{"id":4205,"date":"2022-07-26T16:30:27","date_gmt":"2022-07-26T16:30:27","guid":{"rendered":"http:\/\/www.f1linux.com\/?page_id=4205"},"modified":"2026-05-28T16:03:15","modified_gmt":"2026-05-28T15:03:15","slug":"docker-mailserver","status":"publish","type":"page","link":"https:\/\/www.f1linux.com\/?page_id=4205","title":{"rendered":"Docker- Mailserver"},"content":{"rendered":"\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"http:\/\/www.f1linux.com\/wp-content\/uploads\/2022\/09\/Screenshot-2022-09-13-at-11.36.38.png\" alt=\"\"\/><figcaption class=\"wp-element-caption\">DKIM &amp; SPF Anti-Spoofing Protection in Action: Email signed by F1Linux&#8217;s mail server passing validation by Gmail&#8217;s mail server<\/figcaption><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\">F1Linux Mail Image Leasing:<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The F1Linux containerized email solution has been extensively tested and improved over the last 5 years and now available to clients.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">It routes mail for one or more domains with Anti-Spam (SPF), Anti-Spoofing (DKIM), TLS Transit Encryption &amp; TLS Client authentication to access mail<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As new versions of Postifx are released, containers will be rebuilt and tested with the newer version and released to the client ensuring they are using the latest, security patched versions in production. As data is disaggregated from the the docker image by mounting local iSCSI storage inside as a persistent Docker Volume, the data becomes immediately available in the new Postfix version of the container.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Client Provides<\/strong>:\n<ul class=\"wp-block-list\">\n<li>iSCSI Storage to auto-mount into Docker container for data persistence<\/li>\n\n\n\n<li>(1) networked host to use run the container- F1Linux can <\/li>\n\n\n\n<li>Public IP for the\u00a0container<\/li>\n\n\n\n<li>Keys\/logins to their DNS, Docker host, storage &amp; network devices<\/li>\n\n\n\n<li>DNS Access:\n<ul class=\"wp-block-list\">\n<li> New Installs: to be provided at least (2) days prior to allow for propagation of records<\/li>\n\n\n\n<li>Migrations: at least (30) days prior access to drop the TTLS down low to expire the DNS records before the flip<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>F1Linux Provides<\/strong>: A correct, fully tested containerized mail server comprised of the following configuration\n<ul class=\"wp-block-list\">\n<li>Docker Config<\/li>\n\n\n\n<li>Docker Image: Alpine Linux\n<ul class=\"wp-block-list\">\n<li>Multi-Arch Build Options: amd64, arm32v5, arm32v6, arm32v7, arm64v8<\/li>\n\n\n\n<li>Current release versions of Postfix, Dovecot, OpenDKIM &amp; dependent apps &amp; libraries installed &amp; configured<\/li>\n\n\n\n<li><em>compose.yml<\/em> config to raise container from image tailored to local networking &amp; storage<\/li>\n\n\n\n<li>NOTE: Configs are not immutable- they can be modified as required when container is in prod.<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>TLS Server Config: Encrypt mail in transit between sending &amp; receiving mail servers\n<ul class=\"wp-block-list\">\n<li>Let\u2019s Encrypt Certs used; certs rewed every three months<\/li>\n\n\n\n<li>NOTE: Mail to domains routed by the mail server are delivered locally and never leaves host<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>TLS Client Config:\n<ul class=\"wp-block-list\">\n<li>\u00a0Access to mail store is via TLS Client Cert; much more secure than password access<\/li>\n\n\n\n<li>Let\u2019s Encrypt discontinued TLS Client Certs, so these must now be purchased from a cert vendor<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>DNS Records Creation\/Modification: (1) or more mail domains\n<ul class=\"wp-block-list\">\n<li>MX (Mail Exchange) Records<\/li>\n\n\n\n<li>PTR (Reverse DNS) Records<\/li>\n\n\n\n<li>DKIM (Anti-Spoofing) Records<\/li>\n\n\n\n<li>SPF (Anti-Spam) Records<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>IPv4\/6 Networking: Host networking as well as dependent switches &amp; routers\n<ul class=\"wp-block-list\">\n<li>Firewalling<\/li>\n\n\n\n<li>IPv4 DNAT\u2019ing<\/li>\n\n\n\n<li>Routing<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li>Persistent Network Storage: Mail folders, TLS certs, backups &amp; maillogs\n<ul class=\"wp-block-list\">\n<li>iSCSI LUN Creation &amp; Config<\/li>\n\n\n\n<li>Auto-mounting config on Docker Host to use as a Docker Volume<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Optional Services<\/strong>:\n<ul class=\"wp-block-list\">\n<li>IMAP configuration with TLS cert auth<\/li>\n\n\n\n<li>Storage configuration<\/li>\n\n\n\n<li>New Server Hardware install, networking &amp; config<\/li>\n\n\n\n<li>Data Migration<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Case Study, Mail Services Migration: FROM hosted service TO in-house service<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">NOTE: Although the below was a non-containerized mailserver migration, it is evidence of deep &amp; wide comptency implementing &amp; migrating mailservers for a large global organization and supported by endorsements at the bottom of this page.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">When one of the world\u2019s largest AgriTech businesses Syngenta decided to migrate their Postfix infrastructure from a third-party hosted &amp; managed solution back in-house, after a global search they choose F1Linux.com based on their extensive experience with Postfix dating back to 2002. Because their mail system is integrated into other IT gears, any disruption caused by the migration could result in \u00a3millions of pounds of losses. F1Linux.com delivered the project on time, within budget and even trained the client\u2019s (10) staff in Pune India to operate their shiny new Postfix gears.&nbsp;<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp; &nbsp; &nbsp;\u2013 Provided the Linux &amp; Networking expertise to a large project this elite IT consultancy was operating for one of the world\u2019s largest agricultural businesses.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp; &nbsp; &nbsp;\u2013 Migrated the Postfix services back INhouse to a loadbalanced configuration across (2) data centers in France. NAT\u2019ing was breaking things, but as I\u2019m a network engineer I liaised with the network team and agreed a solution.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">&nbsp; &nbsp; &nbsp;\u2013&nbsp;Provided Performance Oriented Training in both Linux Systems Administration and the application itself to staff in India to maintain &amp; support the system.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The application was tightly integrated with all Client\u2019s key business processes, including payments and ERM systems; there could be no downtime or failure.&nbsp; The \u00a33 million liability cover they required reflected the risks related to the project.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">A large performance bonus was awarded for delivery exceeding requirements<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\u201c<em>I<strong> engaged Terrence [Houlahan] as the Linux Subject Matter Expert on a global client\u2019s major email service insourcing programme, to deliver new platforms and train client teams. The programme was large and complex, with significant dependencies on new Linux services that Terrence was responsible for delivering. Success in the role not only hinged on excellent Linux skills but also cross-cultural competencies working as an embedded expert in a global team, training and helping them to adopt the new systems.<\/strong><\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em><strong>Terrence\u2019s exceptional Linux knowledge and his ability to both anticipate requirements and react to scope changes was key to the successful delivery. His outstanding Linux experience was clearly demonstrated by both his hands-on delivery and technical training of a team who, for the most part, had no prior experience in Linux. Most importantly, Terrence\u2019s technical capability combined with his friendly nature and ability to elicit cooperation across global teams resulted in outstanding reviews from the client\u2019s senior managers.<\/strong><\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em><strong>Terrence was key to the success of the overall project: delivering new Linux services and enabling a client team with no Linux experience to become self-sufficient in administering a complex environment of new platforms in a very short timescale. Any future requirements requiring Linux Engineers, I\u2019ll be calling Terrence, and I wholeheartedly recommend him.<\/strong><\/em>\u201d<\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><em>\u2013 Ian Kayne, Mason Advisory:\u00a0 Syngenta Project Lead, Mason Advisory (2018)<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\"><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The ultimate endorsement of the work though was a large- <em>and completely unsolicited<\/em>&#8211; bonus payment for exceeding their delivery expectations and getting ALL positive reviews from the Client and their staff.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">\t\t\t\t\t<a href=\"https:\/\/www.f1linux.com\/?page_id=4839\"><br>\n\t\t\t\t\t\t\t\t\tBack to Docker Home<br>\n\t\t\t\t\t<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>F1Linux Mail Image Leasing: The F1Linux containerized email solution has been extensively tested and improved over the last 5 years and now available to clients. It routes mail for one or more domains with Anti-Spam (SPF), Anti-Spoofing (DKIM), TLS Transit Encryption &amp; TLS Client authentication to access mail As new versions of Postifx are released, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4205","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/www.f1linux.com\/index.php?rest_route=\/wp\/v2\/pages\/4205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.f1linux.com\/index.php?rest_route=\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.f1linux.com\/index.php?rest_route=\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.f1linux.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.f1linux.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4205"}],"version-history":[{"count":91,"href":"https:\/\/www.f1linux.com\/index.php?rest_route=\/wp\/v2\/pages\/4205\/revisions"}],"predecessor-version":[{"id":5095,"href":"https:\/\/www.f1linux.com\/index.php?rest_route=\/wp\/v2\/pages\/4205\/revisions\/5095"}],"wp:attachment":[{"href":"https:\/\/www.f1linux.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}