From 6e3c80487f71234aec0b5168eecb3202f4351cdd Mon Sep 17 00:00:00 2001
From: 3wc <3wc.git@doesthisthing.work>
Date: Sun, 27 Sep 2020 21:36:04 +0200
Subject: [PATCH] Fix settings, improve docs, add `networks` for Drone

---
 .drone.yml  |  3 +++
 README.md   | 18 ++++++++++++------
 compose.yml |  7 +++----
 3 files changed, 18 insertions(+), 10 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index a589dcc..2796fd4 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -10,6 +10,9 @@ steps:
       purge: true
       deploy_key:
         from_secret: drone_ssh_swarm_test
+      networks:
+        - mail
+        - proxy
     environment:
       DOMAIN: swarm-test.autonomic.zone
       STACK_NAME: postfix-relay
diff --git a/README.md b/README.md
index 518b465..3425c6e 100644
--- a/README.md
+++ b/README.md
@@ -7,17 +7,22 @@ The basic idea is to run one instance of this on each swarm, and configure that
 swarm's apps to send all their email through it.
 
 By default, this stack will try to deliver e-mail directly (i.e. looking up the
-recipient's mail server using `MX` records). For this to work, you will need to
-set up reverse DNS and SPF.
+recipient's mail server using `MX` records). 
+
+**NOTE**: If you use this direct delivery, make sure that:
+ - your Traefik server and host firewall are configured to allow port 587, 
+ - you have an MX record for your configured `$DOMAIN` pointing to this server,
+ - you have an SPF record for `$DOMAIN` that includes `mx` or this server's IP
+ - you have a reverse DNS (rDNS / PTR) record for this IP that matches `$DOMAIN`
+
+(These requirements mean that you can only deploy one direct-delivery instance
+of this app per swarm host..)
 
 Alternatively, you can easily route mail through a smarthost / relay host like
 Mailgun or Gandi -- see [`RELAYHOST` and related parameters][boky-postfix-options].
 
 FIXME 3wc: Pass `RELAYHOST` etc. from `.envrc` to service
 
-TODO 3wc: Can you run more than one instance of this on a swarm? How could we handle
-that in terms of reverse DNS?
-
 ## Basic usage
 
 1. Set up Docker Swarm and [`abra`]
@@ -25,7 +30,8 @@ that in terms of reverse DNS?
 3. `git clone https://git.autonomic.zone/compose-stacks/postfix-relay.git && cd postfix-relay`
 3. `cp .envrc.sample .envrc`
 4. Edit `.envrc` - be sure to change `DOMAIN` to something that resolves to
-   your Docker swarm box
+   your Docker swarm box, and add any extra domains (including subdomains) you'd
+   like to be able to send mail from in `EXTRA_SENDER_DOMAINS`.
 5. `direnv allow` (or `. .envrc`)
 6. `abra deploy`
 
diff --git a/compose.yml b/compose.yml
index 7cd52fc..e2827f5 100644
--- a/compose.yml
+++ b/compose.yml
@@ -16,10 +16,9 @@ services:
     environment:
       FORCE_COLOR: "1"
       TZ: ${TZ}
-      INBOUND_DEBUGGING: "${INBOUND_DEBUGGING:-0}"
-      ALLOWED_SENDER_DOMAINS: "${EXTRA_SENDER_DOMAINS} ${DOMAIN}"
-      POSTFIX_myhostname: "${DOMAIN}"
-      MASQUERADED_DOMAINS: "${MASQUERADED_DOMAINS}"
+      INBOUND_DEBUGGING: ${INBOUND_DEBUGGING}
+      ALLOWED_SENDER_DOMAINS: ${DOMAIN} ${EXTRA_SENDER_DOMAINS}
+      POSTFIX_myhostname: ${DOMAIN}
     deploy:
       restart_policy:
         condition: on-failure