58 lines
1.4 KiB
YAML
58 lines
1.4 KiB
YAML
services:
|
|
smtp-relay:
|
|
image: boky/postfix:4.4.0-alpine # lichte, recente Alpine build
|
|
container_name: smtp-relay
|
|
restart: unless-stopped
|
|
|
|
# Alleen intern publiceren (pas IP aan naar de host waar deze stack draait)
|
|
ports:
|
|
- "192.168.2.2:587:587"
|
|
|
|
environment:
|
|
TZ: Europe/Amsterdam
|
|
|
|
# Hostname in SMTP banner
|
|
POSTFIX_myhostname: relay.japnet.nl
|
|
|
|
# Brevo SMTP relay
|
|
RELAYHOST: "[smtp-relay.brevo.com]:587"
|
|
RELAYHOST_USERNAME: "${BREVO_SMTP_USER}"
|
|
RELAYHOST_PASSWORD: "${BREVO_SMTP_PASS}"
|
|
|
|
# Alleen jouw domeinen mogen als afzender
|
|
ALLOWED_SENDER_DOMAINS: "japnet.nl notify.japnet.nl"
|
|
|
|
# Alleen jouw LAN/VLANs mogen relayed worden
|
|
POSTFIX_mynetworks: "127.0.0.0/8 192.168.2.0/24 10.0.50.0/24 10.0.60.0/24"
|
|
|
|
volumes:
|
|
# Postfix heeft schrijfruimte nodig; die doen we in named volumes
|
|
- mail_spool:/var/spool/postfix
|
|
- mail_etc:/etc/postfix
|
|
- mail_dkim:/etc/opendkim/keys
|
|
|
|
# Harden waar het kan
|
|
# read_only: true
|
|
tmpfs:
|
|
- /tmp
|
|
- /var/run
|
|
security_opt:
|
|
- no-new-privileges:true
|
|
|
|
logging:
|
|
driver: json-file
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "3"
|
|
|
|
healthcheck:
|
|
test: ["CMD", "postfix", "status"]
|
|
interval: 30s
|
|
timeout: 5s
|
|
retries: 3
|
|
|
|
volumes:
|
|
mail_spool:
|
|
mail_etc:
|
|
mail_dkim:
|