[Dovecot](http://www.dovecot.org/) with imap, starttls, ldap authentication, sieve rules in ldap. Uses [SSMTP](https://packages.debian.org/stable/mail/ssmtp) to send mails (for example if you have a redirect sieve rule). # Volumes - `/var/lib/vmail/mail` - `/etc/ssl/mail:ro`: certificates have to be here. # Environment Variables ## HOSTNAME Fully qualified name of the mail host. ## SSMTP_MAIL_RELAY Hostname and port for the used smtp relay (for example `mail.example.com:587`). ## SSMTP_USER User to authenticate agains the smtp relay. ## SSMTP_PASSWORD Password to authenticate agains the smtp relay. ## SSMTP_AUTH_METHOD - default: LOGIN Which authentication mechanism to use for the smtp relay. ## SSMTP_USE_STARTTLS - default: yes Whether to use starttls for the smtp relay. ## LDAP_HOST Ldap hostname (can include the port). ## LDAP_SIEVE_HOST Has to be the same as `LDAP_URI` but in a different format (like `ldap:389`). ## LDAP_BIND_DN DN used to authenticate against ldap. ## LDAP_BIND_PASSWORD Password used to authenticate against ldap. ## LDAP_BASE_DN Base DN to look for users on the ldap host. ## LDAP_SCOPE - default: subtree Search scope of ldap queries. ## LDAP_PASS_FILTER Specifies the filter on how user is found on the ldap host. [Dovecot variables](http://wiki2.dovecot.org/Variables) can be used. ## LDAP_USER_ATTRIBUTE - default: cn The ldap attribute which stands for the username. ## LDAP_PASSWORD_ATTRIBUTE - default: userPassword The ldap attribute which stands for the password. ## LDAP_SIEVE_ATTRIBUTE - default: sieve The ldap attribute which contains the sieve rules. ## LDAP_USE_TLS - default: yes Whether to use tls when connecting to the ldap host. ## LDAP_APP_PASSWORDS_BASE_DN Base DN to look for app passwords for a user. ## LDAP_APP_PASSWORDS_FILTER Specifies the filter on what counts as an app password. ## ALLOWED_USERNAME_CHARS - default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@ List of characters allowed in a username. ## AUTH_MECHANISMS - default: plain Space seperated list of supported [authentication mechanisms](http://wiki2.dovecot.org/Authentication/Mechanisms). ## CERT_DOMAIN Name of the certificate domain. ## SSL_DH_LENGTH - default: 2048 Length of the Diffie-Helman key in bits. ## SSL_MIN_PROTOCOL - default: TLSv1.2 Ssl minimum protocol version. ## SSL_CIPHERLIST - default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256 Colon seperated list of supported ciphers (`!`disables a cipher). Go [here](https://www.openssl.org/docs/manmaster/man1/ciphers.html) for a list of ciphers. ## IMAP_MAX_USER_CONNECTIONS - default: 10 Maximum number of connections from the same user + ip. # Ports - 143 # Capabilities - CHOWN - DAC_OVERRIDE - FOWNER - NET_BIND_SERVICE - SETGID - SETUID - SYS_CHROOT