From 82583216775ee617ca0c51f2c02dceed71abc691 Mon Sep 17 00:00:00 2001
From: Andrew Cutler <andrew@panubo.com>
Date: Mon, 19 Jan 2026 14:28:32 +1100
Subject: [PATCH 1/6] Increment license year

---
 LICENSE | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/LICENSE b/LICENSE
index e3b98f6..bc83162 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2015 - 2025 Volt Grid Pty Ltd
+Copyright (c) 2015 - 2026 Volt Grid Pty Ltd
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

From 634ebaaf9c488a475180d620080615af8eb51b2c Mon Sep 17 00:00:00 2001
From: Andrew Cutler <andrew@panubo.com>
Date: Mon, 19 Jan 2026 14:28:35 +1100
Subject: [PATCH 2/6] Update build-push workflow with latest reference

---
 .github/workflows/build-push.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-push.yml b/.github/workflows/build-push.yml
index 6c45fb5..040e8a7 100644
--- a/.github/workflows/build-push.yml
+++ b/.github/workflows/build-push.yml
@@ -38,6 +38,8 @@ jobs:
     steps:
       - name: Checkout
         uses: actions/checkout@v5
+        with:
+          submodules: true
 
       - name: Get repo name
         id: image_name

From 64881ede5dd7b47b2d24b81e5a18b8edea645503 Mon Sep 17 00:00:00 2001
From: Andrew Cutler <andrew@panubo.com>
Date: Mon, 19 Jan 2026 14:42:15 +1100
Subject: [PATCH 3/6] Reorganise etc files into subdir

---
 Dockerfile                               | 6 +++---
 header_checks => etc/header_checks       | 0
 opendkim.conf.sh => etc/opendkim.conf.sh | 0
 {s6 => etc/s6}/config-reloader/finish    | 0
 {s6 => etc/s6}/config-reloader/run       | 0
 {s6 => etc/s6}/opendkim/finish           | 0
 {s6 => etc/s6}/opendkim/run              | 0
 {s6 => etc/s6}/postfix/finish            | 0
 {s6 => etc/s6}/postfix/log/run           | 0
 {s6 => etc/s6}/postfix/run               | 0
 {s6 => etc/s6}/postfix_exporter/finish   | 0
 {s6 => etc/s6}/postfix_exporter/run      | 0
 {s6 => etc/s6}/syslogd/finish            | 0
 {s6 => etc/s6}/syslogd/run               | 0
 14 files changed, 3 insertions(+), 3 deletions(-)
 rename header_checks => etc/header_checks (100%)
 rename opendkim.conf.sh => etc/opendkim.conf.sh (100%)
 rename {s6 => etc/s6}/config-reloader/finish (100%)
 rename {s6 => etc/s6}/config-reloader/run (100%)
 rename {s6 => etc/s6}/opendkim/finish (100%)
 rename {s6 => etc/s6}/opendkim/run (100%)
 rename {s6 => etc/s6}/postfix/finish (100%)
 rename {s6 => etc/s6}/postfix/log/run (100%)
 rename {s6 => etc/s6}/postfix/run (100%)
 rename {s6 => etc/s6}/postfix_exporter/finish (100%)
 rename {s6 => etc/s6}/postfix_exporter/run (100%)
 rename {s6 => etc/s6}/syslogd/finish (100%)
 rename {s6 => etc/s6}/syslogd/run (100%)

diff --git a/Dockerfile b/Dockerfile
index 42f2864..3e17402 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -51,10 +51,10 @@ RUN set -x \
   && mkdir /etc/opendkim/ \
   ;
 
-COPY header_checks /etc/postfix/header_checks
-COPY opendkim.conf.sh /etc/
+COPY etc/header_checks /etc/postfix/header_checks
+COPY etc/opendkim.conf.sh /etc/
 COPY --from=postfix_exporter /go/bin/postfix_exporter /usr/local/bin/postfix_exporter
-COPY s6 /etc/s6/
+COPY etc/s6 /etc/s6/
 COPY entry.sh /
 
 RUN set -x \
diff --git a/header_checks b/etc/header_checks
similarity index 100%
rename from header_checks
rename to etc/header_checks
diff --git a/opendkim.conf.sh b/etc/opendkim.conf.sh
similarity index 100%
rename from opendkim.conf.sh
rename to etc/opendkim.conf.sh
diff --git a/s6/config-reloader/finish b/etc/s6/config-reloader/finish
similarity index 100%
rename from s6/config-reloader/finish
rename to etc/s6/config-reloader/finish
diff --git a/s6/config-reloader/run b/etc/s6/config-reloader/run
similarity index 100%
rename from s6/config-reloader/run
rename to etc/s6/config-reloader/run
diff --git a/s6/opendkim/finish b/etc/s6/opendkim/finish
similarity index 100%
rename from s6/opendkim/finish
rename to etc/s6/opendkim/finish
diff --git a/s6/opendkim/run b/etc/s6/opendkim/run
similarity index 100%
rename from s6/opendkim/run
rename to etc/s6/opendkim/run
diff --git a/s6/postfix/finish b/etc/s6/postfix/finish
similarity index 100%
rename from s6/postfix/finish
rename to etc/s6/postfix/finish
diff --git a/s6/postfix/log/run b/etc/s6/postfix/log/run
similarity index 100%
rename from s6/postfix/log/run
rename to etc/s6/postfix/log/run
diff --git a/s6/postfix/run b/etc/s6/postfix/run
similarity index 100%
rename from s6/postfix/run
rename to etc/s6/postfix/run
diff --git a/s6/postfix_exporter/finish b/etc/s6/postfix_exporter/finish
similarity index 100%
rename from s6/postfix_exporter/finish
rename to etc/s6/postfix_exporter/finish
diff --git a/s6/postfix_exporter/run b/etc/s6/postfix_exporter/run
similarity index 100%
rename from s6/postfix_exporter/run
rename to etc/s6/postfix_exporter/run
diff --git a/s6/syslogd/finish b/etc/s6/syslogd/finish
similarity index 100%
rename from s6/syslogd/finish
rename to etc/s6/syslogd/finish
diff --git a/s6/syslogd/run b/etc/s6/syslogd/run
similarity index 100%
rename from s6/syslogd/run
rename to etc/s6/syslogd/run

From 214bc65324aa284b4a00e2f76ad3712b53dd6f94 Mon Sep 17 00:00:00 2001
From: Andrew Cutler <andrew@panubo.com>
Date: Mon, 19 Jan 2026 14:42:46 +1100
Subject: [PATCH 4/6] Use subshell syntax in Makefile

---
 Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index bcdb2df..604a2c6 100644
--- a/Makefile
+++ b/Makefile
@@ -28,7 +28,7 @@ run-dkim: dkim.key ## Runs the docker image in a test mode with DKIM
 		-e RELAYHOST=172.17.0.2 \
 		-e MAILNAME=mail.example.com \
 		-e CONFIG_RELOADER_ENABLED=true \
-		-e USE_DKIM=yes -v `pwd`/dkim.key:/etc/opendkim/dkim.key $(IMAGE_NAME):$(TAG)))
+		-e USE_DKIM=yes -v $(shell pwd)/dkim.key:/etc/opendkim/dkim.key $(IMAGE_NAME):$(TAG)))
 	$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
 	@echo "Running ${ID} @ smtp://${IP}"
 	@docker attach ${ID}
@@ -40,7 +40,7 @@ run-all-dkim: dkim.key ## Runs the docker image in a test mode. All settings
 		-e MAILNAME=mail.example.com \
 		-e DKIM_DOMAINS=foo.example.com,bar.example.com,example.net \
 		-e DKIM_SELECTOR=6091aa68-f43d-47cf-a52e-bafda525d0bc \
-		-e USE_DKIM=yes -v `pwd`/dkim.key:/etc/opendkim/dkim.key $(IMAGE_NAME):$(TAG)))
+		-e USE_DKIM=yes -v $(shell pwd)/dkim.key:/etc/opendkim/dkim.key $(IMAGE_NAME):$(TAG)))
 	$(eval IP := $(shell docker inspect --format '{{ .NetworkSettings.IPAddress }}' ${ID}))
 	@echo "Running ${ID} @ smtp://${IP}"
 	@docker attach ${ID}

From b272489e2303db53db36156837f810e4ebdbceab Mon Sep 17 00:00:00 2001
From: Andrew Cutler <andrew@panubo.com>
Date: Mon, 19 Jan 2026 15:07:17 +1100
Subject: [PATCH 5/6] Add additional detail to README

---
 README.md | 44 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 41 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index dbc7f3c..4f6e823 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,9 @@
 # Postfix Docker Image
 
+![build-push](https://github.com/panubo/docker-postfix/actions/workflows/build-push.yml/badge.svg)
+[![release](https://img.shields.io/github/v/release/panubo/docker-postfix)](https://github.com/panubo/docker-postfix/releases/latest)
+[![license](https://img.shields.io/github/license/panubo/docker-postfix)](LICENSE)
+
 Postfix SMTP Relay based on Debian Bullseye.
 
 Highly configurable Docker image for SMTP relaying. Use wherever a connected service
@@ -11,6 +15,20 @@ email access.
 
