Postfix-Relay (MTA)

Many apps require to send email for various purposes. Rather than configure each such container with your secret mail credentials, you can configure a single central mail forwarding service with postfix-relay.

---
title: Authorized container networks may bridge with the Postfix-Relay to send outgoing email.
---
graph TD;
subgraph Docker network
    A[Container A] -->|private mail-only network| D[Postfix-Relay]
    B[Container B] -->|private mail-only network| D[Postfix-Relay]
    C[Container C] -.- F[Blocked]
end
D -->|Internet| E[Public  SMTP server]
E --> G[Allowed Email recipient]
E --> H[Allowed Email recipient]
E -.- I[Blocked Email recipient]

Register the upstream SMTP service

You will need access to a public email (SMTP) service for outgoing mail. Gather the following information from your provider:

  • The SMTP server domain, e.g., mail.example.com.
  • The port, e.g., 465 (TLS) or 587 (STARTTLS).
  • The username, e.g., me@example.com.
  • The password, e.g., hunter2.

Configure Postfix-Relay

Run this on your Raspberry Pi
pi make postfix-relay config

Enter the domain name for this postfix instance:

(stdout)
POSTFIX_RELAY_TRAEFIK_HOST: Enter the domain name for this instance

: smtp.d.example.com

Enter the upstream SMTP server connection details:

(stdout)
POSTFIX_RELAY_RELAYHOST: Enter the outgoing SMTP server domain:port (eg. smtp.example.com:587)

: mail.example.com:465

POSTFIX_RELAY_RELAYHOST_USERNAME: Enter the outgoing SMTP server username

: username@example.com

POSTFIX_RELAY_RELAYHOST_PASSWORD: Enter the outgoing SMTP server password

: xxxxxxxxxxxxxxxxxxxx

Select which network subdomains should be masked at the root domain (this is optional, and can be used to hide private subdomains from the email headers):

(stdout)
POSTFIX_RELAY_MASQUERADED_DOMAINS: Enter the root domains (separated by space) that should mask its sub-domains

: example.com example.org

Install

Run this on your Raspberry Pi
pi make postfix-relay install

Test sending mail

Run this on your Raspberry Pi
(
RECIPIENT="recipient@example.com"
SENDER="root@localhost"
SUBJECT="Test Email"
BODY="This is a test email sent from Docker."

docker run --rm \
  --network postfix-relay_default \
  -e RECIPIENT="$RECIPIENT" \
  -e SENDER="$SENDER" \
  -e SUBJECT="$SUBJECT" \
  -e BODY="$BODY" \
  alpine sh -c 'apk add --no-cache msmtp && \
  echo -e "Subject: $SUBJECT\n\n$BODY" | \
  msmtp --from="$SENDER" \
        --host=postfix-relay-postfix-relay-1 \
        --port=587 \
        --tls=off \
        --tls-starttls=off \
        "$RECIPIENT" && \
        echo "Email sent" || \
        echo "Email failed to send"'
)