opendkim

docker-compose.yml

@@ -48,7 +48,8 @@ services:
                 aliases:
                     - dovecot.internal.docker
         volumes:
-            - ./data/email:/var/email
+            - ./data/dovecot/email:/var/email
+            - ./data/dovecot/sieve:/etc/dovecot/sieve
         ports:
             - "0.0.0.0:110:110"
             - "0.0.0.0:143:143"
@@ -58,5 +59,17 @@ services:
         env_file:
             - env
 
+    opendkim:
+        build: ./opendkim
+        container_name: mx-opendkim
+        networks:
+            internal.docker:
+                aliases:
+                    - opendkim.internal.docker
+        volumes:
+            - ./data/opendkim/keys:/etc/opendkim/keys
+        env_file:
+            - env
+
 networks:
     internal.docker:

dovecot/Dockerfile

@@ -17,7 +17,7 @@ COPY ./config/ /etc/dovecot/
 
 COPY ./certs/ /etc/ssl/private/
 
-VOLUME ["/var/email"]
+VOLUME ["/var/email", "/etc/dovecot/sieve"]
 
 EXPOSE 110 143 993 995 4190
 

dovecot/config/dovecot.conf

@@ -44,8 +44,8 @@ plugin {
   # The path to the user's main active script. If ManageSieve is used, this the
   # location of the symbolic link controlled by ManageSieve.
   sieve = ~/.dovecot.sieve
-  sieve_before = ~/sieve/01_vacation.sieve
-  sieve_extensions = +vacation +vacation-seconds
+  #sieve_before = ~/sieve/01_vacation.sieve
+  #sieve_extensions = +vacation +vacation-seconds
 
   # The default Sieve script when the user has none. This is a path to a global
   # sieve script file, which gets executed ONLY if user's private Sieve script
@@ -75,9 +75,7 @@ log_path = /dev/stderr
 postmaster_address = postmaster@example.org
 
 service lmtp {
-  # Create inet listener only if you can't use the above UNIX socket
   inet_listener lmtp {
-    # Avoid making LMTP visible for the entire internet
     address = 0.0.0.0
     port = DOVECOT_LMTP_PORT
   }

env

@@ -3,7 +3,7 @@ POSTGRES_USER=postfixadmin
 POSTGRES_PASSWORD=pg_password
 POSTGRES_DB=postfixadmin
 
-MAIL_DOMAIN=test-mx.rthoni.com
+MAIL_DOMAIN=rthoni.com
 MAIL_HOSTNAME=vm01.rthoni.com
 
 DOVECOT_HOST=dovecot.internal.docker

opendkim/Dockerfile

@@ -0,0 +1,20 @@
+FROM debian:jessie
+
+MAINTAINER Robin Thoni <robin@rthoni.com>
+
+RUN apt-get update &&\
+    apt-get install -y opendkim libopendbx1-pgsql rsyslog &&\
+    apt-get clean && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+RUN rm /etc/opendkim.conf &&\
+    ln -s /etc/opendkim/opendkim.conf /etc/opendkim.conf
+
+COPY ./run.sh /run.sh
+
+COPY ./config /etc/opendkim/
+
+RUN chown -R opendkim:opendkim /etc/opendkim
+
+VOLUME ["/etc/opendkim/keys"]
+
+CMD ["/run.sh"]

opendkim/config.sql/opendkim.conf

@@ -0,0 +1,21 @@
+AutoRestart             Yes
+AutoRestartRate         10/1h
+UMask                   002
+Syslog                  yes
+SyslogSuccess           yes
+LogWhy                  Yes
+
+Canonicalization        relaxed/simple
+
+ExternalIgnoreList      dsn:pgsql://POSTGRES_USER:POSTGRES_PASSWORD@POSTGRES_HOST/POSTGRES_DB/table=dkim_external_ignore_list?keycol=host?datacol=host
+InternalHosts           dsn:pgsql://POSTGRES_USER:POSTGRES_PASSWORD@POSTGRES_HOST/POSTGRES_DB/table=dkim_internal_hosts?keycol=host?datacol=host
+KeyTable                dsn:pgsql://POSTGRES_USER:POSTGRES_PASSWORD@POSTGRES_HOST/POSTGRES_DB/table=dkim_key_table?keycol=name?datacol=key_path
+SigningTable            dsn:pgsql://POSTGRES_USER:POSTGRES_PASSWORD@POSTGRES_HOST/POSTGRES_DB/table=dkim_signing_table?keycol=email?datacol=name
+
+Mode                    sv
+PidFile                 /var/run/opendkim/opendkim.pid
+SignatureAlgorithm      rsa-sha256
+
+UserID                  opendkim:opendkim
+
+Socket                  inet:OPENDKIM_PORT@0.0.0.0

