Merge branch 'develop'

NETivism · Jun 27, 2024 · 1aa6b3f · 1aa6b3f
2 parents bbd5b7b + f186de1
commit 1aa6b3f
Show file tree

Hide file tree

Showing 4 changed files with 43 additions and 23 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:buster
+FROM debian:bookworm
 MAINTAINER Jimmy Huang <jimmy@netivism.com.tw>
 
 ENV DEBIAN_FRONTEND noninteractive

diff --git a/container/init.sh b/container/init.sh
@@ -7,6 +7,12 @@ elif [ "$FQDN" = "1" ]
 then
   mailname=$(hostname -f)
 fi
+if [ -n "$DKIM_PREFIX" ]
+then
+  dkimp=$DKIM_PREFIX
+else
+  dkimp="mail"
+fi
 
 if [ -f /etc/dovecot/passwd ]; then
   rm -f /etc/dovecot/passwd
@@ -119,18 +125,18 @@ if [ -n "$mailaddr" ]; then
       chown opendkim:opendkim /etc/opendkim/globalkey.private
       chmod 600 /etc/opendkim/globalkey.private
       grep -qF "$domain" /etc/opendkim/TrustedHosts || echo -e "127.0.0.1\nlocalhost\n192.168.0.1/24\n*.$domain" >> /etc/opendkim/TrustedHosts
-      grep -qF "*@$domain netimx._domainkey.$domain" /etc/opendkim/SigningTable || echo -e "*@$domain netimx._domainkey.$domain\n$(cat /etc/opendkim/SigningTable)" > /etc/opendkim/SigningTable
-      grep -qF "netimx._domainkey.$domain $domain:netimx:/etc/opendkim/globalkey.private" /etc/opendkim/KeyTable || echo "netimx._domainkey.$domain $domain:netimx:/etc/opendkim/globalkey.private" >> /etc/opendkim/KeyTable
+      grep -qF "*@$domain $dkimp._domainkey.$domain" /etc/opendkim/SigningTable || echo -e "*@$domain $dkimp._domainkey.$domain\n$(cat /etc/opendkim/SigningTable)" > /etc/opendkim/SigningTable
+      grep -qF "$dkimp._domainkey.$domain $domain:$dkimp:/etc/opendkim/globalkey.private" /etc/opendkim/KeyTable || echo "$dkimp._domainkey.$domain $domain:$dkimp:/etc/opendkim/globalkey.private" >> /etc/opendkim/KeyTable
     elif [[ ! -d $dkim ]]
     then
       # echo "Creating OpenDKIM folder $dkim"
       mkdir -p $dkim
-      cd $dkim && opendkim-genkey -s mail -d $domain
+      cd $dkim && opendkim-genkey -s $dkimp -d $domain
       chown -R opendkim:opendkim /etc/opendkim/keys/
       echo -e "127.0.0.1\nlocalhost\n192.168.0.1/24\n*.$domain" >> /etc/opendkim/TrustedHosts
-      echo "*@$domain mail._domainkey.$domain" >> /etc/opendkim/SigningTable
-      echo "mail._domainkey.$domain $domain:mail:$dkim/mail.private" >> /etc/opendkim/KeyTable
-      cat "$dkim/mail.txt" > /home/vmail/tmp/vmail_dkim
+      echo "*@$domain $dkimp._domainkey.$domain" >> /etc/opendkim/SigningTable
+      echo "$dkimp._domainkey.$domain $domain:$dkimp:$dkim/$dkimp.private" >> /etc/opendkim/KeyTable
+      cat "$dkim/$dkimp.txt" > /home/vmail/tmp/vmail_dkim
     fi
 
     # maildirmake.dovecot does only chown on user directory, we'll create domain directory instead
@@ -191,6 +197,22 @@ if [ -n "$mailaddr" ]; then
     fi
   done
 fi
+
+dkimaddr=`cat /home/vmail/dkimaddr`
+if [ -n "$dkimaddr" ]; then
+  while read -r dkimdomain
+  do
+    if [[ -z "$dkimdomain" ]]; then
+      continue
+    fi
+    if [[ -f "/etc/opendkim/globalkey.private" ]]
+    then
+      grep -qF "*@$dkimdomain $dkimp._domainkey.$dkimdomain" /etc/opendkim/SigningTable || echo -e "*@$dkimdomain $dkimp._domainkey.$dkimdomain\n$(cat /etc/opendkim/SigningTable)" > /etc/opendkim/SigningTable
+      grep -qF "$dkimp._domainkey.$dkimdomain $dkimdomain:$dkimp:/etc/opendkim/globalkey.private" /etc/opendkim/KeyTable || echo "$dkimp._domainkey.$dkimdomain $dkimdomain:$dkimp:/etc/opendkim/globalkey.private" >> /etc/opendkim/KeyTable
+    fi
+  done < /home/vmail/dkimaddr
+fi
+
 chmod 640 /home/vmail/tmp/*
 if [ -f /home/vmail/passwd ]; then
   chown root:dovecot /etc/dovecot/passwd

diff --git a/docker-start.sh b/docker-start.sh
@@ -1,22 +1,20 @@
 #!/bin/sh
-docker pull jimyhuang/docker-postfix-dovecot
+#docker pull rg.netivism.com.tw/netivism/docker-postfix-dovecot:develop
 docker stop dovecot
 docker rm dovecot
 docker run \
-    -dit --name dovecot \
-    -p 993:993 \
-    -p 587:587 \
-    -p 25:25 \
-    -p 2525:2525 \
-    -p 465:465 \
-    -e MAILNAME="static.jimmyhub.net" \
-    -e MAILADDR="testa@static.jimmyhub.net;testb@static.jimmyhub.net" \
-    -v /etc/postfix \
-    -v /etc/ssl \
-    -v /var/vmail/opendkim:/etc/opendkim \
-    -v /etc/dovecot \
+    -d --name dovecot \
+    -p 30993:993 \
+    -p 30587:587 \
+    -p 30025:25 \
+    -p 32525:2525 \
+    -p 30465:465 \
     -v /var/vmail:/home/vmail \
     -v /var/vmail/log:/var/log \
-    jimyhuang/docker-postfix-dovecot \
-    /init.sh
+    -v /var/vmail/opendkim:/etc/opendkim \
+    -v /var/vmail/opendkim.conf:/etc/opendkim.conf \
+    -e "MAILNAME=test.netivism.com.tw" \
+    -e "TZ=Asia/Taipei" \
+    -e "DKIM_PREFIX=netimx" \
+    rg.netivism.com.tw/netivism/docker-postfix-dovecot:develop
 docker logs -f dovecot
diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
@@ -1,7 +1,7 @@
 auth_mechanisms = plain login
 auth_verbose = yes
 ssl = required
-ssl_protocols = !SSLv2 !SSLv3
+ssl_min_protocol = TLSv1.2
 ssl_key = </etc/ssl/private/dovecot.pem
 ssl_cert = </etc/ssl/certs/dovecot.pem
 disable_plaintext_auth = yes