first commit

This commit is contained in:
Andy 2018-12-17 13:53:15 +01:00
commit 8e920fa2b3
Signed by: arno
GPG Key ID: 9076D5E6B31AE99C
9 changed files with 191 additions and 0 deletions

11
Dockerfile Normal file
View File

@ -0,0 +1,11 @@
FROM alpine:3.8
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
RUN apk update && \
apk upgrade && \
apk add opendkim runit socklog && \
rm -rf /etc/service
COPY service /etc/service/
# RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
ENTRYPOINT runsvdir -P /etc/service

35
Dockerfile.debian Normal file
View File

@ -0,0 +1,35 @@
FROM debian:stretch
MAINTAINER Andrey Arapov <andrey.arapov@nixaid.com>
# To avoid problems with Dialog and curses wizards
ENV DEBIAN_FRONTEND noninteractive
# Workaround the apt-get slowness when running grsecurity kernel
# ulimit -n 1024
RUN apt-get update && \
apt-get -y install opendkim runit curl make gcc
# Compile socklog
ENV SOCKLOG_NAME "socklog-2.1.0"
ENV SOCKLOG_HASH "aa869a787ee004da4e5509b5a0031bcc17a4ab4ac650c2ce8d4e488123acb455"
RUN cd /opt && \
curl -#L -o $SOCKLOG_NAME.tar.gz http://smarden.org/socklog/$SOCKLOG_NAME.tar.gz && \
sha256sum $SOCKLOG_NAME.tar.gz |grep -qw $SOCKLOG_HASH && \
tar xf $SOCKLOG_NAME.tar.gz && \
rm -f $SOCKLOG_NAME.tar.gz && \
cd admin/$SOCKLOG_NAME && \
package/install && \
package/install-man
RUN rm -vf /etc/service/socklog-klog /etc/service/socklog-unix
#RUN useradd -r -m -d /var/run/opendkim -s /bin/false opendkim
# tzdata - so that TZ environment variable gets processed
# rsyslog - to log postfix service into /var/log/mail.log file
COPY service /etc/service/
RUN find /etc/service -xdev -type f -name "run" -exec chmod +x '{}' \;
ENTRYPOINT runsvdir -P /etc/service

29
opendkim/opendkim.conf Normal file
View File

@ -0,0 +1,29 @@
#BaseDirectory /run/opendkim
#LogWhy yes
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
#Domain example.com
#Selector default
#KeyFile /var/db/dkim/example.com.private
Socket inet:8891@localhost
#Socket local:opendkim.sock
#ReportAddress postmaster@example.com
#SendReports yes
## Hosts to sign email for - 127.0.0.1 is default
## See the OPERATION section of opendkim(8) for more information
#
# InternalHosts 192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/12
## For secondary mailservers - indicates not to sign or verify messages
## from these hosts
#
# PeerList X.X.X.X
# PidFile /var/run/opendkim/opendkim.pid

View File

@ -0,0 +1,80 @@
# This is a basic configuration that can easily be adapted to suit a standard
# installation. For more advanced options, see opendkim.conf(5) and/or
# /usr/share/doc/opendkim/examples/opendkim.conf.sample.
# Log to syslog
Syslog yes
# Required to use local socket with MTAs that access the socket as a non-
# privileged user (e.g. Postfix)
UMask 007
# Sign for example.com with key in /etc/dkimkeys/dkim.key using
# selector '2007' (e.g. 2007._domainkey.example.com)
#Domain example.com
#KeyFile /etc/dkimkeys/dkim.key
#Selector 2007
# Commonly-used options; the commented-out versions show the defaults.
#Canonicalization simple
#Mode sv
#SubDomains no
# Socket smtp://localhost
#
# ## Socket socketspec
# ##
# ## Names the socket where this filter should listen for milter connections
# ## from the MTA. Required. Should be in one of these forms:
# ##
# ## inet:port@address to listen on a specific interface
# ## inet:port to listen on all interfaces
# ## local:/path/to/socket to listen on a UNIX domain socket
#
#Socket inet:8892@localhost
Socket local:/var/run/opendkim/opendkim.sock
## PidFile filename
### default (none)
###
### Name of the file where the filter should write its pid before beginning
### normal operations.
#
PidFile /var/run/opendkim/opendkim.pid
# Always oversign From (sign using actual From and a null From to prevent
# malicious signatures header fields (From and/or others) between the signer
# and the verifier. From is oversigned by default in the Debian pacakge
# because it is often the identity key used by reputation systems and thus
# somewhat security sensitive.
OversignHeaders From
## ResolverConfiguration filename
## default (none)
##
## Specifies a configuration file to be passed to the Unbound library that
## performs DNS queries applying the DNSSEC protocol. See the Unbound
## documentation at http://unbound.net for the expected content of this file.
## The results of using this and the TrustAnchorFile setting at the same
## time are undefined.
## In Debian, /etc/unbound/unbound.conf is shipped as part of the Suggested
## unbound package
# ResolverConfiguration /etc/unbound/unbound.conf
## TrustAnchorFile filename
## default (none)
##
## Specifies a file from which trust anchor data should be read when doing
## DNS queries and applying the DNSSEC protocol. See the Unbound documentation
## at http://unbound.net for the expected format of this file.
TrustAnchorFile /usr/share/dns/root.key
## Userid userid
### default (none)
###
### Change to user "userid" before starting normal operation? May include
### a group ID as well, separated from the userid by a colon.
#
UserID opendkim

4
service/logger/finish Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
echo "${PWD##*/}: Exitted with $1 (signal: $2)"
[ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )

10
service/logger/run Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
# Collect all logs which come to /dev/log
exec 2>&1
echo "${PWD##*/}: started."
set -x
exec chpst -Unobody socklog unix /dev/log
# exec socklog unix /dev/log
# exec socat UNIX-LISTEN:/dev/log,reuseaddr,fork -

4
service/opendkim/finish Executable file
View File

@ -0,0 +1,4 @@
#!/bin/sh
echo "${PWD##*/}: Exitted with $1 (signal: $2)"
[ $1 -ne 0 ] && ( echo "${PWD##*/}: rc != 0, sleeping for 5 seconds ..."; sleep 5 )

6
service/opendkim/run Executable file
View File

@ -0,0 +1,6 @@
#!/bin/sh
echo "${PWD##*/}: started."
#chown -Rh opendkim:opendkim -- /etc/opendkim
#exec su -s /bin/sh opendkim -c "/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid" 2>&1
exec /usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid 2>&1

12
start.sh Executable file
View File

@ -0,0 +1,12 @@
#!/bin/bash
IMAGE=opendkim
docker build -t $IMAGE .
docker rm -f $IMAGE
docker run -d \
-h $(hostname -f) \
--name $IMAGE \
-v /etc/localtime:/etc/localtime:ro \
-v $PWD/opendkim:/etc/opendkim:ro \
$IMAGE