285 أسطر
4.2 KiB
Markdown
285 أسطر
4.2 KiB
Markdown
# Mailu Mail Server – Full Setup Guide
|
||
|
||
Domain: ghaymah.cloud
|
||
Mail Server: Mailu (Docker)
|
||
|
||
---
|
||
|
||
## 1. Purpose
|
||
Deploy a private mail server for a company using Mailu where:
|
||
- Accounts are created by admin only
|
||
- Internal mail works between users
|
||
- External mail works with Gmail and other providers
|
||
- The setup is secure and production-ready
|
||
|
||
---
|
||
|
||
## 2. Mailu Setup Wizard
|
||
|
||
### Step 1: Initial Configuration
|
||
- **Mailu storage path**
|
||
```
|
||
|
||
/mailu
|
||
|
||
```
|
||
|
||
- **Main mail domain**
|
||
```
|
||
|
||
ghaymah.cloud
|
||
|
||
```
|
||
|
||
- **Postmaster local part**
|
||
```
|
||
|
||
admin
|
||
|
||
```
|
||
→ `admin@ghaymah.cloud`
|
||
|
||
- **TLS certificates**
|
||
```
|
||
|
||
Let's Encrypt
|
||
|
||
```
|
||
|
||
- **Rate limits**
|
||
- Failed login per IP: 5/hour
|
||
- Failed login per user: 50/day
|
||
- Outgoing mail per user: 200/day
|
||
|
||
- ✅ Enable Admin UI
|
||
|
||
---
|
||
|
||
### Step 2: Select Features
|
||
- Webmail: Roundcube
|
||
- Antivirus (ClamAV): Enabled
|
||
- Oletools: Enabled
|
||
- Tika: Disabled (high resource usage)
|
||
|
||
---
|
||
|
||
### Step 3: Expose Mailu to the Internet
|
||
- **IPv4 listen address**
|
||
```
|
||
|
||
158.220.97.132
|
||
|
||
```
|
||
|
||
- **Docker network subnet**
|
||
```
|
||
|
||
192.168.203.0/24
|
||
|
||
```
|
||
|
||
- IPv6: Disabled
|
||
- Internal DNS resolver (unbound): Enabled
|
||
|
||
- **Public hostname**
|
||
```
|
||
|
||
mail.ghaymah.cloud
|
||
|
||
````
|
||
|
||
---
|
||
|
||
### Step 4: Ports
|
||
Default Mailu ports were used.
|
||
HTTPS (443) was temporarily changed to **8443** to avoid conflicts.
|
||
|
||
---
|
||
|
||
### Step 5: Generate and Run Mailu
|
||
```bash
|
||
docker compose up -d
|
||
````
|
||
|
||
---
|
||
|
||
## 3. Web Interface Access
|
||
|
||
* Admin / Webmail URL:
|
||
|
||
```
|
||
https://mail.ghaymah.cloud:8443
|
||
```
|
||
|
||
### ⚠️ Important Note
|
||
|
||
Sometimes after startup, the **Web UI / Webmail may not load** due to a temporary issue with the front (nginx) container.
|
||
|
||
### Solution
|
||
|
||
Restart the front container:
|
||
|
||
```bash
|
||
docker restart mailu-front-1
|
||
```
|
||
|
||
---
|
||
|
||
## 4. Admin Configuration
|
||
|
||
* Login as admin
|
||
* Add domain: `ghaymah.cloud`
|
||
* Create user accounts for employees
|
||
* Generate DKIM keys from:
|
||
|
||
```
|
||
Admin → Domains → Generate keys
|
||
```
|
||
|
||
---
|
||
|
||
## 5. DNS Records Configuration
|
||
|
||
### A Record
|
||
|
||
```dns
|
||
mail.ghaymah.cloud A 158.220.97.132
|
||
```
|
||
|
||
### MX Record
|
||
|
||
```dns
|
||
ghaymah.cloud MX 10 mail.ghaymah.cloud
|
||
```
|
||
|
||
### SPF Record
|
||
|
||
```dns
|
||
ghaymah.cloud TXT "v=spf1 ip4:158.220.97.132 mx -all"
|
||
```
|
||
|
||
### DKIM Record
|
||
|
||
```dns
|
||
mail._domainkey.ghaymah.cloud TXT "v=DKIM1; k=rsa; p=PUBLIC_KEY"
|
||
```
|
||
|
||
### DMARC Record
|
||
|
||
```dns
|
||
_dmarc.ghaymah.cloud TXT "v=DMARC1; p=none; rua=mailto:postmaster@ghaymah.cloud"
|
||
```
|
||
|
||
---
|
||
|
||
## 6. Reverse DNS (PTR)
|
||
|
||
Configured at the server provider (Contabo):
|
||
|
||
```text
|
||
158.220.97.132 → mail.ghaymah.cloud
|
||
```
|
||
|
||
---
|
||
|
||
## 7. Testing and Verification
|
||
|
||
### DNS Checks
|
||
|
||
```bash
|
||
dig MX ghaymah.cloud +short
|
||
dig TXT ghaymah.cloud +short
|
||
dig TXT mail._domainkey.ghaymah.cloud +short
|
||
dig -x 158.220.97.132 +short
|
||
```
|
||
|
||
---
|
||
|
||
## 8. Spam Detection & Analysis Tools
|
||
|
||
The following tools were used to analyze why emails were going to **Spam** or being **rejected**:
|
||
|
||
### 8.1 Mail Tester
|
||
|
||
🔗 [https://www.mail-tester.com](https://www.mail-tester.com)
|
||
|
||
* Sends a test email and provides a full spam report
|
||
* Checks:
|
||
|
||
* SPF
|
||
* DKIM
|
||
* DMARC
|
||
* PTR (Reverse DNS)
|
||
* IP blacklists
|
||
* SpamAssassin score
|
||
|
||
This is the most important tool for diagnosing email delivery issues.
|
||
|
||
---
|
||
|
||
### 8.2 MXToolbox
|
||
|
||
🔗 [https://mxtoolbox.com](https://mxtoolbox.com)
|
||
|
||
Used to:
|
||
|
||
* Verify MX records
|
||
* Check SPF, DKIM, and DMARC records
|
||
* Check Reverse DNS (PTR)
|
||
* Detect if the IP is blacklisted
|
||
|
||
---
|
||
|
||
### 8.3 DNS Checker
|
||
|
||
🔗 [https://dnschecker.org](https://dnschecker.org)
|
||
|
||
Used to:
|
||
|
||
* Verify DNS propagation worldwide
|
||
* Ensure MX and TXT records are visible globally
|
||
|
||
---
|
||
|
||
### 8.4 Google Admin Toolbox
|
||
|
||
🔗 [https://toolbox.googleapps.com/apps/checkmx/](https://toolbox.googleapps.com/apps/checkmx/)
|
||
|
||
Used to:
|
||
|
||
* Validate how Gmail sees the domain
|
||
* Diagnose Gmail-specific delivery issues
|
||
|
||
---
|
||
|
||
## 9. Spam Issue Root Cause
|
||
|
||
Emails were initially classified as spam or rejected due to:
|
||
|
||
* Missing SPF record
|
||
* Missing DKIM record
|
||
* Incorrect PTR (Reverse DNS)
|
||
* New domain and IP reputation
|
||
* Test email content (very short messages)
|
||
|
||
---
|
||
|
||
## 10. Final Result
|
||
|
||
* Mailu services running successfully
|
||
* Internal mail working
|
||
* External mail working (Gmail, etc.)
|
||
* DKIM validated successfully
|
||
* Spam issues resolved after proper DNS authentication
|
||
|
||
---
|
||
|
||
## 11. Notes
|
||
|
||
* Public user signup is disabled
|
||
* Only admin can create users
|
||
* This mail server is intended for company use only
|
||
|
||
```
|
||
|