enable spampd

2023-10-25 14:25:07 +00:00
parent f20896e21c
commit a23a9438f6
8 changed files with 59 additions and 13 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -4,4 +4,4 @@ ssl/certs
 ssl/tmp
 ssl/db
 */ssl
-*/postfix/relay_clientcerts
+relay_clientcerts
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -88,6 +88,11 @@ services:
      - 8025:25
    volumes:
      - spool:/var/spool/postfix
  spampd:
    build: ./spampd
    image: baloan/spampd
    volumes:
      - spamassassin:/var/lib/spamassassin
 networks:
  traefik:
    external: true
@@ -97,3 +102,4 @@ volumes:
  search:
  z-push:
  spool:
  spamassassin:
--- a/postfix/Dockerfile.alpine
+++ b/postfix/Dockerfile.alpine
@@ -1,10 +0,0 @@
 # syntax=docker.io/docker/dockerfile:1.5.2
 FROM alpine:latest
 # install apt packages
 ENV TZ Europe/Berlin 
 RUN apk add --no-cache postfix spamassassin rsyslog logrotate xz
 COPY --chmod=0775 entrypoint.sh /entrypoint.sh
 EXPOSE 25
 VOLUME /var/spool/postfix
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["postfix", "start-fg"]
--- a/spampd/Dockerfile
+++ b/spampd/Dockerfile
@@ -0,0 +1,32 @@
 # syntax=docker.io/docker/dockerfile:1.5.2
 FROM ubuntu:20.04
 # install apt packages
 ENV TZ Europe/Berlin 
 RUN <<EOF
 apt-get update
 apt-get install -y spampd rsyslog iputils-ping
 # cleanup
 apt-get autoclean
 # rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache ~/.npm
 EOF
 RUN <<EOF
 sed -e's/LISTENHOST=127.0.0.1/LISTENHOST=0.0.0.0/' \
  -e's/DESTHOST=127.0.0.1/DESTHOST=postfix/' \
  -e's/CHILDREN=3/CHILDREN=2/' \
  -e's|ADDOPTS=""|ADDOPTS="--homedir=/var/lib/spamassassin/.spamassassin"|' \
  -i /etc/default/spampd
 sed -i '/imklog/s/^/#/' /etc/rsyslog.conf
 ln -sf /dev/stdout /var/log/syslog
 usermod debian-spamd -l spamd -s /bin/bash
 groupmod debian-spamd -n spamd
 mkdir /var/run/spampd
 chown spamd:spamd /var/run/spampd
 EOF
 COPY --chmod=0775 entrypoint.sh /entrypoint.sh
 EXPOSE 10025
 VOLUME /var/lib/spamassassin
 ENTRYPOINT ["/entrypoint.sh"]
 CMD ["/usr/sbin/spampd", "--nodetach", "--user=spamd", "--group=spamd", \
  "--tagall", "--local-only", "--children=2", "--pid=/var/run/spampd/spampd.pid", \
  "--port=10025", "--host=0.0.0.0", "--relayport=10026",  "--relayhost=postfix",  \
  "--homedir=/var/lib/spamassassin/.spamassassin" ]
--- a/spampd/entrypoint.sh
+++ b/spampd/entrypoint.sh
@@ -0,0 +1,5 @@
 #!/usr/bin/env sh
 set -e
 /usr/sbin/rsyslogd
 su spamd -c "sa-update --gpghomedir /var/lib/spamassassin/sa-update-keys"
 exec "$@"
--- a/spampd/scratchpad.sh
+++ b/spampd/scratchpad.sh
@@ -0,0 +1,12 @@
 #!/usr/bin/bash
 # export DOCKER_BUILDKIT=1
 # docker run -d --name apache -p80:80 -v/root/kopano/dist:/var/www httpd
 docker rm spampd
 docker build -t spampd .
 docker run -it --rm --name spampd spampd
 docker logs -f spampd
 docker exec -it spampd sh
 docker container prune -f 
 docker kill spampd
 docker rm spampd
--- a/ssl/create-postfix-certs
+++ b/ssl/create-postfix-certs
@@ -7,6 +7,7 @@ pushd certs
 # https://www.postfix.org/postconf.5.html#relay_clientcerts
 openssl x509 -in $CN.crt -noout -pubkey | openssl pkey -pubin -outform DER | openssl dgst -md5 -c | ( read D FP; echo $FP $CN ) >>relay_clientcerts
 cp $CN.key ~/kopano-docker/etc-$CN/ssl/private
-cp kopano-ca.crt ~/kopano-docker/etc-$CN/ssl/certs
+# https://ubuntu.com/server/docs/security-trust-store
 cp kopano-ca.crt ~/kopano-docker/etc-$CN/ssl/usr-local-share-ca-certificates
 cat kopano-ca.crt $CN.crt >~/kopano-docker/etc-$CN/ssl/$CN-full-chain.pem
 popd
--- a/2
+++ b/2
@@ -1,8 +1,8 @@
 ok - complete internal SSL key generation and injection
 ok - complete relay SSL key generation and injection (manual for distribution to relay)
 poc - enable spampd
 enable zntrl.de
 remove passwords from gitlab & docker
 add spamd
 check logging for all containers
 bareos mysql backup (mysqldump, or database shutdown during backup)
 recipe: how to add a domain (dns, postfix virtual domains, webapp, z-push)