Use exherbo as base image

7 years ago · ac397c4f85
--- a/core/Dockerfile
+++ b/core/Dockerfile
@@ -1,19 +1,31 @@
 FROM        hasufell/gentoo-amd64-paludis:latest
 FROM        hasufell/exherbo
 MAINTAINER  Julian Ospald "hasufell@posteo.de"

 ##### PACKAGE INSTALLATION #####

 # copy paludis config
 COPY ./config/paludis /etc/paludis

 # update world with our USE flags
 RUN chgrp paludisbuild /dev/tty && \
 	cave resolve -c world -x --without sys-devel/gcc && \
 	cave resolve -c mail -x --without sys-devel/gcc && \
 	cave resolve -c tools --without sys-devel/gcc -x

 # update etc files... hope this doesn't screw up
 RUN etc-update --automode -5
 ##### PACKAGE INSTALLATION #####

 # update world with our options
 RUN chgrp paludisbuild /dev/tty && \
 	eclectic env update && \
 	source /etc/profile && \
 	cave sync && \
 	cave resolve -z -1 repository/net -x && \
 	cave resolve -z -1 repository/hasufell -x && \
 	cave resolve -z -1 repository/python -x && \
 	cave resolve -z -1 repository/perl -x && \
 	cave resolve -z -1 repository/nicoo -x && \
 	cave update-world -s mail && \
 	cave resolve -ks -Sa -sa -B world -x -f --permit-old-version '*/*' && \
 	cave resolve -ks -Sa -sa -B world -x --permit-old-version '*/*' && \
 	cave purge -x && \
 	cave fix-linkage -x && \
 	rm -rf /usr/portage/distfiles/*

 RUN eclectic config accept-all

 ################################

--- a/+ 0
+++ b/+ 0
@@ -1,21 +0,0 @@
 The MIT License (MIT)

 Copyright (c) 2015 Valentin Arkhipov

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
 in the Software without restriction, including without limitation the rights
 to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 copies of the Software, and to permit persons to whom the Software is
 furnished to do so, subject to the following conditions:

 The above copyright notice and this permission notice shall be included in all
 copies or substantial portions of the Software.

 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 SOFTWARE.
--- a/README.md
+++ b/README.md
@@ -1,34 +1,62 @@
 Dockermail
 Dockermail - Email Core
 ==========
 This image provides a secure mail server based on:
 * postfix
 * dovecot (with sieve/managesieve support)
 * spamassasin (with pyzor and razor)

 A secure, minimal-configuration mail service in docker containers.
 This repository is tailored to small private servers, where you own a domain and want to host your own mail.
 All incoming mail to your domains is accepted.
 For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.

 The setup is modular and so far has (more to come, feel free to contribute :)
 ### Setup
 You will need 2 folder on your host, one to store your configuration and another one to store your email.
 In the instructions below we will use the following:
  * `/var/lib/dockermail/settings` to store configuration
  * `/var/lib/dockermail/vmail` to store the mail

 * `core` -  base SMTP and IMAP server
 * `opendkim` - adds DKIM signing service to the core
 Use the the example config files in `config/example` to get you started.

 Please see the README in each folder for more information on each image.
 1. Add all domains you want to receive mail for to the file `/var/lib/dockermail/settings/domains`, like this:

 ### SPAM
 Although OpenDKIM is optional, I highly recommended you use it unless you want your mail to end up in someone's spam folder. See the README in `opendkim` folder for more info on setting it up.
 		example.org
 		example.net

 You should also add PTR record to your IP (aka Reverse DNS) which is done by your server provider.
 And finally, generate and add an SPF record to your domain, search for instructions on this - there are a few generator site around and the setup steps depend on your domain name provider.
 2. Add user aliases to the file `/var/lib/dockermail/settings/aliases`:

 ### Compose
 Assuming you follow the instructions in the accompanying READMEs to set up both containers, you should just be able to run
 		johndoe@example.org       john.doe@example.org
 		john.doe@example.org      john.doe@example.org
 		admin@forum.example.org   forum-admin@example.org
 		@example.net              catch-all@example.net

 		docker-compose up
 	An IMAP mail account is created for each entry on the right hand side.
 	Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.

 and it will spin up both container and link them together, easy!
 3. Add user passwords to the file `/var/lib/dockermail/settings/passwords` like this

 		john.doe@example.org:{PLAIN}password123
 		admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6

 ### Coming soon
 * JSON based config instead of current collection of flat files.
 * Images on DockerHub
 * Testing
 	To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s <scheme-name>` inside, remember to restart your container if you update the settings!

