126 lines
2.7 KiB
Markdown
126 lines
2.7 KiB
Markdown
|
[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap.
|
||
|
|
||
|
## Volumes
|
||
|
- `/etc/ssl/mail:ro`: certificates have to be here.
|
||
|
|
||
|
## Environment Variables
|
||
|
### MYHOSTNAME
|
||
|
Fully qualified hostname.
|
||
|
|
||
|
### MYDOMAIN
|
||
|
The internet domain name of the mail system.
|
||
|
|
||
|
### SMTP_BANNER
|
||
|
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.
|
||
|
|
||
|
### DOVECOT_HOST
|
||
|
Hostname for the dovecot host.
|
||
|
|
||
|
### DOVECOT_AUTH_PORT
|
||
|
Port for the dovecot host.
|
||
|
|
||
|
### DKIM_HOST
|
||
|
Hostname for the OpenDkim host.
|
||
|
|
||
|
### DKIM_PORT
|
||
|
Port for the OpenDkim host.
|
||
|
|
||
|
### LMTP_HOST
|
||
|
Hostname for the lmtp host (probably dovecot).
|
||
|
|
||
|
### LMTP_PORT
|
||
|
Port for the lmtp host.
|
||
|
|
||
|
### LDAP_URI
|
||
|
Complete uri for the authentication ldap host.
|
||
|
|
||
|
### LDAP_BIND_DN
|
||
|
DN used to authenticate against ldap.
|
||
|
|
||
|
### LDAP_BIND_PASSWORD
|
||
|
Password used to authenticate against ldap.
|
||
|
|
||
|
### LDAP_ALIAS_QUERY_FILTER
|
||
|
Ldap filter for mail aliases.
|
||
|
|
||
|
### LDAP_DOMAIN_QUERY_FILTER
|
||
|
Ldap filter for domains.
|
||
|
|
||
|
### LDAP_MAILBOX_QUERY_FILTER
|
||
|
Ldap filter for mailboxes.
|
||
|
|
||
|
### LDAP_MAILBOX_SEARCH_BASE
|
||
|
Base DN to look for mailboxes on the ldap host.
|
||
|
|
||
|
### LDAP_DOMAIN_SEARCH_BASE
|
||
|
Base DN to look for valid domains on the ldap host.
|
||
|
|
||
|
### LDAP_DOMAIN_RESULT_ATTRIBUTE
|
||
|
- default: dc
|
||
|
|
||
|
Ldap attribute that is fetched in the domain query.
|
||
|
|
||
|
### LDAP_MAILBOX_RESULT_ATTRIBUTE
|
||
|
- default: cn
|
||
|
|
||
|
Ldap attribute that is fetched in the mailbox query.
|
||
|
|
||
|
### LDAP_STARTTLS
|
||
|
- default: yes
|
||
|
|
||
|
Whether to use tls when connecting to the ldap host.
|
||
|
|
||
|
### CERTNAME
|
||
|
- default: fullchain.pem
|
||
|
|
||
|
Name of the certificate file.
|
||
|
|
||
|
### Keyname
|
||
|
- default: privkey.pem
|
||
|
|
||
|
Name of the key file.
|
||
|
|
||
|
### MESSAGE_SIZELIMIT
|
||
|
- default: 20000000
|
||
|
|
||
|
Message size limit in bytes.
|
||
|
|
||
|
### MAILBOX_SIZELIMIT
|
||
|
- default: 0
|
||
|
|
||
|
Mailbox size limit in bytes. `0` disables the limit.
|
||
|
|
||
|
### TLS_SECURITY_LEVEL
|
||
|
- default: may
|
||
|
|
||
|
One of:
|
||
|
- none: TLS will not be used.
|
||
|
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
|
||
|
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
|
||
|
According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
|
||
|
|
||
|
### TLS_PROTOCOLS
|
||
|
- default: !SSLv2, !SSLv3
|
||
|
|
||
|
Comma seperated list of accepted TLS protocols.
|
||
|
|
||
|
### TLS_CIPHERS
|
||
|
- default: high
|
||
|
|
||
|
The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.
|
||
|
|
||
|
### TLS_EXCLUDE_CIPHERS
|
||
|
- default: aNULL, MD5, 3DES
|
||
|
|
||
|
Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
|
||
|
|
||
|
## Ports
|
||
|
- 25
|
||
|
- 587
|
||
|
|
||
|
## Capabilities
|
||
|
- DAC_OVERRIDE
|
||
|
- NET_BIND_SERVICE
|
||
|
- SETGID
|
||
|
- SETUID
|