From 9fd2173200a1be55d9903e107ae300759777e11a Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Sun, 22 Mar 2020 23:17:24 -0500 Subject: [PATCH 01/19] Change base image from CentOS 7 to alpine linux --- Dockerfile | 13 ++++++------- docker-compose.dev.yml | 1 + etc/supervisord.conf | 2 +- run.sh | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index db5c34f..ba14ea2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,14 +1,13 @@ #Dockerfile for a Postfix email relay service -FROM centos:7 +FROM alpine MAINTAINER Juan Luis Baptiste juan.baptiste@gmail.com -RUN yum install -y epel-release && yum update -y && \ - yum install -y cyrus-sasl cyrus-sasl-plain cyrus-sasl-md5 mailx \ +RUN apk update && \ + apk add bash gawk cyrus-sasl cyrus-sasl-plain cyrus-sasl-crammd5 mailx \ perl supervisor postfix rsyslog \ - && rm -rf /var/cache/yum/* \ - && yum clean all -RUN sed -i -e "s/^nodaemon=false/nodaemon=true/" /etc/supervisord.conf -RUN sed -i -e 's/inet_interfaces = localhost/inet_interfaces = all/g' /etc/postfix/main.cf + rm -rf /var/cache/apk/* && \ + mkdir -p /var/log/supervisor/ /var/run/supervisor/ && \ + sed -i -e 's/inet_interfaces = localhost/inet_interfaces = all/g' /etc/postfix/main.cf COPY etc/ /etc/ COPY run.sh / diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index 0d35098..ea1e56f 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -1,6 +1,7 @@ version: '2' services: postfix: + image: juanluisbaptiste/postfix:dev build: context: . dockerfile: Dockerfile diff --git a/etc/supervisord.conf b/etc/supervisord.conf index 78f4ac6..c7c96c7 100644 --- a/etc/supervisord.conf +++ b/etc/supervisord.conf @@ -22,7 +22,7 @@ nodaemon=true ; (start in foreground if true;default false) minfds=1024 ; (min. avail startup file descriptors;default 1024) minprocs=200 ; (min. avail process descriptors;default 200) ;umask=022 ; (process file creation umask;default 022) -;user=chrism ; (default is current user, required if root) +user=root ; (default is current user, required if root) ;identifier=supervisor ; (supervisord identifier, default is 'supervisor') ;directory=/tmp ; (default is not to cd during start) ;nocleanup=true ; (don't clean up tempfiles at start;default false) diff --git a/run.sh b/run.sh index 0701688..7473646 100644 --- a/run.sh +++ b/run.sh @@ -44,7 +44,7 @@ if [ ! -f /etc/postfix/sasl_passwd ]; then fi fi -#Set header tag +#Set header tag if [ ! -z "${SMTP_HEADER_TAG}" ]; then postconf -e "header_checks = regexp:/etc/postfix/header_tag" echo -e "/^MIME-Version:/i PREPEND RelayTag: $SMTP_HEADER_TAG\n/^Content-Transfer-Encoding:/i PREPEND RelayTag: $SMTP_HEADER_TAG" > /etc/postfix/header_tag @@ -70,4 +70,4 @@ add_config_value "mynetworks" "${nets}" # starting services rm -f /var/spool/postfix/pid/master.pid -exec supervisord +exec supervisord -c /etc/supervisord.conf From 73dcfc381c57b215e073b564d1647198411f5186 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Mon, 23 Mar 2020 18:30:00 -0500 Subject: [PATCH 02/19] Fix awk expression, it worked before because of a bug, it does not work with more recent awk versions. --- run.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/run.sh b/run.sh index 7473646..a57aaca 100644 --- a/run.sh +++ b/run.sh @@ -5,7 +5,7 @@ function add_config_value() { local key=${1} local value=${2} - local config_file=${3:-/etc/postfix/main.cf} + # local config_file=${3:-/etc/postfix/main.cf} [ "${key}" == "" ] && echo "ERROR: No key set !!" && exit 1 [ "${value}" == "" ] && echo "ERROR: No value set !!" && exit 1 @@ -21,7 +21,7 @@ function add_config_value() { SMTP_PORT="${SMTP_PORT-587}" #Get the domain from the server host name -DOMAIN=`echo ${SERVER_HOSTNAME} |awk -F. '{$1="";OFS="." ; print $0}' | sed 's/^.//'` +DOMAIN=`echo ${SERVER_HOSTNAME} | awk 'BEGIN{FS=OFS="."}{print $(NF-1),$NF}'` # Set needed config options add_config_value "myhostname" ${SERVER_HOSTNAME} From 1ab78c1febd5f7314f3394c9c13e82bf131e7fb6 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Mon, 23 Mar 2020 18:54:43 -0500 Subject: [PATCH 03/19] Added information about the migration to Alpine --- README.md | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 77a3c47..fe598bf 100644 --- a/README.md +++ b/README.md @@ -7,8 +7,18 @@ Simple Postfix SMTP TLS relay [docker](http://www.docker.com) image with no loca It also includes rsyslog to enable logging to stdout. + _If you want to follow the development of this project check out [my blog](http://not403.blogspot.com.co/search/label/postfix)._ +### Available image tags + +This image has been built on CentOS 7 since its inception, but the new CentOS 8 does [not include supervisor](https://github.com/juanluisbaptiste/docker-postfix/issues/16) anymore, so I have started migrating this image to Alpine linux. So currently there are two image tags available: + + * juanluisbaptiste/postfix:latest, current CentOS 7 based image + * juanluisbaptiste/postfix:alpine, new Alpine based image + +If testing goes well for some time, then the current CentOS image will be replaced by the new Alpine one, and _latest_ tag will point to it. + ### Build instructions Clone this repo and then: @@ -42,13 +52,13 @@ The following env variable(s) are optional. To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server: - docker run -d --name postfix -p "25:25" \ + docker run -d --name postfix -p "25:25" \ -e SMTP_SERVER=smtp.bar.com \ -e SMTP_USERNAME=foo@bar.com \ -e SMTP_PASSWORD=XXXXXXXX \ -e SERVER_HOSTNAME=helpdesk.mycompany.com \ juanluisbaptiste/postfix - + If you are going to use this container from other docker containers then it's better to just publish the port: docker run -d --name postfix -P \ From 6f0a49a8c897791fb84ab0217e75c99ea13a0920 Mon Sep 17 00:00:00 2001 From: Michael Powers Date: Thu, 16 Apr 2020 16:10:55 -0400 Subject: [PATCH 04/19] Adds the cyrus-sasl-login package to provide feature parity with CentOS image and fix #21. Fixes an unterminated line preventing cache cleaning from working correctly. --- Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ba14ea2..45409c9 100644 --- a/Dockerfile +++ b/Dockerfile @@ -3,8 +3,8 @@ FROM alpine MAINTAINER Juan Luis Baptiste juan.baptiste@gmail.com RUN apk update && \ - apk add bash gawk cyrus-sasl cyrus-sasl-plain cyrus-sasl-crammd5 mailx \ - perl supervisor postfix rsyslog \ + apk add bash gawk cyrus-sasl cyrus-sasl-plain cyrus-sasl-login cyrus-sasl-crammd5 mailx \ + perl supervisor postfix rsyslog && \ rm -rf /var/cache/apk/* && \ mkdir -p /var/log/supervisor/ /var/run/supervisor/ && \ sed -i -e 's/inet_interfaces = localhost/inet_interfaces = all/g' /etc/postfix/main.cf From 39ab0f7434c3293ac1e78ced257c11d91ca9fa5d Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Thu, 9 Apr 2020 12:13:45 -0500 Subject: [PATCH 05/19] Added an example .env file --- .env.example | 21 +++++++++++++++++++++ docker-compose.yml | 2 +- 2 files changed, 22 insertions(+), 1 deletion(-) create mode 100644 .env.example diff --git a/.env.example b/.env.example new file mode 100644 index 0000000..29e0e8a --- /dev/null +++ b/.env.example @@ -0,0 +1,21 @@ + +# Mandatory: Server address of the