Enable PostSRSd to avoid being marked as spam by failed SPF checks. (#…

…103) * Use alpine:latest as base image * Roll back to sillelien/base-alpine:0.10 (#23) * fix doc * Update README.md * Update README.md * Update Base to Alpine 3.8 * Update base image to Alpine 3.8 * Install s6 process manager directly * Upgraded BATS to 1.1.0 * Install syslog-ng for postfix logging to stdout * syslog-ng: Disable statistic messages These spam the console too much, so disable them. * Fix typo in README couse => course * Upgrade circleci from v1 to v2 * add ide config * fix circleci config * fix circleci config * fix circleci config * fix circleci config * fix yml * fix yml add docker run type * fix yml add machine run type * fix yml * year 2019 * Add voice from Paweł Czochański * EC key support (#51) * Fix nickname typo * Add support for EC keys * Update README.md * Update README.md * add ec key support * Fix layout * Timezone tzdata packagge (#57) Add custom timezone support * make circler yaml linter happy * Fix leak of EC Cert/Key problem (#58) * code clean * only generate not existing files (#51 #58) * one line -> one-line * Timezone supported * Update author & copyright * Update master changelog * fix chinese charactor bug * v1.1 * Update README.md timezone (#59) Update README.md for Timezone support * clean doc * Fix H1 title * Update README.md * Update README.md * Fix typo (#66) * add auth for relayhost (#68) * add auth for relayhost * indent fix * example for AUTH * remove excess line * environment var typo fix * fix for mail log not displaying * Enable GitHub Actions * Add Actions Badge * basic "proofreading" (#69) * basic "proofreading" fixed some grammatical and spelling errors, made the descriptions flow a little better * PR revisions * Update README.md * add hall of flame * Upgrade BATS & S6, with multiple-platform docker image published with version 1.2 (#76) * v1.2 * Upgrade Alpine to 3.8 (#77) * upgrade base image to alpine 3.8 * v1.3 * Deploy docker image arm platform from github action * test * test * checkout before deploy * clean * use buildx as default bugild * republish v1.2 for amd64 with s6 fix (#79) * republish v1.3 for amd64 with s6 fix * fix comment * v1.2 * Add test for deleting test user (#82) * Add makefile * makefile * makefile * makefile * 1.2.14 * add make version * 1.2.15 * v1.3.0 for multi platforms image * Use script to install s6 with right platforms (arm/x86) (#76) * use aarch64 for s6 release (#76) * v1.3.1 * Add DKIM support (#83) * Add DKIM support * 1.2.11 Co-authored-by: Huan (李卓桓) <[email protected]> * generating a DKIM key for all virtualDomains * including HOSTNAME in folder of domains for DKIM * KeyTable, SigningTable, TrustedHosts for HOSTNAME and all virtualDomain * Generate new DKIM data only if keys do not exist yet * disabled opendkim.conf settings for single domain, added KeyTable,SigningTable,ExternalIgnoreList,InternalHosts * Correct permissions of DKIM files regardless of prior creation * Added test for multiple domains and DKIM. Ready for #88 * Updated README on DKIM for multiple domains * Fixed indentation on entrypoint * Fixed wrong indentation (style) * Cleaner handling of multiple DKIM keys. No settings required. Renders #83 redundant * Making sure we never insert the same config twice #89 * Forgot one last mention of SMF_DKIM_ALL * Better tld naming for DKIM in README Co-authored-by: Peeter N <[email protected]> * DKIM test no longer changes working directory Co-authored-by: Peeter N <[email protected]> * More elegant generation of DKIM entries for HOSTNAME and virtual domains * Correct switch to suppress grep complains when files miss * Update VERSION * Strips sender details (IP, client, user agent) when sending (#91) * Strips sender's IP, client, and user agent headers * Bumping patch verison number * Allow for setting any Postfix variables in the config file (both main.cf and master.cf) (#93) * Strips sender's IP, client, and user agent headers * Bumping patch verison number * SMF_POSTFIXMAIN_* to set custom postfix main.cf entries * SMF_POSTFIXMASTER_* to set custom postfix master.cf entries * Using sed to handle master.cf custom variables * README.md explains env variables for custom main.cf and master.cf * Tests for custom main.cf and master.cf * Fixes #92 * Simplify docker run command with SMF_CONFIG * v1.4.3 (#94) * Add VERSION & Update README.md (#94) * fix ignore * 1.4.4 * add v1.4 changelog * clean * show version * 1.4.5 * layout * Update configuration after variables has been injected to the main configuration (#98) * Add an option to override postfix's default logging configuration * Add tests * Update README.md * push to build * fix overwriting variable * update with postfix-configuration * delete drone for pull request Co-authored-by: Tamaro Skaljic <[email protected]> * Add an option to override postfix's default logging configuration (#97) * Add an option to override postfix's default logging configuration * Add tests * Update README.md * v1.4.6 * Change Postfix logging configuration tests behaviour (#99) * fix default postfix logging configuration test * Change logfile path in custom postfix logging configuration test * Make postfix logging configuration tests restore the preconditions * start PostSRSd and generate Secret * start PostSRSd and generate Secret * start PostSRSd if is set * start PostSRSd if is set * only start PostSRSd if is set * only start PostSRSd if is set * Updated README.md * Updated README.md * spelling... * spelling... * Updated the if-statement for PostSRSd * Updated the if-statement for PostSRSd Co-authored-by: Martijn Rondeel <[email protected]> Co-authored-by: Huan LI <[email protected]> Co-authored-by: Chris Blake <[email protected]> Co-authored-by: universeroc <[email protected]> Co-authored-by: Paweł Czochański <[email protected]> Co-authored-by: me1299 <[email protected]> Co-authored-by: David Gonzalez <[email protected]> Co-authored-by: Choon-Siang Lai <[email protected]> Co-authored-by: Bailey <[email protected]> Co-authored-by: Peeter N <[email protected]> Co-authored-by: Daniel Graziotin <[email protected]> Co-authored-by: Daniel Graziotin <[email protected]> Co-authored-by: Cenk Kılıç <[email protected]> Co-authored-by: Tamaro Skaljic <[email protected]> Co-authored-by: Linux User <[email protected]>
huan · Jul 6, 2021 · c3b5b30 · c3b5b30
1 parent 82b1d96
commit c3b5b30
Show file tree

