update DNS conf

README.md

@@ -1,27 +1,71 @@
 # DOCKER MAIL SERVER (DMS)
 
-Héberger sa boîte mail sur son serveur
+Héberger sa boîte mail sur son serveur grâce à [Docker Mail Server](https://github.com/docker-mailserver/docker-mailserver)
 
 ## PRE REQUIS :paperclip:
 
 - Docker + compose plugin
-- Nom de domaine
+- Nom de domaine (ici exemple.com)
+- Le port 25 ouvert par son FAI (pas Free !)
 
 ## CONFIGURER :wrench:
 
+#### DNS
+
 - mailserver.env
+```env
+MAIL_DNS=mail.exemple.com
+POSTMASTER_ADDRESS=
+```
 
-- ISP
+- Créer les DNS suivant:
-
+    - A record:
-- compose.yml
+    ```
-
+    # mail.exemple.com point sur <IP_SERVER>
-## USAGE :rocket:
+    mail 10800 IN A <IP_SERVER>
+    ```
+    - MX record:
+    ```
+    # ne pas oublier le point à la fin !!!
+    @ 10800 IN MX 10 mail.exemple.com.
+    ```
+    - TXT record (ancien SPF deprécié):
+    ```
+    @ 10800 IN TXT "v=spf1 ip4:<IP_SERVER> ~all"
+    ```
+    - TXT record (DMARC)
+    ```
+    _dmarc 10800 IN TXT "v=DMARC1; p=quarantine; sp=reject; rua=mailto:reports@exemple.com; ruf=mailto:forensics@xemple.com; fo=1"
+    ```
+    - CNAME record (autodiscover conf du server)
+    ```
+    autodiscover 10800 IN CNAME mail.exemple.com
+    ```
+#### ENVS
 
 - Lancer la stack:
-```yml
+```bash
 docker compose up -d
 ```
 
+- Créer une adresse mail:
+```bash
+
+```
+
+- Créer les clefs DKIM:
+```bash
+
+```
+
+- Reporter les datas dans un 
+
+Relancer la stack pour valider l'usage des clefs DKIM:
+```bash
+docker compose down && docker compose up -d
+```
+
 ## DOCUMENTATION :books:
 
-[USAGE](https://docker-mailserver.github.io/docker-mailserver/latest/usage/)
+- [DNS]()
+- [DMS](https://docker-mailserver.github.io/docker-mailserver/latest/usage/)

compose.yml

@@ -2,28 +2,25 @@ services:
   mailserver:
     image: ghcr.io/docker-mailserver/docker-mailserver:latest
     container_name: mailserver
-    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
+    hostname: ${MAIL_DNS}
-    hostname: mail.example.com
     env_file: mailserver.env
-    # More information about the mail-server ports:
-    # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
     ports:
-      - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
+      - "25:25" 
-      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
+      - "143:143"
-      - "465:465"  # ESMTP (implicit TLS)
+      - "465:465"
-      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
+      - "587:587"
-      - "993:993"  # IMAP4 (implicit TLS)
+      - "993:993"
     volumes:
       - ./docker-data/dms/mail-data/:/var/mail/
       - ./docker-data/dms/mail-state/:/var/mail-state/
       - ./docker-data/dms/mail-logs/:/var/log/mail/
       - ./docker-data/dms/config/:/tmp/docker-mailserver/
+      - ./docker-data/certbot/certs/:/etc/letsencrypt
       - /etc/localtime:/etc/localtime:ro
     restart: always
     stop_grace_period: 1m
-    # Uncomment if using `ENABLE_FAIL2BAN=1`:
+    cap_add:
-    # cap_add:
+      - NET_ADMIN
-    #   - NET_ADMIN
     healthcheck:
       test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
       timeout: 3s

mailserver.env

@@ -11,6 +11,7 @@
 
 # empty => uses the `hostname` command to get the mail server's canonical hostname
 # => Specify a fully-qualified domainname to serve mail for.  This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
+MAIL_DNS=mail.exemple.com
 OVERRIDE_HOSTNAME=
 
 # REMOVED in version v11.0.0! Use LOG_LEVEL instead.
@@ -44,7 +45,7 @@ ACCOUNT_PROVISIONER=
 
 # empty => postmaster@domain.com
 # => Specify the postmaster address
-POSTMASTER_ADDRESS=
+POSTMASTER_ADDRESS=postmaster@exemple.com
 
 # Check for updates on container start and then once a day
 # If an update is available, a mail is sent to POSTMASTER_ADDRESS
@@ -68,7 +69,7 @@ UPDATE_CHECK_INTERVAL=1d
 # host => Add docker container network (ipv4 only)
 # network => Add all docker container networks (ipv4 only)
 # connected-networks => Add all connected docker networks (ipv4 only)
-PERMIT_DOCKER=none
+PERMIT_DOCKER=network
 
 # Set the timezone. If this variable is unset, the container runtime will try to detect the time using
 # `/etc/localtime`, which you can alternatively mount into the container. The value of this variable
@@ -90,7 +91,7 @@ TLS_LEVEL=
 #
 # **0** => (not recommended) Mail address spoofing allowed. Any logged in user may create email messages with a forged sender address (see also https://en.wikipedia.org/wiki/Email_spoofing).
 # 1 => Mail spoofing denied. Each user may only send with their own or their alias addresses. Addresses with extension delimiters(http://www.postfix.org/postconf.5.html#recipient_delimiter) are not able to send messages.
-SPOOF_PROTECTION=
+SPOOF_PROTECTION=1
 
 # Enables the Sender Rewriting Scheme. SRS is needed if your mail server acts as forwarder. See [postsrsd](https://github.com/roehling/postsrsd/blob/master/README.md#sender-rewriting-scheme-crash-course) for further explanation.
 #  - **0** => Disabled
@@ -128,7 +129,7 @@ ENABLE_IMAP=1
 # Enables ClamAV, and anti-virus scanner.
 #   1   => Enabled
 # **0** => Disabled
-ENABLE_CLAMAV=0
+ENABLE_CLAMAV=1
 
 # Add the value of this ENV as a prefix to the mail subject when spam is detected.
 # NOTE: This subject prefix may be redundant (by default spam is delivered to a junk folder).
@@ -211,7 +212,7 @@ ENABLE_DNSBL=0
 #    cap_add:
 #      - NET_ADMIN
 # Otherwise, `nftables` won't be able to ban IPs.
-ENABLE_FAIL2BAN=0
+ENABLE_FAIL2BAN=1
 
 # Fail2Ban blocktype
 # drop   => drop packet (send NO reply)
@@ -238,7 +239,7 @@ SMTP_ONLY=
 # custom => Enables custom certificates
 # manual => Let's you manually specify locations of your SSL certificates for non-standard cases
 # self-signed => Enables self-signed certificates
-SSL_TYPE=
+SSL_TYPE=letsencrypt
 
 # These are only supported with `SSL_TYPE=manual`.
 # Provide the path to your cert and key files that you've mounted access to within the container.