# mail.netig.net Mailserver with `Docker Mailserver` and certificates managed by `Caddy`. ## Prerequisites Necessary DNS records : * netig.net MX mail.netig.net * mail.netig.net A * mail. A > Do not make AAAA record for mail. zones, otherwise your mailserver will not be able to recieve messages from Gmail (and maybe others). Also set the reverse DNS to `mail.netig.net.`. Get TLS certificates with Caddy and make them available through volume like this : ``` # mail.netig.net certs - ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.crt:/etc/letsencrypt/live/mail.netig.net/fullchain.pem:ro - ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.key:/etc/letsencrypt/live/mail.netig.net/privkey.pem:ro ``` ## Installation Create the `mailserver` network : ``` # nerdctl network create mailserver ``` Run the compose file : ``` # nerdctl compose up -d ``` Add the `admin` email : ``` # nerdctl exec -ti mailserver setup email add admin@netig.net ``` Make the `postmaster` alias : ``` # nerdctl exec -ti mailserver setup alias add postmaster@netig.net admin@netig.net ``` Generate DKIM key (and for any added domain in the future). ``` # nerdctl exec -ti mailserver setup config dkim ``` You can see public key with this command : ``` # cat /var/local/mail.netig.net/config/opendkim/keys/netig.net/mail.txt ``` You may paste this as it is into your DNS zone. Register also SPF : * netig.net TXT "v=spf1 mx ~all" And finaly the DMARC record : * _dmarc.netig.net TXT "v=DMARC1; p=none" Then restart Docker Mail Server : ``` # nerdctl compose down # nerdctl compose up -d ``` ## Tips To get help : ``` # nerdctl exec -ti mailserver setup help ``` Clean Fail2ban ban list : ``` # nerdctl exec -ti mailserver fail2ban-client unban --all ``` To get TLS certs (or renew) use `netig-mail-certs-get` script. # Links * https://docker-mailserver.github.io/docker-mailserver/edge