diff --git a/Dockerfile b/Dockerfile index a5a6057..0f60316 100755 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,13 @@ -FROM docker.sendgrid.net/sendgrid/dev_pl +FROM docker.sendgrid.net/sendgrid/dev -RUN yum install postfix +RUN yum install -y postfix + +WORKDIR /opt/sendgrid/postfix ADD master.cf /etc/postfix/master.cf -ADD aliases.erb /etc/aliases -ADD main.cf.erb /etc/postfix/main.cf -ADD sg_mail.erb /etc/logrotate.d/sg_mail -ADD mailname.erb /etc/mailname +ADD aliases /etc/aliases +ADD main.cf /etc/postfix/main.cf +ADD sg_mail /etc/logrotate.d/sg_mail +ADD mailname /etc/mailname -RUN service postfix restart +#RUN service postfix start diff --git a/aliases.erb b/aliases similarity index 100% rename from aliases.erb rename to aliases diff --git a/mailname b/mailname new file mode 100755 index 0000000..1799947 --- /dev/null +++ b/mailname @@ -0,0 +1 @@ +mxpostfix.docker diff --git a/mailname.erb b/mailname.erb deleted file mode 100755 index d3c0d8d..0000000 --- a/mailname.erb +++ /dev/null @@ -1 +0,0 @@ -<%= node.fqdn %> diff --git a/main.cf b/main.cf new file mode 100755 index 0000000..5cdaacb --- /dev/null +++ b/main.cf @@ -0,0 +1,61 @@ + +queue_directory = /var/spool/postfix + +command_directory = /usr/sbin + +daemon_directory = /usr/libexec/postfix + +data_directory = /var/lib/postfix + + +mail_owner = postfix + +myhostname = mxpostfix.docker + +myorigin = /etc/mailname +inet_interfaces = $myhostname + + +inet_protocols = all + +mydestination = bounced.docker, localhost + + +unknown_local_recipient_reject_code = 550 + + + +alias_maps = hash:/etc/aliases + +alias_database = hash:/etc/aliases + +#recipient_delimiter = + + + + +debugger_command = + PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin + ddd $daemon_directory/$process_name $process_id & sleep 5 + +sendmail_path = /usr/sbin/sendmail.postfix + + +newaliases_path = /usr/bin/newaliases.postfix + + +mailq_path = /usr/bin/mailq.postfix + + +setgid_group = postdrop + + +html_directory = no + + +manpage_directory = /usr/share/man + + +sample_directory = /usr/share/doc/postfix-2.6.6/samples + + +readme_directory = /usr/share/doc/postfix-2.6.6/README_FILES \ No newline at end of file diff --git a/main.cf.erb b/main.cf.erb deleted file mode 100755 index bd6f10e..0000000 --- a/main.cf.erb +++ /dev/null @@ -1,60 +0,0 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version - - -# Debian specific: Specifying a file name will cause the first -# line of that file to be used as the name. The Debian default -# is /etc/mailname. -#myorigin = /etc/mailname - -smtpd_banner = $myhostname ESMTP $mail_name -biff = no - -# appending .domain is the MUA's job. -append_dot_mydomain = no -append_at_myorigin = no - -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h - -readme_directory = no - -# TLS parameters -<% if node['platform'] == "centos" %> -smtpd_tls_cert_file=/etc/ssl/certs/wildcard.sendgrid.net.pem -smtpd_tls_key_file=/etc/ssl/certs/wildcard.sendgrid.net.key -smtpd_tls_CAfile=/etc/ssl/certs/ca-bundle.crt -<% else %> -smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem -smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key -<% end %> -smtpd_use_tls=yes -smtpd_tls_protocols = !SSLv2 !SSLv3 -smtpd_tls_ciphers = high -smtpd_tls_exclude_ciphers = aNULL, eNULL, EXPORT, DES, RC4, MD5, PSK -tls_preempt_cipherlist = yes -smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for -# information on enabling SSL in the smtp client. - -smtpd_client_connection_count_limit = 2000 -myhostname = <%= node.fqdn %> -alias_maps = hash:/etc/aliases -alias_database = hash:/etc/aliases -myorigin = /etc/mailname -smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination -# Further hostnames should be added to mail_domain table instead of here -mydestination = localhost.sendgrid.net, localhost -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -mailbox_size_limit = 0 -recipient_delimiter = + -inet_interfaces = all -content_filter=bounced:[127.0.0.1]:10027 -receive_override_options = no_address_mappings -virtual_alias_maps = tcp:127.0.0.1:10029 -message_size_limit = 204800000 - -# Permit leading hyphens in email addresses, e.g. "-bozo@example.com" -allow_min_user = yes diff --git a/master.cf.erb b/master.cf similarity index 52% rename from master.cf.erb rename to master.cf index bfef3c3..1edd7da 100755 --- a/master.cf.erb +++ b/master.cf @@ -8,45 +8,45 @@ # service type private unpriv chroot wakeup maxproc command + args # (yes) (yes) (yes) (never) (100) # ========================================================================== -smtp inet n - - - - smtpd -#submission inet n - - - - smtpd +smtp inet n - n - - smtpd +#submission inet n - n - - smtpd # -o smtpd_tls_security_level=encrypt # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#smtps inet n - - - - smtpd +#smtps inet n - n - - smtpd # -o smtpd_tls_wrappermode=yes # -o smtpd_sasl_auth_enable=yes # -o smtpd_client_restrictions=permit_sasl_authenticated,reject # -o milter_macro_daemon_name=ORIGINATING -#628 inet n - - - - qmqpd -pickup fifo n - - 60 1 pickup -cleanup unix n - - - 0 cleanup +#628 inet n - n - - qmqpd +pickup fifo n - n 60 1 pickup +cleanup unix n - n - 0 cleanup qmgr fifo n - n 300 1 qmgr -#qmgr fifo n - - 300 1 oqmgr -tlsmgr unix - - - 1000? 1 tlsmgr -rewrite unix - - - - - trivial-rewrite -bounce unix - - - - 0 bounce -defer unix - - - - 0 bounce -trace unix - - - - 0 bounce -verify unix - - - - 1 verify -flush unix n - - 1000? 0 flush +#qmgr fifo n - n 300 1 oqmgr +tlsmgr unix - - n 1000? 1 tlsmgr +rewrite unix - - n - - trivial-rewrite +bounce unix - - n - 0 bounce +defer unix - - n - 0 bounce +trace unix - - n - 0 bounce +verify unix - - n - 1 verify +flush unix n - n 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap -smtp unix - - - - - smtp +smtp unix - - n - - smtp # When relaying mail as backup MX, disable fallback_relay to avoid MX loops -relay unix - - - - - smtp +relay unix - - n - - smtp -o smtp_fallback_relay= # -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - - - - showq -error unix - - - - - error -retry unix - - - - - error -discard unix - - - - - discard +showq unix n - n - - showq +error unix - - n - - error +retry unix - - n - - error +discard unix - - n - - discard local unix - n n - - local virtual unix - n n - - virtual -lmtp unix - - - - - lmtp -anvil unix - - - - 1 anvil -scache unix - - - - 1 scache +lmtp unix - - n - - lmtp +anvil unix - - n - 1 anvil +scache unix - - n - 1 scache # # ==================================================================== # Interfaces to non-Postfix software. Be sure to examine the manual @@ -61,39 +61,64 @@ scache unix - - - - 1 scache # Also specify in main.cf: maildrop_destination_recipient_limit=1 # maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} + flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# The Cyrus deliver program has changed incompatibly, multiple times. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/usr/lib/cyrus-imapd/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== # # See the Postfix UUCP_README file for configuration details. # -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +#uucp unix - n n - - pipe +# flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# ==================================================================== # # Other external delivery methods. # ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) + bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} + flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -f $sender $nexthop $recipient +# +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store + ${nexthop} ${user} ${extension} +# mailman unix - n n - - pipe flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} + bounced unix - - n - 20 smtp -o smtp_send_xforward_command=yes -o smtp_discard_ehlo_keywords=8bitmime,startssl -127.0.0.1:10028 inet n - n - 10 smtpd + +0.0.0.0:10028 inet n - n - 10 smtpd -o content_filter= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks -o smtpd_helo_restrictions= -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o mynetworks=127.0.0.0/8 - -o smtpd_authorized_xforward_hosts=127.0.0.0/8 + -o mynetworks=172.17.0.0/16 + -o smtpd_authorized_xforward_hosts=172.17.0.0/16 -127.0.0.1:10030 inet n - n - 10 smtpd +0.0.0.0:10030 inet n - n - 10 smtpd -o content_filter= -o virtual_alias_maps= -o receive_override_options=no_unknown_recipient_checks,no_header_body_checks @@ -101,5 +126,5 @@ bounced unix - - n - 20 smtp -o smtpd_client_restrictions= -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,reject - -o mynetworks=127.0.0.0/8 - -o smtpd_authorized_xforward_hosts=127.0.0.0/8 + -o mynetworks=172.17.0.0/16 + -o smtpd_authorized_xforward_hosts=172.17.0.0/16 \ No newline at end of file diff --git a/sg_mail.erb b/sg_mail similarity index 100% rename from sg_mail.erb rename to sg_mail diff --git a/start.sh b/start.sh new file mode 100755 index 0000000..3276f1a --- /dev/null +++ b/start.sh @@ -0,0 +1,10 @@ +docker run \ + --rm \ + -it \ + --name mxpostfix \ + --hostname mxpostfix \ + --dns 172.17.42.1 \ + --dns-search docker \ + --volumes-from mpide_spool_1 \ + mxpostfix \ + bash \ No newline at end of file