[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres.

# Database
```
create table if not exists virtual_domains (
	name text primary key
);

create table if not exists virtual_users (
	email text primary key,
	domain_name text not null references virtual_domains(name)
);

create table if not exists virtual_aliases (
	domain_name text not null references virtual_domains(name),
	source text not null,
	destination text not null
);
```

# Volumes
- `/etc/ssl/mail:ro`: certificates have to be here.

# Environment Variables
## MYHOSTNAME
Fully qualified hostname.

## MYDOMAIN
The internet domain name of the mail system.

## SMTP_BANNER
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.

## DOVECOT_HOST
Hostname for the dovecot host.

## DOVECOT_AUTH_PORT
Port for the dovecot host.

## LMTP_HOST
Hostname for the lmtp host (probably dovecot).

## LMTP_PORT
Port for the lmtp host.

## CERT_DOMAIN
Name of the certificate domain.

Name of the key file.

## DB_HOST

Postgre database host.

## DB_USER
- default: email

User to connect to the database.

## DB_PASSWORD

Password to use for the database user.

## DB_NAME
- default: email

Name of the postgre database to connect to.

## MESSAGE_SIZELIMIT
- default: 20000000

Message size limit in bytes.

## MAILBOX_SIZELIMIT
- default: 0

Mailbox size limit in bytes. `0` disables the limit.

## TLS_SECURITY_LEVEL
- default: may

One of:
- none: TLS will not be used.
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
  According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.

## TLS_PROTOCOLS
- default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

Comma seperated list of accepted TLS protocols.

## TLS_CIPHERS
- default: high

The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.

## TLS_EXCLUDE_CIPHERS
- default: aNULL, MD5, 3DES

Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.

## RSPAMD_ADDRESS
- default: inet:127.0.0.1:11332

Where to connect to rspamd.

## EXTERNAL_IP
The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. 

# Ports
- 25
- 587

# Capabilities
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID