podman-quadlet-cookbook/cookbooks/smtprelay

Podman Quadlet: smtprelay

Overview

smtprelay is a small Golang based SMTP relay/proxy server that accepts mail via SMTP and forwards it to an upstream smarthost (ex: Mailgun, Gmail, ...).

This cookbook:

• Builds a custom smtprelay container image locally, from CentOS Stream 10.
• Runs smtprelay directly as a dedicated, unprivileged UID/GID (no user namespace mapping).
• Listens on the submission port (587) with STARTTLS, authenticating clients against a local user/password file.
• Loads TLS certificates issued by the lego cookbook and reloads them automatically when renewed.
• Includes a timer to periodically rebuild the container image.

Prerequisites

• Configuration file /etc/quadlets/smtprelay/smtprelay.ini must exist.
• File /etc/quadlets/smtprelay/allowed_users.txt must exist, listing the users allowed to relay mail.
• The lego cookbook should be configured to provide TLS certificates.

Usage

In a separate terminal, follow the logs.

sudo make tail-logs

Install the Podman Quadlets and start smtprelay.

sudo make clean install

You should see the smtprelay-build.service building the smtprelay container image. Then, the smtprelay.service should start up.

Verify smtprelay is running:

sudo systemctl status smtprelay.service

Send a test mail with swaks:

swaks --to youremail@example.com --from youremail@example.com --auth-user yourusername --auth-password yourpassword --port 587 --tls

When Let's Encrypt certificates are renewed, the renewal hook automatically restarts smtprelay so it picks up the new certificates.

Restart the smtprelay.target unit.

sudo systemctl restart smtprelay.target

Finally, remove the quadlets, their configuration and their data.

sudo make uninstall clean

Integration tests

sudo make test