Docker Mailserver

This guide installs docker-mailserver with SSL/TLS for secure incoming and outgoing mail.

Step 1: Create project directory

mkdir docker-mailserver
cd docker-mailserver

Step 2: Create SSL Certificates

If your mail server domain is publicly accessible, use Certbot to obtain trusted SSL certificates for free.

sudo certbot certonly --manual --preferred-challenges dns -d mail.example.com

Now, add a TXT DNS-Record to your domain as indicated by the instructions in the terminal, then hit enter.

This creates certificates typically in /etc/letsencrypt/live/mail.example.com/:

fullchain.pem — full certificate chain
privkey.pem — private key

Create the directory to put the certificates in (inside the mailserver directory):

mkdir config
mkdir config/ssl

Now You can copy the certificates into the directory:

sudo cp /etc/letsencrypt/live/mail.example.com/fullchain.pem config/ssl/
sudo cp /etc/letsencrypt/live/mail.example.com/privkey.pem config/ssl/

Step 3: Create docker-compose.yml

version: '3.8'

services:
  mailserver:
    image: mailserver/docker-mailserver:latest
    hostname: mail
    domainname: example.com
    container_name: mailserver
    ports:
      - "25:25"      # SMTP
      - "143:143"    # IMAP
      - "587:587"    # Submission (SMTP with STARTTLS)
      - "993:993"    # IMAPS (IMAP over SSL)
    volumes:
      - maildata:/var/mail
      - mailstate:/var/mail-state
      - ./config/:/tmp/docker-mailserver/
      - ./config/ssl/:/etc/letsencrypt/live/mail.example.com/:ro
    environment:
      - ENABLE_SPAMASSASSIN=1
      - ENABLE_CLAMAV=1
      - ENABLE_FAIL2BAN=1
      - ENABLE_POSTGREY=1
      - ONE_DIR=1
      - DMS_DEBUG=0
      - SSL_TYPE=manual
      - SSL_CERT_PATH=/etc/letsencrypt/live/mail.example.com/mail.example.com.crt
      - SSL_KEY_PATH=/etc/letsencrypt/live/mail.example.com/mail.example.com.key
      - SSL_DHPARAM_PATH=/etc/letsencrypt/live/mail.example.com/dhparam.pem  # Optional
    restart: always

volumes:
  maildata:
  mailstate:

Step 4: Add DH-Parmeters (recommended)

openssl dhparam -out ./config/ssl/dhparam.pem 2048

DH parameters strengthen SSL security by enabling perfect forward secrecy during key exchange. Generating your own DH parameters helps prevent some cryptographic attacks.

Step 5: Start Container

docker-compose up -d

The logs will show errors about there having to be at least one mail account, this one will be created in the next step

Step 6: Create Mail Account

docker exec -it mailserver setup email add [email protected] password

docker exec -it mailserver setup email add [email protected]

If You don't want the password to be saved in your command history. You will be prompted for a password right after hitting enter

Step 7: Verify SSL/TLS

openssl s_client -connect mail.example.com:993
openssl s_client -starttls smtp -connect mail.example.com:587

Step 8: Add Email Aliases (Optional)

First, create the alias file:

nano config/postfix-virtual.cf

Now You have multiple options:

Single Email alias:

[email protected]      [email protected]

Catch-All alias

@example.com           [email protected]

The file can contain multiple aliases, one per line

Now add the following Env variable to the docker-compose file if not already set:

environment:
  - ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1

Finally, restart the docker container:

docker-compose up -d

Step 1: Create project directory​

Step 2: Create SSL Certificates​

Step 3: Create docker-compose.yml​

Step 4: Add DH-Parmeters (recommended)​

Step 5: Start Container​

Step 6: Create Mail Account​

Step 7: Verify SSL/TLS​

Step 8: Add Email Aliases (Optional)​