From e9115172f4ed69aa58ea61bc85b332b3d0d10986 Mon Sep 17 00:00:00 2001
From: Jeffrey C Honig <jch@honig.net>
Date: Thu, 3 Oct 2024 19:48:53 -0400
Subject: [PATCH] Enable smtps on port 465

---
 Dockerfile                                   |  1 +
 README.md                                    |  5 +++--
 root/etc/s6-overlay/s6-rc.d/init-postfix/run | 11 +++++++++++
 3 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 9241f79..8fe3757 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,5 +28,6 @@ RUN \
         ca-certificates
 
 EXPOSE 25
+EXPOSE 465
 
 VOLUME /config
diff --git a/README.md b/README.md
index b85bb38..f5ccf01 100644
--- a/README.md
+++ b/README.md
@@ -54,13 +54,14 @@ volumes:
 ## Environment Variables (-e)
 
 | Env                            | Function                                                     |
-| ---                            | --------                                                     |
+|--------------------------------|--------------------------------------------------------------|
 | PUID=1000                      | for UserID - see below for explanation                       |
 | PGID=1000                      | for GroupID - see below for explanation                      |
 | USE_SASL=yes                   | Use sasl for user authentication                             |
 | USE_SASLAUTHD=yes              | Use saslauthd                                                |
 | USE_DKIM=yes                   | Not yet implemented                                          |
-| USE_TLS=yes                    | Enable TLS for incoming connectinos                          |
+| USE_TLS=yes                    | Enable STARTTLS for incoming connections on port 25          |
+| USE_SMTPS=yes                  | Enable TLS wrapper on port 465                               |
 | MYHOSTNAME=example.com         | Configure postfix myhostname parameter                       |
 | MYORIGIN=example.com           | Configure postfix myorigin parameter                         |
 | MYDESTINATION=                 | Configure postfix mydestination parameter                    |
diff --git a/root/etc/s6-overlay/s6-rc.d/init-postfix/run b/root/etc/s6-overlay/s6-rc.d/init-postfix/run
index 0899433..a2a90e7 100755
--- a/root/etc/s6-overlay/s6-rc.d/init-postfix/run
+++ b/root/etc/s6-overlay/s6-rc.d/init-postfix/run
@@ -10,6 +10,7 @@ print_vars () {
     echo "    PUID=${PUID}"
     echo "    PGID=${PGID}"
     echo "    USE_TLS=${USE_TLS}"
+    echo "    USE_SMTPS=${USE_SMTPS}"
     echo "    MYHOSTNAME=${MYHOSTNAME}"
     echo "    MYORIGIN=${MYORIGIN}"
     echo "    MYDESTINATION=${MYDESTINATION}"
@@ -78,6 +79,16 @@ case ${USE_TLS} in
 	else
 	    postconf -e smtpd_tls_security_level=encrypt
 	fi
+	case ${USE_SMTPS} in
+	    yes|true)
+		postconf -M submissions/inet="submissions inet n - - - - smtpd"
+		postconf -P "submissions/inet/smtpd_tls_wrappermode=yes"
+		postconf -P "submissions/inet/smtpd_sasl_auth_enable=yes"
+		postconf -P "submissions/inet/smtpd_client_restrictions=permit_sasl_authenticated,reject"
+		postconf -P "submissions/inet/smtpd_relay_restrictions=permit_sasl_authenticated,reject"
+		postconf -P "submissions/inet/milter_macro_daemon_name=ORIGINATING"	
+		;;
+	esac
     ;;
 esac