first commit
This commit is contained in:
julien
86
README.md
Normal file
86
README.md
Normal file
@@ -0,0 +1,86 @@
|
||||
# mail.netig.net
|
||||
|
||||
Mailserver with `Docker Mailserver` and certificates managed by `Caddy`.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
Necessary DNS records :
|
||||
|
||||
* netig.net MX mail.netig.net
|
||||
* mail.netig.net A <IPv4>
|
||||
* mail.<other_domain> A <IPv4>
|
||||
|
||||
> Do not make AAAA record for mail.<domain> zones, otherwise your mailserver will not be able to recieve messages from Gmail (and maybe others).
|
||||
|
||||
Get TLS certificates with Caddy and make them available through volume like this :
|
||||
```
|
||||
# mail.netig.net certs
|
||||
- ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.crt:/etc/letsencrypt/live/mail.netig.net/fullchain.pem:ro
|
||||
- ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.key:/etc/letsencrypt/live/mail.netig.net/privkey.pem:ro
|
||||
```
|
||||
|
||||
## Installation
|
||||
|
||||
Create the `mailserver` network :
|
||||
```
|
||||
# nerdctl network create mailserver
|
||||
```
|
||||
|
||||
Run the compose file :
|
||||
```
|
||||
# nerdctl compose up -d
|
||||
```
|
||||
|
||||
Add the `admin` email :
|
||||
```
|
||||
# nerdctl exec -ti mailserver setup email add admin@netig.net
|
||||
```
|
||||
|
||||
Make the `postmaster` alias :
|
||||
```
|
||||
# nerdctl exec -ti mailserver setup alias add postmaster@netig.net admin@netig.net
|
||||
```
|
||||
|
||||
Generate DKIM key (and for any added domain in the future).
|
||||
```
|
||||
# nerdctl exec -ti mailserver setup config dkim
|
||||
```
|
||||
|
||||
You can see public key with this command :
|
||||
```
|
||||
# cat /var/local/mail.netig.net/config/opendkim/keys/netig.net/mail.txt
|
||||
```
|
||||
|
||||
You may paste this as it is into your DNS zone.
|
||||
|
||||
Register also SPF :
|
||||
|
||||
* netig.net TXT "v=spf1 mx ~all"
|
||||
|
||||
And finaly the DMARC record :
|
||||
|
||||
* _dmarc.netig.net TXT "v=DMARC1; p=none"
|
||||
|
||||
Then restart Docker Mail Server :
|
||||
```
|
||||
# nerdctl compose down
|
||||
# nerdctl compose up -d
|
||||
```
|
||||
|
||||
## Tips
|
||||
|
||||
To get help :
|
||||
```
|
||||
# nerdctl exec -ti mailserver setup help
|
||||
```
|
||||
|
||||
Clean Fail2ban ban list :
|
||||
```
|
||||
# nerdctl exec -ti mailserver fail2ban-client unban --all
|
||||
```
|
||||
|
||||
To get TLS certs (or renew) use `netig-mail-certs-get` script.
|
||||
|
||||
# Links
|
||||
|
||||
* https://docker-mailserver.github.io/docker-mailserver/edge
|
||||
Reference in New Issue
Block a user