postfix/README.md

2.2 KiB

Postfix with dovecot authentication and rspamd using postgres.

Volumes

  • /etc/ssl/mail:ro: certificates have to be here.

Environment Variables

MYHOSTNAME

Fully qualified hostname.

MYDOMAIN

The internet domain name of the mail system.

SMTP_BANNER

Text prepended to $myhostname ESMTP $mail_name for the smtp banner.

SPAMASSASSIN_HOST

Hostname for the spamassassin host.

DOVECOT_HOST

Hostname for the dovecot host.

DOVECOT_AUTH_PORT

Port for the dovecot host.

DKIM_HOST

Hostname for the OpenDkim host.

DKIM_PORT

Port for the OpenDkim host.

LMTP_HOST

Hostname for the lmtp host (probably dovecot).

LMTP_PORT

Port for the lmtp host.

CERT_DOMAIN

Name of the certificate domain.

Name of the key file.

DB_HOST

Postgre database host.

DB_USER

  • default: email

User to connect to the database.

DB_PASSWORD

Password to use for the database user.

DB_NAME

  • default: email

Name of the postgre database to connect to.

MESSAGE_SIZELIMIT

  • default: 20000000

Message size limit in bytes.

MAILBOX_SIZELIMIT

  • default: 0

Mailbox size limit in bytes. 0 disables the limit.

TLS_SECURITY_LEVEL

  • default: may

One of:

  • none: TLS will not be used.
  • may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
  • encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption. According to RFC 2487 this MUST NOT be applied in case of a publicly-referenced SMTP server.

TLS_PROTOCOLS

  • default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1

Comma seperated list of accepted TLS protocols.

TLS_CIPHERS

  • default: high

The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.

TLS_EXCLUDE_CIPHERS

  • default: aNULL, MD5, 3DES

Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.

RSPAMD_ADDRESS

  • default: inet:127.0.0.1:11332

Where to connect to rspamd.

Ports

  • 25
  • 587

Capabilities

  • DAC_OVERRIDE
  • NET_BIND_SERVICE
  • SETGID
  • SETUID