There are two ways to send out emails through a local SMTP server:
- connect to and authenticate at the submission port, like 587 with STARTTLS or 465 with implicit/immediate TLS => network request, checks and restrictions applied via
smtpd - use
sendmailor similar, which invokes the localpickupcommand (in case of Postfix), not doing any network connection, and bypassing all checks and restrictions configured forsmtpdsubmission service.
The latter is simpler and faster, implemented into common runtime systems and frameworks, like PHP mailer and this Ruby mail library used by Discourse. And authentication is bypassed, no plain text credentials need to be stored anywhere. Or in other words: the SMTP server is not used at all in this case, but only the SMTP client.
I mean yeah, the submission port connection stuff should not have any significant impact on server load, compared to what Discourse otherwise does. The latter point can be solved with e.g. smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject rule at the submission port, to permit submissions from loopback IPs (default, mynetworks setting) before doing any authentication. If the request from the container is seen with another IP, it can be added to mynetworks. I guess this is how it worked in case of the topic I linked before.
Will see next time we update/rebuild our Discourse, when hence changed SMTP settings are applied. Will report back how it works.
But would be still interesting to know whether there are other ways, and what this “Delivery method” setting is about.
Postfix runs on the host, not inside a container, but it would not make much difference, as it remains a network-based authentication.
Yeah, a thought later, it just makes sense that sendmail etc from host/other container cannot work inside a container, as it requires direct access to vast parts of Postfix executables, libraries, and configs, I suppose. Unless there is sort of a magic socket which can be bind-mounted into the container or so 
.