Tiny VPS Postfix with Docker
A refresh of my tiny vps postfix setup.
Series Content
- Part 1 - Tiny VPS Postfix
- Part 2 - Non-Linux Outgoing SMTP Account
- Part 3 - GMail As Email Client
- Part 4 - Postfix with Docker <- You are here
- Part 5 - Docker, Postfix, Journald & Logwatch
The Pain
Since I start my vps journey, I gone through 3 servers. From mid-size to small, then to the current small-size kvm.
Every time I switch boxes, I have to gather all application configuration files, copy them off the box. Then upload them to the new box.
Web server packages like Apache and Lighttpd were not that bad as their configuration are in single directory.
However I always missed a file here or there for postfix. I either forgot /etc/aliases
or /etc/sasldb2
. Basically, it was never a clean process.
I want something tidy, easily reproducible.
Docker
Container
In the past few years I had been using kubernetes and docker. I decided to try moving postfix into container.
At first I was experimenting with other peoples’ postfix containers. However they either customizing too much, automated something that conflict with my setup, or plain too old.
I end up creating my own jsiu/postfix. I will go through my setup below.
Docker Compose
I choose docker over kubernetes because of simplicity. Kubernetes is a bit over kill for a single box with only 3 simple services(postfix, git and web).
I created a directory call compose
, following is the final structure:
|
|
The contents of my docker compose are as follow:
.env
|
|
docker-compose.yml
|
|
The reason I include caddy settings also is because I am using caddy auto certificate for my postfix, which will be explained below.
Postfix Configuration
The postfix configuration is basically the same as my original Tiny VPS Postfix, with slight modification explained below.
Copy existing postfix configuration files into 00_VOL/postfix
, or populate it with the default ones from image. Then modify main.cf
:
|
|
Line | Comment |
---|---|
14, 15 | Hostname need to be hardcode here as postfix is inside container. |
18 | We want a persistent queue which can survive container restart. /queue is mapped to ${POSTFIX_QUE} in compose file line 36. |
28, 29 | We are using certificate from Caddy, which are saved in volume CADDY_DAT in compose file line 18. Postfix map CADDY_DAT to /data in compose file line 37. |
SASL
00_VOL/postfix/sasl2/smtpd.conf
|
|
I copied my original /etc/aliases
, /etc/sasldb2
into 00_VOL/postfix
. Started up docker compose:
|
|
My postfix is now up and running in docker container.
The PRO
- Re-using existing postfix configuration with minimum modification.
- Easy to migrate.
compose
is a git repository and checked into git server. If I want to change my VPS box again, I just have to clonecompose
to the new box. I can also backupcompose
with a single tar command.
The CON
Localhost Email
Localhost email need additional package to forward into postfix. Fortunately, both msmtp
and opensmtpd
with minimal configuration can do exactly that:
msmtp
1
apt install msmtp-mta
/etc/msmtprc
1 2 3
domain johnsiu.com host ::1 port 25
Here,
domain
is actually hostname used by msmtp during HELO handshake with postfix.opensmtpd
1
apt install opensmtpd
Its configuration file:
/etc/smtpd.conf
1 2
action "relay" relay host smtp://[::1] match from local for any action "relay"
I picked msmtp
as it is just a command line replacement for sendmail and not running as daemon. I put a copy of the config in compose
directory and checked in git also.
Certificate Refresh
As illustrated above, postfix container is using caddy auto certificates. I haven’t find a way to auto detect certificate update, so I just use a cronjob to restart postfix container weekly.
|
|
Conclusion
I did spend quiet sometime on debugging and fine tuning my jsiu/postfix
container, and optimizing the compose file. However this is beneficial in the long run as backup and deploy are easily reproducible.