straybits/docker-samples
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docker-samples/mailserver
History
Jeff Clement aed48ffdf8
many new containers. work in progress
2024-11-02 14:09:56 -06:00
..
cron many new containers. work in progress 2024-11-02 14:09:56 -06:00
.env many new containers. work in progress 2024-11-02 14:09:56 -06:00
Caddyfile many new containers. work in progress 2024-11-02 14:09:56 -06:00
docker-compose.yml many new containers. work in progress 2024-11-02 14:09:56 -06:00
fts-xapian-plugin.conf many new containers. work in progress 2024-11-02 14:09:56 -06:00
README.md many new containers. work in progress 2024-11-02 14:09:56 -06:00
s3-ingest.py many new containers. work in progress 2024-11-02 14:09:56 -06:00
wireguard.conf many new containers. work in progress 2024-11-02 14:09:56 -06:00

README.md

Mailserver Setup

This docker container fires up a copy of docker-mailserver.

  • The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
  • Outbound mail is sent through Amazon SES
  • Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
    • Make sure to update bucket information in s3-ingest.py

Steps:

  1. You'll need to update parameters in .env and wireguard.conf and Caddyfile
  2. Initially, comment out (from docker-compose.yml the two lines starting with - ./data/caddy/certificates). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart.
  3. Setup Mailgun or SES for mail forwarding and enter relay config in .env. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
  4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update s3-ingest.py and uncomment the lines for mail ingestion from docker-compose.yml. This is handy if your VPS/ISP is blocking inbound mail ports.

Front-end Server Wireguard

This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.

[Interface]
Address = 10.0.0.1/24         # Private IP for the VPS in the VPN network
ListenPort = 51820            # Default WireGuard port
PrivateKey =  ##PRIVATE KEY FOR PUBLIC SERVER##

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding (HTTP) // repeat for each port
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2

[Peer]
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
AllowedIPs = 10.0.0.2/32      # IP of the home server in VPN