diff --git a/amavis/Dockerfile b/amavis/Dockerfile index a2cce83..33faac6 100644 --- a/amavis/Dockerfile +++ b/amavis/Dockerfile @@ -21,6 +21,7 @@ RUN su - amavis -s /bin/bash && razor-admin -create && razor-admin -register && COPY ./config/05-node_id /etc/amavis/conf.d/05-node_id COPY ./config/15-content_filter_mode /etc/amavis/conf.d/15-content_filter_mode COPY ./config/50-user /etc/amavis/conf.d/50-user +COPY ./config/rsyslog.conf /etc/rsyslog.conf # Nice place for your settings VOLUME ["/mail_settings"] @@ -32,4 +33,4 @@ RUN chmod 755 /boot ENV AMAVIS=true EXPOSE 10024 -ENTRYPOINT ./boot; amavisd-new foreground +ENTRYPOINT ./boot; amavisd-new; rsyslogd -n diff --git a/amavis/boot b/amavis/boot index 41010b1..9170403 100644 --- a/amavis/boot +++ b/amavis/boot @@ -14,10 +14,3 @@ sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/ sed "/# DOCKERMAIL DOMAINS START/,/# DOCKERMAIL DOMAINS END/{//!d}" /etc/amavis/conf.d/50-user -i sed "/# DOCKERMAIL DOMAINS START/a $first_fqdn" /etc/amavis/conf.d/05-node_id -i sed "/# DOCKERMAIL DOMAINS START/a $domain_acl" /etc/amavis/conf.d/50-user -i - - -ln -sf /dev/stdout /var/log/razor-agent.log -ln -sf /dev/stdout /var/log/mail.log -ln -sf /dev/stdout /var/log/mail.info -ln -sf /dev/stdout /var/log/mail.warn -ln -sf /dev/stderr /var/log/mail.err diff --git a/amavis/config/50-user b/amavis/config/50-user index 6b660e2..98d785f 100644 --- a/amavis/config/50-user +++ b/amavis/config/50-user @@ -18,8 +18,8 @@ $notify_method = $forward_method; # Bind on all interfaces (needed to expose this to linked containers) $inet_socket_bind = '0.0.0.0'; -# Accept incoming requests from all addresses (change if used outside of linked containers!) -@inet_acl = qw( ::/0 ); +# Accept incoming requests from private ip range +@inet_acl = qw(172.0.0.0/8); #------------ Do not modify anything below this line ------------- 1; # ensure a defined return diff --git a/amavis/config/rsyslog.conf b/amavis/config/rsyslog.conf new file mode 100644 index 0000000..1afcb9d --- /dev/null +++ b/amavis/config/rsyslog.conf @@ -0,0 +1,28 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html +# +# Default logging rules can be found in /etc/rsyslog.d/50-default.conf + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# Filter duplicated messages +$RepeatedMsgReduction on +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# Write everything to stdout +$template fmt,"%timestamp:::date-rfc3164%\n" +*.* /dev/stdout diff --git a/email_core/Dockerfile b/email_core/Dockerfile index 42aa742..f946943 100644 --- a/email_core/Dockerfile +++ b/email_core/Dockerfile @@ -18,14 +18,15 @@ ADD ./config/postfix.master.cf.append /etc/postfix/master-additional.cf RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf # Dovecot configuration -ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf -ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf -ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf -ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf -ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf -ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf +COPY ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf +COPY ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf +COPY ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf +COPY ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf +COPY ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf +COPY ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf # Uncomment to add verbose logging -# ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf +# COPY ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf +COPY ./config/rsyslog.conf /etc/rsyslog.conf # Nice place for your settings VOLUME ["/mail_settings"] @@ -44,4 +45,4 @@ RUN groupadd -g 5000 vmail RUN useradd -g vmail -u 5000 vmail -d /vmail -m EXPOSE 25 143 587 -ENTRYPOINT /boot; service postfix start; dovecot -F +ENTRYPOINT /boot; service postfix start; service dovecot start; rsyslogd -n diff --git a/email_core/boot b/email_core/boot index fe5923c..3bb7cb4 100755 --- a/email_core/boot +++ b/email_core/boot @@ -47,10 +47,6 @@ chmod u+w /vmail # Add password file cp /mail_settings/passwords /etc/dovecot/passwd -ln -sf /dev/stdout /var/log/mail.log -ln -sf /dev/stdout /var/log/mail.info -ln -sf /dev/stdout /var/log/mail.warn -ln -sf /dev/stderr /var/log/mail.err # Run boot scripts for SCRIPT in /boot.d/* diff --git a/email_core/boot.d/amavis b/email_core/boot.d/amavis index b6b9989..310d028 100644 --- a/email_core/boot.d/amavis +++ b/email_core/boot.d/amavis @@ -15,8 +15,8 @@ function remove_amavis () { sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MAIN_CF" -i fi # master.cf - sed '/^pickup/,/^cleanup/{//!d}' POSTFIX_MASTER_CF -i - sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" POSTFIX_MASTER_CF -i + sed '/^pickup/,/^cleanup/{//!d}' "$POSTFIX_MASTER_CF" -i + sed "/$AMAVIS_CONFIG_HEADER/,/$AMAVIS_CONFIG_FOOTER/d" "$POSTFIX_MASTER_CF" -i } function add_amavis () { @@ -43,14 +43,14 @@ function add_amavis () { echo " -o relay_recipient_maps=" >> $POSTFIX_MASTER_CF echo " -o smtpd_restriction_classes=" >> $POSTFIX_MASTER_CF echo " -o smtpd_delay_reject=no" >> $POSTFIX_MASTER_CF - echo " -o smtpd_client_restrictions=" >> $POSTFIX_MASTER_CF + echo " -o smtpd_client_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF echo " -o smtpd_helo_restrictions=" >> $POSTFIX_MASTER_CF echo " -o smtpd_sender_restrictions=" >> $POSTFIX_MASTER_CF echo " -o smtpd_recipient_restrictions=permit_mynetworks,reject" >> $POSTFIX_MASTER_CF echo " -o smtpd_data_restrictions=reject_unauth_pipelining" >> $POSTFIX_MASTER_CF echo " -o smtpd_end_of_data_restrictions=" >> $POSTFIX_MASTER_CF # Allow the private ip range 172.x.x.x that Docker apparently uses - echo " -o mynetworks=127.0.0.0/8,172.0.0.0/8" >> $POSTFIX_MASTER_CF + echo " -o mynetworks=172.0.0.0/8" >> $POSTFIX_MASTER_CF echo " -o smtpd_error_sleep_time=0" >> $POSTFIX_MASTER_CF echo " -o smtpd_soft_error_limit=1001" >> $POSTFIX_MASTER_CF echo " -o smtpd_hard_error_limit=1000" >> $POSTFIX_MASTER_CF diff --git a/email_core/config/postfix.main.cf b/email_core/config/postfix.main.cf index a3420ed..e252c1f 100644 --- a/email_core/config/postfix.main.cf +++ b/email_core/config/postfix.main.cf @@ -31,7 +31,7 @@ alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = /etc/mailname, localhost.localdomain, localhost relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +mynetworks = 127.0.0.0/8 172.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + @@ -49,7 +49,7 @@ smtpd_helo_restrictions = permit smtpd_sender_restrictions = permit # Only accept mail where this server is the final destination -smtpd_relay_restrictions = permit_auth_destination, reject +smtpd_relay_restrictions = permit_auth_destination, permit_mynetworks, reject # Mail thats not for us gets filtered out by smtpd_relay_restrictions # When the mail is for us, we just accept everything. (could add spam blocklists/user checking etc. here) diff --git a/email_core/config/rsyslog.conf b/email_core/config/rsyslog.conf new file mode 100644 index 0000000..1afcb9d --- /dev/null +++ b/email_core/config/rsyslog.conf @@ -0,0 +1,28 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html +# +# Default logging rules can be found in /etc/rsyslog.d/50-default.conf + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# Filter duplicated messages +$RepeatedMsgReduction on +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# Write everything to stdout +$template fmt,"%timestamp:::date-rfc3164%\n" +*.* /dev/stdout diff --git a/opendkim/Dockerfile b/opendkim/Dockerfile index d31871b..2548e26 100644 --- a/opendkim/Dockerfile +++ b/opendkim/Dockerfile @@ -9,6 +9,8 @@ RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* +COPY ./config/rsyslog.conf /etc/rsyslog.conf + # Nice place for your settings VOLUME ["/mail_settings"] @@ -19,4 +21,4 @@ RUN chmod 755 /boot ENV OPEN_DKIM=true EXPOSE 8891 -ENTRYPOINT /boot; opendkim -f -p inet:8891@0.0.0.0 +ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n diff --git a/opendkim/boot b/opendkim/boot index 1a00c56..22b8c8f 100755 --- a/opendkim/boot +++ b/opendkim/boot @@ -5,8 +5,3 @@ cp /mail_settings/opendkim.conf /etc/opendkim.conf cp /mail_settings/mail.private /etc/dkim.key chown root:root /etc/dkim.key chmod 600 /etc/dkim.key - -ln -sf /dev/stdout /var/log/mail.log -ln -sf /dev/stdout /var/log/mail.info -ln -sf /dev/stdout /var/log/mail.warn -ln -sf /dev/stderr /var/log/mail.err diff --git a/opendkim/config/rsyslog.conf b/opendkim/config/rsyslog.conf new file mode 100644 index 0000000..1afcb9d --- /dev/null +++ b/opendkim/config/rsyslog.conf @@ -0,0 +1,28 @@ +# /etc/rsyslog.conf Configuration file for rsyslog. +# +# For more information see +# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html +# +# Default logging rules can be found in /etc/rsyslog.d/50-default.conf + + +################# +#### MODULES #### +################# + +$ModLoad imuxsock # provides support for local system logging + +########################### +#### GLOBAL DIRECTIVES #### +########################### + +# Filter duplicated messages +$RepeatedMsgReduction on +# +# Where to place spool and state files +# +$WorkDirectory /var/spool/rsyslog + +# Write everything to stdout +$template fmt,"%timestamp:::date-rfc3164%\n" +*.* /dev/stdout