From 87730cabbd98b28eab1b88e32c9caf6495e33ec4 Mon Sep 17 00:00:00 2001 From: Philippe Chepy Date: Fri, 11 Mar 2016 00:04:23 +0100 Subject: [PATCH 1/3] Revised package installation and cleanup process Package installation is now run in one command. Cleanup process is now done at end of script. --- Dockerfile | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4c893e81..7cf9fa25 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,18 @@ FROM ubuntu:14.04 MAINTAINER Thomas VIAL + +ENV DEBIAN_FRONTEND noninteractive + # Packages -RUN apt-get update -q --fix-missing -RUN apt-get -y upgrade -RUN DEBIAN_FRONTEND=noninteractive apt-get -y install vim postfix sasl2-bin courier-imap courier-imap-ssl \ +RUN apt-get update && \ + apt-get upgrade -y --no-install-recommends && \ + apt-get install -y --no-install-recommends vim postfix sasl2-bin courier-imap courier-imap-ssl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ opendkim opendkim-tools opendmarc curl fail2ban -RUN apt-get autoclean && rm -rf /var/lib/apt/lists/* + + # Configures Saslauthd RUN rm -rf /var/run/saslauthd && ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd @@ -59,6 +63,12 @@ RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/s ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh RUN chmod +x /usr/local/bin/start-mailserver.sh + +RUN apt-get clean && \ + rm -rf /tmp/* /var/tmp/* && \ + rm -rf /var/lib/apt/lists/* + + # SMTP ports EXPOSE 25 EXPOSE 587 From c47c651812811b9573aebe8b89407f497c8d6fe4 Mon Sep 17 00:00:00 2001 From: Philippe Chepy Date: Fri, 11 Mar 2016 12:19:20 +0100 Subject: [PATCH 2/3] Image size optimization Merged most RUN commands in Dockerfile. Replaced ADD commands by COPY of the whole /etc and /usr in one operation. --- Dockerfile | 107 ++++++++---------- .../etc/default/opendkim | 0 .../etc/default/opendmarc | 0 {postfix => target/etc}/opendkim.conf | 0 {postfix => target/etc/opendkim}/TrustedHosts | 0 {postfix => target/etc}/opendmarc.conf | 0 {postfix => target/etc/postfix}/main.cf | 0 {postfix => target/etc/postfix}/master.cf | 0 .../sasl => target/etc/postfix}/smtpd.conf | 0 .../usr/local/bin}/generate-ssl-certificate | 0 .../usr/local/bin/start-mailserver.sh | 0 11 files changed, 47 insertions(+), 60 deletions(-) rename postfix/default-opendkim => target/etc/default/opendkim (100%) rename postfix/default-opendmarc => target/etc/default/opendmarc (100%) rename {postfix => target/etc}/opendkim.conf (100%) rename {postfix => target/etc/opendkim}/TrustedHosts (100%) rename {postfix => target/etc}/opendmarc.conf (100%) rename {postfix => target/etc/postfix}/main.cf (100%) rename {postfix => target/etc/postfix}/master.cf (100%) rename {postfix/sasl => target/etc/postfix}/smtpd.conf (100%) rename {bin => target/usr/local/bin}/generate-ssl-certificate (100%) rename start-mailserver.sh => target/usr/local/bin/start-mailserver.sh (100%) diff --git a/Dockerfile b/Dockerfile index 7cf9fa25..36275516 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,81 +4,68 @@ MAINTAINER Thomas VIAL ENV DEBIAN_FRONTEND noninteractive + + # Packages RUN apt-get update && \ apt-get upgrade -y --no-install-recommends && \ - apt-get install -y --no-install-recommends vim postfix sasl2-bin courier-imap courier-imap-ssl \ + apt-get install -y --no-install-recommends \ + postfix sasl2-bin libsasl2-modules courier-imap courier-imap-ssl \ courier-pop courier-pop-ssl courier-authdaemon supervisor gamin amavisd-new spamassassin clamav clamav-daemon libnet-dns-perl libmail-spf-perl \ pyzor razor arj bzip2 cabextract cpio file gzip nomarch p7zip pax unzip zip zoo rsyslog mailutils netcat \ opendkim opendkim-tools opendmarc curl fail2ban +# Copy configuration files/executables +COPY /target / + + + # Configures Saslauthd -RUN rm -rf /var/run/saslauthd && ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd -RUN adduser postfix sasl -RUN echo 'NAME="saslauthd"\nSTART=yes\nMECHANISMS="sasldb"\nTHREADS=0\nPWDIR=/var/spool/postfix/var/run/saslauthd\nPIDFILE="${PWDIR}/saslauthd.pid"\nOPTIONS="-n 0 -c -m /var/spool/postfix/var/run/saslauthd"' > /etc/default/saslauthd - -# Configures Courier -RUN sed -i -r 's/daemons=5/daemons=1/g' /etc/courier/authdaemonrc -RUN sed -i -r 's/authmodulelist="authpam"/authmodulelist="authuserdb"/g' /etc/courier/authdaemonrc - -# Enables Spamassassin and CRON updates -RUN sed -i -r 's/^(CRON|ENABLED)=0/\1=1/g' /etc/default/spamassassin - -# Enables Amavis -RUN sed -i -r 's/#(@| \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_filter_mode -RUN adduser clamav amavis -RUN adduser amavis clamav -RUN useradd -u 5000 -d /home/docker -s /bin/bash -p $(echo docker | openssl passwd -1 -stdin) docker - -# Enables Clamav -RUN chmod 644 /etc/clamav/freshclam.conf -RUN (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab - -RUN freshclam - -# Configure DKIM (opendkim) -RUN mkdir -p /etc/opendkim/keys -ADD postfix/TrustedHosts /etc/opendkim/TrustedHosts -# DKIM config files -ADD postfix/opendkim.conf /etc/opendkim.conf -ADD postfix/default-opendkim /etc/default/opendkim - -# Configure DMARC (opendmarc) -ADD postfix/opendmarc.conf /etc/opendmarc.conf -ADD postfix/default-opendmarc /etc/default/opendmarc - -# Configures Postfix -ADD postfix/main.cf /etc/postfix/main.cf -ADD postfix/master.cf /etc/postfix/master.cf -ADD postfix/sasl/smtpd.conf /etc/postfix/sasl/smtpd.conf -ADD bin/generate-ssl-certificate /usr/local/bin/generate-ssl-certificate -RUN chmod +x /usr/local/bin/generate-ssl-certificate - -# Get LetsEncrypt signed certificate -RUN curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem -RUN curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem - -# Start-mailserver script -ADD start-mailserver.sh /usr/local/bin/start-mailserver.sh -RUN chmod +x /usr/local/bin/start-mailserver.sh - - -RUN apt-get clean && \ +RUN rm -rf /var/run/saslauthd && ln -s /var/spool/postfix/var/run/saslauthd /var/run/saslauthd && \ + adduser postfix sasl && \ + echo 'NAME="saslauthd"\nSTART=yes\nMECHANISMS="sasldb"\nTHREADS=0\nPWDIR=/var/spool/postfix/var/run/saslauthd\nPIDFILE="${PWDIR}/saslauthd.pid"\nOPTIONS="-n 0 -c -m /var/spool/postfix/var/run/saslauthd"' > /etc/default/saslauthd && \ + \ + # Configures Courier \ + sed -i -r 's/daemons=5/daemons=1/g' /etc/courier/authdaemonrc && \ + sed -i -r 's/authmodulelist="authpam"/authmodulelist="authuserdb"/g' /etc/courier/authdaemonrc && \ + \ + # Enables Spamassassin and CRON updates \ + sed -i -r 's/^(CRON|ENABLED)=0/\1=1/g' /etc/default/spamassassin && \ + \ + # Enables Amavis \ + sed -i -r 's/#(@| \\%)bypass/\1bypass/g' /etc/amavis/conf.d/15-content_filter_mode && \ + adduser clamav amavis && \ + adduser amavis clamav && \ + useradd -u 5000 -d /home/docker -s /bin/bash -p $(echo docker | openssl passwd -1 -stdin) docker && \ + \ + # Enables Clamav \ + chmod 644 /etc/clamav/freshclam.conf && \ + (crontab -l ; echo "0 1 * * * /usr/bin/freshclam --quiet") | sort - | uniq - | crontab - && \ + freshclam && \ + \ + # Configure DKIM (opendkim) \ + mkdir -p /etc/opendkim/keys && \ + chmod +x /usr/local/bin/generate-ssl-certificate && \ + \ + # Get LetsEncrypt signed certificate \ + curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem && \ + curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem > /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem && \ + \ + # Start-mailserver script \ + chmod +x /usr/local/bin/start-mailserver.sh && \ + \ + # Cleanup + apt-get clean && \ rm -rf /tmp/* /var/tmp/* && \ rm -rf /var/lib/apt/lists/* -# SMTP ports -EXPOSE 25 -EXPOSE 587 -# IMAP ports -EXPOSE 143 -EXPOSE 993 +# SMTP | IMAP | POP3 +EXPOSE 25 587 143 993 110 995 + -# POP3 ports -EXPOSE 110 -EXPOSE 995 CMD /usr/local/bin/start-mailserver.sh diff --git a/postfix/default-opendkim b/target/etc/default/opendkim similarity index 100% rename from postfix/default-opendkim rename to target/etc/default/opendkim diff --git a/postfix/default-opendmarc b/target/etc/default/opendmarc similarity index 100% rename from postfix/default-opendmarc rename to target/etc/default/opendmarc diff --git a/postfix/opendkim.conf b/target/etc/opendkim.conf similarity index 100% rename from postfix/opendkim.conf rename to target/etc/opendkim.conf diff --git a/postfix/TrustedHosts b/target/etc/opendkim/TrustedHosts similarity index 100% rename from postfix/TrustedHosts rename to target/etc/opendkim/TrustedHosts diff --git a/postfix/opendmarc.conf b/target/etc/opendmarc.conf similarity index 100% rename from postfix/opendmarc.conf rename to target/etc/opendmarc.conf diff --git a/postfix/main.cf b/target/etc/postfix/main.cf similarity index 100% rename from postfix/main.cf rename to target/etc/postfix/main.cf diff --git a/postfix/master.cf b/target/etc/postfix/master.cf similarity index 100% rename from postfix/master.cf rename to target/etc/postfix/master.cf diff --git a/postfix/sasl/smtpd.conf b/target/etc/postfix/smtpd.conf similarity index 100% rename from postfix/sasl/smtpd.conf rename to target/etc/postfix/smtpd.conf diff --git a/bin/generate-ssl-certificate b/target/usr/local/bin/generate-ssl-certificate similarity index 100% rename from bin/generate-ssl-certificate rename to target/usr/local/bin/generate-ssl-certificate diff --git a/start-mailserver.sh b/target/usr/local/bin/start-mailserver.sh similarity index 100% rename from start-mailserver.sh rename to target/usr/local/bin/start-mailserver.sh From 8de15b6a57bf03039fdffebfe76713088f9be4bb Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sat, 19 Mar 2016 17:45:42 +0100 Subject: [PATCH 3/3] Checking configuration --- Makefile | 20 +++++++------------- postfix/accounts.cf | 3 ++- postfix/virtual | 9 ++------- target/usr/local/bin/start-mailserver.sh | 2 +- test/{ => postfix}/accounts.cf | 0 test/{ => postfix}/main.cf | 0 test/{ => postfix}/virtual | 0 test/spamassassin/rules.cf | 1 + 8 files changed, 13 insertions(+), 22 deletions(-) rename test/{ => postfix}/accounts.cf (100%) rename test/{ => postfix}/main.cf (100%) rename test/{ => postfix}/virtual (100%) create mode 100644 test/spamassassin/rules.cf diff --git a/Makefile b/Makefile index aed0b797..8ca1ec29 100644 --- a/Makefile +++ b/Makefile @@ -7,14 +7,10 @@ build: docker build --no-cache -t $(NAME) . run: - # Copy test files - cp test/accounts.cf postfix/ - cp test/main.cf postfix/ - cp test/virtual postfix/ # Run containers docker run -d --name mail \ - -v "`pwd`/postfix":/tmp/postfix \ - -v "`pwd`/spamassassin":/tmp/spamassassin \ + -v "`pwd`/test/postfix":/tmp/postfix \ + -v "`pwd`/test/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/test \ -e SA_TAG=1.0 \ -e SA_TAG2=2.0 \ @@ -22,14 +18,14 @@ run: -e SASL_PASSWD=testing \ -h mail.my-domain.com -t $(NAME) docker run -d --name mail_pop3 \ - -v "`pwd`/postfix":/tmp/postfix \ - -v "`pwd`/spamassassin":/tmp/spamassassin \ + -v "`pwd`/test/postfix":/tmp/postfix \ + -v "`pwd`/test/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/test \ -e ENABLE_POP3=1 \ -h mail.my-domain.com -t $(NAME) docker run -d --name mail_smtponly \ - -v "`pwd`/postfix":/tmp/postfix \ - -v "`pwd`/spamassassin":/tmp/spamassassin \ + -v "`pwd`/test/postfix":/tmp/postfix \ + -v "`pwd`/test/spamassassin":/tmp/spamassassin \ -v "`pwd`/test":/tmp/test \ -e SMTP_ONLY=1 \ -h mail.my-domain.com -t $(NAME) @@ -45,14 +41,12 @@ fixtures: docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/existing-user.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/test/email-templates/non-existing-user.txt" # Wait for mails to be analyzed - sleep 10 + sleep 30 tests: # Start tests ./test/bats/bats test/tests.bats clean: - # Get default files back - git checkout postfix/accounts.cf postfix/main.cf postfix/virtual # Remove running test containers docker rm -f mail mail_pop3 mail_smtponly diff --git a/postfix/accounts.cf b/postfix/accounts.cf index ecb0f063..8f209cc6 100644 --- a/postfix/accounts.cf +++ b/postfix/accounts.cf @@ -1 +1,2 @@ -user@domain.tld|mypassword +user1@localhost.localdomain|mypassword +user2@otherdomain.tld|mypassword diff --git a/postfix/virtual b/postfix/virtual index ca220715..e93eb8fb 100644 --- a/postfix/virtual +++ b/postfix/virtual @@ -1,7 +1,2 @@ -# -# ALIAS => from alias@domain.tld (alias) to user@domain.tld (real account), space separated -# alias@domain.tld user@domain.tld -# -# FORWARD => from redirect@domain.tld to a list of internal/external email addresses, space separated -# redirect@domain.tld otheruser@domain.tld otheruser@otherdomain.tld -# +alias1@localhost.localdomain user1@localhost.localdomain +alias2@localhost.localdomain external1@otherdomain.tld diff --git a/target/usr/local/bin/start-mailserver.sh b/target/usr/local/bin/start-mailserver.sh index 46f1ff45..4ff2abff 100644 --- a/target/usr/local/bin/start-mailserver.sh +++ b/target/usr/local/bin/start-mailserver.sh @@ -263,8 +263,8 @@ if [ "$ENABLE_POP3" = 1 -a "$SMTP_ONLY" != 1 ]; then /etc/init.d/courier-pop-ssl start fi -/etc/init.d/spamassassin start /etc/init.d/clamav-daemon start +/etc/init.d/spamassassin start /etc/init.d/amavis start /etc/init.d/opendkim start /etc/init.d/opendmarc start diff --git a/test/accounts.cf b/test/postfix/accounts.cf similarity index 100% rename from test/accounts.cf rename to test/postfix/accounts.cf diff --git a/test/main.cf b/test/postfix/main.cf similarity index 100% rename from test/main.cf rename to test/postfix/main.cf diff --git a/test/virtual b/test/postfix/virtual similarity index 100% rename from test/virtual rename to test/postfix/virtual diff --git a/test/spamassassin/rules.cf b/test/spamassassin/rules.cf new file mode 100644 index 00000000..891e84ff --- /dev/null +++ b/test/spamassassin/rules.cf @@ -0,0 +1 @@ +# Place you custom Spamassasin rules here \ No newline at end of file