Refactored documentation and Wiki

Moved docker-compose.yml.dist to version 2 with data volume container
Renamed DMS_SSL to SSL_TYPE
Refactored start-mailserver to avoid DKIM errors
This commit is contained in:
Thomas VIAL 2016-04-24 17:37:10 +02:00
parent 2b4b829067
commit 9e1c4783a8
No known key found for this signature in database
GPG key ID: 0394CEE552FAFEFC
5 changed files with 89 additions and 132 deletions

2
.gitignore vendored
View file

@ -1,6 +1,4 @@
.DS_Store
docker-compose.yml
postfix/ssl/*
letsencrypt/
.idea
test/config/empty/

162
README.md
View file

@ -1,12 +1,12 @@
# docker-mailserver
# docker-mailserver [![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)
```
#
# CURRENTLY IN BETA
# CURRENTLY IN RELEASE CANDIDATE
#
```
[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)
A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
Only configuration files, no SQL database. Keep it simple and versioned.
@ -28,36 +28,46 @@ Includes:
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
Before you open an issue, please have a look this `README`, the [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ) and Postfix/Dovecot documentation.
Before you open an issue, please have a look this `README`, the [Wiki](https://github.com/tomav/docker-mailserver/wiki/) and Postfix/Dovecot documentation.
## Project architecture
## Usage
├── config # User: personal configurations
├── docker-compose.yml.dist # User: 'docker-compose.yml' example
├── target # Developer: default server configurations
└── test # Developer: integration tests
## Basic usage
# get v2 image
#### Get v2 image
docker pull tvial/docker-mailserver:v2
# create a "docker-compose.yml" file containing:
mail:
image: tvial/docker-mailserver:v2
hostname: mail
domainname: domain.com
# your FQDN will be 'mail.domain.com'
ports:
- "25:v25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ./config/:/tmp/docker-mailserver/
#### Create a `docker-compose.yml`
Adapt this file with your FQDN.
version: '2'
services:
mail:
image: tvial/docker-mailserver:v2
# build: .
hostname: mail
domainname: domain.com
container_name: mail
volumes:
- maildata:/var/mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ./config/:/tmp/docker-mailserver/
- ./opendkim/:/tmp/docker-mailserver/opendkim/
volumes:
maildata:
driver: local
#### Create your mail accounts
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
# Create your first mail account
# Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
mkdir -p config
docker run --rm \
-e MAIL_USER=user1@domain.tld \
@ -65,65 +75,26 @@ Before you open an issue, please have a look this `README`, the [FAQ](https://gi
-ti tvial/docker-mailserver:v2 \
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
# start the container
#### Generate DKIM keys
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:v2 generate-dkim-config
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
#### Start the container
docker-compose up -d mail
You're done!
## Managing users and aliases
### Users
As you've seen above, users are managed in `config/postfix-accounts.cf`.
Just add the full email address and its encrypted password separated by a pipe.
Example:
user1@domain.tld|{CRAM-MD5}mypassword-cram-md5-encrypted
user2@otherdomain.tld|{CRAM-MD5}myotherpassword-cram-md5-encrypted
To generate the password you could run for example the following:
docker run --rm \
-e MAIL_USER=user1@domain.tld \
-ti tvial/docker-mailserver:v2 \
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER )"'
You will be asked for a password. Just copy all the output string in the file `config/postfix-accounts.cf`.
The `doveadm pw` command let you choose between several encryption schemes for the password.
Use doveadm pw -l to get a list of the currently supported encryption schemes.
### Aliases
Please first read [Postfix documentation on virtual aliases](http://www.postfix.org/VIRTUAL_README.html#virtual_alias).
Aliases are managed in `config/postfix-virtual.cf`.
An alias is a full email address that will be:
* delivered to an existing account in `config/postfix-accounts.cf`
* redirected to one or more other email addresses
Alias and target are space separated.
Example:
# Alias to existing account
alias1@domain.tld user1@domain.tld
# Forward to external email address
alias2@domain.tld external@gmail.com
## Environment variables
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
Value in **bold** is the default value.
##### DMS_SSL
- **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- self-signed => Enables self-signed certificates
##### ENABLE_POP3
- **empty** => POP3 service disabled
@ -163,34 +134,13 @@ Otherwise, `iptables` won't be able to ban IPs.
- **empty** => all daemons start
- 1 => only launch postfix smtp
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
##### SSL_TYPE
## OpenDKIM
- **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- self-signed => Enables self-signed certificates
You have prepared your mail accounts? Now you can generate DKIM keys using the following command:
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:v2 generate-dkim-config
Don't forget to mount `config/opendkim/` to `/tmp/docker-mailserver/opendkim/` in order to use it.
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
## SSL
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.
## Todo
Things to do or to improve are stored on [Github](https://github.com/tomav/docker-mailserver/issues).
Feel free to improve this docker image.
## Contribute
- Fork
- Improve
- Add integration tests in `test/tests.bats`
- Build image and run tests using `make`
- Document your improvements
- Commit, push and make a pull-request

View file

@ -1 +0,0 @@
# Place you custom Spamassasin rules here

View file

@ -1,14 +1,26 @@
mail:
image: tvial/docker-mailserver:v2
# build: .
hostname: mail
domainname: domain.com
volumes_from:
- maildata
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ./config/:/tmp/docker-mailserver/
version: '2'
services:
mail:
image: tvial/docker-mailserver:v2
hostname: mail
domainname: domain.com
container_name: mail
volumes:
- maildata:/var/mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- ./config/:/tmp/docker-mailserver/
- ./opendkim/:/tmp/docker-mailserver/opendkim/
environment:
- ENABLE_FAIL2BAN=1
cap_add:
- NET_ADMIN
volumes:
maildata:
driver: local

View file

@ -49,7 +49,6 @@ if [ -f /tmp/docker-mailserver/postfix-accounts.cf ]; then
maildirmake.dovecot "/var/mail/${domain}/${user}/.Drafts"
echo -e "INBOX\nSent\nTrash\nDrafts" >> "/var/mail/${domain}/${user}/subscriptions"
touch "/var/mail/${domain}/${user}/.Sent/maildirfolder"
fi
echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-accounts.cf
@ -89,16 +88,15 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
else
echo "No DKIM key provided. Check the documentation to find how to get your keys."
fi
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
# DMARC
# if there is no AuthservID create it
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
@ -113,7 +111,7 @@ if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
fi
# SSL Configuration
case $DMS_SSL in
case $SSL_TYPE in
"letsencrypt" )
# letsencrypt folders and files mounted in /etc/letsencrypt
if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \
@ -225,7 +223,7 @@ SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kil
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
# Disable logrotate config for fail2ban if not enabled
test -z "$ENABLE_FAIL2BAN"&& rm -f /etc/logrotate.d/fail2ban
test -z "$ENABLE_FAIL2BAN" && rm -f /etc/logrotate.d/fail2ban
# Fix cron.daily for spamassassin
sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin