Add postfix smtp ldap

docker-compose.yml

@@ -54,6 +54,11 @@ services:
       MY_DESTINATION:
       TRUSTED_HOSTS:
       TZ:
+      LDAP_BIND_DN:
+      LDAP_BIND_PASSWORD:
+      LDAP_HOST:
+      LDAP_FILTER:
+      LDAP_SEARCH_BASE:
 
 
   pgsql:

docker/postfix/Dockerfile

 # Dockerfile inspired from https://github.com/cloyne/docker-postfix
-FROM tozd/postfix:ubuntu-focal
+FROM tozd/postfix:ubuntu-jammy
 
 VOLUME /etc/sympa/shared
 
 RUN apt-get update -q -q && \
- apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools spamassassin --yes --force-yes && \
+ apt-get install adduser curl dnsutils openssh-client opendkim opendkim-tools spamassassin sasl2-bin libsasl2-modules libsasl2-modules-ldap --yes --force-yes && \
  adduser --system --group mailpipe --no-create-home --home /nonexistent && \
  cp /etc/postfix/main.cf /etc/postfix/main.cf.orig && \
  cp /etc/postfix/master.cf /etc/postfix/master.cf.orig
@@ -19,4 +19,9 @@ RUN sed -i -e 's/^\(smtp.*smtpd\)$/\1 -o content_filter=spamassassin/' /etc/post
 
 RUN echo 'rewrite_header Subject *****SPAM*****' >> /etc/spamassassin/local.cf
 
-COPY ./etc /etc
+RUN usermod -a -G sasl postfix
+
+COPY ./etc/postfix /etc/postfix
+COPY ./etc/service /etc/service
+COPY ./etc/saslauthd.conf /etc/saslauthd.conf
+COPY ./etc/aliases /etc/aliases

docker/postfix/etc/postfix/main.cf.append

@@ -28,3 +28,10 @@ milter_protocol = 6
 smtpd_milters = inet:localhost:8892
 non_smtpd_milters = inet:localhost:8892
 smtpd_client_restrictions = check_client_access cidr:/etc/postfix/sinokorea.cidr
+
+smtpd_use_tls=yes
+smtpd_sasl_auth_enable = yes
+broken_sasl_auth_clients = yes
+smtpd_recipient_restrictions = permit_mynetworks,
+  permit_sasl_authenticated,
+  reject_unauth_destination

docker/postfix/etc/postfix/master.cf.append

@@ -15,3 +15,11 @@ sympabouncedomain	unix	-	n	n	-	-	pipe
   -o soft_bounce=yes
   flags=RF user=mailpipe:mailpipe argv=/usr/bin/ssh -i /etc/sympa/shared/id_rsa -o UserKnownHostsFile=/etc/sympa/shared/known_hosts -T sympa@sympa bouncequeue sympa@${domain}
 spamassassin unix -     n       n       -       -       pipe user=spamassassin argv=/usr/bin/spamc -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
+submission inet n       -       -       -       -       smtpd
+  -o smtpd_enforce_tls=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+smtps     inet  n       -       -       -       -       smtpd
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
+  -o smtpd_client_restrictions=permit_sasl_authenticated,reject

docker/postfix/etc/service/postfix/run.config

@@ -2,3 +2,13 @@ cp /etc/postfix/main.cf.orig /etc/postfix/main.cf
 cp /etc/postfix/master.cf.orig /etc/postfix/master.cf
 sed "s/POSTFIX_VIRTUAL_DOMAINS/$POSTFIX_VIRTUAL_DOMAINS/g" /etc/postfix/main.cf.append >> /etc/postfix/main.cf
 cat /etc/postfix/master.cf.orig /etc/postfix/master.cf.append >> /etc/postfix/master.cf
+sed -i -e "s@LDAP_HOST@$LDAP_HOST@" \
+    -e "s/LDAP_SEARCH_BASE/$LDAP_SEARCH_BASE/" \
+    -e "s/LDAP_FILTER/$LDAP_FILTER/" \
+    -e "s/LDAP_BIND_DN/$LDAP_BIND_DN/" \
+    -e "s/LDAP_BIND_PASSWORD/$LDAP_BIND_PASSWORD/" \
+    /etc/saslauthd.conf
+mkdir -p /var/spool/postfix/var/run/saslauthd
+set +e
+postfix set-permissions
+set -e

docker/postfix/etc/service/postfix/run.initialization

 if [ -e /etc/sympa/shared/id_rsa ]; then
   chown mailpipe /etc/sympa/shared/id_rsa*
 fi
+saslauthd -c -m /var/spool/postfix/var/run/saslauthd -a ldap -d &