HomeUncategorized / Self-hosting a full-featured pure and lightweight mail server with Docker (Postfix & Dovecot)

Self-hosting a full-featured pure and lightweight mail server with Docker (Postfix & Dovecot)

Share this post on:

(This article was crafted with assistance from Bing AI.)

In this tutorial, we’ll walk through the process of setting up a mail server using Docker Compose and Dovecot. We’ll cover the configuration of both the Mail Transfer Agent (MTA) and the Mail Delivery Agent (MDA).

[LINK TO CLONE THE REPOSITORY OR DOWNLOAD ZIP FROM GITHUB]

Prerequisites

Before we begin, make sure you have the following prerequisites:

  1. Docker installed on your system.
  2. Basic knowledge of Docker Compose.

Concepts of mailing and containerization

Certainly! Let’s dive into each of these terms:

  1. MDA (Mail Delivery Agent): An MDA is responsible for delivering email messages to the recipient’s mailbox. It receives messages from the Mail Transfer Agent (MTA) and places them in the appropriate mailbox (e.g., using protocols like IMAP or POP3).
  2. MTA (Mail Transfer Agent): The MTA handles the routing and delivery of email messages between mail servers. It uses protocols like SMTP (Simple Mail Transfer Protocol) to transfer emails from the sender’s server to the recipient’s server.
  3. SPF (Sender Policy Framework): SPF is an email authentication method that allows domain owners to specify which servers are authorized to send emails on their behalf. SPF records list valid IP addresses for sending emails from a domain1.
  4. DKIM (DomainKeys Identified Mail): DKIM adds a digital signature to outgoing emails, allowing recipients to verify that the email came from the claimed domain. It uses public-key cryptography to sign and verify messages.
  5. DMARC (Domain-based Message Authentication Reporting and Conformance): DMARC builds upon SPF and DKIM. It instructs email servers on how to handle emails that fail SPF or DKIM checks. Domains use DMARC policies to specify actions like marking as spam or rejecting failed emails1.
  6. Postfix: Postfix is a popular open-source MTA used for routing and delivering email messages. It’s highly configurable and widely used in email server setups.
  7. Dovecot: Dovecot is an MDA and IMAP/POP3 server. It retrieves emails from the mailbox and serves them to clients (such as email clients or webmail interfaces).
  8. Docker: Docker is a containerization platform that allows you to package applications and their dependencies into lightweight containers. It simplifies deployment and ensures consistent environments.
  9. Bridge Network: In Docker, a bridge network connects containers on the same host, allowing them to communicate securely. It provides isolation and manages IP addresses for containers.
  10. SASL Authentication (Simple Authentication and Security Layer): SASL is a framework for adding authentication support to protocols. It’s commonly used for authenticating email clients with SMTP servers.
  11. Public and Private Key: Public-key cryptography uses a pair of keys: the public key (shared openly) and the private key (kept secret). These keys are used for encryption, decryption, and digital signatures.
  12. Signature and Certificate: A digital signature is created using a private key to verify the authenticity and integrity of data. Certificates (such as SSL/TLS certificates) contain public keys and additional information about the owner, issued by a Certificate Authority (CA).
  13. Docker-Compose.yml: A YAML file used to define multi-container Docker applications. It specifies services, networks, volumes, and other configurations for a Docker Compose project.
  14. Dockerfile: A text file that defines how to build a Docker image. It includes instructions for installing software, setting up configurations, and creating the image layers.

Most important commands we used during this setup

  1. telnet localhost 25: This command initiates a Telnet session to the local machine on port 25, which is typically used for SMTP (Simple Mail Transfer Protocol) communication. It allows you to interact with an email server.
  2. nano docker-compose.yml: The nano command opens the docker-compose.yml file in a text editor called Nano. This file is commonly used to define services and their configurations for Docker containers.
  3. nano dovecot.conf: Similar to the previous command, this opens the dovecot.conf file in Nano. Dovecot is an email server software, and its configuration file specifies settings related to IMAP and POP3 protocols.
  4. nano Dockerfile: Opens the Dockerfile in Nano. Dockerfiles are used to create custom Docker images by specifying instructions for building a container.
  5. docker-compose up --build: This command starts the services defined in the docker-compose.yml file and rebuilds the images if necessary.
  6. docker container exec -i: Executes a command inside a running Docker container. The -i flag allows interactive input.
  7. chmod 777 data/ -R: Changes permissions recursively for the data/ directory, giving read, write, and execute permissions to everyone.
  8. cat data/spool/mail/*: Displays the contents of all files in the data/spool/mail/ directory. These files likely contain email messages.
  9. nano main.cf: Opens the main.cf configuration file for Postfix, a popular mail transfer agent (MTA).
  10. ufw status: Checks the status of the Uncomplicated Firewall (UFW) rules.

Docker Compose

Let’s start by creating a docker-compose.yml file that defines our services:

In this configuration, we define two services: mta (Mail Transfer Agent) and mda (Mail Delivery Agent). The mta service handles SMTP traffic, while the mda service handles POP3 and IMAP traffic.

Dockerfile.mta

This Dockerfile sets up a Postfix mail server with specific configurations for sending emails through Gmail’s SMTP server. This includes additional features related to SMTP, DKIM (DomainKeys Identified Mail), and logging. Let’s break down the steps:

  1. Base Image: It starts with the official Ubuntu base image.
  2. Update and Install Packages:
    • It updates the package list and installs several packages related to Postfix, including postfix, rsyslog, mailutils, and various SASL-related libraries.
    • The apt clean command removes unnecessary files after installation.
  3. Configure master.cf:
    • Adds a configuration line to master.cf to enable the submission service for SMTP.
  4. Client Authentication:
    • Configures Postfix to use Dovecot for authentication (smtpd_sasl_type = dovecot).
    • Specifies the path for Dovecot (smtpd_sasl_path).
    • Disables TLS (smtpd_use_tls = no) and allows only authenticated users (smtpd_tls_auth_only = yes).
  5. External Relay Configuration:
    • Copies a sasl_passwd file and creates a hash map from it.
    • Sets up TLS policy for Gmail (tls_policy).
    • Manages permissions for the TLS policy file.
  6. Certificates:
    • Creates a directory for SSL certificates.
    • Copies the SSL certificate and private key.
    • Sets appropriate permissions.
  7. SASL Mechanisms:
    • Configures SASL mechanisms for SMTP authentication.
  8. Relay Configuration:
    • Sets Gmail as the relay host (relayhost = [smtp.gmail.com]:587).
    • Specifies authentication details (smtp_sasl_password_maps).
    • Sets TLS-related options.
  9. SMTP Configuration:
  10. OpenDKIM Configuration:
    • Creates directories for OpenDKIM keys.
    • Configures various options in opendkim.conf, including syslog, permissions, auto-restart, and socket settings.
    • Copies DKIM keys into the container.
    • Configures KeyTable, SigningTable, and TrustedHosts for OpenDKIM.
  11. Postfix Integration with OpenDKIM:
    • Specifies milter protocol and action (milter_protocol and milter_default_action).
    • Sets up milters for SMTP (smtpd_milters and non_smtpd_milters).
  12. Logging Configuration:
    • Configures rsyslog to capture Postfix logs (/var/log/mail.log).
  13. Email Handling Script:
    • Copies the save_email.sh script into the container and makes it executable.
  14. Virtual Email Aliases:
    • Defines virtual aliases for specific domains (@gordarg.com).
    • Maps these aliases to a local transport (virtual_transport = local).
  15. Exposed Ports:
    • Exposes SMTP ports 25 and 587.

Dockerfile.mda

This Dockerfile sets up a Dovecot mail server with specific configurations for POP3 and IMAP services.

  1. Base Image and Package Installation:
    • It starts with the official Ubuntu base image.
    • Installs dovecot-core, dovecot-pop3d, and dovecot-imapd.
  2. Working Directory and Configuration:
    • Sets the working directory to /etc/dovecot.
    • Copies the Dovecot configuration file (dovecot.conf).
  3. SSL Configuration:
    • Copies SSL certificates (dovecot.pem, dovecot.pem.private, and dh.pem).
    • Sets appropriate permissions.
    • Updates the SSL configuration in 10-ssl.conf.
  4. User Database and Permissions:
    • Copies the user database file (dovecot-users).
    • Sets permissions for the user database.
  5. Log Files:
    • Initializes log files (dovecot-info.log, dovecot.log, and dovecot-debug.log).
  6. Exposed Ports:
    • Exposes POP3 (110), IMAP (143), IMAPS (993), and an additional port (12345).
  7. User Setup:
    • Creates a user (vmail) with specified UID and GID.
    • Sets the user’s shell to /bin/bash.
  8. Start Dovecot Service:
    • Starts the Dovecot service and tails the log files.

Share this post on:
Post read time 5 min read

Author: tayyebi

Tayyebi works in the role of Director at Gordarg where he is the founder. He is passionate about people, technology, and arts. Mohammad believes in communications, each of us has the power to empower their people with knowledge. He can be seen writing codes, playing music, biking, and reading.

View all posts by tayyebi >

Related Posts

Image Placeholder
Uncategorized
Our SEO Checklist
Image Placeholder
Uncategorized
RAID Rescue in Linux
Image Placeholder
Uncategorized
Cleaning Up Docker Resources: A Guide






www.Gordarg.com