wader / postfix-relay Goto Github PK

After restarting, all the files in /var/mail seem to get chowned to postfix?

This results in:
cannot update mailbox /var/mail/root for user root. destination /var/mail/root is not owned by recipient

We tried start Azure Container Instance using this image but it is not working using Azure Portal or Azure DevOps.
We are getting following error when trying to pull image during deployment:
#[error]InaccessibleImage: The image 'mwader/postfix-relay' in container group 'ci-postfixsmtp01' is not accessible. Please check the image and registry credential.

PS: Normal "docker pull mwader/postfix-relay" on docker enabled VM is working fine.
PS: After we pull/push image into Azure Container Registry we are able to start ACI from such image.

Any idea how we can start ACI directly from public docker image ?

Problem

• Getting random rejections: 454 4.7.1 Relay access denied
  • Sometimes right after starting the container
  • Sometimes after 3 or more retries
  • Sometimes if I insist retrying, I get only rejections
• None of these rejections are displayed in the output log, not even with debugging enabled (POSTFIX_debug_peer_list=0.0.0.0/0)
• Any otherinfo, like if dkim has worn permissions on the key file or delivery successes are displayed.

Deployment

• As a pod, in kubernetes 1.18
• Configuration is almost basic, nothing fancy. Did relax everything that I could.

/etc/postfix/main.cf

# See /usr/share/postfix/main.cf.dist for a commented, more complete version                                           
                                                                                                                       
                                                                                                                       
# Debian specific:  Specifying a file name will cause the first                                                        
# line of that file to be used as the name.  The Debian default                                                        
# is /etc/mailname.                                                                                                    
#myorigin = /etc/mailname                                                                                              
                                                                                                                       
smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)                                                               
biff = no                                                                                                              
                                                                                                                       
# appending .domain is the MUA's job.                                                                                  
append_dot_mydomain = no                                                                                               
                                                                                                                       
# Uncomment the next line to generate "delayed mail" warnings                                                          
#delay_warning_time = 4h                                                                                               
                                                                                                                       
readme_directory = no                                                                                                  
                                                                                                                       
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on                                              
# fresh installs.                                                                                                      
compatibility_level = 2                                                                                                
                                                                                                                       
                                                                                                                       
                                                                                                                       
# TLS parameters                                                                                                       
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem                                                               
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key                                                              
smtpd_use_tls=yes                                                                                                      
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache                                                
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache                                                  
                                                                                                                       
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for                                              
# information on enabling SSL in the smtp client.                                                                      
                                                                                                                       
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated permit_inet_interfaces reject_unauth_destination
myhostname = revomatico.com                                                                                            
alias_maps = hash:/etc/aliases                                                                                         
alias_database = hash:/etc/aliases                                                                                     
mydestination = localhost                                                                                              
relayhost =                                                                                                            
mynetworks = 0.0.0.0/0                                                                                                 
mailbox_size_limit = 0                                                                                                 
recipient_delimiter = +                                                                                                
inet_interfaces = all                                                                                                  
inet_protocols = all                                                                                                   
smtp_tls_security_level = may                                                                                          
smtpd_tls_security_level = none                                                                                        
milter_protocol = 2                                                                                                    
milter_default_action = accept                                                                                         
smtpd_milters = inet:localhost:12301                                                                                   

/etc/opendkim.conf

InternalHosts 0.0.0.0/0, ::/0
KeyTable refile:/etc/opendkim/KeyTable
Mode sv
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:12301@localhost
Syslog yes
UMask 002

Is it possible to enable through Envt variable to make it so I can lot to STDOUT and a rolling LOG file.

With SMTP relaying/troubleshooting keeping a history in a plan LOG file is always handy.

It seems like the postfix-relay keeps stopping without any information in the log.
I can be up for some days and the just stop without any information.

I got --restart=unless-stopped on

I'm using latest docker image, dkim sign worked fine for last 6-7 months, but with latest docker image (recreated) it stopped working.

I did dry to use previus versions, but no luck. Still same issue (docker logs):

xxx-postfix-1 | DNS records:
xxx-postfix-1 | vps._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; p=xxx" )
xxx-postfix-1 | Starting OpenDKIM: opendkim.
xxx-postfix-1 | Starting Postfix Mail Transport Agent: postfix.
xxx-postfix-1 | 2023-09-01T16:49:24.562639+00:00 55c29361f16a rsyslogd: [origin software="rsyslogd" swVersion="8.1901.0" x-pid="147" x-info="https://www.rsyslog.com"] start
xxx-postfix-1 | 2023-09-01T16:49:24.563632+00:00 55c29361f16a postfix/master[145]: daemon started -- version 3.4.23, configuration /etc/postfix
xxx-postfix-1 | 2023-09-01T16:49:32.484746+00:00 55c29361f16a postfix/smtpd[152]: connect from xxx_default[172.0.0.5]
xxx-postfix-1 | 2023-09-01T16:49:32.495255+00:00 55c29361f16a postfix/smtpd[152]: 78E23E0137: client=xxx-1.xxx[172.0.0.5]
xxx-postfix-1 | 2023-09-01T16:49:32.496170+00:00 55c29361f16a postfix/cleanup[155]: 78E23E0137: message-id=[email protected]
xxx-postfix-1 | 2023-09-01T16:49:32.537913+00:00 55c29361f16a opendkim[33]: vps._domainkey.xxx: key data is not secure: /etc/opendkim/keys/xxx/vps.private
xxx-postfix-1 | 2023-09-01T16:49:32.537923+00:00 55c29361f16a opendkim[33]: 78E23E0137: error loading key 'vps._domainkey.xxx'
xxx-postfix-1 | 2023-09-01T16:49:32.537963+00:00 55c29361f16a postfix/cleanup[155]: 78E23E0137: milter-reject: END-OF-MESSAGE from xxx-1.xxx[172.0.0.5]: 4.7.1 Service unavailable - try again later; from=develop@xxx to=[email protected] proto=ESMTP helo=<dev.xxx>
xxx-postfix-1 | 2023-09-01T16:49:32.600292+00:00 55c29361f16a postfix/smtpd[152]: disconnect from xxx-1.xxx[172.0.0.5] ehlo=1 mail=1 rcpt=1 data=0/1 quit=1 commands=4/5

File permissions:

-rw------- 1 opendkim opendkim 1704 Aug 29 10:49 vps.private`
-rwx--x--- 1 opendkim opendkim 449 Aug 29 10:49 vps.txt

I did try to change to only u+rw to vps.txt (but no change).
I tried to generate new keys and same issue.

What could cause this?

Hi Sorry for more of a Mail question in general than the one to this repo.

When I get to the part for the docker-compose.yml of:

  environment:
    - POSTFIX_myhostname=smtp.domain.tld
    - OPENDKIM_DOMAINS=smtp.domain.tld

I have no idea what myhostname should be nor any extra DNS setup I will need to do.

Basically I have a Wordpress services running in docker and the mail is becoming a big pain due to sendmail not being the most strait forward thing ever.

If I have the domain: awesomesite.com and I want to send emails from it, what would those settings end up being? do I need to prepend smtp. to awesomesite.com and create an A record??

My site already has a Google inbox so I can't mess with the mx records.

Cheers,
Michael.

I tried this

docker run -d --name SMTP -p 25:25 -e POSTFIX_myhostname=mydomain.com -e OPENDKIM_DOMAINS=mydomain.com -v "SomeLocalPath:/etc/opendkim/keys/" mwader/postfix-relay

Then I tried sending a mail
Send-MailMessage -To [email protected] -From [email protected] -Subject "Test Subject" -Body "Test Body" -SmtpServer IPofDocker

But I get this error
Send-MailMessage : Error in processing. The server response was: 4.7.1 Service unavailable - try again later

I can see that the DKIM files is generated and they look alright.

I played around with it some more and it seems there are some things that needs to be done.
First I need to set it to allow "outside docker" relay
-e POSTFIX_mynetworks="0.0.0.0/0" -e POSTFIX_mynetworks_style=subnet
Can probably be more restrictive.

But then there is the DKIM again.
Because I have added a volume to reuse the DKIM keys OpenDKIM complains about them not being safe.

opendkim[33]: mail._domainkey.mydomain.com: key data is not secure: /etc/opendkim/keys can be read or written by other users
opendkim[33]: 29AF1200458: error loading key 'mail._domainkey.mydomain.com'

To avoid this I had to edit the /etc/opendkim.conf and put in (RequireSafeKeys no).
That removed the second error (about loading the key).
It's really not a fix because that will get overridden when the container is restarted.
I tried this: -e OPENDKIM_RequireSafeKeys=no but that did not work

Hello,

The latest Docker image lacks libsasl2-modules package thus fails at connecting to some SMTP relays.

Best regards.

I've been using this container for a while and I love the simplicity of configuration. I now need to expand the scope of my relay to some moderately trusted networks where explicit trust isn't the best policy. I'm going to fork the repo (https://github.com/MeCJay12/postfix-relay-sasldb), try to work through adding sasldb for basic file backed auth, then submit it for a pull req. Just wanted to open this ticket to track any knowledge gained and to check if there is any existing progress.

I having issue with dkim configuration.
Certificates were generated automaticly and save into pv.
But on start of docker image, I see error
opendkim: /etc/opendkim.conf: configuration error at line 2: unrecognized parameter

My /etc/opendkim.conf is generated and looks like:

InternalHosts 0.0.0.0/0, ::/0
KEY_TABLE vps._domainkey.mydomain.com:default:/etc/opendkim/keys/mydomain.com/vps.private
KeyTable refile:/etc/opendkim/KeyTable
Mode sv
SELECTOR vps
SigningTable refile:/etc/opendkim/SigningTable
Socket inet:12301@localhost
Syslog yes
UMask 002 

docker-compose.yml file is like this:

yaml
  postfix:
    image: mwader/postfix-relay
    restart: unless-stopped
    volumes:
      - ./env/postfix/dkim/:/etc/opendkim/keys/
    environment:
      - POSTFIX_myhostname=${HOSTNAME}
      - OPENDKIM_DOMAINS=mydomain.com=vps
      - OPENDKIM_SELECTOR=vps
      - OPENDKIM_KEY_TABLE=vps._domainkey.mydomain.com:default:/etc/opendkim/keys/mydomain.com/vps.private

** I have replaced my actual domain with mydomain.com **

Main issue here is that my email don't have DKIM signature.

I have tested it via https://dkimvalidator.com/ and results is: This message does not contain a DKIM Signature

Received: from **hostname** (**ip**.clients.your-server.de [**ip**])
	by relay-2.us-west-2.relay-prod (Postfix) with ESMTPS id 2CD3C2501A
	for <[email protected]>; Tue,  9 May 2023 14:53:28 +0000 (UTC)
Received: from **domain** (**hostname**_default [172.0.0.5])
	by **hostname** (Postfix) with ESMTP id B5275E001D
	for <[email protected]>; Tue,  9 May 2023 14:53:26 +0000 (UTC)
Date: Tue, 9 May 2023 14:53:26 +0000
To: [email protected]
From: =?UTF-8?Q?=5B**hostname**?= <develop@**domain**>
Subject: =?UTF-8?Q?[**hostname**]_Ponastavi_geslo?=
Message-ID: <4T8O2u99oCNsamVrGrcmvqxJYSUNFYnobuoKPbMq7o@**domain**>
X-Mailer: WPMailSMTP/Mailer/smtp 3.7.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

**email content**

What am I missing here?

I am sending an email to [email protected] - and it works fine.
When I am sending to [email protected] it does not work.

My setup is that "mydomain.com" is the name of my local network.
I can see from the logs that the container tries to send the emails to my two domain controllers (Windows Active Directory) on port 25.

It looks like it's not using the MX record to send the mail.

When I use another SMTP server (windows server built in) I have no issues.

I tried using the docker image for DKIM

At first I copied in my own private key. I could not get DKIM working. Now I'm not bothering to volume mount and instead copying the given DNS record to a new selector in my DNS zone.

opendkim appears to be down:

root@aaabbbccc:/# service postfix status
[ ok ] postfix is running.
root@aaabbbccc:/# service opendkim status
[FAIL] opendkim is not running ... failed!

If I don't volume mount, I can see a lot of processes:

UID          PID    PPID  C STIME TTY          TIME CMD
root           1       0  0 21:14 ?        00:00:00 /bin/bash /root/run
opendkim      38       1  0 21:14 ?        00:00:00 /usr/sbin/opendkim -x /etc/opendkim.conf -u opendkim -P /var/run/opendkim/opendkim.pid
root         158       1  0 21:14 ?        00:00:00 /usr/lib/postfix/sbin/master
root         160       1  0 21:14 ?        00:00:00 rsyslogd -n
postfix      163     158  0 21:14 ?        00:00:00 pickup -l -t unix -u -c
postfix      164     158  0 21:14 ?        00:00:00 qmgr -l -t unix -u
root         165       0  0 21:15 pts/0    00:00:00 bash
postfix      179     158  0 21:22 ?        00:00:00 tlsmgr -l -t unix -u -c
postfix      252     158  0 21:29 ?        00:00:00 trivial-rewrite -n rewrite -t unix -u -c
postfix      253     158  0 21:29 ?        00:00:00 smtp -t unix -u -c
postfix      254     158  0 21:29 ?        00:00:00 bounce -z -n defer -t unix -u -c
root         256     165  0 21:30 pts/0    00:00:00 ps -ef

I can attempt to start opedkim but that only results in three log entries:

2022-10-16T21:31:48.586557+00:00 aaabbbccc opendkim[266]: OpenDKIM Filter: Unable to bind to port inet:12301@localhost: Address already in use
2022-10-16T21:31:48.588899+00:00 aaabbbccc opendkim[266]: OpenDKIM Filter: Unable to create listening socket on conn inet:12301@localhost
2022-10-16T21:31:48.589434+00:00 aaabbbccc opendkim[266]: smfi_opensocket() failed

There is an opendkim process, but the pidfile is wrong:

root@aaabbbccc:/# cat /var/run/opendkim/opendkim.pid
266

lsof returns nothing:

root@aaabbbccc:/# lsof -n -i :12301
root@aaabbbccc:/#

I installed iproute2 and ran this:

root@aaabbbccc:/# ss -lptn 'sport = :12301'
State                  Recv-Q                  Send-Q                                   Local Address:Port                                    Peer Address:Port                 
LISTEN                 0                       128                                          127.0.0.1:12301                                        0.0.0.0:*      

I'm using mwader/postfix-relay:1.1.8 and providing POSTFIX_myhostname=example.com and OPENDKIM_DOMAINS=example.com. Replacing example.com.

As I closed that container I notice:

^CStopping Postfix Mail Transport Agent: postfix2022-10-16T21:35:55.614971+00:00 7424cb1ab9a1 postfix/master[158]: terminating on signal 15
.
Stopping OpenDKIM: No /usr/sbin/opendkim found running; none killed.
opendkim.

I have been looking at the postfix documentation but I have not been able to figure out what to change.

My goal is to view mail logging.
I was hoping to find a file with all failed and successful deliveries.
Also I was hoping to be able to enable full log of the mail aka the full mail as a single file.

I run docker compose as an user other than root and to avoid filesystem permissions issues on my mounted files I change the user and group id to match the user running docker

smtp:
        image: mwader/postfix-relay
        restart: always
        user: 1000:1000
        volumes:
            -  ./data/dkim:/etc/opendkim/keys

Unfortunately the image fails to run with another user than root /bin/bash: /root/run: Permission denied

I have been trying to build an open relay with restrictions.

So the goal is to have an open relay available for specific hosts in my internal network.
This means that I both want to restrict what host can send emails based on IP-adresses and sender email-adresses (domains maybe). All to avoid spam send from my hosts.

I noticed that when I send a mail from my network (not another docker container) the smtp server sees 172.17.0.1 (docker gateway) as the sender IP and not my host IP (192.168.x.x). So if the mail server only sees the gateway it will be real hard to filter inside the container.

I have Mailman 3 configured to run via Docker and mailman-core submitting outbound mail to postfix-relay for delivery. However, DKIM header signature verification is failing and appears to be related to:

https://marc.info/?l=postfix-users&m=157746682807997&q=mbox

Updating /etc/postfix/main.cf to change milter_protocol from 2 to 6 fixes the problem (PR #80).

The Docker image in Docker Hub mwader/postfix-relay currently supports only OS/arch of type linux/amd64 .
It would be great to support multiple architectures (=platforms), in particular linux/arm64 , as ARM processors are widely used.

How to reproduce

If you run in an ARM machine:

$ dpkg --print-architecture
arm64

You get the following error:

$ docker run -it --rm mwader/postfix-relay:latest bash

WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
standard_init_linux.go:219: exec user process caused: exec format error

Usecases

• My usecase is to deploy the container in a RaspberryPi, which has an ARM processor.
• Any other ARM machine.

Suggested solution

You can use buildx. It can build and push a multi-platform image without modifying the Dockerfile.
It integrates very well with CI/CD pipelines:
Example of GitHub Actions: https://github.com/marketplace/actions/build-and-push-docker-images#multi-platform-image

Tests

I tested a multi-architecture build with buildx, following the steps here: https://docs.docker.com/docker-for-mac/multi-arch/

$ docker buildx create --name mybuilder
mybuilder
$ docker buildx use mybuilder
$ docker buildx build --platform linux/amd64,linux/arm64 -t forzagreen/postfix-relay:multi --push .

The resulting image is here: forzagreen/postfix-relay:multi
I tested in both amd64 and arm64.
Docker pulls the correct image based on the machine architecture.

Running docker container on a ubuntu VM. Forwarded port 25 from docker container to VM and then telnet to port 25. Throws insufficient system storage error while entering command "mail from:". I did se the mailbox size limit to 0 as an environment variable. Please help!

qshape is a great Postfix tool to display deferred queue mails grouped by target domains.
You can read about it here:
https://www.postfix.org/QSHAPE_README.html

When trying to use that tool in this container, it looks like it is not working:
qshape Can't locate File/Find.pm in @INC (you may need to install the File::Find module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /usr/sbin/qshape line 114. BEGIN failed--compilation aborted at /usr/sbin/qshape line 114.

Possible fix:
apt-get install libpath-tiny-perl

perl -MCPAN -e 'install "File::HomeDir"'

I run postfix-relay as a side container into kubernetes (dev environment).
So I have 4lvl domain name, like the test.site.example.com
I try send message to my email address and I got error Relay access denied

220 test.site.example.com ESMTP Postfix (Debian/GNU)
HELO test.site.example.com
250 test.site.example.com
mail from: [email protected]
250 2.1.0 Ok
rcpt to: [email protected]
454 4.7.1 <[email protected]>: Relay access denied

in logs:

NOQUEUE: reject: RCPT from localhost[::1]: 454 4.7.1 <[email protected]>: Relay access denied; from=<[email protected]> to=<[email protected]> proto=SMTP helo=<test.site.example.com>

main.cf

smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
biff = no
append_dot_mydomain = no
readme_directory = no
compatibility_level = 2
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = test.site.example.com
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydestination = localhost
relayhost =
mynetworks = 0.0.0.0/0
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
smtp_tls_security_level = may
smtpd_tls_security_level = none
milter_default_action = accept
smtpd_milters = inet:localhost:12301

This is very flexible docker which I can config the postfix by environment variable.

However, I had a issue when use it. I want it to be a smtp relay which let some device to send me email because my device is very old and only allow SSL (no TLS) or plain text connection, so it cannot connect smtp of outlook or gmail. I decide to use this docker to get the email from my device and as a smtp relay to use smpt of outlook to send email to me.
I cannot use NO AUTH option to relay my email because the old device must send login even empty the user and password,

After done the setup, I test it directly by telnet, after input ELHO {hostname}, I use AUTH LOGIN and input "Y2FtCg==" "Y2FtCg==" (user/password as cam/cam which encode by base64) but the result is "535 5.7.8 Error: authentication failed: authentication failure", the log show "SASL login authentication failed". I try to use testsaslauthd from docker console, but still has authentication fail message.
I still not setup relay part, just test the device can connect this docker and submit email to it only.
Following is the docker-compose.yml and passwd_file
docker-compose.yml

version: "2"
  #use hostname "smtp" as SMTP server
  smtp:
    container_name: "postfix-relay"
    image: mwader/postfix-relay:latest
    restart: always
    ports:
    - "10025:25"
    volumes:
    - /srv/docker_data/smtp-relay/passwd_file:/etc/postfix/sasl/sasl_passwds
    - /srv/docker_data/smtp-relay/mwader/postfix-relay/log:/var/log/
    environment:
    - TZ=Asia/Hong_Kong
    - SASL_Passwds=/etc/postfix/sasl/sasl_passwds
    - POSTFIX_cyrus_sasl_config_path=/etc/postfix/sasl
    - POSTFIX_myhostname=naspi.local
    - POSTFIX_smtpd_sasl_local_domain=$myhostname
    - POSTFIX_smtpd_sasl_auth_enable=yes
    - POSTFIX_broken_sasl_auth_clients=yes
    - POSTFIX_smtpd_sasl_security_options=noanonymous
    - POSTFIX_smtpd_recipient_restrictions="permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
    #- OPENDKIM_DOMAINS=naspi.local
    #- POSTFIX_smtpd_tls_security_level=may
    #- POSTFIX_relayhost=[smtp-mail.outlook.com]:587
    #- POSTFIX_smtpd_use_tls=yes
    #- POSTFIX_smtpd_recipient_restrictions="permit_sasl_authenticated, permit_mynetworks, reject_unauth_destination"
    - RSYSLOG_LOG_TO_FILE=yes
    - RSYSLOG_TIMESTAMP=yes

passwd_file
cam:$6$.CbOgrN4xn.RB$sOZo8mHHuFi79OvHYVJlDN51YFmcBeVi1BhlC3fUiuBItHVOXkUcfH.ZZEZ0m37nkPtYPI8y3TGW7SISKj9/u0

Would you help me. Thanks!

hi mwader,

As you're probably aware, peertube uses/suggests your image for their mail/notification work

I'm trying to setup my own peertube instance, and have worked through every other issue, however a persistent email error eludes me..
the error is as follows:
to=<[email protected]>, relay=none, delay=0.11, delays=0.08/0.03/0/0, dsn=4.4.3, status=deferred (Host or domain name not found. Name service error for name=gmail.com type=MX: Host not found, try again

the email address is usable, accessed regularly (though redacted for this issue); I'm just curious, if there's fix for this.. if there's something I'm doing wrong.. any help is appreciated

Would it be possible to add

$IncludeConfig /etc/rsyslog.d/*.conf

as a first line in the /etc/rsyslog.conf?

This would make it possible to configure rsyslogd to needs (eg configure dropping some types of unneeded messages).

It could go right here (as a beginning of this block):

Hi,

I'm trying to setup an email relay which uses the following Postfix 'hash' lookup tables (*):

alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_generic_maps = hash:/etc/postfix/generic

hash: values can be set using POSTFIX_ Docker environment variables, but as the /etc/postfix directory is not exposed, I'm not sure how I can call postmap to generate the Berkeley DB files which hash: expects.

I tried to replace hash:<BerkeleyDBfile> with equivalent inline:{key=value, key=value, key=value} but without success 😕

The inline: lookup seems supported as reported by

docker exec <container_id> postconf -m
btree
cidr
environ
fail
hash
inline
internal
memcache
nis
pipemap
proxy
randmap
regexp
socketmap
static
tcp
texthash
unionmap
unix

I guess the easiest would be to expose the /etc/postfix directory as a Docker volume?

(*) For reference, I'm following the guide at https://www.linode.com/docs/guides/postfix-smtp-debian7/

Thanks a lot,

Pete