# README.md — Docker Mailserver (DMS) Setup for knusperkerne.de

This document describes the stable, minimal configuration of your Docker Mailserver (DMS) installation and the daily operational commands required to manage domains and users.

## 1. Project Structure

The directory contains:

- compose.yml  
- .env  
- config/postfix-main.cf  
- config/postfix-master.cf  
- config/postfix-accounts.cf  
- config/postfix-virtual.cf  
- config/opendkim/*  
- volumes: maildata, mailstate, maillogs  
- snappymail/ (webmail)

## 2. Services

### mail (Docker Mailserver 12.x)
- Hostname: mailsystem.knusperkerne.de  
- Ports: SMTP(25), SUBMISSION(587), IMAPS(993)  
- Configuration directory mounted to `/tmp/docker-mailserver`  
- SPF-Checks fully disabled via postfix-main.cf and postfix-master.cf overrides  
- DKIM enabled via `/config/opendkim`

### snappymail (Webmail)
- Bound to 127.0.0.1:${SNAPPYMAIL_PORT}  
- Stores data in ./snappymail

## 3. Essential Admin Commands

All commands are executed inside the mailserver container:

### Enter the container
docker exec -it mailserver bash

### 3.1 Add a domain
Domains do not require a separate explicit create-command.  
To ensure DMS recognizes a domain, add a dummy account:
setup email add dms-domain-init@yourdomain.de somepassword

After DNS MX + A records propagate, the domain becomes active.

### 3.2 Add a real user
setup email add USER@DOMAIN.TLD PASSWORD

### 3.3 Change a user password
setup email update USER@DOMAIN.TLD PASSWORD

### 3.4 Delete a user
setup email del USER@DOMAIN.TLD

### 3.5 List all accounts
setup email list

### 3.6 Show mailbox sizes
du -sh /var/mail/vhosts/DOMAIN.TLD/USER/

### 3.7 Rebuild postfix/dovecot after config changes
Supervised automatically at startup; restart the container after modifying any file under config/:
docker compose restart mail

## 4. Config Overrides

### 4.1 postfix-main.cf
- Disables SPF policy checks completely  
- Keeps only minimal safe recipient checks:

policyd-spf_time_limit = 0
smtpd_recipient_restrictions =
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination

### 4.2 postfix-master.cf
Overrides the policyd-spf service to discard:

policyd-spf unix  -   n   n   -   0   discard

### 4.3 postfix-accounts.cf
Auto-generated by DMS. Contains user → password-hash entries.

### 4.4 postfix-virtual.cf
Virtual alias configuration for mail routing.

## 5. DNS Requirements

For each domain:

MX 10 mailsystem.knusperkerne.de  
A mailsystem.knusperkerne.de → YOUR.SERVER.IP  
SPF TXT (liberal): "v=spf1 a mx ~all"  
DKIM: Add the public key from config/opendkim/keys/DOMAIN/mail.txt

## 6. Backup

- Backup volumes: maildata, mailstate  
- Backup config/: postfix configs and DKIM keys  
- Logs are in maillogs/

## 7. Notes

- SPF checks are intentionally disabled (forwarding-friendly).  
- DKIM signing remains active and reliable for reputation.  
- DMS v12 receives security updates and remains stable.  
- No additional MTA/MDA components are required; Postfix+Dovecot are fully integrated.