Skip to content

Commit

Permalink
update docker-mailserver environment options.
Browse files Browse the repository at this point in the history
  • Loading branch information
@FarisZR
FarisZR committed Oct 20, 2024
1 parent 0ddd6c4 commit e118416
Showing 1 changed file with 163 additions and 45 deletions.
208 changes: 163 additions & 45 deletions docker-mailserver/mailserver.env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@

# empty => uses the `hostname` command to get the mail server's canonical hostname
# => Specify a fully-qualified domainname to serve mail for. This is used for many of the config features so if you can't set your hostname (e.g. you're in a container platform that doesn't let you) specify it in this environment variable.
#OVERRIDE_HOSTNAME=aosus.org
OVERRIDE_HOSTNAME=

# REMOVED in version v11.0.0! Use LOG_LEVEL instead.
DMS_DEBUG=0
Expand All @@ -30,9 +30,11 @@ LOG_LEVEL=info
# debug => Also show debug messages
SUPERVISOR_LOGLEVEL=

# 0 => mail state in default directories
# 1 => consolidate all states into a single directory (`/var/mail-state`) to allow persistence using docker volumes
ONE_DIR=1
# Support for deployment where these defaults are not compatible (eg: some NAS appliances):
# /var/mail vmail User ID (default: 5000)
DMS_VMAIL_UID=
# /var/mail vmail Group ID (default: 5000)
DMS_VMAIL_GID=

# **empty** => use FILE
# LDAP => use LDAP authentication
Expand All @@ -42,7 +44,7 @@ ACCOUNT_PROVISIONER=

# empty => [email protected]
# => Specify the postmaster address
POSTMASTER_ADDRESS
POSTMASTER_ADDRESS=

# Check for updates on container start and then once a day
# If an update is available, a mail is sent to POSTMASTER_ADDRESS
Expand Down Expand Up @@ -105,15 +107,35 @@ ENABLE_OPENDKIM=1
# 0 => Disabled
ENABLE_OPENDMARC=1

# 1 => Enables POP3 service
# empty => disables POP3

# Enabled `policyd-spf` in Postfix's configuration. You will likely want to set this
# to `0` in case you're using Rspamd (`ENABLE_RSPAMD=1`).
#
# - 0 => Disabled
# - **1** => Enabled
ENABLE_POLICYD_SPF=1

# Enables POP3 service
# - **0** => Disabled
# - 1 => Enabled
ENABLE_POP3=1

# Enables IMAP service
# - 0 => Disabled
# - **1** => Enabled
ENABLE_IMAP=0

# Enables ClamAV, and anti-virus scanner.
# 1 => Enabled
# **0** => Disabled
ENABLE_CLAMAV=0

# Add the value of this ENV as a prefix to the mail subject when spam is detected.
# NOTE: This subject prefix may be redundant (by default spam is delivered to a junk folder).
# It provides value when your junk mail is stored alongside legitimate mail instead of a separate location (like with `SPAMASSASSIN_SPAM_TO_INBOX=1` or `MOVE_SPAM_TO_JUNK=0` or a POP3 only setup, without IMAP).
# NOTE: When not using Docker Compose, other CRI may not support quote-wrapping the value here to preserve any trailing white-space.
SPAM_SUBJECT=

# Enables Rspamd
# **0** => Disabled
# 1 => Enabled
Expand All @@ -125,6 +147,49 @@ ENABLE_RSPAMD=0
# 1 => Enabled
ENABLE_RSPAMD_REDIS=

# When enabled,
#
# 1. the "[autolearning][rspamd-autolearn]" feature is turned on;
# 2. the Bayes classifier will be trained when moving mails from or to the Junk folder (with the help of Sieve scripts).
#
# **0** => disabled
# 1 => enabled
RSPAMD_LEARN=0

# This settings controls whether checks should be performed on emails coming
# from authenticated users (i.e. most likely outgoing emails). The default value
# is `0` in order to align better with SpamAssassin. We recommend reading
# through https://rspamd.com/doc/tutorials/scanning_outbound.html though to
# decide for yourself whether you need and want this feature.
#
# Note that DKIM signing of e-mails will still happen.
RSPAMD_CHECK_AUTHENTICATED=0

# Controls whether the Rspamd Greylisting module is enabled.
# This module can further assist in avoiding spam emails by greylisting
# e-mails with a certain spam score.
#
# **0** => disabled
# 1 => enabled
RSPAMD_GREYLISTING=0

# Can be used to enable or disable the Hfilter group module.
#
# - 0 => Disabled
# - **1** => Enabled
RSPAMD_HFILTER=1

# Can be used to control the score when the HFILTER_HOSTNAME_UNKNOWN symbol applies. A higher score is more punishing. Setting it to 15 is equivalent to rejecting the email when the check fails.
#
# Default: 6
RSPAMD_HFILTER_HOSTNAME_UNKNOWN_SCORE=6

# Can be used to enable or disable the (still experimental) neural module.
#
# - **0** => Disabled
# - 1 => Enabled
RSPAMD_NEURAL=0

# Amavis content filter (used for ClamAV & SpamAssassin)
# 0 => Disabled
# 1 => Enabled
Expand All @@ -142,7 +207,7 @@ AMAVIS_LOGLEVEL=0
# 1 => DNS block lists are enabled
ENABLE_DNSBL=0

# If you enable Fail2Ban, don't forget to add the following lines to your `docker-compose.yml`:
# If you enable Fail2Ban, don't forget to add the following lines to your `compose.yaml`:
# cap_add:
# - NET_ADMIN
# Otherwise, `nftables` won't be able to ban IPs.
Expand All @@ -166,6 +231,24 @@ POSTSCREEN_ACTION=enforce
# 1 => only launch postfix smtp
SMTP_ONLY=

# Please read [the SSL page in the documentation](https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl) for more information.
#
# empty => SSL disabled
# letsencrypt => Enables Let's Encrypt certificates
# custom => Enables custom certificates
# manual => Let's you manually specify locations of your SSL certificates for non-standard cases
# self-signed => Enables self-signed certificates
SSL_TYPE=letsencrypt

# These are only supported with `SSL_TYPE=manual`.
# Provide the path to your cert and key files that you've mounted access to within the container.
SSL_CERT_PATH=
SSL_KEY_PATH=
# Optional: A 2nd certificate can be supported as fallback (dual cert support), eg ECDSA with an RSA fallback.
# Useful for additional compatibility with older MTA and MUA (eg pre-2015).
SSL_ALT_CERT_PATH=
SSL_ALT_KEY_PATH=

# Set how many days a virusmail will stay on the server before being deleted
# empty => 7 days
VIRUSMAILS_DELETE_DELAY=
Expand All @@ -179,17 +262,17 @@ VIRUSMAILS_DELETE_DELAY=
# `lmtp:<kopano-host>:2003` (use kopano as mailstore)
POSTFIX_DAGENT=

# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default).
# Set the mailbox size limit for all users. If set to zero, the size will be unlimited (default). Size is in bytes.
#
# empty => 0
POSTFIX_MAILBOX_SIZE_LIMIT=

# See https://docker-mailserver.github.io/docker-mailserver/edge/config/user-management/accounts/#notes
# See https://docker-mailserver.github.io/docker-mailserver/latest/config/account-management/overview/#quotas
# 0 => Dovecot quota is disabled
# 1 => Dovecot quota is enabled
ENABLE_QUOTAS=1
ENABLE_QUOTAS=0

# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!)
# Set the message size limit for all users. If set to zero, the size will be unlimited (not recommended!). Size is in bytes.
#
# empty => 10240000 (~10 MB)
POSTFIX_MESSAGE_SIZE_LIMIT=
Expand Down Expand Up @@ -264,13 +347,29 @@ REPORT_SENDER=
# Note: This variable can also determine the interval for Postfix's log summary reports, see [`PFLOGSUMM_TRIGGER`](#pflogsumm_trigger).
LOGROTATE_INTERVAL=weekly

