[Postfix](http://www.postfix.org/) with ldap authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in ldap. # Volumes - `/etc/ssl/mail:ro`: certificates have to be here. # Environment Variables ## MYHOSTNAME Fully qualified hostname. ## MYDOMAIN The internet domain name of the mail system. ## SMTP_BANNER Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner. ## SPAMASSASSIN_HOST Hostname for the spamassassin host. ## DOVECOT_HOST Hostname for the dovecot host. ## DOVECOT_AUTH_PORT Port for the dovecot host. ## DKIM_HOST Hostname for the OpenDkim host. ## DKIM_PORT Port for the OpenDkim host. ## LMTP_HOST Hostname for the lmtp host (probably dovecot). ## LMTP_PORT Port for the lmtp host. ## LDAP_URI Complete uri for the authentication ldap host. ## LDAP_BIND_DN DN used to authenticate against ldap. ## LDAP_BIND_PASSWORD Password used to authenticate against ldap. ## LDAP_ALIAS_QUERY_FILTER Ldap filter for mail aliases. ## LDAP_DOMAIN_QUERY_FILTER Ldap filter for domains. ## LDAP_MAILBOX_QUERY_FILTER Ldap filter for mailboxes. ## LDAP_MAILBOX_SEARCH_BASE Base DN to look for mailboxes on the ldap host. ## LDAP_DOMAIN_SEARCH_BASE Base DN to look for valid domains on the ldap host. ## LDAP_DOMAIN_RESULT_ATTRIBUTE - default: dc Ldap attribute that is fetched in the domain query. ## LDAP_MAILBOX_RESULT_ATTRIBUTE - default: cn Ldap attribute that is fetched in the mailbox query. ## LDAP_STARTTLS - default: yes Whether to use tls when connecting to the ldap host. ## CERT_NAME - default: fullchain.pem Name of the certificate file. ## KEY_NAME - default: privkey.pem Name of the key file. ## MESSAGE_SIZELIMIT - default: 20000000 Message size limit in bytes. ## MAILBOX_SIZELIMIT - default: 0 Mailbox size limit in bytes. `0` disables the limit. ## TLS_SECURITY_LEVEL - default: may One of: - none: TLS will not be used. - may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. - encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server. ## TLS_PROTOCOLS - default: !SSLv2, !SSLv3 Comma seperated list of accepted TLS protocols. ## TLS_CIPHERS - default: high The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption. ## TLS_EXCLUDE_CIPHERS - default: aNULL, MD5, 3DES Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels. # Ports - 25 - 587 # Capabilities - DAC_OVERRIDE - NET_BIND_SERVICE - SETGID - SETUID