.. | ||
cron | ||
.env | ||
Caddyfile | ||
docker-compose.yml | ||
fts-xapian-plugin.conf | ||
README.md | ||
s3-ingest.py | ||
wireguard.conf |
Mailserver Setup
This docker container fires up a copy of docker-mailserver.
- The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
- Outbound mail is sent through Amazon SES
- Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
- Make sure to update bucket information in
s3-ingest.py
- Make sure to update bucket information in
Steps:
- You'll need to update parameters in
.env
andwireguard.conf
andCaddyfile
- Initially, comment out (from
docker-compose.yml
the two lines starting with- ./data/caddy/certificates
). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart. - Setup Mailgun or SES for mail forwarding and enter relay config in
.env
. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials. - Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update
s3-ingest.py
and uncomment the lines for mail ingestion fromdocker-compose.yml
. This is handy if your VPS/ISP is blocking inbound mail ports.
Front-end Server Wireguard
This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.
[Interface]
Address = 10.0.0.1/24 # Private IP for the VPS in the VPN network
ListenPort = 51820 # Default WireGuard port
PrivateKey = ##PRIVATE KEY FOR PUBLIC SERVER##
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding (HTTP) // repeat for each port
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
[Peer]
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
AllowedIPs = 10.0.0.2/32 # IP of the home server in VPN