From b9558868a31dae9e4dfdcb2a5fccd27f1ee91cdd Mon Sep 17 00:00:00 2001
From: La sif serveur <david.beniamine@tetras-libre.fr>
Date: Fri, 26 Jan 2024 00:24:33 +0100
Subject: [PATCH] Add postfix smtp ldap

---
 docker-compose.yml                                    |  5 +++++
 docker/postfix/Dockerfile                             | 11 ++++++++---
 docker/postfix/etc/postfix/main.cf.append             |  7 +++++++
 docker/postfix/etc/postfix/master.cf.append           |  8 ++++++++
 docker/postfix/etc/service/postfix/run.config         | 10 ++++++++++
 docker/postfix/etc/service/postfix/run.initialization |  1 +
 6 files changed, 39 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 docker/postfix/etc/service/postfix/run.config
 mode change 100644 => 100755 docker/postfix/etc/service/postfix/run.initialization

diff --git a/docker-compose.yml b/docker-compose.yml
index f415768..6d07260 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -54,6 +54,11 @@ services:
       MY_DESTINATION:
       TRUSTED_HOSTS:
       TZ:
+      LDAP_BIND_DN:
+      LDAP_BIND_PASSWORD:
+      LDAP_HOST:
+      LDAP_FILTER:
+      LDAP_SEARCH_BASE:
 
 
   pgsql:
diff --git a/docker/postfix/Dockerfile b/docker/postfix/Dockerfile
index d6ee726..84651aa 100644
--- a/docker/postfix/Dockerfile
+++ b/docker/postfix/Dockerfile
@@ -1,10 +1,10 @@
 # Dockerfile inspired from https://github.com/cloyne/docker-postfix
-FROM tozd/postfix:ubuntu-focal
+FROM tozd/postfix:ubuntu-jammy
 
 VOLUME /etc/sympa/shared
 
 RUN apt-get update -q -q && \
- apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools spamassassin --yes --force-yes && \
+ apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools spamassassin sasl2-bin libsasl2-modules libsasl2-modules-ldap --yes --force-yes && \
  adduser --system --group mailpipe --no-create-home --home /nonexistent && \
  cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
  cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
@@ -19,4 +19,9 @@ RUN sed -i -e 's/^\(smtp.*smtpd\)$/\1 -o content_filter=spamassassin/' /etc/post
 
 RUN echo 'rewrite_header Subject *****SPAM*****' >> /etc/spamassassin/local.cf
 
-COPY ./etc /etc
+RUN usermod -a -G sasl postfix
+
+COPY ./etc/postfix /etc/postfix
+COPY ./etc/service /etc/service
+COPY ./etc/saslauthd.conf /etc/saslauthd.conf
+COPY ./etc/aliases /etc/aliases
diff --git a/docker/postfix/etc/postfix/main.cf.append b/docker/postfix/etc/postfix/main.cf.append
index cbc02bf..918596d 100644
--- a/docker/postfix/etc/postfix/main.cf.append
+++ b/docker/postfix/etc/postfix/main.cf.append
@@ -28,3 +28,10 @@ milter_protocol = 6
 smtpd_milters = inet:localhost:8892
 non_smtpd_milters = inet:localhost:8892
 smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
+
+smtpd_use_tls=yes
+smtpd_sasl_auth_enable = yes
+broken_sasl_auth_clients = yes
+smtpd_recipient_restrictions = permit_mynetworks,
+  permit_sasl_authenticated,
+  reject_unauth_destination
diff --git a/docker/postfix/etc/postfix/master.cf.append b/docker/postfix/etc/postfix/master.cf.append
index 83a9724..d4141ea 100644
--- a/docker/postfix/etc/postfix/master.cf.append
+++ b/docker/postfix/etc/postfix/master.cf.append
@@ -15,3 +15,11 @@ sympabouncedomain	unix	-	n	n	-	-	pipe
   -o soft_bounce=yes
   flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}
 spamassassin unix -     n       n       -       -       pipe user=spamassassin argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+submission inet n       -       -       -       -       smtpd
+  -o smtpd_enforce_tls=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtps     inet  n       -       -       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
diff --git a/docker/postfix/etc/service/postfix/run.config b/docker/postfix/etc/service/postfix/run.config
old mode 100644
new mode 100755
index b71a28a..cdf571a
--- a/docker/postfix/etc/service/postfix/run.config
+++ b/docker/postfix/etc/service/postfix/run.config
@@ -2,3 +2,13 @@ cp /etc/postfix/main.cf.orig /etc/postfix/main.cf
 cp /etc/postfix/master.cf.orig /etc/postfix/master.cf
 sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append >> /etc/postfix/main.cf
 cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append >> /etc/postfix/master.cf
+sed -i -e "s@LDAP_HOST@$LDAP_HOST@" \
+    -e "s/LDAP_SEARCH_BASE/$LDAP_SEARCH_BASE/" \
+    -e "s/LDAP_FILTER/$LDAP_FILTER/" \
+    -e "s/LDAP_BIND_DN/$LDAP_BIND_DN/" \
+    -e "s/LDAP_BIND_PASSWORD/$LDAP_BIND_PASSWORD/" \
+    /etc/saslauthd.conf
+mkdir -p /var/spool/postfix/var/run/saslauthd
+set +e
+postfix set-permissions
+set -e
diff --git a/docker/postfix/etc/service/postfix/run.initialization b/docker/postfix/etc/service/postfix/run.initialization
old mode 100644
new mode 100755
index c710aa3..c240e1b
--- a/docker/postfix/etc/service/postfix/run.initialization
+++ b/docker/postfix/etc/service/postfix/run.initialization
@@ -1,3 +1,4 @@
 if [ -e /etc/sympa/shared/id_rsa ]; then
   chown mailpipe /etc/sympa/shared/id_rsa*
 fi
+saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a ldap -d &
-- 
GitLab