lostakj/postfix-docker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Postfix is now buit from source code.

Browse Source
This commit is contained in:
Jan Lošťák
2026-03-28 00:41:08 +01:00
parent 35e7855a5d
commit 636a499f6e
5 changed files with 418 additions and 177 deletions
Download Patch File Download Diff File Expand all files Collapse all files

170
README.md
View File

@@ -5,63 +5,161 @@ docker build --rm -t postfix:latest .
# Running the image
```sh
docker run -it --rm --name test -p 25:25 -p 587:587 postfix:latest
docker run -it --rm --name test \
-p 25:25 \
-p 465:465 \
-p 587:587 \
postfix:latest
```
Example with custom values:
```sh
docker run -it --rm --name test \
-p 25:25 \
-p 465:465 \
-p 587:587 \
-e POSTFIX_MYHOSTNAME=mail.example.com \
-e POSTFIX_MYDOMAIN=example.com \
-e POSTFIX_MYNETWORKS="127.0.0.0/8 [::1]/128 10.0.0.0/8" \
-e POSTFIX_SMTPD_TLS_SECURITY_LEVEL=may \
postfix:latest
```
# Environment variables
These values are default and can be overriden by declaring environment variable with naother value.
These values are defaults and can be overridden by setting environment variables.
## Core settings
```sh
# The text that follows the 220 status code in the SMTP greeting banner.
POSTFIX_SMTP_BANNER="$myhostname ESMTP $mail_name ($mail_version)"
# SMTP greeting banner.
POSTFIX_SMTPD_BANNER="$myhostname ESMTP $mail_name ($mail_version)"
# Enable submission running on port 587.
POSTFIX_SUBMISSION_ENABLED="yes"
# Enable standard non encrypted SMTP running on port 25.
# Enable standard SMTP on port 25.
POSTFIX_SMTP_ENABLED="yes"
# Enable SSL encrypted SMTPS running on port 465.
# Enable submission on port 587.
POSTFIX_SUBMISSION_ENABLED="yes"
# Enable SMTPS on port 465.
POSTFIX_SMTPS_ENABLED="yes"
# Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
POSTFIX_SMTPD_USE_TLS="no"
# When TLS encryption is optional in the Postfix SMTP server, do not announce or accept SASL authentication over unencrypted connections.
POSTFIX_SMTPD_TLS_AUTH_ONLY="yes"
# File with the Postfix SMTP server RSA certificate in PEM format.
POSTFIX_SMTPD_TLS_CERT_FILE="/etc/ssl/certs/ssl-cert-snakeoil.pem"
# File with the Postfix SMTP server RSA private key in PEM format.
POSTFIX_SMTPD_TLS_KEY_FILE="/etc/ssl/private/ssl-cert-snakeoil.key"
# The SMTP TLS security level for the Postfix SMTP server.
# TLS security level for the SMTP server.
# Common values:
# none - disable TLS
# may - offer STARTTLS if available
# encrypt - require TLS
POSTFIX_SMTPD_TLS_SECURITY_LEVEL="may"
# Directory with PEM format Certification Authority certificates.
# Allow SASL authentication only over TLS.
POSTFIX_SMTPD_TLS_AUTH_ONLY="yes"
# Path to SMTP server certificate in PEM format.
POSTFIX_SMTPD_TLS_CERT_FILE="/etc/ssl/certs/ssl-cert-snakeoil.pem"
# Path to SMTP server private key in PEM format.
POSTFIX_SMTPD_TLS_KEY_FILE="/etc/ssl/private/ssl-cert-snakeoil.key"
# CA certificate directory for the Postfix SMTP client.
POSTFIX_SMTP_TLS_CAPATH="/etc/ssl/certs"
# The default SMTP TLS security level for the Postfix SMTP client.
# TLS security level for outgoing SMTP client connections.
POSTFIX_SMTP_TLS_SECURITY_LEVEL="encrypt"
# The internet hostname of this mail system.
POSTFIX_MYHOSTNAME="$(hostname --fqdn)"
# TLS session cache database for outgoing SMTP client connections.
POSTFIX_SMTP_TLS_SESSION_CACHE_DATABASE="btree:$data_directory/smtp_scache"
# The internet hostname of this mail system.
POSTFIX_MYDOMAIN="$(hostname --fqdn)"
# Hostname of this mail server.
POSTFIX_MYHOSTNAME="$(hostname --fqdn 2>/dev/null || hostname)"
# The list of "trusted" remote SMTP clients that have more privileges than "strangers".
# Mail domain of this server.
POSTFIX_MYDOMAIN="$POSTFIX_MYHOSTNAME"
# Trusted client networks.
POSTFIX_MYNETWORKS="127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
# The local network interface addresses that this mail system receives mail on.
# Interfaces Postfix listens on.
POSTFIX_INET_INTERFACES="all"
# The Internet protocols Postfix will attempt to use when making or accepting connections.
# Internet protocols Postfix uses.
POSTFIX_INET_PROTOCOLS="all"
# A list of Milter (mail filter) applications for new mail that arrives via the Postfix smtpd server.
POSTFIX_SMTPD_MILTERS="opendkim:port"
# Relay restrictions for smtpd.
POSTFIX_SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, defer_unauth_destination"
# A list of Milter (mail filter) applications for new mail that does not arrive via the Postfix smtpd server.
POSTFIX_NON_SMTPD_MILTERS="opendkim:port"
```
# Recipient restrictions for smtpd.
POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks, reject_unauth_destination"
# Relay host for outgoing mail, for example:
# [smtp.example.com]:587
POSTFIX_RELAYHOST=""
# Final local destinations for this mail server.
POSTFIX_MYDESTINATION="$myhostname, localhost.$mydomain, localhost, $mydomain"
# Milter protocol version.
POSTFIX_MILTER_PROTOCOL="6"
# Default action when a milter is unavailable.
POSTFIX_MILTER_DEFAULT_ACTION="accept"
# Timeout for HELO/EHLO when Postfix acts as SMTP client.
POSTFIX_RELAY_SMTP_HELO_TIMEOUT="5"
# Timeout for connect when Postfix acts as SMTP client.
POSTFIX_RELAY_SMTP_CONNECT_TIMEOUT="5"
# Milters for mail received via smtpd.
# Example value:
# opendkim:8891
# The script adds the "inet:" prefix automatically.
POSTFIX_SMTPD_MILTERS=""
# Milters for mail not received via smtpd.
# Example value:
# opendkim:8891
# The script adds the "inet:" prefix automatically.
POSTFIX_NON_SMTPD_MILTERS=""
```
## Miscellaneous settings
```sh
# Enable or disable biff notifications.
POSTFIX_BIFF="no"
# Postfix log output file.
POSTFIX_MAILLOG_FILE="/dev/stdout"
# Debug peer level.
POSTFIX_DEBUG_PEER_LEVEL="1"
# Postfix compatibility level.
POSTFIX_COMPATIBILITY_LEVEL="3.6"
# Append .$mydomain to locally-posted mail addresses without domain part.
POSTFIX_APPEND_DOT_MYDOMAIN="no"
# Path to Postfix README directory, or "no" to disable.
POSTFIX_README_DIRECTORY="no"
# Local mailbox delivery command.
POSTFIX_MAILBOX_COMMAND='procmail -a "$EXTENSION"'
# Maximum mailbox size in bytes, 0 means unlimited.
POSTFIX_MAILBOX_SIZE_LIMIT="0"
# Address extension delimiter.
POSTFIX_RECIPIENT_DELIMITER="+"
# TLS security level for submission service in master.cf.
POSTFIX_SUBMISSION_TLS_SECURITY_LEVEL="encrypt"
# Enable or disable TLS wrapper mode for SMTPS service in master.cf.
POSTFIX_SMTPS_TLS_WRAPPERMODE="yes"
```
# Notes
- The container automatically generates `/etc/postfix/master.cf` at startup.
- The container configures `/etc/postfix/main.cf` using `postconf -e`.
- `/etc/aliases` is created automatically if missing, and `newaliases` is run on startup.
- `/etc/resolv.conf` is copied into `/var/spool/postfix/etc/resolv.conf` so DNS lookups work in chrooted Postfix services.
- `POSTFIX_SMTPD_MILTERS` and `POSTFIX_NON_SMTPD_MILTERS` should contain only `host:port`. The script adds the `inet:` prefix automatically.
- TLS certificate and key files must exist inside the container if TLS is enabled.