postfix/README.md

[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap.

## Volumes
- `/etc/ssl/mail:ro`: certificates have to be here.

## Environment Variables
### MYHOSTNAME
Fully qualified hostname.

### MYDOMAIN
The internet domain name of the mail system.

### SMTP_BANNER
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.

### DOVECOT_HOST
Hostname for the dovecot host.

### DOVECOT_AUTH_PORT
Port for the dovecot host.

### DKIM_HOST
Hostname for the OpenDkim host.

### DKIM_PORT
Port for the OpenDkim host.

### LMTP_HOST
Hostname for the lmtp host (probably dovecot).

### LMTP_PORT
Port for the lmtp host.

### LDAP_URI
Complete uri for the authentication ldap host.

### LDAP_BIND_DN
DN used to authenticate against ldap.

### LDAP_BIND_PASSWORD
Password used to authenticate against ldap.

### LDAP_ALIAS_QUERY_FILTER
Ldap filter for mail aliases.

### LDAP_DOMAIN_QUERY_FILTER
Ldap filter for domains.

### LDAP_MAILBOX_QUERY_FILTER
Ldap filter for mailboxes.

### LDAP_MAILBOX_SEARCH_BASE
Base DN to look for mailboxes on the ldap host.

### LDAP_DOMAIN_SEARCH_BASE
Base DN to look for valid domains on the ldap host.

### LDAP_DOMAIN_RESULT_ATTRIBUTE
- default: dc

Ldap attribute that is fetched in the domain query.

### LDAP_MAILBOX_RESULT_ATTRIBUTE
- default: cn

Ldap attribute that is fetched in the mailbox query.

### LDAP_STARTTLS
- default: yes

Whether to use tls when connecting to the ldap host.

### CERTNAME
- default: fullchain.pem

Name of the certificate file.

### Keyname
- default: privkey.pem

Name of the key file.

### MESSAGE_SIZELIMIT
- default: 20000000

Message size limit in bytes.

### MAILBOX_SIZELIMIT
- default: 0

Mailbox size limit in bytes. `0` disables the limit.

### TLS_SECURITY_LEVEL
- default: may

One of:
- none: TLS will not be used. 
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. 
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. 
  According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.

### TLS_PROTOCOLS
- default: !SSLv2, !SSLv3

Comma seperated list of accepted TLS protocols.

### TLS_CIPHERS
- default: high

The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.

### TLS_EXCLUDE_CIPHERS
- default: aNULL, MD5, 3DES

Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.

## Ports
- 25
- 587

## Capabilities
- CHOWN
- DAC_OVERRIDE
- FOWNER
- NET_BIND_SERVICE
- SETGID
- SETUID
Create README.md 2016-10-28 11:05:33 +00:00			`[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap.`

			`## Volumes`
			- `/etc/ssl/mail:ro`: certificates have to be here.

			`## Environment Variables`
			`### MYHOSTNAME`
			`Fully qualified hostname.`

			`### MYDOMAIN`
			`The internet domain name of the mail system.`

			`### SMTP_BANNER`
			Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.

			`### DOVECOT_HOST`
			`Hostname for the dovecot host.`

			`### DOVECOT_AUTH_PORT`
			`Port for the dovecot host.`

			`### DKIM_HOST`
			`Hostname for the OpenDkim host.`

			`### DKIM_PORT`
			`Port for the OpenDkim host.`

			`### LMTP_HOST`
			`Hostname for the lmtp host (probably dovecot).`

			`### LMTP_PORT`
			`Port for the lmtp host.`

			`### LDAP_URI`
			`Complete uri for the authentication ldap host.`

			`### LDAP_BIND_DN`
			`DN used to authenticate against ldap.`

			`### LDAP_BIND_PASSWORD`
			`Password used to authenticate against ldap.`

			`### LDAP_ALIAS_QUERY_FILTER`
			`Ldap filter for mail aliases.`

			`### LDAP_DOMAIN_QUERY_FILTER`
			`Ldap filter for domains.`

			`### LDAP_MAILBOX_QUERY_FILTER`
			`Ldap filter for mailboxes.`

			`### LDAP_MAILBOX_SEARCH_BASE`
			`Base DN to look for mailboxes on the ldap host.`

			`### LDAP_DOMAIN_SEARCH_BASE`
			`Base DN to look for valid domains on the ldap host.`

			`### LDAP_DOMAIN_RESULT_ATTRIBUTE`
			`- default: dc`

			`Ldap attribute that is fetched in the domain query.`

			`### LDAP_MAILBOX_RESULT_ATTRIBUTE`
			`- default: cn`

			`Ldap attribute that is fetched in the mailbox query.`

			`### LDAP_STARTTLS`
			`- default: yes`

			`Whether to use tls when connecting to the ldap host.`

			`### CERTNAME`
			`- default: fullchain.pem`

			`Name of the certificate file.`

			`### Keyname`
			`- default: privkey.pem`

			`Name of the key file.`

			`### MESSAGE_SIZELIMIT`
			`- default: 20000000`

			`Message size limit in bytes.`

			`### MAILBOX_SIZELIMIT`
			`- default: 0`

			Mailbox size limit in bytes. `0` disables the limit.

			`### TLS_SECURITY_LEVEL`
			`- default: may`

			`One of:`
			`- none: TLS will not be used.`
			`- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.`
			`- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.`
			`According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.`

			`### TLS_PROTOCOLS`
			`- default: !SSLv2, !SSLv3`

			`Comma seperated list of accepted TLS protocols.`

			`### TLS_CIPHERS`
			`- default: high`

			`The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.`

			`### TLS_EXCLUDE_CIPHERS`
			`- default: aNULL, MD5, 3DES`

			`Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.`

			`## Ports`
			`- 25`
			`- 587`

			`## Capabilities`
			`- CHOWN`
			`- DAC_OVERRIDE`
			`- FOWNER`
			`- NET_BIND_SERVICE`
			`- SETGID`
			`- SETUID`