mirror of
https://github.com/bokysan/docker-postfix.git
synced 2025-09-06 22:44:59 +08:00
Added the possibility to masquarade domains
This patch was "borrowed" from a fork of this project by RescueTime and seemed like a good feature to include in the project.
This commit is contained in:
Bojan Čekrlić
parent
aa66569ac1
commit
d7b6bdc32c
2 changed files with 28 additions and 5 deletions
13
README.md
13
README.md
|
|
@ -39,6 +39,7 @@ $RELAYHOST_USERNAME = An (optional) username for the relay server
|
|||
$RELAYHOST_PASSWORD = An (optional) login password for the relay server
|
||||
$MYNETWORKS = allow domains from per Network ( default 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 )
|
||||
$ALLOWED_SENDER_DOMAINS = domains sender domains
|
||||
$MASQUERADED_DOMAINS = domains where you want to masquerade internal hosts
|
||||
```
|
||||
### `HOSTNAME`
|
||||
|
||||
|
|
@ -121,6 +122,17 @@ docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.or
|
|||
Enable additional debugging for any connection comming from `MYNETWORKS`. Set to a non-empty string (usually "1" or "yes") to
|
||||
enable debugging.
|
||||
|
||||
|
||||
### `MASQUERADED_DOMAINS`
|
||||
|
||||
If you don't want outbound mails to expose hostnames, you can use this variable to enable Postfix's [address masquerading](http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade). This can be used to do things like rewrite `lorem@ipsum.example.com` to `lorem@example.com`.
|
||||
|
||||
Example:
|
||||
```
|
||||
docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -e "MASQUERADED_DOMAINS=example.com" -p 1587:587 boky/postfix
|
||||
```
|
||||
|
||||
|
||||
## Extending the image
|
||||
|
||||
If you need to add custom configuration to postfix or have it do something outside of the scope of this configuration, simply
|
||||
|
|
@ -145,6 +157,7 @@ For example, your script could contain something like this:
|
|||
postconf -e "address_verify_negative_cache=yes"
|
||||
```
|
||||
|
||||
|
||||
## Security
|
||||
|
||||
Postfix will run the master proces as `root`, because that's how it's designed. Subprocesses will run under the `postfix` account
|
||||
|
|
|
|||
20
run.sh
20
run.sh
|
|
@ -54,8 +54,8 @@ if [ ! -z "$TZ" ]; then
|
|||
TZ_FILE="/usr/share/zoneinfo/$TZ"
|
||||
if [ -f "$TZ_FILE" ]; then
|
||||
echo -e "‣ $notice Setting container timezone to: ${emphasis}$TZ${reset}"
|
||||
ln -snf "$TZ_FILE" /etc/localtime
|
||||
echo "$TZ" > /etc/timezone
|
||||
ln -snf "$TZ_FILE" /etc/localtime
|
||||
echo "$TZ" > /etc/timezone
|
||||
else
|
||||
echo -e "‣ $warn Cannot set timezone to: ${emphasis}$TZ${reset} -- this timezone does not exist."
|
||||
fi
|
||||
|
|
@ -76,15 +76,19 @@ postalias /etc/postfix/aliases
|
|||
|
||||
# Disable local mail delivery
|
||||
postconf -e mydestination=
|
||||
|
||||
# Don't relay for any domains
|
||||
postconf -e relay_domains=
|
||||
|
||||
# Increase the allowed header size, the default (102400) is quite smallish
|
||||
postconf -e "header_size_limit=4096000"
|
||||
|
||||
if [ ! -z "$MESSAGE_SIZE_LIMIT" ]; then
|
||||
echo -e "‣ $notice Restricting message_size_limit to: ${emphasis}$MESSAGE_SIZE_LIMIT bytes${reset}"
|
||||
postconf -e "message_size_limit=$MESSAGE_SIZE_LIMIT"
|
||||
else
|
||||
# As this is a server-based service, allow any message size -- we hope the sender knows
|
||||
# what he is doing
|
||||
# As this is a server-based service, allow any message size -- we hope the
|
||||
# sender knows what he is doing.
|
||||
echo -e "‣ $info Using ${emphasis}unlimited${reset} message size."
|
||||
postconf -e "message_size_limit=0"
|
||||
fi
|
||||
|
|
@ -126,6 +130,7 @@ if [ ! -z "$RELAYHOST" ]; then
|
|||
postconf -e "smtp_sasl_auth_enable=yes"
|
||||
postconf -e "smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd"
|
||||
postconf -e "smtp_sasl_security_options=noanonymous"
|
||||
postconf -e "smtp_sasl_tls_security_options=noanonymous"
|
||||
else
|
||||
echo -e " without any authentication. ${emphasis}Make sure your server is configured to accept emails coming from this IP.${reset}"
|
||||
fi
|
||||
|
|
@ -149,7 +154,7 @@ postconf -e "mynetworks=$MYNETWORKS"
|
|||
if [ ! -z "$INBOUND_DEBUGGING" ]; then
|
||||
echo -e "‣ $notice Enabling additional debbuging for: ${emphasis}$MYNETWORKS${reset}"
|
||||
postconf -e "debug_peer_list=$MYNETWORKS"
|
||||
fi
|
||||
fi
|
||||
|
||||
# Split with space
|
||||
if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
|
||||
|
|
@ -178,6 +183,11 @@ else
|
|||
exit 1
|
||||
fi
|
||||
|
||||
if [ ! -z "$MASQUERADED_DOMAINS" ]; then
|
||||
echo -en "‣ $notice Setting up address masquerading: ${emphasis}$MASQUERADED_DOMAINS${reset}"
|
||||
postconf -e "masquerade_domains = $MASQUERADED_DOMAINS"
|
||||
postconf -e "local_header_rewrite_clients = static:all"
|
||||
fi
|
||||
|
||||
# Use 587 (submission)
|
||||
sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue