From d4c11378fe89ba87018436347e13290fc411070f Mon Sep 17 00:00:00 2001
From: Greg Johnson <greg.johnson@anekol.com>
Date: Sat, 20 Sep 2025 12:20:46 +1000
Subject: [PATCH] update

---
 mail/README.md   |  7 +++++
 mail/compose.yml | 79 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 86 insertions(+)
 create mode 100644 mail/README.md
 create mode 100644 mail/compose.yml

diff --git a/mail/README.md b/mail/README.md
new file mode 100644
index 0000000..ca56198
--- /dev/null
+++ b/mail/README.md
@@ -0,0 +1,7 @@
+To reset counters/stats:
+$ docker exec -it mail bash
+# curl -X POST http://localhost:11334/statreset
+
+To learn spam
+# cd /var/mail/saltaire.com.au/greg.johnson/.Junk/cur
+# rspamc learn_spam .
diff --git a/mail/compose.yml b/mail/compose.yml
new file mode 100644
index 0000000..044de67
--- /dev/null
+++ b/mail/compose.yml
@@ -0,0 +1,79 @@
+
+name: mail
+
+services:
+  mail:
+    container_name: mail
+    image: mailserver/docker-mailserver:15.1.0
+    restart: unless-stopped
+    stop_grace_period: 1m
+    hostname: mail.saltaire.com.au
+    ports:
+      - "25:25"   # SMTP  (explicit TLS => STARTTLS)
+      - "143:143" # IMAP4 (explicit TLS => STARTTLS)
+      - "465:465" # ESMTP (implicit TLS)
+      - "587:587" # ESMTP (explicit TLS => STARTTLS)
+      - "993:993" # IMAP4 (implicit TLS)
+    environment:
+      ENABLE_FAIL2BAN: 1
+      ENABLE_QUOTAS: 0
+
+      # Rspamd 
+      ENABLE_RSPAMD: 1
+      # ClamAV is compatible with Rspamd
+      ENABLE_CLAMAV: 0
+      # Rspamd replaces the functionality of these anti-spam services, disable them:
+      ENABLE_AMAVIS: 0
+      ENABLE_OPENDKIM: 0
+      ENABLE_OPENDMARC: 0
+      ENABLE_POLICYD_SPF: 0
+      ENABLE_POSTGREY: 0
+      ENABLE_SPAMASSASSIN: 0
+
+      # empty => 10240000 (~10 MB)
+      POSTFIX_MESSAGE_SIZE_LIMIT: 81920000
+
+      # Rspamd options
+      RSPAMD_GREYLISTING: 1
+      RSPAMD_LEARN: 1
+
+      SPOOF_PROTECTION: 1
+      SSL_TYPE: letsencrypt
+
+      LOG_LEVEL:  info
+    networks:
+      - proxy
+    volumes:
+      - type: volume
+        source: proxy_data
+        target: /etc/letsencrypt/live/mail.saltaire.com.au/fullchain.pem
+        volume:
+          nocopy: true
+          subpath: caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.saltaire.com.au/mail.saltaire.com.au.crt
+      - type: volume
+        source: proxy_data
+        target: /etc/letsencrypt/live/mail.saltaire.com.au/privkey.pem
+        volume:
+          nocopy: true
+          subpath: caddy/certificates/acme-v02.api.letsencrypt.org-directory/mail.saltaire.com.au/mail.saltaire.com.au.key
+      - data:/var/mail/
+      - logs:/var/log/mail/
+      - state:/var/mail-state/
+      - /etc/localtime:/etc/localtime:ro
+      - ./config/:/tmp/docker-mailserver/
+      - ./config/cron/sa-learn:/etc/cron.d/sa-learn
+    cap_add:
+      - NET_ADMIN
+    healthcheck:
+      test: "ss --listening --tcp | grep -P 'LISTEN.+:smtp' || exit 1"
+      timeout: 3s
+      retries: 0
+networks:
+  proxy:
+    external: true
+volumes:
+  data:
+  logs:
+  state:
+  proxy_data:
+    external: true