-
Hey! I have some problems setting up the mail-server v0.7.1 with Traefik. SMTP Port 465 and IMAP Port 993 are working fine.
while trying it with
Output of openssl with smtp port 25
And output of
Output of openssl with smtp port 587
Also I have some errors with SMTP 465, there are some errors which I can't identify yet.
As reference for the setup I took:
Thanks in advance for any help! Configuration files: traefik docker-compose.ymlversion: "3"
services:
traefik:
image: traefik:latest
container_name: traefik
restart: always
ports:
- "80:80"
- "443:443"
# Mailserver
- "25:25" # SMTP receiving, explicit TLS
- "465:465" # ESMTP submission, implicit TLS
- "587:587" # ESMTP (explicit TLS => STARTTLS)
- "993:993" # IMAP4 secure, implicit TLS
- "4190:4190" # sieve
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt:/letsencrypt
- ./traefik:/etc/traefik
networks:
web:
ipv4_address: 172.18.0.20
environment:
- CLOUDFLARE_EMAIL=[hidden]
- CLOUDFLARE_DNS_API_TOKEN=[hidden]
certdumper:
image: ghcr.io/kereis/traefik-certs-dumper:latest
volumes:
- ./letsencrypt:/traefik:ro
- ./letsencrypt/dumped:/output:rw
networks:
web:
name: traefik_web traefik.yml for setting options by config file instead of commands and labels inside the compose fileglobal:
checkNewVersion: true
sendAnonymousUsage: false # true by default
#log:
# level: DEBUG
api:
# Dashboard
#
# Optional
# Default: true
#
dashboard: true
providers:
docker:
exposedByDefault: false
network: traefik_web
file:
# watch for dynamic configuration changes
directory: /etc/traefik
watch: true
entryPoints:
http:
address: ":80"
http:
redirections:
entryPoint:
priority: 1000
to: "https"
scheme: "https"
https:
address: ":443"
http:
tls:
certResolver: le
traefik:
address: ":8081"
smtp:
address: ":25"
proxyProtocol:
trustedIPs:
- 172.18.0.20
- 172.18.0.21
esmtp:
address: ":465"
proxyProtocol:
trustedIPs:
- 172.18.0.20
- 172.18.0.21
smtp-tls:
address: ":587"
proxyProtocol:
trustedIPs:
- 172.18.0.20
- 172.18.0.21
imap-ssl:
address: ":993"
proxyProtocol:
trustedIPs:
- 172.18.0.20
- 172.18.0.21
sieve:
address: ":4190"
proxyProtocol:
trustedIPs:
- 172.18.0.20
- 172.18.0.21
certificatesResolvers:
le:
acme:
email: "[hidden]"
storage: "/letsencrypt/acme.json"
caServer: "https://acme-v02.api.letsencrypt.org/directory"
dnsChallenge:
provider: cloudflare stalwart docker compose.ymlversion: '3.8'
services:
mail-server:
volumes:
- ./data:/opt/stalwart-mail
- /home/user/docker/traefik/letsencrypt/dumped:/opt/certs:ro
container_name: stalwart-mail
image: stalwartlabs/mail-server:latest
security_opt: [no-new-privileges:true]
labels:
- "traefik.enable=true"
# admin ui
- traefik.http.routers.stalwart.rule=Host(`mail.domain.tld`)
- traefik.http.routers.stalwart.entrypoints=https
- traefik.http.routers.stalwart.tls.certresolver=le
- traefik.http.routers.stalwart.service=stalwart
- traefik.http.services.stalwart.loadbalancer.server.port=8080
# jmap
- traefik.tcp.routers.jmap.rule=HostSNI(`*`)
- traefik.tcp.routers.jmap.entrypoints=https
- traefik.tcp.routers.jmap.tls.passthrough=true
- traefik.tcp.routers.jmap.service=jmap
- traefik.tcp.services.jmap.loadbalancer.server.port=443
- traefik.tcp.services.jmap.loadbalancer.proxyProtocol.version=2
# smtp
- traefik.tcp.routers.smtp.rule=HostSNI(`*`)
- traefik.tcp.routers.smtp.entrypoints=smtp
- traefik.tcp.routers.smtp.service=smtp
- traefik.tcp.services.smtp.loadbalancer.server.port=25
- traefik.tcp.services.smtp.loadbalancer.proxyProtocol.version=2
# smtp 587
- "traefik.tcp.routers.smtp-tls.rule=HostSNI(`*`)"
- "traefik.tcp.routers.smtp-tls.entrypoints=smtp-tls"
- "traefik.tcp.routers.smtp-tls.service=smtp-tls"
- "traefik.tcp.services.smtp-tls.loadbalancer.server.port=587"
- "traefik.tcp.services.smtp-tls.loadbalancer.proxyProtocol.version=2"
# esmtp
- traefik.tcp.routers.esmtp.rule=HostSNI(`*`)
- traefik.tcp.routers.esmtp.entrypoints=esmtp
- traefik.tcp.routers.esmtp.tls.passthrough=true
- traefik.tcp.routers.esmtp.service=esmtp
- traefik.tcp.services.esmtp.loadbalancer.server.port=465
- traefik.tcp.services.esmtp.loadbalancer.proxyProtocol.version=2
# imap-ssl
- traefik.tcp.routers.imap-ssl.rule=HostSNI(`*`)
- traefik.tcp.routers.imap-ssl.entrypoints=imap-ssl
- traefik.tcp.routers.imap-ssl.tls.passthrough=true
- traefik.tcp.routers.imap-ssl.service=imap-ssl
- traefik.tcp.services.imap-ssl.loadbalancer.server.port=993
- traefik.tcp.services.imap-ssl.loadbalancer.proxyProtocol.version=2
# sieve
- traefik.tcp.routers.sieve.rule=HostSNI(`*`)
- traefik.tcp.routers.sieve.entrypoints=sieve
- traefik.tcp.routers.sieve.tls.passthrough=true
- traefik.tcp.routers.sieve.service=sieve
- traefik.tcp.services.sieve.loadbalancer.server.port=4190
- traefik.tcp.services.sieve.loadbalancer.proxyProtocol.version=2
networks:
traefik_web:
ipv4_address: 172.18.0.21
networks:
traefik_web:
external: true stalwart etc/config.tomlauthentication.fallback-admin.secret = "secret"
authentication.fallback-admin.user = "admin"
certificate.traefik.cert = "%{file:/opt/certs/mail.domain.tld/cert.pem}%"
certificate.traefik.default = true
certificate.traefik.private-key = "%{file:/opt/certs/mail.domain.tld/key.pem}%"
cluster.node-id = 1
directory.internal.store = "rocksdb"
directory.internal.type = "internal"
lookup.default.hostname = "mail.domain.tld"
server.http.permissive-cors = false
server.http.url = "protocol + '://' + key_get('default', 'hostname') + ':' + local_port"
server.http.use-x-forwarded = false
server.listener.http.bind = "[::]:8080"
server.listener.http.protocol = "http"
server.listener.https.bind = "[::]:443"
server.listener.https.protocol = "http"
server.listener.https.tls.implicit = true
server.listener.imaptls.bind = "[::]:993"
server.listener.imaptls.protocol = "imap"
server.listener.imaptls.tls.implicit = true
server.listener.sieve.bind = "[::]:4190"
server.listener.sieve.protocol = "managesieve"
server.listener.sieve.tls.implicit = true
server.listener.smtp.bind = "[::]:25"
server.listener.smtp.protocol = "smtp"
server.listener.submission.bind = "[::]:587"
server.listener.submission.protocol = "smtp"
server.listener.submissions.bind = "[::]:465"
server.listener.submissions.protocol = "smtp"
server.listener.submissions.tls.implicit = true
server.max-connections = 8192
server.proxy.trusted-networks = "172.18.0.0/16"
server.socket.backlog = 1024
server.socket.nodelay = true
server.socket.reuse-addr = true
server.socket.reuse-port = true
server.tls.certificate = "traefik"
server.tls.enable = true
storage.blob = "rocksdb"
storage.data = "rocksdb"
storage.directory = "internal"
storage.fts = "rocksdb"
storage.lookup = "rocksdb"
store.rocksdb.compression = "lz4"
store.rocksdb.path = "/opt/stalwart-mail/data"
store.rocksdb.type = "rocksdb"
tracer.log.ansi = false
tracer.log.enable = true
tracer.log.level = "debug"
tracer.log.path = "/opt/stalwart-mail/logs"
tracer.log.prefix = "stalwart.log"
tracer.log.rotate = "daily"
tracer.log.type = "stdout"
|
Beta Was this translation helpful? Give feedback.
Replies: 3 comments 6 replies
-
One user on Discord contributed the following configuration file for Traefik, check if it works for you: networks:
###
stalwart:
driver: bridge
attachable: true
internal: true
driver_opts:
com.docker.network.driver.mtu: 9000
###
services:
###
traefik:
###
container_name: traefik
read_only: true
tmpfs:
- /run
- /var/run
command:
###
- "--entrypoints.smtpsecure.address=:465"
- "--entrypoints.imapsecure.address=:993"
###
- "--providers.docker"
###
ports:
- "465:465/tcp"
- "993:993/tcp"
networks:
- internet
- stalwart
###
stalwart:
###
container_name: stalwart
read_only: true
tmpfs:
- /run
- /var/run
###
ports:
- "25:25/tcp"
- "587:587/tcp"
###
labels:
###
- "traefik.enable=true"
- "traefik.tcp.routers.smtpsecure.tls=true"
- "traefik.tcp.routers.smtpsecure.tls.certresolver=letsencrypt"
- "traefik.tcp.routers.smtpsecure.entrypoints=smtpsecure"
- "traefik.tcp.routers.smtpsecure.rule=HostSNI(`mail.example.com`)"
- "traefik.tcp.routers.smtpsecure.service=smtp"
- "traefik.tcp.services.smtp.loadbalancer.server.port=587"
- "traefik.tcp.services.smtp.loadbalancer.proxyprotocol.version=2"
- "traefik.tcp.routers.imapsecure.tls=true"
- "traefik.tcp.routers.imapsecure.tls.certresolver=letsencrypt"
- "traefik.tcp.routers.imapsecure.entrypoints=imapsecure"
- "traefik.tcp.routers.imapsecure.rule=HostSNI(`mail.example.com`)"
- "traefik.tcp.routers.imapsecure.service=imap"
- "traefik.tcp.services.imap.loadbalancer.server.port=143"
- "traefik.tcp.services.imap.loadbalancer.proxyprotocol.version=2"
- "traefik.docker.network=docker_stalwart-internal"
###
networks:
- internet
- stalwart |
Beta Was this translation helpful? Give feedback.
-
Thanks for your help. It works well and fixed my problem. |
Beta Was this translation helpful? Give feedback.
-
@puRe1337 Hi i am following your config but i am having issues but for me i wish to have all the ports (25, 465, 143, 993, 110, 995, 4190, 587) use the Lets Encrypt SSL. Both the containers are running fine and i can access the admin UI but from the mail clients the ports are not reachable. FYI if i run the stalwart container without traefik then it works which means the DNS records are good and working. Can you please help me out? Here are my yaml fies and toml file stalwart.yaml
traefik.yaml
config.toml
|
Beta Was this translation helpful? Give feedback.
Thanks for your help. It works well and fixed my problem.
My final config for anyone else having any problems: https://gist.github.com/puRe1337/cdecc97307cc19c6d899a204b510834e