Skip to content

niallbyrne-ca/smtp

Repository files navigation

SMTP Docker Container

cicd-tools

Branch: Build:
main smtp-github-workflow-push
dev smtp-github-workflow-push

Wraps cisagov/postfix-docker in automation for generating Let's Encrypt SSL certificates and dkim DNS records.

On DockerHub:

Usage Examples

docker pull docker.io/niallbyrne/smtp-aws
docker run \
  -v $(pwd)/certs:/etc/letsencrypt \
  -v $(pwd)/aws.env:/mnt/aws.env \
  -e ENV_FILE=/mnt/aws.env \
  -p 587:587 \
  docker.io/niallbyrne/smtp-aws

or

docker pull docker.io/niallbyrne/smtp-cloudflare
docker run \
  -v $(pwd)/certs:/etc/letsencrypt \
  -v $(pwd)/cloudflare.env:/mnt/cloudflare.env \
  -e ENV_FILE=/mnt/cloudflare.env \
  -p 587:587 \
  docker.io/niallbyrne/smtp-cloudflare

Build Arguments

Name Value Default
PROVIDER "aws" or "cloudflare" to customize container. aws

Environment Variables

You may set the following environment variables to customize the container's behaviour:

Name Value Default
CLIENT_DOMAIN_WHITELIST A space separated list of domains you wish to allow to use your SMTP server. The default allows any client to try and authenticate. No Default
CONFIG_DELAY The time to wait for cisagov/postfix-docker to finish configuring postfix. 30
CONTACT_EMAIL Let's Encrypt Contact Email. This is required by Let's Encrypt. No Default
DKIM_DELAY The time to wait for opendkim to generate a dkim value. 30
DNS_PROPAGATION_DELAY The time for Let's Encrypt to wait for DNS changes. 30
PRIMARY_DOMAIN The domain postfix is running for. No Default
RELAY_SERVER The relay server to use for outgoing mail. (If omitted, then no relay server is used.) No Default
RELAY_SERVER_CREDENTIALS The username/password pair to use for the relay server. (In "username:password" format.) No Default
RELAY_SERVER_PORT The port used by the SMTP relay server. No Default
RENEW_INTERVAL_IN_DAYS The interval (in days) to attempt to renew the certificates. 7
TEST_MODE Set to "0" after you have tested certificate generation. 1
USER_LIST A newline separated list of user/password pairs:
"username1 password1\nusername2 password2\n"
(Use only alphanumerical characters; letters in username must be lowercase.)
"admin admin\n"

DNS Providers

Each DNS provider has its own set of additional required environment variables.

AWS DNS Provider

There are no defaults for provider environment variables.

Name Value
AWS_ACCESS_KEY_ID The AWS access key to use to access Route 53.
AWS_HOSTED_ZONE_ID The AWS ID for the zone hosted in Route 53.
AWS_SECRET_ACCESS_KEY The associated AWS secret key for that account.

Please see the certbot plugin documentation for further details.

Cloudflare DNS Provider

There are no defaults for provider environment variables.

Name Value
CLOUDFLARE_API_TOKEN The restricted Cloudflare API Token for this domain.
CLOUDFLARE_ZONE_ID The zone id of the domain in Cloudflare.

Please see the certbot plugin documentation for further details.

Using an Env File

Alternatively, you can mount a single env file containing all required values. This file should adhere to the standard Env File format:

ENV_NAME_1="ENV_VALUE_1"
ENV_NAME_2="ENV_VALUE_2"
ENV_NAME_3="ENV_VALUE_3"

Configure this environment variable to tell the container where to find the Env File:

Name Value Default
ENV_FILE Mounted location of the env file inside the container. No Default

Ports

To access the services inside the container be sure to expose the ports you intend to use:

Port Service
25/TCP SMTP (Not secure!)
587/TCP SSL SMTP
993/TCP SSL IMAP