Docker based one-click Mailu mail server setup
Explore the docs »
Table of Contents
For sample demo mail server. Please visit at: 0xDeAd Mail with Guest account, default password is [our-team-name]@[account-name]
guest1@0xdead.invincibility
guest2@0xdead.invincibility
See the Usage below for more detail about E2E encryption and Handshake cross domain mail.
We also have a video demo sending E2E mail between 2 handshake domain here.
This repository provides a streamlined script for setting up a secure and private email server using Mailu. With just one click, you can deploy a fully functional Mailu server, eliminating the complexities of manual configuration.
- Effortless Setup: No more spending hours configuring your mail server. Our script automates the entire process, making it accessible to users of all technical backgrounds.
- Secure Communication: Mailu prioritizes security, ensuring your emails are protected with robust encryption features.
- Take Control: Host your own email server and avoid relying on third-party providers who may access your data.
- Open-Source Advantage: Leverage the power and flexibility of open-source software with Mailu and this convenient setup script.
- Standard email server, IMAP and IMAP+, SMTP and Submission with auto-configuration profiles for clients
- Advanced email features, aliases, domain aliases, custom routing, full-text search of email attachments
- Web access, multiple Webmails and administration interface
- User features, aliases, auto-reply, auto-forward, fetched accounts, managesieve
- Admin features, global admins, announcements, per-domain delegation, quotas
- Security, enforced TLS, DANE, MTA-STS, Letsencrypt!, outgoing DKIM, anti-virus scanner, Snuffleupagus, block malicious attachments
- Antispam, auto-learn, greylisting, DMARC and SPF, anti-spoofing
- Freedom, all FOSS components, no tracker included
- E2E Encryption, protect your most sensitive communications with end-to-end encryption, secured by powerful publickey encryption algorithms like ECC secp256k1, RSA 2048, RSA 4096
This tutorial is written for Ubuntu22.04 LTS operating system. For other systems, feel free to use it as a reference and make the script yourself.
-
A HandShake domain, you can buy at Namebase
-
A Ubuntu22.04 server with following tools installed
-
docker
to run the mail server inside containerscurl -fsSL https://get.docker.com -o get-docker.sh sudo sh get-docker.sh sudo groupadd docker sudo usermod -aG docker $USER newgrp docker sudo systemctl enable docker.service sudo systemctl enable containerd.service
-
yq
to modify the yaml config filewget https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -O /usr/bin/yq &&\ chmod +x /usr/bin/yq
-
openssl
to generate self-signed certificatesudo apt install openssl
Go to Namebase to config your DNS record
Blockchain DNS records (On-chain record)
Handshake allows a limited set of DNS record types on chain.
-
Make sure to enable DNSSEC for your domain and Namebase will automaticcaly add 3 DS records
-
To use Namebase's nameservers, create an NS record in the blockchain section with a "Name" of
ns1
and a "Value" of44.231.6.183
Namebase nameserver DNS records (Off-chain record)
- Add an A record for your mail server
- Add an MX record for your mail domain
- For HTTPS certificate validation, add a TLSA record for your domain (you will get the TLSA value after running the script)
Config HNSD for DNS resolution
- Run HNSD using docker (optional)
docker run -d --name hnsd --restart always -p 53:53/udp namebasehq/hnsd "/opt/hnsd/dist/hnsd" -p 4 -r 127.0.0.1:53
- Add the following line to the top of the
/etc/resolv.conf
file
Using your own HNSD server
nameserver 127.0.0.1
Or using public HNSD server
nameserver 103.196.38.38
nameserver 103.196.38.39
It took a while for HNSD to finish running. You can ping a Handshake domain to check everything is working properly
ping your.domain
-
Clone the repository
git clone https://github.com/0xDeAd-team/instruction.git
-
Prepare environment variables
-
DOMAIN: Your main mail domain and server display name
-
HOSTNAMES: Your server's actual hostnames. Every e-mail domain that points to this server must have one of the hostnames in its MX record
-
API_KEY: API-key to use admin API configuration
-
LISTEN_ADDRESS: Address which nginx reverse proxy container will be exposed to. You must use specific addresses, please avoid generic all-interfaces addresses like
0.0.0.0
or::
. -
WORKING_DIR: the directory where your server stored
-
ADMIN_PASSWORD: initial admin password
export DOMAIN=0xdead.invincibility \ HOSTNAMES=mail.0xdead.invincibility \ API_KEY=THISISAPIKEY \ LISTEN_ADDRESS=127.0.0.1 \ WORKING_DIR=~/mailu \ ADMIN_PASSWORD=123456
-
Run
setup.sh
./setup.sh
And wait few seconds and the script will do all the rest for you, from get the config file to run the docker compose containers. You can get this login web page when your server is ready
- To send and receive email from others HandShake domain mail servers, both 2 servers need to set up HNSD to resolve DNS.
With demo website above, you can try to send email to @moon.allinpepetothemoon
mail domain of ToTheMoon team.
- To use E2E encryption, go to webmail client settings and create your PGP keys. Remember that if you want to send encrypted mail for some one, you need to have his public key first to encrypt the mail.
Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.
If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!
- Fork the Project
- Create your Feature Branch (
git checkout -b feature/AmazingFeature
) - Commit your Changes (
git commit -m 'Add some AmazingFeature'
) - Push to the Branch (
git push origin feature/AmazingFeature
) - Open a Pull Request
Distributed under the MIT License. See LICENSE
for more information.
0xDeAd-team - admin@0xdead.invincibility
Project Link: https://github.com/0xDeAd-team/instruction