TLS issue

[jeanfabrice]

Hi,

Neither alpine nor ca-certificates package provide ssl certificate and private key used in your postfix main.cf template

Since smtpd_use_tls is set to true, the postfix daemon reply with :

454 4.7.0 TLS not available due to local problem

to a STARTLS command, which may fool some SMTP client libraries.

Without any ssl certificates, you should defaultly set smtpd_use_tls to false, in order to have Postfix reply with a proper

502 5.5.1 Error: command not implemented

to STARTLS

[witten]

As a work-around, I've found that you can mount /etc/ssl as a (read-only) volume from the host into the container, assuming that you have the missing cert path present on your host.

[bersace]

For the record, i had to create Debian snakeoil self-signed certificate on host with:

# openssl req  -new -x509 -days 3650 -nodes -sha256 -out /etc/ssl/certs/ssl-cert-snakeoil.pem -keyout /etc/ssl/private/ssl-cert-snakeoil.key

Then setup the containir with :

services:
  smtp:
    image: alterrebe/postfix-relay
    restart: always
    volumes:
    - /etc/ssl:/etc/ssl:ro
    - /usr/share/ssl:/usr/share/ssl:ro
    - /usr/share/ca-certificates:/usr/share/ca-certificates:ro