diff --git a/.gitignore b/.gitignore
index 776a5c69f4db2a3349d33c40a8bd9c9b3358c7d8..d1977dd9c25c736f483458eeae5b2877b5f26860 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
-.sw?
+.*.sw?
.env
-etc/
+postfix/
+sympa/
diff --git a/docker-compose.yml b/docker-compose.yml
index 90c7999b9f2b3255c3aa2989530532b8fcd65d6a..29192f93bcf4614cce9347c9893ae270f9973bea 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,10 +2,10 @@ version: "3"
services:
sympa:
- build: ./docker
+ build: ./docker/sympa
restart: always
volumes:
- - "./etc:/etc/sympa"
+ - "./sympa:/etc/sympa"
- "spool_sympa:/var/spool/sympa"
- "spool_nullmailer:/var/spool/nullmailer"
- "lib_sympa:/var/lib/sympa"
@@ -26,6 +26,20 @@ services:
ports:
- '8081:80'
+ postfix:
+ build: ./docker/postfix
+ volumes:
+ - "./sympa/shared:/etc/sympa/shared"
+ - "./postfix/log:/var/log/postfix"
+ - "spool_postfix:/var/spool/postfix"
+ environment:
+ POSTFIX_VIRTUAL_DOMAINS:
+ MAILNAME:
+ MY_NETWORKS:
+ ROOT_ALIAS:
+ MY_DESTINATION:
+
+
pgsql:
image: postgres
restart: always
@@ -39,5 +53,6 @@ services:
volumes:
pgdata:
spool_sympa:
+ spool_postfix:
spool_nullmailer:
lib_sympa:
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
deleted file mode 100755
index 00918dc6cb545aae4ab9dcea02b75a53327f4889..0000000000000000000000000000000000000000
--- a/docker/entrypoint.sh
+++ /dev/null
@@ -1,31 +0,0 @@
-#!/bin/bash
-
-# Populate volume
-if [ -z "$(ls /etc/sympa/)" ]; then
- cp -pr /etc/sympa.sample/* /etc/sympa/
-fi
-
-# Replace configurations by env
-conf_file=/etc/sympa/sympa/sympa.conf
-for var in $(env | grep '^SYMPA'); do
- config=$(echo $var | sed 's/^SYMPA_\([^=]*\).*/\L\1/')
- value=$(echo $var | sed 's/^[^=]*=\(.*\)/\1/')
- sed -i -e "s#^$config\t.*#$config\t$value#" $conf_file
- if [ -z "$(grep "^$config" $conf_file)" ];
- then
- echo -e "$config\t$value" >> $conf_file
- fi
-done
-
-# Fix permissions
-chown -R sympa:sympa /etc/sympa/
-
-/bin/mkdir -p /run/sympa
-/bin/chown sympa:sympa /run/sympa
-
-# Launch services
-syslogd
-
-sudo -u sympa /usr/lib/sympa/bin/sympa_msg.pl
-/usr/bin/sympa --health_check
-exec apache2ctl -DFOREGROUND
diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..cce82f4540c1bc4e41c2d400ebf698615ea4b284
--- /dev/null
+++ b/docker/postfix/Dockerfile
@@ -0,0 +1,12 @@
+# Dockerfile inspired from https://github.com/cloyne/docker-postfix
+FROM tozd/postfix:ubuntu-focal
+
+VOLUME /etc/sympa/shared
+
+RUN apt-get update -q -q && \
+ apt-get install adduser openssh-client --yes --force-yes && \
+ adduser --system --group mailpipe --no-create-home --home /nonexistent && \
+ cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
+ cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
+
+COPY ./etc /etc
diff --git a/docker/postfix/etc/aliases b/docker/postfix/etc/aliases
new file mode 100644
index 0000000000000000000000000000000000000000..7e5a8121dec20ac421b4970d76c3de79c705198f
--- /dev/null
+++ b/docker/postfix/etc/aliases
@@ -0,0 +1,16 @@
+# You probably want to edit /etc/postfix/global_alias instead,
+# that file is used for e-mail coming externally.
+
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: webmaster
+ftp: root
+abuse: root
+noc: root
+security: root
+postfix: root
diff --git a/docker/postfix/etc/postfix/global_alias b/docker/postfix/etc/postfix/global_alias
new file mode 100644
index 0000000000000000000000000000000000000000..bbb3322fb299d57836f10777968dd2316896b597
--- /dev/null
+++ b/docker/postfix/etc/postfix/global_alias
@@ -0,0 +1 @@
+/^(mailer-daemon|postmaster|nobody|hostmaster|usenet|news|webmaster|www|ftp|abuse|noc|security|postfix|root)@/ root
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
new file mode 100644
index 0000000000000000000000000000000000000000..e0ad4b530662a4115dd82e8b9a1d96196fb31c00
--- /dev/null
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -0,0 +1,22 @@
+
+# main.cf.append is appended to main.cf when running a Docker image.
+# To modify everything below here modify main.cf.append and run a Docker
+# image again.
+
+virtual_mailbox_domains = POSTFIX_VIRTUAL_DOMAINS
+
+virtual_minimum_uid = 65534
+virtual_uid_maps = static:65534
+virtual_gid_maps = static:65534
+virtual_mailbox_base = /tmp
+
+virtual_alias_maps =
+ regexp:/etc/postfix/global_alias
+ regexp:/etc/sympa/shared/sympa_rewrite
+transport_maps =
+ regexp:/etc/sympa/shared/sympa_transport
+
+sympa_destination_recipient_limit = 1
+sympadomain_destination_recipient_limit = 1
+sympabounce_destination_recipient_limit = 1
+sympabouncedomain_destination_recipient_limit = 1
diff --git a/docker/postfix/etc/postfix/master.cf.append b/docker/postfix/etc/postfix/master.cf.append
new file mode 100644
index 0000000000000000000000000000000000000000..fd0c6cc1e774c0000268aae2050c74f2f2d2a265
--- /dev/null
+++ b/docker/postfix/etc/postfix/master.cf.append
@@ -0,0 +1,16 @@
+# master.cf.append is appended to master.cf when running a Docker image.
+# To modify everything below here modify master.cf.append and run a Docker
+# image again.
+
+sympa unix - n n - - pipe
+ -o soft_bounce=yes
+ flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa queue ${recipient}
+sympadomain unix - n n - - pipe
+ -o soft_bounce=yes
+ flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa queue sympa@${domain}
+sympabounce unix - n n - - pipe
+ -o soft_bounce=yes
+ flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue ${user}@${domain}
+sympabouncedomain unix - n n - - pipe
+ -o soft_bounce=yes
+ flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}
diff --git a/docker/postfix/etc/service/postfix/run.config b/docker/postfix/etc/service/postfix/run.config
new file mode 100644
index 0000000000000000000000000000000000000000..6459d8431632eed9ce6f04d7f84226b9683241e6
--- /dev/null
+++ b/docker/postfix/etc/service/postfix/run.config
@@ -0,0 +1,2 @@
+sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append > /etc/postfix/main.cf
+cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append > /etc/postfix/master.cf
diff --git a/docker/postfix/etc/service/postfix/run.initialization b/docker/postfix/etc/service/postfix/run.initialization
new file mode 100644
index 0000000000000000000000000000000000000000..c710aa3c74a4762385bf711ecfe5466a04703328
--- /dev/null
+++ b/docker/postfix/etc/service/postfix/run.initialization
@@ -0,0 +1,3 @@
+if [ -e /etc/sympa/shared/id_rsa ]; then
+ chown mailpipe /etc/sympa/shared/id_rsa*
+fi
diff --git a/docker/Dockerfile b/docker/sympa/Dockerfile
similarity index 92%
rename from docker/Dockerfile
rename to docker/sympa/Dockerfile
index a2344fe0b088f69a66f52b923e7c8dee1f7f9423..837456f10ba492ef1c74e35c02be89b6e47f54fa 100644
--- a/docker/Dockerfile
+++ b/docker/sympa/Dockerfile
@@ -10,6 +10,7 @@ RUN apt-get -y install \
libapache2-mod-fcgid \
libdbd-pg-perl \
libfcgi-perl \
+ openssh-server \
sudo
RUN apt-get -y install --no-install-recommends sympa
@@ -24,6 +25,8 @@ RUN echo "local1.* -/var/log/sympa.log" >> /etc/syslog.conf
RUN cp -r /etc/sympa /etc/sympa.sample
+COPY run.sh /opt/sympa_run.sh
+
COPY entrypoint.sh /entrypoint
ENTRYPOINT /entrypoint
diff --git a/docker/sympa/entrypoint.sh b/docker/sympa/entrypoint.sh
new file mode 100755
index 0000000000000000000000000000000000000000..37acf304655f17f25382d92d5f780318d3e38c64
--- /dev/null
+++ b/docker/sympa/entrypoint.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Populate volume
+if [ -z "$(ls /etc/sympa/)" ]; then
+ cp -pr /etc/sympa.sample/* /etc/sympa/
+fi
+
+# Replace configurations by env
+conf_file=/etc/sympa/sympa/sympa.conf
+for var in $(env | grep '^SYMPA'); do
+ config=$(echo $var | sed 's/^SYMPA_\([^=]*\).*/\L\1/')
+ value=$(echo $var | sed 's/^[^=]*=\(.*\)/\1/')
+ sed -i -e "s#^$config\t.*#$config\t$value#" $conf_file
+ if [ -z "$(grep "^$config" $conf_file)" ];
+ then
+ echo -e "$config\t$value" >> $conf_file
+ fi
+done
+
+cp /opt/sympa_run.sh /etc/sympa/run.sh
+chmod +x /etc/sympa/run.sh
+# Fix permissions
+chown -R sympa:sympa /etc/sympa/
+
+/bin/mkdir -p /run/sympa
+/bin/chown sympa:sympa /run/sympa
+
+# Launch services
+syslogd
+
+# So that Postfix can connect into us to deliver e-mail to mailing lists. /etc/sympa/shared is a
+# volume shared with the Postfix container which contains the SSH key that container should use
+# when connecting to this container.
+mkdir -p /etc/sympa/shared
+# If SSH keys do not exist, create them.
+if [ ! -e /etc/sympa/shared/id_rsa ]; then
+ ssh-keygen -t rsa -f /etc/sympa/shared/id_rsa -N ''
+fi
+
+rm -f /etc/sympa/shared/known_hosts
+echo -n 'sympa ' > /etc/sympa/shared/known_hosts
+cat /etc/ssh/ssh_host_rsa_key.pub >> /etc/sympa/shared/known_hosts
+# Allow sympa user to ssh
+usermod -s /bin/sh sympa
+
+mkdir -p /var/lib/sympa/.ssh
+echo -n 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty,command="/etc/sympa/run.sh" ' > /var/lib/sympa/.ssh/authorized_keys
+cat /etc/sympa/shared/id_rsa.pub >> /var/lib/sympa/.ssh/authorized_keys
+
+# Remove any stale config binaries.
+rm -f /etc/sympa/*/*.bin
+
+sudo -u sympa /usr/lib/sympa/bin/sympa_automatic.pl --foreground 2>&1 &
+sudo -u sympa /usr/lib/sympa/bin/sympa_msg.pl
+/usr/bin/sympa --health_check
+mkdir -p /var/run/sshd
+/usr/sbin/sshd -D -e &
+exec apache2ctl -DFOREGROUND