Introduce .env for docker-compose examples (Closes #815)

Introduce .env for docker-compose examples
This commit is contained in:
17Halbe 2018-02-07 19:37:26 +01:00 committed by Johan Smits
parent f6404156f9
commit 115ad555be
5 changed files with 467 additions and 142 deletions

223
.env.dist Normal file
View file

@ -0,0 +1,223 @@
# -----------------------------------------------------------------------------------------------------------------------------
# --------------------- General Settings --------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
HOSTNAME=mail
DOMAINNAME=domain.com
CONTAINER_NAME=mail
# empty => uses the `hostname` command to get the mail server's canonical hostname
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
OVERRIDE_HOSTNAME=
# 0 => Debug disabled
# 1 => Enables debug on startup
DMS_DEBUG=0
# 0 => mail state in default directories
# 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes
ONE_DIR=0
# empty => postmaster@domain.com
# => Specify the postmaster address
POSTMASTER_ADDRESS=
# Set different options for mynetworks option (can be overwrite in postfix-main.cf)
# empty => localhost only
# host => Add docker host (ipv4 only)
# network => Add all docker containers (ipv4 only)
PERMIT_DOCKER=
# 1 => Enables POP3 service
# empty => disables POP3
ENABLE_POP3=
ENABLE_CLAMAV=0
# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
# cap_add:
# - NET_ADMIN
# Otherwise, `iptables` won't be able to ban IPs.
ENABLE_FAIL2BAN=0
# 1 => Enables Managesieve on port 4190
# empty => disables Managesieve
ENABLE_MANAGESIEVE=
# **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.
# drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.
# ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
POSTSCREEN_ACTION=enforce
# empty => all daemons start
# 1 => only launch postfix smtp
SMTP_ONLY=
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
# empty => SSL disabled
# letsencrypt => Enables Let's Encrypt certificates
# custom => Enables custom certificates
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates
SSL_TYPE=
# Set how many days a virusmail will stay on the server before being deleted
# empty => 7 days
VIRUSMAILS_DELETE_DELAY=
# This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket.
# empty => disabled
# 1 => enabled
ENABLE_POSTFIX_VIRTUAL_TRANSPORT=
Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix
# empty => fail
# `lmtp:unix:private/dovecot-lmtp` (use socket)
# `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)
# `lmtp:<kopano-host>:2003` (use kopano as mailstore)
# etc.
POSTFIX_DAGENT=
# -----------------------------------------------------------------------------------------------------------------------------
# --------------------- Spamassassin section ----------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
ENABLE_SPAMASSASSIN=0
# add spam info headers if at, or above that level:
SA_TAG=2.0
# add 'spam detected' headers at that level
SA_TAG2=6.31
# triggers spam evasive actions
SA_KILL=6.31
# add tag to subject if spam detected
SA_SPAM_SUBJECT=***SPAM*****
# -----------------------------------------------------------------------------------------------------------------------------
# --------------------- Fetchmail section -------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
ENABLE_FETCHMAIL=0
# The interval to fetch mail in seconds
FETCHMAIL_POLL=300
# -----------------------------------------------------------------------------------------------------------------------------
# --------------------- LDAP section ------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
# A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap)
# For preparing the ldap server to use in combination with this container this article may be helpful: http://acidx.net/wordpress/2014/06/installing-a-mailserver-with-postfix-dovecot-sasl-ldap-roundcube/
# empty => LDAP authentification is disabled
# 1 => LDAP authentification is enabled
ENABLE_LDAP=
# empty => no
# yes => LDAP over TLS enabled for Postfix
LDAP_START_TLS=
# If you going to use the mailserver in combination with docker-compose you can set the service name here
# empty => mail.domain.com
# Specify the dns-name/ip-address where the ldap-server
LDAP_SERVER_HOST=
# empty => ou=people,dc=domain,dc=com
# => e.g. LDAP_SEARCH_BASE=dc=mydomain,dc=local
LDAP_SEARCH_BASE=
# empty => cn=admin,dc=domain,dc=com
# => take a look at examples of SASL_LDAP_BIND_DN
LDAP_BIND_DN=
# empty** => admin
# => Specify the password to bind against ldap
LDAP_BIND_PW=
# e.g. `"(&(mail=%s)(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for users
LDAP_QUERY_FILTER_USER=
# e.g. `"(&(mailGroupMember=%s)(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for groups
LDAP_QUERY_FILTER_GROUP=
# e.g. `"(&(mailAlias=%s)(mailEnabled=TRUE))"`
# => Specify how ldap should be asked for aliases
LDAP_QUERY_FILTER_ALIAS=
# -----------------------------------------------------------------------------------------------------------------------------
# ---------------- Dovecot section --------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
# empty => no
# yes => LDAP over TLS enabled for Dovecot
DOVECOT_TLS=
# e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
DOVECOT_USER_FILTER=
# e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
DOVECOT_PASS_FILTER=
# -----------------------------------------------------------------------------------------------------------------------------
# ---------------- Postgrey section -------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
ENABLE_POSTGREY=0
# greylist for N seconds
POSTGREY_DELAY=300
# delete entries older than N days since the last time that they have been seen
POSTGREY_MAX_AGE=35
# response when a mail is greylisted
POSTGREY_TEXT=Delayed by postgrey
# -----------------------------------------------------------------------------------------------------------------------------
# ---------------- SASL section -----------------------------------------------------------------------------------------------
# -----------------------------------------------------------------------------------------------------------------------------
ENABLE_SASLAUTHD=0
# empty => pam
# `ldap` => authenticate against ldap server
# `shadow` => authenticate against local user db
# `mysql` => authenticate against mysql db
# `rimap` => authenticate against imap server
# NOTE: can be a list of mechanisms like pam ldap shadow
SASLAUTHD_MECHANISMS=
# empty => None
# e.g. with SASLAUTHD_MECHANISMS rimap you need to specify the ip-address/servername of the imap server ==> xxx.xxx.xxx.xxx
SASLAUTHD_MECH_OPTIONS=
# empty => localhost
SASLAUTHD_LDAP_SERVER=
# empty or 0 => `ldap://` will be used
# 1 => `ldaps://` will be used
SASLAUTHD_LDAP_SSL=
# empty => anonymous bind
# specify an object with priviliges to search the directory tree
# e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
# e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
SASLAUTHD_LDAP_BIND_DN=
# empty => anonymous bind
SASLAUTHD_LDAP_PASSWORD=
# empty => Reverting to SASLAUTHD_MECHANISMS pam
# specify the search base
SASLAUTHD_LDAP_SEARCH_BASE=
# empty => default filter `(&(uniqueIdentifier=%u)(mailEnabled=TRUE))`
# e.g. for active directory: `(&(sAMAccountName=%U)(objectClass=person))`
# e.g. for openldap: `(&(uid=%U)(objectClass=person))`
SASLAUTHD_LDAP_FILTER=
# empty => No sasl_passwd will be created
# string => `/etc/postfix/sasl_passwd` will be created with the string as password
SASL_PASSWD=

