hasufell/exherbo-dockermail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added DKIM server into the mix

Browse Source
This commit is contained in:
Val 2014-11-11 01:31:46 +00:00
parent 0cf0824ff5
commit 2145aaffe0
7 changed files with 157 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -45,23 +45,20 @@ container and run `doveadm pw -s <scheme-name>` inside.
4) Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server. 4) Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
5) Build container 5) Add DKIM settings files: `/opt/dockermail/settings/opendkim.conf` and `/opt/dockermail/settings/mail.private`
See https://help.ubuntu.com/community/Postfix/DKIM on the info about these settings.
6) Build container
make make
6) Run container and map ports 25 and 143 from the host to the container. 7) Run container and map ports 25 and 143 from the host to the container.
To store your mail outside the container, map `/opt/dockermail/vmail/` to To store your mail outside the container, map `/opt/dockermail/vmail/` to
a directory on your host. (This is recommended, otherwise a directory on your host. (This is recommended, otherwise
you have to remember to backup your mail when you want to restart the container) you have to remember to backup your mail when you want to restart the container)
`docker run -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dovecot_made_special/2.1.7` `docker run -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dovecot_made_special/2.1.7`
7) Enjoy. 8) Enjoy.
Known issues / Todo / Wishlist
==============================
- It would be nice to have a way of catching mail to all subdomains.
Patches welcome! Patches welcome!

6
dovecot/Dockerfile
View File

@ -43,8 +43,10 @@ RUN apt-get install -y --force-yes postfix
# Install dovecot as IMAP server # Install dovecot as IMAP server
RUN apt-get install -y --force-yes dovecot-imapd RUN apt-get install -y --force-yes dovecot-imapd
# Install OpenDKIM domain signing server
RUN apt-get install -y --force-yes opendkim
# postfix configuration # postfix configuration
RUN echo "mail.docker.container" > /etc/mailname
ADD ./postfix.main.cf /etc/postfix/main.cf ADD ./postfix.main.cf /etc/postfix/main.cf
ADD ./postfix.master.cf.append /etc/postfix/master-additional.cf ADD ./postfix.master.cf.append /etc/postfix/master-additional.cf
RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
@ -80,5 +82,5 @@ EXPOSE 587
# http://www.synology-wiki.de/index.php/Zusaetzliche_Ports_fuer_Postfix # http://www.synology-wiki.de/index.php/Zusaetzliche_Ports_fuer_Postfix
# start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit) # start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit)
ENTRYPOINT /process_settings; service rsyslog start; service postfix start; dovecot -F ENTRYPOINT /process_settings; service rsyslog start; service opendkim start; service postfix start; dovecot -F

68
dovecot/example/opendkim.conf Normal file
View File

@ -0,0 +1,68 @@
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
#UMask 002
# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
# Disable new umask option by default (not needed since Ubuntu default
# uses a TCP socket instead of a Unix socket).
# Attempt to become the specified userid before starting operations.
#UserID 105 # 'id postfix' in your shell
# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain example.com
KeyFile /etc/mail/dkim.key # See bellow how to generate and set up the key
Selector mail
# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart yes
Background yes
Canonicalization relaxed/relaxed
DNSTimeout 5
Mode sv
SignatureAlgorithm rsa-sha256
SubDomains no
#UseASPDiscard no
#Version rfc4871
X-Header no
#InternalHosts /etc/mail/dkim-InternalHosts.txt
# The contents of /etc/mail/dkim-InternalHosts.txt should be
# 127.0.0.1/8
# 192.168.1.0/24
# other.internal.host.domain.tld
# You need InternalHosts if you are signing e-mails on a gateway mail server
# for each of the computers on your LAN.
###############################################
# Other (less-standard) configuration options #
###############################################
#
# If enabled, log verification stats here
Statistics /var/log/dkim-filter/dkim-stats
#
# KeyList is a file containing tuples of key information. Requires
# KeyFile to be unset. Each line of the file should be of the format:
# sender glob:signing domain:signing key file
# Blank lines and lines beginning with # are ignored. Selector will be
# derived from the key's filename.
#KeyList /etc/dkim-keys.conf
#
# If enabled, will generate verification failure reports for any messages
# that fail signature verification. These will be sent to the r= address
# in the policy record, if any.
#ReportInfo yes
#
# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
# signature verification, allowing them to be inspected later.
#Quarantine yes
#
# If enabled, will check for required headers when processing messages.
# At a minimum, that means From: and Date: will be required. Messages not
# containing the required headers will not be signed or verified, but will
# be passed through
#RequiredHeaders yes

68
dovecot/opendkim.conf Normal file
View File

@ -0,0 +1,68 @@
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
#UMask 002
# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
# Disable new umask option by default (not needed since Ubuntu default
# uses a TCP socket instead of a Unix socket).
# Attempt to become the specified userid before starting operations.
#UserID 105 # 'id postfix' in your shell
# Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
Domain example.com
KeyFile /etc/mail/dkim.key # See bellow how to generate and set up the key
Selector mail
# Common settings. See dkim-filter.conf(5) for more information.
AutoRestart yes
Background yes
Canonicalization relaxed/relaxed
DNSTimeout 5
Mode sv
SignatureAlgorithm rsa-sha256
SubDomains no
#UseASPDiscard no
#Version rfc4871
X-Header no
#InternalHosts /etc/mail/dkim-InternalHosts.txt
# The contents of /etc/mail/dkim-InternalHosts.txt should be
# 127.0.0.1/8
# 192.168.1.0/24
# other.internal.host.domain.tld
# You need InternalHosts if you are signing e-mails on a gateway mail server
# for each of the computers on your LAN.
###############################################
# Other (less-standard) configuration options #
###############################################
#
# If enabled, log verification stats here
Statistics /var/log/dkim-filter/dkim-stats
#
# KeyList is a file containing tuples of key information. Requires
# KeyFile to be unset. Each line of the file should be of the format:
# sender glob:signing domain:signing key file
# Blank lines and lines beginning with # are ignored. Selector will be
# derived from the key's filename.
#KeyList /etc/dkim-keys.conf
#
# If enabled, will generate verification failure reports for any messages
# that fail signature verification. These will be sent to the r= address
# in the policy record, if any.
#ReportInfo yes
#
# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
# signature verification, allowing them to be inspected later.
#Quarantine yes
#
# If enabled, will check for required headers when processing messages.
# At a minimum, that means From: and Date: will be required. Messages not
# containing the required headers will not be signed or verified, but will
# be passed through
#RequiredHeaders yes

5
dovecot/postfix.main.cf
View File

@ -72,3 +72,8 @@ smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth smtpd_sasl_path = private/auth
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

5
dovecot/process_settings
View File

@ -1,5 +1,10 @@
# Copy OpenDKIM config
cp /mail_settings/opendkim.conf /etc/opendkim.conf
cp /mail_settings/mail.private /etc/mail/dkim.key
if [ -f /mail_settings/myhostname ]; then if [ -f /mail_settings/myhostname ]; then
sed -i -e "s/myhostname = localhost/myhostname = $(sed 's:/:\\/:g' /mail_settings/myhostname)/" /etc/postfix/main.cf sed -i -e "s/myhostname = localhost/myhostname = $(sed 's:/:\\/:g' /mail_settings/myhostname)/" /etc/postfix/main.cf
echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname
fi fi
# configure mail delivery to dovecot # configure mail delivery to dovecot