diff --git a/README.md b/README.md index 33a9634..0deed7b 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,71 @@ # DOCKER MAIL SERVER (DMS) -Héberger sa boîte mail sur son serveur +Héberger sa boîte mail sur son serveur grâce à [Docker Mail Server](https://github.com/docker-mailserver/docker-mailserver) ## PRE REQUIS :paperclip: - Docker + compose plugin -- Nom de domaine +- Nom de domaine (ici exemple.com) +- Le port 25 ouvert par son FAI (pas Free !) ## CONFIGURER :wrench: +#### DNS + - mailserver.env +```env +MAIL_DNS=mail.exemple.com +POSTMASTER_ADDRESS= +``` -- ISP - -- compose.yml - -## USAGE :rocket: +- Créer les DNS suivant: + - A record: + ``` + # mail.exemple.com point sur + mail 10800 IN A + ``` + - MX record: + ``` + # ne pas oublier le point à la fin !!! + @ 10800 IN MX 10 mail.exemple.com. + ``` + - TXT record (ancien SPF deprécié): + ``` + @ 10800 IN TXT "v=spf1 ip4: ~all" + ``` + - TXT record (DMARC) + ``` + _dmarc 10800 IN TXT "v=DMARC1; p=quarantine; sp=reject; rua=mailto:reports@exemple.com; ruf=mailto:forensics@xemple.com; fo=1" + ``` + - CNAME record (autodiscover conf du server) + ``` + autodiscover 10800 IN CNAME mail.exemple.com + ``` +#### ENVS - Lancer la stack: -```yml +```bash docker compose up -d ``` +- Créer une adresse mail: +```bash + +``` + +- Créer les clefs DKIM: +```bash + +``` + +- Reporter les datas dans un + +Relancer la stack pour valider l'usage des clefs DKIM: +```bash +docker compose down && docker compose up -d +``` + ## DOCUMENTATION :books: -[USAGE](https://docker-mailserver.github.io/docker-mailserver/latest/usage/) \ No newline at end of file +- [DNS]() +- [DMS](https://docker-mailserver.github.io/docker-mailserver/latest/usage/) \ No newline at end of file diff --git a/compose.yml b/compose.yml index 239e4bc..2bc4394 100644 --- a/compose.yml +++ b/compose.yml @@ -2,28 +2,25 @@ services: mailserver: image: ghcr.io/docker-mailserver/docker-mailserver:latest container_name: mailserver - # Provide the FQDN of your mail server here (Your DNS MX record should point to this value) - hostname: mail.example.com + hostname: ${MAIL_DNS} env_file: mailserver.env - # More information about the mail-server ports: - # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/ ports: - - "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead) - - "143:143" # IMAP4 (explicit TLS => STARTTLS) - - "465:465" # ESMTP (implicit TLS) - - "587:587" # ESMTP (explicit TLS => STARTTLS) - - "993:993" # IMAP4 (implicit TLS) + - "25:25" + - "143:143" + - "465:465" + - "587:587" + - "993:993" volumes: - ./docker-data/dms/mail-data/:/var/mail/ - ./docker-data/dms/mail-state/:/var/mail-state/ - ./docker-data/dms/mail-logs/:/var/log/mail/ - ./docker-data/dms/config/:/tmp/docker-mailserver/ + - ./docker-data/certbot/certs/:/etc/letsencrypt - /etc/localtime:/etc/localtime:ro restart: always stop_grace_period: 1m - # Uncomment if using `ENABLE_FAIL2BAN=1`: - # cap_add: - # - NET_ADMIN + cap_add: + - NET_ADMIN healthcheck: test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1" timeout: 3s diff --git a/mailserver.env b/mailserver.env index 7fa9efa..d5c15a3 100644 --- a/mailserver.env +++ b/mailserver.env @@ -11,6 +11,7 @@ # empty => uses the `hostname` command to get the mail server's canonical hostname # => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable. +MAIL_DNS=mail.exemple.com OVERRIDE_HOSTNAME= # REMOVED in version v11.0.0! Use LOG_LEVEL instead. @@ -44,7 +45,7 @@ ACCOUNT_PROVISIONER= # empty => postmaster@domain.com # => Specify the postmaster address -POSTMASTER_ADDRESS= +POSTMASTER_ADDRESS=postmaster@exemple.com # Check for updates on container start and then once a day # If an update is available, a mail is sent to POSTMASTER_ADDRESS @@ -68,7 +69,7 @@ UPDATE_CHECK_INTERVAL=1d # host => Add docker container network (ipv4 only) # network => Add all docker container networks (ipv4 only) # connected-networks => Add all connected docker networks (ipv4 only) -PERMIT_DOCKER=none +PERMIT_DOCKER=network # Set the timezone. If this variable is unset, the container runtime will try to detect the time using # `/etc/localtime`, which you can alternatively mount into the container. The value of this variable @@ -90,7 +91,7 @@ TLS_LEVEL= # # **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing). # 1 => Mail spoofing denied. Each user may only send with their own or their alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages. -SPOOF_PROTECTION= +SPOOF_PROTECTION=1 # Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation. # - **0** => Disabled @@ -128,7 +129,7 @@ ENABLE_IMAP=1 # Enables ClamAV, and anti-virus scanner. # 1 => Enabled # **0** => Disabled -ENABLE_CLAMAV=0 +ENABLE_CLAMAV=1 # Add the value of this ENV as a prefix to the mail subject when spam is detected. # NOTE: This subject prefix may be redundant (by default spam is delivered to a junk folder). @@ -211,7 +212,7 @@ ENABLE_DNSBL=0 # cap_add: # - NET_ADMIN # Otherwise, `nftables` won't be able to ban IPs. -ENABLE_FAIL2BAN=0 +ENABLE_FAIL2BAN=1 # Fail2Ban blocktype # drop => drop packet (send NO reply) @@ -238,7 +239,7 @@ SMTP_ONLY= # custom => Enables custom certificates # manual => Let's you manually specify locations of your SSL certificates for non-standard cases # self-signed => Enables self-signed certificates -SSL_TYPE= +SSL_TYPE=letsencrypt # These are only supported with `SSL_TYPE=manual`. # Provide the path to your cert and key files that you've mounted access to within the container.