<inputclass="md-option"data-md-color-media="(prefers-color-scheme: light)"data-md-color-scheme="default"data-md-color-primary="indigo"data-md-color-accent="indigo"aria-label="Switch to dark mode"type="radio"name="__palette"id="__palette_1">
<labelclass="md-header__button md-icon"title="Switch to dark mode"for="__palette_2"hidden>
<inputclass="md-option"data-md-color-media="(prefers-color-scheme: dark)"data-md-color-scheme="slate"data-md-color-primary="indigo"data-md-color-accent="blue"aria-label="Switch to light mode"type="radio"name="__palette"id="__palette_2">
<labelclass="md-header__button md-icon"title="Switch to light mode"for="__palette_1"hidden>
<ahref="https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/faq.md"title="Edit this page"class="md-content__button md-icon">
<h3id="what-kind-of-database-are-you-using"><aclass="toclink"href="#what-kind-of-database-are-you-using">What kind of database are you using?</a></h3>
<p>None! No database is required. Filesystem is the database.<br/>
This image is based on config files that can be persisted using Docker volumes, and as such versioned, backed up and so forth. </p>
<h3id="where-are-emails-stored"><aclass="toclink"href="#where-are-emails-stored">Where are emails stored?</a></h3>
<p>Mails are stored in <code>/var/mail/${domain}/${username}</code>. Since <code>v9.0.0</code> it is possible to add custom <code>user_attributes</code> for each accounts to have a different mailbox configuration (See <ahref="https://github.com/docker-mailserver/docker-mailserver/pull/1792">#1792</a>).</p>
<divclass="admonition warning">
<pclass="admonition-title">Warning</p>
<p>You should use a <ahref="https://medium.com/@ramangupta/why-docker-data-containers-are-good-589b3c6c749e#.uxyrp7xpu">data volume container</a> for <code>/var/mail</code> to persist data. Otherwise, your data may be lost.</p>
</div>
<h3id="how-to-alter-the-running-mailserver-instance-without-relaunching-the-container"><aclass="toclink"href="#how-to-alter-the-running-mailserver-instance-without-relaunching-the-container">How to alter the running mailserver instance <em>without</em> relaunching the container?</a></h3>
<p><code>docker-mailserver</code> aggregates multiple "sub-services", such as Postfix, Dovecot, Fail2ban, SpamAssassin, etc. In many cases, one may edit a sub-service's config and reload that very sub-service, without stopping and relaunching the whole mail server.</p>
<p>In order to do so, you'll probably want to push your config updates to your server through a Docker volume, then restart the sub-service to apply your changes, using <code>supervisorctl</code>. For instance, after editing fail2ban's config: <code>supervisorctl restart fail2ban</code>.</p>
<p>To add, update or delete an email account; there is no need to restart postfix / dovecot service inside the container after using <code>setup.sh</code> script.</p>
<p>For more information, see <ahref="https://github.com/docker-mailserver/docker-mailserver/issues/1639">#1639</a>.</p>
</div>
<h3id="how-can-i-sync-container-with-host-datetime-timezone"><aclass="toclink"href="#how-can-i-sync-container-with-host-datetime-timezone">How can I sync container with host date/time? Timezone?</a></h3>
<p>Share the host's <ahref="https://www.freedesktop.org/software/systemd/man/localtime.html"><code>/etc/localtime</code></a> with the <code>docker-mailserver</code> container, using a Docker volume: </p>
<p>From the location of your <code>docker-compose.yml</code>, create a compressed archive of your <code>./config</code> and <code>./data</code> folders:</p>
<divclass="highlight"><pre><span></span><code>tar --gzip -cf <spanclass="s2">"backup-</span><spanclass="k">$(</span>date +%F<spanclass="k">)</span><spanclass="s2">.tar.gz"</span> config data
</code></pre></div>
<p>Then to restore <code>./config</code> and <code>./data</code> folders from your backup file:</p>
tar czf <spanclass="s2">"/backup/mail-</span><spanclass="k">$(</span>date +%F<spanclass="k">)</span><spanclass="s2">.tar.gz"</span> /var/mail /var/mail-state /var/logs/mail /tmp/docker-mailserver
<spanclass="c1"># delete backups older than 30 days</span>
find /backup/mail -type f -mtime +30 -delete
</code></pre></div>
<h3id="what-about-mail-state-folder"><aclass="toclink"href="#what-about-mail-state-folder">What about <code>mail-state</code> folder?</a></h3>
<p>This folder consolidates all data generated by the server itself to persist when you upgrade.
