mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-07-02 21:44:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

docs: miscellaneous improvements (#3219)

Browse source 
Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
This commit is contained in:
Georg Lauterbach 2023-04-08 11:54:16 +02:00 committed by GitHub
parent a9515b49c2
commit cf8e555212
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
23 changed files with 470 additions and 364 deletions
Download patch file Download diff file Expand all files Collapse all files

127
docs/content/examples/tutorials/basic-installation.md
View file

@ -9,12 +9,13 @@ This example provides you only with a basic example of what a minimal setup coul
``` YAML
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.example.com
ports:
- "25:25"
- "465:465"
- "587:587"
- "993:993"
volumes:
@ -24,11 +25,9 @@ services:
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_SPAMASSASSIN=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_RSPAMD=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
cap_add:
- NET_ADMIN # For Fail2Ban to work
restart: always
@ -41,12 +40,13 @@ services:
``` YAML
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.example.com
ports:
- "25:25"
- "465:465"
- "587:587"
- "993:993"
volumes:
@ -56,11 +56,6 @@ services:
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_SPAMASSASSIN=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST=ldap # your ldap container/IP/ServerName
- LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
@ -80,30 +75,28 @@ services:
- SASLAUTHD_LDAP_SEARCH_BASE=ou=people,dc=localhost,dc=localdomain
- SASLAUTHD_LDAP_FILTER=(&(objectClass=PostfixBookMailAccount)(uniqueIdentifier=%U))
- POSTMASTER_ADDRESS=postmaster@localhost.localdomain
cap_add:
- NET_ADMIN # For Fail2Ban to work
restart: always
```
## A Detailed Example
## Using DMS as a local mail relay for containers
!!! note
!!! info
This is a community contributed guide. Please let us know via a Github Issue if you're having any difficulty following the guide so that we can update it.
This was originally a community contributed guide. Please let us know via a Github Issue if you're having any difficulty following the guide so that we can update it.
This guide is focused on only using [SMTP ports (not POP3 and IMAP)][docs-ports] with the intent to send received mail to another MTA service such as _Gmail_. It is not intended to have a MUA client (_eg: Thunderbird_) to retrieve mail directly from `docker-mailserver` via POP3/IMAP.
This guide is focused on only using [SMTP ports (not POP3 and IMAP)][docs-ports] with the intent to relay mail received from another service to an external email address (eg: `user@gmail.com`). It is not intended for mailbox storage of real users.
In this setup `docker-mailserver` is not intended to receive email externally, so no anti-spam or anti-virus software is needed, making the service lighter to run.
In this setup `docker-mailserver` is not intended to receive email from the outside world, so no anti-spam or anti-virus software is needed, making the service lighter to run.
!!! tip "`setup`"
The `setup` command used below is to be [run inside the container][docs-usage].
!!! warning "Open Relays"
Adding the docker network's gateway to the list of trusted hosts (_eg: using the `network` or `connected-networks` option_), can create an [**open relay**](https://en.wikipedia.org/wiki/Open_mail_relay). For instance [if IPv6 is enabled on the host machine, but not in Docker][github-issue-1405-comment].
1. If you're running a version of `docker-mailserver` earlier than v10.2, [you'll need to get `setup.sh`][docs-setup-script]. Otherwise you can substitute `./setup.sh <command>` with `docker exec mailserver setup <command>`.
2. Pull the docker image: `docker pull docker.io/mailserver/docker-mailserver:latest`.
3. Create the file `docker-compose.yml` with a content like this:
1. Create the file `docker-compose.yml` with a content like this:
!!! example
@ -126,48 +119,56 @@ In this setup `docker-mailserver` is not intended to receive email externally, s
- /etc/localtime:/etc/localtime:ro
environment:
- ENABLE_FAIL2BAN=1
# Using letsencrypt for SSL/TLS certificates
# Using letsencrypt for SSL/TLS certificates:
- SSL_TYPE=letsencrypt
# Allow sending emails from other docker containers
# Allow sending emails from other docker containers:
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#permit_docker
- PERMIT_DOCKER=network
# You may want to enable this: https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#spoof_protection
# See step 8 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
# See step 6 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
- SPOOF_PROTECTION=0
cap_add:
- NET_ADMIN # For Fail2Ban to work
restart: always
```
- The docs have a detailed page on [Environment Variables][docs-environment] for reference.
The docs have a detailed page on [Environment Variables][docs-environment] for reference.
!!! note "Firewalled ports"
??? tip "Firewalled ports"
You may need to open ports `25`, `587` and `465` on the firewall. For example, with the firewall `ufw`, run:
If you have a firewall running, you may need to open ports `25`, `587` and `465`.
For example, with the firewall `ufw`, run:
```sh
ufw allow 25
ufw allow 587
ufw allow 465
```
**Caution:** This may [not be sound advice][github-issue-ufw].
4. Configure your DNS service to use an MX record for the _hostname_ (eg: `mail`) you configured in the previous step and add the [SPF][docs-spf] TXT record.
2. Configure your DNS service to use an MX record for the _hostname_ (eg: `mail`) you configured in the previous step and add the [SPF][docs-spf] TXT record.
