2025-01-14 19:56:54 +01:00
2025-01-14 19:56:54 +01:00
2025-01-14 18:21:19 +01:00
2025-01-14 19:22:33 +01:00
2025-01-14 18:21:19 +01:00

mail.netig.net

Mailserver with Docker Mailserver and certificates managed by Caddy.

Prerequisites

Necessary DNS records :

  • netig.net MX mail.netig.net
  • mail.netig.net A
  • mail.<other_domain> A

Do not make AAAA record for mail. zones, otherwise your mailserver will not be able to recieve messages from Gmail (and maybe others).

Get TLS certificates with Caddy and make them available through volume like this :

      # mail.netig.net certs
      - ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.crt:/etc/letsencrypt/live/mail.netig.net/fullchain.pem:ro
      - ../caddy/volumes/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.netig.net/mail.netig.net.key:/etc/letsencrypt/live/mail.netig.net/privkey.pem:ro

Installation

Create the mailserver network :

# nerdctl network create mailserver

Run the compose file :

# nerdctl compose up -d

Add the admin email :

# nerdctl exec -ti mailserver setup email add admin@netig.net

Make the postmaster alias :

# nerdctl exec -ti mailserver setup alias add postmaster@netig.net admin@netig.net

Generate DKIM key (and for any added domain in the future).

# nerdctl exec -ti mailserver setup config dkim

You can see public key with this command :

# cat /var/local/mail.netig.net/config/opendkim/keys/netig.net/mail.txt

You may paste this as it is into your DNS zone.

Register also SPF :

  • netig.net TXT "v=spf1 mx ~all"

And finaly the DMARC record :

  • _dmarc.netig.net TXT "v=DMARC1; p=none"

Then restart Docker Mail Server :

# nerdctl compose down
# nerdctl compose up -d

Tips

To get help :

# nerdctl exec -ti mailserver setup help

Clean Fail2ban ban list :

# nerdctl exec -ti mailserver fail2ban-client unban --all

To get TLS certs (or renew) use netig-mail-certs-get script.

Links

Description
No description provided
Readme 55 KiB