got postfix working (hopefully)

src/mailsrv/Containerfile

@@ -8,9 +8,9 @@ FROM localhost/debian
 LABEL deployopts="\
 -p 25:25 \
 -p 465:465 \
+-p 587:587 \
 -p 143:143 \
 -p 993:993 \
--p 587:587 \
 -v /srv/volumes/mailsrv/db:/vol/db \
 -v /srv/volumes/mailsrv/mail:/vol/mail \
 -v /srv/volumes/mailsrv/ssl:/vol/ssl:ro"
@@ -27,7 +27,7 @@ ARG FILESUID=5000
 ARG DEBIAN_FRONTEND=noninteractive
 
 # install packages we want
-RUN apt update -y && apt install -y postfix dovecot-imapd dovecot-lmtpd
+RUN apt update -y && apt install -y rsyslog postfix dovecot-imapd dovecot-lmtpd
 
 # add virtual mail user
 RUN addgroup --gid ${FILESUID:?} vmail && \
@@ -41,23 +41,27 @@ COPY assets/bin /usr/local/bin
 ###
 
 # copy postfix config
-COPY assets/main.cf /etc/postfix/main.cf
+COPY assets/postfix /etc/postfix
-
-# make symlink to virtual aliases dir
-RUN cd /etc/postfix && \
-    ln -s /vol/db/aliases.d virtual.d
 
 # copy service override config
-COPY assets/postfix.service.override /etc/systemd/system/postfix.service.d/override.conf
+COPY assets/override-postfix.service /etc/systemd/system/postfix.service.d/override.conf
 
 ###
 ### Dovecot
 ###
 
-# copy main dovecot config
+# copy dovecot config
-COPY assets/dovecot.conf /etc/dovecot
+COPY assets/dovecot /etc/dovecot
-# copy dovecot config directory
-COPY assets/dovecot.conf.d /etc/dovecot/conf.d
 
 # make symlink to mail dir
 RUN ln -s /vol/mail /var/mail/virtual
+
+###
+### Working Directory
+###
+
+# make sure /vol/db exists
+RUN mkdir -p /vol/db
+
+# set /vol/db as working directory
+WORKDIR /vol/db

src/mailsrv/assets/bin/mkpass

@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl passwd -6

src/mailsrv/assets/bin/mkvirt

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+cd /etc/postfix
+
+# do users
+cat /vol/db/users | sed 's/:/ /g' > users
+postmap users
+
+# do aliases
+cat /vol/db/aliases.d/*.list > aliases
+postmap aliases
+

src/mailsrv/assets/bin/mkvirtual

@@ -1,7 +0,0 @@
-#!/bin/sh
-
-cd /etc/postfix
-
-cat virtual.d/* > virtual
-
-/usr/sbin/postmap virtual

src/mailsrv/assets/dovecot.conf.d/10-auth.conf → src/mailsrv/assets/dovecot/conf.d/10-auth.conf

@@ -121,7 +121,7 @@ passdb {
   driver = passwd-file
   # username_format: Set to '%u' to look up full usernames. If you want to enable
   # user@domain logins but have only user in the file, set to %n instead.
-  args = username_format=%n /etc/dovecot/users
+  args = username_format=%n /vol/db/users
 }
 
 userdb {

src/mailsrv/assets/override-postfix.service

@@ -0,0 +1,3 @@
+[Service]
+ExecStartPre="/usr/local/bin/mkvirt"
+ExecReload="/usr/local/bin/mkvirt"

src/mailsrv/assets/postfix.service.override

@@ -1,2 +0,0 @@
-[service]
-ExecStartPre="/usr/local/bin/mkvirtual"

src/mailsrv/assets/main.cf → src/mailsrv/assets/postfix/main.cf

@@ -1,25 +1,41 @@
-# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+### General ###
+# network segments to consider internal
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+# interfaces & protocols to listen on
+inet_interfaces = all
+inet_protocols = all
+# what backend to use to deliver local & virtual mail
+local_transport = lmtp:unix:private/dovecot-lmtp
+#virtual_transport = $local_transport
+# hosts to relay for
+relayhost =
+# whether to send "new mail" notifications to users
+# on by default, but we turn off because we're not using system users
+biff = no
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
 
-# Network settings
+### Domains ###
+# primary name of server
 myhostname = mailtest.brbytes.org
 myorigin = $myhostname
+# domains to consider primary (local) endpoints
 mydestination = $myhostname, localhost.localdomain, localhost
-relayhost = 
+#mydestination = $myhostname, $mydomain, localhost.localdomain, localhost
-mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+# domains to consider secondary (virtual) endpoints
-inet_interfaces = all
+#virtual_alias_domains = info.brbytes.org
-inet_protocols = all
 
-# Virtual Addresses
+### Users ###
-virtual_alias_domains = mailtest.brbytes.org
+# get list of valid users from here instead of /etc/passwd
-virtual_alias_maps = hash:/etc/postfix/virtual
+local_recipient_maps = hash:/etc/postfix/users
-# address tag delimiter
+# get list of user aliases from this file
+virtual_alias_maps = hash:/etc/postfix/aliases
+# Address tag delimiter. If an email is sent to ${user}${delimiter}*,
+# the email is sent to ${user} if that address is not already explicitly defined.
 recipient_delimiter = -
 
-# anti-spam restrictions
+### TLS ###
-smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit
-smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
-
-# TLS settings
 # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
 # information on enabling SSL in the smtp client.
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
@@ -30,7 +46,11 @@ smtpd_tls_security_level=may
 smtpd_tls_cert_file=/vol/ssl/mailtest.brbytes.org/fullchain.pem
 smtpd_tls_key_file=/vol/ssl/mailtest.brbytes.org/privkey.pem
 
-# SASL (user authentication) settings
+### Anti-spam ###
+#smtpd_recipient_restrictions = reject_invalid_hostname, reject_unknown_recipient_domain, reject_unauth_destination, reject_rbl_client sbl.spamhaus.org, permit
+#smtpd_helo_restrictions = reject_invalid_helo_hostname, reject_non_fqdn_helo_hostname, reject_unknown_helo_hostname
+
+### SASL ###
 smtpd_sasl_type = dovecot
 # Can be an absolute path, or relative to $queue_directory
 # Debian/Ubuntu users: Postfix is setup by default to run chrooted, so it is best to leave it as-is below
@@ -39,24 +59,3 @@ smtpd_sasl_path = private/auth
 smtpd_sasl_auth_enable = yes
 # With Postfix version before 2.10, use smtpd_recipient_restrictions
 smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
-# More settings
-smtpd_sasl_security_options=noanonymous
-smtpd_sasl_local_domain=$myhostname
-smtpd_client_restrictions=permit_sasl_authenticated,reject
-#smtpd_sender_login_maps=hash:/etc/postfix/virtual
-#smtpd_sender_restrictions=reject_sender_login_mismatch
-
-# mail delivery settings
-mailbox_transport = lmtp:unix:private/dovecot-lmtp
-#virtual_transport = lmtp:unix:private/dovecot-lmtp
-
-# Additional Settings
-mailbox_size_limit = 0
-smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
-biff = no
-# Uncomment the next line to generate "delayed mail" warnings
-#delay_warning_time = 4h
-readme_directory = no
-# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
-# fresh installs.
-compatibility_level = 2

src/mailsrv/assets/postfix/master.cf

@@ -0,0 +1,117 @@
+#
+# Postfix master process configuration file.  For details on the format
+# of the file, see the master(5) manual page (command: "man 5 master" or
+# on-line: http://www.postfix.org/master.5.html).
+#
+# Do not forget to execute "postfix reload" after editing this file.
+#
+# ==========================================================================
+# service type  private unpriv  chroot  wakeup  maxproc command + args
+#               (yes)   (yes)   (no)    (never) (100)
+# ==========================================================================
+smtp      inet  n       -       y       -       -       smtpd
+submission inet n       -       y       -       -       smtpd
+  -o smtpd_sasl_local_domain=$myhostname
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_security_options=noanonymous
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
+  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
+  -o smtpd_sender_restrictions=reject_sender_login_mismatch
+smtps     inet  n       -       y       -       -       smtpd
+  -o smtpd_sasl_local_domain=$myhostname
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_security_options=noanonymous
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
+  -o smtpd_sender_login_maps=hash:/etc/postfix/virtual
+  -o smtpd_sender_restrictions=reject_sender_login_mismatch
+
+# Local services
+# ==========================================================================
+pickup    unix  n       -       y       60      1       pickup
+cleanup   unix  n       -       y       -       0       cleanup
+qmgr      unix  n       -       n       300     1       qmgr
+#qmgr     unix  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       y       1000?   1       tlsmgr
+rewrite   unix  -       -       y       -       -       trivial-rewrite
+bounce    unix  -       -       y       -       0       bounce
+defer     unix  -       -       y       -       0       bounce
+trace     unix  -       -       y       -       0       bounce
+verify    unix  -       -       y       -       1       verify
+flush     unix  n       -       y       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       y       -       -       smtp
+relay     unix  -       -       y       -       -       smtp
+        -o syslog_name=postfix/$service_name
+#       -o smtp_helo_timeout=5 -o smtp_connect_timeout=5
+showq     unix  n       -       y       -       -       showq
+error     unix  -       -       y       -       -       error
+retry     unix  -       -       y       -       -       error
+discard   unix  -       -       y       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       y       -       -       lmtp
+anvil     unix  -       -       y       -       1       anvil
+scache    unix  -       -       y       -       1       scache
+postlog   unix-dgram n  -       n       -       1       postlogd
+#
+# ====================================================================
+# Interfaces to non-Postfix software. Be sure to examine the manual
+# pages of the non-Postfix software to find out what options it wants.
+#
+# Many of the following services use the Postfix pipe(8) delivery
+# agent.  See the pipe(8) man page for information about ${recipient}
+# and other message envelope options.
+# ====================================================================
+#
+# maildrop. See the Postfix MAILDROP_README file for details.
+# Also specify in main.cf: maildrop_destination_recipient_limit=1
+#
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient}
+#
+# ====================================================================
+#
+# Recent Cyrus versions can use the existing "lmtp" master.cf entry.
+#
+# Specify in cyrus.conf:
+#   lmtp    cmd="lmtpd -a" listen="localhost:lmtp" proto=tcp4
+#
+# Specify in main.cf one or more of the following:
+#  mailbox_transport = lmtp:inet:localhost
+#  virtual_transport = lmtp:inet:localhost
+#
+# ====================================================================
+#
+# Cyrus 2.1.5 (Amos Gouaux)
+# Also specify in main.cf: cyrus_destination_recipient_limit=1
+#
+#cyrus     unix  -       n       n       -       -       pipe
+#  user=cyrus argv=/cyrus/bin/deliver -e -r ${sender} -m ${extension} ${user}
+#
+# ====================================================================
+# Old example of delivery via Cyrus.
+#
+#old-cyrus unix  -       n       n       -       -       pipe
+#  flags=R user=cyrus argv=/cyrus/bin/deliver -e -m ${extension} ${user}
+#
+# ====================================================================
+#
+# See the Postfix UUCP_README file for configuration details.
+#
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+#
+# Other external delivery methods.
+#
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix  -       n       n       -       2       pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}

src/mailsrv/docs/Build.md

@@ -27,9 +27,7 @@ addgroup --gid ${files_uid:?} vmail
 adduser vmail --ingroup vmail --uid ${files_uid:?} --disabled-password --gecos "Virtual Mail Owner" --shell /usr/sbin/nologin --home /var/mail/virtual
 ```
 
-## postfix
+### install packages
-
-### Install
 
 install postfix:
 ```
@@ -37,6 +35,14 @@ apt install postfix
 ```
 select `2 (internet site)` when asked how to configure, and enter your appropriate hostname.
 
+install other packages:
+```
+apt install rsyslog dovecot-imapd dovecot-lmtpd
+
+## postfix
+
+### Install
+
 edit config:
 ```
 cd /etc/postfix/