# mail.netig.net Mailserver with `Docker Mailserver` and certificates managed by `Caddy`. ## Prerequisites Necessary DNS records : * netig.net MX mail.netig.net * mail.netig.net A * mail. A > Do not make AAAA record for mail. zones, otherwise your mailserver will not be able to recieve messages from Gmail (and maybe others). Get TLS certificates with Caddy and make them available through volume like this : ``` # mail.netig.net certs - ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.crt:/etc/letsencrypt/live/mail.netig.net/fullchain.pem:ro - ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.key:/etc/letsencrypt/live/mail.netig.net/privkey.pem:ro ``` ## Installation Create the `mailserver` network : ``` # nerdctl network create mailserver ``` Run the compose file : ``` # nerdctl compose up -d ``` Add the `admin` email : ``` # nerdctl exec -ti mailserver setup email add admin@netig.net ``` Make the `postmaster` alias : ``` # nerdctl exec -ti mailserver setup alias add postmaster@netig.net admin@netig.net ``` Generate DKIM key (and for any added domain in the future). ``` # nerdctl exec -ti mailserver setup config dkim ``` You can see public key with this command : ``` # cat /var/local/mail.netig.net/config/opendkim/keys/netig.net/mail.txt ``` You may paste this as it is into your DNS zone. Register also SPF : * netig.net TXT "v=spf1 mx ~all" And finaly the DMARC record : * _dmarc.netig.net TXT "v=DMARC1; p=none" Then restart Docker Mail Server : ``` # nerdctl compose down # nerdctl compose up -d ``` ## Tips To get help : ``` # nerdctl exec -ti mailserver setup help ``` Clean Fail2ban ban list : ``` # nerdctl exec -ti mailserver fail2ban-client unban --all ``` To get TLS certs (or renew) use `netig-mail-certs-get` script. # Links * https://docker-mailserver.github.io/docker-mailserver/edge