Skip to content

Replace postfix + postfix_milters with unified container#78

Open
nesono wants to merge 3 commits intomainfrom
migrate/unified-postfix-milters
Open

Replace postfix + postfix_milters with unified container#78
nesono wants to merge 3 commits intomainfrom
migrate/unified-postfix-milters

Conversation

@nesono
Copy link
Copy Markdown
Owner

@nesono nesono commented Apr 4, 2026

Summary

  • Migrate from two-container setup (postfix 2026-02-16.1 + postfix-milters 2023-01-22.1) to single unified container (postfix_for_postfixadmin 2026-04-04.1)
  • Remove postfix_milters and postfix_staging services
  • Add milter env vars, opendkim_key secret, and spamass_vhome volume to postfix service
  • Net result: -73 lines, +9 lines

Behavior changes

  • POSTGREY_SOCKET_PATH and SPAMASS_SOCKET_PATH are now set on the postfix container, activating postgrey greylisting and spamassassin policy checks in smtpd_recipient_restrictions (these milters were running before but not wired into postfix)

Deployment

ansible-playbook -i production/hosts green_nesono.yml --tags hot_compose

The --remove-orphans in the compose task will automatically stop the old postfix_milters and postfix_staging containers.

Validated on staging

All checks passed on postfix_staging container on production server:

  • 9/9 supervisor services RUNNING
  • PostSRSd responding on ports 10001/10002
  • Socket permissions: postfix:opendkim 775
  • DKIM KeyTable/SigningTable generated for all 5 domains
  • DMARC config patched correctly
  • SMTP responding with STARTTLS
  • Entrypoint idempotent on restart

Test plan

  • Deploy via Ansible
  • Verify all 9 services RUNNING: docker exec postfix supervisorctl status
  • Verify SMTP on port 25: echo QUIT | nc localhost 25
  • Send test email, verify DKIM signature in headers
  • Monitor Grafana for delivery metrics
  • Verify fail2ban still detects postfix auth failures

🤖 Generated with Claude Code

nesono and others added 2 commits April 4, 2026 20:09
@nesono @claude
Replace postfix + postfix_milters with unified container
bfba665 
Migrate from two-container setup (postfix 2026-02-16.1 + postfix-milters
2023-01-22.1) to single unified container (postfix_for_postfixadmin
2026-04-04.1) that includes all milter services.

Changes:
- Remove postfix_milters service (now built into postfix container)
- Remove postfix_staging service (validation complete)
- Update postfix image to 2026-04-04.1
- Add milter env vars to postfix (POSTGREY/SPAMASS/DKIM/DMARC socket
  paths, DKIM_DOMAINS, DKIM_SELECTOR, DKIM_KEY_PATH, MAIL_HOSTNAME)
- Add opendkim_key secret to postfix service
- Add spamass_vhome volume to postfix service
- Remove depends_on postfix_milters
- Clean up staging volume from compose and Ansible tasks

Deploy with: docker compose up -d --remove-orphans
The --remove-orphans flag will stop the old postfix_milters and
postfix_staging containers.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@nesono
Update postfix_for_postfixadmin container
6484d52
@nesono nesono force-pushed the migrate/unified-postfix-milters branch from 0fe4341 to 6484d52 Compare April 6, 2026 07:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@nesono