Update to alpine and postfix
This commit is contained in:
Deon George
parent
3b62a45330
commit
5f3aec07cf
|
|
@ -1,17 +1,31 @@
|
|||
stages:
|
||||
- build
|
||||
- build-manifest
|
||||
|
||||
variables:
|
||||
CACHETAG: build-${VERSION}
|
||||
VERSION: latest
|
||||
DOCKER_HOST: tcp://docker:2375
|
||||
VERSIONARCH: ${VERSION}-${ARCH}
|
||||
|
||||
cache:
|
||||
key: ${CI_JOB_NAME_SLUG}-${CI_COMMIT_REF_SLUG}
|
||||
paths:
|
||||
- build-cache
|
||||
|
||||
image: docker:latest
|
||||
services:
|
||||
- docker:dind
|
||||
|
||||
before_script:
|
||||
- docker info
|
||||
- docker version
|
||||
- if [ ! -d build-cache ]; then mkdir build-cache; fi
|
||||
- sed -ie s'/https/http/' /etc/apk/repositories
|
||||
- HTTP_PROXY=http://proxy.dege.lan:3128 apk add git curl
|
||||
- docker info && docker version
|
||||
# env|sort
|
||||
- echo "$CI_JOB_TOKEN" | docker login -u "$CI_REGISTRY_USER" "$CI_REGISTRY" --password-stdin
|
||||
- env|sort
|
||||
|
||||
include: .gitlab-docker-x86_64.yml
|
||||
include:
|
||||
- .gitlab-docker-x86_64.yml
|
||||
# .gitlab-docker-armv7l.yml
|
||||
# .gitlab-docker-arm64.yml
|
||||
- .gitlab-docker-manifest.yml
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
x86_64:build-manifest:
|
||||
stage: build-manifest
|
||||
script:
|
||||
- docker manifest create ${CI_REGISTRY_IMAGE}:${VERSION} ${CI_REGISTRY_IMAGE}:${VERSION}-x86_64 #${CI_REGISTRY_IMAGE}:${VERSION}-arm64 ${CI_REGISTRY_IMAGE}:${VERSION}armv7l
|
||||
- docker manifest push --purge ${CI_REGISTRY_IMAGE}:${VERSION}
|
||||
tags:
|
||||
- docker
|
||||
- x86_64
|
||||
only:
|
||||
- master
|
||||
|
|
@ -1,14 +1,14 @@
|
|||
x86_64:build:
|
||||
variables:
|
||||
VERSION: x86_64
|
||||
ARCH: x86_64
|
||||
stage: build
|
||||
image: docker:latest
|
||||
script:
|
||||
- if [ -f init ]; then chmod 500 init; fi
|
||||
- ([ -z "$REFRESH" ] && docker pull ${CI_REGISTRY_IMAGE}:${CACHETAG}) || echo "true"
|
||||
- docker build --cache-from ${CI_REGISTRY_IMAGE}:${CACHETAG} -t ${CI_REGISTRY_IMAGE}:${VERSION} -t ${CI_REGISTRY_IMAGE}:${CACHETAG} .
|
||||
- docker push ${CI_REGISTRY_IMAGE}:${VERSION}
|
||||
- docker push ${CI_REGISTRY_IMAGE}:${CACHETAG}
|
||||
- ([ -z "$REFRESH" -a -f build-cache/${CI_COMMIT_REF_SLUG} ]) && docker load < build-cache/${CI_COMMIT_REF_SLUG} || true
|
||||
- rm build-cache/* || true
|
||||
- docker build --build-arg HTTP_PROXY=http://proxy.dege.lan:3128 --cache-from ${CI_REGISTRY_IMAGE}:${VERSIONARCH} -t ${CI_REGISTRY_IMAGE}:${VERSIONARCH} .
|
||||
- docker push ${CI_REGISTRY_IMAGE}:${VERSIONARCH}
|
||||
- docker save ${CI_REGISTRY_IMAGE}:${VERSIONARCH} > build-cache/${CI_COMMIT_REF_SLUG}
|
||||
tags:
|
||||
- docker
|
||||
- x86_64
|
||||
|
|
|
|||
34
Dockerfile
34
Dockerfile
|
|
@ -1,20 +1,38 @@
|
|||
# NAME leenooks/smtp
|
||||
# VERSION latest
|
||||
|
||||
FROM debian:stretch-slim
|
||||
FROM alpine
|
||||
|
||||
RUN apt-get update \
|
||||
&& apt-get install sendmail sasl2-bin milter-greylist -yyq \
|
||||
&& sed -ie 's/mech_list: EXTERNAL DIGEST-MD5 CRAM-MD5/mech_list:/' /etc/mail/sasl/Sendmail.conf.2 \
|
||||
&& cd /etc/mail && make clean \
|
||||
&& rm -rf /var/lib/apt/lists/* /tmp/*
|
||||
# Change to http respositories, so they we can cache the install packages
|
||||
RUN if [ -n ${HTTP_PROXY} ] ; then sed -ie s'/https/http/' /etc/apk/repositories; fi
|
||||
|
||||
RUN useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd
|
||||
RUN apk add shadow && useradd -rc "HUB Mail Relay" -M relay -NG mail -s /sbin/nologin && echo relay:SmTpR3l2Y | chpasswd
|
||||
|
||||
RUN apk add --no-cache postfix opendkim opendkim-utils \
|
||||
&& gpasswd -a postfix opendkim
|
||||
|
||||
# Config postfix
|
||||
RUN sed -ie 's%#mynetworks = hash:/etc/postfix/network_table%mynetworks = /etc/opendkim/signing/TrustedHosts%' /etc/postfix/main.cf \
|
||||
&& echo -n 'bWVzc2FnZV9zaXplX2xpbWl0ID0gMjU2MDAwMDAKcXVldWVfbWluZnJlZSA9IDUxMjAwMDAwCg=='|base64 -d >> /etc/postfix/main.cf
|
||||
|
||||
# Enable DKIM
|
||||
RUN mkdir /run/opendkim \
|
||||
&& echo -n 'IyBNaWx0ZXIgY29uZmlndXJhdGlvbiAtIG9wZW5ka2ltCiMgSWYgdGhlIE9wZW5ES0lNIG1pbHRl\
|
||||
ciBpc24ndCBhdmFpbGFibGUsIGFjY2VwdCB0aGUgbWVzc2FnZSBhbnl3YXkuCm1pbHRlcl9kZWZh\
|
||||
dWx0X2FjdGlvbiA9IGFjY2VwdAojIFdoYXQgbWlsdGVyIGNvbW11bmljYXRpb24gcHJvdG9jb2wg\
|
||||
c2hvdWxkIGJlIHVzZWQgdG8gcGFzcyBtZXNzYWdlcwojIHRvIGFuZCBmcm9tIE9wZW5ES0lNPwpt\
|
||||
aWx0ZXJfcHJvdG9jb2wgPSA2CiMgV2hlcmUgc2hvdWxkIHRoZSBPcGVuREtJTSBtaWx0ZXIgYmUg\
|
||||
Y29udGFjdCB0aHJvdWdoPyAgTm90ZSB0aGF0IHRoaXMKIyBpcyBpbnNpZGUgdGhlIC92YXIvc3Bv\
|
||||
b2wvcG9zdGZpeCBjaHJvb3QuCnNtdHBkX21pbHRlcnMgPSBpbmV0OjEyNy4wLjAuMTo4ODkxCiMg\
|
||||
U2VuZCBtYWlsIHRoYXQgZG9lc24ndCBhcnJpdmUgZnJvbSB0aGUgbmV0d29yayB0aHJvdWdoIHRo\
|
||||
ZSBzYW1lIG1pbHRlcgojIGFzIG91dGJvdW5kIG1haWwuCm5vbl9zbXRwZF9taWx0ZXJzID0gJHNt\
|
||||
dHBkX21pbHRlcnMK' |base64 -d >> /etc/postfix/main.cf
|
||||
COPY opendkim.conf /etc/opendkim
|
||||
|
||||
VOLUME ["/var/spool/postfix"]
|
||||
EXPOSE 25
|
||||
|
||||
COPY init /sbin/
|
||||
|
||||
# Starting
|
||||
ENTRYPOINT [ "/sbin/init" ]
|
||||
CMD [ "start" ]
|
||||
|
|
|
|||
|
|
@ -0,0 +1,2 @@
|
|||
message_size_limit = 25600000
|
||||
queue_minfree = 51200000
|
||||
19
init
19
init
|
|
@ -1,4 +1,4 @@
|
|||
#!/bin/bash
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
NAME="SMTP"
|
||||
|
|
@ -11,14 +11,17 @@ function stop {
|
|||
|
||||
trap 'stop' SIGTERM
|
||||
|
||||
if [ -z `hostname --domain` ]; then
|
||||
echo "You must start this container with --hostname= specifying a domain name"
|
||||
exit 1
|
||||
fi
|
||||
if [ -z "$@" ]; then
|
||||
if [ -z `hostname -d` ]; then
|
||||
echo "You must start this container with --hostname= specifying a domain name"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$1" == "start" ]; then
|
||||
/usr/sbin/saslauthd -m /run/saslauthd -a pam
|
||||
cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD &
|
||||
#/usr/sbin/saslauthd -m /run/saslauthd -a pam
|
||||
#cd /etc/mail && make && make && exec /usr/sbin/sendmail -q1h -bD &
|
||||
newaliases
|
||||
postfix start
|
||||
/usr/sbin/opendkim -P /run/opendkim.pid -u opendkim -f
|
||||
|
||||
wait
|
||||
else
|
||||
|
|
|
|||
|
|
@ -0,0 +1,12 @@
|
|||
# Milter configuration - opendkim
|
||||
# If the OpenDKIM milter isn't available, accept the message anyway.
|
||||
milter_default_action = accept
|
||||
# What milter communication protocol should be used to pass messages
|
||||
# to and from OpenDKIM?
|
||||
milter_protocol = 6
|
||||
# Where should the OpenDKIM milter be contact through? Note that this
|
||||
# is inside the /var/spool/postfix chroot.
|
||||
smtpd_milters = inet:127.0.0.1:8891
|
||||
# Send mail that doesn't arrive from the network through the same milter
|
||||
# as outbound mail.
|
||||
non_smtpd_milters = $smtpd_milters
|
||||
|
|
@ -0,0 +1,37 @@
|
|||
BaseDirectory /run/opendkim
|
||||
Mode sv
|
||||
SubDomains no
|
||||
|
||||
LogResults yes
|
||||
LogWhy yes
|
||||
Syslog yes
|
||||
SyslogSuccess yes
|
||||
|
||||
Canonicalization relaxed/simple
|
||||
|
||||
#Domain example.com
|
||||
#Selector default
|
||||
#KeyFile /var/db/dkim/example.com.private
|
||||
KeyTable refile:/etc/opendkim/signing/KeyTable
|
||||
SigningTable refile:/etc/opendkim/signing/SigningTable
|
||||
ExternalIgnoreList refile:/etc/opendkim/signing/TrustedHosts
|
||||
InternalHosts refile:/etc/opendkim/signing/TrustedHosts
|
||||
|
||||
Background yes
|
||||
Socket inet:8891@localhost
|
||||
#Socket local:opendkim.sock
|
||||
|
||||
ReportAddress postmaster@example.com
|
||||
SendReports yes
|
||||
|
||||
## Hosts to sign email for - 127.0.0.1 is default
|
||||
## See the OPERATION section of opendkim(8) for more information
|
||||
#
|
||||
#InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
|
||||
|
||||
## For secondary mailservers - indicates not to sign or verify messages
|
||||
## from these hosts
|
||||
#
|
||||
# PeerList X.X.X.X
|
||||
|
||||
PidFile /run/opendkim.pid
|
||||
Loading…
Reference in New Issue