docker-postfix-relayer/entrypoint.sh at main · cron-eu/docker-postfix-relayer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
#!/bin/sh
set -eu

log() {
  printf '%s [postfix-relay] %s\n' "$(date -u +%Y-%m-%dT%H:%M:%SZ)" "$*" >&2
}

# Ensure runtime dirs
mkdir -p /var/spool/postfix /var/lib/postfix /var/run/postfix /var/log

# Configure postlog to write directly to stdout
postconf -e "maillog_file=/dev/stdout"

# Ensure aliases db exists (avoid warnings)
newaliases >/dev/null 2>&1 || true

# Provide a minimal default if not set via env; keep all other defaults
if [ -z "${POSTFIX_mydestination:-}" ] && [ -z "${POSTFIX_MYDESTINATION:-}" ]; then
  postconf -e "mydestination=localhost"
fi

# Default mynetworks to allow common private/Docker networks
if [ -z "${POSTFIX_mynetworks:-}" ] && [ -z "${POSTFIX_MYNETWORKS:-}" ]; then
  postconf -e "mynetworks=127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
fi

# Apply all POSTFIX_* and postfix_* environment variables using postconf
apply_postfix_env() {
  for var in $(env | awk -F= '/^(POSTFIX_|postfix_)/ {print $1}'); do
    value="$(printenv "$var" || true)"
    [ -n "${value:-}" ] || continue
    case "$var" in
      POSTFIX_*) key="${var#POSTFIX_}" ;;
      postfix_*) key="${var#postfix_}" ;;
    esac
    key="$(echo "$key" | tr '[:upper:]' '[:lower:]')"
    log "Config: ${key}=${value}"
    postconf -e "${key}=${value}"
  done
}
apply_postfix_env

# Configure client SASL auth if credentials provided
if [ -n "${SMTP_USERNAME:-}" ] && [ -n "${SMTP_PASSWORD:-}" ]; then
  relay="$(postconf -h relayhost || true)"
  if [ -z "$relay" ]; then
    relay="${POSTFIX_relayhost:-${POSTFIX_RELAYHOST:-}}"
  fi
  if [ -z "$relay" ]; then
    log "ERROR: SMTP_USERNAME/SMTP_PASSWORD provided but no relayhost configured (set POSTFIX_relayhost or POSTFIX_RELAYHOST)."
    exit 1
  fi

  log "Enabling SASL auth for relayhost ${relay}"
  umask 077
  echo "${relay} ${SMTP_USERNAME}:${SMTP_PASSWORD}" > /etc/postfix/sasl_passwd

  # Prefer LMDB if available on Alpine, else hash
  if postconf -m | grep -qw lmdb; then
    MAPTYPE="lmdb"
  else
    MAPTYPE="hash"
  fi

  postmap /etc/postfix/sasl_passwd
  postconf -e "smtp_sasl_auth_enable=yes"
  postconf -e "smtp_sasl_password_maps=${MAPTYPE}:/etc/postfix/sasl_passwd"
  postconf -e "smtp_sasl_security_options=noanonymous"
fi

# Ensure TLS trust bundle (safe no-op if default already)
if [ -f /etc/ssl/certs/ca-certificates.crt ]; then
  postconf -e "smtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt"
fi

# Fix permissions best-effort
postfix set-permissions 2>/dev/null || true

# Show effective non-default config (useful in logs/CloudWatch)
postconf -n | sed 's/^/[postfix] /'

log "Starting Postfix in foreground..."
exec postfix start-fg