Updated documentation

2024-09-20 06:46:10 +08:00 · 2020-10-24 18:24:19 +02:00 · 2020-10-24 18:24:19 +02:00 · 6b62ad360e
parent 51173d36e0
commit 6b62ad360e
3 changed files with 251 additions and 109 deletions
--- a/GApps-SMTP-config.png
+++ b/GApps-SMTP-config.png
--- a/README.md
+++ b/README.md
@ -2,19 +2,58 @@
 Simple postfix relay host ("postfix null client") for your Docker containers. Based on Alpine Linux.
 ## Table of contents
  * [Table of contents](#table-of-contents)
  * [Description](#description)
  * [TL;DR](#tldr)
  * [Configuration options](#configuration-options)
     * [General options](#general-options)
        * [Inbound debugging](#inbound-debugging)
        * [ALLOWED_SENDER_DOMAINS and ALLOW_EMPTY_SENDER_DOMAINS](#allowed_sender_domains-and-allow_empty_sender_domains)
        * [Log format](#log-format)
     * [Postfix-specific options](#postfix-specific-options)
        * [RELAYHOST, RELAYHOST_USERNAME and RELAYHOST_PASSWORD](#relayhost-relayhost_username-and-relayhost_password)
        * [RELAYHOST_TLS_LEVEL](#relayhost_tls_level)
        * [MASQUERADED_DOMAINS](#masqueraded_domains)
        * [SMTP_HEADER_CHECKS](#smtp_header_checks)
        * [POSTFIX_hostname](#postfix_hostname)
        * [POSTFIX_mynetworks](#postfix_mynetworks)
        * [POSTFIX_message_size_limit](#postfix_message_size_limit)
        * [Overriding specific postfix settings](#overriding-specific-postfix-settings)
     * [DKIM / DomainKeys](#dkim--domainkeys)
        * [Supplying your own DKIM keys](#supplying-your-own-dkim-keys)
        * [Auto-generating the DKIM selectors through the image](#auto-generating-the-dkim-selectors-through-the-image)
        * [Changing the DKIM selector](#changing-the-dkim-selector)
        * [Overriding specific OpenDKIM settings](#overriding-specific-opendkim-settings)
        * [Verifying your DKIM setup](#verifying-your-dkim-setup)
  * [Extending the image](#extending-the-image)
     * [Using custom init scripts](#using-custom-init-scripts)
  * [Security](#security)
  * [Quick how-tos](#quick-how-tos)
     * [Relaying messages through your Gmail account](#relaying-messages-through-your-gmail-account)
     * [Relaying messages through Google Apps account](#relaying-messages-through-google-apps-account)
     * [Sending messages directly](#sending-messages-directly)
  * [Similar projects](#similar-projects)
  * [License check](#license-check)
 ## Description
-This image allows you to run POSTFIX internally inside your docker cloud/swarm installation to centralise outgoing email sending. The embedded postfix enables you to either _send messages directly_ or _relay them to your company's main server_.
+This image allows you to run POSTFIX internally inside your docker cloud/swarm installation to centralise outgoing email
 sending. The embedded postfix enables you to either _send messages directly_ or _relay them to your company's main
 server_.
-This is a _server side_ POSTFIX image, geared towards emails that need to be sent from your applications. That's why this postfix configuration does not support username / password login or similar client-side security features.
+This is a _server side_ POSTFIX image, geared towards emails that need to be sent from your applications. That's why
 this postfix configuration does not support username / password login or similar client-side security features.
-**IF YOU WANT TO SET UP AND MANAGE A POSTFIX INSTALLATION FOR END USERS, THIS IMAGE IS NOT FOR YOU.** If you need it to manage your application's outgoing queue, read on.
+**IF YOU WANT TO SET UP AND MANAGE A POSTFIX INSTALLATION FOR END USERS, THIS IMAGE IS NOT FOR YOU.** If you need it to
 manage your application's outgoing queue, read on.
 ## TL;DR
 To run the container, do the following:
-```sh
+```shell script
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com" -p 1587:587 boky/postfix
 ```
@ -49,6 +88,35 @@ The following configuration options are available
 - `ALLOW_EMPTY_SENDER_DOMAINS` = if value is set (i.e: `true`), `ALLOWED_SENDER_DOMAINS` can be unset
 - `LOG_FORMAT` = Set your log format (JSON or plain)
 #### Inbound debugging
 Enable additional debugging for any connection coming from `POSTFIX_mynetworks`. Set to a non-empty string (usually `1`
 or  `yes`) to enable debugging.
 #### `ALLOWED_SENDER_DOMAINS` and `ALLOW_EMPTY_SENDER_DOMAINS`
 Due to in-built spam protection in [Postfix](http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions) you will
 need to specify sender domains -- the domains you are using to send your emails from, otherwise Postfix will refuse to
 start.
 Example:
 ```shell script
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix
 ```
 If you want to set the restrictions on the recipient and not on the sender (anyone can send mails but just to a single domain for instance),
 set `ALLOW_EMPTY_SENDER_DOMAINS` to a non-empty value (e.g. `true`) and `ALLOWED_SENDER_DOMAINS` to an empty string. Then extend this image through custom scripts to configure Postfix further.
 #### Log format
 The image will by default output logs in human-readable (`plain`) format. If you are deploying the image to Kubernetes,
 it might be worth chaging the output format to `json` as it's more easily parsable by tools such as
 [Prometheus](https://prometheus.io/).
 To change the log format, set the (unsurprisingly named) variable `LOG_FORMAT=json`.
 ### Postfix-specific options
 - `RELAYHOST` = Host that relays your messages
@ -59,9 +127,12 @@ The following configuration options are available
 - `POSTFIX_mynetworks` = Allow sending mails only from specific networks ( default `127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` )
 - `POSTFIX_myhostname` = Set the name of this postfix server
 - `MASQUERADED_DOMAINS` = domains where you want to masquerade internal hosts
 - `POSTFIX_<any_postfix_setting>` = provide any additional postfix setting
 - `SMTP_HEADER_CHECKS`= Set to `1` to enable header checks of to a location
   of the file for header checks
 - `POSTFIX_hostname` = Set tha name of this postfix server
 - `POSTFIX_mynetworks` = Allow sending mails only from specific networks ( default `127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16` )
 - `POSTFIX_message_size_limit` = The maximum size of the messsage, in bytes, by default it's unlimited
 - `POSTFIX_<any_postfix_setting>` = provide any additional postfix setting
 ### DKIM-specific options
@ -89,112 +160,126 @@ you will most likely have a dedicated outgoing mail server. By setting this opti
 Example:
-```sh
+```shell script
 docker run --rm --name postfix -e RELAYHOST=192.168.115.215 -p 1587:587 boky/postfix
 ```
 You may optionally specifiy a relay port, e.g.:
-```sh
+```shell script
 docker run --rm --name postfix -e RELAYHOST=192.168.115.215:587 -p 1587:587 boky/postfix
 ```
 Or an IPv6 address, e.g.:
-```sh
+```shell script
 docker run --rm --name postfix -e 'RELAYHOST=[2001:db8::1]:587' -p 1587:587 boky/postfix
 ```
 If your end server requires you to authenticate with username/password, add them also:
-```sh
+```shell script
 docker run --rm --name postfix -e RELAYHOST=mail.google.com -e RELAYHOST_USERNAME=hello@gmail.com -e RELAYHOST_PASSWORD=world -p 1587:587 boky/postfix
 ```
-### `RELAYHOST_TLS_LEVEL`
+#### `RELAYHOST_TLS_LEVEL`
 Define relay host TLS connection level. See [smtp_tls_security_level](http://www.postfix.org/postconf.5.html#smtp_tls_security_level) for details. By default, the permissive level ("may") is used, which basically means "use TLS if available" and should be a sane default in most cases.
 This level defines how the postfix will connect to your upstream server.
-### `POSTFIX_message_size_limit`
+#### `MASQUERADED_DOMAINS`
-Define the maximum size of the message, in bytes.
+If you don't want outbound mails to expose hostnames, you can use this variable to enable Postfix's
-See more in [Postfix documentation](http://www.postfix.org/postconf.5.html#message_size_limit).
+[address masquerading](http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade). This can be used to do things
 like rewrite `lorem@ipsum.example.com` to `lorem@example.com`.
-By default, this limit is set to 0 (zero), which means unlimited. Why would you want to set this? Well, this is especially useful in relation
+Example:
 with `RELAYHOST` setting. If your relay host has a message limit (and usually it does), set it also here. This will help you "fail fast" --
 your message will be rejected at the time of sending instead having it stuck in the outbound queue indefenetly.
-### `POSTFIX_mynetworks`
+```shell script
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -e "MASQUERADED_DOMAINS=example.com" -p 1587:587 boky/postfix
 ```
 #### `SMTP_HEADER_CHECKS`
 This image allows you to execute Postfix [header checks](http://www.postfix.org/header_checks.5.html). Header checks
 allow you to execute a certain action when a certain MIME header is found. For example, header checks can be used
 prevent attaching executable files to emails.
 Header checks work by comparing each message header line to a pre-configured list of patterns. When a match is found the
 corresponding action is executed. The default patterns that come with this image can be found in the `smtp_header_checks`
 file. Feel free to override this file in any derived images or, alternately, provide your own in another directory.
 Set `SMTP_HEADER_CHECKS` to type and location of the file to enable this feature. The sample file is uploaded into
 `/etc/postfix/smtp_header_checks` in the image. As a convenience, setting `SMTP_HEADER_CHECKS=1` will set this to
 `regexp:/etc/postfix/smtp_header_checks`.
 Example:
 ```shell script
 docker run --rm --name postfix -e "SMTP_HEADER_CHECKS="regexp:/etc/postfix/smtp_header_checks" -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix
 ```
 #### `POSTFIX_hostname`
 You may configure a specific hostname that the SMTP server will use to identify itself. If you don't do it,
 the default Docker host name will be used. A lot of times, this will be just the container id (e.g. `f73792d540a5`)
 which may make it difficult to track your emails in the log files. If you care about tracking at all,
 I suggest you set this variable, e.g.:
 ```shell script
 docker run --rm --name postfix -e "POSTFIX_hostname=postfix-docker" -p 1587:587 boky/postfix
 ```
 #### `POSTFIX_mynetworks`
 This implementation is meant for private installations -- so that when you configure your services using _docker compose_
 you can just plug it in. Precisely because of this reason and the prevent any issues with this postfix being inadvertently
 exposed on the internet and then used for sending spam, the *default networks are reserved for private IPv4 IPs only*.
-Most likely you won't need to change this. However, if you need to support IPv6 or strenghten the access further, you can
+Most likely you won't need to change this. However, if you need to support IPv6 or strenghten the access further, you
-override this setting.
+can override this setting.
 Example:
-```sh
+```shell script
-docker run --rm --name postfix -e "MYNETWORKS=10.1.2.0/24" -p 1587:587 boky/postfix
+docker run --rm --name postfix -e "POSTFIX_mynetworks=10.1.2.0/24" -p 1587:587 boky/postfix
 ```
-### `ALLOWED_SENDER_DOMAINS`
+#### `POSTFIX_message_size_limit`
-Due to in-built spam protection in [Postfix](http://www.postfix.org/postconf.5.html#smtpd_relay_restrictions) you will need to specify
+Define the maximum size of the message, in bytes.
-sender domains -- the domains you are using to send your emails from, otherwise Postfix will refuse to start.
+See more in [Postfix documentation](http://www.postfix.org/postconf.5.html#message_size_limit).
-Example:
+By default, this limit is set to 0 (zero), which means unlimited. Why would you want to set this? Well, this is
 especially useful in relation with `RELAYHOST` setting. If your relay host has a message limit (and usually it does),
 set it also here. This will help you "fail fast" -- your message will be rejected at the time of sending instead having
 it stuck in the outbound queue indefinitely.
-```sh
+#### Overriding specific postfix settings
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix
 ```
-If you want to set the restrictions on the recipient and not on the sender (anyone can send mails but just to a single domain for instance), set `ALLOW_EMPTY_SENDER_DOMAINS` to a non-empty value (e.g. `true`) and `ALLOWED_SENDER_DOMAINS` to an empty string. Then extend this image through custom scripts to configure Postfix further.
+Any Postfix [configuration option](http://www.postfix.org/postconf.5.html) can be overriden using `POSTFIX_<name>`
 environment variables, e.g. `POSTFIX_allow_mail_to_commands=alias,forward,include`. Specifying no content (empty
 variable) will remove that variable from postfix config.
-### `INBOUND_DEBUGGING`
+### DKIM / DomainKeys
-Enable additional debugging for any connection comming from `MYNETWORKS`. Set to a non-empty string (usually "1" or "yes") to
+**This image is equipped with support for DKIM.** If you want to use DKIM you will need to generate DKIM keys. These can
-enable debugging.
+be either generated automatically, or you can supply them yourself.
-### `MASQUERADED_DOMAINS`
+The DKIM supports the following options:
-If you don't want outbound mails to expose hostnames, you can use this variable to enable Postfix's [address masquerading](http://www.postfix.org/ADDRESS_REWRITING_README.html#masquerade). This can be used to do things like rewrite `lorem@ipsum.example.com` to `lorem@example.com`.
+- `DKIM_SELECTOR` = Override the default DKIM selector (by default "mail").
 - `DKIM_AUTOGENERATE` = Set to non-empty value (e.g. `true` or `1`) to have
  the server auto-generate domain keys.
 - `OPENDKIM_<any_dkim_setting>` = Provide any additional OpenDKIM setting.
-Example:
+#### Supplying your own DKIM keys
-```sh
+If you want to use your own DKIM keys, you'll need to create a folder for every domain you want to send through. You
-docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -e "MASQUERADED_DOMAINS=example.com" -p 1587:587 boky/postfix
+will need to generate they key(s) with the `opendkim-genkey` command, e.g.
 ```
-### `SMTP_HEADER_CHECKS`
+```shell script
 This image allows you to execute Postfix [header checks](http://www.postfix.org/header_checks.5.html). Header checks allow you to execute a certain
 action when a certain MIME header is found. For example, header checks can be used prevent attaching executable files to emails.
 Header checks work by comparing each message header line to a pre-configured list of patterns. When a match is found the corresponding action is
 executed. The default patterns that come with this image can be found in the `smtp_header_checks` file. Feel free to override this file in any derived
 images or, alternately, provide your own in another directory.
 Set `SMTP_HEADER_CHECKS` to type and location of the file to enable this feature. The sample file is uploaded into `/etc/postfix/smtp_header_checks`
 in the image. As a convenience, setting `SMTP_HEADER_CHECKS=1` will set this to `regexp:/etc/postfix/smtp_header_checks`.
 Example:
 ```sh
 docker run --rm --name postfix -e "SMTP_HEADER_CHECKS="regexp:/etc/postfix/smtp_header_checks" -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -p 1587:587 boky/postfix
 ```
 ## DKIM / DomainKeys
 ### Supplying your own DKIM keys
 **This image is equiped with support for DKIM.** If you want to use DKIM you will need to generate DKIM keys yourself.
 You'll need to create a  folder for every domain you want to send through Postfix and generate they key(s) with the following command, e.g.
 ```sh
 mkdir -p /host/keys; cd /host/keys
 for DOMAIN in example.com example.org; do
@ -211,30 +296,30 @@ done
 `opendkim-genkey` is usually in your favourite distribution provided by installing `opendkim-tools` or `opendkim-utils`.
-Add the created `<domain>.txt` files to your DNS records. Afterwards, just mount `/etc/opendkim/keys` into your image and DKIM
+Add the created `<domain>.txt` files to your DNS records. Afterwards, just mount `/etc/opendkim/keys` into your image
-will be used automatically, e.g.:
+and DKIM will be used automatically, e.g.:
-```sh
+```shell script
 docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com example.org" -v /host/keys:/etc/opendkim/keys -p 1587:587 boky/postfix
 ```
-### Auto-generating the DKIM selectors with
+#### Auto-generating the DKIM selectors through the image
-If you set the environment variable `DKIM_AUTOGENERATE` to a non-empty value
+If you set the environment variable `DKIM_AUTOGENERATE` to a non-empty value (e.g. `true` or `1`) the image will
-(e.g. `true` or `1`) the image will automatically generate the keys.
+automatically generate the keys.
-**Be careful when using this option**. If you don't bind `/etc/opendkim/keys`
+**Be careful when using this option**. If you don't bind `/etc/opendkim/keys` to a persistent volume, you will get new
-to a persistent volume, you will get new keys every single time. You will need
+keys every single time. You will need to take the generated public part of the key (the one in the `.txt` file) and
 to take the generated public part of the key (the one in the `.txt` file) and
 copy it over to your DNS server manually.
-### Changing the DKIM selector
+#### Changing the DKIM selector
 `mail` is the *default DKIM selector* and should be sufficient for most usages. If you wish to override the selector,
-set the environment variable `DKIM_SELECTOR`, e.g. `... -e DKIM_SELECTOR=postfix`. Note that the same DKIM selector will be
+set the environment variable `DKIM_SELECTOR`, e.g. `... -e DKIM_SELECTOR=postfix`. Note that the same DKIM selector will
-applied to all found domains. To override a selector for a specific domain use the syntax `[<domain>=<selector>,...]`, e.g.:
+be applied to all found domains. To override a selector for a specific domain use the syntax
 `[<domain>=<selector>,...]`, e.g.:
-```sh
+```shell script
 DKIM_SELECTOR=foo,example.org=postfix,example.com=blah
 ```
@ -244,60 +329,112 @@ This means:
 - use `blah` for `example.com` domain
 - use `foo` if no domain matches
-### Verifying your setup
+#### Overriding specific OpenDKIM settings
-I strongly suggest using a service such as [dkimvalidator](https://dkimvalidator.com/) to make sure your keys are set up properly
+Any OpenDKIM [configuration option](http://opendkim.org/opendkim.conf.5.html) can be overriden using `OPENDKIM_<name>`
-and your DNS server is serving them with the correct records.
+environment variables, e.g. `OPENDKIM_RequireSafeKeys=yes`. Specifying no content (empty variable) will remove that
 variable from OpenDKIM config.
 #### Verifying your DKIM setup
 I strongly suggest using a service such as [dkimvalidator](https://dkimvalidator.com/) to make sure your keys are set up
 properly and your DNS server is serving them with the correct records.
 ## Extending the image
 ### Using custom init scripts
-If you need to add custom configuration to postfix or have it do something outside of the scope of this configuration, simply
+If you need to add custom configuration to postfix or have it do something outside of the scope of this configuration,
-add your scripts to `/docker-init.db/`: All files with the `.sh` extension will be executed automatically at the end of the
+simply add your scripts to `/docker-init.db/`: All files with the `.sh` extension will be executed automatically at the
-startup script.
+end of the startup script.
 E.g.: create a custom `Dockerfile` like this:
-```sh
+```shell script
 FROM boky/postfix
 LABEL maintainer="Jack Sparrow <jack.sparrow@theblackpearl.example.com>"
 ADD Dockerfiles/additional-config.sh /docker-init.db/
 ```
-Build it with docker and your script will be automatically executed before Postfix starts.
+Build it with docker, and your script will be automatically executed before Postfix starts.
-Or -- alternately -- bind this folder in your docker config and put your scripts there. Useful if you need to add additional config
+Or -- alternately -- bind this folder in your docker config and put your scripts there. Useful if you need to add a
-to your postfix server or override configs created by the script.
+config to your postfix server or override configs created by the script.
 For example, your script could contain something like this:
-```sh
+```shell script
 #!/bin/sh
 postconf -e "address_verify_negative_cache=yes"
 ```
 ### Overriding specific postfix settings
 Any Postfix [configuration option](http://www.postfix.org/postconf.5.html) can be overriden using `POSTFIX_<name>` environment variables, e.g.
 `POSTFIX_allow_mail_to_commands=alias,forward,include`. Specifying no content (empty variable) will remove that variable from postfix config.
 ### Overriding specific OpenDKIM settings
 Any OpenDKIM [configuration option](http://opendkim.org/opendkim.conf.5.html) can be overriden using `OPENDKIM_<name>` environment variables, e.g.
 `OPENDKIM_RequireSafeKeys=yes`. Specifying no content (empty variable) will remove that variable from OpenDKIM config.
 ## Log format
 The image will by default output logs in human-readable (`plain`) format. If you are deploying the image to Kubernetes, it might be worth chaging
 the output format to `json` as it's more easily parsable by tools such as [Prometheus](https://prometheus.io/).
 To change the log format, set the (unsuprisingly named) variable `LOG_FORMAT=json`.
 ## Security
-Postfix will run the master proces as `root`, because that's how it's designed. Subprocesses will run under the `postfix` account
+Postfix will run the master proces as `root`, because that's how it's designed. Subprocesses will run under the `postfix`
-which will use `UID:GID` of `100:101`. `opendkim` will run under account `102:103`.
+account which will use `UID:GID` of `100:101`. `opendkim` will run under account `102:103`.
 ## Quick how-tos
 ### Relaying messages through your Gmail account
 Please note that Gmail does not support using your password with non-OAuth2 clients, which -- technically -- postfix is.
 You will need to enable [Less secure apps](https://support.google.com/accounts/answer/6010255?hl=en) in your account
 and assign an "app password". You'll also need to use (only) your email as the sender address.
 Your configuration would be as follows:
 ```shell script
 RELAYHOST=smtp.gmail.com:587
 RELAYHOST_USERNAME=you@gmail.com
 RELAYHOST_PASSWORD=your-gmail-app-password
 ALLOWED_SENDER_DOMAINS=gmail.com
 ```
 There's no need to configure DKIM or SPF, as Gmail will add these headers automatically.
 ### Relaying messages through Google Apps account
 Google Apps allows third-party services to use Google's SMTP servers without much hassle. If you have a static IP, you
 can configure Gmail to accept your messages. You can then send email *from any address within your domain*.
 You need to enable the [SMTP relay service](https://support.google.com/a/answer/2956491?hl=en):
 - Go to Google [Admin /Apps / G Suite / Gmail /Advanced settings](https://admin.google.com/AdminHome?hl=en_GB#ServiceSettings/service=email&subtab=filters).
 - Find the **Routing / SMTP relay service**
 - Click **Add another** button that pops up when you hover over the line
 - Enter the name and your server's external IP as shown in the picture below:
    - **Allowed senders:** Only registered Apps users in my domains
    - Select **Only accept mail from specified IP Addresses**
    - Click **Add IP RANGE** and add your external IP
    - Make sure **Require SMTP Authentication** is **NOT** selected
    - You *may* select **Require TLS encryption**
 ![Add setting SMTP relay service](GApps-SMTP-config.png)
 Your configuration would be as follows:
 ```shell script
 RELAYHOST=smtp-relay.gmail.com:587
 ALLOWED_SENDER_DOMAINS=<your-domain>
 ```
 There's no need to configure DKIM or SPF, as Gmail will add these headers automatically.
 ### Sending messages directly
 If you're sending messages directly, you'll need to:
 - need to have a fixed IP address;
 - configure a reverse PTR record;
 - configure SPF and/or DKIM as explained in this document;
 - it's also highly advisable to have your own IP block.
 Your configuration would be as follows:
 ```shell script
 ALLOWED_SENDER_DOMAINS=<your-domain>
 ```
 ## Similar projects
@ -314,6 +451,6 @@ The other projects are, in completely random order:
 - [juanluisbaptiste/docker-postfix](https://github.com/juanluisbaptiste/docker-postfix)
 - [docker-mail-relay](https://github.com/alterrebe/docker-mail-relay)
 ## License check
 ## License
 [![FOSSA Status](https://app.fossa.com/api/projects/git%2Bgithub.com%2Fbokysan%2Fdocker-postfix.svg?type=large)](https://app.fossa.com/projects/git%2Bgithub.com%2Fbokysan%2Fdocker-postfix?ref=badge_large)
--- a/sample/docker-compose/sample.env
+++ b/sample/docker-compose/sample.env
@ -2,6 +2,11 @@ TZ=Europe/Amsterdam
 POSTFIX_myhostname=smtp-relay
 RELAYHOST=smtp.gmail.com:587
 RELAYHOST_USERNAME=you@gmail.com
-RELAYHOST_PASSWORD=yourgmailapppassword
+# Attention Gmail users:
 # Please note that Gmail does not support using your password with non-OAuth2 clients, which -- technically --
 # postfix is. You will need to enable "Less secure apps" in your account and assign an "app password" if you
 # want this to work.
 # More info: https://support.google.com/accounts/answer/6010255?hl=en
 RELAYHOST_PASSWORD=your-gmail-app-password
 POSTFIX_message_size_limit=26214400
 ALLOWED_SENDER_DOMAINS=example.org