Mail——基于docker-mailserver搭建邮箱服务
行业新闻 2024-11-24 19:08 203

前言

之前是基于企业微信搭建了自己的邮件服务,现在想独立搭建一个邮件服务,选择后最终考虑基于docker-mailserver进行搭建,一路坎坷,就当踩坑学习了吧,虽然最后通过中转实现了正常发送,不过感觉还是很坑,国内的厂商一般都禁用了25端口,所以真的要用的话要记得申请下;

网站名称:https://console.cloud.tencent.com/secctrl

仓库:https://github.com/docker-mailserver/docker-mailserver

文档:https://docker-mailserver.github.io/docker-mailserver/latest/

内容

克隆项目

代码语言:shell
复制
$ git clone https://github.com/docker-mailserver/docker-mailserver.git
$ cd docker-mailserver

修改配置

让我们来调整下compose.yaml的配置,修改hostname并增加POP3相关的配置;

代码语言:dockerfile
复制
services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver
    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
    hostname: mail.oyo.cool
    env_file: mailserver.env
    # More information about the mail-server ports:
    # https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
    ports:
      - "25:25"    # SMTP  (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
      - "143:143"  # IMAP4 (explicit TLS => STARTTLS)
      - "465:465"  # ESMTP (implicit TLS)
      - "587:587"  # ESMTP (explicit TLS => STARTTLS)
      - "993:993"  # IMAP4 (implicit TLS)
      - "110:110"  # POP3
      - "995:995"  # POP3 (with TLS)
    volumes:
      - /usr/local/nginx/conf/ssl/:/usr/local/nginx/conf/ssl/
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - /etc/localtime:/etc/localtime:ro
    restart: always
    stop_grace_period: 1m
    # Uncomment if using `ENABLE_FAIL2BAN=1`:
    # cap_add:
    #   - NET_ADMIN
    healthcheck:
      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
      timeout: 3s
      retries: 0

修改mailserver.env,这个配置完整的内容,有点多,所以这里查看的时候可以过滤下,详细的介绍可查看配置文件文档;

代码语言:shell
复制
$ cat mailserver.env | grep -v '^#' | grep -v '^$'

