feat: self-hosted postfix

2026-01-24 08:43:50 +01:00
parent e46cb018fd
commit eeed88eba4
16 changed files with 2830 additions and 652 deletions
--- a/docker/postfix/entrypoint.sh
+++ b/docker/postfix/entrypoint.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+set -e
+
+# environment variables
+MAIL_DOMAIN="${MAIL_DOMAIN:-example.com}"
+MAIL_HOSTNAME="${MAIL_HOSTNAME:-mail.example.com}"
+DKIM_SELECTOR="${DKIM_SELECTOR:-mail}"
+
+echo "Setting up postfix for domain: ${MAIL_DOMAIN}"
+echo "Hostname: ${MAIL_HOSTNAME}"
+
+# configure postfix domain
+postconf -e "myhostname=${MAIL_HOSTNAME}"
+postconf -e "mydomain=${MAIL_DOMAIN}"
+postconf -e "myorigin=\$mydomain"
+postconf -e "mydestination=\$myhostname, localhost.\$mydomain, localhost"
+
+# create OpenDKIM key folder for domain
+DKIM_KEY_DIR="/etc/opendkim/keys/${MAIL_DOMAIN}"
+mkdir -p "${DKIM_KEY_DIR}"
+
+# generate DKIM keys if they don't exist
+if [ ! -f "${DKIM_KEY_DIR}/${DKIM_SELECTOR}.private" ]; then
+    echo "Generating DKIM keys for ${MAIL_DOMAIN}..."
+    opendkim-genkey -b 2048 -d "${MAIL_DOMAIN}" -D "${DKIM_KEY_DIR}" -s "${DKIM_SELECTOR}" -v
+    chown -R opendkim:opendkim "${DKIM_KEY_DIR}"
+    chmod 600 "${DKIM_KEY_DIR}/${DKIM_SELECTOR}.private"
+
+    echo ""
+    echo "============================================"
+    echo "DKIM PUBLIC KEY - ADD THIS TO YOUR DNS:"
+    echo "============================================"
+    echo "Record Type: TXT"
+    echo "Name: ${DKIM_SELECTOR}._domainkey.${MAIL_DOMAIN}"
+    echo ""
+    cat "${DKIM_KEY_DIR}/${DKIM_SELECTOR}.txt"
+    echo ""
+    echo "============================================"
+    echo ""
+else
+    echo "Using existing DKIM keys"
+fi
+
+# configure OpenDKIM KeyTable
+cat > /etc/opendkim/KeyTable << EOF
+${DKIM_SELECTOR}._domainkey.${MAIL_DOMAIN} ${MAIL_DOMAIN}:${DKIM_SELECTOR}:${DKIM_KEY_DIR}/${DKIM_SELECTOR}.private
+EOF
+
+# configure OpenDKIM SigningTable
+cat > /etc/opendkim/SigningTable << EOF
+*@${MAIL_DOMAIN} ${DKIM_SELECTOR}._domainkey.${MAIL_DOMAIN}
+EOF
+
+# configure OpenDKIM TrustedHosts
+cat > /etc/opendkim/TrustedHosts << EOF
+127.0.0.1
+localhost
+${MAIL_DOMAIN}
+*.${MAIL_DOMAIN}
+172.16.0.0/12
+192.168.0.0/16
+10.0.0.0/8
+EOF
+
+# set permissions
+chown -R opendkim:opendkim /etc/opendkim
+chmod 600 /etc/opendkim/KeyTable
+chmod 600 /etc/opendkim/SigningTable
+
+# create postfix spool folders
+mkdir -p /var/spool/postfix/pid
+chown root:root /var/spool/postfix
+chown root:root /var/spool/postfix/pid
+
+# start OpenDKIM in background
+echo "Starting OpenDKIM..."
+opendkim -f &
+
+# wait for OpenDKIM to start
+sleep 2
+
+# copy DNS config to postfix chroot
+mkdir -p /var/spool/postfix/etc
+cp /etc/resolv.conf /var/spool/postfix/etc/
+cp /etc/services /var/spool/postfix/etc/
+cp /etc/hosts /var/spool/postfix/etc/
+
+# start postfix in foreground
+echo "Starting Postfix..."
+postfix start-fg