Set Up Your Own Postfix SMTP Relay with Docker Compose

Imagine having a reliable email relay system under your control - no more dependence on external SMTP servers, no more unnecessary costs, and complete autonomy over your email flow. Whether you are managing a small development environment or want a robust solution for forwarding emails, setting up your own SMTP relay using Docker Compose is the way to go.

Why Set Up an SMTP Relay?

Emails are the heartbeat of any IT infrastructure - alerts, notifications, transactional messages - they all depend on a stable SMTP server. But relying on third-party services can become costly and difficult to troubleshoot. Here's where setting up your own SMTP relay with Docker becomes a game changer:

• You want full control over your email routing and security
• You need to relay emails to the outside world while keeping things tightly secured
• You're looking for a cost-effective solution with minimal setup hassle

Step 1: Setting Up the Docker Compose File

Create a file named docker-compose.yml in your project directory:

services:
  smtp:
    image: mwader/postfix-relay
    container_name: postfix-relay
    restart: always
    environment:
      - SASL_Passwds=/etc/postfix/sasl/sasl_passwds
      - POSTFIX_myhostname=smtp.example.com
      - OPENDKIM_DOMAINS=smtp.example.com
      - POSTFIX_smtpd_sasl_auth_enable=yes
      - POSTFIX_cyrus_sasl_config_path=/etc/postfix/sasl
      - POSTFIX_smtpd_sasl_security_options=noanonymous
      - POSTFIX_smtpd_relay_restrictions=permit_sasl_authenticated,reject
      - TZ=Europe/Amsterdam
      - RSYSLOG_LOG_TO_FILE=yes
      - RSYSLOG_TIMESTAMP=yes
      - RSYSLOG_REMOTE_HOST=syslog.example.com
      - RSYSLOG_REMOTE_PORT=514
    volumes:
      - ./passwd_file/passwd_file:/etc/postfix/sasl/sasl_passwds
      - opendkim_keys:/etc/opendkim/keys
      - var_log:/var/log
    ports:
      - "25:25"
    networks:
      - traefik-proxy
    healthcheck:
      test: timeout 10s bash -c ':> /dev/tcp/127.0.0.1/25' || exit 1
      interval: 10s
      timeout: 5s
      retries: 3
      start_period: 90s

networks:
  traefik-proxy:
    external: true

volumes:
  opendkim_keys:
    external: true
  var_log:
    external: true

Step 2: Preparing for Deployment

Create Required Directories

mkdir -p passwd_file opendkim_keys var_log

Create a SASL Password File

echo "myuser:"`docker run --rm mwader/postfix-relay mkpasswd -m sha-512 "mypassword"` >> passwd_file/passwd_file

Configure Volumes

docker volume create opendkim_keys
docker volume create var_log
mkdir -p ./sasl_passwd

Step 3: DKIM - Enhancing Email Security

When you start the container for the first time, it will generate DKIM keys. To add these to your DNS:

docker exec postfix-relay sh -c 'cat /etc/opendkim/keys/*/*.txt'

You'll see output like:

mail._domainkey.example.com. IN TXT ( "v=DKIM1; h=sha256; k=rsa; " "p=PUBLIC_KEY_HERE" )

Add this DNS record to your domain's DNS settings.

Step 3.1: SPF - Ensuring Reliable Email Delivery

Add the following TXT record to your domain's DNS:

v=spf1 ip4:YOUR_SERVER_IP ~all

Replace YOUR_SERVER_IP with the IP address of your SMTP server.

Step 4: Launch Your SMTP Relay Server

docker-compose up -d

Step 5: Testing Your SMTP Relay

echo "Subject: Test Email" | sendmail -v recipient@domain.com

If everything is configured correctly, the email will be delivered with a proper DKIM signature.

Conclusion

You've successfully set up your own SMTP relay server using Docker Compose. This setup gives you full control over your emails and ensures reliable, authenticated delivery across your infrastructure. The beauty of using Docker is the repeatability - once this Compose file is in place, deploying an SMTP relay becomes a simple, predictable process.