Mailserver architecture
The core Mailserver container ships pre-configured SMTP(S) and IMAP(S) servers.
It uses HTTP to request and to renew letsencrypt certificates.
These certificates are used by both IMAP(S) and SMTPS(S) servers for TLS connections.
Further, the Mailserver optionally serves as a HTTPS proxy to Grafana dashboards if monitoring is enabled (METRICS=true in settings.env).
Mailserver uses a single directory - _server_workspace_ - to store all state.
This directory is mounted to /host inside the container.
Configuration, mailboxes and certificates are stored there.
The WWW root of the webserver used for letsencrypt request challenges is there, too.
At the first start of the mailserver container, service directories are copied from /etc inside the container to /host/etc, and soft-linked inside the container to point to /host/etc. Certificates are requested and end up in /host/etc/letsencrypt, and DH parameters for Postfix are generated.
At every restart these soft-links are re-created so the container always uses service configuration from /host/etc. Configuration snippets in template format are rendered to pick up the latest changes from settings.env.