Refactored documentation and Wiki

Moved docker-compose.yml.dist to version 2 with data volume container
Renamed DMS_SSL to SSL_TYPE
Refactored start-mailserver to avoid DKIM errors
This commit is contained in:
Thomas VIAL 2016-04-24 17:37:10 +02:00
parent 2b4b829067
commit 9e1c4783a8
No known key found for this signature in database
GPG key ID: 0394CEE552FAFEFC
5 changed files with 89 additions and 132 deletions

2
.gitignore vendored
View file

@ -1,6 +1,4 @@
.DS_Store .DS_Store
docker-compose.yml docker-compose.yml
postfix/ssl/*
letsencrypt/
.idea .idea
test/config/empty/ test/config/empty/

140
README.md
View file

@ -1,12 +1,12 @@
# docker-mailserver # docker-mailserver [![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)
``` ```
# #
# CURRENTLY IN BETA # CURRENTLY IN RELEASE CANDIDATE
# #
``` ```
[![Build Status](https://travis-ci.org/tomav/docker-mailserver.svg?branch=v2)](https://travis-ci.org/tomav/docker-mailserver)
A fullstack but simple mail server (smtp, imap, antispam, antivirus...). A fullstack but simple mail server (smtp, imap, antispam, antivirus...).
Only configuration files, no SQL database. Keep it simple and versioned. Only configuration files, no SQL database. Keep it simple and versioned.
@ -28,36 +28,46 @@ Includes:
Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/) Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-mail-server-with-docker/)
Before you open an issue, please have a look this `README`, the [FAQ](https://github.com/tomav/docker-mailserver/wiki/FAQ) and Postfix/Dovecot documentation. Before you open an issue, please have a look this `README`, the [Wiki](https://github.com/tomav/docker-mailserver/wiki/) and Postfix/Dovecot documentation.
## Project architecture ## Usage
├── config # User: personal configurations #### Get v2 image
├── docker-compose.yml.dist # User: 'docker-compose.yml' example
├── target # Developer: default server configurations
└── test # Developer: integration tests
## Basic usage
# get v2 image
docker pull tvial/docker-mailserver:v2 docker pull tvial/docker-mailserver:v2
# create a "docker-compose.yml" file containing: #### Create a `docker-compose.yml`
Adapt this file with your FQDN.
version: '2'
services:
mail: mail:
image: tvial/docker-mailserver:v2 image: tvial/docker-mailserver:v2
# build: .
hostname: mail hostname: mail
domainname: domain.com domainname: domain.com
# your FQDN will be 'mail.domain.com' container_name: mail
volumes:
- maildata:/var/mail
ports: ports:
- "25:v25" - "25:25"
- "143:143" - "143:143"
- "587:587" - "587:587"
- "993:993" - "993:993"
volumes: volumes:
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
- ./opendkim/:/tmp/docker-mailserver/opendkim/
volumes:
maildata:
driver: local
#### Create your mail accounts
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
# Create your first mail account
# Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
mkdir -p config mkdir -p config
docker run --rm \ docker run --rm \
-e MAIL_USER=user1@domain.tld \ -e MAIL_USER=user1@domain.tld \
@ -65,65 +75,26 @@ Before you open an issue, please have a look this `README`, the [FAQ](https://gi
-ti tvial/docker-mailserver:v2 \ -ti tvial/docker-mailserver:v2 \
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
# start the container #### Generate DKIM keys
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:v2 generate-dkim-config
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
#### Start the container
docker-compose up -d mail docker-compose up -d mail
You're done! You're done!
## Managing users and aliases
### Users
As you've seen above, users are managed in `config/postfix-accounts.cf`.
Just add the full email address and its encrypted password separated by a pipe.
Example:
user1@domain.tld|{CRAM-MD5}mypassword-cram-md5-encrypted
user2@otherdomain.tld|{CRAM-MD5}myotherpassword-cram-md5-encrypted
To generate the password you could run for example the following:
docker run --rm \
-e MAIL_USER=user1@domain.tld \
-ti tvial/docker-mailserver:v2 \
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER )"'
You will be asked for a password. Just copy all the output string in the file `config/postfix-accounts.cf`.
The `doveadm pw` command let you choose between several encryption schemes for the password.
Use doveadm pw -l to get a list of the currently supported encryption schemes.
### Aliases
Please first read [Postfix documentation on virtual aliases](http://www.postfix.org/VIRTUAL_README.html#virtual_alias).
Aliases are managed in `config/postfix-virtual.cf`.
An alias is a full email address that will be:
* delivered to an existing account in `config/postfix-accounts.cf`
* redirected to one or more other email addresses
Alias and target are space separated.
Example:
# Alias to existing account
alias1@domain.tld user1@domain.tld
# Forward to external email address
alias2@domain.tld external@gmail.com
## Environment variables ## Environment variables
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected.
Value in **bold** is the default value. Value in **bold** is the default value.
##### DMS_SSL
- **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- self-signed => Enables self-signed certificates
##### ENABLE_POP3 ##### ENABLE_POP3
- **empty** => POP3 service disabled - **empty** => POP3 service disabled
@ -163,34 +134,13 @@ Otherwise, `iptables` won't be able to ban IPs.
- **empty** => all daemons start - **empty** => all daemons start
- 1 => only launch postfix smtp - 1 => only launch postfix smtp
Please check [how the container starts](https://github.com/tomav/docker-mailserver/blob/v2/start-mailserver.sh) to understand what's expected. ##### SSL_TYPE
## OpenDKIM - **empty** => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- self-signed => Enables self-signed certificates
You have prepared your mail accounts? Now you can generate DKIM keys using the following command: Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) for more information.
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:v2 generate-dkim-config
Don't forget to mount `config/opendkim/` to `/tmp/docker-mailserver/opendkim/` in order to use it.
Now the keys are generated, you can configure your DNS server by just pasting the content of `config/opedkim/keys/domain.tld/mail.txt` in your `domain.tld.hosts` zone.
## SSL
Please read [the SSL page in the wiki](https://github.com/tomav/docker-mailserver/wiki/SSL) for more information.
## Todo
Things to do or to improve are stored on [Github](https://github.com/tomav/docker-mailserver/issues).
Feel free to improve this docker image.
## Contribute
- Fork
- Improve
- Add integration tests in `test/tests.bats`
- Build image and run tests using `make`
- Document your improvements
- Commit, push and make a pull-request

View file

@ -1 +0,0 @@
# Place you custom Spamassasin rules here

View file

@ -1,10 +1,13 @@
mail: version: '2'
services:
mail:
image: tvial/docker-mailserver:v2 image: tvial/docker-mailserver:v2
# build: .
hostname: mail hostname: mail
domainname: domain.com domainname: domain.com
volumes_from: container_name: mail
- maildata volumes:
- maildata:/var/mail
ports: ports:
- "25:25" - "25:25"
- "143:143" - "143:143"
@ -12,3 +15,12 @@ mail:
- "993:993" - "993:993"
volumes: volumes:
- ./config/:/tmp/docker-mailserver/ - ./config/:/tmp/docker-mailserver/
- ./opendkim/:/tmp/docker-mailserver/opendkim/
environment:
- ENABLE_FAIL2BAN=1
cap_add:
- NET_ADMIN
volumes:
maildata:
driver: local

View file

@ -49,7 +49,6 @@ if [ -f /tmp/docker-mailserver/postfix-accounts.cf ]; then
maildirmake.dovecot "/var/mail/${domain}/${user}/.Drafts" maildirmake.dovecot "/var/mail/${domain}/${user}/.Drafts"
echo -e "INBOX\nSent\nTrash\nDrafts" >> "/var/mail/${domain}/${user}/subscriptions" echo -e "INBOX\nSent\nTrash\nDrafts" >> "/var/mail/${domain}/${user}/subscriptions"
touch "/var/mail/${domain}/${user}/.Sent/maildirfolder" touch "/var/mail/${domain}/${user}/.Sent/maildirfolder"
fi fi
echo ${domain} >> /tmp/vhost.tmp echo ${domain} >> /tmp/vhost.tmp
done < /tmp/docker-mailserver/postfix-accounts.cf done < /tmp/docker-mailserver/postfix-accounts.cf
@ -89,16 +88,15 @@ if [ -e "/tmp/docker-mailserver/opendkim/KeyTable" ]; then
mkdir -p /etc/opendkim mkdir -p /etc/opendkim
cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/ cp -a /tmp/docker-mailserver/opendkim/* /etc/opendkim/
echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`" echo "DKIM keys added for: `ls -C /etc/opendkim/keys/`"
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
else else
echo "No DKIM key provided. Check the documentation to find how to get your keys." echo "No DKIM key provided. Check the documentation to find how to get your keys."
fi fi
echo "Changing permissions on /etc/opendkim"
# chown entire directory
chown -R opendkim:opendkim /etc/opendkim/
# And make sure permissions are right
chmod -R 0700 /etc/opendkim/keys/
# DMARC # DMARC
# if there is no AuthservID create it # if there is no AuthservID create it
if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then if [ `cat /etc/opendmarc.conf | grep -w AuthservID | wc -l` -eq 0 ]; then
@ -113,7 +111,7 @@ if [ ! -f "/etc/opendmarc/ignore.hosts" ]; then
fi fi
# SSL Configuration # SSL Configuration
case $DMS_SSL in case $SSL_TYPE in
"letsencrypt" ) "letsencrypt" )
# letsencrypt folders and files mounted in /etc/letsencrypt # letsencrypt folders and files mounted in /etc/letsencrypt
if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \ if [ -e "/etc/letsencrypt/live/$(hostname)/cert.pem" ] \
@ -225,7 +223,7 @@ SA_KILL=${SA_KILL:="6.31"} && sed -i -r 's/^\$sa_kill_level_deflt (.*);/\$sa_kil
test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/ test -e /tmp/docker-mailserver/spamassassin-rules.cf && cp /tmp/docker-mailserver/spamassassin-rules.cf /etc/spamassassin/
# Disable logrotate config for fail2ban if not enabled # Disable logrotate config for fail2ban if not enabled
test -z "$ENABLE_FAIL2BAN"&& rm -f /etc/logrotate.d/fail2ban test -z "$ENABLE_FAIL2BAN" && rm -f /etc/logrotate.d/fail2ban
# Fix cron.daily for spamassassin # Fix cron.daily for spamassassin
sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin sed -i -e 's/invoke-rc.d spamassassin reload/\/etc\/init\.d\/spamassassin reload/g' /etc/cron.daily/spamassassin