Run postfix with SMTP authentication (sasldb) in a Docker container.
TLS and OpenDKIM support is optional. Fail2ban can be enabled.
-
Pull image
docker pull danilsmirnov/postfix
-
Create postfix container with smtp authentication
docker run -p 25:25 \ -e MAIL_DOMAIN=example.com -e SMTP_USER=user:pwd \ --name postfix -d danilsmirnov/postfix # Set multiple user credentials: -e SMTP_USER=user1:pwd1,user2:pwd2,...,userN:pwdN
-
Set mail host defferent from mail domain
docker run -p 25:25 \ -e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \ --name postfix -d danilsmirnov/postfix
-
Enable OpenDKIM: save your domain key
mail.private
in/path/to/domainkeys
docker run -p 25:25 \ -e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \ -v /path/to/domainkeys:/etc/opendkim/domainkeys \ --name postfix -d danilsmirnov/postfix # Set DKIM_SELECTOR variable if not okay with default "mail" selector
To sign more domains add their key file(s) named
$DKIM_SELECTOR._domainkey.$DOMAIN.private
, e.g.:mail._domainkey.subdomain.example.com.private mail._domainkey.*.example.com.private
(Wildcard subdomain refers to its parent domain's DNS record.)
-
Enable TLS(587): save your SSL certificates
mail.example.com.key
andmail.example.com.crt
to/path/to/certs
docker run -p 587:587 \ -e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \ -v /path/to/certs:/etc/postfix/certs \ --name postfix -d danilsmirnov/postfix
-
Enable Fail2ban with
postfix-sasl
jail to ban brute-force attackersdocker run -p 25:25 \ -e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \ -e FAIL2BAN=enabled --cap-add NET_ADMIN \ --name postfix -d danilsmirnov/postfix # Note: NET_ADMIN capability must be granted to the container # FAIL2BAN_BANTIME, FAIL2BAN_FINDTIME and FAIL2BAN_MAXRETRY could be set as well
-
Add your custom configuration script
/configure.sh
docker run -p 25:25 \ -e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \ -v /path/to/script:/configure.sh \ --name postfix -d danilsmirnov/postfix
E.g., add an alias to forward mail to:
postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual" echo "mailbox@${MAIL_DOMAIN} [email protected]" > /etc/postfix/virtual postmap /etc/postfix/virtual
- Login credential should be set to (
[email protected]
,password
) in SMTP client - You can assign the port of MTA on the host machine to one other than 25 (postfix how-to)
- Read the reference below to find out how to generate domain keys and add public key to the domain's DNS records