Docker container with Postfix configured in send-only mode and OpenDKIM. Postfix will accept emails from all private IP addresses on all network interfaces. All emails send from Postfix to other email servers are encrypted using standard TLS.
In order to use this container, you will need to setup OpenDKIM.
Generate a pair of private-public key:
mkdir keys
cd keys
opendkim-genkey -s mail -d example.com
The command will generate 2 files mail.private
, your private key, and mail.txt
, with the DNS record you need to setup.
TXT mail._domainkey.example.com "v=DKIM1; k=rsa; p=...private key..."
Make sure the container is not directly exposed on the Internet, since it will accept emails from every network interface. The typical setup is to connect it to other Docker containers using some private network.
docker run -d \
-p 127.0.0.1:25:25 \
-e DOMAIN=example.com \
-v /path/to/mail.private:/etc/opendkim/domainkeys/mail.private \
davidepedranz/docker-send-only-postfix:v0.1.0
Setup SPF to limit who can send emails on behave of your domain. See the references. Example (limit only the IP that maps to domain example.com to send emails):
TXT example.com "v=spf1 a -all"
Setup DMARC to limit who can send emails on behave of your domain. Please setup and check SPF and DKIM before DMARC.
TXT _dmarc.example.com "v=DMARC1; p=reject; pct=100; adkim=s; aspf=s"
Check tool: https://dmarcian.com/dmarc-inspector/
- https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-dkim-with-postfix-on-debian-wheezy
- https://www.digitalocean.com/community/tutorials/how-to-use-an-spf-record-to-prevent-spoofing-improve-e-mail-reliability
See LICENSE file.