first commit

2018-12-17 13:53:15 +01:00 · 2018-12-17 13:53:15 +01:00 · 8e920fa2b3
commit 8e920fa2b3
9 changed files with 191 additions and 0 deletions
--- a/11
+++ b/11
@ -0,0 +1,11 @@
 FROM alpine:3.8
 MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
 RUN apk update && \
    apk upgrade && \
    apk add opendkim runit socklog && \
    rm -rf /etc/service
 COPY service /etc/service/
 # RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
 ENTRYPOINT runsvdir -P /etc/service
--- a/Dockerfile.debian
+++ b/Dockerfile.debian
@ -0,0 +1,35 @@
 FROM debian:stretch
 MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
 # To avoid problems with Dialog and curses wizards
 ENV DEBIAN_FRONTEND noninteractive
 # Workaround the apt-get slowness when running grsecurity kernel
 # ulimit -n 1024
 RUN apt-get update && \
    apt-get -y install opendkim runit curl make gcc
 # Compile socklog
 ENV SOCKLOG_NAME "socklog-2.1.0"
 ENV SOCKLOG_HASH "aa869a787ee004da4e5509b5a0031bcc17a4ab4ac650c2ce8d4e488123acb455"
 RUN cd /opt && \
    curl -#L -o $SOCKLOG_NAME.tar.gz http://smarden.org/socklog/$SOCKLOG_NAME.tar.gz && \
    sha256sum $SOCKLOG_NAME.tar.gz |grep -qw $SOCKLOG_HASH && \
    tar xf $SOCKLOG_NAME.tar.gz && \
    rm -f $SOCKLOG_NAME.tar.gz && \
    cd admin/$SOCKLOG_NAME && \
    package/install && \
    package/install-man
 RUN rm -vf /etc/service/socklog-klog /etc/service/socklog-unix
 #RUN useradd -r -m -d /var/run/opendkim -s /bin/false opendkim
 # tzdata - so that TZ environment variable gets processed
 # rsyslog - to log postfix service into /var/log/mail.log file
 COPY service /etc/service/
 RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
 ENTRYPOINT runsvdir -P /etc/service
--- a/opendkim/opendkim.conf
+++ b/opendkim/opendkim.conf
@ -0,0 +1,29 @@
 #BaseDirectory		/run/opendkim
 #LogWhy                 yes
 Syslog                  yes
 SyslogSuccess           yes
 Canonicalization	relaxed/simple
 #Domain			example.com
 #Selector		default
 #KeyFile			/var/db/dkim/example.com.private
 Socket                  inet:8891@localhost
 #Socket			local:opendkim.sock
 #ReportAddress           postmaster@example.com
 #SendReports             yes
 ## Hosts to sign email for - 127.0.0.1 is default
 ## See the OPERATION section of opendkim(8) for more information
 #
 # InternalHosts		192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
 ## For secondary mailservers - indicates not to sign or verify messages
 ## from these hosts
 #
 # PeerList		X.X.X.X
 # PidFile		/var/run/opendkim/opendkim.pid
--- a/opendkim/opendkim.conf.debian
+++ b/opendkim/opendkim.conf.debian
@ -0,0 +1,80 @@
 # This is a basic configuration that can easily be adapted to suit a standard
 # installation. For more advanced options, see opendkim.conf(5) and/or
 # /usr/share/doc/opendkim/examples/opendkim.conf.sample.
 # Log to syslog
 Syslog			yes
 # Required to use local socket with MTAs that access the socket as a non-
 # privileged user (e.g. Postfix)
 UMask			007
 # Sign for example.com with key in /etc/dkimkeys/dkim.key using
 # selector '2007' (e.g. 2007._domainkey.example.com)
 #Domain			example.com
 #KeyFile		/etc/dkimkeys/dkim.key
 #Selector		2007
 # Commonly-used options; the commented-out versions show the defaults.
 #Canonicalization	simple
 #Mode			sv
 #SubDomains		no
 # Socket smtp://localhost
 #
 # ##  Socket socketspec
 # ##
 # ##  Names the socket where this filter should listen for milter connections
 # ##  from the MTA.  Required.  Should be in one of these forms:
 # ##
 # ##  inet:port@address           to listen on a specific interface
 # ##  inet:port                   to listen on all interfaces
 # ##  local:/path/to/socket       to listen on a UNIX domain socket
 #
 #Socket                  inet:8892@localhost
 Socket			local:/var/run/opendkim/opendkim.sock
 ##  PidFile filename
 ###      default (none)
 ###
 ###  Name of the file where the filter should write its pid before beginning
 ###  normal operations.
 #
 PidFile               /var/run/opendkim/opendkim.pid
 # Always oversign From (sign using actual From and a null From to prevent
 # malicious signatures header fields (From and/or others) between the signer
 # and the verifier.  From is oversigned by default in the Debian pacakge
 # because it is often the identity key used by reputation systems and thus
 # somewhat security sensitive.
 OversignHeaders		From
 ##  ResolverConfiguration filename
 ##      default (none)
 ##
 ##  Specifies a configuration file to be passed to the Unbound library that
 ##  performs DNS queries applying the DNSSEC protocol.  See the Unbound
 ##  documentation at http://unbound.net for the expected content of this file.
 ##  The results of using this and the TrustAnchorFile setting at the same
 ##  time are undefined.
 ##  In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
 ##  unbound package
 # ResolverConfiguration     /etc/unbound/unbound.conf
 ##  TrustAnchorFile filename
 ##      default (none)
 ##
 ## Specifies a file from which trust anchor data should be read when doing
 ## DNS queries and applying the DNSSEC protocol.  See the Unbound documentation
 ## at http://unbound.net for the expected format of this file.
 TrustAnchorFile       /usr/share/dns/root.key
 ##  Userid userid
 ###      default (none)
 ###
 ###  Change to user "userid" before starting normal operation?  May include
 ###  a group ID as well, separated from the userid by a colon.
 #
 UserID                opendkim
--- a/service/logger/finish
+++ b/service/logger/finish
@ -0,0 +1,4 @@
 #!/bin/sh
 echo "${PWD##*/}: Exitted with $1 (signal: $2)"
 [ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )
--- a/service/logger/run
+++ b/service/logger/run
@ -0,0 +1,10 @@
 #!/bin/sh
 # Collect all logs which come to /dev/log
 exec 2>&1
 echo "${PWD##*/}: started."
 set -x
 exec chpst -Unobody socklog unix /dev/log
 # exec socklog unix /dev/log
 # exec socat UNIX-LISTEN:/dev/log,reuseaddr,fork -
--- a/service/opendkim/finish
+++ b/service/opendkim/finish
@ -0,0 +1,4 @@
 #!/bin/sh
 echo "${PWD##*/}: Exitted with $1 (signal: $2)"
 [ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )
--- a/service/opendkim/run
+++ b/service/opendkim/run
@ -0,0 +1,6 @@
 #!/bin/sh
 echo "${PWD##*/}: started."
 #chown -Rh opendkim:opendkim -- /etc/opendkim
 #exec su -s /bin/sh opendkim -c "/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid" 2>&1
 exec /usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid 2>&1
--- a/start.sh
+++ b/start.sh
@ -0,0 +1,12 @@
 #!/bin/bash
 IMAGE=opendkim
 docker build -t $IMAGE .
 docker rm -f $IMAGE
 docker run -d \
  -h $(hostname -f) \
  --name $IMAGE \
  -v /etc/localtime:/etc/localtime:ro \
  -v $PWD/opendkim:/etc/opendkim:ro \
  $IMAGE