Update to alpine and postfix
This commit is contained in:
parent
3b62a45330
commit
5f3aec07cf
@ -1,17 +1,31 @@
|
|||||||
stages:
|
stages:
|
||||||
- build
|
- build
|
||||||
|
- build-manifest
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
CACHETAG: build-${VERSION}
|
VERSION: latest
|
||||||
DOCKER_HOST: tcp://docker:2375
|
DOCKER_HOST: tcp://docker:2375
|
||||||
|
VERSIONARCH: ${VERSION}-${ARCH}
|
||||||
|
|
||||||
|
cache:
|
||||||
|
key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
|
||||||
|
paths:
|
||||||
|
- build-cache
|
||||||
|
|
||||||
|
image: docker:latest
|
||||||
services:
|
services:
|
||||||
- docker:dind
|
- docker:dind
|
||||||
|
|
||||||
before_script:
|
before_script:
|
||||||
- docker info
|
- if [ ! -d build-cache ]; then mkdir build-cache; fi
|
||||||
- docker version
|
- sed -ie s'/https/http/' /etc/apk/repositories
|
||||||
|
- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
|
||||||
|
- docker info && docker version
|
||||||
|
# env|sort
|
||||||
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
|
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
|
||||||
- env|sort
|
|
||||||
|
|
||||||
include: .gitlab-docker-x86_64.yml
|
include:
|
||||||
|
- .gitlab-docker-x86_64.yml
|
||||||
|
# .gitlab-docker-armv7l.yml
|
||||||
|
# .gitlab-docker-arm64.yml
|
||||||
|
- .gitlab-docker-manifest.yml
|
||||||
|
10
.gitlab-docker-manifest.yml
Normal file
10
.gitlab-docker-manifest.yml
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
x86_64:build-manifest:
|
||||||
|
stage: build-manifest
|
||||||
|
script:
|
||||||
|
- docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}armv7l
|
||||||
|
- docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
|
||||||
|
tags:
|
||||||
|
- docker
|
||||||
|
- x86_64
|
||||||
|
only:
|
||||||
|
- master
|
@ -1,14 +1,14 @@
|
|||||||
x86_64:build:
|
x86_64:build:
|
||||||
variables:
|
variables:
|
||||||
VERSION: x86_64
|
ARCH: x86_64
|
||||||
stage: build
|
stage: build
|
||||||
image: docker:latest
|
|
||||||
script:
|
script:
|
||||||
- if [ -f init ]; then chmod 500 init; fi
|
- if [ -f init ]; then chmod 500 init; fi
|
||||||
- ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || echo "true"
|
- ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
|
||||||
- docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
|
- rm build-cache/* || true
|
||||||
- docker push ${CI_REGISTRY_IMAGE}:${VERSION}
|
- docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
|
||||||
- docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
|
- docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
|
||||||
|
- docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
|
||||||
tags:
|
tags:
|
||||||
- docker
|
- docker
|
||||||
- x86_64
|
- x86_64
|
||||||
|
34
Dockerfile
34
Dockerfile
@ -1,20 +1,38 @@
|
|||||||
# NAME leenooks/smtp
|
# NAME leenooks/smtp
|
||||||
# VERSION latest
|
# VERSION latest
|
||||||
|
|
||||||
FROM debian:stretch-slim
|
FROM alpine
|
||||||
|
|
||||||
RUN apt-get update \
|
# Change to http respositories, so they we can cache the install packages
|
||||||
&& apt-get install sendmail sasl2-bin milter-greylist -yyq \
|
RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi
|
||||||
&& sed -ie 's/mech_list: EXTERNAL DIGEST-MD5 CRAM-MD5/mech_list:/' /etc/mail/sasl/Sendmail.conf.2 \
|
|
||||||
&& cd /etc/mail && make clean \
|
|
||||||
&& rm -rf /var/lib/apt/lists/* /tmp/*
|
|
||||||
|
|
||||||
RUN useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd
|
RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd
|
||||||
|
|
||||||
|
RUN apk add --no-cache postfix opendkim opendkim-utils \
|
||||||
|
&& gpasswd -a postfix opendkim
|
||||||
|
|
||||||
|
# Config postfix
|
||||||
|
RUN sed -ie 's%#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \
|
||||||
|
&& echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf
|
||||||
|
|
||||||
|
# Enable DKIM
|
||||||
|
RUN mkdir /run/opendkim \
|
||||||
|
&& echo -n 'IyBNaWx0ZXIgY29uZmlndXJhdGlvbiAtIG9wZW5ka2ltCiMgSWYgdGhlIE9wZW5ES0lNIG1pbHRl\
|
||||||
|
ciBpc24ndCBhdmFpbGFibGUsIGFjY2VwdCB0aGUgbWVzc2FnZSBhbnl3YXkuCm1pbHRlcl9kZWZh\
|
||||||
|
dWx0X2FjdGlvbiA9IGFjY2VwdAojIFdoYXQgbWlsdGVyIGNvbW11bmljYXRpb24gcHJvdG9jb2wg\
|
||||||
|
c2hvdWxkIGJlIHVzZWQgdG8gcGFzcyBtZXNzYWdlcwojIHRvIGFuZCBmcm9tIE9wZW5ES0lNPwpt\
|
||||||
|
aWx0ZXJfcHJvdG9jb2wgPSA2CiMgV2hlcmUgc2hvdWxkIHRoZSBPcGVuREtJTSBtaWx0ZXIgYmUg\
|
||||||
|
Y29udGFjdCB0aHJvdWdoPyAgTm90ZSB0aGF0IHRoaXMKIyBpcyBpbnNpZGUgdGhlIC92YXIvc3Bv\
|
||||||
|
b2wvcG9zdGZpeCBjaHJvb3QuCnNtdHBkX21pbHRlcnMgPSBpbmV0OjEyNy4wLjAuMTo4ODkxCiMg\
|
||||||
|
U2VuZCBtYWlsIHRoYXQgZG9lc24ndCBhcnJpdmUgZnJvbSB0aGUgbmV0d29yayB0aHJvdWdoIHRo\
|
||||||
|
ZSBzYW1lIG1pbHRlcgojIGFzIG91dGJvdW5kIG1haWwuCm5vbl9zbXRwZF9taWx0ZXJzID0gJHNt\
|
||||||
|
dHBkX21pbHRlcnMK' |base64 -d >> /etc/postfix/main.cf
|
||||||
|
COPY opendkim.conf /etc/opendkim
|
||||||
|
|
||||||
|
VOLUME ["/var/spool/postfix"]
|
||||||
EXPOSE 25
|
EXPOSE 25
|
||||||
|
|
||||||
COPY init /sbin/
|
COPY init /sbin/
|
||||||
|
|
||||||
# Starting
|
# Starting
|
||||||
ENTRYPOINT [ "/sbin/init" ]
|
ENTRYPOINT [ "/sbin/init" ]
|
||||||
CMD [ "start" ]
|
|
||||||
|
2
custom.cf
Normal file
2
custom.cf
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
message_size_limit = 25600000
|
||||||
|
queue_minfree = 51200000
|
13
init
13
init
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/sh
|
||||||
set -e
|
set -e
|
||||||
|
|
||||||
NAME="SMTP"
|
NAME="SMTP"
|
||||||
@ -11,14 +11,17 @@ function stop {
|
|||||||
|
|
||||||
trap 'stop' SIGTERM
|
trap 'stop' SIGTERM
|
||||||
|
|
||||||
if [ -z `hostname --domain` ]; then
|
if [ -z "$@" ]; then
|
||||||
|
if [ -z `hostname -d` ]; then
|
||||||
echo "You must start this container with --hostname= specifying a domain name"
|
echo "You must start this container with --hostname= specifying a domain name"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$1" == "start" ]; then
|
#/usr/sbin/saslauthd -m /run/saslauthd -a pam
|
||||||
/usr/sbin/saslauthd -m /run/saslauthd -a pam
|
#cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD &
|
||||||
cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD &
|
newaliases
|
||||||
|
postfix start
|
||||||
|
/usr/sbin/opendkim -P /run/opendkim.pid -u opendkim -f
|
||||||
|
|
||||||
wait
|
wait
|
||||||
else
|
else
|
||||||
|
12
opendkim.cf
Normal file
12
opendkim.cf
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
# Milter configuration - opendkim
|
||||||
|
# If the OpenDKIM milter isn't available, accept the message anyway.
|
||||||
|
milter_default_action = accept
|
||||||
|
# What milter communication protocol should be used to pass messages
|
||||||
|
# to and from OpenDKIM?
|
||||||
|
milter_protocol = 6
|
||||||
|
# Where should the OpenDKIM milter be contact through? Note that this
|
||||||
|
# is inside the /var/spool/postfix chroot.
|
||||||
|
smtpd_milters = inet:127.0.0.1:8891
|
||||||
|
# Send mail that doesn't arrive from the network through the same milter
|
||||||
|
# as outbound mail.
|
||||||
|
non_smtpd_milters = $smtpd_milters
|
37
opendkim.conf
Normal file
37
opendkim.conf
Normal file
@ -0,0 +1,37 @@
|
|||||||
|
BaseDirectory /run/opendkim
|
||||||
|
Mode sv
|
||||||
|
SubDomains no
|
||||||
|
|
||||||
|
LogResults yes
|
||||||
|
LogWhy yes
|
||||||
|
Syslog yes
|
||||||
|
SyslogSuccess yes
|
||||||
|
|
||||||
|
Canonicalization relaxed/simple
|
||||||
|
|
||||||
|
#Domain example.com
|
||||||
|
#Selector default
|
||||||
|
#KeyFile /var/db/dkim/example.com.private
|
||||||
|
KeyTable refile:/etc/opendkim/signing/KeyTable
|
||||||
|
SigningTable refile:/etc/opendkim/signing/SigningTable
|
||||||
|
ExternalIgnoreList refile:/etc/opendkim/signing/TrustedHosts
|
||||||
|
InternalHosts refile:/etc/opendkim/signing/TrustedHosts
|
||||||
|
|
||||||
|
Background yes
|
||||||
|
Socket inet:8891@localhost
|
||||||
|
#Socket local:opendkim.sock
|
||||||
|
|
||||||
|
ReportAddress postmaster@example.com
|
||||||
|
SendReports yes
|
||||||
|
|
||||||
|
## Hosts to sign email for - 127.0.0.1 is default
|
||||||
|
## See the OPERATION section of opendkim(8) for more information
|
||||||
|
#
|
||||||
|
#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
|
||||||
|
|
||||||
|
## For secondary mailservers - indicates not to sign or verify messages
|
||||||
|
## from these hosts
|
||||||
|
#
|
||||||
|
# PeerList X.X.X.X
|
||||||
|
|
||||||
|
PidFile /run/opendkim.pid
|
Loading…
Reference in New Issue
Block a user