self-build iredmail in docker

Deploy from docker image

(certificate should be valid. although frontend nginx has proxy_ssl_verify off;, STARTTLS still requires a valid certificate. ) (service should be restarted every 3 month, to use latest renewed certificate, just like nginx does. )

docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /srv/conf/acme-sh/ -v /srv/conf/acme-sh/ -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --restart=always --hostname /sbin/init

If can not connect database, you need to run chown -R mysql:mysql mysql inside container. (required if mysql dir are updated. )

Upgrade existing container

If you upgraded mysql version, you must use following code to migrate data, rather than simply copy /var/lib/mysql. see more

mysqldump -u root -p --all-databases > alldb.sql
mysql -u root -p < alldb.sql

Upgrade step:

  1. export alldb.sql from old iredmail.
  2. export alldb.sql from new iredmail.
  3. manually move all userdata from oldiredmail to new iredmail. (take care!!! DB table format may changed!)
  4. import the manually-modified new-iredmail-alldb.sql into new db, save the resulting /var/lib/mysql directory. Use this as your new mysqlDir!!

DNS record guide

How to get DKIM record:

echo -n "v=DKIM1; p="
openssl rsa -in /srv/conf/acme-sh/  -pubout -outform der 2>/dev/null | openssl base64 -A

Create docker image from stretch

YOU MUST CREATE /srv/conf/acme-sh/ and /srv/conf/acme-sh/ BEFORE ANYTHING!

docker run -tid --privileged -p 3092:443 -p 110:110 -p 995:995 -p 143:143 -p 993:993 -p 25:25 -p 465:465 -p 587:587 -v /srv/iredmail/vmail:/var/vmail -v /srv/iredmail/mysql:/var/lib/mysql -v /srv/iredmail/clamav:/var/lib/clamav -v /srv/conf/acme-sh/ -v /srv/conf/acme-sh/ -v /sys/fs/cgroup:/sys/fs/cgroup:ro --name rmail --hostname jrei/systemd-ubuntu /sbin/init docker exec -ti rmail /bin/bash

In docker:

echo func.mail > /etc/hostname
echo func.mail localhost localhost.localdomain >> /etc/hosts

apt update
apt install -y gzip vim wget rsyslog
systemctl enable rsyslog --now

tar -xvzf iRedMail-1.3.1.tar.gz ; rm iRedMail-1.3.1.tar.gz
cd iRedMail-* ; bash

NOW you have some interactive operations!

no need to edit mail storage path.

recolic note: db password/postmaster password is genpasswd('', v4)

Would you like to use filewall rules by iRedMail? NO!

docker commit rmail
docker push

Do not delete the generated dir /srv/iredmail while building image. You need the dir /srv/iredmail/mysql as template to migrate in.

Create docker image from stretch: Recolic's patch

Recolic made the following patch before publishing as in PROD.

Disable heavy clamav, but do not disable DKIM!

Disable greylisting, which causes email lost from bankofchina. Also enable reject_sender_login_mismatch.

fix facebook problem.

allow larger attachment size.

Set session timeout to 99999 min:

Remove clamav filename ban. (grep "exe" -r /etc/amavis and then remove ALL qr'...' lines. There's should be no limitation about attachment extension at all! Also remove all $banned_namepath_re)

Enable ipv6: modify inet_protocols = all of /etc/postfix/, and modify listen = * [::] of /etc/dovecot/dovecot.conf. Restart them with /etc/init.d/dovecot restart and postfix reload if you want. (Original:

Fix firstrade proxyvote problem: Comment out reject_unknown_helo_hostname in /etc/postfix/ ,