- smtp authen for send mail
- no mailbox only forward to another email
---
Dockerfile
FROM alpine:latest
RUN apk update
RUN apk add bash ca-certificates cyrus-sasl cyrus-sasl-login cyrus-sasl-crammd5 iproute2 mailx postfix postfix-pcre rsyslog supervisor tzdata
RUN rm -rf /tmp/*
RUN rm -rf /var/cache/apk/*
EXPOSE 25/tcp
EXPOSE 587/tcp
COPY ./supervisord.conf /etc/supervisord.conf
COPY ./smtpd.pem /etc/postfix/certs/smtpd.pem
COPY ./docker-entrypoint.sh /docker-entrypoint.sh
RUN chmod +x /docker-entrypoint.sh
ENTRYPOINT ["/docker-entrypoint.sh"]
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
---
docker-entrypoint.sh
#!/bin/bash
cp -f /usr/share/zoneinfo/Asia/Bangkok /etc/localtime
echo Asia/Bangkok > /etc/timezone
mkdir -p /var/spool/rsyslog/
cat <<EOF > /etc/rsyslog.conf
module(load="imuxsock")
\$WorkDirectory /var/spool/rsyslog
*.* -/dev/stdout
EOF
mkdir -p /etc/sasl2/
cat <<EOF > /etc/sasl2/smtp.conf
pwcheck_method: auxprop
auxprop_plugin: sasldb
mech_list: PLAIN LOGIN CRAM-MD5 DIGEST-MD5
log_level: 7
EOF
echo "user@domain.tld forward@gmail.com" >> /etc/postfix/virtual
echo "admin@domain.tld root" >> /etc/postfix/virtual
postmap /etc/postfix/virtual
postconf -e "virtual_alias_maps = lmdb:/etc/postfix/virtual"
postconf -e "mydomain = domain.tld"
postconf -e "myhostname = mail.domain.tld"
postconf -e "mydestination = localhost, \$myhostname, \$mydomain"
postconf -e "inet_interfaces = all"
postconf -e "broken_sasl_auth_clients = yes"
postconf -e "smtp_tls_security_level=may"
postconf -e "smtp_tls_loglevel=1"
postconf -e "smtpd_helo_required = yes"
postconf -e "smtpd_sasl_auth_enable = yes"
postconf -e "smtpd_sender_restrictions = reject_unknown_sender_domain, reject_unauthenticated_sender_login_mismatch, reject_known_sender_login_mismatch, permit_sasl_authenticated, permit"
postconf -e "smtpd_recipient_restrictions = permit_sasl_authenticated, reject_non_fqdn_helo_hostname, reject_non_fqdn_sender, reject_unknown_sender_domain, reject_non_fqdn_recipient, reject_unknown_recipient_domain, reject_unauth_destination"
postconf -e "smtpd_relay_restrictions = permit_sasl_authenticated, reject_unauth_destination"
postconf -e "smtpd_sasl_authenticated_header = yes"
postconf -e "smtpd_use_tls = yes"
postconf -e "smtpd_tls_auth_only = yes"
postconf -e "smtpd_tls_loglevel = 1"
postconf -e "smtpd_tls_cert_file=/etc/postfix/certs/smtpd.pem"
postconf -e "smtpd_tls_key_file=/etc/postfix/certs/smtpd.pem"
postconf -e "smtpd_tls_CAfile=/etc/postfix/certs/smtpd.pem"
postconf -e "smtputf8_enable = yes"
postconf -M submission/inet="submission inet n - n - - smtpd"
postconf -P "submission/inet/syslog_name=postfix/submission"
postconf -P "submission/inet/smtpd_tls_security_level=encrypt"
postconf -P "submission/inet/smtpd_sasl_auth_enable=yes"
postconf -P "submission/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject_unauth_destination"
postconf -P "submission/inet/smtpd_recipient_restrictions=permit_sasl_authenticated,reject_unauth_destination"
echo password | saslpasswd2 -p -c -u domain.tld username
chown postfix /etc/sasl2/sasldb2
newaliases
exec "$@"
---
smtpd.pem
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
---
supervisord.conf
[supervisord]
nodaemon = true
user = root
[program:rsyslog]
autorestart = true
command = /usr/sbin/rsyslogd -n
priority = 100
process_name = rsyslog
redirect_stderr = true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
[program:postfix]
autorestart = true
command = /usr/libexec/postfix/master -c /etc/postfix -d
process_name = postfix
redirect_stderr = true
stdout_logfile = /dev/stdout
stdout_logfile_maxbytes = 0
---
build.sh
!/bin/bash
docker buildx build -t postfix-alpine:latest .
docker save postfix-alpine:latest > postfix-alpine.tar
---
upload postfix-alpine.tar to chr
/container
add file=postfix-alpine.tar interface=veth-postfix hostname=mail.domain.tld dns=10.10.0.1 logging=yes
27 ตุลาคม 2566
build postfix docker image for mikrotik chr
