A short guide to setup catch-all docker-mail-server, an all-in-one mail server.

All-in-one Server

As of writing, latest release tag is v10.0.0:

wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/docker-compose.yml
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/mailserver.env
wget https://raw.githubusercontent.com/docker-mailserver/docker-mailserver/v10.0.0/setup.sh

For example my catch-all address is catch@mail.ahxxm.com, edit docker-compose.yml:

  • hostname: mail
  • domainname: ahxxm.com

hostname + domainname = @domain.tld.


Add A record hostname+domainname to your server.

Then Setup DKIM:

./setup.sh config dkim
cat config/opendkim/keys/domain.tld/mail.txt

DMARC seems to be a global setting, not sure if it will affect other managed email services..

SPF record is deprecated.


The server currently only supports RSA certificates, but caddy gets EC ones by default.

Assuming you have valid certificates, mount them into container by appending to docker-compose.yml::volumes:

  # ...
  - mail.domain.com.crt:/mail.crt:ro
  - mail.domain.com.key:/mail.key:ro

Then update mailserver.env:


Email Account, Catch-all

# add account
./setup.sh email add catch@mail.ahxxm.com "#t%+bscw??eft?xcz"

# catch all: https://github.com/docker-mailserver/docker-mailserver/issues/516#issuecomment-278750255
# echo "@domain.tld prefix@domain.tld" >> config/postfix-virtual.cf
echo "@mail.ahxxm.com catch@mail.ahxxm.com" >> config/postfix-virtual.cf

This will trigger hot reload, unlike env updates.

Now the service is ready:

docker-compose up -d --remove-orphans

Optional: Backup

Email data resides in data/(in plain text, classified by domain and account), tarsnap to backup encrypted content incrementally.

Other files and directories are all configurations, git to trace changes.

Optional Configurations(That I care)

  • SPOOF_PROTECTION=: disable to send email from arbitrary address
  • POSTFIX_MESSAGE_SIZE_LIMIT=1024000000: increase from 10MB to 1GB.
  • POSTFIX_INET_PROTOCOLS=ipv4: “Most likely you want this behind Docker.”

Optional: SMTP relay service

My VPS provider blocks outbound traffic to port 25, so a relay service is needed. According to docs, 4 env args will be needed.

Enabling “production access” on AWS SES can be annoying, but the simplicity pays back:

  • verify sender address here
  • fill 4 RELAY_ values at the end of mailserver.env, get them from SMTP settings, port 587 works for me.

Sadly SES blocks unverified sender address..