search

hardware / mailserver

:warning: UNMAINTAINED - Simple and full-featured mail server using Docker
https://store.docker.com/community/images/hardware/mailserver
MIT License
1.29k stars 322 forks source link

Postfix custom.conf #338

Closed nicolay-l closed 5 years ago

nicolay-l commented 5 years ago

Classification

I created such postfix's custom.conf

root@mail:/mnt/docker# cat /mnt/docker/mail/postfix/custom.conf smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, reject_rhsbl_sender dbl.spamhaus.org, check_sender_access hash:/etc/postfix/sender_access

In docker's postfix we see, that no permit_mynetworks in smtpd_sender_restrictions

root@mail:/# postconf | grep smtpd_sender_restrictions | grep sender_access smtpd_sender_restrictions = reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, reject_rhsbl_sender dbl.spamhaus.org, check_sender_access hash:/etc/postfix/sender_access but in manual mode

docker exec -ti mailserver postconf -e "cat /mnt/docker/mail/postfix/custom.conf" and everything seems to be good: root@mail:/# postconf | grep smtpd_sender_restrictions | grep sender_access smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, reject_rhsbl_sender dbl.spamhaus.org, check_sender_access hash:/etc/postfix/sender_access

Reproducibility

Please delete options that are not relevant.

Docker information

docker info `Containers: 9 Running: 7 Paused: 0 Stopped: 2 Images: 7 Server Version: 18.06.1-ce Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true Logging Driver: json-file Cgroup Driver: cgroupfs Plugins: Volume: local Network: bridge host macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file logentries splunk syslog Swarm: inactive Runtimes: runc Default Runtime: runc Init Binary: docker-init containerd version: (expected: 468a545b9edcd5932818eb9de8e72413e616e86e) runc version: N/A (expected: 69663f0bd4b60df09991c08812a60108003fa340) init version: v0.18.0 (expected: fec3683b971d9c3ef73f284f176672c44b448662) Security Options: apparmor seccomp Profile: default Kernel Version: 4.18.0-11-generic Operating System: Ubuntu 18.10 OSType: linux Architecture: x86_64 CPUs: 4 Total Memory: 3.852GiB Name: mail ID: 5E6I:KEPF:HS2S:GAZF:2ICX:HFMC:R25H:DBPM:WYRP:IZQB:HP5Y:JJTZ Docker Root Dir: /var/lib/docker Debug Mode (client): false Debug Mode (server): false Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: 127.0.0.0/8 Live Restore Enabled: false

WARNING: No swap limit support docker images hardware/mailserver --digests --filter "dangling=false" REPOSITORY TAG DIGEST IMAGE ID CREATED SIZE hardware/mailserver 1.1-stable sha256:64b4437531f60cae76fdda3ec529050781f56d180d64074f2d04b9e2c4f88625 0b60694baa09 3 days ago 385MB `

Description

Briefly describe the problem you are having in a few lines.

Steps to reproduce

  1. creaate custom.conf with upper parameter
  2. rerun container

Expected results

Actual results

Debugging information

docker logs mailserver

Configuration (docker-compose.yml, traefik.toml...etc)

hardware commented 5 years ago

What are you trying to do ? I did not understand your question.

nicolay-l commented 5 years ago

I'm trying to add custom settings to a postfix, to change smtpd_sender_restrictions I made custom.conf at path /mnt/docker/mail/postfix/custom.conf and put into it this string:

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, reject_rhsbl_sender dbl.spamhaus.org, check_sender_access hash:/etc/postfix/sender_access

When i recreate mailserver container this custom settings were ignored and smtpd_sender_restrictions was default.

Trying to figure out why the settings did not apply, I went inside the container through docker exec -ti mailserver /bin/bash Once inside, I ran postconf -e "with the above configuration line" and checked if it accepted the postfix. Postfix successfully applied it in manual mode.
The rootfs/script/usr/local/bin/run.sh does the same with custom.conf strings, but it not works when i use docker-compose

hardware commented 5 years ago

Share your logs please.

docker logs  mailserver | head -30
nicolay-l commented 5 years ago

[INFO] Traefik SSL certificates not used [INFO] No Let's encrypt live directory found [INFO] Using /var/mail/ssl/selfsigned/ folder [INFO] Found DKIM key pair for domain vidnoe.net - skip creation [INFO] Found DKIM key pair for domain vidnoe-online.ru - skip creation [INFO] Found DKIM key pair for domain stupino.su - skip creation [INFO] Found DKIM key pair for domain collada.ru - skip creation [INFO] Custom Postfix configuration file loaded [INFO] MariaDB/PostgreSQL hostname not found in /etc/hosts [INFO] Container IP found, adding a new record in /etc/hosts [INFO] Redis hostname not found in /etc/hosts [INFO] Container IP found, adding a new record in /etc/hosts [INFO] Postfix debug mode is enabled [INFO] Rspamd debug mode is enabled [INFO] ClamAV is enabled [INFO] Fetchmail forwarding is disabled [INFO] Automatic GPG encryption is disabled [INFO] ManageSieve protocol is enabled [INFO] DKIM/ARC signing is enabled [INFO] Greylisting policy is enabled [INFO] Ratelimiting policy is disabled [INFO] POP3 protocol is enabled [INFO] Unbound DNS resolver is disabled postmap: warning: /etc/postfix/main.cf, line 160: overriding earlier entry: smtpd_sender_restrictions=reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, reject_rhsbl_sender dbl.spamhaus.org, check_sender_access hash:/etc/postfix/sender_access [INFO] sender_access file found, sender access check enabled [INFO] Missing SSSE3 CPU instructions, hyperscan is disabled [INFO] clamav-unofficial-sigs is disabled (user configuration not found) 2018-12-05T21:05:22.903638+00:00 mail root: s6-supervise : spawning postfix process 2018-12-05T21:05:22.906620+00:00 mail root: s6-supervise : stopping unbound process 2018-12-05T21:05:22.908325+00:00 mail root: s6-supervise : spawning dovecot process 2018-12-05T21:05:22.911839+00:00 mail root: s6-supervise : spawning rspamd process

hardware commented 5 years ago

postmap: warning: /etc/postfix/main.cf, line 160: overriding earlier entry

I think your custom.conf is not formatted correctly because check_sender_access directive can't be applied before sender_access lookup table creation.

Solution : 

# custom.conf

smtpd_sender_restrictions = permit_mynetworks, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_sender_login_mismatch, reject_unlisted_sender, reject_rhsbl_sender dbl.spamhaus.org

But if you need check_sender_access, I'm not sure how to resolve this conflict.