compose/postfix-relay/entrypoint.sh

#!/usr/bin/env sh
set -e

[ -z "$SMTP_USERNAME" ] || [ -z "$SMTP_PASSWORD" ] && {
	echo "SMTP_USERNAME and SMTP_PASSWORD _must_ be defined" >&2
	exit 1
}
if [ -n "$RECIPIENT_RESTRICTIONS" ]; then
	RECIPIENT_RESTRICTIONS="inline:{$(echo "$RECIPIENT_RESTRICTIONS" | sed 's/\s\+/=OK, /g')=OK}"
else
	RECIPIENT_RESTRICTIONS=static:OK
fi

export SMTP_USERNAME SMTP_PASSWORD RECIPIENT_RESTRICTIONS
export HOSTNAME="${HOSTNAME:-"postfix"}"
export SMTP_HOST="${SMTP_HOST:-"smtp.office365.com"}"
export SMTP_PORT="${SMTP_PORT:-"587"}"
export ACCEPTED_NETWORKS="${ACCEPTED_NETWORKS:-"192.168.0.0/16 172.16.0.0/12 10.0.0.0/8"}"

cat <<- EOF > /etc/postfix/main.cf
	#
	# Just the bare minimal
	#

	# write logs to stdout
	maillog_file = /dev/stdout

	# network bindings
	inet_interfaces = all
	inet_protocols = ipv4

	# general params
	compatibility_level = 3.6
	myhostname = $HOSTNAME
	mynetworks = 127.0.0.0/8 [::1]/128 $ACCEPTED_NETWORKS
	relayhost = [$SMTP_HOST]:$SMTP_PORT

	# smtp-out params
	smtp_sasl_auth_enable = yes
	smtp_sasl_password_maps = static:$SMTP_USERNAME:$SMTP_PASSWORD
	smtp_sasl_security_options = noanonymous
  smtp_tls_security_level = may
	smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
	smtp_tls_session_cache_database = lmdb:\$data_directory/smtp_scache

	# RCPT TO restrictions
	smtpd_recipient_restrictions = check_recipient_access $RECIPIENT_RESTRICTIONS, reject

	# some tweaks
	biff = no
	delay_warning_time = 1h
	mailbox_size_limit = 0
	readme_directory = no
	recipient_delimiter = +
	smtputf8_enable = no
	EOF

newaliases

rm -f /var/spool/postfix/pid/*.pid
exec postfix -c /etc/postfix start-fg