This repository builds the docker image for the SMTP Relay Server and pushes it to the Shared Services Elastic Container Repository, so that the pre-configured ECS task can pull down this image and launch a new container.
This repository depends on the network services infrastructure repository, which builds the underlying base infrastructure with required ECR repository and ECS service definitions to work with this docker image.
- SMTP Relay Server
- High Level Architecture
- Related Repositories
- Technical Guide
- SMTP Relay Disaster Recovery
The Postfix SMTP Relay Server is a server-side application for routing and delivering mail. You can use Postfix to set up a local mail server, create a null-client mail relay, use a Postfix server as a destination for multiple domains, or choose an LDAP directory instead of files for lookups.
The key features of using Postfix SMTP Relay Server:
- Security features to protect against common email related threats
- Customization options, including support for virtual domains and aliases
The Postfix SMTP Relay Server enables devices which are unable to use authentication to use unauthenticated SMTP to send email. Currently, printers and a few legacy applications from various MoJ HQ sites are using this SMTP relay service via the Transit Gateway to send emails to both justice and digital domains.
The SMTP Relay Service runs within the Staff Infrastructure Network Services VPC.This service consists of an AWS ECS cluster running two instances of SMTP Relay Server containers with postfix image in two availibilty zones in London region. Two load balancers from those two availibility zones are there to accept incoming requests from clients via the Transit gateway and then to distribute the requests to those SMTP Relay Server containers. This provides high availibility and resiliency to the service.
Here is a diagram:
This repository builds the docker image for SMTP Relay server only. Here are some of the other related repositories:
Once you have deployed the infrastructure, you may use this guide to build and push the SMTP Relay server image.
To be able to follow this guide, you need to have the following already:
- System infrastructure deployed
- Docker
- AWS Vault set up.
- Access to Moj AWS SSO.
- jq installed.
| 🎉 TIP |
|---|
| You may configure your AWS Vault to use AWS SSO. A step-by-step guide can be found in our team documentation site. |
Local development shouldn't go over the download limits of Dockerhub. https://docs.docker.com/docker-hub/download-rate-limit/
If these limits are encountered, authenticating with Docker is required:
export DOCKER_USERNAME=your-docker-hub-username
export DOCKER_PASSWORD=your-docker-hub-password
make authenticate-docker
- Clone the staff-infrastructure-smtp-relay-server repository to a local directory on your machine.
The configuration/environment variables for running and building the SMTP Relay Server container for the required environment are automatically populated through utilisation of the generate-env-file.sh script which is executed when using the 'make gen-env' command. With this approach an engineer can see what the values are and where they are stored. This helps to speed up the process in getting the SMTP Relay container deployed locally.
- Generate
.envfile with the required values for the environment automatically, run:
make gen-env- To build the image on your local docker, run:
make build-dev- To run the SMTP Relay server on your local docker, run:
make run- To test the build locally, run:
make test- To push the built image on to your isolated ECR repository, run:
make publish make deploy Once you have finished using the docker image, to shut down the environment, run:
make stop In the event of disaster recovery for the SMTP Relay Server it is recommended to roll forward with a fix than to roll back. If a rollback is still required, follow the steps in this guide
The SMTP service has no persistent data to restore in the event of disaster recovery as it is relaying emails from one destination to another. The configuration for the SMTP Relay Server is stored as parameters in Systems Manager (SSM) Parameter store and set in the various places it is required as defined in the code. As a result the code which is stored in the repositories is all that is needed to bring the service back online.
- Access to the existing AWS account with AWS BYOIP addresses in order to be able to send on mail to ExchangeOnline/GoogleWorkspace. If this is not possible the new Elastic Public IPs will need to be replaced on
mail-relay.staff.service.justice.gov.ukPTR records within Route53 else mail delivery will fail. - If account has lost attachment to transit gateway then
pushaccess to the transit gateway repo.
In the event that Grafana has alerted on a disaster scenario, follow the steps below to restore the STMP Relay service:
Deploy the underlying AWS infrastructure required for the SMTP Relay Server by following the How to deploy the Infrastructure guide. This documentation covers steps for prerequisites, creating a terraform workspace and standing up the infrastructure.
Once Step 1 is complete and the underlying AWS infrastructure is deployed/restored proceed to restoring the SMTP Relay Server container into ECS Fargate by following the steps of this README's Technical Guide. This guide includes the necessary prerequisite steps and instructions for Building, Running, Testing, Publishing (to ECR) and Deploying/Restoring the SMTP Relay container into ECS.