SMTP server to use. +#SMTP_SERVER= + +# Optional: (Default value: 587) Port address of the SMTP server to use. +#SMTP_PORT= + +# Mandatory: Username to authenticate with. +#SMTP_USERNAME= + +# Mandatory: Password of the SMTP user. +#SMTP_PASSWORD= + +# Mandatory: Server hostname for the Postfix container. Emails will appear to come from the hostname's domain. +#SERVER_HOSTNAME= + +# Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers. +#SMTP_HEADER_TAG= + +# Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers. +#SMTP_NETWORKS= diff --git a/docker-compose.yml b/docker-compose.yml index 25bb95d..62f9924 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -5,7 +5,7 @@ services: expose: - "25" env_file: - - ../../credentials-smtp.env + - .env restart: always volumes: - "/etc/localtime:/etc/localtime:ro" From 9518e01dee4416456fffbe72b2d15aac8ff6419e Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Thu, 9 Apr 2020 12:23:20 -0500 Subject: [PATCH 06/19] Renamed docker-compose.dev.yml to docker-compose.override.yml so it does not need to be explicitly set to build the image. --- README.md | 4 ++-- docker-compose.dev.yml => docker-compose.override.yml | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename docker-compose.dev.yml => docker-compose.override.yml (100%) diff --git a/README.md b/README.md index fe598bf..7570b9e 100644 --- a/README.md +++ b/README.md @@ -24,11 +24,11 @@ If testing goes well for some time, then the current CentOS image will be replac Clone this repo and then: cd docker-Postfix - sudo docker build -t postfix . + sudo docker build -t juanluisbaptiste/postfix . Or you can use the provided [docker-compose](https://github.com/juanluisbaptiste/docker-postfix/blob/master/docker-compose.dev.yml) files: - sudo docker-compose -f docker-compose.yml -f docker-compose.dev.yml build + sudo docker-compose build For more information on using multiple compose files [see here](https://docs.docker.com/compose/production/). You can also find a prebuilt docker image from [Docker Hub](https://registry.hub.docker.com/u/juanluisbaptiste/postfix/), which can be pulled with this command: diff --git a/docker-compose.dev.yml b/docker-compose.override.yml similarity index 100% rename from docker-compose.dev.yml rename to docker-compose.override.yml From 425c1b330d5b52de846370bbc7a49f33d27b7604 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Wed, 27 May 2020 14:43:09 -0500 Subject: [PATCH 07/19] Added LICENSE file to fix issue #27 --- LICENSE.md | 595 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 595 insertions(+) create mode 100644 LICENSE.md diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..175443c --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,595 @@ +GNU General Public License +========================== + +_Version 3, 29 June 2007_ +_Copyright © 2007 Free Software Foundation, Inc. <>_ + +Everyone is permitted to copy and distribute verbatim copies of this license +document, but changing it is not allowed. + +## Preamble + +The GNU General Public License is a free, copyleft license for software and other +kinds of works. + +The licenses for most software and other practical works are designed to take away +your freedom to share and change the works. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change all versions of a +program--to make sure it remains free software for all its users. We, the Free +Software Foundation, use the GNU General Public License for most of our software; it +applies also to any other work released this way by its authors. You can apply it to +your programs, too. + +When we speak of free software, we are referring to freedom, not price. Our General +Public Licenses are designed to make sure that you have the freedom to distribute +copies of free software (and charge for them if you wish), that you receive source +code or can get it if you want it, that you can change the software or use pieces of +it in new free programs, and that you know you can do these things. + +To protect your rights, we need to prevent others from denying you these rights or +asking you to surrender the rights. Therefore, you have certain responsibilities if +you distribute copies of the software, or if you modify it: responsibilities to +respect the freedom of others. + +For example, if you distribute copies of such a program, whether gratis or for a fee, +you must pass on to the recipients the same freedoms that you received. You must make +sure that they, too, receive or can get the source code. And you must show them these +terms so they know their rights. + +Developers that use the GNU GPL protect your rights with two steps: **(1)** assert +copyright on the software, and **(2)** offer you this License giving you legal permission +to copy, distribute and/or modify it. + +For the developers' and authors' protection, the GPL clearly explains that there is +no warranty for this free software. For both users' and authors' sake, the GPL +requires that modified versions be marked as changed, so that their problems will not +be attributed erroneously to authors of previous versions. + +Some devices are designed to deny users access to install or run modified versions of +the software inside them, although the manufacturer can do so. This is fundamentally +incompatible with the aim of protecting users' freedom to change the software. The +systematic pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we have designed +this version of the GPL to prohibit the practice for those products. If such problems +arise substantially in other domains, we stand ready to extend this provision to +those domains in future versions of the GPL, as needed to protect the freedom of +users. + +Finally, every program is threatened constantly by software patents. States should +not allow patents to restrict development and use of software on general-purpose +computers, but in those that do, we wish to avoid the special danger that patents +applied to a free program could make it effectively proprietary. To prevent this, the +GPL assures that patents cannot be used to render the program non-free. + +The precise terms and conditions for copying, distribution and modification follow. + +## TERMS AND CONDITIONS + +### 0. Definitions + +“This License” refers to version 3 of the GNU General Public License. + +“Copyright” also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + +“The Program” refers to any copyrightable work licensed under this +License. Each licensee is addressed as “you”. “Licensees” and +“recipients” may be individuals or organizations. + +To “modify” a work means to copy from or adapt all or part of the work in +a fashion requiring copyright permission, other than the making of an exact copy. The +resulting work is called a “modified version” of the earlier work or a +work “based on” the earlier work. + +A “covered work” means either the unmodified Program or a work based on +the Program. + +To “propagate” a work means to do anything with it that, without +permission, would make you directly or secondarily liable for infringement under +applicable copyright law, except executing it on a computer or modifying a private +copy. Propagation includes copying, distribution (with or without modification), +making available to the public, and in some countries other activities as well. + +To “convey” a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through a computer +network, with no transfer of a copy, is not conveying. + +An interactive user interface displays “Appropriate Legal Notices” to the +extent that it includes a convenient and prominently visible feature that **(1)** +displays an appropriate copyright notice, and **(2)** tells the user that there is no +warranty for the work (except to the extent that warranties are provided), that +licensees may convey the work under this License, and how to view a copy of this +License. If the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + +### 1. Source Code + +The “source code” for a work means the preferred form of the work for +making modifications to it. “Object code” means any non-source form of a +work. + +A “Standard Interface” means an interface that either is an official +standard defined by a recognized standards body, or, in the case of interfaces +specified for a particular programming language, one that is widely used among +developers working in that language. + +The “System Libraries” of an executable work include anything, other than +the work as a whole, that **(a)** is included in the normal form of packaging a Major +Component, but which is not part of that Major Component, and **(b)** serves only to +enable use of the work with that Major Component, or to implement a Standard +Interface for which an implementation is available to the public in source code form. +A “Major Component”, in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system (if any) on which +the executable work runs, or a compiler used to produce the work, or an object code +interpreter used to run it. + +The “Corresponding Source” for a work in object code form means all the +source code needed to generate, install, and (for an executable work) run the object +code and to modify the work, including scripts to control those activities. However, +it does not include the work's System Libraries, or general-purpose tools or +generally available free programs which are used unmodified in performing those +activities but which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for the work, and +the source code for shared libraries and dynamically linked subprograms that the work +is specifically designed to require, such as by intimate data communication or +control flow between those subprograms and other parts of the work. + +The Corresponding Source need not include anything that users can regenerate +automatically from other parts of the Corresponding Source. + +The Corresponding Source for a work in source code form is that same work. + +### 2. Basic Permissions + +All rights granted under this License are granted for the term of copyright on the +Program, and are irrevocable provided the stated conditions are met. This License +explicitly affirms your unlimited permission to run the unmodified Program. The +output from running a covered work is covered by this License only if the output, +given its content, constitutes a covered work. This License acknowledges your rights +of fair use or other equivalent, as provided by copyright law. + +You may make, run and propagate covered works that you do not convey, without +conditions so long as your license otherwise remains in force. You may convey covered +works to others for the sole purpose of having them make modifications exclusively +for you, or provide you with facilities for running those works, provided that you +comply with the terms of this License in conveying all material for which you do not +control copyright. Those thus making or running the covered works for you must do so +exclusively on your behalf, under your direction and control, on terms that prohibit +them from making any copies of your copyrighted material outside their relationship +with you. + +Conveying under any other circumstances is permitted solely under the conditions +stated below. Sublicensing is not allowed; section 10 makes it unnecessary. + +### 3. Protecting Users' Legal Rights From Anti-Circumvention Law + +No covered work shall be deemed part of an effective technological measure under any +applicable law fulfilling obligations under article 11 of the WIPO copyright treaty +adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention +of such measures. + +When you convey a covered work, you waive any legal power to forbid circumvention of +technological measures to the extent such circumvention is effected by exercising +rights under this License with respect to the covered work, and you disclaim any +intention to limit operation or modification of the work as a means of enforcing, +against the work's users, your or third parties' legal rights to forbid circumvention +of technological measures. + +### 4. Conveying Verbatim Copies + +You may convey verbatim copies of the Program's source code as you receive it, in any +medium, provided that you conspicuously and appropriately publish on each copy an +appropriate copyright notice; keep intact all notices stating that this License and +any non-permissive terms added in accord with section 7 apply to the code; keep +intact all notices of the absence of any warranty; and give all recipients a copy of +this License along with the Program. + +You may charge any price or no price for each copy that you convey, and you may offer +support or warranty protection for a fee. + +### 5. Conveying Modified Source Versions + +You may convey a work based on the Program, or the modifications to produce it from +the Program, in the form of source code under the terms of section 4, provided that +you also meet all of these conditions: + +* **a)** The work must carry prominent notices stating that you modified it, and giving a +relevant date. +* **b)** The work must carry prominent notices stating that it is released under this +License and any conditions added under section 7. This requirement modifies the +requirement in section 4 to “keep intact all notices”. +* **c)** You must license the entire work, as a whole, under this License to anyone who +comes into possession of a copy. This License will therefore apply, along with any +applicable section 7 additional terms, to the whole of the work, and all its parts, +regardless of how they are packaged. This License gives no permission to license the +work in any other way, but it does not invalidate such permission if you have +separately received it. +* **d)** If the work has interactive user interfaces, each must display Appropriate Legal +Notices; however, if the Program has interactive interfaces that do not display +Appropriate Legal Notices, your work need not make them do so. + +A compilation of a covered work with other separate and independent works, which are +not by their nature extensions of the covered work, and which are not combined with +it such as to form a larger program, in or on a volume of a storage or distribution +medium, is called an “aggregate” if the compilation and its resulting +copyright are not used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work in an aggregate +does not cause this License to apply to the other parts of the aggregate. + +### 6. Conveying Non-Source Forms + +You may convey a covered work in object code form under the terms of sections 4 and +5, provided that you also convey the machine-readable Corresponding Source under the +terms of this License, in one of these ways: + +* **a)** Convey the object code in, or embodied in, a physical product (including a +physical distribution medium), accompanied by the Corresponding Source fixed on a +durable physical medium customarily used for software interchange. +* **b)** Convey the object code in, or embodied in, a physical product (including a +physical distribution medium), accompanied by a written offer, valid for at least +three years and valid for as long as you offer spare parts or customer support for +that product model, to give anyone who possesses the object code either **(1)** a copy of +the Corresponding Source for all the software in the product that is covered by this +License, on a durable physical medium customarily used for software interchange, for +a price no more than your reasonable cost of physically performing this conveying of +source, or **(2)** access to copy the Corresponding Source from a network server at no +charge. +* **c)** Convey individual copies of the object code with a copy of the written offer to +provide the Corresponding Source. This alternative is allowed only occasionally and +noncommercially, and only if you received the object code with such an offer, in +accord with subsection 6b. +* **d)** Convey the object code by offering access from a designated place (gratis or for +a charge), and offer equivalent access to the Corresponding Source in the same way +through the same place at no further charge. You need not require recipients to copy +the Corresponding Source along with the object code. If the place to copy the object +code is a network server, the Corresponding Source may be on a different server +(operated by you or a third party) that supports equivalent copying facilities, +provided you maintain clear directions next to the object code saying where to find +the Corresponding Source. Regardless of what server hosts the Corresponding Source, +you remain obligated to ensure that it is available for as long as needed to satisfy +these requirements. +* **e)** Convey the object code using peer-to-peer transmission, provided you inform +other peers where the object code and Corresponding Source of the work are being +offered to the general public at no charge under subsection 6d. + +A separable portion of the object code, whose source code is excluded from the +Corresponding Source as a System Library, need not be included in conveying the +object code work. + +A “User Product” is either **(1)** a “consumer product”, which +means any tangible personal property which is normally used for personal, family, or +household purposes, or **(2)** anything designed or sold for incorporation into a +dwelling. In determining whether a product is a consumer product, doubtful cases +shall be resolved in favor of coverage. For a particular product received by a +particular user, “normally used” refers to a typical or common use of +that class of product, regardless of the status of the particular user or of the way +in which the particular user actually uses, or expects or is expected to use, the +product. A product is a consumer product regardless of whether the product has +substantial commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + +“Installation Information” for a User Product means any methods, +procedures, authorization keys, or other information required to install and execute +modified versions of a covered work in that User Product from a modified version of +its Corresponding Source. The information must suffice to ensure that the continued +functioning of the modified object code is in no case prevented or interfered with +solely because modification has been made. + +If you convey an object code work under this section in, or with, or specifically for +use in, a User Product, and the conveying occurs as part of a transaction in which +the right of possession and use of the User Product is transferred to the recipient +in perpetuity or for a fixed term (regardless of how the transaction is +characterized), the Corresponding Source conveyed under this section must be +accompanied by the Installation Information. But this requirement does not apply if +neither you nor any third party retains the ability to install modified object code +on the User Product (for example, the work has been installed in ROM). + +The requirement to provide Installation Information does not include a requirement to +continue to provide support service, warranty, or updates for a work that has been +modified or installed by the recipient, or for the User Product in which it has been +modified or installed. Access to a network may be denied when the modification itself +materially and adversely affects the operation of the network or violates the rules +and protocols for communication across the network. + +Corresponding Source conveyed, and Installation Information provided, in accord with +this section must be in a format that is publicly documented (and with an +implementation available to the public in source code form), and must require no +special password or key for unpacking, reading or copying. + +### 7. Additional Terms + +“Additional permissions” are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. Additional +permissions that are applicable to the entire Program shall be treated as though they +were included in this License, to the extent that they are valid under applicable +law. If additional permissions apply only to part of the Program, that part may be +used separately under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + +When you convey a copy of a covered work, you may at your option remove any +additional permissions from that copy, or from any part of it. (Additional +permissions may be written to require their own removal in certain cases when you +modify the work.) You may place additional permissions on material, added by you to a +covered work, for which you have or can give appropriate copyright permission. + +Notwithstanding any other provision of this License, for material you add to a +covered work, you may (if authorized by the copyright holders of that material) +supplement the terms of this License with terms: + +* **a)** Disclaiming warranty or limiting liability differently from the terms of +sections 15 and 16 of this License; or +* **b)** Requiring preservation of specified reasonable legal notices or author +attributions in that material or in the Appropriate Legal Notices displayed by works +containing it; or +* **c)** Prohibiting misrepresentation of the origin of that material, or requiring that +modified versions of such material be marked in reasonable ways as different from the +original version; or +* **d)** Limiting the use for publicity purposes of names of licensors or authors of the +material; or +* **e)** Declining to grant rights under trademark law for use of some trade names, +trademarks, or service marks; or +* **f)** Requiring indemnification of licensors and authors of that material by anyone +who conveys the material (or modified versions of it) with contractual assumptions of +liability to the recipient, for any liability that these contractual assumptions +directly impose on those licensors and authors. + +All other non-permissive additional terms are considered “further +restrictions” within the meaning of section 10. If the Program as you received +it, or any part of it, contains a notice stating that it is governed by this License +along with a term that is a further restriction, you may remove that term. If a +license document contains a further restriction but permits relicensing or conveying +under this License, you may add to a covered work material governed by the terms of +that license document, provided that the further restriction does not survive such +relicensing or conveying. + +If you add terms to a covered work in accord with this section, you must place, in +the relevant source files, a statement of the additional terms that apply to those +files, or a notice indicating where to find the applicable terms. + +Additional terms, permissive or non-permissive, may be stated in the form of a +separately written license, or stated as exceptions; the above requirements apply +either way. + +### 8. Termination + +You may not propagate or modify a covered work except as expressly provided under +this License. Any attempt otherwise to propagate or modify it is void, and will +automatically terminate your rights under this License (including any patent licenses +granted under the third paragraph of section 11). + +However, if you cease all violation of this License, then your license from a +particular copyright holder is reinstated **(a)** provisionally, unless and until the +copyright holder explicitly and finally terminates your license, and **(b)** permanently, +if the copyright holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + +Moreover, your license from a particular copyright holder is reinstated permanently +if the copyright holder notifies you of the violation by some reasonable means, this +is the first time you have received notice of violation of this License (for any +work) from that copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + +Termination of your rights under this section does not terminate the licenses of +parties who have received copies or rights from you under this License. If your +rights have been terminated and not permanently reinstated, you do not qualify to +receive new licenses for the same material under section 10. + +### 9. Acceptance Not Required for Having Copies + +You are not required to accept this License in order to receive or run a copy of the +Program. Ancillary propagation of a covered work occurring solely as a consequence of +using peer-to-peer transmission to receive a copy likewise does not require +acceptance. However, nothing other than this License grants you permission to +propagate or modify any covered work. These actions infringe copyright if you do not +accept this License. Therefore, by modifying or propagating a covered work, you +indicate your acceptance of this License to do so. + +### 10. Automatic Licensing of Downstream Recipients + +Each time you convey a covered work, the recipient automatically receives a license +from the original licensors, to run, modify and propagate that work, subject to this +License. You are not responsible for enforcing compliance by third parties with this +License. + +An “entity transaction” is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an organization, or +merging organizations. If propagation of a covered work results from an entity +transaction, each party to that transaction who receives a copy of the work also +receives whatever licenses to the work the party's predecessor in interest had or +could give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if the predecessor +has it or can get it with reasonable efforts. + +You may not impose any further restrictions on the exercise of the rights granted or +affirmed under this License. For example, you may not impose a license fee, royalty, +or other charge for exercise of rights granted under this License, and you may not +initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging +that any patent claim is infringed by making, using, selling, offering for sale, or +importing the Program or any portion of it. + +### 11. Patents + +A “contributor” is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The work thus +licensed is called the contributor's “contributor version”. + +A contributor's “essential patent claims” are all patent claims owned or +controlled by the contributor, whether already acquired or hereafter acquired, that +would be infringed by some manner, permitted by this License, of making, using, or +selling its contributor version, but do not include claims that would be infringed +only as a consequence of further modification of the contributor version. For +purposes of this definition, “control” includes the right to grant patent +sublicenses in a manner consistent with the requirements of this License. + +Each contributor grants you a non-exclusive, worldwide, royalty-free patent license +under the contributor's essential patent claims, to make, use, sell, offer for sale, +import and otherwise run, modify and propagate the contents of its contributor +version. + +In the following three paragraphs, a “patent license” is any express +agreement or commitment, however denominated, not to enforce a patent (such as an +express permission to practice a patent or covenant not to sue for patent +infringement). To “grant” such a patent license to a party means to make +such an agreement or commitment not to enforce a patent against the party. + +If you convey a covered work, knowingly relying on a patent license, and the +Corresponding Source of the work is not available for anyone to copy, free of charge +and under the terms of this License, through a publicly available network server or +other readily accessible means, then you must either **(1)** cause the Corresponding +Source to be so available, or **(2)** arrange to deprive yourself of the benefit of the +patent license for this particular work, or **(3)** arrange, in a manner consistent with +the requirements of this License, to extend the patent license to downstream +recipients. “Knowingly relying” means you have actual knowledge that, but +for the patent license, your conveying the covered work in a country, or your +recipient's use of the covered work in a country, would infringe one or more +identifiable patents in that country that you have reason to believe are valid. + +If, pursuant to or in connection with a single transaction or arrangement, you +convey, or propagate by procuring conveyance of, a covered work, and grant a patent +license to some of the parties receiving the covered work authorizing them to use, +propagate, modify or convey a specific copy of the covered work, then the patent +license you grant is automatically extended to all recipients of the covered work and +works based on it. + +A patent license is “discriminatory” if it does not include within the +scope of its coverage, prohibits the exercise of, or is conditioned on the +non-exercise of one or more of the rights that are specifically granted under this +License. You may not convey a covered work if you are a party to an arrangement with +a third party that is in the business of distributing software, under which you make +payment to the third party based on the extent of your activity of conveying the +work, and under which the third party grants, to any of the parties who would receive +the covered work from you, a discriminatory patent license **(a)** in connection with +copies of the covered work conveyed by you (or copies made from those copies), or **(b)** +primarily for and in connection with specific products or compilations that contain +the covered work, unless you entered into that arrangement, or that patent license +was granted, prior to 28 March 2007. + +Nothing in this License shall be construed as excluding or limiting any implied +license or other defenses to infringement that may otherwise be available to you +under applicable patent law. + +### 12. No Surrender of Others' Freedom + +If conditions are imposed on you (whether by court order, agreement or otherwise) +that contradict the conditions of this License, they do not excuse you from the +conditions of this License. If you cannot convey a covered work so as to satisfy +simultaneously your obligations under this License and any other pertinent +obligations, then as a consequence you may not convey it at all. For example, if you +agree to terms that obligate you to collect a royalty for further conveying from +those to whom you convey the Program, the only way you could satisfy both those terms +and this License would be to refrain entirely from conveying the Program. + +### 13. Use with the GNU Affero General Public License + +Notwithstanding any other provision of this License, you have permission to link or +combine any covered work with a work licensed under version 3 of the GNU Affero +General Public License into a single combined work, and to convey the resulting work. +The terms of this License will continue to apply to the part which is the covered +work, but the special requirements of the GNU Affero General Public License, section +13, concerning interaction through a network will apply to the combination as such. + +### 14. Revised Versions of this License + +The Free Software Foundation may publish revised and/or new versions of the GNU +General Public License from time to time. Such new versions will be similar in spirit +to the present version, but may differ in detail to address new problems or concerns. + +Each version is given a distinguishing version number. If the Program specifies that +a certain numbered version of the GNU General Public License “or any later +version” applies to it, you have the option of following the terms and +conditions either of that numbered version or of any later version published by the +Free Software Foundation. If the Program does not specify a version number of the GNU +General Public License, you may choose any version ever published by the Free +Software Foundation. + +If the Program specifies that a proxy can decide which future versions of the GNU +General Public License can be used, that proxy's public statement of acceptance of a +version permanently authorizes you to choose that version for the Program. + +Later license versions may give you additional or different permissions. However, no +additional obligations are imposed on any author or copyright holder as a result of +your choosing to follow a later version. + +### 15. Disclaimer of Warranty + +THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. +EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER +EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE +QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE +DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + +### 16. Limitation of Liability + +IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY +COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS +PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, +INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE +PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE +OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE +WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + +### 17. Interpretation of Sections 15 and 16 + +If the disclaimer of warranty and limitation of liability provided above cannot be +given local legal effect according to their terms, reviewing courts shall apply local +law that most closely approximates an absolute waiver of all civil liability in +connection with the Program, unless a warranty or assumption of liability accompanies +a copy of the Program in return for a fee. + +_END OF TERMS AND CONDITIONS_ + +## How to Apply These Terms to Your New Programs + +If you develop a new program, and you want it to be of the greatest possible use to +the public, the best way to achieve this is to make it free software which everyone +can redistribute and change under these terms. + +To do so, attach the following notices to the program. It is safest to attach them +to the start of each source file to most effectively state the exclusion of warranty; +and each file should have at least the “copyright” line and a pointer to +where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + +If the program does terminal interaction, make it output a short notice like this +when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type 'show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type 'show c' for details. + +The hypothetical commands `show w` and `show c` should show the appropriate parts of +the General Public License. Of course, your program's commands might be different; +for a GUI interface, you would use an “about box”. + +You should also get your employer (if you work as a programmer) or school, if any, to +sign a “copyright disclaimer” for the program, if necessary. For more +information on this, and how to apply and follow the GNU GPL, see +<>. + +The GNU General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may consider it +more useful to permit linking proprietary applications with the library. If this is +what you want to do, use the GNU Lesser General Public License instead of this +License. But first, please read +<>. From 1e0e3be0b6c540dd64a3c921d0819aeb82d11638 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Wed, 3 Jun 2020 10:00:17 -0500 Subject: [PATCH 08/19] Update docker-compose file name to