Sutty/containers-postfix
5
0
Fork 0
Code Issues 1 Pull requests Projects Releases Wiki Activity
containers-postfix/Dockerfile
f b52598d1f7
All checks were successful
ci/woodpecker/push/woodpecker/1 Pipeline was successful
Details
ci/woodpecker/push/woodpecker/2 Pipeline was successful
Details
ci/woodpecker/push/woodpecker/3 Pipeline was successful
Details
ci/woodpecker/push/woodpecker/4 Pipeline was successful
Details
Merge branch 'antifascista' of ssh://gitea.nulo.in:420/Sutty/containers-skel into antifascista
2024-06-21 13:11:16 -03:00

98 lines
4.8 KiB
Docker
Raw Permalink Blame History

ARG ALPINE_VERSION=3.18.3
ARG BASE_IMAGE=gitea.nulo.in/sutty/monit
FROM ${BASE_IMAGE}:${ALPINE_VERSION} AS build
ARG POSTFIX_VERSION=3.6.6
LABEL org.opencontainers.image.authors="f@sutty.nl"
RUN apk add --no-cache postfix~${POSTFIX_VERSION} ca-certificates
RUN install -dm 2750 -o root -g root /etc/ssl/private
RUN apk add --no-cache gnutls-utils
RUN certtool --generate-dh-params --outfile=/etc/ssl/private/2048.dh --bits=2048
RUN certtool --generate-dh-params --outfile=/etc/ssl/private/512.dh --bits=512
RUN postconf -e alias_maps='lmdb:/etc/postfix/aliases'
RUN postconf -e transport_maps='lmdb:/etc/postfix/transport'
RUN postconf -e recipient_delimiter='+'
RUN postconf -e sendmail_path='/usr/sbin/sendmail'
RUN postconf -e newaliases_path='/usr/bin/newaliases'
RUN postconf -e mailq_path='/usr/bin/mailq'
RUN postconf -e setgid_group='postdrop'
RUN postconf -e manpage_directory='/usr/share/man'
RUN postconf -e sample_directory='/etc/postfix/sample'
RUN postconf -e readme_directory='/usr/share/doc/postfix'
RUN postconf -e html_directory='no'
RUN postconf -e soft_bounce='no'
RUN postconf -e mydestination='/etc/postfix/maps/domains.cf'
RUN postconf -e inet_interfaces='all'
RUN postconf -e local_recipient_maps='unix:passwd.byname $alias_maps'
RUN postconf -e mynetworks_style='subnet'
RUN postconf -e home_mailbox='Maildir/'
RUN postconf -e message_size_limit=20480000
RUN postconf -e inet_protocols='all'
RUN postconf -e disable_vrfy_command=yes
RUN postconf -e smtpd_helo_required=yes
RUN postconf -e smtpd_helo_restrictions='permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_helo_hostname,reject_invalid_helo_hostname,reject_unknown_helo_hostname,permit'
RUN postconf -e smtpd_recipient_restrictions='reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination,reject_non_fqdn_sender,reject_unlisted_recipient'
RUN postconf -e smtpd_sender_restrictions='permit_mynetworks,permit_sasl_authenticated,reject_non_fqdn_sender,reject_unknown_sender_domain,permit'
RUN postconf -e smtpd_data_restrictions='reject_unauth_pipelining'
RUN postconf -e smtpd_client_restrictions='permit_mynetworks,permit_sasl_authenticated'
RUN postconf -e smtpd_relay_restrictions='permit_mynetworks,permit_sasl_authenticated,reject_unauth_destination'
RUN postconf -e smtpd_use_tls='yes'
RUN postconf -e smtpd_tls_auth_only='yes'
RUN postconf -e smtp_use_tls='yes'
RUN postconf -e smtp_tls_note_starttls_offer='yes'
RUN postconf -e smtpd_tls_CApath='/etc/ssl/certs'
RUN postconf -e tls_random_source='dev:/dev/urandom'
RUN postconf -e smtpd_tls_dh1024_param_file='/etc/ssl/private/2048.dh'
RUN postconf -e smtpd_tls_dh512_param_file='/etc/ssl/private/512.dh'
RUN postconf -e tls_preempt_cipherlist='yes'
RUN postconf -e smtpd_tls_security_level='may'
RUN postconf -e smtpd_tls_eecdh_grade='strong'
RUN postconf -e smtpd_tls_mandatory_ciphers='high'
RUN postconf -e smtpd_tls_ciphers='medium'
RUN postconf -e smtpd_tls_exclude_ciphers='aNULL,MD5,DES,3DES,DES-CBC3-SHA,RC4-SHA,AES256-SHA,AES128-SHA,eNULL,EXPORT,RC4,PSK,aECDH,EDH-DSS-DES-CBC3-SHA,EDH-RSA-DES-CDC3-SHA,KRB5-DE5,CBC3-SHA'
RUN postconf -e smtpd_tls_mandatory_protocols='TLSv1'
RUN postconf -e smtp_tls_ciphers='$smtpd_tls_ciphers'
RUN postconf -e smtp_tls_mandatory_ciphers='$smtpd_tls_mandatory_ciphers'
RUN postconf -e smtp_tls_protocols='!SSLv2,!SSLv3,TLSv1'
RUN postconf -e smtpd_tls_loglevel='0'
RUN postconf -e smtpd_tls_received_header='yes'
RUN postconf -e smtpd_tls_session_cache_timeout='3600s'
RUN postconf -e smtp_destination_concurrency_limit=2
RUN postconf -e smtp_destination_rate_delay=1s
RUN postconf -e smtp_extra_recipient_limit=10
RUN postconf -e append_dot_mydomain=yes
RUN postconf -e masquerade_domains='$mydomain'
RUN postconf -e non_smtpd_milters=inet:opendkim:8891
RUN postconf -e milter_default_action=accept
RUN postconf -e milter_protocol=6
RUN postconf -e virtual_alias_maps=lmdb:/etc/postfix/maps/virtual
RUN postconf -e sender_canonical_classes=envelope_sender
RUN postconf -e recipient_canonical_classes=envelope_recipient,header_recipient
RUN postconf -e smtpd_client_connection_rate_limit=10
RUN postconf -e smtpd_forbid_bare_newline=yes
RUN postconf -e smtpd_forbid_bare_newline_exclusions='$mynetworks'
ARG ALPINE_VERSION=3.18.3
ARG BASE_IMAGE=gitea.nulo.in/sutty/monit
FROM ${BASE_IMAGE}:${ALPINE_VERSION}
LABEL org.opencontainers.image.authors="f@sutty.nl"
RUN apk add --no-cache postfix ca-certificates
RUN install -dm 2750 -o root -g root /etc/ssl/private
COPY --from=build /etc/postfix/main.cf /etc/postfix/main.cf
COPY --from=build /etc/ssl/private/2048.dh /etc/ssl/private/2048.dh
COPY --from=build /etc/ssl/private/512.dh /etc/ssl/private/512.dh
COPY ./monit.conf /etc/monit.d/postfix.conf
COPY ./postfixd.sh /usr/local/bin/postfixd
RUN newaliases
RUN postmap /etc/postfix/transport
VOLUME "/etc/postfix/maps"
# Port
EXPOSE 25
Reference in a new issue View git blame Copy permalink