mirror/docker-mailserver.docker-mailserver
1
0
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver.git synced 2025-08-18 16:49:06 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
docker-mailserver.docker-ma.../edge/config/advanced/podman/index.html
github-actions[bot] 65a62d9c1d deploy: b6e5d34cd4
2025-08-01 00:25:19 +00:00

3111 lines
No EOL
85 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Anti-spam, Anti-virus, etc.) using Docker.">
<meta name="author" content="docker-mailserver (Github Organization)">
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/advanced/podman/">
<link rel="prev" href="../ipv6/">
<link rel="next" href="../../../examples/tutorials/basic-installation/">
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.16">
<title>Advanced | Podman - Docker Mailserver</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.7e37652d.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../../assets/css/customizations.css">
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#introduction" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Docker Mailserver" class="md-header__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">
<img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Docker Mailserver
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Advanced | Podman
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/docker-mailserver/docker-mailserver" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill="currentColor" d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</div>
<div class="md-source__repository">
docker-mailserver
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../../introduction/" class="md-tabs__link">
Introduction
</a>
</li>
<li class="md-tabs__item">
<a href="../../../usage/" class="md-tabs__link">
Usage
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../environment/" class="md-tabs__link">
Configuration
</a>
</li>
<li class="md-tabs__item">
<a href="../../../examples/tutorials/basic-installation/" class="md-tabs__link">
Examples
</a>
</li>
<li class="md-tabs__item">
<a href="../../../faq/" class="md-tabs__link">
FAQ
</a>
</li>
<li class="md-tabs__item">
<a href="../../../contributing/general/" class="md-tabs__link">
Contributing
</a>
</li>
<li class="md-tabs__item">
<a href="https://hub.docker.com/r/mailserver/docker-mailserver/" class="md-tabs__link">
<span class="icon-external-link"></span>DockerHub
</a>
</li>
<li class="md-tabs__item">
<a href="https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class="md-tabs__link">
<span class="icon-external-link"></span>GHCR
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Docker Mailserver" class="md-nav__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">
<img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">
</a>
Docker Mailserver
</label>
<div class="md-nav__source">
<a href="https://github.com/docker-mailserver/docker-mailserver" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><!--! Font Awesome Free 7.0.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path fill="currentColor" d="M173.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M252.8 8C114.1 8 8 113.3 8 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C436.2 457.8 504 362.9 504 252 504 113.3 391.5 8 252.8 8M105.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</div>
<div class="md-source__repository">
docker-mailserver
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../introduction/" class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../usage/" class="md-nav__link">
<span class="md-ellipsis">
Usage
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../environment/" class="md-nav__link">
<span class="md-ellipsis">
Environment Variables
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_2" >
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
<span class="md-ellipsis">
Account Management
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Account Management
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../account-management/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_2_2" >
<label class="md-nav__link" for="__nav_4_2_2" id="__nav_4_2_2_label" tabindex="0">
<span class="md-ellipsis">
Provisioner
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_2_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2_2">
<span class="md-nav__icon md-icon"></span>
Provisioner
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../account-management/provisioner/file/" class="md-nav__link">
<span class="md-ellipsis">
File Based
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../account-management/provisioner/ldap/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Service
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_2_3" >
<label class="md-nav__link" for="__nav_4_2_3" id="__nav_4_2_3_label" tabindex="0">
<span class="md-ellipsis">
Supplementary
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2_3">
<span class="md-nav__icon md-icon"></span>
Supplementary
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../account-management/supplementary/master-accounts/" class="md-nav__link">
<span class="md-ellipsis">
Master Accounts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../account-management/supplementary/oauth2/" class="md-nav__link">
<span class="md-ellipsis">
OAuth2 Authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_3" >
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="0">
<span class="md-ellipsis">
Best Practices
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3">
<span class="md-nav__icon md-icon"></span>
Best Practices
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../best-practices/autodiscover/" class="md-nav__link">
<span class="md-ellipsis">
Auto-discovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
<span class="md-ellipsis">
DKIM, DMARC & SPF
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../best-practices/mta-sts/" class="md-nav__link">
<span class="md-ellipsis">
MTA-STS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_4" >
<label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="0">
<span class="md-ellipsis">
Security
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4">
<span class="md-nav__icon md-icon"></span>
Security
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../security/understanding-the-ports/" class="md-nav__link">
<span class="md-ellipsis">
Understanding the Ports
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/ssl/" class="md-nav__link">
<span class="md-ellipsis">
SSL/TLS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Fail2Ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/mail_crypt/" class="md-nav__link">
<span class="md-ellipsis">
Mail Encryption
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/rspamd/" class="md-nav__link">
<span class="md-ellipsis">
Rspamd
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../debugging/" class="md-nav__link">
<span class="md-ellipsis">
Debugging
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../pop3/" class="md-nav__link">
<span class="md-ellipsis">
Mail Delivery with POP3
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup.sh/" class="md-nav__link">
<span class="md-ellipsis">
About setup.sh
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_8" checked>
<label class="md-nav__link" for="__nav_4_8" id="__nav_4_8_label" tabindex="0">
<span class="md-ellipsis">
Advanced Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_8_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4_8">
<span class="md-nav__icon md-icon"></span>
Advanced Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../optional-config/" class="md-nav__link">
<span class="md-ellipsis">
Optional Configuration
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_2" >
<label class="md-nav__link" for="__nav_4_8_2" id="__nav_4_8_2_label" tabindex="0">
<span class="md-ellipsis">
Maintenance
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8_2">
<span class="md-nav__icon md-icon"></span>
Maintenance
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../maintenance/update-and-cleanup/" class="md-nav__link">
<span class="md-ellipsis">
Update and Cleanup
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_3" >
<label class="md-nav__link" for="__nav_4_8_3" id="__nav_4_8_3_label" tabindex="0">
<span class="md-ellipsis">
Override the Default Configs
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8_3">
<span class="md-nav__icon md-icon"></span>
Override the Default Configs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../override-defaults/dovecot/" class="md-nav__link">
<span class="md-ellipsis">
Dovecot
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../override-defaults/postfix/" class="md-nav__link">
<span class="md-ellipsis">
Postfix
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../override-defaults/user-patches/" class="md-nav__link">
<span class="md-ellipsis">
Modifications via Script
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../mail-sieve/" class="md-nav__link">
<span class="md-ellipsis">
Email Filtering with Sieve
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../mail-fetchmail/" class="md-nav__link">
<span class="md-ellipsis">
Email Gathering with Fetchmail
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../mail-getmail/" class="md-nav__link">
<span class="md-ellipsis">
Email Gathering with Getmail
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_7" >
<label class="md-nav__link" for="__nav_4_8_7" id="__nav_4_8_7_label" tabindex="0">
<span class="md-ellipsis">
Email Forwarding
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8_7">
<span class="md-nav__icon md-icon"></span>
Email Forwarding
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../mail-forwarding/relay-hosts/" class="md-nav__link">
<span class="md-ellipsis">
Relay Hosts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../mail-forwarding/aws-ses/" class="md-nav__link">
<span class="md-ellipsis">
AWS SES
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../mail-forwarding/gmail-smtp/" class="md-nav__link">
<span class="md-ellipsis">
Configure Gmail as a relay host
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../full-text-search/" class="md-nav__link">
<span class="md-ellipsis">
Full-Text Search
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../ipv6/" class="md-nav__link">
<span class="md-ellipsis">
IPv6
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Podman
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Podman
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#introduction" class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#installation-in-rootful-mode" class="md-nav__link">
<span class="md-ellipsis">
Installation in Rootful Mode
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#installation-in-rootless-mode" class="md-nav__link">
<span class="md-ellipsis">
Installation in Rootless Mode
</span>
</a>
<nav class="md-nav" aria-label="Installation in Rootless Mode">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#rootless-quadlet" class="md-nav__link">
<span class="md-ellipsis">
Rootless Quadlet
</span>
</a>
<nav class="md-nav" aria-label="Rootless Quadlet">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#example-quadlet-file" class="md-nav__link">
<span class="md-ellipsis">
Example Quadlet file
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#mapping-ownership-between-container-and-host-users" class="md-nav__link">
<span class="md-ellipsis">
Mapping ownership between container and host users
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#start-dms-container-at-boot" class="md-nav__link">
<span class="md-ellipsis">
Start DMS container at boot
</span>
</a>
<nav class="md-nav" aria-label="Start DMS container at boot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#security-in-rootless-mode" class="md-nav__link">
<span class="md-ellipsis">
Security in Rootless Mode
</span>
</a>
<nav class="md-nav" aria-label="Security in Rootless Mode">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enforce-authentication-from-localhost" class="md-nav__link">
<span class="md-ellipsis">
Enforce authentication from localhost
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#use-the-pasta-network-driver" class="md-nav__link">
<span class="md-ellipsis">
Use the pasta network driver
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#use-the-slip4netns-network-driver" class="md-nav__link">
<span class="md-ellipsis">
Use the slip4netns network driver
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#port-forwarding" class="md-nav__link">
<span class="md-ellipsis">
Port Forwarding
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Examples
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Examples
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
Tutorials
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../examples/tutorials/basic-installation/" class="md-nav__link">
<span class="md-ellipsis">
Basic Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
<span class="md-ellipsis">
Mailserver behind Proxy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/crowdsec/" class="md-nav__link">
<span class="md-ellipsis">
Crowdsec
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/docker-build/" class="md-nav__link">
<span class="md-ellipsis">
Building your own Docker image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/blog-posts/" class="md-nav__link">
<span class="md-ellipsis">
Blog Posts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/dovecot-solr/" class="md-nav__link">
<span class="md-ellipsis">
Dovecot FTS with Apache Solr
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Use Cases
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Use Cases
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../examples/use-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
<span class="md-ellipsis">
Forward-Only Mail-Server with LDAP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/imap-folders/" class="md-nav__link">
<span class="md-ellipsis">
Customize IMAP Folders
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/ios-mail-push-support/" class="md-nav__link">
<span class="md-ellipsis">
iOS Mail Push Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/auth-lua/" class="md-nav__link">
<span class="md-ellipsis">
Lua Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/bind-smtp-network-interface/" class="md-nav__link">
<span class="md-ellipsis">
Bind outbound SMTP to a specific network
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/external-relay-only-mailserver/" class="md-nav__link">
<span class="md-ellipsis">
Relay inbound and outbound mail for an internal DMS
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Contributing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../contributing/general/" class="md-nav__link">
<span class="md-ellipsis">
General Information
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../contributing/tests/" class="md-nav__link">
<span class="md-ellipsis">
Tests
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../contributing/issues-and-pull-requests/" class="md-nav__link">
<span class="md-ellipsis">
Issues and Pull Requests
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="https://hub.docker.com/r/mailserver/docker-mailserver/" class="md-nav__link">
<span class="md-ellipsis">
<span class="icon-external-link"></span>DockerHub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class="md-nav__link">
<span class="md-ellipsis">
<span class="icon-external-link"></span>GHCR
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#introduction" class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#installation-in-rootful-mode" class="md-nav__link">
<span class="md-ellipsis">
Installation in Rootful Mode
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#installation-in-rootless-mode" class="md-nav__link">
<span class="md-ellipsis">
Installation in Rootless Mode
</span>
</a>
<nav class="md-nav" aria-label="Installation in Rootless Mode">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#rootless-quadlet" class="md-nav__link">
<span class="md-ellipsis">
Rootless Quadlet
</span>
</a>
<nav class="md-nav" aria-label="Rootless Quadlet">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#example-quadlet-file" class="md-nav__link">
<span class="md-ellipsis">
Example Quadlet file
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#mapping-ownership-between-container-and-host-users" class="md-nav__link">
<span class="md-ellipsis">
Mapping ownership between container and host users
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#start-dms-container-at-boot" class="md-nav__link">
<span class="md-ellipsis">
Start DMS container at boot
</span>
</a>
<nav class="md-nav" aria-label="Start DMS container at boot">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#security-in-rootless-mode" class="md-nav__link">
<span class="md-ellipsis">
Security in Rootless Mode
</span>
</a>
<nav class="md-nav" aria-label="Security in Rootless Mode">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#enforce-authentication-from-localhost" class="md-nav__link">
<span class="md-ellipsis">
Enforce authentication from localhost
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#use-the-pasta-network-driver" class="md-nav__link">
<span class="md-ellipsis">
Use the pasta network driver
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#use-the-slip4netns-network-driver" class="md-nav__link">
<span class="md-ellipsis">
Use the slip4netns network driver
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#port-forwarding" class="md-nav__link">
<span class="md-ellipsis">
Port Forwarding
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/config/advanced/podman.md" title="Edit this page" class="md-content__button md-icon" rel="edit">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<a href="https://github.com/docker-mailserver/docker-mailserver/raw/master/docs/content/config/advanced/podman.md" title="View source of this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg>
</a>
<h1>Podman</h1>
<h2 id="introduction"><a class="toclink" href="#introduction">Introduction</a></h2>
<p>Podman is a daemonless container engine for developing, managing, and running OCI Containers on your Linux System.</p>
<div class="admonition warning">
<p class="admonition-title">About Support for Podman</p>
<p>Please note that Podman <strong>is not</strong> officially supported as DMS is built and verified on top of the <em>Docker Engine</em>. This content is entirely community supported. If you find errors, please open an issue and provide a PR.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">About this Guide</p>
<p>This guide was tested with Fedora 34 using <code>systemd</code> and <code>firewalld</code>. Moreover, it requires Podman version &gt;= 3.2. You may be able to substitute <code>dnf</code> - Fedora's package manager - with others such as <code>apt</code>.</p>
</div>
<div class="admonition warning">
<p class="admonition-title">About Security</p>
<p>Running podman in rootless mode requires additional modifications in order to keep your mailserver secure.
Make sure to read the related documentation.</p>
</div>
<h2 id="installation-in-rootful-mode"><a class="toclink" href="#installation-in-rootful-mode">Installation in Rootful Mode</a></h2>
<p>While using Podman, you can just manage docker-mailserver as what you did with Docker. Your best friend <code>setup.sh</code> includes the minimum code in order to support Podman since it's 100% compatible with the Docker CLI.</p>
<p>The installation is basically the same. Podman v3.2 introduced a RESTful API that is 100% compatible with the Docker API, so you can use Docker Compose with Podman easily. Install Podman and Docker Compose with your package manager first.</p>
<div class="highlight"><pre><span></span><code>sudo<span class="w"> </span>dnf<span class="w"> </span>install<span class="w"> </span>podman<span class="w"> </span>docker-compose
</code></pre></div>
<p>Then enable <code>podman.socket</code> using <code>systemctl</code>.</p>
<div class="highlight"><pre><span></span><code>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>podman.socket
</code></pre></div>
<p>This will create a unix socket locate under <code>/run/podman/podman.sock</code>, which is the entrypoint of Podman's API. Now, configure docker-mailserver and start it.</p>
<div class="highlight"><pre><span></span><code><span class="nb">export</span><span class="w"> </span><span class="nv">DOCKER_HOST</span><span class="o">=</span><span class="s2">&quot;unix:///run/podman/podman.sock&quot;</span>
docker<span class="w"> </span>compose<span class="w"> </span>up<span class="w"> </span>-d<span class="w"> </span>mailserver
docker<span class="w"> </span>compose<span class="w"> </span>ps
</code></pre></div>
<p>You should see that docker-mailserver is running now.</p>
<h2 id="installation-in-rootless-mode"><a class="toclink" href="#installation-in-rootless-mode">Installation in Rootless Mode</a></h2>
<p>Running <a href="https://docs.podman.io/en/stable/markdown/podman.1.html#rootless-mode">rootless containers</a> is one of Podman's major features. But due to some restrictions, deploying docker-mailserver in rootless mode is not as easy compared to rootful mode.</p>
<ul>
<li>a rootless container is running in a user namespace so you cannot bind ports lower than 1024</li>
<li>a rootless container's systemd file can only be placed in folder under <code>~/.config</code></li>
<li>a rootless container can result in an open relay, make sure to read the <a href="#security-in-rootless-mode">security section</a>.</li>
</ul>
<p>Also notice that Podman's rootless mode is not about running as a non-root user inside the container, but about the mapping of (normal, non-root) host users to root inside the container.</p>
<div class="admonition warning">
<p class="admonition-title">Warning</p>
<p>In order to make rootless DMS work we must modify some settings in the Linux system, it requires some basic linux server knowledge so don't follow this guide if you not sure what this guide is talking about. Podman rootful mode and Docker are still good and security enough for normal daily usage.</p>
</div>
<p>First, enable <code>podman.socket</code> in systemd's userspace with a non-root user.</p>
<div class="highlight"><pre><span></span><code>systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>--user<span class="w"> </span>podman.socket
</code></pre></div>
<p>The socket file should be located at <code>/var/run/user/$(id -u)/podman/podman.sock</code>. Then, modify <code>compose.yaml</code> to make sure all ports are bindings are on non-privileged ports.</p>
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">mailserver</span><span class="p">:</span>
<span class="w"> </span><span class="nt">ports</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10025:25&quot;</span><span class="w"> </span><span class="c1"># SMTP (explicit TLS =&gt; STARTTLS)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10143:143&quot;</span><span class="w"> </span><span class="c1"># IMAP4 (explicit TLS =&gt; STARTTLS)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10465:465&quot;</span><span class="w"> </span><span class="c1"># ESMTP (implicit TLS)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10587:587&quot;</span><span class="w"> </span><span class="c1"># ESMTP (explicit TLS =&gt; STARTTLS)</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="s">&quot;10993:993&quot;</span><span class="w"> </span><span class="c1"># IMAP4 (implicit TLS)</span>
</code></pre></div>
<p>Then, setup your <code>mailserver.env</code> file follow the documentation and use Docker Compose to start the container.</p>
<div class="highlight"><pre><span></span><code><span class="nb">export</span><span class="w"> </span><span class="nv">DOCKER_HOST</span><span class="o">=</span><span class="s2">&quot;unix:///var/run/user/</span><span class="k">$(</span>id<span class="w"> </span>-u<span class="k">)</span><span class="s2">/podman/podman.sock&quot;</span>
docker<span class="w"> </span>compose<span class="w"> </span>up<span class="w"> </span>-d<span class="w"> </span>mailserver
docker<span class="w"> </span>compose<span class="w"> </span>ps
</code></pre></div>
<h3 id="rootless-quadlet"><a class="toclink" href="#rootless-quadlet">Rootless Quadlet</a></h3>
<div class="admonition info">
<p class="admonition-title">What is a Quadlet?</p>
<p>A <a href="https://mo8it.com/blog/quadlet/">Quadlet</a> file uses the <a href="https://www.freedesktop.org/software/systemd/man/latest/systemd.syntax.html">systemd config format</a> which is similar to the INI format.</p>
<p><a href="https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#examples">Quadlets define your podman configuration</a> (<em>pods, volumes, networks, images, etc</em>) which are <a href="https://blog.while-true-do.io/podman-quadlets/#writing-quadlets">adapted into the equivalent systemd service config files</a> at <a href="https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#description">boot or when reloading the systemd daemon</a> (<code>systemctl daemon-reload</code> / <code>systemctl --user daemon-reload</code>).</p>
</div>
<div class="admonition tip">
<p class="admonition-title">Rootless compatibility</p>
<p>Quadlets can <a href="https://matduggan.com/replace-compose-with-quadlet/#rootless">support rootless with a few differences</a>:</p>
<ul>
<li><code>Network=pasta</code> configures <a href="https://passt.top/passt/about/#pasta"><code>pasta</code></a> as a rootless compatible network driver (<em>a popular alternative to <code>slirp4netns</code>. <code>pasta</code> is the default for rootless since Podman v5</em>).</li>
<li>
<p><code>Restart=always</code> will auto-start your Quadlet at login. Rootless support requires to enable <a href="https://www.freedesktop.org/software/systemd/man/latest/loginctl.html#enable-linger%20USER%E2%80%A6">lingering</a> for your user:</p>
<div class="highlight"><pre><span></span><code>loginctl<span class="w"> </span>enable-linger<span class="w"> </span>user
</code></pre></div>
</li>
<li>
<p><a href="https://docs.podman.io/en/latest/markdown/podman-systemd.unit.5.html#podman-rootful-unit-search-path">Config locations between rootful vs rootless</a>.</p>
</li>
</ul>
</div>
<h4 id="example-quadlet-file"><a class="toclink" href="#example-quadlet-file">Example Quadlet file</a></h4>
<details class="example" open="open">
<summary>Example</summary>
<ol>
<li>Create your DMS Quadlet at <code>~/.config/containers/systemd/dms.container</code> with the example content shown below.<ul>
<li>Adjust settings like <code>HostName</code> as needed. You may prefer a different convention for your <code>Volume</code> host paths.</li>
<li>Some syntax like systemd specifiers and Podman's <code>UIDMap</code> value are explained in detail after this example.</li>
</ul>
</li>
<li>Run <a href="https://www.freedesktop.org/software/systemd/man/latest/systemctl.html#daemon-reload"><code>systemctl --user daemon-reload</code></a>, which will trigger the Quadlet service generator. This command is required whenever you adjust config in <code>dms.container</code>.</li>
<li>You should now be able to start the service with <code>systemctl --user start dms</code>.</li>
</ol>
<div class="highlight"><span class="filename">dms.container</span><pre><span></span><code><span class="k">[Unit]</span>
<span class="na">Description</span><span class="o">=</span><span class="s">&quot;Docker Mail Server&quot;</span>
<span class="na">Documentation</span><span class="o">=</span><span class="s">https://docker-mailserver.github.io/docker-mailserver/latest</span>
<span class="k">[Service]</span>
<span class="na">Restart</span><span class="o">=</span><span class="s">always</span>
<span class="c1"># Optional - This will run before the container starts:</span>
<span class="c1"># - It ensures all the DMS volumes have the host directories created for you.</span>
<span class="c1"># - For `mkdir` command to leverage the shell brace expansion syntax, you need to run it via bash.</span>
<span class="na">ExecStartPre</span><span class="o">=</span><span class="s">/usr/bin/bash -c &#39;mkdir -p %h/volumes/%N/{mail-data,mail-state,mail-logs,config}&#39;</span>
<span class="c1"># This section enables the service at generation, avoids requiring `systemctl --user enable dms`:</span>
<span class="c1"># - `multi-user.target` =&gt; root</span>
<span class="c1"># - `default.target` =&gt; rootless</span>
<span class="k">[Install]</span>
<span class="na">WantedBy</span><span class="o">=</span><span class="s">default.target</span>
<span class="k">[Container]</span>
<span class="na">ContainerName</span><span class="o">=</span><span class="s">%N</span>
<span class="na">HostName</span><span class="o">=</span><span class="s">mail.example.com</span>
<span class="na">Image</span><span class="o">=</span><span class="s">docker.io/mailserver/docker-mailserver:latest</span>
<span class="na">PublishPort</span><span class="o">=</span><span class="s">25:25</span>
<span class="na">PublishPort</span><span class="o">=</span><span class="s">143:143</span>
<span class="na">PublishPort</span><span class="o">=</span><span class="s">587:587</span>
<span class="na">PublishPort</span><span class="o">=</span><span class="s">993:993</span>
<span class="c1"># The container UID for root will be mapped to the host UID running this Quadlet service.</span>
<span class="c1"># All other UIDs in the container are mapped via the sub-id range for that user from host configs `/etc/subuid` + `/etc/subgid`.</span>
<span class="na">UIDMap</span><span class="o">=</span><span class="s">+0:@%U</span>
<span class="c1"># Volumes (Base location example: `%h/volumes/%N` =&gt; `~/volumes/dms`)</span>
<span class="c1"># NOTE: If your host has SELinux enabled, avoid permission errors by appending the mount option `:Z`.</span>
<span class="na">Volume</span><span class="o">=</span><span class="s">%h/volumes/%N/mail-data:/var/mail</span>
<span class="na">Volume</span><span class="o">=</span><span class="s">%h/volumes/%N/mail-state:/var/mail-state</span>
<span class="na">Volume</span><span class="o">=</span><span class="s">%h/volumes/%N/mail-logs:/var/log/mail</span>
<span class="na">Volume</span><span class="o">=</span><span class="s">%h/volumes/%N/config:/tmp/docker-mailserver</span>
<span class="c1"># Optional - Additional mounts:</span>
<span class="c1"># NOTE: For SELinux, when using the `z` or `Z` mount options:</span>
<span class="c1"># Take caution if choosing a host location not belonging to your user. Consider using `SecurityLabelDisable=true` instead.</span>
<span class="c1"># https://docs.podman.io/en/latest/markdown/podman-run.1.html#volume-v-source-volume-host-dir-container-dir-options</span>
<span class="na">Volume</span><span class="o">=</span><span class="s">%h/volumes/certbot/certs:/etc/letsencrypt:ro</span>
<span class="c1"># Podman can create a timer (defaults to daily at midnight) to check the `registry` or `local` storage for detecting if the</span>
<span class="c1"># image tag points to a new digest, if so it updates the image and restarts the service (similar to `containrrr/watchtower`):</span>
<span class="c1"># https://docs.podman.io/en/latest/markdown/podman-auto-update.1.html</span>
<span class="na">AutoUpdate</span><span class="o">=</span><span class="s">registry</span>
<span class="c1"># Podman Quadlet has a better alternative instead of a volume directly bind mounting `/etc/localtime` to match the host TZ:</span>
<span class="c1"># https://docs.podman.io/en/latest/markdown/podman-run.1.html#tz-timezone</span>
<span class="c1"># NOTE: Should the host modify the system TZ, neither approach will sync the change to the `/etc/localtime` inside the running container.</span>
<span class="na">Timezone</span><span class="o">=</span><span class="s">local</span>
<span class="na">Environment</span><span class="o">=</span><span class="s">SSL_TYPE=letsencrypt</span>
<span class="c1"># NOTE: You may need to adjust the default `NETWORK_INTERFACE`:</span>
<span class="c1"># https://docker-mailserver.github.io/docker-mailserver/latest/config/environment/#network_interface</span>
<span class="c1">#Environment=NETWORK_INTERFACE=enp1s0</span>
<span class="c1">#Environment=NETWORK_INTERFACE=tap0</span>
</code></pre></div>
</details>
<details class="info">
<summary>Systemd specifiers</summary>
<p>Systemd has a <a href="https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Specifiers">variety of specifiers</a> (<em>prefixed with <code>%</code></em>) that help manage configs.</p>
<p>Here are the ones used in the Quadlet config example:</p>
<ul>
<li><strong><code>%h</code>:</strong> Location of the users home directory. Use this instead of <code>~</code> (<em>which would only work in a shell, not this config</em>).</li>
<li><strong><code>%N</code>:</strong> Represents the unit service name, which is taken from the filename excluding the extension (<em>thus <code>dms.container</code> =&gt; <code>dms</code></em>).</li>
<li><strong><code>%U</code>:</strong> The UID of the user running this service. The next section details the relevance with <code>UIDMap</code>.</li>
</ul>
<hr />
<p>If you prefer the conventional XDG locations, you may prefer <code>%D</code> + <code>%E</code> + <code>%S</code> as part of your <code>Volume</code> host paths.</p>
</details>
<p>Stopping the service with systemd will result in the container being removed. Restarting will use the existing container, which is however not recommended. You do not need to enable services with Quadlet.</p>
<p>Start container:</p>
<p><code>systemctl --user start dockermailserver</code></p>
<p>Stop container:</p>
<p><code>systemctl --user stop dockermailserver</code></p>
<p>Using root with machinectl (used for some Ansible versions):</p>
<p><code>machinectl -q shell yourrootlessuser@ /bin/systemctl --user start dockermailserver</code></p>
<h4 id="mapping-ownership-between-container-and-host-users"><a class="toclink" href="#mapping-ownership-between-container-and-host-users">Mapping ownership between container and host users</a></h4>
<p>Podman supports a few different approaches for this functionality. For rootless Quadlets you will likely want to use <code>UIDMap</code> (<em><code>GIDMap</code> will use this same mapping by default</em>).</p>
<ul>
<li><code>UIDMap</code> + <code>GIDMap</code> works by mapping user and group IDs from a container, to IDs associated for a user on the host <a href="https://docs.podman.io/en/stable/markdown/podman.1.html#rootless-mode">configured in <code>/etc/subuid</code> + <code>/etc/subgid</code></a> (<em>this isn't necessary for rootful Podman</em>).</li>
<li>Each mapping must be unique, thus only a single container UID can map to your rootless UID on the host. Every other container UID mapped must be within the configured range from <code>/etc/subuid</code>.</li>
<li>Rootless containers have one additional level of mapping involved. This is an offset from their <code>/etc/subuid</code> entry starting from <code>0</code>, but can be inferred when the intended UID on the host is prefixed with <code>@</code></li>
</ul>
<details class="tip">
<summary>Why should I prefer <code>UIDMap=+0:@%U</code>? How does the <code>@</code> syntax work?</summary>
<p>The most common case is to map the containers root user (UID <code>0</code>) to your host user ID.</p>
<p>For a rootless user with the UID <code>1000</code> on the host, any of the following <code>UIDMap</code> values are equivalent:</p>
<ul>
<li><strong><code>UIDMap=+0:0</code>:</strong> The 1st <code>0</code> is the container root ID and the 2nd <code>0</code> refers to host mapping ID. For rootless the mapping ID is an indirect offset to their user entry in <code>/etc/subuid</code> where <code>0</code> maps to their host user ID, while <code>1</code> or higher maps to the users subuid range.</li>
<li><strong><code>UIDMap=+0:@1000</code>:</strong> A rootless Quadlet can also use <code>@</code> as a prefix which Podman will then instead lookup as the host ID in <code>/etc/subuid</code> to get the offset value. If the host user ID was <code>1000</code>, then <code>@1000</code> would resolve that to <code>0</code>.</li>
<li><strong><code>UIDMap=+0:@%U</code>:</strong> Instead of providing the explicit rootless UID, a better approach is to leverage <code>%U</code> (<em>a <a href="https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#Specifiers">systemd specifier</a></em>) which will resolve to the UID of your rootless user that starts the Quadlet service.</li>
</ul>
</details>
<details class="tip">
<summary>What is the <code>+</code> syntax used with <code>UIDMap</code>?</summary>
<p>Prefixing the container ID with <code>+</code> is a a podman feature similar to <code>@</code>, which ensures <code>/etc/subuid</code> is mapped fully.</p>
<p>For example <code>UIDMap=+5000:@%U</code> is the short-hand equivalent to:</p>
<div class="highlight"><pre><span></span><code><span class="na">UIDMap</span><span class="o">=</span><span class="s">5000:0:1</span>
<span class="na">UIDMap</span><span class="o">=</span><span class="s">0:1:5000</span>
<span class="na">UIDMap</span><span class="o">=</span><span class="s">5001:5001:60536</span>
</code></pre></div>
<p>The third value is the amount of IDs to map from the <code>container:host</code> pair as an offset/range. It defaults to <code>1</code>.</p>
<p>In addition to our explicit <code>5000:0</code> mapping, the <code>+</code> ensures:</p>
<ul>
<li>That we have a mapping of all container ID prior to <code>5000</code> to IDs from our rootless user entry in <code>/etc/subuid</code> on the host.</li>
<li>It also adds a mapping after this value for the remainder of the range configured in <code>/etc/subuid</code> which covers the <code>nobody</code> user in the container.</li>
</ul>
<p>Within the container you can view these mappings via <code>cat /proc/self/uid_map</code>.</p>
</details>
<details class="warning">
<summary>Impact on disk usage of images with Rootless</summary>
<p><strong>NOTE:</strong> This should not usually be a concern, but is documented here to explain the impact of creating new user namespaces (<em>such as by running a container with settings like <code>UIDMap</code> that differ between runs</em>).</p>
<hr />
<p>Rootless containers <a href="https://github.com/containers/podman/issues/16541#issuecomment-1352790422">perform a copy of the image with <code>chown</code></a> during the first pull/run of the image.</p>
<ul>
<li>The larger the image to copy, the longer the initial delay on first use.</li>
<li>This process will be repeated if the <code>UIDMap</code> / <code>GIDMap</code> settings are changed to a value that has not been used previously (<em>accumulating more disk usage with additional image layer copies</em>).</li>
<li>Only when the original image is removed will any of these associated <code>chown</code> image copies be purged from storage.</li>
</ul>
<p>When you specify a <code>UIDMap</code> like demonstrated in the earlier tip for the <code>+</code> syntax with <code>UIDMap=+0:5000</code>, if the <code>/proc/self/uid_map</code> shows a row with the first two columns as equivalent then no excess <code>chown</code> should be applied.</p>
<ul>
<li><code>UIDMap=+0:@%U</code> is equivalent from ID 2 onwards.</li>
<li><code>UIDMap=+5000:@%U</code> is equivalent from ID 5001 onwards. This is relevant with DMS as the container UID 200 is assigned to ClamAV, the offset introduced will now incur a <code>chown</code> copy of 230MB.</li>
</ul>
</details>
<h2 id="start-dms-container-at-boot"><a class="toclink" href="#start-dms-container-at-boot">Start DMS container at boot</a></h2>
<p>Unlike Docker, Podman is daemonless thus containers do not start at boot. You can create your own systemd service to schedule this or use the Podman CLI.</p>
<div class="admonition warning">
<p class="admonition-title"><code>podman generate systemd</code> is deprecated</p>
<p>The <a href="https://docs.podman.io/en/latest/markdown/podman-generate-systemd.1.html"><code>podman generate systemd</code></a> command has been deprecated <a href="https://github.com/containers/podman/releases/tag/v4.7.0">since Podman v4.7</a> (Sep 2023) in favor of Quadlets (<em>available <a href="https://github.com/containers/podman/releases/tag/v4.4.0">since Podman v4.4</a></em>).</p>
</div>
<div class="admonition example">
<p class="admonition-title">Create a systemd service</p>
<p>Use the Podman CLI to generate a systemd service at the rootful or rootless location.</p>
<div class="tabbed-set tabbed-alternate" data-tabs="1:2"><input checked="checked" id="rootful" name="__tabbed_1" type="radio" /><input id="rootless" name="__tabbed_1" type="radio" /><div class="tabbed-labels"><label for="rootful">Rootful</label><label for="rootless">Rootless</label></div>
<div class="tabbed-content">
<div class="tabbed-block">
<div class="highlight"><pre><span></span><code>podman<span class="w"> </span>generate<span class="w"> </span>systemd<span class="w"> </span>mailserver<span class="w"> </span>&gt;<span class="w"> </span>/etc/systemd/system/mailserver.service
systemctl<span class="w"> </span>daemon-reload
systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--now<span class="w"> </span>mailserver.service
</code></pre></div>
</div>
<div class="tabbed-block">
<div class="highlight"><pre><span></span><code>podman<span class="w"> </span>generate<span class="w"> </span>systemd<span class="w"> </span>mailserver<span class="w"> </span>&gt;<span class="w"> </span>~/.config/systemd/user/mailserver.service
systemctl<span class="w"> </span>--user<span class="w"> </span>daemon-reload
systemctl<span class="w"> </span><span class="nb">enable</span><span class="w"> </span>--user<span class="w"> </span>--now<span class="w"> </span>mailserver.service
</code></pre></div>
</div>
</div>
</div>
</div>
<p>A systemd user service will only start when that specific user logs in and stops when after log out. To instead allow user services to run when that user has no active session running run:</p>
<div class="highlight"><pre><span></span><code>loginctl<span class="w"> </span>enable-linger<span class="w"> </span>&lt;username&gt;
</code></pre></div>
<h3 id="security-in-rootless-mode"><a class="toclink" href="#security-in-rootless-mode">Security in Rootless Mode</a></h3>
<p>In rootless mode, podman resolves all incoming IPs as localhost, which results in an open gateway in the default configuration. There are two workarounds to fix this problem, both of which have their own drawbacks.</p>
<h4 id="enforce-authentication-from-localhost"><a class="toclink" href="#enforce-authentication-from-localhost">Enforce authentication from localhost</a></h4>
<p>The <code>PERMIT_DOCKER</code> variable in the <code>mailserver.env</code> file allows to specify trusted networks that do not need to authenticate. If the variable is left empty, only requests from localhost and the container IP are allowed, but in the case of rootless podman any IP will be resolved as localhost. Setting <code>PERMIT_DOCKER=none</code> enforces authentication also from localhost, which prevents sending unauthenticated emails.</p>
<h4 id="use-the-pasta-network-driver"><a class="toclink" href="#use-the-pasta-network-driver">Use the <code>pasta</code> network driver</a></h4>
<p>Since <a href="https://github.com/containers/podman/releases/tag/v5.0.0">Podman 5.0</a> the default rootless network driver is now <code>pasta</code> instead of <code>slirp4netns</code>. These two drivers <a href="https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/building_running_and_managing_containers/assembly_communicating-among-containers_building-running-and-managing-containers#differences-between-slirp4netns-and-pasta_assembly_communicating-among-containers">have some differences</a>:</p>
<blockquote>
<p>Notable differences of <code>pasta</code> network mode compared to <code>slirp4netns</code> include:</p>
<ul>
<li><code>pasta</code> supports IPv6 port forwarding.</li>
<li><code>pasta</code> is more efficient than <code>slirp4netns</code>.</li>
<li><code>pasta</code> copies IP addresses from the host, while <code>slirp4netns</code> uses a predefined IPv4 address.</li>
<li><code>pasta</code> uses an interface name from the host, while <code>slirp4netns</code> uses <code>tap0</code> as an interface name.</li>
<li><code>pasta</code> uses the gateway address from the host, while <code>slirp4netns</code> defines its own gateway address and uses NAT.</li>
</ul>
</blockquote>
<h4 id="use-the-slip4netns-network-driver"><a class="toclink" href="#use-the-slip4netns-network-driver">Use the <code>slip4netns</code> network driver</a></h4>
<p>The second workaround is slightly more complicated because the <code>compose.yaml</code> has to be modified.
As shown in the <a href="../../security/fail2ban/#rootless-container">fail2ban section</a> the <code>slirp4netns</code> network driver has to be enabled.
This network driver enables podman to correctly resolve IP addresses but it is not compatible with
user defined networks which might be a problem depending on your setup.</p>
<p><a href="https://github.com/containers/podman/blob/v3.4.1/docs/source/markdown/podman-run.1.md#--networkmode---net">Rootless Podman</a> requires adding the value <code>slirp4netns:port_handler=slirp4netns</code> to the <code>--network</code> CLI option, or <code>network_mode</code> setting in your <code>compose.yaml</code>.</p>
<p>You must also add the ENV <code>NETWORK_INTERFACE=tap0</code>, because Podman uses a <a href="https://github.com/containers/podman/blob/v3.4.1/libpod/networking_slirp4netns.go#L264">hard-coded interface name</a> for <code>slirp4netns</code>.</p>
<div class="admonition example">
<p class="admonition-title">Example</p>
<div class="highlight"><pre><span></span><code><span class="nt">services</span><span class="p">:</span>
<span class="w"> </span><span class="nt">mailserver</span><span class="p">:</span>
<span class="w"> </span><span class="nt">network_mode</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;slirp4netns:port_handler=slirp4netns&quot;</span>
<span class="w"> </span><span class="nt">environment</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">NETWORK_INTERFACE=tap0</span>
<span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">...</span>
</code></pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p><code>podman-compose</code> is not compatible with this configuration.</p>
</div>
<h3 id="port-forwarding"><a class="toclink" href="#port-forwarding">Port Forwarding</a></h3>
<p>When it comes to forwarding ports using <code>firewalld</code>, see <a href="https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/securing_networks/using-and-configuring-firewalld_securing-networks#port-forwarding_using-and-configuring-firewalld">these port forwarding docs</a> for more information.</p>
<div class="highlight"><pre><span></span><code>firewall-cmd<span class="w"> </span>--permanent<span class="w"> </span>--add-forward-port<span class="o">=</span><span class="nv">port</span><span class="o">=</span>&lt;<span class="m">25</span><span class="p">|</span><span class="m">143</span><span class="p">|</span><span class="m">465</span><span class="p">|</span><span class="m">587</span><span class="p">|</span><span class="m">993</span>&gt;:proto<span class="o">=</span>&lt;tcp&gt;:toport<span class="o">=</span>&lt;<span class="m">10025</span><span class="p">|</span><span class="m">10143</span><span class="p">|</span><span class="m">10465</span><span class="p">|</span><span class="m">10587</span><span class="p">|</span><span class="m">10993</span>&gt;
...
<span class="c1"># After you set all ports up.</span>
firewall-cmd<span class="w"> </span>--reload
</code></pre></div>
<p>Notice that this will only open the access to the external client. If you want to access privileges port in your server, do this:</p>
<div class="highlight"><pre><span></span><code>firewall-cmd<span class="w"> </span>--permanent<span class="w"> </span>--direct<span class="w"> </span>--add-rule<span class="w"> </span>&lt;ipv4<span class="p">|</span>ipv6&gt;<span class="w"> </span>nat<span class="w"> </span>OUTPUT<span class="w"> </span><span class="m">0</span><span class="w"> </span>-p<span class="w"> </span>&lt;tcp<span class="p">|</span>udp&gt;<span class="w"> </span>-o<span class="w"> </span>lo<span class="w"> </span>--dport<span class="w"> </span>&lt;<span class="m">25</span><span class="p">|</span><span class="m">143</span><span class="p">|</span><span class="m">465</span><span class="p">|</span><span class="m">587</span><span class="p">|</span><span class="m">993</span>&gt;<span class="w"> </span>-j<span class="w"> </span>REDIRECT<span class="w"> </span>--to-ports<span class="w"> </span>&lt;<span class="m">10025</span><span class="p">|</span><span class="m">10143</span><span class="p">|</span><span class="m">10465</span><span class="p">|</span><span class="m">10587</span><span class="p">|</span><span class="m">10993</span>&gt;
...
<span class="c1"># After you set all ports up.</span>
firewall-cmd<span class="w"> </span>--reload
</code></pre></div>
<p>Just map all the privilege port with non-privilege port you set in compose.yaml before as root user.</p>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
<p>&copy <a href="https://github.com/docker-mailserver"><em>Docker Mailserver Organization</em></a><br/><span>This project is licensed under the MIT license.</span></p>
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant", "content.action.edit", "content.action.view", "content.code.annotate"], "search": "../../../assets/javascripts/workers/search.d50fe291.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.50899def.min.js"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink