straybits/docker-samples
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docker-samples/mailserver/README.md
Jeff Clement aed48ffdf8
many new containers. work in progress
2024-11-02 14:09:56 -06:00

36 lines
No EOL
2 KiB
Markdown
Raw Permalink Blame History

# Mailserver Setup
This docker container fires up a copy of docker-mailserver.
* The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
* Outbound mail is sent through Amazon SES
* Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
* Make sure to update bucket information in `s3-ingest.py`
Steps:
1. You'll need to update parameters in `.env` and `wireguard.conf` and `Caddyfile`
2. Initially, comment out (from `docker-compose.yml` the two lines starting with ` - ./data/caddy/certificates`). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart.
3. Setup Mailgun or SES for mail forwarding and enter relay config in `.env`. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update `s3-ingest.py` and uncomment the lines for mail ingestion from `docker-compose.yml`. This is handy if your VPS/ISP is blocking inbound mail ports.
## Front-end Server Wireguard
This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.
```
[Interface]
Address = 10.0.0.1/24 # Private IP for the VPS in the VPN network
ListenPort = 51820 # Default WireGuard port
PrivateKey = ##PRIVATE KEY FOR PUBLIC SERVER##
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding (HTTP) // repeat for each port
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
[Peer]
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
AllowedIPs = 10.0.0.2/32 # IP of the home server in VPN
```
Reference in a new issue View git blame Copy permalink