mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
Refactored documentation and Wiki
Moved docker-compose.yml.dist to version 2 with data volume container Renamed DMS_SSL to SSL_TYPE Refactored start-mailserver to avoid DKIM errors
This commit is contained in:
parent
2b4b829067
commit
9e1c4783a8
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -1,6 +1,4 @@
|
||||||
.DS_Store
|
.DS_Store
|
||||||
docker-compose.yml
|
docker-compose.yml
|
||||||
postfix/ssl/*
|
|
||||||
letsencrypt/
|
|
||||||
.idea
|
.idea
|
||||||
test/config/empty/
|
test/config/empty/
|
||||||
|
|
140
README.md
140
README.md
|
@ -1,12 +1,12 @@
|
||||||
# docker-mailserver
|
# docker-mailserver [![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)
|
||||||
|
|
||||||
|
|
||||||
```
|
```
|
||||||
#
|
#
|
||||||
# CURRENTLY IN BETA
|
# CURRENTLY IN RELEASE CANDIDATE
|
||||||
#
|
#
|
||||||
```
|
```
|
||||||
|
|
||||||
[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)
|
|
||||||
|
|
||||||
A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
|
A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
|
||||||
Only configuration files, no SQL database. Keep it simple and versioned.
|
Only configuration files, no SQL database. Keep it simple and versioned.
|
||||||
|
@ -28,36 +28,46 @@ Includes:
|
||||||
|
|
||||||
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
|
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
|
||||||
|
|
||||||
Before you open an issue, please have a look this `README`, the [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ) and Postfix/Dovecot documentation.
|
Before you open an issue, please have a look this `README`, the [Wiki](https://github.com/tomav/docker-mailserver/wiki/) and Postfix/Dovecot documentation.
|
||||||
|
|
||||||
## Project architecture
|
## Usage
|
||||||
|
|
||||||
├── config # User: personal configurations
|
#### Get v2 image
|
||||||
├── docker-compose.yml.dist # User: 'docker-compose.yml' example
|
|
||||||
├── target # Developer: default server configurations
|
|
||||||
└── test # Developer: integration tests
|
|
||||||
|
|
||||||
## Basic usage
|
|
||||||
|
|
||||||
# get v2 image
|
|
||||||
docker pull tvial/docker-mailserver:v2
|
docker pull tvial/docker-mailserver:v2
|
||||||
|
|
||||||
# create a "docker-compose.yml" file containing:
|
#### Create a `docker-compose.yml`
|
||||||
|
|
||||||
|
Adapt this file with your FQDN.
|
||||||
|
|
||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
mail:
|
mail:
|
||||||
image: tvial/docker-mailserver:v2
|
image: tvial/docker-mailserver:v2
|
||||||
|
# build: .
|
||||||
hostname: mail
|
hostname: mail
|
||||||
domainname: domain.com
|
domainname: domain.com
|
||||||
# your FQDN will be 'mail.domain.com'
|
container_name: mail
|
||||||
|
volumes:
|
||||||
|
- maildata:/var/mail
|
||||||
ports:
|
ports:
|
||||||
- "25:v25"
|
- "25:25"
|
||||||
- "143:143"
|
- "143:143"
|
||||||
- "587:587"
|
- "587:587"
|
||||||
- "993:993"
|
- "993:993"
|
||||||
volumes:
|
volumes:
|
||||||
- ./config/:/tmp/docker-mailserver/
|
- ./config/:/tmp/docker-mailserver/
|
||||||
|
- ./opendkim/:/tmp/docker-mailserver/opendkim/
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
maildata:
|
||||||
|
driver: local
|
||||||
|
|
||||||
|
#### Create your mail accounts
|
||||||
|
|
||||||
|
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
|
||||||
|
|
||||||
# Create your first mail account
|
|
||||||
# Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
|
|
||||||
mkdir -p config
|
mkdir -p config
|
||||||
docker run --rm \
|
docker run --rm \
|
||||||
-e MAIL_USER=user1@domain.tld \
|
-e MAIL_USER=user1@domain.tld \
|
||||||
|
@ -65,65 +75,26 @@ Before you open an issue, please have a look this `README`, the [FAQ](https://gi
|
||||||
-ti tvial/docker-mailserver:v2 \
|
-ti tvial/docker-mailserver:v2 \
|
||||||
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
|
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
|
||||||
|
|
||||||
# start the container
|
#### Generate DKIM keys
|
||||||
|
|
||||||
|
docker run --rm \
|
||||||
|
-v "$(pwd)/config":/tmp/docker-mailserver \
|
||||||
|
-ti tvial/docker-mailserver:v2 generate-dkim-config
|
||||||
|
|
||||||
|
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
|
||||||
|
|
||||||
|
#### Start the container
|
||||||
|
|
||||||
docker-compose up -d mail
|
docker-compose up -d mail
|
||||||
|
|
||||||
You're done!
|
You're done!
|
||||||
|
|
||||||
## Managing users and aliases
|
|
||||||
|
|
||||||
### Users
|
|
||||||
|
|
||||||
As you've seen above, users are managed in `config/postfix-accounts.cf`.
|
|
||||||
Just add the full email address and its encrypted password separated by a pipe.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
user1@domain.tld|{CRAM-MD5}mypassword-cram-md5-encrypted
|
|
||||||
user2@otherdomain.tld|{CRAM-MD5}myotherpassword-cram-md5-encrypted
|
|
||||||
|
|
||||||
To generate the password you could run for example the following:
|
|
||||||
|
|
||||||
docker run --rm \
|
|
||||||
-e MAIL_USER=user1@domain.tld \
|
|
||||||
-ti tvial/docker-mailserver:v2 \
|
|
||||||
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER )"'
|
|
||||||
|
|
||||||
You will be asked for a password. Just copy all the output string in the file `config/postfix-accounts.cf`.
|
|
||||||
|
|
||||||
The `doveadm pw` command let you choose between several encryption schemes for the password.
|
|
||||||
Use doveadm pw -l to get a list of the currently supported encryption schemes.
|
|
||||||
|
|
||||||
### Aliases
|
|
||||||
|
|
||||||
Please first read [Postfix documentation on virtual aliases](http://www.postfix.org/VIRTUAL_README.html#virtual_alias).
|
|
||||||
|
|
||||||
Aliases are managed in `config/postfix-virtual.cf`.
|
|
||||||
An alias is a full email address that will be:
|
|
||||||
* delivered to an existing account in `config/postfix-accounts.cf`
|
|
||||||
* redirected to one or more other email addresses
|
|
||||||
|
|
||||||
Alias and target are space separated.
|
|
||||||
|
|
||||||
Example:
|
|
||||||
|
|
||||||
# Alias to existing account
|
|
||||||
alias1@domain.tld user1@domain.tld
|
|
||||||
|
|
||||||
# Forward to external email address
|
|
||||||
alias2@domain.tld external@gmail.com
|
|
||||||
|
|
||||||
## Environment variables
|
## Environment variables
|
||||||
|
|
||||||
|
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
|
||||||
|
|
||||||
Value in **bold** is the default value.
|
Value in **bold** is the default value.
|
||||||
|
|
||||||
##### DMS_SSL
|
|
||||||
|
|
||||||
- **empty** => SSL disabled
|
|
||||||
- letsencrypt => Enables Let's Encrypt certificates
|
|
||||||
- custom => Enables custom certificates
|
|
||||||
- self-signed => Enables self-signed certificates
|
|
||||||
|
|
||||||
##### ENABLE_POP3
|
##### ENABLE_POP3
|
||||||
|
|
||||||
- **empty** => POP3 service disabled
|
- **empty** => POP3 service disabled
|
||||||
|
@ -163,34 +134,13 @@ Otherwise, `iptables` won't be able to ban IPs.
|
||||||
- **empty** => all daemons start
|
- **empty** => all daemons start
|
||||||
- 1 => only launch postfix smtp
|
- 1 => only launch postfix smtp
|
||||||
|
|
||||||
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
|
##### SSL_TYPE
|
||||||
|
|
||||||
## OpenDKIM
|
- **empty** => SSL disabled
|
||||||
|
- letsencrypt => Enables Let's Encrypt certificates
|
||||||
|
- custom => Enables custom certificates
|
||||||
|
- self-signed => Enables self-signed certificates
|
||||||
|
|
||||||
You have prepared your mail accounts? Now you can generate DKIM keys using the following command:
|
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
|
||||||
|
|
||||||
docker run --rm \
|
|
||||||
-v "$(pwd)/config":/tmp/docker-mailserver \
|
|
||||||
-ti tvial/docker-mailserver:v2 generate-dkim-config
|
|
||||||
|
|
||||||
Don't forget to mount `config/opendkim/` to `/tmp/docker-mailserver/opendkim/` in order to use it.
|
|
||||||
|
|
||||||
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
|
|
||||||
|
|
||||||
## SSL
|
|
||||||
|
|
||||||
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.
|
|
||||||
|
|
||||||
## Todo
|
|
||||||
|
|
||||||
Things to do or to improve are stored on [Github](https://github.com/tomav/docker-mailserver/issues).
|
|
||||||
Feel free to improve this docker image.