 This image is available on quay.io `quay.io/panubo/postfix` and AWS ECR Public `public.ecr.aws/panubo/postfix`.
 
+## Table of Contents
+
+- [Environment Variables](#environment-variables)
+- [Postfix Prometheus Exporter](#postfix-prometheus-exporter)
+- [Logging](#logging)
+- [Custom Scripts](#custom-scripts)
+- [Usage Example](#usage-example)
+- [Volumes](#volumes)
+- [Ports](#ports)
+- [Test email](#test-email)
+- [Developing](#developing)
+- [Releases](#releases)
+- [Status](#status)
+
 ## Environment Variables
 
 - `MAILNAME` - set this to a legitimate FQDN hostname for this service (required). (example, `mail.example.com`)
@@ -84,7 +102,7 @@ In some cases it might be necessary to further customise Postfix parameters that
 
 Example usage:
 
-```
+```shell
 POSTCONF=masquerade_domains=foo.example.com example.com;masquerade_exceptions=root,mailer-daemon
 ```
 
@@ -128,7 +146,7 @@ Simple example:
 
 Usage with SendGrid:
 
-```
+```shell
 docker run --rm -t -i \
   --name smtp \
   -v $(pwd)/spool:/var/spool/postfix:rw \
@@ -139,6 +157,21 @@ docker run --rm -t -i \
   quay.io/panubo/postfix:latest
 ```
 
+Usage with `docker-compose.yml`:
+
+```yaml
+services:
+  postfix:
+    image: quay.io/panubo/postfix:latest
+    environment:
+      MAILNAME: mail.example.com
+      RELAYHOST: '[smtp.sendgrid.net]:587'
+      RELAYHOST_AUTH: 'yes'
+      RELAYHOST_PASSWORDMAP: '[smtp.sendgrid.net]:587:apikey:YOUR_API_KEY'
+    ports:
+      - "2525:25"
+```
+
 ## Volumes
 
 No volumes are defined. If you want persistent spool storage then mount
@@ -152,7 +185,7 @@ Ports `25`, `587` and `2525` are enabled.
 
 To send a test email via the command line, make sure heirloom-mailx (aka bsd-mailx) is installed.
 
-```
+```shell
 echo -e "To: Bob <bob@example.com>\nFrom: Bill <bill@example.com>\nSubject: Test email\n\nThis is a test email message" | mailx -v -S smtp=smtp://... -S from=bill@example.com -t
 
 # With TLS
@@ -173,6 +206,11 @@ For production usage, please use a versioned release rather than the floating 'l
 See the [releases](https://github.com/panubo/docker-postfix/releases) for tag usage
 and release notes.
 
+Images are available on:
+
+- [quay.io/panubo/postfix](https://quay.io/repository/panubo/postfix?tab=tags)
+- [public.ecr.aws/panubo/postfix](https://gallery.ecr.aws/panubo/postfix)
+
 ## Status
 
 Production ready and stable.

From 5150baed1dfbb7e6a35d722fda9f7dcd5fb2d52f Mon Sep 17 00:00:00 2001
From: Andrew Cutler <andrew@panubo.com>
Date: Mon, 19 Jan 2026 16:11:38 +1100
Subject: [PATCH 6/6] Downgrade DKIM_KEYFILE mode and owner setting to warning
 on failure

---
 etc/opendkim.conf.sh | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/etc/opendkim.conf.sh b/etc/opendkim.conf.sh
index 8be2b38..019127c 100755
--- a/etc/opendkim.conf.sh
+++ b/etc/opendkim.conf.sh
@@ -25,9 +25,13 @@ if [ ! -f "${DKIM_KEYFILE}" ]; then
     s6-svscanctl -t /etc/s6
     exit 128
 else
-    echo "dkim >> Setting mode and owner on $DKIM_KEYFILE"
-    chown root:root ${DKIM_KEYFILE}
-    chmod 400 ${DKIM_KEYFILE}
+    echo "dkim >> Checking mode and owner on $DKIM_KEYFILE"
+    if [ "$(stat -c "%U:%G" "${DKIM_KEYFILE}")" != "root:root" ]; then
+        chown root:root "${DKIM_KEYFILE}" || { echo "dkim >> Warning: could not set owner on DKIM_KEYFILE"; }
+    fi
+    if [ "$(stat -c "%a" "${DKIM_KEYFILE}")" != "400" ]; then
+        chmod 400 "${DKIM_KEYFILE}" || { echo "dkim >> Warning: could not set mode on DKIM_KEYFILE"; }
+    fi
 fi
 
 # Status Output