Added DKIM server into the mix

2014-11-11 01:31:46 +00:00 · 2014-11-11 01:31:46 +00:00 · 2145aaffe0
commit 2145aaffe0
parent 0cf0824ff5
7 changed files with 157 additions and 12 deletions
--- a/README.md
+++ b/README.md
@ -45,23 +45,20 @@ container and run `doveadm pw -s <scheme-name>` inside.

 4) Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server.

-5) Build container
+5) Add DKIM settings files: `/opt/dockermail/settings/opendkim.conf` and `/opt/dockermail/settings/mail.private`
+   See https://help.ubuntu.com/community/Postfix/DKIM on the info about these settings.
+
+6) Build container

    make

-6) Run container and map ports 25 and 143 from the host to the container.
+7) Run container and map ports 25 and 143 from the host to the container.
   To store your mail outside the container, map `/opt/dockermail/vmail/` to
   a directory on your host. (This is recommended, otherwise
   you have to remember to backup your mail when you want to restart the container)

   `docker run -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dovecot_made_special/2.1.7`

-7) Enjoy.
-
-
-Known issues / Todo / Wishlist
-==============================
-
- It would be nice to have a way of catching mail to all subdomains.
+8) Enjoy.

 Patches welcome!
--- a/dovecot/Dockerfile
+++ b/dovecot/Dockerfile
@ -43,8 +43,10 @@ RUN apt-get install -y --force-yes postfix
 # Install dovecot as IMAP server
 RUN apt-get install -y --force-yes dovecot-imapd

+# Install OpenDKIM domain signing server
+RUN apt-get install -y --force-yes opendkim
+
 # postfix configuration
-RUN echo "mail.docker.container" > /etc/mailname
 ADD ./postfix.main.cf /etc/postfix/main.cf
 ADD ./postfix.master.cf.append /etc/postfix/master-additional.cf
 RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
@ -80,5 +82,5 @@ EXPOSE 587
 # http://www.synology-wiki.de/index.php/Zusaetzliche_Ports_fuer_Postfix

 # start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit)
-ENTRYPOINT /process_settings; service rsyslog start; service postfix start; dovecot -F
+ENTRYPOINT /process_settings; service rsyslog start; service opendkim start; service postfix start; dovecot -F

--- a/dovecot/example/opendkim.conf
+++ b/dovecot/example/opendkim.conf
@ -0,0 +1,68 @@
+# Log to syslog
+Syslog                  yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+#UMask                  002
+# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
+# Disable new umask option by default (not needed since Ubuntu default
+# uses a TCP socket instead of a Unix socket).
+
+# Attempt to become the specified userid before starting operations.
+#UserID                 105 # 'id postfix' in your shell
+
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+Domain                  example.com
+KeyFile                 /etc/mail/dkim.key # See bellow how to generate and set up the key
+Selector                mail
+
+# Common settings. See dkim-filter.conf(5) for more information.
+AutoRestart             yes
+Background              yes
+Canonicalization        relaxed/relaxed
+DNSTimeout              5
+Mode                    sv
+SignatureAlgorithm      rsa-sha256
+SubDomains              no
+#UseASPDiscard          no
+#Version                rfc4871
+X-Header                no
+
+#InternalHosts          /etc/mail/dkim-InternalHosts.txt
+# The contents of /etc/mail/dkim-InternalHosts.txt should be
+#   127.0.0.1/8
+#   192.168.1.0/24
+#   other.internal.host.domain.tld
+# You need InternalHosts if you are signing e-mails on a gateway mail server
+# for each of the computers on your LAN.
+
+
+###############################################
+# Other (less-standard) configuration options #
+###############################################
+#
+# If enabled, log verification stats here
+Statistics              /var/log/dkim-filter/dkim-stats
+#
+# KeyList is a file containing tuples of key information. Requires
+# KeyFile to be unset. Each line of the file should be of the format:
+#    sender glob:signing domain:signing key file
+# Blank lines and lines beginning with # are ignored. Selector will be
+# derived from the key's filename.
+#KeyList                /etc/dkim-keys.conf
+#
+# If enabled, will generate verification failure reports for any messages
+# that fail signature verification. These will be sent to the r= address
+# in the policy record, if any.
+#ReportInfo             yes
+#
+# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
+# signature verification, allowing them to be inspected later.
+#Quarantine             yes
+#
+# If enabled, will check for required headers when processing messages.
+# At a minimum, that means From: and Date: will be required. Messages not
+# containing the required headers will not be signed or verified, but will
+# be passed through
+#RequiredHeaders        yes
--- a/dovecot/opendkim.conf
+++ b/dovecot/opendkim.conf
@ -0,0 +1,68 @@
+# Log to syslog
+Syslog                  yes
+# Required to use local socket with MTAs that access the socket as a non-
+# privileged user (e.g. Postfix)
+#UMask                  002
+# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
+# Disable new umask option by default (not needed since Ubuntu default
+# uses a TCP socket instead of a Unix socket).
+
+# Attempt to become the specified userid before starting operations.
+#UserID                 105 # 'id postfix' in your shell
+
+
+# Sign for example.com with key in /etc/mail/dkim.key using
+# selector '2007' (e.g. 2007._domainkey.example.com)
+Domain                  example.com
+KeyFile                 /etc/mail/dkim.key # See bellow how to generate and set up the key
+Selector                mail
+
+# Common settings. See dkim-filter.conf(5) for more information.
+AutoRestart             yes
+Background              yes
+Canonicalization        relaxed/relaxed
+DNSTimeout              5
+Mode                    sv
+SignatureAlgorithm      rsa-sha256
+SubDomains              no
+#UseASPDiscard          no
+#Version                rfc4871
+X-Header                no
+
+#InternalHosts          /etc/mail/dkim-InternalHosts.txt
+# The contents of /etc/mail/dkim-InternalHosts.txt should be
+#   127.0.0.1/8
+#   192.168.1.0/24
+#   other.internal.host.domain.tld
+# You need InternalHosts if you are signing e-mails on a gateway mail server
+# for each of the computers on your LAN.
+
+
+###############################################
+# Other (less-standard) configuration options #
+###############################################
+#
+# If enabled, log verification stats here
+Statistics              /var/log/dkim-filter/dkim-stats
+#
+# KeyList is a file containing tuples of key information. Requires
+# KeyFile to be unset. Each line of the file should be of the format:
+#    sender glob:signing domain:signing key file
+# Blank lines and lines beginning with # are ignored. Selector will be
+# derived from the key's filename.
+#KeyList                /etc/dkim-keys.conf
+#
+# If enabled, will generate verification failure reports for any messages
+# that fail signature verification. These will be sent to the r= address
+# in the policy record, if any.
+#ReportInfo             yes
+#
+# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
+# signature verification, allowing them to be inspected later.
+#Quarantine             yes
+#
+# If enabled, will check for required headers when processing messages.
+# At a minimum, that means From: and Date: will be required. Messages not
+# containing the required headers will not be signed or verified, but will
+# be passed through
+#RequiredHeaders        yes
--- a/dovecot/postfix.main.cf
+++ b/dovecot/postfix.main.cf
@ -72,3 +72,8 @@ smtpd_sasl_auth_enable = yes
 smtpd_sasl_type = dovecot
 smtpd_sasl_path = private/auth

+# DKIM
+milter_default_action = accept
+milter_protocol = 2
+smtpd_milters = inet:localhost:8891
+non_smtpd_milters = inet:localhost:8891
--- a/dovecot/postfix.master.cf.append
+++ b/dovecot/postfix.master.cf.append
@ -12,4 +12,4 @@ submission      inet    n       -       n       -       -       smtpd
 -o smtpd_client_restrictions=permit_sasl_authenticated,reject
 -o smtpd_sender_restrictions=permit_sasl_authenticated,reject
 -o smtpd_relay_restrictions=permit_sasl_authenticated,reject
- -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
+ -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
--- a/dovecot/process_settings
+++ b/dovecot/process_settings
@ -1,5 +1,10 @@
+# Copy OpenDKIM config
+cp /mail_settings/opendkim.conf /etc/opendkim.conf
+cp /mail_settings/mail.private /etc/mail/dkim.key
+
 if [ -f /mail_settings/myhostname ]; then
 	sed -i -e "s/myhostname = localhost/myhostname = $(sed 's:/:\\/:g' /mail_settings/myhostname)/" /etc/postfix/main.cf
+	echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname
 fi

 # configure mail delivery to dovecot