Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker-mailserver [2025-06-01 Sun wk22 22:03] – [Dovecot References] baumkpdocker_notes:docker-mailserver [2025-08-16 Sat wk33 19:39] (current) – [exim] baumkp
Line 1: Line 1:
 {{tag>linux docker mail mailserver Alpine dovecot postfix sqlite s6 s6-rc}} {{tag>linux docker mail mailserver Alpine dovecot postfix sqlite s6 s6-rc}}
 ======Docker mailserver====== ======Docker mailserver======
-This mailserver setup follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]].  Key changes are that instead of installing on Debian 11 virtual machine<sup>1</sup>, with a Maria mysql database<sup>2</sup>, this setup is for installation on latest Alpine linux Docker image with s6-rc init using maria database.  I toyed with sqlite and basically got it functional, however the support apps do not function with sqlite.+This mailserver setup follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]].  Key changes are that instead of installing on Debian 12 virtual machine<sup>1</sup>, with a Maria mysql database<sup>2</sup>, this setup is for installation on latest Alpine linux Docker image with s6-rc init using maria database.  I toyed with sqlite and basically got it functional, however the support apps do not function with sqlite, so I went back to using MySQL/MariaDB.
  
 //As this follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]], significant amounts of text have been copied and generally modified from there. **I hereby credit Workaround's author Christoph Haas.**  Furthermore Christoph's guide is very descriptive and should be referenced to get a better understanding of how to put together a mailserver.// //As this follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]], significant amounts of text have been copied and generally modified from there. **I hereby credit Workaround's author Christoph Haas.**  Furthermore Christoph's guide is very descriptive and should be referenced to get a better understanding of how to put together a mailserver.//
Line 371: Line 371:
  
 =====dovecot===== =====dovecot=====
-''/etc/dovecot/conf.d''+In Dovecot <2.4.x the main configuration are in files ''/etc/dovecot/conf.d'', although /etc/dovecot/dovecot.conf is still used and can be used for all configuration. In Dovecot >= 2.4.x the main configuration is in /etc/dovecot/dovecot.conf, however configuration files in /etc/dovecot/conf.d may also still be used.  That being said, Dovecot version 2.4.x has significant breaking configuration setting changes from earlier versions.
 <code>/ # dovecot --version <code>/ # dovecot --version
 2.3.20 (80a5ac675d) </code> 2.3.20 (80a5ac675d) </code>
Line 377: Line 377:
   *''doveconf -n''  to print parameters specifically changed in main.cf   *''doveconf -n''  to print parameters specifically changed in main.cf
  
-Dovecot version 2.4.0 seems to have broken the configuration files from 2.3.x and earlier.  Alpine Linux version 3.22 from May 2025 used Dovecot 2.4.1 and while I can use an older version of Alpine eventually I would need to upgrade Dovecot to the new configuration file syntax.  Basically Dovecot now recommends placing all configuration in one configuration file instead of many, ''/etc/dovecot/dovecot.conf'' It does allow the previous  configuration files under /etc/dovecot/conf.d to be used by the directive ''!include conf.d/*.conf'' in the dovecot.conf file.  The later directives will overwrite previous. Below is a copy on my update dovecot.conf file that appears to function on Dovecot 2.4.1.+Alpine Linux version 3.22 from May 2025 used Dovecot 2.4.1 and while I can use an older version of Alpine eventually I would need to upgrade Dovecot to the new configuration file syntax.  Basically Dovecot now recommends placing all configuration in one configuration file instead of many, ''/etc/dovecot/dovecot.conf'' It does allow the previous  configuration files under /etc/dovecot/conf.d to be used by the directive ''!include conf.d/*.conf'' in the dovecot.conf file.  The later directives will overwrite previous. Below is a copy on my update dovecot.conf file that appears to function on Dovecot 2.4.1. See [[https://doc.dovecot.org/2.4.1/core/settings/syntax.html#config-version|Dovecot Config File Syntax ]] 
 +++++Discussion on configuration files| 
 +I suspect the ''conf.d'' directory breakdown style configuration files is a bit of a legacy hangover from where the configuration files also effectively included many comments and commented options. Breaking into smaller files helps navigate this style of configuration.  The past 10+ years where search engines can be used to easily find configuration information and example configuration files the fully documented configuration files are no longer as necessary.  A single simplified configuration file with reference to online help files makes more sense and is easier to navigated.  I prefer the single file to multiple files. 
 +The only other issue is use of override files in ''conf.d'' versus default distributors conf file.  I do not believe this is or was the fundamental intent of dovecot use of ''conf.d''.  
 +++++   
 +====dovecot.conf====
 ++++/etc/dovecot/dovecot.conf| ++++/etc/dovecot/dovecot.conf|
-<code># Start new configs with the latest Dovecot version numbers here: +# Start new configs with the latest Dovecot version numbers here:\\ 
-dovecot_config_version = 2.4.1 +[[https://doc.dovecot.org/main/core/summaries/settings.html#dovecot_config_version|dovecot_config_version]] = 2.4.1\\ 
-dovecot_storage_version = 2.4.1+[[https://doc.dovecot.org/main/core/summaries/settings.html#dovecot_storage_version|dovecot_storage_version]] = 2.4.1\\
  
