Added DKIM server into the mix

dovecot/Dockerfile

@@ -43,8 +43,10 @@ RUN apt-get install -y --force-yes postfix
 # Install dovecot as IMAP server
 RUN apt-get install -y --force-yes dovecot-imapd
 
+# Install OpenDKIM domain signing server
+RUN apt-get install -y --force-yes opendkim
+
 # postfix configuration
-RUN echo "mail.docker.container" > /etc/mailname
 ADD ./postfix.main.cf /etc/postfix/main.cf
 ADD ./postfix.master.cf.append /etc/postfix/master-additional.cf
 RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
@@ -80,5 +82,5 @@ EXPOSE 587
 # http://www.synology-wiki.de/index.php/Zusaetzliche_Ports_fuer_Postfix
 
 # start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit)
-ENTRYPOINT /process_settings; service rsyslog start; service postfix start; dovecot -F
+ENTRYPOINT /process_settings; service rsyslog start; service opendkim start; service postfix start; dovecot -F
 

dovecot/example/opendkim.conf

@@ -0,0 +1,68 @@
+# Log to syslog
+Syslog                  yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+#UMask                  002
+# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
+# Disable new umask option by default (not needed since Ubuntu default
+# uses a TCP socket instead of a Unix socket).
+
+# Attempt to become the specified userid before starting operations.
+#UserID                 105 # 'id postfix' in your shell
+
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+Domain                  example.com
+KeyFile                 /etc/mail/dkim.key # See bellow how to generate and set up the key
+Selector                mail
+
+# Common settings. See dkim-filter.conf(5) for more information.
+AutoRestart             yes
+Background              yes
+Canonicalization        relaxed/relaxed
+DNSTimeout              5
+Mode                    sv
+SignatureAlgorithm      rsa-sha256
+SubDomains              no
+#UseASPDiscard          no
+#Version                rfc4871
+X-Header                no
+
+#InternalHosts          /etc/mail/dkim-InternalHosts.txt
+# The contents of /etc/mail/dkim-InternalHosts.txt should be
+#   127.0.0.1/8
+#   192.168.1.0/24
+#   other.internal.host.domain.tld
+# You need InternalHosts if you are signing e-mails on a gateway mail server
+# for each of the computers on your LAN.
+
+
+###############################################
+# Other (less-standard) configuration options #
+###############################################
+#
+# If enabled, log verification stats here
+Statistics              /var/log/dkim-filter/dkim-stats
+#
+# KeyList is a file containing tuples of key information. Requires
+# KeyFile to be unset. Each line of the file should be of the format:
+#    sender glob:signing domain:signing key file
+# Blank lines and lines beginning with # are ignored. Selector will be
+# derived from the key's filename.
+#KeyList                /etc/dkim-keys.conf
+#
+# If enabled, will generate verification failure reports for any messages
+# that fail signature verification. These will be sent to the r= address
+# in the policy record, if any.
+#ReportInfo             yes
+#
+# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
+# signature verification, allowing them to be inspected later.
+#Quarantine             yes
+#
+# If enabled, will check for required headers when processing messages.
+# At a minimum, that means From: and Date: will be required. Messages not
+# containing the required headers will not be signed or verified, but will
+# be passed through
+#RequiredHeaders        yes

dovecot/opendkim.conf

@@ -0,0 +1,68 @@
+# Log to syslog
+Syslog                  yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+#UMask                  002
+# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
+# Disable new umask option by default (not needed since Ubuntu default
+# uses a TCP socket instead of a Unix socket).
+
+# Attempt to become the specified userid before starting operations.
+#UserID                 105 # 'id postfix' in your shell
+
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+Domain                  example.com
+KeyFile                 /etc/mail/dkim.key # See bellow how to generate and set up the key
+Selector                mail
+
+# Common settings. See dkim-filter.conf(5) for more information.
+AutoRestart             yes
+Background              yes
+Canonicalization        relaxed/relaxed
+DNSTimeout              5
+Mode                    sv
+SignatureAlgorithm      rsa-sha256
+SubDomains              no
+#UseASPDiscard          no
+#Version                rfc4871
+X-Header                no
+
+#InternalHosts          /etc/mail/dkim-InternalHosts.txt
+# The contents of /etc/mail/dkim-InternalHosts.txt should be
+#   127.0.0.1/8
+#   192.168.1.0/24
+#   other.internal.host.domain.tld
+# You need InternalHosts if you are signing e-mails on a gateway mail server
+# for each of the computers on your LAN.
+
+
+###############################################
+# Other (less-standard) configuration options #
+###############################################
+#
+# If enabled, log verification stats here
+Statistics              /var/log/dkim-filter/dkim-stats
+#
+# KeyList is a file containing tuples of key information. Requires
+# KeyFile to be unset. Each line of the file should be of the format:
+#    sender glob:signing domain:signing key file
+# Blank lines and lines beginning with # are ignored. Selector will be
+# derived from the key's filename.
+#KeyList                /etc/dkim-keys.conf
+#
+# If enabled, will generate verification failure reports for any messages
+# that fail signature verification. These will be sent to the r= address
+# in the policy record, if any.
+#ReportInfo             yes
+#
+# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
+# signature verification, allowing them to be inspected later.
+#Quarantine             yes
+#
+# If enabled, will check for required headers when processing messages.
+# At a minimum, that means From: and Date: will be required. Messages not
+# containing the required headers will not be signed or verified, but will
+# be passed through
+#RequiredHeaders        yes

dovecot/postfix.main.cf

@@ -72,3 +72,8 @@ smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth
 
+# DKIM
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = inet:localhost:8891
+non_smtpd_milters = inet:localhost:8891

dovecot/postfix.master.cf.append

@@ -12,4 +12,4 @@ submission      inet    n       -       n       -       -       smtpd
  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
  -o smtpd_sender_restrictions=permit_sasl_authenticated,reject
  -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject

dovecot/process_settings

@@ -1,5 +1,10 @@
+# Copy OpenDKIM config
+cp /mail_settings/opendkim.conf /etc/opendkim.conf
+cp /mail_settings/mail.private /etc/mail/dkim.key
+
 if [ -f /mail_settings/myhostname ]; then
 	sed -i -e "s/myhostname = localhost/myhostname = $(sed 's:/:\\/:g' /mail_settings/myhostname)/" /etc/postfix/main.cf
+	echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname
 fi
 
 # configure mail delivery to dovecot