hasufell/exherbo-dockermail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Dockermail is now modular

Browse Source
This commit is contained in:
Val 2015-07-08 13:17:04 +01:00
parent a56a8d917e
commit 2ade52ccfd
11 changed files with 151 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Makefile
View File

@ -1,9 +0,0 @@
all: build
.PHONY: build
build:
docker build -t dockermail_made_special:2.11.1 .
run:
docker run --name dockermail -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dockermail_made_special:2.11.1

79
README.md
View File

@ -1,72 +1,29 @@
docker-made-special-mail Dockermail
========== ==========
Based on https://github.com/lava/dockermail A secure, minimal-configuration mail server in a docker containers.
A secure, minimal-configuration mail server in a docker container.
This repository is tailored to small private servers, where you own a domain and want to host your own mail. This repository is tailored to small private servers, where you own a domain and want to host your own mail.
This container uses postfix as MTA and dovecot as IMAP server. The setup is modular and so far has (more to come, feel free to contribute :)
All incoming mail to your domains is accepted.
For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.
SPAM stuff * `email_core` - base SMTP and IMAP server
===== * `opendkim` - adds DKIM signing service to the core
Outgoing mail is signed by OpenDKIM, you need to generate a key and set up your domain records (see step 5).
You should add PTR record to your IP (aka reverse DNS) which is done by your server provider. Please see the README in each folder for more information on each image.
### SPAM
Although OpenDKIM is optional, I highly recommended you use it unless you want your mail to end up in someone's spam folder. See the README in `opendkim` folder for more info on setting it up.
You should also add PTR record to your IP (aka Reverse DNS) which is done by your server provider.
And finally, generate and add an SPF record to your domain, search for instructions on this - there are a few generator site around and the setup steps depend on your domain name provider. And finally, generate and add an SPF record to your domain, search for instructions on this - there are a few generator site around and the setup steps depend on your domain name provider.
### Compose
Assuming you follow the instructions in the accompanying READMEs to set up both containers, you should just be able to run
Setup docker-compose up
=====
Create 2 folders: one for mail configuration (`/opt/dockermail/settings`), another for mail storage (`/opt/dockermail/vmail`).
Use the the example config files in `config/example` of this repo.
1. Add all domains you want to receive mail for to the file `/opt/dockermail/settings/domains`, like this: and it will spin up both container and link them together, easy!
example.org
example.net
2. Add user aliases to the file `/opt/dockermail/settings/aliases`, like
johndoe@example.org john.doe@example.org
john.doe@example.org john.doe@example.org
admin@forum.example.org forum-admin@example.org
@example.net catch-all@example.net
An IMAP mail account is created for each entry on the right hand side.
Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
3. Add user passwords to the file `/opt/dockermail/settings/passwords` like this
john.doe@example.org:{PLAIN}password123
admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6
To get the hash values, you can either install dovecot locally or use `docker exec -it dockermail bash` to attach to the running container (step 7) and run `doveadm pw -s <scheme-name>` inside.
4. Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
5. Add DKIM settings files: `/opt/dockermail/settings/opendkim.conf` and `/opt/dockermail/settings/mail.private`
See https://help.ubuntu.com/community/Postfix/DKIM on the info about these settings.
You will need to generate your own `mail.private` key and set up your domain records, the `opendkim.conf` from `config/example`
is ready to use.
6. Build container
make
7. Run container and map ports 25 and 143 from the host to the container.
To store your mail outside the container, map `/opt/dockermail/vmail/` to
a directory on your host. (This is recommended, otherwise
you have to remember to backup your mail when you want to restart the container)
`docker run -name dockermail -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dockermail_made_special/2.11.1`
8. Enjoy!
TODO ### Coming soon
===== * Incoming SPAM filter!
1. Split out DKIM into a seperate container, which can be linked in to postfix.
2. Add ability to plug other components from linked containers (SPAM filters, Autoresponders etc)
3. Provider an easy way to compose these into a working mail system.

15
docker-compose.yml Normal file
View File

@ -0,0 +1,15 @@
emailcore:
build: ./email_core
ports:
- "25:25"
- "143:143"
- "587:587"
volumes:
- /opt/dockermail/settings:/mail_settings
- /opt/dockermail/vmail:/vmail
links:
- opendkim
opendkim:
build: ./opendkim
volumes:
- /opt/dockermail/settings:/mail_settings

30
email_core/Dockerfile
View File

@ -7,35 +7,37 @@ RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
RUN apt-get update && apt-get install -y \ RUN apt-get update && apt-get install -y \
ssl-cert \ ssl-cert \
postfix \ postfix \
dovecot-imapd \ dovecot-imapd && \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# postfix configuration # Postfix configuration
ADD ./config/postfix.main.cf /etc/postfix/main.cf ADD ./config/postfix.main.cf /etc/postfix/main.cf
ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf
RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
# configure settings script # Dovecot configuration
VOLUME ["/mail_settings"]
COPY boot /boot
RUN chmod 755 /boot
# add user vmail who own all mail folders
VOLUME ["/vmail"]
RUN groupadd -g 5000 vmail
RUN useradd -g vmail -u 5000 vmail -d /vmail -m
# dovecot configuration
ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
# Uncomment to add verbose logging # Uncomment to add verbose logging
# ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf # ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
# Nice place for your settings
VOLUME ["/mail_settings"]
# Configure boot script
COPY boot /
RUN chmod 755 /boot
# Volume to store email
VOLUME ["/vmail"]
# Add user vmail that ownes mail
RUN groupadd -g 5000 vmail
RUN useradd -g vmail -u 5000 vmail -d /vmail -m
EXPOSE 25 143 587 EXPOSE 25 143 587
ENTRYPOINT /boot; service rsyslog start; service postfix start; dovecot -F ENTRYPOINT /boot; service rsyslog start; service postfix start; dovecot -F

