From 1a38cac29e002151c513b06ad7219a0b708f31ba Mon Sep 17 00:00:00 2001 From: Val Date: Sat, 25 Jul 2015 02:24:55 +0100 Subject: [PATCH] Add amavis, ready for testing --- README.md | 5 ++-- amavis/Dockerfile | 4 ++- amavis/README.md | 8 ++++++ amavis/boot | 14 +++++----- amavis/config/05-node_id | 15 +++++++++++ amavis/config/50-user | 8 ++++-- email_core/Dockerfile | 3 ++- email_core/boot.d/amavis | 58 ++++++++++++++++++++-------------------- opendkim/Dockerfile | 3 ++- 9 files changed, 74 insertions(+), 44 deletions(-) create mode 100644 amavis/README.md create mode 100644 amavis/config/05-node_id diff --git a/README.md b/README.md index 042ea61..fd0e0db 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -Dockermail - MAJOR RESTRUCTURE GOING ON, WORK IN PROGRESS! +Dockermail ========== A secure, minimal-configuration mail service in docker containers. @@ -8,6 +8,7 @@ The setup is modular and so far has (more to come, feel free to contribute :) * `email_core` - base SMTP and IMAP server * `opendkim` - adds DKIM signing service to the core +* `amavis` - adds incoming SPAM filter Please see the README in each folder for more information on each image. @@ -26,4 +27,4 @@ and it will spin up both container and link them together, easy! ### Coming soon -* Incoming SPAM filter! +* Images on DockerHub diff --git a/amavis/Dockerfile b/amavis/Dockerfile index 3d8b949..92090b4 100644 --- a/amavis/Dockerfile +++ b/amavis/Dockerfile @@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales # Prerequisites -RUN apt-get update && apt-get install -y \ +RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ + apt-get update && apt-get install -y \ amavisd-new \ spamassassin \ libnet-dns-perl \ @@ -17,6 +18,7 @@ RUN apt-get update && apt-get install -y \ # Set up razor and pyzor RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register && pyzor discover +COPY ./config/05-node_id /etc/amavis/conf.d/05-node_id COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode COPY ./config/50-user /etc/amavis/conf.d/50-user diff --git a/amavis/README.md b/amavis/README.md new file mode 100644 index 0000000..96502d3 --- /dev/null +++ b/amavis/README.md @@ -0,0 +1,8 @@ +Dockermail - Amavis +=== +Once configured and linked to the `email_core`, this image will filter incoming mail for SPAM. +This does not scan email for viruses/malware, only SPAM scoring. + +### Configuration + +This images only needs to know the domains, and will use the same `domains` file from `email_core` for easy administration. See `email_core` README for info on `domains` syntax. diff --git a/amavis/boot b/amavis/boot index 675eefb..56022c7 100644 --- a/amavis/boot +++ b/amavis/boot @@ -1,12 +1,10 @@ #!/bin/bash - -if [ -f /mail_settings/myhostname ]; then - echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname -fi - readarray -t domains < /mail_settings/domains -domain_suffix=$(printf ", \"%s\"" "${domains[@]}") -domain_string="@local_domains_acl = ( \".