Update images for postfix and dovecot

dovecot/Dockerfile

@@ -18,6 +18,7 @@ RUN apk add --no-cache \
 # For development
 RUN apk add busybox-extras
 
+COPY config/dovecot.conf /etc/dovecot/
 COPY docker/dovecot-sql.conf /etc/dovecot/dovecot-sql.conf
 COPY start.sh /srv/start.sh
 RUN chmod +x /srv/start.sh
@@ -36,7 +37,7 @@ RUN addgroup --gid "$GID" "$USER" \
     --uid "$UID" \
     "$USER"
 
-VOLUME /srv/config /srv/mail
+VOLUME /srv/mail
 
 #   24: LMTP
 #  110: POP3 (StartTLS)

dovecot/config/dovecot.conf

@@ -6,14 +6,18 @@
 protocols = imap lmtp sieve
 verbose_proctitle = yes
 
+log_path = /dev/stderr
+info_log_path = /dev/stdout
+#debug_log_path = /dev/stdout
+
 ########
 ##
 ## TLS Configuration
 ##
 
-ssl = required
-ssl_cert = </srv/config/tls/fullchain.pem
-ssl_key = </srv/config/tls/privkey.pem
+#ssl = required
+#ssl_cert = </srv/config/tls/fullchain.pem
+#ssl_key = </srv/config/tls/privkey.pem
 ssl_cipher_list = EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA
 ssl_prefer_server_ciphers = yes
 

dovecot/docker/rsyslog.conf

@@ -0,0 +1,13 @@
+$ModLoad immark.so # provides --MARK-- message capability
+$ModLoad imuxsock.so # provides support for local system logging (e.g. via logger command)
+
+# default permissions for all log files.
+$FileOwner root
+$FileGroup adm
+$FileCreateMode 0640
+$DirCreateMode 0755
+$Umask 0022
+
+#*.info							/dev/stdout
+#mail.*							/dev/stdout
+mail.info /dev/stdout

dovecot/docker/supervisord.conf

@@ -0,0 +1,24 @@
+[supervisord]
+user            = root
+nodaemon        = true
+logfile         = /dev/null
+logfile_maxbytes= 0
+
+[program:rsyslog]
+command         = rsyslogd -n
+autostart       = true
+autorestart     = true
+startsecs       = 2
+stopwaitsecs    = 2
+stdout_logfile  = /dev/stdout
+stderr_logfile  = /dev/stderr
+stdout_logfile_maxbytes = 0
+stderr_logfile_maxbytes = 0
+
+[program:dovecot]
+process_name    = master
+autostart       = true
+autorestart     = false
+directory       = /etc/dovecot
+command         = /usr/sbin/dovecot
+startsecs       = 0

dovecot/start.sh

@@ -2,10 +2,10 @@
 
 SHOULD_EXIT_EARLY=false
 
-if [ ! -d "/srv/config" ]; then
-    echo "/srv/config is not mounted"
-    SHOULD_EXIT_EARLY=true
-fi
+# if [ ! -d "/srv/config" ]; then
+#     echo "/srv/config is not mounted"
+#     SHOULD_EXIT_EARLY=true
+# fi
 
 function var_not_set {
     echo "Environment variable $1 is not set"
@@ -51,23 +51,14 @@ fi
 ## Preparation
 ##
 
-cp /srv/config/dovecot.conf /etc/dovecot/
 find /etc/dovecot/ -type f \
     -name 'dovecot-sql.conf' \
-    -exec sed -i "s/host=127.0.0.1 dbname=mum_database user=mum_dovecot_user password=mum_dovecot_password/host=${HOSTNAME} dbname=${DB_NAME} user=${DB_USER} password=${DB_PASSWORD}/g" {} \;
-
-########
-##
-## Dovecot Configuration
-##
-
-
+    -exec sed -i "s/host=127.0.0.1 dbname=mum_database user=mum_dovecot_user password=mum_dovecot_password/host=${DB_HOST} dbname=${DB_NAME} user=${DB_USER} password=${DB_PASSWORD}/g" {} \;
 
 ########
 ##
 ## Start
 ##
 
-exec dovecot -F &
-touch /var/log/mail.log
-tail -f /var/log/mail.log
+echo "Starting Dovecot..."
+dovecot -F

postfix/Dockerfile

@@ -11,6 +11,10 @@ RUN apk add --no-cache postfix postfix-mysql
 # For development
 RUN apk add busybox-extras
 
+RUN mkdir /var/spool/postfix/etc && echo "smtp		25/tcp		mail		# Simple Mail Transfer" > /var/spool/postfix/etc/services
+
+COPY config/main.cf /etc/postfix/
+COPY config/master.cf /etc/postfix/
 COPY docker/sql /srv/sql
 COPY docker/supervisord.conf /etc/
 COPY docker/rsyslog.conf /etc/

postfix/config/main.cf

@@ -26,12 +26,12 @@ inet_protocols = all
 ## TLS Configuration
 ##
 
-smtpd_tls_cert_file=/srv/config/tls/fullchain.pem
-smtpd_tls_key_file=/srv/config/tls/privkey.pem
+#smtpd_tls_cert_file=/srv/config/tls/fullchain.pem
+#smtpd_tls_key_file=/srv/config/tls/privkey.pem
 smtpd_tls_loglevel = 1
 
-smtp_tls_cert_file=/srv/config/tls/fullchain.pem
-smtp_tls_key_file=/srv/config/tls/privkey.pem
+#mtp_tls_cert_file=/srv/config/tls/fullchain.pem
+#smtp_tls_key_file=/srv/config/tls/privkey.pem
 smtp_tls_loglevel = 1
 
 smtpd_tls_security_level = may
@@ -59,7 +59,7 @@ smtp_tls_exclude_ciphers = MD5, DES, ADH, RC4, PSD, SRP, 3DES, eNULL, aNULL, SEE
 
 smtpd_tls_eecdh_grade=ultra
 smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
-smtpd_tls_dh1024_param_file = /srv/config/tls/dh4096.pem
+#smtpd_tls_dh1024_param_file = /srv/config/tls/dh4096.pem
 
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
@@ -79,14 +79,15 @@ smtpd_sasl_security_options = noanonymous, noplaintext
 smtpd_sasl_tls_security_options = noanonymous
 smtpd_tls_auth_only = yes
 
-virtual_transport = lmtp:172.17.0.19:24
+virtual_transport = lmtp:127.0.0.1:24
 
 ########
 ##
 ## Postscreen Configuration
 ##
 
-postscreen_access_list = permit_mynetworks, cidr:/srv/config/postscreen_access.cidr
+#postscreen_access_list = permit_mynetworks, cidr:/srv/config/postscreen_access.cidr
+postscreen_access_list = permit_mynetworks
 postscreen_blacklist_action = drop
 postscreen_greet_action = enforce
 postscreen_dnsbl_action = enforce
@@ -114,11 +115,11 @@ postscreen_dnsbl_sites =
 ##
 
 smtpd_recipient_restrictions =
-        check_recipient_access btree:/srv/config/access_recipient,
+#        check_recipient_access btree:/srv/config/access_recipient,
         check_recipient_access mysql:/srv/sql/recipient-access.cf
-        check_client_access cidr:/srv/config/access_client, 
-        check_helo_access btree:/srv/config/access_helo,  
-        check_sender_access btree:/srv/config/access_sender,
+#        check_client_access cidr:/srv/config/access_client, 
+#        check_helo_access btree:/srv/config/access_helo,  
+#        check_sender_access btree:/srv/config/access_sender,
         reject_non_fqdn_sender,   
         reject_non_fqdn_recipient,   
         reject_unknown_sender_domain,   
@@ -137,10 +138,10 @@ smtpd_sender_restrictions =
 	reject_authenticated_sender_login_mismatch,
 	permit_sasl_authenticated
 
-smtpd_restriction_classes = local_only
-local_only =
-        check_recipient_access btree:/srv/config/local_domains,
-        check_sender_access regexp:/srv/config/local_only_reject.regexp
+#smtpd_restriction_classes = local_only
+#local_only =
+#        check_recipient_access btree:/srv/config/local_domains,
+#        check_sender_access regexp:/srv/config/local_only_reject.regexp
 
 ########
 ##
@@ -162,7 +163,7 @@ local_recipient_maps = $virtual_mailbox_maps
 
 default_database_type = btree
 
-mime_header_checks = pcre:/srv/config/mime_header_checks.pcre
+#mime_header_checks = pcre:/srv/config/mime_header_checks.pcre
 
 maximal_queue_lifetime = 3d
 bounce_queue_lifetime = 3d

postfix/config/master.cf

@@ -156,4 +156,4 @@ dovecot   unix  -       n       n       -       -       pipe flags=DRhu
 #    -o cleanup_service_name=subcleanup
 
 subcleanup unix  n       -       y       -       0       cleanup
-    -o header_checks=pcre:/srv/config/submission_header_checks.pcre
+#    -o header_checks=pcre:/srv/config/submission_header_checks.pcre

postfix/start.sh

@@ -2,10 +2,10 @@
 
 SHOULD_EXIT_EARLY=false
 
-if [ ! -d "/srv/config" ]; then
-    echo "/srv/config is not mounted"
-    SHOULD_EXIT_EARLY=true
-fi
+# if [ ! -d "/srv/config" ]; then
+#     echo "/srv/config is not mounted"
+#     SHOULD_EXIT_EARLY=true
+# fi
 
 function var_not_set {
     echo "Environment variable $1 is not set"
@@ -29,14 +29,18 @@ if [ -z $DB_USER ]; then
     DB_USER="mum_postfix"
 fi
 
-# if [ -z $DB_PASSWORD ]; then
-#     var_not_set "DB_PASSWORD"
-# fi
+if [ -z $DB_PASSWORD ]; then
+    var_not_set "DB_PASSWORD"
+fi
 
 if [ -z $DB_NAME ]; then
     var_not_set "DB_NAME"
 fi
 
+if [ -z $DOVECOT_HOST ]; then
+    var_not_set "DOVECOT_HOST"
+fi
+
 ########
 ##
 ## Test if we should return early
@@ -52,28 +56,36 @@ fi
 ## Preparation
 ##
 
-cp /srv/config/main.cf /etc/postfix/
-cp /srv/config/master.cf /etc/postfix/
+# cp /srv/config/main.cf /etc/postfix/
+# cp /srv/config/master.cf /etc/postfix/
 find /srv/sql/ -type f -name '*.cf' -exec sed -i "s/mum_postfix_user/${DB_USER}/g" {} \;
 find /srv/sql/ -type f -name '*.cf' -exec sed -i "s/mum_postfix_password/${DB_PASSWORD}/g" {} \;
 find /srv/sql/ -type f -name '*.cf' -exec sed -i "s/mum_postfix_password/${DB_PASSWORD}/g" {} \;
 find /srv/sql/ -type f -name '*.cf' -exec sed -i "s/mum_database/${DB_NAME}/g" {} \;
 find /srv/sql/ -type f -name '*.cf' -exec sed -i "s/127.0.0.1/${DB_HOST}/g" {} \;
+sed -i "s/lmtp:127.0.0.1:24/lmtp:${DOVECOT_HOST}:24/g" /etc/postfix/main.cf
 
 ########
 ##
 ## Postfix Configuration
 ##
 
 postconf -e "myhostname = $HOSTNAME"
-postmap /srv/config/access_client
-postmap /srv/config/access_helo
-postmap /srv/config/access_recipient
-postmap /srv/config/access_sender
-postmap /srv/config/local_domains
-postmap /srv/config/local_only_reject.regexp
-postmap /srv/config/mime_header_checks.pcre
-postmap /srv/config/postscreen_access.cidr
+# postmap /srv/config/access_client
+# postmap /srv/config/access_helo
+# postmap /srv/config/access_recipient
+# postmap /srv/config/access_sender
+# postmap /srv/config/local_domains
+# postmap /srv/config/local_only_reject.regexp
+# postmap /srv/config/mime_header_checks.pcre
+# postmap /srv/config/postscreen_access.cidr
+
+########
+##
+## Kube DNS Support
+##
+
+cp /etc/resolv.conf /var/spool/postfix/etc/
 
 ########
 ##