Skip to content

Instantly share code, notes, and snippets.

@Warchant

Warchant/Dockerfile

Last active January 21, 2019 03:52
Show Gist options
  • Save Warchant/9ea7ad6c8d25c6dd95d42e6f0f7c4ae0 to your computer and use it in GitHub Desktop.
Save Warchant/9ea7ad6c8d25c6dd95d42e6f0f7c4ae0 to your computer and use it in GitHub Desktop.
Download ZIP
sendmail Dockerfile. But `makemap` fails with `makemap: Need to recompile with -DNEWDB for hash support`.
Raw
config.mc
divert(0)dnl
VERSIONID(`BVConfig')
OSTYPE(linux)dnl
DOMAIN(generic)dnl
FEATURE(access_db, `hash -T /etc/mail/access')dnl
FEATURE(always_add_domain)dnl
FEATURE(badmx)dnl
FEATURE(block_bad_helo)dnl
FEATURE(conncontrol)dnl
FEATURE(greet_pause, `5000')dnl
FEATURE(local_procmail)dnl
FEATURE(mailertable)dnl
FEATURE(mtamark)dnl
FEATURE(nouucp, `reject')dnl
FEATURE(ratecontrol)dnl
FEATURE(rhsbl, `dsn.rfc-ignorant.org', `"550 Mail from domain " $`'&{RHS} " refused. MX of domain do not accept bounces. This violates RFC 821/2505/2821 - see http://www.rfc-ignorant.org/"')dnl
FEATURE(rhsbl,`postmaster.rfc-ignorant.org',`"550 Mail from domain " $`'&{RHS} " refused. MX of domain does not have a working postmaster address - see http://www.rfc-ignorant.org/"')dnl
FEATURE(smrsh, `/usr/sbin/smrsh')dnl
FEATURE(use_ct_file)dnl
FEATURE(use_cw_file)dnl
FEATURE(virtusertable, `hash /etc/mail/virtusertable')dnl
define(`confAUTH_MECHANISMS',`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
define(`confAUTH_OPTIONS',`A')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCONNECTION_RATE_THROTTLE', `8')dnl
define(`confDONT_PROBE_INTERFACES', true)dnl
define(`confHOST_STATUS_DIRECTORY', `.hoststat')dnl
define(`confMAX_DAEMON_CHILDREN', 320)dnl
define(`confMAX_HEADERS_LENGTH', 32768)dnl
define(`confMAX_MESSAGE_SIZE', 10485760)dnl
define(`confMAX_MIME_HEADER_LENGTH', `256/128')dnl
define(`confMAX_RCPTS_PER_MESSAGE' 25)dnl
define(`confMILTER_MACROS_ENVFROM', confMILTER_MACROS_ENVFROM`, {msg_size}')dnl
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO`, {verify}')dnl
define(`confMILTER_MACROS_CONNECT', `j, {if_addr}')dnl
define(`confMIN_FREE_BLOCKS', 4000)dnl
define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl
define(`confPIDFILE', `/var/run/sendmail.pid')dnl
define(`confPRIVACY_FLAGS', `authwarnings,goaway,noreceipts,noexpn,novrfy,noetrn,needmailhelo,restrictmailq,restrictqrun,restrictexpand,nobodyreturn')dnl
define(`confSAFE_FILE_ENV', `/exports/users')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confSINGLE_LINE_FROM_HEADER', `true')dnl
define(`confSMTP_LOGIN_MSG', `')dnl
define(`confTLS_SRV_OPTIONS', `V')dnl
define(`confTO_IDENT', `0')dnl
define(`HELP_FILE', `')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`confTO_ICONNECT', `15s')dnl
define(`confTO_CONNECT', `3m')dnl
define(`confTO_HELO',`2m')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_DATAINIT',`1m')dnl
define(`confTO_DATABLOCK', `1m')dnl
define(`confTO_DATAFINAL', `1m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_RESOLVER_RETRANS', `7s')dnl
define(`confTO_RESOLVER_RETRY', `4')dnl
define(`SMART_HOST', `mail.st1.os3.su')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
dnl ## INPUT_MAIL_FILTER stuff for milters goes here
MAILER(local)dnl
MAILER(procmail)dnl
MAILER(smtp)dnl
TRUST_AUTH_MECH(`LOGIN PLAIN DIGEST-MD5 CRAM-MD5')dnl
Raw
Dockerfile
FROM ubuntu
# http://www.linux-sxs.org/internet_serving/sendm2.html
ENV SMUSER smmsp
RUN apt-get update && apt-get install -y \
m4 \
build-essential \
wget \
libsm-dev \
libdb-dev \
openssl \
libssl-dev \
libsasl2-dev \
libpthread-stubs0-dev ;\
groupadd ${SMUSER} ;\
useradd -g ${SMUSER} ${SMUSER} ;\
mkdir /home/${SMUSER} ;\
chown ${SMUSER}:${SMUSER} /home/${SMUSER}
RUN cd /home/${SMUSER} && \
wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz && \
wget ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz.sig && \
wget http://www.sendmail.com/sm/open_source/security/pgp_keys/sendmail2015.asc && \
gpg --import sendmail2015.asc && gpg --verify sendmail.8.15.2.tar.gz.sig && \
tar -xf sendmail.8.15.2.tar.gz && mv sendmail-8.15.2/ sendmail ;\
cd sendmail ;\
# wget ftp://ftp.sendmail.org/pub/sendmail/8.15.2.mci.p0 ;\
# patch < 8.15.2.mci.p0 ;\
mkdir -p /etc/mail /var/spool/mqueue/.hoststat /var/spool/clientmqueue ;\
mkdir /usr/man/man1 /usr/man/man5 /usr/man/man8 ;\
chmod go-w / /etc /etc/mail /usr /var /var/spool ;\
chown root / /etc /etc/mail /usr /var /var/spool /var/spool/mqueue ;\
chown ${SMUSER}:${SMUSER} /var/spool/clientmqueue ;\
chmod 770 /var/spool/clientmqueue ;\
chmod 700 /var/spool/mqueue ;\
chmod 755 /var/spool/mqueue/.hoststat ;\
echo "APPENDDEF(\`confENVDEF',\`-LDAPMAP')" > /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DMILTER')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_ENVDEF', \`-DSOCKETMAP')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_ENVDEF',\`-DSASL=2')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_LIBS',\`-lsasl2')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_ENVDEF',\`-DSTARTTLS')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_ENVDEF',\`-D_FFR_SMTP_SSL')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_sendmail_LIBS',\`-lssl -lcrypto -L/usr/lib')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`conf_libmilter_ENVDEF', \`-D_FFR_MILTER_ROOT_UNSAFE')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`confMAPDEF',\`-DMAP_REGEX')" >> /etc/mail/site.config.m4 ;\
echo "define(\`confNO_HELPFILE_INSTALL')" >> /etc/mail/site.config.m4 ;\
echo "define(\`confMANGROUP',\`root')" >> /etc/mail/site.config.m4 ;\
echo "define(\`confMANOWN',\`root')" >> /etc/mail/site.config.m4 ;\
echo "define(\`confMSBINGRP',\`root')" >> /etc/mail/site.config.m4 ;\
echo "define(\`confUBINGRP',\`root')" >> /etc/mail/site.config.m4 ;\
echo "define(\`confUBINOWN',\`root')" >> /etc/mail/site.config.m4 ;\
# fix linking problem
test $(uname -m) = "x86_64" && ( echo "APPENDDEF(\`confLIBDIR', \`/usr/lib64')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`confLIBDIRS', \`-L/usr/lib64')" >> /etc/mail/site.config.m4 ); \
echo "APPENDDEF(\`confLIBS', \`-lresolv')" >> /etc/mail/site.config.m4 ;\
echo "APPENDDEF(\`confLIBS', \`-lpthread')" >> /etc/mail/site.config.m4 ;\
# build libmilter
cd libmilter ;\
sh ./Build && sh ./Build install ;\
cd - && cd /usr/lib && ln -s . libmilter ;\
cd - ;\
# build sendmail daemon
cd sendmail ;\
if [ ! -e /usr/share/man ] ; then ln -s /usr/man /usr/share/man; fi ;\
sh ./Build -c -f /etc/mail/site.config.m4 && sh Build install ;\
cd ../obj.* ;\
cd libsmutil && install libsmutil.a /usr/lib ;\
cd ../libsm && install libsm.a /usr/lib
# copy configuration files
COPY config.mc /home/${SMUSER}/sendmail/cf/cf/sendmail.mc
COPY rhsbl.m4 /home/${SMUSER}/sendmail/cf/feature/rhsbl.m4
RUN cd /home/${SMUSER}/sendmail/cf/cf/ ;\
sh Build sendmail.cf ;\
sh Build install-cf ;\
# install submit.cf /etc/mail && install config.cf /etc/mail/sendmail.cf ;\
cd ../.. ;\
# build, finally
sh Build && sh Build install ;\
# final configuration
cd /etc ;\
ln -sf mail/aliases && ln -sf mail/sendmail.cf ;\
hostname -f > /etc/mail/local-host-names ;\
echo "st1.os3.su" >> /etc/mail/local-host-names ;\
echo -e "127.0.0.1\tOK" > /etc/mail/access ;\
echo -e "ClientRate:127.0.0.1\t0\nClientRate:\t10" >> /etc/mail/access ;\
echo -e "ClientConn:127.0.0.1\t0\nClientConn:\t10" >> /etc/mail/access ;\
echo -e "GreetPause:localhost\t0" >> /etc/mail/access ;\
makemap -v hash /etc/mail/access < /etc/mail/access ;\
touch /etc/mail/virtusertable ;\
makemap -v hash /etc/mail/virtusertable < /etc/mail/virtusertable
Raw
rhsbl.m4
divert(-1)
#
# Copyright (c) 2002 Derek J. Balling
# All rights reserved.
#
# Permission to use granted for all purposes. If modifications are made
# they are requested to be sent to <[email protected]> for inclusion in future
# versions
#
# Allows (hopefully) for checking of access.db whitelisting now. This ONLY
# works on sendmail-8.12.x ... use on any other version may require tinkering
# by you the downloader.
#
# Incorporates many changes by Sergey S. Mokryshev <[email protected]>
#
#
divert(0)
ifdef(`_RHSBL_R_',`dnl',`dnl
VERSIONID(`$Id: rhsbl.m4,v 1.4 2002/06/01 14:05:06 dredd Exp $')
define(`_RHSBL_R_',`')
ifdef(`_DNSBL_R_',`dnl',`dnl
LOCAL_CONFIG
# map for DNS based blacklist lookups based on the sender RHS
Kdnsbl host -T<TMP>')')
divert(-1)
define(`_RHSBL_SRV_', `_ARG_')dnl
define(`_RHSBL_MSG_', `ifelse(len(X`'_ARG2_),`1',`"550 Mail from " $`'&{RHS} " refused by blackhole site '_RHSBL_SRV_`"',`_ARG2_')')dnl
define(`_RHSBL_MSG_TMP_', `ifelse(_ARG3_,`t',`"451 Temporary lookup failure of " $`'&{RHS} " at '_RHSBL_SRV_`"',`_ARG3_')')dnl
divert(8)
# DNS based RHS spam list _RHSBL_SRV_
R$+ $: <@> $>CanonAddr $&f
R<@> $*<@$+.> $: <@> <@$2.> $| $>SearchList <+ rhs> $| <F:$1@$2> <D:$2> <>
R<@> $* $| <$={Accept}> $: OKSOFAR
R<@> $*<@$+.> $| $* $: <?> $(dnsbl $2._RHSBL_SRV_. $: OK $) $(macro {RHS} $@ $2 $)
R<@> $* $: OKSOFAR
R<?> OK $: OKSOFAR
ifelse(len(X`'_ARG3_),`1',
`R<?>$+<TMP> $: TMPOK',
`R<?>$+<TMP> $#error $@ 4.7.1 $: _RHSBL_MSG_TMP_')
R<?>$+ $#error $@ 5.7.1 $: _RHSBL_MSG_
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment