-
Notifications
You must be signed in to change notification settings - Fork 0
/
Dockerfile.mta
174 lines (150 loc) · 8.08 KB
/
Dockerfile.mta
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
# Use the official Ubuntu base image
FROM ubuntu:latest
# Update the package list and install Postfix
RUN apt update
RUN apt install -y postfix \
rsyslog \
mailutils libsasl2-2 ca-certificates libsasl2-modules sasl2-bin \
opendkim opendkim-tools
RUN apt clean
# Configure master.cf
RUN echo "submission inet n - y - - smtpd" >> /etc/postfix/master.cf
# Client to this server (Postfix with Dovecot) authentication
RUN postconf -e 'smtpd_sasl_type = dovecot' && \
postconf -e 'smtpd_sasl_path = inet:172.20.0.3:12345' && \
postconf -e 'smtpd_tls_auth_only = yes' && \
postconf -e 'smtpd_use_tls = no' && \
postconf -e 'smtpd_sasl_auth_enable = yes' && \
postconf -e 'smtpd_tls_security_level = may' && \
postconf -e 'smtpd_tls_received_header = yes' && \
postconf -e 'smtp_sasl_security_options = noanonymous' && \
postconf -e 'smtpd_sasl_security_options = noanonymous' && \
postconf -e 'smtp_sasl_tls_security_options = noanonymous' && \
postconf -e 'smtpd_sasl_tls_security_options = noanonymous' && \
postconf -e 'smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination'
# External Relay Configuration
COPY ./sasl_passwd /etc/postfix/sasl_passwd
RUN postmap /etc/postfix/sasl_passwd && \
chmod 0600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
RUN echo '[smtp.gmail.com]:587 encrypt' > /etc/postfix/tls_policy && \
postmap /etc/postfix/tls_policy && \
chown root:root /etc/postfix/tls_policy /etc/postfix/tls_policy.db && \
chmod 640 /etc/postfix/tls_policy /etc/postfix/tls_policy.db
# Certificates
RUN mkdir -p /ssl
COPY ./ssl/certificate.crt /ssl/certificate.crt
COPY ./ssl/private.key /ssl/private.key
RUN chown root:root /ssl/certificate.crt /ssl/private.key && chmod 644 /ssl/certificate.crt /ssl/private.key
# SASL SMTPD worthy mechanisms
RUN echo 'pwcheck_method: saslauthd' >> /etc/postfix/sasl/smtpd.conf && \
echo 'allow_plaintext: true' >> /etc/postfix/sasl/smtpd.conf && \
echo 'mech_list: plain login' >> /etc/postfix/sasl/smtpd.conf
# This server to Gmail SMTP
RUN postconf -e 'relayhost = [smtp.gmail.com]:587' && \
postconf -e 'relay_transport = relay' && \
postconf -e 'relay_destination_concurrency_limit = 1' && \
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd' && \
postconf -e 'smtp_sasl_auth_enable = yes' && \
postconf -e 'smtpd_tls_cert_file = /ssl/certificate.crt' && \
postconf -e 'smtpd_tls_key_file = /ssl/private.key' && \
postconf -e 'smtp_sasl_auth_enable = yes' && \
postconf -e 'smtp_tls_note_starttls_offer = yes' && \
postconf -e 'tls_random_source = dev:/dev/urandom' && \
postconf -e 'smtp_tls_security_level = may' && \
postconf -e 'smtp_tls_policy_maps = hash:/etc/postfix/tls_policy' && \
# postconf -e 'smtp_tls_wrappermode = no' && \
# postconf -e 'smtp_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1' && \
# postconf -e 'smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1' && \
postconf -e 'smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt' && \
postconf -e 'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache' && \
postconf -e 'smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache' && \
postconf -e 'smtp_connection_cache_destinations = smtp.gmail.com' && \
postconf -e 'debug_peer_list = smtp.gmail.com' && \
# postconf -e 'smtp_sasl_mechanism_filter = !gssapi, !login, static:all' && \
# postconf -e 'smtpd_sasl_mechanism_filter = !gssapi, !login, static:all'
postconf -e 'smtp_sasl_mechanism_filter = plain, login, cram-md5, digest-md5' && \
postconf -e 'smtpd_sasl_mechanism_filter = plain, login, cram-md5, digest-md5'
# SMTP service
RUN postconf -e 'inet_interfaces = all' && \
postconf -e 'inet_protocols = ipv4' && \
postconf -e 'debugger_command = PATH=/bin:/usr/bin:/usr/local/bin; export PATH; (echo cont; echo where) | gdb $daemon_directory/$process_name $process_id 2>&1 | tee /var/log/postfix-debug.log | mail -s "Postfix debug log for process: $process_name" webmaster@localhost' && \
postconf -e 'myhostname = localhost' && \
postconf -e 'smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)' && \
postconf -e 'biff = no' && \
postconf -e 'append_dot_mydomain = no' && \
postconf -e 'readme_directory = no' && \
postconf -e 'mydestination = $myhostname, localhost.$mydomain, localhost, gordarg.com, www.gordarg.com, staff.gordarg.com, third-party.gordarg.com, tyyi.net, 0pt.ir, mbatalks.ir' && \
postconf -e 'recipient_delimiter = +' && \
postconf -e 'maillog_file = /var/log/postfix.log' && \
postconf -e 'smtp_tls_loglevel = 2' && \
postconf -e 'smtpd_tls_loglevel = 2' && \
postconf -e 'debug_peer_level = 3' && \
postconf -e 'syslog_name = postfix/submission'
# Configure OpenDKIM
RUN mkdir -p /etc/opendkim/keys && \
chown -R root:root /etc/opendkim && \
echo "Syslog yes" >> /etc/opendkim.conf && \
echo "UMask 002" >> /etc/opendkim.conf && \
echo "Canonicalization relaxed/simple" >> /etc/opendkim.conf && \
echo "Mode sv" >> /etc/opendkim.conf && \
echo "SubDomains no" >> /etc/opendkim.conf && \
echo "AutoRestart yes" >> /etc/opendkim.conf && \
echo "AutoRestartRate 10/1h" >> /etc/opendkim.conf && \
echo "Background yes" >> /etc/opendkim.conf && \
echo "DNSTimeout 5" >> /etc/opendkim.conf && \
echo "SignatureAlgorithm rsa-sha256" >> /etc/opendkim.conf && \
echo "Socket inet:8891@localhost" >> /etc/opendkim.conf && \
echo "PidFile /var/run/opendkim/opendkim.pid" >> /etc/opendkim.conf && \
echo "UserID root:root" >> /etc/opendkim.conf && \
echo "KeyTable /etc/opendkim/KeyTable" >> /etc/opendkim.conf && \
echo "SigningTable /etc/opendkim/SigningTable" >> /etc/opendkim.conf && \
echo "ExternalIgnoreList refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf && \
echo "InternalHosts refile:/etc/opendkim/TrustedHosts" >> /etc/opendkim.conf
# Move DKIM keys
COPY ./dkim/gordarg.com.private /etc/opendkim/keys/gordarg.com.private
COPY ./dkim/gordarg.com.txt /etc/opendkim/keys/gordarg.com.txt
RUN chown -R root:root /etc/opendkim/keys && chmod 644 -R /etc/opendkim/keys
# Configure KeyTable, SigningTable, and TrustedHosts
RUN echo "default._domainkey.gordarg.com gordarg.com:default:/etc/opendkim/keys/gordarg.com.private" >> /etc/opendkim/KeyTable && \
echo "*@gordarg.com default._domainkey.gordarg.com" >> /etc/opendkim/SigningTable && \
echo "127.0.0.1" >> /etc/opendkim/TrustedHosts && \
echo "localhost" >> /etc/opendkim/TrustedHosts && \
echo "*.gordarg.com" >> /etc/opendkim/TrustedHosts
# Configure Postfix to use OpenDKIM
RUN postconf -e 'milter_protocol = 6' && \
postconf -e 'milter_default_action = accept' && \
postconf -e 'smtpd_milters = inet:localhost:8891' && \
postconf -e 'non_smtpd_milters = inet:localhost:8891'
# Configure rsyslog to capture Postfix logs
RUN echo "mail.* -/var/log/mail.log" >> /etc/rsyslog.conf
RUN touch /var/log/postfix.log
## Copy the save_email.sh script into the container
COPY save_email.sh /usr/local/bin/save_email.sh
RUN chmod +x /usr/local/bin/save_email.sh
# Configure Postfix to use the script for all incoming emails
RUN echo "@gordarg.com vmail" >> /etc/postfix/virtual && \
echo "@tyyi.net vmail" >> /etc/postfix/virtual && \
echo "@0pt.ir vmail" >> /etc/postfix/virtual && \
postmap /etc/postfix/virtual && \
postconf -e 'virtual_alias_maps = hash:/etc/postfix/virtual' && \
postconf -e 'virtual_transport = local' && \
newaliases
# Expose the SMTP port
EXPOSE 25 587
# DNS issues
RUN cp /etc/resolv.conf /var/spool/postfix/etc/resolv.conf
## Set user
ARG UNAME=vmail
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID -o $UNAME && \
useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME && \
usermod -aG root vmail
USER root
# Configure users and sasl
RUN echo "START=yes" >> /etc/default/saslauthd
RUN service saslauthd restart
# Reload configurations
RUN service postfix restart
# Start Postfix
CMD ["sh", "-c", "postfix start-fg & tail -f /var/log/postfix.log"]