6 år sedan · 10a7cf6948
--- a/Dockerfile
+++ b/Dockerfile
@@ -7,6 +7,8 @@ RUN postconf -F | grep -E '^postlog/unix-dgram/service = postlog$' \
 
				     && postconf -evv maillog_file=/dev/stdout \
			
 
				     && postfix check
			
 
				 
			
 
				+# VOLUME /var/spool/postfix ?
			
 
				+
			
 
				 EXPOSE 25/tcp
			
 
				 COPY postfix.sh /
			
 
				 CMD ["/postfix.sh"]
			
--- a/ansible-playbooks/null-client.yml
+++ b/ansible-playbooks/null-client.yml
@@ -6,6 +6,11 @@
 
				   - docker_volume:
			
 
				       volume_name: postfix_config
			
 
				     register: config_volume
			
 
				+  - name: copy trusted CA certs
			
 
				+    copy:
			
 
				+      src: ../smtp-tls-trusted-ca.pem
			
 
				+      dest: '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/smtp-tls-trusted-ca.pem'
			
 
				+    register: smtp_trusted_ca_certs
			
 
				   - name: create config
			
 
				     copy:
			
 
				       content: |
			
@@ -24,6 +29,12 @@
 
				         smtpd_sasl_authenticated_header = yes
			
 
				 
			
 
				         relayhost = relay.example.com:submission
			
 
				+        smtp_tls_security_level = secure
			
 
				+        smtp_tls_secure_cert_match = nexthop
			
 
				+        smtp_tls_CAfile = /etc/postfix/smtp-tls-trusted-ca.pem
			
 
				+        # docs recommend against whitelist
			
 
				+        smtp_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
			
 
				+        smtp_tls_session_cache_database = btree:${data_directory}/smtp-tls-session-cache
			
 
				 
			
 
				         # http://www.postfix.org/MAILLOG_README.html
			
 
				         maillog_file = /dev/stdout
			
@@ -40,8 +51,9 @@
 
				       hostname: postfix-test
			
 
				       volumes:
			
 
				       - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/main.cf:/etc/postfix/main.cf:ro'
			
 
				+      - '{{ config_volume.ansible_facts.docker_volume.Mountpoint }}/smtp-tls-trusted-ca.pem:/etc/postfix/smtp-tls-trusted-ca.pem:ro'
			
 
				       networks: [name: mail]
			
 
				       purge_networks: yes
			
 
				       published_ports: ['localhost:25:25']
			
 
				       restart_policy: unless-stopped
			
 
				-      restart: '{{ config.changed }}'
			
 
				+      restart: '{{ config.changed or smtp_trusted_ca_certs.changed }}'
			
--- a/smtp-tls-trusted-ca.pem
+++ b/smtp-tls-trusted-ca.pem
@@ -0,0 +1,39 @@
 
				+Subject: C=AT, CN=Fabian Peter Hammerle
			
 
				+Validity
			
 
				+    Not Before: May  8 18:31:41 2017 GMT
			
 
				+    Not After : Jan  1 00:00:00 2027 GMT
			
 
				+X509v3 Subject Key Identifier:
			
 
				+    C2:E0:4B:00:B3:F0:87:DB:14:3B:4B:B6:41:18:13:BA:22:0E:D4:BA
			
 
				+-----BEGIN CERTIFICATE-----
			
 
				+MIIFnzCCA4egAwIBAgIKRWuaA5ml2i8RpjANBgkqhkiG9w0BAQsFADAtMQswCQYD
			
 
				+VQQGEwJBVDEeMBwGA1UEAxMVRmFiaWFuIFBldGVyIEhhbW1lcmxlMB4XDTE3MDUw
			
 
				+ODE4MzE0MVoXDTI3MDEwMTAwMDAwMFowLTELMAkGA1UEBhMCQVQxHjAcBgNVBAMT
			
 
				+FUZhYmlhbiBQZXRlciBIYW1tZXJsZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCC
			
 
				+AgoCggIBALX8fhBdVeTNDVS48uBcHgeL3lxfnPBX7aK8i/9uPfp29zfhIidQxJAt
			
 
				+PonOCrlmLwQMA+Cg2c0Yhf9+Lrg2Toior8c5JJbAsdqsrl/VY+xGOsz0AheHmSNp
			
 
				+nHbJqMO0ZmAJuhJVzmsj1In37mLFinmK04ONjU0czQLuyABU35jy9jhDLFa4EZxn
			
 
				+J7kfCtPlR1L+ZbqA0XakPyZdA/XPBW5QMWzyMKjx7F9LtuOknTcxG0HQ+KOwu5ul
			
 
				+NmCbSZ1azRMzKZyjnbzwlBXbJe8gLN5aID7c1onEqik6i06hyju/au1uU7D5iG60
			
 
				+hmQL+85LIRXiuM1+IIJyvLWp4rghMmnGE/pPdmF4bqJQfsswkFBmPZj4vgQpRPJn
			
 
				+IUH3o9XhRd6RNjz10Sdm3tZZ31G1l+dzeqnHoXDZ5RmUNabByg0lWCppRLnMgEH4
			
 
				+CjZ3QN2pkVwHW3z3k5trtCZoHne16MfRmX88uM0arapUFbfYNuKOV1/a/Hy2xze2
			
 
				+ry1aKTUFET8iyFPepLps4Rz2AYi+bZ3F30em4ngzdYxcAj1V7qpQn/xRgUhxgosT
			
 
				+0ABaaJWcLRd/QJH4wb+/S1gzIYbpAjjfrJoiBkZ5NPkvzphdhaomNeUT2mz4rSAS
			
 
				+bPmSWYT+xM3vlmcOe4ZHamBz5kZpnf2scyIXSBcOC9m4OhjDQVqXAgMBAAGjgcAw
			
 
				+gb0wWgYDVR0RBFMwUYESZmFiaWFuQGhhbW1lcmxlLm1lgRlmYWJpYW4uaGFtbWVy
			
 
				+bGVAZ21haWwuY29tgSBmYWJpYW4uaGFtbWVybGVAbWVkdW5pd2llbi5hYy5hdDAP
			
 
				+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTC4EsAs/CH2xQ7S7ZBGBO6Ig7UujAf
			
 
				+BgNVHSMEGDAWgBTC4EsAs/CH2xQ7S7ZBGBO6Ig7UujAOBgNVHQ8BAf8EBAMCAcYw
			
 
				+DQYJKoZIhvcNAQELBQADggIBAGMC4ya82j9IGePhl9l2hMgB0ZB48RSTZelNEm8M
			
 
				+KFCGMRIGBuzAIdIY+0ugJuK6jHIfRtGHXFJlBkm+/vJwuwRqQib8+Nt1ZCSqv7/R
			
 
				+k0jR4BUdAWSsnskZwYivYKQgANjtmDOpO19tpTcgeptw8AIAfuuglYP5wH5FA2RX
			
 
				+cvkfHLtd9HJaj62CM5f+A2QTEHvat7KJSme7qZ6I47BiTA//+4SK8vjDoPir0Kx7
			
 
				+NK7awpzjEzWbQrVwU3YhDuHbZlaHhPini6AlhEqvz/wpPYXUzgmJy0K1m4vWcxsT
			
 
				+D/nf3LT1wJs5Ph1tO9gdF/yZC7o2QIKVjPF4mQiv/1EkYRY7zV52JcsWRrWlHN0x
			
 
				+tqinxjY0aN4v6uoybJXHSiergibasDv4MicnW0c3ZE7dLs3iT6+5PAhjNoLdrG6v
			
 
				+n9RZLZOrACYiPd+thoGQYVB496bobz2hHUUu7MoHxlZks6RVpxUm7jMGDoqZtvGp
			
 
				+0VRCTglMyrpq26yYeUkE69sCm09EMHyZowOrnoTfqsk+sscuWqbmh2uPEIgqgKjz
			
 
				+Ock5i72I47uTRUpG4WbYGXKfGaXUzd9A/6Rj6z2u+0z/dgNg/r3nrAAzIvV8Dh0q
			
 
				+exCOYc3vQ+DdLKCMSMuCjXb6/Mpg5gR5za405RePcFaCoM74jxRScY+gOFguqdr4
			
 
				+Qqjv
			
 
				+-----END CERTIFICATE-----