container-server/services/mail/docker-compose.yml

76 lines
3 KiB
YAML

version: '3.7'
# https://hub.docker.com/r/mailserver/docker-mailserver
# https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/
# https://github.com/docker-mailserver/docker-mailserver
# https://github.com/docker-mailserver/docker-mailserver/blob/master/docs/content/config/advanced/mail-sieve.md
# create account: task srv:mail-setup -- email add <user>@<domain>
networks:
mail:
name: mail
services:
mail:
image: mailserver/docker-mailserver:11
container_name: mail
restart: "${RESTART:-no}"
hostname: mail
domainname: ${BASE_DOMAIN}
environment:
- ACCOUNT_PROVISIONER=LDAP
- LDAP_SERVER_HOST=ldap
- LDAP_SEARCH_BASE='dc=ldap,dc=goauthentik,dc=io'
- LDAP_BIND_DN='cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io'
- LDAP_BIND_PW=${AUTHENTIK_LDAP_BIND_PW}
- LDAP_QUERY_FILTER_USER='(&(mail=%s)(memberOf=*mailusers*))'
- LDAP_QUERY_FILTER_ALIAS='(&(mailAlias=%s)(memberOf=*mailusers*))'
- LDAP_QUERY_FILTER_DOMAIN='(&(|(mail=*@%s)(mailAlias=*@%s))(memberOf=*mailusers*))'
- LDAP_QUERY_FILTER_SENDERS='(|(memberOf=*admins*)(&(|(mail=%s)(mailAlias=%s))(memberOf=*mailusers*)))'
- DOVECOT_USER_FILTER='(&(mail=%u)(memberOf=*mailusers*))'
- DOVECOT_PASS_ATTRS='mail=user'
- DOVECOT_AUTH_BIND=yes
- ENABLE_FAIL2BAN=0
# Using letsencrypt for SSL/TLS certificates
- SSL_TYPE=letsencrypt
# Allow sending emails from other docker containers
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker
- PERMIT_DOCKER=connected-networks
# All env below are default settings:
- ONE_DIR=1
- ENABLE_POSTGREY=0
- ENABLE_CLAMAV=0
- ENABLE_SPAMASSASSIN=0
- ENABLE_MANAGESIEVE=1
# You may want to enable this: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#spoof_protection
# See step 8 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
- SPOOF_PROTECTION=0
- TZ=${TIMEZONE}
ports:
- "25:25"
- "143:143"
- "587:587"
- "465:465"
- "993:993"
- "4190:4190" # managesieve
volumes:
# config
- ./mail/config/dovecot-local.conf:/etc/dovecot/local.conf:ro
- ${BASE_DIR:-/srv}/mail/config:/tmp/docker-mailserver/
# Mail data
- ${BASE_DIR:-/srv}/mail/mail-data:/var/mail/
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
# certificates
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/fullchain.pem:ro
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.key:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/privkey.pem:ro
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
networks:
- mail
- auth
# cap_add:
# - NET_ADMIN # For Fail2Ban to work