Clone
This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
一、环境准备
1.公网服务器,含公网IP
2.域名一个,做好解析,邮箱地址xxx.xx切换为购买的域名
例如:
| 类型 | 记录 | 值 |
|---|---|---|
| A | 服务器IP | |
| MX | @ | mail.xxx.xx |
| TXT | @ | v=spf1 mx ~all |
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:dmarc.report@xxx.xx; ruf=mailto:dmarc.report@xxx.xx; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine |
3.服务器安装Docker和Docker Compose
4.申请证书,放到docker数据目录的ssl文件夹下
apt install cerbot -y
# `此 命令会生成 一条 TXT 记录记录用于验证,输入邮箱 yes yes然后解析txt记录,点完成`
certbot certonly --manual --preferred-challenge dns -d mail.xxx.xx
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/mail.xxx.xx/fullchain.pem
Key is saved at: /etc/letsencrypt/live/mail.xxx.xx/privkey.pem
This certificate expires on 2025-07-13.
These files will be updated when the certificate renews.
#然后移动到指定目录
下载docker文件
git clone https://github.com/docker-mailserver/docker-mailserver.git
二、进入dockermailserver目录修改配置文件
services:
mailserver:
image: ghcr.io/docker-mailserver/docker-mailserver:latest
container_name: mailserver
# Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
hostname: mail.xxx.xx
#邮箱域名
env_file: mailserver.env
# More information about the mail-server ports:
# https://docker-mailserver.github.io/docker-mailserver/latest/config/security/understanding-the-ports/
ports:
- "25:25" # SMTP (explicit TLS => STARTTLS, Authentication is DISABLED => use port 465/587 instead)
- "143:143" # IMAP4 (explicit TLS => STARTTLS)
- "465:465" # ESMTP (implicit TLS)
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 (implicit TLS)
volumes:
- ./docker-data/dms/mail-data/:/var/mail/
- ./docker-data/dms/mail-state/:/var/mail-state/
- ./docker-data/dms/mail-logs/:/var/log/mail/
- ./docker-data/dms/config/:/tmp/docker-mailserver/
- /etc/localtime:/etc/localtime:ro
- ./ssl/:/tmp/ssl/
#证书文件存放位置
restart: always
stop_grace_period: 1m
# Uncomment if using `ENABLE_FAIL2BAN=1`:
# cap_add:
# - NET_ADMIN
healthcheck:
test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
timeout: 3s
retries: 0
networks:
DockerMacvlan: # 使用已存在的macvlan网络
ipv4_address: 192.xxx.x.xxx # 分配静态IP地址
networks:
DockerMacvlan:
external: true # 引用已存在的网络
修改env文件
vim mailserver.env
#配置证书路径
SSL_CERT_PATH=/tmp/ssl/fullchain.pem
SSL_KEY_PATH=/tmp/ssl/privkey.pem
#配置邮箱管理员
POSTMASTER_ADDRESS=postmaster@xxx.xx
三、启动服务
docker-compose up -d `# 启动容器`
docker-compose logs -f `# 观察容器 相关日志`
./setup.sh email add xx@xxx.xx "xxx" `# 添加 邮件账号及密码`
./setup.sh email update xx@xxx.xx "xxx" `# 更新 邮件账号及密码`
四、生成并解析dkim记录
./setup.sh config dkim
cat /tmp/docker-mailserver/opendkim/keys/xxx.xx/mail.private