docker-mailserver/README.md

# docker-mailserver

```
#
# CURRENTLY IN BETA
#
```

[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)

A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
Only configuration files, no SQL database. Keep it simple and versioned.
Easy to deploy and upgrade.

Includes:

- postfix with smtp auth
- dovecot for sasl, imap (and optional pop3) with ssl support
- amavis
- spamassasin supporting custom rules
- clamav with automatic updates
- opendkim
- opendmarc
- fail2ban
- [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates
- [integration tests](https://travis-ci.org/tomav/docker-mailserver)
- [automated builds on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)

Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)

Before you open an issue, please have a look this `README`, the [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ) and Postfix/Dovecot documentation.

## Project architecture

    ├── config                    # User: personal configurations
    ├── docker-compose.yml.dist   # User: 'docker-compose.yml' example
    ├── target                    # Developer: default server configurations
    └── test                      # Developer: integration tests

## Basic usage

    # get v2 image
    docker pull tvial/docker-mailserver:v2

    # create a "docker-compose.yml" file containing:
    mail:
      image: tvial/docker-mailserver:v2
      hostname: mail
      domainname: domain.com
      # your FQDN will be 'mail.domain.com'
      ports:
      - "25:v25"
      - "143:143"
      - "587:587"
      - "993:993"
      volumes:
      - ./config/:/tmp/docker-mailserver/

    # Create your first mail account
    # Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
    mkdir -p config
    docker run --rm \
      -e MAIL_USER=user1@domain.tld \
      -e MAIL_PASS=mypassword \
      -ti tvial/docker-mailserver:v2 \
      /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf

    # start the container
    docker-compose up -d mail

You're done!

## Managing users and aliases

### Users

As you've seen above, users are managed in `config/postfix-accounts.cf`.
Just add the full email address and its encrypted password separated by a pipe.

Example:

    user1@domain.tld|{CRAM-MD5}mypassword-cram-md5-encrypted
    user2@otherdomain.tld|{CRAM-MD5}myotherpassword-cram-md5-encrypted

To generate the password you could run for example the following:

    docker run --rm \
      -e MAIL_USER=user1@domain.tld \
      -ti tvial/docker-mailserver:v2 \
      /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER )"'

You will be asked for a password. Just copy all the output string in the file `config/postfix-accounts.cf`.

    The `doveadm pw` command let you choose between several encryption schemes for the password.
    Use doveadm pw -l to get a list of the currently supported encryption schemes.

### Aliases

Please first read [Postfix documentation on virtual aliases](http://www.postfix.org/VIRTUAL_README.html#virtual_alias).

Aliases are managed in `config/postfix-virtual.cf`.
An alias is a full email address that will be:
* delivered to an existing account in `config/postfix-accounts.cf`
* redirected to one or more other email adresses

Alias and target are space separated.

Example:

    # Alias to existing account
    alias1@domain.tld user1@domain.tld

    # Forward to external email address
    alias2@domain.tld external@gmail.com

## Environment variables

Value in **bold** is the default value.

##### DMS_SSL

  - **empty** => SSL disabled
  - letsencrypt => Enables Let's Encrypt certificates
  - custom => Enables custom certificates
  - self-signed => Enables self-signed certificates

##### ENABLE_POP3

  - **empty** => POP3 service disabled
  - 1 => Enables POP3 service

##### ENABLE_FAIL2BAN

  - **empty** => fail2ban service disabled
  - 1 => Enables fail2ban service

##### SA_TAG

  - **2.0** => add spam info headers if at, or above that level

##### SA_TAG2

  - **6.31** => add 'spam detected' headers at that level

##### SA_KILL

  - **6.31** => triggers spam evasive actions

##### SASL_PASSWD

  - **empty** => No sasl_passwd will be created
  - string => `/etc/postfix/sasl_passwd` will be created with the string as password

##### SMTP_ONLY

  - **empty** => all daemons start
  - 1 => only launch postfix smtp

Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.

## OpenDKIM

You have prepared your mail accounts? Now you can generate DKIM keys using the following command:

    docker run --rm \
      -v "$(pwd)/config":/tmp/docker-mailserver \
      -ti tvial/docker-mailserver:v2 generate-dkim-config

Don't forget to mount `config/opendkim/` to `/tmp/docker-mailserver/opendkim/` in order to use it.

Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.

## SSL

Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.

## Todo

Things to do or to improve are stored on [Github](https://github.com/tomav/docker-mailserver/issues).
Feel free to improve this docker image.

## Contribute

- Fork
- Improve
- Add integration tests in `test/tests.bats`
- Build image and run tests using `make`
- Document your improvements
- Commit, push and make a pull-request
Added basic README. 2015-03-28 15:04:09 +00:00			`# docker-mailserver`

Changed documentation for #109 2016-04-20 08:15:51 +00:00			```
			`#`
			`# CURRENTLY IN BETA`
			`#`
			```

			`[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)`
Use TRAVIS env and updated README with Travis build status 2015-10-18 19:38:22 +00:00
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`A fullstack but simple mail server (smtp, imap, antispam, antivirus...).`
			`Only configuration files, no SQL database. Keep it simple and versioned.`
			`Easy to deploy and upgrade.`
Working image. 2015-03-28 15:44:40 +00:00
			`Includes:`
Simplified configurations 2015-03-29 12:07:56 +00:00
Now postfix configuration is generic. 2015-03-31 15:28:13 +00:00			`- postfix with smtp auth`
Dovecot based version of the mailserver. Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed. 2016-04-07 12:20:51 +00:00			`- dovecot for sasl, imap (and optional pop3) with ssl support`
Now postfix configuration is generic. 2015-03-31 15:28:13 +00:00			`- amavis`
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`- spamassasin supporting custom rules`
Improved documentation (added client configuration) 2015-06-29 12:55:54 +00:00			`- clamav with automatic updates`
- added DKIM support 2016-01-20 15:41:34 +00:00			`- opendkim`
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`- opendmarc`
Added fail2ban to features list 2016-02-13 11:20:15 +00:00			`- fail2ban`
Merge branch 'pop3-support' of https://github.com/crash7/docker-mailserver into crash7-pop3-support 2016-01-26 11:56:26 +00:00			`- [LetsEncrypt](https://letsencrypt.org/) and self-signed certificates`
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`- [integration tests](https://travis-ci.org/tomav/docker-mailserver)`
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`- [automated builds on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)`
Working image. 2015-03-28 15:44:40 +00:00
Fixed typo 2015-09-12 08:53:59 +00:00			`Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)`
Added link to blog post. 2015-08-26 08:05:40 +00:00
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			Before you open an issue, please have a look this `README`, the [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ) and Postfix/Dovecot documentation.
Changed documentation for #109 2016-04-20 08:15:51 +00:00
			`## Project architecture`

			`├── config # User: personal configurations`
			`├── docker-compose.yml.dist # User: 'docker-compose.yml' example`
Fixed typos 2016-04-20 09:40:31 +00:00			`├── target # Developer: default server configurations`
			`└── test # Developer: integration tests`
Now postfix configuration is generic. 2015-03-31 15:28:13 +00:00
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`## Basic usage`
Working image. 2015-03-28 15:44:40 +00:00
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`# get v2 image`
Fixed typos 2016-04-20 09:40:31 +00:00			`docker pull tvial/docker-mailserver:v2`
Added basic README. 2015-03-28 15:04:09 +00:00
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`# create a "docker-compose.yml" file containing:`
Improved documentation and added link to SSL.md 2015-12-06 20:12:32 +00:00			`mail:`
Fixed typos 2016-04-20 09:40:31 +00:00			`image: tvial/docker-mailserver:v2`
Improved documentation and added link to SSL.md 2015-12-06 20:12:32 +00:00			`hostname: mail`
			`domainname: domain.com`
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`# your FQDN will be 'mail.domain.com'`
Improved documentation and added link to SSL.md 2015-12-06 20:12:32 +00:00			`ports:`
Fixed typos 2016-04-20 09:40:31 +00:00			`- "25:v25"`
Improved documentation and added link to SSL.md 2015-12-06 20:12:32 +00:00			`- "143:143"`
			`- "587:587"`
			`- "993:993"`
			`volumes:`
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`- ./config/:/tmp/docker-mailserver/`

			`# Create your first mail account`
Fixed typos 2016-04-20 09:40:31 +00:00			`# Don't forget to adapt MAIL_USER and MAIL_PASS to your needs`
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`mkdir -p config`
			`docker run --rm \`
Improved documentation 2016-04-22 22:31:15 +00:00			`-e MAIL_USER=user1@domain.tld \`
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`-e MAIL_PASS=mypassword \`
			`-ti tvial/docker-mailserver:v2 \`
			`/bin/sh -c 'echo "$MAIL_USER\|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf`
Fixes #8 - BC BREAK - User configuration is no longer in docker-compose.yml to make it easier to maintain 2015-07-16 17:35:11 +00:00
Dovecot based version of the mailserver. Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed. 2016-04-07 12:20:51 +00:00			`# start the container`
Convert tab to spaces in the readme Call me petty, but things like this bother me more than they should. 2016-04-21 13:29:57 +00:00			`docker-compose up -d mail`
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`You're done!`

Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`## Managing users and aliases`

			`### Users`

Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			As you've seen above, users are managed in `config/postfix-accounts.cf`.
			`Just add the full email address and its encrypted password separated by a pipe.`
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00
			`Example:`

Fixed i#152 Fail2ban config and tests 2016-04-22 15:51:14 +00:00			`user1@domain.tld\|{CRAM-MD5}mypassword-cram-md5-encrypted`
			`user2@otherdomain.tld\|{CRAM-MD5}myotherpassword-cram-md5-encrypted`
Dovecot based version of the mailserver. Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed. 2016-04-07 12:20:51 +00:00
			`To generate the password you could run for example the following:`

Improved documentation 2016-04-22 22:31:15 +00:00			`docker run --rm \`
			`-e MAIL_USER=user1@domain.tld \`
			`-ti tvial/docker-mailserver:v2 \`
			`/bin/sh -c 'echo "$MAIL_USER\|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER )"'`
Dovecot based version of the mailserver. Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed. 2016-04-07 12:20:51 +00:00
Fixed i#152 Fail2ban config and tests 2016-04-22 15:51:14 +00:00			You will be asked for a password. Just copy all the output string in the file `config/postfix-accounts.cf`.
Dovecot based version of the mailserver. Courier and Cyrus Sasl have been removed and substituted with Dovecot which now handle authentication for Postfix, Imap and Pop3, with support for SSL. This allow the use of several encryption schemes for the password as well as a single user db. OpenDKIM keys can now be provided at the startup and will be used instead of generating new ones (so that you don't have to change your DNS configuration). This version builds correctly on Docker but no integration tests have been reworked to accommodate Dovecot instead of Courier and Cyrus Sasl. As such at present no automatic tests can be executed. 2016-04-07 12:20:51 +00:00
			The `doveadm pw` command let you choose between several encryption schemes for the password.
			`Use doveadm pw -l to get a list of the currently supported encryption schemes.`

Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`### Aliases`

			`Please first read [Postfix documentation on virtual aliases](http://www.postfix.org/VIRTUAL_README.html#virtual_alias).`
Fixes #8 - BC BREAK - User configuration is no longer in docker-compose.yml to make it easier to maintain 2015-07-16 17:35:11 +00:00
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			Aliases are managed in `config/postfix-virtual.cf`.
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`An alias is a full email address that will be:`
Changed documentation for #109 2016-04-20 08:15:51 +00:00			* delivered to an existing account in `config/postfix-accounts.cf`
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`* redirected to one or more other email adresses`
