use multistage docker build

This commit is contained in:
Sebastian Hugentobler 2019-02-18 14:48:21 +01:00
parent 277dde417c
commit cf8cd4d688
3 changed files with 38 additions and 12 deletions

View File

@ -1,17 +1,31 @@
FROM thallian/confd-env:latest FROM alpine:3.9 as builder
RUN apk add --no-cache postfix postfix-ldap libressl spamassassin-client libstdc++ g++ make tar libmilter-dev RUN apk add --no-cache \
g++ \
RUN addgroup -g 2222 access make \
RUN addgroup postfix access libmilter-dev \
spamassassin-client
RUN mkdir /tmp/spamass-milter RUN mkdir /tmp/spamass-milter
RUN wget -qO- https://download.savannah.gnu.org/releases/spamass-milt/spamass-milter-0.4.0.tar.gz | tar -xz -C /tmp/spamass-milter --strip 1 RUN wget -qO- https://download.savannah.gnu.org/releases/spamass-milt/spamass-milter-0.4.0.tar.gz | tar -xz -C /tmp/spamass-milter --strip 1
WORKDIR /tmp/spamass-milter WORKDIR /tmp/spamass-milter
RUN ./configure && make && make install RUN ./configure && make
RUN rm -rf /tmp/spamass-milter
WORKDIR / FROM thallian/confd-env:latest
COPY --from=builder /tmp/spamass-milter/spamass-milter /bin/spamass-milter
RUN apk add --no-cache \
postfix \
postfix-ldap \
openssl \
spamassassin-client \
libstdc++ \
libmilter
RUN addgroup -g 2222 access
RUN addgroup postfix access
RUN mkdir /var/run/spamass-milter RUN mkdir /var/run/spamass-milter
RUN chown postfix:postfix /var/run/spamass-milter RUN chown postfix:postfix /var/run/spamass-milter

View File

@ -89,7 +89,7 @@ Message size limit in bytes.
Mailbox size limit in bytes. `0` disables the limit. Mailbox size limit in bytes. `0` disables the limit.
## TLS_SECURITY_LEVEL ## TLS_SECURITY_LEVEL
- default: may - default: encrypt
One of: One of:
- none: TLS will not be used. - none: TLS will not be used.
@ -98,7 +98,7 @@ One of:
According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server. According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
## TLS_PROTOCOLS ## TLS_PROTOCOLS
- default: !SSLv2, !SSLv3 - default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
Comma seperated list of accepted TLS protocols. Comma seperated list of accepted TLS protocols.

View File

@ -23,11 +23,22 @@ virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}}
smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key smtpd_tls_key_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.key
smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt smtpd_tls_cert_file=/etc/ssl/mail/{{getenv "CERT_DOMAIN"}}.crt
smtp_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
smtp_tls_auth_only = yes
smtpd_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}} smtpd_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}}
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes
smtpd_tls_mandatory_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3"}} smtp_tls_mandatory_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"}}
smtpd_tls_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3"}} smtp_tls_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"}}
smtp_tls_mandatory_ciphers = {{getenv "TLS_CIPHERS" "high"}}
smtp_tls_ciphers = {{getenv "TLS_CIPHERS" "high"}}
smtp_tls_mandatory_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}}
smtp_tls_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}}
smtp_tls_wrappermode = no
smtpd_tls_mandatory_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"}}
smtpd_tls_protocols = {{getenv "TLS_PROTOCOLS" "!SSLv2, !SSLv3, !TLSv1, !TLSv1.1"}}
smtpd_tls_mandatory_ciphers = {{getenv "TLS_CIPHERS" "high"}} smtpd_tls_mandatory_ciphers = {{getenv "TLS_CIPHERS" "high"}}
smtpd_tls_ciphers = {{getenv "TLS_CIPHERS" "high"}} smtpd_tls_ciphers = {{getenv "TLS_CIPHERS" "high"}}
smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}} smtpd_tls_mandatory_exclude_ciphers = {{getenv "TLS_EXCLUDE_CIPHERS" "aNULL, MD5, 3DES"}}
@ -48,6 +59,7 @@ smtpd_sasl_path = inet:{{getenv "DOVECOT_HOST"}}:{{getenv "DOVECOT_AUTH_PORT"}}
smtpd_sasl_auth_enable = yes smtpd_sasl_auth_enable = yes
smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination smtpd_relay_restrictions = permit_mynetworks,permit_sasl_authenticated,defer_unauth_destination
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination
smtpd_milters = smtpd_milters =
unix:/var/run/spamass-milter/spamass.sock unix:/var/run/spamass-milter/spamass.sock