From 636a499f6ebe0927609aad18f424254195232017 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Lo=C5=A1=C5=A5=C3=A1k?= Date: Sat, 28 Mar 2026 00:41:08 +0100 Subject: [PATCH] Postfix is now buit from source code. --- Dockerfile | 96 ++++++++++++++++--- README.md | 170 +++++++++++++++++++++++++------- config/main.cf.tpl | 41 -------- config/master.cf.tpl | 64 ------------- entrypoint.sh | 224 ++++++++++++++++++++++++++++++++++++++----- 5 files changed, 418 insertions(+), 177 deletions(-) delete mode 100644 config/main.cf.tpl delete mode 100644 config/master.cf.tpl diff --git a/Dockerfile b/Dockerfile index fc1668d..385bc6c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,16 +1,90 @@ -FROM ubuntu:22.04 +# Build stage +FROM ubuntu:24.04 AS builder -WORKDIR /opt/postfix +ARG DEBIAN_FRONTEND=noninteractive +ARG POSTFIX_VERSION=3.10.8 +ARG POSTFIX_TARBALL=postfix-${POSTFIX_VERSION}.tar.gz +ARG POSTFIX_URL=https://high5.nl/mirrors/postfix-release/official/${POSTFIX_TARBALL} -RUN apt update && \ - apt upgrade -y && \ - apt install -y postfix curl +RUN apt-get update && apt-get install -y --no-install-recommends \ + build-essential \ + ca-certificates \ + wget \ + tar \ + gzip \ + make \ + perl \ + m4 \ + libc6-dev \ + libdb-dev \ + libssl-dev \ + libsasl2-dev \ + libpcre3-dev \ + libpam0g-dev \ + libssl-dev \ + && rm -rf /var/lib/apt/lists/* -RUN curl -SsfL -o /usr/bin/gomplate "https://github.com/hairyhenderson/gomplate/releases/download/v3.11.5/gomplate_linux-amd64-slim" && \ - chmod 755 /usr/bin/gomplate +WORKDIR /build -COPY entrypoint.sh . -COPY config ./config +RUN wget -O ${POSTFIX_TARBALL} ${POSTFIX_URL} \ + && tar xzf ${POSTFIX_TARBALL} -EXPOSE 25/tcp 465/tcp 587/tcp -CMD ["/bin/bash", "entrypoint.sh"] \ No newline at end of file +WORKDIR /build/postfix-${POSTFIX_VERSION} + +RUN make makefiles \ + CCARGS='-I/usr/include/sasl -DNO_NIS -DHAS_PCRE -DUSE_SASL_AUTH -DUSE_TLS -DUSE_CYRUS_SASL -DHAS_PAM' \ + AUXLIBS='-lssl -lcrypto -ldb -lsasl2 -lpam -lpcre' + +RUN make -j"$(nproc)" +RUN make non-interactive-package install_root=/opt/postfix-dist + +# Copy runtime libraries needed by Postfix binaries +RUN mkdir -p /opt/postfix-libs \ + && find /opt/postfix-dist -type f -executable -exec ldd {} \; \ + | awk '/=> \// {print $3} /^\// {print $1}' \ + | sort -u \ + | xargs -r -I '{}' cp -v --parents '{}' /opt/postfix-libs + +# Final image +FROM ubuntu:24.04 + +ARG DEBIAN_FRONTEND=noninteractive + +RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ + libc6 \ + libdb5.3t64 \ + libssl3 \ + libsasl2-2 \ + libpcre3 \ + libpam0g \ + ssl-cert \ + && rm -rf /var/lib/apt/lists/* + +COPY --from=builder /opt/postfix-dist/ / +COPY --from=builder /opt/postfix-libs/ / + +# Create postfix user and group +RUN groupadd -r postfix \ + && groupadd -r postdrop \ + && useradd -r -g postfix -G postdrop -d /var/spool/postfix -s /usr/sbin/nologin postfix + +# Create necessary directories with correct permissions +RUN mkdir -p \ + /var/spool/postfix \ + /var/lib/postfix \ + /var/mail \ + /etc/postfix + +# Spool directory must be owned by root and have specific permissions for Postfix to function correctly +RUN chown root:root /var/spool/postfix \ + && chmod 755 /var/spool/postfix \ + && /usr/sbin/postfix set-permissions + +COPY entrypoint.sh /usr/local/bin/entrypoint.sh +RUN chmod +x /usr/local/bin/entrypoint.sh + +# Expose ports for LMTP (24), SMTP (25), SMTPS (465), and submission (587) +EXPOSE 24 25 465 587 + +ENTRYPOINT ["/usr/local/bin/entrypoint.sh"] diff --git a/README.md b/README.md index c8554d5..e94a249 100644 --- a/README.md +++ b/README.md @@ -5,63 +5,161 @@ docker build --rm -t postfix:latest . # Running the image ```sh -docker run -it --rm --name test -p 25:25 -p 587:587 postfix:latest +docker run -it --rm --name test \ + -p 25:25 \ + -p 465:465 \ + -p 587:587 \ + postfix:latest +``` + +Example with custom values: +```sh +docker run -it --rm --name test \ + -p 25:25 \ + -p 465:465 \ + -p 587:587 \ + -e POSTFIX_MYHOSTNAME=mail.example.com \ + -e POSTFIX_MYDOMAIN=example.com \ + -e POSTFIX_MYNETWORKS="127.0.0.0/8 [::1]/128 10.0.0.0/8" \ + -e POSTFIX_SMTPD_TLS_SECURITY_LEVEL=may \ + postfix:latest ``` # Environment variables -These values are default and can be overriden by declaring environment variable with naother value. +These values are defaults and can be overridden by setting environment variables. + +## Core settings ```sh -# The text that follows the 220 status code in the SMTP greeting banner. -POSTFIX_SMTP_BANNER="$myhostname ESMTP $mail_name ($mail_version)" +# SMTP greeting banner. +POSTFIX_SMTPD_BANNER="$myhostname ESMTP $mail_name ($mail_version)" -# Enable submission running on port 587. -POSTFIX_SUBMISSION_ENABLED="yes" - -# Enable standard non encrypted SMTP running on port 25. +# Enable standard SMTP on port 25. POSTFIX_SMTP_ENABLED="yes" -# Enable SSL encrypted SMTPS running on port 465. +# Enable submission on port 587. +POSTFIX_SUBMISSION_ENABLED="yes" + +# Enable SMTPS on port 465. POSTFIX_SMTPS_ENABLED="yes" -# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. -POSTFIX_SMTPD_USE_TLS="no" - -# When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections. -POSTFIX_SMTPD_TLS_AUTH_ONLY="yes" - -# File with the Postfix SMTP server RSA certificate in PEM format. -POSTFIX_SMTPD_TLS_CERT_FILE="/etc/ssl/certs/ssl-cert-snakeoil.pem" - -# File with the Postfix SMTP server RSA private key in PEM format. -POSTFIX_SMTPD_TLS_KEY_FILE="/etc/ssl/private/ssl-cert-snakeoil.key" - -# The SMTP TLS security level for the Postfix SMTP server. +# TLS security level for the SMTP server. +# Common values: +# none - disable TLS +# may - offer STARTTLS if available +# encrypt - require TLS POSTFIX_SMTPD_TLS_SECURITY_LEVEL="may" -# Directory with PEM format Certification Authority certificates. +# Allow SASL authentication only over TLS. +POSTFIX_SMTPD_TLS_AUTH_ONLY="yes" + +# Path to SMTP server certificate in PEM format. +POSTFIX_SMTPD_TLS_CERT_FILE="/etc/ssl/certs/ssl-cert-snakeoil.pem" + +# Path to SMTP server private key in PEM format. +POSTFIX_SMTPD_TLS_KEY_FILE="/etc/ssl/private/ssl-cert-snakeoil.key" + +# CA certificate directory for the Postfix SMTP client. POSTFIX_SMTP_TLS_CAPATH="/etc/ssl/certs" -# The default SMTP TLS security level for the Postfix SMTP client. +# TLS security level for outgoing SMTP client connections. POSTFIX_SMTP_TLS_SECURITY_LEVEL="encrypt" -# The internet hostname of this mail