it-themen:allgemein:mailserver
**Dies ist eine alte Version des Dokuments!**
Inhaltsverzeichnis
Projekt: Mailserver fĂĽr nctl.de (Docker + Traefik + Mailu)
Verzeichnisstruktur (empfohlen unter /opt/stacks/mailu)
mailu/
├── .env
├── docker-compose.yml
├── mailu.env
└── data/
├── mail/ # Mailspeicher
├── certs/ # Zertifikate
└── db/ # MariaDB
Datei: `.env`
- snippet.env
DOMAIN=nctl.de HOSTNAME=mail TZ=Europe/Berlin POSTMASTER=admin@nctl.de SECRET=5e8572e2e08a4dd5a44b20d1e4d8cfa6 # Beispiel, mit `openssl rand -hex 16` erzeugen
Datei: `mailu.env`
- snippet.env
# Mailu core config ROOT=/ ADMIN=enabled WEBMAIL=snappymail TLS_FLAVOR=mail HOSTNAMES=imap.nctl.de,smtp.nctl.de,webmail.nctl.de # Mail settings POSTMASTER=admin@nctl.de DOMAIN=nctl.de # Authentication AUTH_RATELIMIT=10/minute;1000/day PASSWORD_SCHEME=SHA512-CRYPT # Database DB_FLAVOR=mysql DB_HOST=db DB_USER=mailu DB_PASSWORD=secretpassword DB_NAME=mailu # Proxies TRUSTED_PROXIES=172.0.0.0/8
Datei: `docker-compose.yml`
- snippet.yaml
services: redis: image: redis:alpine restart: always volumes: - "/mailu/redis:/data" depends_on: - resolver dns: - 192.168.203.254 networks: - docker_backend front: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2024.06} restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-front networks: - docker_backend volumes: - "/mailu/certs:/certs" - "/mailu/overrides/nginx:/overrides:ro" depends_on: - resolver dns: - 192.168.203.254 labels: - "traefik.enable=true" - "traefik.http.routers.mail.rule=Host(`mail.nctl.de`)" - "traefik.http.routers.mail.entrypoints=websecure" - "traefik.http.routers.mail.tls.certresolver=letsencrypt" resolver: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}unbound:${MAILU_VERSION:-2024.06} env_file: mailu.env logging: driver: journald options: tag: mailu-resolver restart: always networks: docker_backend: ipv4_address: 192.168.203.254 admin: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}admin:${MAILU_VERSION:-2024.06} restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-admin volumes: - "/mailu/data:/data" - "/mailu/dkim:/dkim" depends_on: - redis - resolver dns: - 192.168.203.254 networks: - docker_backend labels: - "traefik.enable=true" - "traefik.http.routers.admin.rule=Host(`admin.nctl.de`)" - "traefik.http.routers.admin.entrypoints=websecure" - "traefik.http.routers.admin.tls.certresolver=letsencrypt" imap: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}dovecot:${MAILU_VERSION:-2024.06} restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-imap volumes: - "/mailu/mail:/mail" - "/mailu/overrides/dovecot:/overrides:ro" networks: - docker_backend depends_on: - front - resolver dns: - 192.168.203.254 smtp: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}postfix:${MAILU_VERSION:-2024.06} restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-smtp volumes: - "/mailu/mailqueue:/queue" - "/mailu/overrides/postfix:/overrides:ro" depends_on: - front - resolver dns: - 192.168.203.254 networks: - docker_backend oletools: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}oletools:${MAILU_VERSION:-2024.06} hostname: oletools logging: driver: journald options: tag: mailu-oletools restart: always networks: - docker_backend depends_on: - resolver dns: - 192.168.203.254 antispam: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}rspamd:${MAILU_VERSION:-2024.06} hostname: antispam restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-antispam networks: - docker_backend volumes: - "/mailu/filter:/var/lib/rspamd" - "/mailu/overrides/rspamd:/overrides:ro" depends_on: - front - redis - oletools - antivirus - resolver dns: - 192.168.203.254 antivirus: image: clamav/clamav-debian:1.4 restart: always logging: driver: journald options: tag: mailu-antivirus networks: - docker_backend volumes: - "/mailu/clamav:/var/lib/clamav" healthcheck: test: ["CMD-SHELL", "kill -0 `cat /tmp/clamd.pid` && kill -0 `cat /tmp/freshclam.pid`"] interval: 10s timeout: 5s retries: 3 start_period: 10s fetchmail: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}fetchmail:${MAILU_VERSION:-2024.06} restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-fetchmail volumes: - "/mailu/data/fetchmail:/data" depends_on: - admin - smtp - imap - resolver dns: - 192.168.203.254 networks: - docker_backend webmail: image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}webmail:${MAILU_VERSION:-2024.06} restart: always env_file: mailu.env logging: driver: journald options: tag: mailu-webmail volumes: - "/mailu/webmail:/data" - "/mailu/overrides/roundcube:/overrides:ro" networks: - docker_backend depends_on: - front labels: - "traefik.enable=true" - "traefik.http.routers.webmail.rule=Host(`webmail.nctl.de`)" - "traefik.http.routers.webmail.entrypoints=websecure" - "traefik.http.routers.webmail.tls.certresolver=letsencrypt" networks: docker_backend: external: true
Wichtige DNS-Einträge:
| Typ | Name | Ziel/IP |
| —– | ——————- | —————————– |
| A | smtp.nctl.de | <Server-IP> |
| A | imap.nctl.de | <Server-IP> |
| A | webmail.nctl.de | <Server-IP> |
| A | admin.nctl.de | <Server-IP> |
| MX | @ | smtp.nctl.de (Priorität 10) |
| TXT | @ (SPF) | v=spf1 mx ~all |
| TXT | _dmarc | v=DMARC1; p=none |
Optional: DKIM wird von Mailu automatisch erzeugt, ĂĽber WebGUI exportierbar.
Fertig! Du kannst den Stack nun mit folgendem Befehl starten:
- snippet.bash
cd /opt/stacks/mailu docker compose up -d
Die WebGUI ist danach erreichbar unter: - https://webmail.nctl.de (Webmail) - https://admin.nctl.de
(Benutzerverwaltung)
it-themen/allgemein/mailserver.1753213423.txt.gz · Zuletzt geändert: von lars