diff --git a/.gitignore b/.gitignore index 3835bc0..5cbd105 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1,6 @@ dkim.key +.settings +.project +.buildpath +.gitignore.swp +docker-compose.yml diff --git a/Dockerfile b/Dockerfile index 725c2dc..3606df4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,6 +1,6 @@ # Postfix SMTP Relay -FROM debian:stretch +FROM debian:buster EXPOSE 25 587 @@ -51,6 +51,8 @@ COPY opendkim.conf.sh /etc/ COPY s6 /etc/s6/ COPY entry.sh / +COPY update_clientrelayhosts.sh /usr/sbin/ +COPY update_transport.sh /usr/sbin/ ENTRYPOINT ["/entry.sh"] CMD ["/usr/bin/s6-svscan", "/etc/s6"] diff --git a/README.md b/README.md index e1d0511..7a0bfeb 100644 --- a/README.md +++ b/README.md @@ -4,12 +4,9 @@ Postfix SMTP Relay. Drop-in Docker image for SMTP relaying. Use wherever a connected service requires SMTP sending capabilities. Supports TLS out of the box and DKIM -(if enabled and configured). +(if enabled and configured). Allows specifying which hosts are allowed to relay through mail server. -[![Docker Automated build](https://img.shields.io/docker/cloud/automated/freinet/postfix-relay.svg)](https://hub.docker.com/r/freinet/postfix-relay/) -[![Docker Build Status](https://img.shields.io/docker/cloud/build/freinet/postfix-relay.svg)](https://hub.docker.com/r/freinet/postfix-relay/builds/) -[![Docker image size](https://images.microbadger.com/badges/image/freinet/postfix-relay.svg)](https://microbadger.com/images/freinet/postfix-relay) -[![Docker image version](https://images.microbadger.com/badges/version/freinet/postfix-relay.svg)](https://microbadger.com/images/freinet/postfix-relay) +NOTE: This is a fork of https://hub.docker.com/r/freinet/postfix-relay respository and added a client relay hosts option. ## Environment Variables @@ -31,6 +28,8 @@ Relay host parameters: - `RELAYHOST` - Postfix `relayhost`. Default ''. (example `mail.example.com:25`) - `RELAYHOST_AUTH` - Enable authentication for relayhost. Generally used with `RELAYHOST_PASSWORDMAP`. Default `no`. - `RELAYHOST_PASSWORDMAP` - relayhost password map in format: `RELAYHOST_PASSWORDMAP=mail1.example.com:user1:pass2,mail2.example.com:user2:pass2` +- `USE_CLIENT_RELAYHOSTS` - Enable client relay restriction. Default `no`. + TLS parameters: @@ -59,11 +58,42 @@ DKIM parameters: `docker run -e MAILNAME=mail.example.com panubo/postfix` -## Volumes +## Volumes andFiles No volumes are defined. If you want persistent spool storage then mount `/var/spool/postfix` outside of the container. +If using `USE_CLIENT_RELAYHOSTS` mount a `relayhosts` file to `/etc/postfix/relayhosts` if you want to maintain a peristent list over restarts. + +If using `USE_TRANSPORT_MAPS` mount a `transport` file to `/etc/postfix/transport`. + +## Client Relay Hosts + +If you want to be able to change the hosts that can be allowed through the server during runtime, enable this option. + +During startup, a `/etc/postfix/relayhosts` file is created is not already available and hashed for postfix. + +The relays hosts file is created in this format + +``` +#IP OK +192.168.1.12 OK +``` + +Once the file has been edited, run the `/usr/sbin/update_clientrelayhosts.sh` from the command line with + +``` +docker exec -it container_name /usr/sbin/update_clientrelayhosts.sh +``` + +Change `container_name` to be the name of the container. The `update_clientrelayhosts.sh` is just a shortcut to postmap and then reloads the configuration into postfix. + +## Transport Maps +Sometimes you want to direct where email is being sent to. This is achieved by using transport maps. Create a file and map it through to `/etc/postfix/transport` in the image. Use the `USE_TRANSPORT_MAPS="yes"` environment option to enable. + +Once the file has been modified in a running system, run the `update_transport.sh` command to create a hashfile and reload postfix. + + ## Test email To send a test email via the command line, make sure heirloom-mailx is installed. diff --git a/s6/postfix/run b/s6/postfix/run index 1592c80..c86f1bb 100755 --- a/s6/postfix/run +++ b/s6/postfix/run @@ -1,5 +1,4 @@ #!/usr/bin/env bash - set -e [ "$DEBUG" == 'true' ] && set -x @@ -33,6 +32,38 @@ if [ "${USE_DKIM}" == "yes" ]; then postconf -e non_smtpd_milters="inet:localhost:8891" fi +# Relay Restrictions +: "${USE_RELAY:=no}" + +if [ "${USE_CLIENT_RELAYHOSTS}" == "yes" ]; then + echo "postfix >> Enabling client relay hosts file" + sed -i 's/permit_mynetworks permit_sasl_authenticated/permit_mynetworks check_client_access hash:\/etc\/postfix\/relayhosts permit_sasl_authenticated/g' /etc/postfix/main.cf + + #if no relay hosts file, then create it + if [ ! -f /etc/postfix/relayhosts ]; then + touch /etc/postfix/relayhosts + fi + # Set ownership in case passed in + chown root /etc/postfix/relayhosts + postmap /etc/postfix/relayhosts +fi + +# Transport Maps +: "${USE_TRANSPORT_MAPS:=no}" + +if [ "${USE_TRANSPORT_MAPS}" == "yes" ]; then + echo "postfix >> Enabling transport maps file" + postconf -e transport_maps="hash:/etc/postfix/transport" + + #if no transport maps file, then create it + if [ ! -f /etc/postfix/transport ]; then + touch /etc/postfix/transport + fi + # Set ownership in case passed in + chown root /etc/postfix/transport + postmap /etc/postfix/transport +fi + # TLS : "${USE_TLS:=yes}" : "${TLS_SECURITY_LEVEL:=may}" diff --git a/update_clientrelayhosts.sh b/update_clientrelayhosts.sh new file mode 100755 index 0000000..0efef0a --- /dev/null +++ b/update_clientrelayhosts.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +postmap /etc/postfix/relayhosts +postfix reload \ No newline at end of file diff --git a/update_transport.sh b/update_transport.sh new file mode 100755 index 0000000..631c2e9 --- /dev/null +++ b/update_transport.sh @@ -0,0 +1,4 @@ +#!/usr/bin/env bash + +postmap /etc/postfix/transport +postfix reload