Skip to content

Postfix Docker image with SMTP authentication, TLS and OpenDKIM support

License

Notifications You must be signed in to change notification settings

danil-smirnov/docker-postfix

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

docker-postfix

Run postfix with SMTP authentication (sasldb) in a Docker container.
TLS and OpenDKIM support is optional. Fail2ban can be enabled.

Installation

  1. Pull image

    docker pull danilsmirnov/postfix

Usage

  1. Create postfix container with smtp authentication

    docker run -p 25:25 \
    	-e MAIL_DOMAIN=example.com -e SMTP_USER=user:pwd \
    	--name postfix -d danilsmirnov/postfix
    # Set multiple user credentials: -e SMTP_USER=user1:pwd1,user2:pwd2,...,userN:pwdN
  2. Set mail host defferent from mail domain

    docker run -p 25:25 \
    	-e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \
    	--name postfix -d danilsmirnov/postfix
  3. Enable OpenDKIM: save your domain key mail.private in /path/to/domainkeys

    docker run -p 25:25 \
    	-e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \
    	-v /path/to/domainkeys:/etc/opendkim/domainkeys \
    	--name postfix -d danilsmirnov/postfix
    # Set DKIM_SELECTOR variable if not okay with default "mail" selector

    To sign more domains add their key file(s) named $DKIM_SELECTOR._domainkey.$DOMAIN.private, e.g.:

    mail._domainkey.subdomain.example.com.private
    mail._domainkey.*.example.com.private

    (Wildcard subdomain refers to its parent domain's DNS record.)

  4. Enable TLS(587): save your SSL certificates mail.example.com.key and mail.example.com.crt to /path/to/certs

    docker run -p 587:587 \
    	-e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \
    	-v /path/to/certs:/etc/postfix/certs \
    	--name postfix -d danilsmirnov/postfix
  5. Enable Fail2ban with postfix-sasl jail to ban brute-force attackers

    docker run -p 25:25 \
    	-e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \
    	-e FAIL2BAN=enabled --cap-add NET_ADMIN \
    	--name postfix -d danilsmirnov/postfix
    # Note: NET_ADMIN capability must be granted to the container
    # FAIL2BAN_BANTIME, FAIL2BAN_FINDTIME and FAIL2BAN_MAXRETRY could be set as well
  6. Add your custom configuration script /configure.sh

    docker run -p 25:25 \
    	-e MAIL_DOMAIN=example.com -e MAIL_HOST=mail.example.com -e SMTP_USER=user:pwd \
    	-v /path/to/script:/configure.sh \
    	--name postfix -d danilsmirnov/postfix

    E.g., add an alias to forward mail to:

    postconf -e "virtual_alias_maps = hash:/etc/postfix/virtual"
    echo "mailbox@${MAIL_DOMAIN} [email protected]" > /etc/postfix/virtual
    postmap /etc/postfix/virtual

Note

  • Login credential should be set to ([email protected], password) in SMTP client
  • You can assign the port of MTA on the host machine to one other than 25 (postfix how-to)
  • Read the reference below to find out how to generate domain keys and add public key to the domain's DNS records

Reference

Credits

About

Postfix Docker image with SMTP authentication, TLS and OpenDKIM support

Resources

License

Stars

Watchers

Forks

Packages