This commit is contained in:
Val 2014-12-03 10:34:50 +00:00
parent 634b329dd9
commit fd644cd67f
19 changed files with 106 additions and 133 deletions

62
Dockerfile Normal file
View File

@ -0,0 +1,62 @@
FROM ubuntu:14.04
ENV DEBIAN_FRONTEND noninteractive
RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
RUN apt-get update
RUN apt-get -y -q autoclean
RUN apt-get -y -q autoremove
RUN apt-get clean
# Prerequisites
# install self-signed ssl certs
RUN apt-get install -y --force-yes ssl-cert
# Install postfix as MTA
RUN apt-get install -y --force-yes postfix
# Install dovecot as IMAP server
RUN apt-get install -y --force-yes dovecot-imapd
# Install OpenDKIM domain signing server
RUN apt-get install -y --force-yes opendkim
# postfix configuration
ADD ./config/postfix.main.cf /etc/postfix/main.cf
ADD ./condig/postfix.master.cf.append /etc/postfix/master-additional.cf
RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
# configure settings script
VOLUME ["/mail_config"]
COPY process_settings /process_settings
RUN chmod 755 /process_settings
# add user vmail who own all mail folders
VOLUME ["/vmail"]
RUN groupadd -g 5000 vmail
RUN useradd -g vmail -u 5000 vmail -d /vmail -m
# dovecot configuration
ADD ./config/dovecot.mail /etc/dovecot/conf.d/10-mail.conf
ADD ./config/dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
ADD ./config/dovecot.auth /etc/dovecot/conf.d/10-auth.conf
ADD ./config/dovecot.master /etc/dovecot/conf.d/10-master.conf
ADD ./config/dovecot.lda /etc/dovecot/conf.d/15-lda.conf
ADD ./config/dovecot.imap /etc/dovecot/conf.d/20-imap.conf
# add verbose logging
#ADD ./config/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
# smtp port for incoming mail
EXPOSE 25
# imap port
EXPOSE 143
# smtp port for outgoing
EXPOSE 587
# todo: enable port 587 for outgoing mail, separate ports 25 and 587
# http://www.synology-wiki.de/index.php/Zusaetzliche_Ports_fuer_Postfix
# start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit)
ENTRYPOINT /process_settings; service rsyslog start; service opendkim start; service postfix start; dovecot -F

View File

@ -1,11 +1,9 @@
all: dovecot
all: build
.PHONY: dovecot
.PHONY: build
dovecot:
cd dovecot; docker build -t dovecot_made_special:2.1.7 .
build:
docker build -t dockermail_made_special:2.1.7 .
run-dovecot:
docker run -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dovecot_made_special:2.1.7
run-all: run-dovecot
run:
docker run -name dockermail -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dockermail_made_special:2.1.7

View File

@ -5,63 +5,62 @@ Based on https://github.com/lava/dockermail
A secure, minimal-configuration mail server in a docker container.
This repository is tailored to small private servers, where you own some domain(s) and
want to receive the mail for and send mail from this domain.
This repository is tailored to small private servers, where you own a domain and want to host your own mail.
The SMTP and IMAP server. This container uses postfix as MTA and dovecot as IMAP server.
All incoming mail to your own domains is accepted. For outgoing mail, only authenticated
(logged in with username and password) clients can send messages via STARTTLS on port 587.
Outgoing mail is configured to get OpenDKIM signature, you need to generate a key and set up your domain records.
Also you should add PTR record to your IP (aka reverse DNS) which is done by your server provider and add an SPF record to your domain - otherwise you may get your mail spam filtered.
This container uses postfix as MTA and dovecot as IMAP server.
All incoming mail to your domains is accepted.
For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS.
SPAM stuff
=====
Outgoing mail is signed by OpenDKIM, you need to generate a key and set up your domain records (see step 5).
You should add PTR record to your IP (aka reverse DNS) which is done by your server provider.
And finally, generate and add an SPF record to your domain, search for instructions on this - there are a few generator site around and the setup steps depend on your domain name provider.
Setup
=====
Create 2 folders: one for mail configuration (`/opt/dockermail/settings`), another for mail storage (`/opt/dockermail/vmail`).
Use the the example config files in `dovecot/example` of this repo.
Use the the example config files in `config/example` of this repo.
1) Add all domains you want to receive mail for to the file `/opt/dockermail/settings/domains`, like this:
1. Add all domains you want to receive mail for to the file `/opt/dockermail/settings/domains`, like this:
example.org
example.net
2) Add user aliases to the file `/opt/dockermail/settings/aliases`, like
2. Add user aliases to the file `/opt/dockermail/settings/aliases`, like
johndoe@example.org john.doe@example.org
john.doe@example.org john.doe@example.org
admin@forum.example.org forum-admin@example.org
@example.net catch-all@example.net
An IMAP mail account is created for each entry on the right hand side.
Every mail sent to one of the addresses in the left column will
be delivered to the corresponding account in the right column.
An IMAP mail account is created for each entry on the right hand side.
Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
3) Add user passwords to the file `/opt/dockermail/settings/passwords` like this
3. Add user passwords to the file `/opt/dockermail/settings/passwords` like this
john.doe@example.org:{PLAIN}password123
admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6
To get the hash values, you can either install dovecot locally or use `docker exec -it dockermail bash` to attach to the running
container and run `doveadm pw -s <scheme-name>` inside.
To get the hash values, you can either install dovecot locally or use `docker exec -it dockermail bash` to attach to the running container (step 7) and run `doveadm pw -s <scheme-name>` inside.
4) Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
4. Change the hostname in file `/opt/dockermail/settings/myhostname` to the correct fully qualified domain of your server.
5) Add DKIM settings files: `/opt/dockermail/settings/opendkim.conf` and `/opt/dockermail/settings/mail.private`
5. Add DKIM settings files: `/opt/dockermail/settings/opendkim.conf` and `/opt/dockermail/settings/mail.private`
See https://help.ubuntu.com/community/Postfix/DKIM on the info about these settings.
You will need to generate your own `mail.private` key and set up your domain records, the `opendkim.conf` from `dovecot/examples`
You will need to generate your own `mail.private` key and set up your domain records, the `opendkim.conf` from `config/example`
is ready to use.
6) Build container
6. Build container
make
7) Run container and map ports 25 and 143 from the host to the container.
7. Run container and map ports 25 and 143 from the host to the container.
To store your mail outside the container, map `/opt/dockermail/vmail/` to
a directory on your host. (This is recommended, otherwise
you have to remember to backup your mail when you want to restart the container)
`docker run -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dovecot_made_special/2.1.7`
`docker run -name dockermail -d -p 25:25 -p 587:587 -p 143:143 -v /opt/dockermail/settings:/mail_settings -v /opt/dockermail/vmail:/vmail dockermail_made_special/2.1.7`
8) Enjoy.
Patches welcome!
8. Enjoy!

View File

@ -1,86 +0,0 @@
FROM ubuntu:14.04
ENV DEBIAN_FRONTEND noninteractive
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty main' | tee /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty main' | tee -a /etc/apt/sources.list
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty-updates main' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates main' | tee -a /etc/apt/sources.list
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty universe' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty universe' | tee -a /etc/apt/sources.list
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty-updates universe' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates universe' | tee -a /etc/apt/sources.list
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty-updates multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb http://archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://archive.ubuntu.com/ubuntu/ trusty-backports main restricted universe multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb http://security.ubuntu.com/ubuntu trusty-security main' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://security.ubuntu.com/ubuntu trusty-security main' | tee -a /etc/apt/sources.list
RUN echo 'deb http://security.ubuntu.com/ubuntu trusty-security universe' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://security.ubuntu.com/ubuntu trusty-security universe' | tee -a /etc/apt/sources.list
RUN echo 'deb http://security.ubuntu.com/ubuntu trusty-security multiverse' | tee -a /etc/apt/sources.list
RUN echo 'deb-src http://security.ubuntu.com/ubuntu trusty-security multiverse' | tee -a /etc/apt/sources.list
RUN locale-gen en_GB en_GB.UTF-8 && dpkg-reconfigure locales
RUN apt-get update
RUN apt-get -y -q autoclean
RUN apt-get -y -q autoremove
RUN apt-get clean
# prerequisites
RUN apt-get update
# install self-signed ssl certs
RUN apt-get install -y --force-yes ssl-cert
# Install postfix as MTA
RUN apt-get install -y --force-yes postfix
# Install dovecot as IMAP server
RUN apt-get install -y --force-yes dovecot-imapd
# Install OpenDKIM domain signing server
RUN apt-get install -y --force-yes opendkim
# postfix configuration
ADD ./postfix.main.cf /etc/postfix/main.cf
ADD ./postfix.master.cf.append /etc/postfix/master-additional.cf
RUN cat /etc/postfix/master-additional.cf >> /etc/postfix/master.cf
# configure settings script
VOLUME ["/mail_config"]
COPY process_settings /process_settings
RUN chmod 755 /process_settings
# add user vmail who own all mail folders
VOLUME ["/vmail"]
RUN groupadd -g 5000 vmail
RUN useradd -g vmail -u 5000 vmail -d /vmail -m
# dovecot configuration
ADD ./dovecot.mail /etc/dovecot/conf.d/10-mail.conf
ADD ./dovecot.ssl /etc/dovecot/conf.d/10-ssl.conf
ADD ./dovecot.auth /etc/dovecot/conf.d/10-auth.conf
ADD ./dovecot.master /etc/dovecot/conf.d/10-master.conf
ADD ./dovecot.lda /etc/dovecot/conf.d/15-lda.conf
ADD ./dovecot.imap /etc/dovecot/conf.d/20-imap.conf
# add verbose logging
#ADD ./internal/dovecot.logging /etc/dovecot/conf.d/10-logging.conf
# smtp port for incoming mail
EXPOSE 25
# imap port
EXPOSE 143
# smtp port for outgoing
EXPOSE 587
# todo: enable port 587 for outgoing mail, separate ports 25 and 587
# http://www.synology-wiki.de/index.php/Zusaetzliche_Ports_fuer_Postfix
# start necessary services for operation (dovecot -F starts dovecot in the foreground to prevent container exit)
ENTRYPOINT /process_settings; service rsyslog start; service opendkim start; service postfix start; dovecot -F