mirror/docker-mailserver
1
1
Fork 0
mirror of https://github.com/docker-mailserver/docker-mailserver synced 2025-04-21 01:08:02 +02:00
Code Issues
gh-pages
docker-mailserver/edge/config/account-management/overview/index.html
github-actions[bot] 177acafe07 deploy: 229ebba1b870cbd849727fb2165a4e409e103894
2025-03-30 22:01:19 +00:00

2868 lines
67 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="A fullstack but simple mail-server (SMTP, IMAP, LDAP, Anti-spam, Anti-virus, etc.) using Docker.">
<meta name="author" content="docker-mailserver (Github Organization)">
<link rel="canonical" href="https://docker-mailserver.github.io/docker-mailserver/edge/config/account-management/overview/">
<link rel="prev" href="../../environment/">
<link rel="next" href="../provisioner/file/">
<link rel="icon" href="../../../assets/logo/favicon-32x32.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.10">
<title>Overview - Docker Mailserver</title>
<link rel="stylesheet" href="../../../assets/stylesheets/main.4af4bdda.min.css">
<link rel="stylesheet" href="../../../assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<link rel="stylesheet" href="../../../assets/css/customizations.css">
<script>__md_scope=new URL("../../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#account-management-overview" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<div data-md-color-scheme="default" data-md-component="outdated" hidden>
</div>
<header class="md-header" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../../.." title="Docker Mailserver" class="md-header__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">
<img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Docker Mailserver
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Overview
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="blue" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://github.com/docker-mailserver/docker-mailserver" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</div>
<div class="md-source__repository">
docker-mailserver
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<nav class="md-tabs" aria-label="Tabs" data-md-component="tabs">
<div class="md-grid">
<ul class="md-tabs__list">
<li class="md-tabs__item">
<a href="../../.." class="md-tabs__link">
Home
</a>
</li>
<li class="md-tabs__item">
<a href="../../../introduction/" class="md-tabs__link">
Introduction
</a>
</li>
<li class="md-tabs__item">
<a href="../../../usage/" class="md-tabs__link">
Usage
</a>
</li>
<li class="md-tabs__item md-tabs__item--active">
<a href="../../environment/" class="md-tabs__link">
Configuration
</a>
</li>
<li class="md-tabs__item">
<a href="../../../examples/tutorials/basic-installation/" class="md-tabs__link">
Examples
</a>
</li>
<li class="md-tabs__item">
<a href="../../../faq/" class="md-tabs__link">
FAQ
</a>
</li>
<li class="md-tabs__item">
<a href="../../../contributing/general/" class="md-tabs__link">
Contributing
</a>
</li>
<li class="md-tabs__item">
<a href="https://hub.docker.com/r/mailserver/docker-mailserver/" class="md-tabs__link">
<span class="icon-external-link"></span>DockerHub
</a>
</li>
<li class="md-tabs__item">
<a href="https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class="md-tabs__link">
<span class="icon-external-link"></span>GHCR
</a>
</li>
</ul>
</div>
</nav>
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--lifted" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../../.." title="Docker Mailserver" class="md-nav__button md-logo" aria-label="Docker Mailserver" data-md-component="logo">
<img src="../../../assets/logo/dmo-logo-white.min.svg" alt="logo">
</a>
Docker Mailserver
</label>
<div class="md-nav__source">
<a href="https://github.com/docker-mailserver/docker-mailserver" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 496 512"><!--! Font Awesome Free 6.7.2 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M165.9 397.4c0 2-2.3 3.6-5.2 3.6-3.3.3-5.6-1.3-5.6-3.6 0-2 2.3-3.6 5.2-3.6 3-.3 5.6 1.3 5.6 3.6m-31.1-4.5c-.7 2 1.3 4.3 4.3 4.9 2.6 1 5.6 0 6.2-2s-1.3-4.3-4.3-5.2c-2.6-.7-5.5.3-6.2 2.3m44.2-1.7c-2.9.7-4.9 2.6-4.6 4.9.3 2 2.9 3.3 5.9 2.6 2.9-.7 4.9-2.6 4.6-4.6-.3-1.9-3-3.2-5.9-2.9M244.8 8C106.1 8 0 113.3 0 252c0 110.9 69.8 205.8 169.5 239.2 12.8 2.3 17.3-5.6 17.3-12.1 0-6.2-.3-40.4-.3-61.4 0 0-70 15-84.7-29.8 0 0-11.4-29.1-27.8-36.6 0 0-22.9-15.7 1.6-15.4 0 0 24.9 2 38.6 25.8 21.9 38.6 58.6 27.5 72.9 20.9 2.3-16 8.8-27.1 16-33.7-55.9-6.2-112.3-14.3-112.3-110.5 0-27.5 7.6-41.3 23.6-58.9-2.6-6.5-11.1-33.3 2.6-67.9 20.9-6.5 69 27 69 27 20-5.6 41.5-8.5 62.8-8.5s42.8 2.9 62.8 8.5c0 0 48.1-33.6 69-27 13.7 34.7 5.2 61.4 2.6 67.9 16 17.7 25.8 31.5 25.8 58.9 0 96.5-58.9 104.2-114.8 110.5 9.2 7.9 17 22.9 17 46.4 0 33.7-.3 75.4-.3 83.6 0 6.5 4.6 14.4 17.3 12.1C428.2 457.8 496 362.9 496 252 496 113.3 383.5 8 244.8 8M97.2 352.9c-1.3 1-1 3.3.7 5.2 1.6 1.6 3.9 2.3 5.2 1 1.3-1 1-3.3-.7-5.2-1.6-1.6-3.9-2.3-5.2-1m-10.8-8.1c-.7 1.3.3 2.9 2.3 3.9 1.6 1 3.6.7 4.3-.7.7-1.3-.3-2.9-2.3-3.9-2-.6-3.6-.3-4.3.7m32.4 35.6c-1.6 1.3-1 4.3 1.3 6.2 2.3 2.3 5.2 2.6 6.5 1 1.3-1.3.7-4.3-1.3-6.2-2.2-2.3-5.2-2.6-6.5-1m-11.4-14.7c-1.6 1-1.6 3.6 0 5.9s4.3 3.3 5.6 2.3c1.6-1.3 1.6-3.9 0-6.2-1.4-2.3-4-3.3-5.6-2"/></svg>
</div>
<div class="md-source__repository">
docker-mailserver
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../introduction/" class="md-nav__link">
<span class="md-ellipsis">
Introduction
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../usage/" class="md-nav__link">
<span class="md-ellipsis">
Usage
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" checked>
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../environment/" class="md-nav__link">
<span class="md-ellipsis">
Environment Variables
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4_2" checked>
<label class="md-nav__link" for="__nav_4_2" id="__nav_4_2_label" tabindex="0">
<span class="md-ellipsis">
Account Management
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_2_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_4_2">
<span class="md-nav__icon md-icon"></span>
Account Management
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Overview
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Overview
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#accounts" class="md-nav__link">
<span class="md-ellipsis">
Accounts
</span>
</a>
<nav class="md-nav" aria-label="Accounts">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aliases" class="md-nav__link">
<span class="md-ellipsis">
Aliases
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#quotas" class="md-nav__link">
<span class="md-ellipsis">
Quotas
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sub-addressing" class="md-nav__link">
<span class="md-ellipsis">
Sub-addressing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#technical-overview" class="md-nav__link">
<span class="md-ellipsis">
Technical Overview
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_2_2" >
<label class="md-nav__link" for="__nav_4_2_2" id="__nav_4_2_2_label" tabindex="0">
<span class="md-ellipsis">
Provisioner
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_2_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2_2">
<span class="md-nav__icon md-icon"></span>
Provisioner
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../provisioner/file/" class="md-nav__link">
<span class="md-ellipsis">
File Based
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../provisioner/ldap/" class="md-nav__link">
<span class="md-ellipsis">
LDAP Service
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_2_3" >
<label class="md-nav__link" for="__nav_4_2_3" id="__nav_4_2_3_label" tabindex="0">
<span class="md-ellipsis">
Supplementary
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_2_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_2_3">
<span class="md-nav__icon md-icon"></span>
Supplementary
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../supplementary/master-accounts/" class="md-nav__link">
<span class="md-ellipsis">
Master Accounts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../supplementary/oauth2/" class="md-nav__link">
<span class="md-ellipsis">
OAuth2 Authentication
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_3" >
<label class="md-nav__link" for="__nav_4_3" id="__nav_4_3_label" tabindex="0">
<span class="md-ellipsis">
Best Practices
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_3">
<span class="md-nav__icon md-icon"></span>
Best Practices
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../best-practices/autodiscover/" class="md-nav__link">
<span class="md-ellipsis">
Auto-discovery
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../best-practices/dkim_dmarc_spf/" class="md-nav__link">
<span class="md-ellipsis">
DKIM, DMARC & SPF
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../best-practices/mta-sts/" class="md-nav__link">
<span class="md-ellipsis">
MTA-STS
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_4" >
<label class="md-nav__link" for="__nav_4_4" id="__nav_4_4_label" tabindex="0">
<span class="md-ellipsis">
Security
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_4">
<span class="md-nav__icon md-icon"></span>
Security
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../security/understanding-the-ports/" class="md-nav__link">
<span class="md-ellipsis">
Understanding the Ports
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/ssl/" class="md-nav__link">
<span class="md-ellipsis">
SSL/TLS
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/fail2ban/" class="md-nav__link">
<span class="md-ellipsis">
Fail2Ban
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/mail_crypt/" class="md-nav__link">
<span class="md-ellipsis">
Mail Encryption
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../security/rspamd/" class="md-nav__link">
<span class="md-ellipsis">
Rspamd
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../debugging/" class="md-nav__link">
<span class="md-ellipsis">
Debugging
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../pop3/" class="md-nav__link">
<span class="md-ellipsis">
Mail Delivery with POP3
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../setup.sh/" class="md-nav__link">
<span class="md-ellipsis">
About setup.sh
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8" >
<label class="md-nav__link" for="__nav_4_8" id="__nav_4_8_label" tabindex="0">
<span class="md-ellipsis">
Advanced Configuration
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_4_8_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8">
<span class="md-nav__icon md-icon"></span>
Advanced Configuration
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/optional-config/" class="md-nav__link">
<span class="md-ellipsis">
Optional Configuration
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_2" >
<label class="md-nav__link" for="__nav_4_8_2" id="__nav_4_8_2_label" tabindex="0">
<span class="md-ellipsis">
Maintenance
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8_2">
<span class="md-nav__icon md-icon"></span>
Maintenance
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/maintenance/update-and-cleanup/" class="md-nav__link">
<span class="md-ellipsis">
Update and Cleanup
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_3" >
<label class="md-nav__link" for="__nav_4_8_3" id="__nav_4_8_3_label" tabindex="0">
<span class="md-ellipsis">
Override the Default Configs
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8_3">
<span class="md-nav__icon md-icon"></span>
Override the Default Configs
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/override-defaults/dovecot/" class="md-nav__link">
<span class="md-ellipsis">
Dovecot
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/override-defaults/postfix/" class="md-nav__link">
<span class="md-ellipsis">
Postfix
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/override-defaults/user-patches/" class="md-nav__link">
<span class="md-ellipsis">
Modifications via Script
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../advanced/mail-sieve/" class="md-nav__link">
<span class="md-ellipsis">
Email Filtering with Sieve
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/mail-fetchmail/" class="md-nav__link">
<span class="md-ellipsis">
Email Gathering with Fetchmail
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/mail-getmail/" class="md-nav__link">
<span class="md-ellipsis">
Email Gathering with Getmail
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4_8_7" >
<label class="md-nav__link" for="__nav_4_8_7" id="__nav_4_8_7_label" tabindex="0">
<span class="md-ellipsis">
Email Forwarding
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="3" aria-labelledby="__nav_4_8_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4_8_7">
<span class="md-nav__icon md-icon"></span>
Email Forwarding
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../advanced/mail-forwarding/relay-hosts/" class="md-nav__link">
<span class="md-ellipsis">
Relay Hosts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/mail-forwarding/aws-ses/" class="md-nav__link">
<span class="md-ellipsis">
AWS SES
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/mail-forwarding/gmail-smtp/" class="md-nav__link">
<span class="md-ellipsis">
Configure Gmail as a relay host
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../advanced/full-text-search/" class="md-nav__link">
<span class="md-ellipsis">
Full-Text Search
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/kubernetes/" class="md-nav__link">
<span class="md-ellipsis">
Kubernetes
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/ipv6/" class="md-nav__link">
<span class="md-ellipsis">
IPv6
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../advanced/podman/" class="md-nav__link">
<span class="md-ellipsis">
Podman
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
<span class="md-ellipsis">
Examples
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Examples
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_1" >
<label class="md-nav__link" for="__nav_5_1" id="__nav_5_1_label" tabindex="0">
<span class="md-ellipsis">
Tutorials
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_1_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_1">
<span class="md-nav__icon md-icon"></span>
Tutorials
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../examples/tutorials/basic-installation/" class="md-nav__link">
<span class="md-ellipsis">
Basic Installation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/mailserver-behind-proxy/" class="md-nav__link">
<span class="md-ellipsis">
Mailserver behind Proxy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/crowdsec/" class="md-nav__link">
<span class="md-ellipsis">
Crowdsec
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/docker-build/" class="md-nav__link">
<span class="md-ellipsis">
Building your own Docker image
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/blog-posts/" class="md-nav__link">
<span class="md-ellipsis">
Blog Posts
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/tutorials/dovecot-solr/" class="md-nav__link">
<span class="md-ellipsis">
Dovecot FTS with Apache Solr
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Use Cases
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Use Cases
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../examples/use-cases/forward-only-mailserver-with-ldap-authentication/" class="md-nav__link">
<span class="md-ellipsis">
Forward-Only Mail-Server with LDAP
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/imap-folders/" class="md-nav__link">
<span class="md-ellipsis">
Customize IMAP Folders
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/ios-mail-push-support/" class="md-nav__link">
<span class="md-ellipsis">
iOS Mail Push Support
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/auth-lua/" class="md-nav__link">
<span class="md-ellipsis">
Lua Authentication
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/bind-smtp-network-interface/" class="md-nav__link">
<span class="md-ellipsis">
Bind outbound SMTP to a specific network
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../examples/use-cases/external-relay-only-mailserver/" class="md-nav__link">
<span class="md-ellipsis">
Relay inbound and outbound mail for an internal DMS
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../../../faq/" class="md-nav__link">
<span class="md-ellipsis">
FAQ
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_7" >
<label class="md-nav__link" for="__nav_7" id="__nav_7_label" tabindex="0">
<span class="md-ellipsis">
Contributing
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_7_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_7">
<span class="md-nav__icon md-icon"></span>
Contributing
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../../contributing/general/" class="md-nav__link">
<span class="md-ellipsis">
General Information
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../contributing/tests/" class="md-nav__link">
<span class="md-ellipsis">
Tests
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../../contributing/issues-and-pull-requests/" class="md-nav__link">
<span class="md-ellipsis">
Issues and Pull Requests
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="https://hub.docker.com/r/mailserver/docker-mailserver/" class="md-nav__link">
<span class="md-ellipsis">
<span class="icon-external-link"></span>DockerHub
</span>
</a>
</li>
<li class="md-nav__item">
<a href="https://github.com/docker-mailserver/docker-mailserver/pkgs/container/docker-mailserver" class="md-nav__link">
<span class="md-ellipsis">
<span class="icon-external-link"></span>GHCR
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#accounts" class="md-nav__link">
<span class="md-ellipsis">
Accounts
</span>
</a>
<nav class="md-nav" aria-label="Accounts">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#aliases" class="md-nav__link">
<span class="md-ellipsis">
Aliases
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#quotas" class="md-nav__link">
<span class="md-ellipsis">
Quotas
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#sub-addressing" class="md-nav__link">
<span class="md-ellipsis">
Sub-addressing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#technical-overview" class="md-nav__link">
<span class="md-ellipsis">
Technical Overview
</span>
</a>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://github.com/docker-mailserver/docker-mailserver/edit/master/docs/content/config/account-management/overview.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<a href="https://github.com/docker-mailserver/docker-mailserver/raw/master/docs/content/config/account-management/overview.md" title="View source of this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M17 18c.56 0 1 .44 1 1s-.44 1-1 1-1-.44-1-1 .44-1 1-1m0-3c-2.73 0-5.06 1.66-6 4 .94 2.34 3.27 4 6 4s5.06-1.66 6-4c-.94-2.34-3.27-4-6-4m0 6.5a2.5 2.5 0 0 1-2.5-2.5 2.5 2.5 0 0 1 2.5-2.5 2.5 2.5 0 0 1 2.5 2.5 2.5 2.5 0 0 1-2.5 2.5M9.27 20H6V4h7v5h5v4.07c.7.08 1.36.25 2 .49V8l-6-6H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h4.5a8.2 8.2 0 0 1-1.23-2"/></svg>
</a>
<h1 id="account-management-overview"><a class="toclink" href="#account-management-overview">Account Management - Overview</a></h1>
<p>This page provides a technical reference for account management in DMS.</p>
<div class="admonition note">
<p class="admonition-title">Account provisioners and alternative authentication support</p>
<p>Each <a href="../../environment/#account_provisioner"><code>ACCOUNT_PROVISIONER</code></a> has a separate page for configuration guidance and caveats:</p>
<ul>
<li><a href="../provisioner/file/"><code>FILE</code> provisioner docs</a></li>
<li><a href="../provisioner/ldap/"><code>LDAP</code> provisioner docs</a></li>
</ul>
<p>Authentication from the provisioner can be supplemented with additional methods:</p>
<ul>
<li><a href="../supplementary/oauth2/">OAuth2 / OIDC</a> (<em>allow login from an external authentication service</em>)</li>
<li><a href="../supplementary/master-accounts/">Master Accounts</a> (<em>access the mailbox of any DMS account</em>)</li>
</ul>
<hr />
<p>For custom authentication requirements, you could <a href="../../../examples/use-cases/auth-lua/">implement this with Lua</a>.</p>
</div>
<h2 id="accounts"><a class="toclink" href="#accounts">Accounts</a></h2>
<div class="admonition info">
<p class="admonition-title">Info</p>
<p>To receive or send mail, you'll need to provision user accounts into DMS (<em>as each provisioner page documents</em>).</p>
<hr />
<p>A DMS account represents a user with their <em>login username</em> + password, and optional config like aliases and quota.</p>
<ul>
<li>Sending mail from different addresses <strong>does not require</strong> aliases or separate accounts.</li>
<li>Each account is configured with a <em>primary email address</em> that a mailbox is associated to.</li>
</ul>
</div>
<details class="info">
<summary>Primary email address</summary>
<p>The email address associated to an account creates a mailbox. This address is relevant:</p>
<ul>
<li>When DMS <strong>receives mail</strong> for that address as the recipient (<em>or an alias that resolves to it</em>), to identify which mailbox to deliver into.</li>
<li>With <strong>mail submission</strong>:<ul>
<li><code>SPOOF_PROTECTION=1</code> <strong>restricts the sender address</strong> to the DMS account email address (<em>unless additional sender addresses have been permitted via supported config</em>).</li>
<li><code>SPOOF_PROTECTION=0</code> allows DMS accounts to <strong>use any sender address</strong> (<em>only a single DMS account is necessary to send mail with different sender addresses</em>).</li>
</ul>
</li>
</ul>
<hr />
<p>For more details, see the <a href="#technical-overview">Technical Overview</a> section.</p>
</details>
<details class="note">
<summary>Support for multiple mail domains</summary>
<p>No extra configuration in DMS is required after provisioning an account with an email address.</p>
<ul>
<li>The DNS records for a domain should direct mail to DMS and allow DMS to send mail on behalf of that domain.</li>
<li>DMS does not need TLS certificates for your mail domains, only for the DMS FQDN (<em>the <code>hostname</code> setting</em>).</li>
</ul>
</details>
<details class="warning">
<summary>Choosing a compatible email address</summary>
<p>An email address should conform to the standard <a href="https://stackoverflow.com/questions/2049502/what-characters-are-allowed-in-an-email-address/2049510#2049510">permitted charset and format</a> (<code>local-part@domain-part</code>).</p>
<hr />
<p>DMS has features that need to reserve special characters to work correctly. Ensure those characters are not present in email addresses you configure for DMS, otherwise disable / opt-out of the feature.</p>
<ul>
<li><a href="#sub-addressing">Sub-addressing</a> is enabled by default with <code>+</code> as the <em>tag delimiter</em>. The tag can be changed, feature opt-out when the tag is explicitly unset.</li>
</ul>
</details>
<h3 id="aliases"><a class="toclink" href="#aliases">Aliases</a></h3>
<div class="admonition info">
<p class="admonition-title">Info</p>
<p>Aliases allow receiving mail:</p>
<ul>
<li>As an alternative delivery address for a DMS account mailbox.</li>
<li>To redirect / forward to an external address outside of DMS like <code>@gmail.com</code>.</li>
</ul>
</div>
<details class="abstract">
<summary>Technical Details (<em>Local vs Virtual aliases</em>)</summary>
