mirror of
https://github.com/docker-mailserver/docker-mailserver.git
synced 2025-08-04 18:15:29 +02:00
deploy: a0ee472501
This commit is contained in:
parent
07afd2c901
commit
4d20a99272
46 changed files with 847 additions and 862 deletions
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/auth-ldap/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1123,7 +1123,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1174,7 +1174,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1432,7 +1432,7 @@
|
|||
<h1>LDAP Authentication</h1>
|
||||
|
||||
<h2 id="introduction"><a class="toclink" href="#introduction">Introduction</a></h2>
|
||||
<p>Getting started with ldap and this mailserver we need to take 3 parts in account:</p>
|
||||
<p>Getting started with ldap and <code>docker-mailserver</code> we need to take 3 parts in account:</p>
|
||||
<ul>
|
||||
<li><code>postfix</code> for incoming & outgoing email</li>
|
||||
<li><code>dovecot</code> for accessing mailboxes</li>
|
||||
|
@ -1528,9 +1528,9 @@
|
|||
<span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example.com</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
|
||||
<span class="nt">ports</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"25:25"</span>
|
||||
|
@ -1539,11 +1539,11 @@
|
|||
<span class="p p-Indicator">-</span> <span class="s">"993:993"</span>
|
||||
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./data/maildata:/var/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./data/mailstate:/var/mail-state</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./data/maillogs:/var/log/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-data/:/var/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-state/:/var/mail-state/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-logs/:/var/log/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/etc/localtime:/etc/localtime:ro</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
|
||||
|
||||
<span class="nt">environment</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">ENABLE_SPAMASSASSIN=1</span>
|
||||
|
@ -1591,9 +1591,9 @@
|
|||
<span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example.com</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
|
||||
<span class="nt">ports</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"25:25"</span>
|
||||
|
@ -1602,9 +1602,9 @@
|
|||
<span class="p p-Indicator">-</span> <span class="s">"993:993"</span>
|
||||
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">maildata:/var/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">mailstate:/var/mail-state</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-data/:/var/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-state/:/var/mail-state/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/:/tmp/docker-mailserver/</span>
|
||||
|
||||
<span class="nt">environment</span><span class="p">:</span>
|
||||
<span class="c1"># We are not using dovecot here</span>
|
||||
|
@ -1645,12 +1645,6 @@
|
|||
|
||||
<span class="nt">cap_add</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_ADMIN</span>
|
||||
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="nt">maildata</span><span class="p">:</span>
|
||||
<span class="nt">driver</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">local</span>
|
||||
<span class="nt">mailstate</span><span class="p">:</span>
|
||||
<span class="nt">driver</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">local</span>
|
||||
</code></pre></div>
|
||||
</details>
|
||||
|
||||
|
@ -1734,10 +1728,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/full-text-search/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1121,7 +1121,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1172,7 +1172,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1429,16 +1429,16 @@
|
|||
|
||||
<h2 id="overview"><a class="toclink" href="#overview">Overview</a></h2>
|
||||
<p>Full-text search allows all messages to be indexed, so that mail clients can quickly and efficiently search messages by their full text content. Dovecot supports a variety of community supported <a href="https://doc.dovecot.org/configuration_manual/fts/">FTS indexing backends</a>.</p>
|
||||
<p>Docker-mailserver comes pre-installed with two plugins that can be enabled with a dovecot config file.</p>
|
||||
<p><code>docker-mailserver</code> comes pre-installed with two plugins that can be enabled with a dovecot config file.</p>
|
||||
<p>Please be aware that indexing consumes memory and takes up additional disk space.</p>
|
||||
<h3 id="xapian"><a class="toclink" href="#xapian">Xapian</a></h3>
|
||||
<p>The <a href="https://github.com/grosjo/fts-xapian">dovecot-fts-xapian</a> plugin makes use of <a href="https://xapian.org/">Xapian</a>. Xapian enables embedding an FTS engine without the need for additional backends.</p>
|
||||
<p>The indexes will be stored as a subfolder named <code>xapian-indexes</code> inside your <code>mail</code> folder. With the default settings, 10GB of email data may generate around 4GB of indexed data.</p>
|
||||
<p>The indexes will be stored as a subfolder named <code>xapian-indexes</code> inside your local <code>mail-data</code> folder (<em><code>/var/mail</code> internally</em>). With the default settings, 10GB of email data may generate around 4GB of indexed data.</p>
|
||||
<p>While indexing is memory intensive, you can configure the plugin to limit the amount of memory consumed by the index workers. With Xapian being small and fast, this plugin is a good choice for low memory environments (2GB) as compared to Solr.</p>
|
||||
<h4 id="setup"><a class="toclink" href="#setup">Setup</a></h4>
|
||||
<ol>
|
||||
<li>
|
||||
<p>To configure fts-xapian as a dovecot plugin, create a <code>fts-xapian-plugin.conf</code> file and place the following in it:</p>
|
||||
<p>To configure <code>fts-xapian</code> as a dovecot plugin, create a file at <code>docker-data/dms/config/dovecot/fts-xapian-plugin.conf</code> and place the following in it:</p>
|
||||
<div class="highlight"><pre><span></span><code>mail_plugins = $mail_plugins fts fts_xapian
|
||||
|
||||
plugin {
|
||||
|
@ -1476,9 +1476,9 @@ service indexer-worker {
|
|||
<span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example.com</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">env_file</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver.env</span>
|
||||
<span class="nt">ports</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"25:25"</span> <span class="c1"># SMTP (explicit TLS => STARTTLS)</span>
|
||||
|
@ -1487,12 +1487,12 @@ service indexer-worker {
|
|||
<span class="p p-Indicator">-</span> <span class="s">"587:587"</span> <span class="c1"># ESMTP (explicit TLS => STARTTLS)</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"993:993"</span> <span class="c1"># IMAP4 (implicit TLS)</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./data/mail:/var/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./data/state:/var/mail-state</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./data/logs:/var/log/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-data/:/var/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-state/:/var/mail-state/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-logs/:/var/log/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/dovecot/fts-xapian-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/etc/localtime:/etc/localtime:ro</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./fts-xapian-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro</span>
|
||||
<span class="nt">restart</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">always</span>
|
||||
<span class="nt">stop_grace_period</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">1m</span>
|
||||
<span class="nt">cap_add</span><span class="p">:</span>
|
||||
|
@ -1501,19 +1501,19 @@ service indexer-worker {
|
|||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
<p>Recreate containers: </p>
|
||||
<div class="highlight"><pre><span></span><code> docker-compose down
|
||||
docker-compose up -d
|
||||
<p>Recreate containers:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker-compose down
|
||||
docker-compose up -d
|
||||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
<p>Initialize indexing on all users for all mail:</p>
|
||||
<div class="highlight"><pre><span></span><code> docker-compose exec mailserver doveadm index -A -q \*
|
||||
<div class="highlight"><pre><span></span><code>docker-compose exec mailserver doveadm index -A -q \*
|
||||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
<p>Run the following command in a daily cron job:</p>
|
||||
<div class="highlight"><pre><span></span><code> docker-compose exec mailserver doveadm fts optimize -A
|
||||
<div class="highlight"><pre><span></span><code>docker-compose exec mailserver doveadm fts optimize -A
|
||||
</code></pre></div>
|
||||
</li>
|
||||
</ol>
|
||||
|
@ -1528,7 +1528,7 @@ service indexer-worker {
|
|||
<div class="highlight"><pre><span></span><code> <span class="nt">solr</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">lmmdock/dovecot-solr:latest</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">solr-dovecot:/opt/solr/server/solr/dovecot</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/dovecot/solr-dovecot:/opt/solr/server/solr/dovecot</span>
|
||||
<span class="nt">restart</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">always</span>
|
||||
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
|
@ -1538,16 +1538,12 @@ service indexer-worker {
|
|||
<span class="l l-Scalar l-Scalar-Plain">...</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">...</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./etc/dovecot/conf.d/10-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">- ./docker-data/dms/config/dovecot/10-plugin.conf:/etc/dovecot/conf.d/10-plugin.conf:ro</span>
|
||||
<span class="l l-Scalar l-Scalar-Plain">...</span>
|
||||
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="nt">solr-dovecot</span><span class="p">:</span>
|
||||
<span class="nt">driver</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">local</span>
|
||||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
<p><code>etc/dovecot/conf.d/10-plugin.conf</code>:</p>
|
||||
<p><code>./docker-data/dms/config/dovecot/10-plugin.conf</code>:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">mail_plugins</span> <span class="o">=</span> <span class="s">$mail_plugins fts fts_solr</span>
|
||||
|
||||
<span class="na">plugin {</span>
|
||||
|
@ -1647,10 +1643,10 @@ service indexer-worker {
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/ipv6/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1082,7 +1082,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1133,7 +1133,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1465,10 +1465,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/kubernetes/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1010,11 +1010,11 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#exposing-your-mailserver-to-the-outside-world" class="md-nav__link">
|
||||
Exposing your Mailserver to the Outside World
|
||||
<a href="#exposing-your-mail-server-to-the-outside-world" class="md-nav__link">
|
||||
Exposing your Mail-Server to the Outside World
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Exposing your Mailserver to the Outside World">
|
||||
<nav class="md-nav" aria-label="Exposing your Mail-Server to the Outside World">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1177,7 +1177,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1228,7 +1228,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1460,11 +1460,11 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#exposing-your-mailserver-to-the-outside-world" class="md-nav__link">
|
||||
Exposing your Mailserver to the Outside World
|
||||
<a href="#exposing-your-mail-server-to-the-outside-world" class="md-nav__link">
|
||||
Exposing your Mail-Server to the Outside World
|
||||
</a>
|
||||
|
||||
<nav class="md-nav" aria-label="Exposing your Mailserver to the Outside World">
|
||||
<nav class="md-nav" aria-label="Exposing your Mail-Server to the Outside World">
|
||||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1662,9 +1662,9 @@
|
|||
|
||||
<span class="nt">annotations</span><span class="p">:</span>
|
||||
<span class="nt">ignore-check.kube-linter.io/run-as-non-root</span><span class="p">:</span> <span class="p p-Indicator">>-</span>
|
||||
<span class="no">The mailserver needs to run as root</span>
|
||||
<span class="no">'mailserver' needs to run as root</span>
|
||||
<span class="nt">ignore-check.kube-linter.io/privileged-ports</span><span class="p">:</span> <span class="p p-Indicator">>-</span>
|
||||
<span class="no">The mailserver needs privilegdes ports</span>
|
||||
<span class="no">'mailserver' needs privilegdes ports</span>
|
||||
<span class="nt">ignore-check.kube-linter.io/no-read-only-root-fs</span><span class="p">:</span> <span class="p p-Indicator">>-</span>
|
||||
<span class="no">There are too many files written to make The</span>
|
||||
<span class="no">root FS read-only</span>
|
||||
|
@ -1684,10 +1684,10 @@
|
|||
<span class="nt">container.apparmor.security.beta.kubernetes.io/mailserver</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">runtime/default</span>
|
||||
|
||||
<span class="nt">spec</span><span class="p">:</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">containers</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">ghcr.io/docker-mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/docker-mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">imagePullPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">IfNotPresent</span>
|
||||
|
||||
<span class="nt">securityContext</span><span class="p">:</span>
|
||||
|
@ -1790,16 +1790,16 @@
|
|||
<span class="nt">emptyDir</span><span class="p">:</span> <span class="p p-Indicator">{}</span>
|
||||
</code></pre></div>
|
||||
<h3 id="sensitive-data"><a class="toclink" href="#sensitive-data">Sensitive Data</a></h3>
|
||||
<p>By now, the mailserver starts, but does not really work for long (or at all), because we're lacking certificates. You will need to choose yourself, which approach you'd want to go with. The <a href="../../security/ssl/">TLS</a> section provides you with an overview.</p>
|
||||
<p>By now, <code>docker-mailserver</code> starts, but does not really work for long (or at all), because we're lacking certificates. The <a href="../../security/ssl/">TLS docs page</a> provides guidance for various approaches.</p>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Sensitive Data</p>
|
||||
<p>For storing OpenDKIM keys, TLS certificates or any sort of sensitive data, you should be using <code>Secret</code>s. You can mount secrets like <code>ConfigMap</code>s and use them the same way.</p>
|
||||
</div>
|
||||
<h2 id="exposing-your-mailserver-to-the-outside-world"><a class="toclink" href="#exposing-your-mailserver-to-the-outside-world">Exposing your Mailserver to the Outside World</a></h2>
|
||||
<p>The more difficult part with K8s is to expose a deployed mailserver to the outside world. K8s provides multiple ways for doing that; each has downsides and complexity. The major problem with exposing the mailserver to outside world in K8s is to <a href="https://kubernetes.io/docs/tutorials/services/source-ip">preserve the real client IP</a>. The real client IP is required by the mailserver for performing IP-based SPF checks and spam checks. If you do not require SPF checks for incoming mails, you may disable them in your <a href="../override-defaults/postfix/">Postfix configuration</a> by dropping the line that states <code>check_policy_service unix:private/policyd-spf</code>.</p>
|
||||
<p>The easiest approach was covered above, using <code class="highlight"><span class="nt">externalTrafficPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Local</span></code>, which disables the service proxy, but makes the service local as well (which does not scale). This approach only works when you are given the correct (that is, a public and routable) IP address by a load balancer (like MetalLB). In this sense, the approach above is similar to the next example below. We want to provide you with a few alternatives too. <strong>But</strong> we also want to communicate the idea of another simple method: you could use a load-balancer without an external IP and DNAT the network traffic to the mail server. After all, this does not interfere with SPF checks because it keeps the origin IP address. If no dedicated external IP address is available, you could try the latter approach, if one is available, use the former.</p>
|
||||
<h2 id="exposing-your-mail-server-to-the-outside-world"><a class="toclink" href="#exposing-your-mail-server-to-the-outside-world">Exposing your Mail-Server to the Outside World</a></h2>
|
||||
<p>The more difficult part with K8s is to expose a deployed <code>docker-mailserver</code> to the outside world. K8s provides multiple ways for doing that; each has downsides and complexity. The major problem with exposing <code>docker-mailserver</code> to outside world in K8s is to <a href="https://kubernetes.io/docs/tutorials/services/source-ip">preserve the real client IP</a>. The real client IP is required by <code>docker-mailserver</code> for performing IP-based SPF checks and spam checks. If you do not require SPF checks for incoming mails, you may disable them in your <a href="../override-defaults/postfix/">Postfix configuration</a> by dropping the line that states: <code>check_policy_service unix:private/policyd-spf</code>.</p>
|
||||
<p>The easiest approach was covered above, using <code class="highlight"><span class="nt">externalTrafficPolicy</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Local</span></code>, which disables the service proxy, but makes the service local as well (which does not scale). This approach only works when you are given the correct (that is, a public and routable) IP address by a load balancer (like MetalLB). In this sense, the approach above is similar to the next example below. We want to provide you with a few alternatives too. <strong>But</strong> we also want to communicate the idea of another simple method: you could use a load-balancer without an external IP and DNAT the network traffic to the mail-server. After all, this does not interfere with SPF checks because it keeps the origin IP address. If no dedicated external IP address is available, you could try the latter approach, if one is available, use the former.</p>
|
||||
<h3 id="external-ips-service"><a class="toclink" href="#external-ips-service">External IPs Service</a></h3>
|
||||
<p>The simplest way is to expose the mailserver as a <a href="https://kubernetes.io/docs/concepts/services-networking/service">Service</a> with <a href="https://kubernetes.io/docs/concepts/services-networking/service/#external-ips">external IPs</a>. This is very similar to the approach taken above. Here, an external IP is given to the service directly by you. With the approach above, you tell your load-balancer to do this.</p>
|
||||
<p>The simplest way is to expose <code>docker-mailserver</code> as a <a href="https://kubernetes.io/docs/concepts/services-networking/service">Service</a> with <a href="https://kubernetes.io/docs/concepts/services-networking/service/#external-ips">external IPs</a>. This is very similar to the approach taken above. Here, an external IP is given to the service directly by you. With the approach above, you tell your load-balancer to do this.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
||||
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">v1</span>
|
||||
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Service</span>
|
||||
|
@ -1827,13 +1827,13 @@
|
|||
<li>requires you to specify the exposed IPs explicitly.</li>
|
||||
</ul>
|
||||
<h3 id="proxy-port-to-service"><a class="toclink" href="#proxy-port-to-service">Proxy port to Service</a></h3>
|
||||
<p>The <a href="https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service">proxy pod</a> helps to avoid the necessity of specifying external IPs explicitly. This comes at the cost of complexity; you must deploy a proxy pod on each <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> you want to expose mailserver on.</p>
|
||||
<p>The <a href="https://github.com/kubernetes/contrib/tree/master/for-demos/proxy-to-service">proxy pod</a> helps to avoid the necessity of specifying external IPs explicitly. This comes at the cost of complexity; you must deploy a proxy pod on each <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> you want to expose <code>docker-mailserver</code> on.</p>
|
||||
<p>This approach</p>
|
||||
<ul>
|
||||
<li>does not preserve the real client IP, so SPF check of incoming mail will fail.</li>
|
||||
</ul>
|
||||
<h3 id="bind-to-concrete-node-and-use-host-network"><a class="toclink" href="#bind-to-concrete-node-and-use-host-network">Bind to concrete Node and use host network</a></h3>
|
||||
<p>One way to preserve the real client IP is to use <code>hostPort</code> and <code>hostNetwork: true</code>. This comes at the cost of availability; you can talk to the mailserver from outside world only via IPs of <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> where mailserver is deployed.</p>
|
||||
<p>One way to preserve the real client IP is to use <code>hostPort</code> and <code>hostNetwork: true</code>. This comes at the cost of availability; you can reach <code>docker-mailserver</code> from the outside world only via IPs of <a href="https://kubernetes.io/docs/concepts/architecture/nodes">Node</a> where <code>docker-mailserver</code> is deployed.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nn">---</span>
|
||||
<span class="nt">apiVersion</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">extensions/v1beta1</span>
|
||||
<span class="nt">kind</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">Deployment</span>
|
||||
|
@ -1862,11 +1862,11 @@
|
|||
</code></pre></div>
|
||||
<p>With this approach,</p>
|
||||
<ul>
|
||||
<li>it is not possible to access mailserver via other cluster Nodes, only via the one mailserver deployed at.</li>
|
||||
<li>it is not possible to access <code>docker-mailserver</code> via other cluster Nodes, only via the Node <code>docker-mailserver</code> was deployed at.</li>
|
||||
<li>every Port within the Container is exposed on the Host side.</li>
|
||||
</ul>
|
||||
<h3 id="proxy-port-to-service-via-proxy-protocol"><a class="toclink" href="#proxy-port-to-service-via-proxy-protocol">Proxy Port to Service via PROXY Protocol</a></h3>
|
||||
<p>This way is ideologically the same as <a href="#proxy-port-to-service">using a proxy pod</a>, but instead of a separate proxy pod, you configure your ingress to proxy TCP traffic to the mailserver pod using the PROXY protocol, which preserves the real client IP.</p>
|
||||
<p>This way is ideologically the same as <a href="#proxy-port-to-service">using a proxy pod</a>, but instead of a separate proxy pod, you configure your ingress to proxy TCP traffic to the <code>docker-mailserver</code> pod using the PROXY protocol, which preserves the real client IP.</p>
|
||||
<h4 id="configure-your-ingress"><a class="toclink" href="#configure-your-ingress">Configure your Ingress</a></h4>
|
||||
<p>With an <a href="https://kubernetes.github.io/ingress-nginx">NGINX ingress controller</a>, set <code>externalTrafficPolicy: Local</code> for its service, and add the following to the TCP services config map (as described <a href="https://kubernetes.github.io/ingress-nginx/user-guide/exposing-tcp-udp-services">here</a>):</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">25</span><span class="p">:</span> <span class="s">"mailserver/mailserver:25::PROXY"</span>
|
||||
|
@ -1933,7 +1933,7 @@
|
|||
</details>
|
||||
<p>With this approach,</p>
|
||||
<ul>
|
||||
<li>it is not possible to access the mailserver via cluster-DNS, as the PROXY protocol is required for incoming connections.</li>
|
||||
<li>it is not possible to access <code>docker-mailserver</code> via cluster-DNS, as the PROXY protocol is required for incoming connections.</li>
|
||||
</ul>
|
||||
|
||||
|
||||
|
@ -2016,10 +2016,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-fetchmail/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1102,7 +1102,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1153,7 +1153,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1394,8 +1394,8 @@
|
|||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">ENABLE_FETCHMAIL=1</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">FETCHMAIL_POLL=300</span>
|
||||
</code></pre></div>
|
||||
<p>Generate a file called <code>fetchmail.cf</code> and place it in the <code>config</code> folder. Your <code>docker-mailserver</code> folder should look like this example:</p>
|
||||
<div class="highlight"><pre><span></span><code>├── config
|
||||
<p>Generate a file called <code>fetchmail.cf</code> and place it in the <code>docker-data/dms/config/</code> folder. Your <code>docker-mailserver</code> folder should look like this example:</p>
|
||||
<div class="highlight"><pre><span></span><code>├── docker-data/dms/config
|
||||
│ ├── dovecot.cf
|
||||
│ ├── fetchmail.cf
|
||||
│ ├── postfix-accounts.cf
|
||||
|
@ -1408,26 +1408,26 @@
|
|||
<h3 id="imap-configuration"><a class="toclink" href="#imap-configuration">IMAP Configuration</a></h3>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<div class="highlight"><pre><span></span><code>poll 'imap.example.com' proto imap
|
||||
<div class="highlight"><pre><span></span><code>poll 'imap.gmail.com' proto imap
|
||||
user 'username'
|
||||
pass 'secret'
|
||||
is 'user1@domain.tld'
|
||||
is 'user1@example.com'
|
||||
ssl
|
||||
</code></pre></div>
|
||||
</div>
|
||||
<h3 id="pop3-configuration"><a class="toclink" href="#pop3-configuration">POP3 Configuration</a></h3>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<div class="highlight"><pre><span></span><code>poll 'pop3.example.com' proto pop3
|
||||
<div class="highlight"><pre><span></span><code>poll 'pop3.gmail.com' proto pop3
|
||||
user 'username'
|
||||
pass 'secret'
|
||||
is 'user2@domain.tld'
|
||||
is 'user2@example.com'
|
||||
ssl
|
||||
</code></pre></div>
|
||||
</div>
|
||||
<div class="admonition caution">
|
||||
<p class="admonition-title">Caution</p>
|
||||
<p>Don’t forget the last line: eg: <code>is 'user1@domain.tld'</code>. After <code>is</code> you have to specify one email address from the configuration file <code>config/postfix-accounts.cf</code>.</p>
|
||||
<p>Don’t forget the last line! (<em>eg: <code>is 'user1@example.com'</code></em>). After <code>is</code>, you have to specify an email address from the configuration file: <code>docker-data/dms/config/postfix-accounts.cf</code>.</p>
|
||||
</div>
|
||||
<p>More details how to configure fetchmail can be found in the <a href="https://www.fetchmail.info/fetchmail-man.html#31">fetchmail man page in the chapter “The run control file”</a>.</p>
|
||||
<h3 id="polling-interval"><a class="toclink" href="#polling-interval">Polling Interval</a></h3>
|
||||
|
@ -1561,10 +1561,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/aws-ses/">
|
||||
|
||||
<link rel="icon" href="../../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1037,7 +1037,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1088,7 +1088,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1358,10 +1358,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-forwarding/relay-hosts/">
|
||||
|
||||
<link rel="icon" href="../../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1124,7 +1124,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1175,7 +1175,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1437,7 +1437,7 @@
|
|||
<h2 id="basic-configuration"><a class="toclink" href="#basic-configuration">Basic Configuration</a></h2>
|
||||
<p>Basic configuration is done via environment variables:</p>
|
||||
<ul>
|
||||
<li><code>RELAY_HOST</code>: <em>default host to relay mail through, empty will disable this feature</em></li>
|
||||
<li><code>RELAY_HOST</code>: <em>default host to relay mail through, <code>empty</code> (aka '', or no ENV set) will disable this feature</em></li>
|
||||
<li><code>RELAY_PORT</code>: <em>port on default relay, defaults to port 25</em></li>
|
||||
<li><code>RELAY_USER</code>: <em>username for the default relay</em></li>
|
||||
<li><code>RELAY_PASSWORD</code>: <em>password for the default user</em></li>
|
||||
|
@ -1449,33 +1449,33 @@
|
|||
</div>
|
||||
<h2 id="advanced-configuration"><a class="toclink" href="#advanced-configuration">Advanced Configuration</a></h2>
|
||||
<h3 id="sender-dependent-authentication"><a class="toclink" href="#sender-dependent-authentication">Sender-dependent Authentication</a></h3>
|
||||
<p>Sender dependent authentication is done in <code>config/postfix-sasl-password.cf</code>. You can create this file manually, or use:</p>
|
||||
<p>Sender dependent authentication is done in <code>docker-data/dms/config/postfix-sasl-password.cf</code>. You can create this file manually, or use:</p>
|
||||
<div class="highlight"><pre><span></span><code>setup.sh relay add-auth <domain> <username> <span class="o">[</span><password><span class="o">]</span>
|
||||
</code></pre></div>
|
||||
<p>An example configuration file looks like this:</p>
|
||||
<div class="highlight"><pre><span></span><code>@domain1.com relay_user_1:password_1
|
||||
@domain2.com relay_user_2:password_2
|
||||
</code></pre></div>
|
||||
<p>If there is no other configuration, this will cause Postfix to deliver email through the relay specified in <code>RELAY_HOST</code> env variable, authenticating as <code>relay_user_1</code> when sent from <code>domain1.com</code> and authenticating as <code>relay_user_2</code> when sending from domain2.com.</p>
|
||||
<p>If there is no other configuration, this will cause Postfix to deliver email through the relay specified in <code>RELAY_HOST</code> env variable, authenticating as <code>relay_user_1</code> when sent from <code>domain1.com</code> and authenticating as <code>relay_user_2</code> when sending from <code>domain2.com</code>.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>To activate the configuration you must either restart the container, or you can also trigger an update by modifying a mail account.</p>
|
||||
</div>
|
||||
<h3 id="sender-dependent-relay-host"><a class="toclink" href="#sender-dependent-relay-host">Sender-dependent Relay Host</a></h3>
|
||||
<p>Sender dependent relay hosts are configured in <code>config/postfix-relaymap.cf</code>. You can create this file manually, or use:</p>
|
||||
<p>Sender dependent relay hosts are configured in <code>docker-data/dms/config/postfix-relaymap.cf</code>. You can create this file manually, or use:</p>
|
||||
<div class="highlight"><pre><span></span><code>setup.sh relay add-domain <domain> <host> <span class="o">[</span><port><span class="o">]</span>
|
||||
</code></pre></div>
|
||||
<p>An example configuration file looks like this:</p>
|
||||
<div class="highlight"><pre><span></span><code>@domain1.com [relay1.org]:587
|
||||
@domain2.com [relay2.org]:2525
|
||||
</code></pre></div>
|
||||
<p>Combined with the previous configuration in <code>config/postfix-sasl-password.cf</code>, this will cause Postfix to deliver mail sent from domain1.com via <code>relay1.org:587</code>, authenticating as <code>relay_user_1</code>, and mail sent from domain2.com via <code>relay2.org:2525</code> authenticating as <code>relay_user_2</code>.</p>
|
||||
<p>Combined with the previous configuration in <code>docker-data/dms/config/postfix-sasl-password.cf</code>, this will cause Postfix to deliver mail sent from <code>domain1.com</code> via <code>relay1.org:587</code>, authenticating as <code>relay_user_1</code>, and mail sent from <code>domain2.com</code> via <code>relay2.org:2525</code> authenticating as <code>relay_user_2</code>.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>You still have to define <code>RELAY_HOST</code> to activate the feature</p>
|
||||
</div>
|
||||
<h3 id="excluding-sender-domains"><a class="toclink" href="#excluding-sender-domains">Excluding Sender Domains</a></h3>
|
||||
<p>If you want mail sent from some domains to be delivered directly, you can exclude them from being delivered via the default relay by adding them to <code>config/postfix-relaymap.cf</code> with no destination. You can also do this via:</p>
|
||||
<p>If you want mail sent from some domains to be delivered directly, you can exclude them from being delivered via the default relay by adding them to <code>docker-data/dms/config/postfix-relaymap.cf</code> with no destination. You can also do this via:</p>
|
||||
<div class="highlight"><pre><span></span><code>setup.sh relay exclude-domain <domain>
|
||||
</code></pre></div>
|
||||
<p>Extending the configuration file from above:</p>
|
||||
|
@ -1483,7 +1483,7 @@
|
|||
@domain2.com [relay2.org]:2525
|
||||
@domain3.com
|
||||
</code></pre></div>
|
||||
<p>This will cause email sent from domain3.com to be delivered directly.</p>
|
||||
<p>This will cause email sent from <code>domain3.com</code> to be delivered directly.</p>
|
||||
<h4 id="references"><a class="toclink" href="#references">References</a></h4>
|
||||
<p>Thanks to the author of <a href="https://community.rackspace.com/products/f/email-products-forum/3897/how-to-setup-postfix-with-a-mailgun-smtp-relay-when-using-multiple-domains">this article</a> for the inspiration. This is also worth reading to understand a bit more about how to set up Mailgun to work with this.</p>
|
||||
|
||||
|
@ -1567,10 +1567,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/mail-sieve/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1075,7 +1075,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1126,7 +1126,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1341,11 +1341,11 @@ There are global and user specific filters which are filtering the incoming emai
|
|||
<ul>
|
||||
<li>Global-before -> User specific -> Global-after</li>
|
||||
</ul>
|
||||
<p>Global filters are applied to EVERY incoming mail for EVERY email address.
|
||||
To specify a global Sieve filter provide a <code>config/before.dovecot.sieve</code> or a <code>config/after.dovecot.sieve</code> file with your filter rules.
|
||||
<p>Global filters are applied to EVERY incoming mail for EVERY email address.
|
||||
To specify a global Sieve filter provide a <code>docker-data/dms/config/before.dovecot.sieve</code> or a <code>docker-data/dms/config/after.dovecot.sieve</code> file with your filter rules.
|
||||
If any filter in this filtering chain discards an incoming mail, the delivery process will stop as well and the mail will not reach any following filters(e.g. global-before stops an incoming spam mail: The mail will get discarded and a user-specific filter won't get applied.)</p>
|
||||
<p>To specify a user-defined Sieve filter place a <code>.dovecot.sieve</code> file into a virtual user's mail folder e.g. <code>/var/mail/domain.com/user1/.dovecot.sieve</code>. If this file exists dovecot will apply the filtering rules.</p>
|
||||
<p>It's even possible to install a user provided Sieve filter at startup during users setup: simply include a Sieve file in the <code>config</code> path for each user login that need a filter. The file name provided should be in the form <code><user_login>.dovecot.sieve</code>, so for example for <code>user1@domain.tld</code> you should provide a Sieve file named <code>config/user1@domain.tld.dovecot.sieve</code>.</p>
|
||||
<p>To specify a user-defined Sieve filter place a <code>.dovecot.sieve</code> file into a virtual user's mail folder e.g. <code>/var/mail/example.com/user1/.dovecot.sieve</code>. If this file exists dovecot will apply the filtering rules.</p>
|
||||
<p>It's even possible to install a user provided Sieve filter at startup during users setup: simply include a Sieve file in the <code>docker-data/dms/config/</code> path for each user login that needs a filter. The file name provided should be in the form <code><user_login>.dovecot.sieve</code>, so for example for <code>user1@example.com</code> you should provide a Sieve file named <code>docker-data/dms/config/user1@example.com.dovecot.sieve</code>.</p>
|
||||
<p>An example of a sieve filter that moves mails to a folder <code>INBOX/spam</code> depending on the sender address:</p>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
|
@ -1367,16 +1367,16 @@ If any filter in this filtering chain discards an incoming mail, the delivery pr
|
|||
<p class="admonition-title">Example</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="kn">require</span> <span class="p">[</span><span class="s">"copy"</span><span class="p">];</span>
|
||||
|
||||
<span class="nb">redirect</span> <span class="nt">:copy</span> <span class="s">"user2@otherdomain.tld"</span><span class="p">;</span>
|
||||
<span class="nb">redirect</span> <span class="nt">:copy</span> <span class="s">"user2@not-example.com"</span><span class="p">;</span>
|
||||
</code></pre></div>
|
||||
</div>
|
||||
<p>Just forward all incoming emails and do not save them locally:</p>
|
||||
<div class="admonition example">
|
||||
<p class="admonition-title">Example</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">redirect</span> <span class="s">"user2@otherdomain.tld"</span><span class="p">;</span>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">redirect</span> <span class="s">"user2@not-example.com"</span><span class="p">;</span>
|
||||
</code></pre></div>
|
||||
</div>
|
||||
<p>You can also use external programs to filter or pipe (process) messages by adding executable scripts in <code>config/sieve-pipe</code> or <code>config/sieve-filter</code>. This can be used in lieu of a local alias file, for instance to forward an email to a webservice. These programs can then be referenced by filename, by all users. Note that the process running the scripts run as a privileged user. For further information see <a href="https://wiki.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe">Dovecot's wiki</a>.</p>
|
||||
<p>You can also use external programs to filter or pipe (process) messages by adding executable scripts in <code>docker-data/dms/config/sieve-pipe</code> or <code>docker-data/dms/config/sieve-filter</code>. This can be used in lieu of a local alias file, for instance to forward an email to a webservice. These programs can then be referenced by filename, by all users. Note that the process running the scripts run as a privileged user. For further information see <a href="https://wiki.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe">Dovecot's wiki</a>.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="kn">require</span> <span class="p">[</span><span class="s">"vnd.dovecot.pipe"</span><span class="p">];</span>
|
||||
<span class="err">pipe</span> <span class="s">"external-program"</span><span class="p">;</span>
|
||||
</code></pre></div>
|
||||
|
@ -1392,7 +1392,7 @@ If any filter in this filtering chain discards an incoming mail, the delivery pr
|
|||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">ENABLE_MANAGESIEVE=1</span>
|
||||
</code></pre></div>
|
||||
</div>
|
||||
<p>All user defined sieve scripts that are managed by ManageSieve are stored in the user's home folder in <code>/var/mail/domain.com/user1/sieve</code>. Just one sieve script might be active for a user and is sym-linked to <code>/var/mail/domain.com/user1/.dovecot.sieve</code> automatically.</p>
|
||||
<p>All user defined sieve scripts that are managed by ManageSieve are stored in the user's home folder in <code>/var/mail/example.com/user1/sieve</code>. Just one sieve script might be active for a user and is sym-linked to <code>/var/mail/example.com/user1/.dovecot.sieve</code> automatically.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>ManageSieve makes sure to not overwrite an existing <code>.dovecot.sieve</code> file. If a user activates a new sieve script the old one is backuped and moved to the <code>sieve</code> folder.</p>
|
||||
|
@ -1483,10 +1483,10 @@ If any filter in this filtering chain discards an incoming mail, the delivery pr
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/maintenance/update-and-cleanup/">
|
||||
|
||||
<link rel="icon" href="../../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1077,7 +1077,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1128,7 +1128,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1442,10 +1442,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/optional-config/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1077,7 +1077,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1128,7 +1128,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1339,13 +1339,13 @@
|
|||
|
||||
<h1>Optional Configuration</h1>
|
||||
|
||||
<p>This is a list of all configuration files and directories which are optional or automatically generated in your <code>config</code> directory.</p>
|
||||
<p>This is a list of all configuration files and directories which are optional or automatically generated in your <code>docker-data/dms/config/</code> directory.</p>
|
||||
<h2 id="directories"><a class="toclink" href="#directories">Directories</a></h2>
|
||||
<ul>
|
||||
<li><strong>sieve-filter:</strong> directory for sieve filter scripts. (Docs: <a href="../mail-sieve/">Sieve</a>)</li>
|
||||
<li><strong>sieve-pipe:</strong> directory for sieve pipe scripts. (Docs: <a href="../mail-sieve/">Sieve</a>)</li>
|
||||
<li><strong>opendkim:</strong> DKIM directory. Auto-configurable via <a href="../../setup.sh/"><code>setup.sh config dkim</code></a>. (Docs: <a href="../../best-practices/dkim/">DKIM</a>)</li>
|
||||
<li><strong>ssl:</strong> SSL Certificate directory. (Docs: <a href="../../security/ssl/">SSL</a>)</li>
|
||||
<li><strong>ssl:</strong> SSL Certificate directory if <code>SSL_TYPE</code> is set to <code>self-signed</code> or <code>custom</code>. (Docs: <a href="../../security/ssl/">SSL</a>)</li>
|
||||
</ul>
|
||||
<h2 id="files"><a class="toclink" href="#files">Files</a></h2>
|
||||
<ul>
|
||||
|
@ -1455,10 +1455,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/dovecot/">
|
||||
|
||||
<link rel="icon" href="../../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1084,7 +1084,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1135,7 +1135,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1352,10 +1352,10 @@
|
|||
<h1>Dovecot</h1>
|
||||
|
||||
<h2 id="add-configuration"><a class="toclink" href="#add-configuration">Add Configuration</a></h2>
|
||||
<p>The Dovecot default configuration can easily be extended providing a <code>config/dovecot.cf</code> file.
|
||||
<p>The Dovecot default configuration can easily be extended providing a <code>docker-data/dms/config/dovecot.cf</code> file.
|
||||
<a href="https://wiki.dovecot.org">Dovecot documentation</a> remains the best place to find configuration options.</p>
|
||||
<p>Your <code>docker-mailserver</code> folder should look like this example:</p>
|
||||
<div class="highlight"><pre><span></span><code>├── config
|
||||
<div class="highlight"><pre><span></span><code>├── docker-data/dms/config
|
||||
│ ├── dovecot.cf
|
||||
│ ├── postfix-accounts.cf
|
||||
│ └── postfix-virtual.cf
|
||||
|
@ -1366,15 +1366,18 @@
|
|||
<div class="highlight"><pre><span></span><code><span class="na">mail_max_userip_connections</span> <span class="o">=</span> <span class="s">100</span>
|
||||
</code></pre></div>
|
||||
<p>Another important option is the <code>default_process_limit</code> (defaults to <code>100</code>). If high-security mode is enabled you'll need to make sure this count is higher than the maximum number of users that can be logged in simultaneously.</p>
|
||||
<p>This limit is quickly reached if users connect to the mail server with multiple end devices.</p>
|
||||
<p>This limit is quickly reached if users connect to the <code>docker-mailserver</code> with multiple end devices.</p>
|
||||
<h2 id="override-configuration"><a class="toclink" href="#override-configuration">Override Configuration</a></h2>
|
||||
<p>For major configuration changes it’s best to override the dovecot configuration files. For each configuration file you want to override, add a list entry under the <code>volumes</code> key.</p>
|
||||
<p>You will need to first obtain the configuration from the running container: <code>mkdir -p ./config/dovecot && docker cp mailserver:/etc/dovecot/conf.d/10-master.conf ./config/dovecot/10-master.conf</code></p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">maildata:/var/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/dovecot/10-master.conf:/etc/dovecot/conf.d/10-master.conf</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-data/:/var/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/dovecot/10-master.conf:/etc/dovecot/conf.d/10-master.conf</span>
|
||||
</code></pre></div>
|
||||
<p>You will first need to obtain the configuration from the running container (<em>where <code>mailserver</code> is the container name</em>):</p>
|
||||
<div class="highlight"><pre><span></span><code>mkdir -p ./docker-data/dms/config/dovecot
|
||||
docker cp mailserver:/etc/dovecot/conf.d/10-master.conf ./docker-data/dms/config/dovecot/10-master.conf
|
||||
</code></pre></div>
|
||||
<h2 id="debugging"><a class="toclink" href="#debugging">Debugging</a></h2>
|
||||
<p>To debug your dovecot configuration you can use:</p>
|
||||
|
@ -1384,9 +1387,9 @@
|
|||
</ul>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p><a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh"><code>setup.sh</code></a> is included in the <code>docker-mailserver</code> repository. Make sure to grap the one matching your image version.</p>
|
||||
<p><a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh"><code>setup.sh</code></a> is included in the <code>docker-mailserver</code> repository. Make sure to use the one matching your image version release.</p>
|
||||
</div>
|
||||
<p>The <code>config/dovecot.cf</code> is copied internally to <code>/etc/dovecot/local.conf</code>. To check this file run:</p>
|
||||
<p>The file <code>docker-data/dms/config/dovecot.cf</code> is copied internally to <code>/etc/dovecot/local.conf</code>. To verify the file content, run:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> -it mailserver cat /etc/dovecot/local.conf
|
||||
</code></pre></div>
|
||||
|
||||
|
@ -1470,10 +1473,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/postfix/">
|
||||
|
||||
<link rel="icon" href="../../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1037,7 +1037,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1088,7 +1088,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1260,7 +1260,7 @@
|
|||
|
||||
<h1>Postfix</h1>
|
||||
|
||||
<p>The Postfix default configuration can easily be extended by providing a <code>config/postfix-main.cf</code> in postfix format.
|
||||
<p>The Postfix default configuration can easily be extended by providing a <code>docker-data/dms/config/postfix-main.cf</code> in postfix format.
|
||||
This can also be used to add configuration that is not in our default configuration.</p>
|
||||
<p>For example, one common use of this file is for increasing the default maximum message size:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># increase maximum message size</span>
|
||||
|
@ -1272,7 +1272,7 @@ This can also be used to add configuration that is not in our default configurat
|
|||
<p><a href="http://www.postfix.org/documentation.html">Postfix documentation</a> remains the best place to find configuration options.</p>
|
||||
</div>
|
||||
<p>Each line in the provided file will be loaded into postfix.</p>
|
||||
<p>In the same way it is possible to add a custom <code>config/postfix-master.cf</code> file that will override the standard <code>master.cf</code>. Each line in the file will be passed to <code>postconf -P</code>. The expected format is <code><service_name>/<type>/<parameter></code>, for example:</p>
|
||||
<p>In the same way it is possible to add a custom <code>docker-data/dms/config/postfix-master.cf</code> file that will override the standard <code>master.cf</code>. Each line in the file will be passed to <code>postconf -P</code>. The expected format is <code><service_name>/<type>/<parameter></code>, for example:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">submission/inet/smtpd_reject_unlisted_recipient</span><span class="o">=</span><span class="s">no</span>
|
||||
</code></pre></div>
|
||||
<p>Run <code>postconf -P</code> in the container without arguments to see the active master options.</p>
|
||||
|
@ -1362,10 +1362,10 @@ This can also be used to add configuration that is not in our default configurat
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/override-defaults/user-patches/">
|
||||
|
||||
<link rel="icon" href="../../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1037,7 +1037,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1088,7 +1088,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1261,17 +1261,17 @@
|
|||
<h1>Modifications via Script</h1>
|
||||
|
||||
<p>If you'd like to change, patch or alter files or behavior of <code>docker-mailserver</code>, you can use a script.</p>
|
||||
<p>In case you cloned this repository, you can copy the file <code>user-patches.sh.dist</code> under <code>config/</code> with <code class="highlight">cp config/user-patches.sh.dist config/user-patches.sh</code> in order to create the <code>user-patches.sh</code> script. In case you are managing your directory structure yourself, create a <code>config/</code> directory and the <code>user-patches.sh</code> file yourself.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># 1. Either create the config/ directory yourself</span>
|
||||
<span class="c1"># or let docker-mailserver create it on initial</span>
|
||||
<span class="c1"># startup</span>
|
||||
~/somewhere $ mkdir config <span class="o">&&</span> <span class="nb">cd</span> config
|
||||
<p>In case you cloned this repository, you can copy the file <a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/config/user-patches.sh.dist"><code>user-patches.sh.dist</code> (<em>under <code>config/</code></em>)</a> with <code class="highlight">cp config/user-patches.sh.dist docker-data/dms/config/user-patches.sh</code> in order to create the <code>user-patches.sh</code> script.</p>
|
||||
<p>If you are managing your directory structure yourself, create a <code>docker-data/dms/config/</code> directory and add the <code>user-patches.sh</code> file yourself.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># 1. Either create the docker-data/dms/config/ directory yourself</span>
|
||||
<span class="c1"># or let docker-mailserver create it on initial startup</span>
|
||||
/tmp $ mkdir -p docker-data/dms/config/ <span class="o">&&</span> <span class="nb">cd</span> docker-data/dms/config/
|
||||
|
||||
<span class="c1"># 2. Create the user-patches.sh and edit it</span>
|
||||
~/somewhere/config $ touch user-patches.sh
|
||||
~/somewhere/config $ vi user-patches.sh
|
||||
<span class="c1"># 2. Create the user-patches.sh file and edit it</span>
|
||||
/tmp/docker-data/dms/config $ touch user-patches.sh
|
||||
/tmp/docker-data/dms/config $ nano user-patches.sh
|
||||
</code></pre></div>
|
||||
<p>The contents could look like this</p>
|
||||
<p>The contents could look like this:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="ch">#! /bin/bash</span>
|
||||
|
||||
cat >/etc/amavis/conf.d/50-user << <span class="s2">"END"</span>
|
||||
|
@ -1283,8 +1283,6 @@ use strict<span class="p">;</span>
|
|||
<span class="c1">#------------ Do not modify anything below this line -------------</span>
|
||||
<span class="m">1</span><span class="p">;</span> <span class="c1"># ensure a defined return</span>
|
||||
END
|
||||
|
||||
...
|
||||
</code></pre></div>
|
||||
<p>And you're done. The user patches script runs right before starting daemons. That means, all the other configuration is in place, so the script can make final adjustments.</p>
|
||||
<div class="admonition note">
|
||||
|
@ -1372,10 +1370,10 @@ END
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/podman/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1115,7 +1115,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1166,7 +1166,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1419,7 +1419,7 @@
|
|||
<p>Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System.</p>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">About Support for Podman</p>
|
||||
<p>Please note that Podman <strong>is not</strong> officially supported as Docker Mailserver is built and verified on top of the Docker Engine. This content is entirely community-supported. If you find errors, please open an issue and provide a PR.</p>
|
||||
<p>Please note that Podman <strong>is not</strong> officially supported as <code>docker-mailserver</code> is built and verified on top of the <em>Docker Engine</em>. This content is entirely community supported. If you find errors, please open an issue and provide a PR.</p>
|
||||
</div>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">About this Guide</p>
|
||||
|
@ -1454,7 +1454,7 @@ systemctl <span class="nb">enable</span> --now mailserver.service
|
|||
<p>Also notice that Podman's rootless mode is not about running as a non-root user inside the container, but about the mapping of (normal, non-root) host users to root inside the container.</p>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Warning</p>
|
||||
<p>In order to make rootless mailserver work we must modify some settings in the Linux system, it requires some basic linux server knowledge so don't follow this guide if you not sure what this guide is talking about. Podman rootfull mode and Docker are still good and security enough for normal daily usage.</p>
|
||||
<p>In order to make rootless <code>docker-mailserver</code> work we must modify some settings in the Linux system, it requires some basic linux server knowledge so don't follow this guide if you not sure what this guide is talking about. Podman rootfull mode and Docker are still good and security enough for normal daily usage.</p>
|
||||
</div>
|
||||
<p>First, enable <code>podman.socket</code> in systemd's userspace with a non-root user.</p>
|
||||
<div class="highlight"><pre><span></span><code>systemctl <span class="nb">enable</span> --now --user podman.socket
|
||||
|
@ -1580,10 +1580,10 @@ firewall-cmd --reload
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/autodiscover/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1037,7 +1037,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1088,7 +1088,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1260,7 +1260,7 @@
|
|||
|
||||
<h1>Auto-discovery</h1>
|
||||
|
||||
<p>Email auto-discovery means a client email is able to automagically find out about what ports and security options to use, based on the mail server URL. It can help simplify the tedious / confusing task of adding own's email account for non-tech savvy users.</p>
|
||||
<p>Email auto-discovery means a client email is able to automagically find out about what ports and security options to use, based on the mail-server URI. It can help simplify the tedious / confusing task of adding own's email account for non-tech savvy users.</p>
|
||||
<p>Email clients will search for auto-discoverable settings and prefill almost everything when a user enters its email address <img alt="❤" class="twemoji" src="https://twemoji.maxcdn.com/v/latest/svg/2764.svg" title=":heart:" /></p>
|
||||
<p>There exists <a href="https://hub.docker.com/r/monogramm/autodiscover-email-settings/">autodiscover-email-settings</a> on which provides IMAP/POP/SMTP/LDAP autodiscover capabilities on Microsoft Outlook/Apple Mail, autoconfig capabilities for Thunderbird or kmail and configuration profiles for iOS/Apple Mail.</p>
|
||||
|
||||
|
@ -1344,10 +1344,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dkim/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1096,7 +1096,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1147,7 +1147,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1386,14 +1386,16 @@
|
|||
<p>To enable DKIM signature, <strong>you must have created at least one email account</strong>. Once its done, just run the following command to generate the signature:</p>
|
||||
<div class="highlight"><pre><span></span><code>./setup.sh config dkim
|
||||
</code></pre></div>
|
||||
<p>After generating DKIM keys, you should restart the mail server. DNS edits may take a few minutes to hours to propagate. The script assumes you're being in the directory where the <code>config/</code> directory is located. The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:</p>
|
||||
<p>After generating DKIM keys, you should restart <code>docker-mailserver</code>. DNS edits may take a few minutes to hours to propagate.</p>
|
||||
<p>The script should ideally be run with a volume for <em>config</em> attached (eg: <code>./docker-data/dms/config/:/tmp/docker-mailserver/</code>), otherwise by default it will mount <code>./config/:/tmp/docker-mailserver/</code>.</p>
|
||||
<p>The default keysize when generating the signature is 4096 bits for now. If you need to change it (e.g. your DNS provider limits the size), then provide the size as the first parameter of the command:</p>
|
||||
<div class="highlight"><pre><span></span><code>./setup.sh config dkim keysize <keysize>
|
||||
</code></pre></div>
|
||||
<p>For LDAP systems that do not have any directly created user account you can run the following command (since <code>8.0.0</code>) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains): </p>
|
||||
<div class="highlight"><pre><span></span><code>./setup.sh config dkim keysize <key-size> domain <domain.tld><span class="o">[</span>,<domain2.tld><span class="o">]</span>
|
||||
<p>For LDAP systems that do not have any directly created user account you can run the following command (since <code>8.0.0</code>) to generate the signature by additionally providing the desired domain name (if you have multiple domains use the command multiple times or provide a comma-separated list of domains):</p>
|
||||
<div class="highlight"><pre><span></span><code>./setup.sh config dkim keysize <key-size> domain <example.com><span class="o">[</span>,<not-example.com><span class="o">]</span>
|
||||
</code></pre></div>
|
||||
<p>Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of <code>config/opendkim/keys/domain.tld/mail.txt</code> in your <code>domain.tld.hosts</code> zone.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.domain.tld TXT
|
||||
<p>Now the keys are generated, you can configure your DNS server with DKIM signature, simply by adding a TXT record. If you have direct access to your DNS zone file, then it's only a matter of pasting the content of <code>docker-data/dms/config/opendkim/keys/example.com/mail.txt</code> in your <code>example.com.hosts</code> zone.</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.example.com TXT
|
||||
<span class="go">---</span>
|
||||
<span class="go">;; ANSWER SECTION</span>
|
||||
<span class="go">mail._domainkey.<DOMAIN> 300 IN TXT "v=DKIM1; k=rsa; p=AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN/AZERTYUIOPQSDFGHJKLMWXCVBN"</span>
|
||||
|
@ -1408,9 +1410,9 @@
|
|||
</ol>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>Sometimes the key in <code>config/opendkim/keys/domain.tld/mail.txt</code> can be on multiple lines. If so then you need to concatenate the values in the TXT record:</p>
|
||||
<p>Sometimes the key in <code>docker-data/dms/config/opendkim/keys/example.com/mail.txt</code> can be on multiple lines. If so then you need to concatenate the values in the TXT record:</p>
|
||||
</div>
|
||||
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.domain.tld TXT
|
||||
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig mail._domainkey.example.com TXT
|
||||
<span class="go">---</span>
|
||||
<span class="go">;; ANSWER SECTION</span>
|
||||
<span class="go">mail._domainkey.<DOMAIN> 300 IN TXT "v=DKIM1; k=rsa; "</span>
|
||||
|
@ -1429,21 +1431,21 @@
|
|||
<span class="na">Socket inet:12301@localhost</span>
|
||||
<span class="na">PidFile /var/run/opendkim/opendkim.pid</span>
|
||||
|
||||
<span class="na">ReportAddress postmaster@my-domain.com</span>
|
||||
<span class="na">ReportAddress postmaster@example.com</span>
|
||||
<span class="na">SendReports yes</span>
|
||||
|
||||
<span class="na">Mode v</span>
|
||||
</code></pre></div>
|
||||
<h2 id="switch-off-dkim"><a class="toclink" href="#switch-off-dkim">Switch Off DKIM</a></h2>
|
||||
<p>Simply remove the DKIM key by recreating (not just relaunching) the mailserver container.</p>
|
||||
<p>Simply remove the DKIM key by recreating (not just relaunching) the <code>docker-mailserver</code> container.</p>
|
||||
<h2 id="debugging"><a class="toclink" href="#debugging">Debugging</a></h2>
|
||||
<ul>
|
||||
<li><a href="https://addons.mozilla.org/en-US/thunderbird/addon/dkim-verifier">DKIM-verifer</a>: A add-on for the mail client Thunderbird.</li>
|
||||
<li>You can debug your TXT records with the <code>dig</code> tool.</li>
|
||||
</ul>
|
||||
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig TXT mail._domainkey.domain.tld
|
||||
<div class="highlight"><pre><span></span><code><span class="gp">$ </span>dig TXT mail._domainkey.example.com
|
||||
<span class="go">---</span>
|
||||
<span class="go">; <<>> DiG 9.10.3-P4-Debian <<>> TXT mail._domainkey.domain.tld</span>
|
||||
<span class="go">; <<>> DiG 9.10.3-P4-Debian <<>> TXT mail._domainkey.example.com</span>
|
||||
<span class="go">;; global options: +cmd</span>
|
||||
<span class="go">;; Got answer:</span>
|
||||
<span class="go">;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39669</span>
|
||||
|
@ -1452,10 +1454,10 @@
|
|||
<span class="go">;; OPT PSEUDOSECTION:</span>
|
||||
<span class="go">; EDNS: version: 0, flags:; udp: 512</span>
|
||||
<span class="go">;; QUESTION SECTION:</span>
|
||||
<span class="go">;mail._domainkey.domain.tld. IN TXT</span>
|
||||
<span class="go">;mail._domainkey.example.com. IN TXT</span>
|
||||
|
||||
<span class="go">;; ANSWER SECTION:</span>
|
||||
<span class="go">mail._domainkey.domain.tld. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB"</span>
|
||||
<span class="go">mail._domainkey.example.com. 3600 IN TXT "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCxBSjG6RnWAdU3oOlqsdf2WC0FOUmU8uHVrzxPLW2R3yRBPGLrGO1++yy3tv6kMieWZwEBHVOdefM6uQOQsZ4brahu9lhG8sFLPX4MaKYN/NR6RK4gdjrZu+MYSdfk3THgSbNwIDAQAB"</span>
|
||||
|
||||
<span class="go">;; Query time: 50 msec</span>
|
||||
<span class="go">;; SERVER: 127.0.1.1#53(127.0.1.1)</span>
|
||||
|
@ -1465,7 +1467,7 @@
|
|||
<hr />
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title">Key sizes >=4096-bit</p>
|
||||
<p>Keys of 4096 bits could de denied by some mailservers. According to <a href="https://tools.ietf.org/html/rfc6376">https://tools.ietf.org/html/rfc6376</a> keys are preferably between 512 and 2048 bits. See issue <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1854">#1854</a>.</p>
|
||||
<p>Keys of 4096 bits could de denied by some mail-servers. According to <a href="https://tools.ietf.org/html/rfc6376">https://tools.ietf.org/html/rfc6376</a> keys are preferably between 512 and 2048 bits. See issue <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1854">#1854</a>.</p>
|
||||
</div>
|
||||
|
||||
|
||||
|
@ -1548,10 +1550,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/dmarc/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1070,7 +1070,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1121,7 +1121,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1325,20 +1325,17 @@
|
|||
|
||||
<h1>DMARC</h1>
|
||||
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>DMARC Guide: <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md">https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md</a></p>
|
||||
</div>
|
||||
<p>More information at <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md">DMARC Guide</a>.</p>
|
||||
<h2 id="enabling-dmarc"><a class="toclink" href="#enabling-dmarc">Enabling DMARC</a></h2>
|
||||
<p>In <code>docker-mailserver</code>, DMARC is pre-configured out-of the box. The only thing you need to do in order to enable it, is to add new TXT entry to your DNS.</p>
|
||||
<p>In contrast with <a href="../dkim/">DKIM</a>, DMARC DNS entry does not require any keys, but merely setting the <a href="https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md#overview-of-dmarc-configuration-tags">configuration values</a>. You can either handcraft the entry by yourself or use one of available generators (like <a href="https://dmarcguide.globalcyberalliance.org/">https://dmarcguide.globalcyberalliance.org/</a>).</p>
|
||||
<p>Typically something like this should be good to start with (don't forget to replace <code>@domain.com</code> to your actual domain)
|
||||
<div class="highlight"><pre><span></span><code>_dmarc.domain.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; sp=none; ri=86400"
|
||||
</code></pre></div></p>
|
||||
<p>Or a bit more strict policies (mind <code>p=quarantine</code> and <code>sp=quarantine</code>):
|
||||
<div class="highlight"><pre><span></span><code>_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine"
|
||||
</code></pre></div></p>
|
||||
<p>DMARC status is not being displayed instantly in Gmail for instance. If you want to check it directly after DNS entries, you can use some services around the Internet such as <a href="https://dmarcguide.globalcyberalliance.org/">https://dmarcguide.globalcyberalliance.org/</a> or <a href="https://ondmarc.redsift.com/">https://ondmarc.redsift.com/</a>. In other case, email clients will show "DMARC: PASS" in ~1 day or so.</p>
|
||||
<p>In <code>docker-mailserver</code>, DMARC is pre-configured out of the box. The only thing you need to do in order to enable it, is to add new <code>TXT</code> entry to your DNS.</p>
|
||||
<p>In contrast with <a href="../dkim/">DKIM</a>, the DMARC DNS entry does not require any keys, but merely setting the [configuration values][dmarc-howto-configtags]. You can either handcraft the entry by yourself or use one of available generators (like <a href="https://dmarcguide.globalcyberalliance.org">this one</a>).</p>
|
||||
<p>Typically something like this should be good to start with (<em>don't forget to replace <code>@example.com</code> to your actual domain</em>):</p>
|
||||
<div class="highlight"><pre><span></span><code>_dmarc.example.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com; sp=none; ri=86400"
|
||||
</code></pre></div>
|
||||
<p>Or a bit more strict policies (<em>mind <code>p=quarantine</code> and <code>sp=quarantine</code></em>):</p>
|
||||
<div class="highlight"><pre><span></span><code>_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc.report@example.com; ruf=mailto:dmarc.report@example.com; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine"
|
||||
</code></pre></div>
|
||||
<p>DMARC status is not being displayed instantly in Gmail for instance. If you want to check it directly after DNS entries, you can use some services around the Internet such as from <a href="https://dmarcguide.globalcyberalliance.org">Global Cyber Alliance</a> or <a href="https://ondmarc.redsift.com">RedSift</a>. In other cases, email clients will show "DMARC: PASS" in ~1 day or so.</p>
|
||||
<p>Reference: <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1511">#1511</a></p>
|
||||
|
||||
|
||||
|
@ -1421,10 +1418,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/best-practices/spf/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1077,7 +1077,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1128,7 +1128,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1351,19 +1351,19 @@
|
|||
<h2 id="add-a-spf-record"><a class="toclink" href="#add-a-spf-record">Add a SPF Record</a></h2>
|
||||
<p>To add a SPF record in your DNS, insert the following line in your DNS zone:</p>
|
||||
<div class="highlight"><pre><span></span><code>; MX record must be declared for SPF to work
|
||||
domain.com. IN MX 1 mail.domain.com.
|
||||
example.com. IN MX 1 mail.example.com.
|
||||
|
||||
; SPF record
|
||||
domain.com. IN TXT "v=spf1 mx ~all"
|
||||
example.com. IN TXT "v=spf1 mx ~all"
|
||||
</code></pre></div>
|
||||
<p>This enables the <em>Softfail</em> mode for SPF. You could first add this SPF record with a very low TTL.<br />
|
||||
<em>SoftFail</em> is a good setting for getting started and testing, as it lets all email through, with spams tagged as such in the mailbox.</p>
|
||||
<p>This enables the <em>Softfail</em> mode for SPF. You could first add this SPF record with a very low TTL.</p>
|
||||
<p><em>SoftFail</em> is a good setting for getting started and testing, as it lets all email through, with spams tagged as such in the mailbox.</p>
|
||||
<p>After verification, you <em>might</em> want to change your SPF record to <code>v=spf1 mx -all</code> so as to enforce the <em>HardFail</em> policy. See <a href="http://www.open-spf.org/SPF_Record_Syntax">http://www.open-spf.org/SPF_Record_Syntax</a> for more details about SPF policies.</p>
|
||||
<p>In any case, increment the SPF record's TTL to its final value.</p>
|
||||
<h2 id="backup-mx-secondary-mx"><a class="toclink" href="#backup-mx-secondary-mx">Backup MX, Secondary MX</a></h2>
|
||||
<p>For whitelisting a IP Address from the SPF test, you can create a config file (see <a href="https://www.linuxcertif.com/man/5/policyd-spf.conf"><code>policyd-spf.conf</code></a>) and mount that file into <code>/etc/postfix-policyd-spf-python/policyd-spf.conf</code>.</p>
|
||||
<p><strong>Example:</strong></p>
|
||||
<p>Create and edit a <code>policyd-spf.conf</code> file here <code>/<your docker-mailserver dir>/config/postfix-policyd-spf.conf</code>:</p>
|
||||
<p>Create and edit a <code>policyd-spf.conf</code> file at <code>docker-data/dms/config/postfix-policyd-spf.conf</code>:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">debugLevel</span> <span class="o">=</span> <span class="s">1</span>
|
||||
<span class="c1">#0(only errors)-4(complete data received)</span>
|
||||
|
||||
|
@ -1371,11 +1371,11 @@ domain.com. IN TXT "v=spf1 mx ~all"
|
|||
|
||||
<span class="c1"># Preferably use IP-Addresses for whitelist lookups:</span>
|
||||
<span class="na">Whitelist</span> <span class="o">=</span> <span class="s">192.168.0.0/31,192.168.1.0/30</span>
|
||||
<span class="c1"># Domain_Whitelist = mx1.mybackupmx.com,mx2.mybackupmx.com</span>
|
||||
<span class="c1"># Domain_Whitelist = mx1.not-example.com,mx2.not-example.com</span>
|
||||
</code></pre></div>
|
||||
<p>Then add this line to <code>docker-compose.yml</code>:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/postfix-policyd-spf.conf:/etc/postfix-policyd-spf-python/policyd-spf.conf</span>
|
||||
</code></pre></div>
|
||||
|
||||
|
||||
|
@ -1458,10 +1458,10 @@ domain.com. IN TXT "v=spf1 mx ~all"
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/">
|
||||
|
||||
<link rel="icon" href="../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -628,13 +628,6 @@
|
|||
ENABLE_MANAGESIEVE
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#override_hostname_1" class="md-nav__link">
|
||||
OVERRIDE_HOSTNAME
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -1937,7 +1930,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1988,7 +1981,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -2338,13 +2331,6 @@
|
|||
ENABLE_MANAGESIEVE
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#override_hostname_1" class="md-nav__link">
|
||||
OVERRIDE_HOSTNAME
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
|
@ -3068,8 +3054,8 @@
|
|||
<h4 id="general"><a class="toclink" href="#general">General</a></h4>
|
||||
<h5 id="override_hostname"><a class="toclink" href="#override_hostname">OVERRIDE_HOSTNAME</a></h5>
|
||||
<ul>
|
||||
<li>empty => uses the <code>hostname</code> command to get the mail server's canonical hostname.</li>
|
||||
<li>=> Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable. It will take priority over your docker-compose.yml's <code>hostname:</code> and <code>domainname:</code> values.</li>
|
||||
<li><strong>empty</strong> => uses the <code>hostname</code> command to get canonical hostname for <code>docker-mailserver</code> to use.</li>
|
||||
<li>=> Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (<em>eg: you're in a container platform that doesn't let you</em>) specify it via this environment variable. It will take priority over <code>docker run</code> options: <code>--hostname</code> and <code>--domainname</code>, or <code>docker-compose.yml</code> config equivalents: <code>hostname:</code> and <code>domainname:</code>.</li>
|
||||
</ul>
|
||||
<h5 id="dms_debug"><a class="toclink" href="#dms_debug">DMS_DEBUG</a></h5>
|
||||
<ul>
|
||||
|
@ -3146,16 +3132,20 @@ FAIL2BAN_BLOCKTYPE=drop</li>
|
|||
<li>1 => only launch postfix smtp</li>
|
||||
</ul>
|
||||
<h5 id="ssl_type"><a class="toclink" href="#ssl_type">SSL_TYPE</a></h5>
|
||||
<p>In the majority of cases, you want <code>letsencrypt</code> or <code>manual</code>.</p>
|
||||
<p><code>self-signed</code> can be used for testing SSL until you provide a valid certificate, note that third-parties cannot trust <code>self-signed</code> certificates, do not use this type in production. <code>custom</code> is a temporary workaround that is not officially supported.</p>
|
||||
<ul>
|
||||
<li><strong>empty</strong> => SSL disabled.</li>
|
||||
<li>letsencrypt => Enables Let's Encrypt certificates.</li>
|
||||
<li>custom => Enables custom certificates.</li>
|
||||
<li>manual => Let you manually specify locations of your SSL certificates for non-standard cases</li>
|
||||
<li>letsencrypt => Support for using certificates with <em>Let's Encrypt</em> provisioners. (Docs: <a href="../security/ssl/#lets-encrypt-recommended"><em>Let's Encrypt</em> Setup</a>)</li>
|
||||
<li>manual => Provide your own certificate via separate key and cert files. (Docs: <a href="../security/ssl/#bring-your-own-certificates">Bring Your Own Certificates</a>)<ul>
|
||||
<li>Requires: <code>SSL_CERT_PATH</code> and <code>SSL_KEY_PATH</code> ENV vars to be set to the location of the files within the container.</li>
|
||||
<li>Optional: <code>SSL_ALT_CERT_PATH</code> and <code>SSL_ALT_KEY_PATH</code> allow providing a 2nd certificate as a fallback for dual (aka hybrid) certificate support. Useful for ECDSA with an RSA fallback. Presently only <code>manual</code> mode supports this feature.</li>
|
||||
<li>self-signed => Enables self-signed certificates.</li>
|
||||
<li>Optional: <code>SSL_ALT_CERT_PATH</code> and <code>SSL_ALT_KEY_PATH</code> allow providing a 2nd certificate as a fallback for dual (aka hybrid) certificate support. Useful for ECDSA with an RSA fallback. <em>Presently only <code>manual</code> mode supports this feature</em>.</li>
|
||||
</ul>
|
||||
<p>Please read <a href="https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl">the SSL page in the documentation</a> for more information.</p>
|
||||
</li>
|
||||
<li>custom => Provide your own certificate as a single file containing both the private key and full certificate chain. (Docs: <code>None</code>)</li>
|
||||
<li>self-signed => Provide your own self-signed certificate files. Expects a self-signed CA cert for verification. <strong>Use only for local testing of your setup</strong>. (Docs: <a href="../security/ssl/#self-signed-certificates">Self-Signed Certificates</a>)</li>
|
||||
</ul>
|
||||
<p>Please read <a href="./config/security/ssl.md">the SSL page in the documentation</a> for more information.</p>
|
||||
<h5 id="tls_level"><a class="toclink" href="#tls_level">TLS_LEVEL</a></h5>
|
||||
<ul>
|
||||
<li><strong>empty</strong> => modern</li>
|
||||
|
@ -3169,7 +3159,7 @@ FAIL2BAN_BLOCKTYPE=drop</li>
|
|||
<li>1 => (recommended) Mail spoofing denied. Each user may only send with his own or his alias addresses. Addresses with <a href="http://www.postfix.org/postconf.5.html#recipient_delimiter">extension delimiters</a> are not able to send messages.</li>
|
||||
</ul>
|
||||
<h5 id="enable_srs"><a class="toclink" href="#enable_srs">ENABLE_SRS</a></h5>
|
||||
<p>Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See <a href="https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course">postsrsd</a> for further explanation.</p>
|
||||
<p>Enables the Sender Rewriting Scheme. SRS is needed if <code>docker-mailserver</code> acts as forwarder. See <a href="https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course">postsrsd</a> for further explanation.</p>
|
||||
<ul>
|
||||
<li><strong>0</strong> => Disabled</li>
|
||||
<li>1 => Enabled</li>
|
||||
|
@ -3209,7 +3199,7 @@ FAIL2BAN_BLOCKTYPE=drop</li>
|
|||
<li><strong>1</strong> => Dovecot quota is enabled</li>
|
||||
<li>0 => Dovecot quota is disabled</li>
|
||||
</ul>
|
||||
<p>See <a href="https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes">mailbox quota</a>.</p>
|
||||
<p>See <a href="./config/user-management/accounts.md#notes">mailbox quota</a>.</p>
|
||||
<h5 id="postfix_message_size_limit"><a class="toclink" href="#postfix_message_size_limit">POSTFIX_MESSAGE_SIZE_LIMIT</a></h5>
|
||||
<p>Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)</p>
|
||||
<ul>
|
||||
|
@ -3220,14 +3210,9 @@ FAIL2BAN_BLOCKTYPE=drop</li>
|
|||
<li><strong>empty</strong> => Managesieve service disabled</li>
|
||||
<li>1 => Enables Managesieve on port 4190</li>
|
||||
</ul>
|
||||
<h5 id="override_hostname_1"><a class="toclink" href="#override_hostname_1">OVERRIDE_HOSTNAME</a></h5>
|
||||
<ul>
|
||||
<li><strong>empty</strong> => uses the <code>hostname</code> command to get the mail server's canonical hostname</li>
|
||||
<li>=> Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.</li>
|
||||
</ul>
|
||||
<h5 id="postmaster_address"><a class="toclink" href="#postmaster_address">POSTMASTER_ADDRESS</a></h5>
|
||||
<ul>
|
||||
<li><strong>empty</strong> => <a href="mailto:postmaster@domain.com">postmaster@domain.com</a></li>
|
||||
<li><strong>empty</strong> => <a href="mailto:postmaster@example.com">postmaster@example.com</a></li>
|
||||
<li>=> Specify the postmaster address</li>
|
||||
</ul>
|
||||
<h5 id="enable_update_check"><a class="toclink" href="#enable_update_check">ENABLE_UPDATE_CHECK</a></h5>
|
||||
|
@ -3327,8 +3312,8 @@ the logs.</p>
|
|||
<li>monthly => Rotate monthly.</li>
|
||||
</ul>
|
||||
<p>Note that only the log inside the container is affected.
|
||||
The full log output is still available via <code>docker logs mail</code> (or your respective container name).
|
||||
If you want to control logrotation for the docker generated logfile see: <a href="https://docs.docker.com/config/containers/logging/configure/">Docker Logging Drivers</a>.</p>
|
||||
The full log output is still available via <code>docker logs mailserver</code> (<em>or your respective container name</em>).
|
||||
If you want to control logrotation for the docker generated logfile, see: <a href="https://docs.docker.com/config/containers/logging/configure/">Docker Logging Drivers</a>.</p>
|
||||
<p>Also note that by default the logs are lost when the container is recycled. To keep the logs, mount a volume.</p>
|
||||
<p>Finally the logrotate interval <strong>may</strong> affect the period for generated reports. That is the case when the reports are triggered by log rotation.</p>
|
||||
<h4 id="spamassassin"><a class="toclink" href="#spamassassin">SpamAssassin</a></h4>
|
||||
|
@ -3364,7 +3349,12 @@ Use <code>SPAMASSASSIN_SPAM_TO_INBOX=1</code> for receiving spam messages.</p>
|
|||
<ul>
|
||||
<li><strong>6.31</strong> => triggers spam evasive actions</li>
|
||||
</ul>
|
||||
<p>Note: this SpamAssassin setting needs <code>ENABLE_SPAMASSASSIN=1</code>. By default, the mailserver is configured to quarantine spam emails. If emails are quarantined, they are compressed and stored in a location dependent on the ONE_DIR setting above. If <code>ONE_DIR=1</code> the location is /var/mail-state/lib-amavis/virusmails/. If <code>ONE_DIR=0</code> it is /var/lib/amavis/virusmails/. These paths are inside the docker container. To inhibit this behaviour and deliver spam emails, set this to a very high value e.g. 100.0.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">This SpamAssassin setting needs <code>ENABLE_SPAMASSASSIN=1</code></p>
|
||||
<p>By default, <code>docker-mailserver</code> is configured to quarantine spam emails.</p>
|
||||
<p>If emails are quarantined, they are compressed and stored in a location dependent on the <code>ONE_DIR</code> setting above. To inhibit this behaviour and deliver spam emails, set this to a very high value e.g. <code>100.0</code>.</p>
|
||||
<p>If <code>ONE_DIR=1</code> (default) the location is <code>/var/mail-state/lib-amavis/virusmails/</code>, or if <code>ONE_DIR=0</code>: <code>/var/lib/amavis/virusmails/</code>. These paths are inside the docker container.</p>
|
||||
</div>
|
||||
<h5 id="sa_spam_subject"><a class="toclink" href="#sa_spam_subject">SA_SPAM_SUBJECT</a></h5>
|
||||
<ul>
|
||||
<li><strong>***SPAM***</strong> => add tag to subject if spam detected</li>
|
||||
|
@ -3412,9 +3402,9 @@ Use <code>SPAMASSASSIN_SPAM_TO_INBOX=1</code> for receiving spam messages.</p>
|
|||
</ul>
|
||||
<h5 id="ldap_server_host"><a class="toclink" href="#ldap_server_host">LDAP_SERVER_HOST</a></h5>
|
||||
<ul>
|
||||
<li><strong>empty</strong> => mail.domain.com</li>
|
||||
<li>=> Specify the dns-name/ip-address where the ldap-server is listening, or an URI like <code>ldaps://mail.domain.com</code></li>
|
||||
<li>NOTE: If you going to use the mailserver in combination with docker-compose you can set the service name here</li>
|
||||
<li><strong>empty</strong> => mail.example.com</li>
|
||||
<li>=> Specify the dns-name/ip-address where the ldap-server is listening, or an URI like <code>ldaps://mail.example.com</code></li>
|
||||
<li>NOTE: If you going to use <code>docker-mailserver</code> in combination with <code>docker-compose.yml</code> you can set the service name here</li>
|
||||
</ul>
|
||||
<h5 id="ldap_search_base"><a class="toclink" href="#ldap_search_base">LDAP_SEARCH_BASE</a></h5>
|
||||
<ul>
|
||||
|
@ -3670,7 +3660,7 @@ you to replace both instead of just the envelope sender.</p>
|
|||
</ul>
|
||||
<h5 id="srs_domainname"><a class="toclink" href="#srs_domainname">SRS_DOMAINNAME</a></h5>
|
||||
<ul>
|
||||
<li><strong>empty</strong> => Derived from OVERRIDE_HOSTNAME, DOMAINNAME, or the container's hostname</li>
|
||||
<li><strong>empty</strong> => Derived from <a href="#override_hostname"><code>OVERRIDE_HOSTNAME</code></a>, <code>$DOMAINNAME</code> (internal), or the container's hostname</li>
|
||||
<li>Set this if auto-detection fails, isn't what you want, or you wish to have a separate container handle DSNs</li>
|
||||
</ul>
|
||||
<h4 id="default-relay-host"><a class="toclink" href="#default-relay-host">Default Relay Host</a></h4>
|
||||
|
@ -3783,10 +3773,10 @@ you to replace both instead of just the envelope sender.</p>
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/pop3/">
|
||||
|
||||
<link rel="icon" href="../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1035,7 +1035,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1086,7 +1086,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1352,10 +1352,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/security/fail2ban/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1110,7 +1110,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1161,7 +1161,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1407,10 +1407,10 @@
|
|||
|
||||
<p>Fail2Ban is installed automatically and bans IP addresses for 3 hours after 3 failed attempts in 10 minutes by default.</p>
|
||||
<h2 id="configuration-files"><a class="toclink" href="#configuration-files">Configuration files</a></h2>
|
||||
<p>If you want to change this, you can easily edit <a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-jail.cf"><code>config/fail2ban-jail.cf</code></a>.</p>
|
||||
<p>You can do the same with the values from <code>fail2ban.conf</code>, e.g <code>dbpurgeage</code>. In that case you need to edit <a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-fail2ban.cf"><code>config/fail2ban-fail2ban.cf</code></a>.</p>
|
||||
<p>The configuration files need to be located at the root of the <code>/tmp/docker-mailserver/</code> volume bind.</p>
|
||||
<p>This following configuration files from <code>/tmp/docker-mailserver/</code> will be copied at boot time.</p>
|
||||
<p>If you want to change this, you can easily edit our github example file: <a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-jail.cf"><code>config/fail2ban-jail.cf</code></a>.</p>
|
||||
<p>You can do the same with the values from <code>fail2ban.conf</code>, e.g <code>dbpurgeage</code>. In that case you need to edit: <a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/config/fail2ban-fail2ban.cf"><code>config/fail2ban-fail2ban.cf</code></a>.</p>
|
||||
<p>The configuration files need to be located at the root of the <code>/tmp/docker-mailserver/</code> volume bind (usually <code>./docker-data/dms/config/:/tmp/docker-mailserver/</code>).</p>
|
||||
<p>This following configuration files from <code>/tmp/docker-mailserver/</code> will be copied during container startup.</p>
|
||||
<ul>
|
||||
<li><code>fail2ban-jail.cf</code> -> <code>/etc/fail2ban/jail.d/user-jail.local</code></li>
|
||||
<li><code>fail2ban-fail2ban.cf</code> -> <code>/etc/fail2ban/fail2ban.local</code></li>
|
||||
|
@ -1418,12 +1418,12 @@
|
|||
<h3 id="docker-compose-config"><a class="toclink" href="#docker-compose-config">Docker-compose config</a></h3>
|
||||
<p>Example configuration volume bind:</p>
|
||||
<div class="highlight"><pre><span></span><code> <span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/:/tmp/docker-mailserver/</span>
|
||||
</code></pre></div>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Attention</p>
|
||||
<p>The mail container must be launched with the <code>NET_ADMIN</code> capability in order to be able to install the iptable rules that actually ban IP addresses.</p>
|
||||
<p>Thus either include <code>--cap-add=NET_ADMIN</code> in the docker run commandline or the equivalent <code>docker-compose.yml</code>:</p>
|
||||
<p><code>docker-mailserver</code> must be launched with the <code>NET_ADMIN</code> capability in order to be able to install the iptable rules that actually ban IP addresses.</p>
|
||||
<p>Thus either include <code>--cap-add=NET_ADMIN</code> in the <code>docker run</code> command, or the equivalent in <code>docker-compose.yml</code>:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">cap_add</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_ADMIN</span>
|
||||
</code></pre></div>
|
||||
|
@ -1525,10 +1525,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/security/mail_crypt/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1068,7 +1068,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1119,7 +1119,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1460,10 +1460,10 @@ T<>9<EFBFBD>8t<38>6<EFBFBD><36> t<><74><EFBFBD>e<EFBFBD>W<EFBFBD><57>S `<60>H<EFBFBD><48>C<EFBFBD>ڤ <20>yeY<65><59>XZ
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/security/ssl/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -703,8 +703,8 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#custom-certificate-files" class="md-nav__link">
|
||||
Custom Certificate Files
|
||||
<a href="#bring-your-own-certificates" class="md-nav__link">
|
||||
Bring Your Own Certificates
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
@ -1171,7 +1171,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1222,7 +1222,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1474,8 +1474,8 @@
|
|||
</li>
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#custom-certificate-files" class="md-nav__link">
|
||||
Custom Certificate Files
|
||||
<a href="#bring-your-own-certificates" class="md-nav__link">
|
||||
Bring Your Own Certificates
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
@ -1527,12 +1527,12 @@
|
|||
|
||||
<h1>SSL/TLS</h1>
|
||||
|
||||
<p>There are multiple options to enable SSL:</p>
|
||||
<p>There are multiple options to enable SSL (via <a href="../../environment/#ssl_type"><code>SSL_TYPE</code></a>):</p>
|
||||
<ul>
|
||||
<li>Using <a href="#lets-encrypt-recommended">letsencrypt</a> (recommended)</li>
|
||||
<li>Using <a href="#caddy">Caddy</a></li>
|
||||
<li>Using <a href="#traefik">Traefik</a></li>
|
||||
<li>Using <a href="#self-signed-certificates-testing-only">self-signed certificates</a> with the provided tool</li>
|
||||
<li>Using <a href="#self-signed-certificates-testing-only">self-signed certificates</a></li>
|
||||
<li>Using <a href="#custom-certificate-files">your own certificates</a></li>
|
||||
</ul>
|
||||
<p>After installation, you can test your setup with:</p>
|
||||
|
@ -1541,7 +1541,7 @@
|
|||
<li><a href="https://github.com/drwetter/testssl.sh"><code>testssl.sh</code></a></li>
|
||||
</ul>
|
||||
<h2 id="lets-encrypt-recommended"><a class="toclink" href="#lets-encrypt-recommended">Let's Encrypt (Recommended)</a></h2>
|
||||
<p>To enable Let's Encrypt on your mail server, you have to:</p>
|
||||
<p>To enable Let's Encrypt for <code>docker-mailserver</code>, you have to:</p>
|
||||
<ul>
|
||||
<li>Get your certificate using <a href="https://github.com/letsencrypt/letsencrypt">letsencrypt client</a></li>
|
||||
<li>Add an environment variable <code>SSL_TYPE</code> with value <code>letsencrypt</code> (see <a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/docker-compose.yml"><code>docker-compose.yml</code></a>)</li>
|
||||
|
@ -1551,8 +1551,8 @@
|
|||
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">myserver.tld</span>
|
||||
<span class="nt">fqdn</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail.myserver.tld</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example.com</span>
|
||||
<span class="nt">fqdn</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail.example.com</span>
|
||||
</code></pre></div>
|
||||
</li>
|
||||
</ul>
|
||||
|
@ -1566,7 +1566,7 @@
|
|||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
<p>Now get the certificate (modify <code>mail.myserver.tld</code>) and following the certbot instructions.</p>
|
||||
<p>Now get the certificate (modify <code>mail.example.com</code>) and following the certbot instructions.</p>
|
||||
</li>
|
||||
<li>
|
||||
<p>This will need access to port 80 from the internet, adjust your firewall if needed:</p>
|
||||
|
@ -1574,7 +1574,7 @@
|
|||
-v <span class="nv">$PWD</span>/log/:/var/log/letsencrypt/ <span class="se">\</span>
|
||||
-v <span class="nv">$PWD</span>/etc/:/etc/letsencrypt/ <span class="se">\</span>
|
||||
-p <span class="m">80</span>:80 <span class="se">\</span>
|
||||
certbot/certbot certonly --standalone -d mail.myserver.tld
|
||||
certbot/certbot certonly --standalone -d mail.example.com
|
||||
</code></pre></div>
|
||||
</li>
|
||||
<li>
|
||||
|
@ -1590,7 +1590,7 @@
|
|||
</li>
|
||||
</ol>
|
||||
<h3 id="example-using-docker-nginx-proxy-and-letsencrypt-nginx-proxy-companion"><a class="toclink" href="#example-using-docker-nginx-proxy-and-letsencrypt-nginx-proxy-companion">Example using Docker, <code>nginx-proxy</code> and <code>letsencrypt-nginx-proxy-companion</code></a></h3>
|
||||
<p>If you are running a web server already, it is non-trivial to generate a Let's Encrypt certificate for your mail server using <code>certbot</code>, because port 80 is already occupied. In the following example, we show how <code>docker-mailserver</code> can be run alongside the docker containers <code>nginx-proxy</code> and <code>letsencrypt-nginx-proxy-companion</code>.</p>
|
||||
<p>If you are running a web server already, it is non-trivial to generate a Let's Encrypt certificate for your <code>docker-mailserver</code> using <code>certbot</code>, because port 80 is already occupied. In the following example, we show how <code>docker-mailserver</code> can be run alongside the docker containers <code>nginx-proxy</code> and <code>letsencrypt-nginx-proxy-companion</code>.</p>
|
||||
<p>There are several ways to start <code>nginx-proxy</code> and <code>letsencrypt-nginx-proxy-companion</code>. Any method should be suitable here.</p>
|
||||
<p>For example start <code>nginx-proxy</code> as in the <code>letsencrypt-nginx-proxy-companion</code> <a href="https://github.com/JrCs/docker-letsencrypt-nginx-proxy-companion">documentation</a>:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker run --detach <span class="se">\</span>
|
||||
|
@ -1614,24 +1614,23 @@
|
|||
jrcs/letsencrypt-nginx-proxy-companion
|
||||
</code></pre></div>
|
||||
<p>Start the rest of your web server containers as usual.</p>
|
||||
<p>Start another container for your <code>mail.myserver.tld</code>. This will generate a Let's Encrypt certificate for your domain, which can be used by <code>docker-mailserver</code>. It will also run a web server on port 80 at that address:</p>
|
||||
<p>Start another container for your <code>mail.example.com</code>. This will generate a Let's Encrypt certificate for your domain, which can be used by <code>docker-mailserver</code>. It will also run a web server on port 80 at that address:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker run -d <span class="se">\</span>
|
||||
--name webmail <span class="se">\</span>
|
||||
-e <span class="s2">"VIRTUAL_HOST=mail.myserver.tld"</span> <span class="se">\</span>
|
||||
-e <span class="s2">"LETSENCRYPT_HOST=mail.myserver.tld"</span> <span class="se">\</span>
|
||||
-e <span class="s2">"LETSENCRYPT_EMAIL=foo@bar.com"</span> <span class="se">\</span>
|
||||
-e <span class="s2">"VIRTUAL_HOST=mail.example.com"</span> <span class="se">\</span>
|
||||
-e <span class="s2">"LETSENCRYPT_HOST=mail.example.com"</span> <span class="se">\</span>
|
||||
-e <span class="s2">"LETSENCRYPT_EMAIL=admin@example.com"</span> <span class="se">\</span>
|
||||
library/nginx
|
||||
</code></pre></div>
|
||||
<p>You may want to add <code>-e LETSENCRYPT_TEST=true</code> to the above while testing to avoid the Let's Encrypt certificate generation rate limits.</p>
|
||||
<p>Finally, start the mailserver with the <code>docker-compose.yml</code>. Make sure your mount path to the letsencrypt certificates is correct.</p>
|
||||
<p>Inside your <code>/path/to/mailserver/docker-compose.yml</code> (for the mailserver from this repo) make sure volumes look like below example:</p>
|
||||
<p>Make sure your mount path to the letsencrypt certificates is correct. Edit your <code>/path/to/mailserver/docker-compose.yml</code> for the <code>mailserver</code> service to have volumes added like the example below:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">maildata:/var/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">mailstate:/var/mail-state</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-data/:/var/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-state/:/var/mail-state/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/server/letsencrypt/etc:/etc/letsencrypt/live</span>
|
||||
</code></pre></div>
|
||||
<p>Then: <code>/path/to/mailserver/docker-compose up -d mail</code></p>
|
||||
<p>Then from the <code>docker-compose.yml</code> directory, run: <code>docker-compose up -d mailserver</code>.</p>
|
||||
<h3 id="example-using-docker-nginx-proxy-and-letsencrypt-nginx-proxy-companion-with-docker-compose"><a class="toclink" href="#example-using-docker-nginx-proxy-and-letsencrypt-nginx-proxy-companion-with-docker-compose">Example using Docker, <code>nginx-proxy</code> and <code>letsencrypt-nginx-proxy-companion</code> with <code>docker-compose</code></a></h3>
|
||||
<p>The following <code>docker-compose.yml</code> is the basic setup you need for using <code>letsencrypt-nginx-proxy-companion</code>. It is mainly derived from its own wiki/documenation.</p>
|
||||
<details class="example" open="open"><summary>Example Code</summary><div class="highlight"><pre><span></span><code><span class="nt">version</span><span class="p">:</span> <span class="s">"2"</span>
|
||||
|
@ -1683,14 +1682,14 @@
|
|||
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">nginx-proxy</span>
|
||||
</code></pre></div>
|
||||
</details>
|
||||
<p>The second part of the setup is the actual mail container. So, in another folder, create another <code>docker-compose.yml</code> with the following content (Removed all ENV variables for this example):</p>
|
||||
<p>The second part of the setup is the <code>docker-mailserver</code> container. So, in another folder, create another <code>docker-compose.yml</code> with the following content (Removed all ENV variables for this example):</p>
|
||||
<details class="example" open="open"><summary>Example Code</summary><div class="highlight"><pre><span></span><code><span class="nt">version</span><span class="p">:</span> <span class="s">'3.8'</span>
|
||||
<span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example.com</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">ports</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"25:25"</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"143:143"</span>
|
||||
|
@ -1698,10 +1697,10 @@
|
|||
<span class="p p-Indicator">-</span> <span class="s">"587:587"</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"993:993"</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./mail:/var/mail</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./mail-state:/var/mail-state</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/mnt/data/nginx/certs/:/etc/letsencrypt/live/:ro</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-data/:/var/mail/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/mail-state/:/var/mail-state/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/config/:/tmp/docker-mailserver/</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/nginx-proxy/certs/:/etc/letsencrypt/live/:ro</span>
|
||||
<span class="nt">cap_add</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">NET_ADMIN</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SYS_PTRACE</span>
|
||||
|
@ -1724,23 +1723,25 @@
|
|||
<span class="nt">name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">nginx-proxy</span>
|
||||
</code></pre></div>
|
||||
</details>
|
||||
<p>The mail container needs to have the letsencrypt certificate folder mounted as a volume. No further changes are needed. The second container is a dummy-sidecar we need, because the mail-container do not expose any web-ports. Set your ENV variables as you need. (<code>VIRTUAL_HOST</code> and <code>LETSENCRYPT_HOST</code> are mandandory, see documentation)</p>
|
||||
<p><code>docker-mailserver</code> needs to have the letsencrypt certificate folder mounted as a volume. No further changes are needed. The second container is a dummy-sidecar we need, because the mail-container do not expose any web-ports. Set your ENV variables as you need. (<code>VIRTUAL_HOST</code> and <code>LETSENCRYPT_HOST</code> are mandandory, see documentation)</p>
|
||||
<h3 id="example-using-the-lets-encrypt-certificates-on-a-synology-nas"><a class="toclink" href="#example-using-the-lets-encrypt-certificates-on-a-synology-nas">Example using the Let's Encrypt Certificates on a Synology NAS</a></h3>
|
||||
<p>Version 6.2 and later of the Synology NAS DSM OS now come with an interface to generate and renew letencrypt certificates. Navigation into your DSM control panel and go to Security, then click on the tab Certificate to generate and manage letsencrypt certificates.</p>
|
||||
<p>Amongst other things, you can use these to secure your mail server. DSM locates the generated certificates in a folder below <code>/usr/syno/etc/certificate/_archive/</code>.</p>
|
||||
<p>Amongst other things, you can use these to secure your mail-server. DSM locates the generated certificates in a folder below <code>/usr/syno/etc/certificate/_archive/</code>.</p>
|
||||
<p>Navigate to that folder and note the 6 character random folder name of the certificate you'd like to use. Then, add the following to your <code>docker-compose.yml</code> declaration file:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/usr/syno/etc/certificate/_archive/<your-folder>/:/tmp/ssl</span>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># Note: If you have an existing setup that was working pre docker-mailserver v10.2,</span>
|
||||
<span class="c1"># '/tmp/dms/custom-certs' below has replaced the previous '/tmp/ssl' container path.</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/usr/syno/etc/certificate/_archive/<your-folder>/:/tmp/dms/custom-certs/</span>
|
||||
<span class="nt">environment</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_TYPE=manual</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_CERT_PATH=/tmp/ssl/fullchain.pem</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_KEY_PATH=/tmp/ssl/privkey.pem</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_CERT_PATH=/tmp/dms/custom-certs/fullchain.pem</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_KEY_PATH=/tmp/dms/custom-certs/privkey.pem</span>
|
||||
</code></pre></div>
|
||||
<p>DSM-generated letsencrypt certificates get auto-renewed every three months.</p>
|
||||
<h2 id="caddy"><a class="toclink" href="#caddy">Caddy</a></h2>
|
||||
<p>If you are using Caddy to renew your certificates, please note that only RSA certificates work. Read <a href="https://github.com/docker-mailserver/docker-mailserver/issues/1440">#1440</a> for details. In short for Caddy v1 the <code>Caddyfile</code> should look something like:</p>
|
||||
<div class="highlight"><pre><span></span><code>https://mail.domain.com {
|
||||
tls yourcurrentemail@gmail.com {
|
||||
<div class="highlight"><pre><span></span><code>https://mail.example.com {
|
||||
tls admin@example.com {
|
||||
key_type rsa2048
|
||||
}
|
||||
}
|
||||
|
@ -1751,7 +1752,7 @@
|
|||
admin localhost:2019
|
||||
http_port 80
|
||||
https_port 443
|
||||
default_sni mywebserver.com
|
||||
default_sni example.com
|
||||
key_type rsa4096
|
||||
}
|
||||
</code></pre></div>
|
||||
|
@ -1769,7 +1770,7 @@
|
|||
<span class="nt">"match"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="p">{</span>
|
||||
<span class="nt">"host"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"mail.domain.com"</span><span class="p">,</span>
|
||||
<span class="s2">"mail.example.com"</span><span class="p">,</span>
|
||||
<span class="p">]</span>
|
||||
<span class="p">}</span>
|
||||
<span class="p">],</span>
|
||||
|
@ -1799,17 +1800,17 @@
|
|||
<span class="nt">"policies"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="p">{</span>
|
||||
<span class="nt">"subjects"</span><span class="p">:</span> <span class="p">[</span>
|
||||
<span class="s2">"mail.domain.com"</span><span class="p">,</span>
|
||||
<span class="s2">"mail.example.com"</span><span class="p">,</span>
|
||||
<span class="p">],</span>
|
||||
<span class="nt">"key_type"</span><span class="p">:</span> <span class="s2">"rsa2048"</span><span class="p">,</span>
|
||||
<span class="nt">"issuer"</span><span class="p">:</span> <span class="p">{</span>
|
||||
<span class="nt">"email"</span><span class="p">:</span> <span class="s2">"email@email.com"</span><span class="p">,</span>
|
||||
<span class="nt">"email"</span><span class="p">:</span> <span class="s2">"admin@example.com"</span><span class="p">,</span>
|
||||
<span class="nt">"module"</span><span class="p">:</span> <span class="s2">"acme"</span>
|
||||
<span class="p">}</span>
|
||||
<span class="p">},</span>
|
||||
<span class="p">{</span>
|
||||
<span class="nt">"issuer"</span><span class="p">:</span> <span class="p">{</span>
|
||||
<span class="nt">"email"</span><span class="p">:</span> <span class="s2">"email@email.com"</span><span class="p">,</span>
|
||||
<span class="nt">"email"</span><span class="p">:</span> <span class="s2">"admin@example.com"</span><span class="p">,</span>
|
||||
<span class="nt">"module"</span><span class="p">:</span> <span class="s2">"acme"</span>
|
||||
<span class="p">}</span>
|
||||
<span class="p">}</span>
|
||||
|
@ -1822,8 +1823,8 @@
|
|||
</details>
|
||||
<p>The generated certificates can be mounted:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">${CADDY_DATA_DIR}/certificates/acme-v02.api.letsencrypt.org-directory/mail.domain.com/mail.domain.com.crt:/etc/letsencrypt/live/mail.domain.com/fullchain.pem</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">${CADDY_DATA_DIR}/certificates/acme-v02.api.letsencrypt.org-directory/mail.domain.com/mail.domain.com.key:/etc/letsencrypt/live/mail.domain.com/privkey.pem</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">${CADDY_DATA_DIR}/certificates/acme-v02.api.letsencrypt.org-directory/mail.example.com/mail.example.com.crt:/etc/letsencrypt/live/mail.example.com/fullchain.pem</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">${CADDY_DATA_DIR}/certificates/acme-v02.api.letsencrypt.org-directory/mail.example.com/mail.example.com.key:/etc/letsencrypt/live/mail.example.com/privkey.pem</span>
|
||||
</code></pre></div>
|
||||
<p>EC certificates fail in the TLS handshake:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="go">CONNECTED(00000003)</span>
|
||||
|
@ -1833,7 +1834,7 @@
|
|||
</code></pre></div>
|
||||
<h2 id="traefik-v2"><a class="toclink" href="#traefik-v2">Traefik v2</a></h2>
|
||||
<p><a href="https://github.com/containous/traefik">Traefik</a> is an open-source application proxy using the <a href="https://datatracker.ietf.org/doc/html/rfc8555">ACME protocol</a>. <a href="https://github.com/containous/traefik">Traefik</a> can request certificates for domains and subdomains, and it will take care of renewals, challenge negotiations, etc. We strongly recommend to use <a href="https://github.com/containous/traefik">Traefik</a>'s major version 2.</p>
|
||||
<p><a href="https://github.com/containous/traefik">Traefik</a>'s storage format is natively supported if the <code>acme.json</code> store is mounted into the container at <code>/etc/letsencrypt/acme.json</code>. The file is also monitored for changes and will trigger a reload of the mail services. Wild card certificates issued for <code>*.domain.tld</code> are supported. You will then want to use <code class="highlight"><span class="nv">SSL_DOMAIN</span><span class="o">=</span>domain.tld</code>. Lookup of the certificate domain happens in the following order:</p>
|
||||
<p><a href="https://github.com/containous/traefik">Traefik</a>'s storage format is natively supported if the <code>acme.json</code> store is mounted into the container at <code>/etc/letsencrypt/acme.json</code>. The file is also monitored for changes and will trigger a reload of the mail services (Postfix and Dovecot). Wild card certificates issued for <code>*.example.com</code> are supported. You will then want to use <code class="highlight"><span class="nv">SSL_DOMAIN</span><span class="o">=</span>example.com</code>. Lookup of the certificate domain happens in the following order:</p>
|
||||
<ol>
|
||||
<li><code class="highlight"><span class="si">${</span><span class="nv">SSL_DOMAIN</span><span class="si">}</span></code></li>
|
||||
<li><code class="highlight"><span class="si">${</span><span class="nv">HOSTNAME</span><span class="si">}</span></code></li>
|
||||
|
@ -1845,19 +1846,20 @@
|
|||
<span class="nt">services</span><span class="p">:</span>
|
||||
<span class="nt">mailserver</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/mailserver/docker-mailserver:latest</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">hostname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail</span>
|
||||
<span class="nt">domainname</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">example.com</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mailserver</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/traefik/acme.json:/etc/letsencrypt/acme.json:ro</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/traefik/acme.json:/etc/letsencrypt/acme.json:ro</span>
|
||||
<span class="nt">environment</span><span class="p">:</span>
|
||||
<span class="nt">SSL_TYPE</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">letsencrypt</span>
|
||||
<span class="nt">SSL_DOMAIN</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail.example.com"</span>
|
||||
<span class="nt">SSL_DOMAIN</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">mail.example.com</span>
|
||||
<span class="c1"># for a wildcard certificate, use</span>
|
||||
<span class="c1"># SSL_DOMAIN: example.com</span>
|
||||
|
||||
<span class="nt">traefik</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/traefik:v2.5</span>
|
||||
<span class="nt">reverse-proxy</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/traefik:latest</span> <span class="c1">#v2.5</span>
|
||||
<span class="nt">container_name</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker-traefik</span>
|
||||
<span class="nt">ports</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"80:80"</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"443:443"</span>
|
||||
|
@ -1868,17 +1870,17 @@
|
|||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--entrypoints.http.http.redirections.entryPoint.scheme=https</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--entrypoints.https.address=:443</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--entrypoints.https.http.tls.certResolver=letsencrypt</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--certificatesresolvers.letsencrypt.acme.email=admin@domain.tld</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--certificatesresolvers.letsencrypt.acme.email=admin@example.com</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--certificatesresolvers.letsencrypt.acme.storage=/acme.json</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http</span>
|
||||
<span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/traefik/acme.json:/acme.json</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/traefik/acme.json:/acme.json</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/var/run/docker.sock:/var/run/docker.sock:ro</span>
|
||||
|
||||
<span class="nt">whoami</span><span class="p">:</span>
|
||||
<span class="nt">image</span><span class="p">:</span> <span class="l l-Scalar l-Scalar-Plain">docker.io/traefik/whoami:latest</span>
|
||||
<span class="nt">labels</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"traefik.http.routers.whoami.rule=Host(`mail.domain.tld`)"</span>
|
||||
<span class="p p-Indicator">-</span> <span class="s">"traefik.http.routers.whoami.rule=Host(`mail.example.com`)"</span>
|
||||
</code></pre></div>
|
||||
</details>
|
||||
<h2 id="self-signed-certificates"><a class="toclink" href="#self-signed-certificates">Self-Signed Certificates</a></h2>
|
||||
|
@ -1886,25 +1888,20 @@
|
|||
<p class="admonition-title">Warning</p>
|
||||
<p>Use self-signed certificates only for testing purposes!</p>
|
||||
</div>
|
||||
<p>This feature requires you to provide the following files into your <a href="../../advanced/optional-config/"><code>config/ssl/</code> directory</a> (internal location: <code>/tmp/docker-mailserver/ssl/</code>):</p>
|
||||
<p>This feature requires you to provide the following files into your <a href="../../advanced/optional-config/"><code>docker-data/dms/config/ssl/</code> directory</a> (<em>internal location: <code>/tmp/docker-mailserver/ssl/</code></em>):</p>
|
||||
<ul>
|
||||
<li><code>${HOSTNAME}-key.pem</code></li>
|
||||
<li><code>${HOSTNAME}-cert.pem</code></li>
|
||||
<li><code><FQDN>-key.pem</code></li>
|
||||
<li><code><FQDN>-cert.pem</code></li>
|
||||
<li><code>demoCA/cacert.pem</code></li>
|
||||
</ul>
|
||||
<p>Where <code>${HOSTNAME}</code> is the mailserver <a href="https://en.wikipedia.org/wiki/Fully_qualified_domain_name">FQDN</a> (<code>hostname</code>(<em>mail</em>) + <code>domainname</code>(<em>example.com</em>), eg: <code>mail.example.com</code>).</p>
|
||||
<p>To use the certificate:</p>
|
||||
<ul>
|
||||
<li>Add <code>SSL_TYPE=self-signed</code> to your container environment variables.</li>
|
||||
<li>If a matching certificate (files listed above) is found in <code>config/ssl</code>, it will be automatically setup in postfix and dovecot. You just have to place them in <code>config/ssl</code> folder.</li>
|
||||
</ul>
|
||||
<h4 id="generating-a-self-signed-certificate"><a class="toclink" href="#generating-a-self-signed-certificate">Generating a self-signed certificate</a></h4>
|
||||
<p>Where <code><FQDN></code> is the <a href="https://en.wikipedia.org/wiki/Fully_qualified_domain_name">FQDN</a> assigned to <code>docker-mailserver</code> (<em>eg: <code>mail.example.com</code> (FQDN) => <code>mail</code> (hostname) + <code>example.com</code> (domainname)</em>) via <code>docker run</code> command or <code>docker-compose.yml</code> config.</p>
|
||||
<p>Add <code>SSL_TYPE=self-signed</code> to your <code>docker-mailserver</code> environment variables. Postfix and Dovecot will be configured to use the provided certificate (<em><code>.pem</code> files above</em>) during container startup.</p>
|
||||
<h3 id="generating-a-self-signed-certificate"><a class="toclink" href="#generating-a-self-signed-certificate">Generating a self-signed certificate</a></h3>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>Since v10, support in <code>setup.sh</code> for generating a self-signed SSL certificate internally was removed.</p>
|
||||
<p>It is now similar to <code>SSL_TYPE=manual</code> (<em>except <code>manual</code> does not support verification for a custom CA</em>), but does not require additional ENV vars for providing the location of cert files.</p>
|
||||
<p>Since <code>docker-mailserver</code> v10, support in <code>setup.sh</code> for generating a <em>self-signed SSL certificate</em> internally was removed.</p>
|
||||
</div>
|
||||
<p>One way to generate self-signed certificates is with <a href="https://smallstep.com/docs/step-cli">Smallstep's <code>step</code> CLI</a>. This is exactly what <a href="https://github.com/docker-mailserver/docker-mailserver/tree/master/test/test-files/ssl/example.test"><code>docker-mailserver</code> does for creating test certificates</a>.</p>
|
||||
<p>One way to generate self-signed certificates is with <a href="https://smallstep.com/docs/step-cli">Smallstep's <code>step</code> CLI</a>. This is exactly what <a href="https://github.com/docker-mailserver/docker-mailserver/blob/3b8059f2daca80d967635e04d8d81e9abb755a4d/test/test-files/ssl/example.test/README.md"><code>docker-mailserver</code> does for creating test certificates</a>.</p>
|
||||
<p>For example with the FQDN <code>mail.example.test</code>, you can generate the required files by running:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="ch">#! /bin/sh</span>
|
||||
mkdir -p demoCA
|
||||
|
@ -1929,34 +1926,38 @@ step certificate create <span class="s2">"Smallstep Leaf"</span> mail.
|
|||
--san <span class="s2">"mail.example.test"</span> <span class="se">\</span>
|
||||
--kty RSA --size <span class="m">2048</span>
|
||||
</code></pre></div>
|
||||
<p>If you'd rather not install the CLI tool locally to run the <code>step</code> commands above; you can save the script above to a file such as <code>generate-certs.sh</code> (<em>and make it executable <code>chmod +x generate-certs.sh</code></em>) in a directory that you want the certs to be placed, then run that script with docker:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># --user to keep ownership of the files to your user and group ID</span>
|
||||
<p>If you'd rather not install the CLI tool locally to run the <code>step</code> commands above; you can save the script above to a file such as <code>generate-certs.sh</code> (<em>and make it executable <code>chmod +x generate-certs.sh</code></em>) in a directory that you want the certs to be placed (eg: <code>docker-data/dms/custom-certs/</code>), then use docker to run that script in a container:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># '--user' is to keep ownership of the files written to</span>
|
||||
<span class="c1"># the local volume to use your systems User and Group ID values.</span>
|
||||
docker run --rm -it <span class="se">\</span>
|
||||
--user <span class="s2">"</span><span class="k">$(</span>id -u<span class="k">)</span><span class="s2">:</span><span class="k">$(</span>id -g<span class="k">)</span><span class="s2">"</span> <span class="se">\</span>
|
||||
--volume <span class="s2">"</span><span class="si">${</span><span class="nv">PWD</span><span class="si">}</span><span class="s2">:/tmp"</span> <span class="se">\</span>
|
||||
--workdir <span class="s2">"/tmp"</span> <span class="se">\</span>
|
||||
--entrypoint <span class="s2">"/tmp/generate-certs.sh"</span> <span class="se">\</span>
|
||||
--volume <span class="s2">"</span><span class="si">${</span><span class="nv">PWD</span><span class="si">}</span><span class="s2">/docker-data/dms/custom-certs/:/tmp/step-ca/"</span> <span class="se">\</span>
|
||||
--workdir <span class="s2">"/tmp/step-ca/"</span> <span class="se">\</span>
|
||||
--entrypoint <span class="s2">"/tmp/step-ca/generate-certs.sh"</span> <span class="se">\</span>
|
||||
smallstep/step-ca
|
||||
</code></pre></div>
|
||||
<h2 id="custom-certificate-files"><a class="toclink" href="#custom-certificate-files">Custom Certificate Files</a></h2>
|
||||
<h2 id="bring-your-own-certificates"><a class="toclink" href="#bring-your-own-certificates">Bring Your Own Certificates</a></h2>
|
||||
<p>You can also provide your own certificate files. Add these entries to your <code>docker-compose.yml</code>:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nt">volumes</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">/etc/ssl:/tmp/ssl:ro</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">./docker-data/dms/custom-certs/:/tmp/dms/custom-certs/:ro</span>
|
||||
<span class="nt">environment</span><span class="p">:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_TYPE=manual</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_CERT_PATH=/tmp/ssl/cert/public.crt</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_KEY_PATH=/tmp/ssl/private/private.key</span>
|
||||
<span class="c1"># Values should match the file paths inside the container:</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_CERT_PATH=/tmp/dms/custom-certs/public.crt</span>
|
||||
<span class="p p-Indicator">-</span> <span class="l l-Scalar l-Scalar-Plain">SSL_KEY_PATH=/tmp/dms/custom-certs/private.key</span>
|
||||
</code></pre></div>
|
||||
<p>This will mount the path where your ssl certificates reside as read-only under <code>/tmp/ssl</code>. Then all you have to do is to specify the location of your private key and the certificate.</p>
|
||||
<p>This will mount the path where your certificate files reside locally into the <em>read-only</em> container folder: <code>/tmp/dms/custom-certs</code>.</p>
|
||||
<p>The local and internal paths may be whatever you prefer, so long as both <code>SSL_CERT_PATH</code> and <code>SSL_KEY_PATH</code> point to the correct internal file paths. The certificate files may also be named to your preference, but should be PEM encoded.</p>
|
||||
<p><code>SSL_ALT_CERT_PATH</code> and <code>SSL_ALT_KEY_PATH</code> are additional ENV vars to support a 2nd certificate as a fallback. Commonly known as hybrid or dual certificate support. This is useful for using a modern ECDSA as your primary certificate, and RSA as your fallback for older connections. They work in the same manner as the non-<code>ALT</code> versions.</p>
|
||||
<div class="admonition info">
|
||||
<p class="admonition-title">Info</p>
|
||||
<p>You may have to restart your mailserver once the certificates change.</p>
|
||||
<p>You may have to restart <code>docker-mailserver</code> once the certificates change.</p>
|
||||
</div>
|
||||
<h2 id="testing-a-certificate-is-valid"><a class="toclink" href="#testing-a-certificate-is-valid">Testing a Certificate is Valid</a></h2>
|
||||
<ul>
|
||||
<li>
|
||||
<p>From your host:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> mail openssl s_client <span class="se">\</span>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> mailserver openssl s_client <span class="se">\</span>
|
||||
-connect <span class="m">0</span>.0.0.0:25 <span class="se">\</span>
|
||||
-starttls smtp <span class="se">\</span>
|
||||
-CApath /etc/ssl/certs/
|
||||
|
@ -1964,7 +1965,7 @@ docker run --rm -it <span class="se">\</span>
|
|||
</li>
|
||||
<li>
|
||||
<p>Or:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> mail openssl s_client <span class="se">\</span>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> mailserver openssl s_client <span class="se">\</span>
|
||||
-connect <span class="m">0</span>.0.0.0:143 <span class="se">\</span>
|
||||
-starttls imap <span class="se">\</span>
|
||||
-CApath /etc/ssl/certs/
|
||||
|
@ -1973,7 +1974,7 @@ docker run --rm -it <span class="se">\</span>
|
|||
</ul>
|
||||
<p>And you should see the certificate chain, the server certificate and: <code>Verify return code: 0 (ok)</code></p>
|
||||
<p>In addition, to verify certificate dates:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> mail openssl s_client <span class="se">\</span>
|
||||
<div class="highlight"><pre><span></span><code>docker <span class="nb">exec</span> mailserver openssl s_client <span class="se">\</span>
|
||||
-connect <span class="m">0</span>.0.0.0:25 <span class="se">\</span>
|
||||
-starttls smtp <span class="se">\</span>
|
||||
-CApath /etc/ssl/certs/ <span class="se">\</span>
|
||||
|
@ -1984,7 +1985,7 @@ docker run --rm -it <span class="se">\</span>
|
|||
<p class="admonition-title">Warning</p>
|
||||
<p>Not recommended for purposes other than testing.</p>
|
||||
</div>
|
||||
<p>Add this to <code>config/dovecot.cf</code>:</p>
|
||||
<p>Add this to <code>docker-data/dms/config/dovecot.cf</code>:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">ssl</span> <span class="o">=</span> <span class="s">yes</span>
|
||||
<span class="na">disable_plaintext_auth</span><span class="o">=</span><span class="s">no</span>
|
||||
</code></pre></div>
|
||||
|
@ -1996,31 +1997,38 @@ docker run --rm -it <span class="se">\</span>
|
|||
</ul>
|
||||
<h2 id="importing-certificates-obtained-via-another-source"><a class="toclink" href="#importing-certificates-obtained-via-another-source">Importing Certificates Obtained via Another Source</a></h2>
|
||||
<p>If you have another source for SSL/TLS certificates you can import them into the server via an external script. The external script can be found here: <a href="https://github.com/hanscees/dockerscripts/blob/master/scripts/tomav-renew-certs">external certificate import script</a>.</p>
|
||||
<div class="admonition attention">
|
||||
<p class="admonition-title">Only compatible with <code>docker-mailserver</code> releases < <code>v10.2</code></p>
|
||||
<p>The script expects <code>/etc/postfix/ssl/cert</code> and <code>/etc/postfix/ssl/key</code> files to be configured paths for both Postfix and Dovecot to use.</p>
|
||||
<p>Since the <code>docker-mailserver</code> 10.2 release, certificate files have moved to <code>/etc/dms/tls/</code>, and the file name may differ depending on provisioning method.</p>
|
||||
<p>This third-party script also has <code>fullchain.pem</code> and <code>privkey.pem</code> as hard-coded, thus is incompatible with other filenames.</p>
|
||||
<p>Additionally it has never supported handling <code>ALT</code> fallback certificates (for supporting dual/hybrid, RSA + ECDSA).</p>
|
||||
</div>
|
||||
<p>The steps to follow are these:</p>
|
||||
<ol>
|
||||
<li>Transport the new certificates to <code>./config/ssl</code> (<code>/tmp/ssl</code> in the container)</li>
|
||||
<li>Transfer the new certificates to <code>./docker-data/dms/custom-certs/</code> (volume mounted to: <code>/tmp/ssl/</code>)</li>
|
||||
<li>You should provide <code>fullchain.key</code> and <code>privkey.pem</code></li>
|
||||
<li>Place the script in <code>./config/</code> (or <code>/tmp/docker-mailserver/</code> inside the container)</li>
|
||||
<li>Place the script in <code>./docker-data/dms/config/</code> (volume mounted to: <code>/tmp/docker-mailserver/</code>)</li>
|
||||
<li>Make the script executable (<code>chmod +x tomav-renew-certs.sh</code>)</li>
|
||||
<li>Run the script: <code>docker exec mail /tmp/docker-mailserver/tomav-renew-certs.sh</code></li>
|
||||
<li>Run the script: <code>docker exec mailserver /tmp/docker-mailserver/tomav-renew-certs.sh</code></li>
|
||||
</ol>
|
||||
<p>If an error occurs the script will inform you. If not you will see both postfix and dovecot restart.</p>
|
||||
<p>After the certificates have been loaded you can check the certificate:</p>
|
||||
<div class="highlight"><pre><span></span><code>openssl s_client <span class="se">\</span>
|
||||
-servername mail.mydomain.net <span class="se">\</span>
|
||||
-servername mail.example.com <span class="se">\</span>
|
||||
-connect <span class="m">192</span>.168.0.72:465 <span class="se">\</span>
|
||||
<span class="m">2</span>>/dev/null <span class="p">|</span> openssl x509
|
||||
|
||||
<span class="c1"># or</span>
|
||||
|
||||
openssl s_client <span class="se">\</span>
|
||||
-servername mail.mydomain.net <span class="se">\</span>
|
||||
-connect mail.mydomain.net:465 <span class="se">\</span>
|
||||
-servername mail.example.com <span class="se">\</span>
|
||||
-connect mail.example.com:465 <span class="se">\</span>
|
||||
<span class="m">2</span>>/dev/null <span class="p">|</span> openssl x509
|
||||
</code></pre></div>
|
||||
<p>Or you can check how long the new certificate is valid with commands like:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">export</span> <span class="nv">SITE_URL</span><span class="o">=</span><span class="s2">"mail.mydomain.net"</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_IP_URL</span><span class="o">=</span><span class="s2">"192.168.0.72"</span> <span class="c1"># can also be `mail.mydomain.net`</span>
|
||||
<div class="highlight"><pre><span></span><code><span class="nb">export</span> <span class="nv">SITE_URL</span><span class="o">=</span><span class="s2">"mail.example.com"</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_IP_URL</span><span class="o">=</span><span class="s2">"192.168.0.72"</span> <span class="c1"># can also use `mail.example.com`</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_SSL_PORT</span><span class="o">=</span><span class="s2">"993"</span> <span class="c1"># imap port dovecot</span>
|
||||
|
||||
<span class="c1">##works: check if certificate will expire in two weeks </span>
|
||||
|
@ -2033,27 +2041,29 @@ openssl s_client <span class="se">\</span>
|
|||
-servername <span class="si">${</span><span class="nv">SITE_URL</span><span class="si">}</span> <span class="m">2</span>> /dev/null <span class="p">|</span> openssl x509 -noout -checkend <span class="m">1209600</span><span class="sb">`</span>
|
||||
|
||||
<span class="c1">####################################</span>
|
||||
<span class="c1">#notes: output can be</span>
|
||||
<span class="c1">#notes: output could be either:</span>
|
||||
<span class="c1">#Certificate will not expire</span>
|
||||
<span class="c1">#Certificate will expire</span>
|
||||
<span class="c1">####################</span>
|
||||
</code></pre></div>
|
||||
<p>What does the script that imports the certificates do:</p>
|
||||
<ol>
|
||||
<li>Check if there are new certs in the <code>/tmp/ssl</code> folder.</li>
|
||||
<li>Check if there are new certs in the internal container folder: <code>/tmp/ssl</code>.</li>
|
||||
<li>Check with the ssl cert fingerprint if they differ from the current certificates.</li>
|
||||
<li>If so it will copy the certs to the right places.</li>
|
||||
<li>And restart postfix and dovecot.</li>
|
||||
</ol>
|
||||
<p>You can of course run the script by cron once a week or something. In that way you could automate cert renewal. If you do so it is probably wise to run an automated check on certificate expiry as well. Such a check could look something like this:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1">## code below will alert if certificate expires in less than two weeks</span>
|
||||
<span class="c1">## please adjust varables! </span>
|
||||
<span class="c1">## make sure the mail -s command works! Test!</span>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># This script is run inside docker-mailserver via 'docker exec ...', using the 'mail' command to send alerts.</span>
|
||||
<span class="c1">## code below will alert if certificate expires in less than two weeks</span>
|
||||
<span class="c1">## please adjust varables!</span>
|
||||
<span class="c1">## make sure the 'mail -s' command works! Test!</span>
|
||||
|
||||
<span class="nb">export</span> <span class="nv">SITE_URL</span><span class="o">=</span><span class="s2">"mail.mydomain.net"</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_IP_URL</span><span class="o">=</span><span class="s2">"192.168.2.72"</span> <span class="c1"># can also be `mail.mydomain.net`</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_URL</span><span class="o">=</span><span class="s2">"mail.example.com"</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_IP_URL</span><span class="o">=</span><span class="s2">"192.168.2.72"</span> <span class="c1"># can also use `mail.example.com`</span>
|
||||
<span class="nb">export</span> <span class="nv">SITE_SSL_PORT</span><span class="o">=</span><span class="s2">"993"</span> <span class="c1"># imap port dovecot</span>
|
||||
<span class="nb">export</span> <span class="nv">ALERT_EMAIL_ADDR</span><span class="o">=</span><span class="s2">"bill@gates321boom.com"</span>
|
||||
<span class="c1"># Below can be from a different domain; like your personal email, not handled by this docker-mailserver:</span>
|
||||
<span class="nb">export</span> <span class="nv">ALERT_EMAIL_ADDR</span><span class="o">=</span><span class="s2">"external-account@gmail.com"</span>
|
||||
|
||||
<span class="nv">certcheck_2weeks</span><span class="o">=</span><span class="sb">`</span>openssl s_client -connect <span class="si">${</span><span class="nv">SITE_IP_URL</span><span class="si">}</span>:<span class="si">${</span><span class="nv">SITE_SSL_PORT</span><span class="si">}</span> <span class="se">\</span>
|
||||
-servername <span class="si">${</span><span class="nv">SITE_URL</span><span class="si">}</span> <span class="m">2</span>> /dev/null <span class="p">|</span> openssl x509 -noout -checkend <span class="m">1209600</span><span class="sb">`</span>
|
||||
|
@ -2067,7 +2077,7 @@ openssl s_client <span class="se">\</span>
|
|||
<span class="c1">#echo "certcheck 2 weeks gives $certcheck_2weeks"</span>
|
||||
|
||||
<span class="c1">##automated check you might run by cron or something</span>
|
||||
<span class="c1">## does tls/ssl certificate expire within two weeks?</span>
|
||||
<span class="c1">## does the certificate expire within two weeks?</span>
|
||||
|
||||
<span class="k">if</span> <span class="o">[</span> <span class="s2">"</span><span class="nv">$certcheck_2weeks</span><span class="s2">"</span> <span class="o">=</span> <span class="s2">"Certificate will not expire"</span> <span class="o">]</span><span class="p">;</span> <span class="k">then</span>
|
||||
<span class="nb">echo</span> <span class="s2">"all is well, certwatch 2 weeks says </span><span class="nv">$certcheck_2weeks</span><span class="s2">"</span>
|
||||
|
@ -2162,10 +2172,10 @@ openssl s_client <span class="se">\</span>
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/security/understanding-the-ports/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -698,8 +698,8 @@
|
|||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#tls-connections-on-mail-servers-compared-to-web-browsers" class="md-nav__link">
|
||||
TLS connections on mail servers, compared to web browsers
|
||||
<a href="#tls-connections-for-a-mail-server-compared-to-web-browsers" class="md-nav__link">
|
||||
TLS connections for a Mail-Server, compared to web browsers
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
@ -1155,7 +1155,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1206,7 +1206,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1465,8 +1465,8 @@
|
|||
<ul class="md-nav__list">
|
||||
|
||||
<li class="md-nav__item">
|
||||
<a href="#tls-connections-on-mail-servers-compared-to-web-browsers" class="md-nav__link">
|
||||
TLS connections on mail servers, compared to web browsers
|
||||
<a href="#tls-connections-for-a-mail-server-compared-to-web-browsers" class="md-nav__link">
|
||||
TLS connections for a Mail-Server, compared to web browsers
|
||||
</a>
|
||||
|
||||
</li>
|
||||
|
@ -1587,7 +1587,7 @@
|
|||
<p>Due to these security concerns, <a href="https://tools.ietf.org/html/rfc8314#section-4.1">RFC 8314 (Section 4.1)</a> encourages you to <strong>prefer Implicit TLS ports where possible</strong>. </p>
|
||||
<h4 id="implicit-tls-enforced-encryption"><a class="toclink" href="#implicit-tls-enforced-encryption">Implicit TLS - Enforced Encryption</a></h4>
|
||||
<p>Communication is always encrypted, avoiding the above mentioned issues with Explicit TLS.</p>
|
||||
<p>You may know of these ports as <strong>SMTPS, POP3S, IMAPS</strong>, which indicate the protocol in combination with a TLS connection. However, Explicit TLS ports provide the same benefit when <code>STARTTLS</code> is successfully negotiated; Implicit TLS better communicates the improved security to all three protocols (SMTP/POP3/IMAP over Implicit TLS). </p>
|
||||
<p>You may know of these ports as <strong>SMTPS, POP3S, IMAPS</strong>, which indicate the protocol in combination with a TLS connection. However, Explicit TLS ports provide the same benefit when <code>STARTTLS</code> is successfully negotiated; Implicit TLS better communicates the improved security to all three protocols (SMTP/POP3/IMAP over Implicit TLS).</p>
|
||||
<p>Additionally, referring to port 465 as <em>SMTPS</em> would be incorrect, as it is a submissions port requiring authentication to proceed via <em>ESMTP</em>, whereas ESMTPS has a different meaning(STARTTLS supported). Port 25 may lack Implicit TLS, but can be configured to be more secure between trusted parties via MTA-STS, STARTTLS Policy List, DNSSEC and DANE.</p>
|
||||
<h2 id="security"><a class="toclink" href="#security">Security</a></h2>
|
||||
<div class="admonition todo">
|
||||
|
@ -1598,8 +1598,8 @@
|
|||
<p class="admonition-title">Todo</p>
|
||||
<p>A related section or page on ciphers used may be useful, although less important for users to be concerned about.</p>
|
||||
</div>
|
||||
<h3 id="tls-connections-on-mail-servers-compared-to-web-browsers"><a class="toclink" href="#tls-connections-on-mail-servers-compared-to-web-browsers">TLS connections on mail servers, compared to web browsers</a></h3>
|
||||
<p>Unlike with HTTP where a web browser client communicates directly with the server providing a website, a secure TLS connection as discussed below is not the equivalent safety that HTTPS provides when the transit of email (receiving or sending) is sent through third-parties, as the secure connection is only between two machines, any additional machines (MTAs) between the MUA and the MDA depends on them establishing secure connections between one another successfully. </p>
|
||||
<h3 id="tls-connections-for-a-mail-server-compared-to-web-browsers"><a class="toclink" href="#tls-connections-for-a-mail-server-compared-to-web-browsers">TLS connections for a Mail-Server, compared to web browsers</a></h3>
|
||||
<p>Unlike with HTTP where a web browser client communicates directly with the server providing a website, a secure TLS connection as discussed below is not the equivalent safety that HTTPS provides when the transit of email (receiving or sending) is sent through third-parties, as the secure connection is only between two machines, any additional machines (MTAs) between the MUA and the MDA depends on them establishing secure connections between one another successfully.</p>
|
||||
<p>Other machines that facilitate a connection that generally aren't taken into account can exist between a client and server, such as those where your connection passes through your ISP provider are capable of compromising a cleartext connection through interception.</p>
|
||||
|
||||
|
||||
|
@ -1682,10 +1682,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/setup.sh/">
|
||||
|
||||
<link rel="icon" href="../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1068,7 +1068,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1119,7 +1119,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1323,14 +1323,14 @@
|
|||
|
||||
<h1>Your Best Friend setup.sh</h1>
|
||||
|
||||
<p><a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh"><code>setup.sh</code></a> is an administration script that helps with the most common tasks, including initial configuration. It is intended to be used from the host machine, <em>not</em> from within your running container.</p>
|
||||
<p><a href="https://github.com/docker-mailserver/docker-mailserver/blob/master/setup.sh"><code>setup.sh</code></a> is an administration script that helps with the most common tasks, including initial configuration. It is intended to be run from the host machine, <em>not</em> from inside your running container.</p>
|
||||
<p>The latest version of the script is included in the <code>docker-mailserver</code> repository. You may retrieve it at any time by running this command in your console:</p>
|
||||
<div class="highlight"><pre><span></span><code>wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master/setup.sh
|
||||
chmod a+x ./setup.sh
|
||||
</code></pre></div>
|
||||
<div class="admonition warning">
|
||||
<p class="admonition-title"><code>setup.sh</code> for Docker Mailserver version <code>v10.1.x</code> and below</p>
|
||||
<p>If you're using Docker Mailserver version <code>v10.1.x</code> or below, you will need to get <code>setup.sh</code> with a specific version. Substitute <code><VERSION></code> with the <a href="https://github.com/docker-mailserver/docker-mailserver/tags">tagged release version</a> that you're using:</p>
|
||||
<p class="admonition-title"><code>setup.sh</code> for <code>docker-mailserver</code> version <code>v10.1.x</code> and below</p>
|
||||
<p>If you're using <code>docker-mailserver</code> version <code>v10.1.x</code> or below, you will need to get <code>setup.sh</code> with a specific version. Substitute <code><VERSION></code> with the <a href="https://github.com/docker-mailserver/docker-mailserver/tags">tagged release version</a> that you're using:</p>
|
||||
<p><code>wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/<VERSION>/setup.sh</code>.</p>
|
||||
</div>
|
||||
<h2 id="usage"><a class="toclink" href="#usage">Usage</a></h2>
|
||||
|
@ -1346,12 +1346,12 @@ SYNOPSIS
|
|||
COMMAND := { email | alias | quota | config | relay | debug } SUBCOMMAND
|
||||
|
||||
DESCRIPTION
|
||||
This is the main administration script that you use for all interactions with your
|
||||
mail server. Setup, configuration and much more is done with this script.
|
||||
This is the main administration script that you use for all your interactions with
|
||||
'docker-mailserver'. Setup, configuration and much more is done with this script.
|
||||
|
||||
Please note that the script executes most of the commands inside the container itself.
|
||||
If the image was not found, this script will pull the :latest tag of
|
||||
mailserver/docker-mailserver. This tag refers to the latest release,
|
||||
If the image was not found, this script will pull the ':latest' tag of
|
||||
'mailserver/docker-mailserver'. This tag refers to the latest release,
|
||||
see the tagging convention in the README under
|
||||
https://github.com/docker-mailserver/docker-mailserver/blob/master/README.md
|
||||
|
||||
|
@ -1392,30 +1392,30 @@ DESCRIPTION
|
|||
./setup.sh debug login <COMMANDS>
|
||||
|
||||
EXAMPLES
|
||||
./setup.sh email add test@domain.tld
|
||||
Add the email account test@domain.tld. You will be prompted
|
||||
./setup.sh email add test@example.com
|
||||
Add the email account test@example.com. You will be prompted
|
||||
to input a password afterwards since no password was supplied.
|
||||
|
||||
./setup.sh config dkim keysize 2048 domain 'whoami.com,whoareyou.org'
|
||||
./setup.sh config dkim keysize 2048 domain 'example.com,not-example.com'
|
||||
Creates keys of length 2048 but in an LDAP setup where domains are not known to
|
||||
Postfix by default, so you need to provide them yourself in a comma-separated list.
|
||||
|
||||
./setup.sh config dkim help
|
||||
This will provide you with a detailed explanation on how to use the
|
||||
This will provide you with a detailed explanation on how to use the
|
||||
config dkim command, showing what arguments can be passed and what they do.
|
||||
|
||||
OPTIONS
|
||||
Config path, container or image adjustments
|
||||
-i IMAGE_NAME
|
||||
Provides the name of the docker-mailserver image. The default value is
|
||||
docker.io/mailserver/docker-mailserver:latest
|
||||
Provides the name of the 'docker-mailserver' image. The default value is
|
||||
'docker.io/mailserver/docker-mailserver:latest'
|
||||
|
||||
-c CONTAINER_NAME
|
||||
Provides the name of the running container.
|
||||
|
||||
-p PATH
|
||||
Provides the config folder path to the temporary container
|
||||
(does not work if docker-mailserver container already exists).
|
||||
Provides the config folder path to the temporary container
|
||||
(does not work if a 'docker-mailserver' container already exists).
|
||||
|
||||
SELinux
|
||||
-z
|
||||
|
@ -1512,10 +1512,10 @@ EXIT STATUS
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/troubleshooting/debugging/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1096,7 +1096,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1147,7 +1147,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1408,7 +1408,7 @@ docker <span class="nb">exec</span> -it <my-container> apt-get install -y
|
|||
<h2 id="testing-connection"><a class="toclink" href="#testing-connection">Testing Connection</a></h2>
|
||||
<p>I spent HOURS trying to debug "Connection Refused" and "Connection closed by foreign host" errors when trying to use telnet to troubleshoot my connection. I was also trying to connect from my email client (macOS mail) around the same time. Telnet had also worked earlier, so I was extremely confused as to why it suddenly stopped working. I stumbled upon <code>fail2ban.log</code> in my container. In short, when trying to get my macOS client working, I exceeded the number of failed login attempts and fail2ban put dovecot and postfix in jail! I got around it by whitelisting my ipaddresses (my ec2 instance and my local computer)</p>
|
||||
<div class="highlight"><pre><span></span><code>sudo su
|
||||
docker <span class="nb">exec</span> -ti mail bash
|
||||
docker <span class="nb">exec</span> -it mailserver bash
|
||||
<span class="nb">cd</span> /var/log
|
||||
cat fail2ban.log <span class="p">|</span> grep dovecot
|
||||
|
||||
|
@ -1510,10 +1510,10 @@ fail2ban-client stop postfix
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1083,7 +1083,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1134,7 +1134,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1353,17 +1353,17 @@
|
|||
|
||||
<h2 id="adding-a-new-account"><a class="toclink" href="#adding-a-new-account">Adding a New Account</a></h2>
|
||||
<p>Users (email accounts) are managed in <code>/tmp/docker-mailserver/postfix-accounts.cf</code>. <strong><em>The best way to manage accounts is to use the reliable <a href="../../setup.sh/"><code>setup.sh</code></a> script</em></strong>. Or you may directly add the <em>full</em> email address and its encrypted password, separated by a pipe:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">user1@domain.tld|{SHA512-CRYPT}$6$2YpW1nYtPBs2yLYS$z.5PGH1OEzsHHNhl3gJrc3D.YMZkvKw/vp.r5WIiwya6z7P/CQ9GDEJDr2G2V0cAfjDFeAQPUoopsuWPXLk3u1</span>
|
||||
<span class="na">user2@otherdomain.tld|{SHA512-CRYPT}$6$2YpW1nYtPBs2yLYS$z.5PGH1OEzsHHNhl3gJrc3D.YMZkvKw/vp.r5WIiwya6z7P/CQ9GDEJDr2G2V0cAfjDFeAQPUoopsuWPXLk3u1</span>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">user1@example.com|{SHA512-CRYPT}$6$2YpW1nYtPBs2yLYS$z.5PGH1OEzsHHNhl3gJrc3D.YMZkvKw/vp.r5WIiwya6z7P/CQ9GDEJDr2G2V0cAfjDFeAQPUoopsuWPXLk3u1</span>
|
||||
<span class="na">user2@not-example.com|{SHA512-CRYPT}$6$2YpW1nYtPBs2yLYS$z.5PGH1OEzsHHNhl3gJrc3D.YMZkvKw/vp.r5WIiwya6z7P/CQ9GDEJDr2G2V0cAfjDFeAQPUoopsuWPXLk3u1</span>
|
||||
</code></pre></div>
|
||||
<p>In the example above, we've added 2 mail accounts for 2 different domains. Consequently, the mail server will automatically be configured for multi-domains. Therefore, to generate a new mail account data, directly from your docker host, you could for example run the following:</p>
|
||||
<p>In the example above, we've added 2 mail accounts for 2 different domains. Consequently, the mail-server will automatically be configured for multi-domains. Therefore, to generate a new mail account data, directly from your docker host, you could for example run the following:</p>
|
||||
<div class="highlight"><pre><span></span><code>docker run --rm <span class="se">\</span>
|
||||
-e <span class="nv">MAIL_USER</span><span class="o">=</span>user1@domain.tld <span class="se">\</span>
|
||||
-e <span class="nv">MAIL_USER</span><span class="o">=</span>user1@example.com <span class="se">\</span>
|
||||
-e <span class="nv">MAIL_PASS</span><span class="o">=</span>mypassword <span class="se">\</span>
|
||||
-it mailserver/docker-mailserver:latest <span class="se">\</span>
|
||||
/bin/sh -c <span class="s1">'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"'</span> >> config/postfix-accounts.cf
|
||||
/bin/sh -c <span class="s1">'echo "$MAIL_USER|$(doveadm pw -s SHA512-CRYPT -u $MAIL_USER -p $MAIL_PASS)"'</span> >> docker-data/dms/config/postfix-accounts.cf
|
||||
</code></pre></div>
|
||||
<p>You will then be asked for a password, and be given back the data for a new account entry, as text. To actually <em>add</em> this new account, just copy all the output text in <code>config/postfix-accounts.cf</code> file of your running container.</p>
|
||||
<p>You will then be asked for a password, and be given back the data for a new account entry, as text. To actually <em>add</em> this new account, just copy all the output text in <code>docker-data/dms/config/postfix-accounts.cf</code> file of your running container.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p><code>doveadm pw</code> command lets you choose between several encryption schemes for the password.</p>
|
||||
|
@ -1461,10 +1461,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
|
@ -6,7 +6,7 @@
|
|||
<meta charset="utf-8">
|
||||
<meta name="viewport" content="width=device-width,initial-scale=1">
|
||||
|
||||
<meta name="description" content="A fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) using Docker.">
|
||||
|
||||
|
||||
|
||||
|
@ -16,7 +16,7 @@
|
|||
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/aliases/">
|
||||
|
||||
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.6">
|
||||
<meta name="generator" content="mkdocs-1.2.2, mkdocs-material-7.2.8">
|
||||
|
||||
|
||||
|
||||
|
@ -24,7 +24,7 @@
|
|||
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.802231af.min.css">
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/main.92558b1b.min.css">
|
||||
|
||||
|
||||
<link rel="stylesheet" href="../../../assets/stylesheets/palette.3f5d1f46.min.css">
|
||||
|
@ -1075,7 +1075,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
|
||||
Mailserver behind Proxy
|
||||
Mail-Server behind a Proxy
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1126,7 +1126,7 @@
|
|||
|
||||
<li class="md-nav__item">
|
||||
<a href="../../../examples/uses-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
|
||||
Forward-Only Mailserver with LDAP
|
||||
Forward-Only Mail-Server with LDAP
|
||||
</a>
|
||||
</li>
|
||||
|
||||
|
@ -1341,22 +1341,22 @@
|
|||
<li>delivered to an existing account registered in <code>/tmp/docker-mailserver/postfix-accounts.cf</code></li>
|
||||
<li>redirected to one or more other email addresses</li>
|
||||
</ul>
|
||||
<p>Alias and target are space separated. An example on a server with domain.tld as its domain:</p>
|
||||
<p>Alias and target are space separated. An example on a server with example.com as its domain:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="c1"># Alias delivered to an existing account</span>
|
||||
<span class="na">alias1@domain.tld user1@domain.tld</span>
|
||||
<span class="na">alias1@example.com user1@example.com</span>
|
||||
|
||||
<span class="c1"># Alias forwarded to an external email address</span>
|
||||
<span class="na">alias2@domain.tld external@gmail.com</span>
|
||||
<span class="na">alias2@example.com external-account@gmail.com</span>
|
||||
</code></pre></div>
|
||||
<h2 id="configuring-regexp-aliases"><a class="toclink" href="#configuring-regexp-aliases">Configuring RegExp Aliases</a></h2>
|
||||
<p>Additional regexp aliases can be configured by placing them into <code>config/postfix-regexp.cf</code>. The regexp aliases get evaluated after the virtual aliases (<code>/tmp/docker-mailserver/postfix-virtual.cf</code>). For example, the following <code>config/postfix-regexp.cf</code> causes all email to "test" users to be delivered to <code>qa@example.com</code>:</p>
|
||||
<p>Additional regexp aliases can be configured by placing them into <code>docker-data/dms/config/postfix-regexp.cf</code>. The regexp aliases get evaluated after the virtual aliases (container path: <code>/tmp/docker-mailserver/postfix-virtual.cf</code>). For example, the following <code>docker-data/dms/config/postfix-regexp.cf</code> causes all email sent to "test" users to be delivered to <code>qa@example.com</code> instead:</p>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">/^test[0-9][0-9]*@example.com/ qa@example.com</span>
|
||||
</code></pre></div>
|
||||
<h2 id="address-tags-extension-delimiters-an-alternative-to-aliases"><a class="toclink" href="#address-tags-extension-delimiters-an-alternative-to-aliases">Address Tags (Extension Delimiters) an Alternative to Aliases</a></h2>
|
||||
<p>Postfix supports so-called address tags, in the form of plus (+) tags - i.e. <a href="mailto:address+tag@example.com">address+tag@example.com</a> will end up at <a href="mailto:address@example.com">address@example.com</a>. This is configured by default and the (configurable !) separator is set to <code>+</code>. For more info, see <a href="https://www.stevejenkins.com/blog/2011/03/how-to-use-address-tagging-usertagexample-com-with-postfix/">How to use Address Tagging (<code>user+tag@example.com</code>) with Postfix</a> and the <a href="http://www.postfix.org/postconf.5.html#recipient_delimiter">official documentation</a>.</p>
|
||||
<p>Postfix supports so-called address tags, in the form of plus (+) tags - i.e. <code>address+tag@example.com</code> will end up at <code>address@example.com</code>. This is configured by default and the (configurable !) separator is set to <code>+</code>. For more info, see <a href="https://www.stevejenkins.com/blog/2011/03/how-to-use-address-tagging-usertagexample-com-with-postfix/">How to use Address Tagging (<code>user+tag@example.com</code>) with Postfix</a> and the <a href="http://www.postfix.org/postconf.5.html#recipient_delimiter">official documentation</a>.</p>
|
||||
<div class="admonition note">
|
||||
<p class="admonition-title">Note</p>
|
||||
<p>If you do decide to change the configurable separator, you must add the same line to <em>both</em> <code>config/postfix-main.cf</code> and <code>config/dovecot.cf</code>, because Dovecot is acting as the delivery agent. For example, to switch to <code>-</code>, add:</p>
|
||||
<p>If you do decide to change the configurable separator, you must add the same line to <em>both</em> <code>docker-data/dms/config/postfix-main.cf</code> and <code>docker-data/dms/config/dovecot.cf</code>, because Dovecot is acting as the delivery agent. For example, to switch to <code>-</code>, add:</p>
|
||||
</div>
|
||||
<div class="highlight"><pre><span></span><code><span class="na">recipient_delimiter</span> <span class="o">=</span> <span class="s">-</span>
|
||||
</code></pre></div>
|
||||
|
@ -1441,10 +1441,10 @@
|
|||
<div class="md-dialog" data-md-component="dialog">
|
||||
<div class="md-dialog__inner md-typeset"></div>
|
||||
</div>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.409db549.min.js", "version": {"provider": "mike"}}</script>
|
||||
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant"], "translations": {"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing", "select.version.title": "Select version"}, "search": "../../../assets/javascripts/workers/search.94ec81fe.min.js", "version": {"provider": "mike"}}</script>
|
||||
|
||||
|
||||
<script src="../../../assets/javascripts/bundle.756773cc.min.js"></script>
|
||||
<script src="../../../assets/javascripts/bundle.48dfec6c.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue