From e5719ceacbac682b298297219ba3375a898784a3 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sat, 5 Dec 2015 16:44:13 +0100 Subject: [PATCH 1/5] Begening configuration for Letsencrypt support --- .gitignore | 1 + README.md | 56 ++++++++---------------------------- SSL.md | 46 ++++++++++++++++++++++++++++++ start-mailserver.sh | 69 ++++++++++++++++++++++++++++++++------------- 4 files changed, 108 insertions(+), 64 deletions(-) create mode 100644 SSL.md diff --git a/.gitignore b/.gitignore index 2fc3256c..61e94224 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,4 @@ docker-compose.yml postfix/ssl/* assert.sh* +letsencrypt/ \ No newline at end of file diff --git a/README.md b/README.md index 8dbb8155..c24c2fbf 100644 --- a/README.md +++ b/README.md @@ -68,53 +68,21 @@ Volumes allow to: docker-compose up -d mail -# configure ssl - -## generate self-signed ssl certificate - -You can easily generate a self-signed SSL certificate by using the following command: - - docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate - - # Press enter - # Enter a password when needed - # Fill information like Country, Organisation name - # Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate. - # They HAVE to be different, otherwise you'll get a `TXT_DB error number 2` - # Don't fill extras - # Enter same password when needed - # Sign the certificate? [y/n]:y - # 1 out of 1 certificate requests certified, commit? [y/n]y - - # will generate: - # postfix/ssl/mail.my-domain.com-key.pem (used in postfix) - # postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files) - # postfix/ssl/mail.my-domain.com-cert.pem (used in postfix) - # postfix/ssl/mail.my-domain.com-combined.pem (used in courier) - # postfix/ssl/demoCA/cacert.pem (certificate authority) - -Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument. -Check the following page for more information regarding [postfix and SSL/TLS configuration](http://www.mad-hacking.net/documentation/linux/applications/mail/using-ssl-tls-postfix-courier.xml). - -## configure ssl certificate (convention over configuration) - -If a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder. - # client configuration - # imap - username: - password: - server: - imap port: 143 or 993 with ssl (recommended) - imap path prefix: INBOX - auth method: md5 challenge-response + # imap + username: + password: + server: + imap port: 143 or 993 with ssl (recommended) + imap path prefix: INBOX + auth method: md5 challenge-response - # smtp - smtp port: 25 or 587 with ssl (recommended) - username: - password: - auth method: md5 challenge-response + # smtp + smtp port: 25 or 587 with ssl (recommended) + username: + password: + auth method: md5 challenge-response # todo diff --git a/SSL.md b/SSL.md new file mode 100644 index 00000000..0bb3e972 --- /dev/null +++ b/SSL.md @@ -0,0 +1,46 @@ +# docker-mailserver with ssl + +There are multiple options to enable SSL: + +* using [letsencrypt](https://letsencrypt.org/) +* using self-signed certificates with the provided tool + +## let's encrypt + +To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt`. +You also have to mount your `letsencrypt` folder to `/etc/letsencrypt`. + + + +TO BE FINISHED WHEN IT WILL BE TESTED + + + +## self signed certificates + +You can easily generate a self-signed SSL certificate by using the following command: + + docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate + + # Press enter + # Enter a password when needed + # Fill information like Country, Organisation name + # Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate. + # They HAVE to be different, otherwise you'll get a `TXT_DB error number 2` + # Don't fill extras + # Enter same password when needed + # Sign the certificate? [y/n]:y + # 1 out of 1 certificate requests certified, commit? [y/n]y + + # will generate: + # postfix/ssl/mail.my-domain.com-key.pem (used in postfix) + # postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files) + # postfix/ssl/mail.my-domain.com-cert.pem (used in postfix) + # postfix/ssl/mail.my-domain.com-combined.pem (used in courier) + # postfix/ssl/demoCA/cacert.pem (certificate authority) + +Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument. +Check the following page for more information regarding [postfix and SSL/TLS configuration](http://www.mad-hacking.net/documentation/linux/applications/mail/using-ssl-tls-postfix-courier.xml). + +If a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder. + diff --git a/start-mailserver.sh b/start-mailserver.sh index 89d84238..ca5a7ecd 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -54,28 +54,57 @@ echo "Postfix configurations" touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox touch /etc/postfix/virtual && postmap /etc/postfix/virtual -# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder -if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \ -&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \ -&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \ -&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then - echo "Adding $(hostname) SSL certificate" - mkdir -p /etc/postfix/ssl - cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl - cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl - cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl - cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl +# SSL Configuration +case $DMS_SSL in + "letsencrypt" ) + # letsencrypt folders and files mounted in /etc/letsencrypt - # Postfix configuration - sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf - sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf - sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf - sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf - ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem + # Adding certificates from Letsencrypt and IdenTrust + # curl https://letsencrypt.org/certs/isrgrootx1.pem -so /etc/ssl/certs/isrgrootx1.pem + # curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem + # curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem + # curl https://letsencrypt.org/certs/letsencryptauthorityx1.pem -so /etc/ssl/certs/letsencryptauthorityx1.pem + # curl https://letsencrypt.org/certs/letsencryptauthorityx2.pem -so /etc/ssl/certs/letsencryptauthorityx2.pem - # Courier configuration - sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl -fi + # Postfix configuration + sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf + sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf + + # Courier configuration + cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem >> /etc/letsencrypt/live/$(hostname)/combined.pem + sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl + + echo "SSL configured with letsencrypt certificates" + + ;; + + "self-signed" ) + # Adding self-signed SSL certificate if provided in 'postfix/ssl' folder + if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \ + && [ -e "/tmp/postfix/ssl/$(hostname)-key.pem" ] \ + && [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \ + && [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then + echo "Adding $(hostname) SSL certificate" + mkdir -p /etc/postfix/ssl + cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl + cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl + cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl + cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl + + # Postfix configuration + sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf + sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf + sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf + sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf + ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem + + # Courier configuration + sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl + fi + + ;; + +esac echo "Fixing permissions" chown -R 5000:5000 /var/mail From fe553506457a1dfb0dd788226c3c6978525b2b5f Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sat, 5 Dec 2015 17:32:33 +0100 Subject: [PATCH 2/5] Cleaned code after live testing and improved documentation --- .gitignore | 2 +- README.md | 24 ++++++++++++------------ SSL.md | 28 ++++++++++++++++++++++------ docker-compose.yml.dist | 5 ++++- start-mailserver.sh | 7 ------- 5 files changed, 39 insertions(+), 27 deletions(-) diff --git a/.gitignore b/.gitignore index 61e94224..319c0355 100644 --- a/.gitignore +++ b/.gitignore @@ -2,4 +2,4 @@ docker-compose.yml postfix/ssl/* assert.sh* -letsencrypt/ \ No newline at end of file +letsencrypt/ diff --git a/README.md b/README.md index c24c2fbf..0c6cac73 100644 --- a/README.md +++ b/README.md @@ -70,19 +70,19 @@ Volumes allow to: # client configuration - # imap - username: - password: - server: - imap port: 143 or 993 with ssl (recommended) - imap path prefix: INBOX - auth method: md5 challenge-response + # imap + username: + password: + server: + imap port: 143 or 993 with ssl (recommended) + imap path prefix: INBOX + auth method: md5 challenge-response - # smtp - smtp port: 25 or 587 with ssl (recommended) - username: - password: - auth method: md5 challenge-response + # smtp + smtp port: 25 or 587 with ssl (recommended) + username: + password: + auth method: md5 challenge-response # todo diff --git a/SSL.md b/SSL.md index 0bb3e972..023d208d 100644 --- a/SSL.md +++ b/SSL.md @@ -7,14 +7,30 @@ There are multiple options to enable SSL: ## let's encrypt -To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt`. -You also have to mount your `letsencrypt` folder to `/etc/letsencrypt`. - - - -TO BE FINISHED WHEN IT WILL BE TESTED +To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`) +You also have to mount your `letsencrypt` folder to `/etc/letsencrypt` and it should look like that: + ├── etc + │   └── letsencrypt + │   ├── accounts + │   ├── archive + │   │   └── mail.domain.com + │   │   ├── cert1.pem + │   │   ├── chain1.pem + │   │   ├── fullchain1.pem + │   │   └── privkey1.pem + │   ├── csr + │   ├── keys + │   ├── live + │   │   └── mail.domain.com + │   │   ├── cert.pem -> ../../archive/mail.domain.com/cert1.pem + │   │   ├── chain.pem -> ../../archive/mail.domain.com/chain1.pem + │   │   ├── combined.pem + │   │   ├── fullchain.pem -> ../../archive/mail.domain.com/fullchain1.pem + │   │   └── privkey.pem -> ../../archive/mail.domain.com/privkey1.pem + │   └── renewal +You don't have anything else to do. ## self signed certificates diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist index 6f3ba3b4..f5d24f88 100644 --- a/docker-compose.yml.dist +++ b/docker-compose.yml.dist @@ -2,7 +2,7 @@ mail: # image: tvial/docker-mailserver build: . hostname: mail - domainname: my-domain.com + domainname: domain.com ports: - "25:25" - "143:143" @@ -11,3 +11,6 @@ mail: volumes: - ./spamassassin:/tmp/spamassassin/ - ./postfix:/tmp/postfix/ + - ./letsencrypt/etc:/etc/letsencrypt + environment: + - DMS_SSL=letsencrypt diff --git a/start-mailserver.sh b/start-mailserver.sh index ca5a7ecd..72345629 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -59,13 +59,6 @@ case $DMS_SSL in "letsencrypt" ) # letsencrypt folders and files mounted in /etc/letsencrypt - # Adding certificates from Letsencrypt and IdenTrust - # curl https://letsencrypt.org/certs/isrgrootx1.pem -so /etc/ssl/certs/isrgrootx1.pem - # curl https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x1-cross-signed.pem - # curl https://letsencrypt.org/certs/lets-encrypt-x2-cross-signed.pem -so /etc/ssl/certs/lets-encrypt-x2-cross-signed.pem - # curl https://letsencrypt.org/certs/letsencryptauthorityx1.pem -so /etc/ssl/certs/letsencryptauthorityx1.pem - # curl https://letsencrypt.org/certs/letsencryptauthorityx2.pem -so /etc/ssl/certs/letsencryptauthorityx2.pem - # Postfix configuration sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf From 9a869919ecd3e6f80fea79a5138de62d968f8cd0 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sat, 5 Dec 2015 18:01:58 +0100 Subject: [PATCH 3/5] Simplified documentation. Ready to go. --- SSL.md | 69 ++++++++++++++++++++++++---------------------------------- 1 file changed, 28 insertions(+), 41 deletions(-) diff --git a/SSL.md b/SSL.md index 023d208d..13fa91df 100644 --- a/SSL.md +++ b/SSL.md @@ -2,61 +2,48 @@ There are multiple options to enable SSL: -* using [letsencrypt](https://letsencrypt.org/) +* using [letsencrypt](https://letsencrypt.org/) (recommended) * using self-signed certificates with the provided tool -## let's encrypt +After installation, you can test your setup with [checktls.com](https://www.checktls.com/TestReceiver). -To enable Let's Encrypt on your mail server, you have to add en environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`) -You also have to mount your `letsencrypt` folder to `/etc/letsencrypt` and it should look like that: +## let's encrypt (recommended) - ├── etc - │   └── letsencrypt - │   ├── accounts - │   ├── archive - │   │   └── mail.domain.com - │   │   ├── cert1.pem - │   │   ├── chain1.pem - │   │   ├── fullchain1.pem - │   │   └── privkey1.pem - │   ├── csr - │   ├── keys - │   ├── live - │   │   └── mail.domain.com - │   │   ├── cert.pem -> ../../archive/mail.domain.com/cert1.pem - │   │   ├── chain.pem -> ../../archive/mail.domain.com/chain1.pem - │   │   ├── combined.pem - │   │   ├── fullchain.pem -> ../../archive/mail.domain.com/fullchain1.pem - │   │   └── privkey.pem -> ../../archive/mail.domain.com/privkey1.pem - │   └── renewal +To enable Let's Encrypt on your mail server, you have to: -You don't have anything else to do. +* get your certificate using [letsencrypt client](https://github.com/letsencrypt/letsencrypt) +* add an environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`) +* mount your `letsencrypt` folder to `/etc/letsencrypt` + +You don't have anything else to do. Enjoy. ## self signed certificates You can easily generate a self-signed SSL certificate by using the following command: - docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate + docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate - # Press enter - # Enter a password when needed - # Fill information like Country, Organisation name - # Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate. - # They HAVE to be different, otherwise you'll get a `TXT_DB error number 2` - # Don't fill extras - # Enter same password when needed - # Sign the certificate? [y/n]:y - # 1 out of 1 certificate requests certified, commit? [y/n]y + # Press enter + # Enter a password when needed + # Fill information like Country, Organisation name + # Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate. + # They HAVE to be different, otherwise you'll get a `TXT_DB error number 2` + # Don't fill extras + # Enter same password when needed + # Sign the certificate? [y/n]:y + # 1 out of 1 certificate requests certified, commit? [y/n]y - # will generate: - # postfix/ssl/mail.my-domain.com-key.pem (used in postfix) - # postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files) - # postfix/ssl/mail.my-domain.com-cert.pem (used in postfix) - # postfix/ssl/mail.my-domain.com-combined.pem (used in courier) - # postfix/ssl/demoCA/cacert.pem (certificate authority) + # will generate: + # postfix/ssl/mail.my-domain.com-key.pem (used in postfix) + # postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files) + # postfix/ssl/mail.my-domain.com-cert.pem (used in postfix) + # postfix/ssl/mail.my-domain.com-combined.pem (used in courier) + # postfix/ssl/demoCA/cacert.pem (certificate authority) Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument. Check the following page for more information regarding [postfix and SSL/TLS configuration](http://www.mad-hacking.net/documentation/linux/applications/mail/using-ssl-tls-postfix-courier.xml). -If a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder. +To use the certificate: +* add an `DMS_SSL=self-signed` to your container environment variables +* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder. From b7e9221ffa192e4f3260b9677b205f2e14616814 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sat, 5 Dec 2015 19:08:39 +0100 Subject: [PATCH 4/5] Fixed error reported by jderusse --- bin/generate-ssl-certificate | 2 +- start-mailserver.sh | 2 +- test/test.sh | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bin/generate-ssl-certificate b/bin/generate-ssl-certificate index 682b07d4..aee67906 100644 --- a/bin/generate-ssl-certificate +++ b/bin/generate-ssl-certificate @@ -10,5 +10,5 @@ openssl req -new -nodes -keyout /ssl/$FQDN-key.pem -out /ssl/$FQDN-req.pem -days # Sign the public key certificate with CA certificate openssl ca -out /ssl/$FQDN-cert.pem -infiles /ssl/$FQDN-req.pem # Combine certificates for courier -cat /ssl/$FQDN-key.pem /ssl/$FQDN-cert.pem >> /ssl/$FQDN-combined.pem +cat /ssl/$FQDN-key.pem /ssl/$FQDN-cert.pem > /ssl/$FQDN-combined.pem diff --git a/start-mailserver.sh b/start-mailserver.sh index 72345629..ce82eb33 100644 --- a/start-mailserver.sh +++ b/start-mailserver.sh @@ -64,7 +64,7 @@ case $DMS_SSL in sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf # Courier configuration - cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem >> /etc/letsencrypt/live/$(hostname)/combined.pem + cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl echo "SSL configured with letsencrypt certificates" diff --git a/test/test.sh b/test/test.sh index 8eeed27b..43bce4f1 100644 --- a/test/test.sh +++ b/test/test.sh @@ -38,7 +38,7 @@ assert_raises "docker exec mail grep -- '-> ' /var/lo # Testing that a SPAM is rejected assert_raises "docker exec mail grep 'Blocked SPAM' /var/log/mail.log | grep spam@external.tld" -# TODO: Testing that a Virus is rejected +# Testing that a Virus is rejected assert_raises "docker exec mail grep 'Blocked INFECTED' /var/log/mail.log | grep virus@external.tld" # Testing presence of freshclam CRON From 0e4058d70fea494c4dcdada4c8d38be1e6c3a541 Mon Sep 17 00:00:00 2001 From: Thomas VIAL Date: Sun, 6 Dec 2015 21:12:32 +0100 Subject: [PATCH 5/5] Improved documentation and added link to SSL.md --- README.md | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 0c6cac73..8bc438f4 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple- - aliases and fowards/redirects are managed in `./postfix/virtual` - antispam rules are managed in `./spamassassin/rules.cf` - files must be mounted to `/tmp` in your container (see `docker-compose.yml` template) -- ssl is strongly recommended, you can provide a self-signed certificate, see below +- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates - [includes integration tests](https://travis-ci.org/tomav/docker-mailserver) - [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/) @@ -40,23 +40,32 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple- ## run - docker run --name mail -v "$(pwd)/postfix":/tmp/postfix -v "$(pwd)/spamassassin":/tmp/spamassassin -p "25:25" -p "143:143" -p "587:587" -p "993:993" -h mail.my-domain.com -t tvial/docker-mailserver + docker run --name mail \ + -v "$(pwd)/postfix":/tmp/postfix \ + -v "$(pwd)/spamassassin":/tmp/spamassassin \ + -v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \ + -p "25:25" -p "143:143" -p "587:587" -p "993:993" \ + -e DMS_SSL=letsencrypt \ + -h mail.domain.com \ + -t tvial/docker-mailserver ## docker-compose template (recommended) - mail: - # image: tvial/docker-mailserver - build: . - hostname: mail - domainname: my-domain.com - ports: - - "25:25" - - "143:143" - - "587:587" - - "993:993" - volumes: - - ./spamassassin:/tmp/spamassassin/ - - ./postfix:/tmp/postfix/ + mail: + image: tvial/docker-mailserver + hostname: mail + domainname: domain.com + ports: + - "25:25" + - "143:143" + - "587:587" + - "993:993" + volumes: + - ./spamassassin:/tmp/spamassassin/ + - ./postfix:/tmp/postfix/ + - ./letsencrypt/etc:/etc/letsencrypt + environment: + - DMS_SSL=letsencrypt Volumes allow to: