Initial commit: Postfix mail server with SES relay

- Containerized Postfix configuration for mailing list management - Environment-based configuration for SES credentials - Template-based config generation for flexibility - Static virtual aliases (Phase 1) - Prepared for future web interface and SQL backend (Phase 2+) Features: - Docker Compose orchestration - Secure credential management via .env - Configurable SMTP host/port - Git-ignored sensitive files - Comprehensive documentation
2025-10-12 18:07:21 +00:00
commit 55d9da3fb5
11 changed files with 339 additions and 0 deletions
--- a/postfix/Dockerfile
+++ b/postfix/Dockerfile
@@ -0,0 +1,25 @@
+FROM debian:stable-slim
+
+# Install Postfix and tools
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y \
+        postfix \
+        libsasl2-modules \
+        mailutils \
+        gettext-base \
+        && apt-get clean && rm -rf /var/lib/apt/lists/*
+
+# Copy configs
+COPY main.cf.template /etc/postfix/main.cf.template
+COPY sasl_passwd.template /etc/postfix/sasl_passwd.template
+COPY virtual_aliases.cf /etc/postfix/virtual_aliases.cf
+COPY entrypoint.sh /entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Generate Postfix maps for virtual aliases
+RUN postmap /etc/postfix/virtual_aliases.cf
+
+# Expose SMTP
+EXPOSE 25
+
+ENTRYPOINT ["/entrypoint.sh"]
--- a/postfix/entrypoint.sh
+++ b/postfix/entrypoint.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+# Generate main.cf from template with environment variables
+envsubst < /etc/postfix/main.cf.template > /etc/postfix/main.cf
+
+# Generate SASL password file from environment variables
+envsubst < /etc/postfix/sasl_passwd.template > /etc/postfix/sasl_passwd
+
+# Generate Postfix hash
+postmap /etc/postfix/sasl_passwd
+chmod 600 /etc/postfix/sasl_passwd /etc/postfix/sasl_passwd.db
+
+# Start Postfix in foreground
+exec postfix start-fg
--- a/postfix/main.cf.template
+++ b/postfix/main.cf.template
@@ -0,0 +1,21 @@
+# Basic
+myhostname = lists.sasalliance.org
+myorigin = sasalliance.org
+mydestination = $myhostname, localhost.$mydomain, localhost
+
+# Relay through SES
+relayhost = [${SMTP_HOST}]:${SMTP_PORT}
+smtp_tls_security_level = encrypt
+smtp_tls_note_starttls_offer = yes
+
+# SASL auth for SES
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+
+# Virtual aliases (static for now)
+virtual_alias_maps = hash:/etc/postfix/virtual_aliases.cf
+
+# Other recommended settings
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
--- a/postfix/sasl_passwd.template
+++ b/postfix/sasl_passwd.template
@@ -0,0 +1 @@
+[${SMTP_HOST}]:${SMTP_PORT} ${SES_USER}:${SES_PASS}
--- a/postfix/virtual_aliases.cf
+++ b/postfix/virtual_aliases.cf
@@ -0,0 +1 @@
+community@lists.sasalliance.org   james@pattinson.org, james.pattinson@sasalliance.org
				`@@ -0,0 +1 @@`
				`[${SMTP_HOST}]:${SMTP_PORT} ${SES_USER}:${SES_PASS}`
				`@@ -0,0 +1 @@`
				`community@lists.sasalliance.org james@pattinson.org, james.pattinson@sasalliance.org`