From 0f1695cbb265417691ff6181591cee19ee8b23a2 Mon Sep 17 00:00:00 2001 From: Robert Dolca Date: Sat, 20 Feb 2016 02:14:04 +0000 Subject: [PATCH 1/7] Set smtp_tls_security_level for smtp-amavis in master.cf This way you can set smtp_tls_security_level = encrypt in main.cf and amavis would still work. --- postfix/master.cf | 2 ++ 1 file changed, 2 insertions(+) diff --git a/postfix/master.cf b/postfix/master.cf index 8804f632..b2fe0de9 100644 --- a/postfix/master.cf +++ b/postfix/master.cf @@ -72,6 +72,7 @@ smtp-amavis unix - - - - 2 smtp -o smtp_send_xforward_command=yes -o disable_dns_lookups=yes -o max_use=20 + -o smtp_tls_security_level=none 127.0.0.1:10025 inet n - n - - smtpd -o content_filter= @@ -92,3 +93,4 @@ smtp-amavis unix - - - - 2 smtp -o smtpd_client_connection_count_limit=0 -o smtpd_client_connection_rate_limit=0 -o receive_override_options=no_header_body_checks,no_unknown_recipient_checks + -o smtp_tls_security_level=none From 2ff42baf41378f6c410b13fb6db6ddf07266f443 Mon Sep 17 00:00:00 2001 From: Robert Dolca Date: Sat, 20 Feb 2016 02:15:17 +0000 Subject: [PATCH 2/7] Remove duplicate DKIM headers --- postfix/opendkim.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/postfix/opendkim.conf b/postfix/opendkim.conf index 05c9d340..f8c1b6c3 100644 --- a/postfix/opendkim.conf +++ b/postfix/opendkim.conf @@ -4,6 +4,7 @@ UMask 002 Syslog yes SyslogSuccess Yes LogWhy Yes +RemoveOldSignatures Yes Canonicalization relaxed/simple @@ -18,4 +19,4 @@ SignatureAlgorithm rsa-sha256 UserID opendkim:opendkim -Socket inet:12301@localhost \ No newline at end of file +Socket inet:12301@localhost From 0e2ef0f8c296f84f1fe6890286986b2d9139a213 Mon Sep 17 00:00:00 2001 From: Robert Dolca Date: Sat, 20 Feb 2016 02:16:54 +0000 Subject: [PATCH 3/7] Allow custom main.cf settings --- start-mailserver.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/start-mailserver.sh b/start-mailserver.sh index bcabaa72..8756643a 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -173,6 +173,15 @@ case $DMS_SSL in esac +if [ -f /tmp/postfix/main.cf ]; then + while read line; do + postconf -e "$line" + done < /tmp/postfix/main.cf + echo "Loaded '/tmp/postfix/main.cf'" +else + echo "==> Warning: '/tmp/postfix/main.cf' is not provided. No extra postfix settings loaded." +fi + echo "Fixing permissions" chown -R 5000:5000 /var/mail mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav From d36ecaa2c0965112d0c7e27d667488c05107aed3 Mon Sep 17 00:00:00 2001 From: Robert Dolca Date: Sat, 20 Feb 2016 02:17:14 +0000 Subject: [PATCH 4/7] Add SASL_PASSWD environment variable to configure relay authentication --- README.md | 3 +++ start-mailserver.sh | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/README.md b/README.md index 66337e5a..a34efd12 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,9 @@ Example: * *6.31* (default) => add 'spam detected' headers at that level * SA_KILL * *6.31* (default) => triggers spam evasive actions) +* SASL_PASSWORD + * *empty* (default) => No sasl_passwd will be created + * *string* => A /etc/postfix/sasl_passwd will be created with that content and postmap will be run on it Please read [how the container starts](https://github.com/tomav/docker-mailserver/blob/master/start-mailserver.sh) to understand what's expected. diff --git a/start-mailserver.sh b/start-mailserver.sh index 8756643a..1af17c30 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -182,6 +182,17 @@ else echo "==> Warning: '/tmp/postfix/main.cf' is not provided. No extra postfix settings loaded." fi +if [ ! -z "$SASL_PASSWD" ]; then + echo "$SASL_PASSWD" > /etc/postfix/sasl_passwd + postmap hash:/etc/postfix/sasl_passwd + rm /etc/postfix/sasl_passwd + chown root:root /etc/postfix/sasl_passwd.db + chmod 0600 /etc/postfix/sasl_passwd.db + echo "Loaded SASL_PASSWORD" +else + echo "==> Warning: 'SASL_PASSWORD' is not provided. /etc/postfix/sasl_passwd not created." +fi + echo "Fixing permissions" chown -R 5000:5000 /var/mail mkdir -p /var/log/clamav && chown -R clamav:root /var/log/clamav From 3cabf10520c792d24fa646db7f6de5c93aef5276 Mon Sep 17 00:00:00 2001 From: Chris54721 Date: Fri, 18 Mar 2016 20:07:58 +0100 Subject: [PATCH 5/7] Add tests for main.cf overrides --- Makefile | 3 ++- test/main.cf | 2 ++ test/tests.bats | 7 +++++++ 3 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 test/main.cf diff --git a/Makefile b/Makefile index 05029946..a64deb56 100644 --- a/Makefile +++ b/Makefile @@ -9,6 +9,7 @@ build: run: # Copy test files cp test/accounts.cf postfix/ + cp test/main.cf postfix/ cp test/virtual postfix/ # Run containers docker run -d --name mail \ @@ -51,6 +52,6 @@ tests: clean: # Get default files back - git checkout postfix/accounts.cf postfix/virtual + git checkout postfix/accounts.cf postfix/main.cf postfix/virtual # Remove running test containers docker rm -f mail mail_pop3 mail_smtponly diff --git a/test/main.cf b/test/main.cf new file mode 100644 index 00000000..37155392 --- /dev/null +++ b/test/main.cf @@ -0,0 +1,2 @@ +max_idle = 600s +readme_directory = /tmp diff --git a/test/tests.bats b/test/tests.bats index be681fb1..89de473e 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -217,6 +217,13 @@ [ "${lines[1]}" = "otherdomain.tld" ] } +@test "checking postfix: main.cf overrides" { + run docker exec mail grep -q 'max_idle = 600s' /tmp/postfix/main.cf + [ "$status" -eq 0 ] + run docker exec mail grep -q 'readme_directory = /tmp' /tmp/postfix/main.cf + [ "$status" -eq 0 ] +} + # # spamassassin # From ec5837d496fd419429ab7ec0792c8db2a3663c49 Mon Sep 17 00:00:00 2001 From: Chris54721 Date: Fri, 18 Mar 2016 20:10:05 +0100 Subject: [PATCH 6/7] Update start-mailserver.sh --- start-mailserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/start-mailserver.sh b/start-mailserver.sh index 3056fcf6..46f1ff45 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -202,7 +202,7 @@ if [ -f /tmp/postfix/main.cf ]; then done < /tmp/postfix/main.cf echo "Loaded '/tmp/postfix/main.cf'" else - echo "==> Warning: '/tmp/postfix/main.cf' is not provided. No extra postfix settings loaded." + echo "'/tmp/postfix/main.cf' not provided. No extra postfix settings loaded." fi if [ ! -z "$SASL_PASSWD" ]; then From 53959b8eaed9a40958983c31df18f0df8614f298 Mon Sep 17 00:00:00 2001 From: Chris54721 Date: Fri, 18 Mar 2016 20:12:18 +0100 Subject: [PATCH 7/7] Add tests for SASL_PASSWD --- Makefile | 11 ++++++----- test/tests.bats | 5 +++++ 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/Makefile b/Makefile index a64deb56..aed0b797 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,7 @@ run: -e SA_TAG=1.0 \ -e SA_TAG2=2.0 \ -e SA_KILL=3.0 \ + -e SASL_PASSWD=testing \ -h mail.my-domain.com -t $(NAME) docker run -d --name mail_pop3 \ -v "`pwd`/postfix":/tmp/postfix \ @@ -37,11 +38,11 @@ run: fixtures: # Sending test mails - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt" - docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-spam.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/amavis-virus.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-external.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-alias-local.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/non-existing-user.txt" # Wait for mails to be analyzed sleep 10 diff --git a/test/tests.bats b/test/tests.bats index 89de473e..8cfe488e 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -105,6 +105,11 @@ [ "$status" -eq 0 ] } +@test "checking sasl: sasl_passwd.db exists" { + run docker exec mail [ -f /etc/postfix/sasl_passwd.db ] + [ "$status" -eq 0 ] +} + # # smtp #