diff --git a/Dockerfile b/Dockerfile index 9e274e2..42f2864 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.16 as postfix_exporter +FROM golang:1.16 AS postfix_exporter ENV \ POSTFIX_EXPORTER_VERSION=0.3.0 \ @@ -16,8 +16,8 @@ RUN set -x \ # Postfix SMTP Relay -# Debian Bookworm -FROM debian:12 +# Debian Trixie +FROM debian:13 EXPOSE 25 587 2525 @@ -33,7 +33,7 @@ RUN set -x \ RUN set -x \ && export DEBIAN_FRONTEND=noninteractive \ && apt-get update \ - && apt-get install -y --no-install-recommends postfix mailutils busybox-syslogd opendkim opendkim-tools libsasl2-modules sasl2-bin curl ca-certificates procps s6 inotify-tools \ + && apt-get install -y --no-install-recommends postfix mailutils busybox-syslogd opendkim opendkim-tools libsasl2-modules sasl2-bin curl ssl-cert ca-certificates procps s6 inotify-tools \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ ; @@ -45,7 +45,6 @@ RUN set -x \ && postconf -Me submission/inet="submission inet n - y - - smtpd" \ && postconf -Me 2525/inet="2525 inet n - y - - smtpd" \ && cp --remove-destination /usr/share/postfix/makedefs.out /etc/postfix/makedefs.out \ - && cp -a /var/spool/postfix /var/spool/postfix.cache \ && rm -f /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem \ && sed -i -E '/^smtpd_tls_cert_file|^smtpd_tls_key_file/d' /etc/postfix/main.cf \ && rm -f /etc/opendkim.conf \ diff --git a/LICENSE b/LICENSE index d7128f7..e3b98f6 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015 - 2022 Volt Grid Pty Ltd +Copyright (c) 2015 - 2025 Volt Grid Pty Ltd Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/entry.sh b/entry.sh index 48d2ecd..9b10850 100755 --- a/entry.sh +++ b/entry.sh @@ -3,6 +3,8 @@ set -e [ "${DEBUG:-false}" == 'true' ] && set -x +echo "smtp >> Starting..." + # Defaults if [ -z "$MAILNAME" ]; then echo "smtp >> Error: MAILNAME not specified" diff --git a/s6/config-reloader/run b/s6/config-reloader/run index a4ca461..2ee9b84 100755 --- a/s6/config-reloader/run +++ b/s6/config-reloader/run @@ -4,19 +4,26 @@ : "${CONFIG_RELOADER_ENABLED:=false}" +watch_files=( + "${TLS_CRT:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" + "${TLS_KEY:-/etc/ssl/private/ssl-cert-snakeoil.key}" + "${CLIENT_TLS_KEY:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" + "${CLIENT_TLS_CRT:-/etc/ssl/private/ssl-cert-snakeoil.key}" +) + if [[ "${CONFIG_RELOADER_ENABLED}" != "true" ]]; then echo "config-reloader >> Config reloader is not being started" s6-svc -d "$(pwd)" exit +else + for file in "${watch_files[@]}"; do + while [ ! -f "$file" ]; do + echo "config-reloader >> Waiting for file to be created: $file" + sleep 1 + done + done fi -watch_files=( - "${TLS_CRT:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" - "${TLS_KEY:-/etc/ssl/private/ssl-cert-snakeoil.key}" - "${CLIENT_TLS_KEY:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" - "${CLIENT_TLS_CRT:-/etc/ssl/private/ssl-cert-snakeoil.key}" -) - # Start infinite loop while true; do postfix reload diff --git a/s6/postfix/run b/s6/postfix/run index 9fd0034..74f34ea 100755 --- a/s6/postfix/run +++ b/s6/postfix/run @@ -29,17 +29,8 @@ unset LANG cd /etc/postfix -# Copy default spool from cache -# Note: this test may get confused if a volume is mounted that already contains unrelated directories (eg lost+found) -if [ ! "$(ls -A /var/spool/postfix)" ]; then - echo "postfix >> Copying postfix spool directory from postfix.cache (from the image)" - cp -a /var/spool/postfix.cache/* /var/spool/postfix/ -else - echo "postfix >> Fixing/resetting spool directory permissions" - chgrp -R postdrop /var/spool/postfix/public - chgrp -R postdrop /var/spool/postfix/maildrop - postfix set-permissions -fi +echo "postfix >> Fixing/resetting spool directory permissions" +postfix set-permissions # DKIM if [ "${USE_DKIM}" == "yes" ]; then @@ -51,16 +42,12 @@ if [ "${USE_DKIM}" == "yes" ]; then postconf -e non_smtpd_milters="inet:localhost:8891" fi -echo "postfix >> Setting smtpd_use_tls to ${USE_TLS}" -postconf -e smtpd_use_tls="${USE_TLS}" - if [ "${USE_TLS}" == "yes" ]; then if [ "${TLS_KEY}" == "/etc/ssl/private/ssl-cert-snakeoil.key" ] || [ "${CLIENT_TLS_KEY}" == "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then echo "postfix >> Generating snakeoil SSL cert" dpkg-reconfigure -f noninteractive ssl-cert fi echo "postfix >> Setting smtp_tls parameters" - # setting smtpd_tls_security_level implies smtp_use_tls="yes" postconf -e smtp_tls_security_level="${CLIENT_TLS_SECURITY_LEVEL}" postconf -e smtp_tls_key_file="${CLIENT_TLS_KEY}" postconf -e smtp_tls_cert_file="${CLIENT_TLS_CRT}" @@ -68,7 +55,6 @@ if [ "${USE_TLS}" == "yes" ]; then postconf -e smtp_tls_CApath="/etc/ssl/certs" postconf -e smtp_tls_loglevel="1" echo "postfix >> Setting smtpd_tls parameters" - # setting smtpd_tls_security_level implies smtpd_use_tls="yes" postconf -e smtpd_tls_security_level="${TLS_SECURITY_LEVEL}" postconf -e smtpd_tls_key_file="${TLS_KEY}" postconf -e smtpd_tls_cert_file="${TLS_CRT}" @@ -244,9 +230,6 @@ fi # Cleanup stale pids incase we hadn't exited cleanly rm -f /var/spool/postfix/pid/* -# configure instance (populate etc) -/usr/lib/postfix/configure-instance.sh - # check postfix is happy (also will fix some things) echo "postfix >> Checking Postfix Configuration" postfix check diff --git a/s6/postfix_exporter/run b/s6/postfix_exporter/run index 2092aa1..cfabb2e 100755 --- a/s6/postfix_exporter/run +++ b/s6/postfix_exporter/run @@ -14,6 +14,10 @@ if [[ "${POSTFIX_EXPORTER_ENABLED}" == "true" ]] && [[ "${LOGOUTPUT}" != "/dev/s elif [[ "${POSTFIX_EXPORTER_ENABLED}" == "true" ]]; then s6-svwait -u /etc/s6/postfix/log echo "postfix_exporter >> Starting postfix_exporter" + while [ ! -f /var/log/s6-maillog/current ]; do + echo "postfix_exporter >> waiting for /var/log/s6-maillog/current to be created" + sleep 1 + done exec s6-setuidgid postfix postfix_exporter --postfix.logfile_path=/var/log/s6-maillog/current fi