117 lines
4.4 KiB
Docker
117 lines
4.4 KiB
Docker
FROM eumau/debian:buster-slim
|
|
LABEL maintainer "Mauro Torrez <mauro@mau.ro>"
|
|
ARG DEBIAN_FRONTEND=noninteractive
|
|
ENV LC_ALL C
|
|
|
|
ENV MYDESTINATION="localhost.localdomain, localhost"
|
|
ENV MYHOSTNAME=mail.example.com
|
|
ENV MYDOMAIN=example.com
|
|
ENV MYNETWORKS=""
|
|
ENV MYNETWORKS_STYLE=class
|
|
ENV VIRTUAL_ALIAS_MAPS=
|
|
ENV VIRTUAL_MAILBOX_MAPS=
|
|
ENV VIRTUAL_TRANSPORT=lmtp:dovecot:24
|
|
ENV VIRTUAL_MAILBOX_DOMAINS=example.com
|
|
ENV SMTPD_SASL_PATH=inet:dovecot:12345
|
|
ENV SMTPD_SASL_TYPE=dovecot
|
|
ENV SMTPD_SASL_AUTH_ENABLE=no
|
|
ENV SMTPD_TLS_CERT_FILE=/ssl/cert.pem
|
|
ENV SMTPD_TLS_KEY_FILE=/ssl/key.pem
|
|
ENV SMTP_TLS_SECURITY_LEVEL=may
|
|
ENV SMTPD_TLS_SECURITY_LEVEL=may
|
|
ENV SMTPD_TLS_AUTH_ONLY=no
|
|
ENV SMTPD_TLS_SESSION_CACHE_DATABASE="btree:\${data_directory}/smtpd_scache"
|
|
ENV SMTPD_CLIENT_RESTRICTIONS="check_client_access pcre:/etc/postfix/rules/client_access_list, permit_sasl_authenticated, permit_mynetworks, reject_unknown_client_hostname, reject_unauth_pipelining, permit"
|
|
ENV SMTPD_DATA_RESTRICTIONS="reject_unauth_pipelining, permit"
|
|
ENV SMTPD_HELO_RESTRICTIONS="check_helo_access hash:/etc/postfix/rules/helo_access_list, permit_mynetworks, reject_non_fqdn_helo_hostname, reject_invalid_helo_hostname, warn_if_reject, permit"
|
|
ENV SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination, permit"
|
|
ENV SMTPD_RECIPIENT_RESTRICTIONS="check_recipient_access hash:/etc/postfix/rules/recipient_access_list, permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_non_fqdn_recipient, reject_unauth_destination, permit"
|
|
ENV MESSAGE_SIZE_LIMIT=31457280
|
|
ENV SMTPD_HELO_REQUIRED=yes
|
|
ENV BIFF=no
|
|
ENV SUBMISSION_ENABLE=no
|
|
ENV POSTSCREEN_ENABLE=no
|
|
ENV POSTSCREEN_ACCESS_LIST="cidr:/etc/postfix/rules/postscreen_access_list.cidr, permit_mynetworks"
|
|
ENV POSTSCREEN_DNSBL_SITES="zen.spamhaus.org*3, b.barracudacentral.org*2, bl.spameatingmonkey.net*2, bl.spamcop.net, dnsbl.sorbs.net, psbl.surriel.com, bl.mailspike.net, swl.spamhaus.org*-4"
|
|
ENV POSTSCREEN_DNSBL_REPLY_MAP="pcre:/etc/postfix/rules/postscreen_dnsbl_mask.pcre"
|
|
ENV POSTSCREEN_BLACKLIST_ACTION="drop"
|
|
ENV POSTSCREEN_DNSBL_ACTION="enforce"
|
|
ENV POSTSCREEN_DNSBL_THRESHOLD="3"
|
|
ENV POSTSCREEN_DNSBL_WHITELIST_THRESHOLD="-1"
|
|
ENV POSTSCREEN_GREET_ACTION="enforce"
|
|
ENV RELAYHOST=""
|
|
ENV SMTP_FALLBACK_RELAY=""
|
|
ENV SMTP_SASL_AUTH_ENABLE=""
|
|
ENV SMTP_SASL_PASSWORD_MAPS=""
|
|
ENV SMTP_SASL_SECURITY_OPTIONS=""
|
|
ENV SMTP_TLS_CAFILE=""
|
|
ENV SMTP_TLS_MANDATORY_PROTOCOLS=""
|
|
ENV SMTP_TLS_NOTE_STARTTLS_OFFER=""
|
|
ENV SMTP_TLS_SECURITY_LEVEL=""
|
|
ENV SMTP_TLS_SESSION_CACHE_DATABASE=""
|
|
ENV SMTPD_MILTERS=""
|
|
ENV NON_SMTPD_MILTERS="\$smtpd_milters"
|
|
ENV MILTER_DEFAULT_ACTION=accept
|
|
ENV INTERNAL_MAIL_FILTER_CLASSES=bounce
|
|
ENV BOGOFILTER_ENABLE="yes"
|
|
ENV BOGOFILTER_HAM_CUTOFF="0.499999"
|
|
ENV BOGOFILTER_SPAM_CUTOFF="0.499999"
|
|
|
|
# TODO: template access lists
|
|
|
|
RUN echo "_dev_null: /dev/null" > /etc/aliases \
|
|
&& apt-get update \
|
|
&& apt-get install -y --no-install-recommends \
|
|
postfix \
|
|
postfix-pcre \
|
|
postfix-ldap \
|
|
postfix-sqlite \
|
|
libsasl2-modules \
|
|
ssl-cert \
|
|
ca-certificates \
|
|
bogofilter-sqlite \
|
|
&& rm -rf /var/lib/apt/lists/* \
|
|
&& cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf \
|
|
&& mkdir -p /etc/postfix/rules \
|
|
&& touch \
|
|
/etc/postfix/rules/client_access_list \
|
|
/etc/postfix/rules/helo_access_list \
|
|
/etc/postfix/rules/recipient_access_list \
|
|
/etc/postfix/rules/postscreen_access_list.cidr \
|
|
/etc/postfix/rules/postscreen_dnsbl_mask.pcre \
|
|
&& mkdir -p /ssl \
|
|
&& chmod 700 /ssl \
|
|
&& groupadd -g 5000 vmail && useradd -g vmail -u 5000 vmail -d /vmail \
|
|
&& mkdir -p /vmail/bogofilter && chown vmail:vmail /vmail \
|
|
&& cp /etc/ssl/certs/ssl-cert-snakeoil.pem /ssl/cert.pem \
|
|
&& cp /etc/ssl/private/ssl-cert-snakeoil.key /ssl/key.pem \
|
|
&& postconf -F \
|
|
smtp/inet/chroot=n \
|
|
pickup/unix/chroot=n \
|
|
cleanup/unix/chroot=n \
|
|
qmgr/unix/chroot=n \
|
|
tlsmgr/unix/chroot=n \
|
|
rewrite/unix/chroot=n \
|
|
bounce/unix/chroot=n \
|
|
defer/unix/chroot=n \
|
|
trace/unix/chroot=n \
|
|
verify/unix/chroot=n \
|
|
flush/unix/chroot=n \
|
|
smtp/unix/chroot=n \
|
|
relay/unix/chroot=n \
|
|
showq/unix/chroot=n \
|
|
error/unix/chroot=n \
|
|
retry/unix/chroot=n \
|
|
discard/unix/chroot=n \
|
|
lmtp/unix/chroot=n \
|
|
anvil/unix/chroot=n \
|
|
scache/unix/chroot=n
|
|
|
|
ADD confd /etc/confd/
|
|
ADD postmap_all /usr/local/bin/
|
|
|
|
VOLUME ["/ssl","/var/spool/postfix"]
|
|
EXPOSE 25/tcp 587/tcp
|
|
|
|
CMD ["postfix","start-fg"]
|