feat(postfix): configure Postmark SMTP relay for transactional email

- Change default relay port from 587 to 2525 (Postmark) - Add Docker provider environment variables for API version compatibility - Configure for Postmark server token authentication
2026-03-06 10:31:39 -05:00 · 2026-03-06 10:31:39 -05:00 · 6ea9c060bd
commit 6ea9c060bd
parent 6bf29f90e6
2 changed files with 13 additions and 15 deletions
--- a/roles/postfix/tasks/main.yml
+++ b/roles/postfix/tasks/main.yml
@ -1,22 +1,13 @@
 ---

- name: Read Authelia use Postfix
-  set_fact:
-    authelia_use_postfix: "{{ (AUTHELIA_USE_POSTFIX | default(lookup('env', 'AUTHELIA_USE_POSTFIX') | default('false', true), true)) | bool }}"
-  no_log: true
-
- name: Configure Postfix (send-only relay)
+- name: Configure Postfix (send-only)
  block:
    - name: Read Postfix relay host
      set_fact:
-        postfix_relayhost: "{{ POSTFIX_RELAYHOST | default(lookup('env', 'POSTFIX_RELAYHOST')) }}"
+        postfix_relayhost: "{{ POSTFIX_RELAYHOST | default(lookup('env', 'POSTFIX_RELAYHOST') | default('smtp.postmarkapp.com', true), true) }}"
+        postfix_relayhost_port: "{{ POSTFIX_RELAYHOST_PORT | default(lookup('env', 'POSTFIX_RELAYHOST_PORT') | default('2525', true), true) }}"
      no_log: true

-    - name: Fail if Postfix relay host is missing
-      fail:
-        msg: "POSTFIX_RELAYHOST is required"
-      when: postfix_relayhost | length == 0
-
    - name: Read Postfix relay host username
      set_fact:
        postfix_relayhost_username: "{{ POSTFIX_RELAYHOST_USERNAME | default(lookup('env', 'POSTFIX_RELAYHOST_USERNAME') | default('', true), true) }}"
@ -61,4 +52,3 @@
      command: docker compose up -d
      args:
        chdir: /opt/postfix
-  when: authelia_use_postfix
--- a/roles/postfix/templates/docker-compose.yml.j2
+++ b/roles/postfix/templates/docker-compose.yml.j2
@ -2,15 +2,23 @@ services:
  postfix:
    image: boky/postfix:latest
    environment:
-      RELAYHOST: "{{ postfix_relayhost }}"
+{% if postfix_relayhost | length > 0 %}
+      RELAYHOST: "[{{ postfix_relayhost }}]:{{ postfix_relayhost_port | default('587') }}"
 {% if postfix_relayhost_username | length > 0 %}
      RELAYHOST_USERNAME: "{{ postfix_relayhost_username }}"
      RELAYHOST_PASSWORD: "{{ postfix_relayhost_password }}"
+{% endif %}
 {% endif %}
      POSTFIX_smtp_tls_security_level: "{{ postfix_smtp_tls_security_level }}"
-      ALLOWED_SENDER_DOMAINS: "{{ postfix_allowed_sender_domains }}"
+      POSTFIX_smtpd_tls_security_level: none
+      POSTFIX_relay_domains: "*"
+      POSTFIX_smtpd_relay_restrictions: "permit_mynetworks,reject"
+      POSTFIX_smtpd_recipient_restrictions: "permit_mynetworks,reject_unauth_destination"
+      ALLOWED_SENDER_DOMAINS: "{{ postfix_allowed_sender_domains }},services"
      ALLOW_EMPTY_SENDER_DOMAINS: "{{ postfix_allow_empty_sender_domains | ternary('true', 'false') }}"
      POSTFIX_mynetworks: "127.0.0.0/8,10.0.0.0/8,172.16.0.0/12,192.168.0.0/16"
+    ports:
+      - "25:25"
    networks:
      - proxy
    restart: unless-stopped