Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option for an Alternate Submission Port #203

Closed

Conversation

embusalacchi
Copy link
Contributor

For policy reasons I needed to be able to submit emails on a port > 1024. I made a few tweaks to allow the container to accept submission on a port other than 587 for anyone else that may need it.

NOTE: This is my first time contributing back into a public project so please let me know if this is inappropriate or if I did something wrong. It feels like this might be helpful to others so I thought I would put in a PR.

@bokysan
Copy link
Owner

bokysan commented Jun 27, 2024

Hi @embusalacchi.

First off -- thank you for contributing back. This is always appreciated. Secondly, can you please explain the reasoning behind this commit?

Because you can always port-forward on a port >1024. Eg.

docker run --rm --name postfix -e "ALLOWED_SENDER_DOMAINS=example.com" -p 1587:587 boky/postfix

will make your submission port 1587. After we discuss the reasoning, I can dive into the commit itself.

@embusalacchi
Copy link
Contributor Author

First off -- thank you for contributing back. This is always appreciated. Secondly, can you please explain the reasoning behind this commit?

I am sure this is a rather narrow use case - so if it's not something you want to merge I totally get it. However, we have a policy and monitoring where we cannot have the processes in a container listening on ports below 1023. We are moving towards not allowing containers to run as root but I will cross that bridge at another time. For now this is a good first step for us. Like I said, if this is too niche of a use case I totally understand.

@bokysan
Copy link
Owner

bokysan commented Jul 1, 2024

I'm torn on this. On one hand -- thank you for the work. Seriously. On the other: I'm not quite sure if increased complexity is worth it.

Your case seems like quite an edge case -- most likely has to do something with security and not running as root. But you cannot do that with Postfix (see #195), so why bother?

@embusalacchi
Copy link
Contributor Author

Honestly, I don't disagree! I just felt like I did the work and tested it so I should at least see if you want to merge it in. It's totally fine if you want to cancel it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants