postfix/README.md

[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres.

# Database
```
create table if not exists virtual_domains (
	name text primary key
);

create table if not exists virtual_users (
	email text primary key,
	domain_name text not null references virtual_domains(name)
);

create table if not exists virtual_aliases (
	domain_name text not null references virtual_domains(name),
	source text not null,
	destination text not null
);

```

# Volumes
- `/etc/ssl/mail:ro`: certificates have to be here.

# Environment Variables
## MYHOSTNAME
Fully qualified hostname.

## MYDOMAIN
The internet domain name of the mail system.

## SMTP_BANNER
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.

## DOVECOT_HOST
Hostname for the dovecot host.

## DOVECOT_AUTH_PORT
Port for the dovecot host.

## LMTP_HOST
Hostname for the lmtp host (probably dovecot).

## LMTP_PORT
Port for the lmtp host.

## CERT_DOMAIN
Name of the certificate domain.

Name of the key file.

## DB_HOST

Postgre database host.

## DB_USER
- default: email

User to connect to the database.

## DB_PASSWORD

Password to use for the database user.

## DB_NAME
- default: email

Name of the postgre database to connect to.

## MESSAGE_SIZELIMIT
- default: 20000000

Message size limit in bytes.

## MAILBOX_SIZELIMIT
- default: 0

Mailbox size limit in bytes. `0` disables the limit.

## TLS_SECURITY_LEVEL
- default: may

One of:
- none: TLS will not be used.
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
  According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.

## TLS_PROTOCOLS
- default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

Comma seperated list of accepted TLS protocols.

## TLS_CIPHERS
- default: high

The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.

## TLS_EXCLUDE_CIPHERS
- default: aNULL, MD5, 3DES

Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.

## RSPAMD_ADDRESS
- default: inet:127.0.0.1:11332

Where to connect to rspamd.

## EXTERNAL_IP
The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. 

# Ports
- 25
- 587

# Capabilities
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID
use rspamd as milter 2021-11-18 13:44:30 +00:00			`[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres.`
Create README.md 2016-10-28 11:05:33 +00:00
add sender restrictions 2022-01-22 18:58:58 +00:00			`# Database`
			```
			`create table if not exists virtual_domains (`
			`name text primary key`
			`);`

			`create table if not exists virtual_users (`
			`email text primary key,`
			`domain_name text not null references virtual_domains(name)`
			`);`

			`create table if not exists virtual_aliases (`
			`domain_name text not null references virtual_domains(name),`
			`source text not null,`
			`destination text not null`
			`);`
use new s6-rc layout [skip CI] 2022-02-18 08:35:14 +00:00
add sender restrictions 2022-01-22 18:58:58 +00:00			```

Update README.md 2016-10-31 10:14:36 +00:00			`# Volumes`
Create README.md 2016-10-28 11:05:33 +00:00			- `/etc/ssl/mail:ro`: certificates have to be here.

Update README.md 2016-10-31 10:14:36 +00:00			`# Environment Variables`
			`## MYHOSTNAME`
Create README.md 2016-10-28 11:05:33 +00:00			`Fully qualified hostname.`

Update README.md 2016-10-31 10:14:36 +00:00			`## MYDOMAIN`
Create README.md 2016-10-28 11:05:33 +00:00			`The internet domain name of the mail system.`

Update README.md 2016-10-31 10:14:36 +00:00			`## SMTP_BANNER`
Create README.md 2016-10-28 11:05:33 +00:00			Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.

Update README.md 2016-10-31 10:14:36 +00:00			`## DOVECOT_HOST`
Create README.md 2016-10-28 11:05:33 +00:00			`Hostname for the dovecot host.`

Update README.md 2016-10-31 10:14:36 +00:00			`## DOVECOT_AUTH_PORT`
Create README.md 2016-10-28 11:05:33 +00:00			`Port for the dovecot host.`

Update README.md 2016-10-31 10:14:36 +00:00			`## LMTP_HOST`
Create README.md 2016-10-28 11:05:33 +00:00			`Hostname for the lmtp host (probably dovecot).`

Update README.md 2016-10-31 10:14:36 +00:00			`## LMTP_PORT`
Create README.md 2016-10-28 11:05:33 +00:00			`Port for the lmtp host.`

update readme 2021-10-05 06:15:54 +00:00			`## CERT_DOMAIN`
			`Name of the certificate domain.`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`Name of the key file.`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`## DB_HOST`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`Postgre database host.`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`## DB_USER`
			`- default: email`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`User to connect to the database.`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`## DB_PASSWORD`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`Password to use for the database user.`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`## DB_NAME`
			`- default: email`
Create README.md 2016-10-28 11:05:33 +00:00
update readme 2021-10-05 06:15:54 +00:00			`Name of the postgre database to connect to.`
Create README.md 2016-10-28 11:05:33 +00:00
Update README.md 2016-10-31 10:14:36 +00:00			`## MESSAGE_SIZELIMIT`
Create README.md 2016-10-28 11:05:33 +00:00			`- default: 20000000`

			`Message size limit in bytes.`

Update README.md 2016-10-31 10:14:36 +00:00			`## MAILBOX_SIZELIMIT`
Create README.md 2016-10-28 11:05:33 +00:00			`- default: 0`

			Mailbox size limit in bytes. `0` disables the limit.

Update README.md 2016-10-31 10:14:36 +00:00			`## TLS_SECURITY_LEVEL`
update readme 2019-02-18 13:48:56 +00:00			`- default: may`
Create README.md 2016-10-28 11:05:33 +00:00
			`One of:`
add use gitlab docker registry 2017-09-22 12:32:42 +00:00			`- none: TLS will not be used.`
			`- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.`
			`- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.`
Create README.md 2016-10-28 11:05:33 +00:00			`According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.`

Update README.md 2016-10-31 10:14:36 +00:00			`## TLS_PROTOCOLS`
use multistage docker build 2019-02-18 13:48:21 +00:00			`- default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1`
Create README.md 2016-10-28 11:05:33 +00:00
			`Comma seperated list of accepted TLS protocols.`

Update README.md 2016-10-31 10:14:36 +00:00			`## TLS_CIPHERS`
Create README.md 2016-10-28 11:05:33 +00:00			`- default: high`

			`The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.`

Update README.md 2016-10-31 10:14:36 +00:00			`## TLS_EXCLUDE_CIPHERS`
Create README.md 2016-10-28 11:05:33 +00:00			`- default: aNULL, MD5, 3DES`

			`Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.`

use rspamd as milter 2021-11-18 13:44:30 +00:00			`## RSPAMD_ADDRESS`
			`- default: inet:127.0.0.1:11332`

add milter configuration 2021-12-22 10:35:46 +00:00			`Where to connect to rspamd.`

add milter configuration 2021-12-22 10:34:40 +00:00			`## EXTERNAL_IP`
			`The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit.`

Update README.md 2016-10-31 10:14:36 +00:00			`# Ports`
Create README.md 2016-10-28 11:05:33 +00:00			`- 25`
			`- 587`

Update README.md 2016-10-31 10:14:36 +00:00			`# Capabilities`
Create README.md 2016-10-28 11:05:33 +00:00			`- DAC_OVERRIDE`
			`- NET_BIND_SERVICE`
			`- SETGID`
			`- SETUID`