TLS issue - Githubissues

alterrebe / docker-mail-relay

Postfix Mail Relay in a Docker container

MIT License

70 stars 40 forks source link

TLS issue #7

Open jeanfabrice opened 7 years ago

jeanfabrice commented 7 years ago

Hi,

Neither alpine nor ca-certificates package provide ssl certificate and private key used in your postfix main.cf template

Since smtpd_use_tls is set to true, the postfix daemon reply with :

454 4.7.0 TLS not available due to local problem

to a STARTLS command, which may fool some SMTP client libraries.

Without any ssl certificates, you should defaultly set smtpd_use_tls to false, in order to have Postfix reply with a proper

502 5.5.1 Error: command not implemented

to STARTLS

witten commented 6 years ago

As a work-around, I've found that you can mount /etc/ssl as a (read-only) volume from the host into the container, assuming that you have the missing cert path present on your host.

bersace commented 6 years ago

For the record, i had to create Debian snakeoil self-signed certificate on host with:

# openssl req  -new -x509 -days 3650 -nodes -sha256 -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key

Then setup the containir with :

services:
  smtp:
    image: alterrebe/postfix-relay
    restart: always
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /usr/share/ssl:/usr/share/ssl:ro
    - /usr/share/ca-certificates:/usr/share/ca-certificates:ro