happyDomain/happyDeliver
2
0
Fork 0
Code Issues 11 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Use authentication_milter instead of opendkim and opendmarc

Browse source
This commit is contained in:
nemunaire 2025-10-21 20:01:01 +07:00
commit 0581e0cf6b
9 changed files with 226 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

98
Dockerfile
View file

@ -31,19 +31,88 @@ COPY --from=nodebuild /build/web/build/ ./web/build/
RUN go generate ./... && \ RUN go generate ./... && \
CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -ldflags="-w -s" -o happyDeliver ./cmd/happyDeliver CGO_ENABLED=1 GOOS=linux go build -a -installsuffix cgo -ldflags="-w -s" -o happyDeliver ./cmd/happyDeliver
# Stage 3: Runtime image with Postfix and all filters # Stage 3: Prepare perl
FROM alpine:3 AS pl
RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
apk add --no-cache \
build-base \
musl-obstack-dev \
openssl \
openssl-dev \
perl-app-cpanminus \
perl-alien-libxml2 \
perl-class-load-xs \
perl-cpanel-json-xs \
perl-crypt-openssl-rsa \
perl-crypt-openssl-random \
perl-crypt-openssl-verify \
perl-crypt-openssl-x509 \
perl-dbd-sqlite \
perl-dbi \
perl-email-address-xs \
perl-json-xs \
perl-list-moreutils \
perl-moose \
perl-net-idn-encode@testing \
perl-net-ssleay \
perl-netaddr-ip \
perl-package-stash \
perl-params-util \
perl-params-validate \
perl-proc-processtable \
perl-sereal-decoder \
perl-sereal-encoder \
perl-socket6 \
perl-sub-identify \
perl-variable-magic \
perl-xml-libxml \
perl-dev \
zlib-dev \
&& \
ln -s /usr/bin/ld /bin/ld
RUN cpanm --notest Mail::SPF && \
cpanm --notest Mail::Milter::Authentication
# Stage 4: Runtime image with Postfix and all filters
FROM alpine:3 FROM alpine:3
# Install all required packages # Install all required packages
RUN apk add --no-cache \ RUN echo "@testing https://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories && \
apk add --no-cache \
bash \ bash \
ca-certificates \ ca-certificates \
opendkim \ openssl \
opendkim-utils \ perl \
opendmarc \ perl-alien-libxml2 \
perl-class-load-xs \
perl-cpanel-json-xs \
perl-crypt-openssl-rsa \
perl-crypt-openssl-random \
perl-crypt-openssl-verify \
perl-crypt-openssl-x509 \
perl-dbd-sqlite \
perl-dbi \
perl-email-address-xs \
perl-json-xs \
perl-list-moreutils \
perl-moose \
perl-net-idn-encode@testing \
perl-net-ssleay \
perl-netaddr-ip \
perl-package-stash \
perl-params-util \
perl-params-validate \
perl-proc-processtable \
perl-sereal-decoder \
perl-sereal-encoder \
perl-socket6 \
perl-sub-identify \
perl-variable-magic \
perl-xml-libxml \
postfix \ postfix \
postfix-pcre \ postfix-pcre \
postfix-policyd-spf-perl \
spamassassin \ spamassassin \
spamassassin-client \ spamassassin-client \
supervisor \ supervisor \
@ -51,9 +120,8 @@ RUN apk add --no-cache \
tzdata \ tzdata \
&& rm -rf /var/cache/apk/* && rm -rf /var/cache/apk/*
# Get test-only version of postfix-policyd-spf-perl # Copy Mail::Milter::Authentication and its dependancies
ADD https://git.nemunai.re/happyDomain/postfix-policyd-spf-perl/raw/branch/master/postfix-policyd-spf-perl /usr/bin/postfix-policyd-spf-perl COPY --from=pl /usr/local/ /usr/local/
RUN chmod +x /usr/bin/postfix-policyd-spf-perl && chmod 755 /usr/bin/postfix-policyd-spf-perl
# Create happydeliver user and group # Create happydeliver user and group
RUN addgroup -g 1000 happydeliver && \ RUN addgroup -g 1000 happydeliver && \
@ -63,12 +131,11 @@ RUN addgroup -g 1000 happydeliver && \
RUN mkdir -p /etc/happydeliver \ RUN mkdir -p /etc/happydeliver \
/var/lib/happydeliver \ /var/lib/happydeliver \
/var/log/happydeliver \ /var/log/happydeliver \
/var/spool/postfix/opendkim \ /var/cache/authentication_milter \
/var/spool/postfix/opendmarc \ /var/lib/authentication_milter \
/etc/opendkim/keys \ /var/spool/postfix/authentication_milter \
&& chown -R happydeliver:happydeliver /var/lib/happydeliver /var/log/happydeliver \ && chown -R happydeliver:happydeliver /var/lib/happydeliver /var/log/happydeliver \
&& chown -R opendkim:postfix /var/spool/postfix/opendkim \ && chown -R mail:mail /var/spool/postfix/authentication_milter
&& chown -R opendmarc:postfix /var/spool/postfix/opendmarc
# Copy the built application # Copy the built application
COPY --from=builder /build/happyDeliver /usr/local/bin/happyDeliver COPY --from=builder /build/happyDeliver /usr/local/bin/happyDeliver
@ -76,8 +143,7 @@ RUN chmod +x /usr/local/bin/happyDeliver
# Copy configuration files # Copy configuration files
COPY docker/postfix/ /etc/postfix/ COPY docker/postfix/ /etc/postfix/
COPY docker/opendkim/ /etc/opendkim/ COPY docker/authentication_milter/authentication_milter.json /etc/authentication_milter.json
COPY docker/opendmarc/ /etc/opendmarc/
COPY docker/spamassassin/ /etc/mail/spamassassin/ COPY docker/spamassassin/ /etc/mail/spamassassin/
COPY docker/supervisor/ /etc/supervisor/ COPY docker/supervisor/ /etc/supervisor/
COPY docker/entrypoint.sh /entrypoint.sh COPY docker/entrypoint.sh /entrypoint.sh

