Docker-mailserver: SMTP server question

Created on 19 May 2017 · 13Comments · Source: tomav/docker-mailserver

Hi,

thanks for awesome docker image! I'm pretty new to mail servers and I'm not able to setup my server via your wiki. What I want to do is just simple SMTP server with one user for auth. I want to use it for my PHP applications through ssl SMTP login as follows:

mailer:
   smtp: true
   host: mail.mydomain.top
   secure: ssl
   port: 25
   username: '[email protected]'
   password: 'password'

So I pulled your image, configured, registered user, mounted letsencrypt volume with created certificate, opened desired ports, configured DNS A, MX and PTR reverse DNS records, but still missing something for usage as above.

I'm able to connect via telnet, but not proceed with authorization of my created user (base64 encoded username and password with perl...).

On this page https://www.checktls.com/TestReceiver I always received certs and secure fail.

When I test my smtp server on this page https://mxtoolbox.com/SuperTool.aspx everything looks fine. (reverse DNS OK, valid hostname OK, TLS OK, not an open relay OK...)

And if I want to add my user to thunderbird it says that "cannot trust self-signed certificate" for Dovecot mail server and root@localhost. But I configured SSL_TYPE = letsencrypt so I don't get it.

Can anyone help me please? Or provide some guidance?

Thank you!

question

Source

czende

All 13 comments

Hello Jan, this is a great image and I have it deployed for several clients. A straight forward mail server container for the needs you are addressing... Check this out: https://github.com/htmlgraphic/Mail-Server

I use this exact instance daily

Happy to help if needed and there are several updates I am looking to contribute. Happy to help personaly if needed.

gegere on 19 May 2017

👎6 😄1

@gegere lol... nice advertising.

@Czende just use the 2.2 image for now. 2.3 has some problems with smtp at the moment and seems to be under construction.

thiesschneider on 19 May 2017

@Czende could you provide logs as stated here?

@thiesschneider: yes, and its not the first time here.

tomav on 19 May 2017

@gegere Thank you for your valuable answer lol.
@thiesschneider Thanks, but I'm using image with tag 2.2. I think that problem is just that I don't know how to properly configure this mailserver.
@tomav Thanks for your response. Here is my log:

#
#
# ENV
#
#

HOSTNAME=mail.mydomain.top
DMS_DEBUG=1
VIRUSMAILS_DELETE_DELAY=7
ENABLE_CLAMAV=1
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
ENABLE_FAIL2BAN=1
ENABLE_SPAMASSASSIN=1
PWD=/
SHLVL=1
HOME=/root
ONE_DIR=1
SSL_TYPE=letsencrypt
DEBIAN_FRONTEND=noninteractive
_=/usr/bin/printenv

#
#
# docker-mailserver
#
#

Initializing setup
  Registering check,setup,fix,misc and start-daemons functions
  * _check_environment_variables() registered
  * _check_hostname() registered
  * _setup_default_vars() registered
  * _setup_dovecot() registered
  * _setup_dovecot_local_user() registered
  * _setup_dkim() registered
  * _setup_ssl() registered
  * _setup_docker_permit() registered
  * _setup_mailname() registered
  * _setup_amavis() registered
  * _setup_dmarc_hostname() registered
  * _setup_postfix_hostname() registered
  * _setup_dovecot_hostname() registered
  * _setup_postfix_sasl() registered
  * _setup_postfix_override_configuration() registered
  * _setup_postfix_sasl_password() registered
  * _setup_security_stack() registered
  * _setup_postfix_aliases() registered
  * _setup_postfix_vhost() registered
  * _setup_environment() registered
  * _fix_var_mail_permissions() registered
  * _fix_var_amavis_permissions() registered
  * _misc_save_states() registered
  * _start_daemons_cron() registered
  * _start_daemons_rsyslog() registered
  * _start_daemons_dovecot() registered
  * _start_daemons_opendkim() registered
  * _start_daemons_opendmarc() registered
  * _start_daemons_postfix() registered
  * _start_daemons_fail2ban() registered
  * _start_daemons_clamav() registered
  * _start_daemons_amavis() registered
Checking configuration
  Check that there are no conflicts with env variables [_check_environment_variables]
  Check that hostname/domainname is provided or overidden (no default docker hostname/kubernetes) [_check_hostname]
  * Domain has been set to mydomain.top
  * Hostname has been set to mail.mydomain.top
Configuring mail server
  Setting up default variables [_setup_default_vars]
  * Set ENABLE_LDAP=0
  * Set ENABLE_FETCHMAIL=0
  * Set OVERRIDE_HOSTNAME=
  * Set ENABLE_MANAGESIEVE=0
  * Set DMS_DEBUG=1
  * Set ENABLE_POP3=0
  * Set ENABLE_SASLAUTHD=0
  * Set ENABLE_CLAMAV=1
  * Set SMTP_ONLY=0
  * Set ENABLE_FAIL2BAN=1
  * Set ENABLE_SPAMASSASSIN=1
  * Set POSTGREY_DELAY=300
  * Set POSTGREY_TEXT=Delayed by postgrey
  * Set ENABLE_POSTGREY=0
  * Set POSTGREY_MAX_AGE=35
  Setting up Dovecot
  Setting up Dovecot Local User
  * Checking file line endings
  * Regenerating postfix user list
  * user 'info' for domain 'mydomain.top' with password '********'
  Setting up DKIM
  * DKIM keys added for: mydomain.top
  * Changing permissions on /etc/opendkim
  Setting up SSL
  Setting up PERMIT_DOCKER Option
  * Adding container ip in my networks
  Setting up Mailname
  * Creating /etc/mailname
  Setting up Amavis
  * Applying hostname to /etc/amavis/conf.d/05-node_id
  Setting up dmarc
  * Applying hostname to /etc/opendmarc.conf
  Applying hostname and domainname to Postfix
  * Applying hostname to /etc/postfix/main.cf
  Applying hostname to Dovecot
  * Applying hostname to /etc/dovecot/conf.d/15-lda.conf
  Setting up Postfix Override configuration
  * No extra postfix settings loaded because optional '/tmp/docker-mailserver/postfix-main.cf' not provided.
  Setting up Postfix SASL Password
  * Warning: 'SASL_PASSWD' is not provided. /etc/postfix/sasl_passwd not created.
  Setting up Security Stack
  * Enabling and configuring spamassassin
  * Enabling clamav
  * Fail2ban enabled
  Setting up Postfix Aliases
  * Warning 'config/postfix-virtual.cf' is not provided. No mail alias/forward created.
  Setting up Postfix vhost
  Setting up /etc/environment
  Checking /var/mail permissions
  * Permissions in /var/mail look OK
  Checking $amavis_state_dir permissions
  * Permissions in /var/mail-state/lib-amavis look OK
Starting Misc
  * Consolidating all state onto /var/mail-state
  *   Destination /var/mail-state/spool-postfix exists, linking /var/spool/postfix to it
  *   Destination /var/mail-state/lib-postfix exists, linking /var/lib/postfix to it
  *   Destination /var/mail-state/lib-amavis exists, linking /var/lib/amavis to it
  *   Destination /var/mail-state/lib-clamav exists, linking /var/lib/clamav to it
  *   Destination /var/mail-state/lib-spamassasin exists, linking /var/lib/spamassasin to it
  *   Destination /var/mail-state/lib-fail2ban exists, linking /var/lib/fail2ban to it
  *   Destination /var/mail-state/lib-postgrey exists, linking /var/lib/postgrey to it
Starting mail server
  Starting cron  [ OK ]
  Starting rsyslog  [ OK ]
  Starting dovecot services  [ OK ]
  Starting opendkim  [ OK ]
  Starting opendmarc  [ OK ]
  Starting postfix  [ OK ]
  Starting fail2ban  [ OK ]
  Starting clamav  [ OK ]
  Starting amavis  [ OK ]

#
# mail.mydomain.top is up and running
#

May 19 10:35:41 mail amavis[1373]: No decoder for       .rpm  tried: rpm2cpio.pl, rpm2cpio
May 19 10:35:41 mail amavis[1373]: Found decoder for    .cpio at /bin/pax
May 19 10:35:41 mail amavis[1373]: Found decoder for    .tar  at /bin/pax
May 19 10:35:41 mail amavis[1373]: No decoder for       .deb  tried: ar
May 19 10:35:41 mail amavis[1373]: Internal decoder for .zip 
May 19 10:35:41 mail amavis[1373]: Internal decoder for .kmz 
May 19 10:35:41 mail amavis[1373]: Found decoder for    .7z   at /usr/bin/7zr
May 19 10:35:41 mail amavis[1373]: No decoder for       .rar  tried: unrar-free
May 19 10:35:41 mail amavis[1373]: Found decoder for    .arj  at /usr/bin/arj
May 19 10:35:41 mail amavis[1373]: No decoder for       .arc  tried: nomarch, arc
May 19 10:35:41 mail amavis[1373]: No decoder for       .zoo  tried: zoo
May 19 10:35:41 mail amavis[1373]: No decoder for       .doc  tried: ripole
May 19 10:35:41 mail amavis[1373]: No decoder for       .cab  tried: cabextract
May 19 10:35:41 mail amavis[1373]: No decoder for       .tnef
May 19 10:35:41 mail amavis[1373]: Internal decoder for .tnef
May 19 10:35:41 mail amavis[1373]: Found decoder for    .exe  at /usr/bin/arj
May 19 10:35:41 mail amavis[1373]: Using primary internal av scanner code for ClamAV-clamd
May 19 10:35:41 mail amavis[1373]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
May 19 10:35:41 mail amavis[1373]: Deleting db files __db.001,__db.002,nanny.db,snmp.db,__db.003 in /var/lib/amavis/db
May 19 10:35:41 mail amavis[1373]: Creating db in /var/lib/amavis/db/; BerkeleyDB 0.54, libdb 5.3
May 19 10:37:09 mail dovecot: ssl-params: SSL parameters regeneration completed

czende on 19 May 2017

Can you try with a mail client, using full email address as login?
Just to be sure that the server is ok (and it seems ok when looking at the logs).

Have also a look to the logs when you try to authenticate. Perhaps an error can be displayed.

tomav on 19 May 2017

I finally connect via telnet and sent message, but it was delivered into spam mailbox with aprox 5 minutes delay.

When I'm trying to add my mailbox to mail client on macOS it says that can't trust self signed certificate (Clamav and root@localhost).

When I tried same with thunderbird it says incorrect username or password.

I also tried my PHP app to use that smtp.mydomain.top and nothing happened.

My maillog contains some more info:

mail postfix/smtpd[1449]: warning: connect to Milter service inet:localhost:8893: Connection refused
mail amavis[1376]: (01376-01) (!!)AV: ALL VIRUS SCANNERS FAILED

I have my letsencypt certificate for mail.mydomain.top properly mounted and still mailserver did not recognise it.

Is there some docs on how to setup mail client with this mailserver? I still don't get it. My DNS records are pointing to the same machine - mail.mydomain.top, smtp.mydomain.top and imap.mydomain.top, but I still can't login or use smtp server for my apps.

czende on 19 May 2017

Check if clamd is running. Amavis uses Clamav (enabled using ENABLE_CLAMAV=1) for virus detection.
Note that amavis/clamav need a 1 or 1.5GB RAM server?

tomav on 20 May 2017

clamd is running, I have 2GB digitalocean droplet. I think problem is about my SSL connection. When I'm trying to setup mail client, I'm getting "The indentity of mail.mydomain.top cannot be verified. The certificate for this server is invalid."

This is output of certificate detail:

screen shot 2017-05-22 at 11 13 10

But env variable is set to SSL_TYPE=letsencrypt, mounted and properly configured for my domain. Am I missing something?

czende on 22 May 2017

I don't thin you're matching letsencrypt needed configuration, otherwise you should see SSL configured with 'letsencrypt' certificates.
Check this part of the code: https://github.com/tomav/docker-mailserver/blob/master/target/start-mailserver.sh#L747-L748

tomav on 22 May 2017

@thiesschneider not advertising simply sharing alternative solutions, sometimes more knowledge is needed. I use this repo and have been in the process of making a build test to work with CircleCI. I monitor this repo in detail and I hear of many people having issues with minuet details.

Once I have the TDT instructions ready via a neat merge I'll issue a pull request.

Sorry if I ruined your day by sharing more information about a similar solution.

gegere on 26 May 2017

@gegere lol, sweet 6 star repo. Share more knowledge about building a container. It looks like you have much traffic there and many people are try to help you with their issues and commits.

Sorry if I ruined your whatsoever by telling you: there are similar solutions, but yours is not...

thiesschneider on 26 May 2017

@czende is the issue solved?