diff --git a/Dockerfile b/Dockerfile index f6bf100..2a52243 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,12 @@ MAINTAINER Bojan Cekrlic # You can set this variables when running the image to override the host name or # foward the messages to another server -#ENV HOSTNAME -#ENV RELAYHOST +# ENV HOSTNAME +# Hostname that will be used in the outgoing mail +# ENV RELAYHOST +# The relay host for this server +# ENV ALLOWED_SENDER_DOMAINS +# Limit the list of sending domains to this list only RUN true && \ apk add --no-cache --update postfix ca-certificates supervisor rsyslog bash && \ @@ -15,9 +19,10 @@ COPY rsyslog.conf /etc/rsyslog.conf COPY postfix.sh /postfix.sh RUN chmod +x /postfix.sh -VOLUME [ "/var/spool/postfix" ] +VOLUME [ "/var/spool/postfix", "/etc/postfix" ] USER root WORKDIR /tmp -ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] +EXPOSE 587 +ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"] diff --git a/postfix.sh b/postfix.sh index 786b6ba..b1b7a7f 100644 --- a/postfix.sh +++ b/postfix.sh @@ -1,15 +1,63 @@ #!/bin/bash +# Disable local mail delivery +postconf -e mydestination= +# Don't relay for any domains +postconf -e relay_domains= + +# Reject invalid HELOs +postconf -e smtpd_delay_reject=yes +postconf -e smtpd_helo_required=yes +postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit" + +# Set up host name if [[ ! -z "$HOSTNAME" ]]; then postconf -e myhostname=$HOSTNAME else postconf -# myhostname fi +# Set up a relay host, if needed if [[ ! -z "$RELAYHOST" ]]; then postconf -e relayhost=$RELAYHOST else postconf -# relayhost fi +# Set up my networks to list only networks in the local loopback range +#network_table=/etc/postfix/network_table +#touch $network_table +#echo "127.0.0.0/8 any_value" > $network_table +#echo "10.0.0.0/8 any_value" >> $network_table +#echo "172.16.0.0/12 any_value" >> $network_table +#echo "192.168.0.0/16 any_value" >> $network_table +## Ignore IPv6 for now +##echo "fd00::/8" >> $network_table +#postmap $network_table +#postconf -e mynetworks=hash:$network_table +postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16" + +# Split with space +if [[ ! -z "$ALLOWED_SENDER_DOMAINS" ]]; then + echo "Setting up allowed SENDER domains:" + allowed_senders=/etc/postfix/allowed_senders + rm -f $allowed_senders $allowed_senders.db > /dev/null + touch $allowed_senders + for i in "$ALLOWED_SENDER_DOMAINS"; do + echo -e "\t$i" + echo -e "$i\tOK" >> $allowed_senders + done + postmap $allowed_senders + + postconf -e "smtpd_restriction_classes=allowed_domains_only" + postconf -e "allowed_domains_only=permit_mynetworks, reject_non_fqdn_sender reject" + postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, check_sender_access hash:$allowed_senders, reject" +else + postconf -# "smtpd_restriction_classes" + postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unverified_recipient" +fi + +# Use 587 (submission) +sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf + /usr/sbin/postfix -c /etc/postfix start diff --git a/rsyslog.conf b/rsyslog.conf index 44ed1ad..b0a8716 100644 --- a/rsyslog.conf +++ b/rsyslog.conf @@ -10,5 +10,4 @@ $Umask 0022 #*.info /dev/stdout #mail.* /dev/stdout -mail.info /dev/stdout - +mail.info /dev/stdout diff --git a/supervisord.conf b/supervisord.conf index e9786c2..765c909 100644 --- a/supervisord.conf +++ b/supervisord.conf @@ -15,8 +15,9 @@ stdout_logfile_maxbytes = 0 stderr_logfile_maxbytes = 0 [program:postfix] -process_name = master -directory = /etc/postfix -command = /postfix.sh -startsecs = 0 -autorestart = false +process_name = master +autostart = true +autorestart = false +directory = /etc/postfix +command = /postfix.sh +startsecs = 0