base

• my domain : charlie123.xyz
• forward to : [email protected]
• docker cmd
  docker run -t -d --restart=always -e SMF_CONFIG='@charlie123.xyz:[email protected]' -p 25:25 zixia/simple-mail-forwarder

full logs

>> Chdir to /app...
 ____  _                 _         __  __       _ _ 
/ ___|(_)_ __ ___  _ __ | | ___   |  \/  | __ _(_) |
\___ \| | '_ ` _ \| '_ \| |/ _ \  | |\/| |/ _` | | |
 ___) | | | | | | | |_) | |  __/  | |  | | (_| | | |
|____/|_|_| |_| |_| .__/|_|\___|  |_|  |_|\__,_|_|_|
                  |_|                               
  _____                                _           
 |  ___|__  _ ____      ____ _ _ __ __| | ___ _ __ 
 | |_ / _ \| '__\ \ /\ / / _` | '__/ _` |/ _ \ '__|
 |  _| (_) | |   \ V  V / (_| | | | (_| |  __/ |   
 |_|  \___/|_|    \_/\_/ \__,_|_|  \__,_|\___|_|   
                                                  

Source#dc1b99e Tue Oct 23 13:10:55 2018 +0000 * master
Built on Tue Oct 23 13:11:39 UTC 2018 by b6abe5993f7b

>> ENV SMF_DOMAIN not set.
>> ENV SMF_CONFIG found. value:[@charlie123.xyz:[email protected]]
>> ARGV arguments found. value:[start]
Generating a 2048 bit RSA private key
.............................+++++
....+++++
writing new private key to 'smtp.key'
-----
>> SMF_CONFIG found in ENV. use this settings for forward maps.
>> Setting password[ny5xv7th] for user @charlie123.xyz ...
postmap: warning: /etc/postfix/virtual.db: duplicate entry: "@charlie123.xyz"
>> Set hostname to charlie123.xyz
postfix/postfix-script: warning: not owned by root: /var/spool/postfix/.
postfix/postfix-script: warning: not owned by root: /var/spool/postfix/pid
postfix/postfix-script: starting the Postfix mail system
>> Start self-testing...
1..17
ok 1 SMF_CONFIG exist
ok 2 SMF_DOMAIN exist
ok 3 virtual maping source is set
ok 4 virtual maping data is set
ok 5 virtual maping db is set
not ok 6 system hostname FQDN resolvable
# (in test file test/simple-mail-forwarder.bats, line 48)
#   `[ $status = 0 ]' failed
not ok 7 postfix myhostname FQDN & resolvable
# (in test file test/simple-mail-forwarder.bats, line 58)
#   `[ $status = 0 ]' failed
ok 8 check other hostname setting
ok 9 confirm postfix is running
ok 10 confirm port 25 is open
ok 11 crond is running # skip skip this for 0.3.0 -> 0.4.0
ok 12 ESMTP STATTLS supported
ok 13 ESMTP AUTH supported
ok 14 ESMTP STARTTLS connect ok
ok 15 create user [email protected] by password test
ok 16 ESMTP AUTH by [email protected]/test
ok 17 ESMTP TLS AUTH by [email protected]/test
>> Test FAILED!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!
>> But I'll pretend to run... good luck! :P


>> CONGRATULATIONS! System is UP and You are SET!
>> Powered by SMF - a Simple Mail Forwarder
>> View in DockerHub: https://hub.docker.com/r/zixia/simple-mail-forwarder


>> Init System for Servicing...
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[2019-04-25T09:25:12.682064] WARNING: Configuration file format is too old, syslog-ng is running in compatibility mode. Please update it to use the syslog-ng 3.13 format at your time of convenience. To upgrade the configuration, please review the warnings about incompatible changes printed by syslog-ng, and once completed change the @version header at the top of the configuration file.;
[services.d] done.
postfix/postfix-script: stopping the Postfix mail system
postfix/postfix-script: warning: not owned by root: /var/spool/postfix/.
postfix/postfix-script: warning: not owned by root: /var/spool/postfix/pid

It would be great to have DKIM support; getting messages signed is a requirement for most outgoing mail nowadays.

Any plans to add support for SPF Records?

It would be nice if we could configure the mynetworks setting in postfix.

This would allow us, for example, to allow relaying from docker containers (which mostly are on local, non-internet-routable) IP addresses.

http://www.postfix.org/postconf.5.html#mynetworks

When I run the docker and see its log, it showed:

https://pastebin.com/fpYsvWz9

It's a warning, but then "stopping the Postfix mail system". Not sure if it is normal or not. Self-test is passed, but test mails I sent seems never to be delivered.