Hide file tree

Showing 4 changed files with 42 additions and 0 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -57,6 +57,9 @@ WORKDIR /app
 COPY install/init-openssl.sh /app/init-openssl.sh
 RUN bash -n /app/init-openssl.sh && chmod +x /app/init-openssl.sh
 
+COPY install/init-postsrsd.sh /app/init-postsrsd.sh
+RUN bash -n /app/init-postsrsd.sh && chmod +x /app/init-postsrsd.sh
+
 COPY install/postfix.sh /etc/services.d/postfix/run
 RUN bash -n /etc/services.d/postfix/run && chmod +x /etc/services.d/postfix/run
 

diff --git a/README.md b/README.md
@@ -272,6 +272,21 @@ Attention: The logfile path must start with "/var".
 
 When you wish to rotate logs, look at the `postfix logrotate` command in the [official documentation](http://www.postfix.org/MAILLOG_README.html#logrotate).
 
+
+Enable SRS (Sender Rewriting Scheme)
+------------------------------------
+SRS is required if the sender uses SPF for verification. If SRS is not enabled, SPF verification will fail. ([Additional Informations to SRS](https://www.infradead.org/rpr.html))
+
+You can enable SRS by setting the environment variable `SMF_SRS=true`. This will start PostSRSd inside the container. The secret is automatically created and the domain is set to `SMF_DOMAIN`. Now you just need to set the following environment variables for Postfix:
+
+```bash
+SMF_POSTFIXMAIN_sender_canonical_maps=tcp:localhost:10001
+SMF_POSTFIXMAIN_sender_canonical_classes=envelope_sender
+SMF_POSTFIXMAIN_recipient_canonical_maps=tcp:localhost:10002
+SMF_POSTFIXMAIN_recipient_canonical_classes=envelope_recipient,header_recipient
+```
+
+
 Helper Scripts
 --------------------
 

diff --git a/entrypoint.sh b/entrypoint.sh
@@ -41,6 +41,13 @@ function start_postfix {
     #
     bash /app/init-openssl.sh
 
+    #
+    # Start PostSRSd if SMF_SRS is set
+    #
+    if [ $SMF_SRS = "true" ]; then 
+      bash /app/init-postsrsd.sh
+    fi
+
     #
     # Set virtual user maping
     #

diff --git a/install/init-postsrsd.sh b/install/init-postsrsd.sh
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+[ -d /etc/postsrsd/secret ] || {
+    mkdir -p /etc/postsrsd/secret
+}
+
+cd /etc/postsrsd/secret
+
+# skip generation of secret if one exists (by mounting a volume)
+if [ ! -f "postsrsd.secret" ]; then
+  tr -dc 'A-Za-z0-9!"#$%&'\''()*+,-./:;<=>?@[\]^_`{|}~' </dev/urandom | head -c 128 > postsrsd.secret
+fi
+
+chown -R root.postsrsd /etc/postsrsd/secret/
+chmod -R 750 /etc/postsrsd/secret/
+
+postsrsd -d $SMF_DOMAIN -s /etc/postsrsd/secret/postsrsd.secret &