$mydomain\" $domain_suffix );" +first_fqdn="\$myhostname = \"${domains[0]}\";" +domain_string=$(printf "'%s' " "${domains[@]}") | tr ' ' , +domain_acl="@local_domains_acl = ( $domain_string );" +sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/05-node_id -i sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i -sed "/# DOCKERMAIL DOMAINS START/a $domain_string/" /etc/amavis/conf.d/50-user -i +sed "/# DOCKERMAIL DOMAINS START/a $first_fqdn" /etc/amavis/conf.d/05-node_id -i +sed "/# DOCKERMAIL DOMAINS START/a $domain_acl" /etc/amavis/conf.d/50-user -i diff --git a/amavis/config/05-node_id b/amavis/config/05-node_id new file mode 100644 index 0000000..c564ae9 --- /dev/null +++ b/amavis/config/05-node_id @@ -0,0 +1,15 @@ +use strict; + +# $myhostname is used by amavisd-new for node identification, and it is +# important to get it right (e.g. for ESMTP EHLO, loop detection, and so on). + +chomp($myhostname = `hostname --fqdn`); + +# To manually set $myhostname, edit the following line with the correct Fully +# Qualified Domain Name (FQDN) and remove the # at the beginning of the line. +# +#$myhostname = "mail.example.com"; +# DOCKERMAIL DOMAINS START +# DOCKERMAIL DOMAINS END + +1; # ensure a defined return diff --git a/amavis/config/50-user b/amavis/config/50-user index 881d88f..6b660e2 100644 --- a/amavis/config/50-user +++ b/amavis/config/50-user @@ -13,9 +13,13 @@ use strict; # See http://opensource.apple.com/source/amavisd/amavisd-114/amavisd/amavisd-new-2.4.4/amavisd.conf-sample # for details on asterisk reinjection configuration -$forward_method = 'smtp:*:*'; -$notify_method = 'smtp:*:*'; +$forward_method = 'smtp:*:10025'; +$notify_method = $forward_method; +# Bind on all interfaces (needed to expose this to linked containers) +$inet_socket_bind = '0.0.0.0'; +# Accept incoming requests from all addresses (change if used outside of linked containers!) +@inet_acl = qw( ::/0 ); #------------ Do not modify anything below this line ------------- 1; # ensure a defined return diff --git a/email_core/Dockerfile b/email_core/Dockerfile index 0c4180a..339e966 100644 --- a/email_core/Dockerfile +++ b/email_core/Dockerfile @@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales # Prerequisites -RUN apt-get update && apt-get install -y \ +RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ + apt-get update && apt-get install -y \ ssl-cert \ postfix \ dovecot-imapd && \ diff --git a/email_core/boot.d/amavis b/email_core/boot.d/amavis index 8bbc0a5..267620a 100644 --- a/email_core/boot.d/amavis +++ b/email_core/boot.d/amavis @@ -30,33 +30,33 @@ function add_amavis () { fi # master.cf if ! grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MASTER_CF"; then - sed "/^pickup.*/a \ -o content_filter= \n -o receive_override_options=no_header_body_checks/" POSTFIX_MASTER_CF -i - echo "$AMAVIS_CONFIG_HEADER" >> POSTFIX_MASTER_CF - echo "smtp-amavis unix - - - - 2 smtp" >> POSTFIX_MASTER_CF - echo " -o smtp_data_done_timeout=1200" >> POSTFIX_MASTER_CF - echo " -o smtp_send_xforward_command=yes" >> POSTFIX_MASTER_CF - echo " -o disable_dns_lookups=yes" >> POSTFIX_MASTER_CF - echo " -o max_use=20" >> POSTFIX_MASTER_CF - echo "0.0.0.0:10025 inet n - - - - smtpd" >> POSTFIX_MASTER_CF - echo " -o content_filter=" >> POSTFIX_MASTER_CF - echo " -o local_recipient_maps=" >> POSTFIX_MASTER_CF - echo " -o relay_recipient_maps=" >> POSTFIX_MASTER_CF - echo " -o smtpd_restriction_classes=" >> POSTFIX_MASTER_CF - echo " -o smtpd_delay_reject=no" >> POSTFIX_MASTER_CF - echo " -o smtpd_client_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF - echo " -o smtpd_helo_restrictions=" >> POSTFIX_MASTER_CF - echo " -o smtpd_sender_restrictions=" >> POSTFIX_MASTER_CF - echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF - echo " -o smtpd_data_restrictions=reject_unauth_pipelining" >> POSTFIX_MASTER_CF - echo " -o smtpd_end_of_data_restrictions=" >> POSTFIX_MASTER_CF - echo " -o mynetworks=127.0.0.0/8 amavis" >> POSTFIX_MASTER_CF - echo " -o smtpd_error_sleep_time=0" >> POSTFIX_MASTER_CF - echo " -o smtpd_soft_error_limit=1001" >> POSTFIX_MASTER_CF - echo " -o smtpd_hard_error_limit=1000" >> POSTFIX_MASTER_CF - echo " -o smtpd_client_connection_count_limit=0" >> POSTFIX_MASTER_CF - echo " -o smtpd_client_connection_rate_limit=0" >> POSTFIX_MASTER_CF - echo " -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" >> POSTFIX_MASTER_CF - echo "$AMAVIS_CONFIG_FOOTER" >> POSTFIX_MASTER_CF + sed "/^pickup.*/a \ -o content_filter= \n -o receive_override_options=no_header_body_checks/" $POSTFIX_MASTER_CF -i + echo "$AMAVIS_CONFIG_HEADER" >> $POSTFIX_MASTER_CF + echo "smtp-amavis unix - - - - 2 smtp" >> $POSTFIX_MASTER_CF + echo " -o smtp_data_done_timeout=1200" >> $POSTFIX_MASTER_CF + echo " -o smtp_send_xforward_command=yes" >> $POSTFIX_MASTER_CF + echo " -o disable_dns_lookups=yes" >> $POSTFIX_MASTER_CF + echo " -o max_use=20" >> $POSTFIX_MASTER_CF + echo "0.0.0.0:10025 inet n - - - - smtpd" >> $POSTFIX_MASTER_CF + echo " -o content_filter=" >> $POSTFIX_MASTER_CF + echo " -o local_recipient_maps=" >> $POSTFIX_MASTER_CF + echo " -o relay_recipient_maps=" >> $POSTFIX_MASTER_CF + echo " -o smtpd_restriction_classes=" >> $POSTFIX_MASTER_CF + echo " -o smtpd_delay_reject=no" >> $POSTFIX_MASTER_CF + echo " -o smtpd_client_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF + echo " -o smtpd_helo_restrictions=" >> $POSTFIX_MASTER_CF + echo " -o smtpd_sender_restrictions=" >> $POSTFIX_MASTER_CF + echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF + echo " -o smtpd_data_restrictions=reject_unauth_pipelining" >> $POSTFIX_MASTER_CF + echo " -o smtpd_end_of_data_restrictions=" >> $POSTFIX_MASTER_CF + echo " -o mynetworks=127.0.0.0/8 amavis" >> $POSTFIX_MASTER_CF + echo " -o smtpd_error_sleep_time=0" >> $POSTFIX_MASTER_CF + echo " -o smtpd_soft_error_limit=1001" >> $POSTFIX_MASTER_CF + echo " -o smtpd_hard_error_limit=1000" >> $POSTFIX_MASTER_CF + echo " -o smtpd_client_connection_count_limit=0" >> $POSTFIX_MASTER_CF + echo " -o smtpd_client_connection_rate_limit=0" >> $POSTFIX_MASTER_CF + echo " -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" >> $POSTFIX_MASTER_CF + echo "$AMAVIS_CONFIG_FOOTER" >> $POSTFIX_MASTER_CF else echo "Warning: $POSTFIX_MASTER_CF already contains Amavis configuration, skipping" fi @@ -64,11 +64,11 @@ function add_amavis () { if [[ $env_dump =~ ^(.+AMAVIS)= ]] ; then if [ ! -z "${BASH_REMATCH[1]}" ]; then - echo "AMAVIS env set, enabling email signing" + echo "AMAVIS env set, enabling SPAM filter" add_amavis fi else - echo "Cant find OPEN_DKIM env, signing will be disabled" + echo "Cant find AMAVIS env, SPAM filter will be disabled" remove_amavis fi diff --git a/opendkim/Dockerfile b/opendkim/Dockerfile index 0de1420..213533e 100644 --- a/opendkim/Dockerfile +++ b/opendkim/Dockerfile @@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales # Prerequisites -RUN apt-get update && apt-get install -y \ +RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ + apt-get update && apt-get install -y \ opendkim && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*