Mailcow E-Mail-Komplett Lösung

Allgemein

E-Mail ist nach wie vor ein wichtiger Bestandteil der Kommunikation in Unternehmen und Organisationen. Eine zuverlässige E-Mail-Hosting-Lösung ist unerlässlich, um sicherzustellen, dass E-Mails sicher und effektiv zugestellt werden. Eine solche Lösung ist Mailcow. In diesem Blog-Eintrag werden wir einen Überblick darüber geben, was Mailcow ist, wie es funktioniert und welche Vorteile es bietet.

Mailcow, IMAP, SMTP

Was ist Mailcow?

Mailcow ist eine umfassende E-Mail-Hosting-Lösung, die auf Docker basiert und auf der Open-Source-Software Postfix, Dovecot, SpamAssassin, ClamAV, Roundcube und mehr aufbaut. Es ist eine benutzerfreundliche Lösung, die eine webbasierte Benutzeroberfläche bietet, um E-Mails zu verwalten und zu konfigurieren. Mailcow kann auf einem eigenen Server oder in der Cloud gehostet werden.

Wie funktioniert Mailcow?

Mailcow verwendet Docker-Container, um die verschiedenen Komponenten der E-Mail-Hosting-Lösung zu isolieren und zu verwalten. Jeder Container führt eine bestimmte Aufgabe aus, wie z.B. Postfix für das Senden und Empfangen von E-Mails, Dovecot für das Speichern von E-Mails oder SpamAssassin für die Spam-Filterung. Die Container sind so konfiguriert, dass sie nahtlos zusammenarbeiten und eine stabile und sichere E-Mail-Hosting-Umgebung bieten.

Mailcow verfügt über eine webbasierte Benutzeroberfläche, die es Benutzern ermöglicht, E-Mail-Konten, Aliase, Verteilerlisten und vieles mehr zu erstellen und zu verwalten. Benutzer können auch Spam-Filterungsoptionen konfigurieren und E-Mails über eine webbasierte Oberfläche senden und empfangen.

Welche Vorteile bietet Mailcow?

  1. Einfache Verwaltung: Mailcow bietet eine benutzerfreundliche webbasierte Benutzeroberfläche, die es Benutzern ermöglicht, E-Mail-Konten, Aliase, Verteilerlisten und Spam-Filterungsoptionen schnell und einfach zu erstellen und zu verwalten.
  2. Sicherheit: Mailcow verwendet verschiedene Sicherheitsfunktionen wie SSL/TLS-Verschlüsselung, Spam-Filterung und Virus-Scanning, um sicherzustellen, dass E-Mails sicher und geschützt sind.
  3. Skalierbarkeit: Mailcow kann auf einem eigenen Server oder in der Cloud gehostet werden und kann problemlos auf die wachsenden Bedürfnisse von Unternehmen und Organisationen skaliert werden.
  4. Flexibilität: Mailcow bietet eine Vielzahl von Konfigurationsoptionen, um den spezifischen Anforderungen von Unternehmen und Organisationen gerecht zu werden. Benutzer können auch Plugins hinzufügen, um die Funktionalität von Mailcow zu erweitern.
  5. Open-Source: Mailcow ist eine Open-Source-Software und somit frei verfügbar und anpassbar. Es gibt auch eine aktive Entwicklergemeinschaft, die ständig neue Funktionen hinzufügt und Fehler behebt.

version: ‚2.1‘
services:

unbound-mailcow:
  image: mailcow/unbound:1.17
  environment:
    - TZ=${TZ}
  volumes:
    - ./data/hooks/unbound:/hooks:Z
    - ./data/conf/unbound/unbound.conf:/etc/unbound/unbound.conf:ro,Z
  restart: always
  tty: true
  networks:
    mailcow-network:
      ipv4_address: ${IPV4_NETWORK:-172.22.1}.254
      aliases:
        - unbound

mysql-mailcow:
  image: mariadb:10.5
  depends_on:
    - unbound-mailcow
  stop_grace_period: 45s
  volumes:
    - mysql-vol-1:/var/lib/mysql/
    - mysql-socket-vol-1:/var/run/mysqld/
    - ./data/conf/mysql/:/etc/mysql/conf.d/:ro,Z
  environment:
    - TZ=${TZ}
    - MYSQL_ROOT_PASSWORD=${DBROOT}
    - MYSQL_DATABASE=${DBNAME}
    - MYSQL_USER=${DBUSER}
    - MYSQL_PASSWORD=${DBPASS}
    - MYSQL_INITDB_SKIP_TZINFO=1
  restart: always
  ports:
    - "${SQL_PORT:-127.0.0.1:13306}:3306"
  networks:
    mailcow-network:
      aliases:
        - mysql

redis-mailcow:
  image: redis:7-alpine
  volumes:
    - redis-vol-1:/data/
  restart: always
  ports:
    - "${REDIS_PORT:-127.0.0.1:7654}:6379"
  environment:
    - TZ=${TZ}
  sysctls:
    - net.core.somaxconn=4096
  networks:
    mailcow-network:
      ipv4_address: ${IPV4_NETWORK:-172.22.1}.249
      aliases:
        - redis

clamd-mailcow:
  image: mailcow/clamd:1.61
  restart: always
  depends_on:
    - unbound-mailcow
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  environment:
    - TZ=${TZ}
    - SKIP_CLAMD=${SKIP_CLAMD:-n}
  volumes:
    - ./data/conf/clamav/:/etc/clamav/:Z
    - clamd-db-vol-1:/var/lib/clamav
  networks:
    mailcow-network:
      aliases:
        - clamd

rspamd-mailcow:
  image: mailcow/rspamd:1.92
  stop_grace_period: 30s
  depends_on:
    - dovecot-mailcow
  environment:
    - TZ=${TZ}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
  volumes:
    - ./data/hooks/rspamd:/hooks:Z
    - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
    - ./data/conf/rspamd/override.d/:/etc/rspamd/override.d:Z
    - ./data/conf/rspamd/local.d/:/etc/rspamd/local.d:Z
    - ./data/conf/rspamd/plugins.d/:/etc/rspamd/plugins.d:Z
    - ./data/conf/rspamd/lua/:/etc/rspamd/lua/:ro,Z
    - ./data/conf/rspamd/rspamd.conf.local:/etc/rspamd/rspamd.conf.local:Z
    - ./data/conf/rspamd/rspamd.conf.override:/etc/rspamd/rspamd.conf.override:Z
    - rspamd-vol-1:/var/lib/rspamd
  restart: always
  hostname: rspamd
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  networks:
    mailcow-network:
      aliases:
        - rspamd

php-fpm-mailcow:
  image: mailcow/phpfpm:1.82
  command: "php-fpm -d date.timezone=${TZ} -d expose_php=0"
  depends_on:
    - redis-mailcow
  volumes:
    - ./data/hooks/phpfpm:/hooks:Z
    - ./data/web:/web:z
    - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
    - ./data/conf/rspamd/custom/:/rspamd_custom_maps:z
    - rspamd-vol-1:/var/lib/rspamd
    - mysql-socket-vol-1:/var/run/mysqld/
    - ./data/conf/sogo/:/etc/sogo/:z
    - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
    - ./data/conf/phpfpm/sogo-sso/:/etc/sogo-sso/:z
    - ./data/conf/phpfpm/php-fpm.d/pools.conf:/usr/local/etc/php-fpm.d/z-pools.conf:Z
    - ./data/conf/phpfpm/php-conf.d/opcache-recommended.ini:/usr/local/etc/php/conf.d/opcache-recommended.ini:Z
    - ./data/conf/phpfpm/php-conf.d/upload.ini:/usr/local/etc/php/conf.d/upload.ini:Z
    - ./data/conf/phpfpm/php-conf.d/other.ini:/usr/local/etc/php/conf.d/zzz-other.ini:Z
    - ./data/conf/dovecot/global_sieve_before:/global_sieve/before:z
    - ./data/conf/dovecot/global_sieve_after:/global_sieve/after:z
    - ./data/assets/templates:/tpls:z
    - ./data/conf/nginx/:/etc/nginx/conf.d/:z
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  environment:
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
    - LOG_LINES=${LOG_LINES:-9999}
    - TZ=${TZ}
    - DBNAME=${DBNAME}
    - DBUSER=${DBUSER}
    - DBPASS=${DBPASS}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
    - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
    - IMAP_PORT=${IMAP_PORT:-143}
    - IMAPS_PORT=${IMAPS_PORT:-993}
    - POP_PORT=${POP_PORT:-110}
    - POPS_PORT=${POPS_PORT:-995}
    - SIEVE_PORT=${SIEVE_PORT:-4190}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
    - SUBMISSION_PORT=${SUBMISSION_PORT:-587}
    - SMTPS_PORT=${SMTPS_PORT:-465}
    - SMTP_PORT=${SMTP_PORT:-25}
    - API_KEY=${API_KEY:-invalid}
    - API_KEY_READ_ONLY=${API_KEY_READ_ONLY:-invalid}
    - API_ALLOW_FROM=${API_ALLOW_FROM:-invalid}
    - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
    - SKIP_SOLR=${SKIP_SOLR:-y}
    - SKIP_CLAMD=${SKIP_CLAMD:-n}
    - SKIP_SOGO=${SKIP_SOGO:-n}
    - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
    - MASTER=${MASTER:-y}
    - DEV_MODE=${DEV_MODE:-n}
    - DEMO_MODE=${DEMO_MODE:-n}
    - WEBAUTHN_ONLY_TRUSTED_VENDORS=${WEBAUTHN_ONLY_TRUSTED_VENDORS:-n}
  restart: always
  networks:
    mailcow-network:
      aliases:
        - phpfpm

sogo-mailcow:
  image: mailcow/sogo:1.115
  environment:
    - DBNAME=${DBNAME}
    - DBUSER=${DBUSER}
    - DBPASS=${DBPASS}
    - TZ=${TZ}
    - LOG_LINES=${LOG_LINES:-9999}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
    - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
    - ACL_ANYONE=${ACL_ANYONE:-disallow}
    - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - SOGO_EXPIRE_SESSION=${SOGO_EXPIRE_SESSION:-480}
    - SKIP_SOGO=${SKIP_SOGO:-n}
    - MASTER=${MASTER:-y}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  volumes:
    - ./data/hooks/sogo:/hooks:Z
    - ./data/conf/sogo/:/etc/sogo/:z
    - ./data/web/inc/init_db.inc.php:/init_db.inc.php:Z
    - ./data/conf/sogo/custom-favicon.ico:/usr/lib/GNUstep/SOGo/WebServerResources/img/sogo.ico:z
    - ./data/conf/sogo/custom-theme.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/theme.js:z
    - ./data/conf/sogo/custom-sogo.js:/usr/lib/GNUstep/SOGo/WebServerResources/js/custom-sogo.js:z
    - mysql-socket-vol-1:/var/run/mysqld/
    - sogo-web-vol-1:/sogo_web
    - sogo-userdata-backup-vol-1:/sogo_backup
  labels:
    ofelia.enabled: "true"
    ofelia.job-exec.sogo_sessions.schedule: "@every 1m"
    ofelia.job-exec.sogo_sessions.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool expire-sessions $${SOGO_EXPIRE_SESSION} || exit 0\""
    ofelia.job-exec.sogo_ealarms.schedule: "@every 1m"
    ofelia.job-exec.sogo_ealarms.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-ealarms-notify -p /etc/sogo/sieve.creds || exit 0\""
    ofelia.job-exec.sogo_eautoreply.schedule: "@every 5m"
    ofelia.job-exec.sogo_eautoreply.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds || exit 0\""
    ofelia.job-exec.sogo_backup.schedule: "@every 24h"
    ofelia.job-exec.sogo_backup.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu sogo /usr/sbin/sogo-tool backup /sogo_backup ALL || exit 0\""
  restart: always
  networks:
    mailcow-network:
      ipv4_address: ${IPV4_NETWORK:-172.22.1}.248
      aliases:
        - sogo

dovecot-mailcow:
  image: mailcow/dovecot:1.22
  depends_on:
    - mysql-mailcow
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  cap_add:
    - NET_BIND_SERVICE
  volumes:
    - ./data/hooks/dovecot:/hooks:Z
    - ./data/conf/dovecot:/etc/dovecot:z
    - ./data/assets/ssl:/etc/ssl/mail/:ro,z
    - ./data/conf/sogo/:/etc/sogo/:z
    - ./data/conf/phpfpm/sogo-sso/:/etc/phpfpm/:z
    - vmail-vol-1:/var/vmail
    - vmail-index-vol-1:/var/vmail_index
    - crypt-vol-1:/mail_crypt/
    - ./data/conf/rspamd/custom/:/etc/rspamd/custom:z
    - ./data/assets/templates:/templates:z
    - rspamd-vol-1:/var/lib/rspamd
    - mysql-socket-vol-1:/var/run/mysqld/
  environment:
    - DOVECOT_MASTER_USER=${DOVECOT_MASTER_USER:-}
    - DOVECOT_MASTER_PASS=${DOVECOT_MASTER_PASS:-}
    - LOG_LINES=${LOG_LINES:-9999}
    - DBNAME=${DBNAME}
    - DBUSER=${DBUSER}
    - DBPASS=${DBPASS}
    - TZ=${TZ}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
    - MAILCOW_PASS_SCHEME=${MAILCOW_PASS_SCHEME:-BLF-CRYPT}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
    - MAILDIR_GC_TIME=${MAILDIR_GC_TIME:-7200}
    - ACL_ANYONE=${ACL_ANYONE:-disallow}
    - SKIP_SOLR=${SKIP_SOLR:-y}
    - MAILDIR_SUB=${MAILDIR_SUB:-}
    - MASTER=${MASTER:-y}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
    - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
  ports:
    - "${DOVEADM_PORT:-127.0.0.1:19991}:12345"
    - "${IMAP_PORT:-143}:143"
    - "${IMAPS_PORT:-993}:993"
    - "${POP_PORT:-110}:110"
    - "${POPS_PORT:-995}:995"
    - "${SIEVE_PORT:-4190}:4190"
  restart: always
  tty: true
  labels:
    ofelia.enabled: "true"
    ofelia.job-exec.dovecot_imapsync_runner.schedule: "@every 1m"
    ofelia.job-exec.dovecot_imapsync_runner.no-overlap: "true"
    ofelia.job-exec.dovecot_imapsync_runner.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu nobody /usr/local/bin/imapsync_runner.pl || exit 0\""
    ofelia.job-exec.dovecot_trim_logs.schedule: "@every 1m"
    ofelia.job-exec.dovecot_trim_logs.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/trim_logs.sh || exit 0\""
    ofelia.job-exec.dovecot_quarantine.schedule: "@every 20m"
    ofelia.job-exec.dovecot_quarantine.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/quarantine_notify.py || exit 0\""
    ofelia.job-exec.dovecot_clean_q_aged.schedule: "@every 24h"
    ofelia.job-exec.dovecot_clean_q_aged.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/local/bin/gosu vmail /usr/local/bin/clean_q_aged.sh || exit 0\""
    ofelia.job-exec.dovecot_maildir_gc.schedule: "@every 30m"
    ofelia.job-exec.dovecot_maildir_gc.command: "/bin/bash -c \"source /source_env.sh ; /usr/local/bin/gosu vmail /usr/local/bin/maildir_gc.sh\""
    ofelia.job-exec.dovecot_sarules.schedule: "@every 24h"
    ofelia.job-exec.dovecot_sarules.command: "/bin/bash -c \"/usr/local/bin/sa-rules.sh\""
    ofelia.job-exec.dovecot_fts.schedule: "@every 24h"
    ofelia.job-exec.dovecot_fts.command: "/usr/bin/curl https://solr:8983/solr/dovecot-fts/update?optimize=true"
    ofelia.job-exec.dovecot_repl_health.schedule: "@every 5m"
    ofelia.job-exec.dovecot_repl_health.command: "/bin/bash -c \"/usr/local/bin/gosu vmail /usr/local/bin/repl_health.sh\""
  ulimits:
    nproc: 65535
    nofile:
      soft: 20000
      hard: 40000
  networks:
    mailcow-network:
      ipv4_address: ${IPV4_NETWORK:-172.22.1}.250
      aliases:
        - dovecot

postfix-mailcow:
  image: mailcow/postfix:1.68
  depends_on:
    - mysql-mailcow
  volumes:
    - ./data/hooks/postfix:/hooks:Z
    - ./data/conf/postfix:/opt/postfix/conf:z
    - ./data/assets/ssl:/etc/ssl/mail/:ro,z
    - postfix-vol-1:/var/spool/postfix
    - crypt-vol-1:/var/lib/zeyple
    - rspamd-vol-1:/var/lib/rspamd
    - mysql-socket-vol-1:/var/run/mysqld/
  environment:
    - LOG_LINES=${LOG_LINES:-9999}
    - TZ=${TZ}
    - DBNAME=${DBNAME}
    - DBUSER=${DBUSER}
    - DBPASS=${DBPASS}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
  cap_add:
    - NET_BIND_SERVICE
  ports:
    - "${SMTP_PORT:-25}:25"
    - "${SMTPS_PORT:-465}:465"
    - "${SUBMISSION_PORT:-587}:587"
  restart: always
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  networks:
    mailcow-network:
      ipv4_address: ${IPV4_NETWORK:-172.22.1}.253
      aliases:
        - postfix

memcached-mailcow:
  image: memcached:alpine
  restart: always
  environment:
    - TZ=${TZ}
  networks:
    mailcow-network:
      aliases:
        - memcached

nginx-mailcow:
  depends_on:
    - sogo-mailcow
    - php-fpm-mailcow
    - redis-mailcow
  image: nginx:mainline-alpine
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  command: /bin/sh -c "envsubst < /etc/nginx/conf.d/templates/listen_plain.template > /etc/nginx/conf.d/listen_plain.active &&
    envsubst < /etc/nginx/conf.d/templates/listen_ssl.template > /etc/nginx/conf.d/listen_ssl.active &&
    envsubst < /etc/nginx/conf.d/templates/sogo.template > /etc/nginx/conf.d/sogo.active &&
    . /etc/nginx/conf.d/templates/server_name.template.sh > /etc/nginx/conf.d/server_name.active &&
    . /etc/nginx/conf.d/templates/sites.template.sh > /etc/nginx/conf.d/sites.active &&
    . /etc/nginx/conf.d/templates/sogo_eas.template.sh > /etc/nginx/conf.d/sogo_eas.active &&
    nginx -qt &&
    until ping phpfpm -c1 > /dev/null; do sleep 1; done &&
    until ping sogo -c1 > /dev/null; do sleep 1; done &&
    until ping redis -c1 > /dev/null; do sleep 1; done &&
    until ping rspamd -c1 > /dev/null; do sleep 1; done &&
    exec nginx -g 'daemon off;'"
  environment:
    - HTTPS_PORT=${HTTPS_PORT:-443}
    - HTTP_PORT=${HTTP_PORT:-80}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - TZ=${TZ}
    - SKIP_SOGO=${SKIP_SOGO:-n}
    - ALLOW_ADMIN_EMAIL_LOGIN=${ALLOW_ADMIN_EMAIL_LOGIN:-n}
    - ADDITIONAL_SERVER_NAMES=${ADDITIONAL_SERVER_NAMES:-}
  volumes:
    - ./data/web:/web:ro,z
    - ./data/conf/rspamd/dynmaps:/dynmaps:ro,z
    - ./data/assets/ssl/:/etc/ssl/mail/:ro,z
    - ./data/conf/nginx/:/etc/nginx/conf.d/:z
    - ./data/conf/rspamd/meta_exporter:/meta_exporter:ro,z
    - sogo-web-vol-1:/usr/lib/GNUstep/SOGo/
  ports:
    - "${HTTPS_BIND:-}:${HTTPS_PORT:-443}:${HTTPS_PORT:-443}"
    - "${HTTP_BIND:-}:${HTTP_PORT:-80}:${HTTP_PORT:-80}"
  restart: always
  networks:
    mailcow-network:
      aliases:
        - nginx

acme-mailcow:
  depends_on:
    - nginx-mailcow
  image: mailcow/acme:1.84
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  environment:
    - LOG_LINES=${LOG_LINES:-9999}
    - ACME_CONTACT=${ACME_CONTACT:-}
    - ADDITIONAL_SAN=${ADDITIONAL_SAN}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
    - DBNAME=${DBNAME}
    - DBUSER=${DBUSER}
    - DBPASS=${DBPASS}
    - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
    - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
    - DIRECTORY_URL=${DIRECTORY_URL:-}
    - ENABLE_SSL_SNI=${ENABLE_SSL_SNI:-n}
    - SKIP_IP_CHECK=${SKIP_IP_CHECK:-n}
    - SKIP_HTTP_VERIFICATION=${SKIP_HTTP_VERIFICATION:-n}
    - ONLY_MAILCOW_HOSTNAME=${ONLY_MAILCOW_HOSTNAME:-n}
    - LE_STAGING=${LE_STAGING:-n}
    - TZ=${TZ}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
    - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
    - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
  volumes:
    - ./data/web/.well-known/acme-challenge:/var/www/acme:z
    - ./data/assets/ssl:/var/lib/acme/:z
    - ./data/assets/ssl-example:/var/lib/ssl-example/:ro,Z
    - mysql-socket-vol-1:/var/run/mysqld/
  restart: always
  networks:
    mailcow-network:
      aliases:
        - acme

netfilter-mailcow:
  image: mailcow/netfilter:1.51
  stop_grace_period: 30s
  depends_on:
    - dovecot-mailcow
    - postfix-mailcow
    - sogo-mailcow
    - php-fpm-mailcow
    - redis-mailcow
  restart: always
  privileged: true
  environment:
    - TZ=${TZ}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
    - SNAT_TO_SOURCE=${SNAT_TO_SOURCE:-n}
    - SNAT6_TO_SOURCE=${SNAT6_TO_SOURCE:-n}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
  network_mode: "host"
  volumes:
    - /lib/modules:/lib/modules:ro

watchdog-mailcow:
  image: mailcow/watchdog:1.97
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  tmpfs:
    - /tmp
  volumes:
    - rspamd-vol-1:/var/lib/rspamd
    - mysql-socket-vol-1:/var/run/mysqld/
    - postfix-vol-1:/var/spool/postfix
    - ./data/assets/ssl:/etc/ssl/mail/:ro,z
  restart: always
  environment:
    - IPV6_NETWORK=${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}
    - LOG_LINES=${LOG_LINES:-9999}
    - TZ=${TZ}
    - DBNAME=${DBNAME}
    - DBUSER=${DBUSER}
    - DBPASS=${DBPASS}
    - DBROOT=${DBROOT}
    - USE_WATCHDOG=${USE_WATCHDOG:-n}
    - WATCHDOG_NOTIFY_EMAIL=${WATCHDOG_NOTIFY_EMAIL:-}
    - WATCHDOG_NOTIFY_BAN=${WATCHDOG_NOTIFY_BAN:-y}
    - WATCHDOG_SUBJECT=${WATCHDOG_SUBJECT:-Watchdog ALERT}
    - WATCHDOG_EXTERNAL_CHECKS=${WATCHDOG_EXTERNAL_CHECKS:-n}
    - WATCHDOG_MYSQL_REPLICATION_CHECKS=${WATCHDOG_MYSQL_REPLICATION_CHECKS:-n}
    - WATCHDOG_VERBOSE=${WATCHDOG_VERBOSE:-n}
    - MAILCOW_HOSTNAME=${MAILCOW_HOSTNAME}
    - COMPOSE_PROJECT_NAME=${COMPOSE_PROJECT_NAME:-mailcow-dockerized}
    - IPV4_NETWORK=${IPV4_NETWORK:-172.22.1}
    - IP_BY_DOCKER_API=${IP_BY_DOCKER_API:-0}
    - CHECK_UNBOUND=${CHECK_UNBOUND:-1}
    - SKIP_CLAMD=${SKIP_CLAMD:-n}
    - SKIP_LETS_ENCRYPT=${SKIP_LETS_ENCRYPT:-n}
    - SKIP_SOGO=${SKIP_SOGO:-n}
    - HTTPS_PORT=${HTTPS_PORT:-443}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
    - EXTERNAL_CHECKS_THRESHOLD=${EXTERNAL_CHECKS_THRESHOLD:-1}
    - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
    - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
    - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
    - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
    - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1}
    - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3}
    - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8}
    - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15}
    - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12}
    - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20}
    - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5}
    - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1}
    - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1}
    - ACME_THRESHOLD=${ACME_THRESHOLD:-1}
    - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
    - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
    - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
    - MAILQ_CRIT=${MAILQ_CRIT:-30}
  networks:
    mailcow-network:
      aliases:
        - watchdog

dockerapi-mailcow:
  image: mailcow/dockerapi:2.01
  security_opt:
    - label=disable
  restart: always
  dns:
    - ${IPV4_NETWORK:-172.22.1}.254
  environment:
    - DBROOT=${DBROOT}
    - TZ=${TZ}
    - REDIS_SLAVEOF_IP=${REDIS_SLAVEOF_IP:-}
    - REDIS_SLAVEOF_PORT=${REDIS_SLAVEOF_PORT:-}
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
  networks:
    mailcow-network:
      aliases:
        - dockerapi

solr-mailcow:
  image: mailcow/solr:1.8.1
  restart: always
  volumes:
    - solr-vol-1:/opt/solr/server/solr/dovecot-fts/data
  ports:
    - "${SOLR_PORT:-127.0.0.1:18983}:8983"
  environment:
    - TZ=${TZ}
    - SOLR_HEAP=${SOLR_HEAP:-1024}
    - SKIP_SOLR=${SKIP_SOLR:-y}
  networks:
    mailcow-network:
      aliases:
        - solr

olefy-mailcow:
  image: mailcow/olefy:1.11
  restart: always
  environment:
    - TZ=${TZ}
    - OLEFY_BINDADDRESS=0.0.0.0
    - OLEFY_BINDPORT=10055
    - OLEFY_TMPDIR=/tmp
    - OLEFY_PYTHON_PATH=/usr/bin/python3
    - OLEFY_OLEVBA_PATH=/usr/bin/olevba
    - OLEFY_LOGLVL=20
    - OLEFY_MINLENGTH=500
    - OLEFY_DEL_TMP=1
  networks:
    mailcow-network:
      aliases:
        - olefy

ofelia-mailcow:
  image: mcuadros/ofelia:latest
  restart: always
  command: daemon --docker
  environment:
    - TZ=${TZ}
  depends_on:
    - sogo-mailcow
    - dovecot-mailcow
  labels:
    ofelia.enabled: "true"
  security_opt:
    - label=disable
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
  networks:
    mailcow-network:
      aliases:
        - ofelia

ipv6nat-mailcow:
  depends_on:
    - unbound-mailcow
    - mysql-mailcow
    - redis-mailcow
    - clamd-mailcow
    - rspamd-mailcow
    - php-fpm-mailcow
    - sogo-mailcow
    - dovecot-mailcow
    - postfix-mailcow
    - memcached-mailcow
    - nginx-mailcow
    - acme-mailcow
    - netfilter-mailcow
    - watchdog-mailcow
    - dockerapi-mailcow
    - solr-mailcow
  environment:
    - TZ=${TZ}
  image: robbertkl/ipv6nat
  security_opt:
    - label=disable
  restart: always
  privileged: true
  network_mode: "host"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - /lib/modules:/lib/modules:ro
mailcow-network:
driver: bridge
driver_opts:
com.docker.network.bridge.name: br-mailcow
enable_ipv6: true
ipam:
driver: default
config:
- subnet: ${IPV4_NETWORK:-172.22.1}.0/24
- subnet: ${IPV6_NETWORK:-fd4d:6169:6c63:6f77::/64}

volumes:
vmail-vol-1:
vmail-index-vol-1:
mysql-vol-1:
mysql-socket-vol-1:
redis-vol-1:
rspamd-vol-1:
solr-vol-1:
postfix-vol-1:
crypt-vol-1:
sogo-web-vol-1:
sogo-userdata-backup-vol-1:
clamd-db-vol-1:
https://github.com/mailcow/mailcow-dockerized/blob/master/docker-compose.yml