Update README and options

2020-09-26 16:18:02 +02:00 · 2020-09-26 16:18:02 +02:00 · 2d1bbb41f7
commit 2d1bbb41f7
parent 51ade396c0
3 changed files with 64 additions and 14 deletions
--- a/.envrc.sample
+++ b/.envrc.sample
@ -1,4 +1,12 @@
 export SERVICE=postfix_relay
-export DOMAIN=postfix-relay.example.com
+export DOMAIN=example.com
 export STACK_NAME=postfix_relay
 export LETS_ENCRYPT_ENV=production
+
+# Postfix options, see
+# https://github.com/bokysan/docker-postfix#configuration-options
+#export TZ=Europe/London
+#export INBOUND_DEBUGGING=1
+
+# $DOMAIN will be added by default, specify any more here:
+#export EXTRA_SENDER_DOMAINS="app.example.com"
--- a/README.md
+++ b/README.md
@ -1,6 +1,22 @@
 # Postfix-Relay

-Simple SMTP server / postfix null relay host • https://github.com/bokysan/docker-postfix
+Centralised email delivery for all your `compose-stacks` apps using the
+[`boky/postfix`] outgoing-only mail image.
+
+The basic idea is to run one instance of this on each swarm, and configure that
+swarm's apps to send all their email through it.
+
+By default, this stack will try to deliver e-mail directly (i.e. looking up the
+recipient's mail server using `MX` records). For this to work, you will need to
+set up reverse DNS and SPF.
+
+Alternatively, you can easily route mail through a smarthost / relay host like
+Mailgun or Gandi -- see [`RELAYHOST` and related parameters][boky-postfix-options].
+
+FIXME 3wc: Pass `RELAYHOST` etc. from `.envrc` to service
+
+TODO 3wc: Can you run more than one instance of this on a swarm? How could we handle
+that in terms of reverse DNS?

 ## Basic usage

@ -13,5 +29,17 @@ Simple SMTP server / postfix null relay host • https://github.com/bokysan/dock
 5. `direnv allow` (or `. .envrc`)
 6. `abra deploy`

+## Using this in other stacks
+
+Add the other service to the (internal) `mail` network, and set whatever options
+the image supports for auto-configuring SMTP settings. 
+
+For reusable stacks, you probably want to put this configuration in a separate
+`compose.mailrelay.yml` file, e.g. [the version in
+`compose-stacks/nextcloud`][nextcloud-compose].
+
+[`boky-postfix`]: https://hub.docker.com/r/boky/postfix
+[boky-postfix-options]: https://github.com/bokysan/docker-postfix#postfix-specific-options
 [`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
 [`compose-stacks/traefik`]: https://git.autonomic.zone/compose-stacks/traefik
+[nextcloud-compose]: https://git.autonomic.zone/compose-stacks/nextcloud/src/branch/main/compose.mailrelay.yml
--- a/compose.yml
+++ b/compose.yml
@ -3,27 +3,41 @@ version: "3.8"

 services:
  app:
-    image: nginx:1.19.2
+    image: "boky/postfix"
    networks:
+      - mail
      - proxy
+    healthcheck:
+      test: [ "CMD", "sh", "-c", "netstat -an | fgrep 587 | fgrep -q LISTEN" ]
+      interval: 10s
+      timeout: 5s
+      start_period: 10s
+      retries: 2
+    environment:
+      FORCE_COLOR: "1"
+      TZ: ${TZ}
+      INBOUND_DEBUGGING: "${INBOUND_DEBUGGING:-0}"
+      ALLOWED_SENDER_DOMAINS: "${EXTRA_SENDER_DOMAINS} ${DOMAIN}"
+      POSTFIX_myhostname: "${DOMAIN}"
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
-        - "traefik.http.routers.${STACK_NAME}.tls=true"
-        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
-    healthcheck:
-      test: ["CMD", "curl", "-f", "http://localhost"]
-      interval: 30s
-      timeout: 10s
-      retries: 10
-      start_period: 1m
+        - "traefik.tcp.routers.${STACK_NAME}.entrypoints=smtp-submission"
+        - "traefik.tcp.routers.${STACK_NAME}.rule=HostSNI(`*`)"
+        # TODO 3wc: we can only route TCP traffic if it uses TLS
+        # https://doc.traefik.io/traefik/v2.0/routing/routers/#rule_1
+        #- "traefik.tcp.routers.${STACK_NAME}.rule=HostSNI(`${DOMAIN}`)"
+        - "traefik.tcp.routers.${STACK_NAME}.service=${STACK_NAME}"
+        - "traefik.tcp.services.${STACK_NAME}.loadbalancer.server.port=587"
+        #- "traefik.tcp.routers.${STACK_NAME}.tls.passthrough=true"
+        #- "traefik.tcp.routers.${STACK_NAME}.tls=true"
+        #- "traefik.tcp.routers.${STACK_NAME}.service=mailu_smtp"

 networks:
+  mail:
+    external: true
  proxy:
    external: true