docker-samples/mailserver/README.md


# Mailserver Setup

This docker container fires up a copy of docker-mailserver.
* The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS
* Outbound mail is sent through Amazon SES
* Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.
  * Make sure to update bucket information in `s3-ingest.py`

Steps:
1. You'll need to update parameters in `.env` and `wireguard.conf` and `Caddyfile`
2. Initially, comment out (from `docker-compose.yml` the two lines starting with ` - ./data/caddy/certificates`).  We need to start it once without so that Caddy will fetch our certificates.  Once that happens, uncomment those lines and restart.
3. Setup Mailgun or SES for mail forwarding and enter relay config in `.env`.  SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update `s3-ingest.py` and uncomment the lines for mail ingestion from `docker-compose.yml`.  This is handy if your VPS/ISP is blocking inbound mail ports.

## Front-end Server Wireguard

This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services. 

```
[Interface]
Address = 10.0.0.1/24         # Private IP for the VPS in the VPN network
ListenPort = 51820            # Default WireGuard port
PrivateKey =  ##PRIVATE KEY FOR PUBLIC SERVER##

# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1

# port forwarding (HTTP) // repeat for each port
PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2
PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2

[Peer]
PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##
AllowedIPs = 10.0.0.2/32      # IP of the home server in VPN
```
many new containers. work in progress 2024-11-02 20:09:56 +00:00
			`# Mailserver Setup`

			`This docker container fires up a copy of docker-mailserver.`
			`* The services SMTP, IMAP, POP, etc are exposed to by tunneling traffic from a public facing VPS`
			`* Outbound mail is sent through Amazon SES`
			`* Optionally, inbound mail can be received through Amazon SES (via. S3 bucket) to allow it to be backup/primary MX if you need it.`
			* Make sure to update bucket information in `s3-ingest.py`

			`Steps:`
			1. You'll need to update parameters in `.env` and `wireguard.conf` and `Caddyfile`
			2. Initially, comment out (from `docker-compose.yml` the two lines starting with ` - ./data/caddy/certificates`). We need to start it once without so that Caddy will fetch our certificates. Once that happens, uncomment those lines and restart.
			3. Setup Mailgun or SES for mail forwarding and enter relay config in `.env`. SES is pretty easy to work with and supports multiple sending domains with a single set of credentials.
			4. Optionally, setup a S3 bucket and configure SES to deliver inbound mail there and then update `s3-ingest.py` and uncomment the lines for mail ingestion from `docker-compose.yml`. This is handy if your VPS/ISP is blocking inbound mail ports.

			`## Front-end Server Wireguard`

			`This wireguard configuration would be deployed to the public-facing VPS which will forward interesting traffic (25,465,587,993,995,80,443) through to our docker services.`

			```
			`[Interface]`
			`Address = 10.0.0.1/24 # Private IP for the VPS in the VPN network`
			`ListenPort = 51820 # Default WireGuard port`
			`PrivateKey = ##PRIVATE KEY FOR PUBLIC SERVER##`

			`# packet forwarding`
			`PreUp = sysctl -w net.ipv4.ip_forward=1`

			`# port forwarding (HTTP) // repeat for each port`
			`PreUp = iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2`
			`PostDown = iptables -t nat -D PREROUTING -i eth0 -p tcp -m multiport --dports 25,465,587,993,995,80,443 -j DNAT --to-destination 10.0.0.2`

			`[Peer]`
			`PublicKey = ##PUBLIC KEY FOR PRIVATE SERVER##`
			`AllowedIPs = 10.0.0.2/32 # IP of the home server in VPN`
			```