If you manually manage the DNS zone file for the domain, it would look something like this:
!!! tip "If you manually manage the DNS zone file for the domain"
It would look something like this:
```txt
$ORIGIN example.com
@ IN A 10.11.12.13
mail IN A 10.11.12.13
; mail-server for example.com
@ IN MX 10 mail.example.com.
; Add SPF record
@ IN TXT "v=spf1 mx -all"
```
Then don't forget to change the `SOA` serial number, and to restart the service.
```txt
mail IN A 10.11.12.13
; mail-server for example.com
3600 IN MX 1 mail.example.com.
; Add SPF record
IN TXT "v=spf1 mx ~all"
```
Then don't forget to change the serial number and to restart the service.
5. [Generate DKIM keys][docs-dkim] for your domain via `./setup.sh config dkim`.
3. [Generate DKIM keys][docs-dkim] for your domain via `setup config dkim`.
Copy the content of the file `docker-data/dms/config/opendkim/keys/example.com/mail.txt` and add it to your DNS records as a TXT like SPF was handled above.
@ -179,21 +180,21 @@ In this setup `docker-mailserver` is not intended to receive email externally, s
"iqq3bD/BVlwKRp5gH6TEYEmx8EBJUuDxrJhkWRUk2VDl1fqhVBy8A9O7Ah+85nMrlOHIFsTaYo9o6+cDJ6t1i6G1gu+bZD0d3/3bqGLPBQV9LyEL1Rona5V7TJBGg099NQkTz1IwIDAQAB" ) ; ----- DKIM key mail for example.com
```
6. Get an SSL certificate, [we have a guide for you here][docs-ssl] (_Let's Encrypt_ is a popular service to get free SSL certificates).
4. Get an SSL certificate, [we have a guide for you here][docs-ssl] (_Let's Encrypt_ is a popular service to get free SSL certificates).
7. Start `docker-mailserver` and check the terminal output for any errors: `docker-compose up`.
5. Start `docker-mailserver` and check the terminal output for any errors: `docker-compose up`.
8. Create email accounts and aliases:
6. Create email accounts and aliases:
!!! example "With `SPOOF_PROTECTION=0`"
```sh
./setup.sh email add admin@example.com passwd123
./setup.sh email add info@example.com passwd123
./setup.sh alias add admin@example.com external-account@gmail.com
./setup.sh alias add info@example.com external-account@gmail.com
./setup.sh email list
./setup.sh alias list
setup email add admin@example.com passwd123
setup email add info@example.com passwd123
setup alias add admin@example.com external-account@gmail.com
setup alias add info@example.com external-account@gmail.com
setup email list
setup alias list
```
Aliases make sure that any email that comes to these accounts is forwarded to your third-party email address (`external-account@gmail.com`), where they are retrieved (_eg: via third-party web or mobile app_), instead of connecting directly to `docker-mailserer` with POP3 / IMAP.
@ -201,25 +202,25 @@ In this setup `docker-mailserver` is not intended to receive email externally, s
!!! example "With `SPOOF_PROTECTION=1`"
```sh
./setup.sh email add admin.gmail@example.com passwd123
./setup.sh email add info.gmail@example.com passwd123
./setup.sh alias add admin@example.com admin.gmail@example.com
./setup.sh alias add info@example.com info.gmail@example.com
./setup.sh alias add admin.gmail@example.com external-account@gmail.com
./setup.sh alias add info.gmail@example.com external-account@gmail.com
./setup.sh email list
./setup.sh alias list
setup email add admin.gmail@example.com passwd123
setup email add info.gmail@example.com passwd123
setup alias add admin@example.com admin.gmail@example.com
setup alias add info@example.com info.gmail@example.com
setup alias add admin.gmail@example.com external-account@gmail.com
setup alias add info.gmail@example.com external-account@gmail.com
setup email list
setup alias list
```
This extra step is required to avoid the `553 5.7.1 Sender address rejected: not owned by user` error (_the accounts used for submitting mail to Gmail are `admin.gmail@example.com` and `info.gmail@example.com`_)
9. Send some test emails to these addresses and make other tests. Once everything is working well, stop the container with `ctrl+c` and start it again as a daemon: `docker-compose up -d`.
7. Send some test emails to these addresses and make other tests. Once everything is working well, stop the container with `ctrl+c` and start it again as a daemon: `docker-compose up -d`.
[docs-ports]: ../../config/security/understanding-the-ports.md
[docs-setup-script]: ../../config/setup.sh.md
[docs-environment]: ../../config/environment.md
[docs-spf]: ../../config/best-practices/spf.md
[docs-dkim]: ../../config/best-practices/dkim.md
[docs-ssl]: ../../config/security/ssl.md#lets-encrypt-recommended
[docs-usage]: ../../usage.md#get-up-and-running
[github-issue-ufw]: https://github.com/docker-mailserver/docker-mailserver/issues/3151
[github-issue-1405-comment]: https://github.com/docker-mailserver/docker-mailserver/issues/1405#issuecomment-590106498

3
docs/content/examples/tutorials/docker-build.md
View file

@ -10,7 +10,7 @@ You'll need to retrieve the git submodules prior to building your own Docker ima
```sh
git submodule update --init --recursive
docker build -t mailserver/docker-mailserver .
docker build -t <YOUR CUSTOM IMAGE NAME> .
```
Or, you can clone and retrieve the submodules in one command:
@ -37,4 +37,3 @@ The `Dockerfile` takes additional, so-called build arguments. These are
2. `VCS_REVISION`: the image revision (default = unknown)
When using `make` to build the image, these are filled with proper values. You can build the image without supplying these arguments just fine though.

2
docs/content/examples/tutorials/mailserver-behind-proxy.md
View file

@ -60,7 +60,7 @@ Feel free to add your configuration if you achieved the same goal using differen
version: '3.8'
services:
mailserver:
image: docker.io/mailserver/docker-mailserver:latest
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
hostname: mail
domainname: example.com