bokysan / docker-postfix Goto Github PK

I'm seeking a health check to verify if postfix is running. The following is something I developed that seems to work.

Might you consider adding the following to your project's sample docker compose file or to your documentation?

d-c.yml

version: '3'
services:
  postfix:
    image: boky/postfix
    expose:
      - "587"
    environment:
      - DKIM_AUTOGENERATE=1
      - ALLOWED_SENDER_DOMAINS
    restart: always
    volumes:
      - "./dkimkeys:/etc/opendkim/keys"
    healthcheck:
      test: netstat -l | grep smtp
      interval: 1m
      timeout: 10s
      retries: 3

The healthcheck uses netstat, which is installed in the linux image used by this project. Ask netstat to list all listening ports. Use grep to see if something (e.g. postfix) is listening on the smtp port. Grep returns 0 exit code if it finds a match and 1 when there is no match.

I want to use this in a docker-compose project (Mattermost, actually), which uses the following docker-compose.yml file.

How would I go about adding this image so that the web container can send email using it?

I've tried adding:

  mail:
    image: boky/postfix
    environment:
      - HOSTNAME=mail

And then specifying mail as the outgoing SMTP server with port 587 in Mattermost, but it says:

Connection unsuccessful: SendMail: Failed to open connection, dial tcp 172.19.0.5:587: connect: connection refused

I've also tried adding expose: [587], but I got the same error.

Do I need to explicitly map some ports, or do it through the Docker host instead?

I was testing my Java application using postfix for relaying emails from App to postfix and then to AWS SES.

I am not able to send an email when my Java app also uses TLS certificate to send an email to postfix and receiving error stating

Caused by: javax.mail.MessagingException: Server doesn't support required transport level security
at org.apache.geronimo.javamail.transport.smtp.SMTPConnection.sendHandshake(SMTPConnection.java:811) ~[geronimo-javamail_1.4_mail-1.8.4.jar:1.8.4]
at org.apache.geronimo.javamail.transport.smtp.SMTPConnection.protocolConnect(SMTPConnection.java:149) ~[geronimo-javamail_1.4_mail-1.8.4.jar:1.8.4]
at org.apache.geronimo.javamail.transport.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:165) ~[geronimo-javamail_1.4_mail-1.8.4.jar:1.8.4]

I believe exposing smtpd_tls_security_level property may solve this issue. Also, I believe we will require another field to set TLS certs as well.

Please suggest if there are any other solutions for achieving the same

How's this supposed to work https://github.com/bokysan/docker-postfix/blob/master/postfix.sh#L52

Docker allows env variable to be KEY=VALUE only and array is not possible, so I can't make what postfix expects - a new line for each domain in /etc/postfix/allowed_senders:

example.com    OK
example.net    OK

I was trying to use space delemiter, comma. etc. in ALLOWED_SENDER_DOMAINS env in docker-compose.yml, this always fails cause

example.com example.net    OK

is not a vaild config

So how can I pass multiple domains?

I tried to run docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com" -p 1587:587 boky/postfix on a Raspberry Pi 2B, which is 32bit armhf/armv7.

The error message is sleep: invalid number '9999999999999999999'.
The issue likely relates to file scripts/opendkim.sh.

The largest possible is "INT_MAX" for uint32: sleep 4294967295.
(Likewise, I'd assume the largest for 64bit arch is 9223372036854775807.

As an alternative, it seems you can do sleep infinity.

Sleep version: BusyBox v1.31.1 () multi-call binary.

Hello,

By default, in the opendkim configuration the "mail" value for the selector is hard coded in "run.sh" script.
It could be a good idea to let the user customize this value by configuration.

Regards ,
Yannick P.

Following the current documentation the container will have ephemeral storage and could loose any unsent email if it gets stopped, removed and recreated.

Documentation should contain an example on how to keep Postfix queue on an externally provided volume to make it persistent.

Thanks to @wader(https://github.com/wader) I was able to see this issue when I tried to use this image.
Could you please check that DockerHub is building your latest code changes to github?
Your Dockerfile on Dockerhub is referencing an older github master head.

The older docker image doesn't SET the MYNETWORKS env var while the newer code pushes you did to github IS SETTING that MYNETWORKS variable.
You're copying postfix.sh in your older image while your newer changes are COPYing run.sh

This is causing people that are pulling your dockerhub image to not have support for MYNETWORKS like it was my case and I struggled with this for days until @wader was able to see this discrepancy and point me in the right direction.

https://bugs.alpinelinux.org/issues/9987

FIx :
apk add --no-cache --upgrade cyrus-sasl cyrus-sasl-plain cyrus-sasl-login && \

It is nearly impossible to use the logs to find anything because every 30 seconds the ehlo healthcheck is logged at INFO level:

gmail-relay_1  | 2021-05-24T21:02:17.979094-04:00 INFO    postfix/smtpd[27020]: connect from localhost[127.0.0.1]
gmail-relay_1  | 2021-05-24T21:02:17.979120-04:00 INFO    postfix/smtpd[27020]: smtp_stream_setup: maxtime=300 enable_deadline=0
gmail-relay_1  | 2021-05-24T21:02:17.979137-04:00 INFO    postfix/smtpd[27020]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
gmail-relay_1  | 2021-05-24T21:02:17.979144-04:00 INFO    postfix/smtpd[27020]: match_hostaddr: smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
gmail-relay_1  | 2021-05-24T21:02:17.979155-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 220 6180d6d78afb ESMTP Postfix
gmail-relay_1  | 2021-05-24T21:02:17.979189-04:00 INFO    postfix/smtpd[27020]: watchdog_pat: 0x7f6e69702f20
gmail-relay_1  | 2021-05-24T21:02:17.980647-04:00 INFO    postfix/smtpd[27020]: < localhost[127.0.0.1]: EHLO healthcheck
gmail-relay_1  | 2021-05-24T21:02:17.980678-04:00 INFO    postfix/smtpd[27020]: match_list_match: localhost: no match
gmail-relay_1  | 2021-05-24T21:02:17.980684-04:00 INFO    postfix/smtpd[27020]: match_list_match: 127.0.0.1: no match
gmail-relay_1  | 2021-05-24T21:02:17.980692-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-6180d6d78afb
gmail-relay_1  | 2021-05-24T21:02:17.980700-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-PIPELINING
gmail-relay_1  | 2021-05-24T21:02:17.980706-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-SIZE
gmail-relay_1  | 2021-05-24T21:02:17.980713-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-VRFY
gmail-relay_1  | 2021-05-24T21:02:17.980719-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-ETRN
gmail-relay_1  | 2021-05-24T21:02:17.980731-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-ENHANCEDSTATUSCODES
gmail-relay_1  | 2021-05-24T21:02:17.980738-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-8BITMIME
gmail-relay_1  | 2021-05-24T21:02:17.980746-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250-DSN
gmail-relay_1  | 2021-05-24T21:02:17.981156-04:00 INFO    postfix/smtpd[27020]: > localhost[127.0.0.1]: 250 CHUNKING
gmail-relay_1  | 2021-05-24T21:02:17.981183-04:00 INFO    postfix/smtpd[27020]: watchdog_pat: 0x7f6e69702f20
gmail-relay_1  | 2021-05-24T21:02:17.982017-04:00 INFO    postfix/smtpd[27020]: smtp_get: EOF
gmail-relay_1  | 2021-05-24T21:02:17.982030-04:00 INFO    postfix/smtpd[27020]: match_hostname: smtpd_client_event_limit_exceptions: localhost ~? 127.0.0.0/8
gmail-relay_1  | 2021-05-24T21:02:17.982036-04:00 INFO    postfix/smtpd[27020]: match_hostaddr: smtpd_client_event_limit_exceptions: 127.0.0.1 ~? 127.0.0.0/8
gmail-relay_1  | 2021-05-24T21:02:17.982046-04:00 INFO    postfix/smtpd[27020]: lost connection after EHLO from localhost[127.0.0.1]
gmail-relay_1  | 2021-05-24T21:02:17.982056-04:00 INFO    postfix/smtpd[27020]: disconnect from localhost[127.0.0.1] ehlo=1 commands=1

The log also grows at massive rates as a result.

I think a few things can be done to improve this:

1. Don't log healthcheck to stdout
   • Perhaps change this to log to a file or with a different log level or only log to stderr when healthcheck fails.
2. Add logrotate cron job and optionally allow some settings for this to be set through env variables or a mapped logrotate.d config file.

Hi,

i use your container and i love it, but i've a little problem with 3 log lines each minute.
Sending mails isn't the problem. This works perfectly. The host isn't reachable from the internet.
I just use the container to send mails from a small application.

I've a really short docker-compose file:

version: '3'
services:
  mail:
    image: boky/postfix:v2.2.2
    ports:
      - "1587:587"
    environment:
      HOSTNAME: "myhost"
      ALLOWED_SENDER_DOMAINS: "mail.my.domain"
      TZ: "Europe/Zurich"

and i get all minute this output in the log:

2021-01-26T17:47:29.762763+01:00 INFO    postfix/smtpd[134]: connect from localhost[127.0.0.1]  
2021-01-26T17:47:29.762881+01:00 INFO    postfix/smtpd[134]: lost connection after EHLO from localhost[127.0.0.1]  
2021-01-26T17:47:29.762895+01:00 INFO    postfix/smtpd[134]: disconnect from localhost[127.0.0.1] ehlo=1 commands=1

Have you an idea where my problem is?

Thanks for your response

going into the docker container and execute

• chown -R opendkim. /etc/opendkim
• chmod go-rw /etc/opendkim/keys

helps. The problem is it is not persistent.

Sugesstion: Using a different folder to link the keys in the container. Doing the start the keys can be copied and processed. After this the rights can be changed without changing the rights in the host system

Using the latest Image: https://hub.docker.com/layers/boky/postfix/latest/images/sha256-bd54f49d78f7914f9ef8a47b4388a3d42da9d0f3da8ac8c6ea9119037fc20c68?context=explore

Container logs:

ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?
ESC[36mmailserver       |ESC[0m ★★★★★ POSTFIX STARTING UP ★★★★★
ESC[36mmailserver       |ESC[0m ‣ INFO  Not setting any timezone for the container
ESC[36mmailserver       |ESC[0m ‣ INFO  Using plain log format for rsyslog.
ESC[36mmailserver       |ESC[0m postalias: fatal: unsupported dictionary type: lmdb. Is the postfix-lmdb package installed?

Then crashes.

Hello,

When i disable persistant volume :

Error: UPGRADE FAILED: cannot patch "postfix-mail" with kind StatefulSet: StatefulSet.apps "postfix-mail" is invalid: spec: Forbidden: updates to statefulset spec for fields other than 'replicas', 'template', and 'updateStrategy' are forbidden

I have set ALLOW_EMPTY_SENDER_DOMAINS to true while starting my containers.
With this option, I suppose that it makes no sens to have DKIM_AUTOGENERATE set to true because the container needs to have the list of domain names which need DKIM keys. Is it correct?
So I have generated the DKIM keys manually through the piece of code provided and set the DNS entries accordingly.
But unfortunately while testing I have discovered that my emails doesn't contain any DKIM signature. The keys are stored in a volume in order to avoid to loose them.
Even if I restart the container, the problem remains. My emails aren't signed (I have checked under Google and used dkimvalidator.com). Does it means that DKIM is not compatible with the option ALLOW_EMPTY_SENDER_DOMAINS ?
I would be great! Because in my case I don't want to provide the list of domain names (which is changing all the time) and don't want to restart the container.
The container logs says:
‣ NOTE Using custom allowed networks: x.x.x.x/yy
‣ INFO Debugging is disabled.
‣ INFO Using default file for SMTP header checks
‣ NOTE Setting up smtp_header_checks to regexp:/etc/postfix/smtp_header_checks
‣ DEBUG DKIM_AUTOGENERATE not set -- you will need to provide your own keys.
‣ NOTE Configuring OpenDKIM.
...using socket inet:localhost:8891

SPF is working like a charm. Just DKIM which is not working.

Hi there,

I'm using your image at the moment in a Kubernetes context, and working on potentially building a Helm chart around your container image so I can re-use it easily in different projects.

We try and pin our container image FROM's whenever possible, and thus ideally I'd prefer not to rely on an image that uses latest in production.

So I was wondering if you would consider supporting tagged images that perhaps support latest and maybe one or two versions of Alpine such as 3.10 (latest) and 3.9 (latest - 1)?

I think this could be scripted up fairly easily with what you already have in this repo, perhaps by updating the Dockerfile to include:

ARG alpine_version=latest
FROM alpine:$alpine_version
.....

Thanks for considering!

We get errors when backuping the persistent volume used for /var/spool/mail because it contains a lot of sockets.

Is it a good idea to put these sockets in a persistent volume?

After each restart of dockers in main.cf file (on volume) added new string with myhostname, old string with this param are commented.

#myhostname = 214c7f4ad504
mynetworks = 127.0.0.0/8,172.20.0.0/16
#myhostname = 73c3c5480272
#myhostname = postfix-smtp-relay
#myhostname = postfix-smtp-relay
myhostname = postfix-smtp-relay

Part of my docker-compose

  postfix-smtp-relay:
    image: boky/postfix
    container_name: postfix-smtp-relay
    hostname: postfix-smtp-relay
    environment:
      POSTFIX_myhostname: postfix-smtp-relay
      POSTFIX_maillog_file: "/var/log/mail.log"
      LOG_FORMAT: plain
      MYNETWORKS: "127.0.0.0/8,172.20.0.0/16"

Only this parameter is repeated, is this expected behavior or a bug?

This wonderful chart supports autoscaling, but I do not see any provisions for scaling down without losing emails. Actually, they will not be totally lost, but if the replica set scales from 3 to 2, meaning replica-2 disappears, then if it is shut down before draining its queue there will be emails abandoned on persistent-volume-2 until the replica set scales back up. Is there a way to manage the scale-down so that the pod stops accepting new requests while the queue drains, and the pod is not terminated until the queue is empty?

Hi

Thanks for great docker ! I'm using default config, after upgrade to 3.0.0 I cannot send emails anymore. I'm using Xoauth2 and I believe that's causing issue: https://github.com/bokysan/docker-postfix/blob/master/scripts/common-run.sh#L177

postfix                           | 2021-03-20T12:35:25.365668+01:00 ERR     postfix/tlsmgr[143]: error: unsupported dictionary type: btree
postfix                           | 2021-03-20T12:35:25.366718+01:00 WARNING postfix/tlsmgr[143]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree
postfix                           | 2021-03-20T12:35:25.528740+01:00 WARNING postfix/tlsmgr[143]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree
postfix                           | 2021-03-20T12:35:25.633203+01:00 WARNING postfix/tlsmgr[143]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree
postfix                           | 2021-03-20T12:35:25.634692+01:00 WARNING postfix/tlsmgr[143]: warning: btree:/var/lib/postfix/smtp_scache is unavailable. unsupported dictionary type: btree
postfix                           | 2021-03-20T12:35:25.761110+01:00 WARNING postfix/qmgr[127]: warning: private/smtp socket: malformed response
postfix                           | 2021-03-20T12:35:25.761144+01:00 WARNING postfix/qmgr[127]: warning: transport smtp failure -- see a previous warning/fatal/panic logfile record for the problem description
postfix                           | 2021-03-20T12:35:25.761284+01:00 WARNING postfix/master[125]: warning: process /usr/libexec/postfix/smtp pid 142 killed by signal 11
postfix                           | 2021-03-20T12:35:25.761297+01:00 WARNING postfix/master[125]: warning: /usr/libexec/postfix/smtp: bad command startup -- throttling

When trying to send a test email to gmail, I see the following logs:

postfix         | 2021-01-24T14:43:33.171226+00:00 INFO    postfix/smtp[138]: certificate verification failed for gmail-smtp-in.l.google.com[108.177.126.26]:25: untrusted issuer /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
postfix         | 2021-01-24T14:43:33.171270+00:00 INFO    postfix/smtp[138]: Untrusted TLS connection established to gmail-smtp-in.l.google.com[108.177.126.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
postfix         | 2021-01-24T14:43:33.171302+00:00 INFO    postfix/smtp[138]: 3C1D8C1D28: Server certificate not trusted
postfix         | 2021-01-24T14:43:35.880273+00:00 INFO    postfix/smtp[138]: certificate verification failed for alt1.gmail-smtp-in.l.google.com[142.250.4.27]:25: untrusted issuer /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
postfix         | 2021-01-24T14:43:35.880327+00:00 INFO    postfix/smtp[138]: Untrusted TLS connection established to alt1.gmail-smtp-in.l.google.com[142.250.4.27]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
postfix         | 2021-01-24T14:43:35.880358+00:00 INFO    postfix/smtp[138]: 3C1D8C1D28: Server certificate not trusted
postfix         | 2021-01-24T14:43:38.262954+00:00 INFO    postfix/smtp[138]: certificate verification failed for alt2.gmail-smtp-in.l.google.com[108.177.97.26]:25: untrusted issuer /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
postfix         | 2021-01-24T14:43:38.262999+00:00 INFO    postfix/smtp[138]: Untrusted TLS connection established to alt2.gmail-smtp-in.l.google.com[108.177.97.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
postfix         | 2021-01-24T14:43:38.263040+00:00 INFO    postfix/smtp[138]: 3C1D8C1D28: Server certificate not trusted
postfix         | 2021-01-24T14:43:39.720356+00:00 INFO    postfix/smtp[138]: certificate verification failed for alt3.gmail-smtp-in.l.google.com[74.125.28.26]:25: untrusted issuer /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
postfix         | 2021-01-24T14:43:39.720399+00:00 INFO    postfix/smtp[138]: Untrusted TLS connection established to alt3.gmail-smtp-in.l.google.com[74.125.28.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256
postfix         | 2021-01-24T14:43:39.720437+00:00 INFO    postfix/smtp[138]: 3C1D8C1D28: Server certificate not trusted
postfix         | 2021-01-24T14:43:41.269754+00:00 INFO    postfix/smtp[138]: certificate verification failed for alt4.gmail-smtp-in.l.google.com[74.125.137.26]:25: untrusted issuer /OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
postfix         | 2021-01-24T14:43:41.269820+00:00 INFO    postfix/smtp[138]: Untrusted TLS connection established to alt4.gmail-smtp-in.l.google.com[74.125.137.26]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256

I can see you do have ca-certificates package from alpine in the docker image, I am just not sure why I get the above message.

Hello,

Having a boky/postfix container running as part of a docker based software solution, I stumbled upon a situation where e-mails sent by the container got "throttled" by a Microsoft Exchange relay.

What I need to do now is manage the mail queue and, although I can use the mailq, postqueue, postcat and postsuper commands, I couldn't find a way to have the qshape command available on Alpine Linux. Issuing the command apk info -a postfix reveals that, indeed, the qshape command is not provided by the package.

Even though the available commands do allow me to manage the postfix queue, they are missing the global overview qshape would give me on the situation. I've been looking around the Internet to figure out whether the qshape command, which is part of the postfix package in most distros, can be installed on Alpine Linux but couldn't find much info about it.

Could anyone let me know whether it is possible to have qshape on Alpine Linux?

Thanks a lot.

I would like to discuss the reasoning behind the configuration for smtpd_recipient_restrictions in scripts/common-run.sh, especially what the recommended way would be for overriding the configuration (e.g. removing reject_unknown_recipient_domain to trigger a delivery failure message instead of an error in the SMTP session.

Should I just override it using the environment variable POSTFIX_smtpd_recipient_restrictions or is their any other way?

Update: I was running latest. Changed to v2.2.1. Issues is resolved. Sorry for the noise.

Running the image in Kubernetes, I get the following in the log when a mail is sent via the relay:

2020-12-01T12:35:01.179654+00:00 WARNING postfix/smtp[186]: sasl-xoauth2: Unable to open config file /etc/sasl-xoauth2.conf: No such file or directory
2020-12-01T12:35:01.183058+00:00 WARNING postfix/smtp[186]: sasl_client_add_plugin(): entry_point(): failed for plugname sasl-xoauth2

Looking in the Dockerfile for docker-postfix, version 0.9 of xoauth is to be downloaded, but the latest version in that repo is 0.8? > https://github.com/tarickb/sasl-xoauth2/releases

ARG SASL_XOAUTH2_REPO_URL=https://github.com/tarickb/sasl-xoauth2.git
ARG SASL_XOAUTH2_GIT_REF=release-0.9

Hi, I've been playing with this container and https://github.com/tarickb/sasl-xoauth2 to configure XOAuth2 for gmail accounts, so it is not required to enable less secure applications that seems to be deprecated and will be disabled in the future (https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html, https://gsuiteupdates.googleblog.com/2020/03/less-secure-app-turn-off-suspended.html).

Are you interested in a PR with this new feature ?.

Hi, although during the development I realized that the refresh_token is the only relevant secret regarding the XOAuth2 authentication, I just verified that I could run ./integration-test.sh xoauth2 with the token file that I had since last week. So I think that you can enable integration tests by:

1. Login once with the testing account to obtain refresh_token and access_token
2. Store these secrets as github secrets.
3. Generate the .env with using the stored secrets to initialize XOAUTH2_INITIAL_ACCESS_TOKEN and XOAUTH2_INITIAL_REFRESH_TOKEN.

Although in a proper installation these variables are only used once to initialize the internal token database, seems that the XOAuth2 library can refresh the access_token without problem.

Hello,

Sorry if this appears as a stupid question, but I couldn't figure out how to log postfix activity to a file [ashamed]

Currently I can successfully run the docker-postfix container, send emails by connecting to it via telnet and see the server's activity log in the console window where I issued the docker run -rm ... command.

I connected to the running container using the docker exec -it postfix /bin/bash command and expected to find the postfix log file inside the /var/log directory, unfortunately this directory is empty.

From the research I made, and if I understand correctly, rsyslog is used as the login mechanism in the container, and its configuration file is /etc/rsyslog.conf, which (mainly) contains 3 templates definitions: devicelog, json and plain. I've tried changing the value of the -e "LOG_FORMAT=" option (plain or json), which effectively modifies the type of output in the console but still no trace of any file under /var/log...

Could someone explain what to do in order to have the postfix logs stored in a log file?

Thank you.

P.S.: the README.md indicates that the LOG_FORMAT option can be set to "plain" or "JSON" (uppercase), but when setting the value to "JSON" (uppercase), it generates the following error:

2020-09-08 14:46:15,844 INFO spawned: 'rsyslog' with pid 118
rsyslogd:  Could not find template 0 'JSON' - action disabled [v8.2004.0 try https://www.rsyslog.com/e/3003 ]
rsyslogd: error during parsing file /etc/rsyslog.conf, on or before line 46: errors occured in file '/etc/rsyslog.conf' around line 46 [v8.2004.0 try https://www.rsyslog.com/e/2207 ]
rsyslogd: there are no active actions configured. Inputs would run, but no output whatsoever were created. [v8.2004.0 try https://www.rsyslog.com/e/2103 ]
rsyslogd: run failed with error -2103 (see rsyslog.h or try https://www.rsyslog.com/e/2103 to learn what that number means)
2020-09-08 14:46:15,847 INFO exited: rsyslog (exit status 1; not expected)
2020-09-08 14:46:15,847 INFO gave up: rsyslog entered FATAL state, too many start retries too quickly

One needs to use "json" (lowercase) in order to modify the log output format. Maybe should it be modified in the README.md file?

Hi,
Would you give an example on how to send an email to a recipient, as a matter of testing?
Thanks.

With autogenerate configuration for DKIM keys, files get created with root owner and group, and then they can't be read by opendkim: opendkim[84]: can't load key from /etc/opendkim/keys/example.org.private: Permission denied

I'm trying to send a test email from the basic settings in Nextcloud. This is my configuration for that:

This is my docker-compose.yml:

services:
  nextcloud:
    image: linuxserver/nextcloud
    container_name: nextcloud
    environment:
      - PUID=1001
      - PGID=1001
    volumes:
      - /opt/docker/config/nextcloud:/config
      - /opt/docker/data/nextcloud:/data
    restart: unless-stopped
postfix:
    hostname: "mail"
    image: "boky/postfix"
    container_name: postfix
    restart: always
    healthcheck:
      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
      interval: 10s
      timeout: 5s
      start_period: 10s
      retries: 2
    ports:
      - 1587:587
    volumes:
      - /opt/docker/config/postfix:/etc/opendkim/keys
    environment:
      - ALLOWED_SENDER_DOMAINS=mydomain.com
      - INBOUND_DEBUGGING=1
      - MASQUERADED_DOMAINS=mydomain.com

I've port forwarded 587, but it keeps giving me errors in the Docker log for postfix:

connect to mail.tutanota.de[81.3.6.162]:25: Operation timed out
2020-03-15T22:46:33.982637+00:00 mail postfix/smtp[1105]: connect to mail.tutanota.de[81.3.6.165]:25: Operation timed out
2020-03-15T22:46:34.007877+00:00 mail postfix/smtp[1109]: connect to mail.tutanota.de[81.3.6.162]:25: Operation timed out
2020-03-15T22:46:34.060944+00:00 mail postfix/smtp[1108]: connect to gmail-smtp-in.l.google.com[74.125.20.26]:25: Operation timed out
2020-03-15T22:46:34.062123+00:00 mail postfix/smtp[1106]: connect to gmail-smtp-in.l.google.com[74.125.20.26]:25: Operation timed out
2020-03-15T22:46:34.062598+00:00 mail postfix/smtp[1107]: connect to gmail-smtp-in.l.google.com[74.125.195.26]:25: Operation timed out
2020-03-15T22:46:52.642613+00:00 mail postfix/smtp[1126]: connect to mail.tutanota.de[81.3.6.165]:25: Operation timed out
2020-03-15T22:47:04.005697+00:00 mail postfix/smtp[1105]: connect to mail.tutanota.de[81.3.6.162]:25: Operation timed out
2020-03-15T22:47:04.005698+00:00 mail postfix/smtp[1054]: connect to mail.tutanota.de[81.3.6.165]:25: Operation timed out
2020-03-15T22:47:04.038143+00:00 mail postfix/smtp[1109]: connect to mail.tutanota.de[81.3.6.165]:25: Operation timed out
2020-03-15T22:47:04.048852+00:00 mail postfix/smtp[1054]: D27DF1DA0E9A: to=<[email protected]>, relay=none, delay=1129, delays=1069/0/60/0, dsn=4.4.1, status=deferred (connect to mail.tutanota.de[81.3.6.165]:25: Operation timed out)
2020-03-15T22:47:04.074127+00:00 mail postfix/smtp[1105]: 9EA641DA0EA5: to=<[email protected]>, relay=none, delay=456, delays=396/0.01/60/0, dsn=4.4.1, status=deferred (connect to mail.tutanota.de[81.3.6.162]:25: Operation timed out)
2020-03-15T22:47:04.074239+00:00 mail postfix/smtp[1109]: 53E781DA0EA4: to=<[email protected]>, relay=none, delay=501, delays=441/0.03/60/0, dsn=4.4.1, status=deferred (connect to mail.tutanota.de[81.3.6.165]:25: Operation timed out)
2020-03-15T22:47:04.090637+00:00 mail postfix/smtp[1106]: connect to alt1.gmail-smtp-in.l.google.com[108.177.112.27]:25: Operation timed out
2020-03-15T22:47:04.090637+00:00 mail postfix/smtp[1108]: connect to alt1.gmail-smtp-in.l.google.com[108.177.112.26]:25: Operation timed out
2020-03-15T22:47:04.090814+00:00 mail postfix/smtp[1107]: connect to alt1.gmail-smtp-in.l.google.com[108.177.112.26]:25: Operation timed out
2020-03-15T22:47:22.673272+00:00 mail postfix/smtp[1126]: connect to mail.tutanota.de[81.3.6.162]:25: Operation timed out
2020-03-15T22:47:22.714200+00:00 mail postfix/smtp[1126]: 803901DA0E99: to=<[email protected]>, relay=none, delay=60, delays=0.08/0.01/60/0, dsn=4.4.1, status=deferred (connect to mail.tutanota.de[81.3.6.162]:25: Operation timed out)
2020-03-15T22:47:34.121450+00:00 mail postfix/smtp[1108]: connect to alt2.gmail-smtp-in.l.google.com[172.253.112.26]:25: Operation timed out
2020-03-15T22:47:34.121451+00:00 mail postfix/smtp[1106]: connect to alt2.gmail-smtp-in.l.google.com[172.253.112.27]:25: Operation timed out
2020-03-15T22:47:34.121452+00:00 mail postfix/smtp[1107]: connect to alt2.gmail-smtp-in.l.google.com[172.253.112.26]:25: Operation timed out
2020-03-15T22:48:04.131155+00:00 mail postfix/smtp[1107]: connect to alt3.gmail-smtp-in.l.google.com[173.194.77.26]:25: Operation timed out
2020-03-15T22:48:04.147157+00:00 mail postfix/smtp[1108]: connect to alt3.gmail-smtp-in.l.google.com[173.194.77.27]:25: Operation timed out
2020-03-15T22:48:04.150621+00:00 mail postfix/smtp[1106]: connect to alt3.gmail-smtp-in.l.google.com[173.194.77.26]:25: Operation timed out
2020-03-15T22:48:34.161473+00:00 mail postfix/smtp[1107]: connect to alt4.gmail-smtp-in.l.google.com[64.233.177.27]:25: Operation timed out
2020-03-15T22:48:34.161474+00:00 mail postfix/smtp[1108]: connect to alt4.gmail-smtp-in.l.google.com[64.233.177.27]:25: Operation timed out
2020-03-15T22:48:34.178638+00:00 mail postfix/smtp[1106]: connect to alt4.gmail-smtp-in.l.google.com[64.233.177.27]:25: Operation timed out

It would be great to be able use Docker secrets to store the relay password rather than using plain text using the RELAY_PASSWORD_FILE environment variable.

From initial discussion in #33

Just include it in the project. Then do a GitHub job to push it to gh-pages and host it directly on GitHub. Like, say Traefik Helm chart

Should we setup a separate issue for discussing this?

Most definitely.

Here's the Helm chart being discussed to potentially port upstream into this repo:

https://gitlab.com/ucsdlibrary/development/email/

Questions:

• What name should the chart be given? I called the chart email, which is not very creative, but seemed more direct than docker-postfix. Could be postfix or?
• Is the chart acceptable 'as-is'? Should we tweak the default tag and Chart.yaml version info?
• Other?

I won't be working next week, so I probably wouldn't have time to start on this until early September. But definitely open to putting up a PR for initial discussion.

Hi,

First of all, thank you so much for the image! I have spent days looking for a simple, usable postfix in my project and yours works wonderfully.

As the title says, will it be possible to include examples on how to use postfix inside the README file just to check that postfix is in order? Thank you very much!

Hi

thanks for great docker. I'm trying to send email using gmail with OAUTH2. From app I can send email, but then nothing happens, email not received, and I get no errors in log:

postfix                           | 2020-11-18T19:46:14.588448+01:00 INFO    postfix/smtpd[128]: connect from healthchecks.x1_postfix[10.254.5.3]
postfix                           | 2020-11-18T19:46:14.588490+01:00 INFO    postfix/smtpd[128]: smtp_stream_setup: maxtime=300 enable_deadline=0
postfix                           | 2020-11-18T19:46:14.588507+01:00 INFO    postfix/smtpd[128]: match_hostname: smtpd_client_event_limit_exceptions: healthchecks.x1_postfix ~? 127.0.0.0/8
postfix                           | 2020-11-18T19:46:14.588518+01:00 INFO    postfix/smtpd[128]: match_hostaddr: smtpd_client_event_limit_exceptions: 10.254.5.3 ~? 127.0.0.0/8
postfix                           | 2020-11-18T19:46:14.588531+01:00 INFO    postfix/smtpd[128]: match_hostname: smtpd_client_event_limit_exceptions: healthchecks.x1_postfix ~? 10.254.0.0/16
postfix                           | 2020-11-18T19:46:14.588541+01:00 INFO    postfix/smtpd[128]: match_hostaddr: smtpd_client_event_limit_exceptions: 10.254.5.3 ~? 10.254.0.0/16
postfix                           | 2020-11-18T19:46:14.588560+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 220 postfix ESMTP Postfix
postfix                           | 2020-11-18T19:46:14.588577+01:00 INFO    postfix/smtpd[128]: watchdog_pat: 0x55cc20b46bd0
postfix                           | 2020-11-18T19:46:14.589216+01:00 INFO    postfix/smtpd[128]: < healthchecks.x1_postfix[10.254.5.3]: ehlo 7fcb02300481
postfix                           | 2020-11-18T19:46:14.589871+01:00 INFO    postfix/smtpd[128]: match_list_match: healthchecks.x1_postfix: no match
postfix                           | 2020-11-18T19:46:14.589901+01:00 INFO    postfix/smtpd[128]: match_list_match: 10.254.5.3: no match
postfix                           | 2020-11-18T19:46:14.589926+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-postfix
postfix                           | 2020-11-18T19:46:14.589941+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-PIPELINING
postfix                           | 2020-11-18T19:46:14.589962+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-SIZE
postfix                           | 2020-11-18T19:46:14.589975+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-VRFY
postfix                           | 2020-11-18T19:46:14.589987+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-ETRN
postfix                           | 2020-11-18T19:46:14.590001+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-ENHANCEDSTATUSCODES
postfix                           | 2020-11-18T19:46:14.590765+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-8BITMIME
postfix                           | 2020-11-18T19:46:14.590788+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250-DSN
postfix                           | 2020-11-18T19:46:14.590801+01:00 INFO    postfix/smtpd[128]: > healthchecks.x1_postfix[10.254.5.3]: 250 CHUNKING
postfix                           | 2020-11-18T19:46:14.590817+01:00 INFO    postfix/smtpd[128]: watchdog_pat: 0x55cc20b46bd0
postfix                           | 2020-11-18T19:46:14.597392+01:00 INFO    postfix/smtpd[128]: smtp_get: EOF
postfix                           | 2020-11-18T19:46:14.597422+01:00 INFO    postfix/smtpd[128]: match_hostname: smtpd_client_event_limit_exceptions: healthchecks.x1_postfix ~? 127.0.0.0/8
postfix                           | 2020-11-18T19:46:14.597434+01:00 INFO    postfix/smtpd[128]: match_hostaddr: smtpd_client_event_limit_exceptions: 10.254.5.3 ~? 127.0.0.0/8
postfix                           | 2020-11-18T19:46:14.597453+01:00 INFO    postfix/smtpd[128]: match_hostname: smtpd_client_event_limit_exceptions: healthchecks.x1_postfix ~? 10.254.0.0/16
postfix                           | 2020-11-18T19:46:14.597463+01:00 INFO    postfix/smtpd[128]: match_hostaddr: smtpd_client_event_limit_exceptions: 10.254.5.3 ~? 10.254.0.0/16
postfix                           | 2020-11-18T19:46:14.597477+01:00 INFO    postfix/smtpd[128]: lost connection after EHLO from healthchecks.x1_postfix[10.254.5.3]
postfix                           | 2020-11-18T19:46:14.597498+01:00 INFO    postfix/smtpd[128]: disconnect from healthchecks.x1_postfix[10.254.5.3] ehlo=1 commands=1

Except for relayhost / oauth envs I've got:

      INBOUND_DEBUGGING: 1
      ALLOW_EMPTY_SENDER_DOMAINS: "true"
      POSTFIX_mynetworks: "127.0.0.0/8,10.254.0.0/16"
      XOAUTH2_SYSLOG_ON_FAILURE: "yes"
      XOAUTH2_FULL_TRACE: "yes"

How can I debug it further ?

Actually, when persistence is enabled, this chart creates a Volume and a VolumeClaim.

Could it be possible to configure an existing claim as it is possible in https://github.com/bitnami/charts/tree/master/bitnami/postgresql using persistence.existingClaim?

I have your docker image running on my swarm setup with the following config:

version: "3.8"

services:
  smtp:
    image: boky/postfix
    ports:
      - 587:587
    networks:
      - relay
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /etc/timezone:/etc/timezone:ro
    environment:
      - HOSTNAME=myhostname
      - RELAYHOST=myrelay
      - ALLOWED_SENDER_DOMAINS=mydomain

networks:
  relay:
    external: true

When I try sending a test email from it using s-nail on Debian 10 it fails with this error message:

s-nail: SMTP: Resource temporarily unavailable
s-nail: Unexpected EOF on SMTP connection

When using s-nail to send directly to my SMTP host it works as expected, it appears it's receiving an unexpected output from the docker SMTP server, any ideas?

Thank you

Hi! I'm testing your image and got an unexpected behaviour.

Note: example.org is not the real domain I'm using. With that domain, some MX record failures come around. But with a proper DNS configuration of the real domain, the example works like explained.

Running the relay in a device with 10.0.0.100 IP address:

docker run --rm --name postfix \
  -e "ALLOWED_SENDER_DOMAINS=example.org" \
  -e POSTFIX_mynetworks=192.168.0.0/16 \
  -p 587:587 \
  boky/postfix:v2.0.1

And then, sending an email from a local device with 10.0.0.103 IP address:

$ cat email.txt
From: postmaster <[email protected]>
To: recipient <[email protected]>
Subject: email test
Date: Wed, 21 Oct 2020 21:44:16

Test content.

$ curl smtp://10.0.0.100:587 --no-progress-meter --mail-from [email protected] --mail-rcpt [email protected] --upload-file email.txt
# no error output

# relay logs
2020-10-21T20:56:22.523859+00:00 INFO    postfix/smtpd[121]: connect from unknown[10.0.0.103]
2020-10-21T20:56:22.604897+00:00 INFO    postfix/smtpd[121]: 939BB74778B: client=unknown[10.0.0.103]
2020-10-21T20:56:22.605868+00:00 INFO    postfix/cleanup[125]: 939BB74778B: message-id=<>
2020-10-21T20:56:22.610470+00:00 INFO    postfix/qmgr[120]: 939BB74778B: from=<[email protected]>, size=327, nrcpt=1 (queue active)
2020-10-21T20:56:22.610943+00:00 INFO    postfix/smtpd[121]: disconnect from unknown[10.0.0.103] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
...

Accepts connection and sends email, but only 192.168.0.0/16 was allowed. So this shouldn't be possible.

I'm using POSTFIX_smtpd_client_restrictions=permit_mynetworks,reject as a workaround, and works like expected:

docker run --rm --name postfix \
  -e "ALLOWED_SENDER_DOMAINS=example.org" \
  -e POSTFIX_mynetworks=192.168.0.0/16 \
  -e POSTFIX_smtpd_client_restrictions=permit_mynetworks,reject \
  -p 587:587 \
  boky/postfix:v2.0.1

$ curl smtp://10.0.0.100:587 --no-progress-meter --mail-from [email protected] --mail-rcpt [email protected] --upload-file email.txt
curl: (55) RCPT failed: 554

# relay logs
2020-10-21T20:59:40.689023+00:00 INFO    postfix/smtpd[119]: connect from unknown[10.0.0.103]
2020-10-21T20:59:40.689564+00:00 INFO    postfix/smtpd[119]: NOQUEUE: reject: RCPT from unknown[10.0.0.103]: 554 5.7.1 <unknown[10.0.0.103]>: Client host rejected: Access denied; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<email.txt>
2020-10-21T20:59:40.689814+00:00 INFO    postfix/smtpd[119]: disconnect from unknown[10.0.0.103] ehlo=1 mail=1 rcpt=0/1 quit=1 commands=3/4
...

Maybe this smtpd_client_restrictions=permit_mynetworks,reject should be set by default in postfix configuration? Thanks!

should reflect the configured Variables and not example.com

I am super new to Docker, but could you provide an example docker-compose for me please? example/testing variables work fine for me, thank you!

The definition in the following lines

is not used at all, so these could be deleted.

Or am I missing something?

I start the server on my local, try to send an email to my gmail. the messages showed as

2020-02-13T02:12:56.918779+00:00 76b83c891167 postfix/smtpd[117]: disconnect from unknown[172.17.0.1] ehlo=1 mail=1 rcpt=1 data=1 commands=4
2020-02-13T02:13:27.003819+00:00 76b83c891167 postfix/smtp[121]: connect to gmail-smtp-in.l.google.com[172.217.197.26]:25: Operation timed out
2020-02-13T02:13:57.032523+00:00 76b83c891167 postfix/smtp[121]: connect to alt1.gmail-smtp-in.l.google.com[64.233.186.27]:25: Operation timed out
2020-02-13T02:14:27.060979+00:00 76b83c891167 postfix/smtp[121]: connect to alt2.gmail-smtp-in.l.google.com[209.85.202.27]:25: Operation timed out
2020-02-13T02:14:57.087501+00:00 76b83c891167 postfix/smtp[121]: connect to alt3.gmail-smtp-in.l.google.com[74.125.206.26]:25: Operation timed out
2020-02-13T02:15:27.102233+00:00 76b83c891167 postfix/smtp[121]: connect to alt4.gmail-smtp-in.l.google.com[172.217.218.27]:25: Operation timed out
2020-02-13T02:15:27.116627+00:00 76b83c891167 postfix/smtp[121]: DC95C602BA: to=<[email protected]>, relay=none, delay=150, delays=0.05/0.01/150/0, dsn=4.4.1, status=deferred (connect to alt4.gmail-smtp-in.l.google.com[172.217.218.27]:25: Operation timed out)

I start by the command

docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com" -p 1587:587 boky/postfix

tried hotmail, also failed by Operation timed out.
please help

I'm encountering the following when upgrading to the newer v2.0.1 image:

Note: The initial/first (helm-based) deployment works just fine. However, if I need to do a helm upgrade I encounter the issue below. I'm curious if you have any thoughts.

★★★★★ POSTFIX STARTING UP ★★★★★

‣ INFO Not setting any timezone for the container

‣ INFO Using json log format for rsyslog.

‣ INFO Using unlimited message size.

‣ INFO Setting smtp_tls_security_level: may

‣ NOTE Will try to deliver emails directly to the final server. Make sure your DNS is setup properly!

‣ INFO Using default private network list for trusted networks.

‣ INFO Debugging is disabled.

‣ INFO Setting up allowed SENDER domains: <snipped>

‣ DEBUG DKIM_AUTOGENERATE not set -- you will need to provide your own keys.

‣ INFO No DKIM keys found, will not use DKIM.

‣ INFO Applying custom postfix setting: hostname=postfix

‣ INFO Applying custom postfix setting: message_size_limit=0

‣ INFO Applying custom postfix setting: myhostname=hifive-68132031-email-7c8ffc9cf8-nrfbd

‣ INFO Applying custom postfix setting: mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16

‣ NOTE Starting: rsyslog, postfix

2020-08-19 21:23:38,812 INFO Set uid to user 0 succeeded

2020-08-19 21:23:38,814 INFO supervisord started with pid 1

2020-08-19 21:23:39,819 INFO spawned: 'opendkim' with pid 44

2020-08-19 21:23:39,824 INFO spawned: 'postfix' with pid 45

2020-08-19 21:23:39,827 INFO spawned: 'rsyslog' with pid 46

{"@timestamp":"2020-08-19T21:23:39.842521+00:00","type":"syslog_json","tag":":","relayhost":"hifive-68132031-email-7c8ffc9cf8-nrfbd","relayip":"127.0.0.1","logsource":"hifive-68132031-email-7c8ffc9cf8-nrfbd","hostname":"hifive-68132031-email-7c8ffc9cf8-nrfbd","program":"","priority":"46","severity":"6","facility":"5","severity_label":"info","facility_label":"syslog","message":" [origin software=\"rsyslogd\" swVersion=\"8.2004.0\" x-pid=\"46\" x-info=\"https:\/\/www.rsyslog.com\"] start","end_msg":""}

2020-08-19 21:23:39,843 INFO success: postfix entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)

{"@timestamp":"2020-08-19T21:23:40.499162+00:00","type":"syslog_json","tag":"postfix\/postfix-script[57]:","relayhost":"hifive-68132031-email-7c8ffc9cf8-nrfbd","relayip":"127.0.0.1","logsource":"hifive-68132031-email-7c8ffc9cf8-nrfbd","hostname":"hifive-68132031-email-7c8ffc9cf8-nrfbd","program":"postfix","priority":"18","severity":"2","facility":"2","severity_label":"crit","facility_label":"mail","message":" fatal: the Postfix mail system is already running","end_msg":""}

2020-08-19 21:23:41,500 INFO exited: postfix (exit status 1; not expected)

2020-08-19 21:23:42,502 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 2 seconds (startsecs)

2020-08-19 21:23:45,507 INFO success: opendkim entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)

2020-08-19 21:24:31,567 WARN received SIGTERM indicating exit request

2020-08-19 21:24:31,568 INFO waiting for opendkim, rsyslog to die

2020-08-19 21:24:31,569 INFO stopped: rsyslog (exit status 0)

2020-08-19 21:24:33,573 INFO stopped: opendkim (terminated by SIGTERM)

I get events such as:

Normal | Scheduled | Successfully assigned highfive-review/hifive-68132031-email-7c8ffc9cf8-nrfbd to lib-worker2 | 8 minutes ago
-- | -- | -- | --
Normal | Pulling | Pulling image "boky/postfix:v2.0.1" | 8 minutes ago
Normal | Pulled | Successfully pulled image "boky/postfix:v2.0.1" | 8 minutes ago
Normal | Killing | Container hifive-68132031-email failed liveness probe, will be restarted | 7 minutes ago
Normal | Pulled | Container image "boky/postfix:v2.0.1" already present on machine | 7 minutes ago
Normal | Created | Created container hifive-68132031-email | 7 minutes ago
Normal | Started | Started container hifive-68132031-email | 7 minutes ago
Warning | Unhealthy | Readiness probe failed: dial tcp 10.42.8.29:587: connect: connection refused | 6 minutes ago
Warning | Unhealthy | Liveness probe failed: dial tcp 10.42.8.29:587: connect: connection refused | 3 minutes ago

And here is the Helm template for the deployment being used: https://gitlab.com/ucsdlibrary/development/email/-/blob/trunk/templates/deployment.yaml

I'm not setting any DKIM environment variables.

Thanks in advance for any thoughts you might have on what changed in this image that might require changes on my end.

I'm not really sure where to start with setting this up with Nextcloud. Is there a guide I can follow to help me along?

Hello,

docker-postfix is rejecting email from local docker networks, despite being correctly detected in the network ranges. it seems that this issue is new.

Configuration (docker-compose)?

postfix:
image: boky/postfix:v2.0.0
container_name: postfix
restart: always
environment:
ALLOWED_SENDER_DOMAINS: 'mydomain.com'
INBOUND_DEBUGGING: 1
volumes:
- ./dkim_keys:/etc/opendkim/keys

I understand from the log that mydomain.mydomain_default is the container app trying to send an email through postfix.
What I don't get is why there is no IP match postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 172.16.0.0/12.

What did I try to solve the issue ?

I tried to force the 172.18.0.2/32 in mynetworks.
Debugging to level > 3 doesn't give more info.

Logs

★★★★★ POSTFIX STARTING UP ★★★★★
‣ INFO Not setting any timezone for the container
‣ INFO Using plain log format for rsyslog.
‣ INFO Using unlimited message size.
‣ INFO Setting smtp_tls_security_level: may
‣ NOTE Will try to deliver emails directly to the final server. Make sure your DNS is setup properly!
‣ INFO Using default private network list for trusted networks.
‣ NOTE Enabling additional debbuging for: 127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16, as INBOUND_DEBUGGING=''1''
‣ INFO Setting up allowed SENDER domains: mydomain.com
‣ DEBUG DKIM_AUTOGENERATE not set -- you will need to provide your own keys.
‣ NOTE Configuring OpenDKIM.
...using socket inet:localhost:8891
...for domain mydomain.com (selector: mail)
‣ INFO Applying custom postfix setting: message_size_limit=0
‣ INFO Applying custom postfix setting: myhostname=149d38f40f89
‣ INFO Applying custom postfix setting: mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16
‣ NOTE Starting: rsyslog, postfix
2020-08-05 20:50:19,867 INFO Set uid to user 0 succeeded
2020-08-05 20:50:19,872 INFO supervisord started with pid 1
2020-08-05 20:50:20,875 INFO spawned: 'opendkim' with pid 63
2020-08-05 20:50:20,877 INFO spawned: 'master' with pid 64
2020-08-05 20:50:20,880 INFO spawned: 'rsyslog' with pid 65
2020-08-05T20:50:20.898936+00:00 INFO : [origin software="rsyslogd" swVersion="8.2004.0" x-pid="65" x-info="https://www.rsyslog.com"] start
2020-08-05 20:50:20,900 INFO success: master entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2020-08-05T20:50:20.903270+00:00 INFO opendkim[70]: OpenDKIM Filter v2.10.3 starting (args: -D -f -x /etc/opendkim/opendkim.conf)
2020-08-05T20:50:21.638683+00:00 INFO postfix/postfix-script[137]: starting the Postfix mail system
2020-08-05T20:50:21.643391+00:00 INFO postfix/master[139]: daemon started -- version 3.5.2, configuration /etc/postfix
2020-08-05 20:50:21,644 INFO exited: master (exit status 0; expected)
2020-08-05 20:50:23,646 INFO success: rsyslog entered RUNNING state, process has stayed up for > than 2 seconds (startsecs)
2020-08-05 20:50:26,650 INFO success: opendkim entered RUNNING state, process has stayed up for > than 5 seconds (startsecs)
2020-08-05T20:51:20.053395+00:00 INFO postfix/smtpd[142]: connect from mydomain.mydomain_default[172.18.0.2]
2020-08-05T20:51:20.053424+00:00 INFO postfix/smtpd[142]: smtp_stream_setup: maxtime=300 enable_deadline=0
2020-08-05T20:51:20.053432+00:00 INFO postfix/smtpd[142]: match_hostname: smtpd_client_event_limit_exceptions: mydomain.mydomain_default ~? 127.0.0.0/8
2020-08-05T20:51:20.053438+00:00 INFO postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 127.0.0.0/8
2020-08-05T20:51:20.054072+00:00 INFO postfix/smtpd[142]: match_hostname: smtpd_client_event_limit_exceptions: mydomain.mydomain_default ~? 10.0.0.0/8
2020-08-05T20:51:20.054083+00:00 INFO postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 10.0.0.0/8
2020-08-05T20:51:20.054090+00:00 INFO postfix/smtpd[142]: match_hostname: smtpd_client_event_limit_exceptions: mydomain.mydomain_default ~? 172.16.0.0/12
2020-08-05T20:51:20.054095+00:00 INFO postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 172.16.0.0/12
2020-08-05T20:51:20.054102+00:00 INFO postfix/smtpd[142]: report connect to all milters
2020-08-05T20:51:20.054114+00:00 INFO postfix/smtpd[142]: milter8_connect: non-protocol events for protocol version 6:
2020-08-05T20:51:20.054119+00:00 INFO postfix/smtpd[142]: milter8_connect: transport=inet endpoint=localhost:8891
2020-08-05T20:51:20.054144+00:00 INFO postfix/smtpd[142]: trying... [127.0.0.1]
2020-08-05T20:51:20.054224+00:00 INFO postfix/smtpd[142]: vstream_tweak_tcp: TCP_MAXSEG 21845
2020-08-05T20:51:20.054230+00:00 INFO postfix/smtpd[142]: fd=18: stream buffer size old=0 new=87380
2020-08-05T20:51:20.054236+00:00 INFO postfix/smtpd[142]: milter8_connect: my_version=0x6
2020-08-05T20:51:20.054732+00:00 INFO postfix/smtpd[142]: milter8_connect: my_actions=0x1ff SMFIF_ADDHDRS SMFIF_CHGBODY SMFIF_ADDRCPT SMFIF_DELRCPT SMFIF_CHGHDRS SMFIF_QUARANTINE SMFIF_CHGFROM SMFIF_ADDRCPT_PAR SMFIF_SETSYMLIST
2020-08-05T20:51:20.054754+00:00 INFO postfix/smtpd[142]: milter8_connect: my_events=0x1fffff SMFIP_NOCONNECT SMFIP_NOHELO SMFIP_NOMAIL SMFIP_NORCPT SMFIP_NOBODY SMFIP_NOHDRS SMFIP_NOEOH SMFIP_NR_HDR SMFIP_NOUNKNOWN SMFIP_NODATA SMFIP_SKIP SMFIP_RCPT_REJ SMFIP_NR_CONN SMFIP_NR_HELO SMFIP_NR_MAIL SMFIP_NR_RCPT SMFIP_NR_DATA SMFIP_NR_UNKN SMFIP_NR_EOH SMFIP_NR_BODY SMFIP_HDR_LEADSPC
2020-08-05T20:51:20.055226+00:00 INFO postfix/smtpd[142]: milter8_connect: milter inet:localhost:8891 version 6
2020-08-05T20:51:20.055234+00:00 INFO postfix/smtpd[142]: milter8_connect: events SMFIP_NOHELO SMFIP_NOUNKNOWN SMFIP_NODATA SMFIP_SKIP SMFIP_HDR_LEADSPC
2020-08-05T20:51:20.055240+00:00 INFO postfix/smtpd[142]: milter8_connect: requests SMFIF_ADDHDRS SMFIF_CHGHDRS SMFIF_SETSYMLIST
2020-08-05T20:51:20.055246+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "j"
2020-08-05T20:51:20.055252+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: result "149d38f40f89"
2020-08-05T20:51:20.055257+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{daemon_name}"
2020-08-05T20:51:20.055262+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: result "149d38f40f89"
2020-08-05T20:51:20.055266+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{daemon_addr}"
2020-08-05T20:51:20.055272+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: result "172.18.0.4"
2020-08-05T20:51:20.055277+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "v"
2020-08-05T20:51:20.055281+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: result "Postfix 3.5.2"
2020-08-05T20:51:20.055675+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "_"
2020-08-05T20:51:20.055690+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: result "mydomain.mydomain_default [172.18.0.2]"
2020-08-05T20:51:20.055697+00:00 INFO postfix/smtpd[142]: milter8_conn_event: milter inet:localhost:8891: connect mydomain.mydomain_default/172.18.0.2
2020-08-05T20:51:20.055705+00:00 INFO postfix/smtpd[142]: event: SMFIC_CONNECT; macros: j=149d38f40f89 {daemon_name}=149d38f40f89 {daemon_addr}=172.18.0.4 v=Postfix 3.5.2 _=mydomain.mydomain_default [172.18.0.2]
2020-08-05T20:51:20.056002+00:00 INFO postfix/smtpd[142]: reply: SMFIR_CONTINUE data 0 bytes
2020-08-05T20:51:20.056012+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 220 149d38f40f89 ESMTP Postfix
2020-08-05T20:51:20.056020+00:00 INFO postfix/smtpd[142]: watchdog_pat: 0x558e40a0b350
2020-08-05T20:51:20.056257+00:00 INFO postfix/smtpd[142]: < mydomain.mydomain_default[172.18.0.2]: EHLO [127.0.0.1]
2020-08-05T20:51:20.056269+00:00 INFO postfix/smtpd[142]: report helo to all milters
2020-08-05T20:51:20.056274+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{tls_version}"
2020-08-05T20:51:20.056280+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{cipher}"
2020-08-05T20:51:20.056284+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{cipher_bits}"
2020-08-05T20:51:20.056289+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{cert_subject}"
2020-08-05T20:51:20.056294+00:00 INFO postfix/smtpd[142]: milter_macro_lookup: "{cert_issuer}"
2020-08-05T20:51:20.056300+00:00 INFO postfix/smtpd[142]: milter8_helo_event: milter inet:localhost:8891: helo [127.0.0.1]
2020-08-05T20:51:20.056305+00:00 INFO postfix/smtpd[142]: event: SMFIC_HELO; macros: (none)
2020-08-05T20:51:20.056311+00:00 INFO postfix/smtpd[142]: skipping event SMFIC_HELO for milter inet:localhost:8891
2020-08-05T20:51:20.056319+00:00 INFO postfix/smtpd[142]: match_list_match: mydomain.mydomain_default: no match
2020-08-05T20:51:20.056616+00:00 INFO postfix/smtpd[142]: match_list_match: 172.18.0.2: no match
2020-08-05T20:51:20.056631+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-149d38f40f89
2020-08-05T20:51:20.056638+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-PIPELINING
2020-08-05T20:51:20.056643+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-SIZE
2020-08-05T20:51:20.056648+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-VRFY
2020-08-05T20:51:20.056654+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-ETRN
2020-08-05T20:51:20.056659+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-ENHANCEDSTATUSCODES
2020-08-05T20:51:20.056664+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-8BITMIME
2020-08-05T20:51:20.056670+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250-DSN
2020-08-05T20:51:20.056675+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 250 CHUNKING
2020-08-05T20:51:20.056682+00:00 INFO postfix/smtpd[142]: watchdog_pat: 0x558e40a0b350
2020-08-05T20:51:20.057413+00:00 INFO postfix/smtpd[142]: < mydomain.mydomain_default[172.18.0.2]: QUIT
2020-08-05T20:51:20.057421+00:00 INFO postfix/smtpd[142]: > mydomain.mydomain_default[172.18.0.2]: 221 2.0.0 Bye
2020-08-05T20:51:20.057429+00:00 INFO postfix/smtpd[142]: match_hostname: smtpd_client_event_limit_exceptions: mydomain.mydomain_default ~? 127.0.0.0/8
2020-08-05T20:51:20.057434+00:00 INFO postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 127.0.0.0/8
2020-08-05T20:51:20.057441+00:00 INFO postfix/smtpd[142]: match_hostname: smtpd_client_event_limit_exceptions: mydomain.mydomain_default ~? 10.0.0.0/8
2020-08-05T20:51:20.057445+00:00 INFO postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 10.0.0.0/8
2020-08-05T20:51:20.057451+00:00 INFO postfix/smtpd[142]: match_hostname: smtpd_client_event_limit_exceptions: mydomain.mydomain_default ~? 172.16.0.0/12
2020-08-05T20:51:20.057456+00:00 INFO postfix/smtpd[142]: match_hostaddr: smtpd_client_event_limit_exceptions: 172.18.0.2 ~? 172.16.0.0/12
2020-08-05T20:51:20.057462+00:00 INFO postfix/smtpd[142]: abort all milters
2020-08-05T20:51:20.057467+00:00 INFO postfix/smtpd[142]: milter8_abort: abort milter inet:localhost:8891
2020-08-05T20:51:20.057473+00:00 INFO postfix/smtpd[142]: disconnect event to all milters
2020-08-05T20:51:20.057721+00:00 INFO postfix/smtpd[142]: milter8_disc_event: quit milter inet:localhost:8891
2020-08-05T20:51:20.057892+00:00 INFO postfix/smtpd[142]: disconnect from mydomain.mydomain_default[172.18.0.2] ehlo=1 quit=1 commands=2
2020-08-05T20:51:20.057898+00:00 INFO postfix/smtpd[142]: free all milters
2020-08-05T20:51:20.057902+00:00 INFO postfix/smtpd[142]: free milter inet:localhost:8891

Do you confirm there is an issue ?

Hello,
if this image(helm chart) is used to not sent to a relay server will it spin up his own relayserver if replicas or HPA are set?
or should i setup more than one deployment.

First without Relay - to send to the world
Second with HPA and relaying to first?

Thanks

health checks are failing because localhost does not resolve (deploying on GCP using ContainerOS)

This health check works for me however (overwriting the base image health check)

HEALTHCHECK --interval=30s --timeout=5s --start-period=10s --retries=3 CMD printf "EHLO healthcheck\n" | nc `hostname` 587 | grep -qE "^220.*ESMTP Postfix"

or just using 127.0.0.1 instead of the hostname

Hello. Thanks for the great postfix container!

I was wondering if you would be able to add build tags to each release? I would feel more comfortable being able to pin my use of your container to a specific image build as opposed to latest.

e.g. image: boky/postfix:1.0

Again, thanks for the great container!

I was wondering if we have any parameter in helm to enable persistence volume encryption using KMS keys.

My AWS infrastructure strictly bounds me to create encrypted volumes only which is why when I installed postfix using Helm chart on my EKS it throws below error on PVC

Warning ProvisioningFailed 0s (x5 over 41s) persistentvolume-controller Failed to provision volume with StorageClass "gp2": failed to create encrypted volume: the volume disappeared after creation, most likely due to
inaccessible KMS encryption key

But the same code works fine on the infrastructure where volume encryption is not enforced.

Any suggesstions on how to enable encryption on persistence volumes using KMS Keys

Hi!

When starting the docker image boky/postfix:v1.1.3, I get the above error.
postfix[41]: fatal: /usr/lib/postfix/postfix-script: No such file or directory

I looked for it and there is one located at /usr/libexec/postfix/postfix-script, but that doesn't seem to work when copied over.

Hi,

I'm new to postfix so any help would be appreciated.
I need to limit postfix to send mails only to specific domains only. We use it as a development SMTP server and don't want to send mails outside the company.

Is it possible to configure docker container with postfix to somehow limit target domains (white list).

Thank you,
Kind regards