-
Notifications
You must be signed in to change notification settings - Fork 4
/
Dockerfile.haraka
112 lines (102 loc) · 2.92 KB
/
Dockerfile.haraka
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
FROM alpine:3.19
ENV NODE_TLS_REJECT_UNAUTHORIZED=0
WORKDIR /opt/haraka
RUN apk update \
&& apk add --no-cache nodejs npm openssl gettext bind-tools \
&& apk add --no-cache --virtual build-deps python3 make gcc g++ \
&& npm config set strict-ssl false \
&& npm install --unsafe -g Haraka \
&& npm install maxmind haraka-plugin-fcrdns haraka-plugin-rspamd haraka-plugin-redis haraka-plugin-geoip \
&& apk del build-deps \
&& mkdir -p /opt/haraka/queue
ENV DOMAIN\
MDA_HOST\
MDA_PORT\
CLAMD_HOST\
RSPAMD_HOST\
REDIS_HOST
RUN haraka --install . \
\
&& openssl req -x509 -nodes -days 2190 -newkey rsa:2048 \
-keyout config/tls_key.pem -out config/tls_cert.pem \
-subj "/C=AA/ST=A/L=A/O=A/OU=A/CN=A" \
&& echo -e "\
tls\n\
dnsbl\n\
#geoip\n\
#fcrdns\n\
#data.uribl\n\
aliases\n\
helo.checks\n\
#clamd\n\
#rspamd\n\
#mail_from.is_resolvable\n\
rcpt_to.in_host_list\n\
#data.headers\n\
bounce\n\
#redis\n\
queue/lmtp\n\
" > config/plugins \
&& echo -e "\$DOMAIN" > config/host_list.temp \
&& echo -e "\
[\$DOMAIN]\n\
host=\$MDA_HOST\n\
port=\$MDA_PORT\n\
enable_tls=false" > config/lmtp.ini.temp \
&& echo -e "\
[check]\n\
reject_all=true" > config/bounce.ini \
&& echo -e "\
[server]\n\
host=\$REDIS_HOST" > config/redis.ini.temp \
&& echo -e "\
[inbound]\n\
ciphers=EECDH+AESGCM:EDH+aRSA+AESGCM:EECDH+AES256:EDH+aRSA+AES256:EECDH+AES128:EDH+aRSA+AES128:RSA+AES:RSA+3DES\n\
rejectUnauthorized=true\n\
requestCert=true\n\
" > config/tls.ini \
&& echo -e "\
clamd_socket=\$CLAMD_HOST:3310\n\
" > config/clamd.ini.temp \
&& echo -e "\
reject_no_mx=0\n\
" > config/mail_from.is_resolvable.ini \
&& echo -e "\
[reject]\n\
no_rdns=false\n\
no_fcrdns=false\n\
invalid_tld=false\n\
generic_rdns=false\n\
" > config/fcrdns.ini \
&& echo -e "\
dbdir=/usr/local/share/GeoIP\n\
[show]\n\
city=true\n\
" > config/geoip.ini \
&& echo -e "\
/opt/haraka/queue/" > config/queue_dir \
&& echo -e "\
nodes=0\n\
daemonize=false\n\
" > config/smtp.ini \
# && sed -e "s/^;host =.*/host = \$RSPAMD_HOST/" \
# /node_modules/haraka-plugin-rspamd/config/rspamd.ini > config/rspamd.ini.temp \
# && cp /usr/lib/node_modules/Haraka/config/data.uribl.ini config \
# && cp /usr/lib/node_modules/Haraka/config/dnsbl.ini config
VOLUME /usr/local/share/GeoIP
VOLUME /etc/auth
EXPOSE 25
CMD envsubst < config/host_list.temp > config/host_list \
&& envsubst < config/lmtp.ini.temp > config/lmtp.ini \
#&& envsubst < config/clamd.ini.temp > config/clamd.ini \
#&& envsubst < config/rspamd.ini.temp > config/rspamd.ini \
#&& envsubst < config/redis.ini.temp > config/redis.ini \
&& echo -e "$(dig -x $(dig $DOMAIN +short) +short)" > /opt/haraka/config/me \
&& aliases={ \
&& for u in $(cat /etc/auth/users); \
do \
user=${u%%:::}; \
aliases="$aliases\"$user\" : { \"action\" : \"alias\", \"to\" : \"$user\" },"; \
done \
&& echo -e "${aliases%?}}" > config/aliases \
&& exec /usr/local/bin/haraka -c /opt/haraka/