Hi guys,
I've recently setup Traefik v2 and it works like a charm except for the mail service.
MY SETUP
I use a Raspberry as a physical DMZ and proxy: all the in/out trafic is catched by this device and it runs traefik + some security apps (see the picture).
My NAS contains all the services I want to expose to the internet (cloud, mail, etc.). Almost every service is a docker container, except for the mail server, because I'm using an official app provided in my NAS (see the picture).
Because of/Thanks to my architecture, I mainly configured 4 things for the mail service:
- In my DNS provider, I created/updated some A/AAAA/MX records
- In my router settings, I opened the following ports for the mail service: 25/TCP, 587/TCP, 993/TCP and redirected them to the DMZ in order to be catched by traefik
- I disabled the sendmail service in my Raspberry Pi
- I configured traefik to redirect all 25/993/587 TCP requests to the NAS
Traefik configuration:
Static
entryPoints:
[...]
port-smtp:
address: ":25"
port-submission-starttls:
address: ":587"
port-imap-ssltls:
address: ":993"
Dynamic
[...]
tcp:
routers:
# mail.mydomain.com
# (SMTP)
mail-smtp:
entryPoints:
- port-smtp
rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`)
service: mail-server-smtp
# (Submission STARTTLS)
mail-submission-starttls:
entryPoints:
- port-submission-starttls
rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`)
service: mail-server-submission-starttls
# (IMAP SSL/TLS)
mail-imap-ssltls:
entryPoints:
- port-imap-ssltls
rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`)
service: mail-server-imap-ssltls
services:
# NAS - Mail Server
# (SMTP)
mail-server-smtp:
loadBalancer:
terminationDelay: 200
servers:
- address: "192.168.X.X:25"
# (Submission STARTTLS)
mail-server-submission-starttls:
loadBalancer:
terminationDelay: 200
servers:
- address: "192.168.X.X:587"
# (IMAP SSL/TLS)
mail-server-imap-ssltls:
loadBalancer:
terminationDelay: 200
servers:
- address: "192.168.X.X:993"
MY PROBLEMS
- I can send an email using the local webmail app provided by my NAS builder
- I can't receive any external mail if the sender is not a NAS local user
- I can't connect to the mail server outside of the NAS or outside of the local network
ME NEEDS
I'd like to solve my problem . Also, if you want to talk about this architecture, critize it or give me some advices, it will be with pleasure .
Thanks,
Izin