rpm/postfix-image
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[info=7cbc87fbd78011ca87203711e95db049]

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/postfix-image?expand=0&rev=8
This commit is contained in:
Dan Čermák 2024-08-08 16:58:08 +00:00 committed by Git OBS Bridge
commit efbca6c8bb
14 changed files with 1290 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

50
Dockerfile Normal file
View File

@ -0,0 +1,50 @@
# SPDX-License-Identifier: MIT
# Copyright (c) 2024 SUSE LLC
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon.
# The content of THIS FILE IS AUTOGENERATED and should not be manually modified.
# It is maintained by the BCI team and generated by
# https://github.com/SUSE/BCI-dockerfile-generator
# Please submit bugfixes or comments via https://bugs.opensuse.org/
# You can contact the BCI team via https://github.com/SUSE/bci/discussions
#!BuildTag: opensuse/postfix:%%postfix_version%%
#!BuildTag: opensuse/postfix:%%postfix_version%%-%RELEASE%
#!BuildTag: opensuse/postfix:latest
FROM opensuse/tumbleweed:latest
# Define labels according to https://en.opensuse.org/Building_derived_containers
# labelprefix=org.opensuse.application.postfix
LABEL org.opencontainers.image.authors="openSUSE (https://www.opensuse.org/)"
LABEL org.opencontainers.image.title="openSUSE Tumbleweed Postfix"
LABEL org.opencontainers.image.description="Postfix container is fast and secure mail server, based on the openSUSE Tumbleweed Base Container Image."
LABEL org.opencontainers.image.version="%%postfix_version%%"
LABEL org.opencontainers.image.url="https://www.opensuse.org"
LABEL org.opencontainers.image.created="%BUILDTIME%"
LABEL org.opencontainers.image.vendor="openSUSE Project"
LABEL org.opencontainers.image.source="%SOURCEURL%"
LABEL org.opensuse.reference="registry.opensuse.org/opensuse/postfix:%%postfix_version%%-%RELEASE%"
LABEL org.openbuildservice.disturl="%DISTURL%"
LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI"
LABEL org.opensuse.release-stage="released"
# endlabelprefix
LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/postfix-image/README.md"
RUN set -euo pipefail; zypper -n in --no-recommends ca-certificates-mozilla cyrus-sasl cyrus-sasl-plain ed netcfg postfix postfix-ldap postfix-lmdb timezone mandoc spamassassin-spamc spamass-milter; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2}
ENTRYPOINT ["/entrypoint/entrypoint.sh"]
CMD ["postfix", "start"]
EXPOSE 25 465 587
RUN set -euo pipefail; mkdir -p /entrypoint/ldap
COPY entrypoint.sh /entrypoint/entrypoint.sh
RUN set -euo pipefail; chmod +x /entrypoint/entrypoint.sh
COPY smtpd_sender_login_maps virtual_alias_domains virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps /entrypoint/ldap/
HEALTHCHECK --interval=5s --timeout=10s --start-period=30s --retries=3 CMD postfix status
VOLUME /var/spool/postfix /var/spool/vmail /etc/pki

209
README.md Normal file
View File

@ -0,0 +1,209 @@
# Postfix container
![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green)
- [Guide](#guide)
- [Create new postfix server](#create-new-postfix-server)
- [Supported environment variables](#supported-environment-variables)
- [Generic variables](#generic-variables)
- [SMTP related variables](#smtp-related-variables)
- [Activate additional checks](#activate-additional-checks)
- [Virtual mailbox related variables](#virtual-mailbox-related-variables)
- [LDAP related variables](#ldap-related-variables)
- [Data persistence volumes](#data-persistence-volumes)
- [Virtual domains and virtual users](#virtual-domains-and-virtual-users)
- [Environment Variables](#environment-variables)
- [Files](#files)
- [Mail delivery via LMTP](#mail-delivery-via-lmtp)
## Guide
### Create new postfix server
By default a simple relayhost postfix instance is started.
The command to run this container is:
```sh
podman run -d --rm --name postfix -p 25:25 -e SMTP_RELAYHOST=smtp.example.com registry.opensuse.org/opensuse/postfix:%%postfix_version%%
```
In all examples, `podman` can be replaced directly with `docker`.
## Supported environment variables
### Generic variables
- `DEBUG=[0|1]` Enables "set -x" in the entrypoint script.
- `TZ` Timezone to use in the container.
### SMTP related variables
- `SERVER_HOSTNAME` Server hostname. Emails will appear to come from the hostname's domain.
- `SERVER_DOMAIN` If not set, the domain part of `SERVER_HOSTNAME` will be used.
- `SMTP_RELAYHOST` Name of the SMTP relay server to use.
- `SMTP_PORT=587` The relayhost port.
- `SMTP_USERNAME` Username to authenticate with on the relayserver.
- `SMTP_PASSWORD` Password of the SMTP user, alternative `SMTP_PASSWORD_FILE` could be used to point to a file with the password
- `SMTP_NETWORKS` Comma seperated subnets who are allowed to use the relay. E.g. `SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx, xxx.xxx.xxx.xxx/xx'`. 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are preset.
- `INET_PROTOCOLS` The network interface protocols used for connections. Valid values are "all", "ipv4", "ipv6" or "ipv4,ipv6". The default value is "ipv4".
- `MASQUERADE_DOMAINS` Comma separated list of domains that must have their subdomain structure stripped off.
- `MYDESTINATION` List of domains for which mails are delivered locally instead of forwarding to another machine.
- `NULLCLIENT=[0|1]` Don't accept any mails locally but relay them to a remote host. Ignored if `MYDESTINATION` is set. The default is `1`.
- `SMTP_TLS_SECURITY_LEVEL` SMTP TLS security level. The default is `may`.
- `LMTP=host` Host on which the lmtp service is running. This will disable the usage of the vmail user account.
### Accepting mails on port 587 (submission) and 465 (submissions/smtps)
- `ENABLE_SUBMISSION=[0|1]` Enable submission port. The default is `0`.
- `ENABLE_SUBMISSIONS=[0|1]` Enable submissions/smtps port. This requires `SMTPD_USE_TLS=1`. The default is `0`.
- `SMTPD_USE_TLS=[0|1]` Enforce TLS. The default is `0`.
- `SMTPD_TLS_CRT=` Path to certificate, default `/etc/postfix/ssl/certs/tls.crt`
- `SMTPD_TLS_KEY=` Path to public key, default `/etc/postfix/ssl/certs/tls.key`
### Virtual mailbox related variables
- `VIRTUAL_MBOX=[0|1]` Create virtual mail boxes in /var/spool/vmail owned by user vmail.
- `VMAIL_UID=5000` User ID and group ID of the vmail user for virtual domains and mailboxes.
- `VIRTUAL_DOMAINS=` Whitespace seperated list of virtual domains, will be written to `/etc/postfix/vhosts`.
- `VIRTUAL_USERS=` Whitespace seperated list of virtual users email addresses.
### LDAP related variables
- `USE_LDAP=[0|1]` Use LDAP for virtual mail box user accounts.
- `LDAP_BASE_DN` LDAP base DN, defaults to `dc=example,dc=org`.
- `LDAP_SERVER_URL` LDAP Server URL, defaults to `ldap://localhost`.
- `LDAP_BIND_DN` DN to bind, defaults to `cn=mailAccountReader,ou=Manager,dc=example,dc=org`
- `LDAP_BIND_PASSWORD` The password for the distinguished name to bind (`LDAP_BIND_DN`)
- `LDAP_USE_TLS=[1|0]` Use TLS for LDAP queries, by default enabled.
- `LDAP_TLS_CA_CRT` LDAP SSL CA certificate.
## Data persistence volumes
- `/var/spool/postfix` Postfix mail queues. A data volume should be used in order to save the queue content if the container restarts.
- `/var/spool/vmail` Virtual user mboxes. This directory contains the mails stored in Maildir format of the virtual users of the virtual domains. Everything is owned by the `vmail` user.
- `/etc/pki` PKI directories for CA certificates
## Virtual domains and virtual users
The environment variable `VIRTUAL_MBOX=1` will enable support for virtual
domains and virtual users. It can be used in conjunction with a relay host.
Mails for virtual domains and users are stored in Maildir format in
`/var/spool/vmail` inside the container. To not loose the mail, this directory
should be a persistence volume.
`VMAIL_UID` specifies the UID and GID which owns all files below this
directory. This makes sure, that the container is using the same UID/GID as
the Container Host OS for the files and not regular users are owning this
files and can read and modify them. The default UID/GID is `5000`.
There are three ways to provide the data for virtual domains and users, via
environment variables, files or LDAP.
### Environment Variables
Beside the already mentioned environment variables, two futher variables
define the virtual domains and the virtual users.
`VIRTUAL_DOMAINS="example.com example2.com example3.com"` is a whitespace
seperated list which can contain one or more virtual domains. For every
domain, an own directory below `/var/spool/vmail` will be created.
`VIRTUAL_USERS="user1@example.com user@example3.com user2@example.com"`
Whitespace seperated list of virtual users email addresses.
The example call:
```sh
podman run -d --rm --name postfix -p "25:25" \
-e VIRTUAL_MBOX=1 \
-e VMAIL_UID=5000 \
-e VIRTUAL_DOMAINS="example.com example1.com" \
-e VIRTUAL_USERS="user1@example.com user2@example.com user@example1.com" \
-e SERVER_HOSTNAME=smtp.example.com \
-e SMTP_RELAYHOST=relay.example.com \
-e SMTP_USERNAME=mailer \
-e SMTP_PASSWORD='XXX' \
-v "/srv/postfix/vmail:/var/spool/vmail:Z" \
registry.opensuse.org/opensuse/postfix:%%postfix_version%%
```
Will store the mails for the users `user1@example.com`, `user2@example.com`,
`user@example1.com` into the directories inside of the container:
- `/var/spool/vmail/example.com/user1/`
- `/var/spool/vmail/example.com/user2/`
- `/var/spool/vmail/example1.com/user/`
and outside the container:
- `/srv/postfix/vmail/example.com/user1/`
- `/srv/postfix/vmail/example.com/user2/`
- `/srv/postfix/vmail/example1.com/user/`
owned by the user `vmail` with UID and GID `5000`. All other mails are
forwarded to the relay `relay.example.com` with the account `mailer` and the
password `XXX`.
### Files
Instead of maintaining a long list of environment variables, the configuration
files could also be provided and mapped into /etc/postfix of the container.
`/etc/postfix/vhosts` contains the list of virtual domains seperated by
newlines:
```
example.com
example1.com
```
`/etc/postfix/vmaps` contains the list of the virtual users, where to store
them below the vmail directory and if mbox format or Maildir should be used.
For Maildir, the configuration file for the above example would look like:
```
user1@example.com example.com/user1/
user2@example.com example.com/user2/
user@example1.com example1.com/user/
```
For mbox format, the trailing '/' needs to be removed.
Additional a `/etc/postfix/vquota` file is required, which contains the quota
of the virtual users mailbox. To disable it, the file would look like:
```
user1@example.com 0
user2@example.com 0
user@example1.com 0
```
The example call:
```sh
podman run -d --rm --name postfix -p 25:25 \
-e VIRTUAL_MBOX=1 \
-e VMAIL_UID=5000 \
-e SERVER_HOSTNAME=smtp.example.com \
-e SMTP_RELAYHOST=relay.example.com \
-e SMTP_USERNAME=mailer \
-e SMTP_PASSWORD='XXX' \
-v "/srv/postfix/vmail:/var/spool/vmail:z" \
-v "/srv/postfix/etc/vhosts:/etc/postfix/vhosts:z,ro" \
-v "/srv/postfix/etc/vmaps:/etc/postfix/vmaps:z,ro" \
-v "/srv/postfix/etc/vquota:/etc/postfix/vquota:z,ro" \
registry.opensuse.org/opensuse/postfix:%%postfix_version%%
```
### LDAP
With LDAP (use `VIRTUAL_MBOX=1` and `USE_LDAP=1`) the postfix schema is used: `maildrop` is the real email address, while `mailacceptinggeneralid` are aliases.
If the `VIRTUAL_DOMAINS` environment variable is not set, the virtual domains are take from the email addresses used in `mailacceptinggeneralid`. In this case,
the email domains of the aliases must be different then the one of `maildrop`. If the virtual domains are specified with `VIRTUAL_DOMAINS`, `mailacceptinggeneralid`
are handled as normal mail aliases and the domain could be the same as for `maildrop`.
## Mail delivery via LMTP
To deliver the mails via a LMTP service, the container needs to know the host
on which such a service is running:
```sh
podman run -d --rm --name postfix -p 25:25 -e MYDESTINATION=example.com -e LMTP=lmtp.example.com registry.opensuse.org/opensuse/postfix:%%postfix_version%%
```
## Licensing
`SPDX-License-Identifier: MIT`
This documentation and the build recipe are licensed as MIT.
The container itself contains various software components under various open source licenses listed in the associated
Software Bill of Materials (SBOM).
This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/).

10
_service Normal file
View File

@ -0,0 +1,10 @@
<services>
<service mode="buildtime" name="docker_label_helper"/>
<service mode="buildtime" name="kiwi_metainfo_helper"/>
<service name="replace_using_package_version" mode="buildtime">
<param name="file">Dockerfile</param>
<param name="regex">%%postfix_version%%</param>
<param name="package">postfix</param>
<param name="parse-version">minor</param>
</service>
</services>

449
entrypoint.sh Normal file
View File

@ -0,0 +1,449 @@
#!/bin/bash
DEBUG=${DEBUG:-"0"}
[ "${DEBUG}" = "1" ] && set -x
VIRTUAL_MBOX=${VIRTUAL_MBOX:-"0"}
USE_LDAP=${USE_LDAP:-"0"}
NULLCLIENT=${NULLCLIENT:-"1"}
ENABLE_SUBMISSION=${ENABLE_SUBMISSION:-"0"}
ENABLE_SUBMISSIONS=${ENABLE_SUBMISSIONS:-"0"}
export PATH=/usr/sbin:/sbin:${PATH}
setup_timezone() {
if [ -n "$TZ" ]; then
TZ_FILE="/usr/share/zoneinfo/$TZ"
if [ -f "$TZ_FILE" ]; then
echo "Setting container timezone to: $TZ"
ln -snf "$TZ_FILE" /etc/localtime
else
echo "Cannot set timezone \"$TZ\": timezone does not exist."
fi
fi
}
set_config_value() {
local failed
key=${1}
value=${2}
echo "Setting configuration option \"${key}\" with value \"${value}\""
postconf -e "${key} = ${value}" || failed=1
if [ "$failed" ]; then
echo "ERROR: postconf -e ${key} ${value} failed!"
exit 1
fi
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'SMTP_PASSWORD' 'example'
# (will allow for "$SMTP_PASSWORD_FILE" to fill in the value of
# "$SMTP_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
var="$1"
fileVar="${var}_FILE"
def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
update_db() {
local failed
while test "x$1" != "x" ; do
pfmap=/etc/postfix/${1}
test -e "${pfmap}" && \
if test "${pfmap}" -nt "${pfmap}.lmdb" -o ! -e "${pfmap}.lmdb" ; then
echo "rebuilding ${pfmap}.lmdb"
postmap "${pfmap}" || failed=1
if [ "$failed" ]; then
echo "ERROR: postmap ${pfmap} failed!"
exit 1
fi
fi
shift
done
}
setup_aliases() {
local failed
get_alias_maps() {
test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" != "/etc/aliases.d/*" && \
for i in $(find /etc/aliases.d -maxdepth 1 -type f \
'!' -regex ".*\.\(db\|rpmsave\|rpmorig\)" \
'!' -regex ".*/\(\.\|#\).*" \
'!' -regex ".*~$") ; do
echo -n "$i ";
done
}
echo "Building /etc/aliases.lmdb."
set_config_value "alias_database" "lmdb:/etc/aliases"
/usr/bin/newaliases
ALLMAPS="lmdb:/etc/aliases"
for i in $(get_alias_maps); do
ALLMAPS="${ALLMAPS}, lmdb:$i"
echo "Building $i.lmdb"
postalias "${i}" || failed=1
if [ "${failed}" ]; then
echo "ERROR: postalias ${i} failed!"
exit 1
fi
done
set_config_value "alias_maps" "${ALLMAPS}"
}
setup_network() {
if [ -n "${INET_PROTOCOLS}" ]; then
set_config_value "inet_protocols" "{$INET_PROTOCOLS}"
else
# XXX Containers have ipv6 addresses, but not routeable
#if ip addr show dev lo | grep -q inet6 ; then
# set_config_value "inet_protocols" "all"
#else
set_config_value "inet_protocols" "ipv4"
#fi
fi
# Always allow private networks, we are running in a container...
networks='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
if [ -n "${SMTP_NETWORKS}" ]; then
networks+=", ${SMTP_NETWORKS}"
fi
set_config_value "mynetworks" "${networks}"
}
setup_relayhost() {
if [ -n "${SMTP_RELAYHOST}" ]; then
SMTP_PORT="${SMTP_PORT:-587}"
set_config_value "relayhost" "${SMTP_RELAYHOST}:${SMTP_PORT}"
if [ "${NULLCLIENT}" -eq "1" ] && [ -z "${MYDESTINATION}" ] ; then
set_config_value "mydestination" ""
fi
fi
if [ -n "${SMTP_USERNAME}" ]; then
file_env 'SMTP_PASSWORD'
if [ -z "${SMTP_PASSWORD}" ]; then
echo "SMTP_PASSWORD is not set"
exit 1
fi
# Add auth credentials to sasl_passwd
echo "Adding SASL authentication configuration"
echo "${SMTP_RELAYHOST} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd
update_db sasl_passwd
set_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd"
set_config_value "smtp_sasl_auth_enable" "yes"
set_config_value "smtp_sasl_security_options" "noanonymous"
fi
if [ -n "${MASQUERADE_DOMAINS}" ]; then
set_config_value "masquerade_domains" "${MASQUERADE_DOMAINS}"
# Requires since postfix 2.2
set_config_value "local_header_rewrite_clients" "static:all"
fi
}
setup_submission() {
SMTPD_USE_TLS=${SMTPD_USE_TLS:-"0"}
if [ "${ENABLE_SUBMISSION}" -eq "1" ]; then
echo "Enable submission port"
echo "submission inet n - n - - smtpd" >> /etc/postfix/master.cf
echo " -o syslog_name=postfix/submission" >> /etc/postfix/master.cf
if [ "${SMTPD_USE_TLS}" -eq "1" ]; then
echo " -o smtpd_tls_security_level=encrypt" >> /etc/postfix/master.cf
echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf
#echo " -o smtpd_client_restrictions=permit_sasl_authenticated,reject" >> /etc/postfix/master.cf
fi
fi
if [ "${ENABLE_SUBMISSIONS}" -eq "1" ]; then
if [ "${SMTPD_USE_TLS}" -eq "1" ]; then
echo "Enable submissions port"
echo "smtps inet n - n - - smtpd" >> /etc/postfix/master.cf
echo " -o syslog_name=postfix/smtps" >> /etc/postfix/master.cf
echo " -o smtpd_tls_wrappermode=yes" >> /etc/postfix/master.cf
echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf
else
echo "WARNING: ENABLE_SUBMISSIONS requires SMTPD_USE_TLS, ignoring!"
fi
fi
if [ "${SMTPD_USE_TLS}" -eq "1" ]; then
echo "Enable TLS for smtpd"
SMTPD_TLS_CRT=${SMTPD_TLS_CRT:-"/etc/postfix/ssl/certs/tls.crt"}
SMTPD_TLS_KEY=${SMTPD_TLS_KEY:-"/etc/postfix/ssl/certs/tls.key"}
set_config_value "smtpd_use_tls" "yes"
set_config_value "smtpd_tls_CApath" "/etc/ssl/certs"
set_config_value "smtpd_tls_cert_file" "${SMTPD_TLS_CRT}"
set_config_value "smtpd_tls_key_file" "${SMTPD_TLS_KEY}"
fi
}
setup_vhosts() {
if [ "${USE_LDAP}" -eq "1" ]; then
LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=org"}
LDAP_SERVER_URL=${LDAP_SERVER_URL:-"ldap://localhost"}
LDAP_USE_TLS=${LDAP_USE_TLS:-"1"}
LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=mailAccountReader,ou=Manager,${LDAP_BASE_DN}"}
file_env LDAP_BIND_PASSWORD
if [ -z "${LDAP_BIND_PASSWORD}" ]; then
echo "LDAP_BIND_PASSWORD is not set"
exit 1
fi
# Adjust LDAP variables
mkdir -p /etc/postfix/ldap
for map in smtpd_sender_login_maps virtual_alias_domains virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps ; do
sed -e "s|@LDAP_BASE_DN@|${LDAP_BASE_DN}|g" \
-e "s|@LDAP_SERVER_URL@|${LDAP_SERVER_URL}|g" \
-e "s|@LDAP_BIND_DN@|${LDAP_BIND_DN}|g" \
-e "s|@LDAP_BIND_PASSWORD@|${LDAP_BIND_PASSWORD}|g" \
"/entrypoint/ldap/${map}" > "/etc/postfix/ldap/${map}"
if [ "${LDAP_USE_TLS}" = "1" ]; then
sed -i -e 's|^start_tls.*|start_tls = yes|g' "/etc/postfix/ldap/${map}"
else
sed -i -e 's|^start_tls.*|start_tls = no|g' "/etc/postfix/ldap/${map}"
fi
if [ -n "${LDAP_TLS_CA_CRT}" ]; then
sed -i -e "s|^#tls_ca_cert_file =.*|tls_ca_cert_file = ${LDAP_TLS_CA_CRT}|g" "/etc/postfix/ldap/${map}"
fi
done
# Don't use VIRUAL_DOMAINS and ldap:virtual_alias_domains at the same time, postfix does
# not like this
if [ -z "${VIRTUAL_DOMAINS}" ]; then
set_config_value "virtual_alias_domains" "ldap:/etc/postfix/ldap/virtual_alias_domains"
fi
set_config_value "virtual_alias_maps" "ldap:/etc/postfix/ldap/virtual_alias_maps"
set_config_value "virtual_mailbox_maps" "ldap:/etc/postfix/ldap/virtual_mailbox_maps"
set_config_value "smtpd_sender_login_maps" "ldap:/etc/postfix/ldap/smtpd_sender_login_maps"
else
set_config_value "virtual_mailbox_maps" "lmdb:/etc/postfix/vmaps"
set_config_value "virtual_mailbox_limit_maps" "lmdb:/etc/postfix/vquota"
# Only create vmaps if not provided by admin
if [ ! -f /etc/postfix/vmaps ]; then
for mail in ${VIRTUAL_USERS} ; do
user=${mail%@*}
domain=${mail#*@}
echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps
echo "${mail} 0" >> /etc/postfix/vquota
done
fi
update_db vquota
fi
set_config_value "virtual_mailbox_domains" "/etc/postfix/vhosts"
# Only create vhosts if not provided by admin
if [ ! -f /etc/postfix/vhosts ]; then
if [ -n "${VIRTUAL_DOMAINS}" ]; then
for d in ${VIRTUAL_DOMAINS}; do
echo "$d" >> /etc/postfix/vhosts
done
elif [ -n "${SERVER_DOMAIN}" ]; then
echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts
else
touch /etc/postfix/vhosts
fi
fi
update_db vmaps
if [ -n "${LMTP}" ]; then
# Use LMTP to deliver the mail to the user
set_config_value "virtual_transport" "lmtp:${LMTP}:24"
else
# Store mails local below /var/spool/vmail
# Create the vmail user with the requested UID, else 5000
VMAIL_UID="${VMAIL_UID:-5000}"
if [ -x /usr/sbin/adduser ]; then
adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u "${VMAIL_UID}" -s /sbin/nologin vmail
else
useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u "${VMAIL_UID}" vmail
fi
if [ $? -ne 0 ]; then
echo "ERROR: creating of vmail user failed! Aborting."
exit 1
fi
if [ ! -d /var/spool/vmail ]; then
mkdir -p /var/spool/vmail
chown vmail:vmail /var/spool/vmail
chmod 775 /var/spool/vmail
fi
set_config_value "virtual_mailbox_base" "/var/spool/vmail"
set_config_value "virtual_minimum_uid" "1000"
set_config_value "virtual_uid_maps" "static:${VMAIL_UID}"
set_config_value "virtual_gid_maps" "static:${VMAIL_UID}"
set_config_value "home_mailbox" "Maildir/"
# XXX make this configureable and adjust message_size_limit
set_config_value "virtual_mailbox_limit" "0"
set_config_value "mailbox_size_limit" "0" # "51200000"
set_config_value "message_size_limit" "0" # "10240000"
fi
}
configure_postfix() {
setup_network
if [ -n "${SERVER_HOSTNAME}" ]; then
if [ -z "${SERVER_DOMAIN}" ]; then
SERVER_DOMAIN=$(echo "${SERVER_HOSTNAME}" | cut -d"." -f2-)
fi
set_config_value "myhostname" "${SERVER_HOSTNAME}"
set_config_value "mydomain" "${SERVER_DOMAIN}"
fi
# Generic settings
## Use lmdb instead of "hash" to get rid of BDB
set_config_value "default_database_type" "lmdb"
sed -i -e 's|hash:|lmdb:|g' /etc/postfix/main.cf
## TLS
if [ -n "${SMTP_TLS_WRAPPERMODE}" ]; then
set_config_value "smtp_tls_wrappermode" "${SMTP_TLS_WRAPPERMODE}"
fi
SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL:-"may"}
set_config_value "smtp_tls_security_level" "${SMTP_TLS_SECURITY_LEVEL}"
set_config_value "smtp_tls_CApath" "/etc/postfix/ssl/cacerts"
## Debug only:
# set_config_value "smtp_tls_loglevel" "2"
if [ "${VIRTUAL_MBOX}" -eq "1" ]; then
setup_vhosts
fi
if [ -n "${MYDESTINATION}" ]; then
set_config_value "mydestination" "${MYDESTINATION}"
else
set_config_value "mydestination" "\$myhostname, localhost.\$mydomain, localhost"
fi
setup_submission
setup_relayhost
# Add maps to config and create database
for i in canonical relocated sender_canonical transport virtual; do
set_config_value "${i}_maps" "lmdb:/etc/postfix/${i}"
update_db "${i}"
done
set_config_value "smtpd_sender_restrictions" "lmdb:/etc/postfix/access"
# Generate and update maps
update_db access relay relay_recipients
setup_aliases
}
setup_spamassassin() {
if [ -n "${SPAMASSASSIN_HOST}" ]; then
set_config_value "smtpd_milters" "unix:/run/spamass-milter/socket"
fi
}
terminate() {
base=$(basename "$1")
pid=$(/bin/pidof "$base")
if [ -n "$pid" ]; then
echo "Terminating $base..."
if kill "$pid" ; then
echo "Terminating $base failed!"
fi
else
echo "Failure determining PID of $base"
fi
}
init_trap() {
trap stop_daemons TERM INT
}
stop_spamassassin() {
terminate /usr/sbin/spamass-milter
}
stop_postfix() {
typeset -i sec=$1
typeset -i ms=$((sec*100))
( while ! pidof qmgr > /dev/null 2>&1 ; do
((ms-- <= 0)) && break
usleep 10000
done
exec postfix flush
) > /dev/null 2>&1 &
postfix stop
terminate /usr/sbin/syslogd
}
stop_daemons() {
stop_postfix "$@"
stop_spamassassin
}
start_daemons() {
# Don't start syslogd in background while starting it in the background...
# Logging to stdout does not work else.
/usr/sbin/syslogd -n -S -O - &
if [ -n "${SPAMASSASSIN_HOST}" ]; then
mkdir /run/spamass-milter
chown sa-milter:postfix /run/spamass-milter
chmod 751 /run/spamass-milter
su sa-milter -s /bin/sh -c "/usr/sbin/spamass-milter -p /run/spamass-milter/socket -g postfix -f -- -d ${SPAMASSASSIN_HOST}"
fi
"$@"
}
#
# Main
#
# if command starts with an option, prepend postfix
if [ "${1:0:1}" = '-' ]; then
set -- postfix start "$@"
fi
init_trap
setup_timezone
# Update certificates if /etc/pki is mounted from the host
update-ca-certificates
# configure postfix even if postfix will not be started, to
# allow to see the result with postconf for debugging/testing.
configure_postfix
setup_spamassassin
# If host mounting /var/spool/postfix, we need to delete the old pid file
# before starting services
rm -f /var/spool/postfix/pid/master.pid
if [ "$1" = 'postfix' ]; then
start_daemons "$@"
echo "postfix running and ready"
sleep infinity & wait $!
else
exec "$@"
fi

431
entrypoint.sles.sh Normal file
View File

@ -0,0 +1,431 @@
#!/bin/bash
DEBUG=${DEBUG:-"0"}
[ "${DEBUG}" = "1" ] && set -x
VIRTUAL_MBOX=${VIRTUAL_MBOX:-"0"}
USE_LDAP=${USE_LDAP:-"0"}
NULLCLIENT=${NULLCLIENT:-"1"}
ENABLE_SUBMISSION=${ENABLE_SUBMISSION:-"0"}
ENABLE_SUBMISSIONS=${ENABLE_SUBMISSIONS:-"0"}
export PATH=/usr/sbin:/sbin:${PATH}
setup_timezone() {
if [ -n "$TZ" ]; then
TZ_FILE="/usr/share/zoneinfo/$TZ"
if [ -f "$TZ_FILE" ]; then
echo "Setting container timezone to: $TZ"
ln -snf "$TZ_FILE" /etc/localtime
else
echo "Cannot set timezone \"$TZ\": timezone does not exist."
fi
fi
}
set_config_value() {
local failed
key=${1}
value=${2}
echo "Setting configuration option \"${key}\" with value \"${value}\""
postconf -e "${key} = ${value}" || failed=1
if [ "$failed" ]; then
echo "ERROR: postconf -e ${key} ${value} failed!"
exit 1
fi
}
# usage: file_env VAR [DEFAULT]
# ie: file_env 'SMTP_PASSWORD' 'example'
# (will allow for "$SMTP_PASSWORD_FILE" to fill in the value of
# "$SMTP_PASSWORD" from a file, especially for Docker's secrets feature)
file_env() {
var="$1"
fileVar="${var}_FILE"
def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
exit 1
fi
val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
update_db() {
local failed
while test "x$1" != "x" ; do
pfmap=/etc/postfix/${1}
test -e "${pfmap}" && \
if test "${pfmap}" -nt "${pfmap}.lmdb" -o ! -e "${pfmap}.lmdb" ; then
echo "rebuilding ${pfmap}.lmdb"
postmap "${pfmap}" || failed=1
if [ "$failed" ]; then
echo "ERROR: postmap ${pfmap} failed!"
exit 1
fi
fi
shift
done
}
setup_aliases() {
local failed
get_alias_maps() {
test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" != "/etc/aliases.d/*" && \
for i in $(find /etc/aliases.d -maxdepth 1 -type f \
'!' -regex ".*\.\(db\|rpmsave\|rpmorig\)" \
'!' -regex ".*/\(\.\|#\).*" \
'!' -regex ".*~$") ; do
echo -n "$i ";
done
}
echo "Building /etc/aliases.lmdb."
set_config_value "alias_database" "lmdb:/etc/aliases"
/usr/bin/newaliases
ALLMAPS="lmdb:/etc/aliases"
for i in $(get_alias_maps); do
ALLMAPS="${ALLMAPS}, lmdb:$i"
echo "Building $i.lmdb"
postalias "${i}" || failed=1
if [ "${failed}" ]; then
echo "ERROR: postalias ${i} failed!"
exit 1
fi
done
set_config_value "alias_maps" "${ALLMAPS}"
}
setup_network() {
if [ -n "${INET_PROTOCOLS}" ]; then
set_config_value "inet_protocols" "{$INET_PROTOCOLS}"
else
# XXX Containers have ipv6 addresses, but not routeable
#if ip addr show dev lo | grep -q inet6 ; then
# set_config_value "inet_protocols" "all"
#else
set_config_value "inet_protocols" "ipv4"
#fi
fi
# Always allow private networks, we are running in a container...
networks='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
if [ -n "${SMTP_NETWORKS}" ]; then
networks+=", ${SMTP_NETWORKS}"
fi
set_config_value "mynetworks" "${networks}"
}
setup_relayhost() {
if [ -n "${SMTP_RELAYHOST}" ]; then
SMTP_PORT="${SMTP_PORT:-587}"
set_config_value "relayhost" "${SMTP_RELAYHOST}:${SMTP_PORT}"
if [ "${NULLCLIENT}" -eq "1" ] && [ -z "${MYDESTINATION}" ] ; then
set_config_value "mydestination" ""
fi
fi
if [ -n "${SMTP_USERNAME}" ]; then
file_env 'SMTP_PASSWORD'
if [ -z "${SMTP_PASSWORD}" ]; then
echo "SMTP_PASSWORD is not set"
exit 1
fi
# Add auth credentials to sasl_passwd
echo "Adding SASL authentication configuration"
echo "${SMTP_RELAYHOST} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd
update_db sasl_passwd
set_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd"
set_config_value "smtp_sasl_auth_enable" "yes"
set_config_value "smtp_sasl_security_options" "noanonymous"
fi
if [ -n "${MASQUERADE_DOMAINS}" ]; then
set_config_value "masquerade_domains" "${MASQUERADE_DOMAINS}"
# Requires since postfix 2.2
set_config_value "local_header_rewrite_clients" "static:all"
fi
}
setup_submission() {
SMTPD_USE_TLS=${SMTPD_USE_TLS:-"0"}
if [ "${ENABLE_SUBMISSION}" -eq "1" ]; then
echo "Enable submission port"
echo "submission inet n - n - - smtpd" >> /etc/postfix/master.cf
echo " -o syslog_name=postfix/submission" >> /etc/postfix/master.cf
if [ "${SMTPD_USE_TLS}" -eq "1" ]; then
echo " -o smtpd_tls_security_level=encrypt" >> /etc/postfix/master.cf
echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf
#echo " -o smtpd_client_restrictions=permit_sasl_authenticated,reject" >> /etc/postfix/master.cf
fi
fi
if [ "${ENABLE_SUBMISSIONS}" -eq "1" ]; then
if [ "${SMTPD_USE_TLS}" -eq "1" ]; then
echo "Enable submissions port"
echo "smtps inet n - n - - smtpd" >> /etc/postfix/master.cf
echo " -o syslog_name=postfix/smtps" >> /etc/postfix/master.cf
echo " -o smtpd_tls_wrappermode=yes" >> /etc/postfix/master.cf
echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf
else
echo "WARNING: ENABLE_SUBMISSIONS requires SMTPD_USE_TLS, ignoring!"
fi
fi
if [ "${SMTPD_USE_TLS}" -eq "1" ]; then
echo "Enable TLS for smtpd"
SMTPD_TLS_CRT=${SMTPD_TLS_CRT:-"/etc/postfix/ssl/certs/tls.crt"}
SMTPD_TLS_KEY=${SMTPD_TLS_KEY:-"/etc/postfix/ssl/certs/tls.key"}
set_config_value "smtpd_use_tls" "yes"
set_config_value "smtpd_tls_CApath" "/etc/ssl/certs"
set_config_value "smtpd_tls_cert_file" "${SMTPD_TLS_CRT}"
set_config_value "smtpd_tls_key_file" "${SMTPD_TLS_KEY}"
fi
}
setup_vhosts() {
if [ "${USE_LDAP}" -eq "1" ]; then
LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=org"}
LDAP_SERVER_URL=${LDAP_SERVER_URL:-"ldap://localhost"}
LDAP_USE_TLS=${LDAP_USE_TLS:-"1"}
LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=mailAccountReader,ou=Manager,${LDAP_BASE_DN}"}
file_env LDAP_BIND_PASSWORD
if [ -z "${LDAP_BIND_PASSWORD}" ]; then
echo "LDAP_BIND_PASSWORD is not set"
exit 1
fi
# Adjust LDAP variables
mkdir -p /etc/postfix/ldap
for map in smtpd_sender_login_maps virtual_alias_domains virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps ; do
sed -e "s|@LDAP_BASE_DN@|${LDAP_BASE_DN}|g" \
-e "s|@LDAP_SERVER_URL@|${LDAP_SERVER_URL}|g" \
-e "s|@LDAP_BIND_DN@|${LDAP_BIND_DN}|g" \
-e "s|@LDAP_BIND_PASSWORD@|${LDAP_BIND_PASSWORD}|g" \
"/entrypoint/ldap/${map}" > "/etc/postfix/ldap/${map}"
if [ "${LDAP_USE_TLS}" = "1" ]; then
sed -i -e 's|^start_tls.*|start_tls = yes|g' "/etc/postfix/ldap/${map}"
else
sed -i -e 's|^start_tls.*|start_tls = no|g' "/etc/postfix/ldap/${map}"
fi
if [ -n "${LDAP_TLS_CA_CRT}" ]; then
sed -i -e "s|^#tls_ca_cert_file =.*|tls_ca_cert_file = ${LDAP_TLS_CA_CRT}|g" "/etc/postfix/ldap/${map}"
fi
done
# Don't use VIRUAL_DOMAINS and ldap:virtual_alias_domains at the same time, postfix does
# not like this
if [ -z "${VIRTUAL_DOMAINS}" ]; then
set_config_value "virtual_alias_domains" "ldap:/etc/postfix/ldap/virtual_alias_domains"
fi
set_config_value "virtual_alias_maps" "ldap:/etc/postfix/ldap/virtual_alias_maps"
set_config_value "virtual_mailbox_maps" "ldap:/etc/postfix/ldap/virtual_mailbox_maps"
set_config_value "smtpd_sender_login_maps" "ldap:/etc/postfix/ldap/smtpd_sender_login_maps"
else
set_config_value "virtual_mailbox_maps" "lmdb:/etc/postfix/vmaps"
set_config_value "virtual_mailbox_limit_maps" "lmdb:/etc/postfix/vquota"
# Only create vmaps if not provided by admin
if [ ! -f /etc/postfix/vmaps ]; then
for mail in ${VIRTUAL_USERS} ; do
user=${mail%@*}
domain=${mail#*@}
echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps
echo "${mail} 0" >> /etc/postfix/vquota
done
fi
update_db vquota
fi
set_config_value "virtual_mailbox_domains" "/etc/postfix/vhosts"
# Only create vhosts if not provided by admin
if [ ! -f /etc/postfix/vhosts ]; then
if [ -n "${VIRTUAL_DOMAINS}" ]; then
for d in ${VIRTUAL_DOMAINS}; do
echo "$d" >> /etc/postfix/vhosts
done
elif [ -n "${SERVER_DOMAIN}" ]; then
echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts
else
touch /etc/postfix/vhosts
fi
fi
update_db vmaps
if [ -n "${LMTP}" ]; then
# Use LMTP to deliver the mail to the user
set_config_value "virtual_transport" "lmtp:${LMTP}:24"
else
# Store mails local below /var/spool/vmail
# Create the vmail user with the requested UID, else 5000
VMAIL_UID="${VMAIL_UID:-5000}"
if [ -x /usr/sbin/adduser ]; then
adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u "${VMAIL_UID}" -s /sbin/nologin vmail
else
useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u "${VMAIL_UID}" vmail
fi
if [ $? -ne 0 ]; then
echo "ERROR: creating of vmail user failed! Aborting."
exit 1
fi
if [ ! -d /var/spool/vmail ]; then
mkdir -p /var/spool/vmail
chown vmail:vmail /var/spool/vmail
chmod 775 /var/spool/vmail
fi
set_config_value "virtual_mailbox_base" "/var/spool/vmail"
set_config_value "virtual_minimum_uid" "1000"
set_config_value "virtual_uid_maps" "static:${VMAIL_UID}"
set_config_value "virtual_gid_maps" "static:${VMAIL_UID}"
set_config_value "home_mailbox" "Maildir/"
# XXX make this configureable and adjust message_size_limit
set_config_value "virtual_mailbox_limit" "0"
set_config_value "mailbox_size_limit" "0" # "51200000"
set_config_value "message_size_limit" "0" # "10240000"
fi
}
configure_postfix() {
setup_network
if [ -n "${SERVER_HOSTNAME}" ]; then
if [ -z "${SERVER_DOMAIN}" ]; then
SERVER_DOMAIN=$(echo "${SERVER_HOSTNAME}" | cut -d"." -f2-)
fi
set_config_value "myhostname" "${SERVER_HOSTNAME}"
set_config_value "mydomain" "${SERVER_DOMAIN}"
fi
# Generic settings
## Use lmdb instead of "hash" to get rid of BDB
set_config_value "default_database_type" "lmdb"
sed -i -e 's|hash:|lmdb:|g' /etc/postfix/main.cf
## TLS
if [ -n "${SMTP_TLS_WRAPPERMODE}" ]; then
set_config_value "smtp_tls_wrappermode" "${SMTP_TLS_WRAPPERMODE}"
fi
SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL:-"may"}
set_config_value "smtp_tls_security_level" "${SMTP_TLS_SECURITY_LEVEL}"
set_config_value "smtp_tls_CApath" "/etc/postfix/ssl/cacerts"
## Debug only:
# set_config_value "smtp_tls_loglevel" "2"
if [ "${VIRTUAL_MBOX}" -eq "1" ]; then
setup_vhosts
fi
if [ -n "${MYDESTINATION}" ]; then
set_config_value "mydestination" "${MYDESTINATION}"
else
set_config_value "mydestination" "\$myhostname, localhost.\$mydomain, localhost"
fi
setup_submission
setup_relayhost
# Add maps to config and create database
for i in canonical relocated sender_canonical transport virtual; do
set_config_value "${i}_maps" "lmdb:/etc/postfix/${i}"
update_db "${i}"
done
set_config_value "smtpd_sender_restrictions" "lmdb:/etc/postfix/access"
# Generate and update maps
update_db access relay relay_recipients
setup_aliases
}
terminate() {
base=$(basename "$1")
pid=$(/bin/pidof "$base")
if [ -n "$pid" ]; then
echo "Terminating $base..."
if kill "$pid" ; then
echo "Terminating $base failed!"
fi
else
echo "Failure determining PID of $base"
fi
}
init_trap() {
trap stop_daemons TERM INT
}
stop_postfix() {
typeset -i sec=$1
typeset -i ms=$((sec*100))
( while ! pidof qmgr > /dev/null 2>&1 ; do
((ms-- <= 0)) && break
usleep 10000
done
exec postfix flush
) > /dev/null 2>&1 &
postfix stop
terminate /usr/sbin/syslogd
}
stop_daemons() {
stop_postfix "$@"
}
start_daemons() {
# Don't start syslogd in background while starting it in the background...
# Logging to stdout does not work else.
/usr/sbin/syslogd -n -S -O - "$@"
}
#
# Main
#
# if command starts with an option, prepend postfix
if [ "${1:0:1}" = '-' ]; then
set -- postfix start "$@"
fi
init_trap
setup_timezone
# Update certificates if /etc/pki is mounted from the host
update-ca-certificates
# configure postfix even if postfix will not be started, to
# allow to see the result with postconf for debugging/testing.
configure_postfix
# If host mounting /var/spool/postfix, we need to delete the old pid file
# before starting services
rm -f /var/spool/postfix/pid/master.pid
if [ "$1" = 'postfix' ]; then
start_daemons "$@"
echo "postfix running and ready"
echo "[info] refer to postfix manual pages at https://www.postfix.org/postfix-manuals.html"
sleep infinity & wait $!
else
exec "$@"
fi

24
postfix-image.changes Normal file
View File

@ -0,0 +1,24 @@
-------------------------------------------------------------------
Thu Aug 8 16:43:43 UTC 2024 - Dirk Mueller <dmueller@suse.com>
- remove oci reference annotation again
-------------------------------------------------------------------
Mon Aug 5 11:38:13 UTC 2024 - Dirk Mueller <dmueller@suse.com>
- add OCI reference annotation
-------------------------------------------------------------------
Sat Aug 3 08:56:51 UTC 2024 - Dirk Mueller <dmueller@suse.com>
- set OCI.authors attribute instead of deprecated MAINTAINER
-------------------------------------------------------------------
Wed Jul 31 12:06:45 UTC 2024 - Dirk Mueller <dmueller@suse.com>
- set specific lifecycle url for openSUSE BCI
-------------------------------------------------------------------
Thu Jul 25 17:02:08 UTC 2024 - SUSE Update Bot <bci-internal@suse.de>
- First version of the Postfix BCI

15
smtpd_sender_login_maps Normal file
View File

@ -0,0 +1,15 @@
server_host = @LDAP_SERVER_URL@
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
tls_require_cert = yes
bind = yes
bind_dn = @LDAP_BIND_DN@
bind_pw = @LDAP_BIND_PASSWORD@
search_base = ou=mail,@LDAP_BASE_DN@
scope = sub
query_filter = (|(mailacceptinggeneralid=%s)(maildrop=%s))
result_attribute = uid

16
virtual_alias_domains Normal file
View File

@ -0,0 +1,16 @@
server_host = @LDAP_SERVER_URL@
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
tls_require_cert = yes
bind = yes
bind_dn = @LDAP_BIND_DN@
bind_pw = @LDAP_BIND_PASSWORD@
search_base = ou=mail,@LDAP_BASE_DN@
scope = sub
query_filter = mailacceptinggeneralid=*@%s
result_attribute = mailacceptinggeneralid
result_format = %d

15
virtual_alias_maps Normal file
View File

@ -0,0 +1,15 @@
server_host = @LDAP_SERVER_URL@
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
tls_require_cert = yes
bind = yes
bind_dn = @LDAP_BIND_DN@
bind_pw = @LDAP_BIND_PASSWORD@
search_base = ou=mail,@LDAP_BASE_DN@
scope = sub
query_filter = (|(mailacceptinggeneralid=%s)(mailLocalAddress=%s))
result_attribute = maildrop

15
virtual_gid_maps Normal file
View File

@ -0,0 +1,15 @@
server_host = @LDAP_SERVER_URL@
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
tls_require_cert = yes
bind = yes
bind_dn = @LDAP_BIND_DN@
bind_pw = @LDAP_BIND_PASSWORD@
search_base = ou=mail,@LDAP_BASE_DN@
scope = sub
query_filter = maildrop=%s
result_attribute = gidNumber

17
virtual_mailbox_maps Normal file
View File

@ -0,0 +1,17 @@
server_host = @LDAP_SERVER_URL@
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
tls_require_cert = yes
bind = yes
bind_dn = @LDAP_BIND_DN@
bind_pw = @LDAP_BIND_PASSWORD@
search_base = ou=mail,@LDAP_BASE_DN@
scope = sub
query_filter = maildrop=%s
#result_attribute = homeDirectory
#result_format = %s/Maildir/
result_format = %d/%u/

15
virtual_uid_maps Normal file
View File

@ -0,0 +1,15 @@
server_host = @LDAP_SERVER_URL@
start_tls = no
version = 3
#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem
tls_require_cert = yes
bind = yes
bind_dn = @LDAP_BIND_DN@
bind_pw = @LDAP_BIND_PASSWORD@
search_base = ou=mail,@LDAP_BASE_DN@
scope = sub
query_filter = maildrop=%s
result_attribute = uidNumber