github-com-docker-mailserver/docker-mailserver

mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2024-01-19 02:48:50 +00:00

Mirror of https://github.com/docker-mailserver/docker-mailserver

amavis antispam antivirus docker docker-mailserver dovecot fail2ban imap ldap letsencrypt mail mailserver opendkim opendmarc postfix postgrey saslauthd-ldap smtp spamassassin ssl

Go to file

Thomas VIAL 070285d305 Merge pull request #155 from tomav/moving-fail2ban-to-0.9.x Moved Fail2ban to 0.9.x because OS version was buggy		2016-04-23 21:06:46 +02:00
config	Changed documentation for #109	2016-04-20 10:15:51 +02:00
target	- Fixed #152	2016-04-23 12:09:28 +02:00
test	- Fixed #152	2016-04-23 12:09:28 +02:00
.gitignore	Changed Dockerfile to reduce image size on #109	2016-04-21 18:04:33 +02:00
.travis.yml	Added new line when needed and fixed a test	2015-10-18 21:30:53 +02:00
docker-compose.yml.dist	Changed documentation for #109	2016-04-20 10:15:51 +02:00
Dockerfile	Kept @00angus filter file for dovecot	2016-04-23 20:20:25 +02:00
LICENSE	Renamed	2016-04-12 09:43:13 +02:00
Makefile	- Fixed #152	2016-04-23 12:09:28 +02:00
README.md	- Fixed #152	2016-04-23 12:09:28 +02:00

README.md

docker-mailserver

#
# CURRENTLY IN BETA
#

A fullstack but simple mail server (smtp, imap, antispam, antivirus...). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade.

Includes:

postfix with smtp auth
dovecot for sasl, imap (and optional pop3) with ssl support
amavis
spamassasin supporting custom rules
clamav with automatic updates
opendkim
opendmarc
fail2ban
LetsEncrypt and self-signed certificates
integration tests
automated builds on docker hub

Why I created this image: Simple mail server with Docker

Before you open an issue, please have a look this README, the FAQ and Postfix/Dovecot documentation.

Project architecture

├── config                    # User: personal configurations
├── docker-compose.yml.dist   # User: 'docker-compose.yml' example
├── target                    # Developer: default server configurations
└── test                      # Developer: integration tests

Basic usage

# get v2 image
docker pull tvial/docker-mailserver:v2

# create a "docker-compose.yml" file containing:
mail:
  image: tvial/docker-mailserver:v2
  hostname: mail
  domainname: domain.com
  # your FQDN will be 'mail.domain.com'
  ports:
  - "25:v25"
  - "143:143"
  - "587:587"
  - "993:993"
  volumes:
  - ./config/:/tmp/docker-mailserver/

# Create your first mail account
# Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
mkdir -p config
docker run --rm \
  -e MAIL_USER=user1@domain.tld \
  -e MAIL_PASS=mypassword \
  -ti tvial/docker-mailserver:v2 \
  /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf

# start the container
docker-compose up -d mail

You're done!

Managing users and aliases

Users

As you've seen above, users are managed in config/postfix-accounts.cf. Just add the full email address and its encrypted password separated by a pipe.

Example:

user1@domain.tld|{CRAM-MD5}mypassword-cram-md5-encrypted
user2@otherdomain.tld|{CRAM-MD5}myotherpassword-cram-md5-encrypted

To generate the password you could run for example the following:

docker run --rm \
  -e MAIL_USER=user1@domain.tld \
  -ti tvial/docker-mailserver:v2 \
  /bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s CRAM-MD5 -u $MAIL_USER )"'

You will be asked for a password. Just copy all the output string in the file config/postfix-accounts.cf.

The `doveadm pw` command let you choose between several encryption schemes for the password.
Use doveadm pw -l to get a list of the currently supported encryption schemes.

Aliases

Please first read Postfix documentation on virtual aliases.

Aliases are managed in config/postfix-virtual.cf. An alias is a full email address that will be:

delivered to an existing account in config/postfix-accounts.cf
redirected to one or more other email addresses

Alias and target are space separated.

Example:

# Alias to existing account
alias1@domain.tld user1@domain.tld

# Forward to external email address
alias2@domain.tld external@gmail.com

Environment variables

Value in bold is the default value.

DMS_SSL

empty => SSL disabled
letsencrypt => Enables Let's Encrypt certificates
custom => Enables custom certificates
self-signed => Enables self-signed certificates

ENABLE_POP3

empty => POP3 service disabled
1 => Enables POP3 service

ENABLE_FAIL2BAN

empty => fail2ban service disabled
1 => Enables fail2ban service

If you enable Fail2Ban, don't forget to add the following lines to your docker-compose.yml:

cap_add:
  - NET_ADMIN

Otherwise, iptables won't be able to ban IPs.

SA_TAG

2.0 => add spam info headers if at, or above that level

SA_TAG2

6.31 => add 'spam detected' headers at that level

SA_KILL

6.31 => triggers spam evasive actions

SASL_PASSWD

empty => No sasl_passwd will be created
string => /etc/postfix/sasl_passwd will be created with the string as password

SMTP_ONLY

empty => all daemons start
1 => only launch postfix smtp

Please check how the container starts to understand what's expected.

OpenDKIM

You have prepared your mail accounts? Now you can generate DKIM keys using the following command:

docker run --rm \
  -v "$(pwd)/config":/tmp/docker-mailserver \
  -ti tvial/docker-mailserver:v2 generate-dkim-config

Don't forget to mount config/opendkim/ to /tmp/docker-mailserver/opendkim/ in order to use it.

Now the keys are generated, you can configure your DNS server by just pasting the content of config/opedkim/keys/domain.tld/mail.txt in your domain.tld.hosts zone.

SSL

Please read the SSL page in the wiki for more information.

Todo

Things to do or to improve are stored on Github. Feel free to improve this docker image.

Contribute

Fork
Improve
Add integration tests in test/tests.bats
Build image and run tests using make
Document your improvements
Commit, push and make a pull-request