maintained by ServerContainers
- 2024-09-22
- postfix tls fixes
- postfix config fixes
- added pre generated
dh4096.pemdh parameter file to speed up build time
- 2024-07-18
- dovecot ssl fixes - min version TLSv1.0
- 2023-03-21
- major upgrade (base image etc.)
- new version tagging
- github action to build container
- implemented ghcr.io as new registry
- 2021-07-28
- healthcheck will fail if certificate is 3 days or less valid or already expired
- 2021-06-04
- added healthcheck (will fail when certs are updated without container restart)
- 2020-11-05
- multiarch build
This Dockerfile (available as ghcr.io/servercontainers/mail-box) gives you a dovecot and postfix installation is meant to store mails, handle authentication and users and is based on the famous Wordaround.org - ISP Mail Tutorials
It's based on the _/debian:bullseye Image
View in GitHub Registry ghcr.io/servercontainers/mail-box
View in GitHub ServerContainers/mail-box
All the user backend SQL Statements can be modified. By default they use the default isp mail statements and database scheme.
You can specify DOCKER_REGISTRY environment variable (for example my.registry.tld)
and use the build script to build the main container and it's variants for x86_64, arm64 and arm
You'll find all images tagged like d11.6-p3.5.17-0_deb11u1-dv1_2.3.13_dfsg1-2_deb11u1 which means d<debian version>-p<postfix version (with some esacped chars)>-dv<dovecot-core version (with some esacped chars)>.
This way you can pin your installation/configuration to a certian version. or easily roll back if you experience any problems
(don't forget to open a issue in that case ;D).
To build a latest tag run ./build.sh release
OFFICIAL USER DATABASE CONFIGURATION ENVIRONMENT VARIABLES
-
DEFAULT_PASS_SCHEME
- dovecot default_pass_scheme for the password hashes (see dovecot manual)
- default: SHA512-CRYPT
- generate using:
doveadm pw -s SHA512-CRYPT
-
SQL_VIRTUAL_MAILBOX_DOMAIN
- default: SELECT 1 FROM virtual_domains WHERE name='%s'
-
SQL_VIRTUAL_MAILBOX_MAPS
- default: SELECT 1 FROM virtual_users WHERE email='%s'"
-
SQL_VIRTUAL_ALIAS_MAPS
- default: SELECT destination FROM virtual_aliases WHERE source='%s'"
-
SQL_EMAIL_TO_EMAIL
- default: SELECT email FROM virtual_users WHERE email='%s'"
-
SQL_DOVECOT_PASSWORD_QUERY
- default: SELECT email as user, password FROM virtual_users WHERE email='%u';"
OFFICIAL DATABASE ENVIRONMENT VARIABLES
- MYSQL_HOST
- default: will start internal mysql daemon
- MYSQL_USER
- no default - if null it won't start
- optional if internal mysql is used
- MYSQL_PASSWORD
- no default - if null it won't start
- optional if internal mysql is used
- MYSQL_PORT
- default: 3306 - if you use a different mysql port change it
- optional if internal mysql is used
- MYSQL_DBNAME
- default: mailserver
- optional if internal mysql is used
OFFICIAL DATABASE MANAGMENT ENVIRONMENT VARIABLES
the following variables can be used for initializing/managing the database
- ACONF_CLEAR_DB
- set this to
trueand the database gets cleared - might be used if you configure everything using envs and don't won't to keep outdated configuration
- might bringt a few seconds more downtime to the mail service
- set this to
the next one's need to be used to create a user/email, add a password hash to it and configure it's aliases
-
ACONF_USER_ACCOUNT_NAME_[...]
[...]must be replaced with an id to connect all the envs for one account together- the email address is specified in the value. e.g.:
[email protected]
-
ACONF_USER_PASSWORD_HASH_[...]
