KNet/knet-mailserver
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
knet-mailserver/readme.md

3.9 KiB
Raw Blame History

Mail Stack on Coolify with OIDC Webmail

This stack pairs docker-mailserver with SnappyMail as a modern webmail UI that can sit behind your OIDC provider. Deploy it through Coolify with this repository.

Components

  • docker-mailserver: SMTP/IMAP server with spam/AV/Fail2Ban enabled.
  • SnappyMail: lightweight webmail with OAuth2/OIDC login support.

Prerequisites

  • DNS: MX record to mail.your-domain.tld, plus A/AAAA for both mail.your-domain.tld and webmail.your-domain.tld.
  • TLS: issue certificates (Coolify can request via Traefik/Lets Encrypt if you publish through it).
  • SMTP ports 25/465/587 and IMAP 993 open to the internet.
  • An OIDC provider (e.g., Authentik, Keycloak, Azure AD) with a client ready to configure.

Deploy with Coolify

  1. Create an application from this repo in Coolify and choose “Docker Compose”.
  2. Volumes: Coolify will create them from the compose file paths. Ensure the persistent paths below map to durable storage:
    • ./docker-data/dms/mail-data/, ./docker-data/dms/mail-state/, ./docker-data/dms/mail-logs/, ./docker-data/dms/config/
    • ./docker-data/snappymail/
  3. Environment: adjust hostname for the mailserver and expose any extra docker-mailserver envs you need (aliases, relays, etc.).
  4. Networking: publish ports 25/465/587/993 for mail delivery. Expose port 8080 from the webmail service to the internet (ideally behind HTTPS via Coolify/Traefik). If you front it with Traefik, set the appropriate labels and disable the direct ports stanza.
  5. Deploy the stack. Coolify will start mailserver and webmail containers.

Bootstrap docker-mailserver

Run these once after the containers are healthy (from the host or via Coolify shell):

docker compose exec mailserver setup email add user@your-domain.tld "SuperSecretPassword"
docker compose exec mailserver setup alias add postmaster@your-domain.tld user@your-domain.tld

Add DNS TXT records for SPF/DKIM/DMARC using docker-mailserver guidance, then reload:

docker compose exec mailserver setup reload

Configure SnappyMail for IMAP/SMTP

  1. Open the admin panel at https://webmail.your-domain.tld/?admin (default admin password is shown on first run; change it immediately).
  2. Set IMAP host to mailserver, port 993, security SSL/TLS.
  3. Set SMTP host to mailserver, port 587, security STARTTLS, authentication Use user credentials.
  4. Save and test with one of the mail accounts you created above.

Enable OIDC in SnappyMail

SnappyMail supports OAuth2/OIDC providers. Configure it in the admin UI:

  1. In Admin → Domains/Auth → OAuth, add a Custom / Generic OIDC provider.
  2. When prompted, SnappyMail shows a Redirect URI; copy this exact value into your OIDC client configuration.
  3. In your OIDC provider, create a public/confidential client with these basics:
    • Grant type: Authorization Code with PKCE (preferred) or standard code.
    • Scopes: openid email profile.
    • Redirect URI: the one SnappyMail displayed.
  4. Back in SnappyMail, fill the provider fields:
    • Authorization endpoint and Token endpoint from your IdP.
    • UserInfo endpoint (for email/subject mapping).
    • Client ID/Secret matching the client you created.
    • Login attribute mapping: map email/subject to the mailbox name (e.g., emailuser@your-domain.tld).
  5. Save and test “Login with ”. Successful OIDC login should drop you into the mailbox without prompting for a separate password.

Operating tips

  • Back up ./docker-data/ regularly; it holds mail, state, and SnappyMail config.
  • Use Coolify health checks to surface container issues; restart policies are already defined in the compose file.
  • For HTTPS, prefer running webmail behind Coolifys Traefik with automatic certificates instead of exposing port 8080 directly.
  • If you rotate OIDC credentials, update them in SnappyMail admin immediately to avoid login failures.