Is it possible to run postfix in a container (e.g. docker, red-hot)?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Is it possible to run postfix in a container (e.g. docker, red-hot)?

Gerben Wierda
Simple question:

Is it possible to run postfix in a container (e.g. docker, red-hot)? 

I’m looking into a new platform for my postfix as my current platform (macOS High Sierra + Server with Apple-provided postfix) is end-of-life. I must either get postfix to run on macOS Mojave natively, or get it to run on some other platform. For other platforms, I am looking into platforms that will self-update (a bit like macOS) such as RedHat Fedora Core to minimise maintenance efforts. So I’m looking into running a VM on my macOS with some sort of Linux, potentially using containers to facilitate more easy migration in the future. Hence the question.
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to run postfix in a container (e.g. docker, red-hot)?

James Brown
On 7 Aug 2019, at 5:32 pm, Gerben Wierda <[hidden email]> wrote:

Simple question:

Is it possible to run postfix in a container (e.g. docker, red-hot)? 

I’m looking into a new platform for my postfix as my current platform (macOS High Sierra + Server with Apple-provided postfix) is end-of-life. I must either get postfix to run on macOS Mojave natively, or get it to run on some other platform. For other platforms, I am looking into platforms that will self-update (a bit like macOS) such as RedHat Fedora Core to minimise maintenance efforts. So I’m looking into running a VM on my macOS with some sort of Linux, potentially using containers to facilitate more easy migration in the future. Hence the question.

I’ve got Postfix, Dovecot etc running on Mojave via Homebrew.

But it looks like MacPorts is a better way to go.

Post on Homebrew forum:

essandess Steve Smith 
August 2

I used MacPorts to provide a basic, working, configurable mail server on macOS:

sudo port install mail-server
port notes mail-server
sudo port load mail-server

This mail server uses postfix for the MTA, dovecot for the MDA, solr for fast search, Rspamd for a milter, and clamav for email virus scanning. These are all installed and configured automatically when mail-server is installed. Surrogate TLS and DKIM configurations are created during the installation; these must be changed prior to deployment. The configuration files in this port are a combination of macOS Server version 5.7’s Mail server setup, with many newer capabilities added. See the individual projects for configuration details, as well as online guides, e.g. mail-server-guide, and the MacPorts mail-server Portfile itself:

port notes mail-server
less `port file mail-server`
port contents mail-server

Users must reconfigure the mail-server installation for their own system, network, and security model specifics by editing all necessary files and checking file permissions. Full deployment also requires a working DNS configuration on both the LAN and the internet (pre installed with mail-server), including SPF, DMARC, and DKIM records, trusted TLS certificates, port forwarding, possibly a mail relay, and more.

I looked into Homebrew and see that its security model is incompatible with running a secure mail server. All of the tools in a mail server must be installed and controlled securely at the system level with sudo. Homebrew avoids sudo by taking over permissions in /usr/local. This won’t work in a mail server.

For more details on the issues that can arise with Homebrew’s approach, I agree with much of the criticism in this post: https://saagarjha.com/blog/2019/04/26/thoughts-on-macos-package-managers/. Take this into account when configuring your own mail server.

Hope that helps.

James.
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to run postfix in a container (e.g. docker, red-hot)?

Wietse Venema
In reply to this post by Gerben Wierda
Gerben Wierda:
> Simple question:
>
> Is it possible to run postfix in a container (e.g. docker, red-hot)?

Postfix 3.4 supports PID=1 mode, and has a postlogd daemon that can
write logging to file or stdout.

It's still possible to run Postfix on MacOS; Viktor has occasional
guidance. MacOS is not syslog-friendly; the new postlogd provides
a syslogd alternative.

        Wietse

> I?m looking into a new platform for my postfix as my current platform (macOS High Sierra + Server with Apple-provided postfix) is end-of-life. I must either get postfix to run on macOS Mojave natively, or get it to run on some other platform. For other platforms, I am looking into platforms that will self-update (a bit like macOS) such as RedHat Fedora Core to minimise maintenance efforts. So I?m looking into running a VM on my macOS with some sort of Linux, potentially using containers to facilitate more easy migration in the future. Hence the question.
>
> Gerben Wierda
> Chess and the Art of Enterprise Architecture <http://enterprisechess.com/>
> Mastering ArchiMate <http://masteringarchimate.com/>
> Architecture for Real Enterprises <https://www.infoworld.com/blog/architecture-for-real-enterprises/> at InfoWorld
> On Slippery Ice <https://eapj.org/on-slippery-ice/> at EAPJ
>
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to run postfix in a container (e.g. docker, red-hot)?

Ralph Seichter-2
In reply to this post by Gerben Wierda
* Gerben Wierda:

> I must either get postfix to run on macOS Mojave natively, or get it
> to run on some other platform.

MacPorts [1] offers an easy way to run Postfix natively on macOS. The
installation target is /opt/local, so there is no collision with older
versions provided by Apple. MacPorts packages Postfix version 3.4.6 at
the time I am writing this, meaning one can use postlogd to circumvent
Apple's weird logging. New Postfix releases are usually made available
within days.

[1] https://www.macports.org/ports.php?by=name&substr=postfix

-Ralph
Reply | Threaded
Open this post in threaded view
|

Re: Is it possible to run postfix in a container (e.g. docker, red-hot)?

A. Schulze
In reply to this post by Gerben Wierda


Am 07.08.19 um 09:32 schrieb Gerben Wierda:
> Is it possible to run postfix in a container (e.g. docker, red-hot)?

Yes, since postfix-3.4 you could start postfix with "postfix start-fg"
If you also set "maillog_file = /dev/stdout" in main.cf, any log will go to stdout which is the preferred "docker way"

We use this setup since a year or so, handover all logs to splunk and also this works like expected.

some advise:

 - do not use multi-instance setup -> use multiple container
 - make $(postconf data_directory) and $(postconf queue_directory) persistent volumes, separate per container
 - $(postconf config_directory) could be mounted read only
 - docker healthcheck can be used to monitor the number of items in a deferred queue
 - "postfix reload" works

-> works, give it a try :-)

Andreas