## page was renamed from Docker/SmtpsPop3s <> = POP3S/SMTPS/IMAPS = Services SMTPS, POP3S and IMAPS with postfix and dovecot. == Ports == The encrypted port for POP3 is 995 and works over TLS/SSL. port 587 is the standard port for secure SMTP and 993 is the port for IMAP. * https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol '''SMTP''' servers commonly use the Transmission Control Protocol on port number 25 (for plaintext) and 587 (for encrypted communications). * https://en.wikipedia.org/wiki/Post_Office_Protocol A '''POP3''' server listens on well-known port number 110 for service requests. Encrypted communication for POP3 is either requested after protocol initiation, using the STLS command, if supported, or by POP3S, which connects to the server using Transport Layer Security (TLS) or Secure Sockets Layer (SSL) on well-known TCP port number 995. * https://en.wikipedia.org/wiki/Internet_Message_Access_Protocol Internet Message Access Protocol ('''IMAP''') is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. IMAP is defined by RFC 9051. An IMAP server typically listens on port number 143. IMAP over SSL/TLS (IMAPS) is assigned the port number 993. == Docker environment == === connect.sh === {{{#!highlight sh #!/bin/sh docker exec -it mail-container bash }}} === saslauthd === {{{#!highlight sh START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" }}} === main.cf === {{{#!highlight sh # TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_tls_security_level=may smtp_tls_CApath=/etc/ssl/certs smtp_tls_security_level=may smtp_tls_session_cache_database=btree:${data_directory}/smtp_scache myhostname=mail.example.org mydomain=example.org smtpd_recipient_restrictions=permit_sasl_authenticated , reject_unauth_destination relay_domains= smtpd_sasl_auth_enable=yes smtpd_sasl_security_options=noanonymous smtpd_sasl_local_domain=$myhostname smtpd_sasl_auth_enable = yes smtpd_sasl_path = smtpd smtpd_sasl_type = cyrus broken_sasl_auth_clients=yes smtpd_relay_restrictions=permit_sasl_authenticated home_mailbox=Maildir/ mail_spool_directory=/var/mail mydestination=$myhostname localhost.$mydomain localhost $mydomain mynetworks=127.0.0.0/8 10.0.0.0/24 }}} === smtpd.conf === {{{#!highlight sh pwcheck_method: saslauthd }}} === mailstart.sh === {{{#!highlight sh #!/bin/sh service saslauthd start service dovecot start service postfix start cat }}} === master.cf === {{{#!highlight sh smtp inet n - y - - smtpd submission inet n - y - - smtpd pickup unix n - y 60 1 pickup cleanup unix n - y - 0 cleanup qmgr unix n - n 300 1 qmgr tlsmgr unix - - y 1000? 1 tlsmgr rewrite unix - - y - - trivial-rewrite bounce unix - - y - 0 bounce defer unix - - y - 0 bounce trace unix - - y - 0 bounce verify unix - - y - 1 verify flush unix n - y 1000? 0 flush proxymap unix - - n - - proxymap proxywrite unix - - n - 1 proxymap smtp unix - - y - - smtp relay unix - - y - - smtp -o syslog_name=postfix/$service_name showq unix n - y - - showq error unix - - y - - error retry unix - - y - - error discard unix - - y - - discard local unix - n n - - local virtual unix - n n - - virtual lmtp unix - - y - - lmtp anvil unix - - y - 1 anvil scache unix - - y - 1 scache postlog unix-dgram n - n - 1 postlogd maildrop unix - n n - - pipe flags=DRXhu user=vmail argv=/usr/bin/maildrop -d ${recipient} uucp unix - n n - - pipe flags=Fqhu user=uucp argv=uux -r -n -z -a$sender - $nexthop!rmail ($recipient) ifmail unix - n n - - pipe flags=F user=ftn argv=/usr/lib/ifmail/ifmail -r $nexthop ($recipient) bsmtp unix - n n - - pipe flags=Fq. user=bsmtp argv=/usr/lib/bsmtp/bsmtp -t$nexthop -f$sender $recipient scalemail-backend unix - n n - 2 pipe flags=R user=scalemail argv=/usr/lib/scalemail/bin/scalemail-store ${nexthop} ${user} ${extension} mailman unix - n n - - pipe flags=FRX user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py ${nexthop} ${user} }}} === Dockerfile === {{{#!highlight sh FROM debian:bookworm RUN apt update RUN apt install -y debconf && \ echo "postfix postfix/main_mailer_type string 'Internet Site'" | debconf-set-selections && \ echo "postfix postfix/mailname string example.org" | debconf-set-selections RUN apt install -y dovecot-core postfix net-tools vim rsyslog dovecot-pop3d dovecot-imapd libsasl2-2 sasl2-bin libsasl2-modules procps iproute2 iputils-ping COPY main.cf /etc/postfix/main.cf COPY 10-mail.conf /etc/dovecot/conf.d/10-mail.conf COPY master.cf /etc/postfix/master.cf COPY saslauthd /etc/default/saslauthd COPY mailstart.sh /root/ COPY smtpd.conf /etc/postfix/sasl/smtpd.conf RUN useradd -m anonymous RUN echo 'anonymous:guest' | chpasswd RUN touch /var/mail/anonymous RUN chown anonymous:mail /var/mail/anonymous RUN chmod o-r /var/mail/anonymous RUN chmod g+rw /var/mail/anonymous RUN rsyslogd RUN dpkg-statoverride --force --update --add root sasl 755 /var/spool/postfix/var/run/saslauthd RUN usermod -a -G sasl postfix RUN mkdir -p /var/spool/postfix/var/run/saslauthd RUN chown root:sasl /var/spool/postfix/var/run/saslauthd RUN chmod 710 /var/spool/postfix/var/run/saslauthd CMD ["sh","/root/mailstart.sh"] }}} === 10-mail.conf === {{{#!highlight sh mail_location = maildir:/home/%u/Maildir namespace inbox { inbox = yes } mail_privileged_group = mail protocol !indexer-worker { } }}} === build.sh === {{{#!highlight sh #!/bin/sh docker build -t mail . }}} === run.sh === {{{#!highlight sh #!/bin/sh docker run --rm -d -it --name mail-container mail }}} == Send email SMTP == {{{#!highlight sh openssl s_client -connect 127.0.0.1:25 -starttls smtp EHLO test 250-mail.example.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING AUTH LOGIN 334 VXNlcm5hbWU6 YW5vbnltb3Vz 334 UGFzc3dvcmQ6 Z3Vlc3Q= 235 2.7.0 Authentication successful mail from: root@example.org 250 2.1.0 Ok rcpt to: anonymous@example.org 250 2.1.5 Ok data 354 End data with . a2 111222 . 250 2.0.0 Ok: queued as 8AE891694FA quit }}} == Get message POP3S == {{{#!highlight sh openssl s_client -connect localhost:995 -ign_eof +OK Dovecot (Debian) ready. USER anonymous +OK PASS guest +OK Logged in. LIST +OK 1 messages: 1 423 . +OK 423 octets Return-Path: X-Original-To: anonymous@example.org Delivered-To: anonymous@example.org Received: from test (localhost [127.0.0.1]) by mail.example.org (Postfix) with ESMTPSA id AA1A7167F56 for ; Sat, 28 Oct 2023 18:38:10 +0000 (UTC) Message-Id: <20231028183815.AA1A7167F56@mail.example.org> Date: Sat, 28 Oct 2023 18:38:10 +0000 (UTC) From: root@example.org a2 111222 . quit }}} == Send to port 587 SMTPS == {{{#!highlight sh openssl s_client -connect 127.0.0.1:587 -starttls smtp EHLO test 250-mail.example.org 250-PIPELINING 250-SIZE 10240000 250-VRFY 250-ETRN 250-AUTH SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-AUTH=SCRAM-SHA-512 SCRAM-SHA-384 SCRAM-SHA-256 SCRAM-SHA-224 SCRAM-SHA-1 DIGEST-MD5 NTLM CRAM-MD5 PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250-DSN 250 CHUNKING AUTH LOGIN 334 VXNlcm5hbWU6 YW5vbnltb3Vz 334 UGFzc3dvcmQ6 Z3Vlc3Q= 235 2.7.0 Authentication successful mail from: root@example.org 250 2.1.0 Ok rcpt to: anonymous@example.org 250 2.1.5 Ok data 354 End data with . test 1 . 250 2.0.0 Ok: queued as 3823B169398 quit 221 2.0.0 Bye closed }}} == Get message using IMAPS == {{{#!highlight sh openssl s_client -connect localhost:993 -ign_eof * OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE LITERAL+ AUTH=PLAIN] Dovecot (Debian) ready. a1 login anonymous guest a1 OK [CAPABILITY IMAP4rev1 SASL-IR LOGIN-REFERRALS ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS THREAD=ORDEREDSUBJECT MULTIAPPEND URL-PARTIAL CATENATE UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CONDSTORE QRESYNC ESEARCH ESORT SEARCHRES WITHIN CONTEXT=SEARCH LIST-STATUS BINARY MOVE SNIPPET=FUZZY PREVIEW=FUZZY PREVIEW STATUS=SIZE SAVEDATE LITERAL+ NOTIFY SPECIAL-USE] Logged in a1 list "" "*" * LIST (\HasNoChildren) "." INBOX a1 OK List completed (0.002 + 0.000 + 0.001 secs). a1 examine inbox * OK [CLOSED] Previous mailbox closed. * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS ()] Read-only mailbox. * 1 EXISTS * 0 RECENT * OK [UIDVALIDITY 1769860686] UIDs valid * OK [UIDNEXT 2] Predicted next UID a1 OK [READ-ONLY] Examine completed (0.003 + 0.000 + 0.002 secs). a1 select INBOX * FLAGS (\Answered \Flagged \Deleted \Seen \Draft) * OK [PERMANENTFLAGS (\Answered \Flagged \Deleted \Seen \Draft \*)] Flags permitted. * 1 EXISTS * 0 RECENT * OK [UNSEEN 1] First unseen. * OK [UIDVALIDITY 1769860686] UIDs valid * OK [UIDNEXT 2] Predicted next UID a1 OK [READ-WRITE] Select completed (0.003 + 0.000 + 0.002 secs). a1 FETCH 1:* (ENVELOPE) * 1 FETCH (ENVELOPE ("Sat, 31 Jan 2026 11:52:49 +0000 (UTC)" NIL ((NIL NIL "root" "example.org")) ((NIL NIL "root" "example.org")) ((NIL NIL "root" "example.org")) NIL NIL NIL NIL "<20260131115257.87B2E183508@mail.example.org>")) a1 OK Fetch completed (0.004 + 0.000 + 0.003 secs). A1 FETCH 1 (BODY[TEXT]) * 1 FETCH (FLAGS (\Seen) BODY[TEXT] {11} hello hey ) A1 OK Fetch completed (0.007 + 0.000 + 0.006 secs). A1 FETCH 1 (BODY[]) * 1 FETCH (BODY[] {423} Return-Path: X-Original-To: anonymous@example.org Delivered-To: anonymous@example.org Received: from test (localhost [127.0.0.1]) by mail.example.org (Postfix) with ESMTPSA id 87B2E183508 for ; Sat, 31 Jan 2026 11:52:49 +0000 (UTC) Message-Id: <20260131115257.87B2E183508@mail.example.org> Date: Sat, 31 Jan 2026 11:52:49 +0000 (UTC) From: root@example.org hello hey ) A1 OK Fetch completed (0.008 + 0.000 + 0.007 secs). a1 logout * BYE Logging out a1 OK Logout completed (0.001 + 0.000 secs). }}}