From 5f3aec07cf16248a9185107d9f35464253d23ab0 Mon Sep 17 00:00:00 2001 From: Deon George Date: Tue, 25 Apr 2023 20:39:41 +1000 Subject: [PATCH] Update to alpine and postfix --- .gitlab-ci.yml | 24 +++++++++++++++++++----- .gitlab-docker-manifest.yml | 10 ++++++++++ .gitlab-docker-x86_64.yml | 12 ++++++------ Dockerfile | 34 ++++++++++++++++++++++++++-------- custom.cf | 2 ++ init | 19 +++++++++++-------- opendkim.cf | 12 ++++++++++++ opendkim.conf | 37 +++++++++++++++++++++++++++++++++++++ 8 files changed, 123 insertions(+), 27 deletions(-) create mode 100644 .gitlab-docker-manifest.yml create mode 100644 custom.cf create mode 100644 opendkim.cf create mode 100644 opendkim.conf diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8b976cc..d995f28 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,17 +1,31 @@ stages: - build +- build-manifest variables: - CACHETAG: build-${VERSION} + VERSION: latest DOCKER_HOST: tcp://docker:2375 + VERSIONARCH: ${VERSION}-${ARCH} +cache: + key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG} + paths: + - build-cache + +image: docker:latest services: - docker:dind before_script: -- docker info -- docker version +- if [ ! -d build-cache ]; then mkdir build-cache; fi +- sed -ie s'/https/http/' /etc/apk/repositories +- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl +- docker info && docker version +# env|sort - echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin -- env|sort -include: .gitlab-docker-x86_64.yml +include: +- .gitlab-docker-x86_64.yml +# .gitlab-docker-armv7l.yml +# .gitlab-docker-arm64.yml +- .gitlab-docker-manifest.yml diff --git a/.gitlab-docker-manifest.yml b/.gitlab-docker-manifest.yml new file mode 100644 index 0000000..8b38379 --- /dev/null +++ b/.gitlab-docker-manifest.yml @@ -0,0 +1,10 @@ +x86_64:build-manifest: + stage: build-manifest + script: + - docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}armv7l + - docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION} + tags: + - docker + - x86_64 + only: + - master diff --git a/.gitlab-docker-x86_64.yml b/.gitlab-docker-x86_64.yml index 7a80415..77741bd 100644 --- a/.gitlab-docker-x86_64.yml +++ b/.gitlab-docker-x86_64.yml @@ -1,14 +1,14 @@ x86_64:build: variables: - VERSION: x86_64 + ARCH: x86_64 stage: build - image: docker:latest script: - if [ -f init ]; then chmod 500 init; fi - - ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || echo "true" - - docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} . - - docker push ${CI_REGISTRY_IMAGE}:${VERSION} - - docker push ${CI_REGISTRY_IMAGE}:${CACHETAG} + - ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true + - rm build-cache/* || true + - docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} . + - docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH} + - docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG} tags: - docker - x86_64 diff --git a/Dockerfile b/Dockerfile index 803b326..198fcd0 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,20 +1,38 @@ # NAME leenooks/smtp # VERSION latest -FROM debian:stretch-slim +FROM alpine -RUN apt-get update \ - && apt-get install sendmail sasl2-bin milter-greylist -yyq \ - && sed -ie 's/mech_list: EXTERNAL DIGEST-MD5 CRAM-MD5/mech_list:/' /etc/mail/sasl/Sendmail.conf.2 \ - && cd /etc/mail && make clean \ - && rm -rf /var/lib/apt/lists/* /tmp/* +# Change to http respositories, so they we can cache the install packages +RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi -RUN useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd +RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd +RUN apk add --no-cache postfix opendkim opendkim-utils \ + && gpasswd -a postfix opendkim + +# Config postfix +RUN sed -ie 's%#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \ + && echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf + +# Enable DKIM +RUN mkdir /run/opendkim \ + && echo -n 'IyBNaWx0ZXIgY29uZmlndXJhdGlvbiAtIG9wZW5ka2ltCiMgSWYgdGhlIE9wZW5ES0lNIG1pbHRl\ +ciBpc24ndCBhdmFpbGFibGUsIGFjY2VwdCB0aGUgbWVzc2FnZSBhbnl3YXkuCm1pbHRlcl9kZWZh\ +dWx0X2FjdGlvbiA9IGFjY2VwdAojIFdoYXQgbWlsdGVyIGNvbW11bmljYXRpb24gcHJvdG9jb2wg\ +c2hvdWxkIGJlIHVzZWQgdG8gcGFzcyBtZXNzYWdlcwojIHRvIGFuZCBmcm9tIE9wZW5ES0lNPwpt\ +aWx0ZXJfcHJvdG9jb2wgPSA2CiMgV2hlcmUgc2hvdWxkIHRoZSBPcGVuREtJTSBtaWx0ZXIgYmUg\ +Y29udGFjdCB0aHJvdWdoPyAgTm90ZSB0aGF0IHRoaXMKIyBpcyBpbnNpZGUgdGhlIC92YXIvc3Bv\ +b2wvcG9zdGZpeCBjaHJvb3QuCnNtdHBkX21pbHRlcnMgPSBpbmV0OjEyNy4wLjAuMTo4ODkxCiMg\ +U2VuZCBtYWlsIHRoYXQgZG9lc24ndCBhcnJpdmUgZnJvbSB0aGUgbmV0d29yayB0aHJvdWdoIHRo\ +ZSBzYW1lIG1pbHRlcgojIGFzIG91dGJvdW5kIG1haWwuCm5vbl9zbXRwZF9taWx0ZXJzID0gJHNt\ +dHBkX21pbHRlcnMK' |base64 -d >> /etc/postfix/main.cf +COPY opendkim.conf /etc/opendkim + +VOLUME ["/var/spool/postfix"] EXPOSE 25 COPY init /sbin/ # Starting ENTRYPOINT [ "/sbin/init" ] -CMD [ "start" ] diff --git a/custom.cf b/custom.cf new file mode 100644 index 0000000..ceed209 --- /dev/null +++ b/custom.cf @@ -0,0 +1,2 @@ +message_size_limit = 25600000 +queue_minfree = 51200000 diff --git a/init b/init index 575bd0c..13eb0e1 100755 --- a/init +++ b/init @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/sh set -e NAME="SMTP" @@ -11,14 +11,17 @@ function stop { trap 'stop' SIGTERM -if [ -z `hostname --domain` ]; then - echo "You must start this container with --hostname= specifying a domain name" - exit 1 -fi +if [ -z "$@" ]; then + if [ -z `hostname -d` ]; then + echo "You must start this container with --hostname= specifying a domain name" + exit 1 + fi -if [ "$1" == "start" ]; then - /usr/sbin/saslauthd -m /run/saslauthd -a pam - cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD & + #/usr/sbin/saslauthd -m /run/saslauthd -a pam + #cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD & + newaliases + postfix start + /usr/sbin/opendkim -P /run/opendkim.pid -u opendkim -f wait else diff --git a/opendkim.cf b/opendkim.cf new file mode 100644 index 0000000..5fcdc96 --- /dev/null +++ b/opendkim.cf @@ -0,0 +1,12 @@ +# Milter configuration - opendkim +# If the OpenDKIM milter isn't available, accept the message anyway. +milter_default_action = accept +# What milter communication protocol should be used to pass messages +# to and from OpenDKIM? +milter_protocol = 6 +# Where should the OpenDKIM milter be contact through? Note that this +# is inside the /var/spool/postfix chroot. +smtpd_milters = inet:127.0.0.1:8891 +# Send mail that doesn't arrive from the network through the same milter +# as outbound mail. +non_smtpd_milters = $smtpd_milters diff --git a/opendkim.conf b/opendkim.conf new file mode 100644 index 0000000..fcf4252 --- /dev/null +++ b/opendkim.conf @@ -0,0 +1,37 @@ +BaseDirectory /run/opendkim +Mode sv +SubDomains no + +LogResults yes +LogWhy yes +Syslog yes +SyslogSuccess yes + +Canonicalization relaxed/simple + +#Domain example.com +#Selector default +#KeyFile /var/db/dkim/example.com.private +KeyTable refile:/etc/opendkim/signing/KeyTable +SigningTable refile:/etc/opendkim/signing/SigningTable +ExternalIgnoreList refile:/etc/opendkim/signing/TrustedHosts +InternalHosts refile:/etc/opendkim/signing/TrustedHosts + +Background yes +Socket inet:8891@localhost +#Socket local:opendkim.sock + +ReportAddress postmaster@example.com +SendReports yes + +## Hosts to sign email for - 127.0.0.1 is default +## See the OPERATION section of opendkim(8) for more information +# +#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12 + +## For secondary mailservers - indicates not to sign or verify messages +## from these hosts +# +# PeerList X.X.X.X + +PidFile /run/opendkim.pid