Add compliance-mailout container file

compliance-mailout/Dockerfile

@@ -0,0 +1,32 @@
+FROM alpine:edge
+# install packages
+RUN apk update --no-cache \
+    && apk add --no-cache --update postfix bash openssl tini \
+    && apk add --no-cache --upgrade musl musl-utils \
+    && apk add  dockerize  --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing/ \
+    &&  (rm "/tmp/"* 2>/dev/null || true) && (rm -rf /var/cache/apk/* 2>/dev/null || true)
+
+RUN  openssl genrsa -des3 -passout pass:x -out /etc/ssl/private/mailout.pass.key 4096 \
+     && openssl rsa -passin pass:x -in etc/ssl/private/mailout.pass.key \
+     -out /etc/ssl/private/mailout.key  \
+     &&  openssl req -new -key /etc/ssl/private/mailout.key -out /etc/ssl/private/mailout.csr \
+     -subj "/C=DE/ST=Berlin/L=Berlin/O=OrgName/OU=Standards/CN=sovereigncloudstack.org" \
+     && openssl x509 -req -days 3650 -in /etc/ssl/private/mailout.csr -signkey /etc/ssl/private/mailout.key \
+     -out /etc/ssl/certs/mailout.crt \
+     && rm /etc/ssl/private/mailout.pass.key
+
+COPY main.cf /etc/postfix/main.cf.tmpl
+COPY relay_map /etc/postfix/relay_map
+COPY security /etc/postfix/security
+RUN postmap /etc/postfix/security
+RUN postmap /etc/postfix/relay_map
+COPY entrypoint.sh /
+RUN chmod +x /entrypoint.sh
+RUN rm /etc/postfix/security
+RUN rm /etc/postfix/relay_map
+
+EXPOSE 25
+STOPSIGNAL SIGKILL
+
+ENTRYPOINT ["/sbin/tini", "--"]
+CMD  ["/entrypoint.sh"]

compliance-mailout/entrypoint.sh

@@ -0,0 +1,2 @@
+#!/usr/bin/env bash 
+exec dockerize -template /etc/postfix/main.cf.tmpl:/etc/postfix/main.cf  postfix start-fg

compliance-mailout/main.cf

@@ -0,0 +1,32 @@
+alias_database = hash:/etc/aliases
+alias_maps = hash:/etc/aliases
+append_dot_mydomain = no
+biff = no
+compatibility_level = 2
+cyrus_sasl_config_path = /etc/postfix/sasl
+inet_interfaces = all
+inet_protocols = ipv4
+mailbox_size_limit = 0
+maillog_file = /dev/stdout
+mydestination = localhost.localdomain, localhost
+myhostname = {{ .Env.POSTFIX_MYHOSTNAME }}
+mynetworks = 127.0.0.0/8
+myorigin = {{ .Env.POSTFIX_MYORIGIN }}
+readme_directory = no
+recipient_delimiter = +
+relayhost =
+sender_dependent_relayhost_maps = hash:/etc/postfix/relayhost_map
+smtpd_banner = $myhostname ESMTP
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+smtpd_sasl_authenticated_header = yes
+smtpd_tls_cert_file=/etc/ssl/certs/mailout.crt
+smtpd_tls_key_file=/etc/ssl/private/mailoout.key
+smtpd_tls_security_level=encrypt
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_helo_name = {{ .Env.POSTFIX_SMTP_HELO_NAME }}
+smtp_sasl_password_maps=hash:/etc/postfix/security
+smtp_sasl_security_options = noanonymous
+smtp_tls_note_starttls_offer = yes
+smtp_tls_security_level = encrypt
+smtp_tls_security_level=encrypt
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

compliance-mailout/postfix.env

@@ -0,0 +1,2 @@
+POSTFIX_MYHOSTNAME=foo
+POSTFIX_MYORIGIN=foo.bar 

compliance-mailout/relay_map

@@ -0,0 +1 @@
+@foo.bar  [smtp.bar.foo]:587

compliance-mailout/security

@@ -0,0 +1 @@
+foo@bar.foo foo@bar.foo:mytotalsecuresecret