Home Explore Help
Register Sign In
fphammerle
/
docker-postfix
mirror of https://github.com/fphammerle/docker-postfix
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

added mozilla's ca cert store

Fabian Peter Hammerle 4 years ago
parent
7890f76110
commit
d5d65357b0
2 changed files with 11 additions and 1 deletions
Split View Show Diff Stats
  1. 4 0
      CHANGELOG.md
  2. 7 1
      Dockerfile

+ 4 - 0
CHANGELOG.md
View File 

@@ -5,6 +5,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
 ## [Unreleased]
 
+### Added
 
+- added [mozilla's ca cert store](https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/)
 
+  (disabled per default, enable via `tls_append_default_CA=yes`)
 
+
 
 ### Fixed
 
 - upgrade postfix v3.4.8 -> v3.4.9
 
   - changelog: http://www.postfix.org/announcements/postfix-3.4.9.html

+ 7 - 1
Dockerfile
View File 

@@ -1,7 +1,13 @@
 
 FROM alpine:3.11
 
 
 ARG POSTFIX_PACKAGE_VERSION=3.4.9-r0
 
-RUN apk add --no-cache postfix=$POSTFIX_PACKAGE_VERSION
 
+# http://www.postfix.org/postconf.5.html#tls_append_default_CA
 
+# https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/
 
+ARG MOZILLA_CA_CERT_STORE_PACKAGE_VERSION=20191127-r1
 
+RUN apk add --no-cache \
 
+        ca-certificates=$MOZILLA_CA_CERT_STORE_PACKAGE_VERSION \
 
+        postfix=$POSTFIX_PACKAGE_VERSION \
 
+    && postconf -evv tls_append_default_CA=no `# default, but better be safe`
 
 
 # http://www.postfix.org/MAILLOG_README.html
 
 RUN postconf -F | grep -E '^postlog/unix-dgram/service = postlog$' \