From d7b6bdc32c1613f90fae1448093aae3f8948958f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bojan=20=C4=8Cekrli=C4=87?= Date: Tue, 19 Feb 2019 08:59:02 +0100 Subject: [PATCH] Added the possibility to masquarade domains This patch was "borrowed" from a fork of this project by RescueTime and seemed like a good feature to include in the project. --- README.md | 13 +++++++++++++ run.sh | 20 +++++++++++++++----- 2 files changed, 28 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index a44fa80..57a069e 100644 --- a/README.md +++ b/README.md @@ -39,6 +39,7 @@ $RELAYHOST_USERNAME = An (optional) username for the relay server $RELAYHOST_PASSWORD = An (optional) login password for the relay server $MYNETWORKS = allow domains from per Network ( default 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 ) $ALLOWED_SENDER_DOMAINS = domains sender domains +$MASQUERADED_DOMAINS = domains where you want to masquerade internal hosts ``` ### `HOSTNAME` @@ -121,6 +122,17 @@ docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.or Enable additional debugging for any connection comming from `MYNETWORKS`. Set to a non-empty string (usually "1" or "yes") to enable debugging. + +### `MASQUERADED_DOMAINS` + +If you don't want outbound mails to expose hostnames, you can use this variable to enable Postfix's [address masquerading](http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade). This can be used to do things like rewrite `lorem@ipsum.example.com` to `lorem@example.com`. + +Example: +``` +docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -e "MASQUERADED_DOMAINS=example.com" -p 1587:587 boky/postfix +``` + + ## Extending the image If you need to add custom configuration to postfix or have it do something outside of the scope of this configuration, simply @@ -145,6 +157,7 @@ For example, your script could contain something like this: postconf -e "address_verify_negative_cache=yes" ``` + ## Security Postfix will run the master proces as `root`, because that's how it's designed. Subprocesses will run under the `postfix` account diff --git a/run.sh b/run.sh index d7311b3..2905510 100644 --- a/run.sh +++ b/run.sh @@ -54,8 +54,8 @@ if [ ! -z "$TZ" ]; then TZ_FILE="/usr/share/zoneinfo/$TZ" if [ -f "$TZ_FILE" ]; then echo -e "‣ $notice Setting container timezone to: ${emphasis}$TZ${reset}" - ln -snf "$TZ_FILE" /etc/localtime - echo "$TZ" > /etc/timezone + ln -snf "$TZ_FILE" /etc/localtime + echo "$TZ" > /etc/timezone else echo -e "‣ $warn Cannot set timezone to: ${emphasis}$TZ${reset} -- this timezone does not exist." fi @@ -76,15 +76,19 @@ postalias /etc/postfix/aliases # Disable local mail delivery postconf -e mydestination= + # Don't relay for any domains postconf -e relay_domains= +# Increase the allowed header size, the default (102400) is quite smallish +postconf -e "header_size_limit=4096000" + if [ ! -z "$MESSAGE_SIZE_LIMIT" ]; then echo -e "‣ $notice Restricting message_size_limit to: ${emphasis}$MESSAGE_SIZE_LIMIT bytes${reset}" postconf -e "message_size_limit=$MESSAGE_SIZE_LIMIT" else - # As this is a server-based service, allow any message size -- we hope the sender knows - # what he is doing + # As this is a server-based service, allow any message size -- we hope the + # sender knows what he is doing. echo -e "‣ $info Using ${emphasis}unlimited${reset} message size." postconf -e "message_size_limit=0" fi @@ -126,6 +130,7 @@ if [ ! -z "$RELAYHOST" ]; then postconf -e "smtp_sasl_auth_enable=yes" postconf -e "smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd" postconf -e "smtp_sasl_security_options=noanonymous" + postconf -e "smtp_sasl_tls_security_options=noanonymous" else echo -e " without any authentication. ${emphasis}Make sure your server is configured to accept emails coming from this IP.${reset}" fi @@ -149,7 +154,7 @@ postconf -e "mynetworks=$MYNETWORKS" if [ ! -z "$INBOUND_DEBUGGING" ]; then echo -e "‣ $notice Enabling additional debbuging for: ${emphasis}$MYNETWORKS${reset}" postconf -e "debug_peer_list=$MYNETWORKS" -fi +fi # Split with space if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then @@ -178,6 +183,11 @@ else exit 1 fi +if [ ! -z "$MASQUERADED_DOMAINS" ]; then + echo -en "‣ $notice Setting up address masquerading: ${emphasis}$MASQUERADED_DOMAINS${reset}" + postconf -e "masquerade_domains = $MASQUERADED_DOMAINS" + postconf -e "local_header_rewrite_clients = static:all" +fi # Use 587 (submission) sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf