1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# postfix
## Build and Deploy
```
make image
```
### Tags
+ `latest`
+ `tls-in` (listens on the SMTPS port, but sends without encryption or authentication)
+ `tls-out` (sends with encryption and authentication, but only listens on SMTP port)
----
## Use
Can be used with any container manager toolchain.
Create a `generic(5)` file in `$genericfile`.
Addresses matching the patterns will be rewritten.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should like like:
```
root@localhost example@gmail.com
@localhost example@gmail.com
```
If instead an address should only be rewritten when it is a recipient address,
create a `canonical(5)` file in `$canonicalfile`.
It should look the same way.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
Create a `transport(5)` file in `$transportfile`.
Mail is routed based on which pattern the recipient address matches.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should look like:
```
example.com local
.example.com local
* relay:[smtp.gmail.com]:587
```
Create an outbound authentication file in `$saslfile`.
This is required for relaying mail to major email providers, including GMail.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should look like:
```
[smtp.gmail.com]:587 example@gmail.com:wwwwxxxxyyyyzzzz
```
Create an inbound authentication file in `$sasldb`.
It must also be owned (on the host system) by the user that will create the
container (i.e. `root` for conventional `docker(1)` deployments).
It should be created like:
```
docker run --rm --interactive --tty \
--mount type=bind,src=$(pwd)/sasldb2,dst=/etc/sasldb2 \
registry.intra.dominic-ricottone.com/postfix:latest \
/usr/sbin/saslpasswd2 -c -f /etc/sasldb2 -u example.com username
```
Try:
```
$conman run --detach --name postfix --restart always \
--mount type=bind,src=$genericfile,dst=/etc/postfix/generic,readonly \
--mount type=bind,src=$canonicalfile,dst=/etc/postfix/recipient_canonical,readonly \
--mount type=bind,src=$transportfile,dst=/etc/postfix/transport,readonly \
--mount type=bind,src=$saslfile,dst=/etc/postfix/sasl/sasl_passwd,readonly \
--mount type=bind,src=$sasldb,dst=/etc/sasl2/sasldb2,readonly \
--env DOMAIN=example.com --env HOSTNAME=mail-1 --env DESTINATION="mail-2.example.com, mail-3.example.com" \
--publish 0.0.0.0:25:25 --publish 0.0.0.0:465:465 \
registry.intra.dominic-ricottone.com/postfix:latest
```
If using the `tls-out` image, skip `$sasldb`.
Similarly, if using the `tls-in` image, skip `$saslfile`.
If using the `tls-in` image, do not publish port 465.