Usage
This page explains how to get started with DMS. The guide uses Docker Compose as a reference. In our examples, a volume mounts the host locationdocker-data/dms/config/ to/tmp/docker-mailserver/ inside the container.
Preliminary Steps
Before you can get started with deploying your own mail server, there are some requirements to be met:
- You need to have a host that you can manage.
- You need to own a domain, and you need to be able to manage DNS for this domain.
Host Setup
There are a few requirements for a suitable host system:
- The host should have a static IP address; otherwise you will need to dynamically update DNS (undesirable due to DNS caching)
- The host should be able to send/receive on thenecessary ports for mail
- You should be able to set a
PTRrecord for your host; security-hardened mail servers might otherwise reject your mail server as the IP address of your host does not resolve correctly/at all to the DNS name of your server.
About the Container Runtime
On the host, you need to have a suitable container runtime (likeDocker orPodman) installed. We assumeDocker Compose isinstalled. We have aligned file names and configuration conventions with the latestDocker Compose (currently V2) specification.
If you're using podman, make sure to read the relateddocumentation.
Minimal DNS Setup
The DNS setup is a big and essential part of the whole setup. There is a lot of confusion for newcomers and people starting out when setting up DNS. This section provides an example configuration and supplementary explanation. We expect you to be at least a bit familiar with DNS, what it does and what the individual record types are.
Now let's say you just boughtexample.com and you want to be able to send and receive e-mails for the addresstest@example.com. On the most basic level, you will need to
- set an
MXrecord for your domainexample.com- in our example, the MX record containsmail.example.com - set an
Arecord that resolves the name of your mail server - in our example, the A record contains11.22.33.44 - (in a best-case scenario) set a
PTRrecord that resolves the IP of your mail server - in our example, the PTR containsmail.example.com
We will later dig into DKIM, DMARC & SPF, but for now, these are the records that suffice in getting you up and running. Here is a short explanation of what the records do:
- TheMX record tells everyone which (DNS) name is responsible for e-mails on your domain. Because you want to keep the option of running another service on the domain name itself, you run your mail server on
mail.example.com. This does not imply your e-mails will look liketest@mail.example.com, the DNS name of your mail server is decoupled of the domain it serves e-mails for. Your mail server could also handle emails fortest@some-other-domain.com, if the MX record forsome-other-domain.compoints tomail.example.com. - TheA record tells everyone which IP address the DNS name
mail.example.comresolves to. - ThePTR record is the counterpart of the A record, telling everyone what name the IP address
11.22.33.44resolves to.
About The Mail Server's Fully Qualified Domain Name
The mail server's fully qualified domain name (FQDN) in our example above ismail.example.com. Please note though that this is more of a convention, and not due to technical restrictions. One could also run the mail server
- on
foo.example.com: you would just need to change yourMXrecord; - on
example.comdirectly: you would need to change yourMXrecord and probablyread our docs on bare domain setups, as these setups are called "bare domain" setups.
The FQDN is what is relevant for TLS certificates, it has no (inherent/technical) relation to the email addresses and accounts DMS manages. That is to say: even though DMS runs onmail.example.com, orfoo.example.com, orexample.com, there is nothing that prevents it from managing mail forbarbaz.org -barbaz.org will just need to set itsMX record tomail.example.com (orfoo.example.com orexample.com).
If you setup everything, it should roughly look like this:
$dig@1.1.1.1+shortMXexample.commail.example.com$dig@1.1.1.1+shortAmail.example.com11.22.33.44$dig@1.1.1.1+short-x11.22.33.44mail.example.comDeploying the Actual Image
Tagging Convention
To understand which tags you should use, read this section carefully.Our CI will automatically build, test and push new images to the following container registries:
- DockerHub (
docker.io/mailserver/docker-mailserver) - GitHub Container Registry (
ghcr.io/docker-mailserver/docker-mailserver)
All workflows are using the tagging convention listed below. It is subsequently applied to all images.
| Event | Image Tags |
|---|---|
push onmaster | edge |
push a tag (v1.2.3) | 1.2.3,1.2,1,latest |
Get All Files
Issue the following commands to acquire the necessary files:
DMS_GITHUB_URL="https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/master"wget"${DMS_GITHUB_URL}/compose.yaml"wget"${DMS_GITHUB_URL}/mailserver.env"Configuration Steps
- First edit
compose.yamlto your liking- Substitute
mail.example.comaccording to your FQDN. - If you want to use SELinux for the
./docker-data/dms/config/:/tmp/docker-mailserver/mount, append-zor-Z.
- Substitute
- Then configure the environment specific to the mail server by editing
mailserver.env, but keep in mind that:- onlybasic
VAR=VALis supported - do not quote your values
- variable substitution is not supported, e.g.
OVERRIDE_HOSTNAME=$HOSTNAME.$DOMAINNAMEdoes not work
- onlybasic
Get Up and Running
Using the Correct Commands For Stopping and Starting DMS
Usedocker compose up / down, notdocker compose start / stop. Otherwise, the container is not properly destroyed and you may experience problems during startup because of inconsistent state.
UsingCtrl+Cis not supported either!
For an overview of commands to manage DMS config, run:docker exec -it <CONTAINER NAME> setup help.
Usage ofsetup.sh when no DMS Container Is Running
We encourage you to directly usesetup inside the container (like shown above). If you still want to usesetup.sh, here's some information about it.
If no DMS container is running, any./setup.sh command will check online for the:latest image tag (the currentstable release), performing adocker pull ... if necessary followed by running the command in a temporary container:
$./setup.shhelpImage 'ghcr.io/docker-mailserver/docker-mailserver:latest' not found. Pulling ...SETUP(1)NAME setup - 'docker-mailserver' Administration & Configuration script...$dockerrun--rmghcr.io/docker-mailserver/docker-mailserver:latestsetuphelpSETUP(1)NAME setup - 'docker-mailserver' Administration & Configuration script...On first start, you will need to add at least one email account (unless you're using LDAP). You have two minutes to do so, otherwise DMS will shutdown and restart. You can add accounts by runningdocker exec -ti <CONTAINER NAME> setup email add user@example.com.That's it! It really is that easy.
Further Miscellaneous Steps
Setting up TLS
You definitely want to setup TLS. Please refer toour documentation about TLS.
Aliases
You should add at least onealias, thepostmaster alias. This is a common convention, but not strictly required.
dockerexec-ti<CONTAINERNAME>setupaliasaddpostmaster@example.comuser@example.comAdvanced DNS Setup - DKIM, DMARC & SPF
You will very likely want to configure your DNS with these TXT records:SPF, DKIM, and DMARC. We also ship adedicated page in our documentation about the setup of DKIM, DMARC & SPF.
Custom User Changes & Patches
If you'd like to change, patch or alter files or behavior of DMS, you can use a script. Seethis part of our documentation for a detailed explanation.
Testing
Here are some tools you can use to verify your configuration: