How To Set Up a Mailserver Within a Docker Swarm | by Paul Knulst | May, 2022

Ever wished to have your individual mail server? Discover ways to arrange your individual private mail server with this step-by-step information

How To Set Up A Mailserver Within A Docker Swarm
Photograph by Wayhomestudio / Freepik

I run my very own mail server to have generalized electronic mail addresses for various providers.

Whereas I looked for a pleasant answer to place my mail server right into a dockerized mail server, I discovered the well-known docker-mailserver. Sadly, I couldn’t use this mail server as a result of I had many errors whereas configuring it.

Due to this, I looked for another and located hardware-mailserver which is one thing like an optimized utilization of a docker-mailserver with a number of predefined functionalities.

If I had a standard docker atmosphere with out another providers, I might use this docker-compose.yml and begin it by executing:

$> docker-compose up -d

As a result of I run a Docker Swarm atmosphere with a Traefik load balancer that creates SSL certificates for my domains, I’ve to make some changes inside the Compose file to arrange and configure the mail server. Each adjustment can be defined afterward, service by service.

That is the primary service utilized by the mail server suite. A very powerful factor I had so as to add was the atmosphere variables. As a result of I run a Docker Swarm setup hostname doesn’t work accurately, and I’ve to develop one thing else. I discovered a doable answer inside a pull request on the GitHub web page.

I’ve so as to add FQDN and DOMAIN as atmosphere variables. One other part I’ve to alter is the labels part. I added the deploy part and created two necessary properties:

  • placement-constraint and
  • labels.

placement-constraints are used to at all times deploy the mail server on my supervisor node and labels is stuffed with all data that’s wanted for my Traefik occasion.

Lastly, I’ve to alter the amount entries. I wish to use docker volumes as a substitute of an area shared folder (which is achieved by including a ./ in entrance of the amount title)

Additionally, there’s one crucial entry inside the volumes part:

#- ./cert:/and so forth/letsencrypt/stay/$MAILSERVER_FQDN

I’ll clarify what it does and why its remark out later intimately

Like I did earlier than, I’ve so as to add atmosphere variables FQDN and DOMAIN, regulate the placement-constraint, labels and up to date the volumes.

I solely add the deploy part and alter volumes.

The MariaDB container will get a placement-constraint so I do not lose information and docker volumes which might be used. Moreover, it is rather necessary that the MYSQL_PASSWORD is similar as outlined inside the mailserver-service.

The final service is the Redis container which will get a placement-constraint and adjusted volumes.

After the providers have been adjusted inside one file (docker-compose.mailserver.yml) the subsequent step was to deploy the Docker Swarm stack. As a result of I declared a number of atmosphere variables, I needed to export them first (and I’ve to export them each time I recreate the service). Right here is the checklist of exports:

After exporting these variables, I might deploy the mail server to my Docker Swarm by executing:

$> docker stack deploy -c docker-compose.mailserver.yml mailserver

After deploying the mail server, it didn’t use SSL as a result of Traefik generated the certificates after the web site was visited the primary time. As a result of I declared inside the mailserver-service that there’s a area known as mail.$PRIMARY_DOMAIN. I opened this web site, and it confirmed rspam, but it surely additionally creates the SSL certificates, which is required for the mail server.

Mailserver is deployed with Docker within Docker Swarm but need SSL
Yoda meme generated with memegenerator

For the prior created SSL certificates, I would like a perform to switch them to the mail server. Sadly, the automated switch course of from the mail server couldn’t be used as a result of I put in the second model of Traefik.

I needed to create a small script that makes use of dumpcerts (from the mailserver GitHub) for extracting certs from traefik-acme.json and storing them right into a file that the mail server can use to have an SSL certificates. Right here’s the code:

This script assumes that the acme.json file Traefik makes use of to retailer certificates is positioned in the identical folder because the mail server. The dumpcert script might be discovered here.

If the scripts exit with out error, the mail server might be turned down and redeployed (as a result of SSL information is just checked at first of the mail server stack ).

Moreover, I created an replace script that makes use of all instructions collectively:

Sadly, you must do that each three months as a result of Traefik generates certs that solely have a life span of three months.

When the whole lot is began, the subsequent job is configuring postfix-admin and rainloop. There are two very simple information pages for this the place yow will discover all details about configuring these providers: rainloop-initial, postfix-initial

Moreover, the DNS setup is required in order that the mail server works! This step is essential.

Set important DNS records to have a good score for your mailserver
Screenshot of GitHub web page from {hardware}/mailserver

Notes

  • Guarantee that the PTR document of your IP matches the FQDN (default: mail.area.tld) of your mail server host. This document is often set in your hosting interface.
  • DKIM, SPF, and DMARC data are really useful to construct a superb popularity rating.
  • DMARC document might be created here
  • SPF wants the general public IP of the mail server!: v=spf1 a mx ipYOURMAINHERE ~all
  • The DKIM public (mail._domainkey) key can be accessible on the host after the container startup right here:
/var/lib/docker/volumes/mailserver_mail/_data/dkim/area.tld/public.key
House meme from memegenerator. congratulations, you are finished

Now the mail server is operating, and you need to use postfix admin (postfixadmin.yourdomain.de) to create accounts that may be accessed with Rainloop (webmail.yourdomain.de) or one other electronic mail shopper (Thunderbird/Betterbird).

I hope you discover this tutorial useful and are actually in a position so as to add a mail server to your Docker Swarm atmosphere.

Additionally, when you have any questions, concepts, suggestions, or wish to share cool Docker instructions or instruments, please contact me. I’ll attempt to reply your query if doable and can take a look at your suggestions.

Wish to join with the writer?Twitter, LinkedIn, Blog, GitHub

More Posts