When I set up Postfix at work almost 1.5 years ago - it was the most basic setup without DKIM, SPF and other stuff developers now actually have to care about. But it worked and Zabbix sent mail via Postfix to my GMail account about problems (Google just marked them as "we are not sure it is email@example.com"). Now GMail won't even accept your emails without properly configured SMTP server, so I thought why not make one that can be set up in seconds anywhere in Docker? And so I created a Mail with two kind of setups:
- Send-Only (Postfix + DKIM)
- Receive-Only (Postfix + Dovecot)
You can't have mail server without domain (it would be strange to send email like firstname.lastname@example.org). So I assume you have one or more. Make sure you can change DNS settings if you want Send-Only setup. And next requirement is no surprise - Docker. Install it and copy Mail repository to your Linux machine.
This setup can use any port for sending emails from your domain. Mail can be sent by default only from localhost (127.0.0.0/8) or Docker network (172.17.0.0/16), but you can add other networks to mynetworks in examples/send-only-master.conf file and InternalHosts in examples/opendkim.conf parameters (add to network to both files!).
How To Set It Up On Server
- Create TLS certificate and key for Postfix by running
- Create DKIM key for OpenDKIM by running
sudo ./generate_key your.domain.com. Save output of this command for next section!
- Start the container by running
sudo ./run-send-only your.domain.com port_number_from_1000_to_65000. Example:
sudo ./run-send-only hashdivision.com 1234.
Output from the command above (that you saved) is your DKIM public key. It should be added as mail._domainkey TXT record to your DNS (v=DKIM1; k=rsa; p=long-string-of-random-symbols). Usually long-string-of-random-symbols is separated in output of command into multiple strings like "string1" "string2". You need to remove all quotation marks and join the strings together so there is no spaces between them. If you are unsure how to add TXT record to the DNS - Google it, you can find a lot of help and tutorials for your specific DNS provider.
DKIM record is used to verify signature of email somebody is sending. Since only you should have the private key - somebody else sending the email can't pass the test against public key in DNS. But we will take it one step further and add SPF record to DNS. It will tell other mail servers from which locations mail from your domain can be sent. For example I have TXT record
v=spf1 a:hashdivision.com -all in hashdivision.com DNS settings. It basically says that mail from @hashdivision.com can only be sent via hashdivision.com server.
There is also an DMARC record that tells mail servers what to do with mail that do not pass DKIM and SPF checks. But it is dangerous and I think DKIM and SPF is good enough for now.
How To Use It
To send email from your domain you just need to be in trusted networks (by default only localhost and Docker network) and then send SMTP queries. No authentication is needed (be careful with new networks you add!).
I used it for this blog. Mail from this blog is going through it. Check out my post on this. Usually you just need to provide IP and port to most of frameworks and tools that work with SMTP.
This setup is always using ports 25 and 993 for receiving emails for your domains and letting you check them via IMAPS protocol. You can add as many addresses and domains as you want. All mail should be forwarded to mailer user and then you should connect as email@example.com via some IMAP client (Thunderbird on Desktop or AquaMail on Android).
How To Set Up It On Server
- Create TLS certificate and key for Postfix & Dovecot by running
virtual-domainsfiles from examples folder to repository root and change them (EVERYTHING SHOULD POINT TO mailer).
dovecot_usersfiles from examples folder to repository root.
- Write your own password in
passwordfile. Random and long password is preferred as nobody will protect you from attacks.
- Optional. Change domain name from @mymail.com in
dovecot_users(DO NOT CHANGE mailer).
- Start the container by running
SMTP Part (Receiving Mail From Internet)
You can set up as many email addresses as you want. Just change
virtual-domains you copied earlier and make sure domains' DNS is actually pointing to the location of your mail server.
All the addresses should be the alias for mailer user if you want to see them via IMAP client.
IMAP Part (Reading Via IMAP Client)
Previous steps already described how to set it up on server, so here you can see how to access your mailer mailbox. GMail does not accept self-signed TLS certificates, so I used Thunderbird on Ubuntu and AquaMail on Android to view my inbox as it is THE ONLY MAIL CLIENT WITH OPTION TO DISABLE OUTGOING MAIL.
You just need to provide the IMAP server (ex. hashdivision.com), username (ex. firstname.lastname@example.org) and password. Voila, it should work if you configured everything properly.