steffen/docker-scripts
1
0
Fork 0
Code Issues Pull requests Releases Activity

smtprelay: breaking changes

Browse source
This commit is contained in:
Steffen Lange 2026-04-08 15:03:29 +00:00
parent 71115becbd
commit 4960a0af76
10 changed files with 139 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

16
smtprelay/Dockerfile
View file

@ -1,5 +1,13 @@
FROM alpine:edge FROM alpine
RUN apk --update --no-cache add opensmtpd openssl && \ RUN apk --update --no-cache add shadow opensmtpd opensmtpd-filter-dkimsign && \
install -d -m 0711 -v /var/spool/smtpd && \ install -dm 711 /var/spool/smtpd && \
openssl req -newkey rsa:4096 -nodes -keyout /etc/ssl/serverkey.pem -x509 -days 365 -subj "/CN=smtprelay.codehal.de" -out /etc/ssl/servercert.pem groupmod -g 601 smtpd && \
groupmod -g 602 smtpq && \
groupmod -g 603 dkimsign && \
usermod -u 601 -g smtpd smtpd && \
usermod -u 602 -g smtpq smtpq && \
usermod -u 603 -g dkimsign dkimsign && \
chgrp smtpq /usr/sbin/smtpctl && \
chmod g+s /usr/sbin/smtpctl && \
apk del shadow
ENTRYPOINT smtpd -d ENTRYPOINT smtpd -d

4
smtprelay/docker-compose.yml
View file

@ -1,5 +1,3 @@
version: '3'
volumes: volumes:
spool: spool:
@ -9,7 +7,7 @@ services:
build: . build: .
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- ./smtpd:/etc/smtpd:ro - ./opensmtpd:/etc/smtpd:ro
- spool:/var/spool/smtpd - spool:/var/spool/smtpd
ports: ports:
- 587:587 - 587:587

1
smtprelay/smtpd/creds → smtprelay/opensmtpd/creds
View file

@ -1,2 +1,3 @@
user1 $6$kHKLoDIKs/glvw9v$NlERi0VTXJw1Nxa6DQWv9k5DXZ5pvRIJo77j3CqpwJxhZkmvURClviSwyD1RLY7Y0EAlF44qFx7T1IfMwoGwl0 user1 $6$kHKLoDIKs/glvw9v$NlERi0VTXJw1Nxa6DQWv9k5DXZ5pvRIJo77j3CqpwJxhZkmvURClviSwyD1RLY7Y0EAlF44qFx7T1IfMwoGwl0
user2 $6$MJI.2JXCp88rZbFg$Z5aiK3d001yycF21tXnWBbwsCyfDCLHPs0X1INM2Amj4GP/GxkV/NG.ZTELaD.BP3YOaCFo6PKqb2ns.Nmril. user2 $6$MJI.2JXCp88rZbFg$Z5aiK3d001yycF21tXnWBbwsCyfDCLHPs0X1INM2Amj4GP/GxkV/NG.ZTELaD.BP3YOaCFo6PKqb2ns.Nmril.
user $6$VdLqPKptD5yxiY.j$xzHXVjzgmrwI3VV1uX8HKvbd1g/9jmZy3ygE94fz3u5KT5xye1m6vFB/4wm533oo3gY1VNoBAZHMIAvFY.JuI0

52
smtprelay/opensmtpd/dkim_rsa4096.key Normal file
View file

@ -0,0 +1,52 @@
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDHLgVkBm/JljPN
o60CNFl4uYrWyhNyn9SkK+DdPrySQf/CHtHkZyXp3srvNyDbwSn8fsl0ZDGJ39o/
X46Gx8zNNphZzw5B3zgyPtgk4i3bjRuE12FuKD9H7GoLuT+TcwhrAI+zu/CCKKiX
sGyF6W0OZZnAGwq8i8vKM/z8LKQJ7BOrIfMf3oENjnTu0JMF48ck/lNcF4FKLtOM
FbSu8HRqi/03vdH9WCDFqmifou7HVvaqui6f+q9hqFIxQvxwkvXz/KgCsobzJDQV
D9int9mygK9R/dwu6SiXLRvEzKRwDC60qveGVKPKMWeW9M6p9NTuXX1UxBzGxzmf
phQjw5tCAiuDCRxmmT0Sf85Cs01/q1feizdcIdauy2bk0ToJK/aHX5uwoP+VCaMh
ppzqYt0ltCFxxNNYmFlClHbTapGU4gdbYM/a2D6Za+XzqSjAZ5VvockJo0dxqbrl
ljYEuFNK78u+tVxjIQyIdk+zLKD5ZliZp8VTjgbwawLREJw9uh49UbnvBxD+W1JO
drXOjaKKOls+DdKh2fBVqKt2EKSFr7bqModixOh5VI0cqeezJ5oS8yPPaKBn2kFN
4AwfeZwkQhVI3nsWSATfzb7asIPSMAZnBHdywQUghpDcc2beSL0X7Jm1dtVGNyOI
alzu7ugWzarbdPWPjnwCBZWi/3cEmQIDAQABAoICAAb1aAWOtoLY0yo+6sVSEiKm
O9AlevC1HgsWx9o+7fxfnyl3ZW6Y/nF5YcZh+w1GZjq+rLfa5MKr/g5a/qodip2M
R94SXm2FeIuD184RE1hRaZnWYv5j3FMdUraiZBLZEN0ZJcwaF6zacgprpNz4UuGv
AcQ9BZ7g9O+VaaQfRKNemrDOxLVTMxfHx3TM92f8JVnY401rOk5+zI//NaLrfmu3
BJOZF4Al/y4cth9GpFg1RPShwM2AxvYO2QFE1Xgy4DIkHHQMq+uMcx/dv/xbD1ld
xtJC39mJNoxyjF7vpdqOyGZyNyfbpuXCXFvBJYO5TKOfw0hN+jHlJbGazicSN0cz
IUJnSvfUvvigqsGxVBDISVnwEYnfMc0EzjYuWuOyhPPZKfLrz68NDigWlrxG1x2f
MoYl3QxPJsFf6YakeNAx1/lE0Bw9pkIYvEO0eBQJqNisFKGLUfp/BLkvm8/hbWuv
cpMAQftr7EbDeNCaf5B8KKTad78HNHnuH2cPmBaEn4nZZdL1geyz+YiMnWOmukTF
Ehoda+XDMb8bkfJ/vaRDtAOHR1lyDM0fOvtuqcrptB9qMOtcGXko2qGIhtp4E9IX
HCJ9//9LjT/N4khHXbZyGBRLtqm/KosJkvKTb5Q4nqwQA0ekLBmyhkXuVVgyaKFl
mMTx0ZEVzHyVvhhL7xuxAoIBAQD2HYNKRAw2I5A0YWhG82HqBX/Q+W/5lWZk5BiF
jyFOeUlHyl7W+2PbJXKt7vK94ypguWH3RRkO7SARcNZOcP7btv+Eq4XJCaXOqOBH
jzO0Ug5kvZVaWveBTZ1kamfYBPw/AIZo9Pxk3D/EpfK8FuFCOFpHhjOL8Pt0Of9l
24CSnqJFxmIA7DjDHIjIjCAex5yXzqlEETwZz8hcQGCxJpXyCnoVtvFkwerIWsGI
w6FblYXS5gAkUJvE8dA/EA9wz4rOMDrr4+PZHL42R6Y/KPIN8Th+bMNp+aYCC0mt
BiV2eRWgdy9W6Jp+mnlg7JkikMAy1LOe7/W2Fx5XRhO13OcxAoIBAQDPLe492KH6
BYX4B2N2mHcUMvDQhb0A+hQo7zncU4HkUhz4ffFPoUjmdoL9Oj8U7EoWhjm3QYAK
xyFVQ0geqXL/PLW42hJAqxeIkcqcDt03xPwkwyfsynOziMcvoRlHTc48tRZpR8gE
8KFGTdKS0Wb0jQk77PIzMn6zhbMEj4Cn+WygEIZ88H3haxaZakqBQbVtV7BcPMkm
8r8aEf3/eXarYC+748ZRzCsP85z0XUPfqgdlRh6mHv3fFCkugVM5pCXZq+GAqKJV
k77n1RshJaz12HtfkfbDUCmKhOnmoZv+kVw2fVLEl3kgnlz/X4hSR4LbDVQdzUKX
+GRcbscljenpAoIBAC6hXtu2Ut37FPpnrjsrJ9UQH6x3ZjjSjqj08pRzjurwXesF
M7zluoCt8rFzwXgqzz+uQBp6dAn48Yd8ao5IKHF2lakMWnfBpTGnm37TagdzOJjr
tp18+MH986Ev6+bo4uYI8m52ZE+zzz0x9/CdISbLyIcerSuJiAr4ZiRlV1HwTmyL
7suf9g05nczph7htN4UnubhUz59QV/TqmadW2TgXthPhKpFdkF9PmrWP40WX6dgQ
jdxTjX/eFQetwk8sc28ngjJpZiUfpgZgwuXamyn7FyoU711n2IUwoE/xBy4QOQHD
MyvzPDpaiD7N9SGwbUn0NOgbLOHINY5xj5B4fzECggEAaWSpLKcWhzTmGO3RSFR5
Rzo+zSUrp+KP/N7tpUqJ6ldnS3XuGx8mEa86JY3K517otZqko7fbZiA0scYfWxHC
YVtF6nptDJ68wwm/czIQkT1RM3ZfyhKXVz5+bZlbXa2T+8f3ValhdDnhIP2X4H5M
DJ3uk6CO+UJ3t+WM0wYZYdn9y1N8xvQkZVbv0S2EJ0sA+1W/bryxa3HTi3SZrKvi
lX3B6qgNjDD7uwqnzpvfWlmJl5hbIRDk/uWnqXO6nbkGVDwe5C9lHXmihRcgzPT4
jrwIzu5XBLaz2zaQMnYGADN8IHASedXAlbpZ/sNfetPMGpkmMF7pwJtomqj0AAO4
eQKCAQEAqyxVnVdblW7zQbVzIHKxysGPc+1d6f/RsoW9inBAXAYTPxJbBIUIl+Qs
X/2EPYE8pox24ruLVBLA9+2fRU9/yF4/5x8aXnXeU/KMUVWvuzEJ+l5HYySAZqGw
JymQsd97mFRZgYNhrdGisdCciXKuwxwd0E5d+H7Bvd3zvrLWYjLaXCMvEAZVmxLk
DpeTFztYclT0vm2f26SLTUd8FbCDVEAV1+nSa1s8hcNz1QgHvoD4oDUe4KFh+n+D
QgWiGePbuep7f5h02iI9HZOExwgQirEveMV3XyEUrACW9Zi4EyhKNoHVksFwNrX4
BL5KfMGSowUX9nsTXP8r1PNrJWF3Bw==
-----END PRIVATE KEY-----

1
smtprelay/opensmtpd/mailname Normal file
View file

@ -0,0 +1 @@
lok01.abzw.de

17
smtprelay/opensmtpd/smtpd.conf Normal file
View file

@ -0,0 +1,17 @@
pki smtprelay.abzw.de cert "/etc/smtpd/tls/smtprelay.abzw.de.crt"
pki smtprelay.abzw.de key "/etc/smtpd/tls/smtprelay.abzw.de.key"
table creds file:/etc/smtpd/creds
filter "dkimsign" proc-exec "filter-dkimsign -d abzw.de -d codehal.de -s lok01 -k /etc/smtpd/dkim_rsa4096.key" user dkimsign group dkimsign
listen on eth0 port 587 tls-require pki smtprelay.abzw.de auth <creds>
listen on 127.0.0.1 port 10027 tag DKIM_SIGNED filter "dkimsign"
action "relay_dkim" relay host smtp://127.0.0.1:10027
action "send" relay
match tag DKIM_SIGNED for any action "send"
match from mail-from "@abzw.de" auth for any action "relay_dkim"
match from mail-from "@codehal.de" auth for any action "relay_dkim"
match from any auth for any action "send"

49
smtprelay/opensmtpd/tls/smtprelay.abzw.de.crt Normal file
View file

@ -0,0 +1,49 @@
-----BEGIN CERTIFICATE-----
MIIDjjCCAxOgAwIBAgISBZadN+RRwUE+0mjbueyB75pHMAoGCCqGSM49BAMDMDIx
CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
NzAeFw0yNjA0MDgxMzI1MDhaFw0yNjA3MDcxMzI1MDdaMBwxGjAYBgNVBAMTEXNt
dHByZWxheS5hYnp3LmRlMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAfKNjUi9
u9+lnictQbL5GZzM5oEIFXNFkCZunJZ7o8/BEymbAhaPnwulQKzfxfa4JmZk8XCK
2TiYk7FJhuFovaOCAh0wggIZMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggr
BgEFBQcDATAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSjc29tSyt23hb9QHQsFPwA
driz5TAfBgNVHSMEGDAWgBSuSJ7chx1EoG/aouVgdAR4wpwAgDAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNy5pLmxlbmNyLm9yZy8wHAYDVR0R
BBUwE4IRc210cHJlbGF5LmFiencuZGUwEwYDVR0gBAwwCjAIBgZngQwBAgEwLQYD
VR0fBCYwJDAioCCgHoYcaHR0cDovL2U3LmMubGVuY3Iub3JnLzcyLmNybDCCAQwG
CisGAQQB1nkCBAIEgf0EgfoA+AB2AMIxfldFGaNF7n843rKQQevHwiFaIr9/1bWt
dprZDlLNAAABnW16NoMAAAQDAEcwRQIhAMXYbChAukVOQlC9W0YzBgBIR+7l2Rnk
vZiVOTMKC/JmAiA+eO3B52h2y29d/WKI1YUgYFWjyMbrrWoau2b8/0DN5QB+AEav
hj07PuWfpXfeqCRdNrDZ7SKiI/Rhd0EilFLulVBfAAABnW16N0EACAAABQADWIWD
BAMARzBFAiEAww8nZl6zNQQ5XC4swU2tr7uKTwjgFiK1znpSA6hQLBgCIAQLA/xr
rFZqCaaKS5lDdmvnEbzU0TLWgTdx6VkbX8kNMAoGCCqGSM49BAMDA2kAMGYCMQC7
fhItTdePw/+03T6lutX8ytMbG6yBlX+ppiBW6triiizmWSVjiupgZfUasi3YD2IC
MQDFEenC3UdFuX0iSerMnTj9hGt7YmH+x98StugF+cZYynhhAwKDX4U1z9DpECar
siE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEVzCCAj+gAwIBAgIRAKp18eYrjwoiCWbTi7/UuqEwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCRTcwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARB6AST
CFh/vjcwDMCgQer+VtqEkz7JANurZxLP+U9TCeioL6sp5Z8VRvRbYk4P1INBmbef
QHJFHCxcSjKmwtvGBWpl/9ra8HW0QDsUaJW2qOJqceJ0ZVFT3hbUHifBM/2jgfgw
gfUwDgYDVR0PAQH/BAQDAgGGMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcD
ATASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBSuSJ7chx1EoG/aouVgdAR4
wpwAgDAfBgNVHSMEGDAWgBR5tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcB
AQQmMCQwIgYIKwYBBQUHMAKGFmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0g
BAwwCjAIBgZngQwBAgEwJwYDVR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVu
Y3Iub3JnLzANBgkqhkiG9w0BAQsFAAOCAgEAjx66fDdLk5ywFn3CzA1w1qfylHUD
aEf0QZpXcJseddJGSfbUUOvbNR9N/QQ16K1lXl4VFyhmGXDT5Kdfcr0RvIIVrNxF
h4lqHtRRCP6RBRstqbZ2zURgqakn/Xip0iaQL0IdfHBZr396FgknniRYFckKORPG
yM3QKnd66gtMst8I5nkRQlAg/Jb+Gc3egIvuGKWboE1G89NTsN9LTDD3PLj0dUMr
OIuqVjLB8pEC6yk9enrlrqjXQgkLEYhXzq7dLafv5Vkig6Gl0nuuqjqfp0Q1bi1o
yVNAlXe6aUXw92CcghC9bNsKEO1+M52YY5+ofIXlS/SEQbvVYYBLZ5yeiglV6t3S
M6H+vTG0aP9YHzLn/KVOHzGQfXDP7qM5tkf+7diZe7o2fw6O7IvN6fsQXEQQj8TJ
UXJxv2/uJhcuy/tSDgXwHM8Uk34WNbRT7zGTGkQRX0gsbjAea/jYAoWv0ZvQRwpq
Pe79D/i7Cep8qWnA+7AE/3B3S/3dEEYmc0lpe1366A/6GEgk3ktr9PEoQrLChs6I
tu3wnNLB2euC8IKGLQFpGtOO/2/hiAKjyajaBP25w1jF0Wl8Bbqne3uZ2q1GyPFJ
YRmT7/OXpmOH/FVLtwS+8ng1cAmpCujPwteJZNcDG0sF2n/sc0+SQf49fdyUK0ty
+VUwFj9tmWxyR/M=
-----END CERTIFICATE-----

5
smtprelay/opensmtpd/tls/smtprelay.abzw.de.key Normal file
View file

@ -0,0 +1,5 @@
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEINIHnL1kSNfqUaFYSwWFj1EFGdP9oFWrkLSqySu/AhcioAoGCCqGSM49
AwEHoUQDQgAEAfKNjUi9u9+lnictQbL5GZzM5oEIFXNFkCZunJZ7o8/BEymbAhaP
nwulQKzfxfa4JmZk8XCK2TiYk7FJhuFovQ==
-----END EC PRIVATE KEY-----

2
smtprelay/smtpctl
View file

@ -1,2 +1,2 @@
#!/bin/sh #!/bin/sh
docker-compose exec smtprelay smtpctl "$@" docker compose exec smtprelay smtpctl "$@"

11
smtprelay/smtpd/smtpd.conf
View file

@ -1,11 +0,0 @@
pki "server" cert "/etc/ssl/servercert.pem"
pki "server" key "/etc/ssl/serverkey.pem"
table creds file:/etc/smtpd/creds
listen on eth0 port 587 tls-require pki "server" auth <creds> hostname smtprelay.codehal.de
action "relay" relay
match from auth for any action "relay"