From e4ab71db42d25b7fc5749e9bd2d69eeaf8ba631d Mon Sep 17 00:00:00 2001
From: "Isaacs, Ben" <ben.isaacs@cbsinteractive.com>
Date: Sat, 11 Nov 2017 16:10:51 +0000
Subject: [PATCH 1/9] Update to support virtualdomains

---
 README.md         | 10 ++++++----
 assets/install.sh | 13 ++++++++++++-
 build.sh          |  2 +-
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 955a64c..2f14132 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,8 @@
 docker-postfix
 ==============
 
+Modified from catatnight/postfix to add virtualhost support
+
 run postfix with smtp authentication (sasldb) in a docker container.
 TLS and OpenDKIM support are optional.
 
@@ -11,7 +13,7 @@ TLS and OpenDKIM support are optional.
 1. Build image
 
 	```bash
-	$ sudo docker pull catatnight/postfix
+	$ ./build.sh
 	```
 
 ## Usage
@@ -20,7 +22,7 @@ TLS and OpenDKIM support are optional.
 	```bash
 	$ sudo docker run -p 25:25 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
-			--name postfix -d catatnight/postfix
+			--name postfix -d ben-xo/postfix
 	# Set multiple user credentials: -e smtp_user=user1:pwd1,user2:pwd2,...,userN:pwdN
 	```
 2. Enable OpenDKIM: save your domain key ```.private``` in ```/path/to/domainkeys```
@@ -29,7 +31,7 @@ TLS and OpenDKIM support are optional.
 	$ sudo docker run -p 25:25 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
 			-v /path/to/domainkeys:/etc/opendkim/domainkeys \
-			--name postfix -d catatnight/postfix
+			--name postfix -d ben-xo/postfix
 	```
 3. Enable TLS(587): save your SSL certificates ```.key``` and ```.crt``` to  ```/path/to/certs```
 
@@ -37,7 +39,7 @@ TLS and OpenDKIM support are optional.
 	$ sudo docker run -p 587:587 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
 			-v /path/to/certs:/etc/postfix/certs \
-			--name postfix -d catatnight/postfix
+			--name postfix -d ben-xo/postfix
 	```
 
 ## Note
diff --git a/assets/install.sh b/assets/install.sh
index 0b2aaff..4786138 100755
--- a/assets/install.sh
+++ b/assets/install.sh
@@ -29,6 +29,9 @@ chmod +x /opt/postfix.sh
 postconf -e myhostname=$maildomain
 postconf -F '*/*/chroot = n'
 
+postconf -e smtp_use_tls=yes
+postconf -e smtp_tls_security_level=may
+
 ############
 # SASL SUPPORT FOR CLIENTS
 # The following options set parameters needed by Postfix to enable
@@ -51,6 +54,14 @@ while IFS=':' read -r _user _pwd; do
 done < /tmp/passwd
 chown postfix.sasl /etc/sasldb2
 
+############
+# Virtual Domain support
+############
+if [[ "$virtual_domains" != "" ]]; then
+  postconf -e virtual_alias_maps=hash:/etc/postfix/virtual
+  postconf -e virtual_alias_domains=$virtual_domains
+fi
+
 ############
 # Enable TLS
 ############
@@ -127,4 +138,4 @@ cat >> /etc/opendkim/SigningTable <<EOF
 *@$maildomain mail._domainkey.$maildomain
 EOF
 chown opendkim:opendkim $(find /etc/opendkim/domainkeys -iname *.private)
-chmod 400 $(find /etc/opendkim/domainkeys -iname *.private)
\ No newline at end of file
+chmod 400 $(find /etc/opendkim/domainkeys -iname *.private)
diff --git a/build.sh b/build.sh
index d7b5420..f17dee5 100755
--- a/build.sh
+++ b/build.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-docker build -t catatnight/postfix .
\ No newline at end of file
+docker build -t ben-xo/postfix .

From 34a8fae0f0e123d8064dc7b58eed8b056110ee72 Mon Sep 17 00:00:00 2001
From: "Isaacs, Ben" <ben.isaacs@cbsinteractive.com>
Date: Thu, 30 Nov 2017 07:21:04 +0000
Subject: [PATCH 2/9] Better support for:

* virtualdomains
* TLS
* Docker debugging
* smtp auth only on submission port
* letsencrypt
---
 assets/install.sh | 60 ++++++++++++++++++++++++++++++++++++++++++-----
 build.sh          |  2 +-
 2 files changed, 55 insertions(+), 7 deletions(-)

diff --git a/assets/install.sh b/assets/install.sh
index 4786138..ac29889 100755
--- a/assets/install.sh
+++ b/assets/install.sh
@@ -29,8 +29,31 @@ chmod +x /opt/postfix.sh
 postconf -e myhostname=$maildomain
 postconf -F '*/*/chroot = n'
 
+# set up some email security as per https://ssl-tools.net/mailservers/ and 
+# https://serverfault.com/questions/670348/how-to-force-a-own-set-of-ciphers-in-postfix-2-11#670359 and
+# https://blog.tinned-software.net/harden-the-ssl-configuration-of-your-mailserver/
+
+postconf -e tls_ssl_options=NO_COMPRESSION
+
 postconf -e smtp_use_tls=yes
 postconf -e smtp_tls_security_level=may
+postconf -e "smtp_tls_protocols = !SSLv2, !SSLv3"
+postconf -e "smtp_tls_mandatory_protocols = !SSLv2, !SSLv3"
+postconf -e "smtp_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC2, RC4, aNULL"
+postconf -e smtp_tls_loglevel=1
+
+postconf -e smtpd_tls_security_level=may
+# postconf -e smtpd_tls_auth_only=yes
+postconf -e "smtpd_tls_protocols = !SSLv2, !SSLv3"
+postconf -e "smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3"
+postconf -e smtpd_tls_ciphers=high
+postconf -e smtpd_tls_mandatory_ciphers=high
+postconf -e "smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC2, RC4, aNULL"
+postconf -e smtpd_tls_eecdh_grade=ultra
+
+# include 172.16/12 for docker
+postconf -e "mynetworks=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12"
+
 
 ############
 # SASL SUPPORT FOR CLIENTS
@@ -38,9 +61,15 @@ postconf -e smtp_tls_security_level=may
 # Cyrus-SASL support for authentication of mail clients.
 ############
 # /etc/postfix/main.cf
-postconf -e smtpd_sasl_auth_enable=yes
+
+# this is enabled separately for smpt 25 and submission 587
+#postconf -e smtpd_sasl_auth_enable=yes
+
 postconf -e broken_sasl_auth_clients=yes
-postconf -e smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination
+postconf -e smtpd_sasl_security_options=noanonymous
+postconf -e "smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
+postconf -e "smtpd_relay_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination"
+
 # smtpd.conf
 cat >> /etc/postfix/sasl/smtpd.conf <<EOF
 pwcheck_method: auxprop
@@ -59,24 +88,42 @@ chown postfix.sasl /etc/sasldb2
 ############
 if [[ "$virtual_domains" != "" ]]; then
   postconf -e virtual_alias_maps=hash:/etc/postfix/virtual
-  postconf -e virtual_alias_domains=$virtual_domains
+  postconf -e "virtual_alias_domains=$virtual_domains"
+  postmap /etc/postfix/virtual
 fi
 
 ############
 # Enable TLS
 ############
+
 if [[ -n "$(find /etc/postfix/certs -iname *.crt)" && -n "$(find /etc/postfix/certs -iname *.key)" ]]; then
+  SMTPD_TLS_CERT_FILE=$(find /etc/postfix/certs -iname *.crt)
+  SMTPD_TLS_KEY_FILE=$(find /etc/postfix/certs -iname *.key)
+fi
+
+# for letsencrypt
+if [[ -n "$(find /etc/postfix/certs -iname *.pem)" ]]; then
+  SMTPD_TLS_CERT_FILE=$(find /etc/postfix/certs -iname *full*.pem)
+  SMTPD_TLS_KEY_FILE=$(find /etc/postfix/certs -iname *priv*.pem)
+fi
+
+if [[ "$SMTPD_TLS_CERT_FILE" != "" ]]; then
   # /etc/postfix/main.cf
-  postconf -e smtpd_tls_cert_file=$(find /etc/postfix/certs -iname *.crt)
-  postconf -e smtpd_tls_key_file=$(find /etc/postfix/certs -iname *.key)
+  postconf -e smtpd_tls_cert_file=$SMTPD_TLS_CERT_FILE
+  postconf -e smtpd_tls_key_file=$SMTPD_TLS_KEY_FILE
   chmod 400 /etc/postfix/certs/*.*
   # /etc/postfix/master.cf
+  #postconf -M submission/inet="submission   inet   n   -   n   -   -   smtpd -v" # enable for debugging auth on 587
   postconf -M submission/inet="submission   inet   n   -   n   -   -   smtpd"
   postconf -P "submission/inet/syslog_name=postfix/submission"
-  postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
+  postconf -P "submission/inet/smtpd_tls_security_level=encrypt" # comment out to test AUTH
   postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
   postconf -P "submission/inet/milter_macro_daemon_name=ORIGINATING"
   postconf -P "submission/inet/smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination"
+  postconf -P "submission/inet/tls_preempt_cipherlist=yes"
+
+  # only allow login from port 587
+  postconf -P "smtp/inet/smtpd_sasl_auth_enable=no"
 fi
 
 #############
@@ -128,6 +175,7 @@ cat >> /etc/opendkim/TrustedHosts <<EOF
 127.0.0.1
 localhost
 192.168.0.1/24
+172.16.0.0/12
 
 *.$maildomain
 EOF
diff --git a/build.sh b/build.sh
index f17dee5..8721c52 100755
--- a/build.sh
+++ b/build.sh
@@ -1,3 +1,3 @@
-#!/bin/bash
+#!/bin/bash -xe
 
 docker build -t ben-xo/postfix .

From 3ca01f6e778ff30eb83623a020a59e736c6ffded Mon Sep 17 00:00:00 2001
From: "Isaacs, Ben" <ben.isaacs@cbsinteractive.com>
Date: Thu, 30 Nov 2017 07:35:45 +0000
Subject: [PATCH 3/9] Rename to match docker hub, and add spool

---
 README.md         |  21 ++++++++++++++++++---
 build.sh          |   2 +-
 postfix-spool.tgz | Bin 0 -> 502 bytes
 3 files changed, 19 insertions(+), 4 deletions(-)
 create mode 100644 postfix-spool.tgz

diff --git a/README.md b/README.md
index 2f14132..cc5f491 100644
--- a/README.md
+++ b/README.md
@@ -22,7 +22,7 @@ TLS and OpenDKIM support are optional.
 	```bash
 	$ sudo docker run -p 25:25 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
-			--name postfix -d ben-xo/postfix
+			--name postfix -d benxo/postfix
 	# Set multiple user credentials: -e smtp_user=user1:pwd1,user2:pwd2,...,userN:pwdN
 	```
 2. Enable OpenDKIM: save your domain key ```.private``` in ```/path/to/domainkeys```
@@ -31,7 +31,7 @@ TLS and OpenDKIM support are optional.
 	$ sudo docker run -p 25:25 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
 			-v /path/to/domainkeys:/etc/opendkim/domainkeys \
-			--name postfix -d ben-xo/postfix
+			--name postfix -d ben-o/postfix
 	```
 3. Enable TLS(587): save your SSL certificates ```.key``` and ```.crt``` to  ```/path/to/certs```
 
@@ -39,13 +39,28 @@ TLS and OpenDKIM support are optional.
 	$ sudo docker run -p 587:587 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
 			-v /path/to/certs:/etc/postfix/certs \
-			--name postfix -d ben-xo/postfix
+			--name postfix -d benxo/postfix
 	```
 
+4. Full example (where you have symlinked certs from letsencrypt into /etc/postfix/certs):
+
+	``` bash
+    docker run -p 25:25 -p 587:587 \
+        -e maildomain=mail.example.com -e smtp_user=user:pwd \
+        -e virtual_domains="mail.example.com test.example.com etc.example.com" \
+        -v /etc/postfix/virtual:/etc/postfix/virtual \
+        -v /etc/letsencrypt/live:/etc/letsencrypt/live \
+        -v /etc/letsencrypt/archive:/etc/letsencrypt/archive \
+        -v /etc/postfix/certs:/etc/postfix/certs \
+        --name postfix -d benxo/postfix
+    ```
+
+
 ## Note
 + Login credential should be set to (`username@mail.example.com`, `password`) in Smtp Client
 + You can assign the port of MTA on the host machine to one other than 25 ([postfix how-to](http://www.postfix.org/MULTI_INSTANCE_README.html))
 + Read the reference below to find out how to generate domain keys and add public key to the domain's DNS records
++ If you want a persistent queue between restarts, you will need to extract an empty spool from /var/spool/postfix inside the container, preserving IDs and permissions!
 
 ## Reference
 + [Postfix SASL Howto](http://www.postfix.org/SASL_README.html)
diff --git a/build.sh b/build.sh
index 8721c52..ec5cca9 100755
--- a/build.sh
+++ b/build.sh
@@ -1,3 +1,3 @@
 #!/bin/bash -xe
 
-docker build -t ben-xo/postfix .
+docker build -t benxo/postfix .
diff --git a/postfix-spool.tgz b/postfix-spool.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..fd95d0b8214a8cf2b85b785b3bb89dfbca1f21f5
GIT binary patch
literal 502
zcmV<S0SW#eiwFP$z8hKq1MQmYZi65ghP{;D!8mh0*4mZCiorvcUH#P6Zfmlxn!%X9
z&yUhXewaSI@ByuC-5kx!Q{oZQqoo|%p4)c(PB|k=b0wut2&GJ^WG8*T)I?i1soU)m
zXKiz@-%ro~Db>aQ$rcA+gJAT3@lAz#z(3P0wExQw@om4A`>%{Q{j>6~_2{1n<Ua^k
z|LwjonV%uh`(>Jb%|Dg=PW}Z|G_w2;&kxR4A>Jt<lmA2BMUj6g)qDOq@*jf9f8)|D
z_cQ|Lum7BAtp7o{&i~GIY2#-EEbuQRgZ~gr{@dEcF#iu9<NV(@nEwOt*?(d7{_;Q1
zzv2@9LvZW=)t0#_kM=hQ!ejoa(27&d_)z}~1^+>~^<SrT!G3ubnD3t}6?*;Oxc|Lv
zOJ5s+8TB6{S`7Y~h;9GBa{qPO<-Se;7x?e{!+!`q&VP=%bAE=v0{=4j`R~U4AB(m=
z#gl(ZLht`J?%&tmZ(x4?#|T6HAB4$&nl+|F{kPftpHou|*IS;}f2#RI_kS1vLXz10
zul)Wmv(B|u^VjG9Q~re#k@;VF{!N+LvniirssD9s`CqyJasL-j{ZC}*`~Qvm&l^vF
s{z;bA{~YJP0000000000000000000000000003~8Hyg!&EdWpe08vj6VE_OC

literal 0
HcmV?d00001


From d477c3223d37eafbf3b4abaf6f571add4171a957 Mon Sep 17 00:00:00 2001
From: "Isaacs, Ben" <ben.isaacs@cbsinteractive.com>
Date: Thu, 30 Nov 2017 07:36:46 +0000
Subject: [PATCH 4/9] Update README about postfix-spool.tgz

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index cc5f491..34d52c3 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ TLS and OpenDKIM support are optional.
 + Login credential should be set to (`username@mail.example.com`, `password`) in Smtp Client
 + You can assign the port of MTA on the host machine to one other than 25 ([postfix how-to](http://www.postfix.org/MULTI_INSTANCE_README.html))
 + Read the reference below to find out how to generate domain keys and add public key to the domain's DNS records
-+ If you want a persistent queue between restarts, you will need to extract an empty spool from /var/spool/postfix inside the container, preserving IDs and permissions!
++ If you want a persistent queue between restarts, you will need to extract an empty spool from /var/spool/postfix inside the container, preserving IDs and permissions! One is provided in postfix-spool.tgz
 
 ## Reference
 + [Postfix SASL Howto](http://www.postfix.org/SASL_README.html)

From 2eb330faa58d69b93d9844b62c057447de32c65d Mon Sep 17 00:00:00 2001
From: "Isaacs, Ben" <ben.isaacs@cbsinteractive.com>
Date: Thu, 30 Nov 2017 07:40:31 +0000
Subject: [PATCH 5/9] Fix a typo

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 34d52c3..45f9c7c 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ TLS and OpenDKIM support are optional.
 1. Build image
 
 	```bash
-	$ ./build.sh
+	$ sudo docker pull benxo/postfix
 	```
 
 ## Usage
@@ -31,7 +31,7 @@ TLS and OpenDKIM support are optional.
 	$ sudo docker run -p 25:25 \
 			-e maildomain=mail.example.com -e smtp_user=user:pwd \
 			-v /path/to/domainkeys:/etc/opendkim/domainkeys \
-			--name postfix -d ben-o/postfix
+			--name postfix -d benxo/postfix
 	```
 3. Enable TLS(587): save your SSL certificates ```.key``` and ```.crt``` to  ```/path/to/certs```
 

From d75b4b9a890c1edd3c2cfb10fe2270a45a91fffc Mon Sep 17 00:00:00 2001
From: Ben Isaacs <ben@last.fm>
Date: Fri, 29 May 2020 13:03:14 +0100
Subject: [PATCH 6/9] Separate mailhostname from maildomain and add virtualhost
 support for DKIM

---
 README.md         |  9 +++++----
 assets/install.sh | 25 +++++++++++++++++++++++--
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index 45f9c7c..01b4321 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ TLS and OpenDKIM support are optional.
 
 	```bash
 	$ sudo docker run -p 25:25 \
-			-e maildomain=mail.example.com -e smtp_user=user:pwd \
+			-e mailhostname=mail.example.com -e maildomain=example.com -e smtp_user=user:pwd \
 			--name postfix -d benxo/postfix
 	# Set multiple user credentials: -e smtp_user=user1:pwd1,user2:pwd2,...,userN:pwdN
 	```
@@ -29,7 +29,7 @@ TLS and OpenDKIM support are optional.
 
 	```bash
 	$ sudo docker run -p 25:25 \
-			-e maildomain=mail.example.com -e smtp_user=user:pwd \
+			-e mailhostname=mail.example.com -e maildomain=example.com -e smtp_user=user:pwd \
 			-v /path/to/domainkeys:/etc/opendkim/domainkeys \
 			--name postfix -d benxo/postfix
 	```
@@ -37,7 +37,7 @@ TLS and OpenDKIM support are optional.
 
 	```bash
 	$ sudo docker run -p 587:587 \
-			-e maildomain=mail.example.com -e smtp_user=user:pwd \
+			-e mailhostname=mail.example.com -e maildomain=example.com -e smtp_user=user:pwd \
 			-v /path/to/certs:/etc/postfix/certs \
 			--name postfix -d benxo/postfix
 	```
@@ -46,8 +46,9 @@ TLS and OpenDKIM support are optional.
 
 	``` bash
     docker run -p 25:25 -p 587:587 \
-        -e maildomain=mail.example.com -e smtp_user=user:pwd \
+        -e mailhostname=mail.example.com -e maildomain=example.com -e smtp_user=user:pwd \
         -e virtual_domains="mail.example.com test.example.com etc.example.com" \
+		-v /path/to/domainkeys:/etc/opendkim/domainkeys \
         -v /etc/postfix/virtual:/etc/postfix/virtual \
         -v /etc/letsencrypt/live:/etc/letsencrypt/live \
         -v /etc/letsencrypt/archive:/etc/letsencrypt/archive \
diff --git a/assets/install.sh b/assets/install.sh
index ac29889..b040e3b 100755
--- a/assets/install.sh
+++ b/assets/install.sh
@@ -26,7 +26,12 @@ service postfix start
 tail -f /var/log/mail.log
 EOF
 chmod +x /opt/postfix.sh
-postconf -e myhostname=$maildomain
+
+if [[ -z "$mailhostname" ]]; then
+  mailhostname=$maildomain
+fi
+
+postconf -e myhostname=$mailhostname
 postconf -F '*/*/chroot = n'
 
 # set up some email security as per https://ssl-tools.net/mailservers/ and 
@@ -179,11 +184,27 @@ localhost
 
 *.$maildomain
 EOF
+
+for d in $virtual_domains; do
+  echo >> /etc/opendkim/TrustedHosts "*.$d"
+done
+
 cat >> /etc/opendkim/KeyTable <<EOF
-mail._domainkey.$maildomain $maildomain:mail:$(find /etc/opendkim/domainkeys -iname *.private)
+mail._domainkey.$maildomain $maildomain:mail:$(find /etc/opendkim/domainkeys/$maildomain -iname *.private)
 EOF
+
+for d in $virtual_domains; do
+  echo >> /etc/opendkim/KeyTable "mail._domainkey.$d $d:mail:$(find /etc/opendkim/domainkeys/$d -iname *.private)"
+done
+
 cat >> /etc/opendkim/SigningTable <<EOF
 *@$maildomain mail._domainkey.$maildomain
 EOF
+
+for d in $virtual_domains; do
+  echo >> /etc/opendkim/SigningTable "*@$d mail._domainkey.$d"
+done
+
+
 chown opendkim:opendkim $(find /etc/opendkim/domainkeys -iname *.private)
 chmod 400 $(find /etc/opendkim/domainkeys -iname *.private)

From 36ddad9e8d8b94cc52ad798e042eb3c85a94b006 Mon Sep 17 00:00:00 2001
From: Ben Isaacs <ben@last.fm>
Date: Fri, 29 May 2020 13:51:43 +0100
Subject: [PATCH 7/9] Build KeyTable and SigningTable only when keyfiles
 actually exist

---
 assets/install.sh | 21 ++++++---------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/assets/install.sh b/assets/install.sh
index b040e3b..71d4370 100755
--- a/assets/install.sh
+++ b/assets/install.sh
@@ -189,22 +189,13 @@ for d in $virtual_domains; do
   echo >> /etc/opendkim/TrustedHosts "*.$d"
 done
 
-cat >> /etc/opendkim/KeyTable <<EOF
-mail._domainkey.$maildomain $maildomain:mail:$(find /etc/opendkim/domainkeys/$maildomain -iname *.private)
-EOF
-
-for d in $virtual_domains; do
-  echo >> /etc/opendkim/KeyTable "mail._domainkey.$d $d:mail:$(find /etc/opendkim/domainkeys/$d -iname *.private)"
+for d in $maildomain $virtual_domains; do
+  private_key_file=$(find /etc/opendkim/domainkeys/$d -iname *.private)
+  if [[ "$private_key_file" != "" ]]; then
+    echo >> /etc/opendkim/KeyTable     "mail._domainkey.$d $d:mail:$private_key_file"
+    echo >> /etc/opendkim/SigningTable "*@$d mail._domainkey.$d"
+  fi
 done
 
-cat >> /etc/opendkim/SigningTable <<EOF
-*@$maildomain mail._domainkey.$maildomain
-EOF
-
-for d in $virtual_domains; do
-  echo >> /etc/opendkim/SigningTable "*@$d mail._domainkey.$d"
-done
-
-
 chown opendkim:opendkim $(find /etc/opendkim/domainkeys -iname *.private)
 chmod 400 $(find /etc/opendkim/domainkeys -iname *.private)

From ffcffa193438c6592a79711180051cefb1339303 Mon Sep 17 00:00:00 2001
From: Ben Isaacs <ben@last.fm>
Date: Thu, 11 Jun 2020 23:22:44 +0100
Subject: [PATCH 8/9] =?UTF-8?q?Add=20the=20other=20default=20docker=20rang?=
 =?UTF-8?q?e=E2=80=A6?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 assets/install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/assets/install.sh b/assets/install.sh
index 71d4370..9949bf7 100755
--- a/assets/install.sh
+++ b/assets/install.sh
@@ -56,8 +56,8 @@ postconf -e smtpd_tls_mandatory_ciphers=high
 postconf -e "smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC2, RC4, aNULL"
 postconf -e smtpd_tls_eecdh_grade=ultra
 
-# include 172.16/12 for docker
-postconf -e "mynetworks=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12"
+# include 172.16/12 and 172.17/12 for docker
+postconf -e "mynetworks=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12 172.17.0.0/12"
 
 
 ############

From edaf677bab4938fa3fd05fb06cc99a9381b959d4 Mon Sep 17 00:00:00 2001
From: Ben Isaacs <75862+ben-xo@users.noreply.github.com>
Date: Wed, 21 Apr 2021 23:46:04 +0100
Subject: [PATCH 9/9] Use a proper netmask for 172.16

---
 assets/install.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/assets/install.sh b/assets/install.sh
index 9949bf7..71d4370 100755
--- a/assets/install.sh
+++ b/assets/install.sh
@@ -56,8 +56,8 @@ postconf -e smtpd_tls_mandatory_ciphers=high
 postconf -e "smtpd_tls_exclude_ciphers = DES-CBC3-SHA, EDH-RSA-DES-CBC3-SHA, RC2, RC4, aNULL"
 postconf -e smtpd_tls_eecdh_grade=ultra
 
-# include 172.16/12 and 172.17/12 for docker
-postconf -e "mynetworks=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12 172.17.0.0/12"
+# include 172.16/12 for docker
+postconf -e "mynetworks=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12"
 
 
 ############