diff --git a/Dockerfile b/Dockerfile index 677394a1..6791a7f1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -43,6 +43,7 @@ RUN apt-get update -q --fix-missing && \ opendmarc \ p7zip \ postfix-ldap \ + postfix-pcre \ postfix-policyd-spf-python \ pyzor \ razor \ diff --git a/target/start-mailserver.sh b/target/start-mailserver.sh index e2c4d5e3..19989a4f 100644 --- a/target/start-mailserver.sh +++ b/target/start-mailserver.sh @@ -22,6 +22,8 @@ DEFAULT_VARS["ENABLE_SASLAUTHD"]="${ENABLE_SASLAUTHD:="0"}" DEFAULT_VARS["SMTP_ONLY"]="${SMTP_ONLY:="0"}" DEFAULT_VARS["DMS_DEBUG"]="${DMS_DEBUG:="0"}" DEFAULT_VARS["OVERRIDE_HOSTNAME"]="${OVERRIDE_HOSTNAME}" +DEFAULT_VARS["ADD_PERMIT_NETWORK"]="${ADD_PERMIT_NETWORK}" +DEFAULT_VARS["DISABLE_FILTERS_FOR_MYNETWORKS"]="${DISABLE_FILTERS_FOR_MYNETWORKS}" ########################################################################## # << DEFAULT VARS ########################################################################## @@ -111,6 +113,7 @@ function register_functions() { _register_setup_function "_setup_postfix_sasl_password" _register_setup_function "_setup_security_stack" _register_setup_function "_setup_postfix_aliases" + _register_setup_function "_setup_postfix_rejections" _register_setup_function "_setup_postfix_vhost" if [ ! -z "$AWS_SES_HOST" -a ! -z "$AWS_SES_USERPASS" ]; then @@ -121,7 +124,7 @@ function register_functions() { _register_setup_function "_setup_postfix_virtual_transport" fi - _register_setup_function "_setup_environment" + _register_setup_function "_setup_environment" ################### << setup funcs @@ -587,6 +590,15 @@ function _setup_postgrey() { if [ -f /tmp/docker-mailserver/whitelist_clients.local ]; then cp -f /tmp/docker-mailserver/whitelist_clients.local /etc/postgrey/whitelist_clients.local fi + if [ -f /tmp/docker-mailserver/whitelist_recipients.local ]; then + cp -f /tmp/docker-mailserver/whitelist_recipients.local /etc/postgrey/whitelist_recipients.local + fi + if [ -f /tmp/docker-mailserver/postgrey-whitelist_clients.local ]; then + cp -f /tmp/docker-mailserver/postgrey-whitelist_clients.local /etc/postgrey/whitelist_clients.local + fi + if [ -f /tmp/docker-mailserver/postgrey-whitelist_recipients.local ]; then + cp -f /tmp/docker-mailserver/postgrey-whitelist_recipients.local /etc/postgrey/whitelist_recipients.local + fi } @@ -691,6 +703,19 @@ function _setup_postfix_aliases() { fi } +function _setup_postfix_rejections() { + notify 'task' 'Setting up Postfix Rejections' + + if [ -f /tmp/docker-mailserver/postfix-reject_header_checks ]; then + cp -f /tmp/docker-mailserver/postfix-reject_header_checks /etc/postfix/reject_header_checks + postconf -e "header_checks = pcre:/etc/postfix/reject_body_checks" + fi + if [ -f /tmp/docker-mailserver/postfix-reject_body_checks ]; then + cp -f /tmp/docker-mailserver/postfix-reject_body_checks /etc/postfix/reject_body_checks + postconf -e "body_checks = pcre:/etc/postfix/reject_body_checks" + fi +} + function _setup_dkim() { notify 'task' 'Setting up DKIM' @@ -823,33 +848,44 @@ function _setup_postfix_vhost() { } function _setup_docker_permit() { - notify 'task' 'Setting up PERMIT_DOCKER Option' + notify 'task' 'Setting up PERMIT_DOCKER and ADD_PERMIT_NETWORK Options' container_ip=$(ip addr show eth0 | grep 'inet ' | sed 's/[^0-9\.\/]*//g' | cut -d '/' -f 1) container_network="$(echo $container_ip | cut -d '.' -f1-2).0.0" + if [[ ! -z ${DEFAULT_VARS["ADD_PERMIT_NETWORK"]} ]]; then + add_permit_network="$ADD_PERMIT_NETWORK" + else + add_permit_network="" + fi + case $PERMIT_DOCKER in "host" ) notify 'inf' "Adding $container_network/16 to my networks" - postconf -e "$(postconf | grep '^mynetworks =') $container_network/16" + postconf -e "$(postconf | grep '^mynetworks =') $container_network/16 $add_permit_network" echo $container_network/16 >> /etc/opendmarc/ignore.hosts echo $container_network/16 >> /etc/opendkim/TrustedHosts ;; "network" ) notify 'inf' "Adding docker network in my networks" - postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12" + postconf -e "$(postconf | grep '^mynetworks =') 172.16.0.0/12 $add_permit_network" echo 172.16.0.0/12 >> /etc/opendmarc/ignore.hosts echo 172.16.0.0/12 >> /etc/opendkim/TrustedHosts ;; * ) notify 'inf' "Adding container ip in my networks" - postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32" + postconf -e "$(postconf | grep '^mynetworks =') $container_ip/32 $add_permit_network" echo $container_ip/32 >> /etc/opendmarc/ignore.hosts echo $container_ip/32 >> /etc/opendkim/TrustedHosts ;; esac + + if [[ ! -z ${DEFAULT_VARS["ADD_PERMIT_NETWORK"]} ]]; then + echo $add_permit_network >> /etc/opendmarc/ignore.hosts + echo $add_permit_network >> /etc/opendkim/TrustedHosts + fi } function _setup_postfix_virtual_transport() { @@ -930,7 +966,7 @@ function _setup_security_stack() { # recreate auto-generated file dms_amavis_file="/etc/amavis/conf.d/61-dms_auto_generated" - echo "# WARNING: this file is auto-generated." > $dms_amavis_file + echo "# WARNING: this file is auto-generated." > $dms_amavis_file echo "use strict;" >> $dms_amavis_file # Spamassassin @@ -954,6 +990,29 @@ function _setup_security_stack() { notify 'inf' "Enabling clamav" fi + # Disable filters for mynetworks + if [ "$DISABLE_FILTERS_FOR_MYNETWORKS" = 1 ]; then + notify 'inf' "Disabling filters for mynetworks" + + echo "" >>$dms_amavis_file + echo "# list of local IPs:" >>$dms_amavis_file + echo "@mynetworks = qw( $(postconf | grep '^mynetworks =' | sed 's/mynetworks = //' | sed 's/ /\n/g' | grep "\." | sed -e ':a' -e 'N' -e '$!ba' -e 's/\n/ /g') );" >>$dms_amavis_file + echo "" >>$dms_amavis_file + echo "# allow all mail from local IPs:" >>$dms_amavis_file + echo "\$policy_bank{'MYNETS'} = {" >>$dms_amavis_file + echo " bypass_decode_parts => 1," >>$dms_amavis_file + echo " bypass_header_checks_maps => [1]," >>$dms_amavis_file + echo " bypass_virus_checks_maps => [1]," >>$dms_amavis_file + echo " bypass_spam_checks_maps => [1]," >>$dms_amavis_file + echo " bypass_banned_checks_maps => [1]," >>$dms_amavis_file + echo " bypass_header_checks_maps => [1]," >>$dms_amavis_file + echo " spam_lovers_maps => [1]," >>$dms_amavis_file + echo " banned_files_lovers_maps => [1]," >>$dms_amavis_file + echo " archive_quarantine_to_maps => []," >>$dms_amavis_file + echo "};" >>$dms_amavis_file + echo "" >>$dms_amavis_file + fi + echo "1; # ensure a defined return" >> $dms_amavis_file @@ -1097,6 +1156,13 @@ function _misc_save_states() { chown -R postgrey /var/mail-state/lib-postgrey chown -R debian-spamd /var/mail-state/lib-spamassasin chown -R postfix /var/mail-state/spool-postfix + chown -R postfix:postdrop /var/mail-state/spool-postfix/maildrop + chown -R postfix:postdrop /var/mail-state/spool-postfix/public + chown -R root:root /var/mail-state/spool-postfix/dev + chown -R root:root /var/mail-state/spool-postfix/etc + chown -R root:root /var/mail-state/spool-postfix/lib + chown -R root:root /var/mail-state/spool-postfix/pid + chown -R root:root /var/mail-state/spool-postfix/usr fi } @@ -1252,10 +1318,8 @@ notify 'taskgrp' "# $HOSTNAME is up and running" notify 'taskgrp' "#" notify 'taskgrp' "" - tail -fn 0 /var/log/mail/mail.log - # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! # ! CARE --> DON'T CHANGE, unless you exactly know what you are doing # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!