Use exherbo as base image

Dockerfile

@@ -1,19 +1,31 @@
-FROM        hasufell/gentoo-amd64-paludis:latest
+FROM        hasufell/exherbo
 MAINTAINER  Julian Ospald "hasufell@posteo.de"
 
-##### PACKAGE INSTALLATION #####
 
 # copy paludis config
 COPY ./config/paludis /etc/paludis
 
-# update world with our USE flags
-RUN chgrp paludisbuild /dev/tty && \
-	cave resolve -c world -x --without sys-devel/gcc && \
-	cave resolve -c mail -x --without sys-devel/gcc && \
-	cave resolve -c tools --without sys-devel/gcc -x
 
-# update etc files... hope this doesn't screw up
+##### PACKAGE INSTALLATION #####
-RUN etc-update --automode -5
+
+# update world with our options
+RUN chgrp paludisbuild /dev/tty && \
+	eclectic env update && \
+	source /etc/profile && \
+	cave sync && \
+	cave resolve -z -1 repository/net -x && \
+	cave resolve -z -1 repository/hasufell -x && \
+	cave resolve -z -1 repository/python -x && \
+	cave resolve -z -1 repository/perl -x && \
+	cave resolve -z -1 repository/nicoo -x && \
+	cave update-world -s mail && \
+	cave resolve -ks -Sa -sa -B world -x -f --permit-old-version '*/*' && \
+	cave resolve -ks -Sa -sa -B world -x --permit-old-version '*/*' && \
+	cave purge -x && \
+	cave fix-linkage -x && \
+	rm -rf /usr/portage/distfiles/*
+
+RUN eclectic config accept-all
 
 ################################
 

LICENSE

@@ -1,21 +0,0 @@
-The MIT License (MIT)
-
-Copyright (c) 2015 Valentin Arkhipov
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.

README.md

@@ -1,34 +1,62 @@
-Dockermail
+Dockermail - Email Core
 ==========
+This image provides a secure mail server based on:
+* postfix
+* dovecot (with sieve/managesieve support)
+* spamassasin (with pyzor and razor)
 
-A secure, minimal-configuration mail service in docker containers.
+All incoming mail to your domains is accepted.
-This repository is tailored to small private servers, where you own a domain and want to host your own mail.
+For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.
 
-The setup is modular and so far has (more to come, feel free to contribute :)
+### Setup
+You will need 2 folder on your host, one to store your configuration and another one to store your email.
+In the instructions below we will use the following:
+  * `/var/lib/dockermail/settings` to store configuration
+  * `/var/lib/dockermail/vmail` to store the mail
 
-* `core` -  base SMTP and IMAP server
+Use the the example config files in `config/example` to get you started.
-* `opendkim` - adds DKIM signing service to the core
 
-Please see the README in each folder for more information on each image.
+1. Add all domains you want to receive mail for to the file `/var/lib/dockermail/settings/domains`, like this:
 
-### SPAM
+		example.org
-Although OpenDKIM is optional, I highly recommended you use it unless you want your mail to end up in someone's spam folder. See the README in `opendkim` folder for more info on setting it up.
+		example.net
 
-You should also add PTR record to your IP (aka Reverse DNS) which is done by your server provider.
+2. Add user aliases to the file `/var/lib/dockermail/settings/aliases`:
-And finally, generate and add an SPF record to your domain, search for instructions on this - there are a few generator site around and the setup steps depend on your domain name provider.
 
-### Compose
+		johndoe@example.org       john.doe@example.org
-Assuming you follow the instructions in the accompanying READMEs to set up both containers, you should just be able to run
+		john.doe@example.org      john.doe@example.org
+		admin@forum.example.org   forum-admin@example.org
+		@example.net              catch-all@example.net
 
-		docker-compose up
+	An IMAP mail account is created for each entry on the right hand side.
+	Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
 
-and it will spin up both container and link them together, easy!
+3. Add user passwords to the file `/var/lib/dockermail/settings/passwords` like this
 
+		john.doe@example.org:{PLAIN}password123
+		admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6
 
-### Coming soon
+	To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s <scheme-name>` inside, remember to restart your container if you update the settings!
-* JSON based config instead of current collection of flat files.
-* Images on DockerHub
-* Testing
 
-### TODO
+4. Change the hostname in file `/var/lib/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
-* gentoo support for opendkim
+
+5. Set the "mynetworks" variable for postfix in file `/var/lib/dockermail/settings/postfix-networks` to e.g. `127.0.0.0/8 [::1]/128` (one single line only).
+
+5. Build container
+
+		docker build -t hasufell/gentoo-dockermail .
+
+6. Run container
+
+		docker run -ti -d \
+		  --name dockermail \
+		  -p 25:25 \
+		  -p 465:465 \
+		  -p 993:993 \
+		  -p 4190:4190 \
+		  -v /var/lib/dockermail/settings:/mail_settings \
+		  -v /var/lib/dockermail/vmail:/vmail \
+		  -v <path-to-certs>:/etc/ssl/server
+		  dockermail_email_core
+
+	Note that the certificates must be named `email.crt` and `email.key`.

config/paludis/options.conf.d/mail.conf

@@ -0,0 +1,4 @@
+net-mail/dovecot caps lz4 sqlite tcpd
+mail-mta/postfix ssl
+
+dev-lang/perl berkdb dbm

config/paludis/sets/mail.conf

@@ -1,5 +1,7 @@
-* net-mail/dovecot
+* app-admin/supervisor
-* mail-mta/postfix
-* mail-filter/spamassassin
 * dev-python/pyzor
-* mail-filter/razor
+* dev-perl/razor
+* mail-filter/spamassassin
+* mail-mta/postfix
+* net-mail/dovecot
+* dev-perl/Net-IDN-Encode

core/README.md

@@ -1,62 +0,0 @@
-Dockermail - Email Core
-==========
-This image provides a secure mail server based on:
-* postfix
-* dovecot (with sieve/managesieve support)
-* spamassasin (with pyzor and razor)
-
-All incoming mail to your domains is accepted.
-For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.
-
-### Setup
-You will need 2 folder on your host, one to store your configuration and another one to store your email.
-In the instructions below we will use the following:
-  * `/var/lib/dockermail/settings` to store configuration
-  * `/var/lib/dockermail/vmail` to store the mail
-
-Use the the example config files in `config/example` to get you started.
-
-1. Add all domains you want to receive mail for to the file `/var/lib/dockermail/settings/domains`, like this:
-
-		example.org
-		example.net
-
-2. Add user aliases to the file `/var/lib/dockermail/settings/aliases`:
-
-		johndoe@example.org       john.doe@example.org
-		john.doe@example.org      john.doe@example.org
-		admin@forum.example.org   forum-admin@example.org
-		@example.net              catch-all@example.net
-
-	An IMAP mail account is created for each entry on the right hand side.
-	Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
-
-3. Add user passwords to the file `/var/lib/dockermail/settings/passwords` like this
-
-		john.doe@example.org:{PLAIN}password123
-		admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6
-
-	To get the hash values, you can either install dovecot locally or use `docker exec -it [email_core_container_name] bash` to attach to the running container (step 6) and run `doveadm pw -s <scheme-name>` inside, remember to restart your container if you update the settings!
-
-4. Change the hostname in file `/var/lib/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
-
-5. Set the "mynetworks" variable for postfix in file `/var/lib/dockermail/settings/postfix-networks` to e.g. `127.0.0.0/8 [::1]/128` (one single line only).
-
-5. Build container
-
-		docker build -t hasufell/gentoo-dockermail .
-
-6. Run container
-
-		docker run -ti -d \
-		  --name dockermail \
-		  -p 25:25 \
-		  -p 465:465 \
-		  -p 993:993 \
-		  -p 4190:4190 \
-		  -v /var/lib/dockermail/settings:/mail_settings \
-		  -v /var/lib/dockermail/vmail:/vmail \
-		  -v <path-to-certs>:/etc/ssl/server
-		  dockermail_email_core
-
-	Note that the certificates must be named `email.crt` and `email.key`.

core/config/paludis/keywords.conf.d/mail.conf

@@ -1,3 +0,0 @@
-dev-python/pyzor ~amd64
-dev-libs/cyrus-sasl ~amd64
-<mail-mta/postfix-3.2 ~amd64

core/config/paludis/sets/tools.conf

@@ -1,2 +0,0 @@
-* app-admin/supervisor
-* sys-process/htop

core/config/paludis/use.conf.d/global.conf

@@ -1 +0,0 @@
-*/* acl bash-completion ipv6 kmod openrc pcre readline unicode zlib pam ssl sasl bzip2 urandom crypt tcpd -acpi -cairo -consolekit -cups -dbus -dri -gnome -gnutls -gtk -ogg -opengl -pdf -policykit -qt3support -qt5 -qt4 -sdl -sound -systemd -truetype -vim -vim-syntax -wayland -X

core/config/paludis/use.conf.d/mail.conf

@@ -1,2 +0,0 @@
-net-mail/dovecot cydir imapc maildir managesieve mbox mdbox pam pop3c sieve sqlite
-nmail-mta/postfix dovecot-sasl mbox sasl

docker-compose.yml

@@ -1,20 +0,0 @@
-core:
-  build: ./core
-  ports:
-    - "25:25"
-    - "143:143"
-    - "587:587"
-  volumes:
-    - /opt/dockermail/settings:/mail_settings
-    - /opt/dockermail/vmail:/vmail
-  links:
-   - opendkim
-   - amavis
-opendkim:
-  build: ./opendkim
-  volumes:
-    - /opt/dockermail/settings:/mail_settings
-amavis:
-  build: ./amavis
-  volumes:
-    - /opt/dockermail/settings:/mail_settings