46
email_core/README.md Normal file
View File

@ -0,0 +1,46 @@
Dockermail - Email Core
==========
This image provides a secure, minimal mail server based on 'postfix' and 'dovecot'.
All incoming mail to your domains is accepted.
For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.
### Setup
You will need 2 folder on your host, one to store your configuration and another one to store your email.
In the instructions below we will use the following:
* `/opt/dockermail/settings` to store configuration
* `/opt/dockermail/vmail` to store the mail
Use the the example config files in `config/example` to get you started.
1. Add all domains you want to receive mail for to the file `/opt/dockermail/settings/domains`, like this:
example.org
example.net
2. Add user aliases to the file `/opt/dockermail/settings/aliases`:
johndoe@example.org john.doe@example.org
john.doe@example.org john.doe@example.org
admin@forum.example.org forum-admin@example.org
@example.net catch-all@example.net
An IMAP mail account is created for each entry on the right hand side.
Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
3. Add user passwords to the file `/opt/dockermail/settings/passwords` like this
john.doe@example.org:{PLAIN}password123
admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6
To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s <scheme-name>` inside, remember to restart your container if you update the settings!
4. Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
5. Build container
docker build -t dockermail_email_core .
6. Run container and map ports 25 and 143 from the host to the container.
`docker run -name dockermail -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dockermail_email_core`

32
email_core/boot
View File

@ -1,10 +1,12 @@
# Check if we have SSL certificates in config, otherwise copy it there # Check if we have SSL certificates in config, otherwise copy it there
# First the key file # First the key file
if [ -f /mail_settings/ssl-cert-snakeoil.key ]; then if [ -f /mail_settings/ssl-cert-snakeoil.key ]; then
cp /mail_settings/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key cp /mail_settings/ssl-cert-snakeoil.key /etc/ssl/private/ssl-cert-snakeoil.key
else else
cp /etc/ssl/private/ssl-cert-snakeoil.key /mail_settings/ssl-cert-snakeoil.key cp /etc/ssl/private/ssl-cert-snakeoil.key /mail_settings/ssl-cert-snakeoil.key
fi fi
# Then the pem file # Then the pem file
if [ -f /mail_settings/ssl-cert-snakeoil.pem ]; then if [ -f /mail_settings/ssl-cert-snakeoil.pem ]; then
cp /mail_settings/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem cp /mail_settings/ssl-cert-snakeoil.pem /etc/ssl/certs/ssl-cert-snakeoil.pem
@ -12,32 +14,52 @@ else
cp /etc/ssl/certs/ssl-cert-snakeoil.pem /mail_settings/ssl-cert-snakeoil.pem cp /etc/ssl/certs/ssl-cert-snakeoil.pem /mail_settings/ssl-cert-snakeoil.pem
fi fi
# Update hostname if given
if [ -f /mail_settings/myhostname ]; then if [ -f /mail_settings/myhostname ]; then
sed -i -e "s/myhostname = localhost/myhostname = $(sed 's:/:\\/:g' /mail_settings/myhostname)/" /etc/postfix/main.cf sed -i -e "s/myhostname = localhost/myhostname = $(sed 's:/:\\/:g' /mail_settings/myhostname)/" /etc/postfix/main.cf
echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname echo $(sed 's:/:\\/:g' /mail_settings/myhostname) > /etc/mailname
fi fi
# configure mail delivery to dovecot # Configure mail delivery to dovecot
cp /mail_settings/aliases /etc/postfix/virtual cp /mail_settings/aliases /etc/postfix/virtual
cp /mail_settings/domains /etc/postfix/virtual-mailbox-domains cp /mail_settings/domains /etc/postfix/virtual-mailbox-domains
# parse mailbox settings # Parse mailbox settings
mkdir /etc/postfix/tmp mkdir /etc/postfix/tmp
awk < /etc/postfix/virtual '{ print $2 }' > /etc/postfix/tmp/virtual-receivers awk < /etc/postfix/virtual '{ print $2 }' > /etc/postfix/tmp/virtual-receivers
sed -r 's,(.+)@(.+),\2/\1/,' /etc/postfix/tmp/virtual-receivers > /etc/postfix/tmp/virtual-receiver-folders sed -r 's,(.+)@(.+),\2/\1/,' /etc/postfix/tmp/virtual-receivers > /etc/postfix/tmp/virtual-receiver-folders
paste /etc/postfix/tmp/virtual-receivers /etc/postfix/tmp/virtual-receiver-folders > /etc/postfix/virtual-mailbox-maps paste /etc/postfix/tmp/virtual-receivers /etc/postfix/tmp/virtual-receiver-folders > /etc/postfix/virtual-mailbox-maps
# give postfix ownership of its files # Give postfix ownership of its files
chown -R postfix:postfix /etc/postfix chown -R postfix:postfix /etc/postfix
# map virtual aliases and user/filesystem mappings # Map virtual aliases and user/filesystem mappings
postmap /etc/postfix/virtual postmap /etc/postfix/virtual
postmap /etc/postfix/virtual-mailbox-maps postmap /etc/postfix/virtual-mailbox-maps
chown -R postfix:postfix /etc/postfix chown -R postfix:postfix /etc/postfix
# make user vmail own all mail folders # Make user vmail own all mail folders
chown -R vmail:vmail /vmail chown -R vmail:vmail /vmail
chmod u+w /vmail chmod u+w /vmail
# Add password file # Add password file
cp /mail_settings/passwords /etc/dovecot/passwd cp /mail_settings/passwords /etc/dovecot/passwd
# OpenDKIM config
POSTFIX_MAIN_CF=/etc/postfix/main.cf
if [ -z "$OPEN_DKIM" ]; then
# Add config block if not present already
if grep -q "# OpenDKIM - dockermail" "$POSTFIX_MAIN_CF"; then
echo "# OpenDKIM - dockermail" >> "$POSTFIX_MAIN_CF"
echo "milter_default_action = accept" >> "$POSTFIX_MAIN_CF"
echo "milter_protocol = 2" >> "$POSTFIX_MAIN_CF"
echo "smtpd_milters = $OPEN_DKIM_PORT_8891_ADDR" >> "$POSTFIX_MAIN_CF"
echo "non_smtpd_milters = $OPEN_DKIM_PORT_8891_ADDR" >> "$POSTFIX_MAIN_CF"
echo "# OpenDKIM - dockermail - end" >> "$POSTFIX_MAIN_CF"
fi
else
# Remove OpenDKIM block
sed '/# OpenDKIM - dockermail/,/# OpenDKIM - dockermail - end/d' "$POSTFIX_MAIN_CF"
fi

6
email_core/config/postfix.main.cf
View File

@ -69,9 +69,3 @@ smtpd_tls_auth_only = yes
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth smtpd_sasl_path = private/auth
# DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891

13
opendkim/Dockerfile
View File

@ -9,10 +9,15 @@ RUN apt-get update && apt-get install -y \
apt-get clean && \ apt-get clean && \
rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
# configure settings script # Nice place for your settings
VOLUME ["/mail_settings"] VOLUME ["/mail_settings"]
COPY boot /boot
# Configure boot script
COPY boot /
RUN chmod 755 /boot RUN chmod 755 /boot
# start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit) ENV OPEN_DKIM true
ENTRYPOINT /boot; service rsyslog start; opendkim -f ENV OPEN_DKIM_PORT_8891_ADDR inet:8891
EXPOSE 8891
ENTRYPOINT ./boot; service rsyslog start; opendkim -f -p $OPEN_DKIM_PORT_8891_ADDR

18
opendkim/README.md Normal file
View File

@ -0,0 +1,18 @@
Dockermail - OpenDKIM
===
Once configured and linked to the `email_core`, this image will provide DKIM singing for your mail.
Please see http://www.opendkim.org/ for more information on OpenDKIM.
### Configuration
To get going you need to generate a key and set up your domain records (see step 5).
This images uses settings files in an attached volume to configure the container on boot.
You can place these in the same folder as the `email_core`'s settings for easy administration.
* `opendkim.conf`
You will find this file in the './config', change `Domain` to your own domain.
* `mail.private`
You will need to generate this private key file and use the public key in your domain's DNS setup.
See https://help.ubuntu.com/community/Postfix/DKIM for info on generating keys and setting up your domain.

2
opendkim/boot Normal file → Executable file
View File

@ -1,5 +1,5 @@
# Copy OpenDKIM config # Copy OpenDKIM config
cp /mail_settings/opendkim.conf /etc/opendkim.conf cp /mail_settings/opendkim.conf /etc/opendkim.conf
cp /mail_settings/mail.private /etc/dkim.key cp /mail_settings/mail.private /etc/dkim.key
chown opendkim:opendkim /etc/dkim.key chown root:root /etc/dkim.key
chmod 600 /etc/dkim.key chmod 600 /etc/dkim.key

2
opendkim/config/example/opendkim.conf → opendkim/config/opendkim.conf
View File

@ -14,7 +14,7 @@ Syslog yes
# Sign for example.com with key in /etc/mail/dkim.key using # Sign for example.com with key in /etc/mail/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com) # selector '2007' (e.g. 2007._domainkey.example.com)
Domain example.com Domain example.com
KeyFile /etc/dkim.key # See bellow how to generate and set up the key KeyFile /etc/dkim.key
Selector mail Selector mail
# Common settings. See dkim-filter.conf(5) for more information. # Common settings. See dkim-filter.conf(5) for more information.