2025-01-14 18:21:19 +01:00
|
|
|
# mail.netig.net
|
|
|
|
|
|
|
|
Mailserver with `Docker Mailserver` and certificates managed by `Caddy`.
|
|
|
|
|
|
|
|
## Prerequisites
|
|
|
|
|
|
|
|
Necessary DNS records :
|
|
|
|
|
|
|
|
* netig.net MX mail.netig.net
|
|
|
|
* mail.netig.net A <IPv4>
|
|
|
|
* mail.<other_domain> A <IPv4>
|
|
|
|
|
|
|
|
> Do not make AAAA record for mail.<domain> zones, otherwise your mailserver will not be able to recieve messages from Gmail (and maybe others).
|
|
|
|
|
2025-01-14 20:03:57 +01:00
|
|
|
Also set the reverse DNS to `mail.netig.net.`.
|
|
|
|
|
2025-01-14 18:21:19 +01:00
|
|
|
Get TLS certificates with Caddy and make them available through volume like this :
|
|
|
|
```
|
|
|
|
# mail.netig.net certs
|
|
|
|
- ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.crt:/etc/letsencrypt/live/mail.netig.net/fullchain.pem:ro
|
|
|
|
- ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.key:/etc/letsencrypt/live/mail.netig.net/privkey.pem:ro
|
|
|
|
```
|
|
|
|
|
|
|
|
## Installation
|
|
|
|
|
|
|
|
Create the `mailserver` network :
|
|
|
|
```
|
|
|
|
# nerdctl network create mailserver
|
|
|
|
```
|
|
|
|
|
|
|
|
Run the compose file :
|
|
|
|
```
|
|
|
|
# nerdctl compose up -d
|
|
|
|
```
|
|
|
|
|
|
|
|
Add the `admin` email :
|
|
|
|
```
|
|
|
|
# nerdctl exec -ti mailserver setup email add admin@netig.net
|
|
|
|
```
|
|
|
|
|
|
|
|
Make the `postmaster` alias :
|
|
|
|
```
|
|
|
|
# nerdctl exec -ti mailserver setup alias add postmaster@netig.net admin@netig.net
|
|
|
|
```
|
|
|
|
|
|
|
|
Generate DKIM key (and for any added domain in the future).
|
|
|
|
```
|
|
|
|
# nerdctl exec -ti mailserver setup config dkim
|
|
|
|
```
|
|
|
|
|
|
|
|
You can see public key with this command :
|
|
|
|
```
|
|
|
|
# cat /var/local/mail.netig.net/config/opendkim/keys/netig.net/mail.txt
|
|
|
|
```
|
|
|
|
|
|
|
|
You may paste this as it is into your DNS zone.
|
|
|
|
|
|
|
|
Register also SPF :
|
|
|
|
|
|
|
|
* netig.net TXT "v=spf1 mx ~all"
|
|
|
|
|
|
|
|
And finaly the DMARC record :
|
|
|
|
|
|
|
|
* _dmarc.netig.net TXT "v=DMARC1; p=none"
|
|
|
|
|
|
|
|
Then restart Docker Mail Server :
|
|
|
|
```
|
|
|
|
# nerdctl compose down
|
|
|
|
# nerdctl compose up -d
|
|
|
|
```
|
|
|
|
|
|
|
|
## Tips
|
|
|
|
|
|
|
|
To get help :
|
|
|
|
```
|
|
|
|
# nerdctl exec -ti mailserver setup help
|
|
|
|
```
|
|
|
|
|
|
|
|
Clean Fail2ban ban list :
|
|
|
|
```
|
|
|
|
# nerdctl exec -ti mailserver fail2ban-client unban --all
|
|
|
|
```
|
|
|
|
|
|
|
|
To get TLS certs (or renew) use `netig-mail-certs-get` script.
|
|
|
|
|
|
|
|
# Links
|
|
|
|
|
|
|
|
* https://docker-mailserver.github.io/docker-mailserver/edge
|