Simple Postfix SMTP TLS relay docker alpine based image with no local authentication enabled (to be run in a secure LAN).
This image is available for the following architectures:
- 386
- amd64 (latest and alpine tags)
- armv6
- armv7
- arm64
If you want to follow the development of this project check out my blog.
We use semantic versioning for this image. For all supported architectures there are the following versioned tags:
- Major (1)
- Minor (1.0)
- Patch (1.0.0)
Additionally the amd64 architecture has the following tags:
- latest
- alpine
NOTES:
- The alpine tag has been switched to use the master branch, but it's irrelevant as it is the same as latest.
- Old CentOS 7 based image is avaiable on the centos_base_image branch, but it is not being developed any more.
Clone this repo and then:
cd docker-Postfix
sudo docker build -t juanluisbaptiste/postfix .
Or you can use the provided docker-compose files:
sudo docker-compose build
For more information on using multiple compose files see here. You can also find a prebuilt docker image from Docker Hub, which can be pulled with this command:
sudo docker pull juanluisbaptiste/postfix:latest
The following env variables need to be passed to the container:
SMTP_SERVER
Server address of the SMTP server to use.SMTP_PORT
(Optional, Default value: 587) Port address of the SMTP server to use.SMTP_USERNAME
(Optional) Username to authenticate with.SMTP_PASSWORD
(Mandatory ifSMTP_USERNAME
is set) Password of the SMTP user. IfSMTP_PASSWORD_FILE
is set, not needed.SERVER_HOSTNAME
Server hostname for the Postfix container. Emails will appear to come from the hostname's domain.
The following env variable(s) are optional.
-
SMTP_HEADER_TAG
This will add a header for tracking messages upstream. Helpful for spam filters. Will appear as "RelayTag: ${SMTP_HEADER_TAG}" in the email headers. -
SMTP_NETWORKS
Setting this will allow you to add additional, comma seperated, subnets to use the relay. Used like -e SMTP_NETWORKS='xxx.xxx.xxx.xxx/xx,xxx.xxx.xxx.xxx/xx' -
SMTP_PASSWORD_FILE
Setting this to a mounted file containing the password, to avoid passwords in env variables. Used like -e SMTP_PASSWORD_FILE=/secrets/smtp_password -v $(pwd)/secrets/:/secrets/ -
SMTP_USERNAME_FILE
Setting this to a mounted file containing the username, to avoid usernames in env variables. Used like -e SMTP_USERNAME_FILE=/secrets/smtp_username -v $(pwd)/secrets/:/secrets/ -
ALWAYS_ADD_MISSING_HEADERS
This is related to the always_add_missing_headers Postfix option (default:no
). If set toyes
, Postfix will always add missing headers amongFrom:
,To:
,Date:
orMessage-ID:
. -
OVERWRITE_FROM
This will rewrite the from address overwriting it with the specified address for all email being relayed. Example settings: OVERWRITE_FROM=[email protected] OVERWRITE_FROM="Your Name" [email protected] -
DESTINATION
This will define a list of domains from which incoming messages will be accepted. -
LOG_SUBJECT
This will output the subject line of messages in the log. -
SMTPUTF8_ENABLE
This will enable (default) or disable support for SMTPUTF8. Valid values areno
to disable andyes
to enable. Not setting this variable will use the postfix default, which isyes
.
To use this container from anywhere, the 25 port or the one specified by SMTP_PORT
needs to be exposed to the docker host server:
docker run -d --name postfix -p "25:25" \
-e SMTP_SERVER=smtp.bar.com \
-e [email protected] \
-e SMTP_PASSWORD=XXXXXXXX \
-e SERVER_HOSTNAME=helpdesk.mycompany.com \
juanluisbaptiste/postfix
If you are going to use this container from other docker containers then it's better to just publish the port:
docker run -d --name postfix -P \
-e SMTP_SERVER=smtp.bar.com \
-e [email protected] \
-e SMTP_PASSWORD=XXXXXXXX \
-e SERVER_HOSTNAME=helpdesk.mycompany.com \
juanluisbaptiste/postfix
Or if you can start the service using the provided docker-compose file for production use:
sudo docker-compose up -d
To see the email logs in real time:
docker logs -f postfix
Gmail by default does not allow email clients that don't use OAUTH 2 for authentication (like Thunderbird or Outlook). First you need to enable access to "Less secure apps" on your google settings.
Also take into account that email From:
header will contain the email address of the account being used to
authenticate against the Gmail SMTP server(SMTP_USERNAME), the one on the email will be ignored by Gmail unless you add it as an alias.
If you need troubleshooting the container you can set the environment variable DEBUG=yes for a more verbose output.