2016-06-25 08:57:46 +00:00
# docker-mailserver
2017-02-23 10:48:52 +00:00
[![Build Status ](https://travis-ci.org/tomav/docker-mailserver.svg?branch=master )](https://travis-ci.org/tomav/docker-mailserver) [![Docker Pulls ](https://img.shields.io/docker/pulls/tvial/docker-mailserver.svg )](https://hub.docker.com/r/tvial/docker-mailserver/) [![Github Stars ](https://img.shields.io/github/stars/tomav/docker-mailserver.svg?label=github%20%E2%98%85 )](https://github.com/tomav/docker-mailserver/) [![Github Stars ](https://img.shields.io/github/contributors/tomav/docker-mailserver.svg )](https://github.com/tomav/docker-mailserver/) [![Github Forks ](https://img.shields.io/github/forks/tomav/docker-mailserver.svg?label=github%20forks )](https://github.com/tomav/docker-mailserver/) [![Gitter ](https://img.shields.io/gitter/room/tomav/docker-mailserver.svg )](https://gitter.im/tomav/docker-mailserver)
2016-04-24 15:37:10 +00:00
2016-04-21 13:28:23 +00:00
A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
Only configuration files, no SQL database. Keep it simple and versioned.
Easy to deploy and upgrade.
2015-03-28 15:44:40 +00:00
Includes:
2015-03-29 12:07:56 +00:00
2016-10-30 13:11:36 +00:00
- postfix with smtp or ldap auth
- dovecot for sasl, imap (and optional pop3) with ssl support, with ldap auth
- saslauthd with ldap auth
2015-03-31 15:28:13 +00:00
- amavis
2016-02-01 14:05:29 +00:00
- spamassasin supporting custom rules
2015-06-29 12:55:54 +00:00
- clamav with automatic updates
2016-01-20 15:41:34 +00:00
- opendkim
2016-04-21 13:28:23 +00:00
- opendmarc
2016-02-13 11:20:15 +00:00
- fail2ban
2016-08-21 20:13:13 +00:00
- fetchmail
2017-02-06 09:21:18 +00:00
- postgrey
2016-04-29 15:52:22 +00:00
- basic [sieve support ](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters ) using dovecot
2016-01-26 11:56:26 +00:00
- [LetsEncrypt ](https://letsencrypt.org/ ) and self-signed certificates
2016-12-25 21:54:37 +00:00
- persistent data and state (but think about backups!)
2016-04-21 13:28:23 +00:00
- [integration tests ](https://travis-ci.org/tomav/docker-mailserver )
2016-02-01 14:05:29 +00:00
- [automated builds on docker hub ](https://hub.docker.com/r/tvial/docker-mailserver/ )
2015-03-28 15:44:40 +00:00
2015-09-12 08:53:59 +00:00
Why I created this image: [Simple mail server with Docker ](http://tvi.al/simple-mail-server-with-docker/ )
2015-08-26 08:05:40 +00:00
2016-04-24 15:37:10 +00:00
Before you open an issue, please have a look this `README` , the [Wiki ](https://github.com/tomav/docker-mailserver/wiki/ ) and Postfix/Dovecot documentation.
2016-04-20 08:15:51 +00:00
2016-04-24 15:37:10 +00:00
## Usage
2015-03-31 15:28:13 +00:00
2016-05-08 18:10:38 +00:00
#### Get latest image
2016-08-31 13:15:39 +00:00
2016-05-08 18:10:38 +00:00
docker pull tvial/docker-mailserver:latest
2015-03-28 15:04:09 +00:00
2016-04-24 15:37:10 +00:00
#### Create a `docker-compose.yml`
2016-04-20 08:15:51 +00:00
2016-08-23 09:51:05 +00:00
Adapt this file with your FQDN. Install [docker-compose ](https://docs.docker.com/compose/ ) in the version `1.6` or higher.
2016-02-01 14:05:29 +00:00
2017-01-04 09:05:02 +00:00
Your configs must be mounted in `/tmp/docker-mailserver/` . To understand how things work on boot, please have a look to [start-mailserver.sh ](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh )
2017-03-16 15:45:47 +00:00
`restart: always` ensures that the mail server container (and ELK container when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit.
2017-07-03 11:16:16 +00:00
```yaml
2016-09-07 17:39:27 +00:00
version: '2'
services:
mail:
2017-04-27 16:01:26 +00:00
image: tvial/docker-mailserver:latest
2016-09-07 17:39:27 +00:00
hostname: mail
domainname: domain.com
container_name: mail
ports:
2016-12-25 21:54:37 +00:00
- "25:25"
- "143:143"
- "587:587"
- "993:993"
2016-04-24 15:37:10 +00:00
volumes:
2016-12-25 21:54:37 +00:00
- maildata:/var/mail
- mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
2017-02-06 09:21:18 +00:00
- ENABLE_POSTGREY=1
2016-12-25 21:54:37 +00:00
- ONE_DIR=1
- DMS_DEBUG=0
cap_add:
- NET_ADMIN
2016-09-07 17:39:27 +00:00
volumes:
maildata:
driver: local
2016-12-25 21:54:37 +00:00
mailstate:
driver: local
2016-09-07 17:39:27 +00:00
```
2016-02-01 14:05:29 +00:00
2017-07-03 11:16:16 +00:00
__for ldap setup__:
```yaml
version: '2'
services:
mail:
image: tvial/docker-mailserver:latest
hostname: mail
domainname: domain.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldap # your ldap container/IP/ServerName
- LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain
- LDAP_BIND_PW=admin
- LDAP_QUERY_FILTER_USER="(& (mail=%s)(mailEnabled=TRUE))"
- LDAP_QUERY_FILTER_GROUP="(& (mailGroupMember=%s)(mailEnabled=TRUE))"
- LDAP_QUERY_FILTER_ALIAS="(& (mailAlias=%s)(mailEnabled=TRUE))"
- DOVECOT_PASS_FILTER="(& (objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- DOVECOT_USER_FILTER="(& (objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=ldap
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain
- SASLAUTHD_LDAP_PASSWORD=admin
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
cap_add:
- NET_ADMIN
volumes:
maildata:
driver: local
mailstate:
driver: local
```
2016-04-24 15:37:10 +00:00
#### Create your mail accounts
2016-04-07 12:20:51 +00:00
2016-04-24 15:37:10 +00:00
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
2016-04-07 12:20:51 +00:00
2016-04-24 15:37:10 +00:00
mkdir -p config
2016-08-18 07:54:17 +00:00
touch config/postfix-accounts.cf
2016-04-22 22:31:15 +00:00
docker run --rm \
-e MAIL_USER=user1@domain.tld \
2016-04-24 15:37:10 +00:00
-e MAIL_PASS=mypassword \
2016-05-08 18:10:38 +00:00
-ti tvial/docker-mailserver:latest \
2016-06-14 11:00:51 +00:00
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
2016-02-01 14:05:29 +00:00
2016-08-31 13:15:39 +00:00
#### Generate DKIM keys
2015-07-16 17:35:11 +00:00
2016-04-24 15:37:10 +00:00
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
2016-05-08 18:10:38 +00:00
-ti tvial/docker-mailserver:latest generate-dkim-config
2015-07-16 17:35:11 +00:00
2016-08-18 07:54:17 +00:00
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
2015-08-10 10:20:50 +00:00
2017-01-04 09:09:03 +00:00
Note: you can also manage email accounts, DKIM keys and more with the [setup.sh convenience script ](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh ).
2016-04-24 15:37:10 +00:00
#### Start the container
2015-06-29 12:55:54 +00:00
2016-04-24 15:37:10 +00:00
docker-compose up -d mail
2015-06-29 12:55:54 +00:00
2016-04-24 15:37:10 +00:00
You're done!
2015-12-05 16:32:33 +00:00
2016-02-01 14:05:29 +00:00
## Environment variables
2015-06-29 12:55:54 +00:00
2017-03-20 21:48:25 +00:00
Please check [how the container starts ](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh ) to understand what's expected. Also if an option doesn't work as documented here, check if you are running the latest image!
2016-04-22 22:31:15 +00:00
2016-04-24 15:37:10 +00:00
Value in **bold** is the default value.
2016-04-22 22:31:15 +00:00
2016-12-23 22:56:39 +00:00
##### DMS_DEBUG
2016-12-25 21:54:37 +00:00
- **0** => Debug disabled
2016-12-23 22:56:39 +00:00
- 1 => Enables debug on startup
2016-12-25 21:54:37 +00:00
#### ENABLE_CLAMAV
- **0** => Clamav is disabled
- 1 => Clamav is enabled
#### ENABLE_SPAMASSASSIN
- **0** => Spamassassin is disabled
- 1 => Spamassassin is enabled
##### SA_TAG
- **2.0** => add spam info headers if at, or above that level
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
##### SA_TAG2
- **6.31** => add 'spam detected' headers at that level
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
##### SA_KILL
- **6.31** => triggers spam evasive actions
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
2017-06-23 19:50:01 +00:00
##### SA_SPAM_SUBJECT
- **\*\*\*SPAM\*\*\*** => add tag to subject if spam detected
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
2017-01-09 16:11:10 +00:00
##### ONE_DIR
- **0** => state in default directories
- 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes
2016-04-22 22:31:15 +00:00
##### ENABLE_POP3
- **empty** => POP3 service disabled
- 1 => Enables POP3 service
##### ENABLE_FAIL2BAN
2016-12-25 21:54:37 +00:00
- **0** => fail2ban service disabled
2016-04-22 22:31:15 +00:00
- 1 => Enables fail2ban service
2016-04-23 10:09:28 +00:00
If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml` :
cap_add:
- NET_ADMIN
Otherwise, `iptables` won't be able to ban IPs.
2016-04-29 15:09:48 +00:00
##### ENABLE_MANAGESIEVE
2016-04-29 13:24:10 +00:00
- **empty** => Managesieve service disabled
- 1 => Enables Managesieve on port 4190
2016-08-21 20:13:13 +00:00
##### ENABLE_FETCHMAIL
2016-12-25 21:54:37 +00:00
- **0** => `fetchmail` disabled
2016-08-21 20:13:13 +00:00
- 1 => `fetchmail` enabled
2016-10-30 13:11:36 +00:00
##### ENABLE_LDAP
- **empty** => LDAP authentification is disabled
- 1 => LDAP authentification is enabled
- NOTE:
- A second container for the ldap service is necessary (e.g. [docker-openldap ](https://github.com/osixia/docker-openldap ))
- For preparing the ldap server to use in combination with this continer [this ](http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/ ) article may be helpful
##### LDAP_SERVER_HOST
- **empty** => mail.domain.com
- => Specify the dns-name/ip-address where the ldap-server
- NOTE: If you going to use the mailserver in combination with docker-compose you can set the service name here
##### LDAP_SEARCH_BASE
- **empty** => ou=people,dc=domain,dc=com
- => e.g. LDAP_SEARCH_BASE=dc=mydomain,dc=local
##### LDAP_BIND_DN
- **empty** => cn=admin,dc=domain,dc=com
- => take a look at examples of SASL_LDAP_BIND_DN
##### LDAP_BIND_PW
- **empty** => admin
- => Specify the password to bind against ldap
2017-07-03 11:16:16 +00:00
##### LDAP_QUERY_FILTER_USER
- e.g. `"(&(mail=%s)(mailEnabled=TRUE))"`
- => Specify how ldap should be asked for users
##### LDAP_QUERY_FILTER_GROUP
- e.g. `"(&(mailGroupMember=%s)(mailEnabled=TRUE))"`
- => Specify how ldap should be asked for groups
##### LDAP_QUERY_FILTER_ALIAS
- e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"`
- => Specify how ldap should be asked for aliases
##### DOVECOT_USER_FILTER
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
##### DOVECOT_PASS_FILTER
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
2017-01-21 16:27:21 +00:00
##### OVERRIDE_HOSTNAME
2017-01-20 22:30:29 +00:00
- **empty** => uses the `hostname` command to get the mail server's canonical hostname
- => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
2016-10-30 13:11:36 +00:00
##### POSTMASTER_ADDRESS
- **empty** => postmaster@domain.com
- => Specify the postmaster address
2017-02-06 09:21:18 +00:00
#### ENABLE_POSTGREY
- **0** => `postgrey` is disabled
- 1 => `postgrey` is enabled
##### POSTGREY_DELAY
- **300** => greylist for N seconds
Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### POSTGREY_MAX_AGE
2017-07-03 11:16:16 +00:00
2017-02-06 09:21:18 +00:00
- **35** => delete entries older than N days since the last time that they have been seen
Note: This postgrey setting needs `ENABLE_POSTGREY=1`
##### POSTGREY_TEXT
2017-07-03 11:16:16 +00:00
2017-02-06 09:21:18 +00:00
- **Delayed by postgrey** => response when a mail is greylisted
Note: This postgrey setting needs `ENABLE_POSTGREY=1`
2016-10-30 13:11:36 +00:00
##### ENABLE_SASLAUTHD
2016-12-25 21:54:37 +00:00
- **0** => `saslauthd` is disabled
2016-10-30 13:11:36 +00:00
- 1 => `saslauthd` is enabled
##### SASLAUTHD_MECHANISMS
- empty => pam
2017-07-03 11:16:16 +00:00
- `ldap` => authenticate against ldap server
- `shadow` => authenticate against local user db
- `mysql` => authenticate against mysql db
- `rimap` => authenticate against imap server
2016-10-30 13:11:36 +00:00
- NOTE: can be a list of mechanisms like pam ldap shadow
##### SASLAUTHD_MECH_OPTIONS
- empty => None
- e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
##### SASLAUTHD_LDAP_SERVER
- empty => localhost
##### SASLAUTHD_LDAP_SSL
2017-07-03 11:16:16 +00:00
- empty or 0 => `ldap://` will be used
- 1 => `ldaps://` will be used
2016-10-30 13:11:36 +00:00
##### SASLAUTHD_LDAP_BIND_DN
- empty => anonymous bind
- specify an object with priviliges to search the directory tree
- e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
- e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
##### SASLAUTHD_LDAP_PASSWORD
- empty => anonymous bind
##### SASLAUTHD_LDAP_SEARCH_BASE
- empty => Reverting to SASLAUTHD_MECHANISMS pam
- specify the search base
##### SASLAUTHD_LDAP_FILTER
2017-07-03 11:16:16 +00:00
- empty => default filter `(&(uniqueIdentifier=%u)(mailEnabled=TRUE))`
- e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))`
- e.g. for openldap: `(&(uid=%U)(objectClass=person))`
2016-10-30 13:11:36 +00:00
2016-04-22 22:31:15 +00:00
##### SASL_PASSWD
- **empty** => No sasl_passwd will be created
2016-04-22 22:35:40 +00:00
- string => `/etc/postfix/sasl_passwd` will be created with the string as password
2016-04-22 22:31:15 +00:00
##### SMTP_ONLY
- **empty** => all daemons start
- 1 => only launch postfix smtp
2016-01-22 14:02:25 +00:00
2016-04-24 15:37:10 +00:00
##### SSL_TYPE
2016-04-20 21:01:32 +00:00
2016-04-24 15:37:10 +00:00
- **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
2016-08-31 13:15:39 +00:00
- manual => Let's you manually specify locations of your SSL certificates for non-standard cases
2016-04-24 15:37:10 +00:00
- self-signed => Enables self-signed certificates
2015-03-31 20:21:44 +00:00
2016-04-24 15:37:10 +00:00
Please read [the SSL page in the wiki ](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL ) for more information.
2016-08-21 20:10:13 +00:00
##### PERMIT_DOCKER
Set different options for mynetworks option (can be overwrite in postfix-main.cf)
- **empty** => localhost only
- host => Add docker host (ipv4 only)
- network => Add all docker containers (ipv4 only)
2016-10-08 17:02:47 +00:00
##### VIRUSMAILS_DELETE_DELAY
Set how many days a virusmail will stay on the server before being deleted
- **empty** => 7 days
2017-01-09 22:52:36 +00:00
##### ENABLE_POSTFIX_VIRTUAL_TRANSPORT
This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket.
2017-07-03 11:16:16 +00:00
- **empty** => disabled
- 1 => enabled
2017-01-09 22:52:36 +00:00
##### POSTFIX_DAGENT
Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix
2017-07-03 11:16:16 +00:00
- **empty**: fail
- `lmtp:unix:private/dovecot-lmtp` (use socket)
- `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)
- `lmtp:<kopano-host>:2003` (use kopano as mailstore)
- etc.