forked from bokysan/docker-postfix
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrun.sh
114 lines (95 loc) · 4.3 KB
/
run.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/sh
echo "******************************"
echo "**** POSTFIX STARTING UP *****"
echo "******************************"
# Make and reown postfix folders
mkdir -p /var/spool/postfix/ && mkdir -p /var/spool/postfix/pid
chown root: /var/spool/postfix/
chown root: /var/spool/postfix/pid
# Disable SMTPUTF8, because libraries (ICU) are missing in alpine
postconf -e smtputf8_enable=no
# Update aliases database. It's not used, but postfix complains if the .db file is missing
postalias /etc/postfix/aliases
# Disable local mail delivery
postconf -e mydestination=
# Don't relay for any domains
postconf -e relay_domains=
# As this is a server-based service, allow any message size -- we hope the server knows
# what it is doing
postconf -e "message_size_limit=0"
# Reject invalid HELOs
postconf -e smtpd_delay_reject=yes
postconf -e smtpd_helo_required=yes
postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit"
# Set up host name
if [ ! -z "$HOSTNAME" ]; then
postconf -e myhostname="$HOSTNAME"
else
postconf -# myhostname
fi
# Set up a relay host, if needed
if [ ! -z "$RELAYHOST" ]; then
echo -n "- Forwarding all emails to $RELAYHOST"
postconf -e relayhost=$RELAYHOST
if [ -n "$RELAYHOST_USERNAME" ] && [ -n "$RELAYHOST_PASSWORD" ]; then
echo " using username $RELAYHOST_USERNAME."
echo "$RELAYHOST $RELAYHOST_USERNAME:$RELAYHOST_PASSWORD" >> /etc/postfix/sasl_passwd
postmap hash:/etc/postfix/sasl_passwd
postconf -e "smtp_sasl_auth_enable=yes"
postconf -e "smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd"
postconf -e "smtp_sasl_security_options=noanonymous"
else
echo " without any authentication. Make sure your server is configured to accept emails coming from this IP."
fi
else
echo "- Will try to deliver emails directly to the final server. Make sure your DNS is setup properly!"
postconf -# relayhost
postconf -# smtp_sasl_auth_enable
postconf -# smtp_sasl_password_maps
postconf -# smtp_sasl_security_options
fi
if [ ! -z "$MYNETWORKS" ]; then
postconf -e mynetworks=$MYNETWORKS
else
postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
fi
# Split with space
if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
echo -n "- Setting up allowed SENDER domains:"
allowed_senders=/etc/postfix/allowed_senders
rm -f $allowed_senders $allowed_senders.db > /dev/null
touch $allowed_senders
for i in $ALLOWED_SENDER_DOMAINS; do
echo -n " $i"
echo -e "$i\tOK" >> $allowed_senders
done
echo
postmap $allowed_senders
postconf -e "smtpd_restriction_classes=allowed_domains_only"
postconf -e "allowed_domains_only=permit_mynetworks, reject_non_fqdn_sender reject"
# Update: loosen up on RCPT checks. This will mean we might get some emails which are not valid, but the service connecting
# will be able to send out emails much faster, as there will be no lookup and lockup if the target server is not responing or availalb.e
# postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unverified_recipient, check_sender_access hash:$allowed_senders, reject"
postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_sender_access hash:$allowed_senders, reject"
else
postconf -# "smtpd_restriction_classes"
# Update: loosen up on RCPT checks. This will mean we might get some emails which are not valid, but the service connecting
# will be able to send out emails much faster, as there will be no lookup and lockup if the target server is not responing or availalb.e
# postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,reject_unverified_recipient"
postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, defer_unauth_destination, permit"
fi
# Since we are behind closed doors, let's just permit all relays.
postconf -e "smtpd_relay_restrictions=permit"
# Use 587 (submission)
sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
if [ -d /docker-init.db/ ]; then
echo "- Executing any found custom scripts..."
for f in /docker-init.db/*; do
case "$f" in
*.sh) chmod +x "$f"; echo -e"\trunning $f"; . "$f" ;;
*) echo "$0: ignoring $f" ;;
esac
done
fi
echo "- Staring rsyslog and postfix"
exec supervisord -c /etc/supervisord.conf