mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2024-01-19 02:48:50 +00:00
2014 lines
78 KiB
HTML
2014 lines
78 KiB
HTML
|
|
<!doctype html>
|
|
<html lang="en" class="no-js">
|
|
<head>
|
|
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
|
|
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
|
|
|
|
|
|
|
<meta name="author" content="docker-mailserver (Github Organization)">
|
|
|
|
|
|
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/">
|
|
|
|
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
|
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.4">
|
|
|
|
|
|
|
|
<title>Advanced | Kubernetes - Docker Mailserver</title>
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../../../assets/stylesheets/main.f7f47774.min.css">
|
|
|
|
|
|
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback">
|
|
<style>:root{--md-text-font-family:"Roboto";--md-code-font-family:"Roboto Mono"}</style>
|
|
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../../../assets/css/customizations.css">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</head>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
|
|
|
|
|
|
<script>function __prefix(e){return new URL("../../..",location).pathname+"."+e}function __get(e,t=localStorage){return JSON.parse(t.getItem(__prefix(e)))}</script>
|
|
|
|
<script>var palette=__get("__palette");if(null!==palette&&"object"==typeof palette.color)for(var key in palette.color)document.body.setAttribute("data-md-color-"+key,palette.color[key])</script>
|
|
|
|
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
|
|
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
|
<label class="md-overlay" for="__drawer"></label>
|
|
<div data-md-component="skip">
|
|
|
|
|
|
<a href="#introduction" class="md-skip">
|
|
Skip to content
|
|
</a>
|
|
|
|
</div>
|
|
<div data-md-component="announce">
|
|
|
|
</div>
|
|
|
|
<header class="md-header" data-md-component="header">
|
|
<nav class="md-header__inner md-grid" aria-label="Header">
|
|
<a href="../../.." title="Docker Mailserver" class="md-header__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">
|
|
|
|
<img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">
|
|
|
|
</a>
|
|
<label class="md-header__button md-icon" for="__drawer">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg>
|
|
</label>
|
|
<div class="md-header__title" data-md-component="header-title">
|
|
<div class="md-header__ellipsis">
|
|
<div class="md-header__topic">
|
|
<span class="md-ellipsis">
|
|
Docker Mailserver
|
|
</span>
|
|
</div>
|
|
<div class="md-header__topic" data-md-component="header-topic">
|
|
<span class="md-ellipsis">
|
|
|
|
Advanced | Kubernetes
|
|
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<form class="md-header__option" data-md-component="palette">
|
|
|
|
|
|
|
|
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_1">
|
|
|
|
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_2" hidden>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3 3.19.09m3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95 2.06.05m-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31z"/></svg>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_2">
|
|
|
|
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_1" hidden>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5c-.84 0-1.65.15-2.39.42L12 2M3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29L3.34 7m.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14L3.36 17M20.65 7l-1.77 3.79a7.023 7.023 0 0 0-2.38-4.15l4.15.36m-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29L20.64 17M12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44L12 22z"/></svg>
|
|
</label>
|
|
|
|
|
|
</form>
|
|
|
|
|
|
|
|
<label class="md-header__button md-icon" for="__search">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
|
|
</label>
|
|
|
|
<div class="md-search" data-md-component="search" role="dialog">
|
|
<label class="md-search__overlay" for="__search"></label>
|
|
<div class="md-search__inner" role="search">
|
|
<form class="md-search__form" name="search">
|
|
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
|
|
<label class="md-search__icon md-icon" for="__search">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
|
|
</label>
|
|
<nav class="md-search__options" aria-label="Search">
|
|
|
|
<button type="reset" class="md-search__icon md-icon" aria-label="Clear" tabindex="-1">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg>
|
|
</button>
|
|
</nav>
|
|
|
|
</form>
|
|
<div class="md-search__output">
|
|
<div class="md-search__scrollwrap" data-md-scrollfix>
|
|
<div class="md-search-result" data-md-component="search-result">
|
|
<div class="md-search-result__meta">
|
|
Initializing search
|
|
</div>
|
|
<ol class="md-search-result__list"></ol>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="md-header__source">
|
|
|
|
<a href="https://github.com/docker-mailserver/docker-mailserver/" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
docker-mailserver
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
</nav>
|
|
</header>
|
|
|
|
<div class="md-container" data-md-component="container">
|
|
|
|
|
|
|
|
|
|
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
|
|
<div class="md-tabs__inner md-grid">
|
|
<ul class="md-tabs__list">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="../../.." class="md-tabs__link">
|
|
Home
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="../../../introduction/" class="md-tabs__link">
|
|
Introduction
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="../../setup.sh/" class="md-tabs__link md-tabs__link--active">
|
|
Configuration
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="../../../examples/tutorials/basic-installation/" class="md-tabs__link">
|
|
Examples
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="../../../faq/" class="md-tabs__link">
|
|
FAQ
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="../../../contributing/issues-and-pull-requests/" class="md-tabs__link">
|
|
Contributing
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="https://hub.docker.com/repository/docker/mailserver/docker-mailserver" class="md-tabs__link">
|
|
DockerHub
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-tabs__item">
|
|
<a href="https://github.com/orgs/docker-mailserver/packages/container/package/docker-mailserver" class="md-tabs__link">
|
|
GHCR
|
|
</a>
|
|
</li>
|
|
|
|
|
|
</ul>
|
|
</div>
|
|
</nav>
|
|
|
|
|
|
<main class="md-main" data-md-component="main">
|
|
<div class="md-main__inner md-grid">
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
|
|
<label class="md-nav__title" for="__drawer">
|
|
<a href="../../.." title="Docker Mailserver" class="md-nav__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">
|
|
|
|
<img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">
|
|
|
|
</a>
|
|
Docker Mailserver
|
|
</label>
|
|
|
|
<div class="md-nav__source">
|
|
|
|
<a href="https://github.com/docker-mailserver/docker-mailserver/" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6zm-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3zm44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9zM244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8zM97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1zm-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7zm32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1zm-11.4-14.7c-1.6 1-1.6 3.6 0 5.9 1.6 2.3 4.3 3.3 5.6 2.3 1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2z"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
docker-mailserver
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../.." class="md-nav__link">
|
|
Home
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../introduction/" class="md-nav__link">
|
|
Introduction
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3" type="checkbox" id="__nav_3" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3">
|
|
Configuration
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Configuration" data-md-level="1">
|
|
<label class="md-nav__title" for="__nav_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Configuration
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../setup.sh/" class="md-nav__link">
|
|
Your Best Friend setup.sh
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../environment/" class="md-nav__link">
|
|
Environment Variables
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_3" data-md-state="indeterminate" type="checkbox" id="__nav_3_3" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_3">
|
|
User Management
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="User Management" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_3_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
User Management
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../user-management/accounts/" class="md-nav__link">
|
|
Accounts
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../user-management/aliases/" class="md-nav__link">
|
|
Aliases
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_4" data-md-state="indeterminate" type="checkbox" id="__nav_3_4" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_4">
|
|
Best Practices
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Best Practices" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_3_4">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Best Practices
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../best-practices/dkim/" class="md-nav__link">
|
|
DKIM
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../best-practices/dmarc/" class="md-nav__link">
|
|
DMARC
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../best-practices/spf/" class="md-nav__link">
|
|
SPF
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../best-practices/autodiscover/" class="md-nav__link">
|
|
Auto-discovery
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_5" data-md-state="indeterminate" type="checkbox" id="__nav_3_5" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_5">
|
|
Security
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Security" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_3_5">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Security
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../security/understanding-the-ports/" class="md-nav__link">
|
|
Understanding the Ports
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../security/ssl/" class="md-nav__link">
|
|
SSL/TLS
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../security/fail2ban/" class="md-nav__link">
|
|
Fail2Ban
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../security/mail_crypt/" class="md-nav__link">
|
|
Mail Encryption
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_6" data-md-state="indeterminate" type="checkbox" id="__nav_3_6" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_6">
|
|
Troubleshooting
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Troubleshooting" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_3_6">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Troubleshooting
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../troubleshooting/debugging/" class="md-nav__link">
|
|
Debugging
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../pop3/" class="md-nav__link">
|
|
Mail Delivery with POP3
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_8" type="checkbox" id="__nav_3_8" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_8">
|
|
Advanced Configuration
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Advanced Configuration" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_3_8">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Advanced Configuration
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../optional-config/" class="md-nav__link">
|
|
Optional Configuration
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_8_2" data-md-state="indeterminate" type="checkbox" id="__nav_3_8_2" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_8_2">
|
|
Maintenance
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Maintenance" data-md-level="3">
|
|
<label class="md-nav__title" for="__nav_3_8_2">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Maintenance
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../maintenance/update-and-cleanup/" class="md-nav__link">
|
|
Update and Cleanup
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_8_3" data-md-state="indeterminate" type="checkbox" id="__nav_3_8_3" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_8_3">
|
|
Override the Default Configs
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Override the Default Configs" data-md-level="3">
|
|
<label class="md-nav__title" for="__nav_3_8_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Override the Default Configs
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../override-defaults/dovecot/" class="md-nav__link">
|
|
Dovecot
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../override-defaults/postfix/" class="md-nav__link">
|
|
Postfix
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../override-defaults/user-patches/" class="md-nav__link">
|
|
Modifications via Script
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../auth-ldap/" class="md-nav__link">
|
|
LDAP Authentication
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../mail-sieve/" class="md-nav__link">
|
|
Email Filtering with Sieve
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../mail-fetchmail/" class="md-nav__link">
|
|
Email Gathering with Fetchmail
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_3_8_7" data-md-state="indeterminate" type="checkbox" id="__nav_3_8_7" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_3_8_7">
|
|
Email Forwarding
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Email Forwarding" data-md-level="3">
|
|
<label class="md-nav__title" for="__nav_3_8_7">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Email Forwarding
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../mail-forwarding/relay-hosts/" class="md-nav__link">
|
|
Relay Hosts
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../mail-forwarding/aws-ses/" class="md-nav__link">
|
|
AWS SES
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../full-text-search/" class="md-nav__link">
|
|
Full-Text Search
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active">
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="toc" type="checkbox" id="__toc">
|
|
|
|
|
|
|
|
<label class="md-nav__link md-nav__link--active" for="__toc">
|
|
Kubernetes
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<a href="./" class="md-nav__link md-nav__link--active">
|
|
Kubernetes
|
|
</a>
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#introduction" class="md-nav__link">
|
|
Introduction
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#manifests" class="md-nav__link">
|
|
Manifests
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Manifests">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configuration" class="md-nav__link">
|
|
Configuration
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#persistence" class="md-nav__link">
|
|
Persistence
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#service" class="md-nav__link">
|
|
Service
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#deployments" class="md-nav__link">
|
|
Deployments
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#sensitive-data" class="md-nav__link">
|
|
Sensitive Data
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#exposing-your-mailserver-to-the-outside-world" class="md-nav__link">
|
|
Exposing your Mailserver to the Outside World
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Exposing your Mailserver to the Outside World">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#external-ips-service" class="md-nav__link">
|
|
External IPs Service
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#proxy-port-to-service" class="md-nav__link">
|
|
Proxy port to Service
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#bind-to-concrete-node-and-use-host-network" class="md-nav__link">
|
|
Bind to concrete Node and use host network
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#proxy-port-to-service-via-proxy-protocol" class="md-nav__link">
|
|
Proxy Port to Service via PROXY Protocol
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Proxy Port to Service via PROXY Protocol">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configure-your-ingress" class="md-nav__link">
|
|
Configure your Ingress
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configure-the-mailserver" class="md-nav__link">
|
|
Configure the Mailserver
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../ipv6/" class="md-nav__link">
|
|
IPv6
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4" data-md-state="indeterminate" type="checkbox" id="__nav_4" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_4">
|
|
Examples
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Examples" data-md-level="1">
|
|
<label class="md-nav__title" for="__nav_4">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Examples
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4_1" data-md-state="indeterminate" type="checkbox" id="__nav_4_1" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_4_1">
|
|
Tutorials
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Tutorials" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_4_1">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Tutorials
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../examples/tutorials/basic-installation/" class="md-nav__link">
|
|
Basic Installation
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
|
Mailserver behind Proxy
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../examples/tutorials/blog-posts/" class="md-nav__link">
|
|
Blog Posts
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_4_2" data-md-state="indeterminate" type="checkbox" id="__nav_4_2" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_4_2">
|
|
Use Cases
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Use Cases" data-md-level="2">
|
|
<label class="md-nav__title" for="__nav_4_2">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Use Cases
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
|
Forward-Only Mailserver with LDAP
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../examples/uses-cases/imap-folders/" class="md-nav__link">
|
|
Customize IMAP Folders
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../faq/" class="md-nav__link">
|
|
FAQ
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle" data-md-toggle="__nav_6" data-md-state="indeterminate" type="checkbox" id="__nav_6" checked>
|
|
|
|
<label class="md-nav__link" for="__nav_6">
|
|
Contributing
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
<nav class="md-nav" aria-label="Contributing" data-md-level="1">
|
|
<label class="md-nav__title" for="__nav_6">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Contributing
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../contributing/issues-and-pull-requests/" class="md-nav__link">
|
|
Issues and Pull Requests
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../contributing/coding-style/" class="md-nav__link">
|
|
Coding Style
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../contributing/tests/" class="md-nav__link">
|
|
Tests
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../../contributing/documentation/" class="md-nav__link">
|
|
Documentation
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="https://hub.docker.com/repository/docker/mailserver/docker-mailserver" class="md-nav__link">
|
|
DockerHub
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="https://github.com/orgs/docker-mailserver/packages/container/package/docker-mailserver" class="md-nav__link">
|
|
GHCR
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#introduction" class="md-nav__link">
|
|
Introduction
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#manifests" class="md-nav__link">
|
|
Manifests
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Manifests">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configuration" class="md-nav__link">
|
|
Configuration
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#persistence" class="md-nav__link">
|
|
Persistence
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#service" class="md-nav__link">
|
|
Service
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#deployments" class="md-nav__link">
|
|
Deployments
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#sensitive-data" class="md-nav__link">
|
|
Sensitive Data
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#exposing-your-mailserver-to-the-outside-world" class="md-nav__link">
|
|
Exposing your Mailserver to the Outside World
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Exposing your Mailserver to the Outside World">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#external-ips-service" class="md-nav__link">
|
|
External IPs Service
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#proxy-port-to-service" class="md-nav__link">
|
|
Proxy port to Service
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#bind-to-concrete-node-and-use-host-network" class="md-nav__link">
|
|
Bind to concrete Node and use host network
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#proxy-port-to-service-via-proxy-protocol" class="md-nav__link">
|
|
Proxy Port to Service via PROXY Protocol
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Proxy Port to Service via PROXY Protocol">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configure-your-ingress" class="md-nav__link">
|
|
Configure your Ingress
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configure-the-mailserver" class="md-nav__link">
|
|
Configure the Mailserver
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<div class="md-content" data-md-component="content">
|
|
<article class="md-content__inner md-typeset">
|
|
|
|
|
|
<a href="https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/config/advanced/kubernetes.md" title="Edit this page" class="md-content__button md-icon">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg>
|
|
</a>
|
|
|
|
|
|
<h1>Kubernetes</h1>
|
|
|
|
<h2 id="introduction"><a class="toclink" href="#introduction">Introduction</a></h2>
|
|
<p>Kubernetes (also known by its abbreviation K8s) is a production-grade orchestrating tool for containers. This article describes how to deploy <code>docker-mailserver</code> to K8s. K8s differs from Docker especially when it comes to separation of concerns: Whereas with Docker Compose, you can fit everything in one file, with K8s, the information is split. This may seem (too) verbose, but actually provides a clear structure with more features and scalability. We are going to have a look at how to deploy one instance of <code>docker-mailserver</code> to your cluster.</p>
|
|
<p>We assume basic knowledge about K8s from the reader. If you're not familiar with K8s, we highly recommend starting with something less complex, like Docker Compose.</p>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">About Support for K8s</p>
|
|
<p>Please note that Kubernetes <strong>is not</strong> officially supported and we do not build images specifically designed for it. When opening an issue, please remember that only Docker & Docker Compose are officially supported.</p>
|
|
<p>This content is entirely community-supported. If you find errors, please open an issue and provide a PR.</p>
|
|
</div>
|
|
<h2 id="manifests"><a class="toclink" href="#manifests">Manifests</a></h2>
|
|
<h3 id="configuration"><a class="toclink" href="#configuration">Configuration</a></h3>
|
|
<p>We want to provide the basic configuration in the form of environment variables with a <code>ConfigMap</code>. Note that this is just an example configuration; tune the <code>ConfigMap</code> to your needs.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver.environment</span>
|
|
|
|
<span class="nt">immutable</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span> <span class="c1"># turn off during development</span>
|
|
|
|
<span class="nt">data</span><span class="p">:</span>
|
|
<span class="nt">TLS_LEVEL</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">modern</span>
|
|
<span class="nt">POSTSCREEN_ACTION</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">drop</span>
|
|
<span class="nt">OVERRIDE_HOSTNAME</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail.example.com</span>
|
|
<span class="nt">FAIL2BAN_BLOCKTYPE</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">drop</span>
|
|
<span class="nt">POSTMASTER_ADDRESS</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">postmaster@example.com</span>
|
|
<span class="nt">UPDATE_CHECK_INTERVAL</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">10d</span>
|
|
<span class="nt">POSTFIX_INET_PROTOCOLS</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ipv4</span>
|
|
<span class="nt">ONE_DIR</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">DMS_DEBUG</span><span class="p">:</span> <span class="s">'0'</span>
|
|
<span class="nt">ENABLE_CLAMAV</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">ENABLE_POSTGREY</span><span class="p">:</span> <span class="s">'0'</span>
|
|
<span class="nt">ENABLE_FAIL2BAN</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">AMAVIS_LOGLEVEL</span><span class="p">:</span> <span class="s">'-1'</span>
|
|
<span class="nt">SPOOF_PROTECTION</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">MOVE_SPAM_TO_JUNK</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">ENABLE_UPDATE_CHECK</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">ENABLE_SPAMASSASSIN</span><span class="p">:</span> <span class="s">'1'</span>
|
|
<span class="nt">SUPERVISOR_LOGLEVEL</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">warn</span>
|
|
<span class="nt">SPAMASSASSIN_SPAM_TO_INBOX</span><span class="p">:</span> <span class="s">'1'</span>
|
|
</code></pre></div>
|
|
<p>We can also make use of user-provided configuration files, e.g. <code>user-patches.sh</code>, <code>postfix-accounts.cf</code> and more, to adjust <code>docker-mailserver</code> to our likings. We encourage you to have a look at <a href="https://kustomize.io/">Kustomize</a> for creating <code>ConfigMap</code>s from multiple files, but for now, we will provide a simple, hand-written example. This example is absolutely minimal and only goes to show what can be done.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver.files</span>
|
|
|
|
<span class="nt">data</span><span class="p">:</span>
|
|
<span class="nt">postfix-accounts.cf</span><span class="p">:</span> <span class="p p-Indicator">|</span>
|
|
<span class="no">test@example.com|{SHA512-CRYPT}$6$someHashValueHere</span>
|
|
<span class="no">other@example.com|{SHA512-CRYPT}$6$someOtherHashValueHere</span>
|
|
</code></pre></div>
|
|
<h3 id="persistence"><a class="toclink" href="#persistence">Persistence</a></h3>
|
|
<p>Thereafter, we need persistence for our data.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">PersistentVolumeClaim</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">storageClassName</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">local-path</span>
|
|
<span class="nt">accessModes</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">ReadWriteOnce</span>
|
|
<span class="nt">resources</span><span class="p">:</span>
|
|
<span class="nt">requests</span><span class="p">:</span>
|
|
<span class="nt">storage</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">25Gi</span>
|
|
</code></pre></div>
|
|
<h3 id="service"><a class="toclink" href="#service">Service</a></h3>
|
|
<p>A <code>Service</code> is required for getting the traffic to the pod itself. The service is somewhat crucial. Its configuration determines whether the original IP from the sender will be kept. <a href="#exposing-your-mail-server-to-the-outside-world">More about this further down below</a>.</p>
|
|
<p>The configuration you're seeing does keep the original IP, but you will not be able to scale this way. We have chosen to go this route in this case because we think most K8s users will only want to have one instance anyway, and users that need high availability know how to do it anyways.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Service</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">labels</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">type</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">LoadBalancer</span>
|
|
<span class="nt">externalTrafficPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Local</span>
|
|
|
|
<span class="nt">selector</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="nt">ports</span><span class="p">:</span>
|
|
<span class="c1"># Transfer</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">transfer</span>
|
|
<span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">25</span>
|
|
<span class="nt">targetPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">transfer</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
<span class="c1"># ESMTP with implicit TLS</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">esmtp-implicit</span>
|
|
<span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">465</span>
|
|
<span class="nt">targetPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">esmtp-implicit</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
<span class="c1"># ESMTP with explicit TLS (STARTTLS)</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">esmtp-explicit</span>
|
|
<span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">587</span>
|
|
<span class="nt">targetPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">esmtp-explicit</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
<span class="c1"># IMAPS with implicit TLS</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">imap-implicit</span>
|
|
<span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">993</span>
|
|
<span class="nt">targetPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">imap-implicit</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
</code></pre></div>
|
|
<h3 id="deployments"><a class="toclink" href="#deployments">Deployments</a></h3>
|
|
<p>Last but not least, the <code>Deployment</code> becomes the most complex component. It instructs Kubernetes how to run the docker-mailserver container and how to apply your ConfigMaps and persisted storage. Additionally, we can set options to enforce runtime security here.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">apps/v1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Deployment</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="nt">annotations</span><span class="p">:</span>
|
|
<span class="nt">ignore-check.kube-linter.io/run-as-non-root</span><span class="p">:</span> <span class="p p-Indicator">>-</span>
|
|
<span class="no">The mailserver needs to run as root</span>
|
|
<span class="nt">ignore-check.kube-linter.io/privileged-ports</span><span class="p">:</span> <span class="p p-Indicator">>-</span>
|
|
<span class="no">The mailserver needs privilegdes ports</span>
|
|
<span class="nt">ignore-check.kube-linter.io/no-read-only-root-fs</span><span class="p">:</span> <span class="p p-Indicator">>-</span>
|
|
<span class="no">There are too many files written to make The</span>
|
|
<span class="no">root FS read-only</span>
|
|
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">replicas</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1</span>
|
|
<span class="nt">selector</span><span class="p">:</span>
|
|
<span class="nt">matchLabels</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="nt">template</span><span class="p">:</span>
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">labels</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="nt">annotations</span><span class="p">:</span>
|
|
<span class="nt">container.apparmor.security.beta.kubernetes.io/mailserver</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">runtime/default</span>
|
|
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">containers</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ghcr.io/docker-mailserver/docker-mailserver:10.0.0</span>
|
|
<span class="nt">imagePullPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">IfNotPresent</span>
|
|
|
|
<span class="nt">securityContext</span><span class="p">:</span>
|
|
<span class="nt">allowPrivilegeEscalation</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
<span class="nt">readOnlyRootFilesystem</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
<span class="nt">runAsUser</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">0</span>
|
|
<span class="nt">runAsGroup</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">0</span>
|
|
<span class="nt">runAsNonRoot</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
<span class="nt">privileged</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
<span class="nt">capabilities</span><span class="p">:</span>
|
|
<span class="nt">add</span><span class="p">:</span>
|
|
<span class="c1"># file permission capabilities</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">CHOWN</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">FOWNER</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">MKNOD</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SETGID</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SETUID</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">DAC_OVERRIDE</span>
|
|
<span class="c1"># network capabilities</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_ADMIN</span> <span class="c1"># needed for F2B</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_RAW</span> <span class="c1"># needed for F2B</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_BIND_SERVICE</span>
|
|
<span class="c1"># miscellaneous capabilities</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SYS_CHROOT</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SYS_PTRACE</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">KILL</span>
|
|
<span class="nt">drop</span><span class="p">:</span> <span class="p p-Indicator">[</span><span class="nv">ALL</span><span class="p p-Indicator">]</span>
|
|
<span class="nt">seccompProfile</span><span class="p">:</span>
|
|
<span class="nt">type</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">RuntimeDefault</span>
|
|
|
|
<span class="c1"># You want to tune this to your needs. If you disable ClamAV,</span>
|
|
<span class="c1"># you can use less RAM and CPU. This becomes important in</span>
|
|
<span class="c1"># case you're low on resources and Kubernetes refuses to</span>
|
|
<span class="c1"># schedule new pods.</span>
|
|
<span class="nt">resources</span><span class="p">:</span>
|
|
<span class="nt">limits</span><span class="p">:</span>
|
|
<span class="nt">memory</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">4Gi</span>
|
|
<span class="nt">cpu</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1500m</span>
|
|
<span class="nt">requests</span><span class="p">:</span>
|
|
<span class="nt">memory</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">2Gi</span>
|
|
<span class="nt">cpu</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">600m</span>
|
|
|
|
<span class="nt">volumeMounts</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">files</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">postfix-accounts.cf</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/tmp/docker-mailserver/postfix-accounts.cf</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
|
|
<span class="c1"># PVCs</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/var/mail</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/var/mail-state</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">state</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/var/log/mail</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">log</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
|
|
<span class="c1"># other</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">tmp-files</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/tmp</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">false</span>
|
|
|
|
<span class="nt">ports</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">transfer</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">25</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">esmtp-implicit</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">465</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">esmtp-explicit</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">587</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">imap-implicit</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">993</span>
|
|
<span class="nt">protocol</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">TCP</span>
|
|
|
|
<span class="nt">envFrom</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">configMapRef</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver.environment</span>
|
|
|
|
<span class="nt">restartPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Always</span>
|
|
|
|
<span class="nt">volumes</span><span class="p">:</span>
|
|
<span class="c1"># configuration files</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">files</span>
|
|
<span class="nt">configMap</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver.files</span>
|
|
|
|
<span class="c1"># PVCs</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
<span class="nt">persistentVolumeClaim</span><span class="p">:</span>
|
|
<span class="nt">claimName</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">data</span>
|
|
|
|
<span class="c1"># other</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">tmp-files</span>
|
|
<span class="nt">emptyDir</span><span class="p">:</span> <span class="p p-Indicator">{}</span>
|
|
</code></pre></div>
|
|
<h3 id="sensitive-data"><a class="toclink" href="#sensitive-data">Sensitive Data</a></h3>
|
|
<p>By now, the mailserver starts, but does not really work for long (or at all), because we're lacking certificates. You will need to choose yourself, which approach you'd want to go with. The <a href="../../security/ssl/">TLS</a> section provides you with an overview.</p>
|
|
<div class="admonition attention">
|
|
<p class="admonition-title">Sensitive Data</p>
|
|
<p>For storing OpenDKIM keys, TLS certificates or any sort of sensitive data, you should be using <code>Secret</code>s. You can mount secrets like <code>ConfigMap</code>s and use them the same way.</p>
|
|
</div>
|
|
<h2 id="exposing-your-mailserver-to-the-outside-world"><a class="toclink" href="#exposing-your-mailserver-to-the-outside-world">Exposing your Mailserver to the Outside World</a></h2>
|
|
<p>The more difficult part with K8s is to expose a deployed mailserver to the outside world. K8s provides multiple ways for doing that; each has downsides and complexity. The major problem with exposing the mailserver to outside world in K8s is to <a href="https://kubernetes.io/docs/tutorials/services/source-ip">preserve the real client IP</a>. The real client IP is required by the mailserver for performing IP-based SPF checks and spam checks. If you do not require SPF checks for incoming mails, you may disable them in your <a href="../override-defaults/postfix/">Postfix configuration</a> by dropping the line that states <code>check_policy_service unix:private/policyd-spf</code>.</p>
|
|
<p>The easiest approach was covered above, using <code class="highlight"><span class="nt">externalTrafficPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Local</span></code>, which disables the service proxy, but makes the service local as well (which does not scale). This approach only works when you are given the correct (that is, a public and routable) IP address by a load balancer (like MetalLB). In this sense, the approach above is similar to the next example below. We want to provide you with a few alternatives too. <strong>But</strong> we also want to communicate the idea of another simple method: you could use a load-balancer without an external IP and DNAT the network traffic to the mail server. After all, this does not interfere with SPF checks because it keeps the origin IP address. If no dedicated external IP address is available, you could try the latter approach, if one is available, use the former.</p>
|
|
<h3 id="external-ips-service"><a class="toclink" href="#external-ips-service">External IPs Service</a></h3>
|
|
<p>The simplest way is to expose the mailserver as a <a href="https://kubernetes.io/docs/concepts/services-networking/service">Service</a> with <a href="https://kubernetes.io/docs/concepts/services-networking/service/#external-ips">external IPs</a>. This is very similar to the approach taken above. Here, an external IP is given to the service directly by you. With the approach above, you tell your load-balancer to do this.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Service</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">labels</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">selector</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">ports</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">smtp</span>
|
|
<span class="nt">port</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">25</span>
|
|
<span class="nt">targetPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">smtp</span>
|
|
<span class="c1"># ...</span>
|
|
|
|
<span class="nt">externalIPs</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">80.11.12.10</span>
|
|
</code></pre></div>
|
|
<p>This approach</p>
|
|
<ul>
|
|
<li>does not preserve the real client IP, so SPF check of incoming mail will fail.</li>
|
|
<li>requires you to specify the exposed IPs explicitly.</li>
|
|
</ul>
|
|
<h3 id="proxy-port-to-service"><a class="toclink" href="#proxy-port-to-service">Proxy port to Service</a></h3>
|
|
<p>The <a href="https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service">proxy pod</a> helps to avoid the necessity of specifying external IPs explicitly. This comes at the cost of complexity; you must deploy a proxy pod on each <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> you want to expose mailserver on.</p>
|
|
<p>This approach</p>
|
|
<ul>
|
|
<li>does not preserve the real client IP, so SPF check of incoming mail will fail.</li>
|
|
</ul>
|
|
<h3 id="bind-to-concrete-node-and-use-host-network"><a class="toclink" href="#bind-to-concrete-node-and-use-host-network">Bind to concrete Node and use host network</a></h3>
|
|
<p>One way to preserve the real client IP is to use <code>hostPort</code> and <code>hostNetwork: true</code>. This comes at the cost of availability; you can talk to the mailserver from outside world only via IPs of <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> where mailserver is deployed.</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">extensions/v1beta1</span>
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Deployment</span>
|
|
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
|
|
<span class="c1"># ...</span>
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">hostNetwork</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
|
|
<span class="c1"># ...</span>
|
|
<span class="nt">containers</span><span class="p">:</span>
|
|
<span class="c1"># ...</span>
|
|
<span class="nt">ports</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">smtp</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">25</span>
|
|
<span class="nt">hostPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">25</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">smtp-auth</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">587</span>
|
|
<span class="nt">hostPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">587</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">imap-secure</span>
|
|
<span class="nt">containerPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">993</span>
|
|
<span class="nt">hostPort</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">993</span>
|
|
<span class="c1"># ...</span>
|
|
</code></pre></div>
|
|
<p>With this approach,</p>
|
|
<ul>
|
|
<li>it is not possible to access mailserver via other cluster Nodes, only via the one mailserver deployed at.</li>
|
|
<li>every Port within the Container is exposed on the Host side.</li>
|
|
</ul>
|
|
<h3 id="proxy-port-to-service-via-proxy-protocol"><a class="toclink" href="#proxy-port-to-service-via-proxy-protocol">Proxy Port to Service via PROXY Protocol</a></h3>
|
|
<p>This way is ideologically the same as <a href="#proxy-port-to-service">using a proxy pod</a>, but instead of a separate proxy pod, you configure your ingress to proxy TCP traffic to the mailserver pod using the PROXY protocol, which preserves the real client IP.</p>
|
|
<h4 id="configure-your-ingress"><a class="toclink" href="#configure-your-ingress">Configure your Ingress</a></h4>
|
|
<p>With an <a href="https://kubernetes.github.io/ingress-nginx">NGINX ingress controller</a>, set <code>externalTrafficPolicy: Local</code> for its service, and add the following to the TCP services config map (as described <a href="https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services">here</a>):</p>
|
|
<div class="highlight"><pre><span></span><code><span class="nt">25</span><span class="p">:</span> <span class="s">"mailserver/mailserver:25::PROXY"</span>
|
|
<span class="nt">465</span><span class="p">:</span> <span class="s">"mailserver/mailserver:465::PROXY"</span>
|
|
<span class="nt">587</span><span class="p">:</span> <span class="s">"mailserver/mailserver:587::PROXY"</span>
|
|
<span class="nt">993</span><span class="p">:</span> <span class="s">"mailserver/mailserver:993::PROXY"</span>
|
|
</code></pre></div>
|
|
<div class="admonition help">
|
|
<p class="admonition-title">HAProxy</p>
|
|
<p>With <a href="https://hub.docker.com/_/haproxy">HAProxy</a>, the configuration should look similar to the above. If you know what it actually looks like, add an example here. <img alt="😃" class="twemoji" src="https://twemoji.maxcdn.com/v/latest/svg/1f603.svg" title=":smiley:" /></p>
|
|
</div>
|
|
<h4 id="configure-the-mailserver"><a class="toclink" href="#configure-the-mailserver">Configure the Mailserver</a></h4>
|
|
<p>Then, configure both <a href="../override-defaults/postfix/">Postfix</a> and <a href="../override-defaults/dovecot/">Dovecot</a> to expect the PROXY protocol:</p>
|
|
<details class="example"><summary>HAProxy Example</summary><div class="highlight"><pre><span></span><code><span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ConfigMap</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver.config</span>
|
|
<span class="nt">labels</span><span class="p">:</span>
|
|
<span class="nt">app</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">data</span><span class="p">:</span>
|
|
<span class="nt">postfix-main.cf</span><span class="p">:</span> <span class="p p-Indicator">|</span>
|
|
<span class="no">postscreen_upstream_proxy_protocol = haproxy</span>
|
|
<span class="nt">postfix-master.cf</span><span class="p">:</span> <span class="p p-Indicator">|</span>
|
|
<span class="no">smtp/inet/postscreen_upstream_proxy_protocol=haproxy</span>
|
|
<span class="no">submission/inet/smtpd_upstream_proxy_protocol=haproxy</span>
|
|
<span class="no">smtps/inet/smtpd_upstream_proxy_protocol=haproxy</span>
|
|
<span class="nt">dovecot.cf</span><span class="p">:</span> <span class="p p-Indicator">|</span>
|
|
<span class="no"># Assuming your ingress controller is bound to 10.0.0.0/8</span>
|
|
<span class="no">haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8</span>
|
|
<span class="no">service imap-login {</span>
|
|
<span class="no">inet_listener imap {</span>
|
|
<span class="no">haproxy = yes</span>
|
|
<span class="no">}</span>
|
|
<span class="no">inet_listener imaps {</span>
|
|
<span class="no">haproxy = yes</span>
|
|
<span class="no">}</span>
|
|
<span class="no">}</span>
|
|
<span class="c1"># ...</span>
|
|
<span class="nn">---</span>
|
|
|
|
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Deployment</span>
|
|
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">extensions/v1beta1</span>
|
|
<span class="nt">metadata</span><span class="p">:</span>
|
|
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">template</span><span class="p">:</span>
|
|
<span class="nt">spec</span><span class="p">:</span>
|
|
<span class="nt">containers</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker-mailserver</span>
|
|
<span class="nt">volumeMounts</span><span class="p">:</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">config</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">postfix-main.cf</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/tmp/docker-mailserver/postfix-main.cf</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">config</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">postfix-master.cf</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/tmp/docker-mailserver/postfix-master.cf</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">config</span>
|
|
<span class="nt">subPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">dovecot.cf</span>
|
|
<span class="nt">mountPath</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">/tmp/docker-mailserver/dovecot.cf</span>
|
|
<span class="nt">readOnly</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">true</span>
|
|
</code></pre></div>
|
|
</details>
|
|
<p>With this approach,</p>
|
|
<ul>
|
|
<li>it is not possible to access the mailserver via cluster-DNS, as the PROXY protocol is required for incoming connections.</li>
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</article>
|
|
</div>
|
|
</div>
|
|
|
|
<a href="#" class="md-top md-icon" data-md-component="top" data-md-state="hidden">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8v12z"/></svg>
|
|
Back to top
|
|
</a>
|
|
|
|
</main>
|
|
|
|
|
|
<footer class="md-footer">
|
|
|
|
<nav class="md-footer__inner md-grid" aria-label="Footer">
|
|
|
|
|
|
<a href="../full-text-search/" class="md-footer__link md-footer__link--prev" aria-label="Previous: Full-Text Search" rel="prev">
|
|
<div class="md-footer__button md-icon">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg>
|
|
</div>
|
|
<div class="md-footer__title">
|
|
<div class="md-ellipsis">
|
|
<span class="md-footer__direction">
|
|
Previous
|
|
</span>
|
|
Full-Text Search
|
|
</div>
|
|
</div>
|
|
</a>
|
|
|
|
|
|
|
|
<a href="../ipv6/" class="md-footer__link md-footer__link--next" aria-label="Next: IPv6" rel="next">
|
|
<div class="md-footer__title">
|
|
<div class="md-ellipsis">
|
|
<span class="md-footer__direction">
|
|
Next
|
|
</span>
|
|
IPv6
|
|
</div>
|
|
</div>
|
|
<div class="md-footer__button md-icon">
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M4 11v2h12l-5.5 5.5 1.42 1.42L19.84 12l-7.92-7.92L10.5 5.5 16 11H4z"/></svg>
|
|
</div>
|
|
</a>
|
|
|
|
</nav>
|
|
|
|
<div class="md-footer-meta md-typeset">
|
|
<div class="md-footer-meta__inner md-grid">
|
|
<div class="md-footer-copyright">
|
|
|
|
<div class="md-footer-copyright__highlight">
|
|
<p>© <a href="https://github.com/docker-mailserver"><em>Docker Mailserver Organization</em></a><br/><span>This project is licensed under the MIT license.</span></p>
|
|
</div>
|
|
|
|
Made with
|
|
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
|
Material for MkDocs
|
|
</a>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
|
|
</div>
|
|
<div class="md-dialog" data-md-component="dialog">
|
|
<div class="md-dialog__inner md-typeset"></div>
|
|
</div>
|
|
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.709b4209.min.js", "version": {"provider": "mike"}}</script>
|
|
|
|
|
|
<script src="../../../assets/javascripts/bundle.febc23d1.min.js"></script>
|
|
|
|
|
|
</body>
|
|
</html> |