Transport Map and relayhosts map

.gitignore

@@ -1 +1,6 @@
 dkim.key
+.settings
+.project
+.buildpath
+.gitignore.swp
+docker-compose.yml

Dockerfile

@@ -1,6 +1,6 @@
 # Postfix SMTP Relay
 
-FROM debian:stretch
+FROM debian:buster
 
 EXPOSE 25 587
 
@@ -51,6 +51,8 @@ COPY opendkim.conf.sh /etc/
 
 COPY s6 /etc/s6/
 COPY entry.sh /
+COPY update_clientrelayhosts.sh /usr/sbin/
+COPY update_transport.sh /usr/sbin/
 
 ENTRYPOINT ["/entry.sh"]
 CMD ["/usr/bin/s6-svscan", "/etc/s6"]

README.md

@@ -4,12 +4,9 @@ Postfix SMTP Relay.
 
 Drop-in Docker image for SMTP relaying. Use wherever a connected service
 requires SMTP sending capabilities. Supports TLS out of the box and DKIM
-(if enabled and configured).
+(if enabled and configured).  Allows specifying which hosts are allowed to relay through mail server.
 
-[![Docker Automated build](https://img.shields.io/docker/cloud/automated/freinet/postfix-relay.svg)](https://hub.docker.com/r/freinet/postfix-relay/)
-[![Docker Build Status](https://img.shields.io/docker/cloud/build/freinet/postfix-relay.svg)](https://hub.docker.com/r/freinet/postfix-relay/builds/)
-[![Docker image size](https://images.microbadger.com/badges/image/freinet/postfix-relay.svg)](https://microbadger.com/images/freinet/postfix-relay)
-[![Docker image version](https://images.microbadger.com/badges/version/freinet/postfix-relay.svg)](https://microbadger.com/images/freinet/postfix-relay)
+NOTE:  This is a fork of https://hub.docker.com/r/freinet/postfix-relay respository and added a client relay hosts option.
 
 ## Environment Variables
 
@@ -31,6 +28,8 @@ Relay host parameters:
 - `RELAYHOST` - Postfix `relayhost`. Default ''. (example `mail.example.com:25`)
 - `RELAYHOST_AUTH` - Enable authentication for relayhost. Generally used with `RELAYHOST_PASSWORDMAP`. Default `no`.
 - `RELAYHOST_PASSWORDMAP` - relayhost password map in format: `RELAYHOST_PASSWORDMAP=mail1.example.com:user1:pass2,mail2.example.com:user2:pass2`
+- `USE_CLIENT_RELAYHOSTS` - Enable client relay restriction.  Default `no`.
+
 
 TLS parameters:
 
@@ -59,11 +58,42 @@ DKIM parameters:
 
 `docker run -e MAILNAME=mail.example.com panubo/postfix`
 
-## Volumes
+## Volumes andFiles
 
 No volumes are defined. If you want persistent spool storage then mount
 `/var/spool/postfix` outside of the container.
 
+If using `USE_CLIENT_RELAYHOSTS` mount a `relayhosts` file to `/etc/postfix/relayhosts` if you want to maintain a peristent list over restarts. 
+
+If using `USE_TRANSPORT_MAPS` mount a `transport` file to `/etc/postfix/transport`.
+
+## Client Relay Hosts
+
+If you want to be able to change the hosts that can be allowed through the server during runtime, enable this option.
+
+During startup, a `/etc/postfix/relayhosts` file is created is not already available and hashed for postfix.  
+
+The relays hosts file is created in this format
+
+```
+#IP OK
+192.168.1.12 OK
+```
+
+Once the file has been edited, run the `/usr/sbin/update_clientrelayhosts.sh` from the command line with
+
+```
+docker exec -it container_name /usr/sbin/update_clientrelayhosts.sh
+```
+
+Change `container_name` to be the name of the container.  The `update_clientrelayhosts.sh` is just a shortcut to postmap and then reloads the configuration into postfix.
+
+## Transport Maps
+Sometimes you want to direct where email is being sent to.  This is achieved by using transport maps.  Create a file and map it through to `/etc/postfix/transport` in the image.  Use the `USE_TRANSPORT_MAPS="yes"` environment option to enable. 
+
+Once the file has been modified in a running system, run the `update_transport.sh` command to create a hashfile and reload postfix.
+
+
 ## Test email
 
 To send a test email via the command line, make sure heirloom-mailx is installed.

s6/postfix/run

@@ -1,5 +1,4 @@
 #!/usr/bin/env bash
-
 set -e
 
 [ "$DEBUG" == 'true' ] && set -x
@@ -33,6 +32,38 @@ if [ "${USE_DKIM}" == "yes" ]; then
     postconf -e non_smtpd_milters="inet:localhost:8891"
 fi
 
+# Relay Restrictions
+: "${USE_RELAY:=no}"
+
+if [ "${USE_CLIENT_RELAYHOSTS}" == "yes" ]; then
+    echo "postfix >> Enabling client relay hosts file"
+    sed -i 's/permit_mynetworks permit_sasl_authenticated/permit_mynetworks check_client_access hash:\/etc\/postfix\/relayhosts permit_sasl_authenticated/g' /etc/postfix/main.cf
+
+	#if no relay hosts file, then create it
+	if [ ! -f /etc/postfix/relayhosts ]; then
+	    touch /etc/postfix/relayhosts
+	fi
+        # Set ownership in case passed in
+        chown root /etc/postfix/relayhosts
+	postmap /etc/postfix/relayhosts
+fi
+
+# Transport Maps
+: "${USE_TRANSPORT_MAPS:=no}"
+
+if [ "${USE_TRANSPORT_MAPS}" == "yes" ]; then
+    echo "postfix >> Enabling transport maps file"
+    postconf -e transport_maps="hash:/etc/postfix/transport"
+
+        #if no transport maps file, then create it
+        if [ ! -f /etc/postfix/transport ]; then
+            touch /etc/postfix/transport
+        fi
+        # Set ownership in case passed in
+        chown root /etc/postfix/transport
+        postmap /etc/postfix/transport
+fi
+
 # TLS
 : "${USE_TLS:=yes}"
 : "${TLS_SECURITY_LEVEL:=may}"

update_clientrelayhosts.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+postmap /etc/postfix/relayhosts
+postfix reload

update_transport.sh

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+
+postmap /etc/postfix/transport
+postfix reload