Archive-Team
/
docker-mailserver
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update bind-smtp-network-interface.md

This commit is contained in:
Brennan Kinney 2025-02-04 12:35:16 +13:00 committed by GitHub
parent 55befbc06a
commit 708faff107
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 23 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
docs/content/examples/use-cases/bind-smtp-network-interface.md
View File

@ -21,10 +21,6 @@ This can be configured by [overriding the default Postfix configurations][docs::
In `postfix-main.cf` you'll have to set the [`smtp_bind_address`][postfix-docs::smtp-bind-address-ipv4] and [`smtp_bind_address6`][postfix-docs::smtp-bind-address-ipv6]
to the respective IP-address on the server you want to use.
[docs::overrides-postfix]: ../../config/advanced/override-defaults/postfix.md
[postfix-docs::smtp-bind-address-ipv4]: https://www.postfix.org/postconf.5.html#smtp_bind_address
[postfix-docs::smtp-bind-address-ipv6]: https://www.postfix.org/postconf.5.html#smtp_bind_address6
!!! example
=== "Contributed solution"
@ -60,36 +56,41 @@ to the respective IP-address on the server you want to use.
When your DMS container is using a bridge network, you'll instead need to restrict which IP address inbound and outbound traffic is routed through via the bridged interface.
For inbound traffic, you may configure this at whatever scope is most appropriate for you:
For **inbound** traffic, you may configure this at whatever scope is most appropriate for you:
- **Daemon:** Change the default bind address configured in `/etc/docker/daemon.json` (default `0.0.0.0`)
- **Network:** Assign the [`host_binding_ipv4` bridge driver option](https://docs.docker.com/engine/network/drivers/bridge/#default-host-binding-address) as shown in the below `compose.yaml` snippet.
- **Network:** Assign the [`host_binding_ipv4` bridge driver option][inbound-ip::docker-docs] as shown in the below `compose.yaml` snippet.
- **Container:** Provide an explicit IP address when publishing a port.
For outbound traffic, the bridge network will use the default route.
For **outbound** traffic, the bridge network will use the default route. You can change this by either:
- [Manually routing networks][outbound-ip::route-manually] on the host.
- Use the [`host_ipv4` driver option][outbind-ip::host-ipv4] for Docker networks to force the SNAT (source IP) that the bridged network will route outbound traffic through.
- This IP address must belong to a network interface to be routed through it.
- IPv6 support via `host_ipv6` [requires at least Docker v25][outbind-ip::host-ipv6].
---
- [Manually route](https://github.com/moby/moby/issues/30053#issuecomment-1077041045) (Agnostic)
- Docker networking supports a driver option `host_ipv4` to force the SNAT (source IP) that the container will route through.
- This must belong to a valid network interface to be routed through it.
- IPv6 support via `host_ipv6` [requires at least Docker v25](https://github.com/moby/moby/issues/46469).
Here is a `compose.yaml` snippet that applies the inbound + outbound settings to the default bridge network Docker Compose creates (_if it already exists, you will need to ensure it's re-created to apply the updated settings_):
```yaml title="compose.yaml"
networks:
default:
driver_opts:
# Set a specific IP to default bind container ports to instead of `0.0.0.0`:
# https://docs.docker.com/engine/network/drivers/bridge/#default-host-binding-address
# Inbound IP (sets the host IP that published ports receive traffic from):
com.docker.network.bridge.host_binding_ipv4: 198.51.100.42
# Force a specific source IP (SNAT):
# https://github.com/moby/libnetwork/pull/2454
# Outbound IP (sets the host IP that external hosts will receive connections from):
com.docker.network.host_ipv4: 198.51.100.42
```
!!! note "IP addresses for documentation"
IP addresses shown in above examples are placeholders, they are IP addresses reserved for documentation by IANA (_[RFC-5737 (IPv4)][rfc-5737] and [RFC-3849 (IPv6)][rfc-3849]_). Replace them with the IP addresses you want DMS to send mail through.
IP addresses shown in above examples (`198.51.100.42` + `2001:DB8::42`) are placeholders, they are IP addresses reserved for documentation by IANA (_[RFC-5737 (IPv4)][rfc-5737] and [RFC-3849 (IPv6)][rfc-3849]_). Replace them with the IP addresses you want DMS to send mail through.
[docs::overrides-postfix]: ../../config/advanced/override-defaults/postfix.md
[postfix-docs::smtp-bind-address-ipv4]: https://www.postfix.org/postconf.5.html#smtp_bind_address
[postfix-docs::smtp-bind-address-ipv6]: https://www.postfix.org/postconf.5.html#smtp_bind_address6
[rfc-5737]: https://datatracker.ietf.org/doc/html/rfc5737
[rfc-3849]: https://datatracker.ietf.org/doc/html/rfc3849
@ -97,3 +98,7 @@ to the respective IP-address on the server you want to use.
[gh-pr::3465::alternative-solution]: https://github.com/docker-mailserver/docker-mailserver/pull/3465#issuecomment-1678107233
[gh-src::postfix-master-cf::relay-transport]: https://github.com/docker-mailserver/docker-mailserver/blob/9cdbef2b369fb4fb0f1b4e534da8703daf92abc9/target/postfix/master.cf#L65
[inbound-ip::docker-docs]: https://docs.docker.com/engine/network/drivers/bridge/#default-host-binding-address
[outbound-ip::route-manually]: https://github.com/moby/moby/issues/30053#issuecomment-1077041045
[outbind-ip::host-ipv4]: https://github.com/moby/libnetwork/pull/2454
[outbind-ip::host-ipv6]: https://github.com/moby/moby/issues/46469