Example of data folder persisted: lib-amavis, lib-clamav, lib-fail2ban, lib-postfix, lib-postgrey, lib-spamassasin, lib-spamassassin, spool-postfix, ...</p>
<h3id="how-can-i-configure-my-email-client"><aclass="toclink"href="#how-can-i-configure-my-email-client">How can I configure my email client?</a></h3>
<p>Login are full email address (<code>user@domain.com</code>).</p>
<h3id="how-can-i-manage-my-custom-spamassassin-rules"><aclass="toclink"href="#how-can-i-manage-my-custom-spamassassin-rules">How can I manage my custom SpamAssassin rules?</a></h3>
<p>Antispam rules are managed in <code>config/spamassassin-rules.cf</code>.</p>
<h3id="what-are-acceptable-sa_spam_subject-values"><aclass="toclink"href="#what-are-acceptable-sa_spam_subject-values">What are acceptable <code>SA_SPAM_SUBJECT</code> values?</a></h3>
<p>For no subject set <code>SA_SPAM_SUBJECT=undef</code>.</p>
<p>For a trailing white-space subject one can define the whole variable with quotes in <code>docker-compose.yml</code>:</p>
<h3id="can-i-use-nakedbare-domains-no-host-name"><aclass="toclink"href="#can-i-use-nakedbare-domains-no-host-name">Can I use naked/bare domains (no host name)?</a></h3>
<p>Yes, but not without some configuration changes. Normally it is assumed that <code>docker-mailserver</code> runs on a host with a name, so the fully qualified host name might be <code>mail.example.com</code> with the domain <code>example.com</code>. The MX records point to <code>mail.example.com</code>.</p>
<p>To use a bare domain where the host name is <code>example.com</code> and the domain is also <code>example.com</code>, change <code>mydestination</code>:</p>
<p>Add the latter line to <code>config/postfix-main.cf</code>. That should work. Without that change there will be warnings in the logs like:</p>
<divclass="highlight"><pre><span></span><code><spanclass="go">warning: do not list domain example.com in BOTH mydestination and virtual_mailbox_domains</span>
</code></pre></div>
<p>Plus of course mail delivery fails.</p>
<h3id="why-are-spamassassin-x-headers-not-inserted-into-my-sampledomaincom-subdomain-emails"><aclass="toclink"href="#why-are-spamassassin-x-headers-not-inserted-into-my-sampledomaincom-subdomain-emails">Why are SpamAssassin <code>x-headers</code> not inserted into my <code>sample.domain.com</code> subdomain emails?</a></h3>
<p>In the default setup, amavis only applies SpamAssassin x-headers into domains matching the template listed in the config file (<code>05-domain_id</code> in the amavis defaults).</p>
<p>The default setup <code>@local_domains_acl = ( ".$mydomain" );</code> does not match subdomains. To match subdomains, you can override the <code>@local_domains_acl</code> directive in the amavis user config file <code>50-user</code> with <code>@local_domains_maps = (".");</code> to match any sort of domain template.</p>
<h3id="how-can-i-make-spamassassin-better-recognize-spam"><aclass="toclink"href="#how-can-i-make-spamassassin-better-recognize-spam">How can I make SpamAssassin better recognize spam?</a></h3>
<p>Put received spams in <code>.Junk/</code> imap folder using <code>SPAMASSASSIN_SPAM_TO_INBOX=1</code> and <code>MOVE_SPAM_TO_JUNK=1</code> and add a <em>user</em> cron like the following:</p>
<divclass="highlight"><pre><span></span><code><spanclass="c1"># This assumes you're having `environment: ONE_DIR=1` in the `mailserver.env`,</span>
<spanclass="c1"># with a consolidated config in `/var/mail-state`</span>
<spanclass="c1">#</span>
<spanclass="c1"># m h dom mon dow command</span>
<spanclass="c1"># Everyday 2:00AM, learn spam from a specific user</span>
<p>If you run the server with <code>docker-compose</code>, you can leverage on docker configs and the mailserver's own cron. This is less problematic than the simple solution shown above, because it decouples the learning from the host on which the mailserver is running and avoids errors if the server is not running.</p>
<p>The following configuration works nicely:</p>
<detailsclass="example"><summary>Example</summary><p>Create a <em>system</em> cron file:</p>
<divclass="highlight"><pre><span></span><code><spanclass="c1"># in the docker-compose.yml root directory</span>
mkdir cron
touch cron/sa-learn
chown root:root cron/sa-learn
chmod <spanclass="m">0644</span> cron/sa-learn
</code></pre></div>
<p>Edit the system cron file <code>nano cron/sa-learn</code>, and set an appropriate configuration:</p>
<divclass="highlight"><pre><span></span><code><spanclass="c1"># This assumes you're having `environment: ONE_DIR=1` in the env-mailserver,</span>
<spanclass="c1"># with a consolidated config in `/var/mail-state`</span>
<spanclass="c1">#</span>
<spanclass="c1"># m h dom mon dow user command</span>
<spanclass="c1">#</span>
<spanclass="c1"># Everyday 2:00AM, learn spam from a specific user</span>
<p>With the default settings, SpamAssassin will require 200 mails trained for spam (for example with the method explained above) and 200 mails trained for ham (using the same command as above but using <code>--ham</code> and providing it with some ham mails). Until you provided these 200+200 mails, SpamAssassin will not take the learned mails into account. For further reference, see the <ahref="https://wiki.apache.org/spamassassin/BayesNotWorking">SpamAssassin Wiki</a>.</p>
<h3id="how-can-i-configure-a-catch-all"><aclass="toclink"href="#how-can-i-configure-a-catch-all">How can I configure a catch-all?</a></h3>
<p>Considering you want to redirect all incoming e-mails for the domain <code>domain.tld</code> to <code>user1@domain.tld</code>, add the following line to <code>config/postfix-virtual.cf</code>:</p>
<h3id="how-can-i-delete-all-the-emails-for-a-specific-user"><aclass="toclink"href="#how-can-i-delete-all-the-emails-for-a-specific-user">How can I delete all the emails for a specific user?</a></h3>
<p>First of all, create a special alias named <code>devnull</code> by editing <code>config/postfix-aliases.cf</code>:</p>
<p>Considering you want to delete all the e-mails received for <code>baduser@domain.tld</code>, add the following line to <code>config/postfix-virtual.cf</code>:</p>
<h3id="how-do-i-have-more-control-about-what-spamassasin-is-filtering"><aclass="toclink"href="#how-do-i-have-more-control-about-what-spamassasin-is-filtering">How do I have more control about what SPAMASSASIN is filtering?</a></h3>
<p>By default, SPAM and INFECTED emails are put to a quarantine which is not very straight forward to access. Several config settings are affecting this behavior:</p>
<p>First, make sure you have the proper thresholds set:</p>
<li>The very negative vaue in <code>SA_TAG</code> makes sure, that all emails have the SpamAssassin headers included.</li>
<li><code>SA_TAG2</code> is the actual threshold to set the YES/NO flag for spam detection.</li>
<li><code>SA_KILL</code> needs to be very high, to make sure nothing is bounced at all (<code>SA_KILL</code> superseeds <code>SPAMASSASSIN_SPAM_TO_INBOX</code>)</li>
</ul>
<p>Make sure everything (including SPAM) is delivered to the inbox and not quarantined:</p>
<p>Create a dedicated mailbox for emails which are infected/bad header and everything amavis is blocking by default and put its address into <code>config/amavis.cf</code></p>
<h3id="what-kind-of-ssl-certificates-can-i-use"><aclass="toclink"href="#what-kind-of-ssl-certificates-can-i-use">What kind of SSL certificates can I use?</a></h3>
<p>You can use the same certificates you use with another mail server.</p>
<p>The only thing is that we provide a <code>self-signed</code> certificate tool and a <code>letsencrypt</code> certificate loader.</p>
<h3id="i-just-moved-from-my-old-mail-server-but-it-doesnt-work"><aclass="toclink"href="#i-just-moved-from-my-old-mail-server-but-it-doesnt-work">I just moved from my old mail server, but "it doesn't work"?</a></h3>
<p>If this migration implies a DNS modification, be sure to wait for DNS propagation before opening an issue.
Few examples of symptoms can be found <ahref="https://github.com/docker-mailserver/docker-mailserver/issues/95">here</a> or <ahref="https://github.com/docker-mailserver/docker-mailserver/issues/97">here</a>.</p>
<p>This could be related to a modification of your <code>MX</code> record, or the IP mapped to <code>mail.my-domain.tld</code>. Additionally, <ahref="https://intodns.com/">validate your DNS configuration</a>.</p>
<p>If everything is OK regarding DNS, please provide <ahref="https://guides.github.com/features/mastering-markdown/">formatted logs</a> and config files. This will allow us to help you.</p>
<p>If we're blind, we won't be able to do anything.</p>
<h3id="what-system-requirements-are-required-to-run-docker-mailserver-effectively"><aclass="toclink"href="#what-system-requirements-are-required-to-run-docker-mailserver-effectively">What system requirements are required to run <code>docker-mailserver</code> effectively?</a></h3>
<p>1 core and 1GB of RAM + swap partition is recommended to run <code>docker-mailserver</code> with clamav.
Otherwise, it could work with 512M of RAM.</p>
<divclass="admonition warning">
<pclass="admonition-title">Warning</p>
<p>Clamav can consume a lot of memory, as it reads the entire signature database into RAM.</p>
<p>Current figure is about 850M and growing. If you get errors about clamav or amavis failing to allocate memory you need more RAM or more swap and of course docker must be allowed to use swap (not always the case). If you can't use swap at all you may need 3G RAM.</p>
</div>
<h3id="can-docker-mailserver-run-in-a-rancher-environment"><aclass="toclink"href="#can-docker-mailserver-run-in-a-rancher-environment">Can <code>docker-mailserver</code> run in a Rancher Environment?</a></h3>
<p>Yes, by adding the environment variable <code>PERMIT_DOCKER: network</code>.</p>
<divclass="admonition warning">
<pclass="admonition-title">Warning</p>
<p>Adding the docker network's gateway to the list of trusted hosts, e.g. using the <code>network</code> or <code>connected-networks</code> option, can create an <ahref="https://en.wikipedia.org/wiki/Open_mail_relay"><strong>open relay</strong></a>, for instance <ahref="https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498">if IPv6 is enabled on the host machine but not in Docker</a>.</p>
</div>
<h3id="how-can-i-authenticate-users-with-smtp_only"><aclass="toclink"href="#how-can-i-authenticate-users-with-smtp_only">How can I Authenticate Users with <code>SMTP_ONLY</code>?</a></h3>
<p>See <ahref="https://github.com/docker-mailserver/docker-mailserver/issues/1247">#1247</a> for an example.</p>
<divclass="admonition todo">
<pclass="admonition-title">Todo</p>
<p>Write a How-to / Use-Case / Tutorial about authentication with <code>SMTP_ONLY</code>.</p>
<spanclass="go">mail amavis[1459]: (01459-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory</span>
<spanclass="go">mail amavis[1459]: (01459-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)</span>
<spanclass="go">mail amavis[1459]: (01459-01) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan KILLED, signal 9 (0009) at (eval 100) line 905.</span>
<spanclass="go">mail amavis[1459]: (01459-01) (!!)AV: ALL VIRUS SCANNERS FAILED</span>
<spanclass="gp"># </span>Clamav is not running <spanclass="o">(</span>not started or because you don<spanclass="err">'</span>t have enough memory<spanclass="o">)</span>
<h3id="how-to-use-when-behind-a-proxy"><aclass="toclink"href="#how-to-use-when-behind-a-proxy">How to use when behind a Proxy</a></h3>
<p>Add to <code>/etc/postfix/main.cf</code> :</p>
<divclass="highlight"><pre><span></span><code><spanclass="na">proxy_interfaces</span><spanclass="o">=</span><spanclass="s">X.X.X.X (your public IP)</span>
</code></pre></div>
<h3id="what-about-updates"><aclass="toclink"href="#what-about-updates">What About Updates</a></h3>
<p>You can of course use a own script or every now and then pull && stop && rm && start the images but there are tools available for this.
