| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Sending mail to an external server previously fails due to name
resolution error. ("Host or domain name not found. Name service error
for name=xxxxxxxxxx type=A: Host not found, try again")
The reason this was happening is because the relay process runs in a
chroot jail and can not access the docker container's resolve.conf file.
Given the system is containerized, which is like a chroot on steroids,
I'm comfortable disabling chrooting for mail processes to work around
this.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
This allows output to be read with `docker compose logs`.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
As hinted by the previous commit, the mailnode system is built in a
single docker image for simplicity. Defining multiple Dockerfiles would
lead to many redundant tasks and be harder to maintain. So a common
image for all services is built.
However, the compose file spawns a unique container for each service,
and communication occurs via the filesystem, through volumes. Note also
that some fields in docker-compose.yml are required to be set by the
end-user.
The mail system is oriented around virtual users, so that nobody needs
their own unix system account. However, best security practice is to
create a dedicated user to own the mails - this user shouldn't be used
for any other purpose. For this, the Dockerfile creates the user
"vmailbox".
The reason for declaring port exposure for TCP/80 is to enable automated
TLS encryption with nginx-proxy-acme. This port is not actually opened
by the compose file.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
This is used to generate database files used by postfix daemons.
In theory, this could also be performed at build-time by the Dockerfile.
However, I intend to create only a single image that each service
separately spawns from, since there will be several commonalities
between them. Moving these postfix-specific tasks to an entrypoint
script keeps the common Dockerfile more managable.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
The encrypted "submissions" port (465) is opened in postfix and is
configured for delivery of outgoing mail of authenticated users only.
The authentication is provided by dovecot via unix socket and account
data is sourced from the userconfig directory.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Setup postfix and dovecot to work with virtual domains/mailboxes and
user accounts defined in the userconfig directory. Services are also
configured to use TLS certificates that will later be provided by the
nginx-proxy acme service.
Basic formatting and informative comments are added to config files.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
passwd is formatted like a standard unix password file, and is currently
used to record a username, password, uid, and gid for each mail user.
The row present in the file is a dummy record.
Because the mailnode system will support multiple virtual domains and
users, usernames should be full email addresses. At the moment, it is
also important for all uid/gids to be set to the static value 2000,
since that is the real unix account that will own the data files.
aliases will hold virtual alias addresses. Each is one-per-line, with
one alias address mapping to one or more forwarding addresses. Forward
addresses can be of different domains, or even domains foreign to this
mailnode install.
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
|
Signed-off-by: Malfurious <m@lfurio.us>
|
