This repository has been archived by the owner on Sep 22, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add initial postfix templates and configurations
- Loading branch information
Showing
8 changed files
with
202 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,26 @@ | ||
| FROM debian:buster-slim | ||
| MAINTAINER Mark Feldhousen <mark.feldhousen@trio.dhs.gov> | ||
|
|
||
| RUN apt-get update && \ | ||
| apt-get install --no-install-recommends -y \ | ||
| ca-certificates \ | ||
| gettext-base \ | ||
| opendkim \ | ||
| opendkim-tools \ | ||
| postfix \ | ||
| sasl2-bin \ | ||
| && apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* | ||
|
|
||
| USER root | ||
| WORKDIR /root | ||
|
|
||
| RUN mv /etc/postfix/master.cf /etc/postfix/master.cf.orig | ||
|
|
||
| COPY ./templates ./templates/ | ||
| COPY ./src/docker-entrypoint.sh . | ||
|
|
||
| VOLUME ["/var/log", "/var/spool/postfix"] | ||
| EXPOSE 25/TCP 587/TCP | ||
|
|
||
| ENTRYPOINT ["./docker-entrypoint.sh"] | ||
| CMD ["postfix", "-v", "start-fg"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| --- | ||
| version: "3.7" | ||
|
|
||
| secrets: | ||
| fullchain_pem: | ||
| file: ./secrets/fullchain.pem | ||
| privkey_pem: | ||
| file: ./secrets/privkey.pem | ||
|
|
||
|
|
||
| services: | ||
| postfix: | ||
| build: | ||
| context: . | ||
| dockerfile: Dockerfile | ||
| image: postfix | ||
| init: true | ||
| restart: always | ||
| environment: | ||
| - PRIMARY_DOMAIN=example.com | ||
| - RELAY_IP= | ||
| ports: | ||
| - target: "25" | ||
| published: "1025" | ||
| protocol: tcp | ||
| mode: host | ||
| - target: "587" | ||
| published: "1587" | ||
| protocol: tcp | ||
| mode: host | ||
| secrets: | ||
| - source: fullchain_pem | ||
| target: fullchain.pem | ||
| - source: privkey_pem | ||
| target: privkey.pem |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| -----BEGIN CERTIFICATE----- | ||
| MIIFXTCCA0WgAwIBAgIJAPWv/2ssPwHVMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV | ||
| BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX | ||
| aWRnaXRzIFB0eSBMdGQwHhcNMTkwNTI4MjAxNDM0WhcNMjAwNTI3MjAxNDM0WjBF | ||
| MQswCQYDVQQGEwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50 | ||
| ZXJuZXQgV2lkZ2l0cyBQdHkgTHRkMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIIC | ||
| CgKCAgEAvclFvQ6WAkQXpwNksjjojlvAKkqTnHJ8vHaM0C3yrSm+aMPH0/lzLTuT | ||
| pv5eaSBUUzi5f/VjBFslH7kAGct4m1MJUfxRYdP4uZXqnfkiMyT8x7z+k6SbD22U | ||
| 6Xxa7yV+hwkbhNDFOmcCWawgrERvfkSdyp/l94u+TWg5v/LvmkmsFRixT+U5dl/g | ||
| vSdXbAvjdrn+x/IRVMFrEDTm5QNCHrx1lTQf4giFl7VU820HQiNT3Y3JD7v+JHLO | ||
| DUyYZAA6bpg5vYYMbhxfegZu/C7DkT3/ZtpRXEPv1mR+koS7nPAtZmJ8t76GR/eU | ||
| A5rYLv1P6a4KvUf0/uRPGHQZsj57lVRqyR3TDi37aDywvcdTBQZHe9fNyYYe7g6s | ||
| ToKzY/Z+KwVuI+KcamVH6QLLhHOZ7IFIdB5PrSCMLHlDRP22GWV5lbFjxP+9H/2P | ||
| B5QkoBuPS4vV/GNxMlGlnbCoVDdUluypnsl0pdpae36PiFPlkA3dzJ1OcOt803jR | ||
| E3HHBg4Mq9rO51NQfxx3LsnKPVvajVChcEie1UEH+DQLEVciRBIp9Jho4SMh9xS9 | ||
| VXFRXXrnEKkfLOXwkd3Vy4upvyQrxpEMmj1SHSsFqJ4xz1uo5akpgwzB5I14oe+k | ||
| OK/sLP+B4GryWp78cASQQ/0ldbvOWxBxm7OVSPQB6F6vHVKNExsCAwEAAaNQME4w | ||
| HQYDVR0OBBYEFOAh81Tup7BSdYBjAPGyd1GW5GJhMB8GA1UdIwQYMBaAFOAh81Tu | ||
| p7BSdYBjAPGyd1GW5GJhMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIB | ||
| ALBpfqJWpTf58mv1n6HuSLI7n/FGA0wxoVPmvG9qBV0uBx0kbsuJVBUXfO+FE/3x | ||
| aiTiCwKweqdRhA2H7TnGs12D1Dweh3jd1gs+inClN7w4Ge9hIMiDcc9K45wgP/Sk | ||
| IIJYgLfctGfzc5EetqWQFq1GEPpNPNpfBMC7Z/KcgiZ8+RmoIACDlJ+EwSkDuXgf | ||
| 045n45cF2xqfpeq/qKZDfWwg5+js/LN7abDRxX+JjH1i678Wx+SOlxsRK2plmmIL | ||
| c46vSErWoRddwxyZyP4TqBCTgV6ZcoZSWKFvHrn4c2YZHMuagsBaDIBg05jfxv72 | ||
| ewuKeWIC0/2PkbJ+W15X+/Ltgru7gIcidt8Xm+JnBjvz0bCiS2qVGxu0DxBmbmjv | ||
| CW3pvaNhc7NWxnTbJdpC/G2wH1RV06CS2WIWuBXu/AlkVlI/HHqYD4fWdETx9VjM | ||
| 821dJY0oGBVqK+2/2d9Q1J1bfzs/J2kLaNocERog2RMapygHoNI0qtfsQIyEecGw | ||
| LoDcYltzKM+tPbWsYc1lI1rNo0v0/Y2TjQ6Jq+P4eZQ9gf6XgmdLg5nIDPkO4til | ||
| epYT2sgG6TAMyzf475BX92ect9KWD1efAavL+aSxwpngWBc7uqYvvbX8w1EePX7G | ||
| EoxN6uctuyBtDpzhdKxEEVBZ7NfU6X/91ZgVdlOR/rN4 | ||
| -----END CERTIFICATE----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,52 @@ | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQC9yUW9DpYCRBen | ||
| A2SyOOiOW8AqSpOccny8dozQLfKtKb5ow8fT+XMtO5Om/l5pIFRTOLl/9WMEWyUf | ||
| uQAZy3ibUwlR/FFh0/i5leqd+SIzJPzHvP6TpJsPbZTpfFrvJX6HCRuE0MU6ZwJZ | ||
| rCCsRG9+RJ3Kn+X3i75NaDm/8u+aSawVGLFP5Tl2X+C9J1dsC+N2uf7H8hFUwWsQ | ||
| NOblA0IevHWVNB/iCIWXtVTzbQdCI1PdjckPu/4kcs4NTJhkADpumDm9hgxuHF96 | ||
| Bm78LsORPf9m2lFcQ+/WZH6ShLuc8C1mYny3voZH95QDmtgu/U/prgq9R/T+5E8Y | ||
| dBmyPnuVVGrJHdMOLftoPLC9x1MFBkd7183Jhh7uDqxOgrNj9n4rBW4j4pxqZUfp | ||
| AsuEc5nsgUh0Hk+tIIwseUNE/bYZZXmVsWPE/70f/Y8HlCSgG49Li9X8Y3EyUaWd | ||
| sKhUN1SW7KmeyXSl2lp7fo+IU+WQDd3MnU5w63zTeNETcccGDgyr2s7nU1B/HHcu | ||
| yco9W9qNUKFwSJ7VQQf4NAsRVyJEEin0mGjhIyH3FL1VcVFdeucQqR8s5fCR3dXL | ||
| i6m/JCvGkQyaPVIdKwWonjHPW6jlqSmDDMHkjXih76Q4r+ws/4HgavJanvxwBJBD | ||
| /SV1u85bEHGbs5VI9AHoXq8dUo0TGwIDAQABAoICAQCRaDhKVXaRXeJRT8RC2F81 | ||
| Uw60WFcoMn9nVd0lU07vZWBBnF7qBeE88rx54cIsAV0aNgfKBhRLLhoPaAqvuLk7 | ||
| KC+n5Q3lSiby6e3MAyk0zk3uKttR+3fiJi9FhMWXHL8Ibu3qoJm72Vhvo/WUhwp1 | ||
| T9UlfcUQGL1BSW2Vp2f0aiWyNC0F7bZM/8CMrCvK2ID6Yh7WypyEt3xz+lQ9enWa | ||
| XwInwrv6zlSsm33u08YP4klLImq952ccPempPtozJAmg2njCwIWdh5ePQoaeKKYm | ||
| Db4062gSrOqA9JYVZCTqZQoju6majhsL4KBC8sxXlDU58OLBivQmpn4DWlClxEGi | ||
| IbY/FIE6WEhOrdoGPzIjAcC3OYYTasIMBDLdA0tODmtv9Nvst30IGZc4Pm/QIJOk | ||
| EGJo4hqWbxiy4gisWxHwYeQ9/EEwrrc3FP94VscVkT8x0i22w5WMLtcrnCGpwzMg | ||
| E10+9v4ZUZ7cu9V+IeWQUkeuP3xhumI7RIDVRHpGC6TfEk/Q2gNdsPL2E8ng2Ytx | ||
| KMI3Pj5FuYi7enIR9AWdBVmVc2u7nzJMF/ODAwY6GmqHxni7PD97cnYwCy7Gxp/S | ||
| DZqiiD32RHwUwBm0AgdLhftkgqyTN/qo/Bhmj9ieO2CkuAvTYoXG0VMzxCb9wBG/ | ||
| 7BJSGcbwtTJOJGK7LvrDAQKCAQEA6Q45teOKcmOSw5ne2cXzXuaXZ0OOCkjJ2ens | ||
| M89YmKXDVEZRbGoHVtftInUpr0H2UJ/N268Ogfzw62enZ40WIGwNALvp9PkLvdT0 | ||
| 6LD/4MhcgZGQ5WDwqfqwkOanHdw9HJb752yEJ+3OG+fojmKkOs6OoQk1Ypxv5+5K | ||
| OuG/qtiKKpSLbG/nKAbPsPObArBxyfH9pV5F2E6vy38lYoDTURlA2BXHPoXu9M4c | ||
| /K2BMmO5zvGu5VOpAtnag5CWUwVvnX9DKDYs+k+exErluEj+U8GbKNQUTE+1p6fT | ||
| j4KKNVZBgnavOST3Xm/i4qVbccF/CwUc387HPdK5FU6kn3evewKCAQEA0HiEAytq | ||
| jzlBBHm892tojRzvpQa65fT7khsxETLhABvqeWZ2h9lE8TJTLC46N4cG1MC/hnWB | ||
| Q7XzKd7jAeht41Lp0mlDWv6eqKN4VyXSpAYzATcEO739eja7WNTgkYB91eDSyT+K | ||
| DVaElaXMjw/uX9tBnqaVyEe8JDqHw9E3Gl0MLWi89ztYptaWvKjt0+QqENBc6o+G | ||
| K/qzO+B4o9AyjyYkUYVA87tRrDk746LA5DbkpLQKPmQ3lb1hvVysJOnEdRabu5ly | ||
| mC0HR9n2UwcU98Op/EX3D4MuCUoFB/HQNMXq7oRMg+AcfsG0/ENcbiY6o0yRhxHu | ||
| ACgcjTi/QKAI4QKCAQBbgzB6EZ0diafpkpQFI0uLKjStYcN2mlpYbRhIx9RcLErk | ||
| 3q++SGwVV7hP3X2+ycH0qqtk5fpmZHIdnZgIe0gC9yqr7R3TCa/onKSGcmonU8Wv | ||
| Qv+IcmZN+Jg4bbmVahO9FDRaDSxfmWtjXc7dijI+vTkYVstVq2PtyI3xTQ+8AEdQ | ||
| rP+KVu6HsxT+wMlPZwVnbNRSiRAX/d3dpFGDul4/7BCgSPzxuhm4mu6a8W5X4Pzn | ||
| G9O3TQCClBTPsIi2lN3dFEnEknFa4MTRAy/tCwyCyvUoNQ67YFlOOgJCydmHVBVp | ||
| Kz1mzPMta/XFVXTw2DAQnbNW1pU523K9wSG3VIHdAoIBACJTZbE76dzRWZJKFUJM | ||
| DjgGBrOOiyGoF/Azx/2D+iZRcmcw5t1xefeZCLbimbVg51AKuL6EBJfIktRXHdvH | ||
| kKh4k4WQzYVjHW65E+yNjsRxPN67V1ga7Wy9LFXxH1T16kJYNXzrmGif0U7usOLx | ||
| hZeE+6YK2ejTXvg8JvSoM0GFBqdHcq3muK8n8EP6MMbN79s648G/hiEhs3dte4/F | ||
| jT2i0yIVJd+7/TO1bNYLi2VIYJd6CaHCUKC4QSqz4qhlUXLSGSxnlMXXzDYZfoSn | ||
| St2M+yVNw+Nq/x6KcI+hUl4OJKPHZu3j7e01Kf7LfKGqa8dNqTyrSBwAfssGB/+1 | ||
| GiECggEAJD0KWTfJrSbgCkMfp1fNkwNExW2+neB+MI1eIR1sWsu8rz1a5d/NIdQq | ||
| pkoJp4FQUgRFEK+CzPWbKBDOxDVwpZ5o84JzxAEc78tL8/QIYwbtw5ZOiHNZ+wS6 | ||
| OYk6weY7rro7PwzqsTXcGdg/yxtphwguveSQM8y6McqBNZKqlN2fvXY8a4KZtt8O | ||
| RXBwpsqYulHpMGPh2MsMJBGEEII7Y2WKZG41oU1SGb5J2tBdGixW0buQnr6qwBgL | ||
| Ie8VV5kgbei97WK1lwvosn3HetBYSEE0GWMvjx93yoeozV8L/IF1rf7xss2BSqzF | ||
| UjgsHxWMDJWcER8NHXkE5DQORLtKCA== | ||
| -----END PRIVATE KEY----- |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| #!/bin/bash | ||
| # shellcheck disable=SC2016 | ||
|
|
||
| set -e | ||
|
|
||
| if [ "$1" = 'postfix' ]; then | ||
|
|
||
| # generate confgurations using environment variables | ||
| envsubst '\$PRIMARY_DOMAIN \$RELAY_IP' < templates/main.cf > /etc/postfix/main.cf | ||
| cp /etc/postfix/master.cf.orig /etc/postfix/master.cf | ||
| envsubst '\$PRIMARY_DOMAIN \$RELAY_IP' < templates/master.cf >> /etc/postfix/master.cf | ||
|
|
||
| exec "$@" | ||
| fi | ||
|
|
||
| exec "$@" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) | ||
| biff = no | ||
| append_dot_mydomain = no | ||
| readme_directory = no | ||
| smtpd_tls_cert_file=/run/secrets/fullchain.pem | ||
| smtpd_tls_key_file=/run/secrets/privkey.pem | ||
| smtpd_tls_security_level = may | ||
| smtp_tls_security_level = may | ||
| smtpd_tls_session_cache_database = btree:$data_directory/smtpd_scache | ||
| smtp_tls_session_cache_database = btree:$data_directory/smtp_scache | ||
| smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination | ||
| myhostname = ${PRIMARY_DOMAIN} | ||
| alias_maps = hash:/etc/aliases | ||
| alias_database = hash:/etc/aliases | ||
| myorigin = ${PRIMARY_DOMAIN} | ||
| mydestination = ${PRIMARY_DOMAIN}, localhost.com, , localhost | ||
| relayhost = | ||
| mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 ${RELAY_IP} | ||
| mailbox_command = procmail -a "\$EXTENSION" | ||
| mailbox_size_limit = 0 | ||
| recipient_delimiter = + | ||
| inet_interfaces = all | ||
| inet_protocols = ipv4 | ||
| milter_default_action = accept | ||
| milter_protocol = 6 | ||
| smtpd_milters = inet:12301,inet:localhost:54321 | ||
| non_smtpd_milters = inet:12301,inet:localhost:54321 | ||
| disable_vrfy_command = yes | ||
| smtp_tls_note_starttls_offer = yes | ||
| always_bcc = mailarchive@${PRIMARY_DOMAIN} | ||
| maillog_file = /dev/stdout | ||
| compatibility_level = 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| submission inet n - - - - smtpd | ||
| -o syslog_name=postfix/submission | ||
| -o smtpd_tls_wrappermode=no | ||
| -o smtpd_tls_security_level=may | ||
| -o smtpd_sasl_auth_enable=yes | ||
| -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject | ||
| -o milter_macro_daemon_name=ORIGINATING | ||
| -o smtpd_sasl_type=dovecot | ||
| -o smtpd_sasl_path=private/auth |