This catalog provides a basic template to easily deploy an email server based on hardware/mailserver. To use it, just add this repository to your Rancher system as a catalog in Admin > Settings
page.
- Linux host with at least 2GB of memory and 20GB of local disk
- Supported version of Docker
- Rancher server
- Basic understanding of e-mail ecosystem and standards
And you MUST read this :
- https://github.com/hardware/mailserver#system-requirements
- https://github.com/hardware/mailserver#prerequisites
-
Add this catalog in
Admin > Settings
page : https://github.com/hardware/mailserver-rancher.git -
Select 'mailserver' from the catalog menu.
-
Fill in all required fields and adapt to your needs. For more information, read the documentation.
-
Lauch the mailserver stack. At first launch, the container takes few minutes to generate SSL certificates, DKIM keypair and update clamav database, all of this takes some time (1/2 minutes). You can check the startup logs with Rancher admin panel.
-
Now, you must setup a reverse proxy to access your administration, webmail and spam WebUIs. Add a label in the host instance configuration, in
Infrastructure > Hosts
page, namedtraefik_lb
with a value equal totrue
. Traefik will be deployed in all hosts with this label. -
Select 'traefik' load balancer from the community catalog. Fill in all required fields and adapt to your needs. If you choose API integration method, don't forget to create an API key for Traefik in
API > Keys
page. -
Once traefik is started, you can setup Postfixadmin and Rainloop configuration :
- Postfixadmin : Postfixadmin initial configuration. The setup can be used from the Rancher web console :
- Rainloop : Rainloop initial configuration
-
Done, congratulation !
- Request your SSL certificate in
${VOLUMES_ROOT_PATH}/ssl/live/mail.domain.tld
with an ACME client if you use Let's Encrypt, otherwise get your SSL certificate with the method provided by your certification authority. - Enable the custom SSL certificate support in rancher mailserver catalog.
For more information, read this : custom certificates
If you do not use your own trusted SSL certificate, a default self-signed one (RSA 4096 bits SHA2) is added here : ${VOLUMES_ROOT_PATH}/mail/ssl/selfsigned/{cert.pem, privkey.pem}
.
- Rspamd dashboard : https://spam.domain.tld/
- Administration : https://postfixadmin.domain.tld/
- Webmail : https://webmail.domain.tld/
- IMAP/SMTP username : user@domain.tld
- Incoming IMAP server : mail.domain.tld
- Outgoing SMTP server : mail.domain.tld
- IMAP port : 993
- SMTP port : 587
- SIEVE port : 4190
- IMAP Encryption protocol : SSL/TLS
- SMTP Encryption protocol : STARTTLS
- SIEVE Encryption protocol : STARTTLS