I've recently setup Traefik v2 and it works like a charm except for the mail service.
I use a Raspberry as a physical DMZ and proxy: all the in/out trafic is catched by this device and it runs traefik + some security apps (see the picture).
My NAS contains all the services I want to expose to the internet (cloud, mail, etc.). Almost every service is a docker container, except for the mail server, because I'm using an official app provided in my NAS (see the picture).
Because of/Thanks to my architecture, I mainly configured 4 things for the mail service:
- In my DNS provider, I created/updated some A/AAAA/MX records
- In my router settings, I opened the following ports for the mail service: 25/TCP, 587/TCP, 993/TCP and redirected them to the DMZ in order to be catched by traefik
- I disabled the sendmail service in my Raspberry Pi
- I configured traefik to redirect all 25/993/587 TCP requests to the NAS
entryPoints: [...] port-smtp: address: ":25" port-submission-starttls: address: ":587" port-imap-ssltls: address: ":993"
[...] tcp: routers: # mail.mydomain.com # (SMTP) mail-smtp: entryPoints: - port-smtp rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`) service: mail-server-smtp # (Submission STARTTLS) mail-submission-starttls: entryPoints: - port-submission-starttls rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`) service: mail-server-submission-starttls # (IMAP SSL/TLS) mail-imap-ssltls: entryPoints: - port-imap-ssltls rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`) service: mail-server-imap-ssltls services: # NAS - Mail Server # (SMTP) mail-server-smtp: loadBalancer: terminationDelay: 200 servers: - address: "192.168.X.X:25" # (Submission STARTTLS) mail-server-submission-starttls: loadBalancer: terminationDelay: 200 servers: - address: "192.168.X.X:587" # (IMAP SSL/TLS) mail-server-imap-ssltls: loadBalancer: terminationDelay: 200 servers: - address: "192.168.X.X:993"
- I can send an email using the local webmail app provided by my NAS builder
- I can't receive any external mail if the sender is not a NAS local user
- I can't connect to the mail server outside of the NAS or outside of the local network
I'd like to solve my problem . Also, if you want to talk about this architecture, critize it or give me some advices, it will be with pleasure .