WIP postfix+sympa

.gitignore

-.sw?
+.*.sw?
 .env
-etc/ 
+postfix/
+sympa/

docker-compose.yml

@@ -2,10 +2,10 @@ version: "3"
 
 services:
   sympa:
-    build: ./docker
+    build: ./docker/sympa
     restart: always
     volumes:
-      - "./etc:/etc/sympa"
+      - "./sympa:/etc/sympa"
       - "spool_sympa:/var/spool/sympa"
       - "spool_nullmailer:/var/spool/nullmailer"
       - "lib_sympa:/var/lib/sympa"
@@ -26,6 +26,20 @@ services:
     ports:
       - '8081:80'
 
+  postfix:
+    build: ./docker/postfix
+    volumes:
+      - "./sympa/shared:/etc/sympa/shared"
+      - "./postfix/log:/var/log/postfix"
+      - "spool_postfix:/var/spool/postfix"
+    environment:
+      POSTFIX_VIRTUAL_DOMAINS:
+      MAILNAME:
+      MY_NETWORKS:
+      ROOT_ALIAS:
+      MY_DESTINATION:
+
+
   pgsql:
     image: postgres
     restart: always
@@ -39,5 +53,6 @@ services:
 volumes:
   pgdata:
   spool_sympa:
+  spool_postfix:
   spool_nullmailer:
   lib_sympa:

docker/postfix/Dockerfile

+# Dockerfile inspired from https://github.com/cloyne/docker-postfix
+FROM tozd/postfix:ubuntu-focal
+
+VOLUME /etc/sympa/shared
+
+RUN apt-get update -q -q && \
+ apt-get install adduser openssh-client --yes --force-yes && \
+ adduser --system --group mailpipe --no-create-home --home /nonexistent && \
+ cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
+ cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
+
+COPY ./etc /etc

docker/postfix/etc/aliases

+# You probably want to edit /etc/postfix/global_alias instead,
+# that file is used for e-mail coming externally.
+
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: webmaster
+ftp: root
+abuse: root
+noc: root
+security: root
+postfix: root

docker/postfix/etc/postfix/global_alias

+/^(mailer-daemon|postmaster|nobody|hostmaster|usenet|news|webmaster|www|ftp|abuse|noc|security|postfix|root)@/	root

docker/postfix/etc/postfix/main.cf.append

+
+# main.cf.append is appended to main.cf when running a Docker image.
+# To modify everything below here modify main.cf.append and run a Docker
+# image again.
+
+virtual_mailbox_domains = POSTFIX_VIRTUAL_DOMAINS
+
+virtual_minimum_uid = 65534
+virtual_uid_maps = static:65534
+virtual_gid_maps = static:65534
+virtual_mailbox_base = /tmp
+
+virtual_alias_maps =
+  regexp:/etc/postfix/global_alias
+  regexp:/etc/sympa/shared/sympa_rewrite
+transport_maps =
+  regexp:/etc/sympa/shared/sympa_transport
+
+sympa_destination_recipient_limit = 1
+sympadomain_destination_recipient_limit = 1
+sympabounce_destination_recipient_limit = 1
+sympabouncedomain_destination_recipient_limit = 1

docker/postfix/etc/postfix/master.cf.append

+# master.cf.append is appended to master.cf when running a Docker image.
+# To modify everything below here modify master.cf.append and run a Docker
+# image again.
+
+sympa	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa queue ${recipient}
+sympadomain	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa queue sympa@${domain}
+sympabounce	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue ${user}@${domain}
+sympabouncedomain	unix	-	n	n	-	-	pipe
+  -o soft_bounce=yes
+  flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}

docker/postfix/etc/service/postfix/run.config

+sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append > /etc/postfix/main.cf
+cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append > /etc/postfix/master.cf

docker/postfix/etc/service/postfix/run.initialization

+if [ -e /etc/sympa/shared/id_rsa ]; then
+  chown mailpipe /etc/sympa/shared/id_rsa*
+fi

docker/Dockerfile → docker/sympa/Dockerfile

@@ -10,6 +10,7 @@ RUN  apt-get -y install \
 	libapache2-mod-fcgid \
 	libdbd-pg-perl \
 	libfcgi-perl \
+	openssh-server \
 	sudo
 
 RUN apt-get -y install --no-install-recommends sympa
@@ -24,6 +25,8 @@ RUN echo "local1.* -/var/log/sympa.log" >> /etc/syslog.conf
 
 RUN cp -r /etc/sympa /etc/sympa.sample
 
+COPY run.sh /opt/sympa_run.sh
+
 COPY entrypoint.sh /entrypoint
 
 ENTRYPOINT /entrypoint

docker/entrypoint.sh → docker/sympa/entrypoint.sh

@@ -17,6 +17,8 @@ for var in $(env | grep '^SYMPA'); do
 	fi
 done
 
+cp /opt/sympa_run.sh /etc/sympa/run.sh
+chmod +x  /etc/sympa/run.sh
 # Fix permissions
 chown -R sympa:sympa /etc/sympa/
 
@@ -26,6 +28,31 @@ chown -R sympa:sympa /etc/sympa/
 # Launch services
 syslogd
 
+# So that Postfix can connect into us to deliver e-mail to mailing lists. /etc/sympa/shared is a
+# volume shared with the Postfix container which contains the SSH key that container should use
+# when connecting to this container.
+mkdir -p /etc/sympa/shared
+# If SSH keys do not exist, create them.
+if [ ! -e /etc/sympa/shared/id_rsa ]; then
+	ssh-keygen -t rsa -f /etc/sympa/shared/id_rsa -N ''
+fi
+
+rm -f /etc/sympa/shared/known_hosts
+echo -n 'sympa ' > /etc/sympa/shared/known_hosts
+cat /etc/ssh/ssh_host_rsa_key.pub >> /etc/sympa/shared/known_hosts
+# Allow sympa user to ssh
+usermod -s /bin/sh sympa
+
+mkdir -p /var/lib/sympa/.ssh
+echo -n 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/etc/sympa/run.sh" ' > /var/lib/sympa/.ssh/authorized_keys
+cat /etc/sympa/shared/id_rsa.pub >> /var/lib/sympa/.ssh/authorized_keys
+
+# Remove any stale config binaries.
+rm -f /etc/sympa/*/*.bin
+
+sudo -u sympa /usr/lib/sympa/bin/sympa_automatic.pl --foreground 2>&1 &
 sudo -u sympa /usr/lib/sympa/bin/sympa_msg.pl
 /usr/bin/sympa --health_check
+mkdir -p /var/run/sshd
+/usr/sbin/sshd -D -e &
 exec apache2ctl -DFOREGROUND