Merge pull request #56 from bilak/master

#55 - added DKIM support -i 55
2024-06-22 23:46:54 +02:00 · 2016-01-26 12:27:54 +01:00 · 2016-01-26 12:27:54 +01:00 · 06281f7823
commit 06281f7823
parent 25d457dae7 426f87d916
9 changed files with 113 additions and 9 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 docker-compose.yml
 postfix/ssl/*
 letsencrypt/
+.idea
--- a/13
+++ b/13
@ -4,7 +4,10 @@ MAINTAINER Thomas VIAL
 # Packages
 RUN apt-get update -q --fix-missing
 RUN apt-get -y upgrade
-RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat
+RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \
+    courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \
+    pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \
+    opendkim opendkim-tools
 RUN apt-get autoclean && rm -rf /var/lib/apt/lists/*

 # Configures Saslauthd
@ -30,6 +33,14 @@ RUN chmod 644 /etc/clamav/freshclam.conf
 RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab -
 RUN freshclam

+# Configure DKIM (opendkim)
+RUN mkdir -p /etc/opendkim/keys
+ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts
+# DKIM config files
+ADD postfix/opendkim.conf /etc/opendkim.conf
+ADD postfix/default-opendkim /etc/default/opendkim
+
+
 # Configures Postfix
 ADD postfix/main.cf /etc/postfix/main.cf
 ADD postfix/master.cf /etc/postfix/master.cf
--- a/7
+++ b/7
@ -11,7 +11,12 @@ run:
 	cp test/accounts.cf postfix/
 	cp test/virtual postfix/
 	# Run container
-	docker run -d --name mail -v "`pwd`/postfix":/tmp/postfix -v "`pwd`/spamassassin":/tmp/spamassassin -v "`pwd`/test":/tmp/test -h mail.my-domain.com -t $(NAME):$(VERSION)
+	docker run -d --name mail \
+	    -v "`pwd`/postfix":/tmp/postfix \
+	    -v "`pwd`/spamassassin":/tmp/spamassassin \
+	    -v "`pwd`/test":/tmp/test \
+	    -h mail.my-domain.com \
+	    -t $(NAME):$(VERSION)
 	sleep 25

 prepare:
--- a/README.md
+++ b/README.md
@ -13,6 +13,7 @@ Includes:
 - amavis
 - spamassasin
 - clamav with automatic updates
+- opendkim

 Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)

@ -29,6 +30,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
 - ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
 - [includes integration tests](https://travis-ci.org/tomav/docker-mailserver) 
 - [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
+- dkim public key will be echoed to log. If you have your previous configuration, you can mount volume with it `-v "$(pwd)/opendkim":/etc/opendkim"`

 ## installation

--- a/postfix/TrustedHosts
+++ b/postfix/TrustedHosts
@ -0,0 +1,2 @@
+127.0.0.1
+localhost
--- a/postfix/default-opendkim
+++ b/postfix/default-opendkim
@ -0,0 +1,12 @@
+# Command-line options specified here will override the contents of
+# /etc/opendkim.conf. See opendkim(8) for a complete list of options.
+#DAEMON_OPTS=""
+#
+# Uncomment to specify an alternate socket
+# Note that setting this will override any Socket value in opendkim.conf
+#SOCKET="local:/var/run/opendkim/opendkim.sock" # default
+#SOCKET="inet:54321" # listen on all interfaces on port 54321
+#SOCKET="inet:12345@localhost" # listen on loopback on port 12345
+#SOCKET="inet:12345@192.0.2.1" # listen on 192.0.2.1 on port 12345
+
+SOCKET="inet:12301@localhost"
--- a/postfix/main.cf
+++ b/postfix/main.cf
@ -58,3 +58,8 @@ virtual_gid_maps = static:5000
 # Additional option for filtering
 content_filter = smtp-amavis:[127.0.0.1]:10024

+# Milters used by DKIM
+milter_protocol = 2
+milter_default_action = accept
+smtpd_milters = inet:localhost:12301
+non_smtpd_milters = inet:localhost:12301
--- a/postfix/opendkim.conf
+++ b/postfix/opendkim.conf
@ -0,0 +1,21 @@
+AutoRestart             Yes
+AutoRestartRate         10/1h
+UMask                   002
+Syslog                  yes
+SyslogSuccess           Yes
+LogWhy                  Yes
+
+Canonicalization        relaxed/simple
+
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+KeyTable                refile:/etc/opendkim/KeyTable
+SigningTable            refile:/etc/opendkim/SigningTable
+
+Mode                    sv
+PidFile                 /var/run/opendkim/opendkim.pid
+SignatureAlgorithm      rsa-sha256
+
+UserID                  opendkim:opendkim
+
+Socket                  inet:12301@localhost
--- a/start-mailserver.sh
+++ b/start-mailserver.sh
@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/bash

 die () {
  echo >&2 "$@"
@ -56,6 +56,48 @@ echo "Postfix configurations"
 touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
 touch /etc/postfix/virtual && postmap /etc/postfix/virtual

+# DKIM
+grep -vE '^(\s*$|#)' /etc/postfix/vhost | while read domainname; do
+  mkdir -p /etc/opendkim/keys/$domainname
+  if [ ! -f "/etc/opendkim/keys/$domainname/mail.private" ]; then
+    echo "Creating DKIM private key /etc/opendkim/keys/$domainname/mail.private"
+    pushd /etc/opendkim/keys/$domainname
+    opendkim-genkey --subdomains --domain=$domainname --selector=mail
+    popd
+    echo ""
+    echo "DKIM PUBLIC KEY ################################################################"
+    cat /etc/opendkim/keys/$domainname/mail.txt
+    echo "################################################################################"
+  fi
+  # Write to KeyTable if necessary
+  keytableentry="mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private"
+  if [ ! -f "/etc/opendkim/KeyTable" ]; then
+    echo "Creating DKIM KeyTable"
+    echo "mail._domainkey.$domainname $domainname:mail:/etc/opendkim/keys/$domainname/mail.private" > /etc/opendkim/KeyTable
+  else
+    if ! grep -q "$keytableentry" "/etc/opendkim/KeyTable" ; then
+      echo $keytableentry >> /etc/opendkim/KeyTable
+    fi
+  fi
+  # Write to SigningTable if necessary
+  signingtableentry="*@$domainname mail._domainkey.$domainname"
+  if [ ! -f "/etc/opendkim/SigningTable" ]; then
+    echo "Creating DKIM SigningTable"
+    echo "*@$domainname mail._domainkey.$domainname" > /etc/opendkim/SigningTable
+  else
+    if ! grep -q "$signingtableentry" "/etc/opendkim/SigningTable" ; then
+      echo $signingtableentry >> /etc/opendkim/SigningTable
+    fi
+  fi
+done
+
+echo "Changing permissions on /etc/opendkim"
+# chown entire directory
+chown -R opendkim:opendkim /etc/opendkim/
+# And make sure permissions are right
+chmod -R 0700 /etc/opendkim/keys/
+
+
 # SSL Configuration
 case $DMS_SSL in
  "letsencrypt" )
@ -66,7 +108,7 @@ case $DMS_SSL in
      sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf

      # Courier configuration
-      cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
+      cat "/etc/letsencrypt/live/$(hostname)/privkey.pem" "/etc/letsencrypt/live/$(hostname)/cert.pem" > "/etc/letsencrypt/live/$(hostname)/combined.pem"
      sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl

      echo "SSL configured with letsencrypt certificates"
@ -75,15 +117,15 @@ case $DMS_SSL in

  "self-signed" )
    # Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
-    if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
+    if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
    && [ -e "/tmp/postfix/ssl/$(hostname)-key.pem"  ] \
    && [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
    && [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
      echo "Adding $(hostname) SSL certificate"
      mkdir -p /etc/postfix/ssl
-      cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
-      cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
-      cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
+      cp "/tmp/postfix/ssl/$(hostname)-cert.pem" /etc/postfix/ssl
+      cp "/tmp/postfix/ssl/$(hostname)-key.pem" /etc/postfix/ssl
+      cp "/tmp/postfix/ssl/$(hostname)-combined.pem" /etc/postfix/ssl
      cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl

      # Postfix configuration
@ -91,10 +133,12 @@ case $DMS_SSL in
      sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
      sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
      sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
-      ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
+      ln -s /etc/postfix/ssl/cacert.pem "/etc/ssl/certs/cacert-$(hostname).pem"

      # Courier configuration
      sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
+
+      echo "SSL configured with self-signed/custom certificates"
    fi

    ;;
@ -126,6 +170,7 @@ cron
 /etc/init.d/spamassassin start
 /etc/init.d/clamav-daemon start
 /etc/init.d/amavis start
+/etc/init.d/opendkim start
 /etc/init.d/postfix start

 echo "Listing SASL users"