first commit

docker-compose.yml

@@ -0,0 +1,67 @@
+services:
+  mailserver:
+    image: ghcr.io/docker-mailserver/docker-mailserver:latest
+    container_name: mailserver
+    # Passe den Hostnamen an deinen tatsächlichen Mail-Server (nicht den DC) an
+    hostname: mail.bytetrail.at
+    extra_hosts:
+      - "WIN-GKCQRMNC3AU.bytetrail.local:192.168.56.10"
+    ports:
+      - "25:25"
+      - "143:143"
+      - "587:587"
+      - "993:993"
+    volumes:
+      - ./dms/mail-data/:/var/mail/
+      - ./dms/mail-state/:/var/mail-state/
+      - ./dms/mail-logs/:/var/log/mail/
+      - ./dms/config/:/tmp/docker-mailserver/
+      - ./mailserver-certs/:/tmp/dms/custom-certs/:ro
+      - /etc/localtime:/etc/localtime:ro
+    environment:
+      - ENABLE_SPAMASSASSIN=1
+      - ENABLE_CLAMAV=1
+      - ENABLE_FAIL2BAN=1
+      - ENABLE_POSTGREY=1
+
+      # >>> LDAP / Active Directory Basis-Verbindung
+      - ACCOUNT_PROVISIONER=LDAP
+      - LDAP_SERVER_HOST=ldap://WIN-GKCQRMNC3AU.bytetrail.local
+      - LDAP_START_TLS=yes
+      - DOVECOT_TLS=yes
+      - SASLAUTHD_LDAP_START_TLS=yes
+
+      # Bind-User (Hier der Standard-Administrator, besser wäre ein dedizierter Service-Account)
+      - LDAP_BIND_DN=CN=Mailserver Service Account,OU=Server,DC=bytetrail,DC=local
+      - LDAP_BIND_PW=Mail$$3rv!ceAcc2026
+      - LDAP_SEARCH_BASE=DC=bytetrail,DC=local
+
+      # >>> Postfix LDAP Integration
+      - LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)
+      - LDAP_QUERY_FILTER_USER=(&(objectclass=person)(mail=%s))
+      - LDAP_QUERY_FILTER_ALIAS=(&(objectclass=person)(proxyAddresses=smtp:%s))
+      - LDAP_QUERY_FILTER_GROUP=(&(objectClass=group)(mail=%s))
+
+      # SPOOF_PROTECTION: Beachte hier "CN=Domänen-Admins" aus deinem Screenshot
+      - SPOOF_PROTECTION=1
+      - LDAP_QUERY_FILTER_SENDERS=(|(mail=%s)(proxyAddresses=smtp:%s)(memberOf=CN=Domänen-Admins,CN=Users,DC=bytetrail,DC=local))
+
+      # >>> Dovecot LDAP Integration
+      - DOVECOT_AUTH_BIND=yes
+      - DOVECOT_USER_FILTER=(&(objectclass=person)(sAMAccountName=%n))
+      - DOVECOT_PASS_ATTRS=sAMAccountName=user,userPassword=password
+      # AD Workaround laut Doku: Hardcoded UID/GID 5000, um Rechte-Probleme zu vermeiden
+      - DOVECOT_USER_ATTRS==uid=5000,=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir
+
+      # >>> SASL LDAP Authentication
+      - ENABLE_SASLAUTHD=1
+      - SASLAUTHD_MECHANISMS=ldap
+      - SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
+
+      - SSL_TYPE=manual
+      - SSL_CERT_PATH=/tmp/dms/custom-certs/cert.pem
+      - SSL_KEY_PATH=/tmp/dms/custom-certs/key.pem
+
+      - PERMIT_DOCKER=host
+    cap_add:
+      - NET_ADMIN