rootfs | ||
.gitignore | ||
.woodpecker.yml | ||
Dockerfile | ||
README.md |
Postfix with dovecot authentication and rspamd using postgres.
Database
create table if not exists virtual_domains (
name text primary key
);
create table if not exists virtual_users (
email text primary key,
domain_name text not null references virtual_domains(name),
wildcard_sender bool default false
);
create table if not exists virtual_aliases (
domain_name text not null references virtual_domains(name),
source text not null,
destination text not null
);
Volumes
/etc/ssl/mail:ro
: certificates have to be here.
Environment Variables
MYHOSTNAME
Fully qualified hostname.
MYDOMAIN
The internet domain name of the mail system.
SMTP_BANNER
Text prepended to $myhostname ESMTP $mail_name
for the smtp banner.
DOVECOT_HOST
Hostname for the dovecot host.
DOVECOT_AUTH_PORT
Port for the dovecot host.
LMTP_HOST
Hostname for the lmtp host (probably dovecot).
LMTP_PORT
Port for the lmtp host.
CERT_DOMAIN
Name of the certificate domain.
Name of the key file.
DB_HOST
Postgre database host.
DB_USER
- default: email
User to connect to the database.
DB_PASSWORD
Password to use for the database user.
DB_NAME
- default: email
Name of the postgre database to connect to.
MESSAGE_SIZELIMIT
- default: 20000000
Message size limit in bytes.
MAILBOX_SIZELIMIT
- default: 0
Mailbox size limit in bytes. 0
disables the limit.
TLS_SECURITY_LEVEL
- default: may
One of:
- none: TLS will not be used.
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server.
TLS_PROTOCOLS
- default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
Comma seperated list of accepted TLS protocols.
TLS_CIPHERS
- default: high
The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.
TLS_EXCLUDE_CIPHERS
- default: aNULL, MD5, 3DES
Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
RSPAMD_ADDRESS
- default: inet:127.0.0.1:11332
Where to connect to rspamd.
EXTERNAL_IP
The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit.
Ports
- 25
- 587
Capabilities
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID