docker/docker-mailserver
1
0
Fork 0
mirror of https://github.com/tomav/docker-mailserver.git synced 2024-06-26 19:25:53 +02:00
Code Issues Releases Wiki Activity
413 Commits 3 Branches 27 Tags 32 MiB
Shell 96.4%
Dockerfile 2.3%
Makefile 0.5%
Python 0.3%
C++ 0.2%
Other 0.2%
782152f827
Go to file
alinmear 782152f827 Fix Problem with Saslauthd and Postfix master.cf 
The provided default postfix master.cf overwrites the configs for
saslauthd within main.cf. To make saslauthd work, we have to comment or
in this case delete the lines from master.cf to make the given configs
in main.cf work.
2016-12-19 13:39:30 +01:00
config Improve LDAP integration (#379) 2016-11-13 11:39:45 +01:00
elk Fixes #339 (#356) 2016-10-13 20:40:22 +02:00
target Fix Problem with Saslauthd and Postfix master.cf 2016-12-19 13:39:30 +01:00
test Added test 2016-12-17 21:53:09 +01:00
.dockerignore Added .dockerignore to avoid having 120+ Mo pushed into the image (#321) 2016-09-11 20:12:42 +02:00
.gitignore Handle missing files more gracefully. (#265) 2016-08-24 10:06:59 +02:00
.travis.yml Added SLack configuration for Travis notifications (#316) 2016-09-07 22:40:02 +02:00
CHANGELOG.md Add changelog 2016-07-03 14:27:03 +02:00
docker-compose.elk.yml.dist add ELK support (#331) 2016-09-29 22:52:05 +02:00
docker-compose.yml.dist Update docker-compose.yml.dist 2016-05-08 19:01:42 +02:00
Dockerfile Fixing test 2016-12-17 22:04:59 +01:00
LICENSE Renamed 2016-04-12 09:43:13 +02:00
Makefile Add ldap auth for postfix and dovecot (#352) 2016-10-30 14:11:36 +01:00
README.md Add ldap auth for postfix and dovecot (#352) 2016-10-30 14:11:36 +01:00
setup.sh Improve and extend setup.sh (#295) 2016-09-01 12:10:23 +02:00

README.md

docker-mailserver

Build Status Docker Pulls Github Stars Github Stars Github Forks

A fullstack but simple mail server (smtp, imap, antispam, antivirus...). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade.

Includes:

  • postfix with smtp or ldap auth
  • dovecot for sasl, imap (and optional pop3) with ssl support, with ldap auth
  • saslauthd with ldap auth
  • amavis
  • spamassasin supporting custom rules
  • clamav with automatic updates
  • opendkim
  • opendmarc
  • fail2ban
  • fetchmail
  • basic sieve support using dovecot
  • LetsEncrypt and self-signed certificates
  • integration tests
  • automated builds on docker hub

Why I created this image: Simple mail server with Docker

Before you open an issue, please have a look this README, the Wiki and Postfix/Dovecot documentation.

Usage

Get latest image

docker pull tvial/docker-mailserver:latest

Create a docker-compose.yml

Adapt this file with your FQDN. Install docker-compose in the version 1.6 or higher.

version: '2'

services:
  mail:
    image: tvial/docker-mailserver:latest
    # build: .
    hostname: mail
    domainname: domain.com
    container_name: mail
    ports:
      - "25:25"
      - "143:143"
      - "587:587"
      - "993:993"
    volumes:
      - maildata:/var/mail
      - ./config/:/tmp/docker-mailserver/

volumes:
  maildata:
    driver: local

Create your mail accounts

Don't forget to adapt MAIL_USER and MAIL_PASS to your needs

mkdir -p config
touch config/postfix-accounts.cf
docker run --rm \
  -e MAIL_USER=user1@domain.tld \
  -e MAIL_PASS=mypassword \
  -ti tvial/docker-mailserver:latest \
  /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf

Generate DKIM keys

docker run --rm \
  -v "$(pwd)/config":/tmp/docker-mailserver \
  -ti tvial/docker-mailserver:latest generate-dkim-config

Now the keys are generated, you can configure your DNS server by just pasting the content of config/opendkim/keys/domain.tld/mail.txt in your domain.tld.hosts zone.

Start the container

docker-compose up -d mail

You're done!

Environment variables

Please check how the container starts to understand what's expected.

Value in bold is the default value.

ENABLE_POP3
  • empty => POP3 service disabled
  • 1 => Enables POP3 service
ENABLE_FAIL2BAN
  • empty => fail2ban service disabled
  • 1 => Enables fail2ban service

If you enable Fail2Ban, don't forget to add the following lines to your docker-compose.yml:

cap_add:
  - NET_ADMIN

Otherwise, iptables won't be able to ban IPs.

ENABLE_MANAGESIEVE
  • empty => Managesieve service disabled
  • 1 => Enables Managesieve on port 4190
ENABLE_FETCHMAIL
  • empty => fetchmail disabled
  • 1 => fetchmail enabled
ENABLE_LDAP
  • empty => LDAP authentification is disabled
  • 1 => LDAP authentification is enabled
  • NOTE:
    • A second container for the ldap service is necessary (e.g. docker-openldap)
    • For preparing the ldap server to use in combination with this continer this article may be helpful
LDAP_SERVER_HOST
  • empty => mail.domain.com
  • => Specify the dns-name/ip-address where the ldap-server
  • NOTE: If you going to use the mailserver in combination with docker-compose you can set the service name here
LDAP_SEARCH_BASE
  • empty => ou=people,dc=domain,dc=com
  • => e.g. LDAP_SEARCH_BASE=dc=mydomain,dc=local
LDAP_BIND_DN
  • empty => cn=admin,dc=domain,dc=com
  • => take a look at examples of SASL_LDAP_BIND_DN
LDAP_BIND_PW
  • empty => admin
  • => Specify the password to bind against ldap
POSTMASTER_ADDRESS
SA_TAG
  • 2.0 => add spam info headers if at, or above that level
SA_TAG2
  • 6.31 => add 'spam detected' headers at that level
SA_KILL
  • 6.31 => triggers spam evasive actions
ENABLE_SASLAUTHD
  • empty => saslauthd is disabled
  • 1 => saslauthd is enabled
SASLAUTHD_MECHANISMS
  • empty => pam
  • ldap => authenticate against ldap server
  • shadow => authenticate against local user db
  • mysql => authenticate against mysql db
  • rimap => authenticate against imap server
  • NOTE: can be a list of mechanisms like pam ldap shadow
SASLAUTHD_MECH_OPTIONS
  • empty => None
  • e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
SASLAUTHD_LDAP_SERVER
  • empty => localhost
SASLAUTHD_LDAP_SSL
  • empty or 0 => ldap:// will be used
  • 1 => ldaps:// will be used
SASLAUTHD_LDAP_BIND_DN
  • empty => anonymous bind
  • specify an object with priviliges to search the directory tree
  • e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
  • e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
SASLAUTHD_LDAP_PASSWORD
  • empty => anonymous bind
SASLAUTHD_LDAP_SEARCH_BASE
  • empty => Reverting to SASLAUTHD_MECHANISMS pam
  • specify the search base
SASLAUTHD_LDAP_FILTER
  • empty => default filter (&(uniqueIdentifier=%u)(mailEnabled=TRUE))
  • e.g. for active directory: (&(sAMAccountName=%U)(objectClass=person))
  • e.g. for openldap: (&(uid=%U)(objectClass=person))
SASL_PASSWD
  • empty => No sasl_passwd will be created
  • string => /etc/postfix/sasl_passwd will be created with the string as password
SMTP_ONLY
  • empty => all daemons start
  • 1 => only launch postfix smtp
SSL_TYPE
  • empty => SSL disabled
  • letsencrypt => Enables Let's Encrypt certificates
  • custom => Enables custom certificates
  • manual => Let's you manually specify locations of your SSL certificates for non-standard cases
  • self-signed => Enables self-signed certificates

Please read the SSL page in the wiki for more information.

PERMIT_DOCKER

Set different options for mynetworks option (can be overwrite in postfix-main.cf)

  • empty => localhost only
  • host => Add docker host (ipv4 only)
  • network => Add all docker containers (ipv4 only)
VIRUSMAILS_DELETE_DELAY

Set how many days a virusmail will stay on the server before being deleted

  • empty => 7 days