Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen der Seite angezeigt.

--- content:serverbasics:docker-dovecot [2025/08/02 18:30] – obel1x
+++ content:serverbasics:docker-dovecot [2025/08/22 12:38] (aktuell) – obel1x
@@ Zeile 1: / Zeile 1: @@
 ====== Docker: Dovecot ======
-Dovecot ( [[https://doc.dovecot.org|https://doc.dovecot.org]] ) is a small, powerfull, fast and very stable IMAP- Server for storing Mails.
+Dovecot ( [[https://doc.dovecot.org|https://doc.dovecot.org]] ) is a small, powerfull, fast and very stable IMAP- Server for storing Mails, which can be used by any Mailclient like Thunderbird, Evolution…
-(is currently working - will write down here how soon)
+===== Prerequisites =====
+You will need all stuff to have [[:content:serverbasics:docker-freeipa|FreeIPA]] up, having understood dockers and running those services, so that LDAPs will work.
+===== Docker composer =====
+Dovecot does not use any Database, as Mails will be stored in MailDir- Format, which is using Directories and Files for each Mail, so mounting the mail- Directory is enough.
+In your docker_compose- Directory, create the ''docker-compose.yml'' with the following content:
+<file>
+services:
+# Small but performant and secure Imap- Server: https://hub.docker.com/r/dovecot/dovecot
+  dovecot:
+    image: dovecot/dovecot:latest
+#For testing:
+#    image: dovecot/dovecot:latest-dev
+    restart: always
+    read_only: true
+    stop_grace_period: 1m
+    volumes:
+      - dovecot_config:/etc/dovecot
+      - dovecot_maildata:/srv/vmail
+    tmpfs:
+      - /tmp
+      - /run/dovecot
+      - /srv/mail
+    environment:
+      # Those passwords shuld not be used/only for testing
+      # They will allow any username with that password to connect
+      USER_PASSWORD: 'VERYSTRONGFIRSTPWD'
+      DOVEADM_PASSWORD: 'VERYSTRONGSECONDPWD'
+    ports:
+      - "993:31993"
+#Listeners from Homepage
+#    POP3 on 31110, TLS 31995 (needs config file to enable, disabled by default)
+#    IMAP on 31143, TLS 31993
+#    Submission on 31587
+#    LMTPS on 31024
+#    ManageSieve on 34190
+#    HTTP API on 8080
+#    Metrics on 9090
+    networks:
+      - default
+volumes:
+  dovecot_config:
+  dovecot_maildata:
+networks:
+# Still needs to be defined while without it won't enable ipv6
+  default:
+    driver: bridge
+    enable_ipv6: true
+</file>
+Basically, ''docker compose up -d'' will already start your Server.
+===== LDAP Password-Checks =====
+In your Volume dovecot_config you will now find the directory conf.d - put some file in here like domainname.conf to have it loaded in your dovecot- config. It will overwrite all basic settings.
+<file>
+ssl = required
+auth_allow_cleartext = no
+#external connection: check SSL validity. Won't validate let's encrypt LDAP- Certs without importing CA
+ssl_client_require_valid_cert = no
+ssl_server {
+  cert_file = /etc/dovecot/ssl/domain.tld.crt
+  key_file = /etc/dovecot/ssl/domain.tld.key
+}
+#LDAP Auth
+# Password lookup: will also do full user/pass bind to check, so this should be enough
+# https://doc.dovecot.org/2.4.1/core/config/auth/databases/ldap.html#authentication-binds
+#For debugging and also provides useful informations about logins
+log_debug = category=auth
+passdb ldap {
+# will speed up check of user when using multiple queries to ldap-server like userdb- checking too
+# will slow down if only one check is done per login
+#  use_worker = yes
+  driver = ldap
+  ldap_uris = ldaps://dockerproject-ipa-1:636
+  bind = yes
+  bind_userdn = uid=%{user},cn=users,cn=accounts,dc=domain,dc=tld
+  filter = (&(objectClass=posixAccount)(uid=%{user}))
+  ldap_base = dc=domain,dc=tld
+}
+</file>
+Change Domain, tld and your docker-hostname to match your needs.
+===== SSL Setup =====
+Also, you need your ACME- Certificates of Caddy copied to that Volume. I do it with the file ''cert_renew.sh''
+<file>
+#!/bin/bash
+#Renew ACME Certs of Dovecot from Caddy
+cat /home/docker/docker_volumes/dockerproject_caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/domain.tld/domain.tld.key> /home/docker/docker_volumes/pcserver2023_dovecot_config/_data/ssl/domain.tld.key
+cat /home/docker/docker_volumes/dockerproject_caddy_data/_data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/domain.tld/domain.tld.crt> /home/docker/docker_volumes/pcserver2023_dovecot_config/_data/ssl/domain.tld.crt
+</file>
+which i call every Day with dockers crontab.
+Make sure that the files are accessible for dovecot (and if possible to noone else, not in container nor on your host).
 ===== Possible problems =====