Browse Source

first commit

master
Andrey Arapov 8 months ago
commit
8e920fa2b3
Signed by: Andrey Arapov <andrey.arapov@nixaid.com> GPG Key ID: 9076D5E6B31AE99C
9 changed files with 191 additions and 0 deletions
  1. 11
    0
      Dockerfile
  2. 35
    0
      Dockerfile.debian
  3. 29
    0
      opendkim/opendkim.conf
  4. 80
    0
      opendkim/opendkim.conf.debian
  5. 4
    0
      service/logger/finish
  6. 10
    0
      service/logger/run
  7. 4
    0
      service/opendkim/finish
  8. 6
    0
      service/opendkim/run
  9. 12
    0
      start.sh

+ 11
- 0
Dockerfile View File

@@ -0,0 +1,11 @@
1
+FROM alpine:3.8
2
+MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
3
+
4
+RUN apk update && \
5
+    apk upgrade && \
6
+    apk add opendkim runit socklog && \
7
+    rm -rf /etc/service
8
+
9
+COPY service /etc/service/
10
+# RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
11
+ENTRYPOINT runsvdir -P /etc/service

+ 35
- 0
Dockerfile.debian View File

@@ -0,0 +1,35 @@
1
+FROM debian:stretch
2
+MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
3
+
4
+# To avoid problems with Dialog and curses wizards
5
+ENV DEBIAN_FRONTEND noninteractive
6
+
7
+# Workaround the apt-get slowness when running grsecurity kernel
8
+# ulimit -n 1024
9
+RUN apt-get update && \
10
+    apt-get -y install opendkim runit curl make gcc
11
+
12
+# Compile socklog
13
+ENV SOCKLOG_NAME "socklog-2.1.0"
14
+ENV SOCKLOG_HASH "aa869a787ee004da4e5509b5a0031bcc17a4ab4ac650c2ce8d4e488123acb455"
15
+
16
+RUN cd /opt && \
17
+    curl -#L -o $SOCKLOG_NAME.tar.gz http://smarden.org/socklog/$SOCKLOG_NAME.tar.gz && \
18
+    sha256sum $SOCKLOG_NAME.tar.gz |grep -qw $SOCKLOG_HASH && \
19
+    tar xf $SOCKLOG_NAME.tar.gz && \
20
+    rm -f $SOCKLOG_NAME.tar.gz && \
21
+    cd admin/$SOCKLOG_NAME && \
22
+    package/install && \
23
+    package/install-man
24
+
25
+RUN rm -vf /etc/service/socklog-klog /etc/service/socklog-unix
26
+
27
+#RUN useradd -r -m -d /var/run/opendkim -s /bin/false opendkim
28
+
29
+# tzdata - so that TZ environment variable gets processed
30
+# rsyslog - to log postfix service into /var/log/mail.log file
31
+
32
+COPY service /etc/service/
33
+RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
34
+
35
+ENTRYPOINT runsvdir -P /etc/service

+ 29
- 0
opendkim/opendkim.conf View File

@@ -0,0 +1,29 @@
1
+#BaseDirectory		/run/opendkim
2
+
3
+#LogWhy                 yes
4
+Syslog                  yes
5
+SyslogSuccess           yes
6
+
7
+Canonicalization	relaxed/simple
8
+
9
+#Domain			example.com
10
+#Selector		default
11
+#KeyFile			/var/db/dkim/example.com.private
12
+
13
+Socket                  inet:8891@localhost
14
+#Socket			local:opendkim.sock
15
+
16
+#ReportAddress           postmaster@example.com
17
+#SendReports             yes
18
+
19
+## Hosts to sign email for - 127.0.0.1 is default
20
+## See the OPERATION section of opendkim(8) for more information
21
+#
22
+# InternalHosts		192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
23
+
24
+## For secondary mailservers - indicates not to sign or verify messages
25
+## from these hosts
26
+#
27
+# PeerList		X.X.X.X
28
+
29
+# PidFile		/var/run/opendkim/opendkim.pid

+ 80
- 0
opendkim/opendkim.conf.debian View File

@@ -0,0 +1,80 @@
1
+# This is a basic configuration that can easily be adapted to suit a standard
2
+# installation. For more advanced options, see opendkim.conf(5) and/or
3
+# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
4
+
5
+# Log to syslog
6
+Syslog			yes
7
+# Required to use local socket with MTAs that access the socket as a non-
8
+# privileged user (e.g. Postfix)
9
+UMask			007
10
+
11
+# Sign for example.com with key in /etc/dkimkeys/dkim.key using
12
+# selector '2007' (e.g. 2007._domainkey.example.com)
13
+#Domain			example.com
14
+#KeyFile		/etc/dkimkeys/dkim.key
15
+#Selector		2007
16
+
17
+# Commonly-used options; the commented-out versions show the defaults.
18
+#Canonicalization	simple
19
+#Mode			sv
20
+#SubDomains		no
21
+
22
+# Socket smtp://localhost
23
+#
24
+# ##  Socket socketspec
25
+# ##
26
+# ##  Names the socket where this filter should listen for milter connections
27
+# ##  from the MTA.  Required.  Should be in one of these forms:
28
+# ##
29
+# ##  inet:port@address           to listen on a specific interface
30
+# ##  inet:port                   to listen on all interfaces
31
+# ##  local:/path/to/socket       to listen on a UNIX domain socket
32
+#
33
+#Socket                  inet:8892@localhost
34
+Socket			local:/var/run/opendkim/opendkim.sock
35
+
36
+##  PidFile filename
37
+###      default (none)
38
+###
39
+###  Name of the file where the filter should write its pid before beginning
40
+###  normal operations.
41
+#
42
+PidFile               /var/run/opendkim/opendkim.pid
43
+
44
+
45
+# Always oversign From (sign using actual From and a null From to prevent
46
+# malicious signatures header fields (From and/or others) between the signer
47
+# and the verifier.  From is oversigned by default in the Debian pacakge
48
+# because it is often the identity key used by reputation systems and thus
49
+# somewhat security sensitive.
50
+OversignHeaders		From
51
+
52
+##  ResolverConfiguration filename
53
+##      default (none)
54
+##
55
+##  Specifies a configuration file to be passed to the Unbound library that
56
+##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
57
+##  documentation at http://unbound.net for the expected content of this file.
58
+##  The results of using this and the TrustAnchorFile setting at the same
59
+##  time are undefined.
60
+##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
61
+##  unbound package
62
+
63
+# ResolverConfiguration     /etc/unbound/unbound.conf
64
+
65
+##  TrustAnchorFile filename
66
+##      default (none)
67
+##
68
+## Specifies a file from which trust anchor data should be read when doing
69
+## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
70
+## at http://unbound.net for the expected format of this file.
71
+
72
+TrustAnchorFile       /usr/share/dns/root.key
73
+
74
+##  Userid userid
75
+###      default (none)
76
+###
77
+###  Change to user "userid" before starting normal operation?  May include
78
+###  a group ID as well, separated from the userid by a colon.
79
+#
80
+UserID                opendkim

+ 4
- 0
service/logger/finish View File

@@ -0,0 +1,4 @@
1
+#!/bin/sh
2
+
3
+echo "${PWD##*/}: Exitted with $1 (signal: $2)"
4
+[ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )

+ 10
- 0
service/logger/run View File

@@ -0,0 +1,10 @@
1
+#!/bin/sh
2
+# Collect all logs which come to /dev/log
3
+exec 2>&1
4
+
5
+echo "${PWD##*/}: started."
6
+
7
+set -x
8
+exec chpst -Unobody socklog unix /dev/log
9
+# exec socklog unix /dev/log
10
+# exec socat UNIX-LISTEN:/dev/log,reuseaddr,fork -

+ 4
- 0
service/opendkim/finish View File

@@ -0,0 +1,4 @@
1
+#!/bin/sh
2
+
3
+echo "${PWD##*/}: Exitted with $1 (signal: $2)"
4
+[ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )

+ 6
- 0
service/opendkim/run View File

@@ -0,0 +1,6 @@
1
+#!/bin/sh
2
+echo "${PWD##*/}: started."
3
+
4
+#chown -Rh opendkim:opendkim -- /etc/opendkim
5
+#exec su -s /bin/sh opendkim -c "/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid" 2>&1
6
+exec /usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid 2>&1

+ 12
- 0
start.sh View File

@@ -0,0 +1,12 @@
1
+#!/bin/bash
2
+
3
+IMAGE=opendkim
4
+
5
+docker build -t $IMAGE .
6
+docker rm -f $IMAGE
7
+docker run -d \
8
+  -h $(hostname -f) \
9
+  --name $IMAGE \
10
+  -v /etc/localtime:/etc/localtime:ro \
11
+  -v $PWD/opendkim:/etc/opendkim:ro \
12
+  $IMAGE

Loading…
Cancel
Save