Support relayhost authentication

[buxm]

Setting a relayhost (RELAY_HOST variable) is helpful in case of blacklisted IP address or blocked outbound port 25, which are common scenarios when using cloud instances/VPSs. You can use your ISP's mail server or an email service such as AWS SES, SendGrid, Mailjet, Mailgun (as recommended by AWS, Azure, GCP, e.g. https://cloud.google.com/compute/docs/tutorials/sending-mail). However in most cases these services require authentication, i.e. a username and password.

Please support relay host authentication using appropriate variables/secrets to specify the relay host username and password.

[tarkilhk]

Hello,

I am stuck at the exact same place in my self hosting setup, can't send outgoing email because I cannot authenticate to my ISP SMTP server... Any chance this would be considered please ?

[buxm]

I am stuck at the exact same place in my self hosting setup, can't send outgoing email because I cannot authenticate to my ISP SMTP server... Any chance this would be considered please ?

@tarkilhk For the time being I had to resort to installing and configuring postfix on the docker host according to the instructions on https://github.com/simple-login/app Obviously it would be a lot cleaner and easier to set up using simplelogin-postfix-docker, if relay authentication could be configured.

[smargold476]

Hi @buxm @tarkilhk are you still using the simplelogin-postfix-docker project? Looks like nobody is maintaining that project? Do you have any Information? Regards

[rehanone]

I do still use this image in my self hosted setup and it works well for me. I will check if we can update the base image to the latest version first. Unfortunately I am not familiar with the variables discussed here but if someone can explain them to me, I maybe able to add them in this image.

[smargold476]

Okay nice, i decided to clone that project docker-mailserver and try to configure everything to get simplelogin to work with that backend... Someone have a hint, if it is better to clone the docker-mailserver project and change everything or make a "howto" with the needed overrides in the config (see optional docker-mailserver config) ?

[buxm]

Hi @smargold476 I am not using simplelogin-postfix-docker project because I am testing a similar but different application (Anonaddy). Anyway in my case using an SMTP relay with authentication is mandatory, so I would struggle with simplelogin-postfix-docker project. Of course, as you seem to suggest, I could map the postfix config file(s) in the container to config file(s) on the host and customize them to use an SMTP relay with authentication. However this would be more complex since I am not familiar with postfix config files and I would have to learn my way through it.

To answer your last question, if I correctly get it, from a "user" perspective of course the ideal solution would be to have a container image based on docker-mailserver but already configured to work with SimpleLogin. Then ideally I would want a handful of environment variables that I can set to configure the container for my specific environment, such as those already supported by simplelogin-postfix-docker:

• ALIASES_DEFAULT_DOMAIN
• DB_HOST
• DB_USER
• DB_PASSWORD
• DB_NAME
• EMAIL_HANDLER_HOST
• LETSENCRYPT_EMAIL
• POSTFIX_FQDN
• SSL_CERT_FOLDER

and the others that are already supported by docker-mailserver. In my case I would be particularly interested in:

• RELAY_HOST
• RELAY_PORT
• RELAY_USER
• RELAY_PASSWORD

(see https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/relay-hosts/)

Ideally I would also like support for Docker secrets friendly variables such as:

• RELAY_USER_FILE
• RELAY_PASSWORD_FILE

which I'm not sure are already supported by docker-mailserver

That would make things a lot easier compared to a how to. Also because in the latter case I would need to map the docker-mailserver config files to the docker host and tinker with them (carefully, to avoid messing up the compatibility with SimpleLogin).

[tarkilhk]

FYI, I forked the default simplelogin postfix image, and added necessary parameters to pass login and password in docker compose to authenticate to ISP. I'm absolutely no expert of any of this by any means, but feel free to have a look at my modified repo and reuse if you want (no guarantees whatsoever xD) : https://github.com/tarkilhk/simplelogin-postfix-docker. (I should precise that it works fine for me !)

