Add authentication for email relays

core/postfix/conf/main.cf

@@ -27,6 +27,11 @@ mydestination =
 
 # Relayhost if any is configured
 relayhost = {{ RELAYHOST }}
+{% if RELAYUSER %}
+smtp_sasl_auth_enable = yes
+smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
+smtp_sasl_security_options = noanonymous
+{% endif %}
 
 # Recipient delimiter for extended addresses
 recipient_delimiter = {{ RECIPIENT_DELIMITER }}

core/postfix/start.py

@@ -48,6 +48,13 @@ for map_file in glob.glob("/overrides/*.map"):
     os.system("postmap {}".format(destination))
     os.remove(destination)
 
+if "RELAYUSER" in os.environ:
+    path = "/etc/postfix/sasl_passwd"
+    fileContent = "{} {}:{}".format(os.environ["RELAYHOST"], os.environ["RELAYUSER"], os.environ["RELAYPASSWORD"])
+    with open(path, "w") as f:
+        f.write(fileContent)
+    os.system("postmap {}".format(path))
+
 convert("/conf/rsyslog.conf", "/etc/rsyslog.conf")
 
 # Run Podop and Postfix

docs/configuration.rst

@@ -57,7 +57,8 @@ Docker services' outbound mail to be relayed, you can set this to ``172.16.0.0/1
 to include **all** Docker networks. The default is to leave this empty.
 
 The ``RELAYHOST`` is an optional address of a mail server relaying all outgoing
-mail.
+mail in following format: ``[HOST]:PORT``.
+``RELAYUSER`` and ``RELAYPASSWORD`` can be used when authentication is needed.
 
 The ``FETCHMAIL_DELAY`` is a delay (in seconds) for the fetchmail service to
 go and fetch new email if available. Do not use too short delays if you do not

towncrier/newsfragments/958.feature

@@ -0,0 +1 @@
+Relays with authentication