DockMail is a lightweight, Docker-based email server solution using OpenSMTPD for SMTP and Dovecot for IMAP. It supports DKIM for email security and includes Roundcube as a web-based client.
- Lightweight: Optimized for performance with minimal components.
- Secure: Built-in DKIM support for email integrity.
- User-Friendly: Webmail access via Roundcube for a modern interface.
- Ensure that Docker, Docker Compose 2.x.x, and Nginx are installed and properly configured to avoid compatibility issues.
Ensure that the following A records are configured in your DNS:
| Subdomain | Type | Value |
|---|---|---|
| mail.example.com | A | <server IP> |
| smtp.example.com | A | <server IP> |
| imap.example.com | A | <server IP> |
- Replace
<server IP>with the IP address of your server where DockMail is deployed. - If you are using Cloudflare DNS, the
mailsubdomain can be proxied, butsmtpandimapsubdomains must not be proxied. - The
mailsubdomain can be different from thesmtpandimapsubdomains; they do not have to share the same domain name.
Add the following MX record to ensure that emails sent to your domain are correctly routed to the SMTP server:
| Name | Type | Priority | Value |
|---|---|---|---|
| example.com | MX | 10 | smtp.example.com |
Add an SPF record to specify which mail servers are allowed to send emails on behalf of your domain:
| Name | Type | Value |
|---|---|---|
| example.com | TXT | v=spf1 a mx ip4:<server IP> -all |
Below are two separate Nginx configurations: one for handling Webmail traffic and another for Certbot's SSL validation.
server {
listen 80;
server_name mail.example.com;
root /path/to/webmail/webroot;
index index.php index.html;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_pass 127.0.0.1:8999;
fastcgi_param SCRIPT_FILENAME /var/www/html$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT /var/www/html;
}
location ~ /\.ht {
deny all;
}
}server {
listen 80;
server_name smtp.example.com imap.example.com;
location /.well-known/acme-challenge/ {
alias /path/to/certbot/webroot/.well-known/acme-challenge/;
}
location / {
deny all;
}
}- Explanation: This configuration allows Certbot to perform
HTTP-01 validationfor SSL certificates by redirecting.well-known/acme-challenge/requests to Certbot’s service.
The initialize.sh script sets up SSL certificates for the IMAP and SMTP subdomains and modifies the OpenSMTPD configuration to use the provided domain.
-
Make the script executable:
chmod +x initialize.sh
-
Run the script:
./initialize.sh
-
After successful execution:
- SSL certificates will be generated for
imap.example.comandsmtp.example.com. - OpenSMTPD configuration will be updated with your specified domain.
- SSL certificates will be generated for
- Generate SSL certificates for
imap.example.comandsmtp.example.comusing Certbot. - Update OpenSMTPD configuration with the specified domain.
To ensure that your mail services are accessible, make sure to open the following ports in your server's firewall:
- Port 25: For SMTP communication.
- Port 587: For SMTP with STARTTLS.
- Port 143: For IMAP.
- Port 993: For IMAPS.
You can use the following commands to open these ports (assuming ufw as the firewall tool):
sudo ufw allow 25
sudo ufw allow 587
sudo ufw allow 143
sudo ufw allow 993
sudo ufw reloadStart the email server:
docker compose up -d- Verify that all services are running:
docker compose psEnsure that OpenSMTPD, Dovecot, and Webmail containers are running without errors.
If any service is not running or encounters an error, use the following command to check detailed logs:
docker compose logs -f [service_name]For example:
docker compose logs -f opensmtpdThe public DKIM key is generated during the setup process and can be found in the following file:
sudo cat opensmtpd/rspamd/keys/mail._domainkey.example.com.txtCopy the content of this file and add it as a TXT record in your DNS settings:
| Name | Type | Value |
|---|---|---|
| mail._domainkey | TXT | "v=DKIM1; k=rsa; p=<public_key>" |
Make sure to replace <public_key> with the Base64-encoded public key found in the file.
The dockmail.sh script provides a convenient way to manage users (add, delete, modify, list) in the DockMail system.
First, make the script executable:
chmod +x dockmail.shTo add a new email user, execute:
./dockmail.sh- Follow the prompts to enter the username, password, and optional nickname.
- Add User: Create a new user with specified username and password.
- Delete User: Remove an existing user from the database.
- Change Password: Update the password for an existing user.
- Modify Nickname: Update the user's nickname.
- List Users: Display a list of existing users.
- To verify the DKIM setup, you can use DKIM Validator or similar tools.
- For troubleshooting, check the logs of individual services using:
docker compose logs -f opensmtpd
docker compose logs -f dovecot
docker compose logs -f webmailTo add an email alias, for example enabling both main@example.com and alias@example.com to receive mail in the same inbox:
- Update Database: Add
"alias@example.com"to thealiasesJSONB field formain@example.comuser. - Create Mail Link: Set up the mail directory link in Dovecot:
docker exec dovecot ln -s /var/mail/main@example.com /var/mail/alias@example.comTo customize the webmail interface theme:
- Add Theme: Place the theme folder in
webmail/webroot/skins/directory. - Configure Theme: Set
ROUNDCUBEMAIL_SKINinwebmail/.envto your theme name.