前言
之前是基于企业微信搭建了自己的邮件服务,现在想独立搭建一个邮件服务,选择后最终考虑基于docker-mailserver
进行搭建,一路坎坷,就当踩坑学习了吧,虽然最后通过中转实现了正常发送,不过感觉还是很坑,国内的厂商一般都禁用了25端口,所以真的要用的话要记得申请下;
网站名称:https://console.cloud.tencent.com/secctrl
仓库:https://github.com/docker-mailserver/docker-mailserver
文档:https://docker-mailserver.github.io/docker-mailserver/latest/
内容
克隆项目
$ git clone https://github.com/docker-mailserver/docker-mailserver.git
$ cd docker-mailserver
修改配置
让我们来调整下compose.yaml
的配置,修改hostname
并增加POP3
相关的配置;
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.oyo.cool
env_file: mailserver.env
# More information about the mail-server ports:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
- "110:110" # POP3
- "995:995" # POP3 (with TLS)
volumes:
- /usr/local/nginx/conf/ssl/:/usr/local/nginx/conf/ssl/
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
restart: always
stop_grace_period: 1m
# Uncomment if using `ENABLE_FAIL2BAN=1`:
# cap_add:
# - NET_ADMIN
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
修改mailserver.env
,这个配置完整的内容,有点多,所以这里查看的时候可以过滤下,详细的介绍可查看配置文件文档;
$ cat mailserver.env | grep -v '^#' | grep -v '^$'
OVERRIDE_HOSTNAME=
DMS_DEBUG=0
LOG_LEVEL=info
SUPERVISOR_LOGLEVEL=
DMS_VMAIL_UID=
DMS_VMAIL_GID=
ACCOUNT_PROVISIONER=
POSTMASTER_ADDRESS=me@oyo.cool
ENABLE_UPDATE_CHECK=1
UPDATE_CHECK_INTERVAL=1d
PERMIT_DOCKER=none
TZ=
NETWORK_INTERFACE=
TLS_LEVEL=
SPOOF_PROTECTION=
ENABLE_SRS=0
ENABLE_OPENDKIM=1
ENABLE_OPENDMARC=1
ENABLE_POLICYD_SPF=1
ENABLE_POP3=1
ENABLE_IMAP=1
ENABLE_CLAMAV=0
SPAM_SUBJECT=
ENABLE_RSPAMD=0
ENABLE_RSPAMD_REDIS=0
RSPAMD_LEARN=1
RSPAMD_CHECK_AUTHENTICATED=0
RSPAMD_GREYLISTING=1
RSPAMD_HFILTER=1
RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6
RSPAMD_NEURAL=0
ENABLE_AMAVIS=1
AMAVIS_LOGLEVEL=0
ENABLE_DNSBL=0
ENABLE_FAIL2BAN=0
FAIL2BAN_BLOCKTYPE=drop
ENABLE_MANAGESIEVE=
POSTSCREEN_ACTION=enforce
SMTP_ONLY=
SSL_TYPE=custom
SSL_CERT_PATH=/usr/local/nginx/conf/ssl/mail.oyo.cool.crt
SSL_KEY_PATH=/usr/local/nginx/conf/ssl/mail.oyo.cool.key
SSL_ALT_CERT_PATH=
SSL_ALT_KEY_PATH=
VIRUSMAILS_DELETE_DELAY=
POSTFIX_DAGENT=
POSTFIX_MAILBOX_SIZE_LIMIT=
ENABLE_QUOTAS=1
POSTFIX_MESSAGE_SIZE_LIMIT=
CLAMAV_MESSAGE_SIZE_LIMIT=
PFLOGSUMM_TRIGGER=
PFLOGSUMM_RECIPIENT=
PFLOGSUMM_SENDER=
LOGWATCH_INTERVAL=
LOGWATCH_RECIPIENT=
LOGWATCH_SENDER=
REPORT_RECIPIENT=
REPORT_SENDER=
LOGROTATE_INTERVAL=weekly
LOGROTATE_COUNT=4
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
POSTFIX_INET_PROTOCOLS=all
ENABLE_MTA_STS=0
DOVECOT_INET_PROTOCOLS=all
ENABLE_SPAMASSASSIN=0
ENABLE_SPAMASSASSIN_KAM=0
SPAMASSASSIN_SPAM_TO_INBOX=1
MOVE_SPAM_TO_JUNK=1
MARK_SPAM_AS_READ=0
SA_TAG=2.0
SA_TAG2=6.31
SA_KILL=10.0
ENABLE_FETCHMAIL=0
FETCHMAIL_POLL=300
FETCHMAIL_PARALLEL=0
ENABLE_GETMAIL=0
GETMAIL_POLL=5
ENABLE_OAUTH2=
OAUTH2_INTROSPECTION_URL=
LDAP_START_TLS=
LDAP_SERVER_HOST=
LDAP_SEARCH_BASE=
LDAP_BIND_DN=
LDAP_BIND_PW=
LDAP_QUERY_FILTER_USER=
LDAP_QUERY_FILTER_GROUP=
LDAP_QUERY_FILTER_ALIAS=
LDAP_QUERY_FILTER_DOMAIN=
DOVECOT_TLS=
DOVECOT_USER_FILTER=
DOVECOT_PASS_FILTER=
DOVECOT_MAILBOX_FORMAT=maildir
DOVECOT_AUTH_BIND=
ENABLE_POSTGREY=0
POSTGREY_DELAY=300
POSTGREY_MAX_AGE=35
POSTGREY_TEXT="Delayed by Postgrey"
POSTGREY_AUTO_WHITELIST_CLIENTS=5
ENABLE_SASLAUTHD=0
SASLAUTHD_MECHANISMS=
SASLAUTHD_MECH_OPTIONS=
SASLAUTHD_LDAP_SERVER=
SASLAUTHD_LDAP_BIND_DN=
SASLAUTHD_LDAP_PASSWORD=
SASLAUTHD_LDAP_SEARCH_BASE=
SASLAUTHD_LDAP_FILTER=
SASLAUTHD_LDAP_START_TLS=
SASLAUTHD_LDAP_TLS_CHECK_PEER=
SASLAUTHD_LDAP_TLS_CACERT_FILE=
SASLAUTHD_LDAP_TLS_CACERT_DIR=
SASLAUTHD_LDAP_PASSWORD_ATTR=
SASLAUTHD_LDAP_AUTH_METHOD=
SASLAUTHD_LDAP_MECH=
SRS_SENDER_CLASSES=envelope_sender
SRS_EXCLUDE_DOMAINS=
SRS_SECRET=
DEFAULT_RELAY_HOST=
// 因为25端口被禁用所以这里做转发
RELAY_HOST=smtp.gmail.com
RELAY_PORT=587
RELAY_USER=demo@gamial.com
RELAY_PASSWORD=passwod or 授权码
解析配置
配置
DMARC
解析的时候可以借助这个工具来:https://dmarcguide.globalcyberalliance.org/DKIM
等容器启动可以直接生成再配置到解析上即可;
主机记录 |
记录类型 |
记录值 |
TTL |
---|---|---|---|
@ |
TXT |
v=spf1 mx ~all |
10 |
@ |
MX |
mail.oyo.cool |10 |
10 |
|
A |
|
10 |
_dmarc |
TXT |
v=DMARC1; p=none; rua=me@oyo.cool; ruf=me@oyo.cool; sp=none; ri=86400 |
10 |
mail._domainkey |
TXT |
v=DKIM1; h=sha256; k=rsa; \"\"p=xxxxx+xxxKrfeka0/dOAJaRI4Nn6b/i4xxxxxnai0rqdymEAIrp5fb/et1YuqGbOpxNNGwUPwIDAQAB |
10 |
端口配置
启动服务
$ docker-compose up -d
# 服务启动后要记得先创建一个邮箱
$ docker exec -it mailserver setup email add me@oyo.cool
配置DKIM
$ docker exec -it mailserver setup config dkim
$ cd ./docker-data/dms/config/opendkim/keys/oyo.cool
# 这里查看后就可以到云解析上去配置,不过记得先把格式调整下;
$ cat mail.txt
登录邮箱
常用命令
# 查看帮助
$ docker exec -it mailserver setup help
# 添加邮箱
$ docker exec -it setup email add admin@domain.com "password"
# 查看用户列表
$ docker exec -it mailserver setup email list
# 修改密码
$ docker exec -it mailserver setup email update admin@domain.com "password"