mirror of
https://github.com/tomav/docker-mailserver.git
synced 2024-07-19 22:28:36 +02:00
Initial pass for achieving more consistency with docker-compose related configs. * Set DMS_DEBUG to 0 * align with default docker-compose.yml Co-authored-by: Casper <casperklein@users.noreply.github.com> Co-authored-by: Georg Lauterbach <44545919+georglauterbach@users.noreply.github.com> Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
165 lines
6.6 KiB
Markdown
165 lines
6.6 KiB
Markdown
---
|
|
title: 'Tutorials | Basic Installation'
|
|
---
|
|
|
|
## Building a Simple Mailserver
|
|
|
|
!!! warning
|
|
Adding the docker network's gateway to the list of trusted hosts, e.g. using the `network` or `connected-networks` option, can create an [**open relay**](https://en.wikipedia.org/wiki/Open_mail_relay), for instance [if IPv6 is enabled on the host machine but not in Docker][github-issue-1405-comment].
|
|
|
|
We are going to use this docker based mailserver:
|
|
|
|
- First create a directory for the mailserver and get the setup script:
|
|
|
|
```sh
|
|
mkdir -p /var/ds/mail.example.org
|
|
cd /var/ds/mail.example.org/
|
|
|
|
curl -o setup.sh \
|
|
https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
|
|
chmod a+x ./setup.sh
|
|
```
|
|
|
|
- Create the file `docker-compose.yml` with a content like this:
|
|
|
|
!!! example
|
|
|
|
```yaml
|
|
version: '3.8'
|
|
|
|
services:
|
|
mailserver:
|
|
image: docker.io/mailserver/docker-mailserver:latest
|
|
hostname: mail
|
|
domainname: example.com
|
|
container_name: mailserver
|
|
ports:
|
|
- "25:25"
|
|
- "587:587"
|
|
- "465:465"
|
|
volumes:
|
|
- ./data/maildata:/var/mail
|
|
- ./data/mailstate:/var/mail-state
|
|
- ./data/maillogs:/var/log/mail
|
|
- /etc/localtime:/etc/localtime:ro
|
|
- ./config/:/tmp/docker-mailserver/
|
|
- /var/ds/wsproxy/letsencrypt/:/etc/letsencrypt/
|
|
environment:
|
|
- PERMIT_DOCKER=network
|
|
- SSL_TYPE=letsencrypt
|
|
- ONE_DIR=1
|
|
- DMS_DEBUG=0
|
|
- SPOOF_PROTECTION=0
|
|
- REPORT_RECIPIENT=1
|
|
- ENABLE_SPAMASSASSIN=0
|
|
- ENABLE_CLAMAV=0
|
|
- ENABLE_FAIL2BAN=1
|
|
- ENABLE_POSTGREY=0
|
|
cap_add:
|
|
- NET_ADMIN
|
|
- SYS_PTRACE
|
|
```
|
|
|
|
For more details about the environment variables that can be used, and their meaning and possible values, check also these:
|
|
|
|
- [Environment Variables][docs-environment]
|
|
- [`mailserver.env` file][github-file-dotenv]
|
|
|
|
Make sure to set the proper `domainname` that you will use for the emails. We forward only SMTP ports (not POP3 and IMAP) because we are not interested in accessing the mailserver directly (from a client). We also use these settings:
|
|
|
|
- `PERMIT_DOCKER=network` because we want to send emails from other docker containers.
|
|
- `SSL_TYPE=letsencrypt` because we will manage SSL certificates with letsencrypt.
|
|
|
|
- We need to open ports `25`, `587` and `465` on the firewall:
|
|
|
|
```sh
|
|
ufw allow 25
|
|
ufw allow 587
|
|
ufw allow 465
|
|
```
|
|
|
|
On your server you may have to do it differently.
|
|
|
|
- Pull the docker image: `docker pull mailserver/docker-mailserver:latest`
|
|
|
|
- Now generate the DKIM keys with `./setup.sh config dkim` and copy the content of the file `config/opendkim/keys/domain.tld/mail.txt` on the domain zone configuration at the DNS server. I use [bind9](https://github.com/docker-scripts/bind9) for managing my domains, so I just paste it on `example.org.db`:
|
|
|
|
```txt
|
|
mail._domainkey IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
|
|
"p=MIIBIjANBgkqhkiG9w0BAQEFACAQ8AMIIBCgKCAQEAaH5KuPYPSF3Ppkt466BDMAFGOA4mgqn4oPjZ5BbFlYA9l5jU3bgzRj3l6/Q1n5a9lQs5fNZ7A/HtY0aMvs3nGE4oi+LTejt1jblMhV/OfJyRCunQBIGp0s8G9kIUBzyKJpDayk2+KJSJt/lxL9Iiy0DE5hIv62ZPP6AaTdHBAsJosLFeAzuLFHQ6USyQRojefqFQtgYqWQ2JiZQ3"
|
|
"iqq3bD/BVlwKRp5gH6TEYEmx8EBJUuDxrJhkWRUk2VDl1fqhVBy8A9O7Ah+85nMrlOHIFsTaYo9o6+cDJ6t1i6G1gu+bZD0d3/3bqGLPBQV9LyEL1Rona5V7TJBGg099NQkTz1IwIDAQAB" ) ; ----- DKIM key mail for example.org
|
|
```
|
|
|
|
- Add these configurations as well on the same file on the DNS server:
|
|
|
|
```txt
|
|
mail IN A 10.11.12.13
|
|
|
|
; mailservers for example.org
|
|
3600 IN MX 1 mail.example.org.
|
|
|
|
; Add SPF record
|
|
IN TXT "v=spf1 mx ~all"
|
|
```
|
|
|
|
Then don't forget to change the serial number and to restart the service.
|
|
|
|
- Get an SSL certificate from letsencrypt. I use [wsproxy](https://gitlab.com/docker-scripts/wsproxy) for managing SSL letsencrypt certificates of my domains:
|
|
|
|
```sh
|
|
cd /var/ds/wsproxy
|
|
ds domains-add mail mail.example.org
|
|
ds get-ssl-cert myemail@gmail.com mail.example.org --test
|
|
ds get-ssl-cert myemail@gmail.com mail.example.org
|
|
```
|
|
|
|
Now the certificates will be available on `/var/ds/wsproxy/letsencrypt/live/mail.example.org`.
|
|
|
|
- Start the mailserver and check for any errors:
|
|
|
|
```sh
|
|
apt install docker-compose
|
|
docker-compose up mail
|
|
```
|
|
|
|
- Create email accounts and aliases with `SPOOF_PROTECTION=0`:
|
|
|
|
```sh
|
|
./setup.sh email add admin@example.org passwd123
|
|
./setup.sh email add info@example.org passwd123
|
|
./setup.sh alias add admin@example.org myemail@gmail.com
|
|
./setup.sh alias add info@example.org myemail@gmail.com
|
|
./setup.sh email list
|
|
./setup.sh alias list
|
|
```
|
|
|
|
Aliases make sure that any email that comes to these accounts is forwarded to my real email address, so that I don't need to use POP3/IMAP in order to get these messages. Also no anti-spam and anti-virus software is needed, making the mailserver lighter.
|
|
|
|
- Or create email accounts and aliases with `SPOOF_PROTECTION=1`:
|
|
|
|
```sh
|
|
./setup.sh email add admin.gmail@example.org passwd123
|
|
./setup.sh email add info.gmail@example.org passwd123
|
|
./setup.sh alias add admin@example.org admin.gmail@example.org
|
|
./setup.sh alias add info@example.org info.gmail@example.org
|
|
./setup.sh alias add admin.gmail@example.org myemail@gmail.com
|
|
./setup.sh alias add info.gmail@example.org myemail@gmail.com
|
|
./setup.sh email list
|
|
./setup.sh alias list
|
|
```
|
|
|
|
This extra step is required to avoid the `553 5.7.1 Sender address rejected: not owned by user` error (the account used for setting up Gmail is `admin.gmail@example.org` and `info.gmail@example.org` )
|
|
|
|
- Send some test emails to these addresses and make other tests. Then stop the container with `ctrl+c` and start it again as a daemon: `docker-compose up -d mail`.
|
|
|
|
- Now save on Moodle configuration the SMTP settings and test by trying to send some messages to other users:
|
|
|
|
- **SMTP hosts**: `mail.example.org:465`
|
|
- **SMTP security**: `SSL`
|
|
- **SMTP username**: `info@example.org`
|
|
- **SMTP password**: `passwd123`
|
|
|
|
[docs-environment]: ../../config/environment.md
|
|
[github-file-dotenv]: https://github.com/docker-mailserver/docker-mailserver/blob/master/mailserver.env
|
|
[github-issue-1405-comment]: https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498
|