Skip to content
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Cannot retrieve contributors at this time

Mailtainer - All In One Mailserver (IMAP/SMTP)

A mailserver image build on Dovecot, Postfix, Amavis, ClamAV, Spamassassin, Letsencrypt.


  • Public available image - runs on docker or kubernetes
  • AllInOne Yaml Config File
  • Out of the box support for Letsencrypt (SSL)
  • Setup & ready to go in 60 seconds
  • Build in backup utility using GPG encryption
  • Forward mails to HTTP Push URL

Deployment / Configuration

sudo apt-get install curl
sudo mkdir /mailtainer_data
sudo curl -o /mailtainer_data/mailtainer-cfg.yml
sudo curl -o /mailtainer_data/mailtainer-compose.yml

## Adjust the files mailtainer-cfg.yml and mailtainer-compose.yml

sudo docker swam init
sudo docker stack deploy -c /mailtainer_data/mailtainer-compose.yml mailtainer  

Generating hashed passwords:

mkpasswd -m SHA-512 <password>


Environment Name Default Description
MAILNAME -- The hostname this server is running on
CONFIG_FILE /data/mailtainer-cfg.yml The path to the config file inside the container
ENABLE_LETSENCRYPT 1 Enable automatic acquiring / renewing of SSL certificates
DEBUG 0 Set to 1 to enable debug logging (may contain sensitive data)

Mail-Client Settings

Mozilla Thunderbird




Docker Images are availabe on Github-Packages

Image Description Stable build. Recent updates Release build. Fixed version (no updates) Development build. Testing only

Backup & Recovery

Mailtainer comes with an http backup utility. It encrypts the data directory with pgp. To enable backups, fist create a pgp keypair

Create a pgp key pair

gpg --gen-key
gpg --output /mailtainer_data/public.pgp --armor --export your_email@domain.tld
gpg --export-secret-keys --armor --output private-key-bku-leuffen.pgp
Environment Default Description
BACKUP_PGP_PUBLIC_KEY_FILE /data/public.pgp Specify the full path to public.pgp inside the container
BACKUP_AUTH_PASS_HASH (required) specify the crypted (mkpasswd -m SHA-512) password to use for basic auth

To pass environment including "$"-character you have to double it (replace "$" to "$$")! (See variable substituion for more information)

Download the backup via curl

curl -fo /backup/location/backup.enc -u backup:<plain_auth_pass> http://mail.server.tld/export.php

Example backup script

Restore from backup

Import the private key

gpg --import backupkeys.pgp

Extract the data

gpg -d backup-file.enc | tar -xz

Block IP Addresses using iptables

You can't use ufw to block traffic to docker containers directly. Use the ufw forward rule instead.

iptables -I FORWARD -s <ip>/24 -j DROP