5
README.md
View file

@ -17,13 +17,12 @@ An open-source email deliverability testing platform that analyzes test emails a
### With Docker (Recommended) ### With Docker (Recommended)
The easiest way to run happyDeliver is using the all-in-one Docker container that includes Postfix, OpenDKIM, OpenDMARC, SpamAssassin, and the happyDeliver application. The easiest way to run happyDeliver is using the all-in-one Docker container that includes Postfix, authentication_milter, SpamAssassin, and the happyDeliver application.
#### What's included in the Docker container: #### What's included in the Docker container:
- **Postfix MTA**: Receives emails on port 25 - **Postfix MTA**: Receives emails on port 25
- **OpenDKIM**: DKIM signature verification - **authentication_milter**: Entreprise grade email authentication
- **OpenDMARC**: DMARC policy validation
- **SpamAssassin**: Spam scoring and analysis - **SpamAssassin**: Spam scoring and analysis
- **happyDeliver API**: REST API server on port 8080 - **happyDeliver API**: REST API server on port 8080
- **SQLite Database**: Persistent storage for tests and reports - **SQLite Database**: Persistent storage for tests and reports

69
docker/authentication_milter/authentication_milter.json Normal file
View file

@ -0,0 +1,69 @@
{
"logtoerr" : "1",
"error_log" : "",
"connection" : "unix:/var/spool/postfix/authentication_milter/authentication_milter.sock",
"umask" : "0007",
"runas" : "mail",
"rungroup" : "mail",
"authserv_id" : "__HOSTNAME__",
"connect_timeout" : 30,
"command_timeout" : 30,
"content_timeout" : 300,
"dns_timeout" : 10,
"dns_retry" : 2,
"handlers" : {
"Sanitize" : {
"hosts_to_remove" : [
"__HOSTNAME__"
]
},
"SPF" : {
"hide_none" : 0
},
"DKIM" : {
"hide_none" : 0,
},
"XGoogleDKIM" : {
"hide_none" : 1,
},
"ARC" : {
"hide_none" : 0,
},
"DMARC" : {
"hide_none" : 0,
"detect_list_id" : "1"
},
"BIMI" : {},
"PTR" : {},
"SenderID" : {
"hide_none" : 1
},
"IPRev" : {},
"Auth" : {},
"AlignedFrom" : {},
"LocalIP" : {},
"TrustedIP" : {
"trusted_ip_list" : []
},
"!AddID" : {},
"ReturnOK" : {}
}
}

58
docker/authentication_milter/mail-dmarc.ini Normal file
View file

@ -0,0 +1,58 @@
; This is YOU. DMARC reports include information about the reports. Enter it here.
[organization]
domain = example.com
org_name = My Company Limited
email = admin@example.com
extra_contact_info = http://example.com
; aggregate DMARC reports need to be stored somewhere. Any database
; with a DBI module (MySQL, SQLite, DBD, etc.) should work.
; SQLite and MySQL are tested.
; Default is sqlite.
[report_store]
backend = SQL
;dsn = dbi:SQLite:dbname=dmarc_reports.sqlite
dsn = dbi:mysql:database=dmarc_reporting_database;host=localhost;port=3306
user = authmilterusername
pass = authmiltpassword
; backend can be perl or libopendmarc
[dmarc]
backend = perl
[dns]
timeout = 5
public_suffix_list = share/public_suffix_list
[smtp]
; hostname is the external FQDN of this MTA
hostname = mx1.example.com
cc = dmarc.copy@example.com
; list IP addresses to whitelist (bypass DMARC reject/quarantine)
; see sample whitelist in share/dmarc_whitelist
whitelist = /path/to/etc/dmarc_whitelist
; By default, we attempt to email directly to the report recipient.
; Set these to relay via a SMTP smart host.
smarthost = mx2.example.com
smartuser = dmarccopyusername
smartpass = dmarccopypassword
[imap]
server = mail.example.com
user =
pass =
; the imap folder where new dmarc messages will be found
folder = dmarc
; the folders to store processed reports (a=aggregate, f=forensic)
f_done = dmarc.forensic
a_done = dmarc.aggregate
[http]
port = 8080
[https]
port = 8443
ssl_crt =
ssl_key =

19
docker/entrypoint.sh
View file

@ -10,28 +10,23 @@ HAPPYDELIVER_DOMAIN="${HAPPYDELIVER_DOMAIN:-happydeliver.local}"
echo "Hostname: $HOSTNAME" echo "Hostname: $HOSTNAME"
echo "Domain: $HAPPYDELIVER_DOMAIN" echo "Domain: $HAPPYDELIVER_DOMAIN"
# Create runtime directories
mkdir -p /var/run/opendkim /var/run/opendmarc
chown opendkim:postfix /var/run/opendkim
chown opendmarc:postfix /var/run/opendmarc
# Create socket directories # Create socket directories
mkdir -p /var/spool/postfix/opendkim /var/spool/postfix/opendmarc mkdir -p /var/spool/postfix/authentication_milter
chown opendkim:postfix /var/spool/postfix/opendkim chown mail:mail /var/spool/postfix/authentication_milter
chown opendmarc:postfix /var/spool/postfix/opendmarc chmod 750 /var/spool/postfix/authentication_milter
chmod 750 /var/spool/postfix/opendkim /var/spool/postfix/opendmarc
# Create log directory # Create log directory
mkdir -p /var/log/happydeliver mkdir -p /var/log/happydeliver /var/cache/authentication_milter /var/spool/authentication_milter /var/lib/authentication_milter /run/authentication_milter
chown happydeliver:happydeliver /var/log/happydeliver chown happydeliver:happydeliver /var/log/happydeliver
chown mail:mail /var/cache/authentication_milter /run/authentication_milter /var/spool/authentication_milter /var/lib/authentication_milter
# Replace placeholders in Postfix configuration # Replace placeholders in Postfix configuration
echo "Configuring Postfix..." echo "Configuring Postfix..."
sed -i "s/__HOSTNAME__/${HOSTNAME}/g" /etc/postfix/main.cf sed -i "s/__HOSTNAME__/${HOSTNAME}/g" /etc/postfix/main.cf
sed -i "s/__DOMAIN__/${HAPPYDELIVER_DOMAIN}/g" /etc/postfix/main.cf sed -i "s/__DOMAIN__/${HAPPYDELIVER_DOMAIN}/g" /etc/postfix/main.cf
# Replace placeholders in OpenDMARC configuration # Replace placeholders in configurations
sed -i "s/__HOSTNAME__/${HOSTNAME}/g" /etc/opendmarc/opendmarc.conf sed -i "s/__HOSTNAME__/${HOSTNAME}/g" /etc/authentication_milter.json
# Initialize Postfix aliases # Initialize Postfix aliases
if [ -f /etc/postfix/aliases ]; then if [ -f /etc/postfix/aliases ]; then

39
docker/opendkim/opendkim.conf
View file

@ -1,39 +0,0 @@
# OpenDKIM configuration for happyDeliver
# Verifies DKIM signatures on incoming emails
# Log to syslog
Syslog yes
SyslogSuccess yes
LogWhy yes
# Run as this user and group
UserID opendkim:mail
UMask 002
# Socket for Postfix communication
Socket unix:/var/spool/postfix/opendkim/opendkim.sock
# Process ID file
PidFile /var/run/opendkim/opendkim.pid
# Operating mode - verify only (not signing)
Mode v
# Canonicalization methods
Canonicalization relaxed/simple
# DNS timeout
DNSTimeout 5
# Add header for verification results
AlwaysAddARHeader yes
# Accept unsigned mail
On-NoSignature accept
# Always add Authentication-Results header
AlwaysAddARHeader yes
# Maximum verification attempts
MaximumSignaturesToVerify 3

41
docker/opendmarc/opendmarc.conf
View file

@ -1,41 +0,0 @@
# OpenDMARC configuration for happyDeliver
# Verifies DMARC policies on incoming emails
# Socket for Postfix communication
Socket unix:/var/spool/postfix/opendmarc/opendmarc.sock
# Process ID file
PidFile /var/run/opendmarc/opendmarc.pid
# Run as this user and group
UserID opendmarc:mail
UMask 002
# Syslog configuration
Syslog true
SyslogFacility mail
# Ignore authentication results from other hosts
IgnoreAuthenticatedClients true
# Accept mail even if DMARC fails (we're analyzing, not filtering)
RejectFailures false
# Trust Authentication-Results headers from localhost only
TrustedAuthservIDs __HOSTNAME__
# Add DMARC results to Authentication-Results header
#AddAuthenticationResults true
# DNS timeout
DNSTimeout 5
# History file (for reporting)
# HistoryFile /var/spool/opendmarc/opendmarc.dat
# Ignore hosts file
# IgnoreHosts /etc/opendmarc/ignore.hosts
# Public suffix list
# PublicSuffixList /usr/share/publicsuffix/public_suffix_list.dat

5
docker/postfix/main.cf
View file

@ -28,14 +28,13 @@ transport_maps = pcre:/etc/postfix/transport_maps
# OpenDKIM for DKIM verification # OpenDKIM for DKIM verification
milter_default_action = accept milter_default_action = accept
milter_protocol = 6 milter_protocol = 6
smtpd_milters = unix:/var/spool/postfix/opendkim/opendkim.sock, unix:/var/spool/postfix/opendmarc/opendmarc.sock smtpd_milters = unix:/var/spool/postfix/authentication_milter/authentication_milter.sock
non_smtpd_milters = $smtpd_milters non_smtpd_milters = $smtpd_milters
# SPF policy checking # SPF policy checking
smtpd_recipient_restrictions = smtpd_recipient_restrictions =
permit_mynetworks, permit_mynetworks,
reject_unauth_destination, reject_unauth_destination
check_policy_service unix:private/policy-spf
# Logging # Logging
debug_peer_level = 2 debug_peer_level = 2

23
docker/supervisor/supervisord.conf
View file

@ -22,26 +22,15 @@ autostart=true
autorestart=true autorestart=true
priority=9 priority=9
# OpenDKIM service # Authentication Milter service
[program:opendkim] [program:authentication_milter]
command=/usr/sbin/opendkim -f -x /etc/opendkim/opendkim.conf command=/usr/local/bin/authentication_milter --pidfile /run/authentication_milter/authentication_milter.pid
autostart=true autostart=true
autorestart=true autorestart=true
priority=10 priority=10
stdout_logfile=/var/log/happydeliver/opendkim.log stdout_logfile=/var/log/happydeliver/authentication_milter.log
stderr_logfile=/var/log/happydeliver/opendkim_error.log stderr_logfile=/var/log/happydeliver/authentication_milter.log
user=opendkim user=mail
group=mail
# OpenDMARC service
[program:opendmarc]
command=/usr/sbin/opendmarc -f -c /etc/opendmarc/opendmarc.conf
autostart=true
autorestart=true
priority=11
stdout_logfile=/var/log/happydeliver/opendmarc.log
stderr_logfile=/var/log/happydeliver/opendmarc_error.log
user=opendmarc
group=mail group=mail
# SpamAssassin daemon # SpamAssassin daemon