9e21e1e669
Postfix relay image with Cyrus SASL (sasldb2) authentication. Replaces mwader/postfix-relay with a controlled image built via Kaniko and stored in Harbor. Credentials injected from Vault ExternalSecret at startup.
35 lines
1.1 KiB
Bash
35 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
set -euo pipefail
|
|
|
|
# Required (from ExternalSecret)
|
|
: "${RELAY_AUTH_USER:?Missing RELAY_AUTH_USER}"
|
|
: "${RELAY_AUTH_PASS:?Missing RELAY_AUTH_PASS}"
|
|
: "${RELAY_AUTH_DOMAIN:?Missing RELAY_AUTH_DOMAIN}"
|
|
|
|
# Optional hostname override
|
|
if [ -n "${POSTFIX_MYHOSTNAME:-}" ]; then
|
|
echo "${POSTFIX_MYHOSTNAME}" > /etc/mailname
|
|
postconf -e "myhostname=${POSTFIX_MYHOSTNAME}"
|
|
fi
|
|
|
|
# Create SASL user in sasldb2
|
|
echo "${RELAY_AUTH_PASS}" | saslpasswd2 -p -c -u "${RELAY_AUTH_DOMAIN}" "${RELAY_AUTH_USER}"
|
|
|
|
chown root:sasl /etc/sasldb2 2>/dev/null || true
|
|
chmod 640 /etc/sasldb2 2>/dev/null || true
|
|
|
|
# Postfix spool directories (required inside container)
|
|
mkdir -p /var/spool/postfix /var/lib/postfix
|
|
chown root:root /var/spool/postfix
|
|
chmod 755 /var/spool/postfix
|
|
|
|
mkdir -p /var/spool/postfix/public /var/spool/postfix/maildrop
|
|
chown root:postdrop /var/spool/postfix/public /var/spool/postfix/maildrop
|
|
chmod 1730 /var/spool/postfix/public /var/spool/postfix/maildrop
|
|
|
|
mkdir -p /var/spool/postfix/pid
|
|
chown root:root /var/spool/postfix/pid
|
|
chmod 755 /var/spool/postfix/pid
|
|
|
|
exec postfix start-fg
|