mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-28 14:45:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

docs(refactor): Large refactor + additions + fixes

Browse source 
Consistency pass, formatting cleanup and fixes, introduce admonitions, add front-matter.

---

docs: Add front-matter

---

docs: Fix and format links

- Some links were invalid (eg files moved or renamed)
- Some were valid but had invalid section headers (content removed or migrated)
- Some use `http://` instead of `https://` when the website supports a secure connection.
- Some already used the `[name][reference]` convention but often with a number that wasn't as useful for maintenance.
- All referenced docs needed URLs replaced. Opted for the `[name][reference]` approach to group them all clearly at the bottom of the doc, especially with the relative URLs and in some cases many duplicate entries.
- All `tomav` references from the original repo prior to switch to an organization have been corrected.
- Minor cosmetic changes to the `name` part of the URL, such as for referencing issues to be consistent.
- Some small changes to text body, usually due to duplicate URL reference that was unnecessary (open relay, youtous)
- Switched other links to use the `[name][reference]` format when there was a large group of URLs such as wikipedia or kubernetes. Github repos that reference projects related to `docker-mailserver` also got placed here so they're noticed better by maintainers. This also helped quite a bit with `mermaid` external links that are very long.
- There was a Github Wiki supported syntax in use `[[name | link]]` for `fetchmail` page that isn't compatible by default with MkDocs (needs a plugin), converted to `[name][reference]` instead since it's a relative link.

---

docs: Update commit link for LDAP override script

Logic moved to another file, keeping the permalink commit reference so it's unaffected by any changes in the file referenced in future.

---

docs: Heading corrections

Consistency pass. Helps with the Table of Contents (top-right UI) aka Document Outline.
docs: codefence cleanup

---

docs: misc cleanup

---

docs: Add Admonitions

Switches `<details>` usage for collapsible admonitions (`???`) while other text content is switched to the visually more distinct admoniton (`!!!` or `???+`) style.

This does affect editor syntax highlighting a bit and markdown linting as it's custom non-standard markdown syntax.
This commit is contained in:
polarathene 2021-03-01 23:41:19 +13:00
parent f13df19b87
commit 021e942c4c
30 changed files with 1369 additions and 1027 deletions
Download patch file Download diff file Expand all files Collapse all files

40
docs/content/advanced/auth-ldap.md
View file

@ -1,4 +1,8 @@
### Introduction
---
title: 'LDAP Authentication'
---
## Introduction
Getting started with ldap and this mailserver we need to take 3 parts in account:
@ -6,9 +10,10 @@ Getting started with ldap and this mailserver we need to take 3 parts in account
* DOVECOT
* SASLAUTHD (this can also be handled by dovecot above)
### List with the variables to control the container provisioning
## Variables to Control Provisioning by the Container
__POSTFIX__:
* `LDAP_QUERY_FILTER_USER`
* `LDAP_QUERY_FILTER_GROUP`
* `LDAP_QUERY_FILTER_ALIAS`
@ -19,14 +24,16 @@ __SASLAUTHD__:
* `SASLAUTHD_LDAP_FILTER`
__DOVECOT__:
* `DOVECOT_USER_FILTER`
* `DOVECOT_PASS_FILTER`
!!! note
This page will provide several use cases like recipes to show, how this project can be used with it's LDAP Features.
**NOTE**: This page will provide several use cases like recipes to show, how this project can be used with it's LDAP Features.
## LDAP Setup - Kopano / Zarafa
### Ldap Setup - Kopano/Zarafa
```yml
```yaml
---
version: '2'
@ -55,7 +62,7 @@ services:
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- SASLAUTHD_PASSWD=
- SASLAUTHD_PASSWD=
# >>> SASL Authentication
- ENABLE_SASLAUTHD=1
@ -100,19 +107,18 @@ volumes:
driver: local
```
If your directory has not the postfix-book schema installed, then you must change the internal attribute handling for dovecot. For this you have to change the ```pass_attr``` and the ```user_attr``` mapping, as shown in the example below:
If your directory has not the postfix-book schema installed, then you must change the internal attribute handling for dovecot. For this you have to change the `pass_attr` and the `user_attr` mapping, as shown in the example below:
```yml
- DOVECOT_PASS_ATTR=<YOUR_USER_IDENTIFYER_ATTRIBUTE>=user,<YOUR_USER_PASSWORD_ATTRIBUTE>=password
- DOVECOT_USER_ATTR=<YOUR_USER_HOME_DIRECTORY_ATTRIBUTE>=home,<YOUR_USER_MAILSTORE_ATTRIBUTE>=mail,<YOUR_USER_MAIL_UID_ATTRIBUTE>=uid, <YOUR_USER_MAIL_GID_ATTRIBUTE>=gid
```yaml
- DOVECOT_PASS_ATTR=<YOUR_USER_IDENTIFYER_ATTRIBUTE>=user,<YOUR_USER_PASSWORD_ATTRIBUTE>=password
- DOVECOT_USER_ATTR=<YOUR_USER_HOME_DIRECTORY_ATTRIBUTE>=home,<YOUR_USER_MAILSTORE_ATTRIBUTE>=mail,<YOUR_USER_MAIL_UID_ATTRIBUTE>=uid, <YOUR_USER_MAIL_GID_ATTRIBUTE>=gid
```
The following example illustrates this for a directory that has the qmail-schema installed and that uses ```uid```:
The following example illustrates this for a directory that has the qmail-schema installed and that uses `uid`:
```yml
- DOVECOT_PASS_ATTRS=uid=user,userPassword=password
- DOVECOT_USER_ATTRS=homeDirectory=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
- DOVECOT_PASS_FILTER=(&(objectClass=qmailUser)(uid=%u)(accountStatus=active))
- DOVECOT_USER_FILTER=(&(objectClass=qmailUser)(uid=%u)(accountStatus=active))
```yaml
- DOVECOT_PASS_ATTRS=uid=user,userPassword=password
- DOVECOT_USER_ATTRS=homeDirectory=home,qmailUID=uid,qmailGID=gid,mailMessageStore=mail
- DOVECOT_PASS_FILTER=(&(objectClass=qmailUser)(uid=%u)(accountStatus=active))
- DOVECOT_USER_FILTER=(&(objectClass=qmailUser)(uid=%u)(accountStatus=active))
```

72
docs/content/advanced/full-text-search.md
View file

@ -1,3 +1,7 @@
---
title: 'Full-Text Search'
---
## Overview
Full-text search allows all messages to be indexed, so that mail clients can quickly and efficiently search messages by their full text content.
@ -6,49 +10,49 @@ The [dovecot-solr Plugin](https://wiki2.dovecot.org/Plugins/FTS/Solr) is used in
## Setup Steps
1. docker-compose.yml:
1. `docker-compose.yml`:
```yaml
solr:
image: lmmdock/dovecot-solr:latest
volumes:
- solr-dovecot:/opt/solr/server/solr/dovecot
restart: always
mailserver:
image: tvial/docker-mailserver:latest
...
volumes:
...
- ./etc/dovecot/conf.d/10-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro
...
```
solr:
image: lmmdock/dovecot-solr:latest
volumes:
- solr-dovecot:/opt/solr/server/solr/dovecot
restart: always
mailserver:
image: tvial/docker-mailserver:latest
...
volumes:
...
- ./etc/dovecot/conf.d/10-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro
...
volumes:
solr-dovecot:
driver: local
```
solr-dovecot:
driver: local
```
2. `etc/dovecot/conf.d/10-plugin.conf`:
```
mail_plugins = $mail_plugins fts fts_solr
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://solr:8983/solr/dovecot/
}
```
```conf
mail_plugins = $mail_plugins fts fts_solr
plugin {
fts = solr
fts_autoindex = yes
fts_solr = url=http://solr:8983/solr/dovecot/
}
```
3. Start the solr container: `docker-compose up -d --remove-orphans solr`
4. Restart the mailserver container: `docker-compose restart mailserver`
5. Flag all user mailbox FTS indexes as invalid, so they are rescanned on demand when they are next searched
```
docker-compose exec mailserver doveadm fts rescan -A
```
5. Flag all user mailbox FTS indexes as invalid, so they are rescanned on demand when they are next searched: `docker-compose exec mailserver doveadm fts rescan -A`
## Further discussion
See [issue #905](https://github.com/tomav/docker-mailserver/issues/905)
## Further Discussion
See [#905][github-issue-905]
[github-issue-905]: https://github.com/docker-mailserver/docker-mailserver/issues/905

16
docs/content/advanced/ipv6.md
View file

@ -1,6 +1,10 @@
---
title: 'IPv6'
---
## Background
If your container host supports IPv6, then `docker-mailserver` will automatically accept IPv6 connections by way of the docker host's IPv6. However, incoming mail will fail SPF checks because they will appear to come from the IPv4 gateway that docker is using to proxy the IPv6 connection (172.20.0.1 is the gateway).
If your container host supports IPv6, then `docker-mailserver` will automatically accept IPv6 connections by way of the docker host's IPv6. However, incoming mail will fail SPF checks because they will appear to come from the IPv4 gateway that docker is using to proxy the IPv6 connection (`172.20.0.1` is the gateway).
This can be solved by supporting IPv6 connections all the way to the `docker-mailserver` container.
@ -11,9 +15,9 @@ This can be solved by supporting IPv6 connections all the way to the `docker-mai
@@ -1,4 +1,4 @@
-version: '2'
+version: '2.1'
@@ -32,6 +32,16 @@ services:
+ ipv6nat:
+ image: robbertkl/ipv6nat
+ restart: always
@ -37,6 +41,8 @@ This can be solved by supporting IPv6 connections all the way to the `docker-mai
+ gateway: fd00:0123:4567::1
```
## Further discussion
## Further Discussion
See [issue #1438](https://github.com/tomav/docker-mailserver/issues/1438)
See [#1438][github-issue-1438]
[github-issue-1438]: https://github.com/docker-mailserver/docker-mailserver/issues/1438

176
docs/content/advanced/kubernetes.md
View file

@ -1,13 +1,17 @@
## Deployment example
---
title: 'Kubernetes'
---
There is nothing much in deploying mailserver to Kubernetes itself. The things are pretty same as in [`docker-compose.yml`][1], but with Kubernetes syntax.
## Deployment Example
There is nothing much in deploying mailserver to Kubernetes itself. The things are pretty same as in [`docker-compose.yml`][github-file-compose], but with Kubernetes syntax.
```yaml
apiVersion: v1
kind: Namespace
metadata:
name: mailserver
---
---
kind: ConfigMap
apiVersion: v1
metadata:
@ -62,7 +66,7 @@ data:
TrustedHosts: |
127.0.0.1
localhost
#user-patches.sh: |
# #!/bin/bash
@ -224,27 +228,24 @@ spec:
claimName: mail-storage
- name: tmp-files
emptyDir: {}
```
__Note:__
Any sensitive data (keys, etc) should be deployed via [Secrets][50]. Other configuration just fits well into [ConfigMaps][51].
!!! note
Any sensitive data (keys, etc) should be deployed via [Secrets][k8s-config-secret]. Other configuration just fits well into [ConfigMaps][k8s-config-pod].
__Note:__
Make sure that [Pod][52] is [assigned][59] to specific [Node][53] in case you're using volume for data directly with `hostPath`. Otherwise Pod can be rescheduled on a different Node and previous data won't be found. Except the case when you're using some shared filesystem on your Nodes.
!!! note
Make sure that [Pod][k8s-workload-pod] is [assigned][k8s-assign-pod-node] to specific [Node][k8s-nodes] in case you're using volume for data directly with `hostPath`. Otherwise Pod can be rescheduled on a different Node and previous data won't be found. Except the case when you're using some shared filesystem on your Nodes.
## Exposing to outside world
## Exposing to the Outside World
The hard part with Kubernetes is to expose deployed mailserver to outside world. Kubernetes provides multiple ways for doing that. Each has its downsides and complexity.
The major problem with exposing mailserver to outside world in Kubernetes is to [preserve real client IP][57]. Real client IP is required by mailserver for performing IP-based SPF checks and spam checks.
The major problem with exposing mailserver to outside world in Kubernetes is to [preserve real client IP][k8s-service-source-ip]. Real client IP is required by mailserver for performing IP-based SPF checks and spam checks.
Preserving real client IP is relatively [non-trivial in Kubernetes][57] and most exposing ways do not provide it. So, it's up to you to decide which exposing way suits better your needs in a price of complexity.
Preserving real client IP is relatively [non-trivial in Kubernetes][k8s-service-source-ip] and most exposing ways do not provide it. So, it's up to you to decide which exposing way suits better your needs in a price of complexity.
If you do not require SPF checks for incoming mails you may disable them in [Postfix configuration][docs-postfix] by dropping following line (which removes `check_policy_service unix:private/policyd-spf` option):
If you do not require SPF checks for incoming mails you may disable them in [Postfix configuration][2] by dropping following line (which removes `check_policy_service unix:private/policyd-spf` option):
```yaml
kind: ConfigMap
apiVersion: v1
@ -264,18 +265,16 @@ apiVersion: extensions/v1beta1
metadata:
name: mailserver
# ...
volumeMounts:
- name: config
subPath: postfix-main.cf
mountPath: /tmp/docker-mailserver/postfix-main.cf
readOnly: true
# ...
volumeMounts:
- name: config
subPath: postfix-main.cf
mountPath: /tmp/docker-mailserver/postfix-main.cf
readOnly: true
```
### External IPs Service
The simplest way is to expose mailserver as a [Service][55] with [external IPs][56].
The simplest way is to expose mailserver as a [Service][k8s-network-service] with [external IPs][k8s-network-external-ip].
```yaml
kind: Service
@ -292,29 +291,27 @@ spec:
port: 25
targetPort: smtp
# ...
externalIPs:
- 80.11.12.10
externalIPs:
- 80.11.12.10
```
##### Downsides
**Downsides**
- __Real client IP is not preserved__, so SPF check of incoming mail will fail.
- Requirement to specify exposed IPs explicitly.
### Proxy port to Service
The [Proxy Pod][58] helps to avoid necessity of specifying external IPs explicitly. This comes in price of complexity: you must deploy Proxy Pod on each [Node][53] you want to expose mailserver on.
The [Proxy Pod][k8s-proxy-service] helps to avoid necessity of specifying external IPs explicitly. This comes in price of complexity: you must deploy Proxy Pod on each [Node][k8s-nodes] you want to expose mailserver on.
##### Downsides
**Downsides**
- __Real client IP is not preserved__, so SPF check of incoming mail will fail.
### Bind to concrete Node and use host network
The simplest way to preserve real client IP is to use `hostPort` and `hostNetwork: true` in the mailserver [Pod][52]. This comes in price of availability: you can talk to mailserver from outside world only via IPs of [Node][53] where mailserver is deployed.
The simplest way to preserve real client IP is to use `hostPort` and `hostNetwork: true` in the mailserver [Pod][k8s-workload-pod]. This comes in price of availability: you can talk to mailserver from outside world only via IPs of [Node][k8s-nodes] where mailserver is deployed.
```yaml
kind: Deployment
@ -326,7 +323,7 @@ metadata:
hostNetwork: true
# ...
containers:
# ...
# ...
ports:
- name: smtp
containerPort: 25
@ -340,31 +337,32 @@ metadata:
# ...
```
##### Downsides
**Downsides**
- Not possible to access mailserver via other cluster Nodes, only via the one mailserver deployed at.
- Every Port within the Container is exposed on the Host side, regardless of what the `ports` section in the Configuration defines.
### Proxy port to Service via PROXY protocol
### Proxy Port to Service via PROXY Protocol
This way is ideologically the same as [using Proxy Pod](#proxy-port-to-service), but instead of a separate proxy pod, you configure your ingress to proxy TCP traffic to the mailserver pod using the PROXY protocol, which preserves the real client IP.
