Help with traefik and a non dockerized mail server

Izin · November 22, 2019, 4:07pm

Hi guys,

I've recently setup Traefik v2 and it works like a charm except for the mail service.

MY SETUP

I use a Raspberry as a physical DMZ and proxy: all the in/out trafic is catched by this device and it runs traefik + some security apps (see the picture).

My NAS contains all the services I want to expose to the internet (cloud, mail, etc.). Almost every service is a docker container, except for the mail server, because I'm using an official app provided in my NAS (see the picture).

Because of/Thanks to my architecture, I mainly configured 4 things for the mail service:

In my DNS provider, I created/updated some A/AAAA/MX records
In my router settings, I opened the following ports for the mail service: 25/TCP, 587/TCP, 993/TCP and redirected them to the DMZ in order to be catched by traefik
I disabled the sendmail service in my Raspberry Pi
I configured traefik to redirect all 25/993/587 TCP requests to the NAS

Traefik configuration:

Static

entryPoints:
  [...]
  port-smtp:
    address: ":25"
  port-submission-starttls:
    address: ":587"
  port-imap-ssltls:
    address: ":993"

Dynamic

[...]
tcp:
  routers:

    # mail.mydomain.com
    # (SMTP)
    mail-smtp:
      entryPoints:
      - port-smtp
      rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`)
      service: mail-server-smtp
    # (Submission STARTTLS)
    mail-submission-starttls:
      entryPoints:
      - port-submission-starttls
      rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`)
      service: mail-server-submission-starttls
    # (IMAP SSL/TLS)
    mail-imap-ssltls:
      entryPoints:
      - port-imap-ssltls
      rule: HostSNI(`mail.mydomain.com`) || HostSNI(`mydomain.com`)
      service: mail-server-imap-ssltls

  services:

    # NAS - Mail Server
    # (SMTP)
    mail-server-smtp:
      loadBalancer:
        terminationDelay: 200
        servers:
          - address: "192.168.X.X:25"
    # (Submission STARTTLS)
    mail-server-submission-starttls:
      loadBalancer:
        terminationDelay: 200
        servers:
          - address: "192.168.X.X:587"
    # (IMAP SSL/TLS)
    mail-server-imap-ssltls:
      loadBalancer:
        terminationDelay: 200
        servers:
          - address: "192.168.X.X:993"

MY PROBLEMS

I can send an email using the local webmail app provided by my NAS builder
I can't receive any external mail if the sender is not a NAS local user
I can't connect to the mail server outside of the NAS or outside of the local network

ME NEEDS

I'd like to solve my problem . Also, if you want to talk about this architecture, critize it or give me some advices, it will be with pleasure .

Thanks,
Izin

Topic		Replies	Views
TCP Route IMAPS / SMTPS traffic - HELP! Traefik v2 (latest) tcp	10	6698	December 3, 2020
Configuring Traefik without Docker? Traefik v2 (latest) file	0	1639	January 24, 2022
Mail server with poste.io, docker-compose traefik labels from v1 to v2, help migration! Traefik v2 (latest) docker	1	4820	July 24, 2021
TCP and HTTP/s docker example Traefik v2 (latest) docker	0	3547	December 17, 2020
Traefik uses HTTP router instead of the TCP one Traefik v2 (latest) tcp	5	968	May 30, 2023

Help with traefik and a non dockerized mail server

Related Topics