From 18b81afe55871cd538bb3b81bbf177261b95faeb Mon Sep 17 00:00:00 2001 From: Mario Alegre Date: Sun, 24 May 2020 22:21:08 -0500 Subject: [PATCH] got postfix working (hopefully) --- src/mailsrv/Containerfile | 28 +++-- src/mailsrv/assets/bin/mkpass | 2 + src/mailsrv/assets/bin/mkvirt | 12 ++ src/mailsrv/assets/bin/mkvirtual | 7 -- .../conf.d}/10-auth.conf | 2 +- .../conf.d}/10-mail.conf | 0 .../conf.d}/10-master.conf | 0 .../conf.d}/10-ssl.conf | 0 .../conf.d}/15-mailboxes.conf | 0 .../conf.d}/20-lmtp.conf | 0 src/mailsrv/assets/{ => dovecot}/dovecot.conf | 0 src/mailsrv/assets/override-postfix.service | 3 + src/mailsrv/assets/postfix.service.override | 2 - src/mailsrv/assets/{ => postfix}/main.cf | 73 ++++++----- src/mailsrv/assets/postfix/master.cf | 117 ++++++++++++++++++ src/mailsrv/docs/Build.md | 12 +- 16 files changed, 196 insertions(+), 62 deletions(-) create mode 100755 src/mailsrv/assets/bin/mkpass create mode 100755 src/mailsrv/assets/bin/mkvirt delete mode 100755 src/mailsrv/assets/bin/mkvirtual rename src/mailsrv/assets/{dovecot.conf.d => dovecot/conf.d}/10-auth.conf (99%) rename src/mailsrv/assets/{dovecot.conf.d => dovecot/conf.d}/10-mail.conf (100%) rename src/mailsrv/assets/{dovecot.conf.d => dovecot/conf.d}/10-master.conf (100%) rename src/mailsrv/assets/{dovecot.conf.d => dovecot/conf.d}/10-ssl.conf (100%) rename src/mailsrv/assets/{dovecot.conf.d => dovecot/conf.d}/15-mailboxes.conf (100%) rename src/mailsrv/assets/{dovecot.conf.d => dovecot/conf.d}/20-lmtp.conf (100%) rename src/mailsrv/assets/{ => dovecot}/dovecot.conf (100%) create mode 100644 src/mailsrv/assets/override-postfix.service delete mode 100644 src/mailsrv/assets/postfix.service.override rename src/mailsrv/assets/{ => postfix}/main.cf (50%) create mode 100644 src/mailsrv/assets/postfix/master.cf diff --git a/src/mailsrv/Containerfile b/src/mailsrv/Containerfile index 53a5b7e..7f48e17 100644 --- a/src/mailsrv/Containerfile +++ b/src/mailsrv/Containerfile @@ -8,9 +8,9 @@ FROM localhost/debian LABEL deployopts="\ -p 25:25 \ -p 465:465 \ +-p 587:587 \ -p 143:143 \ -p 993:993 \ --p 587:587 \ -v /srv/volumes/mailsrv/db:/vol/db \ -v /srv/volumes/mailsrv/mail:/vol/mail \ -v /srv/volumes/mailsrv/ssl:/vol/ssl:ro" @@ -27,7 +27,7 @@ ARG FILESUID=5000 ARG DEBIAN_FRONTEND=noninteractive # install packages we want -RUN apt update -y && apt install -y postfix dovecot-imapd dovecot-lmtpd +RUN apt update -y && apt install -y rsyslog postfix dovecot-imapd dovecot-lmtpd # add virtual mail user RUN addgroup --gid ${FILESUID:?} vmail && \ @@ -41,23 +41,27 @@ COPY assets/bin /usr/local/bin ### # copy postfix config -COPY assets/main.cf /etc/postfix/main.cf - -# make symlink to virtual aliases dir -RUN cd /etc/postfix && \ - ln -s /vol/db/aliases.d virtual.d +COPY assets/postfix /etc/postfix # copy service override config -COPY assets/postfix.service.override /etc/systemd/system/postfix.service.d/override.conf +COPY assets/override-postfix.service /etc/systemd/system/postfix.service.d/override.conf ### ### Dovecot ### -# copy main dovecot config -COPY assets/dovecot.conf /etc/dovecot -# copy dovecot config directory -COPY assets/dovecot.conf.d /etc/dovecot/conf.d +# copy dovecot config +COPY assets/dovecot /etc/dovecot # make symlink to mail dir RUN ln -s /vol/mail /var/mail/virtual + +### +### Working Directory +### + +# make sure /vol/db exists +RUN mkdir -p /vol/db + +# set /vol/db as working directory +WORKDIR /vol/db \ No newline at end of file diff --git a/src/mailsrv/assets/bin/mkpass b/src/mailsrv/assets/bin/mkpass new file mode 100755 index 0000000..600a512 --- /dev/null +++ b/src/mailsrv/assets/bin/mkpass @@ -0,0 +1,2 @@ +#!/bin/bash +openssl passwd -6 diff --git a/src/mailsrv/assets/bin/mkvirt b/src/mailsrv/assets/bin/mkvirt new file mode 100755 index 0000000..1ba723f --- /dev/null +++ b/src/mailsrv/assets/bin/mkvirt @@ -0,0 +1,12 @@ +#!/bin/sh + +cd /etc/postfix + +# do users +cat /vol/db/users | sed 's/:/ /g' > users +postmap users + +# do aliases +cat /vol/db/aliases.d/*.list > aliases +postmap aliases + diff --git a/src/mailsrv/assets/bin/mkvirtual b/src/mailsrv/assets/bin/mkvirtual deleted file mode 100755 index 468b51e..0000000 --- a/src/mailsrv/assets/bin/mkvirtual +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -cd /etc/postfix - -cat virtual.d/* > virtual - -/usr/sbin/postmap virtual diff --git a/src/mailsrv/assets/dovecot.conf.d/10-auth.conf b/src/mailsrv/assets/dovecot/conf.d/10-auth.conf similarity index 99% rename from src/mailsrv/assets/dovecot.conf.d/10-auth.conf rename to src/mailsrv/assets/dovecot/conf.d/10-auth.conf index 8ce5cbc..2d91916 100644 --- a/src/mailsrv/assets/dovecot.conf.d/10-auth.conf +++ b/src/mailsrv/assets/dovecot/conf.d/10-auth.conf @@ -121,7 +121,7 @@ passdb { driver = passwd-file # username_format: Set to '%u' to look up full usernames. If you want to enable # user@domain logins but have only user in the file, set to %n instead. - args = username_format=%n /etc/dovecot/users + args = username_format=%n /vol/db/users } userdb { diff --git a/src/mailsrv/assets/dovecot.conf.d/10-mail.conf b/src/mailsrv/assets/dovecot/conf.d/10-mail.conf similarity index 100% rename from src/mailsrv/assets/dovecot.conf.d/10-mail.conf rename to src/mailsrv/assets/dovecot/conf.d/10-mail.conf diff --git a/src/mailsrv/assets/dovecot.conf.d/10-master.conf b/src/mailsrv/assets/dovecot/conf.d/10-master.conf similarity index 100% rename from src/mailsrv/assets/dovecot.conf.d/10-master.conf rename to src/mailsrv/assets/dovecot/conf.d/10-master.conf diff --git a/src/mailsrv/assets/dovecot.conf.d/10-ssl.conf b/src/mailsrv/assets/dovecot/conf.d/10-ssl.conf similarity index 100% rename from src/mailsrv/assets/dovecot.conf.d/10-ssl.conf rename to src/mailsrv/assets/dovecot/conf.d/10-ssl.conf diff --git a/src/mailsrv/assets/dovecot.conf.d/15-mailboxes.conf b/src/mailsrv/assets/dovecot/conf.d/15-mailboxes.conf similarity index 100% rename from src/mailsrv/assets/dovecot.conf.d/15-mailboxes.conf rename to src/mailsrv/assets/dovecot/conf.d/15-mailboxes.conf diff --git a/src/mailsrv/assets/dovecot.conf.d/20-lmtp.conf b/src/mailsrv/assets/dovecot/conf.d/20-lmtp.conf similarity index 100% rename from src/mailsrv/assets/dovecot.conf.d/20-lmtp.conf rename to src/mailsrv/assets/dovecot/conf.d/20-lmtp.conf diff --git a/src/mailsrv/assets/dovecot.conf b/src/mailsrv/assets/dovecot/dovecot.conf similarity index 100% rename from src/mailsrv/assets/dovecot.conf rename to src/mailsrv/assets/dovecot/dovecot.conf diff --git a/src/mailsrv/assets/override-postfix.service b/src/mailsrv/assets/override-postfix.service new file mode 100644 index 0000000..b3cda87 --- /dev/null +++ b/src/mailsrv/assets/override-postfix.service @@ -0,0 +1,3 @@ +[Service] +ExecStartPre="/usr/local/bin/mkvirt" +ExecReload="/usr/local/bin/mkvirt" \ No newline at end of file diff --git a/src/mailsrv/assets/postfix.service.override b/src/mailsrv/assets/postfix.service.override deleted file mode 100644 index 58bd224..0000000 --- a/src/mailsrv/assets/postfix.service.override +++ /dev/null @@ -1,2 +0,0 @@ -[service] -ExecStartPre="/usr/local/bin/mkvirtual" diff --git a/src/mailsrv/assets/main.cf b/src/mailsrv/assets/postfix/main.cf similarity index 50% rename from src/mailsrv/assets/main.cf rename to src/mailsrv/assets/postfix/main.cf index 65c2533..d57815b 100644 --- a/src/mailsrv/assets/main.cf +++ b/src/mailsrv/assets/postfix/main.cf @@ -1,25 +1,41 @@ -# See /usr/share/postfix/main.cf.dist for a commented, more complete version +### General ### +# network segments to consider internal +mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 +# interfaces & protocols to listen on +inet_interfaces = all +inet_protocols = all +# what backend to use to deliver local & virtual mail +local_transport = lmtp:unix:private/dovecot-lmtp +#virtual_transport = $local_transport +# hosts to relay for +relayhost = +# whether to send "new mail" notifications to users +# on by default, but we turn off because we're not using system users +biff = no +# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on +# fresh installs. +compatibility_level = 2 -# Network settings +### Domains ### +# primary name of server myhostname = mailtest.brbytes.org myorigin = $myhostname +# domains to consider primary (local) endpoints mydestination = $myhostname, localhost.localdomain, localhost -relayhost = -mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 -inet_interfaces = all -inet_protocols = all +#mydestination = $myhostname, $mydomain, localhost.localdomain, localhost +# domains to consider secondary (virtual) endpoints +#virtual_alias_domains = info.brbytes.org -# Virtual Addresses -virtual_alias_domains = mailtest.brbytes.org -virtual_alias_maps = hash:/etc/postfix/virtual -# address tag delimiter +### Users ### +# get list of valid users from here instead of /etc/passwd +local_recipient_maps = hash:/etc/postfix/users +# get list of user aliases from this file +virtual_alias_maps = hash:/etc/postfix/aliases +# Address tag delimiter. If an email is sent to ${user}${delimiter}*, +# the email is sent to ${user} if that address is not already explicitly defined. recipient_delimiter = - -# anti-spam restrictions -smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit -smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname - -# TLS settings +### TLS ### # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client. smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache @@ -30,7 +46,11 @@ smtpd_tls_security_level=may smtpd_tls_cert_file=/vol/ssl/mailtest.brbytes.org/fullchain.pem smtpd_tls_key_file=/vol/ssl/mailtest.brbytes.org/privkey.pem -# SASL (user authentication) settings +### Anti-spam ### +#smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit +#smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname + +### SASL ### smtpd_sasl_type = dovecot # Can be an absolute path, or relative to $queue_directory # Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below @@ -39,24 +59,3 @@ smtpd_sasl_path = private/auth smtpd_sasl_auth_enable = yes # With Postfix version before 2.10, use smtpd_recipient_restrictions smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination -# More settings -smtpd_sasl_security_options=noanonymous -smtpd_sasl_local_domain=$myhostname -smtpd_client_restrictions=permit_sasl_authenticated,reject -#smtpd_sender_login_maps=hash:/etc/postfix/virtual -#smtpd_sender_restrictions=reject_sender_login_mismatch - -# mail delivery settings -mailbox_transport = lmtp:unix:private/dovecot-lmtp -#virtual_transport = lmtp:unix:private/dovecot-lmtp - -# Additional Settings -mailbox_size_limit = 0 -smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU) -biff = no -# Uncomment the next line to generate "delayed mail" warnings -#delay_warning_time = 4h -readme_directory = no -# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on -# fresh installs. -compatibility_level = 2 diff --git a/src/mailsrv/assets/postfix/master.cf b/src/mailsrv/assets/postfix/master.cf new file mode 100644 index 0000000..d4b120d --- /dev/null +++ b/src/mailsrv/assets/postfix/master.cf @@ -0,0 +1,117 @@ +# +# Postfix master process configuration file. For details on the format +# of the file, see the master(5) manual page (command: "man 5 master" or +# on-line: http://www.postfix.org/master.5.html). +# +# Do not forget to execute "postfix reload" after editing this file. +# +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== +smtp inet n - y - - smtpd +submission inet n - y - - smtpd + -o smtpd_sasl_local_domain=$myhostname + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_security_options=noanonymous + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject + -o smtpd_sender_login_maps=hash:/etc/postfix/virtual + -o smtpd_sender_restrictions=reject_sender_login_mismatch +smtps inet n - y - - smtpd + -o smtpd_sasl_local_domain=$myhostname + -o smtpd_tls_security_level=encrypt + -o smtpd_sasl_security_options=noanonymous + -o smtpd_client_restrictions=permit_sasl_authenticated,reject + -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject + -o smtpd_sender_login_maps=hash:/etc/postfix/virtual + -o smtpd_sender_restrictions=reject_sender_login_mismatch + +# Local services +# ========================================================================== +pickup unix n - y 60 1 pickup +cleanup unix n - y - 0 cleanup +qmgr unix n - n 300 1 qmgr +#qmgr unix n - n 300 1 oqmgr +tlsmgr unix - - y 1000? 1 tlsmgr +rewrite unix - - y - - trivial-rewrite +bounce unix - - y - 0 bounce +defer unix - - y - 0 bounce +trace unix - - y - 0 bounce +verify unix - - y - 1 verify +flush unix n - y 1000? 0 flush +proxymap unix - - n - - proxymap +proxywrite unix - - n - 1 proxymap +smtp unix - - y - - smtp +relay unix - - y - - smtp + -o syslog_name=postfix/$service_name +# -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 +showq unix n - y - - showq +error unix - - y - - error +retry unix - - y - - error +discard unix - - y - - discard +local unix - n n - - local +virtual unix - n n - - virtual +lmtp unix - - y - - lmtp +anvil unix - - y - 1 anvil +scache unix - - y - 1 scache +postlog unix-dgram n - n - 1 postlogd +# +# ==================================================================== +# Interfaces to non-Postfix software. Be sure to examine the manual +# pages of the non-Postfix software to find out what options it wants. +# +# Many of the following services use the Postfix pipe(8) delivery +# agent. See the pipe(8) man page for information about ${recipient} +# and other message envelope options. +# ==================================================================== +# +# maildrop. See the Postfix MAILDROP_README file for details. +# Also specify in main.cf: maildrop_destination_recipient_limit=1 +# +maildrop unix - n n - - pipe + flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} +# +# ==================================================================== +# +# Recent Cyrus versions can use the existing "lmtp" master.cf entry. +# +# Specify in cyrus.conf: +# lmtp cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4 +# +# Specify in main.cf one or more of the following: +# mailbox_transport = lmtp:inet:localhost +# virtual_transport = lmtp:inet:localhost +# +# ==================================================================== +# +# Cyrus 2.1.5 (Amos Gouaux) +# Also specify in main.cf: cyrus_destination_recipient_limit=1 +# +#cyrus unix - n n - - pipe +# user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user} +# +# ==================================================================== +# Old example of delivery via Cyrus. +# +#old-cyrus unix - n n - - pipe +# flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user} +# +# ==================================================================== +# +# See the Postfix UUCP_README file for configuration details. +# +uucp unix - n n - - pipe + flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) +# +# Other external delivery methods. +# +ifmail unix - n n - - pipe + flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) +bsmtp unix - n n - - pipe + flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient +scalemail-backend unix - n n - 2 pipe + flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} +mailman unix - n n - - pipe + flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py + ${nexthop} ${user} diff --git a/src/mailsrv/docs/Build.md b/src/mailsrv/docs/Build.md index 7554998..75ce73b 100644 --- a/src/mailsrv/docs/Build.md +++ b/src/mailsrv/docs/Build.md @@ -27,9 +27,7 @@ addgroup --gid ${files_uid:?} vmail adduser vmail --ingroup vmail --uid ${files_uid:?} --disabled-password --gecos "Virtual Mail Owner" --shell /usr/sbin/nologin --home /var/mail/virtual ``` -## postfix - -### Install +### install packages install postfix: ``` @@ -37,6 +35,14 @@ apt install postfix ``` select `2 (internet site)` when asked how to configure, and enter your appropriate hostname. +install other packages: +``` +apt install rsyslog dovecot-imapd dovecot-lmtpd + +## postfix + +### Install + edit config: ``` cd /etc/postfix/