102 lines
2.2 KiB
Markdown
102 lines
2.2 KiB
Markdown
[Postfix](http://www.postfix.org/) with dovecot authentication and [rspamd](https://rspamd.com/) using postgres.
|
|
|
|
# Volumes
|
|
- `/etc/ssl/mail:ro`: certificates have to be here.
|
|
|
|
# Environment Variables
|
|
## MYHOSTNAME
|
|
Fully qualified hostname.
|
|
|
|
## MYDOMAIN
|
|
The internet domain name of the mail system.
|
|
|
|
## SMTP_BANNER
|
|
Text prepended to `$myhostname ESMTP $mail_name` for the smtp banner.
|
|
|
|
## DOVECOT_HOST
|
|
Hostname for the dovecot host.
|
|
|
|
## DOVECOT_AUTH_PORT
|
|
Port for the dovecot host.
|
|
|
|
## LMTP_HOST
|
|
Hostname for the lmtp host (probably dovecot).
|
|
|
|
## LMTP_PORT
|
|
Port for the lmtp host.
|
|
|
|
## CERT_DOMAIN
|
|
Name of the certificate domain.
|
|
|
|
Name of the key file.
|
|
|
|
## DB_HOST
|
|
|
|
Postgre database host.
|
|
|
|
## DB_USER
|
|
- default: email
|
|
|
|
User to connect to the database.
|
|
|
|
## DB_PASSWORD
|
|
|
|
Password to use for the database user.
|
|
|
|
## DB_NAME
|
|
- default: email
|
|
|
|
Name of the postgre database to connect to.
|
|
|
|
## MESSAGE_SIZELIMIT
|
|
- default: 20000000
|
|
|
|
Message size limit in bytes.
|
|
|
|
## MAILBOX_SIZELIMIT
|
|
- default: 0
|
|
|
|
Mailbox size limit in bytes. `0` disables the limit.
|
|
|
|
## TLS_SECURITY_LEVEL
|
|
- default: may
|
|
|
|
One of:
|
|
- none: TLS will not be used.
|
|
- may: Opportunistic TLS: announce STARTTLS support to remote SMTP clients, but do not require that clients use TLS encryption.
|
|
- encrypt: Mandatory TLS encryption: announce STARTTLS support to remote SMTP clients, and require that clients use TLS encryption.
|
|
According to [RFC 2487](http://tools.ietf.org/html/rfc2487) this MUST NOT be applied in case of a publicly-referenced SMTP server.
|
|
|
|
## TLS_PROTOCOLS
|
|
- default: !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
|
|
|
|
Comma seperated list of accepted TLS protocols.
|
|
|
|
## TLS_CIPHERS
|
|
- default: high
|
|
|
|
The minimum TLS cipher grade that the Postfix SMTP server will use with opportunistic TLS encryption.
|
|
|
|
## TLS_EXCLUDE_CIPHERS
|
|
- default: aNULL, MD5, 3DES
|
|
|
|
Comma seperated list of ciphers or cipher types to exclude from the SMTP server cipher list at all TLS security levels.
|
|
|
|
## RSPAMD_ADDRESS
|
|
- default: inet:127.0.0.1:11332
|
|
|
|
Where to connect to rspamd.
|
|
|
|
## EXTERNAL_IP
|
|
The network interface addresses that this mail system receives mail on by way of a proxy or network address translation unit.
|
|
|
|
# Ports
|
|
- 25
|
|
- 587
|
|
|
|
# Capabilities
|
|
- DAC_OVERRIDE
|
|
- NET_BIND_SERVICE
|
|
- SETGID
|
|
- SETUID
|