From 842ba652512906c1b6ab73915cc6a445b2649850 Mon Sep 17 00:00:00 2001
From: Maximilian Kratz <account@maxkratz.com>
Date: Wed, 29 Dec 2021 15:14:39 +0100
Subject: [PATCH] Updates README.md and adds example configuration files

---
 .gitignore                      |   5 ++
 README.md                       |  10 ++-
 config/.gitkeep                 |   0
 config/mailname.example         |   1 +
 config/main.cf.example          | 108 ++++++++++++++++++++++++++++++++
 config/relay_recipients.example |   1 +
 docker-compose.yml.example      |  36 +++++++++++
 7 files changed, 160 insertions(+), 1 deletion(-)
 create mode 100644 .gitignore
 create mode 100644 config/.gitkeep
 create mode 100644 config/mailname.example
 create mode 100644 config/main.cf.example
 create mode 100644 config/relay_recipients.example
 create mode 100644 docker-compose.yml.example

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..2e1f17b
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+docker-compose.yml
+./config/mailname
+./config/main.cf
+./config/relay_recipients
+./config/dh_2048.pem
\ No newline at end of file
diff --git a/README.md b/README.md
index df88ebf..03879b7 100644
--- a/README.md
+++ b/README.md
@@ -7,11 +7,19 @@ Prebuild images can be found at this [Dockerhub repository](https://hub.docker.c
 
 
 ## Quickstart
-After installing [Docker](https://docs.docker.com/get-docker/), just run the following command to start your Postfix instance:
+After installing [Docker](https://docs.docker.com/get-docker/), just run the following steps:
+
+* Copy `docker-compose.yml.example` to `docker-compose.yml`.
+* Create your config files: `./config/main.cf`, `./config/relay_recipients`, `./config/dh_2048.pem`, `./config/mailname`, and `$ touch ./data/postfix.log`
+    * You can use the provided example files to get started.
+* Update the file `docker-compose.yml` and set your values.
+* Run the following command to start your Postfix instance:
 ```
 $ docker-compose up -d
 ```
 
+The compose file also starts a container for publishing metrics using [this Docker image](https://github.com/maxkratz/postfix_exporter).
+
 
 ## Dockerfile
 The Dockerfile can be found at the [Github repository](https://github.com/maxkratz/docker_postfix).
diff --git a/config/.gitkeep b/config/.gitkeep
new file mode 100644
index 0000000..e69de29
diff --git a/config/mailname.example b/config/mailname.example
new file mode 100644
index 0000000..ff7e42d
--- /dev/null
+++ b/config/mailname.example
@@ -0,0 +1 @@
+mx2.example.com
\ No newline at end of file
diff --git a/config/main.cf.example b/config/main.cf.example
new file mode 100644
index 0000000..2ffac18
--- /dev/null
+++ b/config/main.cf.example
@@ -0,0 +1,108 @@
+# See /usr/share/postfix/main.cf.dist for a commented, more complete version
+
+
+# Debian specific:  Specifying a file name will cause the first
+# line of that file to be used as the name.  The Debian default
+# is /etc/mailname.
+#myorigin = /etc/mailname
+
+smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
+biff = no
+
+# appending .domain is the MUA's job.
+append_dot_mydomain = no
+
+# Uncomment the next line to generate "delayed mail" warnings
+#delay_warning_time = 4h
+
+readme_directory = no
+
+# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 2 on
+# fresh installs.
+compatibility_level = 2
+
+
+#
+# TLS parameters
+#
+# New new certificates
+smtpd_tls_cert_file=/certs/fullchain.pem
+smtpd_tls_key_file=/certs/key.pem
+smtpd_use_tls=yes
+smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
+smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
+
+#
+# TLS new stuff
+#
+# Activates encrypted sending if reciever allows encryption
+#smtpd_tls_security_level = may
+#smtpd_tls_protocols = !SSLv2, !SSLv3 !TLSv1
+#smtpd_tls_loglevel = 1
+
+# TLS supported cipherlist
+tls_high_cipherlist = !aNULL:!eNULL:!CAMELLIA:HIGH:@STRENGTH
+# Prefer the servers order of ciphers over clients
+tls_preempt_cipherlist = yes
+# EDH-Parameter 
+smtpd_tls_dh1024_param_file = /etc/postfix/dh_2048.pem
+# No SSL compression
+tls_ssl_options = NO_COMPRESSION
+
+# Sending stuff
+# TLS protocols accepted by Postfix (Outgoing)
+smtp_tls_protocols = !SSLv2, !SSLv3
+smtp_tls_mandatory_protocols = !SSLv2, !SSLv3
+# TLS supported ciphers (Outgoing)
+smtp_tls_ciphers = high
+smtp_tls_mandatory_ciphers = high
+# Uses TLS if this is supported by the receiving SMTP server
+smtp_tls_security_level = may
+# Enable additional Postfix SMTP server logging of TLS activity
+smtp_tls_loglevel = 1
+
+# Receiving stuff
+# TLS protocols accepted by Postfix (Incoming)
+smtpd_tls_protocols = !SSLv2, !SSLv3
+smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+# TLS supported ciphers (Incoming)
+smtpd_tls_ciphers = high
+smtpd_tls_mandatory_ciphers = high
+# Uses TLS if this is supported by the sending SMTP server, otherwise use plaintext
+smtpd_tls_security_level = may
+# Enable additional Postfix SMTP server logging of TLS activity
+smtpd_tls_loglevel = 1
+
+# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
+# information on enabling SSL in the smtp client.
+
+smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
+# Hostname of this server
+myhostname = mx2.example.com
+alias_maps = hash:/etc/aliases
+alias_database = hash:/etc/aliases
+myorigin = /etc/mailname
+# Destinations
+mydestination = $myhostname, localhost, ,
+# No relay host
+relayhost =
+mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
+mailbox_size_limit = 0
+recipient_delimiter = +
+inet_interfaces = all
+inet_protocols = all
+
+#
+# Mail relaying and stuff
+#
+# Relay for which domains?
+relay_domains = example.com,
+
+# Queue lifetime: How long to wait before bounce a mail?
+maximal_queue_lifetime = 14d
+
+# Recipient map: Whitelist domains and mail addresses
+relay_recipient_maps = hash:/etc/postfix/relay_recipients
+
+# Container log file
+maillog_file = /var/log/postfix.log
diff --git a/config/relay_recipients.example b/config/relay_recipients.example
new file mode 100644
index 0000000..075af00
--- /dev/null
+++ b/config/relay_recipients.example
@@ -0,0 +1 @@
+@example.com    OK
\ No newline at end of file
diff --git a/docker-compose.yml.example b/docker-compose.yml.example
new file mode 100644
index 0000000..5978bff
--- /dev/null
+++ b/docker-compose.yml.example
@@ -0,0 +1,36 @@
+version: "2.3"
+services:
+
+  postfix:
+    image: maxkratz/postfix:latest
+    volumes:
+      # Main configuration file
+      - ./config/main.cf:/etc/postfix/main.cf:ro
+      # Relay recipient list
+      - ./config/relay_recipients:/etc/postfix/relay_recipients:ro
+      # DH parameters
+      - ./config/dh_2048.pem:/etc/postfix/dh_2048.pem:ro
+      # Mailname, e.g., mx2.example.com
+      - ./config/mailname:/etc/mailname:ro
+      # Log file for persistent logs
+      - ./data/postfix.log:/var/log/postfix.log
+      # Certificate(s) for TLS/SSL
+      - /<your-certificate-path>:/certs:ro
+      # Shared spool volume
+      - spool:/var/spool/postfix
+    network_mode: host
+    restart: unless-stopped
+
+  postfix-exporter:
+    image: maxkratz/postfix_exporter:latest
+    # Mount spool and logfiles as read only to container
+    volumes:
+      - spool:/var/spool/postfix:ro
+      - ./data/postfix.log:/var/log/mail.log:ro
+    # Map ports to host 
+    ports:
+      - 9154:9154
+    restart: unless-stopped
+
+volumes:
+  spool: