Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow configuring SRS secrets using the environment (#885)

This commit is contained in:
James 2018-03-08 15:51:10 -06:00 committed by Johan Smits
parent d691b8df6f
commit 2e8bb4ae34
3 changed files with 28 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
.env.dist
View File

@ -237,3 +237,18 @@ SASLAUTHD_LDAP_FILTER=
# empty => No sasl_passwd will be created # empty => No sasl_passwd will be created
# string => `/etc/postfix/sasl_passwd` will be created with the string as password # string => `/etc/postfix/sasl_passwd` will be created with the string as password
SASL_PASSWD= SASL_PASSWD=
# -----------------------------------------------------------------------------------------------------------------------------
# ---------------- SRS section --------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
# empty => Envelope sender will be rewritten for all domains
# provide comma separated list of domains to exclude from rewriting
SRS_EXCLUDE_DOMAINS=
# empty => generated when the image is built
# provide a secret to use in base64
# you may specify multiple keys, comma separated. the first one is used for
# signing and the remaining will be used for verification. this is how you
# rotate and expire keys
SRS_SECRET=

8
README.md
View File

@ -505,3 +505,11 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
- **empty** => Envelope sender will be rewritten for all domains - **empty** => Envelope sender will be rewritten for all domains
- provide comma seperated list of domains to exclude from rewriting - provide comma seperated list of domains to exclude from rewriting
##### SRS_SECRET
- **empty** => generated when the image is built
- provide a secret to use in base64 **(recommended)**
- you may specify multiple keys, comma separated. the first one is used for signing and the remaining will be used for verification. this is how you rotate and expire keys
- if you have a cluster/swarm make sure the same keys are on all nodes
- example command to generate a key: `dd if=/dev/urandom bs=24 count=1 2>/dev/null | base64`

7
target/postsrsd-wrapper.sh
View File

@ -1,12 +1,15 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# postsrsd-wrapper.sh, version 0.2.0 # postsrsd-wrapper.sh, version 0.2.1
DOMAINNAME="$(hostname -d)" DOMAINNAME="$(hostname -d)"
sed -i -e "s/localdomain/$DOMAINNAME/g" /etc/default/postsrsd sed -i -e "s/localdomain/$DOMAINNAME/g" /etc/default/postsrsd
if [ -n "$SRS_SECRET" ]; then
echo "$SRS_SECRET" | tr ',' '\n' > /etc/postsrsd.secret
fi
if [ -n "$SRS_EXCLUDE_DOMAINS" ]; then if [ -n "$SRS_EXCLUDE_DOMAINS" ]; then
sed -i -e "s/^#\?SRS_EXCLUDE_DOMAINS=.*$/SRS_EXCLUDE_DOMAINS=$SRS_EXCLUDE_DOMAINS/g" /etc/default/postsrsd sed -i -e "s/^#\?SRS_EXCLUDE_DOMAINS=.*$/SRS_EXCLUDE_DOMAINS=$SRS_EXCLUDE_DOMAINS/g" /etc/default/postsrsd
fi fi
/etc/init.d/postsrsd start /etc/init.d/postsrsd start