Building a Poste Mail Server with Docker

Publish: 2021-06-23 | Modify: 2021-06-23

Self-built mail services can be exempt from sending volume restrictions and have lower costs for batch sending, but deployment is relatively complex and prone to ending up in the spam folder. However, more and more service providers have developed products that support one-click deployment and other methods, greatly reducing the difficulty of deployment and use. This time, I would like to recommend an open-source mail service called poste to everyone.

poste

About poste

poste is an open-source mail service software that can be easily set up: SMTP + IMAP + POP3 + anti-spam + anti-virus + web management + web email. It supports the following features:

  • Native implementation of SPF, DKIM, DMARC, SRS, with a simple wizard
  • Anti-virus engine (ClamAV) for detecting trojans, viruses, and malware
  • Built-in spam filter (RSPAMD)
  • Webmail client (Roundcube) on HTTPS
  • Email redirection, auto-reply, and other filtering through Sieve scripts (email owner management, scripts can be written for each operation)
  • Quotas for limiting mailbox space or email quantity
  • Web management for system administrators, domain administrators, and email owners with different permissions
  • Automatic discovery of Microsoft products, Thunderbird, etc.
  • Diagnostic tools to help set up domains and mail servers correctly
  • SMTP - ports 25, 465 (TLS), 587
  • POP3 - ports 110, 995 (TLS)
  • IMAP - ports 143, 993 (TLS)
  • SSL/TLS everywhere! No personal data, emails, or login information is transmitted over the internet without encryption.
  • By default, all passwords are stored as salted SHA512 hashes (5000 rounds). It will be difficult for attackers to crack your passwords.
  • The entire mail server container is isolated from Docker and other applications.

Preparation

  • A VPS with a dedicated IP
  • Support for port 25 and email sending
  • Recommended memory of 2GB or more
  • A clean IP that is not blocked or marked as a spam IP
  • Docker installed in advance

For instructions on installing Docker, you can refer to this article "Installing Docker on Linux and Common Docker Commands". If you are using CentOS 7, you can also use the one-click Docker installation script provided by xiaoz.

# One-click installation of Docker on CentOS
wget https://raw.githubusercontent.com/helloxz/shell/master/install_docker.sh && bash install_docker.sh

Deploying poste with Docker

Deploying poste with Docker will hardly affect the existing services on your server. Just copy and execute the following command:

docker run -d \
    -p 880:80 -p 8443:443 -p 25:25 -p 110:110 -p 143:143 -p 465:465 -p 587:587 -p 993:993 -p 995:995 -p 4190:4190 \
    -e TZ=Asia/Shanghai \
    -v /data/mail-data:/data \
    --name "mailserver" \
    -h "mail.your-domain.com" \
    --restart=always \
    -t analogic/poste.io

The meanings of the parameters are as follows:

  • 880/8443 are the web access ports. To avoid conflicts with existing web services (such as nginx), we use 880/8443 as the web ports here.
  • TZ=Asia/Shanghai: Set the container to the Shanghai time zone.
  • /data/mail-data: Local data directory, modify it to the server directory according to the actual situation.
  • mail.xxx.com: Change it to your own domain name.
  • --restart=always: Automatically restart the container if it fails.

If the deployment encounters port 25 being occupied, you can use netstat -apn|grep 25 to check if it is caused by postfix. On CentOS 7, you can uninstall postfix:

# Uninstall postfix
yum -y remove postfix

After deployment, access https://IP:8443/ and complete the initial setup according to the prompts.

DNS Settings

Go to your DNS service provider and set up domain name resolution according to the following requirements. Otherwise, the mail service will not work properly. In the table below:

  • your-domain.com is your own domain name
  • 1.2.3.4 is your mail server IP
Hostname Record Type Record Value
mail.your-domain.com A 1.2.3.4
smtp.your-domain.com CNAME mail.your-domain.com
pop.your-domain.com CNAME mail.your-domain.com
imap.your-domain.com CNAME mail.your-domain.com
your-domain.com MX mail.your-domain.com
your-domain.com TXT v=spf1 mx ~all

Setting up DKIM Verification

In the poste backend, go to Virtual domains, click on the corresponding domain, go to DKIM key, and create a key. Then set up the txt record according to the requirements.

DKIM

Setting up PTR Reverse Lookup

A PTR record is a type of Domain Name System (DNS) record that resolves an IP address to a domain or host name. Another type of DNS record is an A record (in IPv4) or AAAA record (in IPv6), which resolves a domain or host name to an IP address. PTR records are commonly used for reverse address resolution. - Excerpt from Baidu Baike

Reverse lookup refers to the IP pointing to the domain name. This operation needs to be performed at the hosting service provider. Please consult your hosting service provider for specific instructions.

For example, with UltraVPS, you can directly add PTR reverse lookup in the control panel to point the IP to your mail server, such as mail.your-domain.com.

PTR

Adding SPF/DKIM/PTR records can improve the credibility of emails and reduce the chances of them ending up in the spam folder. These are essential key steps.

Setting up TLS/SSL

If your mail domain is mail.your-domain.com, you need to apply for an SSL certificate for this domain. You can refer to "Using acme.sh to Apply for ZeroSSL Wildcard Certificates, a Substitute for Let's Encrypt" or apply for an SSL certificate from other service providers.

After obtaining the SSL certificate, open the poste backend, go to System settings, TLS Certificate, and upload the certificate file as instructed in the screenshot.

TLS

SSL providers will automatically merge intermediate certificates into the certificate file (such as Tencent Cloud). Therefore, the intermediate certificate option can be the same as the certificate. Then click Save. After saving, you need to restart the container for the changes to take effect: docker restart mailserver.

Login and Management

After enabling SSL, you can access it via the domain name: https://mail.your-domain.com:8443/. By default, it is the webmail login page, where you can send and receive emails, etc.

Webmail

If you need to log in to the system management, you can modify the address to https://mail.your-domain.com:8443/admin/login.

Admin

Email Scoring Test

You can use https://www.mail-tester.com/ to perform an email scoring test. It will detect any issues with your emails and provide optimization suggestions. However, please note that the score given by this tool is not absolutely accurate and the results are for reference only.

Email Test

Personal Recommendations

Before setting up a self-built mail service, there are some points to note. Here are some personal recommendations based on experience, hoping to be helpful:

  • Use domain name extensions with higher credibility, such as .com/.net/.org, and try to avoid using strange and niche extensions.
  • Use domain names with English letters, and try to avoid using purely numeric domain names.
  • The longer the domain name has been registered, the better. It is recommended to register for more than 7 days.
  • Use a clean IP, which can be checked using https://poste.io/dnsbl.
  • PTR reverse lookup is supported by the IP. Please consult your hosting service provider.

Conclusion

Compared to other self-built mail services, poste is relatively simple, but there are still many steps involved. Based on my experience, I have successfully set up poste for other users, and it can handle sending 10,000 emails in a day without any problems. However, if you send a large number of spam emails for a long time, you may end up being blacklisted. Therefore, I recommend that you use it responsibly.

poste official website: https://poste.io/


Comments