<p>Aliases are managed through Postfix which supports <em>local</em> and <em>virtual</em> aliases:</p>
<ul>
<li><strong>Local aliases</strong> are for mail routed to the <a href="https://www.postfix.org/local.8.html"><code>local</code> delivery agent</a> (see <a href="https://www.postfix.org/aliases.5.html">associated alias config format</a>)<ul>
<li>You rarely need to configure this. It is used internally for system unix accounts belonging to the services running in DMS (<em>including <code>root</code></em>).</li>
<li><code>postmaster</code> may be a local alias to <code>root</code>, and <code>root</code> to a virtual alias or real email address.</li>
<li>Any mail sent through the <code>local</code> delivery agent will not be delivered to an inbox managed by Dovecot (<em>unless you have configured a local alias to redirect mail to a valid address or alias</em>).</li>
<li>The domain-part of an these aliases belongs to your DMS FQDN (<em><code>hostname: mail.example.com</code>, thus <code>user@mail.example.com</code></em>). Technically there is no domain-part at this point, that context is used when routing delivery, the local delivery agent only knows of the local-part (<em>an alias or unix account</em>).</li>
</ul>
</li>
<li><a href="http://www.postfix.org/VIRTUAL_README.html#virtual_alias"><strong>Virtual aliases</strong></a> are for mail routed to the <a href="https://www.postfix.org/virtual.8.html"><code>virtual</code> delivery agent</a> (see <a href="https://www.postfix.org/virtual.5.html">associated alias config format</a>)<ul>
<li>When alias support in DMS is discussed without the context of being a local or virtual alias, it's likely the virtual kind (<em>but could also be agnostic</em>).</li>
<li>The domain-part of an these aliases belongs to a mail domain managed by DMS (<em>like <code>user@example.com</code></em>).</li>
</ul>
</li>
</ul>
<div class="admonition tip">
<p class="admonition-title">Verify alias resolves correctly</p>
<p>You can run <code>postmap -q &lt;alias&gt; &lt;table&gt;</code> in the container to verify an alias resolves to the expected target. If the target is also an alias, the command will not expand that alias to resolve the actual recipient(s).</p>
<p>For the <code>FILE</code> provisioner, an example would be: <code>postmap -q alias1@example.com /etc/postfix/virtual</code>. For the <code>LDAP</code> provisioner you'd need to adjust the table path.</p>
</div>
<div class="admonition info">
<p class="admonition-title">Side effect - Dovecot Quotas (<code>ENABLE_QUOTAS=1</code>)</p>
<p>As a side effect of the alias workaround for the <code>FILE</code> provisioner with this feature, aliases can be used for account login. This is not intentional.</p>
</div>
</details>
<h3 id="quotas"><a class="toclink" href="#quotas">Quotas</a></h3>
<div class="admonition info">
<p class="admonition-title">Info</p>
<p>Enables mail clients with the capability to query a mailbox for disk-space used and capacity limit.</p>
<ul>
<li>This feature is enabled by default, opt-out via <a href="../../environment/#enable_quotas"><code>ENABLE_QUOTAS=0</code></a></li>
<li><strong>Not implemented</strong> for the LDAP provisioner (<em>PR welcome! View the <a href="https://github.com/docker-mailserver/docker-mailserver/issues/2957">feature request for implementation advice</a></em>)</li>
</ul>
</div>
<details class="tip">
<summary>How are quotas useful?</summary>
<p>Without quota limits for disk storage, a mailbox could fill up the available storage which would cause delivery failures to all mailboxes.</p>
<p>Quotas help by preventing that abuse, so that only a mailbox exceeding the assigned quota experiences a delivery failure instead of negatively impacting others (<em>provided disk space is available</em>).</p>
</details>
<details class="abstract">
<summary>Technical Details</summary>
<p>The <a href="https://github.com/docker-mailserver/docker-mailserver/pull/1469">Dovecot Quotas feature</a> is configured by enabling the <a href="https://doc.dovecot.org/settings/plugin/imap-quota-plugin/">Dovecot <code>imap-quota</code> plugin</a> and using the <a href="https://doc.dovecot.org/configuration_manual/quota/quota_count/#quota-backend-count"><code>count</code> quota backend</a>.</p>
<hr />
<p><strong>Dovecot workaround for Postfix aliases</strong></p>
<p>When mail is delivered to DMS, Postfix will query Dovecot with the recipient(s) to verify quota has not been exceeded.</p>
<p>This allows early rejection of mail arriving to DMS, preventing a spammer from taking advantage of a <a href="https://en.wikipedia.org/wiki/Backscatter_%28email%29">backscatter</a> source if the mail was accepted by Postfix, only to later be rejected by Dovecot for storage when the quota limit was already reached.</p>
<p>However, Postfix does not resolve aliases until after the incoming mail is accepted.</p>
<ol>
<li>Postfix queries Dovecot (<em>a <a href="https://github.com/docker-mailserver/docker-mailserver/issues/2091#issuecomment-954298788"><code>check_policy_service</code> restriction tied to the Dovecot <code>quota-status</code> service</a></em>) with the recipient (<em>the alias</em>).</li>
<li><code>dovecot: auth: passwd-file(alias@example.com): unknown user</code> is logged, Postfix is then informed that the recipient mailbox is not full even if it actually was (<em>since no such user exists in the Dovecot UserDB</em>).</li>
<li>However, when the real mailbox address that the alias would later resolve into does have a quota that exceeded the configured limit, Dovecot will refuse the mail delivery from Postfix which introduces a backscatter source for spammers.</li>
</ol>
<p>As a <a href="https://github.com/docker-mailserver/docker-mailserver/pull/2248#issuecomment-955088677">workaround to this problem with the <code>ENABLE_QUOTAS=1</code> feature</a>, DMS will add aliases as fake users into Dovecot UserDB (<em>that are configured with the same data as the real address the alias would resolve to, thus sharing the same mailbox location and quota limit</em>). This allows Postfix to properly be aware of an aliased mailbox having exceeded the allowed quota.</p>
<p><strong>NOTE:</strong> This workaround <strong>only supports</strong> aliases to a single target recipient of a real account address / mailbox.</p>
<ul>
<li>Additionally, aliases that resolve to another alias or to an external address would both fail the UserDB lookup, unable to determine if enough storage is available.</li>
<li>A proper fix would <a href="https://github.com/docker-mailserver/docker-mailserver/pull/2248#issuecomment-953754532">implement a Postfix policy service</a> that could correctly resolve aliases to valid entries in the Dovecot UserDB, querying the <code>quota-status</code> service and returning that response to Postfix.</li>
</ul>
</details>
<h2 id="sub-addressing"><a class="toclink" href="#sub-addressing">Sub-addressing</a></h2>
<div class="admonition info">
<p class="admonition-title">Info</p>
<p><a href="https://en.wikipedia.org/wiki/Email_address#Sub-addressing">Subaddressing</a> (<em>aka <strong>Plus Addressing</strong> or <strong>Address Tags</strong></em>) is a feature that allows you to receive mail to an address which includes a tag appended to the <code>local-part</code> of a valid account address.</p>
<ul>
<li>A subaddress has a tag delimiter (<em>default: <code>+</code></em>), followed by the tag: <code>&lt;local-part&gt;+&lt;tag&gt;@&lt;domain-part&gt;</code></li>
<li>The subaddress <code>user+github@example.com</code> would deliver mail to the same mailbox as <code>user@example.com</code>.</li>
<li>Tags are dynamic. Anything between the <code>+</code> and <code>@</code> is understood as the tag, no additional configuration required.</li>
<li>Only the first occurence of the tag delimiter is recognized. Any additional occurences become part of the tag value itself.</li>
</ul>
</div>
<details class="tip">
<summary>When is subaddressing useful?</summary>
<p>A common use-case is to use a unique tag for each service you register your email address with.</p>
<ul>
<li>Routing delivery to different folders in your mailbox based on the tag (<em>via a <a href="../../advanced/mail-sieve/#subaddress-mailbox-routing">Sieve filter</a></em>).</li>
<li>Data leaks or bulk sales of email addresses.<ul>
<li>If spam / phishing mail you receive has not removed the tag, you will have better insight into where your address was compromised from.</li>
<li>When the expected tag is missing, this additionally helps identify bad actors. Especially when mail delivery is routed to subfolders by tag.</li>
</ul>
</li>
<li>For more use-cases, view the end of <a href="https://www.codetwo.com/admins-blog/plus-addressing">this article</a>.</li>
</ul>
</details>
<details class="tip">
<summary>Changing the tag delimiter</summary>
<p>Add <code>recipient_delimiter = +</code> to these config override files (<em>replacing <code>+</code> with your preferred delimiter</em>):</p>
<ul>
<li>Postfix: <code>docker-data/dms/config/postfix-main.cf</code></li>
<li>Dovecot: <code>docker-data/dms/config/dovecot.cf</code></li>
</ul>
</details>
<details class="tip">
<summary>Opt-out of subaddressing</summary>
<p>Follow the advice to change the tag delimiter, but instead set an empty value (<code>recipient_delimiter =</code>).</p>
</details>
<details class="warning">
<summary>Only for receiving, not sending</summary>
