From 2ca5e6a02016589557bc1198ceb22c39fe8ff725 Mon Sep 17 00:00:00 2001 From: Andrew Cutler Date: Tue, 4 Nov 2025 16:56:31 +1100 Subject: [PATCH 1/6] Fix race condition with /var/log/s6-maillog/current not existing when postfix_exporter starting --- s6/postfix_exporter/run | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/s6/postfix_exporter/run b/s6/postfix_exporter/run index 2092aa1..cfabb2e 100755 --- a/s6/postfix_exporter/run +++ b/s6/postfix_exporter/run @@ -14,6 +14,10 @@ if [[ "${POSTFIX_EXPORTER_ENABLED}" == "true" ]] && [[ "${LOGOUTPUT}" != "/dev/s elif [[ "${POSTFIX_EXPORTER_ENABLED}" == "true" ]]; then s6-svwait -u /etc/s6/postfix/log echo "postfix_exporter >> Starting postfix_exporter" + while [ ! -f /var/log/s6-maillog/current ]; do + echo "postfix_exporter >> waiting for /var/log/s6-maillog/current to be created" + sleep 1 + done exec s6-setuidgid postfix postfix_exporter --postfix.logfile_path=/var/log/s6-maillog/current fi From 64bed83e46fb94a0ce60d418da2f0420a090cd1e Mon Sep 17 00:00:00 2001 From: Andrew Cutler Date: Tue, 4 Nov 2025 18:40:36 +1100 Subject: [PATCH 2/6] config-reloader: fix potential race condition on startup --- s6/config-reloader/run | 21 ++++++++++++++------- 1 file changed, 14 insertions(+), 7 deletions(-) diff --git a/s6/config-reloader/run b/s6/config-reloader/run index a4ca461..2ee9b84 100755 --- a/s6/config-reloader/run +++ b/s6/config-reloader/run @@ -4,19 +4,26 @@ : "${CONFIG_RELOADER_ENABLED:=false}" +watch_files=( + "${TLS_CRT:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" + "${TLS_KEY:-/etc/ssl/private/ssl-cert-snakeoil.key}" + "${CLIENT_TLS_KEY:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" + "${CLIENT_TLS_CRT:-/etc/ssl/private/ssl-cert-snakeoil.key}" +) + if [[ "${CONFIG_RELOADER_ENABLED}" != "true" ]]; then echo "config-reloader >> Config reloader is not being started" s6-svc -d "$(pwd)" exit +else + for file in "${watch_files[@]}"; do + while [ ! -f "$file" ]; do + echo "config-reloader >> Waiting for file to be created: $file" + sleep 1 + done + done fi -watch_files=( - "${TLS_CRT:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" - "${TLS_KEY:-/etc/ssl/private/ssl-cert-snakeoil.key}" - "${CLIENT_TLS_KEY:-/etc/ssl/certs/ssl-cert-snakeoil.pem}" - "${CLIENT_TLS_CRT:-/etc/ssl/private/ssl-cert-snakeoil.key}" -) - # Start infinite loop while true; do postfix reload From 228ac3aabca3206e56c3b7e8ba6d913c2478c7cd Mon Sep 17 00:00:00 2001 From: Andrew Cutler Date: Tue, 4 Nov 2025 18:52:38 +1100 Subject: [PATCH 3/6] Update to Trixie, remove legacy config settings, and direct usage of configure scripts, spool cache no longer required --- Dockerfile | 7 +++---- s6/postfix/run | 21 ++------------------- 2 files changed, 5 insertions(+), 23 deletions(-) diff --git a/Dockerfile b/Dockerfile index 9e274e2..76565ad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ RUN set -x \ # Postfix SMTP Relay -# Debian Bookworm -FROM debian:12 +# Debian Trixie +FROM debian:13 EXPOSE 25 587 2525 @@ -33,7 +33,7 @@ RUN set -x \ RUN set -x \ && export DEBIAN_FRONTEND=noninteractive \ && apt-get update \ - && apt-get install -y --no-install-recommends postfix mailutils busybox-syslogd opendkim opendkim-tools libsasl2-modules sasl2-bin curl ca-certificates procps s6 inotify-tools \ + && apt-get install -y --no-install-recommends postfix mailutils busybox-syslogd opendkim opendkim-tools libsasl2-modules sasl2-bin curl ssl-cert ca-certificates procps s6 inotify-tools \ && apt-get clean \ && rm -rf /var/lib/apt/lists/* \ ; @@ -45,7 +45,6 @@ RUN set -x \ && postconf -Me submission/inet="submission inet n - y - - smtpd" \ && postconf -Me 2525/inet="2525 inet n - y - - smtpd" \ && cp --remove-destination /usr/share/postfix/makedefs.out /etc/postfix/makedefs.out \ - && cp -a /var/spool/postfix /var/spool/postfix.cache \ && rm -f /etc/ssl/private/ssl-cert-snakeoil.key /etc/ssl/certs/ssl-cert-snakeoil.pem \ && sed -i -E '/^smtpd_tls_cert_file|^smtpd_tls_key_file/d' /etc/postfix/main.cf \ && rm -f /etc/opendkim.conf \ diff --git a/s6/postfix/run b/s6/postfix/run index 9fd0034..74f34ea 100755 --- a/s6/postfix/run +++ b/s6/postfix/run @@ -29,17 +29,8 @@ unset LANG cd /etc/postfix -# Copy default spool from cache -# Note: this test may get confused if a volume is mounted that already contains unrelated directories (eg lost+found) -if [ ! "$(ls -A /var/spool/postfix)" ]; then - echo "postfix >> Copying postfix spool directory from postfix.cache (from the image)" - cp -a /var/spool/postfix.cache/* /var/spool/postfix/ -else - echo "postfix >> Fixing/resetting spool directory permissions" - chgrp -R postdrop /var/spool/postfix/public - chgrp -R postdrop /var/spool/postfix/maildrop - postfix set-permissions -fi +echo "postfix >> Fixing/resetting spool directory permissions" +postfix set-permissions # DKIM if [ "${USE_DKIM}" == "yes" ]; then @@ -51,16 +42,12 @@ if [ "${USE_DKIM}" == "yes" ]; then postconf -e non_smtpd_milters="inet:localhost:8891" fi -echo "postfix >> Setting smtpd_use_tls to ${USE_TLS}" -postconf -e smtpd_use_tls="${USE_TLS}" - if [ "${USE_TLS}" == "yes" ]; then if [ "${TLS_KEY}" == "/etc/ssl/private/ssl-cert-snakeoil.key" ] || [ "${CLIENT_TLS_KEY}" == "/etc/ssl/private/ssl-cert-snakeoil.key" ]; then echo "postfix >> Generating snakeoil SSL cert" dpkg-reconfigure -f noninteractive ssl-cert fi echo "postfix >> Setting smtp_tls parameters" - # setting smtpd_tls_security_level implies smtp_use_tls="yes" postconf -e smtp_tls_security_level="${CLIENT_TLS_SECURITY_LEVEL}" postconf -e smtp_tls_key_file="${CLIENT_TLS_KEY}" postconf -e smtp_tls_cert_file="${CLIENT_TLS_CRT}" @@ -68,7 +55,6 @@ if [ "${USE_TLS}" == "yes" ]; then postconf -e smtp_tls_CApath="/etc/ssl/certs" postconf -e smtp_tls_loglevel="1" echo "postfix >> Setting smtpd_tls parameters" - # setting smtpd_tls_security_level implies smtpd_use_tls="yes" postconf -e smtpd_tls_security_level="${TLS_SECURITY_LEVEL}" postconf -e smtpd_tls_key_file="${TLS_KEY}" postconf -e smtpd_tls_cert_file="${TLS_CRT}" @@ -244,9 +230,6 @@ fi # Cleanup stale pids incase we hadn't exited cleanly rm -f /var/spool/postfix/pid/* -# configure instance (populate etc) -/usr/lib/postfix/configure-instance.sh - # check postfix is happy (also will fix some things) echo "postfix >> Checking Postfix Configuration" postfix check From 9bdf35c975f0720bfffed00982aade238c9e5bb4 Mon Sep 17 00:00:00 2001 From: Andrew Cutler Date: Wed, 5 Nov 2025 14:28:37 +1100 Subject: [PATCH 4/6] Increment year --- LICENSE | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LICENSE b/LICENSE index d7128f7..e3b98f6 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License (MIT) -Copyright (c) 2015 - 2022 Volt Grid Pty Ltd +Copyright (c) 2015 - 2025 Volt Grid Pty Ltd Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal From 5b560722f5d0cbbd3a38a420d862047dc4bd491d Mon Sep 17 00:00:00 2001 From: Andrew Cutler Date: Wed, 5 Nov 2025 15:48:41 +1100 Subject: [PATCH 5/6] Add starting log line --- entry.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/entry.sh b/entry.sh index 48d2ecd..9b10850 100755 --- a/entry.sh +++ b/entry.sh @@ -3,6 +3,8 @@ set -e [ "${DEBUG:-false}" == 'true' ] && set -x +echo "smtp >> Starting..." + # Defaults if [ -z "$MAILNAME" ]; then echo "smtp >> Error: MAILNAME not specified" From 4a8e4a2cdd703e60ed5e79b34bb198e16474f3a6 Mon Sep 17 00:00:00 2001 From: Andrew Cutler Date: Wed, 5 Nov 2025 16:07:54 +1100 Subject: [PATCH 6/6] Fix dockerfile linting issue --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index 76565ad..42f2864 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.16 as postfix_exporter +FROM golang:1.16 AS postfix_exporter ENV \ POSTFIX_EXPORTER_VERSION=0.3.0 \