~dricottone/container-images

ref: adc564384c5146962d2801b69d1b5edd651d189f container-images/postfix/README.md -rw-r--r-- 2.9 KiB
adc56438Dominic Ricottone Late Alpine 3.19 updates 7 months ago
                                                                                
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# postfix


## Build and Deploy

```
make image
```


### Tags

 + `latest`
 + `tls-in` (listens on the SMTPS port, but sends without encryption or authentication)
 + `tls-out` (sends with encryption and authentication, but only listens on SMTP port)

----

## Use

Can be used with any container manager toolchain.

Create a `generic(5)` file in `$genericfile`.
Addresses matching the patterns will be rewritten.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should like like:

```
root@localhost example@gmail.com
@localhost     example@gmail.com
```

If instead an address should only be rewritten when it is a recipient address,
create a `canonical(5)` file in `$canonicalfile`.
It should look the same way.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).

Create a `transport(5)` file in `$transportfile`.
Mail is routed based on which pattern the recipient address matches.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should look like:

```
example.com  local
.example.com local
*            relay:[smtp.gmail.com]:587
```

Create an outbound authentication file in `$saslfile`.
This is required for relaying mail to major email providers, including GMail.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should look like:

```
[smtp.gmail.com]:587 example@gmail.com:wwwwxxxxyyyyzzzz
```

Create an inbound authentication file in `$sasldb`.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should be created like:

```
docker run --rm --interactive --tty \
  --mount type=bind,src=$(pwd)/sasldb2,dst=/etc/sasldb2 \
  registry.intra.dominic-ricottone.com/postfix:latest \
  /usr/sbin/saslpasswd2 -c -f /etc/sasldb2 -u example.com username
```

Try:

```
$conman run --detach --name postfix --restart always \
  --mount type=bind,src=$genericfile,dst=/etc/postfix/generic,readonly \
  --mount type=bind,src=$canonicalfile,dst=/etc/postfix/recipient_canonical,readonly \
  --mount type=bind,src=$transportfile,dst=/etc/postfix/transport,readonly \
  --mount type=bind,src=$saslfile,dst=/etc/postfix/sasl/sasl_passwd,readonly \
  --mount type=bind,src=$sasldb,dst=/etc/sasl2/sasldb2,readonly \
  --env DOMAIN=example.com --env HOSTNAME=mail-1 --env DESTINATION="mail-2.example.com, mail-3.example.com" \
  --publish 0.0.0.0:25:25 --publish 0.0.0.0:465:465 \
  registry.intra.dominic-ricottone.com/postfix:latest
```

If using the `tls-out` image, skip `$sasldb`.
Similarly, if using the `tls-in` image, skip `$saslfile`.

If using the `tls-in` image, do not publish port 465.