# Building the image ```sh docker build --rm -t postfix:latest . ``` # Running the image ```sh docker run -it --rm --name test \ -p 25:25 \ -p 465:465 \ -p 587:587 \ postfix:latest ``` Example with custom values: ```sh docker run -it --rm --name test \ -p 25:25 \ -p 465:465 \ -p 587:587 \ -e POSTFIX_MYHOSTNAME=mail.example.com \ -e POSTFIX_MYDOMAIN=example.com \ -e POSTFIX_MYNETWORKS="127.0.0.0/8 [::1]/128 10.0.0.0/8" \ -e POSTFIX_SMTPD_TLS_SECURITY_LEVEL=may \ postfix:latest ``` # Environment variables These values are defaults and can be overridden by setting environment variables. ## Core settings ```sh # SMTP greeting banner. POSTFIX_SMTPD_BANNER="$myhostname ESMTP $mail_name ($mail_version)" # Enable standard SMTP on port 25. POSTFIX_SMTP_ENABLED="yes" # Enable submission on port 587. POSTFIX_SUBMISSION_ENABLED="yes" # Enable SMTPS on port 465. POSTFIX_SMTPS_ENABLED="yes" # TLS security level for the SMTP server. # Common values: # none - disable TLS # may - offer STARTTLS if available # encrypt - require TLS POSTFIX_SMTPD_TLS_SECURITY_LEVEL="may" # Allow SASL authentication only over TLS. POSTFIX_SMTPD_TLS_AUTH_ONLY="yes" # Path to SMTP server certificate in PEM format. POSTFIX_SMTPD_TLS_CERT_FILE="/etc/ssl/certs/ssl-cert-snakeoil.pem" # Path to SMTP server private key in PEM format. POSTFIX_SMTPD_TLS_KEY_FILE="/etc/ssl/private/ssl-cert-snakeoil.key" # CA certificate directory for the Postfix SMTP client. POSTFIX_SMTP_TLS_CAPATH="/etc/ssl/certs" # TLS security level for outgoing SMTP client connections. POSTFIX_SMTP_TLS_SECURITY_LEVEL="encrypt" # TLS session cache database for outgoing SMTP client connections. POSTFIX_SMTP_TLS_SESSION_CACHE_DATABASE="btree:$data_directory/smtp_scache" # Hostname of this mail server. POSTFIX_MYHOSTNAME="$(hostname --fqdn 2>/dev/null || hostname)" # Mail domain of this server. POSTFIX_MYDOMAIN="$POSTFIX_MYHOSTNAME" # Trusted client networks. POSTFIX_MYNETWORKS="127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8" # Interfaces Postfix listens on. POSTFIX_INET_INTERFACES="all" # Internet protocols Postfix uses. POSTFIX_INET_PROTOCOLS="all" # Relay restrictions for smtpd. POSTFIX_SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, defer_unauth_destination" # Recipient restrictions for smtpd. POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks, reject_unauth_destination" # Relay host for outgoing mail, for example: # [smtp.example.com]:587 POSTFIX_RELAYHOST="" # Final local destinations for this mail server. POSTFIX_MYDESTINATION="$myhostname, localhost.$mydomain, localhost, $mydomain" # Milter protocol version. POSTFIX_MILTER_PROTOCOL="6" # Default action when a milter is unavailable. POSTFIX_MILTER_DEFAULT_ACTION="accept" # Timeout for HELO/EHLO when Postfix acts as SMTP client. POSTFIX_RELAY_SMTP_HELO_TIMEOUT="5" # Timeout for connect when Postfix acts as SMTP client. POSTFIX_RELAY_SMTP_CONNECT_TIMEOUT="5" # Milters for mail received via smtpd. # Example value: # opendkim:8891 # The script adds the "inet:" prefix automatically. POSTFIX_SMTPD_MILTERS="" # Milters for mail not received via smtpd. # Example value: # opendkim:8891 # The script adds the "inet:" prefix automatically. POSTFIX_NON_SMTPD_MILTERS="" ``` ## Miscellaneous settings ```sh # Enable or disable biff notifications. POSTFIX_BIFF="no" # Postfix log output file. POSTFIX_MAILLOG_FILE="/dev/stdout" # Debug peer level. POSTFIX_DEBUG_PEER_LEVEL="1" # Postfix compatibility level. POSTFIX_COMPATIBILITY_LEVEL="3.6" # Append .$mydomain to locally-posted mail addresses without domain part. POSTFIX_APPEND_DOT_MYDOMAIN="no" # Path to Postfix README directory, or "no" to disable. POSTFIX_README_DIRECTORY="no" # Local mailbox delivery command. POSTFIX_MAILBOX_COMMAND='procmail -a "$EXTENSION"' # Maximum mailbox size in bytes, 0 means unlimited. POSTFIX_MAILBOX_SIZE_LIMIT="0" # Address extension delimiter. POSTFIX_RECIPIENT_DELIMITER="+" # TLS security level for submission service in master.cf. POSTFIX_SUBMISSION_TLS_SECURITY_LEVEL="encrypt" # Enable or disable TLS wrapper mode for SMTPS service in master.cf. POSTFIX_SMTPS_TLS_WRAPPERMODE="yes" ``` # Notes - The container automatically generates `/etc/postfix/master.cf` at startup. - The container configures `/etc/postfix/main.cf` using `postconf -e`. - `/etc/aliases` is created automatically if missing, and `newaliases` is run on startup. - `/etc/resolv.conf` is copied into `/var/spool/postfix/etc/resolv.conf` so DNS lookups work in chrooted Postfix services. - `POSTFIX_SMTPD_MILTERS` and `POSTFIX_NON_SMTPD_MILTERS` should contain only `host:port`. The script adds the `inet:` prefix automatically. - TLS certificate and key files must exist inside the container if TLS is enabled.