3.9 KiB
docker-mailserver
A fullstack but simple mail server (smtp, imap, antispam, antivirus...). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade.
Includes:
- postfix with smtp auth
- dovecot for sasl, imap (and optional pop3) with ssl support
- amavis
- spamassasin supporting custom rules
- clamav with automatic updates
- opendkim
- opendmarc
- fail2ban
- basic sieve support using dovecot
- LetsEncrypt and self-signed certificates
- integration tests
- automated builds on docker hub
Why I created this image: Simple mail server with Docker
Before you open an issue, please have a look this README
, the Wiki and Postfix/Dovecot documentation.
Usage
Get latest image
docker pull tvial/docker-mailserver:latest
Create a docker-compose.yml
Adapt this file with your FQDN.
version: '2'
services:
mail:
image: tvial/docker-mailserver:latest
# build: .
hostname: mail
domainname: domain.com
container_name: mail
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- ./config/:/tmp/docker-mailserver/
volumes:
maildata:
driver: local
Create your mail accounts
Don't forget to adapt MAIL_USER and MAIL_PASS to your needs
mkdir -p config
docker run --rm \
-e MAIL_USER=user1@domain.tld \
-e MAIL_PASS=mypassword \
-ti tvial/docker-mailserver:latest \
/bin/sh -c 'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"' >> config/postfix-accounts.cf
Generate DKIM keys
docker run --rm \
-v "$(pwd)/config":/tmp/docker-mailserver \
-ti tvial/docker-mailserver:latest generate-dkim-config
Now the keys are generated, you can configure your DNS server by just pasting the content of config/opedkim/keys/domain.tld/mail.txt
in your domain.tld.hosts
zone.
Start the container
docker-compose up -d mail
You're done!
Environment variables
Please check how the container starts to understand what's expected.
Value in bold is the default value.
ENABLE_POP3
- empty => POP3 service disabled
- 1 => Enables POP3 service
ENABLE_FAIL2BAN
- empty => fail2ban service disabled
- 1 => Enables fail2ban service
If you enable Fail2Ban, don't forget to add the following lines to your docker-compose.yml
:
cap_add:
- NET_ADMIN
Otherwise, iptables
won't be able to ban IPs.
ENABLE_MANAGESIEVE
- empty => Managesieve service disabled
- 1 => Enables Managesieve on port 4190
SA_TAG
- 2.0 => add spam info headers if at, or above that level
SA_TAG2
- 6.31 => add 'spam detected' headers at that level
SA_KILL
- 6.31 => triggers spam evasive actions
SASL_PASSWD
- empty => No sasl_passwd will be created
- string =>
/etc/postfix/sasl_passwd
will be created with the string as password
SMTP_ONLY
- empty => all daemons start
- 1 => only launch postfix smtp
SSL_TYPE
- empty => SSL disabled
- letsencrypt => Enables Let's Encrypt certificates
- custom => Enables custom certificates
- self-signed => Enables self-signed certificates
Please read the SSL page in the wiki for more information.