postfix/README.md

103 lines
2.2 KiB
Markdown

[Postfix](http://www.postfix.org/) with dovecot authentication and [spamassassin](http://spamassassin.apache.org/) + [OpenDKIM](http://www.opendkim.org/) in postgres.
# Volumes
- `/etc/ssl/mail:ro`: certificates have to be here.
# Environment Variables
## MYHOSTNAME
Fully qualified hostname.
## MYDOMAIN
The internet domain name of the mail system.
## SMTP_BANNER
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.
## SPAMASSASSIN_HOST
Hostname for the spamassassin host.
## DOVECOT_HOST
Hostname for the dovecot host.
## DOVECOT_AUTH_PORT
Port for the dovecot host.
## DKIM_HOST
Hostname for the OpenDkim host.
## DKIM_PORT
Port for the OpenDkim host.
## LMTP_HOST
Hostname for the lmtp host (probably dovecot).
## LMTP_PORT
Port for the lmtp host.
## CERT_DOMAIN
Name of the certificate domain.
Name of the key file.
## DB_HOST
Postgre database host.
## DB_USER
- default: email
User to connect to the database.
## DB_PASSWORD
Password to use for the database user.
## DB_NAME
- default: email
Name of the postgre database to connect to.
## MESSAGE_SIZELIMIT
- default: 20000000
Message size limit in bytes.
## MAILBOX_SIZELIMIT
- default: 0
Mailbox size limit in bytes. `0` disables the limit.
## TLS_SECURITY_LEVEL
- default: may
One of:
- none: TLS will not be used.
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
## TLS_PROTOCOLS
- default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
Comma seperated list of accepted TLS protocols.
## TLS_CIPHERS
- default: high
The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.
## TLS_EXCLUDE_CIPHERS
- default: aNULL, MD5, 3DES
Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
# Ports
- 25
- 587
# Capabilities
- DAC_OVERRIDE
- NET_BIND_SERVICE
- SETGID
- SETUID