commit efbca6c8bb894ecfb8bd6e2cbadd02806752d3a77d68151aa04a2101d5462a66 Author: Dan Čermák Date: Thu Aug 8 16:58:08 2024 +0000 [info=7cbc87fbd78011ca87203711e95db049] OBS-URL: https://build.opensuse.org/package/show/devel:BCI:Tumbleweed/postfix-image?expand=0&rev=8 diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..aaa2b78 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,50 @@ +# SPDX-License-Identifier: MIT + +# Copyright (c) 2024 SUSE LLC + +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. + +# The content of THIS FILE IS AUTOGENERATED and should not be manually modified. +# It is maintained by the BCI team and generated by +# https://github.com/SUSE/BCI-dockerfile-generator + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# You can contact the BCI team via https://github.com/SUSE/bci/discussions + + +#!BuildTag: opensuse/postfix:%%postfix_version%% +#!BuildTag: opensuse/postfix:%%postfix_version%%-%RELEASE% +#!BuildTag: opensuse/postfix:latest + +FROM opensuse/tumbleweed:latest + +# Define labels according to https://en.opensuse.org/Building_derived_containers +# labelprefix=org.opensuse.application.postfix +LABEL org.opencontainers.image.authors="openSUSE (https://www.opensuse.org/)" +LABEL org.opencontainers.image.title="openSUSE Tumbleweed Postfix" +LABEL org.opencontainers.image.description="Postfix container is fast and secure mail server, based on the openSUSE Tumbleweed Base Container Image." +LABEL org.opencontainers.image.version="%%postfix_version%%" +LABEL org.opencontainers.image.url="https://www.opensuse.org" +LABEL org.opencontainers.image.created="%BUILDTIME%" +LABEL org.opencontainers.image.vendor="openSUSE Project" +LABEL org.opencontainers.image.source="%SOURCEURL%" +LABEL org.opensuse.reference="registry.opensuse.org/opensuse/postfix:%%postfix_version%%-%RELEASE%" +LABEL org.openbuildservice.disturl="%DISTURL%" +LABEL org.opensuse.lifecycle-url="https://en.opensuse.org/Lifetime#openSUSE_BCI" +LABEL org.opensuse.release-stage="released" +# endlabelprefix +LABEL io.artifacthub.package.readme-url="https://raw.githubusercontent.com/SUSE/BCI-dockerfile-generator/Tumbleweed/postfix-image/README.md" + +RUN set -euo pipefail; zypper -n in --no-recommends ca-certificates-mozilla cyrus-sasl cyrus-sasl-plain ed netcfg postfix postfix-ldap postfix-lmdb timezone mandoc spamassassin-spamc spamass-milter; zypper -n clean; rm -rf /var/log/{lastlog,tallylog,zypper.log,zypp/history,YaST2} +ENTRYPOINT ["/entrypoint/entrypoint.sh"] +CMD ["postfix", "start"] +EXPOSE 25 465 587 +RUN set -euo pipefail; mkdir -p /entrypoint/ldap +COPY entrypoint.sh /entrypoint/entrypoint.sh +RUN set -euo pipefail; chmod +x /entrypoint/entrypoint.sh +COPY smtpd_sender_login_maps virtual_alias_domains virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps /entrypoint/ldap/ +HEALTHCHECK --interval=5s --timeout=10s --start-period=30s --retries=3 CMD postfix status + +VOLUME /var/spool/postfix /var/spool/vmail /etc/pki diff --git a/README.md b/README.md new file mode 100644 index 0000000..f2f33f5 --- /dev/null +++ b/README.md @@ -0,0 +1,209 @@ +# Postfix container + +![Redistributable](https://img.shields.io/badge/Redistributable-Yes-green) + +- [Guide](#guide) + - [Create new postfix server](#create-new-postfix-server) +- [Supported environment variables](#supported-environment-variables) + - [Generic variables](#generic-variables) + - [SMTP related variables](#smtp-related-variables) + - [Activate additional checks](#activate-additional-checks) + - [Virtual mailbox related variables](#virtual-mailbox-related-variables) + - [LDAP related variables](#ldap-related-variables) +- [Data persistence volumes](#data-persistence-volumes) +- [Virtual domains and virtual users](#virtual-domains-and-virtual-users) + - [Environment Variables](#environment-variables) + - [Files](#files) +- [Mail delivery via LMTP](#mail-delivery-via-lmtp) + +## Guide + +### Create new postfix server + +By default a simple relayhost postfix instance is started. + +The command to run this container is: + +```sh +podman run -d --rm --name postfix -p 25:25 -e SMTP_RELAYHOST=smtp.example.com registry.opensuse.org/opensuse/postfix:%%postfix_version%% +``` + +In all examples, `podman` can be replaced directly with `docker`. + +## Supported environment variables +### Generic variables +- `DEBUG=[0|1]` Enables "set -x" in the entrypoint script. +- `TZ` Timezone to use in the container. + +### SMTP related variables +- `SERVER_HOSTNAME` Server hostname. Emails will appear to come from the hostname's domain. +- `SERVER_DOMAIN` If not set, the domain part of `SERVER_HOSTNAME` will be used. +- `SMTP_RELAYHOST` Name of the SMTP relay server to use. +- `SMTP_PORT=587` The relayhost port. +- `SMTP_USERNAME` Username to authenticate with on the relayserver. +- `SMTP_PASSWORD` Password of the SMTP user, alternative `SMTP_PASSWORD_FILE` could be used to point to a file with the password +- `SMTP_NETWORKS` Comma seperated subnets who are allowed to use the relay. E.g. `SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx, xxx.xxx.xxx.xxx/xx'`. 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are preset. +- `INET_PROTOCOLS` The network interface protocols used for connections. Valid values are "all", "ipv4", "ipv6" or "ipv4,ipv6". The default value is "ipv4". +- `MASQUERADE_DOMAINS` Comma separated list of domains that must have their subdomain structure stripped off. +- `MYDESTINATION` List of domains for which mails are delivered locally instead of forwarding to another machine. +- `NULLCLIENT=[0|1]` Don't accept any mails locally but relay them to a remote host. Ignored if `MYDESTINATION` is set. The default is `1`. +- `SMTP_TLS_SECURITY_LEVEL` SMTP TLS security level. The default is `may`. +- `LMTP=host` Host on which the lmtp service is running. This will disable the usage of the vmail user account. + +### Accepting mails on port 587 (submission) and 465 (submissions/smtps) +- `ENABLE_SUBMISSION=[0|1]` Enable submission port. The default is `0`. +- `ENABLE_SUBMISSIONS=[0|1]` Enable submissions/smtps port. This requires `SMTPD_USE_TLS=1`. The default is `0`. +- `SMTPD_USE_TLS=[0|1]` Enforce TLS. The default is `0`. +- `SMTPD_TLS_CRT=` Path to certificate, default `/etc/postfix/ssl/certs/tls.crt` +- `SMTPD_TLS_KEY=` Path to public key, default `/etc/postfix/ssl/certs/tls.key` + + + +### Virtual mailbox related variables +- `VIRTUAL_MBOX=[0|1]` Create virtual mail boxes in /var/spool/vmail owned by user vmail. +- `VMAIL_UID=5000` User ID and group ID of the vmail user for virtual domains and mailboxes. +- `VIRTUAL_DOMAINS=` Whitespace seperated list of virtual domains, will be written to `/etc/postfix/vhosts`. +- `VIRTUAL_USERS=` Whitespace seperated list of virtual users email addresses. + +### LDAP related variables +- `USE_LDAP=[0|1]` Use LDAP for virtual mail box user accounts. +- `LDAP_BASE_DN` LDAP base DN, defaults to `dc=example,dc=org`. +- `LDAP_SERVER_URL` LDAP Server URL, defaults to `ldap://localhost`. +- `LDAP_BIND_DN` DN to bind, defaults to `cn=mailAccountReader,ou=Manager,dc=example,dc=org` +- `LDAP_BIND_PASSWORD` The password for the distinguished name to bind (`LDAP_BIND_DN`) +- `LDAP_USE_TLS=[1|0]` Use TLS for LDAP queries, by default enabled. +- `LDAP_TLS_CA_CRT` LDAP SSL CA certificate. + +## Data persistence volumes +- `/var/spool/postfix` Postfix mail queues. A data volume should be used in order to save the queue content if the container restarts. +- `/var/spool/vmail` Virtual user mboxes. This directory contains the mails stored in Maildir format of the virtual users of the virtual domains. Everything is owned by the `vmail` user. +- `/etc/pki` PKI directories for CA certificates + +## Virtual domains and virtual users + +The environment variable `VIRTUAL_MBOX=1` will enable support for virtual +domains and virtual users. It can be used in conjunction with a relay host. + +Mails for virtual domains and users are stored in Maildir format in +`/var/spool/vmail` inside the container. To not loose the mail, this directory +should be a persistence volume. +`VMAIL_UID` specifies the UID and GID which owns all files below this +directory. This makes sure, that the container is using the same UID/GID as +the Container Host OS for the files and not regular users are owning this +files and can read and modify them. The default UID/GID is `5000`. + +There are three ways to provide the data for virtual domains and users, via +environment variables, files or LDAP. + +### Environment Variables + +Beside the already mentioned environment variables, two futher variables +define the virtual domains and the virtual users. +`VIRTUAL_DOMAINS="example.com example2.com example3.com"` is a whitespace +seperated list which can contain one or more virtual domains. For every +domain, an own directory below `/var/spool/vmail` will be created. +`VIRTUAL_USERS="user1@example.com user@example3.com user2@example.com"` +Whitespace seperated list of virtual users email addresses. + +The example call: +```sh +podman run -d --rm --name postfix -p "25:25" \ + -e VIRTUAL_MBOX=1 \ + -e VMAIL_UID=5000 \ + -e VIRTUAL_DOMAINS="example.com example1.com" \ + -e VIRTUAL_USERS="user1@example.com user2@example.com user@example1.com" \ + -e SERVER_HOSTNAME=smtp.example.com \ + -e SMTP_RELAYHOST=relay.example.com \ + -e SMTP_USERNAME=mailer \ + -e SMTP_PASSWORD='XXX' \ + -v "/srv/postfix/vmail:/var/spool/vmail:Z" \ + registry.opensuse.org/opensuse/postfix:%%postfix_version%% +``` + +Will store the mails for the users `user1@example.com`, `user2@example.com`, +`user@example1.com` into the directories inside of the container: +- `/var/spool/vmail/example.com/user1/` +- `/var/spool/vmail/example.com/user2/` +- `/var/spool/vmail/example1.com/user/` + +and outside the container: +- `/srv/postfix/vmail/example.com/user1/` +- `/srv/postfix/vmail/example.com/user2/` +- `/srv/postfix/vmail/example1.com/user/` + +owned by the user `vmail` with UID and GID `5000`. All other mails are +forwarded to the relay `relay.example.com` with the account `mailer` and the +password `XXX`. + +### Files + +Instead of maintaining a long list of environment variables, the configuration +files could also be provided and mapped into /etc/postfix of the container. + +`/etc/postfix/vhosts` contains the list of virtual domains seperated by +newlines: + +``` +example.com +example1.com +``` + +`/etc/postfix/vmaps` contains the list of the virtual users, where to store +them below the vmail directory and if mbox format or Maildir should be used. +For Maildir, the configuration file for the above example