Compare commits
5 Commits
a45ff79f1f
...
7e291fad6a
Author | SHA1 | Date | |
---|---|---|---|
|
7e291fad6a | ||
|
efe0c2aebc | ||
|
a270bc5014 | ||
|
cb6868a6e7 | ||
|
d4a39d6439 |
81
.gitattributes
vendored
Normal file
81
.gitattributes
vendored
Normal file
@ -0,0 +1,81 @@
|
||||
# Common settings that generally should always be used with your language specific settings
|
||||
|
||||
# Auto detect text files and perform LF normalization
|
||||
# https://www.davidlaing.com/2012/09/19/customise-your-gitattributes-to-become-a-git-ninja/
|
||||
* text=auto
|
||||
|
||||
#
|
||||
# The above will handle all files NOT found below
|
||||
#
|
||||
|
||||
# Documents
|
||||
*.bibtex text diff=bibtex
|
||||
*.doc diff=astextplain
|
||||
*.DOC diff=astextplain
|
||||
*.docx diff=astextplain
|
||||
*.DOCX diff=astextplain
|
||||
*.dot diff=astextplain
|
||||
*.DOT diff=astextplain
|
||||
*.pdf diff=astextplain
|
||||
*.PDF diff=astextplain
|
||||
*.rtf diff=astextplain
|
||||
*.RTF diff=astextplain
|
||||
*.md text diff=markdown
|
||||
*.tex text diff=tex
|
||||
*.adoc text
|
||||
*.textile text
|
||||
*.mustache text
|
||||
*.csv text
|
||||
*.tab text
|
||||
*.tsv text
|
||||
*.txt text
|
||||
*.sql text
|
||||
*.ps1 text eol=crlf
|
||||
|
||||
# Graphics
|
||||
*.png binary
|
||||
*.jpg binary
|
||||
*.jpeg binary
|
||||
*.gif binary
|
||||
*.tif binary
|
||||
*.tiff binary
|
||||
*.ico binary
|
||||
# SVG treated as an asset (binary) by default.
|
||||
*.svg text
|
||||
# If you want to treat it as binary,
|
||||
# use the following line instead.
|
||||
# *.svg binary
|
||||
*.eps binary
|
||||
|
||||
# Scripts
|
||||
*.bash text eol=lf
|
||||
*.fish text eol=lf
|
||||
*.sh text eol=lf
|
||||
# These are explicitly windows files and should use crlf
|
||||
*.bat text eol=crlf
|
||||
*.cmd text eol=crlf
|
||||
|
||||
# Serialisation
|
||||
*.json text
|
||||
*.toml text
|
||||
*.xml text
|
||||
*.yaml text
|
||||
*.yml text
|
||||
|
||||
# Archives
|
||||
*.7z binary
|
||||
*.gz binary
|
||||
*.tar binary
|
||||
*.tgz binary
|
||||
*.zip binary
|
||||
|
||||
# Text files where line endings should be preserved
|
||||
*.patch -text
|
||||
|
||||
#
|
||||
# Exclude files from exporting
|
||||
#
|
||||
|
||||
.gitattributes export-ignore
|
||||
.gitignore export-ignore
|
||||
.gitkeep export-ignore
|
1
.gitignore
vendored
Normal file
1
.gitignore
vendored
Normal file
@ -0,0 +1 @@
|
||||
.vscode
|
48
Dockerfile
Normal file
48
Dockerfile
Normal file
@ -0,0 +1,48 @@
|
||||
#
|
||||
# simple postfix smarthost smtp relay
|
||||
#
|
||||
|
||||
FROM alpine:3.13
|
||||
|
||||
# standardized labels
|
||||
LABEL author="Asif Bacchus <asif@bacchus.cloud>"
|
||||
LABEL maintainer="Asif Bacchus <asif@bacchus.cloud>"
|
||||
LABEL org.label-schema.schema-version="1.0"
|
||||
LABEL org.label-schema.docker.cmd=""
|
||||
LABEL org.label-schema.description="Simple postfix smarthost smtp mail relay on Alpine Linux."
