Amavis
This commit is contained in:
parent
4fc173a75a
commit
3ea30ef051
@ -1,4 +1,4 @@
|
|||||||
Dockermail
|
Dockermail - MAJOR RESTRUCTURE GOING ON, WORK IN PROGRESS!
|
||||||
==========
|
==========
|
||||||
|
|
||||||
A secure, minimal-configuration mail service in docker containers.
|
A secure, minimal-configuration mail service in docker containers.
|
||||||
|
@ -17,7 +17,8 @@ RUN apt-get update && apt-get install -y \
|
|||||||
# Set up razor and pyzor
|
# Set up razor and pyzor
|
||||||
RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register && pyzor discover
|
RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register && pyzor discover
|
||||||
|
|
||||||
COPY ./config/amavis-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode
|
COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode
|
||||||
|
COPY ./config/50-user /etc/amavis/conf.d/50-user
|
||||||
|
|
||||||
# Nice place for your settings
|
# Nice place for your settings
|
||||||
VOLUME ["/mail_settings"]
|
VOLUME ["/mail_settings"]
|
||||||
@ -28,4 +29,6 @@ RUN chmod 755 /boot
|
|||||||
|
|
||||||
ENV AMAVIS=true
|
ENV AMAVIS=true
|
||||||
|
|
||||||
|
EXPOSE 10024
|
||||||
|
|
||||||
ENTRYPOINT ./boot; service rsyslog start; amavisd foreground
|
ENTRYPOINT ./boot; service rsyslog start; amavisd foreground
|
||||||
|
@ -1 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
readarray -t domains < /mail_settings/domains
|
||||||
|
domain_suffix=$(printf ", \"%s\"" "${domains[@]}")
|
||||||
|
domain_string="@local_domains_acl = ( \".$mydomain\" $domain_suffix );"
|
||||||
|
|
||||||
|
sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i
|
||||||
|
sed "/# DOCKERMAIL DOMAINS START/a $domain_string/" /etc/amavis/conf.d/50-user -i
|
||||||
|
27
amavis/config/15-content_filter_mode
Normal file
27
amavis/config/15-content_filter_mode
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
use strict;
|
||||||
|
|
||||||
|
# You can modify this file to re-enable SPAM checking through spamassassin
|
||||||
|
# and to re-enable antivirus checking.
|
||||||
|
|
||||||
|
#
|
||||||
|
# Default antivirus checking mode
|
||||||
|
# Please note, that anti-virus checking is DISABLED by
|
||||||
|
# default.
|
||||||
|
# If You wish to enable it, please uncomment the following lines:
|
||||||
|
|
||||||
|
|
||||||
|
#@bypass_virus_checks_maps = (
|
||||||
|
# \%bypass_virus_checks, \@bypass_virus_checks_acl, \$bypass_virus_checks_re);
|
||||||
|
|
||||||
|
|
||||||
|
#
|
||||||
|
# Default SPAM checking mode
|
||||||
|
# Please note, that anti-spam checking is DISABLED by
|
||||||
|
# default.
|
||||||
|
# If You wish to enable it, please uncomment the following lines:
|
||||||
|
|
||||||
|
|
||||||
|
bypass_spam_checks_maps = (
|
||||||
|
\%bypass_spam_checks, \@bypass_spam_checks_acl, \$bypass_spam_checks_re);
|
||||||
|
|
||||||
|
1; # ensure a defined return
|
21
amavis/config/50-user
Normal file
21
amavis/config/50-user
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
use strict;
