postfix/run.sh

#!/bin/bash

[ "${DEBUG}" == "yes" ] && set -x

function add_config_value() {
  local key=${1}
  local value=${2}
  # local config_file=${3:-/etc/postfix/main.cf}
  [ "${key}" == "" ] && echo "ERROR: No key set !!" && exit 1
  [ "${value}" == "" ] && echo "ERROR: No value set !!" && exit 1

  echo "Setting configuration option ${key} with value: ${value}"
 postconf -e "${key} = ${value}"
}

# Read password and username from file to avoid unsecure env variables
if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -e "${SMTP_PASSWORD_FILE}" ] && SMTP_PASSWORD=$(cat "${SMTP_PASSWORD_FILE}") || echo "SMTP_PASSWORD_FILE defined, but file not existing, skipping."; fi
if [ -n "${SMTP_USERNAME_FILE}" ]; then [ -e "${SMTP_USERNAME_FILE}" ] && SMTP_USERNAME=$(cat "${SMTP_USERNAME_FILE}") || echo "SMTP_USERNAME_FILE defined, but file not existing, skipping."; fi

[ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1
[ -z "${SERVER_HOSTNAME}" ] && echo "SERVER_HOSTNAME is not set" && exit 1
[ ! -z "${SMTP_USERNAME}" -a -z "${SMTP_PASSWORD}" ] && echo "SMTP_USERNAME is set but SMTP_PASSWORD is not set" && exit 1

SMTP_PORT="${SMTP_PORT:-587}"

#Get the domain from the server host name
DOMAIN=`echo ${SERVER_HOSTNAME} | awk 'BEGIN{FS=OFS="."}{print $(NF-1),$NF}'`

# Set needed config options
add_config_value "maillog_file" "/dev/stdout"
add_config_value "myhostname" ${SERVER_HOSTNAME}
add_config_value "mydomain" ${DOMAIN}
add_config_value "mydestination" "${DESTINATION:-localhost}"
add_config_value "myorigin" '$mydomain'
add_config_value "append_dot_mydomain" 'no'
add_config_value "relayhost" "[${SMTP_SERVER}]:${SMTP_PORT}"
add_config_value "smtp_use_tls" "yes"
if [ ! -z "${SMTP_USERNAME}" ]; then
  add_config_value "smtp_sasl_auth_enable" "yes"
  add_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd"
  add_config_value "smtp_sasl_security_options" "noanonymous"
fi
add_config_value "always_add_missing_headers" "${ALWAYS_ADD_MISSING_HEADERS:-no}"
#Also use "native" option to allow looking up hosts added to /etc/hosts via
# docker options (issue #51)
add_config_value "smtp_host_lookup" "native,dns"

if [ "${SMTP_PORT}" = "465" ]; then
  add_config_value "smtp_tls_wrappermode" "yes"
  add_config_value "smtp_tls_security_level" "encrypt"
fi

# Create sasl_passwd file with auth credentials
if [ ! -f /etc/postfix/sasl_passwd -a ! -z "${SMTP_USERNAME}" ]; then
  grep -q "${SMTP_SERVER}" /etc/postfix/sasl_passwd  > /dev/null 2>&1
  if [ $? -gt 0 ]; then
    echo "Adding SASL authentication configuration"
    echo "[${SMTP_SERVER}]:${SMTP_PORT} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd
    postmap /etc/postfix/sasl_passwd
  fi
fi

#Set header tag
if [ ! -z "${SMTP_HEADER_TAG}" ]; then
  postconf -e "header_checks = regexp:/etc/postfix/header_checks"
  echo -e "/^MIME-Version:/i PREPEND RelayTag: $SMTP_HEADER_TAG\n/^Content-Transfer-Encoding:/i PREPEND RelayTag: $SMTP_HEADER_TAG" >> /etc/postfix/header_checks
  echo "Setting configuration option SMTP_HEADER_TAG with value: ${SMTP_HEADER_TAG}"
fi

#Enable logging of subject line
if [ "${LOG_SUBJECT}" == "yes" ]; then
  postconf -e "header_checks = regexp:/etc/postfix/header_checks"
  echo -e "/^Subject:/ WARN" >> /etc/postfix/header_checks
  echo "Enabling logging of subject line"
fi

#Check for subnet restrictions
nets='10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'
if [ ! -z "${SMTP_NETWORKS}" ]; then
  declare ipv6re="^((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|\
    ([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|\
    ([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|\
    ([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|\
    :((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}|\
    ::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|\
    (2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|\
    (2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/[0-9]{1,3})$"

  for i in $(sed 's/,/\ /g' <<<$SMTP_NETWORKS); do
    if grep -Eq "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}" <<<$i ; then
      nets+=", $i"
    elif grep -Eq "$ipv6re" <<<$i ; then
      readarray -d \/ -t arr < <(printf '%s' "$i")
      nets+=", [${arr[0]}]/${arr[1]}"
    else
      echo "$i is not in proper IPv4 or IPv6 subnet format. Ignoring."
    fi
  done
fi
add_config_value "mynetworks" "${nets}"

# Set SMTPUTF8
if [ ! -z "${SMTPUTF8_ENABLE}" ]; then
  postconf -e "smtputf8_enable = ${SMTPUTF8_ENABLE}"
  echo "Setting configuration option smtputf8_enable with value: ${SMTPUTF8_ENABLE}"
fi

if [ ! -z "${OVERWRITE_FROM}" ]; then
  echo -e "/^From:.*$/ REPLACE From: $OVERWRITE_FROM" > /etc/postfix/smtp_header_checks
  postmap /etc/postfix/smtp_header_checks
  postconf -e 'smtp_header_checks = regexp:/etc/postfix/smtp_header_checks'
  echo "Setting configuration option OVERWRITE_FROM with value: ${OVERWRITE_FROM}"
fi

# Set message_size_limit
if [ ! -z "${MESSAGE_SIZE_LIMIT}" ]; then
  postconf -e "message_size_limit = ${MESSAGE_SIZE_LIMIT}"
  echo "Setting configuration option message_size_limit with value: ${MESSAGE_SIZE_LIMIT}"
fi

# Set inet_protocol
if [ ! -z "${INET_PROTOCOL}" ]; then
  sed -i -e 's/inet_protocols = all/inet_protocols = ipv4/g' /etc/postfix/main.cf
  echo "Setting configuration option inet_protocols with value: ${INET_PROTOCOL}"
fi


#Start services

# If host mounting /var/spool/postfix, we need to delete old pid file before
# starting services
rm -f /var/spool/postfix/pid/master.pid

exec /usr/sbin/postfix -c /etc/postfix start-fg
First version 2015-04-20 00:30:41 +02:00			`#!/bin/bash`

Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`[ "${DEBUG}" == "yes" ] && set -x`

			`function add_config_value() {`
			`local key=${1}`
			`local value=${2}`
Fix awk expression, it worked before because of a bug, it does not work with more recent awk versions. 2020-03-24 00:30:00 +01:00			`# local config_file=${3:-/etc/postfix/main.cf}`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`[ "${key}" == "" ] && echo "ERROR: No key set !!" && exit 1`
			`[ "${value}" == "" ] && echo "ERROR: No value set !!" && exit 1`

			`echo "Setting configuration option ${key} with value: ${value}"`
Convert previous function to using postfix. 2019-02-17 18:50:21 +01:00			`postconf -e "${key} = ${value}"`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`}`

feat: Add support to load username from file 2021-05-22 01:03:01 +02:00			`# Read password and username from file to avoid unsecure env variables`
fix: read passwords from files 2021-11-02 10:36:20 +01:00			`if [ -n "${SMTP_PASSWORD_FILE}" ]; then [ -e "${SMTP_PASSWORD_FILE}" ] && SMTP_PASSWORD=$(cat "${SMTP_PASSWORD_FILE}") \|\| echo "SMTP_PASSWORD_FILE defined, but file not existing, skipping."; fi`
			`if [ -n "${SMTP_USERNAME_FILE}" ]; then [ -e "${SMTP_USERNAME_FILE}" ] && SMTP_USERNAME=$(cat "${SMTP_USERNAME_FILE}") \|\| echo "SMTP_USERNAME_FILE defined, but file not existing, skipping."; fi`
Add function to load secret/password from file for security (#25) New feature: Load SMTP password from file to avoid using env variables. 2020-06-19 23:52:21 +02:00
First version 2015-04-20 00:30:41 +02:00			`[ -z "${SMTP_SERVER}" ] && echo "SMTP_SERVER is not set" && exit 1`
Also validate SERVER_HOSTNAME. 2018-03-06 07:18:30 +01:00			`[ -z "${SERVER_HOSTNAME}" ] && echo "SERVER_HOSTNAME is not set" && exit 1`
Allow to use a SMTP server without authentication 2021-03-23 22:41:01 +01:00			`[ ! -z "${SMTP_USERNAME}" -a -z "${SMTP_PASSWORD}" ] && echo "SMTP_USERNAME is set but SMTP_PASSWORD is not set" && exit 1`
First version 2015-04-20 00:30:41 +02:00
fix(postfix): Set correct default value for SMTP_PORT 2020-01-21 10:47:27 +01:00			`SMTP_PORT="${SMTP_PORT:-587}"`
Make the smtp server port configurable. 2018-05-24 05:14:45 +02:00
Also set mydestination. 2015-05-23 06:45:58 +02:00			`#Get the domain from the server host name`
Fix awk expression, it worked before because of a bug, it does not work with more recent awk versions. 2020-03-24 00:30:00 +01:00			DOMAIN=`echo ${SERVER_HOSTNAME} \| awk 'BEGIN{FS=OFS="."}{print $(NF-1),$NF}'`
Also set mydestination. 2015-05-23 06:45:58 +02:00
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`# Set needed config options`
feat: Removed supervisor and rsyslog As mentioned in discussion #54, since version 3.3.0, postfix can run in foreground mode, and since 3.4.0 it can log directly to stdout. 2021-04-27 23:44:39 +02:00			`add_config_value "maillog_file" "/dev/stdout"`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`add_config_value "myhostname" ${SERVER_HOSTNAME}`
			`add_config_value "mydomain" ${DOMAIN}`
feat: Parameterize destination config value 2021-06-30 11:05:26 +02:00			`add_config_value "mydestination" "${DESTINATION:-localhost}"`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`add_config_value "myorigin" '$mydomain'`
set append_dot_domain 2023-10-31 10:30:45 +01:00			`add_config_value "append_dot_mydomain" 'no'`
Make the smtp server port configurable. 2018-05-24 05:14:45 +02:00			`add_config_value "relayhost" "[${SMTP_SERVER}]:${SMTP_PORT}"`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`add_config_value "smtp_use_tls" "yes"`
Allow to use a SMTP server without authentication 2021-03-23 22:41:01 +01:00			`if [ ! -z "${SMTP_USERNAME}" ]; then`
			`add_config_value "smtp_sasl_auth_enable" "yes"`
			`add_config_value "smtp_sasl_password_maps" "lmdb:/etc/postfix/sasl_passwd"`
			`add_config_value "smtp_sasl_security_options" "noanonymous"`
			`fi`
Add option always_add_missing_headers (#32) (adding From:, To:, Date: or Message-ID: headers when not present, cf. http://www.postfix.org/postconf.5.html#always_add_missing_headers) This option always_add_missing_headers is set by the environment variable ALWAYS_ADD_MISSING_HEADERS (default: no) 2020-08-24 21:41:08 +02:00			`add_config_value "always_add_missing_headers" "${ALWAYS_ADD_MISSING_HEADERS:-no}"`
Add smtp_host_lookup=native,dns parameter to allow the lookup of hosts added to /etc/hosts file via docker options (issue #51). 2021-03-17 23:17:39 +01:00			`#Also use "native" option to allow looking up hosts added to /etc/hosts via`
			`# docker options (issue #51)`
			`add_config_value "smtp_host_lookup" "native,dns"`
Set myhostname and myorigin, some providers like 1&1 will do MX lookups on them so they need to be valid. 2015-05-13 08:06:38 +02:00
add smtp_tls_wrappermode and smtp_tls_security_level. You need both parameters when you send emails with TLS(465). 2020-12-16 17:18:27 +01:00			`if [ "${SMTP_PORT}" = "465" ]; then`
			`add_config_value "smtp_tls_wrappermode" "yes"`
			`add_config_value "smtp_tls_security_level" "encrypt"`
			`fi`

Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`# Create sasl_passwd file with auth credentials`
Allow to use a SMTP server without authentication 2021-03-23 22:41:01 +01:00			`if [ ! -f /etc/postfix/sasl_passwd -a ! -z "${SMTP_USERNAME}" ]; then`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`grep -q "${SMTP_SERVER}" /etc/postfix/sasl_passwd > /dev/null 2>&1`
			`if [ $? -gt 0 ]; then`
			`echo "Adding SASL authentication configuration"`
Correct sasl_passwd file creation method 2021-07-08 16:11:22 +02:00			`echo "[${SMTP_SERVER}]:${SMTP_PORT} ${SMTP_USERNAME}:${SMTP_PASSWORD}" >> /etc/postfix/sasl_passwd`
Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`postmap /etc/postfix/sasl_passwd`
			`fi`
			`fi`
First version 2015-04-20 00:30:41 +02:00
Change base image from CentOS 7 to alpine linux 2020-03-23 05:17:24 +01:00			`#Set header tag`
Update run.sh 2019-01-27 02:50:34 +01:00			`if [ ! -z "${SMTP_HEADER_TAG}" ]; then`
feat: Add ENV option to enable subject line logging 2021-10-27 17:42:03 +02:00			`postconf -e "header_checks = regexp:/etc/postfix/header_checks"`
			`echo -e "/^MIME-Version:/i PREPEND RelayTag: $SMTP_HEADER_TAG\n/^Content-Transfer-Encoding:/i PREPEND RelayTag: $SMTP_HEADER_TAG" >> /etc/postfix/header_checks`
Update run.sh 2019-01-26 23:12:50 +01:00			`echo "Setting configuration option SMTP_HEADER_TAG with value: ${SMTP_HEADER_TAG}"`
Add header tag creation. This will create a tag in email headers that can be used for filtering by receiving servers. I use this image for relaying through exchange online, and the nature of how I run my containers prevents me from setting static IPs as a filter. With a tag for exchange to look at, I can make sure emails from the relay are not hitting the junk folder. Without setting the HEADER_TAG variable, the script will create a randomly generated tag and move on. It is not a requirement to make use of this feature. 2019-01-16 18:34:48 +01:00			`fi`

feat: Add ENV option to enable subject line logging 2021-10-27 17:42:03 +02:00			`#Enable logging of subject line`
			`if [ "${LOG_SUBJECT}" == "yes" ]; then`
			`postconf -e "header_checks = regexp:/etc/postfix/header_checks"`
			`echo -e "/^Subject:/ WARN" >> /etc/postfix/header_checks`
			`echo "Enabling logging of subject line"`
			`fi`

Update run.sh Add trusted networks option 2019-03-17 22:17:51 +01:00			`#Check for subnet restrictions`
			`nets='10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16'`
			`if [ ! -z "${SMTP_NETWORKS}" ]; then`
feat: Add IPv6 support 2022-04-28 17:49:08 +02:00			`declare ipv6re="^((([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,7}:\|\`
			`([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}\|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}\|\`
			`([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}\|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}\|\`
			`([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}\|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})\|\`
			`:((:[0-9a-fA-F]{1,4}){1,7}\|:)\|fe80:(:[0-9a-fA-F]{0,4}){0,4}\|\`
			`::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]\|\`
			`(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]\|\`
			`(2[0-4]\|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]\|(2[0-4]\|1{0,1}[0-9]){0,1}[0-9]))/[0-9]{1,3})$"`

			`for i in $(sed 's/,/\ /g' <<<$SMTP_NETWORKS); do`
			`if grep -Eq "[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/[0-9]{1,2}" <<<$i ; then`
			`nets+=", $i"`
			`elif grep -Eq "$ipv6re" <<<$i ; then`
			`readarray -d \/ -t arr < <(printf '%s' "$i")`
			`nets+=", [${arr[0]}]/${arr[1]}"`
			`else`
			`echo "$i is not in proper IPv4 or IPv6 subnet format. Ignoring."`
			`fi`
			`done`
Update run.sh Add trusted networks option 2019-03-17 22:17:51 +01:00			`fi`
			`add_config_value "mynetworks" "${nets}"`

feat: Allow disabling SMTPUTF8 2021-11-19 10:31:40 +01:00			`# Set SMTPUTF8`
			`if [ ! -z "${SMTPUTF8_ENABLE}" ]; then`
			`postconf -e "smtputf8_enable = ${SMTPUTF8_ENABLE}"`
			`echo "Setting configuration option smtputf8_enable with value: ${SMTPUTF8_ENABLE}"`
			`fi`

Add option to overwrite the From address 2020-09-29 10:33:52 +02:00			`if [ ! -z "${OVERWRITE_FROM}" ]; then`
			`echo -e "/^From:.*$/ REPLACE From: $OVERWRITE_FROM" > /etc/postfix/smtp_header_checks`
			`postmap /etc/postfix/smtp_header_checks`
			`postconf -e 'smtp_header_checks = regexp:/etc/postfix/smtp_header_checks'`
			`echo "Setting configuration option OVERWRITE_FROM with value: ${OVERWRITE_FROM}"`
			`fi`

feat: Add message_size_limit option (#86) * feat: Add MESSAGE_SIZE_LIMIT configuration option (PR #86) 2022-06-20 23:38:09 +02:00			`# Set message_size_limit`
			`if [ ! -z "${MESSAGE_SIZE_LIMIT}" ]; then`
			`postconf -e "message_size_limit = ${MESSAGE_SIZE_LIMIT}"`
			`echo "Setting configuration option message_size_limit with value: ${MESSAGE_SIZE_LIMIT}"`
			`fi`

make inet_protocol configurable 2023-10-31 10:25:38 +01:00			`# Set inet_protocol`
			`if [ ! -z "${INET_PROTOCOL}" ]; then`
			`sed -i -e 's/inet_protocols = all/inet_protocols = ipv4/g' /etc/postfix/main.cf`
			`echo "Setting configuration option inet_protocols with value: ${INET_PROTOCOL}"`
			`fi`


Don't add duplicate configuration entries. 2018-05-09 09:06:30 +02:00			`#Start services`
In case of mounting /var/spool/postfix, delete master.pid first 2019-10-24 00:20:20 +02:00
			`# If host mounting /var/spool/postfix, we need to delete old pid file before`
			`# starting services`
			`rm -f /var/spool/postfix/pid/master.pid`

feat: Removed supervisor and rsyslog As mentioned in discussion #54, since version 3.3.0, postfix can run in foreground mode, and since 3.4.0 it can log directly to stdout. 2021-04-27 23:44:39 +02:00			`exec /usr/sbin/postfix -c /etc/postfix start-fg`