opendkim/Dockerfile

@@ -1,24 +0,0 @@
-FROM ubuntu:14.10
-
-ENV DEBIAN_FRONTEND noninteractive
-RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
-
-# Prerequisites
-RUN echo "#!/bin/sh\nexit 0" > /usr/sbin/policy-rc.d && \
-    apt-get update && apt-get install -y opendkim && \
-    apt-get clean && \
-    rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
-
-COPY ./config/rsyslog.conf /etc/rsyslog.conf
-
-# Nice place for your settings
-VOLUME ["/mail_settings"]
-
-# Configure boot script
-COPY boot /
-RUN chmod 755 /boot
-
-ENV OPEN_DKIM=true
-
-EXPOSE 8891
-ENTRYPOINT /boot; opendkim -p inet:8891@0.0.0.0; rsyslogd -n

opendkim/README.md

@@ -1,16 +0,0 @@
-Dockermail - OpenDKIM
-===
-Once configured and linked to the `email_core`, this image will provide DKIM singing for your mail.
-Please see http://www.opendkim.org/ for more information on OpenDKIM.
-
-### Configuration
-To get going you need to generate a key and set up your domain records, see https://help.ubuntu.com/community/Postfix/DKIM for details on doing this.
-
-This images uses settings files in an attached volume to configure the container on boot.
-You can place these in the same folder as the `email_core`'s settings for easy administration.
-
-  * `opendkim.conf`
-  You will find this file in the './config', change `Domain` to your own domain.
-
-  * `mail.private`
-  You will need to generate this private key file and use the public key in your domain's DNS setup, see the link above for details.

opendkim/boot

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-# Copy OpenDKIM config
-cp /mail_settings/opendkim.conf /etc/opendkim.conf
-cp /mail_settings/mail.private /etc/dkim.key
-chown root:root /etc/dkim.key
-chmod 600 /etc/dkim.key

opendkim/config/opendkim.conf

@@ -1,68 +0,0 @@
-# Log to syslog
-Syslog                  yes
-# Required to use local socket with MTAs that access the socket as a non-
-# privileged user (e.g. Postfix)
-#UMask                  002
-# dkim-milter (2.5.2.dfsg-1ubuntu1) hardy:
-# Disable new umask option by default (not needed since Ubuntu default
-# uses a TCP socket instead of a Unix socket).
-
-# Attempt to become the specified userid before starting operations.
-#UserID                 105 # 'id postfix' in your shell
-
-
-# Sign for example.com with key in /etc/mail/dkim.key using
-# selector '2007' (e.g. 2007._domainkey.example.com)
-Domain                  example.com
-KeyFile                 /etc/dkim.key
-Selector                mail
-
-# Common settings. See dkim-filter.conf(5) for more information.
-AutoRestart             yes
-Background              yes
-Canonicalization        relaxed/relaxed
-DNSTimeout              5
-Mode                    sv
-SignatureAlgorithm      rsa-sha256
-SubDomains              no
-#UseASPDiscard          no
-#Version                rfc4871
-X-Header                no
-
-#InternalHosts          /etc/mail/dkim-InternalHosts.txt
-# The contents of /etc/mail/dkim-InternalHosts.txt should be
-#   127.0.0.1/8
-#   192.168.1.0/24
-#   other.internal.host.domain.tld
-# You need InternalHosts if you are signing e-mails on a gateway mail server
-# for each of the computers on your LAN.
-
-
-###############################################
-# Other (less-standard) configuration options #
-###############################################
-#
-# If enabled, log verification stats here
-Statistics              /var/log/dkim-filter/dkim-stats
-#
-# KeyList is a file containing tuples of key information. Requires
-# KeyFile to be unset. Each line of the file should be of the format:
-#    sender glob:signing domain:signing key file
-# Blank lines and lines beginning with # are ignored. Selector will be
-# derived from the key's filename.
-#KeyList                /etc/dkim-keys.conf
-#
-# If enabled, will generate verification failure reports for any messages
-# that fail signature verification. These will be sent to the r= address
-# in the policy record, if any.
-#ReportInfo             yes
-#
-# If enabled, will issue a Sendmail QUARANTINE for any messages that fail
-# signature verification, allowing them to be inspected later.
-#Quarantine             yes
-#
-# If enabled, will check for required headers when processing messages.
-# At a minimum, that means From: and Date: will be required. Messages not
-# containing the required headers will not be signed or verified, but will
-# be passed through
-#RequiredHeaders        yes

opendkim/config/rsyslog.conf

@@ -1,28 +0,0 @@
-#  /etc/rsyslog.conf    Configuration file for rsyslog.
-#
-#                       For more information see
-#                       /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
-#
-#  Default logging rules can be found in /etc/rsyslog.d/50-default.conf
-
-
-#################
-#### MODULES ####
-#################
-
-$ModLoad imuxsock # provides support for local system logging
-
-###########################
-#### GLOBAL DIRECTIVES ####
-###########################
-
-# Filter duplicated messages
-$RepeatedMsgReduction on
-#
-# Where to place spool and state files
-#
-$WorkDirectory /var/spool/rsyslog
-
-# Write everything to stdout
-$template fmt,"%timestamp:::date-rfc3164%\n"
-*.* /dev/stdout