M postfix/Dockerfile => postfix/Dockerfile +2 -1
@@ 8,7 8,8 @@ COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
RUN mkdir /etc/postfix/sasl && chmod 700 /etc/postfix/sasl
-COPY smtpd.conf /etc/postfix/sasl/smtpd.conf
+RUN mkdir /etc/sasl2
+COPY smtpd.conf /etc/sasl2/smtpd.conf
RUN addgroup -S mailer
RUN adduser -SD -s /bin/sh -G mailer -g mailer mailer
M postfix/Dockerfile.tls-in => postfix/Dockerfile.tls-in +2 -1
@@ 8,7 8,8 @@ COPY entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
RUN mkdir /etc/postfix/sasl && chmod 700 /etc/postfix/sasl
-COPY smtpd.conf /etc/postfix/sasl/smtpd.conf
+RUN mkdir /etc/sasl2
+COPY smtpd.conf /etc/sasl2/smtpd.conf
RUN addgroup -S mailer
RUN adduser -SD -s /bin/sh -G mailer -g mailer mailer
M postfix/README.md => postfix/README.md +2 -2
@@ 72,8 72,8 @@ $conman run --detach --name postfix --restart always \
--mount type=bind,src=$genericfile,dst=/etc/postfix/generic,readonly \
--mount type=bind,src=$transportfile,dst=/etc/postfix/transport,readonly \
--mount type=bind,src=$saslfile,dst=/etc/postfix/sasl/sasl_passwd,readonly \
- --mount type=bind,src=$sasldb,dst=/etc/sasldb2,readonly \
- --env DOMAIN=example.com --env DESTINATION="mail.example.com" \
+ --mount type=bind,src=$sasldb,dst=/etc/sasl2/sasldb2,readonly \
+ --env DOMAIN=example.com --env HOSTNAME=mail-1 --env DESTINATION="mail-2.example.com, mail-3.example.com" \
--publish 0.0.0.0:25:25 --publish 0.0.0.0:465:465 \
registry.intra.dominic-ricottone.com/postfix:latest
```
M postfix/entrypoint.sh => postfix/entrypoint.sh +2 -1
@@ 5,7 5,8 @@ postmap /etc/postfix/generic
postmap /etc/postfix/sasl/sasl_passwd
sed -i /etc/postfix/main.cf -e "s/^mydomain.*/mydomain = ${DOMAIN}/"
-sed -i /etc/postfix/main.cf -e "s/^mydestination.*/mydestination = \$myhostname, ${DESTINATION}, localhost, localhost.localdomain/"
+sed -i /etc/postfix/main.cf -e "s/^myhostname.*/myhostname = ${HOSTNAME}.${DOMAIN}/"
+sed -i /etc/postfix/main.cf -e "s/^mydestination.*/mydestination = \$mydomain, \$myhostname, ${DESTINATION}, localhost, localhost.localdomain/"
exec "$@"
M postfix/main.cf => postfix/main.cf +12 -5
@@ 8,8 8,8 @@ inet_protocols = ipv4
inet_interfaces = all
# Values for default settings
-mydomain = dominic-ricottone.com
-myhostname = fedora3.$mydomain
+mydomain = example.com
+myhostname = mail.example.com
mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain
myorigin = $mydomain
@@ 22,13 22,20 @@ smtp_generic_maps = lmdb:/etc/postfix/generic
# Transport map
transport_maps = lmdb:/etc/postfix/transport
+# Logging
+maillog_file = /dev/stdout
+
# Authentication
-cyrus_sasl_config_path = /etc/postfix/sasl/
+cyrus_sasl_config_path = /etc/sasl2/
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd
smtp_sasl_security_options = noanonymous
smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_local_domain = $mydomain
+smtpd_sasl_path = smtpd
+#smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_service = smtpd
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
@@ 38,7 45,7 @@ smtp_tls_security_level = encrypt
smtpd_tls_chain_files = /var/letsencrypt/chain.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = >=TLSv1.2
-smtpd_tls_security_level = may
+smtpd_tls_security_level = encrypt
# If set, mail destined for any member of `$mydestination` would be rejected if user lookup failed
local_recipient_maps =
M postfix/main.cf.tls-in => postfix/main.cf.tls-in +13 -5
@@ 8,8 8,8 @@ inet_protocols = ipv4
inet_interfaces = all
# Values for default settings
-mydomain = dominic-ricottone.com
-myhostname = fedora3.$mydomain
+mydomain = example.com
+myhostname = mail.example.com
mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain
myorigin = $mydomain
@@ 20,12 20,20 @@ smtpd_banner = $myhostname ESMTP $mail_name ($mail_version)
smtp_generic_maps = lmdb:/etc/postfix/generic
# Transport map
+smtp_dns_support_level = disabled
transport_maps = lmdb:/etc/postfix/transport
+# Logging
+maillog_file = /dev/stdout
+
# Authentication
-cyrus_sasl_config_path = /etc/postfix/sasl/
+cyrus_sasl_config_path = /etc/sasl2/
smtpd_sasl_auth_enable = yes
-smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_local_domain = $mydomain
+smtpd_sasl_path = smtpd
+#smtpd_sasl_security_options = noanonymous, noplaintext
+smtpd_sasl_security_options = noanonymous
+smtpd_sasl_service = smtpd
smtpd_sasl_tls_security_options = noanonymous
smtpd_tls_auth_only = yes
@@ 33,7 41,7 @@ smtpd_tls_auth_only = yes
smtpd_tls_chain_files = /var/letsencrypt/chain.pem
smtpd_tls_mandatory_ciphers = high
smtpd_tls_mandatory_protocols = >=TLSv1.2
-smtpd_tls_security_level = may
+smtpd_tls_security_level = encrypt
# If set, mail destined for any member of `$mydestination` would be rejected if user lookup failed
local_recipient_maps =
M postfix/main.cf.tls-out => postfix/main.cf.tls-out +5 -2
@@ 8,8 8,8 @@ inet_protocols = ipv4
mynetworks = 127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
# Values for default settings
-mydomain = dominic-ricottone.com
-myhostname = fedora3.$mydomain
+mydomain = example.com
+myhostname = mail.example.com
mydestination = $myhostname, todo.$mydomain, lists.$mydomain, localhost, localhost.localdomain
myorigin = $mydomain
@@ 22,6 22,9 @@ smtp_generic_maps = lmdb:/etc/postfix/generic
# Transport map
transport_maps = lmdb:/etc/postfix/transport
+# Logging
+maillog_file = /dev/stdout
+
# Authentication
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = lmdb:/etc/postfix/sasl/sasl_passwd