Hello all,
I have been looking at the documentation for the kopano-docker project regarding using 587 (Submission) instead of the default port 25 (SMTP), but am struggling to figure out how to modify this setup to do so.
I am using my own ssl certificates and have attempted to modify the docker-mailserver to use those certificates. Here’s what I changed:
# docker-compose.mail.yml
services:
mail:
image: mailserver/docker-mailserver:10
restart: unless-stopped
hostname: mail # hostname and domainname may need to be commented on some platforms (e.g. ChromeOS)
domainname: ${LDAP_DOMAIN}
container_name: ${COMPOSE_PROJECT_NAME}_mail
ports:
- "${SMTPPORT:-25}:25"
- "${SMTPSPORT:-465}:465"
- "${MSAPORT:-587}:587"
volumes:
- maildata:/var/mail
- mailstate:/var/mail-state
- maillogs:/var/log/mail
- mtaconfig:/tmp/docker-mailserver/
#- ./swag/config/etc/letsencrypt/live/example.org/:/tmp/ssl
- type: bind
source: ./swag/config/etc/letsencrypt/archive/example.org/fullchain1.pem
target: /tmp/ssl/fullchain.pem
- type: bind
source: ./swag/config/etc/letsencrypt/archive/example.org/privkey1.pem
target: /tmp/ssl/privkey.pem
environment:
- DMS_DEBUG=0
- ENABLE_CLAMAV=1
- ENABLE_FAIL2BAN=1
- ENABLE_LDAP=1
- ENABLE_POSTFIX_VIRTUAL_TRANSPORT=1
- ENABLE_POSTGREY=1
- ENABLE_SASLAUTHD=1
- ENABLE_SPAMASSASSIN=1
- LDAP_BIND_DN=${LDAP_BIND_DN}
- LDAP_BIND_PW=${LDAP_BIND_PW}
- LDAP_QUERY_FILTER_ALIAS=${LDAP_QUERY_FILTER_ALIAS}
- LDAP_QUERY_FILTER_DOMAIN=${LDAP_QUERY_FILTER_DOMAIN}
- LDAP_QUERY_FILTER_GROUP=${LDAP_QUERY_FILTER_GROUP}
- LDAP_QUERY_FILTER_USER=${LDAP_QUERY_FILTER_USER}
- LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- LDAP_SERVER_HOST=${LDAP_SERVER}
- ONE_DIR=1
- PERMIT_DOCKER=connected-networks
- POSTFIX_DAGENT=lmtp:kopano_dagent:2003
- PFLOGSUMM_TRIGGER=logrotate
- POSTMASTER_ADDRESS=${POSTMASTER_ADDRESS}
- SASLAUTHD_LDAP_BIND_DN=${LDAP_BIND_DN}
- SASLAUTHD_LDAP_FILTER=${SASLAUTHD_LDAP_FILTER}
- SASLAUTHD_LDAP_PASSWORD=${LDAP_BIND_PW}
- SASLAUTHD_LDAP_SEARCH_BASE=${LDAP_SEARCH_BASE}
- SASLAUTHD_LDAP_SERVER=${LDAP_HOST}
- SASLAUTHD_MECHANISMS=rimap
- SASLAUTHD_MECH_OPTIONS=kopano_gateway
# - SMTP_ONLY=
- SMTP_ONLY=1
- SPAMASSASSIN_SPAM_TO_INBOX=1
# - SSL_TYPE=self-signed
- SSL_TYPE=manual
- SSL_CERT_PATH=/tmp/ssl/fullchain.pem
- SSL_KEY_PATH=/tmp/ssl/privkey.pem
- TZ=${TZ}
env_file:
- mail.env
networks:
- kopano-net
dns: 1.1.1.1 # using Google DNS can lead to lookup errors uncomment this option and
# set to the ip of a trusted dns service (Cloudflare is given as an example).
# See https://github.com/zokradonh/kopano-docker/issues/52 for more information.
cap_add:
- NET_ADMIN
- SYS_PTRACE
# docker-compose.yml
kopano_spooler:
image: ${docker_repo:-zokradonh}/kopano_core:${CORE_VERSION:-latest}
read_only: true
restart: unless-stopped
hostname: spooler # hostname and domainname may need to be commented on some platforms (e.g. ChromeOS)
domainname: ${LDAP_DOMAIN}
depends_on:
- kopano_server
volumes:
- /etc/machine-id:/etc/machine-id
- /etc/machine-id:/var/lib/dbus/machine-id
- kopanosocket/:/run/kopano
- kopanossl/:/kopano/ssl
environment:
- KCCONF_SPOOLER_LOG_LEVEL=3
- KCCONF_SPOOLER_LOG_TIMESTAMP=0
- KCCONF_SPOOLER_SMTP_SERVER=mail
- KCCONF_SPOOLER_SMTP_PORT=587
- KCCONF_SPOOLER_SSLKEY_FILE=/kopano/ssl/kopano_spooler.pem
- SERVICE_TO_START=spooler
- TZ=${TZ}
env_file:
- kopano_spooler.env
networks:
- kopano-net
tmpfs:
- /tmp
Take note that I changed KCCONF_SPOOLER_SMTP_PORT to point to 587 and am using SSL_TYPE, SSL_{CERT,KEY}_PATH to point to my SSL certificate generated via a separate Letsencrypt instance.
After making these changes, I run into this error when trying to send email via the WebApp:
Unfortunately, kopano-spooler was unable to deliver your mail.
The error given was:
5.7.0 Must issue a STARTTLS command first
You may need to contact your e-mail administrator to solve this problem.
I have looked all over the docker-mailserver docs, but don’t see any obvious suggestions on how to change this in the way it’s being used with kopano-docker. I feel like I am missing something obvious.
Any suggestions would be much appreciated!