struct(scripts): entrypoint and config partial
This commit is contained in:
parent
a270bc5014
commit
efe0c2aebc
82
entrypoint.sh
Normal file
82
entrypoint.sh
Normal file
@ -0,0 +1,82 @@
|
|||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
#
|
||||||
|
# entrypoint script for postfix smarthost mail relay
|
||||||
|
#
|
||||||
|
|
||||||
|
convertCase () {
|
||||||
|
printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
|
||||||
|
}
|
||||||
|
|
||||||
|
printf "\nVerifying environment variables... "
|
||||||
|
|
||||||
|
# check for missing environment variable values
|
||||||
|
if [ -z "$SMARTHOST" ]; then
|
||||||
|
printf "\nYou must specify the hostname or IP address of a smarthost where mail should be relayed.\n\n"
|
||||||
|
fi
|
||||||
|
if [ -z "$SMARTHOST_USERNAME" ]; then
|
||||||
|
printf "\nYou must provide a username for smarthost authentication.\n\n"
|
||||||
|
fi
|
||||||
|
if [ -z "$SMARTHOST_PASSWORD" ]; then
|
||||||
|
printf "\nYou must provide a password for smarthost authentication.\n\n"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# set failsafes
|
||||||
|
[ -z "$SMARTHOST_PORT" ] && SMARTHOST_PORT=587
|
||||||
|
[ -z "$LOCAL_HOSTNAME" ] && LOCAL_HOSTNAME="smarthost"
|
||||||
|
[ -z "$LOCAL_DOMAINNAME" ] && LOCAL_DOMAINNAME="smarthost"
|
||||||
|
|
||||||
|
printf "done\n"
|
||||||
|
printf "updating configuration files... "
|
||||||
|
|
||||||
|
# update main.cf
|
||||||
|
sed -i 's/{LOCAL_HOSTNAME}/${LOCAL_HOSTNAME}/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/{LOCAL_DOMAINNAME}/${LOCAL_DOMAINNAME}/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/{SMARTHOST}/${SMARTHOST}/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/{SMARTHOST_PORT}/${SMARTHOST_PORT}/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/{SMARTHOST_USERNAME}/${SMARTHOST_USERNAME}/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/{SMARTHOST_PASSWORD}/${SMARTHOST_PASSWORD}/' /tmp/main.cf.insert
|
||||||
|
|
||||||
|
LOCAL_ENCRYPTION="$(convertCase "$LOCAL_ENCRYPTION")"
|
||||||
|
case "$LOCAL_ENCRYPTION" in
|
||||||
|
OPT*)
|
||||||
|
sed -i 's/{LOCAL_ENCRYPTION}/may/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/#smtpd_/smtpd_/g' /tmp/main.cf.insert
|
||||||
|
;;
|
||||||
|
TRUE)
|
||||||
|
sed -i 's/{LOCAL_ENCRYPTION}/encrypt/' /tmp/main.cf.insert
|
||||||
|
sed -i 's/#smtpd_/smtpd_/g' /tmp/main.cf.insert
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
sed -i 's/{LOCAL_ENCRYPTION}//' /tmp/main.cf.insert
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
SMARTHOST_ENCRYPTION="$(convertCase "$SMARTHOST_ENCRYPTION")"
|
||||||
|
case "$SMARTHOST_ENCRYPTION" in
|
||||||
|
OPT*)
|
||||||
|
sed -i 's/{SMARTHOST_ENCRYPTION}/may/' /tmp/main.cf.insert
|
||||||
|
;;
|
||||||
|
TRUE)
|
||||||
|
sed -i 's/{SMARTHOST_ENCRYPTION}/secure/' /tmp/main.cf.insert
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
sed -i 's/{SMARTHOST_ENCRYPTION}/none/' /tmp/main.cf.insert
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
cat /tmp/main.cf.insert >> /etc/postfix/main.cf
|
||||||
|
rm -f /tmp/main.cf.insert
|
||||||
|
|
||||||
|
# update master.cf
|
||||||
|
sed -i 's/#tlsproxy/tlsproxy/' /etc/postfix/master.cf
|
||||||
|
|
||||||
|
printf "done\n"
|
||||||
|
printf "container setup complete!\n"
|
||||||
|
|
||||||
|
# run CMD passed to this container
|
||||||
|
printf "\nExecuting: %s\n" "$*"
|
||||||
|
exec "$@"
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
#EOF
|
33
main.cf.insert
Normal file
33
main.cf.insert
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
#
|
||||||
|
# configure as smarthost
|
||||||
|
#
|
||||||
|
myhostname = {LOCAL_HOSTNAME}
|
||||||
|
mydomain = {LOCAL_DOMAINNAME}
|
||||||
|
|
||||||
|
myorigin = $mydomain
|
||||||
|
mydestination = localhost localhost.$mydomain $myhostname $mydomain
|
||||||
|
mynetworks_style = subnet
|
||||||
|
|
||||||
|
relay_domains =
|
||||||
|
relayhost = [{SMARTHOST}]:{SMARTHOST_PORT}
|
||||||
|
|
||||||
|
#smtpd_tls_chain_files = /certs/privkey.pem, /certs/fullchain.pem
|
||||||
|
#smtpd_tls_mandatory_ciphers = high
|
||||||
|
#smptd_tls_mandatory_exclude_ciphers = aNULL, MD5
|
||||||
|
#smtpd_tls_mandatory_protocols = >=TLSv1.2
|
||||||
|
#smtpd_tls_security_level = {LOCAL_ENCRYPTION}
|
||||||
|
|
||||||
|
smtp_tls_security_level = {SMARTHOST_ENCRYPTION}
|
||||||
|
smtp_tls_connection_reuse = yes
|
||||||
|
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||||
|
|
||||||
|
smtp_sasl_auth_enable = yes
|
||||||
|
smtp_sasl_password_maps = static:{SMARTHOST_USERNAME}:{SMARTHOST_PASSWORD}
|
||||||
|
smtp_sasl_security_options = noanonymous
|
||||||
|
|
||||||
|
header_size_limit = 4096000
|
||||||
|
relay_destination_concurrency_limit = 20
|
||||||
|
|
||||||
|
soft_bounce = no
|
||||||
|
|
||||||
|
maillog_file = /dev/stdout
|
Loading…
Reference in New Issue
Block a user