Lokale e-mailserver/sendmail gebruiken voor uitgaande e-mails?

We set up our own email server, and I was wondering how to use it best with the Discourse Docker container.

Of course I can just configure our SMTP details and credentials, but it feels like unnecessary overhead, since the SMTP server runs on the same machine.

sendmail works, but Discourse is in the container, hence has no access to sendmail on its host.

Searching for something here in the forum gives one example where DISCOURSE_SMTP_DOMAIN was used without credentials, where doing the same with swaks within the container works: How to get Discourse to work with Postfix - #18 by sonmicrosystems
I guess in that case, it is still normal SMTP submission on default port, and Postfix accepts it without authentication, since the request comes from localhost?

Is anyone aware of another method? I see the used Ruby library generally supports everything: GitHub - discourse/mail: A Really Ruby Mail Library
In Discourse settings, what caught my eyes is a field Delivery method:

image643×198 6.22 KB

I cannot change these settings in the GUI, I guess because the container YAML enforces them via DISCOURSE_SMTP_ADDRESS etc? But I cannot find a variable for the delivery method.

Maybe someone knows another way, and until then, I’m setting up normal SMTP submission port authentication. Thanks for DISCOURSE_SMTP_FORCE_TLS btw, added more recently, but not part of any sample yet (it should). I do not intend to allow STARTTLS, but only implicit/immediate TLS.

Unnecessary Overhead how? You gotta send the data from Discourse to the SMTP server somehow? No?

Ps: if it is another container, You could in theory use bridge network and use the smtp container name instead of hostname if that’s what You’re after but it won’t give you any performance advantages.

There are two ways to send out emails through a local SMTP server:

1. connect to and authenticate at the submission port, like 587 with STARTTLS or 465 with implicit/immediate TLS => network request, checks and restrictions applied via smtpd
2. use sendmail or similar, which invokes the local pickup command (in case of Postfix), not doing any network connection, and bypassing all checks and restrictions configured for smtpd submission service.

The latter is simpler and faster, implemented into common runtime systems and frameworks, like PHP mailer and this Ruby mail library used by Discourse. And authentication is bypassed, no plain text credentials need to be stored anywhere. Or in other words: the SMTP server is not used at all in this case, but only the SMTP client.

I mean yeah, the submission port connection stuff should not have any significant impact on server load, compared to what Discourse otherwise does. The latter point can be solved with e.g. smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject rule at the submission port, to permit submissions from loopback IPs (default, mynetworks setting) before doing any authentication. If the request from the container is seen with another IP, it can be added to mynetworks. I guess this is how it worked in case of the topic I linked before.

Will see next time we update/rebuild our Discourse, when hence changed SMTP settings are applied. Will report back how it works.

But would be still interesting to know whether there are other ways, and what this “Delivery method” setting is about.

Postfix runs on the host, not inside a container, but it would not make much difference, as it remains a network-based authentication.

Yeah, a thought later, it just makes sense that sendmail etc from host/other container cannot work inside a container, as it requires direct access to vast parts of Postfix executables, libraries, and configs, I suppose. Unless there is sort of a magic socket which can be bind-mounted into the container or so .

It has been a while since I have gone this deep into micro managing sendmail. I have mailcow stack on one VM and Discourse on another. I don’t know if it will ever be worth digging that deep besides just for the fun of it.

I wish you all the best with your adventures, report back what you learned.

Probably not . But I am perfectionist in certain context, and I enjoy digging deep and learning all details. Took me several evenings to setup Dovecot, Postfix, rspamd, dkimpy-milter, PostSRSd, … step by step, learning about almost every setting available, why defaults are like this, whether and why we might want it differently etc. But hey, now I seem to understand most things better than most authors of arbitrary email server guides around .