Say this docker image is hosted at mail.htko.ca and my forwarded email is [email protected], is this a valid mx record? I'm completely new at this but I'd like to learn if possible. I'm hosting on digitalocean and the A record for mail.htko.ca is already set up to point at this docker server's ip. If this is inappropriate it's okay to close the issue!

Partial Log:

DNS : Starting monitoring loop
Jan 28 01:05:36 0928512d09b4 mail.info postfix/smtpd[2498]: connect from mail-ot0-f181.google.com[74.125.82.181]
Jan 28 01:05:36 0928512d09b4 mail.info postfix/smtpd[2498]: 63B69E16B5: client=mail-ot0-f181.google.com[74.125.82.181]
Jan 28 01:05:36 0928512d09b4 mail.info postfix/cleanup[2503]: 63B69E16B5: message-id=<CAN5vAZbZ7r0uqjH1T2YyWJHNF1CJqAWzwGhaOU11KJOgkXxUxw@mail.gmail.com>
Jan 28 01:05:36 0928512d09b4 mail.info postfix/qmgr[2448]: 63B69E16B5: from=<[email protected]>, size=2415, nrcpt=1 (queue active)
Jan 28 01:05:36 0928512d09b4 mail.info postfix/smtpd[2498]: disconnect from mail-ot0-f181.google.com[74.125.82.181] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Jan 28 01:05:36 0928512d09b4 mail.info postfix/smtp[2504]: 63B69E16B5: to=<[email protected]>, orig_to=<[email protected]>, relay=gmail-smtp-in.l.google.com[74.125.192.26]:25, delay=0.47, delays=0.11/0.01/0.2/0.15, dsn=2.0.0, status=sent (250 2.0.0 OK 1485565536 a79si4762390qkj.2
Jan 28 01:05:36 0928512d09b4 mail.info postfix/qmgr[2448]: 63B69E16B5: removed
Jan 28 01:08:56 0928512d09b4 mail.info postfix/anvil[2501]: statistics: max connection rate 1/60s for (smtp:74.125.82.181) at Jan 28 01:05:36
Jan 28 01:08:56 0928512d09b4 mail.info postfix/anvil[2501]: statistics: max connection count 1 for (smtp:74.125.82.181) at Jan 28 01:05:36
Jan 28 01:08:56 0928512d09b4 mail.info postfix/anvil[2501]: statistics: max newtls rate 1/60s for (smtp:74.125.82.181) at Jan 28 01:05:36
Jan 28 01:08:56 0928512d09b4 mail.info postfix/anvil[2501]: statistics: max cache size 1 at Jan 28 01:05:36

I seem to be missing something, I am not getting any mail at [email protected] when I send things to [email protected]

Is the unofficial base image still needed?

It would be preferable to use the official alpine image as base.
Also, there are packages in alpine that offer s6, so there is no need to download it manually as the current base image does.

Side note: https://github.com/sillelien/base-alpine hasn't been updated in over a year.

As discussed in #83, SMF needs a way to handle DKIM for multiple domains.

In particular, it should gracefully handle the domain defined in $SMF_DOMAIN for backward compatibility (going back to single DKIM), create DKIM public/private keypairs to be used for all source domains in $SMF_CONFIG, adapt /var/db/dkim/ to a per-domain path style, and change /etc/opendkim/opendkim.conf to use KeyTable, SigningTable, ExternalIgnoreList, and InternalHosts.

Finally, SMF should check validity of all DKIM keys on startup.

This is underway.

Just want to check if I read correctly, besides forwarding mail, does the container also act as a SMTP server where I can setup my client to use the password in SMF_CONFIG ?

Couldn't really get mail being forwarded after the setup however, not sure if I doing this correctly. The internal test cases all passes, but mail doesn't get forwarded / sent.

this is my docker-compose snippet

    mail:
        image: "zixia/simple-mail-forwarder"
        ports:
            - "587:25"
        restart: always
        tty: true
        environment:
            SMF_CONFIG: "$origin_email:$dest_email:randompassword!"
            SMF_DOMAIN: coolsilon.com
            TZ: "Asia/Kuala_Lumpur"
        volumes:
            - "/var/lib/docker-files/letsencrypt/:/etc/postfix/cert/"

and the respective DNS

root@doraemon:/var/lib/docker-files/coolsilon# dig +short MX coolsilon.com
10 mail.coolsilon.com.
root@doraemon:/var/lib/docker-files/coolsilon# dig +short CNAME mail.coolsilon.com
coolsilon.com.
root@doraemon:/var/lib/docker-files/coolsilon# dig +short TXT coolsilon.com
"v=spf1 mx ~all"

I found a script online to send mail through SMTP, while the script executed without an error returned, but I don't see the test mail in my mailbox.

# Import smtplib for the actual sending function
import smtplib
import ssl

# Import the email modules we'll need
from email.mime.text import MIMEText

import logging

logging.basicConfig(level=logging.INFO)
logger = logging.getLogger(__name__)

# Open a plain text file for reading.  For this example, assume that
# the text file contains only ASCII characters.
msg = MIMEText("Test")

me = "[email protected]"
you = "[email protected]"

# me == the sender's email address
# you == the recipient's email address
msg['Subject'] = 'Test'
msg['From'] = me
msg['To'] = you

# Send the message via our own SMTP server, but don't include the
# envelope header.
with smtplib.SMTP("coolsilon.com", 587) as server:
    print('login', server.login(me, '***!'))
    print('send', server.sendmail(me, [you], msg.as_string()))
    server.quit()

Time in container is different than on the system - it's about 2 Hours away from correct (I'm using UTC time on the machine). Is there a way how to set time with env variables ?

Where I could find Postfix logs? I tried to find the path but I couldn't. I think it is a good idea to update README with this info.

Hello,

on my private hosting, i'm getting lots of hits on mail port with SASL authentication attempts.
Could you please mention to the main page fail2ban SASL mitigation? Otherwise we would end up with lots of mail-bots. (If this issue is valid with your server).

For example:
https://bobcares.com/blog/fail2ban-postfix-sasl/

Some company don't provide smtp relay service at all. I have a case that they use microsoft exchange, and disabled smtp service for users. so users only could use IMAP, or ActiveSync on mobile.

If I need a relay smtp for my email address(for gmail "send mail as" required). Use SMF and set a forward config, it works. I could use SMF as my smtp relay to send emails.

Everything is so fa so good, except one BUG here: if I send mail to the other user of this domain, then I will got a "no such user" error.

This is because SMF thought itself is managing the virtual domain of my mail address. and obviously, that domain has only one user: me.

This should be fixed. maybe by add a cacht-all rule to virtual config, and forward all the mail with unknown user, to the right MX of email address domain.

TBD.

Can you please add support for @.domain.com forwards?

Projects currently running on CircleCI 1.0 are no longer supported. Please migrate to CircleCI 2.0.

Hello,
First of all thanks for all your hard work on the project, it's at least a time saver if not a lifesaver.
My problem is that the only SSL keys I have for my domain are not RSA keys but ECC keys. From what I know postfix support ECC keys by two config options:

smtpd_tls_eckey_file = smtpd-key-ecdsa.key
smtpd_tls_eccert_file = smtpd-cert-ecdsa.cert

The problem is, from what I see the main.dist.cf file accepts only RSA keys with the smtpd_tls_key_file and smtpd_tls_cert_file directive.

Is there any possibility for ECC key support to be added to the container too?

I'm getting many headaches to looking into it and trying to fix it... :(

There are no changes at all in the past dozens of weeks, what's wrong?

See: https://circleci.com/gh/huan/docker-simple-mail-forwarder/20

When mounting a volume on /etc the container won't launch:

postconf: fatal: open /etc/postfix/main.cf

Shouldn't these be copied into the volume by the scripts on launch?

Sep 29 08:40:57 dev1 postfix/smtp[14105]: 15C904A3824: to=[email protected], relay=none, delay=742, delays=652/0.02/90/0, dsn=4.4.1, status=deferred (connect to alt2.gmail-smtp-in.l.google.com[64.233.185.26]:25: Connection timed out)

Hi,

I am trying to run SMF. But it seems that setting the configuration does not work. Is there another way to set the configuration than exporting the variable?
I tried it on Ubuntu 14.04 and 15.10 with docker 1.9.1.

# export SMF_CONFIG='[email protected]:[email protected]'
# docker run -p 25:25 zixia/simple-mail-forwarder
>> Chdir to /app...
 ____  _                 _         __  __       _ _ 
/ ___|(_)_ __ ___  _ __ | | ___   |  \/  | __ _(_) |
\___ \| | '_ ` _ \| '_ \| |/ _ \  | |\/| |/ _` | | |
 ___) | | | | | | | |_) | |  __/  | |  | | (_| | | |
|____/|_|_| |_| |_| .__/|_|\___|  |_|  |_|\__,_|_|_|
                  |_|                               
  _____                                _           
 |  ___|__  _ ____      ____ _ _ __ __| | ___ _ __ 
 | |_ / _ \| '__\ \ /\ / / _` | '__/ _` |/ _ \ '__|
 |  _| (_) | |   \ V  V / (_| | | | (_| |  __/ |   
 |_|  \___/|_|    \_/\_/ \__,_|_|  \__,_|\___|_|   


Source#3ed301b Sat Dec 19 13:00:32 2015 +0000 * master
Built on Sat Dec 19 13:00:49 UTC 2015 by b700c9167997

>> ENV SMF_DOMAIN not set.
>> END SMF_CONFIG not set.
>> ARGV arguments found. value:[start]
Generating a 2048 bit RSA private key
................+++
..+++
writing new private key to 'smtp.key'
-----
>> SMF_CONFIG not found. format: [email protected]:[email protected];...
>> I don't know how to do. So I quit.

Hi,

This is a really nice piece of work.
The only thing I'm missing is to be able to select a relay host.
Is it possible to have this into the system like: export SMF_RELAYHOST='@Domain:'

That would make this great as I have to use a relay host to make the mail reach the correct mailserver.

Thank you for your time.

Duumke

When I start the SMF, I see the following in the log:

2017-04-25 10:04:12 backend smf ok 16 ESMTP AUTH by [email protected]/test
2017-04-25 10:04:12 backend smf ok 17 ESMTP TLS AUTH by [email protected]/test
2017-04-25 10:04:12 backend smf >> Test FAILED!
2017-04-25 10:04:12 backend smf >> !!!!!!!!!!!!!!!!!!!! SYSTEM ERROR !!!!!!!!!!!!!!!!!!!!

Is there a way to know better was has failed?

Hi! I used this image before and it was working great. I moved to a Rancher 2 (Kubernetes) installation and I'm trying to figure out why it's not working anymore. I correctly exposed the port 25 to my host as usual, the full log is here (relevant part at the bottom):

>> Chdir to /app...

 ____  _                 _         __  __       _ _

/ ___|(_)_ __ ___  _ __ | | ___   |  \/  | __ _(_) |

\___ \| | '_ ` _ \| '_ \| |/ _ \  | |\/| |/ _` | | |

 ___) | | | | | | | |_) | |  __/  | |  | | (_| | | |

|____/|_|_| |_| |_| .__/|_|\___|  |_|  |_|\__,_|_|_|

                  |_|

  _____                                _

 |  ___|__  _ ____      ____ _ _ __ __| | ___ _ __

 | |_ / _ \| '__\ \ /\ / / _` | '__/ _` |/ _ \ '__|

 |  _| (_) | |   \ V  V / (_| | | | (_| |  __/ |

 |_|  \___/|_|    \_/\_/ \__,_|_|  \__,_|\___|_|

Source#2e175b1 Tue Jul 24 14:26:06 2018 +0000 * master

Built on Tue Jul 24 14:26:32 UTC 2018 by b700c9167997

>> ENV SMF_DOMAIN not set.

>> ENV SMF_CONFIG found. value:[@mydomain.com:[email protected]]

>> ARGV arguments found. value:[start]

Generating a 2048 bit RSA private key

......................................................+++

..........................................+++

writing new private key to 'smtp.key'

-----

>> SMF_CONFIG found in ENV. use this settings for forward maps.

>> Setting password[mjfocjp4] for user @mydomain.com ...

postmap: warning: /etc/postfix/virtual.db: duplicate entry: "@mydomain.com"

Error: could not find any address for the name: `wimi.36c33f49.svc.dockerapp.io'

>> Set hostname to mydomain.com

postfix/postfix-script: warning: not owned by root: /var/spool/postfix/.

postfix/postfix-script: warning: not owned by root: /var/spool/postfix/pid

postfix/postfix-script: starting the Postfix mail system

>> Start self-testing...

1..17

ok 1 SMF_CONFIG exist

ok 2 SMF_DOMAIN exist

ok 3 virtual maping source is set

ok 4 virtual maping data is set

ok 5 virtual maping db is set

ok 6 system hostname FQDN resolvable

ok 7 postfix myhostname FQDN & resolvable

ok 8 check other hostname setting

ok 9 confirm postfix is running

ok 10 confirm port 25 is open

ok 11 # skip (skip this for 0.3.0 -> 0.4.0) crond is running

ok 12 ESMTP STATTLS supported

ok 13 ESMTP AUTH supported

ok 14 ESMTP STARTTLS connect ok

ok 15 create user [email protected] by password test

ok 16 ESMTP AUTH by [email protected]/test

ok 17 ESMTP TLS AUTH by [email protected]/test

>> Test PASSED

>> CONGRATULATIONS! System is UP and You are SET!

>> Powered by SMF - a Simple Mail Forwarder

>> View in DockerHub: https://hub.docker.com/r/zixia/simple-mail-forwarder

>> Init System for Servicing...

[fix-attrs.d] applying owners & permissions fixes...

[fix-attrs.d] 00-runscripts: applying...

[fix-attrs.d] 00-runscripts: exited 0.

[fix-attrs.d] done.

[cont-init.d] executing container initialization scripts...

[cont-init.d] dns_init.sh: executing...

DNS : Initial Setup

DNS STEP 1 : Creating the dnsmasq-resolv.conf

DNS : Contents of dnsmasq-resolv.conf

-------------------

nameserver 213.136.95.10

nameserver 213.136.95.11

nameserver 2a02:c207::1:53

DNS STEP 2 : Adding the linked services

Waiting for linked IP address 10.43.0.1 to be reachable

Waiting for linked IP address 10.43.0.1 to be reachable

Waiting for linked IP address 10.43.0.1 to be reachable

Waiting for linked IP address 10.43.0.1 to be reachable

DNS : Timed out setting up DNS.

[cont-finish.d] executing container finish scripts...

[cont-finish.d] done.

[s6-finish] syncing disks.

[s6-finish] sending all processes the TERM signal.

[s6-finish] sending all processes the KILL signal and exiting.

Apparently it's trying to resolve 10.43.0.1 which is not even the container IP. Any ideas?

Thank you!

Hi, not sure if this is a bug or not:

Aug 12 22:37:54 5de1a1801612 mail.info postfix/smtpd[2857]: connect from mail-yw1-f44.google.com[209.85.161.44]
Aug 12 22:37:55 5de1a1801612 mail.info postfix/smtpd[2857]: 58E4E422EB: client=mail-yw1-f44.google.com[209.85.161.44]
Aug 12 22:37:55 5de1a1801612 mail.info postfix/cleanup[2860]: 58E4E422EB: message-id=CAO6f_5ZorXvvxWC5e6DppZMwDVsLABanjb=xpc3X9AkeW_J=gw@mail.gmail.com
Aug 12 22:37:55 5de1a1801612 mail.info postfix/qmgr[2673]: 58E4E422EB: from=, size=2678, nrcpt=1 (queue active)
Aug 12 22:37:55 5de1a1801612 mail.info postfix/smtpd[2857]: disconnect from mail-yw1-f44.google.com[209.85.161.44] ehlo=2 starttls=1 mail=1 rcpt=1 data=1 quit=1 commands=7
Aug 12 22:38:25 5de1a1801612 mail.info postfix/smtp[2861]: connect to ASPMX.L.GOOGLE.COM[64.233.188.27]:25: Operation timed out

I switched the Dockerfile to build from this image: FROM armbuild/alpine and I added the openssl package. It builds fine and appears to start, but it can't find the /init file. Where is this /init file supposed to come from?

Hello,

I was recently testing this, trying to use my own password for an email alias (from gmail) and it was not working (I'll keep investigating that issue) and then I noticed in the logs there's an initial self-test and saw this:

ok 15 create user [email protected] by password test
ok 16 ESMTP AUTH by [email protected]/test

And so I tried from gmail to use those credentials and lo and behold: I was able to use the server to send emails on my behalf with an alias. Using the credentials created during self-test. In other words, anyone can exploit this and send emails as it was coming from the aliased addresses

Granted, I'm not in the latest, so not sure if the latest version "removes" this account after the test.

Is there a reason of concern for this? From the SMTP connection, nothing reveals the server is running this software, so in order to exploit it, someone has to know that the server is running SMF

Can you create an image with arm32v7 support? I need to run this on raspberry pi 3, but the architecture is not supported, I got the following error: standard_init_linux.go:207: exec user process caused "exec format error"

What does this code do in build.sh?

RE='[0-9]+\s+IN\s+A\s+([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)'
[[ `drill DockerMailForwarder.Builder.\`hostname\` @wimi.36c33f49.svc.dockerapp.io` =~ $RE ]] && {
    DMF_BUILD_IP="${BASH_REMATCH[1]}"
}

Hi again Zhuohuan,

A little possible issue here. Could you please document on how encryption can be done during forwarding? I've got this message from google after getting a redirected email.

Learn more points here.

No worries if this is not possible - I personally don't needed encryption. Just curious about how things work – this may also help other potential users :–)

Hi Zhuohuan and thank you for this image – really happy to discover it!
I prefer specifying exact version in my docker-compose.yml and it seems that 0.4.0 tag is outdated. Could you please create a new fixed tag for what is now latest?

Cheers!

Hi Huan,

I can no longer see the incoming/outgoing mail log in the docker logs since using the latest version 1.1.

Is this so by design?

Is there any way to change this? Gmail has started to refuse to work with this since earlier this month. checktls.com also catches this error.