Fixes #8 - BC BREAK - User configuration is no longer in docker-compose.yml to make it easier to maintain 2015-07-16 17:35:11 +00:00
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`Alias and target are space separated.`
Improved documentation related to #11 2015-08-10 10:20:50 +00:00
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`Example:`
Improved documentation (added client configuration) 2015-06-29 12:55:54 +00:00
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`# Alias to existing account`
			`alias1@domain.tld user1@domain.tld`
Improved documentation (added client configuration) 2015-06-29 12:55:54 +00:00
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`# Forward to external email address`
			`alias2@domain.tld external@gmail.com`
Cleaned code after live testing and improved documentation 2015-12-05 16:32:33 +00:00
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`## Environment variables`
Improved documentation (added client configuration) 2015-06-29 12:55:54 +00:00
Fixed typo 2016-04-22 22:34:03 +00:00			`Value in bold is the default value.`
Added information regarding default value 2016-04-22 22:32:43 +00:00
Improved documentation 2016-04-22 22:31:15 +00:00			`##### DMS_SSL`

			`- empty => SSL disabled`
			`- letsencrypt => Enables Let's Encrypt certificates`
			`- custom => Enables custom certificates`
			`- self-signed => Enables self-signed certificates`

			`##### ENABLE_POP3`

			`- empty => POP3 service disabled`
			`- 1 => Enables POP3 service`

			`##### ENABLE_FAIL2BAN`

			`- empty => fail2ban service disabled`
			`- 1 => Enables fail2ban service`

			`##### SA_TAG`

			`- 2.0 => add spam info headers if at, or above that level`

			`##### SA_TAG2`

			`- 6.31 => add 'spam detected' headers at that level`

			`##### SA_KILL`

			`- 6.31 => triggers spam evasive actions`

			`##### SASL_PASSWD`

			`- empty => No sasl_passwd will be created`
Fixed formatting 2016-04-22 22:35:40 +00:00			- string => `/etc/postfix/sasl_passwd` will be created with the string as password
Improved documentation 2016-04-22 22:31:15 +00:00
			`##### SMTP_ONLY`

			`- empty => all daemons start`
			`- 1 => only launch postfix smtp`
Fixes #39 with a basic backup script 2016-01-22 14:02:25 +00:00
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.`
Added tests and simplified some of them 2016-02-03 21:45:11 +00:00
Fixed #143 adding a OpenDKIM keys generator and its integration tests 2016-04-20 21:01:32 +00:00			`## OpenDKIM`

			`You have prepared your mail accounts? Now you can generate DKIM keys using the following command:`

			`docker run --rm \`
			`-v "$(pwd)/config":/tmp/docker-mailserver \`
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			`-ti tvial/docker-mailserver:v2 generate-dkim-config`
Fixed #143 adding a OpenDKIM keys generator and its integration tests 2016-04-20 21:01:32 +00:00
Improved documentation 2016-04-22 22:31:15 +00:00			Don't forget to mount `config/opendkim/` to `/tmp/docker-mailserver/opendkim/` in order to use it.

Fixed #143 adding a OpenDKIM keys generator and its integration tests 2016-04-20 21:01:32 +00:00			Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.

Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`## SSL`
Fixes #39 with a basic backup script 2016-01-22 14:02:25 +00:00
Moved SSL doc to the Wiki 2016-02-10 08:53:51 +00:00			`Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.`
Fixes #39 with a basic backup script 2016-01-22 14:02:25 +00:00
Simplified README and linked to FAQ. 2016-02-01 14:05:29 +00:00			`## Todo`
Added information about issues. 2015-03-31 20:21:44 +00:00
Changed documentation for #109 2016-04-20 08:15:51 +00:00			`Things to do or to improve are stored on [Github](https://github.com/tomav/docker-mailserver/issues).`
Added information about issues. 2015-03-31 20:21:44 +00:00			`Feel free to improve this docker image.`

Improved documentation 2016-02-04 07:51:07 +00:00			`## Contribute`

			`- Fork`
			`- Improve`
Fixed test file now moved to "bats" 2016-02-25 11:15:33 +00:00			- Add integration tests in `test/tests.bats`
Remove trailing whitespace in the readme 2016-04-21 13:28:23 +00:00			- Build image and run tests using `make`
Improved documentation 2016-02-04 07:51:07 +00:00			`- Document your improvements`
			`- Commit, push and make a pull-request`