 ### TODO
 * gentoo support for opendkim
 4. Change the hostname in file `/var/lib/dockermail/settings/myhostname` to the correct fully qualified domain of your server.

 5. Set the "mynetworks" variable for postfix in file `/var/lib/dockermail/settings/postfix-networks` to e.g. `127.0.0.0/8 [::1]/128` (one single line only).

 5. Build container

 		docker build -t hasufell/gentoo-dockermail .

 6. Run container

 		docker run -ti -d \
 		  --name dockermail \
 		  -p 25:25 \
 		  -p 465:465 \
 		  -p 993:993 \
 		  -p 4190:4190 \
 		  -v /var/lib/dockermail/settings:/mail_settings \
 		  -v /var/lib/dockermail/vmail:/vmail \
 		  -v <path-to-certs>:/etc/ssl/server
 		  dockermail_email_core

 	Note that the certificates must be named `email.crt` and `email.key`.
--- a/core/boot
+++ b/core/boot
--- a/core/boot.d/opendkim
+++ b/core/boot.d/opendkim
--- a/core/boot.d/spamassasin
+++ b/core/boot.d/spamassasin
--- a/core/config/dovecot/dovecot.auth
+++ b/core/config/dovecot/dovecot.auth
--- a/core/config/dovecot/dovecot.imap
+++ b/core/config/dovecot/dovecot.imap
--- a/core/config/dovecot/dovecot.lda
+++ b/core/config/dovecot/dovecot.lda
--- a/core/config/dovecot/dovecot.logging
+++ b/core/config/dovecot/dovecot.logging
--- a/core/config/dovecot/dovecot.mail
+++ b/core/config/dovecot/dovecot.mail
--- a/core/config/dovecot/dovecot.managesieve
+++ b/core/config/dovecot/dovecot.managesieve
--- a/core/config/dovecot/dovecot.master
+++ b/core/config/dovecot/dovecot.master
--- a/core/config/dovecot/dovecot.sieve
+++ b/core/config/dovecot/dovecot.sieve
--- a/core/config/dovecot/dovecot.ssl
+++ b/core/config/dovecot/dovecot.ssl
--- a/core/config/example/aliases
+++ b/core/config/example/aliases
--- a/core/config/example/domains
+++ b/core/config/example/domains
--- a/core/config/example/myhostname
+++ b/core/config/example/myhostname
--- a/core/config/example/passwords
+++ b/core/config/example/passwords
--- a/core/config/example/postfix-networks
+++ b/core/config/example/postfix-networks
--- a/core/config/example/spam-global.sieve
+++ b/core/config/example/spam-global.sieve
--- a/config/paludis/options.conf.d/mail.conf
+++ b/config/paludis/options.conf.d/mail.conf
@@ -0,0 +1,4 @@
 net-mail/dovecot caps lz4 sqlite tcpd
 mail-mta/postfix ssl

 dev-lang/perl berkdb dbm
--- a/core/config/paludis/sets/mail.conf
+++ b/core/config/paludis/sets/mail.conf
@@ -1,5 +1,7 @@
 * net-mail/dovecot
 * mail-mta/postfix
 * mail-filter/spamassassin
 * app-admin/supervisor
 * dev-python/pyzor
 * mail-filter/razor
 * dev-perl/razor
 * mail-filter/spamassassin
 * mail-mta/postfix
 * net-mail/dovecot
 * dev-perl/Net-IDN-Encode
--- a/core/config/postfix/postfix.main.cf
+++ b/core/config/postfix/postfix.main.cf
--- a/core/config/postfix/postfix.master.cf.append
+++ b/core/config/postfix/postfix.master.cf.append
--- a/core/config/spamassasin/pyzor.servers
+++ b/core/config/spamassasin/pyzor.servers
--- a/core/config/spamassasin/spamassasin.local.append
+++ b/core/config/spamassasin/spamassasin.local.append
--- a/core/config/supervisord.conf
+++ b/core/config/supervisord.conf
--- a/core/README.md
+++ b/core/README.md
@@ -1,62 +0,0 @@
 Dockermail - Email Core
 ==========
 This image provides a secure mail server based on:
 * postfix
 * dovecot (with sieve/managesieve support)
 * spamassasin (with pyzor and razor)

 All incoming mail to your domains is accepted.
 For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.

 ### Setup
 You will need 2 folder on your host, one to store your configuration and another one to store your email.
 In the instructions below we will use the following:
  * `/var/lib/dockermail/settings` to store configuration
  * `/var/lib/dockermail/vmail` to store the mail

 Use the the example config files in `config/example` to get you started.

 1. Add all domains you want to receive mail for to the file `/var/lib/dockermail/settings/domains`, like this:

 		example.org
 		example.net

 2. Add user aliases to the file `/var/lib/dockermail/settings/aliases`:

 		johndoe@example.org       john.doe@example.org
 		john.doe@example.org      john.doe@example.org
 		admin@forum.example.org   forum-admin@example.org
 		@example.net              catch-all@example.net

 	An IMAP mail account is created for each entry on the right hand side.
 	Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.

 3. Add user passwords to the file `/var/lib/dockermail/settings/passwords` like this

 		john.doe@example.org:{PLAIN}password123
 		admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6

 	To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s <scheme-name>` inside, remember to restart your container if you update the settings!

 4. Change the hostname in file `/var/lib/dockermail/settings/myhostname` to the correct fully qualified domain of your server.

 5. Set the "mynetworks" variable for postfix in file `/var/lib/dockermail/settings/postfix-networks` to e.g. `127.0.0.0/8 [::1]/128` (one single line only).

 5. Build container

 		docker build -t hasufell/gentoo-dockermail .

 6. Run container

 		docker run -ti -d \
 		  --name dockermail \
 		  -p 25:25 \
 		  -p 465:465 \
 		  -p 993:993 \
 		  -p 4190:4190 \
 		  -v /var/lib/dockermail/settings:/mail_settings \
 		  -v /var/lib/dockermail/vmail:/vmail \
 		  -v <path-to-certs>:/etc/ssl/server
 		  dockermail_email_core

 	Note that the certificates must be named `email.crt` and `email.key`.
--- a/core/config/paludis/keywords.conf.d/mail.conf
+++ b/core/config/paludis/keywords.conf.d/mail.conf
@@ -1,3 +0,0 @@
 dev-python/pyzor ~amd64
 dev-libs/cyrus-sasl ~amd64
 <mail-mta/postfix-3.2 ~amd64
--- a/core/config/paludis/sets/tools.conf
+++ b/core/config/paludis/sets/tools.conf
@@ -1,2 +0,0 @@
 * app-admin/supervisor
 * sys-process/htop
--- a/core/config/paludis/use.conf.d/global.conf
+++ b/core/config/paludis/use.conf.d/global.conf
@@ -1 +0,0 @@
 */* acl bash-completion ipv6 kmod openrc pcre readline unicode zlib pam ssl sasl bzip2 urandom crypt tcpd -acpi -cairo -consolekit -cups -dbus -dri -gnome -gnutls -gtk -ogg -opengl -pdf -policykit -qt3support -qt5 -qt4 -sdl -sound -systemd -truetype -vim -vim-syntax -wayland -X
--- a/core/config/paludis/use.conf.d/mail.conf
+++ b/core/config/paludis/use.conf.d/mail.conf
@@ -1,2 +0,0 @@
 net-mail/dovecot cydir imapc maildir managesieve mbox mdbox pam pop3c sieve sqlite
 nmail-mta/postfix dovecot-sasl mbox sasl
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,20 +0,0 @@
 core:
  build: ./core
  ports:
    - "25:25"
    - "143:143"
    - "587:587"
  volumes:
    - /opt/dockermail/settings:/mail_settings
    - /opt/dockermail/vmail:/vmail
  links:
   - opendkim
   - amavis
 opendkim:
  build: ./opendkim
  volumes:
    - /opt/dockermail/settings:/mail_settings
 amavis:
  build: ./amavis
  volumes:
    - /opt/dockermail/settings:/mail_settings
--- a/opendkim/Dockerfile
+++ b/opendkim/Dockerfile
@@ -1,24 +0,0 @@
 FROM ubuntu:14.10

 ENV DEBIAN_FRONTEND noninteractive
 RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales

 # Prerequisites
 RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
    apt-get update && apt-get install -y opendkim && \
    apt-get clean && \
    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*

 COPY ./config/rsyslog.conf /etc/rsyslog.conf

 # Nice place for your settings
 VOLUME ["/mail_settings"]

 # Configure boot script
 COPY boot /
 RUN chmod 755 /boot

 ENV OPEN_DKIM=true

 EXPOSE 8891
 ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n
--- a/opendkim/README.md
+++ b/opendkim/README.md
@@ -1,16 +0,0 @@
 Dockermail - OpenDKIM
 ===
 Once configured and linked to the `email_core`, this image will provide DKIM singing for your mail.
 Please see http://www.opendkim.org/ for more information on OpenDKIM.

 ### Configuration
 To get going you need to generate a key and set up your domain records, see https://help.ubuntu.com/community/Postfix/DKIM for details on doing this.

 This images uses settings files in an attached volume to configure the container on boot.
 You can place these in the same folder as the `email_core`'s settings for easy administration.

  * `opendkim.conf`
  You will find this file in the './config', change `Domain` to your own domain.

  * `mail.private`
  You will need to generate this private key file and use the public key in your domain's DNS setup, see the link above for details.
--- a/opendkim/boot
+++ b/opendkim/boot
@@ -1,7 +0,0 @@
 #!/bin/bash

 # Copy OpenDKIM config
 cp /mail_settings/opendkim.conf /etc/opendkim.conf
 cp /mail_settings/mail.private /etc/dkim.key
 chown root:root /etc/dkim.key
 chmod 600 /etc/dkim.key
--- a/opendkim/config/opendkim.conf
+++ b/opendkim/config/opendkim.conf
@@ -1,68 +0,0 @@
 # Log to syslog
 Syslog                  yes
 # Required to use local socket with MTAs that access the socket as a non-
 # privileged user (e.g. Postfix)
 #UMask                  002
 # dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
 # Disable new umask option by default (not needed since Ubuntu default
 # uses a TCP socket instead of a Unix socket).

 # Attempt to become the specified userid before starting operations.
 #UserID                 105 # 'id postfix' in your shell


 # Sign for example.com with key in /etc/mail/dkim.key using
 # selector '2007' (e.g. 2007._domainkey.example.com)
 Domain                  example.com
 KeyFile                 /etc/dkim.key
 Selector                mail

 # Common settings. See dkim-filter.conf(5) for more information.
 AutoRestart             yes
 Background              yes
 Canonicalization        relaxed/relaxed
 DNSTimeout              5
 Mode                    sv
 SignatureAlgorithm      rsa-sha256
 SubDomains              no
 #UseASPDiscard          no
 #Version                rfc4871
 X-Header                no

 #InternalHosts          /etc/mail/dkim-InternalHosts.txt
 # The contents of /etc/mail/dkim-InternalHosts.txt should be
 #   127.0.0.1/8
 #   192.168.1.0/24
 #   other.internal.host.domain.tld
 # You need InternalHosts if you are signing e-mails on a gateway mail server
 # for each of the computers on your LAN.


 ###############################################
 # Other (less-standard) configuration options #
 ###############################################
 #
 # If enabled, log verification stats here
 Statistics              /var/log/dkim-filter/dkim-stats
 #
 # KeyList is a file containing tuples of key information. Requires
 # KeyFile to be unset. Each line of the file should be of the format:
 #    sender glob:signing domain:signing key file
 # Blank lines and lines beginning with # are ignored. Selector will be
 # derived from the key's filename.
 #KeyList                /etc/dkim-keys.conf
 #
 # If enabled, will generate verification failure reports for any messages
 # that fail signature verification. These will be sent to the r= address
 # in the policy record, if any.
 #ReportInfo             yes
 #
 # If enabled, will issue a Sendmail QUARANTINE for any messages that fail
 # signature verification, allowing them to be inspected later.
 #Quarantine             yes
 #
 # If enabled, will check for required headers when processing messages.
 # At a minimum, that means From: and Date: will be required. Messages not
 # containing the required headers will not be signed or verified, but will
 # be passed through
 #RequiredHeaders        yes
--- a/opendkim/config/rsyslog.conf
+++ b/opendkim/config/rsyslog.conf
@@ -1,28 +0,0 @@
 #  /etc/rsyslog.conf    Configuration file for rsyslog.
 #
 #                       For more information see
 #                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
 #
 #  Default logging rules can be found in /etc/rsyslog.d/50-default.conf


 #################
 #### MODULES ####
 #################

 $ModLoad imuxsock # provides support for local system logging

 ###########################
 #### GLOBAL DIRECTIVES ####
 ###########################

 # Filter duplicated messages
 $RepeatedMsgReduction on
 #
 # Where to place spool and state files
 #
 $WorkDirectory /var/spool/rsyslog

 # Write everything to stdout
 $template fmt,"%timestamp:::date-rfc3164%\n"
 *.* /dev/stdout