Add amavis, ready for testing

README.md

@@ -1,4 +1,4 @@
-Dockermail - MAJOR RESTRUCTURE GOING ON, WORK IN PROGRESS!
+Dockermail
 ==========
 
 A secure, minimal-configuration mail service in docker containers.
@@ -8,6 +8,7 @@ The setup is modular and so far has (more to come, feel free to contribute :)
 
 * `email_core` -  base SMTP and IMAP server
 * `opendkim` - adds DKIM signing service to the core
+* `amavis` - adds incoming SPAM filter
 
 Please see the README in each folder for more information on each image.
 
@@ -26,4 +27,4 @@ and it will spin up both container and link them together, easy!
 
 
 ### Coming soon
-* Incoming SPAM filter!
+* Images on DockerHub

amavis/Dockerfile

@@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
 
 # Prerequisites
-RUN apt-get update && apt-get install -y \
+RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
+    apt-get update && apt-get install -y \
     amavisd-new \
     spamassassin \
     libnet-dns-perl \
@@ -17,6 +18,7 @@ RUN apt-get update && apt-get install -y \
 # Set up razor and pyzor
 RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register && pyzor discover
 
+COPY ./config/05-node_id /etc/amavis/conf.d/05-node_id
 COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode
 COPY ./config/50-user /etc/amavis/conf.d/50-user
 

amavis/README.md

@@ -0,0 +1,8 @@
+Dockermail - Amavis
+===
+Once configured and linked to the `email_core`, this image will filter incoming mail for SPAM.
+This does not scan email for viruses/malware, only SPAM scoring.
+
+### Configuration
+
+This images only needs to know the domains, and will use the same `domains` file from `email_core` for easy administration. See `email_core` README for info on `domains` syntax.

amavis/boot

@@ -1,12 +1,10 @@
 #!/bin/bash
-
-if [ -f /mail_settings/myhostname ]; then
-	echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname
-fi
-
 readarray -t domains < /mail_settings/domains
-domain_suffix=$(printf ", \"%s\"" "${domains[@]}")
-domain_string="@local_domains_acl = ( \".$mydomain\" $domain_suffix );"
+first_fqdn="\$myhostname = \"${domains[0]}\";"
+domain_string=$(printf "'%s' " "${domains[@]}") | tr ' ' ,
+domain_acl="@local_domains_acl = ( $domain_string );"
 
+sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/05-node_id -i
 sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i
-sed "/# DOCKERMAIL DOMAINS START/a $domain_string/" /etc/amavis/conf.d/50-user -i
+sed "/# DOCKERMAIL DOMAINS START/a $first_fqdn" /etc/amavis/conf.d/05-node_id -i
+sed "/# DOCKERMAIL DOMAINS START/a $domain_acl" /etc/amavis/conf.d/50-user -i

amavis/config/05-node_id

@@ -0,0 +1,15 @@
+use strict;
+
+# $myhostname is used by amavisd-new for node identification, and it is
+# important to get it right (e.g. for ESMTP EHLO, loop detection, and so on).
+
+chomp($myhostname = `hostname --fqdn`);
+
+# To manually set $myhostname, edit the following line with the correct Fully
+# Qualified Domain Name (FQDN) and remove the # at the beginning of the line.
+#
+#$myhostname = "mail.example.com";
+# DOCKERMAIL DOMAINS START
+# DOCKERMAIL DOMAINS END
+
+1;  # ensure a defined return

amavis/config/50-user

@@ -13,9 +13,13 @@ use strict;
 
 # See http://opensource.apple.com/source/amavisd/amavisd-114/amavisd/amavisd-new-2.4.4/amavisd.conf-sample
 # for details on asterisk reinjection configuration
-$forward_method = 'smtp:*:*';
-$notify_method = 'smtp:*:*';
+$forward_method = 'smtp:*:10025';
+$notify_method = $forward_method;
 
+# Bind on all interfaces (needed to expose this to linked containers)
+$inet_socket_bind = '0.0.0.0';
+# Accept incoming requests from all addresses (change if used outside of linked containers!)
+@inet_acl = qw( ::/0 );
 
 #------------ Do not modify anything below this line -------------
 1;  # ensure a defined return

email_core/Dockerfile

@@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
 
 # Prerequisites
-RUN apt-get update && apt-get install -y \
+RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
+    apt-get update && apt-get install -y \
     ssl-cert \
     postfix \
     dovecot-imapd && \

email_core/boot.d/amavis

@@ -30,33 +30,33 @@ function add_amavis () {
   fi
   # master.cf
   if ! grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MASTER_CF"; then
-    sed "/^pickup.*/a \  -o content_filter= \n  -o receive_override_options=no_header_body_checks/" POSTFIX_MASTER_CF -i
-    echo "$AMAVIS_CONFIG_HEADER" >> POSTFIX_MASTER_CF
-    echo "smtp-amavis     unix    -       -       -       -       2       smtp" >> POSTFIX_MASTER_CF
-    echo "  -o smtp_data_done_timeout=1200" >> POSTFIX_MASTER_CF
-    echo "  -o smtp_send_xforward_command=yes" >> POSTFIX_MASTER_CF
-    echo "  -o disable_dns_lookups=yes" >> POSTFIX_MASTER_CF
-    echo "  -o max_use=20" >> POSTFIX_MASTER_CF
-    echo "0.0.0.0:10025 inet    n       -       -       -       -       smtpd" >> POSTFIX_MASTER_CF
-    echo "  -o content_filter=" >> POSTFIX_MASTER_CF
-    echo "  -o local_recipient_maps=" >> POSTFIX_MASTER_CF
-    echo "  -o relay_recipient_maps=" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_restriction_classes=" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_delay_reject=no" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_client_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_helo_restrictions=" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_sender_restrictions=" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_data_restrictions=reject_unauth_pipelining" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_end_of_data_restrictions=" >> POSTFIX_MASTER_CF
-    echo "  -o mynetworks=127.0.0.0/8 amavis" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_error_sleep_time=0" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_soft_error_limit=1001" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_hard_error_limit=1000" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_client_connection_count_limit=0" >> POSTFIX_MASTER_CF
-    echo "  -o smtpd_client_connection_rate_limit=0" >> POSTFIX_MASTER_CF
-    echo "  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" >> POSTFIX_MASTER_CF
-    echo "$AMAVIS_CONFIG_FOOTER" >> POSTFIX_MASTER_CF
+    sed "/^pickup.*/a \  -o content_filter= \n  -o receive_override_options=no_header_body_checks/" $POSTFIX_MASTER_CF -i
+    echo "$AMAVIS_CONFIG_HEADER" >> $POSTFIX_MASTER_CF
+    echo "smtp-amavis     unix    -       -       -       -       2       smtp" >> $POSTFIX_MASTER_CF
+    echo "  -o smtp_data_done_timeout=1200" >> $POSTFIX_MASTER_CF
+    echo "  -o smtp_send_xforward_command=yes" >> $POSTFIX_MASTER_CF
+    echo "  -o disable_dns_lookups=yes" >> $POSTFIX_MASTER_CF
+    echo "  -o max_use=20" >> $POSTFIX_MASTER_CF
+    echo "0.0.0.0:10025 inet    n       -       -       -       -       smtpd" >> $POSTFIX_MASTER_CF
+    echo "  -o content_filter=" >> $POSTFIX_MASTER_CF
+    echo "  -o local_recipient_maps=" >> $POSTFIX_MASTER_CF
+    echo "  -o relay_recipient_maps=" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_restriction_classes=" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_delay_reject=no" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_client_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_helo_restrictions=" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_sender_restrictions=" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_data_restrictions=reject_unauth_pipelining" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_end_of_data_restrictions=" >> $POSTFIX_MASTER_CF
+    echo "  -o mynetworks=127.0.0.0/8 amavis" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_error_sleep_time=0" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_soft_error_limit=1001" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_hard_error_limit=1000" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_client_connection_count_limit=0" >> $POSTFIX_MASTER_CF
+    echo "  -o smtpd_client_connection_rate_limit=0" >> $POSTFIX_MASTER_CF
+    echo "  -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" >> $POSTFIX_MASTER_CF
+    echo "$AMAVIS_CONFIG_FOOTER" >> $POSTFIX_MASTER_CF
   else
     echo "Warning: $POSTFIX_MASTER_CF already contains Amavis configuration, skipping"
   fi
@@ -64,11 +64,11 @@ function add_amavis () {
 
 if [[ $env_dump =~ ^(.+AMAVIS)= ]] ; then
   if [ ! -z "${BASH_REMATCH[1]}" ]; then
-    echo "AMAVIS env set, enabling email signing"
+    echo "AMAVIS env set, enabling SPAM filter"
     add_amavis
   fi
 else
-  echo "Cant find OPEN_DKIM env, signing will be disabled"
+  echo "Cant find AMAVIS env, SPAM filter will be disabled"
   remove_amavis
 fi
 

opendkim/Dockerfile

@@ -4,7 +4,8 @@ ENV DEBIAN_FRONTEND noninteractive
 RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
 
 # Prerequisites
-RUN apt-get update && apt-get install -y \
+RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
+    apt-get update && apt-get install -y \
     opendkim && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*