-#mail_debug = yes +#[[https://doc.dovecot.org/main/core/summaries/settings.html#mail_debug|mail_debug]] = yes\\ 
-#log_debug = category=ssl +#[[https://doc.dovecot.org/main/core/summaries/settings.html#log_debug|log_debug]] = category=ssl\\ 
-mail_cache_max_size = 128M+[[https://doc.dovecot.org/main/core/summaries/settings.html#mail_cache_max_size|mail_cache_max_size]] = 128M\\
  
-auth_mechanisms = plain login +[[https://doc.dovecot.org/main/core/summaries/settings.html#auth_mechanisms|auth_mechanisms]] = plain login\\ 
-info_log_path = /var/log/dovecot-info.log +[[https://doc.dovecot.org/main/core/summaries/settings.html#info_log_path|info_log_path]] = /var/log/dovecot-info.log\\ 
-log_path = /var/log/dovecot.log +[[https://doc.dovecot.org/main/core/summaries/settings.html#log_path|log_path]] = /var/log/dovecot.log\\ 
-mail_driver = maildir +[[https://doc.dovecot.org/main/core/summaries/settings.html#mail_driver|mail_driver]] = maildir\\ 
-mail_path = ~/Maildir +mail_path = ~/Maildir\\
  
-mail_plugins { +mail_plugins {\\ 
-  quota = yes +  quota = yes\\ 
-}+}\\
  
-#sieve_plugins { +#sieve_plugins {\\ 
-#  sieve_extprograms = yes +#  sieve_extprograms = yes\\ 
-#}+#}\\
  
-managesieve_notify_capability = mailto +managesieve_notify_capability = mailto\\ 
-managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext+managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext\\
  
-mbox_write_locks = fcntl+mbox_write_locks = fcntl\\
  
-namespace inbox { +namespace inbox {\\ 
-  inbox = yes +  inbox = yes\\ 
-  mailbox Drafts { +  mailbox Drafts {\\ 
-    special_use = \Drafts +    special_use = \Drafts\\ 
-  } +  }\\ 
-  mailbox Junk { +  mailbox Junk {\\ 
-    special_use = \Junk +    special_use = \Junk\\ 
-  } +  }\\ 
-  mailbox Sent { +  mailbox Sent {\\ 
-    special_use = \Sent +    special_use = \Sent\\ 
-  } +  }\\ 
-  mailbox "Sent Messages"+  mailbox "Sent Messages" {\\ 
-    special_use = \Sent +    special_use = \Sent\\ 
-  } +  }\\ 
-  mailbox Trash { +  mailbox Trash {\\ 
-    special_use = \Trash +    special_use = \Trash\\ 
-  } +  }\\ 
-  prefix =  +  prefix = \\ 
-}+}\\
  
-quota "Shared quota" { +quota "Shared quota" {\\ 
-#quota = maildir:User quota +#quota = maildir:User quota\\ 
-  quota_status_nouser = DUNNO +  quota_status_nouser = DUNNO\\ 
-  quota_status_overquota = 452 4.2.2 Mailbox is full and cannot receive any more emails +  quota_status_overquota = 452 4.2.2 Mailbox is full and cannot receive any more emails\\ 
-  quota_status_success = DUNNO +  quota_status_success = DUNNO\\ 
-  warning warn-95 { +  warning warn-95 {\\ 
-    quota_storage_percentage = 95  +    quota_storage_percentage = 95 \\ 
-    execute quota-warning { +    execute quota-warning {\\ 
-      args = 95 %{user} +      args = 95 %{user}\\ 
-      } +      }\\ 
-    } +    }\\ 
-  warning warn-80 { +  warning warn-80 {\\ 
-    quota_storage_percentage = 80 +    quota_storage_percentage = 80\\ 
-    execute quota-warning { +    execute quota-warning {\\ 
-      args = 80 %{user} +      args = 80 %{user}\\ 
-      } +      }\\ 
-    } +    }\\ 
-}+}\\
  
-#sieve = file:~/sieve;active=~/.dovecot.sieve +#sieve = file:~/sieve;active=~/.dovecot.sieve\\ 
-sieve_script_driver = file +sieve_script_driver = file\\ 
-sieve_script_active_path = ~/.dovecot.sieve +sieve_script_active_path = ~/.dovecot.sieve\\ 
-sieve_script_type = after  +sieve_script_type = after \\ 
-sieve_script_path = /etc/dovecot/sieve-after+sieve_script_path = /etc/dovecot/sieve-after\\
  
-protocols = imap lmtp +protocols = imap lmtp\\ 
-service auth { +service auth {\\ 
-  unix_listener /var/spool/postfix/private/auth { +  unix_listener /var/spool/postfix/private/auth {\\ 
-    group = postfix +    group = postfix\\ 
-    mode = 0660 +    mode = 0660\\ 
-    user = postfix +    user = postfix\\ 
-  } +  }\\ 
-+}\\ 
-service lmtp { +service lmtp {\\ 
-  unix_listener /var/spool/postfix/private/dovecot-lmtp { +  unix_listener /var/spool/postfix/private/dovecot-lmtp {\\ 
-    group = postfix +    group = postfix\\ 
-    mode = 0600 +    mode = 0600\\ 
-    user = postfix +    user = postfix\\ 
-  } +  }\\ 
-+}\\ 
-service quota-status { +service quota-status {\\ 
-  executable = quota-status -p postfix +  executable = quota-status -p postfix\\ 
-  unix_listener /var/spool/postfix/private/quota-status { +  unix_listener /var/spool/postfix/private/quota-status {\\ 
-    user = postfix +    user = postfix\\ 
-  } +  }\\ 
-+}\\ 
-service quota-warning { +service quota-warning {\\ 
-  executable = script /usr/local/bin/quota-warning.sh +  executable = script /usr/local/bin/quota-warning.sh\\ 
-  unix_listener quota-warning { +  unix_listener quota-warning {\\ 
-    group = vmail +    group = vmail\\ 
-    mode = 0660 +    mode = 0660\\ 
-    user = vmail +    user = vmail\\ 
-  } +  }\\ 
-+}\\ 
-ssl = required +ssl = required\\ 
-ssl_server_cert_file = /app/certificates/kptree.net.cer +ssl_server_cert_file = /app/certificates/kptree.net.cer\\ 
-ssl_server_dh_file = /etc/dovecot/dh.pem  +ssl_server_dh_file = /etc/dovecot/dh.pem \\ 
-ssl_server_key_file = /app/certificates/kptree.net.key +ssl_server_key_file = /app/certificates/kptree.net.key\\ 
-ssl_server_prefer_ciphers = server +ssl_server_prefer_ciphers = server\\ 
-ssl_min_protocol = TLSv1.2+ssl_min_protocol = TLSv1.2\\
  
-sql_driver = mysql+sql_driver = mysql\\
  
-mysql localhost { +mysql localhost {\\ 
-  host = mail_db  +  host = mail_db \\ 
-  dbname = mailserver +  dbname = mailserver\\ 
-  user = mailserver  +  user = mailserver \\ 
-  password = K6oF4xOZFIo2cYrwTQ03jQWwx7t2my +  password = K6oF4xOZFIo2cYrwTQ03jQWwx7t2my\\ 
-}+}\\
  
-passdb sql { +passdb sql {\\ 
-  query = SELECT password FROM virtual_users WHERE email='%{user}' +  query = SELECT password FROM virtual_users WHERE email='%{user}'\\ 
-}+}\\
  
-userdb sql {+userdb sql {\\
   query = SELECT email as user, \   query = SELECT email as user, \
   concat('*:bytes=', quota) AS quota_rule, \   concat('*:bytes=', quota) AS quota_rule, \
   '/var/vmail/%{user | domain}/%{user | username}' AS home, \   '/var/vmail/%{user | domain}/%{user | username}' AS home, \
   5000 AS uid, 5000 AS gid \   5000 AS uid, 5000 AS gid \
-  FROM virtual_users WHERE email='%{user}' +  FROM virtual_users WHERE email='%{user}'\\ 
-  iterate_query = SELECT email AS user FROM virtual_users +  iterate_query = SELECT email AS user FROM virtual_users\\ 
-}+}\\
  
-protocol lmtp { +protocol lmtp {\\ 
-  mail_plugins = " quota sieve" +  mail_plugins = " quota sieve"\\ 
-}+}\\
  
-protocol imap { +protocol imap {\\ 
-  mail_plugins = " quota imap_quota" +  mail_plugins = " quota imap_quota"\\ 
-}+}\\
  
-#!include conf.d/*.conf  </code>+#!include conf.d/*.conf\\
 ++++ ++++
  
Line 635: Line 640:
  
 ====dovecot logging==== ====dovecot logging====
 +
 +====dovecot pigeonhole====
 +Pigeonhole is the name of the project that adds support for the [[http://www.sieve.info/|Sieve language (RFC 5228)]] and the [[http://tools.ietf.org/html/rfc5804|ManageSieve protocol (RFC 5804)]] to the [[http://www.dovecot.org/|Dovecot Secure IMAP Server]].
  
