How do I host securely my Mailcow Server in Docker?

Traefik

Traefik is a reverse proxy for docker container that organises the network trafic und updates the https certificates.

Scope of this Tutorial

• Install Docker
• Download Mailcow
• Setup docker-compose.override
• Launch Mailcow
• Add DNS Entrys

Install Docker & Git

Arch

yay -S docker docker-compose git

Ubuntu

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo apt-get install git

Start & Enable Docker service

sudo systemctl start docker
sudo sysyemctl enable docker

Download Mailcow

In the next step we'll clone the Mailcow git Repoisitory.

Clone Git Repoisitory

git clone https://github.com/mailcow/mailcow-dockerized /opt

Change directory to /opt/mailcow-dockerized

cd /opt/mailcow-dockerized

Generate config

./generate_config.sh

Remove exposed ports from Mailcow Docker-Compose File

nginx-mailcow:
...
      #ports:
        #- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        #- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"

Create Docker-Compose Override

Download Docker-Compose.Override

wget https://gist.githubusercontent.com/corusm/063de56d133aa688f9d36a82bd78e607/raw/cdb03c2c5ef8b2ee62808a04b3aff935ab1e02e7/docker-compose.override.yml

Edit File

Now edit the File in line 12, 33, 35 as in the comments explained.

Edit Mailcow.conf

1. Change SKIP_LETS_ENCRYPT=n to SKIP_LETS_ENCRYPT=y
2. Change SKIP_CLAMD=n to SKIP_CLAMD=y

Add your subdomain mail.example.com to the certs file

Therefore we must run a test docker-compose.yml file, because I haven't got a different solution yet to create the certs for the new domain.

1. Make directory newcerts
2. Download this git in the directory wget https://gist.githubusercontent.com/corusm/f36fc12022668ee1972f004fd46385f6/raw/9da0364cd40deb4ebac50a173cedae0c636f218c/docker-compose.yml
3. Change Commented Values to your mail.example.com
4. Run Docker-Compose sudo docker-compose up --force-recreate
5. Wait until container is running
6. Stop Docker-Compose ctrl + c

Now run the Mailcow Server

• Go back to the Mailcow Directory /opt/mailcow-dockerized

Run Docker-Compose

sudo docker-compose up

If you are done with this tutorial you can add the -d flag to run docker compose in the background.

Open mail.example.com

Start configuring your Mailcow Server!

Configure Mailcow

Goto Configuration > Mail Setup

Add Domain

Goto Configuration > Mail Setup > Domains

Add Mailbox (E-Mail Adress)

Goto Configuration > Mail Setup > Mailbox

Open Webmail

https://mail.example.com/SOGo

Login

User: user@domain.com

Add DNS Config

Add DMARC Entry

_dmarc.domain.com. TXT 3600 "v=DMARC1;p=none;rua=mailto:postmaster@domain.com;ruf=mailto:postmaster@domain.com"

Add MX Entry

domain.de MX 3600 10 mail.example.com

Add DKIM Entry

• Goto Configuration > ARC/DKIM-Keys
• Add ARC/DKIM key
• Copy Private Key to DNS Server

dkim._domainkey.corusm.de. TXT 3600 YOUR_DKIM_KEY

INFO

It takes some time for the DNS Servers to spread the information. Give this process some time!

Check the Spammyness of your email

https://www.mail-tester.com/

1. Open the Website
2. Send E-Mail to this address
3. Get the review!

YOU'RE DONE!