Host Mailcow with Traefik reverse Proxy

corusm

corusm

Posted on June 26, 2023

Host Mailcow with Traefik reverse Proxy

Traefik

Traefik is a reverse proxy for docker container that organises the network trafic und updates the https certificates.

Scope of this Tutorial

  • Install Docker

  • Download Mailcow

  • Setup docker-compose.override.yml

  • Launch Mailcow

  • Add DNS Entrys

Install Docker & Git

Arch



yay -S docker docker-compose git


Enter fullscreen mode Exit fullscreen mode

Ubuntu



curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
sudo apt-get install git


Enter fullscreen mode Exit fullscreen mode

Start & Enable Docker service



sudo systemctl start docker
sudo sysyemctl enable docker


Enter fullscreen mode Exit fullscreen mode

Download Mailcow

In the next step we’ll clone the Mailcow git Repository



git clone https://github.com/mailcow/mailcow-dockerized /opt


Enter fullscreen mode Exit fullscreen mode

Change directory to /opt/mailcow-dockerized



cd /opt/mailcow-dockerized


Enter fullscreen mode Exit fullscreen mode

Generate config



./generate_config.sh


Enter fullscreen mode Exit fullscreen mode

Remove exposed ports from Mailcow Docker-Compose File



nginx-mailcow:
...
      #ports:
        #- "${HTTPS_BIND:-0.0.0.0}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
        #- "${HTTP_BIND:-0.0.0.0}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"


Enter fullscreen mode Exit fullscreen mode

Create Docker-Compose Override



version: "2.1"
services:
  nginx-mailcow:
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx-mailcow.entrypoints=web"
      - "traefik.http.routers.nginx-mailcow.rule=HostRegexp(`{host:(autodiscover|autoconfig|webmail|mail|email).+}`)"
      - "traefik.http.middlewares.nginx-mailcow-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.routers.nginx-mailcow.middlewares=nginx-mailcow-https-redirect"
      - "traefik.http.routers.nginx-mailcow-secure.entrypoints=web-secure"
      - "traefik.http.routers.nginx-mailcow-secure.rule=Host(`mail.example.de`)" # YOUR EMAIL SUBDMAIN
      - "traefik.http.routers.nginx-mailcow-secure.tls=true"
      - "traefik.http.routers.registry-secured.tls.certresolver=myCertResolver" # ADD your Certresolver here
      - "traefik.http.routers.nginx-mailcow-secure.service=nginx-mailcow"
      - "traefik.http.services.nginx-mailcow.loadbalancer.server.port=80"
      - "traefik.docker.network=main"
    networks:
      main:
  certdumper:
    image: humenius/traefik-certs-dumper
    container_name: traefik_certdumper
    restart: unless-stopped
    network_mode: none
    command: --restart-containers mailcowdockerized_postfix-mailcow_1,mailcowdockerized_dovecot-mailcow_1
    volumes:
      # mount the folder which contains Traefik's `acme.json' file
      #   in this case Traefik is started from its own docker-compose in ../traefik
      - /home/niklas/letsencrypt:/traefik:ro
      # mount mailcow's SSL folder
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/assets/ssl:/output:rw
    environment:
      - DOMAIN=mail.example.de # YOUR EMAIL SUBDOMAIN HERE
networks:
  main: # YOUR TRAEFIK NETWORK HERE
    external: true
```

### Download `docker-compose.override`

```
wget https://gist.githubusercontent.com/corusm/063de56d133aa688f9d36a82bd78e607/raw/cdb03c2c5ef8b2ee62808a04b3aff935ab1e02e7/docker-compose.override.yml
```

### Edit File

Now edit the File in line `12, 33, 35` as in the comments explained.

### Edit `Mailcow.conf`

1. 
   Change `SKIP_LETS_ENCRYPT=n` to `SKIP_LETS_ENCRYPT=y`
2. Change `SKIP_CLAMD=n` to `SKIP_CLAMD=y`

### Run Docker-Compose - Start Mailcow

```
sudo docker-compose up
```

If you are done with this tutorial, you can add the `-d`flag to run docker compose in the background.

### Open `mail.example.com`

Start configuring your Mailcow Server!

![](https://dev-to-uploads.s3.amazonaws.com/i/37ppi0kz8x3rq3d9tuuw.png)

### Configure Mailcow

Goto `Configuration > Mail Setup`

### Add Domain

Goto `Configuration > Mail Setup > Domains`

![](https://dev-to-uploads.s3.amazonaws.com/i/fdg9v0q5mv0b0eus1ei2.png)

### Add Mailbox (E-Mail Adress)

Goto `Configuration > Mail Setup > Mailbox`

![](https://dev-to-uploads.s3.amazonaws.com/i/upqxn526f30neyobuiuv.png)

### Open Webmail

`https://mail.example.com/SOGo`

### Login

```
User: user@domain.com
```

![](https://dev-to-uploads.s3.amazonaws.com/i/mkv1z22n07ab50ic5k4e.png)

### Add DNS Config

### Add DMARC Entry

```
_dmarc.domain.com. TXT 3600 "v=DMARC1;p=none;rua=mailto:postmaster@domain.com;ruf=mailto:postmaster@domain.com"
```

### Add MX Entry

```
domain.de MX 3600 10 mail.example.com
```

### Add DKIM Entry

- 
  Goto `Configuration > ARC/DKIM-Keys`

- `Add ARC/DKIM key`

![](https://dev-to-uploads.s3.amazonaws.com/i/vl32lvpfmb1eqvgfm2ph.png)

- 
  Copy Private Key to DNS Server

![](https://dev-to-uploads.s3.amazonaws.com/i/9p3x9mghsrh9nox496zn.png)

### INFO

It takes some time for the DNS Servers to spread the information. Give this process some time!

### Check the Spammyness of your email

[https://www.mail-tester.com/](https://www.mail-tester.com/)

1. 
   Open the Website
2. Send E-Mail to this address
3. Get the review!

![](https://dev-to-uploads.s3.amazonaws.com/i/p3irqhkr8vlhx2iizqgh.png)


Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
corusm
corusm

Posted on June 26, 2023

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related