smtp-relay/docker-compose-oauth2.yml at main · mirawara/smtp-relay · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
services:
  smtp-relay:
    build: .  # Build image from Dockerfile in the current directory
    container_name: smtp_relay

    environment:
      # === Downstream SMTP Relay Configuration (e.g. external SMTP proxy) ===
      RELAY_HOST: "email-oauth2-proxy"           # Hostname of the downstream SMTP relay (another container or external server)
      RELAY_PORT: "2465"                         # Port for the relay (e.g. 587 for STARTTLS, 465 for SMTPS, 25 for plain)
      RELAY_USERNAME: "relay_user@example.com"   # Username for authenticating with the SMTP relay
      RELAY_PASSWORD: "your_relay_password"      # Password for the above user
      RELAY_AUTH_METHOD: "plain"                 # Protocol to use: "plain", "starttls", or "smtps"

      # === Incoming SMTP Client Authentication ===
      INCOMING_AUTH_METHOD: "smtps"              # Accepted auth method from clients: "plain", "starttls", or "smtps"
      INCOMING_USERNAME: "smtp_client_user"      # Username that clients must use to authenticate to this relay
      INCOMING_PASSWORD: "smtp_client_password"  # Password that clients must use
      REALM: "example.com"                       # Optional SASL authentication realm

    ports:
      # === Expose SMTP Ports for Client Access ===
      - "2525:25"     # Use if INCOMING_AUTH_METHOD is "plain" or "starttls" (STARTTLS operates over port 25)
      - "2465:465"    # Use if INCOMING_AUTH_METHOD is "smtps" (Implicit TLS on port 465)

    volumes:
      # === TLS Certificates for Secure Connections ===
      - "./fullchain.pem:/etc/ssl/certs/fullchain.pem:ro"     # Public certificate chain
      - "./privkey.pem:/etc/ssl/private/privkey.pem:ro"       # Private key file

      # === (Optional) Persistent Postfix Mail Queue ===
      - "smtp-spool:/var/spool/postfix"

    restart: unless-stopped  # Restart unless the container is manually stopped

  email-oauth2-proxy:
    image: email-oauth2-proxy  # Use a pre-built image for OAuth2-to-SMTP proxying
    container_name: email-oauth2-proxy
    hostname: email-oauth2-proxy
    restart: always  # Always restart this service unless explicitly stopped

    volumes:
      # === Configuration and Credentials for OAuth2 Proxy ===
      - ./config/emailproxy.config:/emailproxy.config           # Main config file
      - ./config/secret.json:/config/secret.json                # Credentials/secrets for OAuth2 authentication

# === Volume Definition ===
volumes:
  smtp-spool:  # Volume to persist Postfix mail queue across restarts