FROM eumau/debian:buster-slim LABEL maintainer "Mauro Torrez " ARG DEBIAN_FRONTEND=noninteractive ENV LC_ALL C ENV MYDESTINATION="localhost.localdomain, localhost" ENV MYHOSTNAME=mail.example.com ENV MYDOMAIN=example.com ENV MYNETWORKS="" ENV MYNETWORKS_STYLE=class ENV VIRTUAL_ALIAS_MAPS= ENV VIRTUAL_MAILBOX_MAPS= ENV VIRTUAL_TRANSPORT=lmtp:dovecot:24 ENV VIRTUAL_MAILBOX_DOMAINS=example.com ENV SMTPD_SASL_PATH=inet:dovecot:12345 ENV SMTPD_SASL_TYPE=dovecot ENV SMTPD_SASL_AUTH_ENABLE=no ENV SMTPD_TLS_CERT_FILE=/ssl/cert.pem ENV SMTPD_TLS_KEY_FILE=/ssl/key.pem ENV SMTP_TLS_SECURITY_LEVEL=may ENV SMTPD_TLS_SECURITY_LEVEL=may ENV SMTPD_TLS_AUTH_ONLY=no ENV SMTPD_TLS_SESSION_CACHE_DATABASE="btree:\${data_directory}/smtpd_scache" ENV SMTPD_CLIENT_RESTRICTIONS="check_client_access pcre:/etc/postfix/rules/client_access_list, permit_sasl_authenticated, permit_mynetworks, reject_unknown_client_hostname, reject_unauth_pipelining, permit" ENV SMTPD_DATA_RESTRICTIONS="reject_unauth_pipelining, permit" ENV SMTPD_HELO_RESTRICTIONS="check_helo_access hash:/etc/postfix/rules/helo_access_list, permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, warn_if_reject, permit" ENV SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit" ENV SMTPD_RECIPIENT_RESTRICTIONS="check_recipient_access hash:/etc/postfix/rules/recipient_access_list, permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, permit" ENV MESSAGE_SIZE_LIMIT=31457280 ENV SMTPD_HELO_REQUIRED=yes ENV BIFF=no ENV SUBMISSION_ENABLE=no ENV POSTSCREEN_ENABLE=no ENV POSTSCREEN_ACCESS_LIST="cidr:/etc/postfix/rules/postscreen_access_list.cidr, permit_mynetworks" ENV POSTSCREEN_DNSBL_SITES="zen.spamhaus.org*3, b.barracudacentral.org*2, bl.spameatingmonkey.net*2, bl.spamcop.net, dnsbl.sorbs.net, psbl.surriel.com, bl.mailspike.net, swl.spamhaus.org*-4" ENV POSTSCREEN_DNSBL_REPLY_MAP="pcre:/etc/postfix/rules/postscreen_dnsbl_mask.pcre" ENV POSTSCREEN_BLACKLIST_ACTION="drop" ENV POSTSCREEN_DNSBL_ACTION="enforce" ENV POSTSCREEN_DNSBL_THRESHOLD="3" ENV POSTSCREEN_DNSBL_WHITELIST_THRESHOLD="-1" ENV POSTSCREEN_GREET_ACTION="enforce" ENV RELAYHOST="" ENV SMTP_SASL_AUTH_ENABLE="" ENV SMTP_SASL_PASSWORD_MAPS="" ENV SMTP_SASL_SECURITY_OPTIONS="" ENV SMTP_TLS_CAFILE="" ENV SMTP_TLS_MANDATORY_PROTOCOLS="" ENV SMTP_TLS_NOTE_STARTTLS_OFFER="" ENV SMTP_TLS_SECURITY_LEVEL="" ENV SMTP_TLS_SESSION_CACHE_DATABASE="" ENV SMTPD_MILTERS="" ENV NON_SMTPD_MILTERS="\$smtpd_milters" ENV MILTER_DEFAULT_ACTION=accept ENV INTERNAL_MAIL_FILTER_CLASSES=bounce ENV BOGOFILTER_ENABLE="yes" # TODO: template access lists RUN echo "_dev_null: /dev/null" > /etc/aliases \ && apt-get update \ && apt-get install -y --no-install-recommends \ postfix \ postfix-pcre \ postfix-ldap \ postfix-sqlite \ libsasl2-modules \ ssl-cert \ ca-certificates \ bogofilter-sqlite \ && rm -rf /var/lib/apt/lists/* \ && cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf \ && mkdir -p /etc/postfix/rules \ && touch \ /etc/postfix/rules/client_access_list \ /etc/postfix/rules/helo_access_list \ /etc/postfix/rules/recipient_access_list \ /etc/postfix/rules/postscreen_access_list.cidr \ /etc/postfix/rules/postscreen_dnsbl_mask.pcre \ && mkdir -p /ssl \ && chmod 700 /ssl \ && groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \ && mkdir -p /vmail/bogofilter && chown vmail:vmail /vmail \ && cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \ && cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \ && postconf -F \ smtp/inet/chroot=n \ pickup/unix/chroot=n \ cleanup/unix/chroot=n \ qmgr/unix/chroot=n \ tlsmgr/unix/chroot=n \ rewrite/unix/chroot=n \ bounce/unix/chroot=n \ defer/unix/chroot=n \ trace/unix/chroot=n \ verify/unix/chroot=n \ flush/unix/chroot=n \ smtp/unix/chroot=n \ relay/unix/chroot=n \ showq/unix/chroot=n \ error/unix/chroot=n \ retry/unix/chroot=n \ discard/unix/chroot=n \ lmtp/unix/chroot=n \ anvil/unix/chroot=n \ scache/unix/chroot=n ADD confd /etc/confd/ ADD postmap_all spamfilter /usr/local/bin/ VOLUME ["/ssl","/var/spool/postfix"] EXPOSE 25/tcp 587/tcp CMD ["postfix","start-fg"]