#### Configure your ingress
With an [NGINX ingress controller][12], set `externalTrafficPolicy: Local` for its service, and add the following to the TCP services config map (as described [here][13]):
#### Configure your Ingress
With an [NGINX ingress controller][k8s-nginx], set `externalTrafficPolicy: Local` for its service, and add the following to the TCP services config map (as described [here][k8s-nginx-expose]):
```yaml
# ...
25: "mailserver/mailserver:25::PROXY"
465: "mailserver/mailserver:465::PROXY"
587: "mailserver/mailserver:587::PROXY"
993: "mailserver/mailserver:993::PROXY"
# ...
25: "mailserver/mailserver:25::PROXY"
465: "mailserver/mailserver:465::PROXY"
587: "mailserver/mailserver:587::PROXY"
993: "mailserver/mailserver:993::PROXY"
```
With [HAProxy][11], the configuration should look similar to the above. If you know what it actually looks like, add an example here. :)
With [HAProxy][dockerhub-haproxy], the configuration should look similar to the above. If you know what it actually looks like, add an example here. :smiley:
#### Configure the Mailserver
Then, configure both [Postfix][docs-postfix] and [Dovecot][docs-dovecot] to expect the PROXY protocol:
#### Configure the mailserver
Then, configure both [Postfix][2] and [Dovecot][3] to expect the PROXY protocol:
```yaml
kind: ConfigMap
apiVersion: v1
@ -379,7 +377,8 @@ data:
submission/inet/smtpd_upstream_proxy_protocol=haproxy
smtps/inet/smtpd_upstream_proxy_protocol=haproxy
dovecot.cf: |
haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8 # Assuming your ingress controller is bound to 10.0.0.0/8
# Assuming your ingress controller is bound to 10.0.0.0/8
haproxy_trusted_networks = 10.0.0.0/8, 127.0.0.0/8
service imap-login {
inet_listener imaps {
haproxy = yes
@ -410,18 +409,15 @@ spec:
subPath: dovecot.cf
mountPath: /tmp/docker-mailserver/dovecot.cf
readOnly: true
# ...
```
##### Downsides
**Downsides**
- Not possible to access mailserver via inner cluster Kubernetes DNS, as PROXY protocol is required for incoming connections.
## Let's Encrypt Certificates
## Let's Encrypt certificates
[Kube-Lego][10] may be used for a role of Let's Encrypt client. It works with Kubernetes [Ingress Resources][54] and automatically issues/manages certificates/keys for exposed services via Ingresses.
[Kube-Lego][kube-lego] may be used for a role of Let's Encrypt client. It works with Kubernetes [Ingress Resources][k8s-network-ingress] and automatically issues/manages certificates/keys for exposed services via Ingresses.
```yaml
kind: Ingress
@ -447,49 +443,43 @@ spec:
- example.com
```
Now, you can use Let's Encrypt cert and key from `mailserver.tls` [Secret][50]
in your [Pod][52] spec.
Now, you can use Let's Encrypt cert and key from `mailserver.tls` [Secret][k8s-config-secret] in your [Pod][k8s-workload-pod] spec:
```yaml
# ...
env:
- name: SSL_TYPE
value: 'manual'
- name: SSL_CERT_PATH
value: '/etc/ssl/mailserver/tls.crt'
- name: SSL_KEY_PATH
value: '/etc/ssl/mailserver/tls.key'
env:
- name: SSL_TYPE
value: 'manual'
- name: SSL_CERT_PATH
value: '/etc/ssl/mailserver/tls.crt'
- name: SSL_KEY_PATH
value: '/etc/ssl/mailserver/tls.key'
# ...
volumeMounts:
- name: tls
mountPath: /etc/ssl/mailserver
readOnly: true
# ...
volumes:
- name: tls
secret:
secretName: mailserver.tls
volumeMounts:
- name: tls
mountPath: /etc/ssl/mailserver
readOnly: true
# ...
volumes:
- name: tls
secret:
secretName: mailserver.tls
```
[1]: https://github.com/tomav/docker-mailserver/blob/master/docker-compose.yml.dist
[2]: https://github.com/tomav/docker-mailserver/wiki/Overwrite-Default-Postfix-Configuration
[3]: https://github.com/tomav/docker-mailserver/wiki/Override-Default-Dovecot-Configuration
[10]: https://github.com/jetstack/kube-lego
[11]: https://hub.docker.com/_/haproxy
[12]: https://kubernetes.github.io/ingress-nginx/
[13]: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services/
[50]: https://kubernetes.io/docs/concepts/configuration/secret
[51]: https://kubernetes.io/docs/tasks/configure-pod-container/configmap
[52]: https://kubernetes.io/docs/concepts/workloads/pods/pod
[53]: https://kubernetes.io/docs/concepts/architecture/nodes
[54]: https://kubernetes.io/docs/concepts/services-networking/ingress
[55]: https://kubernetes.io/docs/concepts/services-networking/service
[56]: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
[57]: https://kubernetes.io/docs/tutorials/services/source-ip
[58]: https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service
[59]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node
[docs-dovecot]: ./override-defaults/dovecot.md
[docs-postfix]: ./override-defaults/postfix.md
[github-file-compose]: https://github.com/docker-mailserver/docker-mailserver/blob/master/docker-compose.yml
[dockerhub-haproxy]: https://hub.docker.com/_/haproxy
[kube-lego]: https://github.com/jetstack/kube-lego
[k8s-assign-pod-node]: https://kubernetes.io/docs/concepts/configuration/assign-pod-node
[k8s-config-pod]: https://kubernetes.io/docs/tasks/configure-pod-container/configmap
[k8s-config-secret]: https://kubernetes.io/docs/concepts/configuration/secret
[k8s-nginx]: https://kubernetes.github.io/ingress-nginx
[k8s-nginx-expose]: https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services
[k8s-network-ingress]: https://kubernetes.io/docs/concepts/services-networking/ingress
[k8s-network-service]: https://kubernetes.io/docs/concepts/services-networking/service
[k8s-network-external-ip]: https://kubernetes.io/docs/concepts/services-networking/service/#external-ips
[k8s-nodes]: https://kubernetes.io/docs/concepts/architecture/nodes
[k8s-proxy-service]: https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service
[k8s-service-source-ip]: https://kubernetes.io/docs/tutorials/services/source-ip
[k8s-workload-pod]: https://kubernetes.io/docs/concepts/workloads/pods/pod

64
docs/content/advanced/mail-fetchmail.md
View file

@ -1,16 +1,18 @@
To enable the [fetchmail](http://www.fetchmail.info) service to retrieve e-mails set the environment variable `ENABLE_FETCHMAIL` to `1`. Your `docker-compose.yml` file should look like following snippet:
---
title: 'Email Gathering with Fetchmail'
---
To enable the [fetchmail][fetchmail-website] service to retrieve e-mails set the environment variable `ENABLE_FETCHMAIL` to `1`. Your `docker-compose.yml` file should look like following snippet:
```yaml
...
environment:
- ENABLE_FETCHMAIL=1
- FETCHMAIL_POLL=300
...
```
Generate a file called `fetchmail.cf` and place it in the `config` folder. Your `docker-mailserver` folder should look like this example:
```
```txt
├── config
│   ├── dovecot.cf
│   ├── fetchmail.cf
@ -20,56 +22,59 @@ Generate a file called `fetchmail.cf` and place it in the `config` folder. Your
└── README.md
```
# Configuration
## Configuration
A detailed description of the configuration options can be found in the [online version of the manual page](http://www.fetchmail.info/fetchmail-man.html).
A detailed description of the configuration options can be found in the [online version of the manual page][fetchmail-docs].
## Example IMAP configuration
### Example IMAP Configuration
```
```fetchmailrc
poll 'imap.example.com' proto imap
user 'username'
pass 'secret'
is 'user1@domain.tld'
ssl
user 'username'
pass 'secret'
is 'user1@domain.tld'
ssl
```
## Example POP3 configuration
### Example POP3 Configuration
```
```fetchmailrc
poll 'pop3.example.com' proto pop3
user 'username'
pass 'secret'
is 'user2@domain.tld'
ssl
user 'username'
pass 'secret'
is 'user2@domain.tld'
ssl
```
__IMPORTANT__: Dont forget the last line: e. g. `is 'user1@domain.tld'`. After `is` you have to specify one email address from the configuration file `config/postfix-accounts.cf`.
!!! caution
Dont forget the last line: eg: `is 'user1@domain.tld'`. After `is` you have to specify one email address from the configuration file `config/postfix-accounts.cf`.
More details how to configure fetchmail can be found in the [fetchmail man page in the chapter “The run control file”](http://www.fetchmail.info/fetchmail-man.html#31).
More details how to configure fetchmail can be found in the [fetchmail man page in the chapter “The run control file”][fetchmail-docs-run].
## Polling interval
### Polling Interval
By default the fetchmail service searches every 5 minutes for new mails on your external mail accounts. You can override this default value by changing the ENV variable `FETCHMAIL_POLL`.
By default the fetchmail service searches every 5 minutes for new mails on your external mail accounts. You can override this default value by changing the ENV variable `FETCHMAIL_POLL`:
```yaml
environment:
- FETCHMAIL_POLL=60
```
You must specify a numeric argument which is a polling interval in seconds. The example above polls every minute for new mails.
# Debugging
## Debugging
To debug your `fetchmail.cf` configuration run this command:
```
```sh
./setup.sh debug fetchmail
```
For more informations about the configuration script `setup.sh` [[read the corresponding wiki page|Setup-docker-mailserver-using-the-script-setup.sh]].
For more informations about the configuration script `setup.sh` [read the corresponding docs][docs-setup].
Here a sample output of `./setup.sh debug fetchmail`:
```
```log
fetchmail: 6.3.26 querying outlook.office365.com (protocol POP3) at Mon Aug 29 22:11:09 2016: poll started
Trying to connect to 132.245.48.18/995...connected.
fetchmail: Server certificate:
@ -107,4 +112,9 @@ fetchmail: POP3> QUIT
fetchmail: POP3< +OK Microsoft Exchange Server 2016 POP3 server signing off.
fetchmail: 6.3.26 querying outlook.office365.com (protocol POP3) at Mon Aug 29 22:11:11 2016: poll completed
fetchmail: normal termination, status 1
```
```
[docs-setup]: ../config/setup.sh.md
[fetchmail-website]: https://www.fetchmail.info
[fetchmail-docs]: https://www.fetchmail.info/fetchmail-man.html
[fetchmail-docs-run]: https://www.fetchmail.info/fetchmail-man.html#31

31
docs/content/advanced/mail-forwarding/aws-ses.md
View file

@ -1,26 +1,35 @@
Note: new configuration, see [Configure Relay Hosts](https://github.com/tomav/docker-mailserver/wiki/Configure-Relay-Hosts)
---
title: 'Mail Forwarding | AWS SES'
---
Instead of letting postfix deliver mail directly it is possible to configure it to deliver outgoing email via Amazon SES (Simple Email Service). (Receiving inbound email via SES is not implemented.) The configuration follows the guidelines provided by AWS in http://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html, specifically, the STARTTLS method.
!!! note
New configuration, see [Configure Relay Hosts][docs-relay]
As described in the AWS Developer Guide you will have to generate SMTP credentials and define the following two environment variables in the docker-compose.yml with the appropriate values for your AWS SES subscription (the values for AWS_SES_USERPASS are the "SMTP username" and "SMTP password" provided when you create SMTP credentials for SES):
Instead of letting postfix deliver mail directly it is possible to configure it to deliver outgoing email via Amazon SES (Simple Email Service). (Receiving inbound email via SES is not implemented.) The configuration follows the guidelines provided by AWS in https://docs.aws.amazon.com/ses/latest/DeveloperGuide/postfix.html, specifically, the `STARTTLS` method.
```
environment:
- AWS_SES_HOST=email-smtp.us-east-1.amazonaws.com
- AWS_SES_USERPASS=AKIAXXXXXXXXXXXXXXXX:kqXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
As described in the AWS Developer Guide you will have to generate SMTP credentials and define the following two environment variables in the docker-compose.yml with the appropriate values for your AWS SES subscription (the values for `AWS_SES_USERPASS` are the "SMTP username" and "SMTP password" provided when you create SMTP credentials for SES):
```yaml
environment:
- AWS_SES_HOST=email-smtp.us-east-1.amazonaws.com
- AWS_SES_USERPASS=AKIAXXXXXXXXXXXXXXXX:kqXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```
If necessary, you can also provide AWS_SES_PORT. If not provided, it defaults to 25.
If necessary, you can also provide `AWS_SES_PORT`. If not provided, it defaults to 25.
When you start the container you will see a log line as follows confirming the configuration:
```
```log
Setting up outgoing email via AWS SES host email-smtp.us-east-1.amazonaws.com
```
To verify proper operation, send an email to some external account of yours and inspect the mail headers. You will also see the connection to SES in the mail logs. For example:
```
```log
May 23 07:09:36 mail postfix/smtp[692]: Trusted TLS connection established to email-smtp.us-east-1.amazonaws.com[107.20.142.169]:25:
TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
May 23 07:09:36 mail postfix/smtp[692]: 8C82A7E7: to=<someone@example.com>, relay=email-smtp.us-east-1.amazonaws.com[107.20.142.169]:25,
delay=0.35, delays=0/0.02/0.13/0.2, dsn=2.0.0, status=sent (250 Ok 01000154dc729264-93fdd7ea-f039-43d6-91ed-653e8547867c-000000)
```
[docs-relay]: ./relay-hosts.md

51
docs/content/advanced/mail-forwarding/relay-hosts.md
View file

@ -1,10 +1,14 @@
# Introduction
---
title: 'Mail Forwarding | Relay Hosts'
---
## Introduction
Rather than having Postfix deliver mail directly, you can configure Postfix to send mail via another mail relay (smarthost). Examples include [Mailgun](https://www.mailgun.com/), [Sendgrid](https://sendgrid.com/) and [AWS SES](https://aws.amazon.com/ses/).
Depending on the domain of the sender, you may want to send via a different relay, or authenticate in a different way.
# Basic Configuration
## Basic Configuration
Basic configuration is done via environment variables:
@ -15,57 +19,62 @@ Basic configuration is done via environment variables:
Setting these environment variables will cause mail for all sender domains to be routed via the specified host, authenticating with the user/password combination.
Note for users of the previous AWS_SES_* variables: please update your configuration to use these new variables, no other configuration is required.
!!! note
For users of the previous `AWS_SES_*` variables: please update your configuration to use these new variables, no other configuration is required.
# Advanced Configuration
## Sender-dependent Authentication
## Advanced Configuration
Sender dependent authentication is done in `config/postfix-sasl-password.cf`. You can create this file manually, or use
### Sender-dependent Authentication
```bash
Sender dependent authentication is done in `config/postfix-sasl-password.cf`. You can create this file manually, or use:
```sh
setup.sh relay add-auth <domain> <username> [<password>]
```
An example configuration file looks like this:
```
```txt
@domain1.com relay_user_1:password_1
@domain2.com relay_user_2:password_2
```
If there is no other configuration, this will cause Postfix to deliver email throught the relay specified in `RELAY_HOST` env variable, authenticating as `relay_user_1` when sent from domain1.com and authenticating as `relay_user_2` when sending from domain2.com.
If there is no other configuration, this will cause Postfix to deliver email throught the relay specified in `RELAY_HOST` env variable, authenticating as `relay_user_1` when sent from `domain1.com` and authenticating as `relay_user_2` when sending from domain2.com.
**NOTE** to activate the configuration you must either restart the container, or you can also trigger an update by modifying a mail account.
!!! note
To activate the configuration you must either restart the container, or you can also trigger an update by modifying a mail account.
## Sender-dependent Relay Host
### Sender-dependent Relay Host
Sender dependent relay hosts are configured in `config/postfix-relaymap.cf`. You can create this file manually, or use
Sender dependent relay hosts are configured in `config/postfix-relaymap.cf`. You can create this file manually, or use:
```bash
```sh
setup.sh relay add-domain <domain> <host> [<port>]
```
An example configuration file looks like this:
```
```txt
@domain1.com [relay1.org]:587
@domain2.com [relay2.org]:2525
```
Combined with the previous configuration in `config/postfix-sasl-password.cf`, this will cause Postfix to deliver mail sent from domain1.com via `relay1.org:587`, authenticating as `relay_user_1`, and mail sent from domain2.com via `relay2.org:2525` authenticating as `relay_user_2`.
**NOTE** You still have to define RELAY_HOST to activate the feature
Combined with the previous configuration in `config/postfix-sasl-password.cf`, this will cause Postfix to deliver mail sent from domain1.com via `relay1.org:587`, authenticating as `relay_user_1`, and mail sent from domain2.com via `relay2.org:2525` authenticating as `relay_user_2`.
## Excluding Sender Domains
!!! note
You still have to define `RELAY_HOST` to activate the feature
If you want mail sent from some domains to be delivered directly, you can exclude them from being delivered via the default relay by adding them to `config/postfix-relaymap.cf` with no destination. You can also do this via
### Excluding Sender Domains
```bash
If you want mail sent from some domains to be delivered directly, you can exclude them from being delivered via the default relay by adding them to `config/postfix-relaymap.cf` with no destination. You can also do this via:
```sh
setup.sh relay exclude-domain <domain>
```
Extending the configuration file from above:
```
```txt
@domain1.com [relay1.org]:587
@domain2.com [relay2.org]:2525
@domain3.com
@ -73,7 +82,7 @@ Extending the configuration file from above:
This will cause email sent from domain3.com to be delivered directly.
### References
#### References
Thanks to the author of [this article][1] for the inspiration. This is also worth reading to understand a bit more about how to set up Mailgun to work with this.

42
docs/content/advanced/mail-sieve.md
View file

@ -1,4 +1,8 @@
### User-defined sieve filters
---
title: 'Email Filtering with Sieve'
---
## User-Defined Sieve Filters
[Sieve](http://sieve.info/) allows to specify filtering rules for incoming emails that allow for example sorting mails into different folders depending on the title of an email.
There are global and user specific filters which are filtering the incoming emails in the following order:
@ -11,62 +15,62 @@ If any filter in this filtering chain discards an incoming mail, the delivery pr
To specify a user-defined Sieve filter place a `.dovecot.sieve` file into a virtual user's mail folder e.g. `/var/mail/domain.com/user1/.dovecot.sieve`. If this file exists dovecot will apply the filtering rules.
It's even possible to install a user provided Sieve filter at startup during users setup: simply include a Sieve file in the `config `path for each user login that need a filter. The file name provided should be in the form **\<user_login\>.dovecot.sieve**, so for example for `user1@domain.tld` you should provide a Sieve file named `config/user1@domain.tld.dovecot.sieve`.
It's even possible to install a user provided Sieve filter at startup during users setup: simply include a Sieve file in the `config` path for each user login that need a filter. The file name provided should be in the form `<user_login>.dovecot.sieve`, so for example for `user1@domain.tld` you should provide a Sieve file named `config/user1@domain.tld.dovecot.sieve`.
An example of a sieve filter that moves mails to a folder `INBOX/spam` depending on the sender address:
```
```sieve
require ["fileinto", "reject"];
if address :contains ["From"] "spam@spam.com" {
fileinto "INBOX.spam";
fileinto "INBOX.spam";
} else {
keep;
keep;
}
```
***Note:*** that folders have to exist beforehand if sieve should move them.
!!! note
That folders have to exist beforehand if sieve should move them.
Another example of a sieve filter that forward mails to a different address:
```
```sieve
require ["copy"];
redirect :copy "user2@otherdomain.tld";
```
Just forward all incoming emails and do not save them locally:
```
```sieve
redirect "user2@otherdomain.tld";
```
You can also use external programs to filter or pipe (process) messages by adding executable scripts in `config/sieve-pipe` or `config/sieve-filter`. This can be used in lieu of a local alias file, for instance to forward an email to a webservice. These programs can then be referenced by filename, by all users. Note that the process running the scripts run as a privileged user. For further information see [Dovecot's wiki](https://wiki.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe).
```
```sieve
require ["vnd.dovecot.pipe"];
pipe "external-program";
```
For more examples or a detailed description of the Sieve language have a look at [the official site](http://sieve.info/examplescripts). Other resources are available on the internet where you can find several [examples](https://support.tigertech.net/sieve#sieve-example-rules-jmp).
### Manage Sieve
## Manage Sieve
The [Manage Sieve](https://doc.dovecot.org/admin_manual/pigeonhole_managesieve_server/) extension allows users to modify their Sieve script by themselves. The authentication mechanisms are the same as for the main dovecot service. ManageSieve runs on port `4190` and needs to be enabled using the `ENABLE_MANAGESIEVE=1` environment variable.
```
(docker-compose.yml)
```yaml
# docker-compose.yml
ports:
- ...
- "4190:4190"
- "4190:4190"
environment:
- ...
- ENABLE_MANAGESIEVE=1
- ENABLE_MANAGESIEVE=1
```
All user defined sieve scripts that are managed by ManageSieve are stored in the user's home folder in `/var/mail/domain.com/user1/sieve`. Just one sieve script might be active for a user and is sym-linked to `/var/mail/domain.com/user1/.dovecot.sieve` automatically.
***Note:*** ManageSieve makes sure to not overwrite an existing `.dovecot.sieve` file. If a user activates a new sieve script the old one is backuped and moved to the `sieve` folder.
!!! note
ManageSieve makes sure to not overwrite an existing `.dovecot.sieve` file. If a user activates a new sieve script the old one is backuped and moved to the `sieve` folder.
The extension is known to work with the following ManageSieve clients:
* **Sieve Editor** a portable standalone application based on the former Thunderbird plugin (https://github.com/thsmi/sieve).

16
docs/content/advanced/maintenance/update-and-cleanup.md
View file

@ -1,10 +1,15 @@
## Automatic update
---
title: 'Maintenance | Update and Cleanup'
---
## Automatic Update
Docker images are handy but it can get a a hassle to keep them updated. Also when a repository is automated you want to get these images when they get out.
One could setup a complex action/hook-based workflow using probes, but there is a nice, easy to use docker image that solves this issue and could prove useful: [watchtower](https://hub.docker.com/r/containrrr/watchtower).
One could setup a complex action/hook-based workflow using probes, but there is a nice, easy to use docker image that solves this issue and could prove useful: [`watchtower`](https://hub.docker.com/r/containrrr/watchtower).
A docker-compose example:
```yaml
services:
watchtower:
@ -16,11 +21,12 @@ services:
For more details, see the [manual](https://containrrr.github.io/watchtower/)
## Automatic cleanup
## Automatic Cleanup
When you are pulling new images in automatically, it would be nice to have them cleaned up as well. There is also a docker image for this: [spotify/docker-gc](https://hub.docker.com/r/spotify/docker-gc/).
When you are pulling new images in automatically, it would be nice to have them cleaned up as well. There is also a docker image for this: [`spotify/docker-gc`](https://hub.docker.com/r/spotify/docker-gc/).
A docker-compose example:
```yaml
services:
docker-gc:
@ -32,4 +38,4 @@ services:
For more details, see the [manual](https://github.com/spotify/docker-gc/blob/master/README.md)
Or you can just use the [`--cleanup`](https://containrrr.github.io/watchtower/arguments/#cleanup) option provided by containrrr/watchtower.
Or you can just use the [`--cleanup`](https://containrrr.github.io/watchtower/arguments/#cleanup) option provided by `containrrr/watchtower`.

78
docs/content/advanced/optional-config.md
View file

@ -1,32 +1,54 @@
---
title: 'Optional Configuration'
hide:
- toc # Hide Table of Contents for this page
---
This is a list of all configuration files and directories which are optional or automatically generated in your `config` directory.
## Directories:
- **sieve-filter:** directory for sieve filter scripts. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters)
- **sieve-pipe:** directory for sieve pipe scripts. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters)
- **opendkim:** DKIM directory. Autoconfigurable via [setup.sh config dkim](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh#config). See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-DKIM) for further info
- **ssl:** SSL Certificate directory. Autoconfigurable via [setup.sh config ssl](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh#config). Make sure to read the [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-SSL) as well to get a working mail server.
## Directories
## Files:
- **{user_email_address}.dovecot.sieve:** User specific Sieve filter file. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters)
- **before.dovecot.sieve:** Global Sieve filter file, applied prior to the ${login}.dovecot.sieve filter. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters)
- **after.dovecot.sieve**: Global Sieve filter file, applied after the ${login}.dovecot.sieve filter. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Sieve-filters)
- **postfix-main.cf:** Every line will be added to the postfix main configuration. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Override-Default-Postfix-Configuration)
- **postfix-master.cf:** Every line will be added to the postfix master configuration. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Override-Default-Postfix-Configuration)
- **postfix-accounts.cf:** User accounts file. Modify via the [setup.sh email](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh#email) script.
- **postfix-send-access.cf:** List of users denied sending. Modify via [setup.sh email restrict](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh#email)
- **postfix-receive-access.cf:** List of users denied receiving. Modify via [setup.sh email restrict](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh#email)
- **postfix-virtual.cf:** Alias configuration file. Modify via [setup.sh alias](https://github.com/tomav/docker-mailserver/wiki/Setup-docker-mailserver-using-the-script-setup.sh#alias)
- **postfix-sasl-password.cf:** listing of relayed domains with their respective username:password. Modify via `setup.sh relay add-auth <domain> <username> [<password>]`. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Relay-Hosts#sender-dependent-authentication)
- **postfix-relaymap.cf:** domain-specific relays and exclusions Modify via `setup.sh relay add-domain` and `setup.sh relay exclude-domain`. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Relay-Hosts#sender-dependent-relay-host)
- **postfix-regexp.cf:** Regular expression alias file. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Aliases#configuring-regexp-aliases)
- **ldap-users.cf:** Configuration for the virtual user mapping (virtual_mailbox_maps). See the [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/a564cca0e55feba40e273a5419d4c9a864460bf6/target/start-mailserver.sh#L583) script
- **ldap-groups.cf:** Configuration for the virtual alias mapping (virtual_alias_maps). See the [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/a564cca0e55feba40e273a5419d4c9a864460bf6/target/start-mailserver.sh#L583) script
- **ldap-aliases.cf:** Configuration for the virtual alias mapping (virtual_alias_maps). See the [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/a564cca0e55feba40e273a5419d4c9a864460bf6/target/start-mailserver.sh#L583) script
- **ldap-domains.cf:** Configuration for the virtual domain mapping (virtual_mailbox_domains). See the [start-mailserver.sh](https://github.com/tomav/docker-mailserver/blob/a564cca0e55feba40e273a5419d4c9a864460bf6/target/start-mailserver.sh#L583) script
- **sieve-filter:** directory for sieve filter scripts. (Docs: [Sieve][docs-sieve])
- **sieve-pipe:** directory for sieve pipe scripts. (Docs: [Sieve][docs-sieve])
- **opendkim:** DKIM directory. Auto-configurable via [`setup.sh config dkim`][docs-setupsh]. (Docs: [DKIM][docs-dkim])
- **ssl:** SSL Certificate directory. Auto-configurable via [`setup.sh config ssl`][docs-setupsh]. (Docs: [SSL][docs-ssl])
## Files
- **{user_email_address}.dovecot.sieve:** User specific Sieve filter file. (Docs: [Sieve][docs-sieve])
- **before.dovecot.sieve:** Global Sieve filter file, applied prior to the `${login}.dovecot.sieve` filter. (Docs: [Sieve][docs-sieve])
- **after.dovecot.sieve**: Global Sieve filter file, applied after the `${login}.dovecot.sieve` filter. (Docs: [Sieve][docs-sieve])
- **postfix-main.cf:** Every line will be added to the postfix main configuration. (Docs: [Override Postfix Defaults][docs-override-postfix])
- **postfix-master.cf:** Every line will be added to the postfix master configuration. (Docs: [Override Postfix Defaults][docs-override-postfix])
- **postfix-accounts.cf:** User accounts file. Modify via the [`setup.sh email`][docs-setupsh] script.
- **postfix-send-access.cf:** List of users denied sending. Modify via [`setup.sh email restrict`][docs-setupsh].
- **postfix-receive-access.cf:** List of users denied receiving. Modify via [`setup.sh email restrict`][docs-setupsh].
- **postfix-virtual.cf:** Alias configuration file. Modify via [`setup.sh alias`][docs-setupsh].
- **postfix-sasl-password.cf:** listing of relayed domains with their respective `<username>:<password>`. Modify via `setup.sh relay add-auth <domain> <username> [<password>]`. (Docs: [Relay-Hosts Auth][docs-relayhosts-senderauth])
- **postfix-relaymap.cf:** domain-specific relays and exclusions. Modify via `setup.sh relay add-domain` and `setup.sh relay exclude-domain`. (Docs: [Relay-Hosts Senders][docs-relayhosts-senderhost])
- **postfix-regexp.cf:** Regular expression alias file. (Docs: [Aliases][docs-aliases-regex])
- **ldap-users.cf:** Configuration for the virtual user mapping `virtual_mailbox_maps`. See the [`setup-stack.sh`][github-commit-setup-stack.sh-L411] script.
- **ldap-groups.cf:** Configuration for the virtual alias mapping `virtual_alias_maps`. See the [`setup-stack.sh`][github-commit-setup-stack.sh-L411] script.
- **ldap-aliases.cf:** Configuration for the virtual alias mapping `virtual_alias_maps`. See the [`setup-stack.sh`][github-commit-setup-stack.sh-L411] script.
- **ldap-domains.cf:** Configuration for the virtual domain mapping `virtual_mailbox_domains`. See the [`setup-stack.sh`][github-commit-setup-stack.sh-L411] script.
- **whitelist_clients.local:** Whitelisted domains, not considered by postgrey. Enter one host or domain per line.
- **spamassassin-rules.cf:** Antispam rules for Spamassassin. See [wiki](https://github.com/tomav/docker-mailserver/wiki/FAQ-and-Tips#how-can-i-manage-my-custom-spamassassin-rules)
- **fail2ban-fail2ban.cf:** Additional config options for fail2ban.cf. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Fail2ban)
- **fail2ban-jail.cf:** Additional config options for fail2ban's jail behaviour. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Fail2ban)
- **amavis.cf:** replaces the /etc/amavis/conf.d/50-user file
- **dovecot.cf:** replaces /etc/dovecot/local.conf. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Override-Default-Dovecot-Configuration)
- **dovecot-quotas.cf:** list of custom quotas per mailbox. See [wiki](https://github.com/tomav/docker-mailserver/wiki/Configure-Accounts#mailbox-quota)
- **spamassassin-rules.cf:** Antispam rules for Spamassassin. (Docs: [FAQ - SpamAssassin Rules][docs-faq-spamrules])
- **fail2ban-fail2ban.cf:** Additional config options for `fail2ban.cf`. (Docs: [Fail2Ban][docs-fail2ban])
- **fail2ban-jail.cf:** Additional config options for fail2ban's jail behaviour. (Docs: [Fail2Ban][docs-fail2ban])
- **amavis.cf:** replaces the `/etc/amavis/conf.d/50-user` file
- **dovecot.cf:** replaces `/etc/dovecot/local.conf`. (Docs: [Override Dovecot Defaults][docs-override-dovecot])
- **dovecot-quotas.cf:** list of custom quotas per mailbox. (Docs: [Accounts][docs-accounts-quota])
[docs-accounts-quota]: ../config/user-management/accounts.md#notes
[docs-aliases-regex]: ../config/user-management/aliases.md#configuring-regexp-aliases
[docs-dkim]: ../config/best-practices/dkim.md
[docs-fail2ban]: ../config/security/fail2ban.md
[docs-faq-spamrules]: ../config/troubleshooting/faq.md#how-can-i-manage-my-custom-spamassassin-rules
[docs-override-postfix]: ./override-defaults/postfix.md
[docs-override-dovecot]: ./override-defaults/dovecot.md
[docs-relayhosts-senderauth]: ./mail-forwarding/relay-hosts.md#sender-dependent-authentication
[docs-relayhosts-senderhost]: ./mail-forwarding/relay-hosts.md#sender-dependent-relay-host
[docs-sieve]: ./mail-sieve.md
[docs-setupsh]: ../config/setup.sh.md
[docs-ssl]: ../config/security/ssl.md
[github-commit-setup-stack.sh-L411]: https://github.com/docker-mailserver/docker-mailserver/blob/941e7acdaebe271eaf3d296b36d4d81df4c54b90/target/scripts/startup/setup-stack.sh#L411

53
docs/content/advanced/override-defaults/dovecot.md
View file

@ -1,11 +1,15 @@
# Add configuration
---
title: 'Override the Default Configs | Dovecot'
---
## Add Configuration
The Dovecot default configuration can easily be extended providing a `config/dovecot.cf` file.
[Dovecot documentation](http://wiki.dovecot.org/FrontPage) remains the best place to find configuration options.
[Dovecot documentation](https://wiki.dovecot.org) remains the best place to find configuration options.
Your `docker-mailserver` folder should look like this example:
```
```txt
├── config
│ ├── dovecot.cf
│ ├── postfix-accounts.cf
@ -16,47 +20,40 @@ Your `docker-mailserver` folder should look like this example:
One common option to change is the maximum number of connections per user:
```
```cf
mail_max_userip_connections = 100
```
Another important option is the `default_process_limit` (defaults to `100`). If high-security mode is enabled you'll need to make sure this count is higher than the maximum number of users that can be logged in simultaneously. This limit is quickly reached if users connect to the mail server with multiple end devices.
Another important option is the `default_process_limit` (defaults to `100`). If high-security mode is enabled you'll need to make sure this count is higher than the maximum number of users that can be logged in simultaneously.
# Override configuration
This limit is quickly reached if users connect to the mail server with multiple end devices.
For major configuration changes its best to override the `dovecot` configuration files. For each configuration file you want to override, add a list entry under the `volumes:` key.
## Override Configuration
For major configuration changes its best to override the dovecot configuration files. For each configuration file you want to override, add a list entry under the `volumes` key.
```yaml
version: '2'
services:
mail:
...
volumes:
- maildata:/var/mail
...
- ./config/dovecot/10-master.conf:/etc/dovecot/conf.d/10-master.conf
```
# Debugging
## Debugging
To debug your dovecot configuration you can use this command:
To debug your dovecot configuration you can use:
- This command: `./setup.sh debug login doveconf | grep <some-keyword>`
- Or: `docker exec -it <your-container-name> doveconf | grep <some-keyword>`
!!! note
[`setup.sh`][github-file-setupsh] is included in the `docker-mailserver` repository.
The `config/dovecot.cf` is copied internally to `/etc/dovecot/local.conf`. To check this file run:
```sh
./setup.sh debug login doveconf | grep <some-keyword>
docker exec -it <your-container-name> cat /etc/dovecot/local.conf
```
[setup.sh](https://github.com/tomav/docker-mailserver/blob/master/setup.sh) is included in the `docker-mailserver` repository.
or
```sh
docker exec -ti <your-container-name> doveconf | grep <some-keyword>
```
The `config/dovecot.cf` is copied to `/etc/dovecot/local.conf`. To check this file run:
```sh
docker exec -ti <your-container-name> cat /etc/dovecot/local.conf
```
[github-file-setupsh]: https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh

22
docs/content/advanced/override-defaults/postfix.md
View file

@ -1,24 +1,32 @@
---
title: 'Override the Default Configs | Postfix'
---
The Postfix default configuration can easily be extended by providing a `config/postfix-main.cf` in postfix format.
This can also be used to add configuration that is not in our default configuration.
For example, one common use of this file is for increasing the default maximum message size:
```
```cf
# increase maximum message size
message_size_limit = 52428800
message_size_limit = 52428800
```
That specific example is now supported and can be handled by setting POSTFIX_MESSAGE_SIZE_LIMIT.
That specific example is now supported and can be handled by setting `POSTFIX_MESSAGE_SIZE_LIMIT`.
[Postfix documentation](http://www.postfix.org/documentation.html) remains the best place to find configuration options.
Each line in the provided file will be loaded into postfix.
In the same way it is possible to add a custom `config/postfix-master.cf` file that will override the standard `master.cf`. Each line in the file will be passed to `postconf -P`. The expected format is service_name/type/parameter, for example:
```
In the same way it is possible to add a custom `config/postfix-master.cf` file that will override the standard `master.cf`. Each line in the file will be passed to `postconf -P`. The expected format is `<service_name>/<type>/<parameter>`, for example:
```cf
submission/inet/smtpd_reject_unlisted_recipient=no
```
Run `postconf -P` in the container without arguments to see the active master options.
Note! There should be no space between the parameter and the value.
!!! note
There should be no space between the parameter and the value.
Have a look at the code for more information.
Have a look at the code for more information.