mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
deploy: 9c5d6ad25c
This commit is contained in:
parent
e58cba57cc
commit
036bcaef3f
|
@ -73,7 +73,7 @@
|
|||
<div data-md-component="skip">
|
||||
|
||||
|
||||
<a href="#basic-setup" class="md-skip">
|
||||
<a href="#single-encryption-key-global-method" class="md-skip">
|
||||
Skip to content
|
||||
</a>
|
||||
|
||||
|
@ -648,8 +648,8 @@
|
|||
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#basic-setup" class="md-nav__link">
|
||||
Basic Setup
|
||||
<a href="#single-encryption-key-global-method" class="md-nav__link">
|
||||
Single Encryption Key / Global Method
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
@ -1256,8 +1256,8 @@
|
|||
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#basic-setup" class="md-nav__link">
|
||||
Basic Setup
|
||||
<a href="#single-encryption-key-global-method" class="md-nav__link">
|
||||
Single Encryption Key / Global Method
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
@ -1289,62 +1289,54 @@
|
|||
</div>
|
||||
<p>Official Dovecot documentation: <a href="https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/">https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/</a></p>
|
||||
<hr />
|
||||
<h2 id="basic-setup"><a class="toclink" href="#basic-setup">Basic Setup</a></h2>
|
||||
<h2 id="single-encryption-key-global-method"><a class="toclink" href="#single-encryption-key-global-method">Single Encryption Key / Global Method</a></h2>
|
||||
<ol>
|
||||
<li>Before you can enable mail_crypt, you'll need to copy out several dovecot/conf.d files to the host (from a running container) and then take the container down:
|
||||
<div class="highlight"><pre><span></span><code>mkdir -p config/dovecot
|
||||
docker cp mailserver:/etc/dovecot/conf.d/20-lmtp.conf config/dovecot/
|
||||
docker cp mailserver:/etc/dovecot/conf.d/20-imap.conf config/dovecot/
|
||||
docker cp mailserver:/etc/dovecot/conf.d/20-pop3.conf config/dovecot/
|
||||
docker-compose down
|
||||
</code></pre></div></li>
|
||||
<li>You then need to <a href="https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#ec-key">generate your global EC key</a>.</li>
|
||||
<li>The EC key needs to be available in the container. I prefer to mount a /certs directory into the container:
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./certs/:/certs</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
</code></pre></div></li>
|
||||
<li>While you're editing the docker-compose.yml, add the configuration files you copied out:
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./config/dovecot/20-lmtp.conf:/etc/dovecot/conf.d/20-lmtp.conf</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./config/dovecot/20-imap.conf:/etc/dovecot/conf.d/20-imap.conf</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./config/dovecot/20-pop3.conf:/etc/dovecot/conf.d/20-pop3.conf</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./certs/:/certs</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
</code></pre></div></li>
|
||||
<li>The <code>mail_crypt</code> plugin, unless you're using a non-standard configuration of docker-mailserver, should be enabled on both <code>lmtp</code> and <code>imap</code>. You'll want to edit three different files:<ul>
|
||||
<li><code>./config/dovecot/20-lmtp.conf</code>
|
||||
<div class="highlight"><pre><span></span><code>protocol lmtp {
|
||||
mail_plugins = $mail_plugins sieve mail_crypt
|
||||
plugin {
|
||||
mail_crypt_global_private_key = </certs/ecprivkey.pem
|
||||
mail_crypt_global_public_key = </certs/ecpubkey.pem
|
||||
mail_crypt_save_version = 2
|
||||
}
|
||||
<li>
|
||||
<p>Create <code>10-custom.conf</code> and populate it with the following:</p>
|
||||
<div class="highlight"><pre><span></span><code># Enables mail_crypt for all services (imap, pop3, etc)
|
||||
mail_plugins = $mail_plugins mail_crypt
|
||||
plugin {
|
||||
mail_crypt_global_private_key = </certs/ecprivkey.pem
|
||||
mail_crypt_global_public_key = </certs/ecpubkey.pem
|
||||
mail_crypt_save_version = 2
|
||||
}
|
||||
</code></pre></div></li>
|
||||
<li><code>./config/dovecot/20-imap.conf</code>
|
||||
<div class="highlight"><pre><span></span><code>protocol imap {
|
||||
mail_plugins = $mail_plugins imap_quota mail_crypt
|
||||
plugin {
|
||||
mail_crypt_global_private_key = </certs/ecprivkey.pem
|
||||
mail_crypt_global_public_key = </certs/ecpubkey.pem
|
||||
mail_crypt_save_version = 2
|
||||
}
|
||||
}
|
||||
</code></pre></div></li>
|
||||
<li>If you use pop3, make the same changes in <code>20-pop3.conf</code></li>
|
||||
</ul>
|
||||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
<p>Shutdown your mailserver (<code>docker-compose down</code>)</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>You then need to <a href="https://doc.dovecot.org/configuration_manual/mail_crypt_plugin/#ec-key">generate your global EC key</a>. We named them <code>/certs/ecprivkey.pem</code> and <code>/certs/ecpubkey.pem</code> in step #1.</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>The EC key needs to be available in the container. I prefer to mount a /certs directory into the container:
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./certs/:/certs</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
</code></pre></div></p>
|
||||
</li>
|
||||
<li>
|
||||
<p>While you're editing the <code>docker-compose.yml</code>, add the configuration file:
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./config/dovecot/10-custom.conf:/etc/dovecot/conf.d/10-custom.conf</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./certs/:/certs</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">. . .</span>
|
||||
</code></pre></div></p>
|
||||
</li>
|
||||
<li>
|
||||
<p>Start the container, monitor the logs for any errors, send yourself a message, and then confirm the file on disk is encrypted:
|
||||
<div class="highlight"><pre><span></span><code>[root@ip-XXXXXXXXXX ~]# cat -A /mnt/efs-us-west-2/maildata/awesomesite.com/me/cur/1623989305.M6v<36>z<EFBFBD>@<40><> m}<7D><>,<2C><>9<EFBFBD><39><EFBFBD><EFBFBD>B*<2A>247.us-west-2.compute.inE<6E><45>\Ck*<2A>@7795,W=7947:2,
|
||||
T<EFBFBD>9<EFBFBD>8t<EFBFBD>6<EFBFBD><EFBFBD> t<><74><EFBFBD>e<EFBFBD>W<EFBFBD><57>S `<60>H<EFBFBD><48>C<EFBFBD>ڤ <20>yeY<65><59>XZ<58><5A>^<5E>d<EFBFBD>/<2F><>+<2B>A
|
||||
</code></pre></div></p>
|
||||
</li>
|
||||
<li>Start the container and monitor the logs for any errors</li>
|
||||
</ol>
|
||||
<p>This should be the minimum required for encryption of the mail while in storage.</p>
|
||||
|
||||
|
|
File diff suppressed because one or more lines are too long
|
@ -2,187 +2,187 @@
|
|||
<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/faq/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/introduction/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/pop3/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/setup.sh/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/auth-ldap/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/full-text-search/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/ipv6/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-fetchmail/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-sieve/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/optional-config/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/aws-ses/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/relay-hosts/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/maintenance/update-and-cleanup/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/dovecot/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/postfix/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/autodiscover/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dmarc/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/fail2ban/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/mail_crypt/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/troubleshooting/debugging/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/aliases/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/coding-style/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/documentation/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/issues-and-pull-requests/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/contributing/tests/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/mailserver-behind-proxy/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
<url>
|
||||
<loc>https://docker-mailserver.github.io/docker-mailserver/edge/examples/uses-cases/forward-only-mailserver-with-ldap-authentication/</loc>
|
||||
<lastmod>2021-06-16</lastmod>
|
||||
<lastmod>2021-06-19</lastmod>
|
||||
<changefreq>daily</changefreq>
|
||||
</url>
|
||||
</urlset>
|
Loading…
Reference in a new issue