Add option to enable tlsproxy

2025-09-05 22:14:26 +08:00 · 2025-01-27 11:21:42 +01:00 · 2025-01-27 11:21:42 +01:00 · c911d59ba9
commit c911d59ba9
parent 0286619ef2
3 changed files with 16 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -34,6 +34,7 @@ Feel free to pick your favourite distro.
      - [`POSTFIX_message_size_limit`](#postfix_message_size_limit)
      - [Overriding specific postfix settings](#overriding-specific-postfix-settings)
      - [`SKIP_ROOT_SPOOL_CHOWN`](#skip_root_spool_chown)
+      - [`ENABLE_TLSPROXY`](#enable_tlsproxy)
      - [`ANONYMIZE_EMAILS`](#anonymize_emails)
        - [The `default` (`smart`) filter](#the-default-smart-filter)
        - [The `paranoid` filter](#the-paranoid-filter)
@ -384,6 +385,11 @@ want to set this option unless you're running into specific issues (e.g. [#97](h

 If unsure, leave it as is.

+#### `ENABLE_TLSPROXY`
+
+Setting this to `true` will enable the `tlsproxy` in `/etc/postfix/master.cf`. You want to enable this, if you enable
+[`smtp_tls_connection_reuse`](https://www.postfix.org/postconf.5.html#smtp_tls_connection_reuse).
+
 #### `ANONYMIZE_EMAILS`

 Anonymize email in Postfix logs. It mask the email content by putting `*` in the middle of the name and the domain.
--- a/scripts/common-run.sh
+++ b/scripts/common-run.sh
@ -745,6 +745,15 @@ postfix_open_submission_port() {
 	sed -i -r -e 's/^#submission/submission/' /etc/postfix/master.cf
 }

+postfix_enable_tlsproxy() {
+	if [ ! -z "$ENABLE_TLSPROXY" ]; then
+		if [[ "${ENABLE_TLSPROXY}" == "true" ]]; then
+			info "Enabling tlsproxy."
+			sed -i -r -e 's/^#tlsproxy/tlsproxy/' /etc/postfix/master.cf
+		fi
+	fi
+}
+
 execute_post_init_scripts() {
 	if [ -d /docker-init.db/ ]; then
 		notice "Executing any found custom scripts..."
--- a/scripts/run.sh
+++ b/scripts/run.sh
@ -39,6 +39,7 @@ postfix_setup_smtpd_sasl_auth           # Enable sender SASL auth, if defined
 postfix_custom_commands                 # Apply custom postfix settings
 opendkim_custom_commands                # Apply custom OpenDKIM settings
 postfix_open_submission_port            # Enable the submission port
+postfix_enable_tlsproxy                 # Optionally enable tlsproxy
 execute_post_init_scripts               # Execute any scripts found in /docker-init.db/
 unset_sensitive_variables               # Remove environment variables that contains sensitive values (secrets) that are read from conf files