Skip to content
Snippets Groups Projects
Commit b98844f4 authored by Alexander Drummer's avatar Alexander Drummer
Browse files

openDkim working

parent 925d96b0
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Dockerfile
+ 2
1
View file @ b98844f4
...@@ -16,7 +16,7 @@ ENV DEBCONF_NONINTERACTIVE_SEEN true ...@@ -16,7 +16,7 @@ ENV DEBCONF_NONINTERACTIVE_SEEN true
RUN apt-get update && apt-get -y upgrade RUN apt-get update && apt-get -y upgrade
RUN apt-get install -y mailman apache2 postfix-policyd-spf-python opendkim opendkim-tools rsyslog supervisor RUN apt-get install -y mailman apache2 postfix-policyd-spf-python opendkim opendkim-tools rsyslog supervisor tcpdump telnet
RUN adduser postfix opendkim RUN adduser postfix opendkim
...@@ -43,6 +43,7 @@ VOLUME /var/log/apache2 ...@@ -43,6 +43,7 @@ VOLUME /var/log/apache2
VOLUME /var/lib/mailman/archives VOLUME /var/lib/mailman/archives
VOLUME /var/lib/mailman/lists VOLUME /var/lib/mailman/lists
VOLUME /etc/dkimkeys VOLUME /etc/dkimkeys
VOLUME /etc/postfix/certs
EXPOSE 25 80 EXPOSE 25 80
......
start.sh
+ 104
43
View file @ b98844f4
#!/bin/bash #!/bin/bash
if [ $DEBUG_CONTAINER == 'true' ]; then if [ $DEBUG_CONTAINER == 'true' ]; then
outfile='/dev/console' outfile='/dev/console'
else else
outfile='/dev/null' outfile='/dev/null'
fi fi
mailmancfg='/etc/mailman/mm_cfg.py' mailmancfg='/etc/mailman/mm_cfg.py'
cat << EOB cat << EOB
...@@ -24,42 +22,82 @@ echo -n "Set rights on rundir..." ...@@ -24,42 +22,82 @@ echo -n "Set rights on rundir..."
groupadd list groupadd list
mkdir /var/run/mailman mkdir /var/run/mailman
chown list:list /var/run/mailman chown list:list /var/run/mailman
#chmod o+rw /var/run/mailman
} &>$outfile } &>$outfile
echo ' Done.' echo ' Done.'
################### START DKIM #################
echo -n "Setting up DKIM..." echo -n "Setting up DKIM..."
{ {
if [ ! -f /etc/dkimkeys/${DKIM_SELECTOR}.private ]; then if [ ! -f /etc/dkimkeys/${DKIM_SELECTOR}.private ]; then
opendkim-genkey -t -D /etc/dkimkeys -d ${EMAIL_FQDN} -s ${DKIM_SELECTOR} -b 1024 opendkim-genkey -t -D /etc/dkimkeys -d ${EMAIL_FQDN} -s ${DKIM_SELECTOR} -b 1024
sleep 5 sleep 5
chmod 660 /etc/dkimkeys/${DKIM_SELECTOR}.private chmod 600 /etc/dkimkeys/${DKIM_SELECTOR}.private
chown root:opendkim /etc/dkimkeys/${DKIM_SELECTOR}.private chown opendkim:opendkim /etc/dkimkeys/${DKIM_SELECTOR}.private
fi fi
} &>$outfile } &>$outfile
echo ' Done.' echo ' Done.'
if [ -f /etc/dkimkeys/${DKIM_SELECTOR}.private ]; then
chmod 600 /etc/dkimkeys/${DKIM_SELECTOR}.private
chown opendkim:opendkim /etc/dkimkeys/${DKIM_SELECTOR}.private
fi
gpasswd -a postfix opendkim
# /etc/postfix/main.cf
postconf -e milter_protocol=6
postconf -e milter_default_action=accept
postconf -e smtpd_milters=local:/opendkim/opendkim.sock
postconf -e non_smtpd_milters=local:/opendkim/opendkim.sock
# empty opendkim
cat > /etc/opendkim.cfg
cat >> /etc/opendkim.conf <<EOF
AutoRestart Yes
AutoRestartRate 10/1h
UMask 002
Syslog yes
SyslogSuccess Yes
LogWhy Yes
Canonicalization relaxed/simple
Mode sv
SignatureAlgorithm rsa-sha256
UserID opendkim:opendkim
Socket local:/var/spool/postfix/opendkim/opendkim.sock
DNSTimeout 5
OversignHeaders From
EOF
echo "Domain ${EMAIL_FQDN}" >> /etc/opendkim.conf
echo "KeyFile /etc/dkimkeys/${DKIM_SELECTOR}.private" >> /etc/opendkim.conf
echo "Selector ${DKIM_SELECTOR}" >> /etc/opendkim.conf
# Fill debconf files with proper runtime values: /bin/sed -i "s/PIDFile=\/run\/opendkim\/opendkim.pid/#PIDFILE/" /lib/systemd/system/opendkim.service
if [ $LIST_LANGUAGE_CODE != "en" ]; then
/bin/sed -i "s/default_server_language\ select\ en\ (English)/default_server_language\ select\ ${LIST_LANGUAGE_CODE}\ (${LIST_LANGUAGE_NAME})/" /mailman-config.cfg
/bin/sed -i "/^mailman mailman\/site_languages/ s/$/\,\ ${LIST_LANGUAGE_CODE}\ \(${LIST_LANGUAGE_NAME}\)/" /mailman-config.cfg
fi
# Replace default hostnames with runtime values: /bin/sed -i "s/#RUNDIR=\/var\/spool\/postfix\/run\/opendkim/RUNDIR=\/var\/spool\/postfix\/opendkim/" /etc/default/opendkim
/bin/sed -i "s/lists\.example\.com/${URL_FQDN}/" /etc/apache2/sites-available/mailman.conf /bin/sed -i "s/RUNDIR=\/run\/opendkim/#/" /etc/default/opendkim
/bin/sed -i "s/DEFAULT_EMAIL_HOST.*\=.*/DEFAULT_EMAIL_HOST\ \=\ \'${EMAIL_FQDN}\'/" $mailmancfg
/bin/sed -i "s/DEFAULT_URL_HOST.*\=.*/DEFAULT_URL_HOST\ \=\ \'${URL_FQDN}\'/" $mailmancfg
/bin/sed -i "s/DEFAULT_SERVER_LANGUAGE.*\=.*/DEFAULT_SERVER_LANGUAGE\ \=\ \'${LIST_LANGUAGE_CODE}\'/" $mailmancfg
################### END DKIM #################
################### POSTFIX ###############
############## from https://github.com/catatnight/docker-postfix/blob/master/assets/install.sh
# main.cf
# postfix main.cfg
postconf -e "myhostname=${EMAIL_FQDN}"
postconf -e "alias_maps= hash:/etc/aliases, hash:/var/lib/mailman/data/aliases"
postconf -e "mydomain=${EMAIL_FQDN}"
postconf -e "myorigin=${EMAIL_FQDN}"
postconf -e "mynetworks_style = host"
postconf -e smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated,reject_unauth_destination,check_policy_service unix:private/policyd-spf
postconf -e policyd-spf_time_limit=3600
# without tls
postconf -e "smtp_tls_security_level=none"
# master - remove ubuntu default python script
# /etc/postfix/master.cf
/bin/sed -i "s/#tlsproxy\ unix\ -\ -\ y\ -\ 0\ tlsproxy/tlsproxy\ unix\ -\ -\ y\ -\ 0\ tlsproxy/" /etc/postfix/master.cf
/bin/sed -i "s/mailman\ unix\ -\ n\ n\ -\ -\ pipe/#/" /etc/postfix/master.cf
/bin/sed -i "s/\ flags=FR\ user=list\ argv=\/usr\/lib\/mailman\/bin\/postfix-to-mailman.py/#/" /etc/postfix/master.cf
/bin/sed -i "s/\ \${nexthop}\ \${user}//" /etc/postfix/master.cf
# SPF # SPF
# https://rigacci.org/wiki/doku.php/doc/appunti/linux/sa/postfix_spf_check # https://rigacci.org/wiki/doku.php/doc/appunti/linux/sa/postfix_spf_check
...@@ -68,34 +106,38 @@ echo "policyd-spf unix - n n - 0 spawn" >> /etc/ ...@@ -68,34 +106,38 @@ echo "policyd-spf unix - n n - 0 spawn" >> /etc/
echo " user=policyd-spf argv=/usr/bin/policyd-spf" >> /etc/postfix/master.cf echo " user=policyd-spf argv=/usr/bin/policyd-spf" >> /etc/postfix/master.cf
###########
# Enable TLS
###########
#if [[ -n "$(find /etc/postfix/certs -iname *.crt)" && -n "$(find /etc/postfix/certs -iname *.key)" ]]; then
if [[ -n "$(find /etc/postfix/certs -iname *.pem)" ]]; then
# /etc/postfix/main.cf
postconf -e "tls_medium_cipherlist = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES256-SHA256:AES256-GCM-SHA384"
# postfix main.cfg # postconf -e "smtp_tls_security_level=may"
#myhostname = localhost
/bin/sed -i "s/myhostname\ =\ localhost/myhostname\ =\ ${EMAIL_FQDN}/" /etc/postfix/main.cf
/bin/sed -i "s/alias_maps\ =\ hash:\/etc\/aliases/alias_maps\ =\ hash:\/etc\/aliases,\ hash:\/var\/lib\/mailman\/data\/aliases/" /etc/postfix/main.cf
echo "mydomain = ${EMAIL_FQDN}" >> /etc/postfix/main.cf postconf -e smtpd_tls_cert_file=$(find /etc/postfix/certs -iname *.pem)
echo "myorigin = ${EMAIL_FQDN}" >> /etc/postfix/main.cf postconf -e smtpd_tls_key_file=$(find /etc/postfix/certs -iname *.pem)
echo "mynetworks_style = host" >> /etc/postfix/main.cf
#echo "milter_protocol = 2" >> /etc/postfix/main.cf postconf -e smtp_tls_key_file = /etc/postfix/certs -iname *.pem
#echo "milter_default_action = accept" >> /etc/postfix/main.cf postconf -e smtp_tls_cert_file = /etc/postfix/certs -iname *.pem
#echo "smtpd_milters = inet:localhost:8891" >> /etc/postfix/main.cf
#echo "non_smtpd_milters = inet:localhost:8891" >> /etc/postfix/main.cf
chmod 400 /etc/postfix/certs/*.*
# /etc/postfix/master.cf
# postconf -M submission/inet="submission inet n - n - - smtpd"
# postconf -P "submission/inet/syslog_name=postfix/submission"
# postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
# postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
# postconf -P "submission/inet/milter_macro_daemon_name=ORIGINATING"
# postconf -P "submission/inet/smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination"
# /etc/postfix/master.cf
#/bin/sed -i "s/#tlsproxy\ unix\ -\ -\ y\ -\ 0\ tlsproxy/tlsproxy\ unix\ -\ -\ y\ -\ 0\ tlsproxy/" /etc/postfix/master.cf
fi
##### DKIM
#/bin/sed -i "s/#SOCKET=inet:12345@localhost/SOCKET=inet:8891@localhost/" /etc/default/opendkim
#/bin/sed -i "s/SOCKET=local:$RUNDIR/opendkim.sock/#SOCKET=local:$RUNDIR/opendkim.sock/" /etc/default/opendkim
##/bin/sed -i "s/Socket\ local:\/run\/opendkim\/opendkim.sock/SOCKET=inet:8891@localhost/" /etc/default/opendkim
#/bin/sed -i "s/Socket\ local:\/run\/opendkim\/opendkim.sock/Socket\ inet:8891@localhost/" /etc/opendkim.conf ################### MAILMAN ###############
echo "Domain ${EMAIL_FQDN}" >> /etc/opendkim.conf
echo "KeyFile /etc/dkimkeys/${DKIM_SELECTOR}.private" >> /etc/opendkim.conf
echo "Selector ${DKIM_SELECTOR}" >> /etc/opendkim.conf
# Add some directives to Mailman config: # Add some directives to Mailman config:
echo 'MTA = "Postfix"' >> $mailmancfg echo 'MTA = "Postfix"' >> $mailmancfg
...@@ -105,6 +147,24 @@ echo 'MAX_DELIVERY_THREADS = 0' >> $mailmancfg ...@@ -105,6 +147,24 @@ echo 'MAX_DELIVERY_THREADS = 0' >> $mailmancfg
echo 'SMTPHOST = "localhost"' >> $mailmancfg echo 'SMTPHOST = "localhost"' >> $mailmancfg
echo 'SMTPPORT = 0' >> $mailmancfg echo 'SMTPPORT = 0' >> $mailmancfg
# Fill debconf files with proper runtime values:
if [ $LIST_LANGUAGE_CODE != "en" ]; then
/bin/sed -i "s/default_server_language\ select\ en\ (English)/default_server_language\ select\ ${LIST_LANGUAGE_CODE}\ (${LIST_LANGUAGE_NAME})/" /mailman-config.cfg
/bin/sed -i "/^mailman mailman\/site_languages/ s/$/\,\ ${LIST_LANGUAGE_CODE}\ \(${LIST_LANGUAGE_NAME}\)/" /mailman-config.cfg
fi
# Replace default hostnames with runtime values:
/bin/sed -i "s/lists\.example\.com/${URL_FQDN}/" /etc/apache2/sites-available/mailman.conf
/bin/sed -i "s/DEFAULT_EMAIL_HOST.*\=.*/DEFAULT_EMAIL_HOST\ \=\ \'${EMAIL_FQDN}\'/" $mailmancfg
/bin/sed -i "s/DEFAULT_URL_HOST.*\=.*/DEFAULT_URL_HOST\ \=\ \'${URL_FQDN}\'/" $mailmancfg
/bin/sed -i "s/DEFAULT_SERVER_LANGUAGE.*\=.*/DEFAULT_SERVER_LANGUAGE\ \=\ \'${LIST_LANGUAGE_CODE}\'/" $mailmancfg
# master - remove ubuntu default python script
/bin/sed -i "s/mailman\ unix\ -\ n\ n\ -\ -\ pipe/#/" /etc/postfix/master.cf
/bin/sed -i "s/\ flags=FR\ user=list\ argv=\/usr\/lib\/mailman\/bin\/postfix-to-mailman.py/#/" /etc/postfix/master.cf
/bin/sed -i "s/\ \${nexthop}\ \${user}//" /etc/postfix/master.cf
# remove mm_cfg.pyc, to ensure the new values are picked up # remove mm_cfg.pyc, to ensure the new values are picked up
rm -f "${mailmancfg}c" rm -f "${mailmancfg}c"
rm -f "/var/lib/mailman/Mailman/mm_cfg.pyc" rm -f "/var/lib/mailman/Mailman/mm_cfg.pyc"
...@@ -125,8 +185,6 @@ fi ...@@ -125,8 +185,6 @@ fi
} }
echo ' Done.' echo ' Done.'
# Addaliases and update them: # Addaliases and update them:
cat << EOA >> /etc/aliases cat << EOA >> /etc/aliases
mailman: "|/var/lib/mailman/mail/mailman post mailman" mailman: "|/var/lib/mailman/mail/mailman post mailman"
...@@ -143,6 +201,9 @@ EOA ...@@ -143,6 +201,9 @@ EOA
chown root:root /etc/aliases chown root:root /etc/aliases
/usr/bin/newaliases /usr/bin/newaliases
################### END MAILMAN ###############
echo -n "Setting up Apache web server..." echo -n "Setting up Apache web server..."
{ {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment