Initial commit

Dockerfile

@@ -0,0 +1,12 @@
+FROM alpine:3.21
+
+RUN apk add --no-cache --update postfix cyrus-sasl ca-certificates bash && \
+    apk add --no-cache --upgrade musl musl-utils && \
+    # Clean up
+    (rm "/tmp/"* 2>/dev/null || true) && (rm -rf /var/cache/apk/* 2>/dev/null || true)
+
+VOLUME [ "/var/spool/postfix", "/etc/postfix" ]
+
+COPY docker-entrypoint.sh /usr/local/bin/
+ENTRYPOINT ["docker-entrypoint.sh"]
+CMD ["postfix", "start-fg"]  # start-fg = start in foreground

docker-entrypoint.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+set -e
+
+# usage: file_env VAR [DEFAULT]
+#    ie: file_env 'XYZ_PASSWORD' 'example'
+# (will allow for "$XYZ_PASSWORD_FILE" to fill in the value of
+#  "$XYZ_PASSWORD" from a file, especially for Docker's secrets feature)
+# copied from mariadb docker entrypoint file
+file_env() {
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+file_env 'POSTFIX_RELAY_PASSWORD'
+
+if [[ -z "$POSTFIX_SENDER_DOMAINS" || -z "$POSTFIX_HOSTNAME" || -z "$POSTFIX_RELAY_HOST" || -z "$POSTFIX_RELAY_USER" || -z "$POSTFIX_RELAY_PASSWORD" ]]; then
+    echo >&2 'error: relay options are not specified '
+    echo >&2 '  You need to specify POSTFIX_SENDER_DOMAINS, POSTFIX_HOSTNAME, POSTFIX_RELAY_HOST, POSTFIX_RELAY_USER and POSTFIX_RELAY_PASSWORD (or POSTFIX_RELAY_PASSWORD_FILE)'
+    exit 1
+fi
+
+# Create postfix folders
+mkdir -p /var/spool/postfix/
+mkdir -p /var/spool/postfix/pid
+
+# Disable SMTPUTF8, because libraries (ICU) are missing in Alpine
+postconf -e "smtputf8_enable=no"
+
+# Log to stdout
+postconf -e "maillog_file=/dev/stdout"
+
+# Update aliases database. It's not used, but postfix complains if the .db file is missing
+postalias /etc/postfix/aliases
+
+# Disable local mail delivery
+postconf -e "mydestination="
+
+# Limit message size to 10MB
+postconf -e "message_size_limit=10240000"
+
+# Reject invalid HELOs
+postconf -e "smtpd_delay_reject=yes"
+postconf -e "smtpd_helo_required=yes"
+postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit"
+
+# Don't allow requests from outside
+postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+
+# Set up hostname
+postconf -e myhostname=$POSTFIX_HOSTNAME
+
+# Do not relay mail from untrusted networks
+postconf -e "relay_domains="
+
+# Relay configuration
+postconf -e relayhost=$POSTFIX_RELAY_HOST
+echo "$POSTFIX_RELAY_HOST $POSTFIX_RELAY_USER:$POSTFIX_RELAY_PASSWORD" >> /etc/postfix/sasl_passwd
+postmap lmdb:/etc/postfix/sasl_passwd
+postconf -e "smtp_sasl_auth_enable=yes"
+postconf -e "smtp_sasl_password_maps=lmdb:/etc/postfix/sasl_passwd"
+postconf -e "smtp_sasl_security_options=noanonymous"
+postconf -e "smtp_sasl_tls_security_options=noanonymous"
+postconf -e "smtp_tls_security_level=encrypt"
+
+# Allowed senders
+for i in $POSTFIX_SENDER_DOMAINS; do
+	echo -e "$i\tOK" >> /etc/postfix/allowed_senders
+done
+postmap lmdb:/etc/postfix/allowed_senders
+postconf -e "smtpd_recipient_restrictions=reject_non_fqdn_recipient, reject_unknown_recipient_domain, check_sender_access lmdb:/etc/postfix/allowed_senders, reject"
+
+# Use 587 (submission)
+sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
+
+echo
+echo 'postfix configured. Ready for start up.'
+echo
+
+exec "$@"

runcmt.txt

@@ -0,0 +1 @@
+docker run -d --rm --name postfix -p 127.0.0.1:25:25 -e POSTFIX_SENDER_DOMAINS=akpain.net -e POSTFIX_HOSTNAME=akp-ThinkPad-E14 -e POSTFIX_RELAY_HOST=smtp.fastmail.com:587 -e POSTFIX_RELAY_USER=abi@akpain.net -e POSTFIX_RELAY_PASSWORD=8l4n2b495g222v8f postfix