A secure, minimal-configuration mail server in a docker container, including webmail.
This repository is tailored to small private servers, where you own some domain(s) and want to receive the mail for and send mail from this domain. It consists of 4 separate docker containers:
-
dovecot: The SMTP and IMAP server. This container uses postfix as MTA and dovecot as IMAP server. All incoming mail to your own domains is accepted. For outgoing mail, only authenticated (logged in with username and password) clients can send messages via STARTTLS on port 587. It should work with all mail clients.
-
rainloop: An automatically configured webmail interface. Note that you have to login with your full mail adress, e.g.
john.doe@example.org
instead of justjohn.doe
. By default, this will bind tolocalhost:33100
.There is a webmail admin interface available at
localhost:33100/?admin
with default usernameadmin
and default password12345
, so you probably want to change that before connecting this container to the internet. Note that just knowing the admin password isnt enough for other people to read your mail, since the mail password isn't stored within rainloop. Also note that the admin password will reset to the default values every time you restart the container.Rainloop is released under CC BY-NC-SA 3.0, so you are only allowed to use this container for non-commercial purposes. They do sell commercial licenses, if required.
-
owncloud: This provides CalDAV and CardDAV functionality, together with tons and tons of other stuff like cloud storage, collaborative editing, etc. You should be able to login using your mail address automatically.
By default, this container will bind to
localhost:33200
. All user data is by default mapped/srv/owncloud
on the host. As above, the default admin account has usernameadmin
and password12345
, so make sure to change this before connecting the container to the internet.It is also possible to install a webmail interface within owncloud, so in theory you don't need rainloop. That said, restarting the container after configuration changes can be a bit rough and might require manual intervention so if you just want webmail, rainloop is probably preferrable. If you encounter problems, try deleting
/srv/owncloud/owncloud.db
and restarting the container. -
mailpile: An early-alpha but promising webmail interface. It is currently not built by default, but you can play around with it if you like. By default, the web interface will bind to
localhost:33411
-
mailbase: This image is just an implementation detail. It is a workaround to allow sharing of configuration files between multiple docker images and redeploys.
Visualize Docker images and the layers that compose them.
$ git clone https://github.com/htmlgraphic/Mail-Server.git && cd Mail-Server
$ make
$ make run (runs complete docker-compose file)
Build a working IMAP Server instance using a Makefile
and a few terminal commands
$ git clone https://github.com/htmlgraphic/Mail-Server.git && cd Mail-Server
$ make
$ make build
CircleCI - Test the Dockerfile process, can the container be built the correctly? Verify the build process with a number of tests. Currently with this service no code can be tested on the running container. Data can be echo and available grepping the output via docker logs | grep value
Using CircleCI review the circle.yml
file.
Shippable - Run tests on the actual built container. These tests ensure the scripts have been setup properly and the service can start with parameters defined. If any test(s) fail the system should be reviewed closer.
Using Shippable review the shippable.yml
file. This service will use a circle.yml
file configuration but for the unique features provided by Shippable it is best to use the deadicated shippable.yml
file. This service will fully test the creation of your container and can push the complete image to your private Docker repo if you desire.
Any domains you want to receive mail for to the file mailbase/domains
:
example.org
example.net
Edit the file mailbase/aliases
, to add any needed aliases:
johndoe@example.org john.doe@example.org
john.doe@example.org john.doe@example.org
admin@forum.example.org forum-admin@example.org
@example.net catch-all@example.net
An IMAP mail account is created for each entry on the right hand side. Every mail sent to one of the addresses in the left column will be delivered to the corresponding account in the right column.
Edit the file mailbase/passwords
with the following:
john.doe@example.org:{PLAIN}password123
admin@example.org:{SHA256-CRYPT}$5$ojXGqoxOAygN91er$VQD/8dDyCYOaLl2yLJlRFXgl.NSrB3seZGXBRMdZAr6
To get the hash values, you can either install dovecot locally or use lxc-attach to attach to the running
container and run doveadm pw -s <scheme-name>
inside.
make run
You can build single targets, so if you dont want the webmail you can just run make dovecot
instead. The Makefile is
extremely simple, dont be afraid to look inside.
To store your mail outside the container, map /srv/vmail/
to
a directory on your host. (This is recommended, otherwise
you have to remember to backup your mail when you want to restart the container)
This is done automaticaly by
make run-all
Again, you can make run-dovecot
or run-rainloop
to only start specific containers. Look
at the Makefile to see what this does exactly. Note that you have to stop old containers
manually before invoking make, as this currently cannot be done automatically.
If you want to use owncloud, enter the public url at which owncloud can be reached (e.g. owncloud.example.org
) into the file owncloud/public_url
.
- Improve this guide
- HELO isn't set correctly, which can lead to problems with outgoing mail on some servers