DEV Community

Cover image for Host Mailcow with Traefik reverse Proxy
corusm
corusm

Posted on

Host Mailcow with Traefik reverse Proxy

How do I host securely my Mailcow Server in Docker?

Traefik

Traefik is a reverse proxy for docker container that organises the network trafic und updates the https certificates.

Scope of this Tutorial

  • Install Docker
  • Download Mailcow
  • Setup docker-compose.override
  • Launch Mailcow
  • Add DNS Entrys

Install Docker & Git

Arch

yay -S docker docker-compose git
Enter fullscreen mode Exit fullscreen mode

Ubuntu

curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo apt-get install git
Enter fullscreen mode Exit fullscreen mode

Start & Enable Docker service

sudo systemctl start docker
sudo sysyemctl enable docker
Enter fullscreen mode Exit fullscreen mode

Download Mailcow

In the next step we'll clone the Mailcow git Repoisitory.

Clone Git Repoisitory

git clone https://github.com/mailcow/mailcow-dockerized /opt
Enter fullscreen mode Exit fullscreen mode

Change directory to /opt/mailcow-dockerized

cd /opt/mailcow-dockerized
Enter fullscreen mode Exit fullscreen mode

Generate config

./generate_config.sh
Enter fullscreen mode Exit fullscreen mode

Remove exposed ports from Mailcow Docker-Compose File

nginx-mailcow:
...
      #ports:
        #- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        #- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"

Enter fullscreen mode Exit fullscreen mode

Create Docker-Compose Override

Download Docker-Compose.Override

wget https://gist.githubusercontent.com/corusm/063de56d133aa688f9d36a82bd78e607/raw/cdb03c2c5ef8b2ee62808a04b3aff935ab1e02e7/docker-compose.override.yml
Enter fullscreen mode Exit fullscreen mode

Edit File

Now edit the File in line 12, 33, 35 as in the comments explained.

Edit Mailcow.conf

  1. Change SKIP_LETS_ENCRYPT=n to SKIP_LETS_ENCRYPT=y
  2. Change SKIP_CLAMD=n to SKIP_CLAMD=y

Add your subdomain mail.example.com to the certs file

Therefore we must run a test docker-compose.yml file, because I haven't got a different solution yet to create the certs for the new domain.

  1. Make directory newcerts
  2. Download this git in the directory

wget https://gist.githubusercontent.com/corusm/f36fc12022668ee1972f004fd46385f6/raw/9da0364cd40deb4ebac50a173cedae0c636f218c/docker-compose.yml

  1. Change Commented Values to your mail.example.com
  2. Run Docker-Compose sudo docker-compose up --force-recreate
  3. Wait until container is running
  4. Stop Docker-Compose ctrl + c

Now run the Mailcow Server

  • Go back to the Mailcow Directory /opt/mailcow-dockerized

Run Docker-Compose

sudo docker-compose up
Enter fullscreen mode Exit fullscreen mode

If you are done with this tutorial you can add the -d flag to run docker compose in the background.

Open mail.example.com

Start configuring your Mailcow Server!
alt text

Configure Mailcow

Goto Configuration > Mail Setup

Add Domain

Goto Configuration > Mail Setup > Domains
alt text

Add Mailbox (E-Mail Adress)

Goto Configuration > Mail Setup > Mailbox
alt text

Open Webmail

https://mail.example.com/SOGo

Login

User: user@domain.com
Enter fullscreen mode Exit fullscreen mode

alt text

Add DNS Config

Add DMARC Entry

_dmarc.domain.com. TXT 3600 "v=DMARC1;p=none;rua=mailto:postmaster@domain.com;ruf=mailto:postmaster@domain.com"
Enter fullscreen mode Exit fullscreen mode

Add MX Entry

domain.de MX 3600 10 mail.example.com
Enter fullscreen mode Exit fullscreen mode

Add DKIM Entry

  • Goto Configuration > ARC/DKIM-Keys
  • Add ARC/DKIM key alt text
  • Copy Private Key to DNS Server alt text
dkim._domainkey.corusm.de. TXT 3600 YOUR_DKIM_KEY
Enter fullscreen mode Exit fullscreen mode

INFO

It takes some time for the DNS Servers to spread the information. Give this process some time!

Check the Spammyness of your email

https://www.mail-tester.com/

  1. Open the Website
  2. Send E-Mail to this address
  3. Get the review! alt text

YOU'RE DONE!

Discussion (0)