Update readme.md

readme.md

@@ -0,0 +1,287 @@
+---
+
+```md
+# Mailu Mail Server – Full Setup Guide
+
+Domain: ghaymah.cloud  
+Mail Server: Mailu (Docker)
+
+---
+
+## 1. Purpose
+Deploy a private mail server for a company using Mailu where:
+- Accounts are created by admin only
+- Internal mail works between users
+- External mail works with Gmail and other providers
+- The setup is secure and production-ready
+
+---
+
+## 2. Mailu Setup Wizard
+
+### Step 1: Initial Configuration
+- **Mailu storage path**
+```
+
+/mailu
+
+```
+
+- **Main mail domain**
+```
+
+ghaymah.cloud
+
+```
+
+- **Postmaster local part**
+```
+
+admin
+
+```
+→ `admin@ghaymah.cloud`
+
+- **TLS certificates**
+```
+
+Let's Encrypt
+
+```
+
+- **Rate limits**
+- Failed login per IP: 5/hour
+- Failed login per user: 50/day
+- Outgoing mail per user: 200/day
+
+- ✅ Enable Admin UI
+
+---
+
+### Step 2: Select Features
+- Webmail: Roundcube
+- Antivirus (ClamAV): Enabled
+- Oletools: Enabled
+- Tika: Disabled (high resource usage)
+
+---
+
+### Step 3: Expose Mailu to the Internet
+- **IPv4 listen address**
+```
+
+158.220.97.132
+
+```
+
+- **Docker network subnet**
+```
+
+192.168.203.0/24
+
+```
+
+- IPv6: Disabled
+- Internal DNS resolver (unbound): Enabled
+
+- **Public hostname**
+```
+
+mail.ghaymah.cloud
+
+````
+
+---
+
+### Step 4: Ports
+Default Mailu ports were used.  
+HTTPS (443) was temporarily changed to **8443** to avoid conflicts.
+
+---
+
+### Step 5: Generate and Run Mailu
+```bash
+docker compose up -d
+````
+
+---
+
+## 3. Web Interface Access
+
+* Admin / Webmail URL:
+
+  ```
+  https://mail.ghaymah.cloud:8443
+  ```
+
+### ⚠️ Important Note
+
+Sometimes after startup, the **Web UI / Webmail may not load** due to a temporary issue with the front (nginx) container.
+
+### Solution
+
+Restart the front container:
+
+```bash
+docker restart mailu-front-1
+```
+
+---
+
+## 4. Admin Configuration
+
+* Login as admin
+* Add domain: `ghaymah.cloud`
+* Create user accounts for employees
+* Generate DKIM keys from:
+
+  ```
+  Admin → Domains → Generate keys
+  ```
+
+---
+
+## 5. DNS Records Configuration
+
+### A Record
+
+```dns
+mail.ghaymah.cloud A 158.220.97.132
+```
+
+### MX Record
+
+```dns
+ghaymah.cloud MX 10 mail.ghaymah.cloud
+```
+
+### SPF Record
+
+```dns
+ghaymah.cloud TXT "v=spf1 ip4:158.220.97.132 mx -all"
+```
+
+### DKIM Record
+
+```dns
+mail._domainkey.ghaymah.cloud TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY"
+```
+
+### DMARC Record
+
+```dns
+_dmarc.ghaymah.cloud TXT "v=DMARC1; p=none; rua=mailto:postmaster@ghaymah.cloud"
+```
+
+---
+
+## 6. Reverse DNS (PTR)
+
+Configured at the server provider (Contabo):
+
+```text
+158.220.97.132 → mail.ghaymah.cloud
+```
+
+---
+
+## 7. Testing and Verification
+
+### DNS Checks
+
+```bash
+dig MX ghaymah.cloud +short
+dig TXT ghaymah.cloud +short
+dig TXT mail._domainkey.ghaymah.cloud +short
+dig -x 158.220.97.132 +short
+```
+
+---
+
+## 8. Spam Detection & Analysis Tools
+
+The following tools were used to analyze why emails were going to **Spam** or being **rejected**:
+
+### 8.1 Mail Tester
+
+🔗 [https://www.mail-tester.com](https://www.mail-tester.com)
+
+* Sends a test email and provides a full spam report
+* Checks:
+
+  * SPF
+  * DKIM
+  * DMARC
+  * PTR (Reverse DNS)
+  * IP blacklists
+  * SpamAssassin score
+
+This is the most important tool for diagnosing email delivery issues.
+
+---
+
+### 8.2 MXToolbox
+
+🔗 [https://mxtoolbox.com](https://mxtoolbox.com)
+
+Used to:
+
+* Verify MX records
+* Check SPF, DKIM, and DMARC records
+* Check Reverse DNS (PTR)
+* Detect if the IP is blacklisted
+
+---
+
+### 8.3 DNS Checker
+
+🔗 [https://dnschecker.org](https://dnschecker.org)
+
+Used to:
+
+* Verify DNS propagation worldwide
+* Ensure MX and TXT records are visible globally
+
+---
+
+### 8.4 Google Admin Toolbox
+
+🔗 [https://toolbox.googleapps.com/apps/checkmx/](https://toolbox.googleapps.com/apps/checkmx/)
+
+Used to:
+
+* Validate how Gmail sees the domain
+* Diagnose Gmail-specific delivery issues
+
+---
+
+## 9. Spam Issue Root Cause
+
+Emails were initially classified as spam or rejected due to:
+
+* Missing SPF record
+* Missing DKIM record
+* Incorrect PTR (Reverse DNS)
+* New domain and IP reputation
+* Test email content (very short messages)
+
+---
+
+## 10. Final Result
+
+* Mailu services running successfully
+* Internal mail working
+* External mail working (Gmail, etc.)
+* DKIM validated successfully
+* Spam issues resolved after proper DNS authentication
+
+---
+
+## 11. Notes
+
+* Public user signup is disabled
+* Only admin can create users
+* This mail server is intended for company use only
+
+```
+