|
||||||
|
|
||||||
|
#
|
||||||
|
# Place your configuration directives here. They will override those in
|
||||||
|
# earlier files.
|
||||||
|
#
|
||||||
|
# See /usr/share/doc/amavisd-new/ for documentation and examples of
|
||||||
|
# the directives you can use in this file
|
||||||
|
#
|
||||||
|
|
||||||
|
# DOCKERMAIL DOMAINS START
|
||||||
|
# DOCKERMAIL DOMAINS END
|
||||||
|
|
||||||
|
# See http://opensource.apple.com/source/amavisd/amavisd-114/amavisd/amavisd-new-2.4.4/amavisd.conf-sample
|
||||||
|
# for details on asterisk reinjection configuration
|
||||||
|
$forward_method = 'smtp:*:*';
|
||||||
|
$notify_method = 'smtp:*:*';
|
||||||
|
|
||||||
|
|
||||||
|
#------------ Do not modify anything below this line -------------
|
||||||
|
1; # ensure a defined return
|
@ -9,7 +9,12 @@ emailcore:
|
|||||||
- /opt/dockermail/vmail:/vmail
|
- /opt/dockermail/vmail:/vmail
|
||||||
links:
|
links:
|
||||||
- opendkim
|
- opendkim
|
||||||
|
- amavis
|
||||||
opendkim:
|
opendkim:
|
||||||
build: ./opendkim
|
build: ./opendkim
|
||||||
volumes:
|
volumes:
|
||||||
- /opt/dockermail/settings:/mail_settings
|
- /opt/dockermail/settings:/mail_settings
|
||||||
|
amavis:
|
||||||
|
build: ./amavis
|
||||||
|
volumes:
|
||||||
|
- /opt/dockermail/settings:/mail_settings
|
||||||
|
75
email_core/boot.d/amavis
Normal file
75
email_core/boot.d/amavis
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
echo 'Running amavis boot script'
|
||||||
|
|
||||||
|
POSTFIX_MAIN_CF=/etc/postfix/main.cf
|
||||||
|
POSTFIX_MASTER_CF=/etc/postfix/master.cf
|
||||||
|
|
||||||
|
env_dump=$(printenv)
|
||||||
|
|
||||||
|
AMAVIS_CONFIG_HEADER="# Amavis - dockermail - start"
|
||||||
|
AMAVIS_CONFIG_FOOTER="# Amavis - dockermail - end"
|
||||||
|
|
||||||
|
function remove_amavis () {
|
||||||
|
# main.cf
|
||||||
|
if grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then
|
||||||
|
sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i
|
||||||
|
fi
|
||||||
|
# master.cf
|
||||||
|
sed '/^pickup/,/^cleanup/{//!d}' POSTFIX_MASTER_CF -i
|
||||||
|
sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" POSTFIX_MASTER_CF -i
|
||||||
|
}
|
||||||
|
|
||||||
|
function add_amavis () {
|
||||||
|
# main.cf
|
||||||
|
if ! grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then
|
||||||
|
echo "$AMAVIS_CONFIG_HEADER" >> "$POSTFIX_MAIN_CF"
|
||||||
|
echo "content_filter = smtp-amavis:[amavis]:10024" >> "$POSTFIX_MAIN_CF"
|
||||||
|
echo "$AMAVIS_CONFIG_FOOTER" >> "$POSTFIX_MAIN_CF"
|
||||||
|
else
|
||||||
|
echo "Warning: $POSTFIX_MAIN_CF already contains Amavis configuration, skipping"
|
||||||
|
fi
|
||||||
|
# master.cf
|
||||||
|
if ! grep -q "$AMAVIS_CONFIG_HEADER" "$POSTFIX_MASTER_CF"; then
|
||||||
|
sed "/^pickup.*/a \ -o content_filter= \n -o receive_override_options=no_header_body_checks/" POSTFIX_MASTER_CF -i
|
||||||
|
echo "$AMAVIS_CONFIG_HEADER" >> POSTFIX_MASTER_CF
|
||||||
|
echo "smtp-amavis unix - - - - 2 smtp" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtp_data_done_timeout=1200" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtp_send_xforward_command=yes" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o disable_dns_lookups=yes" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o max_use=20" >> POSTFIX_MASTER_CF
|
||||||
|
echo "0.0.0.0:10025 inet n - - - - smtpd" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o content_filter=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o local_recipient_maps=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o relay_recipient_maps=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_restriction_classes=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_delay_reject=no" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_client_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_helo_restrictions=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_sender_restrictions=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_data_restrictions=reject_unauth_pipelining" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_end_of_data_restrictions=" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o mynetworks=127.0.0.0/8 amavis" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_error_sleep_time=0" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_soft_error_limit=1001" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_hard_error_limit=1000" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_client_connection_count_limit=0" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o smtpd_client_connection_rate_limit=0" >> POSTFIX_MASTER_CF
|
||||||
|
echo " -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks" >> POSTFIX_MASTER_CF
|
||||||
|
echo "$AMAVIS_CONFIG_FOOTER" >> POSTFIX_MASTER_CF
|
||||||
|
else
|
||||||
|
echo "Warning: $POSTFIX_MASTER_CF already contains Amavis configuration, skipping"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
if [[ $env_dump =~ ^(.+AMAVIS)= ]] ; then
|
||||||
|
if [ ! -z "${BASH_REMATCH[1]}" ]; then
|
||||||
|
echo "AMAVIS env set, enabling email signing"
|
||||||
|
add_amavis
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
echo "Cant find OPEN_DKIM env, signing will be disabled"
|
||||||
|
remove_amavis
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo 'Finished amavis boot script'
|
@ -10,22 +10,17 @@ OPENDKIM_CONFIG_FOOTER="# OpenDKIM - dockermail - end"
|
|||||||
|
|
||||||
function remove_opendkim () {
|
function remove_opendkim () {
|
||||||
if grep -q "$OPENDKIM_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then
|
if grep -q "$OPENDKIM_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then
|
||||||
sed "/$OPENDKIM_CONFIG_HEADER/,/$OPENDKIM_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF"
|
sed "/$OPENDKIM_CONFIG_HEADER/,/$OPENDKIM_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function add_opendkim () {
|
function add_opendkim () {
|
||||||
if ! grep -q "$OPENDKIM_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then
|
if ! grep -q "$OPENDKIM_CONFIG_HEADER" "$POSTFIX_MAIN_CF"; then
|
||||||
echo "$OPENDKIM_CONFIG_HEADER" >> "$POSTFIX_MAIN_CF"
|
echo "$OPENDKIM_CONFIG_HEADER" >> "$POSTFIX_MAIN_CF"
|
||||||
|
|
||||||
echo "milter_default_action = accept" >> "$POSTFIX_MAIN_CF"
|
echo "milter_default_action = accept" >> "$POSTFIX_MAIN_CF"
|
||||||
echo "milter_protocol = 2" >> "$POSTFIX_MAIN_CF"
|
echo "milter_protocol = 2" >> "$POSTFIX_MAIN_CF"
|
||||||
|
echo "smtpd_milters = inet:opendkim:8891" >> "$POSTFIX_MAIN_CF"
|
||||||
if [[ $env_dump =~ ^.*PORT_8891_TCP_ADDR=([0-9\.]*) ]] ; then
|
echo "non_smtpd_milters = inet:opendkim:8891" >> "$POSTFIX_MAIN_CF"
|
||||||
echo "smtpd_milters = inet:${BASH_REMATCH[1]}:8891" >> "$POSTFIX_MAIN_CF"
|
|
||||||
echo "non_smtpd_milters = inet:${BASH_REMATCH[1]}:8891" >> "$POSTFIX_MAIN_CF"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "$OPENDKIM_CONFIG_FOOTER" >> "$POSTFIX_MAIN_CF"
|
echo "$OPENDKIM_CONFIG_FOOTER" >> "$POSTFIX_MAIN_CF"
|
||||||
else
|
else
|
||||||
echo "Warning: $POSTFIX_MAIN_CF already contains OpenDKIM configuration, skipping"
|
echo "Warning: $POSTFIX_MAIN_CF already contains OpenDKIM configuration, skipping"
|
||||||
@ -35,7 +30,6 @@ function add_opendkim () {
|
|||||||
if [[ $env_dump =~ ^(.+OPEN_DKIM)= ]] ; then
|
if [[ $env_dump =~ ^(.+OPEN_DKIM)= ]] ; then
|
||||||
if [ ! -z "${BASH_REMATCH[1]}" ]; then
|
if [ ! -z "${BASH_REMATCH[1]}" ]; then
|
||||||
echo "OPEN_DKIM env set, enabling email signing"
|
echo "OPEN_DKIM env set, enabling email signing"
|
||||||
remove_opendkim # Remove first, to refresh IP info
|
|
||||||
add_opendkim
|
add_opendkim
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
|
15
start.sh
Executable file
15
start.sh
Executable file
@ -0,0 +1,15 @@
|
|||||||
|
docker stop dockermail_core
|
||||||
|
docker rm dockermail_core
|
||||||
|
|
||||||
|
docker stop dockermail_opendkim
|
||||||
|
docker rm dockermail_opendkim
|
||||||
|
|
||||||
|
docker run -d -v /opt/dockermail/settings:/mail_settings --name dockermail_opendkim dockermail_opendkim
|
||||||
|
docker run -d \
|
||||||
|
-v /opt/dockermail/settings:/mail_settings \
|
||||||
|
-v /opt/dockermail/vmail:/vmail \
|
||||||
|
-p 25:25 \
|
||||||
|
-p 143:143 \
|
||||||
|
-p 587:587 \
|
||||||
|
--link dockermail_opendkim:opendkim \
|
||||||
|
--name dockermail_core dockermail_emailcore
|
8
test.sh
Executable file
8
test.sh
Executable file
@ -0,0 +1,8 @@
|
|||||||
|
export DOCKERMAIL_OPENDKIM_PORT_8891_TCP_ADDR=172.17.0.10
|
||||||
|
# re=^.*PORT_8891_TCP_ADDR=(.*)$
|
||||||
|
# echo "$( printenv | sed 's||1|' )"
|
||||||
|
#
|
||||||
|
if [[ $(printenv) =~ ^.*PORT_8891_TCP_ADDR=([0-9\.]*) ]] ; then
|
||||||
|
echo "${BASH_REMATCH[1]}"
|
||||||
|
echo "====================="
|
||||||
|
fi
|
Loading…
Reference in New Issue
Block a user