||
/^\s*X-Pgp-Agent:/ IGNORE |
|||
|
|||
# The Mime-Version header can leak the user agent too, e.g. in Mime-Version: 1.0 (Mac OS X Mail 8.1 \(2010.6\)). |
|||
/^\s*(Mime-Version:\s*[0-9\.]+)\s.+/ REPLACE $1 |
@ -0,0 +1,4 @@ |
|||
$ModLoad imuxsock |
|||
$template noTimestampFormat,"%syslogtag%%msg%\n" |
|||
$ActionFileDefaultTemplate noTimestampFormat |
|||
*.*;auth,authpriv.none /dev/stdout |
@ -0,0 +1,33 @@ |
|||
#!/bin/bash |
|||
|
|||
# Substitute configuration |
|||
for VARIABLE in `env | cut -f1 -d=`; do |
|||
sed -i "s={{ $VARIABLE }}=${!VARIABLE}=g" /etc/postfix/*.cf |
|||
done |
|||
|
|||
# Override Postfix configuration |
|||
if [ -f /overrides/postfix.cf ]; then |
|||
while read line; do |
|||
postconf -e "$line" |
|||
done < /overrides/postfix.cf |
|||
echo "Loaded '/overrides/postfix.cf'" |
|||
else |
|||
echo "No extra postfix settings loaded because optional '/overrides/postfix.cf' not provided." |
|||
fi |
|||
|
|||
# Include table-map files |
|||
if ls -A /overrides/*.map 1> /dev/null 2>&1; then |
|||
cp /overrides/*.map /etc/postfix/ |
|||
postmap /etc/postfix/*.map |
|||
rm /etc/postfix/*.map |
|||
chown root:root /etc/postfix/*.db |
|||
chmod 0600 /etc/postfix/*.db |
|||
echo "Loaded 'map files'" |
|||
else |
|||
echo "No extra map files loaded because optional '/overrides/*.map' not provided." |
|||
fi |
|||
|
|||
# Actually run Postfix |
|||
rm -f /var/run/rsyslogd.pid |
|||
/usr/lib/postfix/master & |
|||
rsyslogd -n |
Loading…
Reference in new issue