|
||||
LABEL org.label-schema.url=""
|
||||
LABEL org.label-schema.usage=""
|
||||
LABEL org.label-schema.vcs-url=""
|
||||
|
||||
# install mSMTP
|
||||
RUN apk --no-cache \
|
||||
ca-certificates \
|
||||
postfix \
|
||||
bind-tools \
|
||||
&& rm -f /var/cache/apk/*
|
||||
|
||||
# set environment variables
|
||||
ENV TZ=Etc/UTC
|
||||
ENV LOCAL_HOSTNAME=${HOSTNAME}
|
||||
ENV LOCAL_DOMAINNAME=${HOSTNAME#*.}
|
||||
ENV LOCAL_ENCRYPTION=false
|
||||
ENV SMARTHOST=""
|
||||
ENV SMARTHOST_PORT=587
|
||||
ENV SMARTHOST_USERNAME=""
|
||||
ENV SMARTHOST_PASSWORD=""
|
||||
ENV SMARTHOST_ENCRYPTION="OPTIONAL"
|
||||
|
||||
# copy configuration snippets
|
||||
COPY main.cf.insert /tmp/main.cf.insert
|
||||
COPY entrypoint.sh /usr/local/bin/entrypoint.sh
|
||||
|
||||
# set entrypoint and default command
|
||||
ENTRYPOINT [ "/usr/local/bin/entrypoint.sh" ]
|
||||
CMD [ "/usr/local/sbin/postfix", "start-fg" ]
|
||||
|
||||
# set parameters, vendor, version and build-date labels
|
||||
LABEL org.label-schema.docker.params="TZ=Etc/UTC, HOSTNAME=HOSTNAME, DOMAINNAME=(derived from hostname), LOCAL_ENCRYPTION=false, SMARTHOST, SMARTHOST_PORT=587, SMARTHOST_USERNAME, SMARTHOST_PASSWORD, SMARTHOST_ENCRYPTION='OPTIONAL'"
|
||||
LABEL org.label-schema.vendor="Alpine 3.13, Postfix 3.5.10-r0"
|
||||
LABEL org.label-schema.version="0.1"
|
||||
ARG BUILD_DATE
|
||||
LABEL org.label-schema.build-date=${BUILD_DATE}
|
82
entrypoint.sh
Executable file
82
entrypoint.sh
Executable file
@ -0,0 +1,82 @@
|
||||
#!/bin/sh
|
||||
|
||||
#
|
||||
# entrypoint script for postfix smarthost mail relay
|
||||
#
|
||||
|
||||
convertCase () {
|
||||
printf "%s" "$1" | tr "[:lower:]" "[:upper:]"
|
||||
}
|
||||
|
||||
printf "\nVerifying environment variables... "
|
||||
|
||||
# check for missing environment variable values
|
||||
if [ -z "$SMARTHOST" ]; then
|
||||
printf "\nYou must specify the hostname or IP address of a smarthost where mail should be relayed.\n\n"
|
||||
fi
|
||||
if [ -z "$SMARTHOST_USERNAME" ]; then
|
||||
printf "\nYou must provide a username for smarthost authentication.\n\n"
|
||||
fi
|
||||
if [ -z "$SMARTHOST_PASSWORD" ]; then
|
||||
printf "\nYou must provide a password for smarthost authentication.\n\n"
|
||||
fi
|
||||
|
||||
# set failsafes
|
||||
[ -z "$SMARTHOST_PORT" ] && SMARTHOST_PORT=587
|
||||
[ -z "$LOCAL_HOSTNAME" ] && LOCAL_HOSTNAME="smarthost"
|
||||
[ -z "$LOCAL_DOMAINNAME" ] && LOCAL_DOMAINNAME="smarthost"
|
||||
|
||||
printf "done\n"
|
||||
printf "updating configuration files... "
|
||||
|
||||
# update main.cf
|
||||
sed -i 's/{LOCAL_HOSTNAME}/${LOCAL_HOSTNAME}/' /tmp/main.cf.insert
|
||||
sed -i 's/{LOCAL_DOMAINNAME}/${LOCAL_DOMAINNAME}/' /tmp/main.cf.insert
|
||||
sed -i 's/{SMARTHOST}/${SMARTHOST}/' /tmp/main.cf.insert
|
||||
sed -i 's/{SMARTHOST_PORT}/${SMARTHOST_PORT}/' /tmp/main.cf.insert
|
||||
sed -i 's/{SMARTHOST_USERNAME}/${SMARTHOST_USERNAME}/' /tmp/main.cf.insert
|
||||
sed -i 's/{SMARTHOST_PASSWORD}/${SMARTHOST_PASSWORD}/' /tmp/main.cf.insert
|
||||
|
||||
LOCAL_ENCRYPTION="$(convertCase "$LOCAL_ENCRYPTION")"
|
||||
case "$LOCAL_ENCRYPTION" in
|
||||
OPT*)
|
||||
sed -i 's/{LOCAL_ENCRYPTION}/may/' /tmp/main.cf.insert
|
||||
sed -i 's/#smtpd_/smtpd_/g' /tmp/main.cf.insert
|
||||
;;
|
||||
TRUE)
|
||||
sed -i 's/{LOCAL_ENCRYPTION}/encrypt/' /tmp/main.cf.insert
|
||||
sed -i 's/#smtpd_/smtpd_/g' /tmp/main.cf.insert
|
||||
;;
|
||||
*)
|
||||
sed -i 's/{LOCAL_ENCRYPTION}//' /tmp/main.cf.insert
|
||||
;;
|
||||
esac
|
||||
|
||||
SMARTHOST_ENCRYPTION="$(convertCase "$SMARTHOST_ENCRYPTION")"
|
||||
case "$SMARTHOST_ENCRYPTION" in
|
||||
OPT*)
|
||||
sed -i 's/{SMARTHOST_ENCRYPTION}/may/' /tmp/main.cf.insert
|
||||
;;
|
||||
TRUE)
|
||||
sed -i 's/{SMARTHOST_ENCRYPTION}/secure/' /tmp/main.cf.insert
|
||||
;;
|
||||
*)
|
||||
sed -i 's/{SMARTHOST_ENCRYPTION}/none/' /tmp/main.cf.insert
|
||||
;;
|
||||
esac
|
||||
|
||||
cat /tmp/main.cf.insert >> /etc/postfix/main.cf
|
||||
rm -f /tmp/main.cf.insert
|
||||
|
||||
# update master.cf
|
||||
sed -i 's/#tlsproxy/tlsproxy/' /etc/postfix/master.cf
|
||||
|
||||
printf "done\n"
|
||||
printf "container setup complete!\n"
|
||||
|
||||
# run CMD passed to this container
|
||||
printf "\nExecuting: %s\n" "$*"
|
||||
exec "$@"
|
||||
|
||||
exit 0
|
||||
#EOF
|
33
main.cf.insert
Normal file
33
main.cf.insert
Normal file
@ -0,0 +1,33 @@
|
||||
#
|
||||
# configure as smarthost
|
||||
#
|
||||
myhostname = {LOCAL_HOSTNAME}
|
||||
mydomain = {LOCAL_DOMAINNAME}
|
||||
|
||||
myorigin = $mydomain
|
||||
mydestination = localhost localhost.$mydomain $myhostname $mydomain
|
||||
mynetworks_style = subnet
|
||||
|
||||
relay_domains =
|
||||
relayhost = [{SMARTHOST}]:{SMARTHOST_PORT}
|
||||
|
||||
#smtpd_tls_chain_files = /certs/privkey.pem, /certs/fullchain.pem
|
||||
#smtpd_tls_mandatory_ciphers = high
|
||||
#smptd_tls_mandatory_exclude_ciphers = aNULL, MD5
|
||||
#smtpd_tls_mandatory_protocols = >=TLSv1.2
|
||||
#smtpd_tls_security_level = {LOCAL_ENCRYPTION}
|
||||
|
||||
smtp_tls_security_level = {SMARTHOST_ENCRYPTION}
|
||||
smtp_tls_connection_reuse = yes
|
||||
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
|
||||
|
||||
smtp_sasl_auth_enable = yes
|
||||
smtp_sasl_password_maps = static:{SMARTHOST_USERNAME}:{SMARTHOST_PASSWORD}
|
||||
smtp_sasl_security_options = noanonymous
|
||||
|
||||
header_size_limit = 4096000
|
||||
relay_destination_concurrency_limit = 20
|
||||
|
||||
soft_bounce = no
|
||||
|
||||
maillog_file = /dev/stdout
|
Loading…
Reference in New Issue
Block a user