forked from Turgon37/docker-smtp-relay
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathstart.sh
executable file
·113 lines (98 loc) · 4.22 KB
/
start.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
#!/bin/sh
set -e
# Set configuration according to ENV
echo 'Settings postfix...'
postconf -e "mydomain = ${RELAY_MYDOMAIN}"
postconf -e "mynetworks = ${RELAY_MYNETWORKS}"
postconf -e "relayhost = ${RELAY_HOST}"
postconf -e "relay_domains = ${RELAY_DOMAINS}"
# Static restrictions for smtp clients
if [ "${RELAY_MODE}" = 'STRICT' ]; then
# set STRICT mode
# no one can send mail to another domain than the relay domains list
# only network/sasl authenticated user can send mail through relay
postconf -e 'smtpd_relay_restrictions = reject_unauth_destination, permit_sasl_authenticated, permit_mynetworks, reject'
elif [ "${RELAY_MODE}" = 'ALLOW_SASLAUTH_NODOMAIN' ]; then
# set ALLOW_SASLAUTH_NODOMAIN mode
# only authenticated smtp users can send email to another domain than the relay domains list
postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination, permit_mynetworks, reject'
elif [ "${RELAY_MODE}" = 'ALLOW_NETAUTH_NODOMAIN' ]; then
# set ALLOW_NETAUTH_NODOMAIN mode
# only authenticated smtp users can send email to another domain than the relay domains list
postconf -e 'smtpd_relay_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject'
elif [ "${RELAY_MODE}" = 'ALLOW_AUTH_NODOMAIN' ]; then
# set ALLOW_AUTH_NODOMAIN mode
# no one can send mail to another domain than the relay domains list
# only network/sasl authenticated user can send mail through relay
postconf -e 'smtpd_relay_restrictions = permit_sasl_authenticated, permit_mynetworks, reject'
else
# set the content of the mode into the restrictions
postconf -e "smtpd_relay_restrictions = ${RELAY_MODE}"
fi
# Set hostname
if [ -n "${RELAY_MYHOSTNAME}" ]; then
postconf -e "myhostname = ${RELAY_MYHOSTNAME}"
fi
# Set default postmaster value
if [ -z "$RELAY_POSTMASTER" ]; then
RELAY_POSTMASTER="postmaster@${RELAY_MYDOMAIN}"
fi
postconf -e "2bounce_notice_recipient = ${RELAY_POSTMASTER}"
# Update the sender mapping databases
if [ -f /etc/postfix/sender_canonical ]; then
postconf -e "sender_canonical_maps = hash:/etc/postfix/sender_canonical"
postmap /etc/postfix/sender_canonical
fi
# Update the aliases database
aliases=$(postconf alias_maps |cut -d ':' -f 2)
if [ -f $aliases ]; then
newaliases
fi
# Configure authentification to relay if needed
if [ -n "${RELAY_LOGIN}" -a -n "${RELAY_PASSWORD}" ]; then
postconf -e 'smtp_sasl_auth_enable = yes'
# use password from hash database
if [ -f /etc/postfix/sasl_passwd ]; then
postconf -e 'smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd'
postmap /etc/postfix/sasl_passwd
else
# use static database
postconf -e "smtp_sasl_password_maps = inline:{${RELAY_HOST}=${RELAY_LOGIN}:${RELAY_PASSWORD}}"
fi
postconf -e 'smtp_sasl_security_options = noanonymous'
if [ -n "${RELAY_USE_TLS}" -a "${RELAY_USE_TLS}" = 'yes' -a -z "${RELAY_TLS_CA}" ]; then
echo "you must fill RELAY_TLS_CA with the path to the CA file in the container" >&2
exit 1
fi
postconf -e "smtp_tls_CAfile = ${RELAY_TLS_CA}"
postconf -e "smtp_tls_security_level = ${RELAY_TLS_VERIFY}"
postconf -e 'smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache'
postconf -e "smtp_use_tls = ${RELAY_USE_TLS}"
fi
# Restrict sender adresses to only theses of the relay domain
if [ "$RELAY_STRICT_SENDER_MYDOMAIN" = 'true' ]; then
postconf -e "smtpd_sender_restrictions = check_sender_access inline:{$RELAY_MYDOMAIN=OK}, reject"
fi
# set extras configurations
if [ ! -z "${RELAY_EXTRAS_SETTINGS}" ]; then
for item in ${RELAY_EXTRAS_SETTINGS}; do
echo "...set extras setting... ${item}"
postconf -e "${item}"
done
fi
echo 'Bulk registering sasl users...'
# Fill the sasl user database with seed
if [ -f /etc/postfix/client_sasl_passwd ]; then
[ ! -r /etc/postfix/client_sasl_passwd ] && {
echo "client_sasl_passwd database is not readable" >&2
exit 1
}
for peer in "$(cat /etc/postfix/client_sasl_passwd)"; do
$user=$(echo "${peer}" | awk '{ print $1 }')
$pass=$(echo "${peer}" | awk '{ print $2 }')
echo "${pass}" | /opt/postfix/saslpasswd2.sh -p -u "${RELAY_MYDOMAIN}" -c "${user}"
echo "...registered user '${user}' into sasl database"
done
fi
echo 'Starting up...'
exec /usr/bin/supervisord --configuration /etc/supervisord.conf