KNet/knet-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
knet-mailserver/readme.md
karmacoma 0fe5927a0d poste
2025-12-27 03:14:53 +01:00

63 lines
3 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Poste.io behind Traefik (Coolify)
Self-hosted poste.io with HTTP(S) served by Traefik (managed by Coolify) and mail protocols exposed directly to the host.
## Network scheme (per poste.io docs)
- Mail ports (SMTP/IMAP/POP3/Sieve) are published directly on the host so clients and remote MTAs reach the real server IP.
- HTTP(S) for the admin UI and webmail is terminated by Traefik and forwarded internally to poste.io on port 8080 (poste runs with `HTTPS=OFF`).
- Set Docker `userland-proxy` to `false` to avoid losing real client IPs when publishing mail ports (poste.io warns about open relay risk when proxying mail ports).
## Prerequisites
- Domain with A/AAAA record for `POSTE_HOSTNAME` (e.g., `mail.example.com`) pointing to the server public IP.
- MX record pointing to `POSTE_HOSTNAME`.
- Optional but recommended: PTR (rDNS) matching `POSTE_HOSTNAME`.
- DNS access to add SPF/TXT, DKIM (after initial setup), and DMARC records.
- Coolify with its Traefik stack running and an external Docker network available (default name `coolify-overlay`).
## Configure Docker for real client IPs
Create or update `/etc/docker/daemon.json`:
```json
{
"userland-proxy": false
}
```
Restart Docker (`sudo systemctl restart docker`). This keeps source IPs visible to poste.io while using published ports.
## Environment variables
Create `.env` next to `docker-compose.yml` (adjust values):
```
POSTE_HOSTNAME=mail.example.com
TZ=UTC
TRAEFIK_NETWORK=coolify-overlay
TRAEFIK_CERTRESOLVER=coolify
DISABLE_CLAMAV=false
DISABLE_RSPAMD=false
```
## Deploy with Coolify
1) Ensure the Traefik network exists (default `coolify-overlay`). If not, create it: `docker network create coolify-overlay`.
2) Import this `docker-compose.yml` into a Coolify “Docker Compose” app. Set the environment variables above in Coolify.
3) Attach the app to Coolifys Traefik network (`TRAEFIK_NETWORK`). Coolify will inject the network automatically when selected.
4) Deploy. Traefik will request a certificate via `TRAEFIK_CERTRESOLVER` and route `https://POSTE_HOSTNAME` to poste.io on port 8080.
If running outside Coolify, you can still deploy with `docker compose up -d` after creating the network.
## Exposed ports (host)
- 25 SMTP, 465 SMTPS, 587 Submission
- 110 POP3, 995 POP3S
- 143 IMAP, 993 IMAPS
- 4190 ManageSieve
## First-time setup
1) Wait for containers to start: `docker compose ps`.
2) Open `https://POSTE_HOSTNAME` to reach the admin UI (proxied by Traefik). Complete the poste.io onboarding (admin mailbox + password, DKIM key generation, etc.).
3) Add generated DKIM TXT record and ensure SPF and DMARC records are present.
4) Test SMTP/IMAP with your client against the host IP/hostname.
## Notes
- Poste.io still handles STARTTLS on mail ports directly; Traefik is only for HTTP(S).
- If you need Lets Encrypt inside poste.io instead of Traefik, remove `HTTPS=OFF` and forward `/.well-known` from Traefik, but avoid port conflicts with Traefiks 80/443.
- Keep an eye on spam/relay checks in the poste.io admin UI to confirm real client IPs are detected.
Reference in a new issue View git blame Copy permalink