renamed docker-compose.override.yml name. Fixes issue #28. --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 7570b9e..f7f5e0a 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ Clone this repo and then: cd docker-Postfix sudo docker build -t juanluisbaptiste/postfix . -Or you can use the provided [docker-compose](https://github.com/juanluisbaptiste/docker-postfix/blob/master/docker-compose.dev.yml) files: +Or you can use the provided [docker-compose](https://github.com/juanluisbaptiste/docker-postfix/blob/master/docker-compose.overrides.yml) files: sudo docker-compose build From 39ac3ab6728133b7923b765ba67c6d1a3a8e43c8 Mon Sep 17 00:00:00 2001 From: dabde <34655672+dabde@users.noreply.github.com> Date: Fri, 19 Jun 2020 23:52:21 +0200 Subject: [PATCH 09/19] Add function to load secret/password from file for security (#25) New feature: Load SMTP password from file to avoid using env variables. --- .env.example | 5 ++++- README.md | 6 +++++- run.sh | 3 +++ 3 files changed, 12 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index 29e0e8a..a711c0a 100644 --- a/.env.example +++ b/.env.example @@ -8,7 +8,7 @@ # Mandatory: Username to authenticate with. #SMTP_USERNAME= -# Mandatory: Password of the SMTP user. +# Mandatory: Password of the SMTP user. (Not needed if SMTP_PASSWORD_FILE is used) #SMTP_PASSWORD= # Mandatory: Server hostname for the Postfix container. Emails will appear to come from the hostname's domain. @@ -19,3 +19,6 @@ # Optional: This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers. #SMTP_NETWORKS= + +# Optional: Set this to a mounted file containing the password, to avoid passwords in env variables. +#SMTP_PASSWORD_FILE= \ No newline at end of file diff --git a/README.md b/README.md index f7f5e0a..a659683 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ The following env variables need to be passed to the container: * `SMTP_SERVER` Server address of the SMTP server to use. * `SMTP_PORT` (Optional, Default value: 587) Port address of the SMTP server to use. * `SMTP_USERNAME` Username to authenticate with. -* `SMTP_PASSWORD` Password of the SMTP user. +* `SMTP_PASSWORD` Password of the SMTP user. If `SMTP_PASSWORD_FILE` is set, not needed. * `SERVER_HOSTNAME` Server hostname for the Postfix container. Emails will appear to come from the hostname's domain. The following env variable(s) are optional. @@ -50,6 +50,10 @@ The following env variable(s) are optional. * `SMTP_NETWORKS` Setting this will allow you to add additional, comma seperated, subnets to use the relay. Used like -e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx' +* `SMTP_PASSWORD_FILE` Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like + -e SMTP_PASSWORD_FILE=/secrets/smtp_password + -v $(pwd)/secrets/:/secrets/ + To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server: docker run -d --name postfix -p "25:25" \ diff --git a/run.sh b/run.sh index a57aaca..b54fdff 100644 --- a/run.sh +++ b/run.sh @@ -13,6 +13,9 @@ function add_config_value() { postconf -e "${key} = ${value}" } +# Read password from file to avoid unsecure env variables +if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -f "${SMTP_PASSWORD_FILE}" ] && read SMTP_PASSWORD < ${SMTP_PASSWORD_FILE} || echo "SMTP_PASSWORD_FILE defined, but file not existing, skipping."; fi + [ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1 [ -z "${SMTP_USERNAME}" ] && echo "SMTP_USERNAME is not set" && exit 1 [ -z "${SMTP_PASSWORD}" ] && echo "SMTP_PASSWORD is not set" && exit 1 From eaa38b4fd7f7b67c33751e2e77cb1c8a5c14be28 Mon Sep 17 00:00:00 2001 From: Niclas Mietz Date: Tue, 21 Jan 2020 10:47:27 +0100 Subject: [PATCH 10/19] fix(postfix): Set correct default value for SMTP_PORT --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index b54fdff..976cc66 100644 --- a/run.sh +++ b/run.sh @@ -21,7 +21,7 @@ if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -f "${SMTP_PASSWORD_FILE}" ] && read S [ -z "${SMTP_PASSWORD}" ] && echo "SMTP_PASSWORD is not set" && exit 1 [ -z "${SERVER_HOSTNAME}" ] && echo "SERVER_HOSTNAME is not set" && exit 1 -SMTP_PORT="${SMTP_PORT-587}" +SMTP_PORT="${SMTP_PORT:-587}" #Get the domain from the server host name DOMAIN=`echo ${SERVER_HOSTNAME} | awk 'BEGIN{FS=OFS="."}{print $(NF-1),$NF}'` From d0bd8bae5950fc055793d7181c5883f4b7b75fa8 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Wed, 24 Jun 2020 21:53:48 -0500 Subject: [PATCH 11/19] Updated blog address --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index a659683..ef043b1 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Simple Postfix SMTP TLS relay [docker](http://www.docker.com) image with no loca It also includes rsyslog to enable logging to stdout. -_If you want to follow the development of this project check out [my blog](http://not403.blogspot.com.co/search/label/postfix)._ +_If you want to follow the development of this project check out [my blog](https://www.juanbaptiste.tech/category/postfx)._ ### Available image tags From e0d3ab0af75f6871e07e2060619d73d467539514 Mon Sep 17 00:00:00 2001 From: Erik Martin-Dorel Date: Mon, 24 Aug 2020 21:41:08 +0200 Subject: [PATCH 12/19] Add option always_add_missing_headers (#32) (adding From:, To:, Date: or Message-ID: headers when not present, cf. http://www.postfix.org/postconf.5.html#always_add_missing_headers) This option always_add_missing_headers is set by the environment variable ALWAYS_ADD_MISSING_HEADERS (default: no) --- .env.example | 5 ++++- README.md | 1 + run.sh | 1 + 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/.env.example b/.env.example index a711c0a..cda261d 100644 --- a/.env.example +++ b/.env.example @@ -21,4 +21,7 @@ #SMTP_NETWORKS= # Optional: Set this to a mounted file containing the password, to avoid passwords in env variables. -#SMTP_PASSWORD_FILE= \ No newline at end of file +#SMTP_PASSWORD_FILE= + +# Optional: Set this to yes to always add missing From:, To:, Date: or Message-ID: headers. +#ALWAYS_ADD_MISSING_HEADERS=yes diff --git a/README.md b/README.md index ef043b1..822dfdc 100644 --- a/README.md +++ b/README.md @@ -53,6 +53,7 @@ The following env variable(s) are optional. * `SMTP_PASSWORD_FILE` Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like -e SMTP_PASSWORD_FILE=/secrets/smtp_password -v $(pwd)/secrets/:/secrets/ +* `ALWAYS_ADD_MISSING_HEADERS` This is related to the [always\_add\_missing\_headers](http://www.postfix.org/postconf.5.html#always_add_missing_headers) Postfix option (default: `no`). If set to `yes`, Postfix will always add missing headers among `From:`, `To:`, `Date:` or `Message-ID:`. To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server: diff --git a/run.sh b/run.sh index 976cc66..4fd4cc9 100644 --- a/run.sh +++ b/run.sh @@ -36,6 +36,7 @@ add_config_value "smtp_use_tls" "yes" add_config_value "smtp_sasl_auth_enable" "yes" add_config_value "smtp_sasl_password_maps" "hash:/etc/postfix/sasl_passwd" add_config_value "smtp_sasl_security_options" "noanonymous" +add_config_value "always_add_missing_headers" "${ALWAYS_ADD_MISSING_HEADERS:-no}" # Create sasl_passwd file with auth credentials if [ ! -f /etc/postfix/sasl_passwd ]; then From 6783d68f4255839517d950e65cf81402b6d4bf6e Mon Sep 17 00:00:00 2001 From: lucas_nz Date: Tue, 29 Sep 2020 21:33:52 +1300 Subject: [PATCH 13/19] Add option to overwrite the From address --- README.md | 4 ++++ run.sh | 7 +++++++ 2 files changed, 11 insertions(+) diff --git a/README.md b/README.md index 822dfdc..d05842f 100644 --- a/README.md +++ b/README.md @@ -55,6 +55,10 @@ The following env variable(s) are optional. -v $(pwd)/secrets/:/secrets/ * `ALWAYS_ADD_MISSING_HEADERS` This is related to the [always\_add\_missing\_headers](http://www.postfix.org/postconf.5.html#always_add_missing_headers) Postfix option (default: `no`). If set to `yes`, Postfix will always add missing headers among `From:`, `To:`, `Date:` or `Message-ID:`. +* `OVERWRITE_FROM` This will rewrite the from address overwriting it with the specified address for all email being relayed. Example settings: + OVERWRITE_FROM=email@company.com + OVERWRITE_FROM="Your Name" + To use this container from anywhere, the 25 port or the one specified by `SMTP_PORT` needs to be exposed to the docker host server: docker run -d --name postfix -p "25:25" \ diff --git a/run.sh b/run.sh index 4fd4cc9..420de1c 100644 --- a/run.sh +++ b/run.sh @@ -68,6 +68,13 @@ if [ ! -z "${SMTP_NETWORKS}" ]; then fi add_config_value "mynetworks" "${nets}" +if [ ! -z "${OVERWRITE_FROM}" ]; then + echo -e "/^From:.*$/ REPLACE From: $OVERWRITE_FROM" > /etc/postfix/smtp_header_checks + postmap /etc/postfix/smtp_header_checks + postconf -e 'smtp_header_checks = regexp:/etc/postfix/smtp_header_checks' + echo "Setting configuration option OVERWRITE_FROM with value: ${OVERWRITE_FROM}" +fi + #Start services # If host mounting /var/spool/postfix, we need to delete old pid file before From 66372ab6c25f85334b4eff71604a2c893fe88638 Mon Sep 17 00:00:00 2001 From: lucas_nz Date: Tue, 29 Sep 2020 21:42:18 +1300 Subject: [PATCH 14/19] include OVERWRITE_FROM in .env.example --- .env.example | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.env.example b/.env.example index cda261d..b9c2b0a 100644 --- a/.env.example +++ b/.env.example @@ -25,3 +25,6 @@ # Optional: Set this to yes to always add missing From:, To:, Date: or Message-ID: headers. #ALWAYS_ADD_MISSING_HEADERS=yes + +# Optional: This will rewrite the from address overwriting it with the specified address for all email being relayed. +#OVERWRITE_FROM="Your Name" \ No newline at end of file From c53377f8a5c1ffd7e55961c6034b03995db7c2f3 Mon Sep 17 00:00:00 2001 From: David Cooper Date: Sat, 10 Oct 2020 20:07:20 -0700 Subject: [PATCH 15/19] Fix issue #35 --- run.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/run.sh b/run.sh index 420de1c..a3a846d 100644 --- a/run.sh +++ b/run.sh @@ -29,7 +29,7 @@ DOMAIN=`echo ${SERVER_HOSTNAME} | awk 'BEGIN{FS=OFS="."}{print $(NF-1),$NF}'` # Set needed config options add_config_value "myhostname" ${SERVER_HOSTNAME} add_config_value "mydomain" ${DOMAIN} -add_config_value "mydestination" '$myhostname' +add_config_value "mydestination" 'localhost' add_config_value "myorigin" '$mydomain' add_config_value "relayhost" "[${SMTP_SERVER}]:${SMTP_PORT}" add_config_value "smtp_use_tls" "yes" From f4b70c83e2af75296c6d7a8415d6814635811597 Mon Sep 17 00:00:00 2001 From: "Rev (Tsuyoshi Yamasaki)" Date: Thu, 17 Dec 2020 01:18:27 +0900 Subject: [PATCH 16/19] add smtp_tls_wrappermode and smtp_tls_security_level. You need both parameters when you send emails with TLS(465). --- run.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/run.sh b/run.sh index a3a846d..fa4e8b9 100644 --- a/run.sh +++ b/run.sh @@ -38,6 +38,11 @@ add_config_value "smtp_sasl_password_maps" "hash:/etc/postfix/sasl_passwd" add_config_value "smtp_sasl_security_options" "noanonymous" add_config_value "always_add_missing_headers" "${ALWAYS_ADD_MISSING_HEADERS:-no}" +if [ "${SMTP_PORT}" = "465" ]; then + add_config_value "smtp_tls_wrappermode" "yes" + add_config_value "smtp_tls_security_level" "encrypt" +fi + # Create sasl_passwd file with auth credentials if [ ! -f /etc/postfix/sasl_passwd ]; then grep -q "${SMTP_SERVER}" /etc/postfix/sasl_passwd > /dev/null 2>&1 From f018f5f12e3fdcac159724efebf86d1d1ad024f0 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Mon, 18 Jan 2021 18:23:07 -0500 Subject: [PATCH 17/19] Pin alpine base image version to 3.12 to fix issue #45 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 45409c9..e27d457 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ #Dockerfile for a Postfix email relay service -FROM alpine +FROM alpine:3.12 MAINTAINER Juan Luis Baptiste juan.baptiste@gmail.com RUN apk update && \ From b4293f81be6fea6a3dcceeced8f5a947a51c2041 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Mon, 18 Jan 2021 18:42:35 -0500 Subject: [PATCH 18/19] Fix broken build status badge --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d05842f..a85ebca 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # docker-postfix -[![Docker Build Status](https://img.shields.io/docker/build/juanluisbaptiste/postfix?style=flat-square)](https://hub.docker.com/r/juanluisbaptiste/postfix/build/) +[![Docker Build Status](https://img.shields.io/docker/cloud/build/juanluisbaptiste/postfix?style=flat-square)](https://hub.docker.com/r/juanluisbaptiste/postfix/builds/) [![Docker Stars](https://img.shields.io/docker/stars/juanluisbaptiste/postfix.svg?style=flat-square)](https://hub.docker.com/r/juanluisbaptiste/postfix/) [![Docker Pulls](https://img.shields.io/docker/pulls/juanluisbaptiste/postfix.svg?style=flat-square)](https://hub.docker.com/r/juanluisbaptiste/postfix/) From 1976cf8400beab9dc0bc4e68ffa645929d8ffa53 Mon Sep 17 00:00:00 2001 From: Juan Luis Baptiste Date: Wed, 3 Feb 2021 15:26:32 -0500 Subject: [PATCH 19/19] Fix issue #45: Update alpine image to v3.13, had to remove cyrus-sasl-plain package as is not present on that version and switch sasl map from hash to lmdb. --- Dockerfile | 4 ++-- run.sh | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/Dockerfile b/Dockerfile index e27d457..cc9e1d4 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,9 @@ #Dockerfile for a Postfix email relay service -FROM alpine:3.12 +FROM alpine:3.13 MAINTAINER Juan Luis Baptiste juan.baptiste@gmail.com RUN apk update && \ - apk add bash gawk cyrus-sasl cyrus-sasl-plain cyrus-sasl-login cyrus-sasl-crammd5 mailx \ + apk add bash gawk cyrus-sasl cyrus-sasl-login cyrus-sasl-crammd5 mailx \ perl supervisor postfix rsyslog && \ rm -rf /var/cache/apk/* && \ mkdir -p /var/log/supervisor/ /var/run/supervisor/ && \ diff --git a/run.sh b/run.sh index fa4e8b9..659cb27 100644 --- a/run.sh +++ b/run.sh @@ -34,7 +34,7 @@ add_config_value "myorigin" '$mydomain' add_config_value "relayhost" "[${SMTP_SERVER}]:${SMTP_PORT}" add_config_value "smtp_use_tls" "yes" add_config_value "smtp_sasl_auth_enable" "yes" -add_config_value "smtp_sasl_password_maps" "hash:/etc/postfix/sasl_passwd" +add_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd" add_config_value "smtp_sasl_security_options" "noanonymous" add_config_value "always_add_missing_headers" "${ALWAYS_ADD_MISSING_HEADERS:-no}"