# {{ ansible_managed }} services: # Gluetun is used to connect container to VPN mailserver-gluetun: image: qmcgaw/gluetun cap_add: - NET_ADMIN environment: - VPN_SERVICE_PROVIDER=custom - VPN_TYPE=wireguard - VPN_ENDPOINT_IP={{ proxy_server_ip }} - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }} - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }} - WIREGUARD_PRIVATE_KEY={{ mail_service_privkey }} - WIREGUARD_ADDRESSES=10.0.0.2/32 - FIREWALL_VPN_INPUT_PORTS=25,465,587,993,143 ports: - "25:25" # Cleartext - "465:465" # ESMTP Implicit TLS / Appears to be used - "587:587" # SMTP+STARTTLS Explicit TLS / Appears to be used - "993:993" # IMAPS Implicit TLS / Appears to not be used - "143:143" # IMAPS IMAP+STARTTLS Explicit TLS / Appears to be used mailserver: network_mode: "service:mailserver-gluetun" image: ghcr.io/docker-mailserver/docker-mailserver:latest container_name: mailserver # Provide the FQDN of your mail server here (Your DNS MX record should point to this value) # hostname: mail.{{ domain_name }} volumes: - ./data/mail-data/:/var/mail/ - ./data/mail-state/:/var/mail-state/ - ./data/mail-logs/:/var/log/mail/ - ./data/config/:/tmp/docker-mailserver/ - ./data/certbot/certs/:/etc/letsencrypt - /etc/localtime:/etc/localtime:ro environment: - OVERRIDE_HOSTNAME=mail.{{ domain_name }} # SSL Configuration # Having issues with letsencrypt SSL_TYPE not being able to find the paths so just adding the keys manually # - SSL_TYPE=letsencrypt - SSL_TYPE=manual # Values should match the file paths inside the container: - SSL_CERT_PATH=/etc/letsencrypt/live/mail.{{ domain_name }}/fullchain.pem - SSL_KEY_PATH=/etc/letsencrypt/live/mail.{{ domain_name }}/privkey.pem - ENABLE_SASLAUTHD=1 - ENABLE_FAIL2BAN=1 - ENABLE_RSPAMD=1 - ENABLE_OPENDKIM=0 - ENABLE_OPENDMARC=0 - ENABLE_POLICYD_SPF=0 - ENABLE_AMAVIS=0 - ENABLE_SPAMASSASSIN=0 - ENABLE_CLAMAV=0 cap_add: - NET_ADMIN # For Fail2Ban to work restart: always