76 lines
3 KiB
YAML
76 lines
3 KiB
YAML
version: '3.7'
|
|
|
|
# https://hub.docker.com/r/mailserver/docker-mailserver
|
|
# https://docker-mailserver.github.io/docker-mailserver/edge/examples/tutorials/basic-installation/
|
|
# https://github.com/docker-mailserver/docker-mailserver
|
|
# https://github.com/docker-mailserver/docker-mailserver/blob/master/docs/content/config/advanced/mail-sieve.md
|
|
|
|
# create account: task srv:mail-setup -- email add <user>@<domain>
|
|
|
|
networks:
|
|
mail:
|
|
name: mail
|
|
|
|
services:
|
|
mail:
|
|
image: mailserver/docker-mailserver:11
|
|
container_name: mail
|
|
restart: "${RESTART:-no}"
|
|
hostname: mail
|
|
domainname: ${BASE_DOMAIN}
|
|
environment:
|
|
- ACCOUNT_PROVISIONER=LDAP
|
|
- LDAP_SERVER_HOST=ldap
|
|
- LDAP_SEARCH_BASE='dc=ldap,dc=goauthentik,dc=io'
|
|
- LDAP_BIND_DN='cn=ldapservice,ou=users,dc=ldap,dc=goauthentik,dc=io'
|
|
- LDAP_BIND_PW=${AUTHENTIK_LDAP_BIND_PW}
|
|
- LDAP_QUERY_FILTER_USER='(&(mail=%s)(memberOf=*mailusers*))'
|
|
- LDAP_QUERY_FILTER_ALIAS='(&(mailAlias=%s)(memberOf=*mailusers*))'
|
|
- LDAP_QUERY_FILTER_DOMAIN='(&(|(mail=*@%s)(mailAlias=*@%s))(memberOf=*mailusers*))'
|
|
- LDAP_QUERY_FILTER_SENDERS='(|(memberOf=*admins*)(&(|(mail=%s)(mailAlias=%s))(memberOf=*mailusers*)))'
|
|
|
|
- DOVECOT_USER_FILTER='(&(mail=%u)(memberOf=*mailusers*))'
|
|
- DOVECOT_PASS_ATTRS='mail=user'
|
|
- DOVECOT_AUTH_BIND=yes
|
|
|
|
- ENABLE_FAIL2BAN=0
|
|
# Using letsencrypt for SSL/TLS certificates
|
|
- SSL_TYPE=letsencrypt
|
|
# Allow sending emails from other docker containers
|
|
# Beware creating an Open Relay: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#permit_docker
|
|
- PERMIT_DOCKER=connected-networks
|
|
# All env below are default settings:
|
|
- ONE_DIR=1
|
|
- ENABLE_POSTGREY=0
|
|
- ENABLE_CLAMAV=0
|
|
- ENABLE_SPAMASSASSIN=0
|
|
- ENABLE_MANAGESIEVE=1
|
|
# You may want to enable this: https://docker-mailserver.github.io/docker-mailserver/edge/config/environment/#spoof_protection
|
|
# See step 8 below, which demonstrates setup with enabled/disabled SPOOF_PROTECTION:
|
|
- SPOOF_PROTECTION=0
|
|
- TZ=${TIMEZONE}
|
|
ports:
|
|
- "25:25"
|
|
- "143:143"
|
|
- "587:587"
|
|
- "465:465"
|
|
- "993:993"
|
|
- "4190:4190" # managesieve
|
|
volumes:
|
|
# config
|
|
- ./mail/config/dovecot-local.conf:/etc/dovecot/local.conf:ro
|
|
- ${BASE_DIR:-/srv}/mail/config:/tmp/docker-mailserver/
|
|
# Mail data
|
|
- ${BASE_DIR:-/srv}/mail/mail-data:/var/mail/
|
|
- ${BASE_DIR:-/srv}/mail/mail-state:/var/mail-state/
|
|
- ${BASE_DIR:-/srv}/mail/mail-logs:/var/log/mail/
|
|
# certificates
|
|
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.crt:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/fullchain.pem:ro
|
|
- ${CERTS_DIR}/mail.${BASE_DOMAIN}/mail.${BASE_DOMAIN}.key:/etc/letsencrypt/live/mail.${BASE_DOMAIN}/privkey.pem:ro
|
|
|
|
# - ${CERTS_DIR}/mail.${BASE_DOMAIN}:/etc/letsencrypt/live/
|
|
networks:
|
|
- mail
|
|
- auth
|
|
# cap_add:
|
|
# - NET_ADMIN # For Fail2Ban to work
|