From 26bb8f6b34dcd2feae3646866629b8d550cefd11 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 19:10:58 -0700 Subject: [PATCH 01/15] Support addition of regexp alias file --- target/start-mailserver.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 07c367ed..abd1e4a1 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -78,6 +78,12 @@ if [ -f /tmp/docker-mailserver/postfix-virtual.cf ]; then else echo "==> Warning: 'config/postfix-virtual.cf' is not provided. No mail alias/forward created." fi +if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then + # Copying regexp alias file + echo "Adding regexp alias file postfix-regexp.cf" + cp /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp + sed -i -e "/^virtual_alias_maps/a|/etc/postfix/regexp|" /tmp/docker-mailserver/target/postfix/main.cf +fi # DKIM # Check if keys are already available From 36ed1453ae85932a6ac508b6bb324a15b7f4b118 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 19:23:08 -0700 Subject: [PATCH 02/15] Avoid fixing permissions that look OK --- target/start-mailserver.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index abd1e4a1..9f0d6e1f 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -222,8 +222,13 @@ else echo "==> Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created." fi -echo "Fixing permissions" -chown -R 5000:5000 /var/mail +# Fix permissions, but skip this if 3 levels deep the user id is already set +if [ `find /var/mail -maxdepth 3 \! -user 5000 | grep -c .` != 0 ]; then + echo "Fixing /var/mail permissions" + chown -R 5000:5000 /var/mail +else + echo "Permissions in /var/mail look OK" +fi echo "Creating /etc/mailname" echo $(hostname -d) > /etc/mailname From 70dd4d1519103869a96fb06af0c2079aae41c429 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 21:45:00 -0700 Subject: [PATCH 03/15] support sending via AWS SES --- Dockerfile | 2 +- target/start-mailserver.sh | 22 +++++++++++++++++++++- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 7b0f1a15..e5d6cac5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,7 @@ MAINTAINER Thomas VIAL RUN DEBIAN_FRONTEND=noninteractive apt-get update -q --fix-missing && \ apt-get -y upgrade && \ apt-get -y install --no-install-recommends \ - postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-sieve dovecot-managesieved gamin amavisd-new spamassassin razor pyzor \ + postfix dovecot-core dovecot-imapd dovecot-pop3d dovecot-sieve dovecot-managesieved gamin amavisd-new spamassassin razor pyzor libsasl2-modules \ clamav clamav-daemon libnet-dns-perl libmail-spf-perl bzip2 file gzip p7zip unzip arj rsyslog \ opendkim opendkim-tools opendmarc curl fail2ban ed iptables && \ curl -sk http://neuro.debian.net/lists/trusty.de-m.libre > /etc/apt/sources.list.d/neurodebian.sources.list && \ diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 9f0d6e1f..a364042d 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -211,8 +211,28 @@ else echo "No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided." fi +# Support general SASL password +rm -f /etc/postfix/sasl_passwd if [ ! -z "$SASL_PASSWD" ]; then - echo "$SASL_PASSWD" > /etc/postfix/sasl_passwd + echo "$SASL_PASSWD" >> /etc/postfix/sasl_passwd +fi + +# Support outgoing email relay via Amazon SES +if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then + echo "Setting up outgoing email via AWS SES host $AWS_SES_HOST" + echo "[$AWS_SES_HOST]:25 $AWS_SES_USERPASS" >>/etc/postfix/sasl_passwd + postconf -e \ + "relayhost = [$AWS_SES_HOST]:25" \ + "smtp_sasl_auth_enable = yes" \ + "smtp_sasl_security_options = noanonymous" \ + "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \ + "smtp_use_tls = yes" \ + "smtp_tls_security_level = encrypt" \ + "smtp_tls_note_starttls_offer = yes" +fi + +# Install SASL passwords +if [ -f /etc/postfix/sasl_passwd ]; then postmap hash:/etc/postfix/sasl_passwd rm /etc/postfix/sasl_passwd chown root:root /etc/postfix/sasl_passwd.db From 4151f1f0bd6fdfcc8d315ffcda4518fd844e1de9 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 22:21:29 -0700 Subject: [PATCH 04/15] Docs for new features --- README.md | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index baff8314..4786a2fc 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,31 @@ -# docker-mailserver [![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=master)](https://travis-ci.org/tomav/docker-mailserver) +# docker-mailserver [![Build Status](https://travis-ci.org/tve/docker-mailserver.svg?branch=master)](https://travis-ci.org/tve/docker-mailserver) + +This is a fork of https://github.com/tomav/docker-mailserver with some additional features: + +### Sending outbound mail via Amazon SES + +Instead of letting postfix deliver mail directly it is possible to forward outgoing email +through Amazon SES (Simple Email Service). To enable this feature, define the following two +environment variables in the `docker-compose.yml` with the appropriate values for your AWS SES +subscription (the values for `AWS_SES_USERPASS` are the "SMTP username" and "SMTP password" +provided when yuo create SMTP credentials for SES): +``` + environment: + - AWS_SES_HOST=email-smtp.us-east-1.amazonaws.com + - AWS_SES_USERPASS=AKIAXXXXXXXXXXXXXXXX:kqXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX +``` + +### Configuring regexp aliases + +Additional regexp aliases can be configured by placing them into `config/postfix-regexp.cf`. +The regexp aliases get evaluated after the virtual aliases (`postfix-cirtual.cf`). For example, +the following `config/postfix-regexp.cf` causes all email to test users to be delivered +to `qa@example.com`: +``` +/^test[0-9][0-9]*@example.com/ qa@example.com +``` + +## Overview A fullstack but simple mail server (smtp, imap, antispam, antivirus...). Only configuration files, no SQL database. Keep it simple and versioned. From c2bbb6ad65fd3c5267b9b0efc0a2f8af352ce198 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 22:31:39 -0700 Subject: [PATCH 05/15] gratuitous commit to trigger docker build --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4786a2fc..2f0ad7d7 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # docker-mailserver [![Build Status](https://travis-ci.org/tve/docker-mailserver.svg?branch=master)](https://travis-ci.org/tve/docker-mailserver) -This is a fork of https://github.com/tomav/docker-mailserver with some additional features: +This is a fork of https://github.com/tomav/docker-mailserver with some additional features +described below. ### Sending outbound mail via Amazon SES From d87bb285a633cb3e24ce73ae0c75c7bdea47ca3a Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 22:56:52 -0700 Subject: [PATCH 06/15] fix sed of main.cf for regexp aliases --- target/start-mailserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index a364042d..66f32801 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -82,7 +82,7 @@ if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then # Copying regexp alias file echo "Adding regexp alias file postfix-regexp.cf" cp /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp - sed -i -e "/^virtual_alias_maps/a|/etc/postfix/regexp|" /tmp/docker-mailserver/target/postfix/main.cf + sed -i -e "/^virtual_alias_maps/a|/etc/postfix/regexp|" /etc/postfix/main.cf fi # DKIM From 9ce94f442a29b9187231f1e677ec44e375d791c1 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 23:23:06 -0700 Subject: [PATCH 07/15] fix sed of main.cf for regexp aliases, try #2 --- target/start-mailserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 66f32801..b6ba423f 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -82,7 +82,7 @@ if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then # Copying regexp alias file echo "Adding regexp alias file postfix-regexp.cf" cp /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp - sed -i -e "/^virtual_alias_maps/a|/etc/postfix/regexp|" /etc/postfix/main.cf + sed -i -e "/^virtual_alias_maps/a| regexp:/etc/postfix/regexp|" /etc/postfix/main.cf fi # DKIM From 7f398a6bbcab09b2c8024f9e5d2f77c92db4bc3f Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Sun, 22 May 2016 23:35:09 -0700 Subject: [PATCH 08/15] fix sed of main.cf for regexp aliases, try #3 --- target/start-mailserver.sh | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index b6ba423f..60cce40f 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -82,7 +82,10 @@ if [ -f /tmp/docker-mailserver/postfix-regexp.cf ]; then # Copying regexp alias file echo "Adding regexp alias file postfix-regexp.cf" cp /tmp/docker-mailserver/postfix-regexp.cf /etc/postfix/regexp - sed -i -e "/^virtual_alias_maps/a| regexp:/etc/postfix/regexp|" /etc/postfix/main.cf + sed -i -e '/^virtual_alias_maps/{ + s/ regexp:.*// + s/$/ regexp:\/etc\/postfix\/regexp/ + }' /etc/postfix/main.cf fi # DKIM From 6d8b8d1a6e99b4131769f95cc42dce89f9f5f135 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 00:03:22 -0700 Subject: [PATCH 09/15] AWS SES needs ca-certificates --- target/start-mailserver.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 60cce40f..72671547 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -231,7 +231,8 @@ if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd" \ "smtp_use_tls = yes" \ "smtp_tls_security_level = encrypt" \ - "smtp_tls_note_starttls_offer = yes" + "smtp_tls_note_starttls_offer = yes" \ + "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt" fi # Install SASL passwords From 288e79f59e17ee0ba812e884bb7aaba452117527 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 20:38:11 -0700 Subject: [PATCH 10/15] tests for regexp alias --- test/config/postfix-regexp.cf | 2 ++ .../existing-regexp-alias-external.txt | 12 ++++++++++++ test/email-templates/existing-regexp-alias-local.txt | 12 ++++++++++++ 3 files changed, 26 insertions(+) create mode 100644 test/config/postfix-regexp.cf create mode 100644 test/email-templates/existing-regexp-alias-external.txt create mode 100644 test/email-templates/existing-regexp-alias-local.txt diff --git a/test/config/postfix-regexp.cf b/test/config/postfix-regexp.cf new file mode 100644 index 00000000..ac8e5e73 --- /dev/null +++ b/test/config/postfix-regexp.cf @@ -0,0 +1,2 @@ +/^test[0-9][0-9]*@localhost.localdomain/ user1@localhost.localdomain +/^bounce.*@.*/ external1@otherdomain.tld diff --git a/test/email-templates/existing-regexp-alias-external.txt b/test/email-templates/existing-regexp-alias-external.txt new file mode 100644 index 00000000..ab5ecd11 --- /dev/null +++ b/test/email-templates/existing-regexp-alias-external.txt @@ -0,0 +1,12 @@ +HELO mail.external.tld +MAIL FROM: user@external.tld +RCPT TO: bounce-always@localhost.localdomain +DATA +From: Docker Mail Server +To: Existing Local User +Date: Sat, 22 May 2010 07:43:25 -0400 +Subject: Test Message +This is a test mail. + +. +QUIT diff --git a/test/email-templates/existing-regexp-alias-local.txt b/test/email-templates/existing-regexp-alias-local.txt new file mode 100644 index 00000000..99170500 --- /dev/null +++ b/test/email-templates/existing-regexp-alias-local.txt @@ -0,0 +1,12 @@ +HELO mail.external.tld +MAIL FROM: user@external.tld +RCPT TO: test123@localhost.localdomain +DATA +From: Docker Mail Server +To: Existing Local User +Date: Sat, 22 May 2010 07:43:25 -0400 +Subject: Test Message +This is a test mail. + +. +QUIT From 1ff72b2faf62e66ff912d9ac9ce4a1f35b449065 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 20:45:58 -0700 Subject: [PATCH 11/15] improve finder for botched permissions --- target/start-mailserver.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index 72671547..6e8ba07b 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -247,7 +247,7 @@ else fi # Fix permissions, but skip this if 3 levels deep the user id is already set -if [ `find /var/mail -maxdepth 3 \! -user 5000 | grep -c .` != 0 ]; then +if [ `find /var/mail -maxdepth 3 -a \( \! -user 5000 -o \! -group 5000 \) | grep -c .` != 0 ]; then echo "Fixing /var/mail permissions" chown -R 5000:5000 /var/mail else From 12ff51daaa5f8ead2e06b6b111bb84cf307231d1 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 21:24:03 -0700 Subject: [PATCH 12/15] Revert "Docs for new features" This reverts commit 4151f1f0bd6fdfcc8d315ffcda4518fd844e1de9. Conflicts: README.md --- README.md | 30 +----------------------------- 1 file changed, 1 insertion(+), 29 deletions(-) diff --git a/README.md b/README.md index 2f0ad7d7..baff8314 100644 --- a/README.md +++ b/README.md @@ -1,32 +1,4 @@ -# docker-mailserver [![Build Status](https://travis-ci.org/tve/docker-mailserver.svg?branch=master)](https://travis-ci.org/tve/docker-mailserver) - -This is a fork of https://github.com/tomav/docker-mailserver with some additional features -described below. - -### Sending outbound mail via Amazon SES - -Instead of letting postfix deliver mail directly it is possible to forward outgoing email -through Amazon SES (Simple Email Service). To enable this feature, define the following two -environment variables in the `docker-compose.yml` with the appropriate values for your AWS SES -subscription (the values for `AWS_SES_USERPASS` are the "SMTP username" and "SMTP password" -provided when yuo create SMTP credentials for SES): -``` - environment: - - AWS_SES_HOST=email-smtp.us-east-1.amazonaws.com - - AWS_SES_USERPASS=AKIAXXXXXXXXXXXXXXXX:kqXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -``` - -### Configuring regexp aliases - -Additional regexp aliases can be configured by placing them into `config/postfix-regexp.cf`. -The regexp aliases get evaluated after the virtual aliases (`postfix-cirtual.cf`). For example, -the following `config/postfix-regexp.cf` causes all email to test users to be delivered -to `qa@example.com`: -``` -/^test[0-9][0-9]*@example.com/ qa@example.com -``` - -## Overview +# docker-mailserver [![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=master)](https://travis-ci.org/tomav/docker-mailserver) A fullstack but simple mail server (smtp, imap, antispam, antivirus...). Only configuration files, no SQL database. Keep it simple and versioned. From dcad03f3f030bba2e4082106c6543472b8f1efbb Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 21:30:22 -0700 Subject: [PATCH 13/15] add forgotten tests.bat --- test/tests.bats | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index 4a6eaf51..2bab78ff 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -140,10 +140,16 @@ [ "$output" = 1 ] } -@test "checking smtp: user1 should have received 2 mails" { +@test "checking smtp: delivers mail to regexp alias" { + run docker exec mail /bin/sh -c "grep 'to=, orig_to=' /var/log/mail/mail.log | grep 'status=sent' | wc -l" + [ "$status" -eq 0 ] + [ "$output" = 1 ] +} + +@test "checking smtp: user1 should have received 3 mails" { run docker exec mail /bin/sh -c "ls -A /var/mail/localhost.localdomain/user1/new | wc -l" [ "$status" -eq 0 ] - [ "$output" = 2 ] + [ "$output" = 3 ] } @test "checking smtp: rejects mail to unknown user" { @@ -152,7 +158,7 @@ [ "$output" = 1 ] } -@test "checking smtp: redirects mail to external alias" { +@test "checking smtp: redirects mail to external aliases" { run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] [ "$output" = 1 ] From cf6d9a4409ac40ccac38d403d6c4a6d3bdba3f2e Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 21:43:08 -0700 Subject: [PATCH 14/15] try to fix tests --- Makefile | 2 ++ 1 file changed, 2 insertions(+) diff --git a/Makefile b/Makefile index cf470aa9..0512f8d2 100644 --- a/Makefile +++ b/Makefile @@ -60,6 +60,8 @@ fixtures: docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-external.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-alias-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-user.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-external.txt" + docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/existing-regexp-alias-local.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/sieve-spam-folder.txt" docker exec mail /bin/sh -c "nc 0.0.0.0 25 < /tmp/docker-mailserver-test/email-templates/non-existing-user.txt" # Wait for mails to be analyzed From c8169c0a340cf2dab14413682b1d440d3a1d9977 Mon Sep 17 00:00:00 2001 From: Thorsten von Eicken Date: Mon, 23 May 2016 22:23:54 -0700 Subject: [PATCH 15/15] try #2 to fix tests --- test/tests.bats | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/tests.bats b/test/tests.bats index 2bab78ff..b4a2d44e 100644 --- a/test/tests.bats +++ b/test/tests.bats @@ -131,7 +131,7 @@ @test "checking smtp: delivers mail to existing account" { run docker exec mail /bin/sh -c "grep 'status=sent (delivered via dovecot service)' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] - [ "$output" -eq 3 ] + [ "$output" -eq 4 ] } @test "checking smtp: delivers mail to existing alias" { @@ -161,7 +161,7 @@ @test "checking smtp: redirects mail to external aliases" { run docker exec mail /bin/sh -c "grep -- '-> ' /var/log/mail/mail.log | wc -l" [ "$status" -eq 0 ] - [ "$output" = 1 ] + [ "$output" = 2 ] } @test "checking smtp: rejects spam" {