relay smtp

Author: alainabbas

.github/workflows/docker-image.yml

@@ -100,3 +100,22 @@ jobs:
           labels: ${{ steps.metaClient.outputs.labels }}
           platforms: linux/amd64
 
+      # Process for the `relay-smtpt` subfolder
+      - name: Extract metadata (tags, labels) for relay-smtp
+        id: metaSmtp
+        uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}/relay-smtp
+          tags: |
+            # set latest tag for default branch
+            type=raw,value=latest,enable={{is_default_branch}}
+
+      - name: Build and push Docker image (relay-smtp)
+        uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+        with:
+          context: ./relay-smtp
+          push: true
+          tags: ${{ steps.metaSmtp.outputs.tags }}
+          labels: ${{ steps.metaSmtp.outputs.labels }}
+          platforms: linux/amd64
+

smtp-relay/Dockerfile

@@ -0,0 +1,28 @@
+FROM alpine:3.21
+
+LABEL maintainer="aa@libertech.fr"
+
+ARG BUILD_DATE
+ARG NAME
+ARG VCS_REF
+ARG VERSION
+
+LABEL org.label-schema.schema-version="1.0" \
+      org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name=$NAME \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vcs-url="https://github.com/libertech-fr/postfix" \
+      org.label-schema.version=$VERSION
+
+SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
+
+RUN apk add --no-cache  bash openssl postfix
+COPY postfix_init.sh /postfix_init.sh
+RUN chmod 755 /postfix_init.sh
+
+EXPOSE 25
+
+CMD ["/postfix_init.sh"]
+
+HEALTHCHECK --interval=15s --timeout=10s --retries=3 CMD postfix status || exit 1
+

smtp-relay/README.md

@@ -0,0 +1,26 @@
+# Relay SMTP 
+
+## docker-compose.yml
+ervices:
+  smtp:
+    #image: rapidfort/postfix-ib:latest
+    build: .
+    container_name: smtp
+    ports:
+      - "25:25"
+    environment:
+      - POSTFIX_RELAYHOST_PORT=25
+      - POSTFIX_RELAYHOST=MONRELAY 
+      - POSTFIX_TLS=true
+      - POSTFIX_MYNETWORKS=10.0.0.0/8
+      - POSTFIX_TLS=true
+      - POSTFIX_SASL_AUTH=USERNAME:PASSWORD
+
+## Variables d'environements
+
+* POSTFIX_RELAYHOST_PORT = Port du relay SMTP
+* POSTFIX_RELAYHOST = FDQN ou IP du relay SMTP
+* POSTFIX_MYNETWORKS = Reseaux autorisés à poster
+* POSTFIX_TLS = Connection au relay en TLS
+* POSTFIX_SASL_AUTH = Credentials du relay sous la forme username:password 
+i¨ 

smtp-relay/docker-compose.yml

@@ -0,0 +1,10 @@
+services:
+  smtp:
+    #image: rapidfort/postfix-ib:latest
+    build: .
+    container_name: smtp
+    ports:
+      - "25:25"
+    environment:
+      - POSTFIX_RELAYHOST_PORT=25
+      - POSTFIX_MYNETWORKS=10.0.0.0/8

smtp-relay/postfix_init.sh

@@ -0,0 +1,80 @@
+#!/bin/bash
+#
+
+set -eo pipefail
+
+echo "Configuring postfix with any environment variables that are set"
+
+if [[ -n "${POSTFIX_MYNETWORKS}" ]]; then
+    echo "Setting custom 'mynetworks' to '${POSTFIX_MYNETWORKS}'"
+    postconf mynetworks="${POSTFIX_MYNETWORKS}"
+else
+    echo "Set 'mynetworks' to default"
+    postconf mynetworks="127.0.0.1/32 172.0.0.0/8"
+fi
+
+if [[ -n "${POSTFIX_RELAYHOST}" ]]; then
+    echo "Setting custom 'relayhost' to '${POSTFIX_RELAYHOST}'"
+    postconf relayhost="[${POSTFIX_RELAYHOST}]:${POSTFIX_RELAYHOST_PORT}"
+else
+    echo "Set 'relayhost' to default (unset)"
+    postconf -# relayhost
+fi
+
+echo "Disable chroot for the smtp service"
+postconf -F smtp/inet/chroot=n
+postconf -F smtp/unix/chroot=n
+
+if [[ "${POSTFIX_INETPROTOCOLS}" = "all" ]]; then
+    echo "Enabling IPv4 and IPv6"
+    postconf inet_protocols="all"
+elif [[ "${POSTFIX_INETPROTOCOLS}" = "ipv6" ]]; then
+    echo "Enabling IPv6"
+    postconf inet_protocols="ipv6"
+elif [[ "${POSTFIX_INETPROTOCOLS}" = "ipv4, ipv6" ]]; then
+    echo "Enabling IPv4 and IPv6"
+    postconf inet_protocols="all"
+elif [[ "${POSTFIX_INETPROTOCOLS}" = "ipv4" ]]; then
+    echo "Enabling IPv4"
+    postconf inet_protocols="ipv4"
+else
+    echo "Enabling IPv4"
+    postconf inet_protocols="ipv4"
+fi
+
+#echo "Disable ipv6"
+#postconf inet_protocols="ipv4"
+
+if [[ "${POSTFIX_TLS}" = "true" ]]; then
+    echo "Configuring TLS"
+    postconf smtp_tls_CAfile="/etc/ssl/certs/ca-certificates.crt"
+    postconf smtp_tls_security_level="encrypt"
+    postconf smtp_use_tls="yes"
+    postconf smtp_tls_wrappermode="yes"
+fi
+
+if [[ -n "${POSTFIX_SASL_AUTH}" ]]; then
+    echo "Configuring SASL Auth"
+    if [[ -z "${POSTFIX_RELAYHOST}" || -z "${POSTFIX_TLS}" ]]; then
+        echo "Please set 'POSTFIX_RELAYHOST' AND 'POSTFIX_TLS' before attempting to enable SSL auth."
+        exit 1
+    fi
+
+    postconf smtp_sasl_auth_enable="yes"
+    postconf smtp_sasl_password_maps="lmdb:/etc/postfix/sasl_passwd"
+    postconf smtp_sasl_security_options="noanonymous"
+    postconf smtp_tls_note_starttls_offer="yes"
+    # generate the SASL password map
+    echo "${POSTFIX_RELAYHOST} ${POSTFIX_SASL_AUTH}" > /etc/postfix/sasl_passwd
+
+    # generate a .db file and clean it up
+    postmap lmdb:/etc/postfix/sasl_passwd && rm /etc/postfix/sasl_passwd
+
+    # set permissions
+    chmod 600 /etc/postfix/sasl_passwd.lmdb
+fi
+postconf maillog_file=/var/log/postfix.log
+postconf maillog_file_permissions=0644
+
+echo "Starting postfix"
+postfix start-fg