From 17449cfdb4add28a21eed1479b969ec81500391f Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 28 Oct 2022 18:02:29 +0200 Subject: [PATCH 1/9] use lego names for certificates --- rootfs/etc/confd/templates/main.cf.tmpl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 8a8173d..2f7fd06 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -22,8 +22,8 @@ virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-mailbox-domains.cf virtual_alias_maps = pgsql:/etc/postfix/pgsql-virtual-alias-maps.cf virtual_transport = lmtp:inet:{{getenv "LMTP_HOST"}}:{{getenv "LMTP_PORT"}} -smtpd_tls_key_file=/etc/ssl/mail/tls.key -smtpd_tls_cert_file=/etc/ssl/mail/tls.crt +smtpd_tls_key_file=/etc/ssl/mail/key.pem +smtpd_tls_cert_file=/etc/ssl/mail/cert.pem smtp_tls_security_level = {{getenv "TLS_SECURITY_LEVEL" "may"}} smtp_tls_auth_only = yes From fba756d7ac3471f6469959a851a9a79e8f4c3200 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Mon, 31 Oct 2022 13:38:08 +0100 Subject: [PATCH 2/9] readd wildcard sending functionality --- Dockerfile | 3 ++- README.md | 2 +- rootfs/etc/confd/templates/main.cf.tmpl | 13 ++++++------- rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl | 2 +- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/Dockerfile b/Dockerfile index d8f8e55..a058c3c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,7 +5,8 @@ RUN apk add --no-cache \ postfix-pgsql \ openssl \ libstdc++ \ - libmilter + libmilter \ + icu-data-full RUN addgroup -g 2222 access RUN addgroup postfix access diff --git a/README.md b/README.md index bdc8ebc..57cc753 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ create table if not exists virtual_domains ( create table if not exists virtual_users ( email text primary key, domain_name text not null references virtual_domains(name), - wildcard_sender bool default false + wildcard_sender bool default false ); create table if not exists virtual_aliases ( diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 2f7fd06..deb7b03 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -1,15 +1,11 @@ -compatibility_level = 2 +compatibility_level = 3.7 mail_owner = postfix myhostname = {{getenv "MYHOSTNAME"}} mydomain = {{getenv "MYDOMAIN"}} myorigin = $mydomain -mydestination = $myhostname, localhost - -proxy_interfaces = {{getenv "EXTERNAL_IP"}} unknown_local_recipient_reject_code = 550 -mynetworks_style = host relay_domains = $mydestination recipient_delimiter = + @@ -59,8 +55,11 @@ smtpd_sasl_auth_enable = yes smtpd_tls_auth_only = yes smtpd_sasl_tls_security_options = noanonymous -smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination -smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, defer_unauth_destination, reject_unverified_recipient +smtpd_relay_restrictions = + permit_mynetworks + permit_sasl_authenticated + defer_unauth_destination + reject_sender_login_mismatch smtpd_sender_restrictions = reject_sender_login_mismatch smtpd_sender_login_maps = pgsql:/etc/postfix/pgsql-login-maps.cf diff --git a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl index 4460f1c..29ce91c 100644 --- a/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl +++ b/rootfs/etc/confd/templates/pgsql-login-maps.cf.tmpl @@ -2,4 +2,4 @@ hosts = {{ getenv "DB_HOST" }} user = {{ getenv "DB_USER" "email" }} password = {{ getenv "DB_PASSWORD" }} dbname = {{ getenv "DB_NAME" "email" }} -query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' +query = SELECT email FROM virtual_users WHERE email='%u' UNION SELECT destination FROM virtual_aliases WHERE source='%u' UNION SELECT email FROM virtual_users WHERE wildcard_sender = true AND domain_name = '%d' From db1487974b4487b0c4f150cdbcdd9c553f9bebb4 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 11 Nov 2022 07:47:08 +0000 Subject: [PATCH 3/9] Delete '.gitlab-ci.yml' --- .gitlab-ci.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index f6d2976..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,18 +0,0 @@ -variables: - CONTAINER_NAME: thallian/postfix - -build: - stage: build - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [""] - script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"auth\":\"$(printf "%s:%s" "$CI_REGISTRY_USER" "$CI_REGISTRY_PASSWORD" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json - - >- - /kaniko/executor - --context "$CI_PROJECT_DIR" - --dockerfile "$CI_PROJECT_DIR/Dockerfile" - --destination "$CONTAINER_NAME:$CI_COMMIT_SHA" - --destination "$CONTAINER_NAME:$CI_COMMIT_REF_NAME" - --destination "$CONTAINER_NAME:latest" From 40e330c8995be7fe8d70a210eccd9308735e1c68 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Fri, 11 Nov 2022 07:48:23 +0000 Subject: [PATCH 4/9] Add '.woodpecker.yml' --- .woodpecker.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .woodpecker.yml diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..7a89364 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,11 @@ +pipeline: + publish-docker-image: + image: plugins/kaniko + settings: + repo: docker.io/thallian/postfix + tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre} + dockerfile: Dockerfile + username: + from_secret: DOCKER_USER + password: + from_secret: DOCKER_PW \ No newline at end of file From 77dedb09acc54bf5089e542b990f5fe4d5fd660e Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sun, 13 Nov 2022 10:22:18 +0100 Subject: [PATCH 5/9] listen on all interfaces --- rootfs/etc/confd/templates/main.cf.tmpl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index deb7b03..85e9ff5 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -1,5 +1,7 @@ compatibility_level = 3.7 +inet_protocols = all + mail_owner = postfix myhostname = {{getenv "MYHOSTNAME"}} mydomain = {{getenv "MYDOMAIN"}} From 00aaca260e99dd50b8f100ab0e242f2f9839d313 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Sun, 13 Nov 2022 13:11:16 +0100 Subject: [PATCH 6/9] set helo to domain --- rootfs/etc/confd/templates/main.cf.tmpl | 1 + 1 file changed, 1 insertion(+) diff --git a/rootfs/etc/confd/templates/main.cf.tmpl b/rootfs/etc/confd/templates/main.cf.tmpl index 85e9ff5..529943e 100644 --- a/rootfs/etc/confd/templates/main.cf.tmpl +++ b/rootfs/etc/confd/templates/main.cf.tmpl @@ -14,6 +14,7 @@ recipient_delimiter = + mailbox_transport = lmtp:{{getenv "LMTP_HOST"}} mailbox_size_limit = {{getenv "MAILBOX_SIZELIMIT" "0"}} smtpd_banner = {{getenv "SMTP_BANNER"}} $myhostname ESMTP $mail_name +smtp_helo_name = $mydomain virtual_mailbox_maps = pgsql:/etc/postfix/pgsql-virtual-mailbox-maps.cf virtual_mailbox_domains = pgsql:/etc/postfix/pgsql-virtual-mailbox-domains.cf From ec6fa0f2c3b36e92b7762f40f60c56e3cb966589 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Wed, 23 Nov 2022 17:38:37 +0100 Subject: [PATCH 7/9] use alpine 3.17 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index a058c3c..67e1f90 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/thallian/confd-env:3.16 +FROM docker.io/thallian/confd-env:3.17 RUN apk add --no-cache \ postfix \ From eb9d2c0a2052ac33737a72406ad11a776bed3145 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Tue, 26 Sep 2023 15:57:45 +0200 Subject: [PATCH 8/9] push to 3.8.2 --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 67e1f90..711bc03 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM docker.io/thallian/confd-env:3.17 +FROM docker.io/thallian/confd-env:3.18-3.1.5.0 RUN apk add --no-cache \ postfix \ From ccb9974ac7a1f3a836986e2be4861c61947f2f75 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Mon, 1 Jan 2024 16:44:07 +0100 Subject: [PATCH 9/9] use newest alpine --- .gitea/workflows/container.yaml | 12 ++++++++++++ .woodpecker.yml | 11 ----------- Dockerfile => Containerfile | 2 +- 3 files changed, 13 insertions(+), 12 deletions(-) create mode 100644 .gitea/workflows/container.yaml delete mode 100644 .woodpecker.yml rename Dockerfile => Containerfile (85%) diff --git a/.gitea/workflows/container.yaml b/.gitea/workflows/container.yaml new file mode 100644 index 0000000..e48b3fd --- /dev/null +++ b/.gitea/workflows/container.yaml @@ -0,0 +1,12 @@ +name: Build Multiarch Container Image +on: [push] +jobs: + call-reusable-workflow: + uses: container/multiarch-build-workflow/.gitea/workflows/build.yaml@main + with: + repository: ${{ gitea.repository }} + ref_name: ${{ gitea.ref_name }} + sha: ${{ gitea.sha }} + registry_url: ${{ secrets.REGISTRY_URL }} + registry_user: ${{ secrets.REGISTRY_USER }} + registry_pw: ${{ secrets.REGISTRY_PW }} diff --git a/.woodpecker.yml b/.woodpecker.yml deleted file mode 100644 index 7a89364..0000000 --- a/.woodpecker.yml +++ /dev/null @@ -1,11 +0,0 @@ -pipeline: - publish-docker-image: - image: plugins/kaniko - settings: - repo: docker.io/thallian/postfix - tags: latest,${CI_COMMIT_SHA:0:8},${CI_COMMIT_TAG=pre} - dockerfile: Dockerfile - username: - from_secret: DOCKER_USER - password: - from_secret: DOCKER_PW \ No newline at end of file diff --git a/Dockerfile b/Containerfile similarity index 85% rename from Dockerfile rename to Containerfile index 711bc03..e19ae1d 100644 --- a/Dockerfile +++ b/Containerfile @@ -1,4 +1,4 @@ -FROM docker.io/thallian/confd-env:3.18-3.1.5.0 +FROM docker.io/thallian/confd-env:3.19-3.1.6.2 RUN apk add --no-cache \ postfix \