# Defines how many log files are kept by logrorate
LOGROTATE_COUNT=4


# If enabled, employs `reject_unknown_client_hostname` to sender restrictions in Postfix's configuration.
#
# - **0** => Disabled
# - 1 => Enabled
POSTFIX_REJECT_UNKNOWN_CLIENT_HOSTNAME=0

# Choose TCP/IP protocols for postfix to use
# **all** => All possible protocols.
# ipv4 => Use only IPv4 traffic. Most likely you want this behind Docker.
# ipv6 => Use only IPv6 traffic.
#
# Note: More details at http://www.postfix.org/postconf.5.html#inet_protocols
POSTFIX_INET_PROTOCOLS=ipv4
POSTFIX_INET_PROTOCOLS=all

# Enables MTA-STS support for outbound mail.
# More details: https://docker-mailserver.github.io/docker-mailserver/v13.3/config/best-practices/mta-sts/
# - **0** ==> MTA-STS disabled
# - 1 => MTA-STS enabled
ENABLE_MTA_STS=0

# Choose TCP/IP protocols for dovecot to use
# **all** => Listen on all interfaces
Expand All @@ -286,9 +385,6 @@ DOVECOT_INET_PROTOCOLS=all

ENABLE_SPAMASSASSIN=0

# deliver spam messages in the inbox (eventually tagged using SA_SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1

# KAM is a 3rd party SpamAssassin ruleset, provided by the McGrail Foundation.
# If SpamAssassin is enabled, KAM can be used in addition to the default ruleset.
# - **0** => KAM disabled
Expand All @@ -297,21 +393,24 @@ SPAMASSASSIN_SPAM_TO_INBOX=1
# Note: only has an effect if `ENABLE_SPAMASSASSIN=1`
ENABLE_SPAMASSASSIN_KAM=0

# deliver spam messages to the inbox (tagged using SPAM_SUBJECT)
SPAMASSASSIN_SPAM_TO_INBOX=1

# spam messages will be moved in the Junk folder (SPAMASSASSIN_SPAM_TO_INBOX=1 required)
MOVE_SPAM_TO_JUNK=1

# add spam info headers if at, or above that level:
# spam messages will be marked as read
MARK_SPAM_AS_READ=0

# add 'spam info' headers at, or above this level
SA_TAG=2.0

# add 'spam detected' headers at that level
# add 'spam detected' headers at, or above this level
SA_TAG2=6.31

# triggers spam evasive actions
SA_KILL=10.0

# add tag to subject if spam detected
SA_SPAM_SUBJECT=***SPAM*****

# -----------------------------------------------
# --- Fetchmail Section -------------------------
# -----------------------------------------------
Expand All @@ -320,25 +419,45 @@ ENABLE_FETCHMAIL=0

# The interval to fetch mail in seconds
FETCHMAIL_POLL=300
# Use multiple fetchmail instances (1 per poll entry in fetchmail.cf)
# Supports multiple IMAP IDLE connections when a server is used across multiple poll entries
# https://otremba.net/wiki/Fetchmail_(Debian)#Immediate_Download_via_IMAP_IDLE
FETCHMAIL_PARALLEL=0

# Enable or disable `getmail`.
#
# - **0** => Disabled
# - 1 => Enabled
ENABLE_GETMAIL=0

# The number of minutes for the interval. Min: 1; Default: 5.
GETMAIL_POLL=5

# -----------------------------------------------
# --- LDAP Section ------------------------------
# --- OAUTH2 Section ----------------------------
# -----------------------------------------------

# A second container for the ldap service is necessary (i.e. https://github.com/osixia/docker-openldap)
# empty => OAUTH2 authentication is disabled
# 1 => OAUTH2 authentication is enabled
ENABLE_OAUTH2=

# Specify the user info endpoint URL of the oauth2 provider
# Example: https://oauth2.example.com/userinfo/
OAUTH2_INTROSPECTION_URL=

# -----------------------------------------------
# --- LDAP Section ------------------------------
# -----------------------------------------------

# with the :edge tag, use ACCOUNT_PROVISIONER=LDAP
# empty => LDAP authentification is disabled
# 1 => LDAP authentification is enabled
ENABLE_LDAP=
# A second container for the ldap service is necessary (i.e. https://hub.docker.com/r/bitnami/openldap/)

# empty => no
# yes => LDAP over TLS enabled for Postfix
LDAP_START_TLS=

# If you going to use the mailserver in combination with docker-compose you can set the service name here
# empty => mail.domain.com
# Specify the dns-name/ip-address where the ldap-server
# empty => mail.example.com
# Specify the `<dns-name>` / `<ip-address>` where the LDAP server is reachable via a URI like: `ldaps://mail.example.com`.
# Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
LDAP_SERVER_HOST=

# empty => ou=people,dc=domain,dc=com
Expand Down Expand Up @@ -425,11 +544,11 @@ SASLAUTHD_MECHANISMS=
SASLAUTHD_MECH_OPTIONS=

# empty => Use value of LDAP_SERVER_HOST
# Note: since version 10.0.0, you can specify a protocol here (like ldaps://); this deprecates SASLAUTHD_LDAP_SSL.
# Note: You must include the desired URI scheme (`ldap://`, `ldaps://`, `ldapi://`).
SASLAUTHD_LDAP_SERVER=

# empty => Use value of LDAP_BIND_DN
# specify an object with priviliges to search the directory tree
# specify an object with privileges to search the directory tree
# e.g. active directory: SASLAUTHD_LDAP_BIND_DN=cn=Administrator,cn=Users,dc=mydomain,dc=net
# e.g. openldap: SASLAUTHD_LDAP_BIND_DN=cn=admin,dc=mydomain,dc=net
SASLAUTHD_LDAP_BIND_DN=
Expand Down Expand Up @@ -478,7 +597,7 @@ SASLAUTHD_LDAP_AUTH_METHOD=

# Specify the authentication mechanism for SASL bind
# empty => Nothing is added to the configuration
# Any value => Fills the `ldap_mech` option
# Any value => Fills the `ldap_mech` option
SASLAUTHD_LDAP_MECH=

# -----------------------------------------------
Expand Down Expand Up @@ -510,8 +629,8 @@ SRS_SECRET=

# Setup relaying all mail through a default relay host
#
# empty => don't configure default relay host
# default host and optional port to relay all mail through
# Set a default host to relay all mail through (optionally include a port)
# Example: [mail.example.com]:587
DEFAULT_RELAY_HOST=

# -----------------------------------------------
Expand All @@ -521,23 +640,22 @@ DEFAULT_RELAY_HOST=
# Setup relaying for multiple domains based on the domain name of the sender
# optionally uses usernames and passwords in postfix-sasl-password.cf and relay host mappings in postfix-relaymap.cf
#
# empty => don't configure relay host
# default host to relay mail through
# Set a default host to relay mail through
# Example: mail.example.com
RELAY_HOST=

# empty => 25
# default port to relay mail
RELAY_PORT=25

# -----------------------------------------------
# --- Relay Host Credentials Section ------------
# -----------------------------------------------

# Configure a relay user and password to use with RELAY_HOST / DEFAULT_RELAY_HOST

# empty => no default
# default relay username (if no specific entry exists in postfix-sasl-password.cf)
RELAY_USER=

# empty => no default
# password for default relay user
RELAY_PASSWORD=

# Certificates from Caddy | https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl/#caddy | https://docker-mailserver.github.io/docker-mailserver/latest/config/security/ssl/#bring-your-own-certificates
SSL_TYPE=manual
SSL_CERT_PATH=/caddy-data/caddy/certificates/acme.zerossl.com-v2-dv90/cups-g11.aosus.org/mail.cups-g11.aosus.org.crt
SSL_KEY_PATH=/caddy-data/caddy/certificates/acme.zerossl.com-v2-dv90/cups-g11.aosus.org/mail.cups-g11.aosus.org.key
RELAY_PASSWORD=

0 comments on commit e118416

Please sign in to comment.