summaryrefslogtreecommitdiffstats
path: root/Dockerfile (unfollow)
AgeCommit message (Collapse)AuthorFilesLines
2024-06-15mlmmj: Integration with postfixMalfurious1-0/+1
Incoming mail for an mlmmj list is caught by a virtual mapping and directed via virtual transport to the mlmmj system for processing. Outgoing mail is implicitly allowed since it originates from the localhost. The postfix entrypoint script now dynamically generates these mailing list mappings on startup from data in the mlmmj spool directory, so user configuration is minimal. In addition, the script will now sync the user's mailing list parameters into the spool directory, thus automatically creating new lists and deleting old ones. The list creation logic is implemented in a new script `make_list.sh`. This is made necessary as the mlmmj built in tooling for this must be run interactively, so we duplicate the logic. This is separate from `entrypoint.sh` mainly because we need to drop privileges to the mlmmj user while creating files. Signed-off-by: Malfurious <m@lfurio.us>
2024-06-15mlmmj: Setup mailing list packageMalfurious1-0/+8
Signed-off-by: Malfurious <m@lfurio.us>
2024-06-10postfix: Prevent leaking MUA IP addressesMalfurious1-0/+1
Protect user privacy by stripping IP addresses from headers received from authenticated mail submission. Headers for mail received from other servers are unaffected. Signed-off-by: Malfurious <m@lfurio.us>
2024-06-09Create docker image and servicesMalfurious1-0/+42
As hinted by the previous commit, the mailnode system is built in a single docker image for simplicity. Defining multiple Dockerfiles would lead to many redundant tasks and be harder to maintain. So a common image for all services is built. However, the compose file spawns a unique container for each service, and communication occurs via the filesystem, through volumes. Note also that some fields in docker-compose.yml are required to be set by the end-user. The mail system is oriented around virtual users, so that nobody needs their own unix system account. However, best security practice is to create a dedicated user to own the mails - this user shouldn't be used for any other purpose. For this, the Dockerfile creates the user "vmailbox". The reason for declaring port exposure for TCP/80 is to enable automated TLS encryption with nginx-proxy-acme. This port is not actually opened by the compose file. Signed-off-by: Malfurious <m@lfurio.us>
cgit-1.2.3-r5 | srcnode v0.4.0