While going through the Dockerfile in #1194 I noticed a few things that can be done to speedup the container build (and also improve security imho).
-
during the build freshclam is run in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L103
this action takes a while and also and ultimatively ends with a message that clamd could not be contacted, so maybe it does not even serve a purpose.
-> should be moved into a startup script
-
mkcert.sh creates a private key for dovecot in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L121
Potentially security relevant
-> should be done per installation in a startup script
-
the container build created two dhparam files (for dovecot and postfix each) in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L124 and https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L184
dhparam should rather be generated per installation and therefore at container startup (which is afaik already the case for the postfix dhparam anyways, meaning that it get generated twice).
-> there should be a single dhparam for the whole container that are used from both dovecot and postfix
-
what is the purpose of regenerating dhparam via cron in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L185?
-> should be removed, does not feel necessary to me.
While going through the Dockerfile in #1194 I noticed a few things that can be done to speedup the container build (and also improve security imho).
during the build freshclam is run in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L103
this action takes a while and also and ultimatively ends with a message that clamd could not be contacted, so maybe it does not even serve a purpose.
-> should be moved into a startup script
mkcert.sh creates a private key for dovecot in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L121
Potentially security relevant
-> should be done per installation in a startup script
the container build created two dhparam files (for dovecot and postfix each) in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L124 and https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L184
dhparam should rather be generated per installation and therefore at container startup (which is afaik already the case for the postfix dhparam anyways, meaning that it get generated twice).
-> there should be a single dhparam for the whole container that are used from both dovecot and postfix
what is the purpose of regenerating dhparam via cron in https://github.com/tomav/docker-mailserver/blob/2107793f7f7cf47342f4bcaa2817b946126e25f3/Dockerfile#L185?
-> should be removed, does not feel necessary to me.