From ac397c4f85c227ff1eadd079e6d4bf2b3c7f5d35 Mon Sep 17 00:00:00 2001 From: Julian Ospald Date: Sat, 15 Oct 2016 13:45:24 +0200 Subject: [PATCH] Use exherbo as base image --- core/Dockerfile => Dockerfile | 30 +++++--- LICENSE | 21 ------ README.md | 70 +++++++++++++------ core/boot => boot | 0 {core/boot.d => boot.d}/opendkim | 0 {core/boot.d => boot.d}/spamassasin | 0 {core/config => config}/dovecot/dovecot.auth | 0 {core/config => config}/dovecot/dovecot.imap | 0 {core/config => config}/dovecot/dovecot.lda | 0 .../config => config}/dovecot/dovecot.logging | 0 {core/config => config}/dovecot/dovecot.mail | 0 .../dovecot/dovecot.managesieve | 0 .../config => config}/dovecot/dovecot.master | 0 {core/config => config}/dovecot/dovecot.sieve | 0 {core/config => config}/dovecot/dovecot.ssl | 0 {core/config => config}/example/aliases | 0 {core/config => config}/example/domains | 0 {core/config => config}/example/myhostname | 0 {core/config => config}/example/passwords | 0 .../example/postfix-networks | 0 .../example/spam-global.sieve | 0 config/paludis/options.conf.d/mail.conf | 4 ++ .../config => config}/paludis/sets/mail.conf | 10 +-- .../config => config}/postfix/postfix.main.cf | 0 .../postfix/postfix.master.cf.append | 0 .../spamassasin/pyzor.servers | 0 .../spamassasin/spamassasin.local.append | 0 {core/config => config}/supervisord.conf | 0 core/README.md | 62 ---------------- core/config/paludis/keywords.conf.d/mail.conf | 3 - core/config/paludis/sets/tools.conf | 2 - core/config/paludis/use.conf.d/global.conf | 1 - core/config/paludis/use.conf.d/mail.conf | 2 - docker-compose.yml | 20 ------ opendkim/Dockerfile | 24 ------- opendkim/README.md | 16 ----- opendkim/boot | 7 -- opendkim/config/opendkim.conf | 68 ------------------ opendkim/config/rsyslog.conf | 28 -------- 39 files changed, 80 insertions(+), 288 deletions(-) rename core/Dockerfile => Dockerfile (81%) delete mode 100644 LICENSE rename core/boot => boot (100%) rename {core/boot.d => boot.d}/opendkim (100%) rename {core/boot.d => boot.d}/spamassasin (100%) rename {core/config => config}/dovecot/dovecot.auth (100%) rename {core/config => config}/dovecot/dovecot.imap (100%) rename {core/config => config}/dovecot/dovecot.lda (100%) rename {core/config => config}/dovecot/dovecot.logging (100%) rename {core/config => config}/dovecot/dovecot.mail (100%) rename {core/config => config}/dovecot/dovecot.managesieve (100%) rename {core/config => config}/dovecot/dovecot.master (100%) rename {core/config => config}/dovecot/dovecot.sieve (100%) rename {core/config => config}/dovecot/dovecot.ssl (100%) rename {core/config => config}/example/aliases (100%) rename {core/config => config}/example/domains (100%) rename {core/config => config}/example/myhostname (100%) rename {core/config => config}/example/passwords (100%) rename {core/config => config}/example/postfix-networks (100%) rename {core/config => config}/example/spam-global.sieve (100%) create mode 100644 config/paludis/options.conf.d/mail.conf rename {core/config => config}/paludis/sets/mail.conf (56%) rename {core/config => config}/postfix/postfix.main.cf (100%) rename {core/config => config}/postfix/postfix.master.cf.append (100%) rename {core/config => config}/spamassasin/pyzor.servers (100%) rename {core/config => config}/spamassasin/spamassasin.local.append (100%) rename {core/config => config}/supervisord.conf (100%) delete mode 100644 core/README.md delete mode 100644 core/config/paludis/keywords.conf.d/mail.conf delete mode 100644 core/config/paludis/sets/tools.conf delete mode 100644 core/config/paludis/use.conf.d/global.conf delete mode 100644 core/config/paludis/use.conf.d/mail.conf delete mode 100644 docker-compose.yml delete mode 100644 opendkim/Dockerfile delete mode 100644 opendkim/README.md delete mode 100755 opendkim/boot delete mode 100644 opendkim/config/opendkim.conf delete mode 100644 opendkim/config/rsyslog.conf diff --git a/core/Dockerfile b/Dockerfile similarity index 81% rename from core/Dockerfile rename to Dockerfile index aa0d714..8bf888c 100644 --- a/core/Dockerfile +++ b/Dockerfile @@ -1,19 +1,31 @@ -FROM hasufell/gentoo-amd64-paludis:latest +FROM hasufell/exherbo MAINTAINER Julian Ospald "hasufell@posteo.de" -##### PACKAGE INSTALLATION ##### # copy paludis config COPY ./config/paludis /etc/paludis -# update world with our USE flags -RUN chgrp paludisbuild /dev/tty && \ - cave resolve -c world -x --without sys-devel/gcc && \ - cave resolve -c mail -x --without sys-devel/gcc && \ - cave resolve -c tools --without sys-devel/gcc -x -# update etc files... hope this doesn't screw up -RUN etc-update --automode -5 +##### PACKAGE INSTALLATION ##### + +# update world with our options +RUN chgrp paludisbuild /dev/tty && \ + eclectic env update && \ + source /etc/profile && \ + cave sync && \ + cave resolve -z -1 repository/net -x && \ + cave resolve -z -1 repository/hasufell -x && \ + cave resolve -z -1 repository/python -x && \ + cave resolve -z -1 repository/perl -x && \ + cave resolve -z -1 repository/nicoo -x && \ + cave update-world -s mail && \ + cave resolve -ks -Sa -sa -B world -x -f --permit-old-version '*/*' && \ + cave resolve -ks -Sa -sa -B world -x --permit-old-version '*/*' && \ + cave purge -x && \ + cave fix-linkage -x && \ + rm -rf /usr/portage/distfiles/* + +RUN eclectic config accept-all ################################ diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 5fa45c2..0000000 --- a/LICENSE +++ /dev/null @@ -1,21 +0,0 @@ -The MIT License (MIT) - -Copyright (c) 2015 Valentin Arkhipov - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. diff --git a/README.md b/README.md index e39c302..5306b81 100644 --- a/README.md +++ b/README.md @@ -1,34 +1,62 @@ -Dockermail +Dockermail - Email Core ========== +This image provides a secure mail server based on: +* postfix +* dovecot (with sieve/managesieve support) +* spamassasin (with pyzor and razor) -A secure, minimal-configuration mail service in docker containers. -This repository is tailored to small private servers, where you own a domain and want to host your own mail. +All incoming mail to your domains is accepted. +For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS. -The setup is modular and so far has (more to come, feel free to contribute :) +### Setup +You will need 2 folder on your host, one to store your configuration and another one to store your email. +In the instructions below we will use the following: + * `/var/lib/dockermail/settings` to store configuration + * `/var/lib/dockermail/vmail` to store the mail -* `core` - base SMTP and IMAP server -* `opendkim` - adds DKIM signing service to the core +Use the the example config files in `config/example` to get you started. -Please see the README in each folder for more information on each image. +1. Add all domains you want to receive mail for to the file `/var/lib/dockermail/settings/domains`, like this: -### SPAM -Although OpenDKIM is optional, I highly recommended you use it unless you want your mail to end up in someone's spam folder. See the README in `opendkim` folder for more info on setting it up. + example.org + example.net -You should also add PTR record to your IP (aka Reverse DNS) which is done by your server provider. -And finally, generate and add an SPF record to your domain, search for instructions on this - there are a few generator site around and the setup steps depend on your domain name provider. +2. Add user aliases to the file `/var/lib/dockermail/settings/aliases`: -### Compose -Assuming you follow the instructions in the accompanying READMEs to set up both containers, you should just be able to run + johndoe@example.org john.doe@example.org + john.doe@example.org john.doe@example.org + admin@forum.example.org forum-admin@example.org + @example.net catch-all@example.net - docker-compose up + An IMAP mail account is created for each entry on the right hand side. + Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column. -and it will spin up both container and link them together, easy! +3. Add user passwords to the file `/var/lib/dockermail/settings/passwords` like this + john.doe@example.org:{PLAIN}password123 + admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6 -### Coming soon -* JSON based config instead of current collection of flat files. -* Images on DockerHub -* Testing + To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s ` inside, remember to restart your container if you update the settings! -### TODO -* gentoo support for opendkim +4. Change the hostname in file `/var/lib/dockermail/settings/myhostname` to the correct fully qualified domain of your server. + +5. Set the "mynetworks" variable for postfix in file `/var/lib/dockermail/settings/postfix-networks` to e.g. `127.0.0.0/8 [::1]/128` (one single line only). + +5. Build container + + docker build -t hasufell/gentoo-dockermail . + +6. Run container + + docker run -ti -d \ + --name dockermail \ + -p 25:25 \ + -p 465:465 \ + -p 993:993 \ + -p 4190:4190 \ + -v /var/lib/dockermail/settings:/mail_settings \ + -v /var/lib/dockermail/vmail:/vmail \ + -v :/etc/ssl/server + dockermail_email_core + + Note that the certificates must be named `email.crt` and `email.key`. diff --git a/core/boot b/boot similarity index 100% rename from core/boot rename to boot diff --git a/core/boot.d/opendkim b/boot.d/opendkim similarity index 100% rename from core/boot.d/opendkim rename to boot.d/opendkim diff --git a/core/boot.d/spamassasin b/boot.d/spamassasin similarity index 100% rename from core/boot.d/spamassasin rename to boot.d/spamassasin diff --git a/core/config/dovecot/dovecot.auth b/config/dovecot/dovecot.auth similarity index 100% rename from core/config/dovecot/dovecot.auth rename to config/dovecot/dovecot.auth diff --git a/core/config/dovecot/dovecot.imap b/config/dovecot/dovecot.imap similarity index 100% rename from core/config/dovecot/dovecot.imap rename to config/dovecot/dovecot.imap diff --git a/core/config/dovecot/dovecot.lda b/config/dovecot/dovecot.lda similarity index 100% rename from core/config/dovecot/dovecot.lda rename to config/dovecot/dovecot.lda diff --git a/core/config/dovecot/dovecot.logging b/config/dovecot/dovecot.logging similarity index 100% rename from core/config/dovecot/dovecot.logging rename to config/dovecot/dovecot.logging diff --git a/core/config/dovecot/dovecot.mail b/config/dovecot/dovecot.mail similarity index 100% rename from core/config/dovecot/dovecot.mail rename to config/dovecot/dovecot.mail diff --git a/core/config/dovecot/dovecot.managesieve b/config/dovecot/dovecot.managesieve similarity index 100% rename from core/config/dovecot/dovecot.managesieve rename to config/dovecot/dovecot.managesieve diff --git a/core/config/dovecot/dovecot.master b/config/dovecot/dovecot.master similarity index 100% rename from core/config/dovecot/dovecot.master rename to config/dovecot/dovecot.master diff --git a/core/config/dovecot/dovecot.sieve b/config/dovecot/dovecot.sieve similarity index 100% rename from core/config/dovecot/dovecot.sieve rename to config/dovecot/dovecot.sieve diff --git a/core/config/dovecot/dovecot.ssl b/config/dovecot/dovecot.ssl similarity index 100% rename from core/config/dovecot/dovecot.ssl rename to config/dovecot/dovecot.ssl diff --git a/core/config/example/aliases b/config/example/aliases similarity index 100% rename from core/config/example/aliases rename to config/example/aliases diff --git a/core/config/example/domains b/config/example/domains similarity index 100% rename from core/config/example/domains rename to config/example/domains diff --git a/core/config/example/myhostname b/config/example/myhostname similarity index 100% rename from core/config/example/myhostname rename to config/example/myhostname diff --git a/core/config/example/passwords b/config/example/passwords similarity index 100% rename from core/config/example/passwords rename to config/example/passwords diff --git a/core/config/example/postfix-networks b/config/example/postfix-networks similarity index 100% rename from core/config/example/postfix-networks rename to config/example/postfix-networks diff --git a/core/config/example/spam-global.sieve b/config/example/spam-global.sieve similarity index 100% rename from core/config/example/spam-global.sieve rename to config/example/spam-global.sieve diff --git a/config/paludis/options.conf.d/mail.conf b/config/paludis/options.conf.d/mail.conf new file mode 100644 index 0000000..80dced7 --- /dev/null +++ b/config/paludis/options.conf.d/mail.conf @@ -0,0 +1,4 @@ +net-mail/dovecot caps lz4 sqlite tcpd +mail-mta/postfix ssl + +dev-lang/perl berkdb dbm diff --git a/core/config/paludis/sets/mail.conf b/config/paludis/sets/mail.conf similarity index 56% rename from core/config/paludis/sets/mail.conf rename to config/paludis/sets/mail.conf index 159ca55..c657afb 100644 --- a/core/config/paludis/sets/mail.conf +++ b/config/paludis/sets/mail.conf @@ -1,5 +1,7 @@ -* net-mail/dovecot -* mail-mta/postfix -* mail-filter/spamassassin +* app-admin/supervisor * dev-python/pyzor -* mail-filter/razor +* dev-perl/razor +* mail-filter/spamassassin +* mail-mta/postfix +* net-mail/dovecot +* dev-perl/Net-IDN-Encode diff --git a/core/config/postfix/postfix.main.cf b/config/postfix/postfix.main.cf similarity index 100% rename from core/config/postfix/postfix.main.cf rename to config/postfix/postfix.main.cf diff --git a/core/config/postfix/postfix.master.cf.append b/config/postfix/postfix.master.cf.append similarity index 100% rename from core/config/postfix/postfix.master.cf.append rename to config/postfix/postfix.master.cf.append diff --git a/core/config/spamassasin/pyzor.servers b/config/spamassasin/pyzor.servers similarity index 100% rename from core/config/spamassasin/pyzor.servers rename to config/spamassasin/pyzor.servers diff --git a/core/config/spamassasin/spamassasin.local.append b/config/spamassasin/spamassasin.local.append similarity index 100% rename from core/config/spamassasin/spamassasin.local.append rename to config/spamassasin/spamassasin.local.append diff --git a/core/config/supervisord.conf b/config/supervisord.conf similarity index 100% rename from core/config/supervisord.conf rename to config/supervisord.conf diff --git a/core/README.md b/core/README.md deleted file mode 100644 index 5306b81..0000000 --- a/core/README.md +++ /dev/null @@ -1,62 +0,0 @@ -Dockermail - Email Core -========== -This image provides a secure mail server based on: -* postfix -* dovecot (with sieve/managesieve support) -* spamassasin (with pyzor and razor) - -All incoming mail to your domains is accepted. -For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS. - -### Setup -You will need 2 folder on your host, one to store your configuration and another one to store your email. -In the instructions below we will use the following: - * `/var/lib/dockermail/settings` to store configuration - * `/var/lib/dockermail/vmail` to store the mail - -Use the the example config files in `config/example` to get you started. - -1. Add all domains you want to receive mail for to the file `/var/lib/dockermail/settings/domains`, like this: - - example.org - example.net - -2. Add user aliases to the file `/var/lib/dockermail/settings/aliases`: - - johndoe@example.org john.doe@example.org - john.doe@example.org john.doe@example.org - admin@forum.example.org forum-admin@example.org - @example.net catch-all@example.net - - An IMAP mail account is created for each entry on the right hand side. - Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column. - -3. Add user passwords to the file `/var/lib/dockermail/settings/passwords` like this - - john.doe@example.org:{PLAIN}password123 - admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6 - - To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s ` inside, remember to restart your container if you update the settings! - -4. Change the hostname in file `/var/lib/dockermail/settings/myhostname` to the correct fully qualified domain of your server. - -5. Set the "mynetworks" variable for postfix in file `/var/lib/dockermail/settings/postfix-networks` to e.g. `127.0.0.0/8 [::1]/128` (one single line only). - -5. Build container - - docker build -t hasufell/gentoo-dockermail . - -6. Run container - - docker run -ti -d \ - --name dockermail \ - -p 25:25 \ - -p 465:465 \ - -p 993:993 \ - -p 4190:4190 \ - -v /var/lib/dockermail/settings:/mail_settings \ - -v /var/lib/dockermail/vmail:/vmail \ - -v :/etc/ssl/server - dockermail_email_core - - Note that the certificates must be named `email.crt` and `email.key`. diff --git a/core/config/paludis/keywords.conf.d/mail.conf b/core/config/paludis/keywords.conf.d/mail.conf deleted file mode 100644 index de81197..0000000 --- a/core/config/paludis/keywords.conf.d/mail.conf +++ /dev/null @@ -1,3 +0,0 @@ -dev-python/pyzor ~amd64 -dev-libs/cyrus-sasl ~amd64 - /usr/sbin/policy-rc.d && \ - apt-get update && apt-get install -y opendkim && \ - apt-get clean && \ - rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* - -COPY ./config/rsyslog.conf /etc/rsyslog.conf - -# Nice place for your settings -VOLUME ["/mail_settings"] - -# Configure boot script -COPY boot / -RUN chmod 755 /boot - -ENV OPEN_DKIM=true - -EXPOSE 8891 -ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n diff --git a/opendkim/README.md b/opendkim/README.md deleted file mode 100644 index 283ce82..0000000 --- a/opendkim/README.md +++ /dev/null @@ -1,16 +0,0 @@ -Dockermail - OpenDKIM -=== -Once configured and linked to the `email_core`, this image will provide DKIM singing for your mail. -Please see http://www.opendkim.org/ for more information on OpenDKIM. - -### Configuration -To get going you need to generate a key and set up your domain records, see https://help.ubuntu.com/community/Postfix/DKIM for details on doing this. - -This images uses settings files in an attached volume to configure the container on boot. -You can place these in the same folder as the `email_core`'s settings for easy administration. - - * `opendkim.conf` - You will find this file in the './config', change `Domain` to your own domain. - - * `mail.private` - You will need to generate this private key file and use the public key in your domain's DNS setup, see the link above for details. diff --git a/opendkim/boot b/opendkim/boot deleted file mode 100755 index 22b8c8f..0000000 --- a/opendkim/boot +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -# Copy OpenDKIM config -cp /mail_settings/opendkim.conf /etc/opendkim.conf -cp /mail_settings/mail.private /etc/dkim.key -chown root:root /etc/dkim.key -chmod 600 /etc/dkim.key diff --git a/opendkim/config/opendkim.conf b/opendkim/config/opendkim.conf deleted file mode 100644 index c72e79b..0000000 --- a/opendkim/config/opendkim.conf +++ /dev/null @@ -1,68 +0,0 @@ -# Log to syslog -Syslog yes -# Required to use local socket with MTAs that access the socket as a non- -# privileged user (e.g. Postfix) -#UMask 002 -# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy: -# Disable new umask option by default (not needed since Ubuntu default -# uses a TCP socket instead of a Unix socket). - -# Attempt to become the specified userid before starting operations. -#UserID 105 # 'id postfix' in your shell - - -# Sign for example.com with key in /etc/mail/dkim.key using -# selector '2007' (e.g. 2007._domainkey.example.com) -Domain example.com -KeyFile /etc/dkim.key -Selector mail - -# Common settings. See dkim-filter.conf(5) for more information. -AutoRestart yes -Background yes -Canonicalization relaxed/relaxed -DNSTimeout 5 -Mode sv -SignatureAlgorithm rsa-sha256 -SubDomains no -#UseASPDiscard no -#Version rfc4871 -X-Header no - -#InternalHosts /etc/mail/dkim-InternalHosts.txt -# The contents of /etc/mail/dkim-InternalHosts.txt should be -# 127.0.0.1/8 -# 192.168.1.0/24 -# other.internal.host.domain.tld -# You need InternalHosts if you are signing e-mails on a gateway mail server -# for each of the computers on your LAN. - - -############################################### -# Other (less-standard) configuration options # -############################################### -# -# If enabled, log verification stats here -Statistics /var/log/dkim-filter/dkim-stats -# -# KeyList is a file containing tuples of key information. Requires -# KeyFile to be unset. Each line of the file should be of the format: -# sender glob:signing domain:signing key file -# Blank lines and lines beginning with # are ignored. Selector will be -# derived from the key's filename. -#KeyList /etc/dkim-keys.conf -# -# If enabled, will generate verification failure reports for any messages -# that fail signature verification. These will be sent to the r= address -# in the policy record, if any. -#ReportInfo yes -# -# If enabled, will issue a Sendmail QUARANTINE for any messages that fail -# signature verification, allowing them to be inspected later. -#Quarantine yes -# -# If enabled, will check for required headers when processing messages. -# At a minimum, that means From: and Date: will be required. Messages not -# containing the required headers will not be signed or verified, but will -# be passed through -#RequiredHeaders yes diff --git a/opendkim/config/rsyslog.conf b/opendkim/config/rsyslog.conf deleted file mode 100644 index 1afcb9d..0000000 --- a/opendkim/config/rsyslog.conf +++ /dev/null @@ -1,28 +0,0 @@ -# /etc/rsyslog.conf Configuration file for rsyslog. -# -# For more information see -# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html -# -# Default logging rules can be found in /etc/rsyslog.d/50-default.conf - - -################# -#### MODULES #### -################# - -$ModLoad imuxsock # provides support for local system logging - -########################### -#### GLOBAL DIRECTIVES #### -########################### - -# Filter duplicated messages -$RepeatedMsgReduction on -# -# Where to place spool and state files -# -$WorkDirectory /var/spool/rsyslog - -# Write everything to stdout -$template fmt,"%timestamp:::date-rfc3164%\n" -*.* /dev/stdout