Go to file
2021-08-22 23:44:43 +02:00
rootfs/etc remove dh param generation 2021-08-22 23:44:43 +02:00
.editorconfig update base image 2017-01-10 16:48:55 +01:00
.gitignore initial commit 2016-07-06 10:58:48 +02:00
.gitlab-ci.yml no ned for docker:dind 2019-09-10 15:04:11 +02:00
Dockerfile use oauth2 2021-08-22 22:45:28 +02:00
README.md update cipher lists 2019-02-18 13:30:33 +01:00

Dovecot with imap, starttls, ldap authentication, sieve rules in ldap.

Uses SSMTP to send mails (for example if you have a redirect sieve rule).

Volumes

  • /var/lib/vmail/mail
  • /etc/ssl/mail:ro: certificates have to be here.

Environment Variables

HOSTNAME

Fully qualified name of the mail host.

SSMTP_MAIL_RELAY

Hostname and port for the used smtp relay (for example mail.example.com:587).

SSMTP_USER

User to authenticate agains the smtp relay.

SSMTP_PASSWORD

Password to authenticate agains the smtp relay.

SSMTP_AUTH_METHOD

  • default: LOGIN

Which authentication mechanism to use for the smtp relay.

SSMTP_USE_STARTTLS

  • default: yes

Whether to use starttls for the smtp relay.

LDAP_HOST

Ldap hostname (can include the port).

LDAP_SIEVE_HOST

Has to be the same as LDAP_URI but in a different format (like ldap:389).

LDAP_BIND_DN

DN used to authenticate against ldap.

LDAP_BIND_PASSWORD

Password used to authenticate against ldap.

LDAP_BASE_DN

Base DN to look for users on the ldap host.

LDAP_SCOPE

  • default: subtree

Search scope of ldap queries.

LDAP_PASS_FILTER

Specifies the filter on how user is found on the ldap host. Dovecot variables can be used.

LDAP_USER_ATTRIBUTE

  • default: cn

The ldap attribute which stands for the username.

LDAP_PASSWORD_ATTRIBUTE

  • default: userPassword

The ldap attribute which stands for the password.

LDAP_SIEVE_ATTRIBUTE

  • default: sieve

The ldap attribute which contains the sieve rules.

LDAP_USE_TLS

  • default: yes

Whether to use tls when connecting to the ldap host.

LDAP_APP_PASSWORDS_BASE_DN

Base DN to look for app passwords for a user.

LDAP_APP_PASSWORDS_FILTER

Specifies the filter on what counts as an app password.

ALLOWED_USERNAME_CHARS

  • default: äöüabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

List of characters allowed in a username.

AUTH_MECHANISMS

  • default: plain

Space seperated list of supported authentication mechanisms.

CERT_DOMAIN

Name of the certificate domain.

SSL_DH_LENGTH

  • default: 2048

Length of the Diffie-Helman key in bits.

SSL_MIN_PROTOCOL

  • default: TLSv1.2

Ssl minimum protocol version.

SSL_CIPHERLIST

  • default: ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256

Colon seperated list of supported ciphers (!disables a cipher).

Go here for a list of ciphers.

IMAP_MAX_USER_CONNECTIONS

  • default: 10

Maximum number of connections from the same user + ip.

Ports

  • 143

Capabilities

  • CHOWN
  • DAC_OVERRIDE
  • FOWNER
  • NET_BIND_SERVICE
  • SETGID
  • SETUID
  • SYS_CHROOT