[...]must be replaced with an id to connect all the envs for one account together- the password hash is specified in the value. e.g.:
{SHA512-CRYPT}$6$asdfasdfsadfasf... - Note: for a docker compose file you need to replace each
$with a$$(then it's escaped and works)
-
ACONF_USER_ALIASES_[...]
[...]must be replaced with an id to connect all the envs for one account together- the aliases for this users email are specified (use a blank to seperate multiplte) in the value. e.g.:
[email protected] [email protected] [email protected]
OFFICIAL MAIL ENVIRONMENT VARIABLES
-
MAIL_POSTMASTER_ADDRESS
- the address to reach the postmaster (maybe you)
-
MAIL_FQDN
- specify the mailserver name - only add FQDN not a hostname!
- e.g. my.mailserver.example.com
-
POSTFIX_SMTPD_BANNER
- alter the SMTPD Banner of postfix e.g. mailserver.example.local ESMTP
-
POSTFIX_MYDESTINATION
- specify the domains which this mail-box handles
-
AUTO_TRUST_NETWORKS
- add all networks this container is connected to and trust them to send mails
- set to any value to enable
-
ADDITIONAL_MYNETWORKS
- add this specific network to the automatically trusted onces
-
MYNETWORKS
- ignore all auto configured mynetworks and replace them with this value
- overwrites networks specified in ADDITIONAL_MYNETWORKS
-
RELAYHOST
- sets postfix relayhost - please take a look at the official documentation
- The form enclosed with [] eliminates DNS MX lookups. Don't worry if you don't know what that means. Just be sure to specify the [] around the mailhub hostname that your ISP gave to you, otherwise mail may be mis-delivered.
-
POSTFIX_SSL_OUT_CERT
- path to SSL Client certificate (outgoing connections)
- default: /etc/postfix/tls/client.crt
-
POSTFIX_SSL_OUT_KEY
- path to SSL Client key (outgoing connections)
- default: /etc/postfix/tls/client.key
-
POSTFIX_SSL_OUT_SECURITY_LEVEL
- SSL security level for outgoing connections
- default: may
-
POSTFIX_SSL_IN_CERT
- path to SSL Cert/Bundle (incoming connections)
- default: /etc/postfix/tls/bundle.crt
-
POSTFIX_SSL_IN_KEY
- path to SSL Cert key (incoming connections)
- default: /etc/postfix/tls/cert.key
-
POSTFIX_SSL_IN_SECURITY_LEVEL
- SSL security level for incoming connections
- default: may
-
POSTFIX_QUEUE_LIFETIME_BOUNCE
- The maximal time a BOUNCE MESSAGE is queued before it is considered undeliverable
- By default, this is the same as the queue life time for regular mail
-
POSTFIX_QUEUE_LIFETIME_MAX
- maximum lifetime of regular (non bounce) messages
HIGH PRIORITY ENVIRONMENT VARIABLE
the following variable/s are only if you have some specific settings you need. They help you overwrite everything after the config was generated. If you can update your setting with the variables from above, it is strongly recommended to use them!
some characters might brake your configuration!
- POSTFIX_RAW_CONFIG_<POSTFIX_SETTING_NAME>
- set/edit all configurations in /etc/postfix/main.cf using the POSTFIX_RAW_CONFIG_ followed by the setting name
for example: to set mynetworks_style = subnet just add a environment variable POSTFIX_RAW_CONFIG_MYNETWORKS_STYLE=subnet
- /etc/postfix/tls
- this is where the container looks for:
- dh4096.pem (to overwrite the one generated at container build)
- rootCA.crt (to check valid client certificates against)
- client.crt (outgoing SSL Client cert)
- client.key (outgoing SSL Client key)
- bundle.crt (incoming SSL Server cert/bundle)
- cert.key (incoming SSL Server key)
- this is where the container looks for:
- /etc/postfix/additional
- this is where the container looks for:
- transport (postfix transport text-file - without been postmaped)
- header_checks (postfix header_checks regex file)
- this is where the container looks for: