/postfix-docker

Simple SMTP relay docker image.

Primary LanguageShellGNU General Public License v3.0GPL-3.0

This is a fork of https://github.com/juanluisbaptiste/docker-postfix. The general architecture is the same with some minor changes

Kubernetes examples are also available under the Kubernetes subdirectory. A secret must be created for the appropriate environment variables referenced in the deployment manifest

docker-postfix

Simple Postfix SMTP TLS relay docker alpine based image with no local authentication enabled (to be run in a secure LAN).

Build instructions

Clone this repo and then:

cd docker-Postfix
sudo docker build -t untestedengineer/postfix-docker .

Or you can use the provided docker-compose files:

sudo docker-compose build

For more information on using multiple compose files see here. You can also find a prebuilt docker image from Docker Hub, which can be pulled with this command:

sudo docker pull untestedengineer/postfix-docker:latest

How to run it

The following env variables need to be passed to the container:

  • SMTP_SERVER Server address of the SMTP server to use.
  • SMTP_PORT (Optional, Default value: 587) Port address of the SMTP server to use.
  • SMTP_USERNAME (Optional) Username to authenticate with.
  • SMTP_PASSWORD (Mandatory if SMTP_USERNAME is set) Password of the SMTP user. If SMTP_PASSWORD_FILE is set, not needed.
  • SERVER_HOSTNAME Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.

The following env variable(s) are optional.

  • SMTP_HEADER_TAG This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers.

  • SMTP_NETWORKS Setting this will allow you to add additional, comma separated, subnets to use the relay. Used like -e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx'

  • SMTP_PASSWORD_FILE Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like -e SMTP_PASSWORD_FILE=/secrets/smtp_password -v $(pwd)/secrets/:/secrets/

  • SMTP_USERNAME_FILE Setting this to a mounted file containing the username, to avoid usernames in env variables. Used like -e SMTP_USERNAME_FILE=/secrets/smtp_username -v $(pwd)/secrets/:/secrets/

  • ALWAYS_ADD_MISSING_HEADERS This is related to the always_add_missing_headers Postfix option (default: no). If set to yes, Postfix will always add missing headers among From:, To:, Date: or Message-ID:.

  • OVERWRITE_FROM This will rewrite the from address overwriting it with the specified address for all email being relayed. Example settings: OVERWRITE_FROM=email@company.com OVERWRITE_FROM="Your Name" email@company.com

  • DESTINATION This will define a list of domains from which incoming messages will be accepted.

  • LOG_SUBJECT This will output the subject line of messages in the log.

  • SMTPUTF8_ENABLE This will enable (default) or disable support for SMTPUTF8. Valid values are no to disable and yes to enable. Not setting this variable will use the postfix default, which is yes.

To use this container from anywhere, the 25 port or the one specified by SMTP_PORT needs to be exposed to the docker host server:

docker run -d --name postfix -p "25:25"  \
       -e SMTP_SERVER=smtp.bar.com \
       -e SMTP_USERNAME=foo@bar.com \
       -e SMTP_PASSWORD=XXXXXXXX \
       -e SERVER_HOSTNAME=helpdesk.mycompany.com \
       untestedengineer/postfix-docker

If you are going to use this container from other docker containers then it's better to just publish the port:

docker run -d --name postfix -P \
       -e SMTP_SERVER=smtp.bar.com \
       -e SMTP_USERNAME=foo@bar.com \
       -e SMTP_PASSWORD=XXXXXXXX \
       -e SERVER_HOSTNAME=helpdesk.mycompany.com \           
       untestedengineer/postfix-docker

Or if you can start the service using the provided docker-compose file for production use:

sudo docker-compose up -d

To see the email logs in real time:

docker logs -f postfix

A note about using gmail as a relay

Gmail by default does not allow email clients that don't use OAUTH 2 for authentication (like Thunderbird or Outlook). First you need to enable access to "Less secure apps" on your google settings.

Also take into account that email From: header will contain the email address of the account being used to authenticate against the Gmail SMTP server(SMTP_USERNAME), the one on the email will be ignored by Gmail unless you add it as an alias.

Debugging

If you need troubleshooting the container you can set the environment variable DEBUG=yes for a more verbose output.