Initial version of email solution
- Core
- ESMTP Server
- POSTFIX : a modular mail transfer agent.
- IMAP Server and POP Server
- DOVECOT : secure open-source IMAP and POP3 server.
- Scalable Storage Architecture for Permanently Archived email
- MAILPILER : open source email archiving solution.
- Virus and Malware Scanning Tool
- CLAMAV : open source mail gateway scanning software with automatic updates and third-party signature databases.
- Spam Filtering Tool
- RSPAMD : advanced spam filtering system with SPF, DKIM, DMARC DNS black lists, URL black lists , Greylisting capabilities
- Mailing List Capability
- Supported by Postfix alias. Can be managed through POSTFIXADMIN web interface
- Mail Signing and Encryption
- ZEYPLE :automatic GPG encryption to email server
- ESMTP Server
- Email Anti-Spoofing
- SPF
- Need to set a DNS txt Record
- DKIM
- DKIM Signing done through Rspamd
- DMARC
- DMARC done through Rspamd
- SPF
- Email Clients
- Support for LDAP and SSO
- TBD
Make sure any other application does not use ports that we are going to listen to
$ netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190|11334'
Unblock following ports
Service | Software | Protocol | Port |
---|---|---|---|
SMTP | Postfix | TCP | 25 |
HTTP | Nginx | TCP | 80 |
POP3 | Dovecot | TCP | 110 |
IMAP | Dovecot | TCP | 143 |
HTTPS | Nginx | TCP | 443 |
SMTPS | Postfix | TCP | 465 |
Submission | Postfix | TCP | 587 |
IMAPS | Dovecot | TCP | 993 |
POP3S | Dovecot | TCP | 995 |
ManageSieve | Dovecot | TCP | 4190 |
HTTP | Rspamd | TCP | 11334 |
Setup these DNS records on your DNS Server
HOSTNAME | CLASS | TYPE | PRIORITY | VALUE |
---|---|---|---|---|
IN | A/AAAA | any | Your Server IP ex:(1.1.1.1) | |
imap | IN | CNAME | any | mail.domain.tld. |
smtp | IN | CNAME | any | mail.domain.tld. |
webmail | IN | CNAME | any | mail.domain.tld. |
postfixadmin | IN | CNAME | any | mail.domain.tld. |
@ | IN | MX | 10 | mail.domain.tld. |
@ | IN | TXT | any | "v=spf1 a mx ip4:SERVER_IPV4 ~all" |
2018._domainkey | IN | TXT | any | "v=DKIM1; k=rsa; p=Your DKIM Public Key" |
_dmarc | IN | TXT | any | "v=DMARC1; p=reject; rua=mailto:postmaster@domain.tld; ruf=mailto:admin@domain.tld; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject" |
Your DKIM Public Key will be printed in the logs of your emailserver container or you can manually find it by running
$ docker exec emailserver cat /var/lib/rspamd/dkim/2018.txt
- Clone this Repository
$ git clone git@github.com:prabod/email-solution.git
-
Edit .env file to replicate your settings
-
Create external Docker Network
$ docker network create reverse-proxy
Run the system and start all services by :
$ docker-compose up -d
-
PostfixAdmin to manage Domains and Mailboxes
- Direct your web browser to postfixadmin.domain.tld/setup.php
- Enter a Setup Password
- Append the generated hash to the config file
$ docker exec -it postfixadmin /bin/setup_password.sh
- Add Admin account
- Add Domains and Mailboxes
-
Access Webmail
- Direct your web browser to webmail.domain.tld/?admin
- Default login is "admin", password is "12345"
- Setup IMAP and SMTP accounts
-
Access Rspamd WebUI
- Direct your web browser to mail.domain.tld:11334
- Login using the password mentioned in the .env file
-
Setup Desktop / Mobile Clients
- IMAP Server : imap.domain.tld
- IMAP Port : 993
- SMTP Server : smtp.domain.tld
- SMTP Port : 465
- Encryption : SSL/TLS
- Username : user@domain.tld
- To support signing and encryption install
- openkeychain alongside with K9 on Android.
- Enigmail Plugin for Thunderbird
- Encryptomatic Plugin for Outlook