A Dockerfile that runs a secure, configurable mailserver with all kinds of good stuff:
- SMTP over SSL via Postfix as MTA, with a set of DNSBLs so spam is cleared before it hits your mailbox.
- POP3 over SSL, via Dovecot
- IMAP over SSL via Dovecot
- Mail server verification via OpenDKIM
Build the docker image by running make or executing:
docker build [--rm] -t <user>/mail .In order to have all of the above mentioned features fully functional for your domain, and the email-addresses and aliases it hosts, run through each of the following steps. At the end you should have a <settings_folder> with a structured that is similar to the one in this repository that acts as an example.
-
Create 2 persistent folders: one to hold the configuration/settings files and one that will act as mail storage.
This can be on the server, and the folder names can be freely chosen. example:
/opt/dockxs/mail/settings/ /opt/dockxs/mail/data/Alternatively, those folders can be inside a data container, but with specific volumes.
docker run -d --name mail-data \ -v /settings \ -v /data \ busybox -
Add the FQDN of your server to the first line of the file
<settings_folder>/hostname. Example:mydomain.net -
Add all the domains you want this server to receive mail for to the file
<settings_folder>/domainsin the following format:mydomain.net myotherdomain.org -
Add addresses and aliases you want to receive mail for to the file
<settings_folder>/aliasesin the following format:fbar@mydomain.net foo.bar@mydomain.net foo.bar@mydomain.net foo.bar@mydomain.net postmaster@myotherdomain.org postmaster@myotherdomain.org @myotherdomain.org catch-all@myotherdomain.orgIMAP accounts will be created for each unique entry in the right column. Mails sent to the email addresses in the left column will be delivered in the corresponding IMAP account to the right.
-
Add user passwords to the
<settings_folder>/passwordsin the following format:foo.bar@mydomain.net:{SHA256-CRYPT}$6$e.n6OiX.c12RK2bz$zHHuDpq.Ewk0DXKYC.PDdjAb0jeaJM.zGm3K.hfqPDg/l. postmaster@myotherdomain.net:{PLAIN}pass12345In order to generate the hash values, you need to call
doveadm pw -s <pw-scheme>. For this you need dovecot installed; this can be done locally, or by firing up this container in attached state by callingdocker run -it --rm <user>/mail bashand then runningmail-configure && doveadm pw -s <pw-scheme>. It's recommended to useSHA512-CRYPTas pw scheme. -
Generate the DKIM key (again, either you have opendkim installed locally, or you run this container in attached mode) by calling:
opendkim-genkey -s mail -d mydomain.net
This will create 2 files: (1) copy the
mail.privatefile to the<settings_folder>and (2) the content ofmail.txtneeds to be set as the value of aTXT DNS Recordfor the keymail._domainkey.mydomain.net.(trailing dot!) -
Set up SPF, by adding
"v=spf1 mx -all"as aTXT DNS Recordfor the key@ -
Set up the Reverse PTR
-
(Optional) Add your domain ssl private key and certificate to the
<settings_folder>/sslfolder, so its content looks like:wildcard_private.key wildcard_public_cert.crt
Once the container is build (or pulled from the hub), the folders for the settings and mail storage exist, and the configuration files are in place in the settings folder, you can run the container as follows:
-
If the folders are on the server
docker run -d [--name <name>] \ -v <settings_folder>:/settings \ -v <data_folder>:/data \ -p 25:25 \ -p 143:143 \ -p 587:587 \ -p 993:993 \ <user>/mail
-
If the folders are within a data container
docker run -d [--name <name>] \ --volumes-from mail-data \ -p 25:25 \ -p 143:143 \ -p 587:587 \ -p 993:993 \ <user>/mail
-
(Or mixed) with the settings folder on the server and the storage in a data container
docker run -d --name mail-data \ -v /data \ busybox docker run -d [--name <name>] \ -v <settings_folder>:/settings \ --volumes-from mail-data \ -p 25:25 \ -p 143:143 \ -p 587:587 \ -p 993:993 \ <user>/mail
Licensed under the MIT License. See the LICENSE file for details.
Are welcome!