system. -POSTFIX_MYHOSTNAME="$(hostname --fqdn)" +# TLS session cache database for outgoing SMTP client connections. +POSTFIX_SMTP_TLS_SESSION_CACHE_DATABASE="btree:$data_directory/smtp_scache" -# The internet hostname of this mail system. -POSTFIX_MYDOMAIN="$(hostname --fqdn)" +# Hostname of this mail server. +POSTFIX_MYHOSTNAME="$(hostname --fqdn 2>/dev/null || hostname)" -# The list of "trusted" remote SMTP clients that have more privileges than "strangers". +# Mail domain of this server. +POSTFIX_MYDOMAIN="$POSTFIX_MYHOSTNAME" + +# Trusted client networks. POSTFIX_MYNETWORKS="127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" -# The local network interface addresses that this mail system receives mail on. +# Interfaces Postfix listens on. POSTFIX_INET_INTERFACES="all" -# The Internet protocols Postfix will attempt to use when making or accepting connections. +# Internet protocols Postfix uses. POSTFIX_INET_PROTOCOLS="all" -# A list of Milter (mail filter) applications for new mail that arrives via the Postfix smtpd server. -POSTFIX_SMTPD_MILTERS="opendkim:port" +# Relay restrictions for smtpd. +POSTFIX_SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, defer_unauth_destination" -# A list of Milter (mail filter) applications for new mail that does not arrive via the Postfix smtpd server. -POSTFIX_NON_SMTPD_MILTERS="opendkim:port" -``` \ No newline at end of file +# Recipient restrictions for smtpd. +POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks, reject_unauth_destination" + +# Relay host for outgoing mail, for example: +# [smtp.example.com]:587 +POSTFIX_RELAYHOST="" + +# Final local destinations for this mail server. +POSTFIX_MYDESTINATION="$myhostname, localhost.$mydomain, localhost, $mydomain" + +# Milter protocol version. +POSTFIX_MILTER_PROTOCOL="6" + +# Default action when a milter is unavailable. +POSTFIX_MILTER_DEFAULT_ACTION="accept" + +# Timeout for HELO/EHLO when Postfix acts as SMTP client. +POSTFIX_RELAY_SMTP_HELO_TIMEOUT="5" + +# Timeout for connect when Postfix acts as SMTP client. +POSTFIX_RELAY_SMTP_CONNECT_TIMEOUT="5" + +# Milters for mail received via smtpd. +# Example value: +# opendkim:8891 +# The script adds the "inet:" prefix automatically. +POSTFIX_SMTPD_MILTERS="" + +# Milters for mail not received via smtpd. +# Example value: +# opendkim:8891 +# The script adds the "inet:" prefix automatically. +POSTFIX_NON_SMTPD_MILTERS="" +``` + +## Miscellaneous settings +```sh +# Enable or disable biff notifications. +POSTFIX_BIFF="no" + +# Postfix log output file. +POSTFIX_MAILLOG_FILE="/dev/stdout" + +# Debug peer level. +POSTFIX_DEBUG_PEER_LEVEL="1" + +# Postfix compatibility level. +POSTFIX_COMPATIBILITY_LEVEL="3.6" + +# Append .$mydomain to locally-posted mail addresses without domain part. +POSTFIX_APPEND_DOT_MYDOMAIN="no" + +# Path to Postfix README directory, or "no" to disable. +POSTFIX_README_DIRECTORY="no" + +# Local mailbox delivery command. +POSTFIX_MAILBOX_COMMAND='procmail -a "$EXTENSION"' + +# Maximum mailbox size in bytes, 0 means unlimited. +POSTFIX_MAILBOX_SIZE_LIMIT="0" + +# Address extension delimiter. +POSTFIX_RECIPIENT_DELIMITER="+" + +# TLS security level for submission service in master.cf. +POSTFIX_SUBMISSION_TLS_SECURITY_LEVEL="encrypt" + +# Enable or disable TLS wrapper mode for SMTPS service in master.cf. +POSTFIX_SMTPS_TLS_WRAPPERMODE="yes" +``` + +# Notes +- The container automatically generates `/etc/postfix/master.cf` at startup. +- The container configures `/etc/postfix/main.cf` using `postconf -e`. +- `/etc/aliases` is created automatically if missing, and `newaliases` is run on startup. +- `/etc/resolv.conf` is copied into `/var/spool/postfix/etc/resolv.conf` so DNS lookups work in chrooted Postfix services. +- `POSTFIX_SMTPD_MILTERS` and `POSTFIX_NON_SMTPD_MILTERS` should contain only `host:port`. The script adds the `inet:` prefix automatically. +- TLS certificate and key files must exist inside the container if TLS is enabled. \ No newline at end of file diff --git a/config/main.cf.tpl b/config/main.cf.tpl deleted file mode 100644 index 461a6e1..0000000 --- a/config/main.cf.tpl +++ /dev/null @@ -1,41 +0,0 @@ -biff = no -maillog_file = /dev/stdout -debug_peer_level = 1 -compatibility_level=3.6 -append_dot_mydomain = no -readme_directory = no -mailbox_command = procmail -a "$EXTENSION" -mailbox_size_limit = 0 -recipient_delimiter = + - -smtpd_banner = {{ .Env.POSTFIX_SMTPD_BANNER }} - -smtpd_relay_restrictions = permit_mynetworks defer_unauth_destination -smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination - -smtpd_use_tls = {{ .Env.POSTFIX_SMTPD_USE_TLS }} -smtpd_tls_auth_only = {{ .Env.POSTFIX_SMTPD_TLS_AUTH_ONLY }} -smtpd_tls_cert_file={{ .Env.POSTFIX_SMTPD_TLS_CERT_FILE }} -smtpd_tls_key_file={{ .Env.POSTFIX_SMTPD_TLS_KEY_FILE }} - -smtp_tls_CApath={{ .Env.POSTFIX_SMTP_TLS_CAPATH }} -smtp_tls_security_level = {{ .Env.POSTFIX_SMTP_TLS_SECURITY_LEVEL }} -smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache - -myhostname = {{ .Env.POSTFIX_MYHOSTNAME }} -mydomain = {{ .Env.POSTFIX_MYDOMAIN }} -mynetworks = {{ .Env.POSTFIX_MYNETWORKS }} -mydestination = $myhostname, localhost.$mydomain $mydomain - -inet_interfaces = {{ .Env.POSTFIX_INET_INTERFACES }} -inet_protocols = {{ .Env.POSTFIX_INET_PROTOCOLS }} - -milter_protocol = 6 -milter_default_action = accept - -{{- if .Env.POSTFIX_SMTPD_MILTERS }} -smtpd_milters = inet:{{ .Env.POSTFIX_SMTPD_MILTERS }} -{{- end }} -{{- if .Env.POSTFIX_NON_SMTPD_MILTERS }} -non_smtpd_milters = inet:{{ .Env.POSTFIX_NON_SMTPD_MILTERS }} -{{- end }} \ No newline at end of file diff --git a/config/master.cf.tpl b/config/master.cf.tpl deleted file mode 100644 index dbfa74d..0000000 --- a/config/master.cf.tpl +++ /dev/null @@ -1,64 +0,0 @@ -# ========================================================================== -# service type private unpriv chroot wakeup maxproc command + args -# (yes) (yes) (no) (never) (100) -# ========================================================================== - -# SMTP configuration. -{{ if eq .Env.POSTFIX_SMTP_ENABLED "yes" }} -smtp inet n - y - - smtpd - -o syslog_name=postfix/smtp -{{ end }} - -# Submission configuration. -{{ if eq .Env.POSTFIX_SUBMISSION_ENABLED "yes" }} -submission inet n - y - - smtpd - -o syslog_name=postfix/submission - -o smtpd_tls_security_level=encrypt -{{ end }} - -# SSL encrypted SMTP configuration. -{{ if eq .Env.POSTFIX_SMTPS_ENABLED "yes" }} -smtps inet n - y - - smtpd - -o syslog_name=postfix/smtps - -o smtpd_tls_wrappermode=yes -{{ end }} - -# Other internal services. -pickup unix n - y 60 1 pickup -cleanup unix n - y - 0 cleanup -qmgr unix n - n 300 1 qmgr -tlsmgr unix - - y 1000? 1 tlsmgr -rewrite unix - - y - - trivial-rewrite -bounce unix - - y - 0 bounce -defer unix - - y - 0 bounce -trace unix - - y - 0 bounce -verify unix - - y - 1 verify -flush unix n - y 1000? 0 flush -proxymap unix - - n - - proxymap -proxywrite unix - - n - 1 proxymap -smtp unix - - y - - smtp -relay unix - - y - - smtp - -o smtp_helo_timeout=5 -o smtp_connect_timeout=5 -showq unix n - y - - showq -error unix - - y - - error -retry unix - - y - - error -discard unix - - y - - discard -local unix - n n - - local -virtual unix - n n - - virtual -lmtp unix - - y - - lmtp -anvil unix - - y - 1 anvil -scache unix - - y - 1 scache -maildrop unix - n n - - pipe - flags=DRhu user=vmail argv=/usr/bin/maildrop -d ${recipient} -uucp unix - n n - - pipe - flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) -ifmail unix - n n - - pipe - flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) -bsmtp unix - n n - - pipe - flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient -scalemail-backend unix - n n - 2 pipe - flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} -mailman unix - n n - - pipe - flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py - ${nexthop} ${user} -postlog unix-dgram n - n - 1 postlogd \ No newline at end of file diff --git a/entrypoint.sh b/entrypoint.sh index 1893838..d585478 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -1,43 +1,217 @@ -#!/bin/bash +#!/bin/sh +set -eu # Misc default variables. -export POSTFIX_SMTPD_BANNER=${POSTFIX_SMTPD_BANNER:-$myhostname ESMTP $mail_name ($mail_version)} +: "${POSTFIX_SMTPD_BANNER:=\$myhostname ESMTP \$mail_name (\$mail_version)}" +: "${POSTFIX_BIFF:=no}" +: "${POSTFIX_MAILLOG_FILE:=/dev/stdout}" +: "${POSTFIX_DEBUG_PEER_LEVEL:=1}" +: "${POSTFIX_COMPATIBILITY_LEVEL:=3.6}" +: "${POSTFIX_APPEND_DOT_MYDOMAIN:=no}" +: "${POSTFIX_README_DIRECTORY:=no}" +: "${POSTFIX_MAILBOX_COMMAND:=procmail -a \"\$EXTENSION\"}" +: "${POSTFIX_MAILBOX_SIZE_LIMIT:=0}" +: "${POSTFIX_RECIPIENT_DELIMITER:=+}" # Service default variables. -export POSTFIX_SUBMISSION_ENABLED=${POSTFIX_SUBMISSION_ENABLED:-yes} -export POSTFIX_SMTP_ENABLED=${POSTFIX_SMTP_ENABLED:-yes} -export POSTFIX_SMTPS_ENABLED=${POSTFIX_SMTPS_ENABLED:-yes} +: "${POSTFIX_SUBMISSION_ENABLED:=yes}" +: "${POSTFIX_SMTP_ENABLED:=yes}" +: "${POSTFIX_SMTPS_ENABLED:=yes}" +: "${POSTFIX_SUBMISSION_TLS_SECURITY_LEVEL:=encrypt}" +: "${POSTFIX_SMTPS_TLS_WRAPPERMODE:=yes}" # TLS default variables. -export POSTFIX_SMTPD_USE_TLS=${POSTFIX_SMTPD_USE_TLS:-no} -export POSTFIX_SMTPD_TLS_AUTH_ONLY=${POSTFIX_SMTPD_TLS_AUTH_ONLY:-yes} -export POSTFIX_SMTPD_TLS_CERT_FILE=${POSTFIX_SMTPD_TLS_CERT_FILE:-/etc/ssl/certs/ssl-cert-snakeoil.pem} -export POSTFIX_SMTPD_TLS_KEY_FILE=${POSTFIX_SMTPD_TLS_KEY_FILE:-/etc/ssl/private/ssl-cert-snakeoil.key} -export POSTFIX_SMTPD_TLS_SECURITY_LEVEL=${POSTFIX_SMTPD_TLS_SECURITY_LEVEL:-may} +: "${POSTFIX_SMTPD_TLS_SECURITY_LEVEL:=may}" +: "${POSTFIX_SMTPD_TLS_AUTH_ONLY:=yes}" +: "${POSTFIX_SMTPD_TLS_CERT_FILE:=/etc/ssl/certs/ssl-cert-snakeoil.pem}" +: "${POSTFIX_SMTPD_TLS_KEY_FILE:=/etc/ssl/private/ssl-cert-snakeoil.key}" -export POSTFIX_SMTP_TLS_CAPATH=${POSTFIX_SMTP_TLS_CAPATH:-/etc/ssl/certs} -export POSTFIX_SMTP_TLS_SECURITY_LEVEL=${POSTFIX_SMTP_TLS_SECURITY_LEVEL:-encrypt} +: "${POSTFIX_SMTP_TLS_CAPATH:=/etc/ssl/certs}" +: "${POSTFIX_SMTP_TLS_SECURITY_LEVEL:=encrypt}" +: "${POSTFIX_SMTP_TLS_SESSION_CACHE_DATABASE:=btree:\$data_directory/smtp_scache}" # Hostname default variables. -export POSTFIX_MYHOSTNAME=${POSTFIX_MYHOSTNAME:-$(hostname --fqdn)} -export POSTFIX_MYDOMAIN=${POSTFIX_MYDOMAIN:-$(hostname --fqdn)} +: "${POSTFIX_MYHOSTNAME:=$(hostname --fqdn 2>/dev/null || hostname)}" +: "${POSTFIX_MYDOMAIN:=${POSTFIX_MYHOSTNAME}}" # Allowed networks default variables. -export POSTFIX_MYNETWORKS=${POSTFIX_MYNETWORKS:-127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8} +: "${POSTFIX_MYNETWORKS:=127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8}" # Network configuration default variables. -export POSTFIX_INET_INTERFACES=${POSTFIX_INET_INTERFACES:-all} -export POSTFIX_INET_PROTOCOLS=${POSTFIX_INET_PROTOCOLS:-all} +: "${POSTFIX_INET_INTERFACES:=all}" +: "${POSTFIX_INET_PROTOCOLS:=all}" + +# Restrictions default variables. +: "${POSTFIX_SMTPD_RELAY_RESTRICTIONS:=permit_mynetworks, defer_unauth_destination}" +: "${POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS:=permit_mynetworks, reject_unauth_destination}" + +# Other default variables. +: "${POSTFIX_RELAYHOST:=}" +: "${POSTFIX_MYDESTINATION:=\$myhostname, localhost.\$mydomain, localhost, \$mydomain}" +: "${POSTFIX_MILTER_PROTOCOL:=6}" +: "${POSTFIX_MILTER_DEFAULT_ACTION:=accept}" +: "${POSTFIX_RELAY_SMTP_HELO_TIMEOUT:=5}" +: "${POSTFIX_RELAY_SMTP_CONNECT_TIMEOUT:=5}" # DKIM milters default variables. -export POSTFIX_SMTPD_MILTERS=${POSTFIX_SMTPD_MILTERS:-} -export POSTFIX_NON_SMTPD_MILTERS=${POSTFIX_NON_SMTPD_MILTERS:-} +: "${POSTFIX_SMTPD_MILTERS:=}" +: "${POSTFIX_NON_SMTPD_MILTERS:=}" -# Configuration templates. -gomplate -f config/main.cf.tpl > /etc/postfix/main.cf -gomplate -f config/master.cf.tpl > /etc/postfix/master.cf +# Create necessary directories. +mkdir -p \ + /var/spool/postfix \ + /var/spool/postfix/pid \ + /var/spool/postfix/public \ + /var/spool/postfix/maildrop \ + /var/spool/postfix/etc \ + /var/lib/postfix \ + /var/mail \ + /etc/postfix -# Move resolv conf to postfix spool in order to make postfix DNS lookups working. -cat /etc/resolv.conf > /var/spool/postfix/etc/resolv.conf +cat > /etc/postfix/master.cf <<'EOF' +# ========================================================================== +# service type private unpriv chroot wakeup maxproc command + args +# (yes) (yes) (no) (never) (100) +# ========================================================================== -postfix start-fg \ No newline at end of file +EOF + +# SMTP configuration. +if [ "${POSTFIX_SMTP_ENABLED}" = "yes" ]; then + cat >> /etc/postfix/master.cf <<'EOF' +smtp inet n - y - - smtpd + -o syslog_name=postfix/smtp + +EOF +fi + +# Submission configuration. +if [ "${POSTFIX_SUBMISSION_ENABLED}" = "yes" ]; then + cat >> /etc/postfix/master.cf <> /etc/postfix/master.cf <> /etc/postfix/master.cf <