mirror of
https://github.com/jessfraz/dockerfiles.git
synced 2024-11-27 04:16:45 +01:00
postfix
Signed-off-by: Jess Frazelle <acidburn@google.com>
This commit is contained in:
parent
5b393aa06b
commit
31c1084645
16
postfix/Dockerfile
Normal file
16
postfix/Dockerfile
Normal file
|
@ -0,0 +1,16 @@
|
|||
FROM alpine:edge
|
||||
|
||||
RUN apk add --no-cache \
|
||||
bash \
|
||||
libsasl \
|
||||
postfix \
|
||||
rsyslog \
|
||||
runit
|
||||
|
||||
COPY service /etc/service
|
||||
COPY runit_bootstrap /usr/sbin/runit_bootstrap
|
||||
COPY rsyslog.conf /etc/rsyslog.conf
|
||||
|
||||
STOPSIGNAL SIGKILL
|
||||
|
||||
ENTRYPOINT ["/usr/sbin/runit_bootstrap"]
|
94
postfix/rsyslog.conf
Normal file
94
postfix/rsyslog.conf
Normal file
|
@ -0,0 +1,94 @@
|
|||
# rsyslog v5: load input modules
|
||||
# If you do not load inputs, nothing happens!
|
||||
# You may need to set the module load path if modules are not found.
|
||||
|
||||
$ModLoad immark.so # provides --MARK-- message capability
|
||||
#$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
|
||||
#$ModLoad imklog.so # kernel logging (formerly provided by rklogd)
|
||||
|
||||
# default permissions for all log files.
|
||||
$FileOwner root
|
||||
$FileGroup adm
|
||||
$FileCreateMode 0640
|
||||
$DirCreateMode 0755
|
||||
$Umask 0022
|
||||
|
||||
# Include configuration files from directory
|
||||
$IncludeConfig /etc/rsyslog.d/*
|
||||
|
||||
# Check config syntax on startup and abort if unclean (default off)
|
||||
#$AbortOnUncleanConfig on
|
||||
|
||||
# Reduce repeating messages (default off)
|
||||
#$RepeatedMsgReduction on
|
||||
|
||||
# Log all kernel messages to the console.
|
||||
# Logging much else clutters up the screen.
|
||||
#kern.* /dev/console
|
||||
|
||||
# Log anything (except mail) of level info or higher.
|
||||
# Don't log private authentication messages!
|
||||
#*.info;mail.none;authpriv.none;cron.none -/var/log/messages
|
||||
|
||||
# The authpriv file has restricted access.
|
||||
#authpriv.* /var/log/secure
|
||||
|
||||
# Log all the mail messages in one place.
|
||||
mail.* -/var/log/mail.log
|
||||
|
||||
# Log cron stuff
|
||||
###cron.* -/var/log/cron
|
||||
|
||||
# Everybody gets emergency messages
|
||||
###*.emerg *
|
||||
|
||||
# Save news errors of level crit and higher in a special file.
|
||||
###uucp,news.crit -/var/log/spooler
|
||||
|
||||
# Save boot messages also to boot.log
|
||||
###local7.* /var/log/boot.log
|
||||
|
||||
# More configuration examples:
|
||||
#
|
||||
# Remote Logging (we use TCP for reliable delivery)
|
||||
# An on-disk queue is created for this action. If the remote host is
|
||||
# down, messages are spooled to disk and sent when it is up again.
|
||||
#$WorkDirectory /var/spool/rsyslog # where to place spool files
|
||||
#$ActionQueueFileName uniqName # unique name prefix for spool files
|
||||
#$ActionQueueMaxDiskSpace 1g # 1gb space limit (use as much as possible)
|
||||
#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
|
||||
#$ActionQueueType LinkedList # run asynchronously
|
||||
#$ActionResumeRetryCount -1 # infinety retries if host is down
|
||||
#$ActionResumeInterval 30 # retry interval
|
||||
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
|
||||
#*.* @@remote-host
|
||||
|
||||
# Remote Logging with TCP + SSL/TLS
|
||||
#$DefaultNetstreamDriver gtls
|
||||
#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem
|
||||
#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem
|
||||
#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem
|
||||
#$ActionSendStreamDriverAuthMode x509/name # enable peer authentication
|
||||
#$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo
|
||||
#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
|
||||
|
||||
# ######### Receiving Messages from Remote Hosts ##########
|
||||
# TCP Syslog Server:
|
||||
#$ModLoad imtcp # provides TCP syslog reception
|
||||
#$TCPServerRun 10514 # start a TCP syslog server at port 10514
|
||||
|
||||
# TCP + SSL/TLS Syslog Server:
|
||||
#$ModLoad imtcp # provides TCP syslog reception
|
||||
#$DefaultNetstreamDriver gtls # use gnuTLS for data encryption
|
||||
#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem
|
||||
#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem
|
||||
#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem
|
||||
#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
|
||||
#$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication
|
||||
#$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client)
|
||||
#$TCPServerRun 10514 # start a TCP syslog server at port 10514
|
||||
|
||||
# UDP Syslog Server:
|
||||
$ModLoad imudp.so # provides UDP syslog reception
|
||||
$UDPServerRun 514 # start a UDP syslog server at standard port 514
|
||||
|
3
postfix/runit_bootstrap
Executable file
3
postfix/runit_bootstrap
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
exec /sbin/runsvdir /etc/service
|
50
postfix/service/postfix/run
Executable file
50
postfix/service/postfix/run
Executable file
|
@ -0,0 +1,50 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
# Do we want to modify the config first with the script?
|
||||
[ -f /etc/service/postfix/run.config ] && source /etc/service/postfix/run.config
|
||||
|
||||
if [ "$MAILNAME" ]; then
|
||||
echo "$MAILNAME" > /etc/mailname
|
||||
postconf -e myhostname="$MAILNAME"
|
||||
fi
|
||||
|
||||
if [ "$MY_NETWORKS" ]; then
|
||||
postconf -e mynetworks="$MY_NETWORKS"
|
||||
fi
|
||||
|
||||
if [ "$MY_DESTINATION" ]; then
|
||||
postconf -e mydestination="$MY_DESTINATION"
|
||||
fi
|
||||
|
||||
if [ "$ROOT_ALIAS" ]; then
|
||||
sed -i '/^root:/d' /etc/aliases
|
||||
echo "root: $ROOT_ALIAS" >> /etc/aliases
|
||||
newaliases
|
||||
fi
|
||||
|
||||
if [ "$RELAY" ]; then
|
||||
# setup the relay
|
||||
echo "relay_host = $RELAY" >> /etc/postfix/main.cf
|
||||
fi
|
||||
|
||||
if [ "$SASL_AUTH" ]; then
|
||||
# setup tls
|
||||
echo -e "smtp_tls_security_level = encrypt\nsmtp_sasl_auth_enable = yes\nsmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd\nsmtp_sasl_security_options = noanonymous" >> /etc/postfix/main.cf
|
||||
# generate the SASL password map
|
||||
cat > /etc/postfix/sasl_passwd <<- EOF
|
||||
$RELAY $SASL_AUTH
|
||||
EOF
|
||||
|
||||
# generate a .db file
|
||||
postmap /etc/postfix/sasl_passwd
|
||||
|
||||
# cleanup
|
||||
rm /etc/postfix/sasl_passwd
|
||||
|
||||
# set permissions
|
||||
chmod 600 /etc/postfix/sasl_passwd.db
|
||||
fi
|
||||
|
||||
exec /usr/lib/postfix/master -c /etc/postfix -d 2>&1
|
||||
tail -F /var/log/mail.log
|
4
postfix/service/rsyslog/run
Executable file
4
postfix/service/rsyslog/run
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/bash
|
||||
set -e
|
||||
|
||||
exec rsyslogd -n
|
Loading…
Reference in New Issue
Block a user