-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathentrypoint.sh
More file actions
95 lines (79 loc) · 3.5 KB
/
entrypoint.sh
File metadata and controls
95 lines (79 loc) · 3.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
#!/bin/bash
set -eu
DEBUG=${DEBUG-false}
FQDN=$(hostname -f)
RELAY_DOMAINS=${RELAY_DOMAINS:-} # Empty to relay all emails
# Configure Postfix basics
postconf -e myhostname="${FQDN}"
postconf -e relay_domains="${RELAY_DOMAINS}"
postconf -e smtpd_sasl_auth_enable=no
postconf -e "mynetworks= 127.0.0.0/8 172.16.0.0/12 192.0.0.0/8"
postconf -# mydestination
postconf -F '*/*/chroot = n'
postconf -e "inet_protocols = ipv4"
[ "$DEBUG" = "true" ] && sed -i 's/smtpd$/smtpd -v/g' /etc/postfix/master.cf
# --- DKIM setup ---
if [ "${DKIM_ENABLED:-false}" = "true" ]; then
if [ ! -f /opt/__dkim_init ]; then
DKIM_SELECTOR=${DKIM_SELECTOR:-default}
DKIM_KEY="/etc/opendkim/keys/${DKIM_DOMAIN}/${DKIM_SELECTOR}.private"
if [ ! -f "$DKIM_KEY" ]; then
echo "Error! No DKIM key found: $DKIM_KEY" >&2
exit 1
fi
mkdir -p /etc/opendkim
echo "*@${DKIM_DOMAIN} ${DKIM_SELECTOR}._domainkey.${DKIM_DOMAIN}" >/etc/opendkim/SigningTable
echo "${DKIM_SELECTOR}._domainkey.${DKIM_DOMAIN} ${DKIM_DOMAIN}:${DKIM_SELECTOR}:${DKIM_KEY}" >/etc/opendkim/KeyTable
[ -n "${DKIM_AUTHORIZED_HOSTS:-}" ] && echo "${DKIM_AUTHORIZED_HOSTS//,/$'\n'}" >>/etc/opendkim/TrustedHosts
echo "*.${DKIM_DOMAIN}" >>/etc/opendkim/TrustedHosts
chown -R opendkim:opendkim /etc/opendkim/keys
mkdir -p /var/spool/postfix/opendkim
chown opendkim:postfix /var/spool/postfix/opendkim
# Use TCP socket
sed -i 's|local:/run/opendkim/opendkim.sock|inet:8891|g' /etc/opendkim.conf
# Postfix milter config
postconf -e "milter_default_action = accept"
postconf -e "milter_protocol = 2"
postconf -e "smtpd_milters = inet:127.0.0.1:8891"
postconf -e "non_smtpd_milters = \$smtpd_milters"
touch /opt/__dkim_init
fi
opendkim -f -x /etc/opendkim.conf &
fi
# --- SMTP Relay Authentication ---
if [ "${AUTH_ENABLED:-false}" = "true" ]; then
if [ -z "${RELAY_HOST:-}" ] || [ -z "${AUTH_USER:-}" ]; then
echo "Error! RELAY_HOST and AUTH_USER must be provided for AUTH_ENABLED=true" >&2
exit 1
fi
if [ ! -f /opt/__auth_init ]; then
echo "[${RELAY_HOST}] ${AUTH_USER}:${AUTH_PASSWORD:-}" >/etc/postfix/sasl_passwd
chmod 600 /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
postconf -e "relayhost = [${RELAY_HOST}]"
postconf -e "smtp_sasl_auth_enable = yes"
postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd"
postconf -e "smtp_sasl_security_options ="
postconf -e "smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt"
postconf -e "smtp_use_tls = yes"
touch /opt/__auth_init
fi
fi
QUEUE_DIRS="active bounce corrupt deferred defer flush hold incoming maildrop pid private saved trace public"
for dir in $QUEUE_DIRS; do
mkdir -p /var/spool/postfix/$dir
done
# Fix ownership and permissions
chown -R postfix:postfix /var/spool/postfix/{active,bounce,corrupt,deferred,defer,flush,hold,incoming,pid,private,saved,trace}
chown postfix:postdrop /var/spool/postfix/{public,maildrop}
chmod 700 /var/spool/postfix/{active,bounce,corrupt,deferred,defer,flush,hold,incoming,pid,private,saved,trace,maildrop}
chmod 755 /var/spool/postfix/public
# Ensure pid directory owned by root
chown root:root /var/spool/postfix/pid
chmod 700 /var/spool/postfix/pid
# Start rsyslog and Postfix
[ -f /var/run/rsyslogd.pid ] && rm -f /var/run/rsyslogd.pid
rsyslogd
postfix start-fg
# Keep container alive for logs
tail -F /dev/null