Browse Source

first commit

master
Andrey Arapov 1 year ago
commit
8e920fa2b3
Signed by: arno <andrey.arapov@nixaid.com> GPG Key ID: 9076D5E6B31AE99C
9 changed files with 191 additions and 0 deletions
  1. +11
    -0
      Dockerfile
  2. +35
    -0
      Dockerfile.debian
  3. +29
    -0
      opendkim/opendkim.conf
  4. +80
    -0
      opendkim/opendkim.conf.debian
  5. +4
    -0
      service/logger/finish
  6. +10
    -0
      service/logger/run
  7. +4
    -0
      service/opendkim/finish
  8. +6
    -0
      service/opendkim/run
  9. +12
    -0
      start.sh

+ 11
- 0
Dockerfile View File

@@ -0,0 +1,11 @@
FROM alpine:3.8
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>

RUN apk update && \
apk upgrade && \
apk add opendkim runit socklog && \
rm -rf /etc/service

COPY service /etc/service/
# RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
ENTRYPOINT runsvdir -P /etc/service

+ 35
- 0
Dockerfile.debian View File

@@ -0,0 +1,35 @@
FROM debian:stretch
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>

# To avoid problems with Dialog and curses wizards
ENV DEBIAN_FRONTEND noninteractive

# Workaround the apt-get slowness when running grsecurity kernel
# ulimit -n 1024
RUN apt-get update && \
apt-get -y install opendkim runit curl make gcc

# Compile socklog
ENV SOCKLOG_NAME "socklog-2.1.0"
ENV SOCKLOG_HASH "aa869a787ee004da4e5509b5a0031bcc17a4ab4ac650c2ce8d4e488123acb455"

RUN cd /opt && \
curl -#L -o $SOCKLOG_NAME.tar.gz http://smarden.org/socklog/$SOCKLOG_NAME.tar.gz && \
sha256sum $SOCKLOG_NAME.tar.gz |grep -qw $SOCKLOG_HASH && \
tar xf $SOCKLOG_NAME.tar.gz && \
rm -f $SOCKLOG_NAME.tar.gz && \
cd admin/$SOCKLOG_NAME && \
package/install && \
package/install-man

RUN rm -vf /etc/service/socklog-klog /etc/service/socklog-unix

#RUN useradd -r -m -d /var/run/opendkim -s /bin/false opendkim

# tzdata - so that TZ environment variable gets processed
# rsyslog - to log postfix service into /var/log/mail.log file

COPY service /etc/service/
RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;

ENTRYPOINT runsvdir -P /etc/service

+ 29
- 0
opendkim/opendkim.conf View File

@@ -0,0 +1,29 @@
#BaseDirectory /run/opendkim

#LogWhy yes
Syslog yes
SyslogSuccess yes

Canonicalization relaxed/simple

#Domain example.com
#Selector default
#KeyFile /var/db/dkim/example.com.private

Socket inet:8891@localhost
#Socket local:opendkim.sock

#ReportAddress postmaster@example.com
#SendReports yes

## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12

## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList X.X.X.X

# PidFile /var/run/opendkim/opendkim.pid

+ 80
- 0
opendkim/opendkim.conf.debian View File

@@ -0,0 +1,80 @@
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.

# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 007

# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
#KeyFile /etc/dkimkeys/dkim.key
#Selector 2007

# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no

# Socket smtp://localhost
#
# ## Socket socketspec
# ##
# ## Names the socket where this filter should listen for milter connections
# ## from the MTA. Required. Should be in one of these forms:
# ##
# ## inet:port@address to listen on a specific interface
# ## inet:port to listen on all interfaces
# ## local:/path/to/socket to listen on a UNIX domain socket
#
#Socket inet:8892@localhost
Socket local:/var/run/opendkim/opendkim.sock

## PidFile filename
### default (none)
###
### Name of the file where the filter should write its pid before beginning
### normal operations.
#
PidFile /var/run/opendkim/opendkim.pid


# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From

## ResolverConfiguration filename
## default (none)
##
## Specifies a configuration file to be passed to the Unbound library that
## performs DNS queries applying the DNSSEC protocol. See the Unbound
## documentation at http://unbound.net for the expected content of this file.
## The results of using this and the TrustAnchorFile setting at the same
## time are undefined.
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
## unbound package

# ResolverConfiguration /etc/unbound/unbound.conf

## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.

TrustAnchorFile /usr/share/dns/root.key

## Userid userid
### default (none)
###
### Change to user "userid" before starting normal operation? May include
### a group ID as well, separated from the userid by a colon.
#
UserID opendkim

+ 4
- 0
service/logger/finish View File

@@ -0,0 +1,4 @@
#!/bin/sh

echo "${PWD##*/}: Exitted with $1 (signal: $2)"
[ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )

+ 10
- 0
service/logger/run View File

@@ -0,0 +1,10 @@
#!/bin/sh
# Collect all logs which come to /dev/log
exec 2>&1

echo "${PWD##*/}: started."

set -x
exec chpst -Unobody socklog unix /dev/log
# exec socklog unix /dev/log
# exec socat UNIX-LISTEN:/dev/log,reuseaddr,fork -

+ 4
- 0
service/opendkim/finish View File

@@ -0,0 +1,4 @@
#!/bin/sh

echo "${PWD##*/}: Exitted with $1 (signal: $2)"
[ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )

+ 6
- 0
service/opendkim/run View File

@@ -0,0 +1,6 @@
#!/bin/sh
echo "${PWD##*/}: started."

#chown -Rh opendkim:opendkim -- /etc/opendkim
#exec su -s /bin/sh opendkim -c "/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid" 2>&1
exec /usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid 2>&1

+ 12
- 0
start.sh View File

@@ -0,0 +1,12 @@
#!/bin/bash

IMAGE=opendkim

docker build -t $IMAGE .
docker rm -f $IMAGE
docker run -d \
-h $(hostname -f) \
--name $IMAGE \
-v /etc/localtime:/etc/localtime:ro \
-v $PWD/opendkim:/etc/opendkim:ro \
$IMAGE

Loading…
Cancel
Save