Related thread: https://support.google.com/mail/thread/38336515?msgid=39890656

I tried setting -e SMF_DOMAIN=mydomain.com as #10 but no luck.

Hey,
Is it possible to have several forwarding rules?

For example:

[email protected]:[email protected],[email protected]:[email protected]

Note I separated two rules with a comma

It would be nice to set the correct timezone for the docker container. Now my log files are not in sync with the actual time making it harder to debug.

Time zone data package tzdata could be included in the container.

Hi,

One of my dockers based on your great work is being attacked by some people trying to brute force it. The IPs seem limited to two or three, so it should be easy to block them. An article on how to do this is here: https://ethitter.com/2016/03/blocking-sender-ips-in-postfix/

Example of the logs where people try to login:
Jan 24 09:42:36 cafff8e519dd postfix/smtpd[25002]: connect from unknown[212.70.149.85]
Jan 24 09:42:37 cafff8e519dd postfix/smtpd[24875]: warning: unknown[212.70.149.54]: SASL LOGIN authentication failed: authentication failure
Jan 24 09:42:38 cafff8e519dd postfix/smtpd[24875]: disconnect from unknown[212.70.149.54] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 24 09:42:45 cafff8e519dd postfix/smtpd[25002]: warning: unknown[212.70.149.85]: SASL LOGIN authentication failed: authentication failure
Jan 24 09:42:47 cafff8e519dd postfix/smtpd[25002]: disconnect from unknown[212.70.149.85] ehlo=1 auth=0/1 rset=1 quit=1 commands=3/4
Jan 24 09:42:51 cafff8e519dd postfix/smtpd[24875]: connect from unknown[212.70.149.54]
Jan 24 09:42:57 cafff8e519dd postfix/smtpd[25002]: connect from unknown[212.70.149.85]

However, it seems the postmap in your docker is not able to handle cidr, as I get this error message below:
bash-5.0# postmap cidr:client_checks
postmap: fatal: unsupported dictionary type: cidr. Is the postfix-cidr package installed?
bash-5.0#

Is it possible to upgrade the postfix package to one that includes the cidr capability?
Since my 'attackers' seem limited, I do not feel I need to use other tools to block them.

Thanks,
Mike

Hi,

Im struggling to get the docker image to run, container stops shortly after start with finally message

Init System for Servicing...
/entrypoint.sh: line 310: /init: No such file or directory

Hi, I didn't find any mention in the docs about having multiple domain names.
Is this supported in any way?
I tried it and it looks like it is only forwarding emails from the first domain.
Emails sent to the second domain fail with:

NOQUEUE: reject: RCPT from mail-vs1-f42.google.com[209.85.217.42]: 454 4.7.1 <[email protected]>: Relay access denied;
disconnect from mail-vs1-f42.google.com[209.85.217.42] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 quit=1 commands=5/7

Hi, I need help.

What are de settings that i need to forward mails, than I recibe to re-send to gmail?
How I can test??

Thanks

We have two reports from arm 64 users that the SMF can not start as expected:

• #76 (comment) from @mrsufgi
• #76 (comment) from @guysoft

Need to be investigated and fixed.

Hello, I'm trying yo make this work and this is what I've done so far.

• Docker 1.12.4 on 16.04

Here is the log that the console is showing:

DNS : initial work complete
[cont-init.d] dns_init.sh: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Feb 9 19:15:45 fbdeed7e9cc8 syslog.info syslogd started: BusyBox v1.23.2
DNS : Waiting for dnsmasq
DNS : Starting monitoring loop
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: started, version 2.72 cachesize 150
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: started, version 2.72 cachesize 150
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth no-DNSSEC loop-detect
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: reading /etc/dnsmasq-resolv.conf
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: reading /etc/dnsmasq-resolv.conf
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: using nameserver 8.8.8.8#53
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: using nameserver 8.8.8.8#53
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: using nameserver 8.8.4.4#53
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: using nameserver 8.8.4.4#53
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: read /etc/hosts - 8 addresses
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: read /etc/hosts - 8 addresses
Feb 9 19:15:45 fbdeed7e9cc8 user.notice root: dnsmasq: read /etc/hosts.links - 0 addresses
Feb 9 19:15:45 fbdeed7e9cc8 local0.info dnsmasq[2371]: read /etc/hosts.links - 0 addresses
postfix/postfix-script: stopping the Postfix mail system
Feb 9 19:15:45 fbdeed7e9cc8 mail.info postfix/postfix-script[2385]: stopping the Postfix mail system
Feb 9 19:15:45 fbdeed7e9cc8 mail.info postfix/master[99]: terminating on signal 15
Feb 9 19:15:45 fbdeed7e9cc8 mail.info postfix/master[2452]: daemon started -- version 3.0.1, configuration /etc/postfix

Should this be working?
docker run -tde SMF_CONFIG="$SMF_CONFIG" -p 25:25 zixia/simple-mail-forwarder

In both the 1.3 and 1.2 docker images, I receive the following errors:

/entrypoint.sh: /init: /bin/execlineb: bad interpreter: No such file or directory
/entrypoint.sh: line 321: /init: No error information

Running 1.1 doesn't have the issue. Were there any config changes/additions/etc... that maybe I missed?

Full log:

>> Chdir to /app...
 ____  _                 _         __  __       _ _
/ ___|(_)_ __ ___  _ __ | | ___   |  \/  | __ _(_) |
\___ \| | '_ ` _ \| '_ \| |/ _ \  | |\/| |/ _` | | |
 ___) | | | | | | | |_) | |  __/  | |  | | (_| | | |
|____/|_|_| |_| |_| .__/|_|\___|  |_|  |_|\__,_|_|_|
                  |_|
  _____                                _
 |  ___|__  _ ____      ____ _ _ __ __| | ___ _ __
 | |_ / _ \| '__\ \ /\ / / _` | '__/ _` |/ _ \ '__|
 |  _| (_) | |   \ V  V / (_| | | | (_| |  __/ |
 |_|  \___/|_|    \_/\_/ \__,_|_|  \__,_|\___|_|


Source#2bacd4b Thu Oct 15 00:02:48 2020 +0800 * master
Built on Fri Sep 11 18:33:58 UTC 2020 by buildkitsandbox

>> END SMF_DOMAIN found. value:[*****.*****.***]
>> ENV SMF_CONFIG found. value:[@*****.***:*****@*****.***]
>> ARGV arguments found. value:[start]
>> SMF_CONFIG found in ENV. use this settings for forward maps.
>> Setting password[********] for user @*****.*** ...
postmap: warning: /etc/postfix/virtual.db: duplicate entry: "@*****.***"
>> Set hostname to *****.*****.***
>> Start self-testing...
1..17
ok 1 SMF_CONFIG exist
ok 2 SMF_DOMAIN exist
ok 3 virtual maping source is set
ok 4 virtual maping data is set
ok 5 virtual maping db is set
ok 6 system hostname FQDN resolvable
ok 7 postfix myhostname FQDN & resolvable
ok 8 check other hostname setting
ok 9 confirm postfix is running
ok 10 confirm port 25 is open
ok 11 crond is running # skip skip this for 0.3.0 -> 0.4.0
ok 12 ESMTP STATTLS supported
ok 13 ESMTP AUTH supported
ok 14 ESMTP STARTTLS connect ok
ok 15 create user [email protected] by password test
ok 16 ESMTP AUTH by [email protected]/test
ok 17 ESMTP TLS AUTH by [email protected]/test
>> Test PASSED


>> CONGRATULATIONS! System is UP and You are SET!
>> Powered by SMF - a Simple Mail Forwarder
>> View in DockerHub: https://hub.docker.com/r/zixia/simple-mail-forwarder


>> Init System for Servicing...
/entrypoint.sh: /init: /bin/execlineb: bad interpreter: No such file or directory
/entrypoint.sh: line 321: /init: No error information

docker-compose

version: '3'
services:

  mail:
    container_name: mail
    restart: always
    image: zixia/simple-mail-forwarder:latest
    ports:
      - "25:25"
    volumes:
      - /home/user/mail/certs:/etc/postfix/cert
      - /etc/timezone:/etc/timezone:ro
      - /etc/localtime:/etc/localtime:ro

    environment:
      SMF_CONFIG: "@*****.***:*****@*****.***"
      SMF_DOMAIN: *****.*****.***
      VIRTUAL_HOST: *****.*****.***
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.tcp.routers.mail.entrypoints=mail"
      - "traefik.tcp.routers.mail.service=mail"
      - "traefik.tcp.routers.mail.rule=HostSNI(`*****.*****.***`)"
      - "traefik.tcp.routers.mail.tls=true"
      - "traefik.tcp.routers.mail.tls.certresolver=le"
      - "traefik.tcp.services.mail.loadbalancer.server.port=25"
networks:
  proxy:
    external: true

The latest tag is quite old. We could use a new tagged version!

Stolen from wader/postfix-relay, I propose to add the following line to your entrypoint.sh:

for e in ${!POSTFIX_*} ; do postconf -e "${e:8}=${!e}" ; done

This allows for setting up postfix in a Docker swarm / compose, without having to mount a whole configfile. Usage:

  mail_relay:
    image: zixia/simple-mail-forwarder:1.1
    networks:
      - traefik-public
      - default
    deploy:
      labels:
        - traefik.enable=true
        - traefik.docker.network=traefik-public
        - traefik.constraint-label=traefik-public
        - traefik.tcp.routers.mail_relay.rule=HostSNI(`*`)
        - traefik.tcp.routers.mail_relay.entrypoints=smtp
        - traefik.tcp.routers.mail_relay.service=mail_relay
        - traefik.tcp.services.mail_relay.loadbalancer.server.port=25
    environment:
      - SMF_DOMAIN=domain1.com
      - |
        SMF_CONFIG=
        [email protected]:[email protected];
        [email protected]:[email protected];
      - POSTFIX_myhostname=smtp.domain1.com
      - POSTFIX_relay_domains="domain1.com domain2.com"
      - POSTFIX_smtpd_recipient_restrictions=permit_mynetworks, permit_sasl_authenticated

(note the last three lines)

Hi,
My current DNS provider has a feature that they can forward *@mydomain.com to an email.
Is this possible with your program?
The reason why I need this is because I might give email addresses on the fly. For example, if I'm filing up a survey, I'll put something like <myname>.<surveycompany>@mydomain.com and sure enough, I'll get emails. If they spam me, then I block that email (my incoming email) and avoid any future reselling of that address.

Please let me know if this is possible, as I'm looking for a Docker solution to host my own forwarding.

Thanks!

P.S. Didn't know where else to ask this question, so I created it as an issue

And of couse you could also put other dockers on this same machine. :-D
=>
And of course you could also put other dockers on this same machine. :-D

Hello,

Is it possible to use the incoming arguments as output email?

I would love if I could set an @domain.com config and use the part before the @ as an argument on the forward email. something like bellow. It would help to set an alias email for each client and then when I receive the mail it can be automatically sorted and tag.

SMF_CONFIG='@testo.com:info+$[email protected]'

Thanks.

Hi,
I have configured a system with multiple docker containers and everything is working fine.
Now I'm trying to generate the certificate for a docker container that runs simple-mail-forwarder (I'm using jrcs/letsencrypt-nginx-proxy-companion).

version: '3'
services:
  mailserver:
    image: zixia/simple-mail-forwarder
    container_name: mailserver
    environment:
      - [email protected]:myemail
      - SMF_DOMAIN=mail.domain.org
      - LETSENCRYPT_HOST=mail.domain.org
      - LETSENCRYPT_EMAIL=myprivateemailaddress
    ports:
      - "25:25"
    restart: always

The system cannot generate the certificate for this container

CA marked some of the authorizations as invalid, which likely means it could not access http://example.com/.well-known/acme-challenge/X. 
Did you set correct path in -d example.com:path or --default_root? 
Are all your domains accessible from the internet? Please check your domains' DNS entries, your host's network/firewall setup and your webserver config. If a domain's DNS entry has both A and AAAA fields set up, some CAs such as Let's Encrypt will perform the challenge validation over IPv6. 
If your DNS provider does not answer correctly to CAA records request, Let's Encrypt won't issue a certificate for your domain (see https://letsencrypt.org/docs/caa/). Failing authorizations: https://acme-v02.api.letsencrypt.org/acme/authz-v3/7728213527
Challenge validation has failed, see error log.

I only need to certificate "mail.domain.org".
I already have the cert for "domain.org" and "www.domain.org" in another container.

I am using this docker image for a small site.

From a rails app I am able to workaround this certificate issue by doing OPENSSL_VERIFY_MODE=none

But since I fail to workaround the issue from a wordpress site I dug a littlebit and http://www.checktls.com/perl/TestReceiver.pl help me diagnose:

[000.583]       Connection converted to SSL
[000.600]       
Certificate 1 of 2 in chain:
subject= /C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com
issuer= /C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com                                                
[000.617]       
Certificate 2 of 2 in chain:
subject= /C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com
issuer= /C=US/ST=Matrix/L=L/O=O/CN=simple-mail-forwarder.com   
[000.617]       Cert NOT VALIDATED: self signed certificate
[000.618]       So email is encrypted but the domain is not verified
[000.618]       Cert Hostname DOES NOT VERIFY (mail.myappdomain.com != simple-mail-forwarder.com)
[000.618]       So email is encrypted but the host is not verified  

Maybe https://github.com/zixia/docker-simple-mail-forwarder/blob/master/install/init-openssl.sh#L13 should be use SMF_DOMAIN env variable so the certificate could be validated.

WDYT?

Now docker can Building Multi-Architecture Docker Images With Buildx which is very nice.

We use a different branch/tag for armhf support in the past, I believe it's time to use the latest docker buildx technology now.

Related to: #52 #9