165 lines
4.7 KiB
Markdown
165 lines
4.7 KiB
Markdown
# Building the image
|
|
```sh
|
|
docker build --rm -t postfix:latest .
|
|
```
|
|
|
|
# Running the image
|
|
```sh
|
|
docker run -it --rm --name test \
|
|
-p 25:25 \
|
|
-p 465:465 \
|
|
-p 587:587 \
|
|
postfix:latest
|
|
```
|
|
|
|
Example with custom values:
|
|
```sh
|
|
docker run -it --rm --name test \
|
|
-p 25:25 \
|
|
-p 465:465 \
|
|
-p 587:587 \
|
|
-e POSTFIX_MYHOSTNAME=mail.example.com \
|
|
-e POSTFIX_MYDOMAIN=example.com \
|
|
-e POSTFIX_MYNETWORKS="127.0.0.0/8 [::1]/128 10.0.0.0/8" \
|
|
-e POSTFIX_SMTPD_TLS_SECURITY_LEVEL=may \
|
|
postfix:latest
|
|
```
|
|
|
|
# Environment variables
|
|
These values are defaults and can be overridden by setting environment variables.
|
|
|
|
## Core settings
|
|
```sh
|
|
# SMTP greeting banner.
|
|
POSTFIX_SMTPD_BANNER="$myhostname ESMTP $mail_name ($mail_version)"
|
|
|
|
# Enable standard SMTP on port 25.
|
|
POSTFIX_SMTP_ENABLED="yes"
|
|
|
|
# Enable submission on port 587.
|
|
POSTFIX_SUBMISSION_ENABLED="yes"
|
|
|
|
# Enable SMTPS on port 465.
|
|
POSTFIX_SMTPS_ENABLED="yes"
|
|
|
|
# TLS security level for the SMTP server.
|
|
# Common values:
|
|
# none - disable TLS
|
|
# may - offer STARTTLS if available
|
|
# encrypt - require TLS
|
|
POSTFIX_SMTPD_TLS_SECURITY_LEVEL="may"
|
|
|
|
# Allow SASL authentication only over TLS.
|
|
POSTFIX_SMTPD_TLS_AUTH_ONLY="yes"
|
|
|
|
# Path to SMTP server certificate in PEM format.
|
|
POSTFIX_SMTPD_TLS_CERT_FILE="/etc/ssl/certs/ssl-cert-snakeoil.pem"
|
|
|
|
# Path to SMTP server private key in PEM format.
|
|
POSTFIX_SMTPD_TLS_KEY_FILE="/etc/ssl/private/ssl-cert-snakeoil.key"
|
|
|
|
# CA certificate directory for the Postfix SMTP client.
|
|
POSTFIX_SMTP_TLS_CAPATH="/etc/ssl/certs"
|
|
|
|
# TLS security level for outgoing SMTP client connections.
|
|
POSTFIX_SMTP_TLS_SECURITY_LEVEL="encrypt"
|
|
|
|
# TLS session cache database for outgoing SMTP client connections.
|
|
POSTFIX_SMTP_TLS_SESSION_CACHE_DATABASE="btree:$data_directory/smtp_scache"
|
|
|
|
# Hostname of this mail server.
|
|
POSTFIX_MYHOSTNAME="$(hostname --fqdn 2>/dev/null || hostname)"
|
|
|
|
# Mail domain of this server.
|
|
POSTFIX_MYDOMAIN="$POSTFIX_MYHOSTNAME"
|
|
|
|
# Trusted client networks.
|
|
POSTFIX_MYNETWORKS="127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"
|
|
|
|
# Interfaces Postfix listens on.
|
|
POSTFIX_INET_INTERFACES="all"
|
|
|
|
# Internet protocols Postfix uses.
|
|
POSTFIX_INET_PROTOCOLS="all"
|
|
|
|
# Relay restrictions for smtpd.
|
|
POSTFIX_SMTPD_RELAY_RESTRICTIONS="permit_mynetworks, defer_unauth_destination"
|
|
|
|
# Recipient restrictions for smtpd.
|
|
POSTFIX_SMTPD_RECIPIENT_RESTRICTIONS="permit_mynetworks, reject_unauth_destination"
|
|
|
|
# Relay host for outgoing mail, for example:
|
|
# [smtp.example.com]:587
|
|
POSTFIX_RELAYHOST=""
|
|
|
|
# Final local destinations for this mail server.
|
|
POSTFIX_MYDESTINATION="$myhostname, localhost.$mydomain, localhost, $mydomain"
|
|
|
|
# Milter protocol version.
|
|
POSTFIX_MILTER_PROTOCOL="6"
|
|
|
|
# Default action when a milter is unavailable.
|
|
POSTFIX_MILTER_DEFAULT_ACTION="accept"
|
|
|
|
# Timeout for HELO/EHLO when Postfix acts as SMTP client.
|
|
POSTFIX_RELAY_SMTP_HELO_TIMEOUT="5"
|
|
|
|
# Timeout for connect when Postfix acts as SMTP client.
|
|
POSTFIX_RELAY_SMTP_CONNECT_TIMEOUT="5"
|
|
|
|
# Milters for mail received via smtpd.
|
|
# Example value:
|
|
# opendkim:8891
|
|
# The script adds the "inet:" prefix automatically.
|
|
POSTFIX_SMTPD_MILTERS=""
|
|
|
|
# Milters for mail not received via smtpd.
|
|
# Example value:
|
|
# opendkim:8891
|
|
# The script adds the "inet:" prefix automatically.
|
|
POSTFIX_NON_SMTPD_MILTERS=""
|
|
```
|
|
|
|
## Miscellaneous settings
|
|
```sh
|
|
# Enable or disable biff notifications.
|
|
POSTFIX_BIFF="no"
|
|
|
|
# Postfix log output file.
|
|
POSTFIX_MAILLOG_FILE="/dev/stdout"
|
|
|
|
# Debug peer level.
|
|
POSTFIX_DEBUG_PEER_LEVEL="1"
|
|
|
|
# Postfix compatibility level.
|
|
POSTFIX_COMPATIBILITY_LEVEL="3.6"
|
|
|
|
# Append .$mydomain to locally-posted mail addresses without domain part.
|
|
POSTFIX_APPEND_DOT_MYDOMAIN="no"
|
|
|
|
# Path to Postfix README directory, or "no" to disable.
|
|
POSTFIX_README_DIRECTORY="no"
|
|
|
|
# Local mailbox delivery command.
|
|
POSTFIX_MAILBOX_COMMAND='procmail -a "$EXTENSION"'
|
|
|
|
# Maximum mailbox size in bytes, 0 means unlimited.
|
|
POSTFIX_MAILBOX_SIZE_LIMIT="0"
|
|
|
|
# Address extension delimiter.
|
|
POSTFIX_RECIPIENT_DELIMITER="+"
|
|
|
|
# TLS security level for submission service in master.cf.
|
|
POSTFIX_SUBMISSION_TLS_SECURITY_LEVEL="encrypt"
|
|
|
|
# Enable or disable TLS wrapper mode for SMTPS service in master.cf.
|
|
POSTFIX_SMTPS_TLS_WRAPPERMODE="yes"
|
|
```
|
|
|
|
# Notes
|
|
- The container automatically generates `/etc/postfix/master.cf` at startup.
|
|
- The container configures `/etc/postfix/main.cf` using `postconf -e`.
|
|
- `/etc/aliases` is created automatically if missing, and `newaliases` is run on startup.
|
|
- `/etc/resolv.conf` is copied into `/var/spool/postfix/etc/resolv.conf` so DNS lookups work in chrooted Postfix services.
|
|
- `POSTFIX_SMTPD_MILTERS` and `POSTFIX_NON_SMTPD_MILTERS` should contain only `host:port`. The script adds the `inet:` prefix automatically.
|
|
- TLS certificate and key files must exist inside the container if TLS is enabled. |