From e7cb2ced7c7012c2950f458659491de6201bb72b Mon Sep 17 00:00:00 2001 From: Deon George Date: Fri, 28 Apr 2023 15:16:31 +1000 Subject: [PATCH] Add relay support --- Dockerfile | 29 +++++++++++++++++++---------- init | 8 ++++++-- signing/KeyTable | 0 signing/SigningTable | 0 signing/TrustedHosts | 0 smtp_relay_auth.cf | 7 +++++++ smtpd.conf | 3 +++ 7 files changed, 35 insertions(+), 12 deletions(-) create mode 100644 signing/KeyTable create mode 100644 signing/SigningTable create mode 100644 signing/TrustedHosts create mode 100644 smtp_relay_auth.cf create mode 100644 smtpd.conf diff --git a/Dockerfile b/Dockerfile index 198fcd0..ad0f4fa 100644 --- a/Dockerfile +++ b/Dockerfile @@ -6,14 +6,22 @@ FROM alpine # Change to http respositories, so they we can cache the install packages RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi -RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd - -RUN apk add --no-cache postfix opendkim opendkim-utils \ - && gpasswd -a postfix opendkim +RUN apk add --no-cache postfix cyrus-sasl opendkim opendkim-utils # Config postfix -RUN sed -ie 's%#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \ - && echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf +RUN sed -ie 's%^#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \ + && sed -ie 's%^#relay_domains = %relay_domains = lmdb:/etc/postfix/custom/transport%' /etc/postfix/main.cf \ + && echo 'transport_maps = lmdb:/etc/postfix/custom/transport' >> /etc/postfix/main.cf \ + && echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf \ + && echo -n 'c210cF9zYXNsX2F1dGhfZW5hYmxlID0geWVzCnNtdHBfdGxzX3NlY3VyaXR5X2xldmVsID0gZW5j\ +cnlwdApzbXRwX3Nhc2xfcGFzc3dvcmRfbWFwcyA9IGxtZGI6L2V0Yy9wb3N0Zml4L2N1c3RvbS9z\ +YXNsX3Bhc3N3ZApzbXRwX3Nhc2xfc2VjdXJpdHlfb3B0aW9ucyA9CnNtdHBfdGxzX0NBZmlsZSA9\ +IC9ldGMvc3NsL2NlcnRzL2NhLWNlcnRpZmljYXRlcy5jcnQKc210cF91c2VfdGxzID0geWVzCiNy\ +ZWxheWhvc3QgPSAvZXRjL3Bvc3RmaXgvY3VzdG9tL3JlbGF5X2hvc3QK'|base64 -d >> /etc/postfix/main.cf + +COPY smtpd.conf /etc/sasl2/ +RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd \ + && gpasswd -a postfix opendkim # Enable DKIM RUN mkdir /run/opendkim \ @@ -27,12 +35,13 @@ b2wvcG9zdGZpeCBjaHJvb3QuCnNtdHBkX21pbHRlcnMgPSBpbmV0OjEyNy4wLjAuMTo4ODkxCiMg\ U2VuZCBtYWlsIHRoYXQgZG9lc24ndCBhcnJpdmUgZnJvbSB0aGUgbmV0d29yayB0aHJvdWdoIHRo\ ZSBzYW1lIG1pbHRlcgojIGFzIG91dGJvdW5kIG1haWwuCm5vbl9zbXRwZF9taWx0ZXJzID0gJHNt\ dHBkX21pbHRlcnMK' |base64 -d >> /etc/postfix/main.cf -COPY opendkim.conf /etc/opendkim - -VOLUME ["/var/spool/postfix"] -EXPOSE 25 +COPY opendkim.conf /etc/opendkim/ +COPY signing /etc/opendkim/signing/ COPY init /sbin/ +VOLUME ["/var/spool/postfix","/etc/postfix/custom"] +EXPOSE 25 + # Starting ENTRYPOINT [ "/sbin/init" ] diff --git a/init b/init index 13eb0e1..1b948ec 100755 --- a/init +++ b/init @@ -17,8 +17,12 @@ if [ -z "$@" ]; then exit 1 fi - #/usr/sbin/saslauthd -m /run/saslauthd -a pam - #cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD & + touch /etc/postfix/custom/relay_host + touch /etc/postfix/custom/sasl_passwd + postmap -o lmdb:/etc/postfix/custom/sasl_passwd + touch /etc/postfix/custom/transport + postmap -o lmdb:/etc/postfix/custom/transport + /usr/sbin/saslauthd -m /run/saslauthd -ca shadow newaliases postfix start /usr/sbin/opendkim -P /run/opendkim.pid -u opendkim -f diff --git a/signing/KeyTable b/signing/KeyTable new file mode 100644 index 0000000..e69de29 diff --git a/signing/SigningTable b/signing/SigningTable new file mode 100644 index 0000000..e69de29 diff --git a/signing/TrustedHosts b/signing/TrustedHosts new file mode 100644 index 0000000..e69de29 diff --git a/smtp_relay_auth.cf b/smtp_relay_auth.cf new file mode 100644 index 0000000..9a0f925 --- /dev/null +++ b/smtp_relay_auth.cf @@ -0,0 +1,7 @@ +smtp_sasl_auth_enable = yes +smtp_tls_security_level = encrypt +smtp_sasl_password_maps = lmdb:/etc/postfix/custom/sasl_passwd +smtp_sasl_security_options = +smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt +smtp_use_tls = yes +#relayhost = /etc/postfix/custom/relay_host diff --git a/smtpd.conf b/smtpd.conf new file mode 100644 index 0000000..c4161b6 --- /dev/null +++ b/smtpd.conf @@ -0,0 +1,3 @@ +/etc/sasl2/smtpd.conf: + pwcheck_method: saslauthd + mech_list: PLAIN LOGIN