Hello community,
here is the log from the commit of package opensuse-postfix-image for
openSUSE:Factory checked in at 2020-07-20 21:03:27
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/opensuse-postfix-image (Old)
and /work/SRC/openSUSE:Factory/.opensuse-postfix-image.new.3592 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "opensuse-postfix-image"
Mon Jul 20 21:03:27 2020 rev:2 rq:821855 version:1.0.0
Changes:
--------
---
/work/SRC/openSUSE:Factory/opensuse-postfix-image/opensuse-postfix-image.changes
2020-07-15 15:07:49.603574265 +0200
+++
/work/SRC/openSUSE:Factory/.opensuse-postfix-image.new.3592/opensuse-postfix-image.changes
2020-07-20 21:05:24.145338144 +0200
@@ -1,0 +2,5 @@
+Mon Jul 20 08:36:26 UTC 2020 - Thorsten Kukuk <[email protected]>
+
+- Implement and document virtual mailbox support
+
+-------------------------------------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ README.md ++++++
--- /var/tmp/diff_new_pack.ViAu4t/_old 2020-07-20 21:05:24.837338845 +0200
+++ /var/tmp/diff_new_pack.ViAu4t/_new 2020-07-20 21:05:24.841338850 +0200
@@ -2,33 +2,113 @@
The command to run this container is:
-podman run -d --rm --name postfix -p 25:25 -e SMTP_SERVER=smtp.example.com
registry.opensuse.org/opensuse/postfix
+```sh
+podman run -d --rm --name postfix -p 25:25 -e SMTP_RELAYHOST=smtp.example.com
registry.opensuse.org/opensuse/postfix
+```
+In all examples, `podman` can be replaced directly with `docker`.
## Supported environment variables:
-DEBUG=yes|no enables "set -x" in the entrypoint script
-TZ timezone to use
-SERVER_HOSTNAME Server hostname. Emails will appear to come from the
- hostname's domain.
-SERVER_DOMAIN If not set, the domain part of SERVER_HOSTNAME will be used.
-SMTP_RELAYHOST Name of the SMTP relay server to use
-SMTP_PORT=587 The relayhost port
-SMTP_USERNAME Username to authenticate with on the relayserver
-SMTP_PASSWORD Password of the SMTP user, alternative SMTP_PASSWORD_FILE
- could be used to point to a file with the password
-SMTP_NETWORKS Comma seperated subnets who are allowed to use the relay.
- E.g. SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx, xxx.xxx.xxx.xxx/xx'
- 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are preset.
-INET_PROTOCOLS The network interface protocols used for connections.
- Valid values are "all", "ipv4", "ipv6" or "ipv4,ipv6".
- The default value is "ipv4".
-MASQUERADE_DOMAINS Comma separated list of domains that must have their
- subdomain structure stripped off.
-MYDESTINATION List of domains for which mails are delivered locally
- instead of forwarding to another machine.
+- `DEBUG=yes|no` Enables "set -x" in the entrypoint script.
+- `TZ` Timezone to use in the container.
+- `SERVER_HOSTNAME` Server hostname. Emails will appear to come from the
hostname's domain.
+- `SERVER_DOMAIN` If not set, the domain part of `SERVER_HOSTNAME` will
be used.
+- `SMTP_RELAYHOST` Name of the SMTP relay server to use.
+- `SMTP_PORT=587` The relayhost port.
+- `SMTP_USERNAME` Username to authenticate with on the relayserver.
+- `SMTP_PASSWORD` Password of the SMTP user, alternative
`SMTP_PASSWORD_FILE` could be used to point to a file with the password
+- `SMTP_NETWORKS` Comma seperated subnets who are allowed to use the
relay. E.g. `SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx, xxx.xxx.xxx.xxx/xx'`.
10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 are preset.
+- `INET_PROTOCOLS` The network interface protocols used for connections.
Valid values are "all", "ipv4", "ipv6" or "ipv4,ipv6". The default value is
"ipv4".
+- `MASQUERADE_DOMAINS` Comma separated list of domains that must have their
subdomain structure stripped off.
+- `MYDESTINATION` List of domains for which mails are delivered locally
instead of forwarding to another machine.
+- `VIRTUAL_MBOX=1` Create virtual mail boxes in /var/spool/vmail owned by
user vmail.
+- `VMAIL_UID=5000` User ID and group ID of the vmail user for virtual
domains and mailboxes.
+- `VIRTUAL_DOMAINS=` Whitespace seperated list of virtual domains, will be
written to `/etc/postfix/vhosts`.
+- `VIRTUAL_USERS=` Whitespace seperated list of virtual users email
addresses.
## Data persistence volumes
-/var/spool/postfix Postfix mail queues. A data volume should be used
- in order to save the queue content if the container
- restarts.
+- `/var/spool/postfix` Postfix mail queues. A data volume should be used in
order to save the queue content if the container restarts.
+- `/var/spool/vmail` Virtual user mboxes. This directory contains the mails
stored in Maildir format of the virtual users of the virtual domains.
Everything is owned by the `vmail` user.
+
+## Virtual domains and virtual users
+
+The environment variable `VIRTUAL_MBOX=1` will enable support for virtual
+domains and virtual users. It can be used in conjunction with a relay host.
+
+Mails for virtual domains and users are stored in Maildir format in
+`/var/spool/vmail` inside the container. To not loose the mail, this directory
+should be a persistence volume.
+`VMAIL_UID` specifies the UID and GID which owns all files below this
+directory. This makes sure, that the container is using the same UID/GID as
+the Container Host OS for the files and not regular users are owning this
+files and can read and modify them. The default UID/Gid is `5000`.
+
+There are two ways to provide the data vor virtual domains and users, via
+environment variables or via files.
+
+### Environment Variables
+
+Beside the already mentioned environment variables, two futher variables
+define the virtual domains and the virtual users.
+`VIRTUAL_DOMAINS="example.com example2.com example3.com"` is a whitespace
+seperated list which can contain one or more virtual domains. For every
+domain, an own directory below `/var/spool/vmail` will be created.
+`VIRTUAL_USERS="[email protected] [email protected] [email protected]"`
+Whitespace seperated list of virtual users email addresses.
+
+The example call:
+```sh
+podman run -d --rm --name postfix -p "25:25" -e VIRTUAL_MBOX=1 -e
VMAIL_UID=5000 -e VIRTUAL_DOMAINS="example.com example1.com" -e
VIRTUAL_USERS="[email protected] [email protected] [email protected]" -e
SERVER_HOSTNAME=smtp.example.com -e SMTP_RELAYHOST=relay.example.com -e
SMTP_USERNAME=mailer -e SMTP_PASSWORD='XXX' -v
"/srv/postfix/vmail:/var/spool/vmail"
registry.opensuse.org/opensuse/postfix:latest
+```
+
+Will store the mails for the users `[email protected]`, `[email protected]`,
+`[email protected]` into the directories inside of the container:
+- `/var/spool/vmail/example.com/user1/`
+- `/var/spool/vmail/example.com/user2/`
+- `/var/spool/vmail/example1.com/user/`
+
+and outside the container:
+- `/srv/postfix/vmail/example.com/user1/`
+- `/srv/postfix/vmail/example.com/user2/`
+- `/srv/postfix/vmail/example1.com/user/`
+
+owned by the user `vmail` with UID and GID `5000`. All other mails are
+forwarded to the relay `relay.example.com` with the account `mailer` and the
+password `XXX`.
+
+### Files
+
+Instead of maintaining a long list of environment variables, the configuration
+files could also be provided and mapped into /etc/postfix of the container.
+
+`/etc/postfix/vhosts` contains the list of virtual domains seperated by
+newlines:
+
+```
+example.com
+example1.com
+```
+
+`/etc/postfix/vmaps` contains the list of the virtual users, where to store
+them below the vmail directory and if mbox format or Maildir should be used.
+For Maildir, the configuration file for the above example would look like:
+```
[email protected] example.com/user1/
[email protected] example.com/user2/
[email protected] example1.com/user/
+```
+For mbox format, the trailing '/' needs to be removed.
+
+Additional a `/etc/postfix/vquota` file is required, which contains the quota
+of the virtual users mailbox. To disable it, the file would look like:
+```
[email protected] 0
[email protected] 0
[email protected] 0
+```
+
+The example call:
+```sh
+podman run -d --rm --name postfix -p "25:25" -e VIRTUAL_MBOX=1 -e
VMAIL_UID=5000 -e SERVER_HOSTNAME=smtp.example.com -e
SMTP_RELAYHOST=relay.example.com -e SMTP_USERNAME=mailer -e SMTP_PASSWORD='XXX'
-v "/srv/postfix/vmail:/var/spool/vmail" -v
"/srv/postfix/etc/vhosts:/etc/postfix/vhosts:ro" -v
"/srv/postfix/etc/vmaps:/etc/postfix/vmaps:ro" -v
"/srv/postfix/etc/vquota:/etc/postfix/vquota:ro"
registry.opensuse.org/opensuse/postfix:latest
+```
++++++ entrypoint.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/entrypoint/entrypoint.sh new/entrypoint/entrypoint.sh
--- old/entrypoint/entrypoint.sh 2020-07-14 14:18:03.000000000 +0200
+++ new/entrypoint/entrypoint.sh 2020-07-20 10:35:06.000000000 +0200
@@ -58,7 +58,7 @@
done
}
-configure_aliases() {
+setup_aliases() {
get_alias_maps() {
test -d /etc/aliases.d && test "$(echo /etc/aliases.d/*)" !=
"/etc/aliases.d/*" && \
@@ -82,68 +82,138 @@
set_config_value "alias_maps" "${ALLMAPS}"
}
-configure_postfix() {
-
+setup_network() {
if [ -n "${INET_PROTOCOLS}" ]; then
- set_config_value "inet_protocols" "{$INET_PROTOCOLS}"
+ set_config_value "inet_protocols" "{$INET_PROTOCOLS}"
else
- # XXX Containers have ipv6 addresses, but not routeable
- #if ip addr show dev lo | grep -q inet6 ; then
- # set_config_value "inet_protocols" "all"
- #else
- set_config_value "inet_protocols" "ipv4"
- #fi
+ # XXX Containers have ipv6 addresses, but not routeable
+ #if ip addr show dev lo | grep -q inet6 ; then
+ # set_config_value "inet_protocols" "all"
+ #else
+ set_config_value "inet_protocols" "ipv4"
+ #fi
fi
# Always allow private networks, we are running in a container...
networks='127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
if [ -n "${SMTP_NETWORKS}" ]; then
- networks+=", ${SMTP_NETWORKS}"
+ networks+=", ${SMTP_NETWORKS}"
fi
set_config_value "mynetworks" "${networks}"
+}
- if [ -n "${SERVER_HOSTNAME}" ]; then
- if [ -z "${SERVER_DOMAIN}" ]; then
- SERVER_DOMAIN=$(echo "${SERVER_HOSTNAME}" | cut -d"." -f2-)
+setup_relayhost() {
+ if [ -n "${SMTP_RELAYHOST}" ]; then
+ SMTP_PORT="${SMTP_PORT:-587}"
+ set_config_value "relayhost" "${SMTP_RELAYHOST}:${SMTP_PORT}"
+ set_config_value "smtp_use_tls" "yes"
+ # XXX enforce tls, not sure if this is always a good idea
+ set_config_value "smtp_enforce_tls" "yes"
+ set_config_value "smtp_tls_CApath" "/etc/postfix/ssl/cacerts"
+ # Debug only:
+ # set_config_value "smtp_tls_loglevel" "2"
+ fi
+
+ if [ -n "${SMTP_USERNAME}" ]; then
+ file_env 'SMTP_PASSWORD'
+ if [ -z "${SMTP_PASSWORD}" ]; then
+ echo "SMTP_PASSWORD is not set"
+ exit 1
+ fi
+ # Add auth credentials to sasl_passwd
+ echo "Adding SASL authentication configuration"
+ echo "${SMTP_RELAYHOST} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >>
/etc/postfix/sasl_passwd
+ update_db sasl_passwd
+ set_config_value "smtp_sasl_password_maps"
"hash:/etc/postfix/sasl_passwd"
+ set_config_value "smtp_sasl_auth_enable" "yes"
+ set_config_value "smtp_sasl_security_options" "noanonymous"
+ fi
+
+ if [ -n "${MASQUERADE_DOMAINS}" ]; then
+ set_config_value "masquerade_domains" "${MASQUERADE_DOMAINS}"
+ fi
+}
+
+setup_vhosts() {
+ # Create the vmail user with the requested UID, else 5000
+ VMAIL_UID="${VMAIL_UID:-5000}"
+ if [ -x /usr/sbin/adduser ]; then
+ adduser -D -h /var/spool/vmail -g "Virtual Mail User" -u ${VMAIL_UID}
-s /sbin/nologin vmail
+ if [ $? -ne 0 ]; then
+ echo "ERROR: creating of vmail user failed! Aborting."
+ exit 1
+ fi
+ else
+ useradd -d /var/spool/vmail -U -c "Virtual Mail User" -u ${VMAIL_UID}
vmail
+ if [ $? -ne 0 ]; then
+ echo "ERROR: creating of vmail user failed! Aborting."
+ exit 1
+ fi
+ if [ ! -d /var/spool/vmail ]; then
+ mkdir -p /var/spool/vmail
+ chown vmail:vmail /var/spool/vmail
+ chmod 775 /var/spool/vmail
fi
- set_config_value "myhostname" "${SERVER_HOSTNAME}"
- set_config_value "mydomain" "${SERVER_DOMAIN}"
fi
- if [ -n "${MYDESTINATION}" ]; then
- set_config_value "mydestination" "${MYDESTINATION}"
+ set_config_value "virtual_mailbox_domains" "/etc/postfix/vhosts"
+ set_config_value "virtual_mailbox_base" "/var/spool/vmail"
+ set_config_value "virtual_mailbox_maps" "hash:/etc/postfix/vmaps"
+ set_config_value "virtual_minimum_uid" "1000"
+ set_config_value "virtual_uid_maps" "static:${VMAIL_UID}"
+ set_config_value "virtual_gid_maps" "static:${VMAIL_UID}"
+ set_config_value "home_mailbox" "Maildir/"
+ # XXX make this configureable and adjust message_size_limit
+ set_config_value "virtual_mailbox_limit" "0"
+ set_config_value "mailbox_size_limit" "0" # "51200000"
+ set_config_value "message_size_limit" "0" # "10240000"
+ set_config_value "virtual_mailbox_limit_maps" "hash:/etc/postfix/vquota"
+ # Only create vhosts if not provided by admin
+ if [ ! -f /etc/postfix/vhosts ]; then
+ if [ -n "${VIRTUAL_DOMAINS}" ]; then
+ for d in ${VIRTUAL_DOMAINS}; do
+ echo "$d" >> /etc/postfix/vhosts
+ done
+ else
+ echo "${SERVER_DOMAIN}" > /etc/postfix/vhosts
+ fi
fi
- if [ -n "${SMTP_RELAYHOST}" ]; then
- SMTP_PORT="${SMTP_PORT:-587}"
- set_config_value "relayhost" "${SMTP_RELAYHOST}:${SMTP_PORT}"
- set_config_value "smtp_use_tls" "yes"
- # XXX enforce tls, not sure if this is always a good idea
- set_config_value "smtp_enforce_tls" "yes"
- set_config_value "smtp_tls_CApath" "/etc/postfix/ssl/cacerts"
- # Debug only:
- # set_config_value "smtp_tls_loglevel" "2"
+ # Only create vmaps if not provided by admin
+ if [ ! -f /etc/postfix/vmaps ]; then
+ for mail in ${VIRTUAL_USERS} ; do
+ user=${mail%@*}
+ domain=${mail#*@}
+ echo "${mail} ${domain}/${user}/" >> /etc/postfix/vmaps
+ echo "${mail} 0" >> /etc/postfix/vquota
+ done
fi
+ update_db vmaps
+ update_db vquota
+}
- if [ -n "${SMTP_USERNAME}" ]; then
- file_env 'SMTP_PASSWORD'
- if [ -z "${SMTP_PASSWORD}" ]; then
- echo "SMTP_PASSWORD is not set"
- exit 1
+configure_postfix() {
+
+ setup_network
+
+ if [ -n "${SERVER_HOSTNAME}" ]; then
+ if [ -z "${SERVER_DOMAIN}" ]; then
+ SERVER_DOMAIN=$(echo "${SERVER_HOSTNAME}" | cut -d"." -f2-)
fi
- # Add auth credentials to sasl_passwd
- echo "Adding SASL authentication configuration"
- echo "${SMTP_RELAYHOST} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >>
/etc/postfix/sasl_passwd
- update_db sasl_passwd
- set_config_value "smtp_sasl_password_maps"
"hash:/etc/postfix/sasl_passwd"
- set_config_value "smtp_sasl_auth_enable" "yes"
- set_config_value "smtp_sasl_security_options" "noanonymous"
+ set_config_value "myhostname" "${SERVER_HOSTNAME}"
+ set_config_value "mydomain" "${SERVER_DOMAIN}"
fi
- if [ -n "${MASQUERADE_DOMAINS}" ]; then
- set_config_value "masquerade_domains" "${MASQUERADE_DOMAINS}"
+ if [ "${VIRTUAL_MBOX}" -eq "1" ]; then
+ setup_vhosts
+ else
+ if [ -n "${MYDESTINATION}" ]; then
+ set_config_value "mydestination" "${MYDESTINATION}"
+ fi
fi
+ setup_relayhost
+
# Add maps to config and create database
for i in canonical relocated sender_canonical transport virtual; do
set_config_value "${i}_maps" "hash:/etc/postfix/${i}"
@@ -152,6 +222,8 @@
set_config_value "smtpd_sender_restrictions" "hash:/etc/postfix/access"
# Generate and update maps
update_db access relay
+
+ setup_aliases
}
terminate() {
@@ -209,7 +281,6 @@
# configure postfix even if postfix will not be started, to
# allow to see the result with postconf for debugging/testing.
configure_postfix
-configure_aliases
# If host mounting /var/spool/postfix, we need to delete the old pid file
# before starting services
