From fb403561a572edd2f036e643cb5bdf19316679d9 Mon Sep 17 00:00:00 2001
From: Sebastian Hugentobler <thallian@users.noreply.github.com>
Date: Fri, 28 Oct 2016 13:05:33 +0200
Subject: [PATCH] Create README.md

---
 README.md | 127 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 127 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..0ae22c1
--- /dev/null
+++ b/README.md
@@ -0,0 +1,127 @@
+[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap.
+
+## Volumes
+- `/etc/ssl/mail:ro`: certificates have to be here.
+
+## Environment Variables
+### MYHOSTNAME
+Fully qualified hostname.
+
+### MYDOMAIN
+The internet domain name of the mail system.
+
+### SMTP_BANNER
+Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.
+
+### DOVECOT_HOST
+Hostname for the dovecot host.
+
+### DOVECOT_AUTH_PORT
+Port for the dovecot host.
+
+### DKIM_HOST
+Hostname for the OpenDkim host.
+
+### DKIM_PORT
+Port for the OpenDkim host.
+
+### LMTP_HOST
+Hostname for the lmtp host (probably dovecot).
+
+### LMTP_PORT
+Port for the lmtp host.
+
+### LDAP_URI
+Complete uri for the authentication ldap host.
+
+### LDAP_BIND_DN
+DN used to authenticate against ldap.
+
+### LDAP_BIND_PASSWORD
+Password used to authenticate against ldap.
+
+### LDAP_ALIAS_QUERY_FILTER
+Ldap filter for mail aliases.
+
+### LDAP_DOMAIN_QUERY_FILTER
+Ldap filter for domains.
+
+### LDAP_MAILBOX_QUERY_FILTER
+Ldap filter for mailboxes.
+
+### LDAP_MAILBOX_SEARCH_BASE
+Base DN to look for mailboxes on the ldap host.
+
+### LDAP_DOMAIN_SEARCH_BASE
+Base DN to look for valid domains on the ldap host.
+
+### LDAP_DOMAIN_RESULT_ATTRIBUTE
+- default: dc
+
+Ldap attribute that is fetched in the domain query.
+
+### LDAP_MAILBOX_RESULT_ATTRIBUTE
+- default: cn
+
+Ldap attribute that is fetched in the mailbox query.
+
+### LDAP_STARTTLS
+- default: yes
+
+Whether to use tls when connecting to the ldap host.
+
+### CERTNAME
+- default: fullchain.pem
+
+Name of the certificate file.
+
+### Keyname
+- default: privkey.pem
+
+Name of the key file.
+
+### MESSAGE_SIZELIMIT
+- default: 20000000
+
+Message size limit in bytes.
+
+### MAILBOX_SIZELIMIT
+- default: 0
+
+Mailbox size limit in bytes. `0` disables the limit.
+
+### TLS_SECURITY_LEVEL
+- default: may
+
+One of:
+- none: TLS will not be used. 
+- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. 
+- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. 
+  According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
+
+### TLS_PROTOCOLS
+- default: !SSLv2, !SSLv3
+
+Comma seperated list of accepted TLS protocols.
+
+### TLS_CIPHERS
+- default: high
+
+The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.
+
+### TLS_EXCLUDE_CIPHERS
+- default: aNULL, MD5, 3DES
+
+Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
+
+## Ports
+- 25
+- 587
+
+## Capabilities
+- CHOWN
+- DAC_OVERRIDE
+- FOWNER
+- NET_BIND_SERVICE
+- SETGID
+- SETUID