Setup Mailu server in OCI

Setting up mail server might be a difficult task to start with. But a personal mail server servers many purposes in addition to ownership of the server.

Below is a high-level guide line for setting up a mail server

• Oracle Cloud infrastructure
• Docker environment
• Mailu – mailserver
• Cloudflare

Prepare Environment

Open your web browser and go to: https://setup.mailu.io/

Fill in the details as follows (adjust to your specific needs):

• Mailu storage path: Keep /mailu (or change if you want to store data elsewhere on your host).
• Main mail domain and server display name: Your primary domain (e.g., yourdomain.com).
• Postmaster local part: admin (This will create [email protected] as the initial admin account).
• Choose how you wish to handle security TLS certificates:
  • letsencrypt (Recommended for automatic SSL). If you choose this, ensure your DNS A/AAAA records for your hostnames are already pointing to your server’s IP.
  • cert (If you want to provide your own certificates manually).
  • notls (Only for testing, not recommended for production).
• Website name: (e.g., My Awesome Mail Server)
• Enable the admin UI: yes
• Enable Web email client: roundcube (Recommended for webmail access).
• Enable the antivirus service: yes (Recommended for security, increases RAM usage)
• Enable the webdav service: yes (For calendar/contacts sync, if needed)
• Enable fetchmail: yes (If you need to fetch mail from external accounts)
• Enable oletools/Tika: (Usually no unless you have specific needs for attachment analysis)
• IPv4 listen address: Your server’s public IPv4 address. You can use 0.0.0.0 if you want Mailu to listen on all interfaces (but then ensure your firewall is configured correctly).
• IPv6 listen address: Your server’s public IPv6 address. Use :: for all interfaces.
• Enable an internal DNS resolver (unbound): yes (Recommended for Mailu to handle its own DNS lookups)

After filling everything, click “Download your configuration”. This will provide you with two links: one for docker-compose.yml and one for mailu.env.

Mailu is another excellent open-source, Docker-based mail server solution, similar in concept to Mailcow but with its own design philosophies. It’s known for being relatively straightforward to set up and provides a full-featured mail server including webmail and an admin interface.

Here’s a step-by-step guide to setting up Mailu with Docker, keeping in mind that you’re interested in ARM64 compatibility (which Mailu fully supports):

Mailu Docker Setup Guide

Prerequisites:

1. A Server (VPS or Dedicated) with a Public IP: This server must have ports 25, 80, 110, 143, 443, 465, 587, 993, 995 (and optionally 4190 for Sieve) open in its firewall and not blocked by your hosting provider (especially port 25 for sending mail).
2. A Domain Name: You’ll need a registered domain name (e.g., yourdomain.com) and have control over its DNS records.
3. Docker and Docker Compose (v2) installed: Ensure you have a recent version of Docker and Docker Compose (the docker compose command, not docker-compose).
   • To install Docker: curl -fsSL https://get.docker.com -o get-docker.sh && sudo sh get-docker.sh
   • To install Docker Compose: It’s usually installed with Docker Engine. If not, follow Docker’s official docs for your OS.
4. Basic Linux Command Line Knowledge: Familiarity with navigating directories, editing files, and running commands.

Step 1: Prepare the Environment

Mailu stores its persistent data in a chosen directory. Let’s create a directory for it:

Bash

sudo mkdir /mailu
cd /mailu

Step 2: Generate Configuration Files using the Mailu Setup Utility

Mailu provides a convenient web-based setup utility to generate your docker-compose.yml and mailu.env files. This is the easiest way to start.

1. Open your web browser and go to: https://setup.mailu.io/
2. Fill in the details as follows (adjust to your specific needs):
   • Mailu storage path: Keep /mailu (or change if you want to store data elsewhere on your host).
   • Main mail domain and server display name: Your primary domain (e.g., yourdomain.com).
   • Postmaster local part: admin (This will create [email protected] as the initial admin account).
   • Choose how you wish to handle security TLS certificates:
     • letsencrypt (Recommended for automatic SSL). If you choose this, ensure your DNS A/AAAA records for your hostnames are already pointing to your server’s IP.
     • cert (If you want to provide your own certificates manually).
     • notls (Only for testing, not recommended for production).
   • Website name: (e.g., My Awesome Mail Server)
   • Enable the admin UI: yes
   • Enable Web email client: roundcube (Recommended for webmail access).
   • Enable the antivirus service: yes (Recommended for security, increases RAM usage)
   • Enable the webdav service: yes (For calendar/contacts sync, if needed)
   • Enable fetchmail: yes (If you need to fetch mail from external accounts)
   • Enable oletools/Tika: (Usually no unless you have specific needs for attachment analysis)
   • IPv4 listen address: Your server’s public IPv4 address. You can use 0.0.0.0 if you want Mailu to listen on all interfaces (but then ensure your firewall is configured correctly).
   • IPv6 listen address: Your server’s public IPv6 address. Use :: for all interfaces.
   • Enable an internal DNS resolver (unbound): yes (Recommended for Mailu to handle its own DNS lookups)
3. After filling everything, click “Download your configuration”. This will provide you with two links: one for docker-compose.yml and one for mailu.env.
4. Download the files to your /mailu directory:Bashcd /mailu wget <link_for_docker-compose.yml> wget <link_for_mailu.env> (Replace <link_for_docker-compose.yml> and <link_for_mailu.env> with the actual URLs provided by the setup utility).

Step 3: Review and Adjust Configuration (Optional but Recommended)

Open mailu.env and docker-compose.yml in a text editor (e.g., nano or vim) and review the settings.

Bash

nano mailu.env
nano docker-compose.yml

Common things to check/adjust in mailu.env:

• HOSTNAMES: Make sure this includes your main mail domain and any subdomains you’ll use (e.g., mail.yourdomain.com, webmail.yourdomain.com). This is critical for TLS certificates.
• POSTMASTER: The admin email address.
• TLS_FLAVOR: Should be letsencrypt if you chose that.
• LETSENCRYPT_CONTACT: Your email address for Let’s Encrypt notifications.
• BIND_IPV4_ADDRESS, BIND_IPV6_ADDRESS: Ensure these are correct for your server’s public IPs, or 0.0.0.0 / ::.
• DOMAIN_COUNT, USER_COUNT, QUOTA_COUNT: Set limits if desired.
• MESSAGE_SIZE_LIMIT: Adjust if you need to send/receive very large attachments.
• SQL_PASSWORD, ROUNDCUBE_SALT, ADMIN_SECRET: Mailu generates random ones. You can keep them or generate your own strong ones.

Step 5: Start Mailu

Now, start all Mailu containers using Docker Compose:

cd /mailu
sudo docker compose up -d

Step 6: Create the Initial Admin User

The POSTMASTER email in mailu.env is the admin account. You need to create this user manually if you didn’t set INITIAL_ADMIN_* variables in mailu.env.

sudo docker compose exec admin flask mailu admin admin yourdomain.com YOUR_STRONG_PASSWORD_HERE

eg:
docker compose exec admin flask mailu admin admin mydomain.com Password123

Replace [email protected] with your POSTMASTER address and YOUR_STRONG_PASSWORD_HERE with a secure password.

Step 7: Configure DNS Records

This is a critical step for email deliverability. Go to your domain’s DNS provider and add the following records, replacing yourdomain.com and mail.yourdomain.com with your actual domain and server hostname, and YOUR_SERVER_IPV4 and YOUR_SERVER_IPV6 with your server’s public IP addresses.

• A Record:
  • mail -> YOUR_SERVER_IPV4
  • @ (if you want your naked domain to point to your mail server) -> YOUR_SERVER_IPV4
  • webmail (if you enabled webmail) -> YOUR_SERVER_IPV4
• AAAA Record (for IPv6):
  • mail -> YOUR_SERVER_IPV6
  • @ (if applicable) -> YOUR_SERVER_IPV6
  • webmail (if applicable) -> YOUR_SERVER_IPV6
• MX Record:
  • @ -> mail.yourdomain.com (Priority 10)
• TXT Record (SPF): This prevents email spoofing.
  • @ -> v=spf1 mx a -all
• TXT Record (DKIM): Mailu will generate this.
  • Log in to the Mailu admin panel (see next step).
  • Go to Domains -> yourdomain.com -> Details.
  • You’ll find the DKIM key (a long string) and the selector (usually dkim).
  • Create a TXT record: dkim._domainkey -> v=DKIM1; k=rsa; p=YOUR_DKIM_PUBLIC_KEY
• TXT Record (DMARC): This builds on SPF and DKIM for stronger anti-spoofing.
  • _dmarc -> v=DMARC1; p=quarantine; fo=1; ruf=mailto:[email protected]; rua=mailto:[email protected] (Adjust p to none for monitoring first, then quarantine or reject).

Step 8: Access the Web Admin Interface and Webmail

• Admin Interface:https://mail.yourdomain.com/admin (or https://your_server_ip/admin)
  • Log in with [email protected] and the password you set in Step 6.
• Webmail:https://mail.yourdomain.com/webmail (or https://your_server_ip/webmail)
  • Log in with [email protected] and your password, or create new user accounts in the admin panel.

Error Message and Resolution

Error response from daemon: failed to set up container networking: driver failed programming external connectivity on endpoint mailu-front-1 (bb8827880d53705ad5570b4ddcc40f8a113a5f24cb2ee5a09a610a637d36f1f9): Bind for 0.0.0.0:80 failed: port is already allocated

This message actually means port 80 and 443 used for accessing the mail server is being used by another process.

In case if there is another NGINX is handling the reverse proxy , then these ports should be excluded from the docker compose file for mailu.

Original (problematic) section might look something like this:

YAML

# In /mailu/docker-compose.yml
services:
  front:
    image: ${DOCKER_ORG:-ghcr.io/mailu}/${DOCKER_PREFIX:-}nginx:${MAILU_VERSION:-2.0}
    restart: always
    env_file: mailu.env
    ports:
      - "0.0.0.0:80:80"   # <--- THIS IS THE PROBLEM
      - "0.0.0.0:443:443" # <--- And this one, if your reverse proxy uses 443
      - "0.0.0.0:25:25"
      - "0.0.0.0:465:465"
      - "0.0.0.0:587:587"
      - "0.0.0.0:110:110"
      - "0.0.0.0:143:143"
      - "0.0.0.0:993:993"
      - "0.0.0.0:995:995"
    volumes:
      - "$ROOT/certs:/certs"

Outgoing Emails not triggered from OCI.

Outgoing emails will not triggered from OCI due to restrictions. The easiest option is to use OCI relay for sending emails.

Redirecting of emails will not work without OCI relay.

Reference

How to configure reverse proxy for NGINX and Mailu setup in different docker projects.

How to configure Cloudflare setup for Mailu server

How to setup OCI relay for sending emails