 ====Dovecot References==== ====Dovecot References====
   *Doc Dovecot:   *Doc Dovecot:
     *[[https://doc.dovecot.org/|Dovecot Community Edition Documentation]]     *[[https://doc.dovecot.org/|Dovecot Community Edition Documentation]]
-    *Dovecot 2.3.x+    *Dovecot 2.4.x 
 +      *[[https://dovecot.org/mailman3/archives/list/dovecot@dovecot.org/message/WYKOYFBRIC622755CYOZQJV7IO7RKUM6/|Dovecot 2.4 - Example config]] 
 +    ++++Dovecot 2.3.x|
       *[[https://doc.dovecot.org/2.3/configuration_manual/dovecot_ssl_configuration/|Dovecot SSL configuration]]       *[[https://doc.dovecot.org/2.3/configuration_manual/dovecot_ssl_configuration/|Dovecot SSL configuration]]
       *[[https://doc.dovecot.org/2.3/configuration_manual/howto/simple_virtual_install/#simple-virtual-install-smtp-auth|Simple Virtual User Installation]]       *[[https://doc.dovecot.org/2.3/configuration_manual/howto/simple_virtual_install/#simple-virtual-install-smtp-auth|Simple Virtual User Installation]]
Line 654: Line 664:
           *[[http://rob0.nodns4.us/howto/3-dovecot|F. Dovecot configuration]]           *[[http://rob0.nodns4.us/howto/3-dovecot|F. Dovecot configuration]]
           *[[https://serverfault.com/questions/803533/dovecot-storing-mails-in-var-mail-but-mail-location-set-to-maildir-var-mail-v|Dovecot storing mails in /var/mail, but mail_location set to maildir:/var/mail/vhosts/%d/%n]]           *[[https://serverfault.com/questions/803533/dovecot-storing-mails-in-var-mail-but-mail-location-set-to-maildir-var-mail-v|Dovecot storing mails in /var/mail, but mail_location set to maildir:/var/mail/vhosts/%d/%n]]
 +++++
 =====Certificates SSL/TSL===== =====Certificates SSL/TSL=====
 Early on, before 2015 there were not many free SSL certificate providers. I used StartSSL for a free certificate.  They would purchased by a company that managed to get their certificate deregister...... So StartSSL basically became non-usable circa 2017.  Fourtunately a better solution came about a year or 2 earlier called LetsEncrypt. This could be used with certbot to get free certificates and eventually free wildcard certificates. Then came Traefik which handled certificates. Early on, before 2015 there were not many free SSL certificate providers. I used StartSSL for a free certificate.  They would purchased by a company that managed to get their certificate deregister...... So StartSSL basically became non-usable circa 2017.  Fourtunately a better solution came about a year or 2 earlier called LetsEncrypt. This could be used with certbot to get free certificates and eventually free wildcard certificates. Then came Traefik which handled certificates.
Line 1023: Line 1033:
   *[[https://easyengine.io/tutorials/mail/swaks-smtp-test-tool/|swaks – SMTP test tool]]   *[[https://easyengine.io/tutorials/mail/swaks-smtp-test-tool/|swaks – SMTP test tool]]
   *[[https://commandmasters.com/commands/swaks-linux/|How to Use the Command 'swaks' (with Examples)]]   *[[https://commandmasters.com/commands/swaks-linux/|How to Use the Command 'swaks' (with Examples)]]
 +
 +=====exim=====
 +After updating my VM from Debian 12 to 13 the mailserver container refused to start as it indicated that port 25 was already in use.  
 +
 +It would seem that Debian 13 automatically installed and starts Exim, some kind of system email client.
 +
 +The solution was simply to stop and disable Exim from running, ''sudo 'systemctl stop/disable exim4''
 +
 +The method to find the program using the port was the command ''sudo lsof -i :25''
 +
 + 
 =====References===== =====References=====
   *Workaround.org [[https://workaround.org/ispmail/bullseye/|ISPmail guide for Debian 11 “Bullseye”]]   *Workaround.org [[https://workaround.org/ispmail/bullseye/|ISPmail guide for Debian 11 “Bullseye”]]