2

I'm trying to dockerize my mailing server and I'm having some troubles regarding how am I supposed to use environment variables inside Postfix and Dovecot configuration files (I'm using the latest packages available through apt for ubuntu:18.04).

I have already imported the variables I want to use within Dovecot.conf (1) and main.cf (2), but I honestly don't now exactly which syntax I must follow in order to use these.

(1) Dovecot.conf

import_environment= MYSQL_DATABASE, MYSQL_USER, MYSQL_PASSWORD, DOMAIN_NAME, CERTS_DIR, DOVECOT_SASL_PORT

(2) Postfix's main.cf

import_environment= MYSQL_DATABASE, MYSQL_USER, {MYSQL_PASSWORD}, DOMAIN_NAME, CERTS_DIR, DOVECOT_SASL_PORT

According to Dovecot's docs, I am supposed to use env:MYSQL_DATABASE whenever I want to refer to my database, env:DOMAIN_NAME whenever I want to refer to my domain name, and so on. However, according to this mailing list from 2019, a user is refering to their ENV variables as %{env:EXAMPLE_VAR}. Which approach is the correct one? Are they both equally valid?

About Postfix, on the other hand, I could not find anything related to what syntax must be used when referring to environment variables, and I'd very much appreciate if someone could tell me how should I proceed.

Thanks a lot!

Jose
  • 29
  • 3
  • What version are you using? Looking at [the docs](https://doc.dovecot.org/configuration_manual/config_file/#environment-variables) it says that this is new in 2.3.14. I just `apt install`ed dovecot and got version 2.3.7.2 ... – Nathan Chappell May 03 '23 at 14:08

3 Answers3

1

You're right, dovecot allows variable expansion using the environment as a source. %{env:FOR_WHAT_ITS_WORTH} is the correct syntax. Keep in mind though, that dovecot has two types of configuration files: the "normal" ones ending in .conf and those that end in .conf.ext, usually used for external connections like fetching the user database from LDAP or some SQL DBMS. The latter do not provide variable expansion at all, so you need to take a different approach (more on that below).

When it comes to postfix, there is no standard mechanism I know of and the documentation does not mention anything about it.

There is a solution to this, that, you might have already guessed, involves some work but works for anything you want to containerize. I assume you are using some docker-entrypoint.sh script to launch postfix and dovecot inside your container and that checks before-hand if first time setup has been done. If not, it runs first time setup. You might even run this setup unconditionally every time your container fires up to change the configuration according to what's to be found in the environment.

Let's say you have prepared your configuration files outside the container and copy them over by something in your docker file that looks like COPY config /root/config.tpl. Inside these configuration files are standard shell variables, e. g. bind_dn = ${MY_BIND_DN} and you have escaped all $ and \ characters in your configuration templates. What you can do now is simply filtering the templates through eval and then place the output where it belongs. See this example for clarification.

for CONFIG_TEMPLATE in /root/config.tpl ; do
  cat ${CONFIG_TEMPLATE} | eval "echo \"$(cat ${CONFIG_TEMPLATE})\"" > /etc/dovecot/conf.d/${CONFIG_TEMPLATE}
done

That's pretty much, I know. Nevertheless it works great unless there's too much to escape in your configuration files and it allows you to configure almost everything that's configuration file based on container start from the environment.

Timor
  • 181
  • 10
  • Hello there, thanks for your answer. However, Dovecot failed to expand env variables inside **.conf** files such as `10-master.conf`. Since I did not find anything about postfix other than the `import_environment` declaration, I ended up using `$MY_VAR` syntax all over the place and passing my conf files to `envsubst` to replace all ocurrences according to the exported env variables. To put things in context, my plan is to run separate containers for postix, dovecot and postfixAdmin (since I sadly failed to dockerize vimbadmin) and make them interact with each other through docker networks. – Jose Nov 17 '20 at 19:53
  • Good to hear that you found a solution. `envsubst`is actually pretty close to what I intended with my solution, probably even safer, thanks for sharing. I'd say now is a good time to either post your solution as an answer and accept that or accept mine so that your question is considered solved. – Timor Nov 17 '20 at 20:20
1

I want to expand on the answer about Postfix specifically, especially as this is the only top search result for "Postfix import_environment" that isn't part of the official documentation.

The docs make it sounds like this should work, but it never will - there's no magic syntax. Reading through the code, it becomes obvious that the feature is meant to import environment variables to be piped/passed to other processes. They are NEVER expanded as part of the configuration. There's even a comment about it in postconf.c that reads: "We don't extract import_environment from main.cf, because..." and goes on to explain the problems with attempting that.

So hopefully I will save you some time from going down the rabbit hole I did: this feature does not do what you think it does. Using environment variables directly in the Postfix configuration file is impossible.

user11953615
  • 11
  • 1
  • This does not provide an answer to the question. Once you have sufficient [reputation](https://serverfault.com/help/whats-reputation) you will be able to [comment on any post](https://serverfault.com/help/privileges/comment); instead, [provide answers that don't require clarification from the asker](https://meta.stackexchange.com/questions/214173/why-do-i-need-50-reputation-to-comment-what-can-i-do-instead). - [From Review](/review/late-answers/518126) – djdomi Apr 19 '22 at 18:02
-1

I found out Dovecot was failing to expand env variables inside .conf files such as 10-master.conf. Since I did not find anything about postfix other than the import_environment declaration, I ended up using $MY_VAR syntax all over the place and passing my conf files to envsubst to replace all ocurrences according to the exported env variables.

Jose
  • 29
  • 3