initial commit

.gitignore

@@ -0,0 +1,3 @@
+*~
+.DS_Store
+*.swp

Dockerfile

@@ -0,0 +1,9 @@
+FROM thallian/confd-env:latest
+
+RUN	apk add --no-cache postfix postfix-ldap
+
+EXPOSE 25 587
+
+VOLUME /etc/ssl/mail
+
+ADD /rootfs /

rootfs/etc/confd/conf.d/ldap-virtual-alias-maps.cf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "ldap-virtual-alias-maps.cf.tmpl"
+dest = "/etc/postfix/ldap-virtual-alias-maps.cf"

rootfs/etc/confd/conf.d/ldap-virtual-mailbox-domains.cf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "ldap-virtual-mailbox-domains.cf.tmpl"
+dest = "/etc/postfix/ldap-virtual-mailbox-domains.cf"

rootfs/etc/confd/conf.d/ldap-virtual-mailbox-maps.cf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "ldap-virtual-mailbox-maps.cf.tmpl"
+dest = "/etc/postfix/ldap-virtual-mailbox-maps.cf"

rootfs/etc/confd/conf.d/main.cf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "main.cf.tmpl"
+dest = "/etc/postfix/main.cf"

rootfs/etc/confd/conf.d/master.cf.toml

@@ -0,0 +1,3 @@
+[template]
+src = "master.cf.tmpl"
+dest = "/etc/postfix/master.cf"

rootfs/etc/confd/templates/ldap-virtual-alias-maps.cf.tmpl

@@ -0,0 +1,9 @@
+server_host = {{getenv "LDAPURI"}}
+start_tls = {{getenv "LDAPSTARTTLS"}}
+bind = yes
+bind_dn = {{getenv "LDAPBINDDN" }}
+bind_pw = {{getenv "LDAPBINDPASSWORD"}}
+search_base = {{getenv "LDAPMAILBOXSEARCHBASE"}}
+version = 3
+query_filter = {{getenv "LDAPALIASQUERYFILTER"}}
+result_attribute = {{getenv "LDAPMAILBOXRESULTATTRIBUTE"}}

rootfs/etc/confd/templates/ldap-virtual-mailbox-domains.cf.tmpl

@@ -0,0 +1,9 @@
+server_host = {{getenv "LDAPHOST"}}
+start_tls = {{getenv "LDAPSTARTTLS"}}
+bind = yes
+bind_dn = {{getenv "LDAPBINDDN" }}
+bind_pw = {{getenv "LDAPBINDPASSWORD"}}
+search_base = {{getenv "LDAPDOMAINSEARCHBASE"}}
+version = 3
+query_filter = {{getenv "LDAPDOMAINQUERYFILTER"}}
+result_attribute = {{getenv "LDAPDOMAINRESULTATTRIBUTE"}}

rootfs/etc/confd/templates/ldap-virtual-mailbox-maps.cf.tmpl

@@ -0,0 +1,9 @@
+server_host = {{getenv "LDAPURI"}}
+start_tls = {{getenv "LDAPSTARTTLS"}}
+bind = yes
+bind_dn = {{getenv "LDAPBINDDN" }}
+bind_pw = {{getenv "LDAPBINDPASSWORD"}}
+search_base = {{getenv "LDAPMAILBOXSEARCHBASE"}}
+version = 3
+query_filter = {{getenv "LDAPMAILBOXQUERYFILTER"}}
+result_attribute = {{getenv "LDAPMAILBOXRESULTATTRIBUTE"}}

rootfs/etc/confd/templates/main.cf.tmpl

@@ -0,0 +1,32 @@
+compatibility_level = 2
+queue_directory = /var/spool/postfix
+command_directory = /usr/sbin
+daemon_directory = /usr/lib/postfix
+data_directory = /var/lib/postfix
+mail_owner = postfix
+myhostname = {{getenv "MYHOSTNAME"}}
+mydomain = {{getenv "MYDOMAIN"}}
+myorigin = $mydomain
+mydestination = localhost
+unknown_local_recipient_reject_code = 550
+mynetworks_style = subnet
+relay_domains = $mydestination
+recipient_delimiter = +
+mailbox_transport = lmtp:{{getenv "LMTPHOST"}}
+smtpd_banner = $myhostname ESMTP $mail_name
+virtual_mailbox_domains = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-domains.cf
+virtual_mailbox_maps = proxy:ldap:/etc/postfix/ldap-virtual-mailbox-maps.cf
+virtual_alias_maps = proxy:ldap:/etc/postfix/ldap-virtual-alias-maps.cf
+virtual_transport = lmtp:inet:{{getenv "LMTPHOST"}}:{{getenv "LMTPPORT"}}
+dovecot_destination_recipient_limit = 1
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = inet:{{getenv "DOVECOTHOST"}}:{{getenv "DOVECOTAUTHPORT"}}
+smtpd_sasl_auth_enable = yes
+smtpd_tls_security_level = {{getenv "TLSSECURITYLEVEL"}}
+smtpd_tls_auth_only = yes
+smtpd_milters =
+    inet:{{getenv "SPAMASSASSINHOST"}}:{{getenv "SPAMASSASSINPORT"}}
+non_smtpd_milters = $smtpd_milters
+milter_default_action = accept
+milter_connect_macros = "i j {daemon_name} v {if_name} _"
+message_size_limit = {{getenv "MESSAGESIZELIMIT"}}

rootfs/etc/confd/templates/master.cf.tmpl

@@ -0,0 +1,59 @@
+{{range $mailhosts := split (getenv "MAILHOSTS") ";"}}
+{{$values := split ($admin_value) ":"}}
+{{index $values 0}}:smtp  inet  n - - - -  smtpd
+  -o myhostname={{index $values 1}}
+  -o smtpd_tls_key_file=/etc/ssl/mail/{{index $values 1}}/privkey.pem
+  -o smtpd_tls_cert_file=/etc/ssl/mail/{{index $values 1}}//fullchain.pem
+
+{{index $values 1}}-out unix -     -    -    -    -    smtp
+  -o smtp_bind_address={{index $values 0}}
+  -o smtp_helo_name={{index $values 2}}
+  -o syslog_name=postfix-{{index $values 2}}
+
+{{index $values 0}}:submission  inet  n  - - - -  smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o milter_macro_daemon_name=ORIGINATING
+  -o smtpd_tls_key_file=/etc/ssl/mail/{{index $values 1}}/privkey.pem
+  -o smtpd_tls_cert_file=/etc/ssl/mail/{{index $values 1}}//fullchain.pem
+{{end}}
+ 
+pickup    fifo  n       -       -       60      1       pickup
+cleanup   unix  n       -       -       -       0       cleanup
+qmgr      fifo  n       -       n       300     1       qmgr
+#qmgr     fifo  n       -       n       300     1       oqmgr
+tlsmgr    unix  -       -       -       1000?   1       tlsmgr
+rewrite   unix  -       -       -       -       -       trivial-rewrite
+bounce    unix  -       -       -       -       0       bounce
+defer     unix  -       -       -       -       0       bounce
+trace     unix  -       -       -       -       0       bounce
+verify    unix  -       -       -       -       1       verify
+flush     unix  n       -       -       1000?   0       flush
+proxymap  unix  -       -       n       -       -       proxymap
+proxywrite unix -       -       n       -       1       proxymap
+smtp      unix  -       -       -       -       -       smtp
+relay     unix  -       -       -       -       -       smtp
+showq     unix  n       -       -       -       -       showq
+error     unix  -       -       -       -       -       error
+retry     unix  -       -       -       -       -       error
+discard   unix  -       -       -       -       -       discard
+local     unix  -       n       n       -       -       local
+virtual   unix  -       n       n       -       -       virtual
+lmtp      unix  -       -       -       -       -       lmtp
+anvil     unix  -       -       -       -       1       anvil
+scache    unix  -       -       -       -       1       scache
+maildrop  unix  -       n       n       -       -       pipe
+  flags=DRhu user=vmail argv=/usr/local/bin/maildrop -d ${recipient}
+uucp      unix  -       n       n       -       -       pipe
+  flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient)
+ifmail    unix  -       n       n       -       -       pipe
+  flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient)
+bsmtp     unix  -       n       n       -       -       pipe
+  flags=Fq. user=bsmtp argv=/usr/local/sbin/bsmtp -t$nexthop -f$sender $recipient
+scalemail-backend unix    -    n    n    -    2    pipe
+  flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension}
+mailman   unix  -       n       n       -       -       pipe
+  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
+  ${nexthop} ${user}