postfix

Signed-off-by: Jess Frazelle <[email protected]>

postfix/Dockerfile

@@ -0,0 +1,16 @@
+FROM alpine:edge
+
+RUN apk add --no-cache \
+	bash \
+	libsasl \
+	postfix \
+	rsyslog \
+	runit
+
+COPY service /etc/service
+COPY runit_bootstrap /usr/sbin/runit_bootstrap
+COPY rsyslog.conf /etc/rsyslog.conf
+
+STOPSIGNAL SIGKILL
+
+ENTRYPOINT ["/usr/sbin/runit_bootstrap"]

postfix/rsyslog.conf

@@ -0,0 +1,94 @@
+# rsyslog v5: load input modules
+# If you do not load inputs, nothing happens!
+# You may need to set the module load path if modules are not found.
+
+$ModLoad immark.so # provides --MARK-- message capability
+#$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
+#$ModLoad imklog.so # kernel logging (formerly provided by rklogd)
+
+# default permissions for all log files.
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+# Include configuration files from directory
+$IncludeConfig /etc/rsyslog.d/*
+
+# Check config syntax on startup and abort if unclean (default off)
+#$AbortOnUncleanConfig on
+
+# Reduce repeating messages (default off)
+#$RepeatedMsgReduction on
+
+# Log all kernel messages to the console.
+# Logging much else clutters up the screen.
+#kern.*                                                 /dev/console
+
+# Log anything (except mail) of level info or higher.
+# Don't log private authentication messages!
+#*.info;mail.none;authpriv.none;cron.none                -/var/log/messages
+
+# The authpriv file has restricted access.
+#authpriv.*                                              /var/log/secure
+
+# Log all the mail messages in one place.
+mail.*                                                  -/var/log/mail.log
+
+# Log cron stuff
+###cron.*                                                  -/var/log/cron
+
+# Everybody gets emergency messages
+###*.emerg                                                 *
+
+# Save news errors of level crit and higher in a special file.
+###uucp,news.crit                                          -/var/log/spooler
+
+# Save boot messages also to boot.log
+###local7.*                                                /var/log/boot.log
+
+# More configuration examples:
+#
+# Remote Logging (we use TCP for reliable delivery)
+# An on-disk queue is created for this action. If the remote host is
+# down, messages are spooled to disk and sent when it is up again.
+#$WorkDirectory /var/spool/rsyslog # where to place spool files
+#$ActionQueueFileName uniqName # unique name prefix for spool files
+#$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
+#$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
+#$ActionQueueType LinkedList   # run asynchronously
+#$ActionResumeRetryCount -1    # infinety retries if host is down
+#$ActionResumeInterval 30      # retry interval
+# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
+#*.* @@remote-host
+
+# Remote Logging with TCP + SSL/TLS
+#$DefaultNetstreamDriver gtls
+#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem
+#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_CLIENT.cert.pem
+#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_CLIENT.key.pem
+#$ActionSendStreamDriverAuthMode x509/name # enable peer authentication
+#$ActionSendStreamDriverPermittedPeer foo # authorize to send encrypted data to server foo
+#$ActionSendStreamDriverMode 1 # run driver in TLS-only mode
+
+# ######### Receiving Messages from Remote Hosts ##########
+# TCP Syslog Server:
+#$ModLoad imtcp  # provides TCP syslog reception
+#$TCPServerRun 10514 # start a TCP syslog server at port 10514
+
+# TCP + SSL/TLS Syslog Server:
+#$ModLoad imtcp  # provides TCP syslog reception
+#$DefaultNetstreamDriver gtls # use gnuTLS for data encryption
+#$DefaultNetstreamDriverCAFile /etc/ssl/rsyslog/rsyslog_ca.cert.pem
+#$DefaultNetstreamDriverCertFile /etc/ssl/rsyslog/rsyslog_SERVER.cert.pem
+#$DefaultNetstreamDriverKeyFile /etc/ssl/rsyslog/rsyslog_SERVER.key.pem
+#$InputTCPServerStreamDriverMode 1 # run driver in TLS-only mode
+#$InputTCPServerStreamDriverAuthMode x509/name # enable peer authentication
+#$InputTCPServerStreamDriverPermittedPeer bar # authorize client named bar (one line per client)
+#$TCPServerRun 10514 # start a TCP syslog server at port 10514
+
+# UDP Syslog Server:
+$ModLoad imudp.so  # provides UDP syslog reception
+$UDPServerRun 514 # start a UDP syslog server at standard port 514
+

postfix/runit_bootstrap

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /sbin/runsvdir /etc/service

postfix/service/postfix/run

@@ -0,0 +1,50 @@
+#!/bin/bash
+set -e
+
+# Do we want to modify the config first with the script?
+[ -f /etc/service/postfix/run.config ] && source /etc/service/postfix/run.config
+
+if [ "$MAILNAME" ]; then
+	echo "$MAILNAME" > /etc/mailname
+	postconf -e myhostname="$MAILNAME"
+fi
+
+if [ "$MY_NETWORKS" ]; then
+	postconf -e mynetworks="$MY_NETWORKS"
+fi
+
+if [ "$MY_DESTINATION" ]; then
+	postconf -e mydestination="$MY_DESTINATION"
+fi
+
+if [ "$ROOT_ALIAS" ]; then
+	sed -i '/^root:/d' /etc/aliases
+	echo "root: $ROOT_ALIAS" >> /etc/aliases
+	newaliases
+fi
+
+if [ "$RELAY" ]; then
+	# setup the relay
+	echo "relay_host = $RELAY" >> /etc/postfix/main.cf
+fi
+
+if [ "$SASL_AUTH" ]; then
+	# setup tls
+	echo -e "smtp_tls_security_level = encrypt\nsmtp_sasl_auth_enable = yes\nsmtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd\nsmtp_sasl_security_options = noanonymous" >> /etc/postfix/main.cf
+	# generate the SASL password map
+	cat > /etc/postfix/sasl_passwd <<- EOF
+	$RELAY $SASL_AUTH
+	EOF
+
+	# generate a .db file
+	postmap /etc/postfix/sasl_passwd
+
+	# cleanup
+	rm /etc/postfix/sasl_passwd
+
+	# set permissions
+	chmod 600 /etc/postfix/sasl_passwd.db
+fi
+
+exec /usr/lib/postfix/master -c /etc/postfix -d 2>&1
+tail -F /var/log/mail.log

postfix/service/rsyslog/run

@@ -0,0 +1,4 @@
+#!/bin/bash
+set -e
+
+exec rsyslogd -n