[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap. ## Volumes - `/etc/ssl/mail:ro`: certificates have to be here. ## Environment Variables ### MYHOSTNAME Fully qualified hostname. ### MYDOMAIN The internet domain name of the mail system. ### SMTP_BANNER Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner. ### DOVECOT_HOST Hostname for the dovecot host. ### DOVECOT_AUTH_PORT Port for the dovecot host. ### DKIM_HOST Hostname for the OpenDkim host. ### DKIM_PORT Port for the OpenDkim host. ### LMTP_HOST Hostname for the lmtp host (probably dovecot). ### LMTP_PORT Port for the lmtp host. ### LDAP_URI Complete uri for the authentication ldap host. ### LDAP_BIND_DN DN used to authenticate against ldap. ### LDAP_BIND_PASSWORD Password used to authenticate against ldap. ### LDAP_ALIAS_QUERY_FILTER Ldap filter for mail aliases. ### LDAP_DOMAIN_QUERY_FILTER Ldap filter for domains. ### LDAP_MAILBOX_QUERY_FILTER Ldap filter for mailboxes. ### LDAP_MAILBOX_SEARCH_BASE Base DN to look for mailboxes on the ldap host. ### LDAP_DOMAIN_SEARCH_BASE Base DN to look for valid domains on the ldap host. ### LDAP_DOMAIN_RESULT_ATTRIBUTE - default: dc Ldap attribute that is fetched in the domain query. ### LDAP_MAILBOX_RESULT_ATTRIBUTE - default: cn Ldap attribute that is fetched in the mailbox query. ### LDAP_STARTTLS - default: yes Whether to use tls when connecting to the ldap host. ### CERTNAME - default: fullchain.pem Name of the certificate file. ### Keyname - default: privkey.pem Name of the key file. ### MESSAGE_SIZELIMIT - default: 20000000 Message size limit in bytes. ### MAILBOX_SIZELIMIT - default: 0 Mailbox size limit in bytes. `0` disables the limit. ### TLS_SECURITY_LEVEL - default: may One of: - none: TLS will not be used. - may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. - encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server. ### TLS_PROTOCOLS - default: !SSLv2, !SSLv3 Comma seperated list of accepted TLS protocols. ### TLS_CIPHERS - default: high The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption. ### TLS_EXCLUDE_CIPHERS - default: aNULL, MD5, 3DES Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels. ## Ports - 25 - 587 ## Capabilities - CHOWN - DAC_OVERRIDE - FOWNER - NET_BIND_SERVICE - SETGID - SETUID