OVERRIDE_HOSTNAME=
DMS_DEBUG=0
LOG_LEVEL=info
SUPERVISOR_LOGLEVEL=
DMS_VMAIL_UID=
DMS_VMAIL_GID=
ACCOUNT_PROVISIONER=
POSTMASTER_ADDRESS=me@oyo.cool
ENABLE_UPDATE_CHECK=1
UPDATE_CHECK_INTERVAL=1d
PERMIT_DOCKER=none
TZ=
NETWORK_INTERFACE=
TLS_LEVEL=
SPOOF_PROTECTION=
ENABLE_SRS=0
ENABLE_OPENDKIM=1
ENABLE_OPENDMARC=1
ENABLE_POLICYD_SPF=1
ENABLE_POP3=1
ENABLE_IMAP=1
ENABLE_CLAMAV=0
SPAM_SUBJECT=
ENABLE_RSPAMD=0
ENABLE_RSPAMD_REDIS=0
RSPAMD_LEARN=1
RSPAMD_CHECK_AUTHENTICATED=0
RSPAMD_GREYLISTING=1
RSPAMD_HFILTER=1
RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6
RSPAMD_NEURAL=0
ENABLE_AMAVIS=1
AMAVIS_LOGLEVEL=0
ENABLE_DNSBL=0
ENABLE_FAIL2BAN=0
FAIL2BAN_BLOCKTYPE=drop
ENABLE_MANAGESIEVE=
POSTSCREEN_ACTION=enforce
SMTP_ONLY=
SSL_TYPE=custom
SSL_CERT_PATH=/usr/local/nginx/conf/ssl/mail.oyo.cool.crt
SSL_KEY_PATH=/usr/local/nginx/conf/ssl/mail.oyo.cool.key
SSL_ALT_CERT_PATH=
SSL_ALT_KEY_PATH=
VIRUSMAILS_DELETE_DELAY=
POSTFIX_DAGENT=
POSTFIX_MAILBOX_SIZE_LIMIT=
ENABLE_QUOTAS=1
POSTFIX_MESSAGE_SIZE_LIMIT=
CLAMAV_MESSAGE_SIZE_LIMIT=
PFLOGSUMM_TRIGGER=
PFLOGSUMM_RECIPIENT=
PFLOGSUMM_SENDER=
LOGWATCH_INTERVAL=
LOGWATCH_RECIPIENT=
LOGWATCH_SENDER=
REPORT_RECIPIENT=
REPORT_SENDER=
LOGROTATE_INTERVAL=weekly
LOGROTATE_COUNT=4
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0
POSTFIX_INET_PROTOCOLS=all
ENABLE_MTA_STS=0
DOVECOT_INET_PROTOCOLS=all
ENABLE_SPAMASSASSIN=0
ENABLE_SPAMASSASSIN_KAM=0
SPAMASSASSIN_SPAM_TO_INBOX=1
MOVE_SPAM_TO_JUNK=1
MARK_SPAM_AS_READ=0
SA_TAG=2.0
SA_TAG2=6.31
SA_KILL=10.0
ENABLE_FETCHMAIL=0
FETCHMAIL_POLL=300
FETCHMAIL_PARALLEL=0
ENABLE_GETMAIL=0
GETMAIL_POLL=5
ENABLE_OAUTH2=
OAUTH2_INTROSPECTION_URL=
LDAP_START_TLS=
LDAP_SERVER_HOST=
LDAP_SEARCH_BASE=
LDAP_BIND_DN=
LDAP_BIND_PW=
LDAP_QUERY_FILTER_USER=
LDAP_QUERY_FILTER_GROUP=
LDAP_QUERY_FILTER_ALIAS=
LDAP_QUERY_FILTER_DOMAIN=
DOVECOT_TLS=
DOVECOT_USER_FILTER=
DOVECOT_PASS_FILTER=
DOVECOT_MAILBOX_FORMAT=maildir
DOVECOT_AUTH_BIND=
ENABLE_POSTGREY=0
POSTGREY_DELAY=300
POSTGREY_MAX_AGE=35
POSTGREY_TEXT="Delayed by Postgrey"
POSTGREY_AUTO_WHITELIST_CLIENTS=5
ENABLE_SASLAUTHD=0
SASLAUTHD_MECHANISMS=
SASLAUTHD_MECH_OPTIONS=
SASLAUTHD_LDAP_SERVER=
SASLAUTHD_LDAP_BIND_DN=
SASLAUTHD_LDAP_PASSWORD=
SASLAUTHD_LDAP_SEARCH_BASE=
SASLAUTHD_LDAP_FILTER=
SASLAUTHD_LDAP_START_TLS=
SASLAUTHD_LDAP_TLS_CHECK_PEER=
SASLAUTHD_LDAP_TLS_CACERT_FILE=
SASLAUTHD_LDAP_TLS_CACERT_DIR=
SASLAUTHD_LDAP_PASSWORD_ATTR=
SASLAUTHD_LDAP_AUTH_METHOD=
SASLAUTHD_LDAP_MECH=
SRS_SENDER_CLASSES=envelope_sender
SRS_EXCLUDE_DOMAINS=
SRS_SECRET=
DEFAULT_RELAY_HOST=
// 因为25端口被禁用所以这里做转发
RELAY_HOST=smtp.gmail.com
RELAY_PORT=587
RELAY_USER=demo@gamial.com
RELAY_PASSWORD=passwod or 授权码

解析配置

配置DMARC解析的时候可以借助这个工具来:https://dmarcguide.globalcyberalliance.org/ DKIM等容器启动可以直接生成再配置到解析上即可;

主机记录

记录类型

记录值

TTL

@

TXT

v=spf1 mx ~all

10

@

MX

mail.oyo.cool |10

10

mail

A

 

10

_dmarc

TXT

v=DMARC1; p=none; rua=me@oyo.cool; ruf=me@oyo.cool; sp=none; ri=86400

10

mail._domainkey

TXT

v=DKIM1; h=sha256; k=rsa; \"\"p=xxxxx+xxxKrfeka0/dOAJaRI4Nn6b/i4xxxxxnai0rqdymEAIrp5fb/et1YuqGbOpxNNGwUPwIDAQAB

10

端口配置

启动服务

代码语言:shell
复制
$ docker-compose up -d
# 服务启动后要记得先创建一个邮箱
$ docker exec -it mailserver setup email add me@oyo.cool

配置DKIM

代码语言:shell
复制
$ docker exec -it mailserver setup config dkim
$ cd ./docker-data/dms/config/opendkim/keys/oyo.cool
# 这里查看后就可以到云解析上去配置,不过记得先把格式调整下;
$ cat mail.txt 

登录邮箱

常用命令

代码语言:shell
复制
# 查看帮助
$ docker exec -it mailserver setup help

# 添加邮箱
$ docker exec -it  setup email add admin@domain.com "password"

# 查看用户列表
$ docker exec -it mailserver setup email list

# 修改密码
$ docker exec -it mailserver setup email update admin@domain.com "password"