CS-ClusterMTA/docker-compose.yml at main · bauer-group/CS-ClusterMTA · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
# =============================================================================
# CS-ClusterMTA - Mail Server Stack
# =============================================================================
# Usage: ./clustermta.sh start
#        docker compose up -d
#
# Features:
#   - Full mail server stack (SMTP, IMAP, POP3, Webmail)
#   - ClamAV antivirus protection
#   - Rspamd spam filtering
#   - Roundcube webmail interface
#   - Let's Encrypt SSL/TLS support
#   - Custom BAUER GROUP branding
#   - Multi-IP support (LISTEN_ON/SEND_ON)
#   - Roundcube plugins (persistent_login, swipe)
#
# Access:
#   - Admin Panel: https://${SERVICE_HOSTNAME}/admin/
#   - Webmail:     https://${SERVICE_HOSTNAME}/
#
# Network Mode:
#   - Host mode required for proper mail server operation
#   - Mail servers must bind to standard ports (25, 465, 587, etc.)
#   - DKIM signing requires direct access to network interfaces
# =============================================================================

services:

  ### Mail Server (Poste.io) ###
  # Full-featured mail server based on Poste.io
  # Includes: Postfix, Dovecot, Roundcube, Rspamd, ClamAV
  mail-server:
    build:
      context: ./src
      args:
        POSTEIO_REPOSITORY: ${POSTEIO_REPOSITORY:-analogic/poste.io}
        POSTEIO_VERSION: ${POSTEIO_VERSION:-2.5.8}
    container_name: ${STACK_NAME:-clustermta}
    hostname: ${SERVICE_HOSTNAME:-mx1.simply-send.com}
    restart: unless-stopped
    environment:
      # Timezone (auto-detected during setup)
      - TZ=${TIME_ZONE:-Etc/UTC}

      # HTTPS Mode (ON/OFF)
      # ON: Let's Encrypt certificates
      # OFF: Self-signed certificates
      - HTTPS=${HTTPS_MODE:-ON}

      # Service Modules (TRUE=disabled, FALSE=enabled)
      # Disabling ClamAV saves ~1GB RAM
      - DISABLE_CLAMAV=${DISABLE_CLAMAV:-FALSE}
      - DISABLE_RSPAMD=${DISABLE_RSPAMD:-FALSE}
      - DISABLE_ROUNDCUBE=${DISABLE_ROUNDCUBE:-FALSE}

      # Custom HTTP/HTTPS ports (for Traefik integration)
      # Default: 80/443 (standard ports)
      # Behind Traefik: 8080/8443 (avoid conflict with reverse proxy)
      - HTTP_PORT=${HTTP_PORT:-80}
      - HTTPS_PORT=${HTTPS_PORT:-443}

      # Multi-IP Support (Optional)
      # ┌──────────┬─────────────────────────────────────────────────────────┐
      # │ Value    │ Description                                             │
      # ├──────────┼─────────────────────────────────────────────────────────┤
      # │ *        │ Listen on all interfaces (default, standard Poste.io)   │
      # │ host     │ Listen on hostname's IPs only                           │
      # │ 1.2.3.4  │ Listen on specific IP                                   │
      # │ 1.2 5.6  │ Listen on multiple IPs (space-separated)                │
      # └──────────┴─────────────────────────────────────────────────────────┘
      - LISTEN_ON=${LISTEN_ON:-*}
      - SEND_ON=${SEND_ON:-}

    # Port documentation (host mode binds all ports directly)
    # ┌───────┬─────────────┬──────────────────────────────────┐
    # │ Port  │ Protocol    │ Description                      │
    # ├───────┼─────────────┼──────────────────────────────────┤
    # │ 25    │ SMTP        │ Incoming mail (MTA-to-MTA)       │
    # │ 80    │ HTTP        │ Web interface, ACME challenges   │
    # │ 110   │ POP3        │ Mail retrieval (legacy)          │
    # │ 143   │ IMAP        │ Mail synchronization             │
    # │ 443   │ HTTPS       │ Secure web interface             │
    # │ 465   │ SMTPS       │ Secure SMTP submission           │
    # │ 587   │ Submission  │ SMTP submission (STARTTLS)       │
    # │ 993   │ IMAPS       │ Secure IMAP                      │
    # │ 995   │ POP3S       │ Secure POP3 (legacy)             │
    # │ 4190  │ Sieve       │ Mail filtering rules             │
    # └───────┴─────────────┴──────────────────────────────────┘
    expose:
      - 25/tcp
      - 80/tcp
      - 110/tcp
      - 143/tcp
      - 443/tcp
      - 465/tcp
      - 587/tcp
      - 993/tcp
      - 995/tcp
      - 4190/tcp

    volumes:
      # Persistent mail data (emails, accounts, certificates, etc.)
      - mail-data:/data

    # Host network mode required for mail servers
    # - Bind to standard mail ports
    # - Proper IP detection for SPF/DKIM
    # - No NAT complications
    network_mode: host

    # Log rotation to prevent disk fill
    logging:
      driver: json-file
      options:
        max-size: "50m"
        max-file: "3"


### Volumes ###
volumes:
  # Mail server data (emails, configuration, certificates)
  # Backup with: ./clustermta.sh backup
  mail-data:
    driver: local
    name: ${STACK_NAME:-clustermta}-data