From 6e7cdc21ce1eeacab6845bf43e077b20f93a68a0 Mon Sep 17 00:00:00 2001
From: jasper <jasperleuveld@gmail.com>
Date: Wed, 19 Nov 2025 09:55:56 +0100
Subject: [PATCH] Add postfix/compose.yaml

---
 postfix/compose.yaml | 57 ++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 postfix/compose.yaml

diff --git a/postfix/compose.yaml b/postfix/compose.yaml
new file mode 100644
index 0000000..8adf717
--- /dev/null
+++ b/postfix/compose.yaml
@@ -0,0 +1,57 @@
+services:
+  smtp-relay:
+    image: boky/postfix:4.4.0-alpine        # lichte, recente Alpine build 
+    container_name: smtp-relay
+    restart: unless-stopped
+
+    # Alleen intern publiceren (pas IP aan naar de host waar deze stack draait)
+    ports:
+      - "192.168.2.2:587:587"
+
+    environment:
+      TZ: Europe/Amsterdam
+
+      # Hostname in SMTP banner
+      POSTFIX_myhostname: relay.japnet.nl
+
+      # Brevo SMTP relay
+      RELAYHOST: "[smtp-relay.brevo.com]:587"
+      RELAYHOST_USERNAME: "${BREVO_SMTP_USER}"
+      RELAYHOST_PASSWORD: "${BREVO_SMTP_PASS}"
+
+      # Alleen jouw domeinen mogen als afzender
+      ALLOWED_SENDER_DOMAINS: "japnet.nl,notify.japnet.nl"
+
+      # Alleen jouw LAN/VLANs mogen relayed worden
+      POSTFIX_mynetworks: "127.0.0.0/8 192.168.2.0/24 10.0.50.0/24 10.0.60.0/24"
+
+    volumes:
+      # Postfix heeft schrijfruimte nodig; die doen we in named volumes
+      - mail_spool:/var/spool/postfix
+      - mail_etc:/etc/postfix
+      - mail_dkim:/etc/opendkim/keys
+
+    # Harden waar het kan
+    read_only: true
+    tmpfs:
+      - /tmp
+      - /var/run
+    security_opt:
+      - no-new-privileges:true
+
+    logging:
+      driver: json-file
+      options:
+        max-size: "10m"
+        max-file: "3"
+
+    healthcheck:
+      test: ["CMD", "postfix", "status"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+volumes:
+  mail_spool:
+  mail_etc:
+  mail_dkim: