Self-hosting Email Server in 2021
A short guide to setup catch-all docker-mail-server, an all-in-one mail server.
All-in-one Server
As of writing, latest release tag is v10.0.0
:
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/docker-compose.yml
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/mailserver.env
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/setup.sh
For example my catch-all address is catch@mail.ahxxm.com
, edit docker-compose.yml
:
hostname
:mail
domainname
:ahxxm.com
hostname + domainname = @domain.tld
.
DNS
Add A record hostname+domainname
to your server.
Then Setup DKIM:
./setup.sh config dkim
cat config/opendkim/keys/domain.tld/mail.txt
DMARC seems to be a global setting, not sure if it will affect other managed email services..
SPF record is deprecated.
SSL
The server currently only supports RSA certificates, but caddy
gets EC ones by default.
Assuming you have valid certificates, mount them into container by appending to docker-compose.yml::volumes
:
volumes:
# ...
- mail.domain.com.crt:/mail.crt:ro
- mail.domain.com.key:/mail.key:ro
Then update mailserver.env
:
SSL_TYPE=manual
SSL_CERT_PATH=/mail.crt
SSL_KEY_PATH=/mail.key
Email Account, Catch-all
# add account
./setup.sh email add catch@mail.ahxxm.com "#t%+bscw??eft?xcz"
# catch all: https://github.com/docker-mailserver/docker-mailserver/issues/516#issuecomment-278750255
# echo "@domain.tld prefix@domain.tld" >> config/postfix-virtual.cf
echo "@mail.ahxxm.com catch@mail.ahxxm.com" >> config/postfix-virtual.cf
This will trigger hot reload, unlike env updates.
Now the service is ready:
docker-compose up -d --remove-orphans
Optional: Backup
Email data resides in data/
(in plain text, classified by domain and account), tarsnap
to backup encrypted content incrementally.
Other files and directories are all configurations, git
to trace changes.
Optional Configurations(That I care)
SPOOF_PROTECTION=
: disable to send email from arbitrary addressENABLE_CLAMAV=1
ENABLE_AMAVIS=1
ENABLE_SPAMASSASSIN=1
: remove startup warningsPOSTFIX_MESSAGE_SIZE_LIMIT=1024000000
: increase from 10MB to 1GB.POSTFIX_INET_PROTOCOLS=ipv4
: “Most likely you want this behind Docker.”
Optional: SMTP relay service
My VPS provider blocks outbound traffic to port 25, so a relay service is needed. According to docs, 4 env args will be needed.
Enabling “production access” on AWS SES can be annoying, but the simplicity pays back:
- verify sender address here
- fill 4
RELAY_
values at the end ofmailserver.env
, get them from SMTP settings, port587
works for me.
Sadly SES blocks unverified sender address..