From cbbb2722ec42fa38d3d3ea973c920a1abf5a2a00 Mon Sep 17 00:00:00 2001
From: Mauro Torrez <maurotorrez@gmail.com>
Date: Mon, 3 Feb 2020 11:43:49 -0300
Subject: [PATCH] relayhost settings, add ca-certificates package

---
 Dockerfile                           | 10 ++++++++++
 confd/conf.d/setup_relayhost.toml    | 15 +++++++++++++++
 confd/templates/setup_relayhost.tmpl | 13 +++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 confd/conf.d/setup_relayhost.toml
 create mode 100644 confd/templates/setup_relayhost.tmpl

diff --git a/Dockerfile b/Dockerfile
index fb2be6c..c9c4b10 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -38,6 +38,15 @@ ENV POSTSCREEN_DNSBL_ACTION="enforce"
 ENV POSTSCREEN_DNSBL_THRESHOLD="3"
 ENV POSTSCREEN_DNSBL_WHITELIST_THRESHOLD="-1"
 ENV POSTSCREEN_GREET_ACTION="enforce"
+ENV RELAYHOST=""
+ENV SMTP_SASL_AUTH_ENABLE=no
+ENV SMTP_SASL_PASSWORD_MAPS=""
+ENV SMTP_SASL_SECURITY_OPTIONS="" # default noplaintext,noanonymous
+ENV SMTP_TLS_CAFILE=""
+ENV SMTP_TLS_MANDATORY_PROTOCOLS="" # default !SSLv2,!SSLv3
+ENV SMTP_TLS_NOTE_STARTTLS_OFFER=no
+ENV SMTP_TLS_SECURITY_LEVEL=""
+ENV SMTP_TLS_SESSION_CACHE_DATABASE=""
 
 # TODO: template access lists
 
@@ -50,6 +59,7 @@ RUN echo "_dev_null: /dev/null" > /etc/aliases \
 	postfix-sqlite \
 	libsasl2-modules \
 	ssl-cert \
+	ca-certificates \
   && rm -rf /var/lib/apt/lists/* \
   && cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf \
   && mkdir -p /etc/postfix/rules \
diff --git a/confd/conf.d/setup_relayhost.toml b/confd/conf.d/setup_relayhost.toml
new file mode 100644
index 0000000..ae97d06
--- /dev/null
+++ b/confd/conf.d/setup_relayhost.toml
@@ -0,0 +1,15 @@
+[template]
+src = "setup_relayhost.tmpl"
+dest = "/start.d/setup_relayhost"
+mode = "0755"
+keys = [
+"/relayhost",
+"/smtp/sasl/auth/enable",
+"/smtp/sasl/password/maps",
+"/smtp/sasl/security/options",
+"/smtp/tls/cafile",
+"/smtp/tls/mandatory/protocols",
+"/smtp/tls/note/starttls/offer",
+"/smtp/tls/security/level",
+"/smtp/tls/session/cache/database"
+]
diff --git a/confd/templates/setup_relayhost.tmpl b/confd/templates/setup_relayhost.tmpl
new file mode 100644
index 0000000..df89e11
--- /dev/null
+++ b/confd/templates/setup_relayhost.tmpl
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# These postfix settings allow for sending all mail through a relay host.
+
+{{ with getv "/relayhost" }}postconf relayhost='{{.}}'{{ end }}
+{{ with getv "/smtp/sasl/auth/enable" }}postconf smtp_sasl_auth_enable='{{.}}'{{ end }}
+{{ with getv "/smtp/sasl/password/maps" }}postconf smtp_sasl_password_maps='{{.}}'{{ end }}
+{{ with getv "/smtp/sasl/security/options" }}postconf smtp_sasl_security_options='{{.}}'{{ end }}
+{{ with getv "/smtp/tls/cafile" }}postconf smtp_tls_CAfile='{{.}}'{{ end }}
+{{ with getv "/smtp/tls/mandatory/protocols" }}postconf smtp_tls_mandatory_protocols='{{.}}'{{ end }}
+{{ with getv "/smtp/tls/note/starttls/offer" }}postconf smtp_tls_note_starttls_offer='{{.}}'{{ end }}
+{{ with getv "/smtp/tls/security/level" }}postconf smtp_tls_security_level='{{.}}'{{ end }}
+{{ with getv "/smtp/tls/session/cache/database" }}postconf smtp_tls_session_cache_database='{{.}}'{{ end }}