<p>Do not attempt to send mail from these tagged addresses, they are not equivalent to aliases.</p>
<p>This feature is only intended to be used when a mail client sends to a DMS managed recipient address. While DMS does not restrict the sender address you choose to send mail from (<em>provided <code>SPOOF_PROTECTION</code> has not been enabled</em>), it is often <a href="https://learn.microsoft.com/en-us/exchange/recipients-in-exchange-online/plus-addressing-in-exchange-online#using-plus-addresses">forbidden by mail services</a>.</p>
</details>
<details class="abstract">
<summary>Technical Details</summary>
<p>The configured tag delimiter (<code>+</code>) allows both Postfix and Dovecot to recognize subaddresses. Without this feature configured, the subaddresses would be considered as separate mail accounts rather than routed to a common account address.</p>
<hr />
<p>Internally DMS has the tag delimiter configured by:</p>
<ul>
<li>Applying the Postfix <code>main.cf</code> setting: <a href="http://www.postfix.org/postconf.5.html#recipient_delimiter"><code>recipient_delimiter = +</code></a></li>
<li>Dovecot has the equivalent setting set as <code>+</code> by default: <a href="https://doc.dovecot.org/settings/core/#core_setting-recipient_delimiter"><code>recipient_delimiter = +</code></a></li>
</ul>
</details>
<h2 id="technical-overview"><a class="toclink" href="#technical-overview">Technical Overview</a></h2>
<div class="admonition info">
<p class="admonition-title">Info</p>
<p>This section provides insight for understanding how Postfix and Dovecot services are involved. It is intended as a reference for maintainers and contributors.</p>
<ul>
<li><strong>Postfix</strong> - Handles when mail is delivered (inbound) to DMS, or sent (outbound) from DMS.</li>
<li><strong>Dovecot</strong> - Manages access and storage for mail delivered to the DMS account mailboxes of your users.</li>
</ul>
</div>
<details class="abstract">
<summary>Technical Details - Postfix (Inbound vs Outbound)</summary>
<p>Postfix needs to know how to handle inbound and outbound mail by asking these queries:</p>
<div class="tabbed-set tabbed-alternate" data-tabs="1:2"><input checked="checked" id="inbound" name="__tabbed_1" type="radio" /><input id="outbound" name="__tabbed_1" type="radio" /><div class="tabbed-labels"><label for="inbound">Inbound</label><label for="outbound">Outbound</label></div>
<div class="tabbed-content">
<div class="tabbed-block">
<ul>
<li>What mail domains is DMS responsible for handling? (<em>for accepting mail delivered</em>)</li>
<li>What are valid mail addresses for those mail domains? (<em>reject delivery for users that don't exist</em>)</li>
<li>Are there any aliases to redirect mail to 1 or more users, or forward to externally?</li>
</ul>
</div>
<div class="tabbed-block">
<ul>
<li>When <code>SPOOF_PROTECTION=1</code>, how should DMS restrict the sender address? (<em>eg: Users may only send mail from their associated mailbox address</em>)</li>
</ul>
</div>
</div>
</div>
</details>
<details class="abstract">
<summary>Technical Details - Dovecot (Authentication)</summary>
<p>Dovecot additionally handles authenticating user accounts for sending and retrieving mail:</p>
<ul>
<li>Over the ports for IMAP and POP3 connections (<em>110, 143, 993, 995</em>).</li>
<li>As the default configured SASL provider, which Postfix delegates user authentication through (<em>for the submission(s) ports 465 &amp; 587</em>). Saslauthd can be configured as an alternative SASL provider.</li>
</ul>
<p>Dovecot splits all authentication lookups into two categories:</p>
<ul>
<li>A <a href="https://doc.dovecot.org/configuration_manual/authentication/password_databases_passdb">PassDB</a> lookup most importantly authenticates the user. It may also provide any other necessary pre-login information.</li>
<li>A <a href="https://doc.dovecot.org/configuration_manual/authentication/user_databases_userdb">UserDB</a> lookup retrieves post-login information specific to a user.</li>
</ul>
</details>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
<p>&copy <a href="https://github.com/docker-mailserver"><em>Docker Mailserver Organization</em></a><br/><span>This project is licensed under the MIT license.</span></p>
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": "../../..", "features": ["navigation.tabs", "navigation.top", "navigation.expand", "navigation.instant", "content.action.edit", "content.action.view", "content.code.annotate"], "search": "../../../assets/javascripts/workers/search.f8cc74c7.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": {"provider": "mike"}}</script>
<script src="../../../assets/javascripts/bundle.c8b220af.min.js"></script>
</body>
</html>
View Git Blame Copy Permalink