dev::corusm/home//contact/

alt text

Host Mailcow with Traefik reverse Proxy

05. February 2020

How do I host securely my Mailcow Server in Docker?

Traefik

Traefik is a reverse proxy for docker container that organises the network trafic und updates the https certificates.

Scope of this Tutorial

Install Docker & Git

Arch

yay -S docker docker-compose git

Ubuntu

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo apt-get install git

Start & Enable Docker service

sudo systemctl start docker
sudo sysyemctl enable docker

Download Mailcow

In the next step we'll clone the Mailcow git Repoisitory.

Clone Git Repoisitory

git clone https://github.com/mailcow/mailcow-dockerized /opt

Change directory to /opt/mailcow-dockerized

cd /opt/mailcow-dockerized

Generate config

./generate_config.sh

Remove exposed ports from Mailcow Docker-Compose File

nginx-mailcow:
...
      #ports:
        #- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        #- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"

Create Docker-Compose Override

version: '2.1'
services:
    nginx-mailcow:
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.nginx-mailcow.entrypoints=web"
        - "traefik.http.routers.nginx-mailcow.rule=HostRegexp(`{host:(autodiscover|autoconfig|webmail|mail|email).+}`)"
        - "traefik.http.middlewares.nginx-mailcow-https-redirect.redirectscheme.scheme=https"
        - "traefik.http.routers.nginx-mailcow.middlewares=nginx-mailcow-https-redirect"
        - "traefik.http.routers.nginx-mailcow-secure.entrypoints=web-secure"
        - "traefik.http.routers.nginx-mailcow-secure.rule=Host(`mail.example.de`)" # YOUR EMAIL SUBDMAIN
        - "traefik.http.routers.nginx-mailcow-secure.tls=true"
        - "traefik.http.routers.registry-secured.tls.certresolver=myCertResolver" # ADD your Certresolver here
        - "traefik.http.routers.nginx-mailcow-secure.service=nginx-mailcow"
        - "traefik.http.services.nginx-mailcow.loadbalancer.server.port=80"
        - "traefik.docker.network=main"
      networks:
        main:
    certdumper:
        image: humenius/traefik-certs-dumper
        container_name: traefik_certdumper
        restart: unless-stopped
        network_mode: none
        command: --restart-containers mailcowdockerized_postfix-mailcow_1,mailcowdockerized_dovecot-mailcow_1
        volumes:
          # mount the folder which contains Traefik's `acme.json' file
          #   in this case Traefik is started from its own docker-compose in ../traefik
          - /home/niklas/letsencrypt:/traefik:ro
          # mount mailcow's SSL folder
          - /var/run/docker.sock:/var/run/docker.sock:ro
          - ./data/assets/ssl:/output:rw
        environment:
          - DOMAIN=mail.example.de   # YOUR EMAIL SUBDOMAIN HERE
networks:
  main: # YOUR TRAEFIK NETWORK HERE
    external: true

Download Docker-Compose.Override

wget https://gist.githubusercontent.com/corusm/063de56d133aa688f9d36a82bd78e607/raw/cdb03c2c5ef8b2ee62808a04b3aff935ab1e02e7/docker-compose.override.yml

Edit File

Now edit the File in line 12, 33, 35 as in the comments explained.

Edit Mailcow.conf

  1. Change SKIP_LETS_ENCRYPT=n to SKIP_LETS_ENCRYPT=y
  2. Change SKIP_CLAMD=n to SKIP_CLAMD=y

Run Docker-Compose - Start Mailcow

sudo docker-compose up

If you are done with this tutorial you can add the -d flag to run docker compose in the background.

Open mail.example.com

Start configuring your Mailcow Server! alt text

Configure Mailcow

Goto Configuration > Mail Setup

Add Domain

Goto Configuration > Mail Setup > Domains alt text

Add Mailbox (E-Mail Adress)

Goto Configuration > Mail Setup > Mailbox alt text

Open Webmail

https://mail.example.com/SOGo

Login

User: user@domain.com

alt text

Add DNS Config

Add DMARC Entry

_dmarc.domain.com. TXT 3600 "v=DMARC1;p=none;rua=mailto:postmaster@domain.com;ruf=mailto:postmaster@domain.com"

Add MX Entry

domain.de MX 3600 10 mail.example.com

Add DKIM Entry

dkim._domainkey.corusm.de. TXT 3600 YOUR_DKIM_KEY

INFO

It takes some time for the DNS Servers to spread the information. Give this process some time!

Check the Spammyness of your email

https://www.mail-tester.com/

  1. Open the Website
  2. Send E-Mail to this address
  3. Get the review! alt text

You're done!❤️