Use poste.io + nginx proxy manager to build a mail server, with solutions for LE challenge fail

Web Development Linux
28

Install poste.io

  1. First, make sure you have installed docker. If not, you can refer to article
  2. It is personally recommended to use docker compose for deployment. For the corresponding port introduction, please refer to the official website. If you need to open the anti-virus function (DISABLE_CLAMAV) and the anti-spam function (DISABLE_RSPAMD), you can change the corresponding true to false. However, the memory and CPU usage may increase accordingly.
# docker-compose.yml
services:
  mailserver:
    image: analogic/poste.io
    container_name: mailserver
    hostname: mail.yourdomain.com
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "587:587"
      - "993:993"
      - "995:995"
      - "4190:4190"
      - "465:465"
      - "8808:80"
      - "8843:443"
    environment:
      - [email protected]
      - LETSENCRYPT_HOST=mail.yourdomain.com
      - VIRTUAL_HOST=mail.yourdomain.com
      - DISABLE_CLAMAV=TRUE
      - DISABLE_RSPAMD=TRUE
      - HTTPS=OFF
    volumes:
      - ./mail-data:/data
    restart: unless-stopped
  1. Use sudo docker compose up -d to start the mail server
  2. Make sure your domain name mail.yourdomain.com is resolved to your server in the DNS resolution. More specifically, select the dns record in your domain name provider, select A for type, fill in mail for name, and fill in your server ip for ipv4 address.
  3. Continue to add records, select MX for type, fill in yourdomain.com for name, and fill in mail.yourdomain.com for mail server
  4. Add three more CNAME records: names are smtp, pop, imap, and the target is mail.yourdomain.com
  5. Add another txt record, name yourdomain.com, target "v=spf1 mx ~all"
  6. Add another txt record, name _dmarc.yourdomain.com, target "v=DMARC1; p=none; rua=mailto:[email protected]" Here [email protected] can be replaced with any [email protected] But remember to create the corresponding account in the email server later.
  7. Open your npm. If you have not configured it, please refer to the previous article, add proxy hosts. Fill in mail.yourdomain.com for domain names, your IP for forward hostname/IP, and 8808 for forward port. Save. (I have checked all the following 3 options here. In addition, I have also set up an SSL certificate, which allows me to directly open my mail server via https, but there is still a problem with le challenge, so the following solution is still needed)
  8. Open mail.yourdomain.com and configure it according to the prompts. Click your virtual domains, and then click Generate dkim key. Open the DNS record of your DNS operator according to the content, add a txt record, fill in the name with the part similar to _s20160910378._domainkey.yourdomain.com, and write the target with the content similar to "k=rsa;p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0FvkMuwN46vvtQCC1JZz7XzRE+l+Lf8/5XUKwWJXOcE7dJoZBbOE0Gz85phZ2q+y4l8D7t/hXDz9q+6/KVQDgJ9muaxSM/uS+KG0ds0QL EiV0GYCVu+ZZQSNPBPjOwlDvo3LraW00lMpd5dUj+xpr07ShfIoULhi7/7t76n5GZMse9yBa4hIhxSG/wCAB4D6IWYBURz9Pc75IDPDTlImr3TP/82YrsULY70CHaPHA1+j1VPA5lE+tnmeqxJW6P537xSutDppv8BZg4nlF3ojg2k6LB/cq15C4QRPAMs77pRA4GVnys1LEJ3JDvV3/csOCZ49oC4m44/TnWXk057OAwIDAQAB" part
  9. Now everything is configured except ssl is not configured

Solution to LE challenge fail and ssl cannot be configured when using npm

The solution comes from Nginx Proxy Manager Github Issue and official website doc

  1. First, make sure you have installed docker. If not, you can refer to article
  2. If you use docker-compose for deployment, you need to add an additional well-known address to the volume. It is best to use the solution mentioned in the github issue, that is, create a docker volume so that both npm and poste io can use it.
# can use this command to creat
sudo docker volume create well-known

After creation, add the following file (if you do not want to call it well-known, make sure to replace well-known with your volume name):

# docker-compose.yml
services:
  mailserver:
    image: analogic/poste.io
    container_name: mailserver
    hostname: mail.yourdomain.com
    ports:
      - "25:25"
      - "110:110"
      - "143:143"
      - "587:587"
      - "993:993"
      - "995:995"
      - "4190:4190"
      - "465:465"
      - "8808:80"
      - "8843:443"
    environment:
      - [email protected]
      - LETSENCRYPT_HOST=mail.yourdomain.com
      - VIRTUAL_HOST=mail.yourdomain.com
      - DISABLE_CLAMAV=TRUE
      - DISABLE_RSPAMD=TRUE
      - HTTPS=OFF
    volumes:
      - ./mail-data:/data
      - well-known:/opt/www/.well-known
    restart: unless-stopped
volumes:
  well-known:
    external: true
  1. Use sudo docker compose restart and then go to your mail server and click system settings, click TLS certificate, and click change certificate settings. Check enabled, write mail.yourdomain.com in common name, and smtp.yourdomain.com, pop.yourdomain.com, imap.yourdomain.com in alternative names. Click save changes.

Appendix

Here are some recommended testing websites

  1. MX ToolBox: can check whether dmarc, smtp, etc. are set correctly
  2. mail tester: test the spammyness of your emails.