docker
/
docker-mailserver
mirror of https://github.com/tomav/docker-mailserver.git
1
0
Fork 0
Code Issues Releases Wiki Activity

chore: Use content tabs

This commit is contained in:
Brennan Kinney 2024-04-16 19:04:56 +12:00 committed by GitHub
parent 7c00d61880
commit 304cab45da
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 142 additions and 136 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
docs/content/examples/use-cases/external-relay-only-mailserver.md
View File

@ -56,9 +56,12 @@ You will need to install Postfix on your _public server_. The functionality that
It's necessary to adjust some settings afterwards.
???+ example "Postfix main config"
<!-- This empty quote block is purely for a visual border -->
!!! quote ""
Create or replace `/etc/postfix/main.cf` with this content:
=== "Postfix main config"
??? example "Create or replace `/etc/postfix/main.cf`"
```cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
@ -119,13 +122,13 @@ It's necessary to adjust some settings afterwards.
Please be aware that setting `mynetworks` to a public CIDR will leave you with an open relay. **Only** set it to the CIDR of your VPN beyond the localhost ranges.
!!! example "Route outbound mail through a separate transport"
=== "Route outbound mail through a separate transport"
When mail arrives to the _public server_ for an `@example.com` address, we want to send it via the `relay` transport to our _private server_ over port 25 for delivery to DMS.
[`transport_maps`][postfix-docs::transport_maps] is configured with a [`transport` table][postfix-docs::transport_table] file that matches recipient addresses and assigns a non-default transport. This setting has priority over [`relay_transport`][postfix-docs::relay_transport].
Create `/etc/postfix/transport` with contents:
!!! example "Create `/etc/postfix/transport`"
```txt
example.com relay:[192.168.2.3]:25
@ -140,13 +143,13 @@ It's necessary to adjust some settings afterwards.
Instead of a file, you could alternatively configure `main.cf` with `transport_maps = inline:{ example.com=relay:[192.168.2.3]:25 }`
!!! example "Configure recipient domains to relay mail"
=== "Configure recipient domains to relay mail"
We want `example.com` to be relayed inbound and everything else relayed outbound.
[`relay_domains`][postfix-docs::relay_domains] is configured with a file with a list of domains that should be relayed (one per line), the 2nd value is required but can be anything.
Create `/etc/postfix/relay` with contents:
!!! example "Create `/etc/postfix/relay`"
```txt
example.com OK
@ -168,21 +171,24 @@ You can setup your DMS instance as you normally would.
Next we need to configure our _private server_ to relay all outbound mail through the _public server_ (or a separate smarthost service). The setup is [similar to the default relay setup][docs::relay-host-details].
!!! example "Configure the relay host"
<!-- This empty quote block is purely for a visual border -->
!!! quote ""
Create `postfix-relaymap.cf` with contents:
=== "Configure the relay host"
!!! example "Create `postfix-relaymap.cf`"
```txt
@example.com [192.168.2.2]:25
```
Meaning all mail sent outbound from `@example.com` addresses will be relayed through the _public server_ at the VPN IP.
Meaning all mail sent outbound from `@example.com` addresses will be relayed through the _public server_ at that VPN IP.
The _public server_ `mynetworks` setting from earlier trusts any mail received on port 25 from the VPN network, which is what allows the mail to be sent outbound when it'd otherwise be denied.
!!! example "Trust the _public server_"
=== "Trust the _public server_"
Create `postfix-main.cf` with contents:
!!! example "Create `postfix-main.cf`"
```txt
mynetworks = 192.168.2.0/24
@ -192,19 +198,19 @@ Next we need to configure our _private server_ to relay all outbound mail throug
This step is necessary to skip some security measures that DMS normally checks for, like verifying DNS records like SPF are valid. As the mail is being relayed, those checks would fail otherwise as the IP of your _public server_ would not be authorized to send mail on behalf of the sender address in mail being relayed.
!!! tip "Alternative to `mynetworks`"
??? tip "Alternative to `mynetworks` setting"
Instead of trusting connections by their IP with the `mynetworks` setting, those same security measures can be skipped for any authenticated deliveries to DMS over port 587 instead.
This is a bit more work. `mynetworks` on the _public server_ config is for trusting DMS to send mail from the _private server_, thus you'll need to have that public Postfix service configured with a login account that DMS can use.
This is a bit more work. `mynetworks` on the _public server_ `main.cf` Postfix config is for trusting DMS when it sends mail from the _private server_, thus you'll need to have that public Postfix service configured with a login account that DMS can use.
On the DMS side, `postfix-sasl-password.cf` configures which credentials should be used for a SASL login address:
On the _private server_ DMS needs to know the credentials for that login account, that is handled with `postfix-sasl-password.cf`:
```txt
@example.com user:secret
```
You could also relay mail through SendGrid, AWS SES or similar instead of the _public server_ you're running, providing login credentials through the same `postfix-sasl-password.cf` file.
You could also relay mail through SendGrid, AWS SES or similar instead of the _public server_ you're running to receive mail from. Login credentials for those relay services are provided via the same `postfix-sasl-password.cf` file.
---