Setting up a full-stack mail server using docker-mailserver
on a Rocky Linux 9 VPS involves several steps. This guide will walk you through the process, starting from a fresh VPS setup to running your mail server. We’ll cover setting up Docker, configuring docker-mailserver
, securing your server with SSL/TLS, and testing the mail server. This setup is suitable for small to medium-sized organizations or personal use.
Before installing any software, it’s a good practice to update your system packages.
sudo dnf update -y
sudo dnf install -y curl vim
Docker is a containerization platform, and Docker Compose is a tool for defining and running multi-container Docker applications. docker-mailserver
runs as a set of Docker containers.
sudo dnf config-manager --add-repo=https://download.docker.com/linux/centos/docker-ce.repo
sudo dnf install docker-ce docker-ce-cli containerd.io -y
sudo systemctl start docker
sudo systemctl enable docker
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-mailserver
Now, set up the docker-mailserver
on your Rocky Linux server.
docker-mailserver
and navigate into it:mkdir -p docker-mailserver && cd docker-mailserver
docker-compose.yml
file:Here is a basic configuration. You’ll need to replace yourdomain.com
with your actual domain name.
version: '3.8'
services:
mailserver:
image: mailserver/docker-mailserver:latest
hostname: mail
domainname: yourdomain.com
container_name: mailserver
ports:
- "25:25"
- "143:143"
- "587:587"
- "993:993"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- ./config/:/tmp/docker-mailserver/
environment:
- ENABLE_SPAMASSASSIN=1
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_POSTGREY=1
- ONE_DIR=1
- DMS_DEBUG=0
cap_add:
- NET_ADMIN
- SYS_PTRACE
restart: always
volumes:
maildata:
mailstate:
maillogs:
docker-compose up -d
For your mail server to function correctly, you must configure your DNS settings properly.
@ IN MX 10 mail.yourdomain.com.
mail.yourdomain.com
pointing to your VPS IP.You can use Let’s Encrypt to get free SSL/TLS certificates.
sudo dnf install certbot -y
sudo certbot certonly --standalone -d mail.yourdomain.com
docker-mailserver
to use the certificates:Copy the certificates to the docker-mailserver
configuration directory and adjust the permissions.
docker-compose.yml
to use the certificates.This guide provides a starting point for setting up a full-stack mail server using docker-mailserver
. Depending on your specific needs, you may need to customize your setup further, including advanced security measures, configuring additional mail protocols, or integrating with external services.
Continuing from where we left off, let’s delve into some of the additional configurations, advanced security measures, and best practices to ensure your docker-mailserver
is robust, secure, and efficient.
DomainKeys Identified Mail (DKIM) helps prevent email spoofing. docker-mailserver
supports DKIM out of the box.
docker-compose exec mailserver setup.sh config dkim
After generating the DKIM keys, add them to your DNS settings as specified by the docker-mailserver
setup output.
Sieve is a powerful scripting language for filtering incoming email. To use Sieve scripts:
ENABLE_MANAGESIEVE=1
to the environment
section of your docker-compose.yml
.To prevent abuse, consider implementing rate limiting on port 25 (SMTP). This can be achieved through your VPS provider’s firewall settings or using custom iptables rules.
Although docker-mailserver
enables Fail2Ban by default, you can customize its configuration to better suit your needs:
docker-compose exec mailserver bash
cd /etc/fail2ban
/etc/fail2ban/jail.local
.To access your email, configure your email client with the following settings:
mail.yourdomain.com
993
mail.yourdomain.com
587
Regular backups are crucial. To back up your docker-mailserver
, consider the following strategy:
docker-compose
to stop your services and copy the volumes to a backup location.cron
or a similar scheduler.Monitoring your mail server is key to maintaining its health and performance.
docker-compose logs -f mailserver
Setting up and maintaining a full-stack mail server using docker-mailserver
on Rocky Linux 9 requires careful planning, ongoing maintenance, and regular security assessments. By following this guide, you’ve taken a significant step toward having a private, secure, and fully-functional mail server. Remember, the email landscape constantly evolves, so stay informed about best practices and security updates to ensure your server remains robust and secure.
docker-mailserver
itself does not provide a web-based login interface for checking email directly. It is a backend service that manages email delivery, receiving, and other server-side functionalities. For accessing emails, you typically need an email client that supports IMAP/SMTP protocols, such as Thunderbird, Microsoft Outlook, or mobile email apps.
However, if you’re looking for a webmail interface to use with docker-mailserver
, you can integrate it with third-party webmail applications. Popular choices include:
Integrating a webmail client with docker-mailserver
involves setting up the webmail application in a separate Docker container or on a separate server, and then configuring it to connect to your mail server using the appropriate IMAP and SMTP settings. Here’s a general approach using Roundcube as an example:
http://your-roundcube-instance/installer
). Follow the setup instructions, ensuring you input the correct IMAP and SMTP settings to connect to your docker-mailserver
instance.webmail.yourdomain.com
), ensure you have an A record pointing to the correct IP address.When integrating a webmail client with docker-mailserver
, keep the following security considerations in mind:
docker-mailserver
and your webmail application to protect against vulnerabilities.By following these guidelines, you can successfully integrate a webmail client with docker-mailserver
, providing a convenient interface for users to access their email from a web browser.
Integrating Let’s Encrypt with docker-mailserver
to secure your email communication with SSL/TLS certificates involves several steps. This guide will show you how to obtain and renew Let’s Encrypt certificates and configure docker-mailserver
to use them.
We’ll use Certbot, the recommended Let’s Encrypt client, for obtaining certificates. Since docker-mailserver
does not natively handle SSL certificates, we will manually set up the certificates and ensure they’re correctly mounted and recognized by the mail server.
docker-mailserver
setup and runningsudo dnf install epel-release -y
sudo dnf install certbot -y
mail.yourdomain.com
with your actual domain. sudo certbot certonly --standalone -d mail.yourdomain.com
The --standalone
option runs a temporary web server on your host to complete the domain validation process. Make sure that no other service (like Nginx or Apache) is using port 80 or 443.
/etc/letsencrypt/live/mail.yourdomain.com/
. Note this location as you’ll need it for the next steps.docker-mailserver
to Use SSL/TLS CertificatesTo use the SSL/TLS certificates with docker-mailserver
, you need to make them accessible inside the container.
docker-compose.yml
:docker-compose.yml
to mount the Let’s Encrypt certificate directory to the container. Add the following under the volumes
section of the mailserver
service: - /etc/letsencrypt/live/mail.yourdomain.com/fullchain.pem:/tmp/ssl/cert/fullchain.pem:ro
- /etc/letsencrypt/live/mail.yourdomain.com/privkey.pem:/tmp/ssl/private/privkey.pem:ro
Your docker-compose.yml
file should now include these lines under the mailserver
service.
docker-compose.yml
to specify the SSL certificate paths inside the container. Add these lines to the environment
section of the mailserver
service: - SSL_TYPE=manual
- SSL_CERT_PATH=/tmp/ssl/cert/fullchain.pem
- SSL_KEY_PATH=/tmp/ssl/private/privkey.pem
After configuring the SSL/TLS certificates, apply the changes by restarting the docker-mailserver
container.
docker-compose down
docker-compose up -d
Let’s Encrypt certificates are valid for 90 days. Use a cron job to automate the renewal process.
sudo crontab -e
docker-mailserver
:Add the following line to renew the certificates every two months automatically and reload the docker-mailserver
to apply the renewed certificates: 0 0 1 */2 * certbot renew --quiet && docker-compose -f /path/to/your/docker-compose.yml down && docker-compose -f /path/to/your/docker-compose.yml up -d
Replace /path/to/your/docker-compose.yml
with the actual path to your docker-compose.yml
file.
You have now configured Let’s Encrypt SSL/TLS certificates with your docker-mailserver
, enhancing the security of your email communications. Remember to check the logs after the first automated renewal to ensure everything is working as expected.
This article will show you 4 quick steps to install CloudPanel on Debian 11 VPS Server. What is CloudPanel? CloudPanel… Read More
Docker has revolutionized the software development industry by making it possible to package applications into containers. This guide provides 7… Read More
This article illustrates 5 benefits of installing Webuzo control panel on VPS server for server administrators. Virtual Private Servers (VPS)… Read More
When comparing hosting services, it is helpful to be able to answer the question, "What is the difference between managed… Read More
You can now change your WordPress site admin password through Softaculous WordPress Manager Read More
In this tutorial we are going to show you in step-by-step detail how to install Gitlab on AlmaLinux 9 OS.… Read More