-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrunit_bootstrap
153 lines (134 loc) · 5.12 KB
/
runit_bootstrap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/sh
[ "${DEBUG}" == "yes" ] && set -x
print_log() {
date_time=$(date '+%Y-%m-%dT%H:%M:%S.%N%:z')
host_name=$(hostname)
process_name="runit_bootstrap"
pid=$$
message=$1
echo "${date_time} ${host_name} ${process_name}[${pid}]: ${message}"
}
add_config_value() {
key=${1}
value=${2}
config_file=${3:-/etc/postfix/main.cf}
[ "${key}" = "" ] && echo "ERROR: No key set!" && exit 1
[ "${value}" = "" ] && echo "WARNING: No value set for key ${key}!"
property_hits=$(grep -v '^#' "$config_file" | grep -c $key)
if [ $property_hits -eq 0 ]
then
print_log 'Adding configuration option "'"${key}"'" with value: "'"${value}"'"'
echo "${key} = ${value}" >> "$config_file"
else
print_log 'Replacing configuration option "'"${key}"'" with value: "'"${value}"'"'
sed -i -e "s/^${key}.*/${key} = ${value}/g" "$config_file"
fi
}
# Required configuration variable(s)
[ -z "${SERVER_HOSTNAME}" ] && echo "ERROR: SERVER_HOSTNAME is not set" && exit 1
# Default configuration variable(s) that can be overwritten
RECIPIENT_LIMIT="${RECIPIENT_LIMIT-1000}"
# Set needed config options in main.cf
add_config_value "inet_protocols" "ipv4"
add_config_value "inet_interfaces" "all"
add_config_value "mynetworks" "0.0.0.0/0"
add_config_value "myhostname" ${SERVER_HOSTNAME}
add_config_value "mydestination" '$myhostname'
add_config_value "myorigin" '$myhostname'
add_config_value "smtpd_recipient_limit" ${RECIPIENT_LIMIT}
add_config_value "smtp_use_tls" "yes"
# Optional: Use a single relay host for all outgoing mail
if [ -n "${SMTP_SERVER}" ]
then
SMTP_PORT="${SMTP_PORT-25}"
add_config_value "relayhost" "[${SMTP_SERVER}]:${SMTP_PORT}"
# Detect SMTPS port 465, and set required parameters accordingly
if [ "${SMTP_PORT}" = "465" ]
then
print_log "Detected SMTPS port 465, setting smtp_tls_wrappermode = yes and smtp_tls_security_level = encrypt."
add_config_value "smtp_tls_wrappermode" "yes"
add_config_value "smtp_tls_security_level" "encrypt"
fi
fi
# Optional: when SMTP_USERNAME and SMTP_PASSWORD are provided, create a sasl_passwd file and add it to the Postfix configuration
if [ -n "${SMTP_USERNAME}" ] && [ -n "${SMTP_PASSWORD}" ]
then
if [ ! -f /etc/postfix/sasl_passwd ]
then
grep -q "${SMTP_SERVER}" /etc/postfix/sasl_passwd > /dev/null 2>&1
if [ $? -gt 0 ]
then
print_log "Adding SASL authentication configuration."
echo "[${SMTP_SERVER}]:${SMTP_PORT} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd
postmap /etc/postfix/sasl_passwd
fi
fi
add_config_value "smtp_sasl_auth_enable" "yes"
add_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd"
add_config_value "smtp_sasl_security_options" "noanonymous"
fi
# Optional: set header tag
if [ -n "${SMTP_HEADER_TAG}" ]
then
postconf -e "header_checks = regexp:/etc/postfix/header_tag"
echo -e "/^MIME-Version:/i PREPEND RelayTag: $SMTP_HEADER_TAG\n/^Content-Transfer-Encoding:/i PREPEND RelayTag: $SMTP_HEADER_TAG" > /etc/postfix/header_tag
print_log "Setting configuration option SMTP_HEADER_TAG with value: ${SMTP_HEADER_TAG}"
fi
# Optional: rewrite outgoing domain in from-addresses
if [ -n "${REWRITE_DOMAIN}" ]
then
echo -e '/^(.*@).*$/ ${1}'"${REWRITE_DOMAIN}" > /etc/postfix/sender_canonical
add_config_value "sender_canonical_maps" "regexp:/etc/postfix/sender_canonical"
print_log "Setting configuration option REWRITE_DOMAIN with value: ${REWRITE_DOMAIN}"
fi
# Optional: rewrite From-headers
if [ -n "${REWRITE_HEADERS}" ]
then
echo -e "${REWRITE_HEADERS}" > /etc/postfix/header_checks
add_config_value "smtp_header_checks" "regexp:/etc/postfix/header_checks"
print_log "Setting configuration option REWRITE_HEADERS with value: ${REWRITE_HEADERS}"
fi
# Optional: DKIM configuration
if [ -n "${DKIM_DOMAIN}" ] && [ -n "${DKIM_KEY}" ] && [ -s "${DKIM_KEY}" ] && [ -n "${DKIM_SELECTOR}" ]
then
print_log "Enabling OpenDKIM server"
install -d -o opendkim -g opendkim /run/opendkim
chown opendkim:opendkim "${DKIM_KEY}"
chmod 600 "${DKIM_KEY}"
cat <<EOF > /etc/opendkim/opendkim.conf
BaseDirectory /run/opendkim
Syslog yes
SyslogSuccess yes
Canonicalization relaxed/simple
Mode s
Domain ${DKIM_DOMAIN}
Selector ${DKIM_SELECTOR}
KeyFile ${DKIM_KEY}
Socket inet:8891@localhost
ReportAddress postmaster@${DKIM_DOMAIN}
SendReports no
InternalHosts 0.0.0.0/0
DNSTimeout 5
SignatureAlgorithm rsa-sha256
OversignHeaders From
UserID opendkim
EOF
add_config_value "milter_default_action" "accept"
add_config_value "milter_protocol" "6"
add_config_value "smtpd_milters" "inet:localhost:8891"
add_config_value "non_smtpd_milters" '$smtpd_milters'
fi
# Optional: Use a different queue directory
if [ -n "${QUEUE_DIRECTORY}" ]
then
add_config_value "queue_directory" "${QUEUE_DIRECTORY}"
fi
# Optional: if a script is set in variable ADDITIONAL_CONFIG, source and execute it
if [ -n "${ADDITIONAL_CONFIG}" ] && [ -s "${ADDITIONAL_CONFIG}" ]
then
. "${ADDITIONAL_CONFIG}"
fi
# Generate aliases.db
newaliases
# Start postfix
exec /sbin/runsvdir /etc/service