A mail server in a box.
A secure, minimal-configuration mail server in a docker container, including webmail.
This repository is tailored to small private servers, where you own some domain(s) and want to receive the mail for and send mail from this domain. It consists of 4 separate docker containers:
dovecot: The SMTP and IMAP server. This container uses postfix as MTA and dovecot as IMAP server. All incoming mail to your own domains is accepted. For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS on port 587. In theory it works with all mail clients, but it was only tested with Thunderbird.
rainloop: An automatically configured webmail interface. Note that you have to login with your full mail adress, e.g.
email@example.com of just
john.doe. By default, this will bind to
There is a webmail admin interface available at
localhost:33100/?adminwith default username
adminand default password
12345, so you probably want to change that before connecting this container to the internet. Note that just knowing the admin password isnt enough for other people to read your mail, since the mail password isn't stored within rainloop. Also note that the admin password will reset to the default values every time you restart the container.
Rainloop is released under CC BY-NC-SA 3.0, so you are only allowed to use this container for non-commercial purposes. They do sell commercial licenses, if required.
NOTE The build for this container is currently broken, because the rainloop project removed all version tags from their public git repository. If someone can identify a working commit and fix the Dockerfile to pull this specific request, a pull request would be much appreciated!
owncloud: This provides CalDAV and CardDAV functionality, together with tons and tons of other stuff like cloud storage, collaborative editing, etc. You should be able to login using your mail address automatically.
By default, this container will bind to
localhost:33200. All user data is by default mapped
/srv/owncloudon the host. As above, the default admin account has username
12345, so make sure to change this before connecting the container to the internet.
It is also possible to install a webmail interface within owncloud, so in theory you don't need rainloop. That said, restarting the container after configuration changes can be a bit rough and might require manual intervention so if you just want webmail, rainloop is probably preferrable. If you encounter problems, try deleting
/srv/owncloud/owncloud.dband restarting the container.
mailpile: An early-alpha but promising webmail interface. It is currently not built by default, but you can play around with it if you like. By default, the web interface will bind to
mail-base: This image is just an implementation detail. It is a workaround to allow sharing of configuration files between multiple docker images.
1) Copy the example files into your own configuration:
cp mail-base/aliases.example mail-base/aliases cp mail-base/domains.example mail-base/domains cp mail-base/passwords.example mail-base/passwords
2) Add all domains you want to receive mail for to the file
mail-base/domains, like this:
3) Add user aliases to the file
firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com firstname.lastname@example.org email@example.com @example.net firstname.lastname@example.org
An IMAP mail account is created for each entry on the right hand side. Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
4) Add user passwords to the file
mail-base/passwords like this
To get the hash values, you can either install dovecot locally or use lxc-attach to attach to the running
container and run
doveadm pw -s <scheme-name> inside.
5) Build containers:
You can build single targets, so if you dont want the webmail you can just run
make dovecot instead. The Makefile is
extremely simple, dont be afraid to look inside.
6) Run container and map ports 25 and 143 from the host to the container.
To store your mail outside the container, map
a directory on your host. (This is recommended, otherwise
you have to remember to backup your mail when you want to restart the container)
This is done automaticaly by
Again, you can make
run-rainloop to only start specific containers. Look
at the Makefile to see what this does exactly. Note that you have to stop old containers
manually before invoking make, as this currently cannot be done automatically.
7) (Optional) If you want to use owncloud, enter the public url at which owncloud can be reached (e.g.
owncloud.example.org) into the file
Known issues / Todo / Wishlist
HELO isn't set correctly, which can lead to problems with outgoing mail on some servers
It would be nice to have a way of catching mail to all subdomains.
Changing any configuration requires rebuilding the image and restarting the container