NEW FEATURE: A new feature has been added -- it's now posible to specify a RELAY

hosts's username and password, if your remote host requires
authentication.

NEW FEATURE: The possibility to execute third party scripts. This should
make extending this image easier.

REFACTORING: Dockerfile now starts with run.sh instead of suprevisor.
This makes it much easier to see any errors that might creep into the
code. Also note that the script now relies on POSIX-compliant commands
only so the executor has been changed from /bin/bash to /bin/sh.

Dockerfile

@@ -1,14 +1,7 @@
 FROM alpine:edge
-MAINTAINER Bojan Cekrlic
+MAINTAINER Bojan Cekrlic - https://github.com/bokysan/docker-postfix/
 
-# You can set this variables when running the image to override the host name or
+# See README.md for details
-# foward the messages to another server
-# ENV	HOSTNAME
-# Hostname that will be used in the outgoing mail
-# ENV	RELAYHOST
-# The relay host for this server
-# ENV	ALLOWED_SENDER_DOMAINS
-# Limit the list of sending domains to this list only
 
 RUN	true && \
 	apk add --no-cache --update postfix ca-certificates supervisor rsyslog bash && \
@@ -17,8 +10,8 @@ RUN	true && \
 
 COPY	supervisord.conf /etc/supervisord.conf
 COPY	rsyslog.conf /etc/rsyslog.conf
-COPY	postfix.sh /postfix.sh
+COPY	run.sh /run.sh
-RUN	chmod +x /postfix.sh
+RUN	chmod +x /run.sh
 
 VOLUME	[ "/var/spool/postfix", "/etc/postfix" ]
 
@@ -26,4 +19,5 @@ USER	root
 WORKDIR	/tmp
 
 EXPOSE 587
-ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+#ENTRYPOINT ["/usr/bin/supervisord", "-c", "/etc/supervisord.conf"]
+ENTRYPOINT ["/run.sh"]

README.md

@@ -33,6 +33,8 @@ The following configuration options are available:
 ENV vars
 $HOSTNAME = Postfix myhostname
 $RELAYHOST = Host that relays your msgs
+$RELAYHOST_USERNAME = An (optional) username for the relay server
+$RELAYHOST_PASSWORD = An (optional) login password for the relay server
 $MYNETWORKS = allow domains from per Network ( default 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 )
 $ALLOWED_SENDER_DOMAINS = domains sender domains
 ```
@@ -46,7 +48,7 @@ I suggest you set this variable, e.g.:
 docker run --rm --name postfix -e HOSTNAME=postfix-docker -p 1587:587 boky/postfix
 ```
 
-### `RELAYHOST`
+### `RELAYHOST`, `RELAYHOST_USERNAME` and `RELAYHOST_PASSWORD`
 
 Postfix will try to deliver emails directly to the target server. If you are behind a firewall, or inside a corporation
 you will most likely have a dedicated outgoing mail server. By setting this option, you will instruct postfix to relay
@@ -56,6 +58,22 @@ Example:
 ```
 docker run --rm --name postfix -e RELAYHOST=192.168.115.215 -p 1587:587 boky/postfix
 ```
+
+You may optionally specifiy a rely port, e.g.:
+```
+docker run --rm --name postfix -e RELAYHOST=192.168.115.215:587 -p 1587:587 boky/postfix
+```
+
+Or an IPv6 address, e.g.:
+```
+docker run --rm --name postfix -e 'RELAYHOST=[2001:db8::1]:587' -p 1587:587 boky/postfix
+```
+
+If your end server requires you to authenticate with username/password, add them also:
+```
+docker run --rm --name postfix -e RELAYHOST=mail.google.com -e RELAYHOST_USERNAME=hello@gmail.com -e RELAYHOST_PASSWORD=world -p 1587:587 boky/postfix
+```
+
 ### `MYNETWORKS`
 
 This implementation is meant for private installations -- so that when you configure your services using _docker compose_
@@ -79,3 +97,18 @@ Example:
 ```
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix
 ```
+
+## Extending the image
+
+If you need to add custom configuration to postfix or have it do something outside of the scope of this configuration, simply
+add your scripts to `/docker-init.db/`. All files with the `.sh` extension will be executed automatically at the end of the
+startup script.
+
+E.g.: create a custom `Dockerfile` like this:
+```
+FROM boky/postfix
+MAINTAINER Some Randombloke "randombloke@example.com"
+ADD Dockerfiles/additiona-config.sh /docker-init.db/
+```
+
+Build it with docker and your script will be automatically executed before Postfix starts.

run.sh

@@ -1,4 +1,13 @@
-#!/bin/bash
+#!/bin/sh
+
+echo "******************************"
+echo "**** POSTFIX STARTING UP *****"
+echo "******************************"
+
+# Make and reown postfix folders
+mkdir -p /var/spool/postfix/ && mkdir -p /var/spool/postfix/pid
+chown root: /var/spool/postfix/
+chown root: /var/spool/postfix/pid
 
 # Disable SMTPUTF8, because libraries (ICU) are missing in alpine
 postconf -e smtputf8_enable=no
@@ -11,23 +20,43 @@ postconf -e mydestination=
 # Don't relay for any domains
 postconf -e relay_domains=
 
+# As this is a server-based service, allow any message size -- we hope the server knows
+# what it is doing
+postconf -e "message_size_limit=0"
+
 # Reject invalid HELOs
 postconf -e smtpd_delay_reject=yes
 postconf -e smtpd_helo_required=yes
 postconf -e "smtpd_helo_restrictions=permit_mynetworks,reject_invalid_helo_hostname,permit"
 
 # Set up host name
-if [[ ! -z "$HOSTNAME" ]]; then
+if [ ! -z "$HOSTNAME" ]; then
-	postconf -e myhostname=$HOSTNAME
+	postconf -e myhostname="$HOSTNAME"
 else
 	postconf -# myhostname
 fi
 
 # Set up a relay host, if needed
-if [[ ! -z "$RELAYHOST" ]]; then
+if [ ! -z "$RELAYHOST" ]; then
+	echo -n "- Forwarding all emails to $RELAYHOST"
 	postconf -e relayhost=$RELAYHOST
+
+	if [ -n "$RELAYHOST_USERNAME" ] && [ -n "$RELAYHOST_PASSWORD" ]; then
+		echo " using username $RELAYHOST_USERNAME."
+		echo "$RELAYHOST $RELAYHOST_USERNAME:$RELAYHOST_PASSWORD" >> /etc/postfix/sasl_passwd
+		postmap hash:/etc/postfix/sasl_passwd
+		postconf -e "smtp_sasl_auth_enable=yes"
+		postconf -e "smtp_sasl_password_maps=hash:/etc/postfix/sasl_passwd"
+		postconf -e "smtp_sasl_security_options=noanonymous"
+	else
+		echo " without any authentication. Make sure your server is configured to accept emails coming from this IP."
+	fi
 else
+	echo "- Will try to deliver emails directly to the final server. Make sure your DNS is setup properly!"
 	postconf -# relayhost
+	postconf -# smtp_sasl_auth_enable
+	postconf -# smtp_sasl_password_maps
+	postconf -# smtp_sasl_security_options
 fi
 
 # Set up my networks to list only networks in the local loopback range
@@ -42,22 +71,23 @@ fi
 #postmap $network_table
 #postconf -e mynetworks=hash:$network_table
 
-if [[ ! -z "$MYNETWORKS" ]]; then
+if [ ! -z "$MYNETWORKS" ]; then
-        postconf -e mynetworks=$MYNETWORKS
+	postconf -e mynetworks=$MYNETWORKS
 else
-        postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+	postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
 fi
 
 # Split with space
-if [[ ! -z "$ALLOWED_SENDER_DOMAINS" ]]; then
+if [ ! -z "$ALLOWED_SENDER_DOMAINS" ]; then
-	echo "Setting up allowed SENDER domains:"
+	echo -n "- Setting up allowed SENDER domains:"
 	allowed_senders=/etc/postfix/allowed_senders
 	rm -f $allowed_senders $allowed_senders.db > /dev/null
 	touch $allowed_senders
 	for i in $ALLOWED_SENDER_DOMAINS; do
-		echo -e "\t$i"
+		echo -n " $i"
 		echo -e "$i\tOK" >> $allowed_senders
 	done
+	echo
 	postmap $allowed_senders
 
 	postconf -e "smtpd_restriction_classes=allowed_domains_only"
@@ -71,4 +101,15 @@ fi
 # Use 587 (submission)
 sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
 
-/usr/sbin/postfix -c /etc/postfix start
+if [ -d /docker-init.db/ ]; then
+	echo "- Executing any found custom scripts..."
+	for f in /docker-init.db/*; do
+		case "$f" in
+			*.sh)     chmod +x "$f"; echo -e"\trunning $f"; . "$f" ;;
+			*)        echo "$0: ignoring $f" ;;
+		esac
+	done
+fi
+
+echo "- Staring rsyslog and postfix"
+exec supervisord -c /etc/supervisord.conf

supervisord.conf

@@ -1,4 +1,5 @@
 [supervisord]
+user            = root
 nodaemon        = true
 logfile         = /dev/null
 logfile_maxbytes= 0
@@ -19,5 +20,5 @@ process_name    = master
 autostart       = true
 autorestart     = false
 directory       = /etc/postfix
-command         = /postfix.sh
+command         = /usr/sbin/postfix -c /etc/postfix start
 startsecs       = 0