67 lines
2.5 KiB
YAML
67 lines
2.5 KiB
YAML
services:
|
|
mailserver:
|
|
image: ghcr.io/docker-mailserver/docker-mailserver:latest
|
|
container_name: mailserver
|
|
# Passe den Hostnamen an deinen tatsächlichen Mail-Server (nicht den DC) an
|
|
hostname: mail.bytetrail.at
|
|
extra_hosts:
|
|
- "WIN-GKCQRMNC3AU.bytetrail.local:192.168.56.10"
|
|
ports:
|
|
- "25:25"
|
|
- "143:143"
|
|
- "587:587"
|
|
- "993:993"
|
|
volumes:
|
|
- ./dms/mail-data/:/var/mail/
|
|
- ./dms/mail-state/:/var/mail-state/
|
|
- ./dms/mail-logs/:/var/log/mail/
|
|
- ./dms/config/:/tmp/docker-mailserver/
|
|
- ./mailserver-certs/:/tmp/dms/custom-certs/:ro
|
|
- /etc/localtime:/etc/localtime:ro
|
|
environment:
|
|
- ENABLE_SPAMASSASSIN=1
|
|
- ENABLE_CLAMAV=1
|
|
- ENABLE_FAIL2BAN=1
|
|
- ENABLE_POSTGREY=1
|
|
|
|
# >>> LDAP / Active Directory Basis-Verbindung
|
|
- ACCOUNT_PROVISIONER=LDAP
|
|
- LDAP_SERVER_HOST=ldap://WIN-GKCQRMNC3AU.bytetrail.local
|
|
- LDAP_START_TLS=yes
|
|
- DOVECOT_TLS=yes
|
|
- SASLAUTHD_LDAP_START_TLS=yes
|
|
|
|
# Bind-User (Hier der Standard-Administrator, besser wäre ein dedizierter Service-Account)
|
|
- LDAP_BIND_DN=CN=Mailserver Service Account,OU=Server,DC=bytetrail,DC=local
|
|
- LDAP_BIND_PW=Mail$$3rv!ceAcc2026
|
|
- LDAP_SEARCH_BASE=DC=bytetrail,DC=local
|
|
|
|
# >>> Postfix LDAP Integration
|
|
- LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)
|
|
- LDAP_QUERY_FILTER_USER=(&(objectclass=person)(mail=%s))
|
|
- LDAP_QUERY_FILTER_ALIAS=(&(objectclass=person)(proxyAddresses=smtp:%s))
|
|
- LDAP_QUERY_FILTER_GROUP=(&(objectClass=group)(mail=%s))
|
|
|
|
# SPOOF_PROTECTION: Beachte hier "CN=Domänen-Admins" aus deinem Screenshot
|
|
- SPOOF_PROTECTION=1
|
|
- LDAP_QUERY_FILTER_SENDERS=(|(mail=%s)(proxyAddresses=smtp:%s)(memberOf=CN=Domänen-Admins,CN=Users,DC=bytetrail,DC=local))
|
|
|
|
# >>> Dovecot LDAP Integration
|
|
- DOVECOT_AUTH_BIND=yes
|
|
- DOVECOT_USER_FILTER=(&(objectclass=person)(sAMAccountName=%n))
|
|
- DOVECOT_PASS_ATTRS=sAMAccountName=user,userPassword=password
|
|
# AD Workaround laut Doku: Hardcoded UID/GID 5000, um Rechte-Probleme zu vermeiden
|
|
- DOVECOT_USER_ATTRS==uid=5000,=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir
|
|
|
|
# >>> SASL LDAP Authentication
|
|
- ENABLE_SASLAUTHD=1
|
|
- SASLAUTHD_MECHANISMS=ldap
|
|
- SASLAUTHD_LDAP_FILTER=(&(sAMAccountName=%U)(objectClass=person))
|
|
|
|
- SSL_TYPE=manual
|
|
- SSL_CERT_PATH=/tmp/dms/custom-certs/cert.pem
|
|
- SSL_KEY_PATH=/tmp/dms/custom-certs/key.pem
|
|
|
|
- PERMIT_DOCKER=host
|
|
cap_add:
|
|
- NET_ADMIN |