cf22475382
* docs(ci): Support deploy previews for documentation Each PR that contributes to docs will generate a unique (to that PR) URL to preview the PR live for review. * docs(ci): Split workflow To support previews from non-collaborators PR contributions, we cannot rely on secrets access from workflows triggered by the `pull_request` event. To do so securely, according to official advice from Github, we must run the third-party contribution in the restricted `pull_request` context, and then use a 2nd workflow to deploy the build (which requires secrets access). * docs(ci): Rename doc workflows + add commit status Better naming convention for documentation workflows. Split workflow only indicated status on PR of the 1st stage (building the preview to deploy), not the deployment progress/result. This needs to be managed more directly until the action better supports split-workflow scenario. * docs(ci): Add concurrency limit to preview deploy workflow This would be more ideal on the 2nd phase workflow (`workflow_run`), however keeping it simple for now. Limits the concurrency of the initial pull request workflow for documentation contributions that have PRs with multiple event triggers in a small time span (before the workflow triggered would complete). The main benefit is to avoid redundant deploys if the initial workflow has been triggered again to build the PR once more. It only will work against concurrent workflows for that PR in the 1st stage, if an existing `workflow_run` (2nd stage) is active for that PR it will not be cancelled. * docs(ci): Add sponsor branding for deploy preview service A requirement from Netlify for the [sponsored OSS organization plan](https://www.netlify.com/legal/open-source-policy). * docs(ci): Use a shared build script Production and Deploy Preview builds are now maintained via the same shell command, so version updates of docker image is in one place. Additionally deletes unnecessary build output which upstream provides no support to exclude. * docs: Add a custom 404 page This is used by the preview deploys on Netlify. Production deploys on Github Pages require a top-level 404 page manually deployed (since all are deployed to a version subpath). This 404 page was custom built and optimized by me. This is the final minified output, separate source to build is available if needed. --- Likewise the `favicon.ico` is a fallback for browsers that implicitly check the domain root for this file if the SVG isn't supported/preferred. Browsers check for this file without it being present in the HTML head meta elements. On Github Pages the `favicon.ico` isn't likely to be picked up by even top-level as typical deployment has the project name as a subpath. The docs however reference a PNG favicon which should be widely supported. The `favicon.ico` was generated by RealFaviconGenerator online tool with SVG source input. It contains 16px, 32px and 48px sizes. Quality is better than the `favicon.io` generator. * chore: Optimized logo SVG source cleaned up and optimized with SVGO 2.3. Minified versions (`.min.svg` extension) remove unnecessary data and white-space to reduce size further for production use. This extension better differentiates by filename that it's different from the `src` version. |
||
|---|---|---|
| .github | ||
| config | ||
| docs | ||
| target | ||
| test | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitignore | ||
| .gitmodules | ||
| CHANGELOG.md | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| docker-compose.yml | ||
| Dockerfile | ||
| LICENSE | ||
| mailserver.env | ||
| Makefile | ||
| README.md | ||
| setup.sh | ||
| VERSION | ||
Docker Mailserver
A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.). Only configuration files, no SQL database. Keep it simple and versioned. Easy to deploy and upgrade. Documentation via MkDocs. Why this image was created..
If you have issues, read the full README and the documentation for your version (default is edge) first before opening an issue. The issue tracker is for issues, not for personal support.
- Included Services
- Issues and Contributing
- Requirements
- Usage
- Examples
- Environment Variables
- Documentation
- Release Notes
Included Services
- Postfix with SMTP or LDAP auth
- Dovecot for SASL, IMAP (or POP3), with LDAP Auth, Sieve and quotas
- Amavis
- SpamAssassin supporting custom rules
- ClamAV with automatic updates
- OpenDKIM
- OpenDMARC
- Fail2ban
- Fetchmail
- Postscreen
- Postgrey
- LetsEncrypt and self-signed certificates
- Setup script to easily configure and maintain your mailserver
- Basic Sieve support using dovecot
- SASLauthd with LDAP auth
- Persistent data and state
- CI/CD
- Extension Delimiters (
you+extension@example.comgo toyou@example.com)
Requirements
Recommended:
- 1 Core
- 2GB RAM
- Swap enabled for the container
Minimum:
- 1 vCore
- 512MB RAM
Note: You'll need to deactivate some services like ClamAV to be able to run on a host with 512MB of RAM. Even with 1G RAM you may run into problems without swap, see FAQ.
Usage
Available image sources / tags
CI/CD will automatically build, test and push new images to container registries. Currently, the following registries are supported:
All workflows are using the tagging convention listed below. It is subsequently applied to all images pushed to supported container registries:
| Event | Ref | Commit SHA | Image Tags |
|---|---|---|---|
push |
refs/heads/master |
cf20257 |
edge |
push |
refs/heads/stable |
cf20257 |
stable |
push tag |
refs/tags/[v]1.2.3 |
ad132f5 |
1.2.3, 1.2, 1, latest |
Get the tools
Download docker-compose.yml and mailserver.env
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/docker-compose.yml
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/mailserver.env
and the setup.sh in the correct version
# if you're using :edge as the image tag
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
# if you're using :latest (= :9.1.0) as the image tag
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v9.1.0/setup.sh
chmod a+x ./setup.sh
# and make yourself familiar with the script
./setup.sh help
Make sure to get the setup.sh that comes with the release you're using. Look up the release and the git commit on which this release is based upon by selecting the appropriate tag on GitHub. This can done with the "Switch branches/tags" button on GitHub, choosing the right tag. This is done in order to rule out possible inconsistencies between versions.
Create a docker-compose environment
- Install the latest docker-compose
- Edit
docker-compose.ymlto your liking- substitute
<HOSTNAME>and<DOMAINNAME>according to your domain - if you want to use SELinux for the
./config/:/tmp/docker-mailserver/mount, append-zor-Z
- substitute
- Configure the mailserver container to your liking by editing
mailserver.env(Documentation)- this file supports only simple
VAR=VAL(don't quote your values) - variable substitution is not supported (e.g. 🚫
OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAME🚫)
- this file supports only simple
Get up and running
docker-compose up -d mailserver
# for SELinux, use -Z
./setup.sh [-Z] email add <user@domain> [<password>]
./setup.sh [-Z] alias add postmaster@<domain> <user@domain>
./setup.sh [-Z] config dkim
If you're seeing error messages about unchecked error, please verify that you're using the right version of setup.sh. Refer to the Get the tools section and / or execute ./setup.sh help and read the VERSION section.
In case you're using LDAP, the setup looks a bit different as you do not add user accounts directly. Postfix doesn't know your domain(s) and you need to provide it when configuring DKIM:
./setup.sh config dkim domain '<domain.tld>[,<domain2.tld>]'
If you want to see detailed usage information, run ./setup.sh config dkim help.
Miscellaneous
DNS - DKIM
When keys are generated, you can configure your DNS server by just pasting the content of config/opendkim/keys/domain.tld/mail.txt to set up DKIM. See the documentation for more details.
Custom user changes & patches
If you'd like to change, patch or alter files or behavior of docker-mailserver, you can use a script. See the documentation for a detailed explanation.
Updating docker-mailserver
docker-compose pull
docker-compose down
docker-compose up -d mailserver
You're done! And don't forget to have a look at the remaining functions of the setup.sh script with ./setup.sh help.
Supported Operating Systems
We are currently providing support for Linux. Windows is not supported and is known to cause problems. Similarly, macOS is not officially supported - but you may get it to work there. In the end, Linux should be your preferred operating system for this image, especially when using this mailserver in production.
Bare Domains
If you want to use a bare domain (hostname == domainname), see FAQ.
Support for Multiple Domains
docker-mailserver supports multiple domains out of the box, so you can do this:
./setup.sh email add user1@docker.example.com
./setup.sh email add user1@mail.example.de
./setup.sh email add user1@server.example.org
SPF/Forwarding Problems
If you got any problems with SPF and/or forwarding mails, give SRS a try. You enable SRS by setting ENABLE_SRS=1. See the variable description for further information.
Ports
See the documentation for further details and best practice advice, especially regarding security concerns.
Examples
With Relevant Environmental Variables
This example provides you only with a basic example of what a minimal setup could look like. We strongly recommend that you go through the configuration file yourself and adjust everything to your needs. The default docker-compose.yml can be used for the purpose out-of-the-box, see the usage section.
version: '3.8'
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
hostname: mail
domainname: example.com
container_name: mailserver
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/
environment:
- ENABLE_SPAMASSASSIN=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ENABLE_SASLAUTHD=0
- ONE_DIR=1
- DMS_DEBUG=0
cap_add:
- NET_ADMIN
- SYS_PTRACE
restart: always
volumes:
maildata:
mailstate:
maillogs:
LDAP setup
version: '3.8'
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
hostname: mail
domainname: example.com
container_name: mailserver
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/
environment:
- ENABLE_SPAMASSASSIN=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
- ENABLE_LDAP=1
- LDAP_SERVER_HOST=ldap # your ldap container/IP/ServerName
- LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain
- LDAP_BIND_PW=admin
- LDAP_QUERY_FILTER_USER=(&(mail=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_GROUP=(&(mailGroupMember=%s)(mailEnabled=TRUE))
- LDAP_QUERY_FILTER_ALIAS=(|(&(mailAlias=%s)(objectClass=PostfixBookMailForward))(&(mailAlias=%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE)))
- LDAP_QUERY_FILTER_DOMAIN=(|(&(mail=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailGroupMember=*@%s)(objectClass=PostfixBookMailAccount)(mailEnabled=TRUE))(&(mailalias=*@%s)(objectClass=PostfixBookMailForward)))
- DOVECOT_PASS_FILTER=(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
- DOVECOT_USER_FILTER=(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%n))
- ENABLE_SASLAUTHD=1
- SASLAUTHD_MECHANISMS=ldap
- SASLAUTHD_LDAP_SERVER=ldap
- SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=localhost,dc=localdomain
- SASLAUTHD_LDAP_PASSWORD=admin
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- SASLAUTHD_LDAP_FILTER=(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%U))
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
- POSTFIX_MESSAGE_SIZE_LIMIT=100000000
cap_add:
- NET_ADMIN
- SYS_PTRACE
restart: always
volumes:
maildata:
mailstate:
maillogs: