2.0 KiB
2.0 KiB
mail.netig.net
Mailserver with Docker Mailserver and certificates managed by Caddy.
Prerequisites
Necessary DNS records :
- netig.net MX mail.netig.net
- mail.netig.net A
- mail.<other_domain> A
Do not make AAAA record for mail. zones, otherwise your mailserver will not be able to recieve messages from Gmail (and maybe others).
Get TLS certificates with Caddy and make them available through volume like this :
# mail.netig.net certs
- ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.crt:/etc/letsencrypt/live/mail.netig.net/fullchain.pem:ro
- ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.key:/etc/letsencrypt/live/mail.netig.net/privkey.pem:ro
Installation
Create the mailserver network :
# nerdctl network create mailserver
Run the compose file :
# nerdctl compose up -d
Add the admin email :
# nerdctl exec -ti mailserver setup email add admin@netig.net
Make the postmaster alias :
# nerdctl exec -ti mailserver setup alias add postmaster@netig.net admin@netig.net
Generate DKIM key (and for any added domain in the future).
# nerdctl exec -ti mailserver setup config dkim
You can see public key with this command :
# cat /var/local/mail.netig.net/config/opendkim/keys/netig.net/mail.txt
You may paste this as it is into your DNS zone.
Register also SPF :
- netig.net TXT "v=spf1 mx ~all"
And finaly the DMARC record :
- _dmarc.netig.net TXT "v=DMARC1; p=none"
Then restart Docker Mail Server :
# nerdctl compose down
# nerdctl compose up -d
Tips
To get help :
# nerdctl exec -ti mailserver setup help
Clean Fail2ban ban list :
# nerdctl exec -ti mailserver fail2ban-client unban --all
To get TLS certs (or renew) use netig-mail-certs-get script.