opendkim/config/KeyTable

@@ -0,0 +1 @@
+all                  MAIL_DOMAIN:dkim:/etc/opendkim/dkim.private

opendkim/config/SigningTable

@@ -0,0 +1 @@
+*                        all

opendkim/config/TrustedHosts

@@ -0,0 +1,3 @@
+127.0.0.1
+localhost
+postfix.internal.docker

opendkim/config/dkim.private

@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICWwIBAAKBgQCw8ztGcYIdp/fCfIjH0n5A6sKXKct0OfgVLLd8+Zj2zqmyhXFB
+7HI2zjQ2RBC6zqDS6VD8VWYX6pcWQNFdretjAm5Owmyd5SyRXxDwlVpyWLVHqGI2
+qHJR6cicAtBDSMtWGBLMSC8jR+44Dfzof53x1BlAPMr+Znj5yOS8fYQxwQIDAQAB
+AoGALROZOwW5ZsKeO/4rffPiU7k6HvX3rUEDMKm2iHCxBdZ5pk+WHXwVUF7RMC3A
+sUXn9DKZfd5nZppNKM8URrACcUbLx3g6Yj4LiupzasWn3IXf1nhbObHEIDcr821x
+Cs8v5kZhOHS9Wf03T1qOGkSLf3NL0MO6cXS1nBWkz/DL9R0CQQDikuYnybGTTB8c
+OzKW3d+hUt6u1JD4i8EGqvN9O4QSJrKgDHYGsx/EaicZLh7CM1CA/e2iH0weaBvL
+wuC3aflXAkEAx+5zBANxaWrpjyWVIMdmY9bxUjgBpRPgxbvFyctkqb58BpOkQpdn
+f2LvqxsblR9fDfZCduySSubTHPeS6bmGpwJAMBNfhr3DUi/qwgDFoUF+/CorWgl8
+oWB2GsYXWFFSms9fQ5qhSJalfPXRSgSBPk/JGzXGQIpHioQosbmuGP0BjQJAcQui
+fOJ1feW1qfrWF3KnskwWpyaDx5M1xJgnfbJDeLb76bwRZJW3L5ABc/4f2nGijYJw
+kk2xaiiZtgdGSmFcgQJAbG5PMgTBtAgawHtt8pqdojTDR3pJ3/Zc5vtCY+7MoWBA
+rHVixMuqodwxwgx/+OecEIdjF0SFkvTvKV0V2SeqXw==
+-----END RSA PRIVATE KEY-----

opendkim/config/dkim.txt

@@ -0,0 +1,2 @@
+dkim._domainkey	IN	TXT	( "v=DKIM1; k=rsa; "
+	  "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCw8ztGcYIdp/fCfIjH0n5A6sKXKct0OfgVLLd8+Zj2zqmyhXFB7HI2zjQ2RBC6zqDS6VD8VWYX6pcWQNFdretjAm5Owmyd5SyRXxDwlVpyWLVHqGI2qHJR6cicAtBDSMtWGBLMSC8jR+44Dfzof53x1BlAPMr+Znj5yOS8fYQxwQIDAQAB" )  ; ----- DKIM key dkim for rthoni.com

opendkim/config/opendkim.conf

@@ -0,0 +1,21 @@
+AutoRestart             Yes
+AutoRestartRate         10/1h
+UMask                   002
+Syslog                  yes
+SyslogSuccess           Yes
+LogWhy                  Yes
+
+Canonicalization        relaxed/simple
+
+ExternalIgnoreList      refile:/etc/opendkim/TrustedHosts
+InternalHosts           refile:/etc/opendkim/TrustedHosts
+KeyTable                refile:/etc/opendkim/KeyTable
+SigningTable            refile:/etc/opendkim/SigningTable
+
+Mode                    sv
+PidFile                 /var/run/opendkim/opendkim.pid
+SignatureAlgorithm      rsa-sha256
+
+UserID                  opendkim:opendkim
+
+Socket                  inet:OPENDKIM_PORT@0.0.0.0

opendkim/run.sh

@@ -0,0 +1,18 @@
+#! /usr/bin/env sh
+
+sed -e "s/POSTGRES_HOST/${POSTGRES_HOST}/" -i /etc/opendkim/opendkim.conf
+sed -e "s/POSTGRES_USER/${POSTGRES_USER}/" -i /etc/opendkim/opendkim.conf
+sed -e "s/POSTGRES_PASSWORD/${POSTGRES_PASSWORD}/" -i /etc/opendkim/opendkim.conf
+sed -e "s/POSTGRES_DB/${POSTGRES_DB}/" -i /etc/opendkim/opendkim.conf
+sed -e "s/OPENDKIM_PORT/${OPENDKIM_PORT}/" -i /etc/opendkim/opendkim.conf
+sed -e "s/MAIL_DOMAIN/${MAIL_DOMAIN}/" -i /etc/opendkim/KeyTable
+
+sleep 5
+
+rm -f /var/run/rsyslogd.pid
+rm -f /var/log/syslog
+service rsyslog start
+service opendkim start
+#/usr/sbin/opendkim -f -v -x /etc/opendkim.conf
+tail -f /var/log/syslog
+

postfix/config/main.cf

@@ -83,6 +83,10 @@ message_size_limit = 0
 
 milter_default_action = accept
 milter_protocol = 6
-#smtpd_milters = inet:localhost:12345
-#non_smtpd_milters = inet:localhost:12345
-smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unknown_recipient_domain, reject_unauth_pipelining, reject_unauth_destination
+smtpd_milters = opendkim_12345
+non_smtpd_milters = opendkim_12345
+smtpd_relay_restrictions = permit_mynetworks,
+        permit_sasl_authenticated,
+        reject_unknown_recipient_domain,
+        reject_unauth_pipelining,
+        reject_unauth_destination

postfix/run.sh

@@ -9,7 +9,10 @@ postconf -e mydomain="${MAIL_DOMAIN}"
 postconf -e myhostname="${MAIL_HOSTNAME}"
 postconf -e smtpd_sasl_path="inet:${DOVECOT_HOST}:${DOVECOT_SASL_PORT}"
 postconf -e virtual_transport="lmtp:inet:${DOVECOT_HOST}:${DOVECOT_LMTP_PORT}"
+postconf -e smtpd_milters="inet:${OPENDKIM_HOST}:${OPENDKIM_PORT}"
+postconf -e non_smtpd_milters="inet:${OPENDKIM_HOST}:${OPENDKIM_PORT}"
 
+rm -f /var/run/rsyslogd.pid
 service rsyslog start &&
 service postfix start &&
 

postfixadmin/Dockerfile

@@ -30,6 +30,5 @@ EXPOSE 80
 
 COPY ./postfixadmin-3.0/ /var/www/html/
 RUN chmod -R 777 /var/www/html/templates_c
-#VOLUME ["/var/www/html"]
 
 CMD ["/run.sh"]

postgresql/docker-entrypoint-initdb.d/01_init.sql

@@ -816,6 +816,48 @@ ALTER TABLE ONLY recipient_bcc
 
 
 
+CREATE TABLE dkim_external_ignore_list (
+    host text NOT NULL
+);
+
+
+ALTER TABLE dkim_external_ignore_list OWNER TO dev;
+
+--
+-- Name: dkim_internal_hosts; Type: TABLE; Schema: public; Owner: dev; Tablespace: 
+--
+
+CREATE TABLE dkim_internal_hosts (
+    host text NOT NULL
+);
+
+
+ALTER TABLE dkim_internal_hosts OWNER TO dev;
+
+--
+-- Name: dkim_key_table; Type: TABLE; Schema: public; Owner: dev; Tablespace: 
+--
+
+CREATE TABLE dkim_key_table (
+    name text NOT NULL,
+    key_path text NOT NULL
+);
+
+
+ALTER TABLE dkim_key_table OWNER TO dev;
+
+--
+-- Name: dkim_signing_table; Type: TABLE; Schema: public; Owner: dev; Tablespace: 
+--
+
+CREATE TABLE dkim_signing_table (
+    email text NOT NULL,
+    name text NOT NULL
+);
+
+ALTER TABLE ONLY dkim_signing_table
+    ADD CONSTRAINT dkim_signing_table_name_fkey FOREIGN KEY (name) REFERENCES dkim_key_table(name) ON UPDATE CASCADE ON DELETE CASCADE;
+
 
 --
 -- PostgreSQL database dump complete