Or if you're adventurous, you can try to directly pull the image from https://hub.docker.com/repository/docker/tarkilhk/simplelogin-postfix-withauth

Please note that I changed some other part, some extra parameters in docker compose where I can specify a path to a certificate (I don't want to use the self generated letsencrypt certificate inside the image, as I already have my own certificates, so I'm allowing a parameter to just path a path/to/my/certificate as parameter, and tweaked postfix to read it from that path instead of where its own process would try to generate it)

[smargold476]

Hi @smargold476 I am not using simplelogin-postfix-docker project because I am testing a similar but different application (Anonaddy). [...]

@buxm Maybe you can tell us what advantages you see by anonaddy vs simplelogin?

At the moment I try to get docker-mailserver up and running. after that I'll guess forking the project or add a to the original project that activate simplelogin/anonaddy-support would be very nice.

Regards

[rehanone]

Please note that I changed some other part, some extra parameters in docker compose where I can specify a path to a certificate (I don't want to use the self generated letsencrypt certificate inside the image, as I already have my own certificates, so I'm allowing a parameter to just path a path/to/my/certificate as parameter, and tweaked postfix to read it from that path instead of where its own process would try to generate it)

It seems to me like duplicate of what this image already supported using SSL_CERT_FOLDER variable.

This image works in two modes. It can get a new cert/key using certbot or you can mount a directory using SSL_CERT_FOLDER variable. I am using the later option at it works. Also I added support for docker secrets as well. All is documented in the readme file.

[buxm]

@smargold476 anonaddy and simplelogin are pretty similar. At the moment I am slightly in favour of anonaddy because:

• slightly lower memory footprint (so it's easier to fit into smaller cheaper cloud instances)
• quite consistent docker support. While simplelogin-postfix-docker had limited support for authenticated smtp relay and its image on Docker Hub doesn't support arm64 architecture

functionality wise they are pretty similar -- I like the Anonaddy UX a bit better when I have to send an email from an alias: I can use the web interface, select the alias and then write actual the recipient to obtain a reverse alias recipient - or I can also make up the reverse alias recipient myself by following some standard rules. With SimpleLogin I seem to be forced to use the web interface, first add a new contact (stored on the db) and then copy its reverse alias. The reverse alias contains some random character, so I cannot make it up myself.

Very subtle differences, I think they are both solid applications that provide the exact set of functionalities needed for keeping your email address private. I don't think you'd go wrong with either.

SimpleLogin also has "Sign in with SimpleLogin", for which I cannot figure out any sensible use for myself. Unless it becomes as widely adopted by web apps as "Sign in with Google" or "Sign in with Facebook", which I highly doubt.

SimpleLogin now belongs to Proton, which might mean better chances of long term support than Anonaddy (still run by an individual developer). But it's still early stages: it doesn't seem yet integrated with the Proton suite of services, so Proton could drop it any time with nearly 0 impact apart the already sunk cost of the acquisition.

[tarkilhk]

It seems to me like duplicate of what this image already supported using SSL_CERT_FOLDER variable.

This image works in two modes. It can get a new cert/key using certbot or you can mount a directory using SSL_CERT_FOLDER variable. I am using the later option at it works. Also I added support for docker secrets as well. All is documented in the readme file.

You're absolutely right... For whatever reason, I did not see that... I will remove back to this part from my fork. Thanks for the comment ! :) I will soon republish code + image which will only contain the authentication to RELAY_HOST part for those who might be interested.

[rehanone]

@tarkilhk Forking is definitely an option but may I suggest that you consider making minimal changes required to support the functionality you need and get it merged into this repo after testing. Surely it is a bit more work but in the long run it's the right thing to do.

This repo is not abandoned by the developers and if they see good contribution from you, they will merge it. That will benefit everyone and make this repo more viable choice for the entire community.

[tarkilhk]

That's an excellent suggestion, but I am no developer, I'm merely tinkering with things... Not sure my PR would be worth much... ^^ Anyways, I'll propose it nonetheless, worse case the SimpleLogin guys can suggest improvements to it if needed as well !

[smargold476]

suggest close because of #17

Thanks @tarkilhk

[buxm]

@smargold476 sure! I did also have a go with #17 a couple of months ago and it did work. But I had totally forgotten about this issue when I got back to tinkering with SimpleLogin after quite a while. Many thanks @tarkilhk, great job!