There is a section in the <ahref="../config/advanced/maintenance/update-and-cleanup/">Update and Cleanup</a> documentation page that explains how to use it the docker way.</p>
<h3id="how-to-adjust-settings-with-the-user-patchessh-script"><aclass="toclink"href="#how-to-adjust-settings-with-the-user-patchessh-script">How to adjust settings with the <code>user-patches.sh</code> script</a></h3>
<p>Suppose you want to change a number of settings that are not listed as variables or add things to the server that are not included?</p>
<p>This docker-container has a built-in way to do post-install processes. If you place a script called <strong>user-patches.sh</strong> in the config directory it will be run after all configuration files are set up, but before the postfix, amavis and other daemons are started.</p>
<p>The config file I am talking about is this volume in the yml file: <code>./config/:/tmp/docker-mailserver/</code></p>
<p>To place such a script you can just make it in the config dir, for instance like this:</p>
<p>Then fill <code>user-patches.sh</code> with suitable code.</p>
<p>If you want to test it you can move into the running container, run it and see if it does what you want. For instance:</p>
<divclass="highlight"><pre><span></span><code><spanclass="c1"># start shell in container</span>
./setup.sh debug login
<spanclass="c1"># check the file</span>
cat /tmp/docker-mailserver/user-patches.sh
<spanclass="c1"># run the script</span>
/tmp/docker-mailserver/user-patches.sh
<spanclass="c1"># exit the container shell back to the host shell</span>
<spanclass="nb">exit</span>
</code></pre></div>
<p>You can do a lot of things with such a script. You can find an example <code>user-patches.sh</code> script here: <ahref="https://github.com/hanscees/dockerscripts/blob/master/scripts/tomav-user-patches.sh">example <code>user-patches.sh</code> script</a></p>
<h4id="special-use-case-patching-the-supervisord-config"><aclass="toclink"href="#special-use-case-patching-the-supervisord-config">Special use-case - Patching the <code>supervisord</code> config</a></h4>
<p>It seems worth noting, that the <code>user-patches.sh</code> gets executed trough supervisord. If you need to patch some supervisord config (e.g. <code>/etc/supervisor/conf.d/saslauth.conf</code>), the patching happens too late.</p>
<p>An easy workaround is to make the <code>user-patches.sh</code> reload the supervisord config after patching it:</p>
<scriptid="__config"type="application/json">{"base":"..","features":["navigation.tabs","navigation.top","navigation.expand","navigation.instant"],"translations":{"clipboard.copy":"Copy to clipboard","clipboard.copied":"Copied to clipboard","search.config.lang":"en","search.config.pipeline":"trimmer, stopWordFilter","search.config.separator":"[\\s\\-]+","search.placeholder":"Search","search.result.placeholder":"Type to start searching","search.result.none":"No matching documents","search.result.one":"1 matching document","search.result.other":"# matching documents","search.result.more.one":"1 more on this page","search.result.more.other":"# more on this page","search.result.term.missing":"Missing","select.version.title":"Select version"},"search":"../assets/javascripts/workers/search.409db549.min.js","version":{"provider":"mike"}}</script>