[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres. # Database ``` create table if not exists virtual_domains ( name text primary key ); create table if not exists virtual_users ( email text primary key, domain_name text not null references virtual_domains(name), wildcard_sender bool default false ); create table if not exists virtual_aliases ( domain_name text not null references virtual_domains(name), source text not null, destination text not null ); ``` # Volumes - `/etc/ssl/mail:ro`: certificates have to be here. # Environment Variables ## MYHOSTNAME Fully qualified hostname. ## MYDOMAIN The internet domain name of the mail system. ## SMTP_BANNER Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner. ## DOVECOT_HOST Hostname for the dovecot host. ## DOVECOT_AUTH_PORT Port for the dovecot host. ## LMTP_HOST Hostname for the lmtp host (probably dovecot). ## LMTP_PORT Port for the lmtp host. ## CERT_DOMAIN Name of the certificate domain. Name of the key file. ## DB_HOST Postgre database host. ## DB_USER - default: email User to connect to the database. ## DB_PASSWORD Password to use for the database user. ## DB_NAME - default: email Name of the postgre database to connect to. ## MESSAGE_SIZELIMIT - default: 20000000 Message size limit in bytes. ## MAILBOX_SIZELIMIT - default: 0 Mailbox size limit in bytes. `0` disables the limit. ## TLS_SECURITY_LEVEL - default: may One of: - none: TLS will not be used. - may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption. - encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server. ## TLS_PROTOCOLS - default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 Comma seperated list of accepted TLS protocols. ## TLS_CIPHERS - default: high The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption. ## TLS_EXCLUDE_CIPHERS - default: aNULL, MD5, 3DES Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels. ## RSPAMD_ADDRESS - default: inet:127.0.0.1:11332 Where to connect to rspamd. ## EXTERNAL_IP The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit. # Ports - 25 - 587 # Capabilities - DAC_OVERRIDE - NET_BIND_SERVICE - SETGID - SETUID