|
|
||||||
|
|
||||||
## Contribute
|
|
||||||
|
|
||||||
- Fork
|
|
||||||
- Improve
|
|
||||||
- Add integration tests in `test/tests.bats`
|
|
||||||
- Build image and run tests using `make`
|
|
||||||
- Document your improvements
|
|
||||||
- Commit, push and make a pull-request
|
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
# Place you custom Spamassasin rules here
|
|
|
@ -1,10 +1,13 @@
|
||||||
mail:
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
mail:
|
||||||
image: tvial/docker-mailserver:v2
|
image: tvial/docker-mailserver:v2
|
||||||
# build: .
|
|
||||||
hostname: mail
|
hostname: mail
|
||||||
domainname: domain.com
|
domainname: domain.com
|
||||||
volumes_from:
|
container_name: mail
|
||||||
- maildata
|
volumes:
|
||||||
|
- maildata:/var/mail
|
||||||
ports:
|
ports:
|
||||||
- "25:25"
|
- "25:25"
|
||||||
- "143:143"
|
- "143:143"
|
||||||
|
@ -12,3 +15,12 @@ mail:
|
||||||
- "993:993"
|
- "993:993"
|
||||||
volumes:
|
volumes:
|
||||||
- ./config/:/tmp/docker-mailserver/
|
- ./config/:/tmp/docker-mailserver/
|
||||||
|
- ./opendkim/:/tmp/docker-mailserver/opendkim/
|
||||||
|
environment:
|
||||||
|
- ENABLE_FAIL2BAN=1
|
||||||
|
cap_add:
|
||||||
|
- NET_ADMIN
|
||||||
|
|
||||||
|
volumes:
|
||||||
|
maildata:
|
||||||
|
driver: local
|
||||||
|
|
|
@ -49,7 +49,6 @@ if [ -f /tmp/docker-mailserver/postfix-accounts.cf ]; then
|
||||||
maildirmake.dovecot "/var/mail/${domain}/${user}/.Drafts"
|
maildirmake.dovecot "/var/mail/${domain}/${user}/.Drafts"
|
||||||
echo -e "INBOX\nSent\nTrash\nDrafts" >> "/var/mail/${domain}/${user}/subscriptions"
|
echo -e "INBOX\nSent\nTrash\nDrafts" >> "/var/mail/${domain}/${user}/subscriptions"
|
||||||
touch "/var/mail/${domain}/${user}/.Sent/maildirfolder"
|
touch "/var/mail/${domain}/${user}/.Sent/maildirfolder"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
echo ${domain} >> /tmp/vhost.tmp
|
echo ${domain} >> /tmp/vhost.tmp
|
||||||
done < /tmp/docker-mailserver/postfix-accounts.cf
|
done < /tmp/docker-mailserver/postfix-accounts.cf
|
||||||
|
@ -89,16 +88,15 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
|
||||||
mkdir -p /etc/opendkim
|
mkdir -p /etc/opendkim
|
||||||
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
|
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
|
||||||
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
|
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
|
||||||
|
echo "Changing permissions on /etc/opendkim"
|
||||||
|
# chown entire directory
|
||||||
|
chown -R opendkim:opendkim /etc/opendkim/
|
||||||
|
# And make sure permissions are right
|
||||||
|
chmod -R 0700 /etc/opendkim/keys/
|
||||||
else
|
else
|
||||||
echo "No DKIM key provided. Check the documentation to find how to get your keys."
|
echo "No DKIM key provided. Check the documentation to find how to get your keys."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Changing permissions on /etc/opendkim"
|
|
||||||
# chown entire directory
|
|
||||||
chown -R opendkim:opendkim /etc/opendkim/
|
|
||||||
# And make sure permissions are right
|
|
||||||
chmod -R 0700 /etc/opendkim/keys/
|
|
||||||
|
|
||||||
# DMARC
|
# DMARC
|
||||||
# if there is no AuthservID create it
|
# if there is no AuthservID create it
|
||||||
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
|
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
|
||||||
|
@ -113,7 +111,7 @@ if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# SSL Configuration
|
# SSL Configuration
|
||||||
case $DMS_SSL in
|
case $SSL_TYPE in
|
||||||
"letsencrypt" )
|
"letsencrypt" )
|
||||||
# letsencrypt folders and files mounted in /etc/letsencrypt
|
# letsencrypt folders and files mounted in /etc/letsencrypt
|
||||||
if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \
|
if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \
|
||||||
|
@ -225,7 +223,7 @@ SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kil
|
||||||
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
|
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
|
||||||
|
|
||||||
# Disable logrotate config for fail2ban if not enabled
|
# Disable logrotate config for fail2ban if not enabled
|
||||||
test -z "$ENABLE_FAIL2BAN"&& rm -f /etc/logrotate.d/fail2ban
|
test -z "$ENABLE_FAIL2BAN" && rm -f /etc/logrotate.d/fail2ban
|
||||||
# Fix cron.daily for spamassassin
|
# Fix cron.daily for spamassassin
|
||||||
sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin
|
sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue