最近の更新
このページへのアクセス
今日: 2 / 昨日: 10
総計: 1016
文書の過去の版を表示しています。
メールサーバも普通にたてるより、Dockerで作った方が良いかも
今回は下記でSSLを用意しておく想定
10 Docker Let's Encrypt
cd /app/ git clone https://github.com/docker-mailserver/docker-mailserver.git
cd /app/docker-mailserver/
volumesにSSL証明書を読み込むように書きを追加してあります。
compose.yml
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.hogehoge.com
env_file: mailserver.env
# More information about the mail-server ports:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
# To avoid conflicts with yaml base-60 float, DO NOT remove the quotation marks.
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
volumes:
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
- /var/lib/docker/volumes/app_certs/_data:/etc/letsencrypt/live
restart: always
stop_grace_period: 1m
# Uncomment if using `ENABLE_FAIL2BAN=1`:
cap_add:
- NET_ADMIN
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
# diff mailserver.env mailserver.env.org 45c45 < POSTMASTER_ADDRESS=hoge@hogehoge.com --- > POSTMASTER_ADDRESS= 91c91 < SPOOF_PROTECTION=1 --- > SPOOF_PROTECTION= 179c179 < ENABLE_DNSBL=1 --- > ENABLE_DNSBL=0 185c185 < ENABLE_FAIL2BAN=1 --- > ENABLE_FAIL2BAN=0 212c212 < SSL_TYPE=letsencrypt --- > SSL_TYPE= 348c348 < ENABLE_SPAMASSASSIN=1 --- > ENABLE_SPAMASSASSIN=0 460c460 < ENABLE_POSTGREY=1 --- > ENABLE_POSTGREY=0
# docker-compose up -d
通常だとProcmail利用じゃないので、Procmailで配送するよう変更する場合imageを新たに作ります。
# Mail directory virtual_transport = lmtp:unix:/var/run/dovecot/lmtp virtual_mailbox_domains = /etc/postfix/vhost virtual_mailbox_maps = texthash:/etc/postfix/vmailbox virtual_alias_maps = texthash:/etc/postfix/virtual ↓ # Mail directory virtual_transport = procmail virtual_mailbox_domains = /etc/postfix/vhost virtual_mailbox_maps = texthash:/etc/postfix/vmailbox virtual_alias_maps = texthash:/etc/postfix/virtual virtual_uid_maps = static:5000 virtual_gid_maps = static:5000
procmail unix - n n - - pipe
flags=R user=docker argv=/usr/bin/procmail -t -m USER=${user} DOMAIN=${nexthop} /tmp/docker-mailserver/procmailrc
docker-data/dms/config/procmailrc
SHELL=/bin/bash PATH=/usr/bin:/bin DROPPRIVS=yes MAILDIR=/var/mail/$DOMAIN/$USER DEFAULT=$MAILDIR/ # ロックファイル LOCKFILE=/var/mail/.procmail.lock # ログ出力先 LOGFILE=/var/mail/.procmail.log # 詳細ログ出力 VERBOSE=OFF ## 以下にprocmailレシピを書いていく :0 E * ^From:.*hoge@junkmail.com $MAILDIR/.Junk/
procmailだけ追加インストール
RUN <<EOF rm -rf /usr/share/locale/* rm -rf /usr/share/man/* rm -rf /usr/share/doc/* update-locale apt update apt install -y procmail EOF
DOCKER_BUILDKIT=1だけ入れて、build
DOCKER_BUILDKIT=1 docker image build -t mailserver2 .
cronで.Junkのメールを日々学習させておく
0 2 * * * docker exec mailserver sa-learn --spam /var/mail/example.com/username/.Junk --dbpath /var/mail-state/lib-amavis/.spamassassin
