Update Postfix entrypoint and main.cf configuration

Update Postfix entrypoint and main.cf configuration file to enable injection of mynetworks configuration so that the proper networks may be enabled or restricted.
docker · Oct 29, 2018 · 565db19 · 565db19
1 parent 40f4a25
commit 565db19
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 14 deletions.
diff --git a/comanage-registry-mailman/postfix/docker-postfix-entrypoint b/comanage-registry-mailman/postfix/docker-postfix-entrypoint
@@ -25,8 +25,8 @@ OUTPUT=/dev/stdout
 # variables or the contents of files.
 
 injectable_config_vars=( 
-    POSTFIX_MAILNAME
     POSTFIX_MYHOSTNAME
+    POSTFIX_MYNETWORKS
 )
 
 # If the file associated with a configuration variable is present then 
@@ -45,21 +45,20 @@ do
 done
 
 # Create the /etc/mailname file
-if [ -n "${POSTFIX_MAILNAME}" ]; then
-    MAILNAME=${POSTFIX_MAILNAME}
+if [ -n "${POSTFIX_MYHOSTNAME}" ]; then
+    MYHOSTNAME=${POSTFIX_MYHOSTNAME}
 else
-    MAILNAME=`/bin/hostname -f`
+    MYHOSTNAME=`/bin/hostname -f`
 fi
 
-echo "${MAILNAME}" > /etc/mailname
+echo "${MYHOSTNAME}" > /etc/mailname
 chmod 644 /etc/mailname
 
-if [ -n "${POSTFIX_MYHOSTNAME}" ]; then
-    MAILNAME=${POSTFIX_MYHOSTNAME}
-else
-    MAILNAME=`/bin/hostname -f`
-fi
-
+# Edit the postfix configuration file in place to set myhostname.
+sed -i -e s@%%MYHOSTNAME%%@"${MYHOSTNAME}"@ /etc/postfix/main.cf
 
+# Edit the postfix configuration file in place to set mynetworks.
+MYNETWORKS=${POSTFIX_MYNETWORKS:-127.0.0.0/8 [::1]/128}
+sed -i -e s@%%MYNETWORKS%%@"${MYNETWORKS}"@ /etc/postfix/main.cf
 
 exec /usr/lib/postfix/sbin/master -c /etc/postfix -d
diff --git a/comanage-registry-mailman/postfix/main.cf b/comanage-registry-mailman/postfix/main.cf
@@ -33,6 +33,12 @@ append_dot_mydomain = no
 # Uncomment the next line to generate "delayed mail" warnings
 #delay_warning_time = 4h
 
+# Disable VRFY command since not normally needed for mail delivery with Mailman
+disable_vrfy_command=yes
+
+# Require HELO
+smtpd_helo_required=yes
+
 readme_directory = no
 
 # See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
@@ -50,12 +56,12 @@ smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
 # information on enabling SSL in the smtp client.
 
 smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
-myhostname = lists-dev.sphericalcowgroup.com
+myhostname = %%MYHOSTNAME%%
 alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
-mydestination = $myhostname, localhost.localdomain, localhost
+mydestination = $myhostname
 relayhost = 
-mynetworks = 10.0.0.0/8 172.16.0.0/12 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mynetworks = %%MYNETWORKS%%
 mailbox_size_limit = 0
 recipient_delimiter = +
 inet_interfaces = all