Nico Schottelius via Postfix-users:
>
> Marvin,
>
> Marvin Renich via Postfix-users <[email protected]> writes:
> > [...]
> >> - Rerun a docker build & docker push as soon as the underlying OS's
> >> update their package repository
> >> - Update the Dockerfile once the depending operating system updates
> >> their image (i.e. The debian based postfix image could have been based
> >> on 12.7 and the included postfix version was 3.7.11. Now Debian bumps
> >> to 12.8 and the included postfix version is 3.7.20. Then the postfix
> >> Dockerfile would change "FROM debian:12.7" to "FROM debian:12.8" and
> >> the resulting image tag would change from postfix:3.7.11-debian12.7
> >> to postfix:3.7.20-debian12.8.
> >
> > I don't understand why you think either of these approaches should be
> > done by postfix devs.
>
> Because the purpose of the container is to run postfix. Not Debian w/
> postfix nor alpine with Postfix. Maybe postfix *based* on Debian or
> postfix on Alpine, because we have a slight preference over one or the
> other, but the main purpose is "run postfix".
>
> In the container world you usually run applications, not Linux
> distributions.
There can be no such thing as a distribution-less Postfix container
image. There is always going to be a dependency on a distribution
of some kind, and that should a supported distribution.
Running Postfix requires a standard POSIX-like run-time distribution
with Bourne shell, test, and echo, and basic command-line utilities
such as find, ls, sed, kill, grep, among others. The commands are
needed by scripts that implement "postfix" commands including Postfix
start-up.
Without these, Postfix is no longer supported.
> Btw, dovecot *does* actually have an official image (on hub.docker.com)
That is NOT an official image. The web page even has a very clear
disclaimer:
Note that these images come with absolutely no warranty or support.
In other words, don't use these images for mission-critical applications,
such as providing an email service that other people can depend on.
Coming back to Postfix documentation, I have a few questions.
Question 1: What would a basic Dockerfile look like?
FROM debian:latest
RUN apt-get update && \
apt-get install -y postfix && \
rm -rf /var/lib/apt/lists/*
RUN postconf maillog_file=/dev/stdout && \
postconf -F "*/*/chroot=n"
ENTRYPOINT ["postfix", "start-fg"]
(The exec form avoids a shell process that would otherwise get
PID 1 and mess up the handling of zombie processes)
Question 2: Any suggestions to "docker run -v" volume-mount into
/etc/postfix, /var/spool/postfix, and maybe, /var/lib/postfix?
I see web posts that mount configuration but not the mail queue.
(example: https://www.frakkingsweet.com/postfix-in-a-container/)
Question 3: What do the file/directory permissions and ownerships
of those volumes look like on the non-container environment?
> As mentioned before, I/we can volunteer to building the image(s) and
> rebuilding them on a new release, if the added workload is a concern.
> Personally I think the work associated with it is minusucle.
As we're not distributing binaries, there is no release build
infrastructure, and therefore releasing container images would not
be a minuscule effort.
Wietse
> What is much more important is that there are not dozen of "somebody did
> something" and it is an untrusted image that you cannot rely on, because
> a typical flow in the container world is:
>
> I have application A in version 1. Now version 2 is released, I want to
> upgrade. I don't care which OS it has been before nor now, as long as
> the interface stays the same, I can easily just switch the version
> number in a manifest and trigger a release upgrade of all associated
> applications.
>
> HTH,
>
> Nico
>
> [0] https://hub.docker.com/r/dovecot/dovecot
>
> --
> Sustainable and modern Infrastructures by ungleich.ch
> _______________________________________________
> Postfix-users mailing list -- [email protected]
> To unsubscribe send an email to [email protected]
>
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
