Use different port for dovecot auth

Signed-off-by: René Jochum <rene@jochum.dev>

Readme.md

@@ -12,7 +12,7 @@ ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO postfix;
 
 ## Environment variables
 
-- DOVECOT_HOST - if not given it will be `dovecot`
+- DOVECOT_HOST - if not given it will be `dovecot:12345`
 - MYDOMAIN
 - SUBNET
 - RELAYNETS

conf/main.cf.jinja

@@ -2,6 +2,7 @@ compatibility_level=2
 
 # basic domain settings
 myhostname = {{ HOSTNAME }}
+mailname = {{ HOSTNAME }}
 mydomain = {{ MYDOMAIN }}
 mydestination = $myhostname, localhost
 # mynetworks = 192.168.1.0/24, 127.0.0.0/8
@@ -15,7 +16,7 @@ relayhost = {{ RELAYHOST }}
 
 # enable auth via Dovecot
 smtpd_sasl_auth_enable = yes
-smtpd_sasl_path = inet:{{ DOVECOT_HOST }}:2525
+smtpd_sasl_path = inet:{{ DOVECOT_HOST }}
 smtpd_sasl_type = dovecot
 
 message_size_limit = 52428800
@@ -39,7 +40,7 @@ smtpd_tls_auth_only = yes
 smtpd_tls_security_level = encrypt
 smtpd_tls_key_file = /cert/tls.key
 smtpd_tls_cert_file = /cert/tls.crt
-smtpd_tls_CAfile = /cert/ca.crt
+#smtpd_tls_CAfile = /cert/ca.crt
 
 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 
@@ -48,9 +49,12 @@ smtp_tls_security_level = encrypt
 
 # security and basic spam protection
 smtpd_recipient_restrictions =
+               reject_unauth_destination
+               reject_non_fqdn_recipient
+               reject_unknown_recipient_domain
                permit_sasl_authenticated
                permit_mynetworks
-               reject_unauth_destination
+               reject
 smtpd_relay_restrictions =
                permit_mynetworks
                permit_sasl_authenticated

conf/master.cf.jinja

@@ -8,7 +8,7 @@ smtp      inet  n       -       n       -       -       smtpd
 submission inet n       -       n       -       -       smtpd
   -o smtpd_enforce_tls=yes
   -o smtpd_sasl_auth_enable=yes
-  -o smtpd_client_restrictions=permit_sasl_authenticated,reject
+  -o smtpd_client_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject
 
 # Expose 465
 smtps     inet  n       -       y       -       -       smtpd

start.py

@@ -24,7 +24,7 @@ if "MESSAGE_SIZE_LIMIT" not in os.environ:
     os.environ["MESSAGE_SIZE_LIMIT"] = 52428800
 
 if "DOVECOT_HOST" not in os.environ:
-    os.environ['DOVECOT_HOST'] = 'dovecot'
+    os.environ['DOVECOT_HOST'] = 'dovecot:12345'
 
 for postfix_file in glob.glob("/conf/**/**.cf", recursive=True):
     p = pathlib.Path(postfix_file)