Rename HEADER_CHECKS to SMTP_HEADER_CHECKS

Dockerfile

@@ -40,7 +40,7 @@ RUN        true && \
 COPY       supervisord.conf /etc/supervisord.conf
 COPY       rsyslog.conf /etc/rsyslog.conf
 COPY       opendkim.conf /etc/opendkim/opendkim.conf
-COPY       header_checks /etc/header_checks
+COPY       smtp_header_checks /etc/postfix/smtp_header_checks
 COPY       run.sh /run.sh
 COPY       opendkim.sh /opendkim.sh
 RUN        chmod +x /run.sh /opendkim.sh

README.md

@@ -138,13 +138,21 @@ Example:
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -e "MASQUERADED_DOMAINS=example.com" -p 1587:587 boky/postfix
 ```
 
-### `HEADER_CHECKS`
+### `SMTP_HEADER_CHECKS`
 
-Each message header line is compared against a pre-configured list of patterns. When a match is found the corresponding action is executed. The default patterns can be found in the `header_checks` file. Simply append new or delete unwanted patterns. Set to a non-empty string (usually "1" or "yes") to enable.
+This image allows you to execute Postfix [header checks](http://www.postfix.org/header_checks.5.html). Header checks allow you to execute a certain
+action when a certain MIME header is found. For example, header checks can be used prevent attaching executable files to emails.
+
+Header checks work by comparing each message header line to a pre-configured list of patterns. When a match is found the corresponding action is 
+executed. The default patterns that come with this image can be found in the `smtp_header_checks` file. Feel free to override this file in any derived
+images or, alternately, provide your own in another directory.
+
+Set `SMTP_HEADER_CHECKS` to type and location of the file to enable this feature. The sample file is uploaded into `/etc/postfix/smtp_header_checks` 
+in the image. As a convenience, setting `SMTP_HEADER_CHECKS=1` will set this to `regexp:/etc/postfix/smtp_header_checks`.
 
 Example:
 ```
-docker run --rm --name postfix -e "HEADER_CHECKS="yes" example.org" -p 1587:587 boky/postfix
+docker run --rm --name postfix -e "SMTP_HEADER_CHECKS="regexp:/etc/postfix/smtp_header_checks" -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix
 ```
 
 ## `DKIM`

run.sh

@@ -44,6 +44,7 @@ fi
 info="${green}INFO:${reset}"
 notice="${yellow}NOTE:${reset}"
 warn="${orange}WARN:${reset}"
+error="${red}ERROR:${reset}"
 
 echo -e "******************************"
 echo -e "**** POSTFIX STARTING UP *****"
@@ -57,10 +58,10 @@ if [ ! -z "$TZ" ]; then
 		ln -snf "$TZ_FILE" /etc/localtime
 		echo "$TZ" > /etc/timezone
 	else
-		echo  -e "‣ $warn Cannot set timezone to: ${emphasis}$TZ${reset} -- this timezone does not exist."
+		echo -e "‣ $warn Cannot set timezone to: ${emphasis}$TZ${reset} -- this timezone does not exist."
 	fi
 else
-	echo  -e "‣ $info Not setting any timezone for the container"
+	echo -e "‣ $info Not setting any timezone for the container"
 fi
 
 # Make and reown postfix folders
@@ -182,9 +183,6 @@ if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
 
 	postconf -e "smtpd_restriction_classes=allowed_domains_only"
 	postconf -e "allowed_domains_only=permit_mynetworks, reject_non_fqdn_sender reject"
-#   Update: loosen up on RCPT checks. This will mean we might get some emails which are not valid, but the service connecting
-#           will be able to send out emails much faster, as there will be no lookup and lockup if the target server is not responing or available.
-#	postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, check_sender_access hash:$allowed_senders, reject"
 	postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_sender_access hash:$allowed_senders, reject"
 
 	# Since we are behind closed doors, let's just permit all relays.
@@ -200,9 +198,27 @@ if [ ! -z "$MASQUERADED_DOMAINS" ]; then
 	postconf -e "local_header_rewrite_clients = static:all"
 fi
 
-if [ ! -z "$HEADER_CHECKS" ]; then
-	echo -e "‣ $notice Setting up header_checks"
-	postconf -e "smtp_header_checks=regexp:/etc/header_checks"
+if [ ! -z "$SMTP_HEADER_CHECKS" ]; then
+	if [ "$SMTP_HEADER_CHECKS" == "1" ]; then
+		echo -e "‣ $info Using default file for SMTP header checks"
+		SMTP_HEADER_CHECKS="regexp:/etc/postfix/smtp_header_checks"
+	fi
+
+	FORMAT=$(echo "$SMTP_HEADER_CHECKS" | cut -d: -f1)
+	FILE=$(echo "$SMTP_HEADER_CHECKS" | cut -d: -f2-)
+
+	if [ "$FORMAT" == "$FILE" ]; then
+		echo -e "‣ $warn No Postfix format defined for file ${emphasis}SMTP_HEADER_CHECKS${reset}. Using default ${emphasis}regexp${reset}. To avoid this message, set format explicitly, e.g. ${emphasis}SMTP_HEADER_CHECKS=regexp:$SMTP_HEADER_CHECKS${reset}."
+		FORMAT="regexp"
+	fi
+
+	if [ -f "$FILE" ]; then
+		echo -e "‣ $notice Setting up ${emphasis}smtp_header_checks${reset} to ${emphasis}$FORMAT:$FILE${reset}"
+		postconf -e "smtp_header_checks=$FORMAT:$FILE"
+	else
+		echo -e "‣ $error File ${emphasis}$FILE${reset} cannot be found. Please make sure your SMTP_HEADER_CHECKS variable points to the right file. Startup aborted."
+		exit 2
+	fi
 fi
 
 DKIM_ENABLED=