From 2797040faa7995c891680073ea866ab8d73c72a2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bojan=20=C4=8Cekrli=C4=87?= Date: Thu, 2 Nov 2017 14:16:52 +0100 Subject: [PATCH] NEW FEATURE: A new feature has been added -- it's now posible to specify a RELAY hosts's username and password, if your remote host requires authentication. NEW FEATURE: The possibility to execute third party scripts. This should make extending this image easier. REFACTORING: Dockerfile now starts with run.sh instead of suprevisor. This makes it much easier to see any errors that might creep into the code. Also note that the script now relies on POSIX-compliant commands only so the executor has been changed from /bin/bash to /bin/sh. --- Dockerfile | 18 +++++-------- README.md | 35 +++++++++++++++++++++++- postfix.sh => run.sh | 63 ++++++++++++++++++++++++++++++++++++-------- supervisord.conf | 3 ++- 4 files changed, 94 insertions(+), 25 deletions(-) rename postfix.sh => run.sh (51%) diff --git a/Dockerfile b/Dockerfile index 65e7537..1693ef7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,7 @@ FROM alpine:edge -MAINTAINER Bojan Cekrlic +MAINTAINER Bojan Cekrlic - https://github.com/bokysan/docker-postfix/ -# You can set this variables when running the image to override the host name or -# foward the messages to another server -# ENV HOSTNAME -# Hostname that will be used in the outgoing mail -# ENV RELAYHOST -# The relay host for this server -# ENV ALLOWED_SENDER_DOMAINS -# Limit the list of sending domains to this list only +# See README.md for details RUN true && \ apk add --no-cache --update postfix ca-certificates supervisor rsyslog bash && \ @@ -17,8 +10,8 @@ RUN true && \ COPY supervisord.conf /etc/supervisord.conf COPY rsyslog.conf /etc/rsyslog.conf -COPY postfix.sh /postfix.sh -RUN chmod +x /postfix.sh +COPY run.sh /run.sh +RUN chmod +x /run.sh VOLUME [ "/var/spool/postfix", "/etc/postfix" ] @@ -26,4 +19,5 @@ USER root WORKDIR /tmp EXPOSE 587 -ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] +#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] +ENTRYPOINT ["/run.sh"] diff --git a/README.md b/README.md index f339614..2d34a99 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,8 @@ The following configuration options are available: ENV vars $HOSTNAME = Postfix myhostname $RELAYHOST = Host that relays your msgs +$RELAYHOST_USERNAME = An (optional) username for the relay server +$RELAYHOST_PASSWORD = An (optional) login password for the relay server $MYNETWORKS = allow domains from per Network ( default 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 ) $ALLOWED_SENDER_DOMAINS = domains sender domains ``` @@ -46,7 +48,7 @@ I suggest you set this variable, e.g.: docker run --rm --name postfix -e HOSTNAME=postfix-docker -p 1587:587 boky/postfix ``` -### `RELAYHOST` +### `RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD` Postfix will try to deliver emails directly to the target server. If you are behind a firewall, or inside a corporation you will most likely have a dedicated outgoing mail server. By setting this option, you will instruct postfix to relay @@ -56,6 +58,22 @@ Example: ``` docker run --rm --name postfix -e RELAYHOST=192.168.115.215 -p 1587:587 boky/postfix ``` + +You may optionally specifiy a rely port, e.g.: +``` +docker run --rm --name postfix -e RELAYHOST=192.168.115.215:587 -p 1587:587 boky/postfix +``` + +Or an IPv6 address, e.g.: +``` +docker run --rm --name postfix -e 'RELAYHOST=[2001:db8::1]:587' -p 1587:587 boky/postfix +``` + +If your end server requires you to authenticate with username/password, add them also: +``` +docker run --rm --name postfix -e RELAYHOST=mail.google.com -e RELAYHOST_USERNAME=hello@gmail.com -e RELAYHOST_PASSWORD=world -p 1587:587 boky/postfix +``` + ### `MYNETWORKS` This implementation is meant for private installations -- so that when you configure your services using _docker compose_ @@ -79,3 +97,18 @@ Example: ``` docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix ``` + +## Extending the image + +If you need to add custom configuration to postfix or have it do something outside of the scope of this configuration, simply +add your scripts to `/docker-init.db/`. All files with the `.sh` extension will be executed automatically at the end of the +startup script. + +E.g.: create a custom `Dockerfile` like this: +``` +FROM boky/postfix +MAINTAINER Some Randombloke "randombloke@example.com" +ADD Dockerfiles/additiona-config.sh /docker-init.db/ +``` + +Build it with docker and your script will be automatically executed before Postfix starts. diff --git a/postfix.sh b/run.sh similarity index 51% rename from postfix.sh rename to run.sh index aced17e..ef88f21 100644 --- a/postfix.sh +++ b/run.sh @@ -1,4 +1,13 @@ -#!/bin/bash +#!/bin/sh + +echo "******************************" +echo "**** POSTFIX STARTING UP *****" +echo "******************************" + +# Make and reown postfix folders +mkdir -p /var/spool/postfix/ && mkdir -p /var/spool/postfix/pid +chown root: /var/spool/postfix/ +chown root: /var/spool/postfix/pid # Disable SMTPUTF8, because libraries (ICU) are missing in alpine postconf -e smtputf8_enable=no @@ -11,23 +20,43 @@ postconf -e mydestination= # Don't relay for any domains postconf -e relay_domains= +# As this is a server-based service, allow any message size -- we hope the server knows +# what it is doing +postconf -e "message_size_limit=0" + # Reject invalid HELOs postconf -e smtpd_delay_reject=yes postconf -e smtpd_helo_required=yes postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" # Set up host name -if [[ ! -z "$HOSTNAME" ]]; then - postconf -e myhostname=$HOSTNAME +if [ ! -z "$HOSTNAME" ]; then + postconf -e myhostname="$HOSTNAME" else postconf -# myhostname fi # Set up a relay host, if needed -if [[ ! -z "$RELAYHOST" ]]; then +if [ ! -z "$RELAYHOST" ]; then + echo -n "- Forwarding all emails to $RELAYHOST" postconf -e relayhost=$RELAYHOST + + if [ -n "$RELAYHOST_USERNAME" ] && [ -n "$RELAYHOST_PASSWORD" ]; then + echo " using username $RELAYHOST_USERNAME." + echo "$RELAYHOST $RELAYHOST_USERNAME:$RELAYHOST_PASSWORD" >> /etc/postfix/sasl_passwd + postmap hash:/etc/postfix/sasl_passwd + postconf -e "smtp_sasl_auth_enable=yes" + postconf -e "smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd" + postconf -e "smtp_sasl_security_options=noanonymous" + else + echo " without any authentication. Make sure your server is configured to accept emails coming from this IP." + fi else + echo "- Will try to deliver emails directly to the final server. Make sure your DNS is setup properly!" postconf -# relayhost + postconf -# smtp_sasl_auth_enable + postconf -# smtp_sasl_password_maps + postconf -# smtp_sasl_security_options fi # Set up my networks to list only networks in the local loopback range @@ -42,22 +71,23 @@ fi #postmap $network_table #postconf -e mynetworks=hash:$network_table -if [[ ! -z "$MYNETWORKS" ]]; then - postconf -e mynetworks=$MYNETWORKS +if [ ! -z "$MYNETWORKS" ]; then + postconf -e mynetworks=$MYNETWORKS else - postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" + postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" fi # Split with space -if [[ ! -z "$ALLOWED_SENDER_DOMAINS" ]]; then - echo "Setting up allowed SENDER domains:" +if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then + echo -n "- Setting up allowed SENDER domains:" allowed_senders=/etc/postfix/allowed_senders rm -f $allowed_senders $allowed_senders.db > /dev/null touch $allowed_senders for i in $ALLOWED_SENDER_DOMAINS; do - echo -e "\t$i" + echo -n " $i" echo -e "$i\tOK" >> $allowed_senders done + echo postmap $allowed_senders postconf -e "smtpd_restriction_classes=allowed_domains_only" @@ -71,4 +101,15 @@ fi # Use 587 (submission) sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf -/usr/sbin/postfix -c /etc/postfix start +if [ -d /docker-init.db/ ]; then + echo "- Executing any found custom scripts..." + for f in /docker-init.db/*; do + case "$f" in + *.sh) chmod +x "$f"; echo -e"\trunning $f"; . "$f" ;; + *) echo "$0: ignoring $f" ;; + esac + done +fi + +echo "- Staring rsyslog and postfix" +exec supervisord -c /etc/supervisord.conf diff --git a/supervisord.conf b/supervisord.conf index 765c909..a755759 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -1,4 +1,5 @@ [supervisord] +user = root nodaemon = true logfile = /dev/null logfile_maxbytes= 0 @@ -19,5 +20,5 @@ process_name = master autostart = true autorestart = false directory = /etc/postfix -command = /postfix.sh +command = /usr/sbin/postfix -c /etc/postfix start startsecs = 0