From 1773ab7af2eaa0fd41036bc35c4a6071b82137da Mon Sep 17 00:00:00 2001
From: Hugo Sales <hugo@hsal.es>
Date: Wed, 24 Mar 2021 22:31:43 +0000
Subject: [PATCH] [DOCKER][MAIL] Update config and change the way mail docker
 handles it, so the edits aren't visible from the outside, polluting the git
 staging area

---
 bin/configure                                 | 79 ++++++++-----------
 docker/bootstrap/bootstrap.sh                 |  2 +-
 docker/mail/Dockerfile                        | 54 ++-----------
 docker/mail/config/dovecot/dovecot.conf       | 15 ++--
 docker/mail/config/opendkim/TrustedHosts      |  2 +-
 docker/mail/config/postfix/main.cf            | 41 ++++++----
 docker/mail/config/postfix/master.cf          | 21 ++---
 docker/mail/docker-compose.fragment.sh        |  4 +
 docker/mail/entrypoint.sh                     | 51 ++++++++++++
 docker/mail/etc/mail/postfix/aliases          | 10 +++
 .../mail/{rootfs => }/etc/service/dovecot/run |  0
 .../{rootfs => }/etc/service/opendkim/run     |  0
 .../mail/{rootfs => }/etc/service/postfix/run |  0
 .../mail/{rootfs => }/etc/service/rsyslog/run |  0
 docker/mail/rootfs/usr/bin/start.sh           | 21 -----
 docker/mail/setup.sh                          | 48 -----------
 docker/nginx/domain.sh                        |  2 +-
 17 files changed, 149 insertions(+), 201 deletions(-)
 create mode 100755 docker/mail/entrypoint.sh
 create mode 100644 docker/mail/etc/mail/postfix/aliases
 rename docker/mail/{rootfs => }/etc/service/dovecot/run (100%)
 rename docker/mail/{rootfs => }/etc/service/opendkim/run (100%)
 rename docker/mail/{rootfs => }/etc/service/postfix/run (100%)
 rename docker/mail/{rootfs => }/etc/service/rsyslog/run (100%)
 delete mode 100644 docker/mail/rootfs/usr/bin/start.sh
 delete mode 100755 docker/mail/setup.sh

diff --git a/bin/configure b/bin/configure
index 0316f34b44..1a34a22e72 100755
--- a/bin/configure
+++ b/bin/configure
@@ -96,14 +96,15 @@ while true; do
 done
 
 if [ "${DBMS}" = 'postgres' ]; then DB_USER="postgres"; else DB_USER="social"; fi
-while true; do
-    DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \
-                          --inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \
-                          3>&1 1>&2 2>&3)
-    validate_exit $?
-    if [ -n "${DB_USER}" ]; then break; fi
-done
-
+if echo "${DOCKER}" | grep -Fvq '"db"'; then
+    while true; do
+        DB_USER=$(${WHIPTAIL} --title 'GNU social DB user' --clear --backtitle 'GNU social' \
+                              --inputbox "\nEnter a user name for social to connect to the database under" 0 0 "${DB_USER}" \
+                              3>&1 1>&2 2>&3)
+        validate_exit $?
+        if [ -n "${DB_USER}" ]; then break; fi
+    done
+fi
 while true; do
     DB_PASSWORD=$(${WHIPTAIL} --title 'GNU social DB password' --clear --backtitle 'GNU social' \
                               --passwordbox "\nEnter a password for social to connect to the database with" 0 0 \
@@ -224,17 +225,25 @@ validate_exit $?
 
 
 # ------------ Mail server --------------
-if echo "${DOCKER}" | grep -Fq '"mail"'; then
+MAILER_DSN='sendmail://localhost'
+if echo "${DOCKER}" | grep -Fvq '"mail"'; then
     while true; do
         MAILER_DSN=$(${WHIPTAIL} --title 'GNU social mail server DSN' --clear --backtitle 'GNU social' \
-                                 --inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 'sendmail://localhost' \
+                                 --inputbox "\nEnter a DSN/URL social will use to connect to the mail server" 0 0 "${MAILER_DSN}" \
                                  3>&1 1>&2 2>&3)
         validate_exit $?
         if [ -n "${MAILER_DSN}" ]; then break; fi
     done
+    while true; do
+        MAIL_DOMAIN=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
+                                  --inputbox "\nEnter the domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
+                                  3>&1 1>&2 2>&3)
+        validate_exit $?
+        if [ -n "${MAIL_DOMAIN}" ]; then break; fi
+    done
 fi
 
-if echo "${DOCKER}" | grep -Fvq '"mail"'; then
+if echo "${DOCKER}" | grep -Fq '"mail"'; then
     while true; do
         MAIL_DOMAIN_ROOT=$(${WHIPTAIL} --title 'GNU social mail server domain' --clear --backtitle 'GNU social' \
                                        --inputbox "\nEnter the root domain social will use to serve mail" 0 0 "${DOMAIN_ROOT}" \
@@ -256,7 +265,7 @@ if echo "${DOCKER}" | grep -Fvq '"mail"'; then
 
     while true; do
         MAIL_SENDER_USER=$(${WHIPTAIL} --title 'GNU social mail sender user' --clear --backtitle 'GNU social' \
-                                       --inputbox "\nEnter the user emails should be sent from" 0 0 \
+                                       --inputbox "\nEnter the user emails should be sent from (email without @domain)" 0 0 \
                                        3>&1 1>&2 2>&3)
         validate_exit $?
         if [ -n "${MAIL_SENDER_USER}" ]; then break; fi
@@ -264,7 +273,7 @@ if echo "${DOCKER}" | grep -Fvq '"mail"'; then
 
     while true; do
         MAIL_SENDER_NAME=$(${WHIPTAIL} --title 'GNU social mail sender name' --clear --backtitle 'GNU social' \
-                                       --inputbox "\nEnter the name emails should be sent from (name without @domain)" 0 0 \
+                                       --inputbox "\nEnter the name emails should be sent from" 0 0 "${NODE_NAME}" \
                                        3>&1 1>&2 2>&3)
         validate_exit $?
         if [ -n "${MAIL_SENDER_NAME}" ]; then break; fi
@@ -331,7 +340,7 @@ SOCIAL_DB=${DB_NAME}
 SOCIAL_USER=${DB_USER}
 SOCIAL_PASSWORD=${DB_PASSWORD}
 SOCIAL_DOMAIN=${DOMAIN}
-SOCIAL_SITENAME=${SITENAME}
+SOCIAL_NODE_NAME=${NODE_NAME}
 SOCIAL_ADMIN_EMAIL=${EMAIL}
 SOCIAL_SITE_PROFILE=${PROFILE}
 MAILER_DSN=${MAILER_DSN}
@@ -347,40 +356,18 @@ EOF
 # --------------- Write mail configuration, and setup ----------------------
 mkdir -p "${INSTALL_DIR}/docker/mail"
 
-cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
-MAIL_DOMAIN=${MAIL_DOMAIN}
-MAIL_USER=${MAIL_SENDER_USER}
-MAIL_NAME=${MAIL_SENDER_NAME}
-MAIL=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
-SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
-SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
-EOF
-
 HASHED_PASSWORD="{SHA512-CRYPT}"$(echo "${MAIL_PASSWORD}" | openssl passwd -6 -in -)
 
-# Config postfix
-sed -ri \
-    -e "s/^\s*myhostname\s*=.*/myhostname = ${MAILNAME}/" \
-    -e "s/^\s*mydomain\s*=.*/mydomain = ${DOMAINNAME}/" \
-    -e "s/^\s*smtpd_tls_cert_file\s*=.*/smtpd_tls_cert_file = ${SSL_CERT}/" \
-    -e "s/^\s*smtpd_tls_key_file\s*=.*/smtpd_tls_key_file = ${SSL_KEY}/" \
-    "${INSTALL_DIR}/docker/mail/config/postfix/main.cf"
-
-# Config dovecot
-sed -ri \
-    -e "s/^\s*ssl_cert\s*=.*/ssl_cert = <${SSL_CERT}/" \
-    -e "s/^\s*ssl_key\s*=.*/ssl_key = <${SSL_KEY}/" \
-    -e "s/^\s*postmaster_address\s*=.*/postmaster_address = postmaster@${DOMAINNAME}/" \
-    "${INSTALL_DIR}/docker/mail/config/dovecot/dovecot.conf"
-
-# Config dkim
-sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" "${INSTALL_DIR}/docker/mail/config/opendkim/TrustedHosts"
-
-# Prepare mail user
-echo "${MAIL_DOMAIN_ROOT} #OK"                   > "${INSTALL_DIR}/docker/mail/config/domains"
-echo "${MAIL_USER} ${MAIL_USER}"                 > "${INSTALL_DIR}/docker/mail/config/aliases"
-echo "${MAIL_USER} ${MAIL_DOMAIN}/${MAIL_USER}/" > "${INSTALL_DIR}/docker/mail/config/mailboxes"
-echo "${MAIL_USER}:${HASHED_PASSWORD}"           > "${INSTALL_DIR}/docker/mail/config/passwd"
+cat > "${INSTALL_DIR}/docker/mail/mail.env" <<EOF
+MAIL_DOMAIN=${MAIL_DOMAIN}
+MAIL_DOMAIN_ROOT=${MAIL_DOMAIN_ROOT}
+MAIL_USER=${MAIL_SENDER_USER}
+MAIL_NAME=${MAIL_SENDER_NAME}
+MAIL_ADDRESS=${MAIL_SENDER_USER}@${MAIL_DOMAIN}
+SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN}/fullchain.pem
+SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN}/privkey.pem
+HASHED_PASSWORD=${HASHED_PASSWORD}
+EOF
 # --------------------------------------------------------------------------
 
 
diff --git a/docker/bootstrap/bootstrap.sh b/docker/bootstrap/bootstrap.sh
index a9117fed57..ea0491233f 100755
--- a/docker/bootstrap/bootstrap.sh
+++ b/docker/bootstrap/bootstrap.sh
@@ -5,7 +5,7 @@
 
 . bootstrap.env
 
-sed -ri "s/%hostname%/${DOMAIN}/" /etc/nginx/conf.d/challenge.conf
+sed -ri "s/%hostname%/${MAIL_DOMAIN}/" /etc/nginx/conf.d/challenge.conf
 
 nginx
 
diff --git a/docker/mail/Dockerfile b/docker/mail/Dockerfile
index 80f1f41739..a5216d5716 100644
--- a/docker/mail/Dockerfile
+++ b/docker/mail/Dockerfile
@@ -1,54 +1,12 @@
-FROM debian:buster-slim
+FROM alpine
 
-ENV DEBIAN_FRONTEND=noninteractive 
-
-# Install packages
-RUN apt-get update \
-	&& apt-get upgrade -y \
-	&& apt-get install -y --no-install-recommends \
-		dovecot-core \
-		dovecot-imapd \
-		dovecot-lmtpd \
-		dovecot-pop3d \
-		opendkim \
-		opendkim-tools \
-		openssl \
-		postfix \
-		procps \
-		rsyslog \
-		s6 \
-	&& apt-get autoclean \
-	&& apt-get autoremove
-
-# Setup folders and users
-RUN groupadd -g 2222 vmail \
-	&& mkdir -p -m 751 "/var/mail/" \
-	&& mkdir -p -m 755 "/etc/mail/" \
-	&& mkdir -p "/var/opendkim/keys/" \
-	&& useradd -d "/var/mail" -M -s "/usr/sbin/nologin" -u 2222 -g 2222 vmail \
-	&& usermod -aG vmail postfix \
-	&& usermod -aG vmail dovecot \
-	&& usermod -aG vmail opendkim \
-	&& chown vmail:vmail "/var/mail" \
-	&& chown opendkim:opendkim "/var/opendkim/keys/"
-
-# Copy config files
-COPY rootfs/ /
-
-RUN chmod +x "/etc/service/postfix/run" \
-	&& chmod +x "/etc/service/dovecot/run" \
-	&& chmod +x "/etc/service/opendkim/run" \
-	&& chmod +x "/etc/service/rsyslog/run" \
-	&& chmod +x "/usr/bin/start.sh"
-
-# Prepare user
-RUN mkdir -p "/var/mail/${MAIL_DOMAIN}" \
-	&& mkdir -p "/var/mail/${DOMAINPART}/${USER%@*}" \
-	&& chown vmail:vmail "/var/mail/${MAIL_DOMAIN}" \
-	&& chown vmail:vmail "/var/mail/${MAIL_DOMAIN_ROOT}/${MAIL_USER%@*}"
+RUN apk update && apk add postfix dovecot dovecot-pop3d opendkim s6
 
 # Expose ports
 EXPOSE 25 110 143 587 993 995
 
+# Fixes problem with s6 (s6 claims it's a docker bug)
+VOLUME ["/run"]
+
 # Run start script
-ENTRYPOINT /usr/bin/start.sh
+ENTRYPOINT /usr/bin/entrypoint.sh
diff --git a/docker/mail/config/dovecot/dovecot.conf b/docker/mail/config/dovecot/dovecot.conf
index 4a0e986632..0622e74593 100644
--- a/docker/mail/config/dovecot/dovecot.conf
+++ b/docker/mail/config/dovecot/dovecot.conf
@@ -1,9 +1,10 @@
 protocols = imap pop3 lmtp
 
 ssl = yes
-ssl_cert = 
-ssl_key = 
-ssl_cipher_list = ALL:!LOW:!SSLv2:!EXP:!aNULL
+# `<` means read from file
+ssl_cert = <%cert_file%
+ssl_key = <%key_file%
+ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!EXP:!aNULL
 
 listen = *, ::
 dict {
@@ -33,7 +34,7 @@ userdb {
 }
 
 service auth {
-	unix_listener auth-client {
+	unix_listener /var/spool/postfix/private/auth  {
 		user = postfix
 		group = postfix
 		mode = 0660
@@ -47,7 +48,7 @@ service imap-login {
 }
 
 protocol lmtp {
-postmaster_address = 
+postmaster_address = %postmaster_address%
 }
 
 protocol imap {
@@ -68,5 +69,5 @@ service stats {
     }
 }
 
-!include_try conf.d/*.conf
-!include_try local.conf
+# !include_try conf.d/*.conf
+# !include_try local.conf
diff --git a/docker/mail/config/opendkim/TrustedHosts b/docker/mail/config/opendkim/TrustedHosts
index ef33e72865..65b3a35c7f 100644
--- a/docker/mail/config/opendkim/TrustedHosts
+++ b/docker/mail/config/opendkim/TrustedHosts
@@ -7,5 +7,5 @@
 ::1
 172.17.0.0/16
 fe80::/64
-#HOSTNAME
+%hostname%
 
diff --git a/docker/mail/config/postfix/main.cf b/docker/mail/config/postfix/main.cf
index 32cbcc7056..92baa920d6 100644
--- a/docker/mail/config/postfix/main.cf
+++ b/docker/mail/config/postfix/main.cf
@@ -1,19 +1,39 @@
 ## STANDARD POSTFIX CONFIG PARAMS ###
 
+myhostname = %hostname%
+mydomain = %domain_root%
+myorigin = $myhostname
+mydestination = $myhostname, localhost.$mydomain, localhost
+# Intentianally blank
+relayhost =
+alias_maps = hash:/etc/mail/postfix/aliases
+alias_database = hash:/etc/mail/postfix/aliases
+
+smtpd_tls_cert_file = %cert_file%
+smtpd_tls_key_file = %key_file%
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+smtpd_tls_security_level=may
+#SSLv2 and SSLv3 are obsolete
+smtpd_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_security_level = may
+smtp_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_exclude_ciphers = EXPORT, LOW
+smtpd_tls_loglevel = 1
+smtpd_tls_session_cache_timeout = 3600s
+
+local_recipient_maps = proxy:unix:passwd.byname $alias_maps
+
 queue_directory = /var/spool/postfix
 command_directory = /usr/sbin
 daemon_directory = /usr/lib/postfix/sbin
 data_directory = /var/lib/postfix
 mail_owner = postfix
-myhostname = 
-mydomain = 
-myorigin = $myhostname
 inet_interfaces = all
 inet_protocols = all
-mydestination = $myhostname, localhost.$mydomain, localhost
 unknown_local_recipient_reject_code = 550
 mynetworks = 127.0.0.0/8, [::1]/128
-alias_maps = hash:/etc/mail/postfix/aliases
 
 mailbox_command = /usr/lib/dovecot/deliver
   
@@ -30,10 +50,6 @@ manpage_directory = /usr/share/man
 sample_directory = /usr/share/doc/postfix-2.10.1/samples
 readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
 
-smtp_tls_security_level = may
-smtp_tls_loglevel = 1
-smtp_tls_protocols = !SSLv2
-smtp_tls_exclude_ciphers = EXPORT, LOW
 
 ### VIRTUAL MAIL CONFIG PARAMS ###
 relay_domains = *
@@ -63,12 +79,7 @@ smtpd_sasl_local_domain = $mydomain
 broken_sasl_auth_clients = yes
 
 smtpd_tls_security_level = may
-smtpd_tls_key_file = 
-smtpd_tls_cert_file = 
-smtpd_tls_loglevel = 1
-smtpd_tls_session_cache_timeout = 3600s
-smtpd_tls_session_cache_database = btree:/var/lib/postfix/smtpd_tls_cache
-smtpd_tls_protocols = $smtp_tls_protocols
+
 tls_random_source = dev:/dev/urandom
 tls_random_exchange_name = /var/lib/postfix/prng_exch
 smtpd_tls_auth_only = yes
diff --git a/docker/mail/config/postfix/master.cf b/docker/mail/config/postfix/master.cf
index 8caedc3fab..ebf2d5e773 100644
--- a/docker/mail/config/postfix/master.cf
+++ b/docker/mail/config/postfix/master.cf
@@ -8,21 +8,16 @@
 # service type  private unpriv  chroot  wakeup  maxproc command + args
 #               (yes)   (yes)   (yes)   (never) (100)
 # ==========================================================================
-smtp      inet  n       -       n       -       -       smtpd
+smtp       inet  n       -       n       -       -       smtpd
 #smtp      inet  n       -       n       -       1       postscreen
 #smtpd     pass  -       -       n       -       -       smtpd
 #dnsblog   unix  -       -       n       -       0       dnsblog
 #tlsproxy  unix  -       -       n       -       0       tlsproxy
-submission inet n       -       n       -       -       smtpd
-#  -o syslog_name=postfix/submission
-#  -o smtpd_tls_security_level=encrypt
-#  -o smtpd_sasl_auth_enable=yes
-#  -o smtpd_reject_unlisted_recipient=no
-#  -o smtpd_client_restrictions=$mua_client_restrictions
-#  -o smtpd_helo_restrictions=$mua_helo_restrictions
-#  -o smtpd_sender_restrictions=$mua_sender_restrictions
-#  -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
-#  -o milter_macro_daemon_name=ORIGINATING
+submission inet  n       -       n       -       -       smtpd
+   -o syslog_name=postfix/submission
+   -o smtpd_tls_security_level=encrypt
+   -o smtpd_sasl_auth_enable=yes
+   -o smtpd_reject_unlisted_recipient=no
 smtps     inet  n       -       n       -       -       smtpd
   -o syslog_name=postfix/smtps
   -o smtpd_tls_wrappermode=yes
@@ -30,7 +25,7 @@ smtps     inet  n       -       n       -       -       smtpd
   -o smtpd_reject_unlisted_recipient=no
   -o smtpd_recipient_restrictions=permit_sasl_authenticated,reject
   -o milter_macro_daemon_name=ORIGINATING
-#628       inet  n       -       n       -       -       qmqpd
+#628      inet  n       -       n       -       -       qmqpd
 pickup    unix  n       -       n       60      1       pickup
 cleanup   unix  n       -       n       -       0       cleanup
 qmgr      unix  n       -       n       300     1       qmgr
@@ -122,5 +117,5 @@ scache    unix  -       -       n       -       1       scache
 #mailman   unix  -       n       n       -       -       pipe
 #  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
 #  ${nexthop} ${user}
-dovecot   unix  -       n       n       -       -       pipe
+dovecot    unix  -       n       n       -       -       pipe
   flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${recipient}
diff --git a/docker/mail/docker-compose.fragment.sh b/docker/mail/docker-compose.fragment.sh
index aa80186031..29aa45129d 100644
--- a/docker/mail/docker-compose.fragment.sh
+++ b/docker/mail/docker-compose.fragment.sh
@@ -12,8 +12,12 @@ cat <<EOF
           - 587:587
           - 993:993
         volumes:
+          - ./docker/mail/etc:/etc
+          - ./docker/mail/entrypoint.sh:/usr/bin/entrypoint.sh
           - ./docker/mail/mail:/var/mail
           - ./docker/mail/config:/etc/mail
+          - ./docker/mail/config/postfix:/etc/postfix
+          - ./docker/mail/config/dovecot:/etc/dovecot
           # Certbot
           - ./docker/certbot/www:/var/www/certbot
           - ./docker/certbot/.files:/etc/letsencrypt
diff --git a/docker/mail/entrypoint.sh b/docker/mail/entrypoint.sh
new file mode 100755
index 0000000000..43e362e9ce
--- /dev/null
+++ b/docker/mail/entrypoint.sh
@@ -0,0 +1,51 @@
+#!/bin/sh
+
+set -x
+
+touch /etc/passwd
+adduser nobody
+adduser postfix
+adduser dovecot
+adduser opendkim
+
+addgroup dovecot postfix
+addgroup opendkim postfix
+chown postfix:postfix "/var/mail/${MAIL_DOMAIN}"
+mkdir -p "/var/opendkim/keys/"
+chown opendkim:opendkim "/var/opendkim/keys/"
+chmod +x "/etc/service/postfix/run"
+chmod +x "/etc/service/dovecot/run"
+chmod +x "/etc/service/opendkim/run"
+chmod +x "/etc/service/rsyslog/run"
+chmod +x "/usr/bin/entrypoint.sh"
+mkdir -p "/var/mail/${MAIL_DOMAIN}/${MAIL_USER}"
+
+# Config postfix
+sed -ri \
+    -e "s,%hostname%,${MAIL_DOMAIN}," \
+    -e "s,%domain_root%,${MAIL_DOMAIN_ROOT}," \
+    -e "s,%cert_file%,${SSL_CERT}," \
+    -e "s,%key_file%,${SSL_KEY}," \
+    -e "s,%postmaster_address%,${MAIL_ADDRESS}," \
+    /etc/postfix/main.cf /etc/dovecot/dovecot.conf /etc/mail/opendkim/TrustedHosts
+
+# Prepare mail user
+touch /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
+echo "${MAIL_DOMAIN} #OK" > /etc/mail/domains
+if ! grep -Fq 'root:' /etc/mail/aliases; then echo "root: ${MAIL_USER}" >> /etc/mail/aliases; fi
+echo "${MAIL_USER} ${MAIL_DOMAIN}/${MAIL_USER}/" > /etc/mail/mailboxes
+echo "${MAIL_USER}:${HASHED_PASSWORD}" > /etc/mail/passwd
+
+# Run opendkim
+if [ ! -e "/var/opendkim/keys/default.private" ]
+then
+	opendkim-genkey -d "${MAIL_DOMAIN}" -D "/var/opendkim/keys/"
+fi
+
+newaliases
+postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
+postfix reload
+dovecot
+
+# # Run services
+# s6-svscan /etc/service
diff --git a/docker/mail/etc/mail/postfix/aliases b/docker/mail/etc/mail/postfix/aliases
new file mode 100644
index 0000000000..7b1630e29d
--- /dev/null
+++ b/docker/mail/etc/mail/postfix/aliases
@@ -0,0 +1,10 @@
+mailer-daemon: postmaster
+postmaster: root
+nobody: root
+hostmaster: root
+usenet: root
+news: root
+webmaster: root
+www: root
+ftp: root
+abuse: root
diff --git a/docker/mail/rootfs/etc/service/dovecot/run b/docker/mail/etc/service/dovecot/run
similarity index 100%
rename from docker/mail/rootfs/etc/service/dovecot/run
rename to docker/mail/etc/service/dovecot/run
diff --git a/docker/mail/rootfs/etc/service/opendkim/run b/docker/mail/etc/service/opendkim/run
similarity index 100%
rename from docker/mail/rootfs/etc/service/opendkim/run
rename to docker/mail/etc/service/opendkim/run
diff --git a/docker/mail/rootfs/etc/service/postfix/run b/docker/mail/etc/service/postfix/run
similarity index 100%
rename from docker/mail/rootfs/etc/service/postfix/run
rename to docker/mail/etc/service/postfix/run
diff --git a/docker/mail/rootfs/etc/service/rsyslog/run b/docker/mail/etc/service/rsyslog/run
similarity index 100%
rename from docker/mail/rootfs/etc/service/rsyslog/run
rename to docker/mail/etc/service/rsyslog/run
diff --git a/docker/mail/rootfs/usr/bin/start.sh b/docker/mail/rootfs/usr/bin/start.sh
deleted file mode 100644
index 0ca9e6e0b2..0000000000
--- a/docker/mail/rootfs/usr/bin/start.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/bin/sh
-
-# Run openssl
-if [ ! -e "${SSL_CERT}" ]
-then
-	mkdir -p "$(dirname ${SSL_CERT})" "$(dirname $SSL_KEY)"
-	openssl req -x509 -nodes -newkey rsa:2018 -days 365 -keyout "${SSL_CERT}" -out "${SSL_KEY}"
-fi
-
-# Run opendkim
-if [ ! -e "/var/opendkim/keys/default.private" ]
-then
-	opendkim-genkey -d "${DOMAINNAME}" -D "/var/opendkim/keys/"
-fi
-
-postmap /etc/mail/aliases /etc/mail/domains /etc/mail/mailboxes /etc/mail/passwd
-postfix reload
-dovecot reload
-
-# Run services
-s6-svscan /etc/service
diff --git a/docker/mail/setup.sh b/docker/mail/setup.sh
deleted file mode 100755
index f9b0773a6b..0000000000
--- a/docker/mail/setup.sh
+++ /dev/null
@@ -1,48 +0,0 @@
-#!/bin/sh
-
-ROOT="$(git rev-parse --show-toplevel)"
-. $ROOT/docker/mail/mail.env
-
-cd "${0%/*}"
-
-if [ -z "${MAIL_SUBDOMAIN}" ]
-then
-  domain="${MAIL_DOMAIN_ROOT}"
-else
-  domain="${MAIL_SUBDOMAIN}.${MAIL_DOMAIN_ROOT}"
-fi
-
-PASSHASH="{SHA512-CRYPT}$(mkpasswd -m sha-512 -R 5000 ${MAIL_PASSWORD})"
-
-cat > mail.env <<EOF
-#!/bin/sh
-DOMAINNAME=${MAIL_DOMAIN_ROOT}
-MAILNAME=${domain}
-SSL_CERT=/etc/letsencrypt/live/${MAIL_DOMAIN_ROOT}/fullchain.pem
-SSL_KEY=/etc/letsencrypt/live/${MAIL_DOMAIN_ROOT}/privkey.pem
-MAIL_USER="${MAIL_USER}"
-USER="${MAIL_USER}@${MAIL_DOMAIN_ROOT}"
-EOF
-
-. $ROOT/docker/mail/mail.env
-
-# Config postfix
-sed -i -e "s#^\s*myhostname\s*=.*#myhostname = ${MAILNAME}#" config/postfix/main.cf
-sed -i -e "s#^\s*mydomain\s*=.*#mydomain = ${DOMAINNAME}#" config/postfix/main.cf
-sed -i -e "s#^\s*smtpd_tls_cert_file\s*=.*#smtpd_tls_cert_file = ${SSL_CERT}#" config/postfix/main.cf
-sed -i -e "s#^\s*smtpd_tls_key_file\s*=.*#smtpd_tls_key_file = ${SSL_KEY}#" config/postfix/main.cf
-
-# Config dovecot
-sed -i -e "s#^\s*ssl_cert\s*=.*#ssl_cert = <${SSL_CERT}#" config/dovecot/dovecot.conf
-sed -i -e "s#^\s*ssl_key\s*=.*#ssl_key = <${SSL_KEY}#" config/dovecot/dovecot.conf
-sed -i -e "s#^\s*postmaster_address\s*=.*#postmaster_address = postmaster@${DOMAINNAME}#" config/dovecot/dovecot.conf
-
-# Config dkim
-sed -i -e "s/^.*#HOSTNAME/${MAILNAME}#HOSTNAME/" config/opendkim/TrustedHosts
-
-# Prepare mail user
-touch config/aliases config/domains config/mailboxes config/passwd
-echo "${DOMAINNAME}  #OK" > config/domains
-echo "${USER}  ${USER}" > config/aliases
-echo "${USER}  ${DOMAINNAME}/${MAIL_USER}/" > config/mailboxes
-echo "${USER}:${PASSHASH}" > config/passwd
diff --git a/docker/nginx/domain.sh b/docker/nginx/domain.sh
index 5af504258e..1fa3475085 100755
--- a/docker/nginx/domain.sh
+++ b/docker/nginx/domain.sh
@@ -2,5 +2,5 @@
 
 # Can't do sed inplace, because the file would be busy
 cat /var/nginx/social.conf | \
-    sed -r "s/%hostname%/${DOMAIN}/g;" > \
+    sed -r "s/%hostname%/${WEB_DOMAIN}/g;" > \
         /etc/nginx/conf.d/social.conf