1
.gitignore vendored
View file

@ -1,6 +1,7 @@
.DS_Store .DS_Store
docker-compose.yml docker-compose.yml
.idea .idea
.env
test/config/empty/ test/config/empty/
test/config/without-accounts/ test/config/without-accounts/
test/config/without-virtual/ test/config/without-virtual/

267
README.md
View file

@ -50,14 +50,47 @@ Minimum:
docker pull tvial/docker-mailserver:latest docker pull tvial/docker-mailserver:latest
#### Create a `docker-compose.yml` #### Get the tools
Adapt this file with your FQDN. Install [docker-compose](https://docs.docker.com/compose/) in the version `1.6` or higher. Download the docker-compose.yml, the .env and the setup.sh files:
Your configs must be mounted in `/tmp/docker-mailserver/`. To understand how things work on boot, please have a look to [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh) curl -o setup.sh https://raw.githubusercontent.com/tomav/docker-mailserver/master/setup.sh; chmod a+x ./setup.sh
curl -o docker-compose.yml https://raw.githubusercontent.com/tomav/docker-mailserver/master/docker-compose.yml.dist
curl -o .env https://raw.githubusercontent.com/tomav/docker-mailserver/master/.env.dist
#### Create a docker-compose environment
- Edit the `.env` to your liking. Adapt this file with your FQDN.
- Install [docker-compose](https://docs.docker.com/compose/) in the version `1.6` or higher.
#### Create your mail accounts
./setup.sh email add <email> [<password>]
#### Generate DKIM keys
./setup.sh config dkim
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
#### Start the container
docker-compose up -d mail
You're done!
And don't forget to have a look at the remaining functions of the `setup.sh` script
#### For informational purposes:
Your config folder will be mounted in `/tmp/docker-mailserver/`. To understand how things work on boot, please have a look at [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh)
`restart: always` ensures that the mail server container (and ELK container when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit. `restart: always` ensures that the mail server container (and ELK container when using the mail server together with ELK stack) is automatically restarted by Docker in cases like a Docker service or host restart or container exit.
##### Examples with just the relevant environmental variables:
```yaml ```yaml
version: '2' version: '2'
@ -149,57 +182,114 @@ volumes:
driver: local driver: local
``` ```
#### Create your mail accounts # Environment variables
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
mkdir -p config
touch config/postfix-accounts.cf
docker run --rm \
-e MAIL_USER=user1@domain.tld \
-e MAIL_PASS=mypassword \
-ti tvial/docker-mailserver:latest \
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
#### Generate DKIM keys
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-config
This generates DKIM keys for domains in configuration files. You can also generate DKIM key for a domain by using command
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-domain name_of_domain
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opendkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
Note: you can also manage email accounts, DKIM keys and more with the [setup.sh convenience script](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh).
#### Start the container
docker-compose up -d mail
You're done!
## Environment variables
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh) to understand what's expected. Also if an option doesn't work as documented here, check if you are running the latest image! Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh) to understand what's expected. Also if an option doesn't work as documented here, check if you are running the latest image!
Value in **bold** is the default value. Value in **bold** is the default value.
## General
##### DMS_DEBUG ##### DMS_DEBUG
- **0** => Debug disabled - **0** => Debug disabled
- 1 => Enables debug on startup - 1 => Enables debug on startup
#### ENABLE_CLAMAV ##### ENABLE_CLAMAV
- **0** => Clamav is disabled - **0** => Clamav is disabled
- 1 => Clamav is enabled - 1 => Clamav is enabled
#### ENABLE_SPAMASSASSIN ##### ONE_DIR
- **0** => state in default directories
- 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes
##### ENABLE_POP3
- **empty** => POP3 service disabled
- 1 => Enables POP3 service
##### ENABLE_FAIL2BAN
- **0** => fail2ban service disabled
- 1 => Enables fail2ban service
If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
cap_add:
- NET_ADMIN
Otherwise, `iptables` won't be able to ban IPs.
##### SMTP_ONLY
- **empty** => all daemons start
- 1 => only launch postfix smtp
##### SSL_TYPE
- **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- manual => Let's you manually specify locations of your SSL certificates for non-standard cases
- self-signed => Enables self-signed certificates
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
##### PERMIT_DOCKER
Set different options for mynetworks option (can be overwrite in postfix-main.cf)
- **empty** => localhost only
- host => Add docker host (ipv4 only)
- network => Add all docker containers (ipv4 only)
##### VIRUSMAILS_DELETE_DELAY
Set how many days a virusmail will stay on the server before being deleted
- **empty** => 7 days
##### ENABLE_POSTFIX_VIRTUAL_TRANSPORT
This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket.
- **empty** => disabled
- 1 => enabled
##### POSTFIX_DAGENT
Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix
- **empty**: fail
- `lmtp:unix:private/dovecot-lmtp` (use socket)
- `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)
- `lmtp:<kopano-host>:2003` (use kopano as mailstore)
- etc.
##### ENABLE_MANAGESIEVE
- **empty** => Managesieve service disabled
- 1 => Enables Managesieve on port 4190
##### OVERRIDE_HOSTNAME
- **empty** => uses the `hostname` command to get the mail server's canonical hostname
- => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
##### POSTMASTER_ADDRESS
- **empty** => postmaster@domain.com
- => Specify the postmaster address
##### POSTSCREEN_ACTION
- **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.
- drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.
- ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
## Spamassassin
##### ENABLE_SPAMASSASSIN
- **0** => Spamassassin is disabled - **0** => Spamassassin is disabled
- 1 => Spamassassin is enabled - 1 => Spamassassin is enabled
@ -228,40 +318,17 @@ Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1` Note: this spamassassin setting needs `ENABLE_SPAMASSASSIN=1`
##### ONE_DIR ## Fetchmail
- **0** => state in default directories ##### ENABLE_FETCHMAIL
- 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes
##### ENABLE_POP3
- **empty** => POP3 service disabled
- 1 => Enables POP3 service
##### ENABLE_FAIL2BAN
- **0** => fail2ban service disabled
- 1 => Enables fail2ban service
If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
cap_add:
- NET_ADMIN
Otherwise, `iptables` won't be able to ban IPs.
##### ENABLE_MANAGESIEVE
- **empty** => Managesieve service disabled
- 1 => Enables Managesieve on port 4190
#### ENABLE_FETCHMAIL
- **0** => `fetchmail` disabled - **0** => `fetchmail` disabled
- 1 => `fetchmail` enabled - 1 => `fetchmail` enabled
##### FETCHMAIL_POLL ##### FETCHMAIL_POLL
- **300** => `fetchmail` The number of seconds for the interval - **300** => `fetchmail` The number of seconds for the interval
## LDAP
##### ENABLE_LDAP ##### ENABLE_LDAP
- **empty** => LDAP authentification is disabled - **empty** => LDAP authentification is disabled
@ -316,6 +383,8 @@ Otherwise, `iptables` won't be able to ban IPs.
- **empty** => no - **empty** => no
- yes => LDAP over TLS enabled for Dovecot - yes => LDAP over TLS enabled for Dovecot
## Dovecot
##### DOVECOT_USER_FILTER ##### DOVECOT_USER_FILTER
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"` - e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
@ -324,23 +393,9 @@ Otherwise, `iptables` won't be able to ban IPs.
- e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"` - e.g. `"(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))"`
##### OVERRIDE_HOSTNAME ## Postgrey
- **empty** => uses the `hostname` command to get the mail server's canonical hostname ##### ENABLE_POSTGREY
- => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
##### POSTMASTER_ADDRESS
- **empty** => postmaster@domain.com
- => Specify the postmaster address
##### POSTSCREEN_ACTION
- **enforce** => Allow other tests to complete. Reject attempts to deliver mail with a 550 SMTP reply, and log the helo/sender/recipient information. Repeat this test the next time the client connects.
- drop => Drop the connection immediately with a 521 SMTP reply. Repeat this test the next time the client connects.
- ignore => Ignore the failure of this test. Allow other tests to complete. Repeat this test the next time the client connects. This option is useful for testing and collecting statistics without blocking mail.
#### ENABLE_POSTGREY
- **0** => `postgrey` is disabled - **0** => `postgrey` is disabled
- 1 => `postgrey` is enabled - 1 => `postgrey` is enabled
@ -363,6 +418,8 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
Note: This postgrey setting needs `ENABLE_POSTGREY=1` Note: This postgrey setting needs `ENABLE_POSTGREY=1`
## SASL Auth
##### ENABLE_SASLAUTHD ##### ENABLE_SASLAUTHD
- **0** => `saslauthd` is disabled - **0** => `saslauthd` is disabled
@ -418,47 +475,3 @@ Note: This postgrey setting needs `ENABLE_POSTGREY=1`
- **empty** => No sasl_passwd will be created - **empty** => No sasl_passwd will be created
- string => `/etc/postfix/sasl_passwd` will be created with the string as password - string => `/etc/postfix/sasl_passwd` will be created with the string as password
##### SMTP_ONLY
- **empty** => all daemons start
- 1 => only launch postfix smtp
##### SSL_TYPE
- **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- manual => Let's you manually specify locations of your SSL certificates for non-standard cases
- self-signed => Enables self-signed certificates
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
##### PERMIT_DOCKER
Set different options for mynetworks option (can be overwrite in postfix-main.cf)
- **empty** => localhost only
- host => Add docker host (ipv4 only)
- network => Add all docker containers (ipv4 only)
##### VIRUSMAILS_DELETE_DELAY
Set how many days a virusmail will stay on the server before being deleted
- **empty** => 7 days
##### ENABLE_POSTFIX_VIRTUAL_TRANSPORT
This Option is activating the Usage of POSTFIX_DAGENT to specify a ltmp client different from default dovecot socket.
- **empty** => disabled
- 1 => enabled
##### POSTFIX_DAGENT
Enabled by ENABLE_POSTFIX_VIRTUAL_TRANSPORT. Specify the final delivery of postfix
- **empty**: fail
- `lmtp:unix:private/dovecot-lmtp` (use socket)
- `lmtps:inet:<host>:<port>` (secure lmtp with starttls, take a look at https://sys4.de/en/blog/2014/11/17/sicheres-lmtp-mit-starttls-in-dovecot/)
- `lmtp:<kopano-host>:2003` (use kopano as mailstore)
- etc.

View file

@ -3,9 +3,9 @@ version: '2'
services: services:
mail: mail:
image: tvial/docker-mailserver:latest image: tvial/docker-mailserver:latest
hostname: mail hostname: ${HOSTNAME}
domainname: domain.com domainname: ${DOMAINNAME}
container_name: mail container_name: ${CONTAINER_NAME}
links: links:
- elk - elk
ports: ports:
@ -17,8 +17,54 @@ services:
- maildata:/var/mail - maildata:/var/mail
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- ENABLE_FAIL2BAN=1 - DMS_DEBUG=${DMS_DEBUG}
- ENABLE_ELK_FORWARDER=1 - ENABLE_CLAMAV=${ENABLE_CLAMAV}
- ONE_DIR=${ONE_DIR}
- ENABLE_POP3=${ENABLE_POP3}
- ENABLE_FAIL2BAN=${ENABLE_FAIL2BAN}
- ENABLE_MANAGESIEVE=${ENABLE_MANAGESIEVE}
- OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
- SMTP_ONLY=${SMTP_ONLY}
- SSL_TYPE=${SSL_TYPE}
- PERMIT_DOCKER=${PERMIT_DOCKER}
- VIRUSMAILS_DELETE_DELAY=${VIRUSMAILS_DELETE_DELAY}
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${ENABLE_POSTFIX_VIRTUAL_TRANSPORT}
- POSTFIX_DAGENT=${POSTFIX_DAGENT}
- ENABLE_SPAMASSASSIN=${ENABLE_SPAMASSASSIN}
- SA_TAG=${SA_TAG}
- SA_TAG2=${SA_TAG2}
- SA_KILL=${SA_KILL}
- SA_SPAM_SUBJECT=${SA_SPAM_SUBJECT}
- ENABLE_FETCHMAIL=${ENABLE_FETCHMAIL}
- FETCHMAIL_POLL=${FETCHMAIL_POLL}
- ENABLE_LDAP=${ENABLE_LDAP}
- LDAP_START_TLS=${LDAP_START_TLS}
- LDAP_SERVER_HOST=${LDAP_SERVER_HOST}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- DOVECOT_TLS=${DOVECOT_TLS}
- DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER}
- DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER}
- ENABLE_POSTGREY=${ENABLE_POSTGREY}
- POSTGREY_DELAY=${POSTGREY_DELAY}
- POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
- POSTGREY_TEXT=${POSTGREY_TEXT}
- ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
- SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}
- SASLAUTHD_MECH_OPTIONS=${SASLAUTHD_MECH_OPTIONS}
- SASLAUTHD_LDAP_SERVER=${SASLAUTHD_LDAP_SERVER}
- SASLAUTHD_LDAP_SSL=${SASLAUTHD_LDAP_SSL}
- SASLAUTHD_LDAP_BIND_DN=${SASLAUTHD_LDAP_BIND_DN}
- SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD}
- SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASL_PASSWD=${SASL_PASSWD}
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
- SYS_PTRACE - SYS_PTRACE

View file

@ -1,11 +1,10 @@
version: '2' version: '2'
services: services:
mail: mail:
image: tvial/docker-mailserver:latest image: tvial/docker-mailserver:latest
hostname: mail hostname: ${HOSTNAME}
domainname: domain.com domainname: ${DOMAINNAME}
container_name: mail container_name: ${CONTAINER_NAME}
ports: ports:
- "25:25" - "25:25"
- "143:143" - "143:143"
@ -16,18 +15,61 @@ services:
- mailstate:/var/mail-state - mailstate:/var/mail-state
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
environment: environment:
- ENABLE_SPAMASSASSIN=1 - DMS_DEBUG=${DMS_DEBUG}
- ENABLE_CLAMAV=1 - ENABLE_CLAMAV=${ENABLE_CLAMAV}
- ENABLE_FAIL2BAN=1 - ONE_DIR=${ONE_DIR}
- ONE_DIR=1 - ENABLE_POP3=${ENABLE_POP3}
- DMS_DEBUG=0 - ENABLE_FAIL2BAN=${ENABLE_FAIL2BAN}
- ENABLE_MANAGESIEVE=${ENABLE_MANAGESIEVE}
- OVERRIDE_HOSTNAME=${OVERRIDE_HOSTNAME}
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- POSTSCREEN_ACTION=${POSTSCREEN_ACTION}
- SMTP_ONLY=${SMTP_ONLY}
- SSL_TYPE=${SSL_TYPE}
- PERMIT_DOCKER=${PERMIT_DOCKER}
- VIRUSMAILS_DELETE_DELAY=${VIRUSMAILS_DELETE_DELAY}
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=${ENABLE_POSTFIX_VIRTUAL_TRANSPORT}
- POSTFIX_DAGENT=${POSTFIX_DAGENT}
- ENABLE_SPAMASSASSIN=${ENABLE_SPAMASSASSIN}
- SA_TAG=${SA_TAG}
- SA_TAG2=${SA_TAG2}
- SA_KILL=${SA_KILL}
- SA_SPAM_SUBJECT=${SA_SPAM_SUBJECT}
- ENABLE_FETCHMAIL=${ENABLE_FETCHMAIL}
- FETCHMAIL_POLL=${FETCHMAIL_POLL}
- ENABLE_LDAP=${ENABLE_LDAP}
- LDAP_START_TLS=${LDAP_START_TLS}
- LDAP_SERVER_HOST=${LDAP_SERVER_HOST}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- DOVECOT_TLS=${DOVECOT_TLS}
- DOVECOT_USER_FILTER=${DOVECOT_USER_FILTER}
- DOVECOT_PASS_FILTER=${DOVECOT_PASS_FILTER}
- ENABLE_POSTGREY=${ENABLE_POSTGREY}
- POSTGREY_DELAY=${POSTGREY_DELAY}
- POSTGREY_MAX_AGE=${POSTGREY_MAX_AGE}
- POSTGREY_TEXT=${POSTGREY_TEXT}
- ENABLE_SASLAUTHD=${ENABLE_SASLAUTHD}
- SASLAUTHD_MECHANISMS=${SASLAUTHD_MECHANISMS}
- SASLAUTHD_MECH_OPTIONS=${SASLAUTHD_MECH_OPTIONS}
- SASLAUTHD_LDAP_SERVER=${SASLAUTHD_LDAP_SERVER}
- SASLAUTHD_LDAP_SSL=${SASLAUTHD_LDAP_SSL}
- SASLAUTHD_LDAP_BIND_DN=${SASLAUTHD_LDAP_BIND_DN}
- SASLAUTHD_LDAP_PASSWORD=${SASLAUTHD_LDAP_PASSWORD}
- SASLAUTHD_LDAP_SEARCH_BASE=${SASLAUTHD_LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASL_PASSWD=${SASL_PASSWD}
cap_add: cap_add:
- NET_ADMIN - NET_ADMIN
- SYS_PTRACE - SYS_PTRACE
restart: always restart: always
volumes: volumes:
maildata: maildata:
driver: local driver: local
mailstate: mailstate:
driver: local driver: local