update
This commit is contained in:
@@ -1,23 +1,26 @@
|
||||
services:
|
||||
|
||||
mailserver:
|
||||
# image: docker.io/mailserver/docker-mailserver:latest # AUSKOMMENTIERT
|
||||
build:
|
||||
context: .
|
||||
dockerfile: Dockerfile
|
||||
image: dms-custom:latest
|
||||
container_name: mailserver
|
||||
hostname: mail.email-srvr.com
|
||||
domainname: email-srvr.com
|
||||
|
||||
# Node-spezifischer Hostname - A-Record zeigt auf DIESEN Server.
|
||||
# email-srvr.com selbst zeigt auf einen anderen Server und wird hier NICHT verwendet.
|
||||
hostname: node1.email-srvr.com
|
||||
|
||||
ports:
|
||||
- "25:25" # SMTP (parallel zu MailCow auf Port 25)
|
||||
- "587:587" # SMTP Submission
|
||||
- "465:465" # SMTP SSL
|
||||
- "143:143" # IMAP
|
||||
- "993:993" # IMAP SSL
|
||||
- "110:110" # POP3
|
||||
- "995:995" # POP3 SSL
|
||||
- "127.0.0.1:11334:11334" # Bindet nur an Localhost!
|
||||
- "25:25"
|
||||
- "587:587"
|
||||
- "465:465"
|
||||
- "143:143"
|
||||
- "993:993"
|
||||
- "110:110"
|
||||
- "995:995"
|
||||
- "127.0.0.1:11334:11334"
|
||||
|
||||
volumes:
|
||||
- ./docker-data/dms/mail-data/:/var/mail/
|
||||
- ./docker-data/dms/mail-state/:/var/mail-state/
|
||||
@@ -27,67 +30,88 @@ services:
|
||||
- /etc/localtime:/etc/localtime:ro
|
||||
- ./sync_dynamodb_to_sieve.py:/scripts/sync.py:ro
|
||||
- ./sieve-cron:/etc/cron.d/sieve-sync:ro
|
||||
- /var/lib/docker/volumes/caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.email-srvr.com:/etc/mail/certs:ro
|
||||
|
||||
# -------------------------------------------------------
|
||||
# Caddy Zertifikate: gesamtes Cert-Verzeichnis mounten.
|
||||
#
|
||||
# Caddy legt Wildcard-Certs so ab:
|
||||
# *.andreasknuth.de/
|
||||
# *.andreasknuth.de.crt
|
||||
# *.andreasknuth.de.key
|
||||
# node1.email-srvr.com/
|
||||
# node1.email-srvr.com.crt
|
||||
# node1.email-srvr.com.key
|
||||
#
|
||||
# setup-dms-tls.sh referenziert per:
|
||||
# /etc/mail/certs/*.domain/*.domain.crt|.key
|
||||
# -------------------------------------------------------
|
||||
- /var/lib/docker/volumes/caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory:/etc/mail/certs:ro
|
||||
|
||||
# -------------------------------------------------------
|
||||
# Dovecot SNI Konfiguration (generiert von setup-dms-tls.sh)
|
||||
# DMS lädt /tmp/docker-mailserver/dovecot-sni.cf automatisch.
|
||||
# -------------------------------------------------------
|
||||
- ./docker-data/dms/config/dovecot-sni.cf:/tmp/docker-mailserver/dovecot-sni.cf:ro
|
||||
|
||||
environment:
|
||||
# Wichtig: Rspamd und andere Services deaktivieren für ersten Test
|
||||
# -------------------------------------------------------
|
||||
# SSL Default-Cert: node1.email-srvr.com
|
||||
# Das ist das Fallback-Cert wenn kein SNI-Match gefunden wird
|
||||
# (z.B. bei direktem IP-Connect ohne Hostname).
|
||||
# Kundendomain-SNI wird über postfix-main.cf + dovecot-sni.cf gesteuert.
|
||||
# -------------------------------------------------------
|
||||
- SSL_TYPE=manual
|
||||
# Diese Pfade beziehen sich auf das INNERE des Containers (wo wir hin mounten)
|
||||
- SSL_CERT_PATH=/etc/mail/certs/mail.email-srvr.com.crt
|
||||
- SSL_KEY_PATH=/etc/mail/certs/mail.email-srvr.com.key
|
||||
- SSL_CERT_PATH=/etc/mail/certs/node1.email-srvr.com/node1.email-srvr.com.crt
|
||||
- SSL_KEY_PATH=/etc/mail/certs/node1.email-srvr.com/node1.email-srvr.com.key
|
||||
|
||||
# SPAM / Rspamd
|
||||
- ENABLE_OPENDKIM=1
|
||||
- ENABLE_OPENDMARC=0
|
||||
- ENABLE_POLICYD_SPF=0
|
||||
# #### SPAM SECTION #####
|
||||
# SPAM Rspamd aktivieren
|
||||
- ENABLE_RSPAMD=1
|
||||
# Greylisting AUS (vermeidet Verzögerungen)
|
||||
- RSPAMD_GREYLISTING=0
|
||||
# Eigene Mails NICHT scannen (vermeidet Probleme beim Senden)
|
||||
- RSPAMD_CHECK_AUTHENTICATED=0
|
||||
# Hostname Check AN (filtert Botnets, sehr sicher)
|
||||
- RSPAMD_HFILTER=1
|
||||
# Spam sortieren statt löschen (Sieve Magic)
|
||||
- MOVE_SPAM_TO_JUNK=1
|
||||
# Alte Dienste aus
|
||||
- ENABLE_AMAVIS=0
|
||||
- ENABLE_SPAMASSASSIN=0
|
||||
- ENABLE_POSTGREY=0
|
||||
# 2. ClamAV deaktivieren (Anti-Virus)
|
||||
- ENABLE_CLAMAV=0
|
||||
# HACKERSCHUTZ (Pflicht!)
|
||||
|
||||
# Sicherheit
|
||||
- ENABLE_FAIL2BAN=1
|
||||
# DNS Resolver (verhindert Spamhaus-Probleme)
|
||||
- ENABLE_UNBOUND=1
|
||||
# #### END SPAM SECTION #####
|
||||
# END SPAM SECTION
|
||||
- ENABLE_UNBOUND=1
|
||||
|
||||
# Sonstige
|
||||
- ENABLE_MANAGESIEVE=0
|
||||
- ENABLE_POP3=1
|
||||
- RSPAMD_LEARN=1
|
||||
- ONE_DIR=1
|
||||
- ENABLE_UPDATE_CHECK=0
|
||||
- PERMIT_DOCKER=network
|
||||
# - PERMIT_DOCKER=empty
|
||||
- SSL_TYPE=manual
|
||||
- SSL_CERT_PATH=/tmp/docker-mailserver/ssl/cert.pem
|
||||
- SSL_KEY_PATH=/tmp/docker-mailserver/ssl/key.pem
|
||||
# Amazon SES SMTP Relay
|
||||
- SPOOF_PROTECTION=0
|
||||
- ENABLE_SRS=0
|
||||
- LOG_LEVEL=info
|
||||
|
||||
# Amazon SES Relay
|
||||
- RELAY_HOST=email-smtp.us-east-2.amazonaws.com
|
||||
- RELAY_PORT=587
|
||||
- RELAY_USER=${SES_SMTP_USER}
|
||||
- RELAY_PASSWORD=${SES_SMTP_PASSWORD}
|
||||
# Content Filter AWS Credentials
|
||||
|
||||
# AWS Credentials
|
||||
- AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
|
||||
- AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
|
||||
- AWS_REGION=us-east-2
|
||||
# Weitere Einstellungen
|
||||
- POSTFIX_OVERRIDE_HOSTNAME=email-srvr.com
|
||||
- AWS_REGION=us-east-2
|
||||
|
||||
# Postfix
|
||||
# POSTFIX_OVERRIDE_HOSTNAME: Was Postfix im EHLO/HELO Banner sendet.
|
||||
# node1.email-srvr.com passt zum TLS-Cert und ist der echte Hostname.
|
||||
- POSTFIX_OVERRIDE_HOSTNAME=node1.email-srvr.com
|
||||
- POSTFIX_MYNETWORKS=172.16.0.0/12 172.17.0.0/12 172.18.0.0/12 [::1]/128 [fe80::]/64
|
||||
- POSTFIX_MAILBOX_SIZE_LIMIT=0
|
||||
- POSTFIX_MESSAGE_SIZE_LIMIT=0
|
||||
- SPOOF_PROTECTION=0
|
||||
- ENABLE_SRS=0
|
||||
# Debug-Einstellungen
|
||||
- LOG_LEVEL=info
|
||||
|
||||
cap_add:
|
||||
- NET_ADMIN
|
||||
- SYS_PTRACE
|
||||
@@ -95,7 +119,6 @@ services:
|
||||
networks:
|
||||
mail_network:
|
||||
aliases:
|
||||
- mail.email-srvr.com
|
||||
- mailserver
|
||||
|
||||
roundcube:
|
||||
@@ -111,16 +134,14 @@ services:
|
||||
- ROUNDCUBEMAIL_DB_NAME=roundcube
|
||||
- ROUNDCUBEMAIL_DB_USER=roundcube
|
||||
- ROUNDCUBEMAIL_DB_PASSWORD=${ROUNDCUBE_DB_PASSWORD}
|
||||
# Einfache Konfiguration ohne SSL-Probleme (für ersten Test)
|
||||
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mail.email-srvr.com
|
||||
# Roundcube verbindet intern über den Docker-Alias
|
||||
- ROUNDCUBEMAIL_DEFAULT_HOST=ssl://mailserver
|
||||
- ROUNDCUBEMAIL_DEFAULT_PORT=993
|
||||
- ROUNDCUBEMAIL_SMTP_SERVER=tls://mail.email-srvr.com
|
||||
- ROUNDCUBEMAIL_SMTP_SERVER=tls://mailserver
|
||||
- ROUNDCUBEMAIL_SMTP_PORT=587
|
||||
#- ROUNDCUBEMAIL_PLUGINS=password,email_config,managesieve
|
||||
- ROUNDCUBEMAIL_PLUGINS=password,email_config
|
||||
# In docker-compose.yml bei roundcube hinzufügen:
|
||||
ports:
|
||||
- "8888:80" # Host:Container
|
||||
- "8888:80"
|
||||
volumes:
|
||||
- ./docker-data/roundcube/config:/var/roundcube/config
|
||||
- ./docker-data/roundcube/plugins/email_config:/var/www/html/plugins/email_config:ro
|
||||
@@ -145,4 +166,4 @@ services:
|
||||
|
||||
networks:
|
||||
mail_network:
|
||||
external: true
|
||||
external: true
|
||||
Reference in New Issue
Block a user