would look like: +``` +user1@example.com example.com/user1/ +user2@example.com example.com/user2/ +user@example1.com example1.com/user/ +``` +For mbox format, the trailing '/' needs to be removed. + +Additional a `/etc/postfix/vquota` file is required, which contains the quota +of the virtual users mailbox. To disable it, the file would look like: +``` +user1@example.com 0 +user2@example.com 0 +user@example1.com 0 +``` + +The example call: +```sh +podman run -d --rm --name postfix -p 25:25 \ + -e VIRTUAL_MBOX=1 \ + -e VMAIL_UID=5000 \ + -e SERVER_HOSTNAME=smtp.example.com \ + -e SMTP_RELAYHOST=relay.example.com \ + -e SMTP_USERNAME=mailer \ + -e SMTP_PASSWORD='XXX' \ + -v "/srv/postfix/vmail:/var/spool/vmail:z" \ + -v "/srv/postfix/etc/vhosts:/etc/postfix/vhosts:z,ro" \ + -v "/srv/postfix/etc/vmaps:/etc/postfix/vmaps:z,ro" \ + -v "/srv/postfix/etc/vquota:/etc/postfix/vquota:z,ro" \ + registry.opensuse.org/opensuse/postfix:%%postfix_version%% +``` + +### LDAP + +With LDAP (use `VIRTUAL_MBOX=1` and `USE_LDAP=1`) the postfix schema is used: `maildrop` is the real email address, while `mailacceptinggeneralid` are aliases. +If the `VIRTUAL_DOMAINS` environment variable is not set, the virtual domains are take from the email addresses used in `mailacceptinggeneralid`. In this case, +the email domains of the aliases must be different then the one of `maildrop`. If the virtual domains are specified with `VIRTUAL_DOMAINS`, `mailacceptinggeneralid` +are handled as normal mail aliases and the domain could be the same as for `maildrop`. + +## Mail delivery via LMTP + +To deliver the mails via a LMTP service, the container needs to know the host +on which such a service is running: + +```sh +podman run -d --rm --name postfix -p 25:25 -e MYDESTINATION=example.com -e LMTP=lmtp.example.com registry.opensuse.org/opensuse/postfix:%%postfix_version%% +``` + +## Licensing + +`SPDX-License-Identifier: MIT` + +This documentation and the build recipe are licensed as MIT. +The container itself contains various software components under various open source licenses listed in the associated +Software Bill of Materials (SBOM). + +This image is based on [openSUSE Tumbleweed](https://get.opensuse.org/tumbleweed/). diff --git a/_service b/_service new file mode 100644 index 0000000..3983c94 --- /dev/null +++ b/_service @@ -0,0 +1,10 @@ + + + + + Dockerfile + %%postfix_version%% + postfix + minor + + \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh new file mode 100644 index 0000000..b30ffd7 --- /dev/null +++ b/entrypoint.sh @@ -0,0 +1,449 @@ +#!/bin/bash + +DEBUG=${DEBUG:-"0"} + +[ "${DEBUG}" = "1" ] && set -x + +VIRTUAL_MBOX=${VIRTUAL_MBOX:-"0"} +USE_LDAP=${USE_LDAP:-"0"} +NULLCLIENT=${NULLCLIENT:-"1"} +ENABLE_SUBMISSION=${ENABLE_SUBMISSION:-"0"} +ENABLE_SUBMISSIONS=${ENABLE_SUBMISSIONS:-"0"} + +export PATH=/usr/sbin:/sbin:${PATH} + +setup_timezone() { + if [ -n "$TZ" ]; then + TZ_FILE="/usr/share/zoneinfo/$TZ" + if [ -f "$TZ_FILE" ]; then + echo "Setting container timezone to: $TZ" + ln -snf "$TZ_FILE" /etc/localtime + else + echo "Cannot set timezone \"$TZ\": timezone does not exist." + fi + fi +} + +set_config_value() { + local failed + key=${1} + value=${2} + + echo "Setting configuration option \"${key}\" with value \"${value}\"" + postconf -e "${key} = ${value}" || failed=1 + if [ "$failed" ]; then + echo "ERROR: postconf -e ${key} ${value} failed!" + exit 1 + fi +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'SMTP_PASSWORD' 'example' +# (will allow for "$SMTP_PASSWORD_FILE" to fill in the value of +# "$SMTP_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + var="$1" + fileVar="${var}_FILE" + def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +update_db() { + local failed + + while test "x$1" != "x" ; do + pfmap=/etc/postfix/${1} + test -e "${pfmap}" && \ + if test "${pfmap}" -nt "${pfmap}.lmdb" -o ! -e "${pfmap}.lmdb" ; then + echo "rebuilding ${pfmap}.lmdb" + postmap "${pfmap}" || failed=1 + if [ "$failed" ]; then + echo "ERROR: postmap ${pfmap} failed!" + exit 1 + fi + fi + shift + done +} + +setup_aliases() { + local failed + + get_alias_maps() { + test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" != "/etc/aliases.d/*" && \ + for i in $(find /etc/aliases.d -maxdepth 1 -type f \ + '!' -regex ".*\.\(db\|rpmsave\|rpmorig\)" \ + '!' -regex ".*/\(\.\|#\).*" \ + '!' -regex ".*~$") ; do + echo -n "$i "; + done + } + + echo "Building /etc/aliases.lmdb." + set_config_value "alias_database" "lmdb:/etc/aliases" + /usr/bin/newaliases + + ALLMAPS="lmdb:/etc/aliases" + for i in $(get_alias_maps); do + ALLMAPS="${ALLMAPS}, lmdb:$i" + echo "Building $i.lmdb" + postalias "${i}" || failed=1 + if [ "${failed}" ]; then + echo "ERROR: postalias ${i} failed!" + exit 1 + fi + done + set_config_value "alias_maps" "${ALLMAPS}" +} + +setup_network() { + if [ -n "${INET_PROTOCOLS}" ]; then + set_config_value "inet_protocols" "{$INET_PROTOCOLS}" + else + # XXX Containers have ipv6 addresses, but not routeable + #if ip addr show dev lo | grep -q inet6 ; then + # set_config_value "inet_protocols" "all" + #else + set_config_value "inet_protocols" "ipv4" + #fi + fi + + # Always allow private networks, we are running in a container... + networks='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' + if [ -n "${SMTP_NETWORKS}" ]; then + networks+=", ${SMTP_NETWORKS}" + fi + set_config_value "mynetworks" "${networks}" +} + +setup_relayhost() { + if [ -n "${SMTP_RELAYHOST}" ]; then + SMTP_PORT="${SMTP_PORT:-587}" + set_config_value "relayhost" "${SMTP_RELAYHOST}:${SMTP_PORT}" + + if [ "${NULLCLIENT}" -eq "1" ] && [ -z "${MYDESTINATION}" ] ; then + set_config_value "mydestination" "" + fi + fi + + if [ -n "${SMTP_USERNAME}" ]; then + file_env 'SMTP_PASSWORD' + if [ -z "${SMTP_PASSWORD}" ]; then + echo "SMTP_PASSWORD is not set" + exit 1 + fi + # Add auth credentials to sasl_passwd + echo "Adding SASL authentication configuration" + echo "${SMTP_RELAYHOST} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd + update_db sasl_passwd + set_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd" + set_config_value "smtp_sasl_auth_enable" "yes" + set_config_value "smtp_sasl_security_options" "noanonymous" + fi + + if [ -n "${MASQUERADE_DOMAINS}" ]; then + set_config_value "masquerade_domains" "${MASQUERADE_DOMAINS}" + # Requires since postfix 2.2 + set_config_value "local_header_rewrite_clients" "static:all" + fi +} + +setup_submission() { + SMTPD_USE_TLS=${SMTPD_USE_TLS:-"0"} + + if [ "${ENABLE_SUBMISSION}" -eq "1" ]; then + echo "Enable submission port" + + echo "submission inet n - n - - smtpd" >> /etc/postfix/master.cf + echo " -o syslog_name=postfix/submission" >> /etc/postfix/master.cf + + if [ "${SMTPD_USE_TLS}" -eq "1" ]; then + echo " -o smtpd_tls_security_level=encrypt" >> /etc/postfix/master.cf + echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf + #echo " -o smtpd_client_restrictions=permit_sasl_authenticated,reject" >> /etc/postfix/master.cf + fi + fi + + if [ "${ENABLE_SUBMISSIONS}" -eq "1" ]; then + if [ "${SMTPD_USE_TLS}" -eq "1" ]; then + echo "Enable submissions port" + + echo "smtps inet n - n - - smtpd" >> /etc/postfix/master.cf + echo " -o syslog_name=postfix/smtps" >> /etc/postfix/master.cf + echo " -o smtpd_tls_wrappermode=yes" >> /etc/postfix/master.cf + echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf + else + echo "WARNING: ENABLE_SUBMISSIONS requires SMTPD_USE_TLS, ignoring!" + fi + fi + + if [ "${SMTPD_USE_TLS}" -eq "1" ]; then + echo "Enable TLS for smtpd" + + SMTPD_TLS_CRT=${SMTPD_TLS_CRT:-"/etc/postfix/ssl/certs/tls.crt"} + SMTPD_TLS_KEY=${SMTPD_TLS_KEY:-"/etc/postfix/ssl/certs/tls.key"} + + set_config_value "smtpd_use_tls" "yes" + set_config_value "smtpd_tls_CApath" "/etc/ssl/certs" + set_config_value "smtpd_tls_cert_file" "${SMTPD_TLS_CRT}" + set_config_value "smtpd_tls_key_file" "${SMTPD_TLS_KEY}" + fi +} + +setup_vhosts() { + if [ "${USE_LDAP}" -eq "1" ]; then + LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=org"} + LDAP_SERVER_URL=${LDAP_SERVER_URL:-"ldap://localhost"} + LDAP_USE_TLS=${LDAP_USE_TLS:-"1"} + LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=mailAccountReader,ou=Manager,${LDAP_BASE_DN}"} + file_env LDAP_BIND_PASSWORD + if [ -z "${LDAP_BIND_PASSWORD}" ]; then + echo "LDAP_BIND_PASSWORD is not set" + exit 1 + fi + + # Adjust LDAP variables + mkdir -p /etc/postfix/ldap + for map in smtpd_sender_login_maps virtual_alias_domains virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps ; do + sed -e "s|@LDAP_BASE_DN@|${LDAP_BASE_DN}|g" \ + -e "s|@LDAP_SERVER_URL@|${LDAP_SERVER_URL}|g" \ + -e "s|@LDAP_BIND_DN@|${LDAP_BIND_DN}|g" \ + -e "s|@LDAP_BIND_PASSWORD@|${LDAP_BIND_PASSWORD}|g" \ + "/entrypoint/ldap/${map}" > "/etc/postfix/ldap/${map}" + if [ "${LDAP_USE_TLS}" = "1" ]; then + sed -i -e 's|^start_tls.*|start_tls = yes|g' "/etc/postfix/ldap/${map}" + else + sed -i -e 's|^start_tls.*|start_tls = no|g' "/etc/postfix/ldap/${map}" + fi + if [ -n "${LDAP_TLS_CA_CRT}" ]; then + sed -i -e "s|^#tls_ca_cert_file =.*|tls_ca_cert_file = ${LDAP_TLS_CA_CRT}|g" "/etc/postfix/ldap/${map}" + fi + done + + # Don't use VIRUAL_DOMAINS and ldap:virtual_alias_domains at the same time, postfix does + # not like this + if [ -z "${VIRTUAL_DOMAINS}" ]; then + set_config_value "virtual_alias_domains" "ldap:/etc/postfix/ldap/virtual_alias_domains" + fi + set_config_value "virtual_alias_maps" "ldap:/etc/postfix/ldap/virtual_alias_maps" + set_config_value "virtual_mailbox_maps" "ldap:/etc/postfix/ldap/virtual_mailbox_maps" + set_config_value "smtpd_sender_login_maps" "ldap:/etc/postfix/ldap/smtpd_sender_login_maps" + else + set_config_value "virtual_mailbox_maps" "lmdb:/etc/postfix/vmaps" + set_config_value "virtual_mailbox_limit_maps" "lmdb:/etc/postfix/vquota" + + # Only create vmaps if not provided by admin + if [ ! -f /etc/postfix/vmaps ]; then + for mail in ${VIRTUAL_USERS} ; do + user=${mail%@*} + domain=${mail#*@} + echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps + echo "${mail} 0" >> /etc/postfix/vquota + done + fi + update_db vquota + fi + + set_config_value "virtual_mailbox_domains" "/etc/postfix/vhosts" + # Only create vhosts if not provided by admin + if [ ! -f /etc/postfix/vhosts ]; then + if [ -n "${VIRTUAL_DOMAINS}" ]; then + for d in ${VIRTUAL_DOMAINS}; do + echo "$d" >> /etc/postfix/vhosts + done + elif [ -n "${SERVER_DOMAIN}" ]; then + echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts + else + touch /etc/postfix/vhosts + fi + fi + update_db vmaps + + if [ -n "${LMTP}" ]; then + # Use LMTP to deliver the mail to the user + + set_config_value "virtual_transport" "lmtp:${LMTP}:24" + else + # Store mails local below /var/spool/vmail + + # Create the vmail user with the requested UID, else 5000 + VMAIL_UID="${VMAIL_UID:-5000}" + if [ -x /usr/sbin/adduser ]; then + adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u "${VMAIL_UID}" -s /sbin/nologin vmail + else + useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u "${VMAIL_UID}" vmail + fi + if [ $? -ne 0 ]; then + echo "ERROR: creating of vmail user failed! Aborting." + exit 1 + fi + + if [ ! -d /var/spool/vmail ]; then + mkdir -p /var/spool/vmail + chown vmail:vmail /var/spool/vmail + chmod 775 /var/spool/vmail + fi + + set_config_value "virtual_mailbox_base" "/var/spool/vmail" + set_config_value "virtual_minimum_uid" "1000" + set_config_value "virtual_uid_maps" "static:${VMAIL_UID}" + set_config_value "virtual_gid_maps" "static:${VMAIL_UID}" + set_config_value "home_mailbox" "Maildir/" + # XXX make this configureable and adjust message_size_limit + set_config_value "virtual_mailbox_limit" "0" + set_config_value "mailbox_size_limit" "0" # "51200000" + set_config_value "message_size_limit" "0" # "10240000" + fi +} + +configure_postfix() { + + setup_network + + if [ -n "${SERVER_HOSTNAME}" ]; then + if [ -z "${SERVER_DOMAIN}" ]; then + SERVER_DOMAIN=$(echo "${SERVER_HOSTNAME}" | cut -d"." -f2-) + fi + set_config_value "myhostname" "${SERVER_HOSTNAME}" + set_config_value "mydomain" "${SERVER_DOMAIN}" + fi + + # Generic settings + ## Use lmdb instead of "hash" to get rid of BDB + set_config_value "default_database_type" "lmdb" + sed -i -e 's|hash:|lmdb:|g' /etc/postfix/main.cf + ## TLS + if [ -n "${SMTP_TLS_WRAPPERMODE}" ]; then + set_config_value "smtp_tls_wrappermode" "${SMTP_TLS_WRAPPERMODE}" + fi + SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL:-"may"} + set_config_value "smtp_tls_security_level" "${SMTP_TLS_SECURITY_LEVEL}" + set_config_value "smtp_tls_CApath" "/etc/postfix/ssl/cacerts" + ## Debug only: + # set_config_value "smtp_tls_loglevel" "2" + + if [ "${VIRTUAL_MBOX}" -eq "1" ]; then + setup_vhosts + fi + if [ -n "${MYDESTINATION}" ]; then + set_config_value "mydestination" "${MYDESTINATION}" + else + set_config_value "mydestination" "\$myhostname, localhost.\$mydomain, localhost" + fi + setup_submission + setup_relayhost + + # Add maps to config and create database + for i in canonical relocated sender_canonical transport virtual; do + set_config_value "${i}_maps" "lmdb:/etc/postfix/${i}" + update_db "${i}" + done + set_config_value "smtpd_sender_restrictions" "lmdb:/etc/postfix/access" + # Generate and update maps + update_db access relay relay_recipients + + setup_aliases +} + +setup_spamassassin() { + if [ -n "${SPAMASSASSIN_HOST}" ]; then + set_config_value "smtpd_milters" "unix:/run/spamass-milter/socket" + fi +} + +terminate() { + base=$(basename "$1") + pid=$(/bin/pidof "$base") + + if [ -n "$pid" ]; then + echo "Terminating $base..." + if kill "$pid" ; then + echo "Terminating $base failed!" + fi + else + echo "Failure determining PID of $base" + fi +} + +init_trap() { + trap stop_daemons TERM INT +} + +stop_spamassassin() { + terminate /usr/sbin/spamass-milter +} + +stop_postfix() { + + typeset -i sec=$1 + typeset -i ms=$((sec*100)) + + ( while ! pidof qmgr > /dev/null 2>&1 ; do + ((ms-- <= 0)) && break + usleep 10000 + done + exec postfix flush + ) > /dev/null 2>&1 & + + postfix stop + terminate /usr/sbin/syslogd +} + +stop_daemons() { + stop_postfix "$@" + stop_spamassassin +} + +start_daemons() { + # Don't start syslogd in background while starting it in the background... + # Logging to stdout does not work else. + /usr/sbin/syslogd -n -S -O - & + if [ -n "${SPAMASSASSIN_HOST}" ]; then + mkdir /run/spamass-milter + chown sa-milter:postfix /run/spamass-milter + chmod 751 /run/spamass-milter + su sa-milter -s /bin/sh -c "/usr/sbin/spamass-milter -p /run/spamass-milter/socket -g postfix -f -- -d ${SPAMASSASSIN_HOST}" + fi + "$@" +} + +# +# Main +# + +# if command starts with an option, prepend postfix +if [ "${1:0:1}" = '-' ]; then + set -- postfix start "$@" +fi + +init_trap +setup_timezone +# Update certificates if /etc/pki is mounted from the host +update-ca-certificates +# configure postfix even if postfix will not be started, to +# allow to see the result with postconf for debugging/testing. +configure_postfix +setup_spamassassin + +# If host mounting /var/spool/postfix, we need to delete the old pid file +# before starting services +rm -f /var/spool/postfix/pid/master.pid + +if [ "$1" = 'postfix' ]; then + start_daemons "$@" + echo "postfix running and ready" + sleep infinity & wait $! +else + exec "$@" +fi diff --git a/entrypoint.sles.sh b/entrypoint.sles.sh new file mode 100644 index 0000000..f0f5ba9 --- /dev/null +++ b/entrypoint.sles.sh @@ -0,0 +1,431 @@ +#!/bin/bash + +DEBUG=${DEBUG:-"0"} + +[ "${DEBUG}" = "1" ] && set -x + +VIRTUAL_MBOX=${VIRTUAL_MBOX:-"0"} +USE_LDAP=${USE_LDAP:-"0"} +NULLCLIENT=${NULLCLIENT:-"1"} +ENABLE_SUBMISSION=${ENABLE_SUBMISSION:-"0"} +ENABLE_SUBMISSIONS=${ENABLE_SUBMISSIONS:-"0"} + +export PATH=/usr/sbin:/sbin:${PATH} + +setup_timezone() { + if [ -n "$TZ" ]; then + TZ_FILE="/usr/share/zoneinfo/$TZ" + if [ -f "$TZ_FILE" ]; then + echo "Setting container timezone to: $TZ" + ln -snf "$TZ_FILE" /etc/localtime + else + echo "Cannot set timezone \"$TZ\": timezone does not exist." + fi + fi +} + +set_config_value() { + local failed + key=${1} + value=${2} + + echo "Setting configuration option \"${key}\" with value \"${value}\"" + postconf -e "${key} = ${value}" || failed=1 + if [ "$failed" ]; then + echo "ERROR: postconf -e ${key} ${value} failed!" + exit 1 + fi +} + +# usage: file_env VAR [DEFAULT] +# ie: file_env 'SMTP_PASSWORD' 'example' +# (will allow for "$SMTP_PASSWORD_FILE" to fill in the value of +# "$SMTP_PASSWORD" from a file, especially for Docker's secrets feature) +file_env() { + var="$1" + fileVar="${var}_FILE" + def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + echo >&2 "error: both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + export "$var"="$val" + unset "$fileVar" +} + +update_db() { + local failed + + while test "x$1" != "x" ; do + pfmap=/etc/postfix/${1} + test -e "${pfmap}" && \ + if test "${pfmap}" -nt "${pfmap}.lmdb" -o ! -e "${pfmap}.lmdb" ; then + echo "rebuilding ${pfmap}.lmdb" + postmap "${pfmap}" || failed=1 + if [ "$failed" ]; then + echo "ERROR: postmap ${pfmap} failed!" + exit 1 + fi + fi + shift + done +} + +setup_aliases() { + local failed + + get_alias_maps() { + test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" != "/etc/aliases.d/*" && \ + for i in $(find /etc/aliases.d -maxdepth 1 -type f \ + '!' -regex ".*\.\(db\|rpmsave\|rpmorig\)" \ + '!' -regex ".*/\(\.\|#\).*" \ + '!' -regex ".*~$") ; do + echo -n "$i "; + done + } + + echo "Building /etc/aliases.lmdb." + set_config_value "alias_database" "lmdb:/etc/aliases" + /usr/bin/newaliases + + ALLMAPS="lmdb:/etc/aliases" + for i in $(get_alias_maps); do + ALLMAPS="${ALLMAPS}, lmdb:$i" + echo "Building $i.lmdb" + postalias "${i}" || failed=1 + if [ "${failed}" ]; then + echo "ERROR: postalias ${i} failed!" + exit 1 + fi + done + set_config_value "alias_maps" "${ALLMAPS}" +} + +setup_network() { + if [ -n "${INET_PROTOCOLS}" ]; then + set_config_value "inet_protocols" "{$INET_PROTOCOLS}" + else + # XXX Containers have ipv6 addresses, but not routeable + #if ip addr show dev lo | grep -q inet6 ; then + # set_config_value "inet_protocols" "all" + #else + set_config_value "inet_protocols" "ipv4" + #fi + fi + + # Always allow private networks, we are running in a container... + networks='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16' + if [ -n "${SMTP_NETWORKS}" ]; then + networks+=", ${SMTP_NETWORKS}" + fi + set_config_value "mynetworks" "${networks}" +} + +setup_relayhost() { + if [ -n "${SMTP_RELAYHOST}" ]; then + SMTP_PORT="${SMTP_PORT:-587}" + set_config_value "relayhost" "${SMTP_RELAYHOST}:${SMTP_PORT}" + + if [ "${NULLCLIENT}" -eq "1" ] && [ -z "${MYDESTINATION}" ] ; then + set_config_value "mydestination" "" + fi + fi + + if [ -n "${SMTP_USERNAME}" ]; then + file_env 'SMTP_PASSWORD' + if [ -z "${SMTP_PASSWORD}" ]; then + echo "SMTP_PASSWORD is not set" + exit 1 + fi + # Add auth credentials to sasl_passwd + echo "Adding SASL authentication configuration" + echo "${SMTP_RELAYHOST} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd + update_db sasl_passwd + set_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd" + set_config_value "smtp_sasl_auth_enable" "yes" + set_config_value "smtp_sasl_security_options" "noanonymous" + fi + + if [ -n "${MASQUERADE_DOMAINS}" ]; then + set_config_value "masquerade_domains" "${MASQUERADE_DOMAINS}" + # Requires since postfix 2.2 + set_config_value "local_header_rewrite_clients" "static:all" + fi +} + +setup_submission() { + SMTPD_USE_TLS=${SMTPD_USE_TLS:-"0"} + + if [ "${ENABLE_SUBMISSION}" -eq "1" ]; then + echo "Enable submission port" + + echo "submission inet n - n - - smtpd" >> /etc/postfix/master.cf + echo " -o syslog_name=postfix/submission" >> /etc/postfix/master.cf + + if [ "${SMTPD_USE_TLS}" -eq "1" ]; then + echo " -o smtpd_tls_security_level=encrypt" >> /etc/postfix/master.cf + echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf + #echo " -o smtpd_client_restrictions=permit_sasl_authenticated,reject" >> /etc/postfix/master.cf + fi + fi + + if [ "${ENABLE_SUBMISSIONS}" -eq "1" ]; then + if [ "${SMTPD_USE_TLS}" -eq "1" ]; then + echo "Enable submissions port" + + echo "smtps inet n - n - - smtpd" >> /etc/postfix/master.cf + echo " -o syslog_name=postfix/smtps" >> /etc/postfix/master.cf + echo " -o smtpd_tls_wrappermode=yes" >> /etc/postfix/master.cf + echo " -o smtpd_sasl_auth_enable=no" >> /etc/postfix/master.cf + else + echo "WARNING: ENABLE_SUBMISSIONS requires SMTPD_USE_TLS, ignoring!" + fi + fi + + if [ "${SMTPD_USE_TLS}" -eq "1" ]; then + echo "Enable TLS for smtpd" + + SMTPD_TLS_CRT=${SMTPD_TLS_CRT:-"/etc/postfix/ssl/certs/tls.crt"} + SMTPD_TLS_KEY=${SMTPD_TLS_KEY:-"/etc/postfix/ssl/certs/tls.key"} + + set_config_value "smtpd_use_tls" "yes" + set_config_value "smtpd_tls_CApath" "/etc/ssl/certs" + set_config_value "smtpd_tls_cert_file" "${SMTPD_TLS_CRT}" + set_config_value "smtpd_tls_key_file" "${SMTPD_TLS_KEY}" + fi +} + +setup_vhosts() { + if [ "${USE_LDAP}" -eq "1" ]; then + LDAP_BASE_DN=${LDAP_BASE_DN:-"dc=example,dc=org"} + LDAP_SERVER_URL=${LDAP_SERVER_URL:-"ldap://localhost"} + LDAP_USE_TLS=${LDAP_USE_TLS:-"1"} + LDAP_BIND_DN=${LDAP_BIND_DN:-"cn=mailAccountReader,ou=Manager,${LDAP_BASE_DN}"} + file_env LDAP_BIND_PASSWORD + if [ -z "${LDAP_BIND_PASSWORD}" ]; then + echo "LDAP_BIND_PASSWORD is not set" + exit 1 + fi + + # Adjust LDAP variables + mkdir -p /etc/postfix/ldap + for map in smtpd_sender_login_maps virtual_alias_domains virtual_alias_maps virtual_gid_maps virtual_mailbox_maps virtual_uid_maps ; do + sed -e "s|@LDAP_BASE_DN@|${LDAP_BASE_DN}|g" \ + -e "s|@LDAP_SERVER_URL@|${LDAP_SERVER_URL}|g" \ + -e "s|@LDAP_BIND_DN@|${LDAP_BIND_DN}|g" \ + -e "s|@LDAP_BIND_PASSWORD@|${LDAP_BIND_PASSWORD}|g" \ + "/entrypoint/ldap/${map}" > "/etc/postfix/ldap/${map}" + if [ "${LDAP_USE_TLS}" = "1" ]; then + sed -i -e 's|^start_tls.*|start_tls = yes|g' "/etc/postfix/ldap/${map}" + else + sed -i -e 's|^start_tls.*|start_tls = no|g' "/etc/postfix/ldap/${map}" + fi + if [ -n "${LDAP_TLS_CA_CRT}" ]; then + sed -i -e "s|^#tls_ca_cert_file =.*|tls_ca_cert_file = ${LDAP_TLS_CA_CRT}|g" "/etc/postfix/ldap/${map}" + fi + done + + # Don't use VIRUAL_DOMAINS and ldap:virtual_alias_domains at the same time, postfix does + # not like this + if [ -z "${VIRTUAL_DOMAINS}" ]; then + set_config_value "virtual_alias_domains" "ldap:/etc/postfix/ldap/virtual_alias_domains" + fi + set_config_value "virtual_alias_maps" "ldap:/etc/postfix/ldap/virtual_alias_maps" + set_config_value "virtual_mailbox_maps" "ldap:/etc/postfix/ldap/virtual_mailbox_maps" + set_config_value "smtpd_sender_login_maps" "ldap:/etc/postfix/ldap/smtpd_sender_login_maps" + else + set_config_value "virtual_mailbox_maps" "lmdb:/etc/postfix/vmaps" + set_config_value "virtual_mailbox_limit_maps" "lmdb:/etc/postfix/vquota" + + # Only create vmaps if not provided by admin + if [ ! -f /etc/postfix/vmaps ]; then + for mail in ${VIRTUAL_USERS} ; do + user=${mail%@*} + domain=${mail#*@} + echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps + echo "${mail} 0" >> /etc/postfix/vquota + done + fi + update_db vquota + fi + + set_config_value "virtual_mailbox_domains" "/etc/postfix/vhosts" + # Only create vhosts if not provided by admin + if [ ! -f /etc/postfix/vhosts ]; then + if [ -n "${VIRTUAL_DOMAINS}" ]; then + for d in ${VIRTUAL_DOMAINS}; do + echo "$d" >> /etc/postfix/vhosts + done + elif [ -n "${SERVER_DOMAIN}" ]; then + echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts + else + touch /etc/postfix/vhosts + fi + fi + update_db vmaps + + if [ -n "${LMTP}" ]; then + # Use LMTP to deliver the mail to the user + + set_config_value "virtual_transport" "lmtp:${LMTP}:24" + else + # Store mails local below /var/spool/vmail + + # Create the vmail user with the requested UID, else 5000 + VMAIL_UID="${VMAIL_UID:-5000}" + if [ -x /usr/sbin/adduser ]; then + adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u "${VMAIL_UID}" -s /sbin/nologin vmail + else + useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u "${VMAIL_UID}" vmail + fi + if [ $? -ne 0 ]; then + echo "ERROR: creating of vmail user failed! Aborting." + exit 1 + fi + + if [ ! -d /var/spool/vmail ]; then + mkdir -p /var/spool/vmail + chown vmail:vmail /var/spool/vmail + chmod 775 /var/spool/vmail + fi + + set_config_value "virtual_mailbox_base" "/var/spool/vmail" + set_config_value "virtual_minimum_uid" "1000" + set_config_value "virtual_uid_maps" "static:${VMAIL_UID}" + set_config_value "virtual_gid_maps" "static:${VMAIL_UID}" + set_config_value "home_mailbox" "Maildir/" + # XXX make this configureable and adjust message_size_limit + set_config_value "virtual_mailbox_limit" "0" + set_config_value "mailbox_size_limit" "0" # "51200000" + set_config_value "message_size_limit" "0" # "10240000" + fi +} + +configure_postfix() { + + setup_network + + if [ -n "${SERVER_HOSTNAME}" ]; then + if [ -z "${SERVER_DOMAIN}" ]; then + SERVER_DOMAIN=$(echo "${SERVER_HOSTNAME}" | cut -d"." -f2-) + fi + set_config_value "myhostname" "${SERVER_HOSTNAME}" + set_config_value "mydomain" "${SERVER_DOMAIN}" + fi + + # Generic settings + ## Use lmdb instead of "hash" to get rid of BDB + set_config_value "default_database_type" "lmdb" + sed -i -e 's|hash:|lmdb:|g' /etc/postfix/main.cf + ## TLS + if [ -n "${SMTP_TLS_WRAPPERMODE}" ]; then + set_config_value "smtp_tls_wrappermode" "${SMTP_TLS_WRAPPERMODE}" + fi + SMTP_TLS_SECURITY_LEVEL=${SMTP_TLS_SECURITY_LEVEL:-"may"} + set_config_value "smtp_tls_security_level" "${SMTP_TLS_SECURITY_LEVEL}" + set_config_value "smtp_tls_CApath" "/etc/postfix/ssl/cacerts" + ## Debug only: + # set_config_value "smtp_tls_loglevel" "2" + + if [ "${VIRTUAL_MBOX}" -eq "1" ]; then + setup_vhosts + fi + if [ -n "${MYDESTINATION}" ]; then + set_config_value "mydestination" "${MYDESTINATION}" + else + set_config_value "mydestination" "\$myhostname, localhost.\$mydomain, localhost" + fi + setup_submission + setup_relayhost + + # Add maps to config and create database + for i in canonical relocated sender_canonical transport virtual; do + set_config_value "${i}_maps" "lmdb:/etc/postfix/${i}" + update_db "${i}" + done + set_config_value "smtpd_sender_restrictions" "lmdb:/etc/postfix/access" + # Generate and update maps + update_db access relay relay_recipients + + setup_aliases +} + +terminate() { + base=$(basename "$1") + pid=$(/bin/pidof "$base") + + if [ -n "$pid" ]; then + echo "Terminating $base..." + if kill "$pid" ; then + echo "Terminating $base failed!" + fi + else + echo "Failure determining PID of $base" + fi +} + +init_trap() { + trap stop_daemons TERM INT +} + +stop_postfix() { + + typeset -i sec=$1 + typeset -i ms=$((sec*100)) + + ( while ! pidof qmgr > /dev/null 2>&1 ; do + ((ms-- <= 0)) && break + usleep 10000 + done + exec postfix flush + ) > /dev/null 2>&1 & + + postfix stop + terminate /usr/sbin/syslogd +} + +stop_daemons() { + stop_postfix "$@" +} + +start_daemons() { + # Don't start syslogd in background while starting it in the background... + # Logging to stdout does not work else. + /usr/sbin/syslogd -n -S -O - "$@" +} + +# +# Main +# + +# if command starts with an option, prepend postfix +if [ "${1:0:1}" = '-' ]; then + set -- postfix start "$@" +fi + +init_trap +setup_timezone +# Update certificates if /etc/pki is mounted from the host +update-ca-certificates +# configure postfix even if postfix will not be started, to +# allow to see the result with postconf for debugging/testing. +configure_postfix + +# If host mounting /var/spool/postfix, we need to delete the old pid file +# before starting services +rm -f /var/spool/postfix/pid/master.pid + +if [ "$1" = 'postfix' ]; then + start_daemons "$@" + echo "postfix running and ready" + echo "[info] refer to postfix manual pages at https://www.postfix.org/postfix-manuals.html" + sleep infinity & wait $! +else + exec "$@" +fi diff --git a/postfix-image.changes b/postfix-image.changes new file mode 100644 index 0000000..696eee9 --- /dev/null +++ b/postfix-image.changes @@ -0,0 +1,24 @@ +------------------------------------------------------------------- +Thu Aug 8 16:43:43 UTC 2024 - Dirk Mueller + +- remove oci reference annotation again + +------------------------------------------------------------------- +Mon Aug 5 11:38:13 UTC 2024 - Dirk Mueller + +- add OCI reference annotation + +------------------------------------------------------------------- +Sat Aug 3 08:56:51 UTC 2024 - Dirk Mueller + +- set OCI.authors attribute instead of deprecated MAINTAINER + +------------------------------------------------------------------- +Wed Jul 31 12:06:45 UTC 2024 - Dirk Mueller + +- set specific lifecycle url for openSUSE BCI + +------------------------------------------------------------------- +Thu Jul 25 17:02:08 UTC 2024 - SUSE Update Bot + +- First version of the Postfix BCI diff --git a/smtpd_sender_login_maps b/smtpd_sender_login_maps new file mode 100644 index 0000000..2adf66d --- /dev/null +++ b/smtpd_sender_login_maps @@ -0,0 +1,15 @@ +server_host = @LDAP_SERVER_URL@ +start_tls = no +version = 3 +#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem +tls_require_cert = yes + +bind = yes +bind_dn = @LDAP_BIND_DN@ +bind_pw = @LDAP_BIND_PASSWORD@ + +search_base = ou=mail,@LDAP_BASE_DN@ +scope = sub + +query_filter = (|(mailacceptinggeneralid=%s)(maildrop=%s)) +result_attribute = uid diff --git a/virtual_alias_domains b/virtual_alias_domains new file mode 100644 index 0000000..ce4dea7 --- /dev/null +++ b/virtual_alias_domains @@ -0,0 +1,16 @@ +server_host = @LDAP_SERVER_URL@ +start_tls = no +version = 3 +#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem +tls_require_cert = yes + +bind = yes +bind_dn = @LDAP_BIND_DN@ +bind_pw = @LDAP_BIND_PASSWORD@ + +search_base = ou=mail,@LDAP_BASE_DN@ +scope = sub + +query_filter = mailacceptinggeneralid=*@%s +result_attribute = mailacceptinggeneralid +result_format = %d diff --git a/virtual_alias_maps b/virtual_alias_maps new file mode 100644 index 0000000..5447ff7 --- /dev/null +++ b/virtual_alias_maps @@ -0,0 +1,15 @@ +server_host = @LDAP_SERVER_URL@ +start_tls = no +version = 3 +#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem +tls_require_cert = yes + +bind = yes +bind_dn = @LDAP_BIND_DN@ +bind_pw = @LDAP_BIND_PASSWORD@ + +search_base = ou=mail,@LDAP_BASE_DN@ +scope = sub + +query_filter = (|(mailacceptinggeneralid=%s)(mailLocalAddress=%s)) +result_attribute = maildrop diff --git a/virtual_gid_maps b/virtual_gid_maps new file mode 100644 index 0000000..f253044 --- /dev/null +++ b/virtual_gid_maps @@ -0,0 +1,15 @@ +server_host = @LDAP_SERVER_URL@ +start_tls = no +version = 3 +#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem +tls_require_cert = yes + +bind = yes +bind_dn = @LDAP_BIND_DN@ +bind_pw = @LDAP_BIND_PASSWORD@ + +search_base = ou=mail,@LDAP_BASE_DN@ +scope = sub + +query_filter = maildrop=%s +result_attribute = gidNumber diff --git a/virtual_mailbox_maps b/virtual_mailbox_maps new file mode 100644 index 0000000..0554e66 --- /dev/null +++ b/virtual_mailbox_maps @@ -0,0 +1,17 @@ +server_host = @LDAP_SERVER_URL@ +start_tls = no +version = 3 +#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem +tls_require_cert = yes + +bind = yes +bind_dn = @LDAP_BIND_DN@ +bind_pw = @LDAP_BIND_PASSWORD@ + +search_base = ou=mail,@LDAP_BASE_DN@ +scope = sub + +query_filter = maildrop=%s +#result_attribute = homeDirectory +#result_format = %s/Maildir/ +result_format = %d/%u/ diff --git a/virtual_uid_maps b/virtual_uid_maps new file mode 100644 index 0000000..20df513 --- /dev/null +++ b/virtual_uid_maps @@ -0,0 +1,15 @@ +server_host = @LDAP_SERVER_URL@ +start_tls = no +version = 3 +#tls_ca_cert_file = /etc/ldap/certs/CA/CA.pem +tls_require_cert = yes + +bind = yes +bind_dn = @LDAP_BIND_DN@ +bind_pw = @LDAP_BIND_PASSWORD@ + +search_base = ou=mail,@LDAP_BASE_DN@ +scope = sub + +query_filter = maildrop=%s +result_attribute = uidNumber