diff --git a/Makefile b/Makefile index c8bd2498..90788409 100644 --- a/Makefile +++ b/Makefile @@ -26,6 +26,7 @@ run: -e SASL_PASSWD="external-domain.com username:password" \ -e ENABLE_MANAGESIEVE=1 \ -e ONE_DIR=1 \ + -e PERMIT_DOCKER=host\ -h mail.my-domain.com -t $(NAME) sleep 20 docker run -d --name mail_pop3 \ @@ -40,6 +41,7 @@ run: -v "`pwd`/test/config":/tmp/docker-mailserver \ -v "`pwd`/test":/tmp/docker-mailserver-test \ -e SMTP_ONLY=1 \ + -e PERMIT_DOCKER=network\ -h mail.my-domain.com -t $(NAME) sleep 20 docker run -d --name mail_fail2ban \ diff --git a/README.md b/README.md index 5ecec55e..f3b5af4f 100644 --- a/README.md +++ b/README.md @@ -141,3 +141,10 @@ Otherwise, `iptables` won't be able to ban IPs. - self-signed => Enables self-signed certificates Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information. + +##### PERMIT_DOCKER + +Set different options for mynetworks option (can be overwrite in postfix-main.cf) + - **empty** => localhost only + - host => Add docker host (ipv4 only) + - network => Add all docker containers (ipv4 only) diff --git a/target/postfix/main.cf b/target/postfix/main.cf index 1b77a283..158cfa17 100644 --- a/target/postfix/main.cf +++ b/target/postfix/main.cf @@ -11,7 +11,7 @@ alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases mydestination = relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.17.0.0/16 +mynetworks = 127.0.0.0/8 [::1]/128 [fe80::]/64 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 037332f9..3805f274 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -202,6 +202,33 @@ echo "Postfix configurations" touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox touch /etc/postfix/virtual && postmap /etc/postfix/virtual +# PERMIT_DOCKER Option +container_ip=$(ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1) +container_network="$(echo $container_ip | cut -d '.' -f1-2).0.0" +case $PERMIT_DOCKER in + "host" ) + echo "Adding $container_network/16 to my networks" + postconf -e "$(postconf | grep '^mynetworks =') $container_network/16" + bash -c "echo $container_network/16 >> /etc/opendmarc/ignore.hosts" + bash -c "echo $container_network/16 >> /etc/opendkim/TrustedHosts" + ;; + + "network" ) + echo "Adding docker network in my networks" + postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12" + bash -c "echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts" + bash -c "echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts" + ;; + + * ) + echo "Adding container ip in my networks" + postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32" + bash -c "echo $container_ip/32 >> /etc/opendmarc/ignore.hosts" + bash -c "echo $container_ip/32 >> /etc/opendkim/TrustedHosts" + ;; + +esac + # # Override Postfix configuration # diff --git a/test/tests.bats b/test/tests.bats index f19a8542..6a3fc876 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -510,3 +510,25 @@ [ "$status" -eq 1 ] [ -z "$output" ] } + +# +# PERMIT_DOCKER mynetworks +# +@test "checking PERMIT_DOCKER: can get container ip" { + run docker exec mail /bin/sh -c "ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1 | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}'" + [ "$status" -eq 0 ] +} + +@test "checking PERMIT_DOCKER: opendmarc/opendkim config" { + run docker exec mail_smtponly /bin/sh -c "cat /etc/opendmarc/ignore.hosts | grep '172.16.0.0/12'" + [ "$status" -eq 0 ] + run docker exec mail_smtponly /bin/sh -c "cat /etc/opendkim/TrustedHosts | grep '172.16.0.0/12'" + [ "$status" -eq 0 ] +} + +@test "checking PERMIT_DOCKER: my network value" { + run docker exec mail /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.0\.0/16'" + [ "$status" -eq 0 ] + run docker exec mail_pop3 /bin/sh -c "postconf | grep '^mynetworks =' | egrep '[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}\.[[:digit:]]{1,3}/32'" + [ "$status" -eq 0 ] +}