This image combines postfix and dovecot into a secure IMAP/SMTP server. The server is enabled with virtual users, each with its own maildir. Also, it has spamassassin to detect junk email and sieve to route such emails to their proper place (the Junk mailbox).
SASL in SMTP (outgoing email) refers to relay service authentication. In other words, it is used to authenticate to an MTA (commonly SendGrid) when a user wants to send a message to a third party.
SASL in SMTPD (incoming email) refers to SMTP client authentication. It is used when mail clients want to send email through this server.
Postfix is the main workhorse for receiving mail through SMTP and delivering it locally (LMTP) or remotely (SMTP).
Dovecot serves postfix to:
- authenticate SMTP users via SASL
- write local delivery email to maildirs
- serve maildirs via IMAP
- with sieve, it places spam-marked in the Junk mailbox
Spamassassin works as an after-queue filter
for postfix.
All exposed services in this image rely on TLS. Therefore, a certificate in PEM format and its key should be located at etc/ssl/cert.pem
and /etc/ssl/key.pem
, respectively.
After a modification to one of the files do: service dovecot restart
, service postfix restart
or service spamassassin restart
as needed. Most relevant configuration files are:
Address rewriting for delivery. This is used in order to map a recipient to another, set a catchall address and create a mailing list.
Example:
# Mailing list
[email protected] [email protected],[email protected]
# Domain catchall address
@example.com [email protected]
# Alias
[email protected] [email protected]
After modyfing do:
cd /etc/postfix
postmap aliases
Domains that are final destination for this SMTP server. The in the table key is the domain; note that the value in the table is not used.
Example:
example1.com .
example2.com .
example3.com .
After modyfing do:
cd /etc/postfix
postmap domains
Users for the corresponding domains that have mailboxes. The key in the table is the user; note that the value in the table is not used.
Example:
[email protected] adam
[email protected] bo
After modyfing do:
cd /etc/postfix
postmap mailboxes
The authentication credentials for relay hosts. Entries are of the form:
[smtp.google.net]:587 username:password
After modyfing do:
cd /etc/postfix
postmap relay-sasl
The service definition file for postfix.
hostname
: a string for greeting clients (e.g.example.com
)relayhost
: the relay destination (e.g. [smtp.sendgrid.net]:587)virtual_mailbox_domains
: a space separated list of domains for receiving email (e.g.example.com example1.com
)
Authentication processes.
Log destination.
Mailbox locations and namespaces.
Services configuration (e.g. LMTP, IMAP, etc.).
SSL settings.
Mailbox definitions.
LMTP specific settings.
Plugin settings.
Settings for the Sieve interpreter.
Authentication for passwd-file users.
Configuration entry point for Dovecot.
Incoming mail SASL database. Format is comparable to that of /etc/passwd
files.
A sieve script to deliver spam email (marked by spamassassin) to the corresponding user mailbox (i.e. Junk).
Just copy the contents of the cur
subdirectories in the source Mailbox to the target (do not forget to use -p
to preserve timestamps and then chown -R dovecot:dovecot
to fix user conflicts):
cp -p source/mailbox/.spam/cur/* target/mailbox/.Spam/cur
chown -R dovecot:dovecot target/mailbox
Run openssl
follows:
openssl s_client -starttls smtp -crlf -quiet -connect example.com:587
And, complete an SMTP
session as follows:
HELO example1.com
250 example.com
MAIL FROM: <[email protected]>
250 2.1.0 Ok
RCPT TO: <[email protected]>
250 2.1.5 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: Adam Doe <[email protected]>
To: Bob Adams <[email protected]>
Subject: What is this?
It is an email, duh!
.
250 2.0.0 Ok: queued as 969DE121947
QUIT
221 2.0.0 Bye
- Use cAdvisor to monitor docker processes.
- Make postfix and dovecot logs show in the entrypoint process, instead of in files under
/var/log
. - Make sieve deliver
+
-recipients (e.g. [email protected]) to corresponding mailboxes (i.e. Work in the example). - Protect sender aliasing: https://serverfault.com/questions/797995/postfix-allow-sending-email-with-related-alias