services:
  mailserver:
    image: ghcr.io/docker-mailserver/docker-mailserver:latest
    container_name: mailserver
    # Provide the FQDN of your mail server here (Your DNS MX record should point to this value)
    hostname: {{ domain }}
    ports:
      - "25:25"
      - "465:465"
      - "587:587"
      - "993:993"
      - "4190:4190"
    volumes:
      - ./docker-data/dms/mail-data/:/var/mail/
      - ./docker-data/dms/mail-state/:/var/mail-state/
      - ./docker-data/dms/mail-logs/:/var/log/mail/
      - ./docker-data/dms/config/:/tmp/docker-mailserver/
      - /etc/letsencrypt:/etc/letsencrypt
      - /etc/localtime:/etc/localtime:ro
    environment:
      - SSL_TYPE=letsencrypt
      - ENABLE_CLAMAV=0
      - ENABLE_AMAVIS=0
      - ENABLE_MANAGESIEVE=1
      - ENABLE_FAIL2BAN=1
      - SPOOF_PROTECTION=1
      - ACCOUNT_PROVISIONER=LDAP
      - LDAP_SERVER_HOST=ldap://lldap.internal.simponic.xyz:3890
      - LDAP_SEARCH_BASE=dc=simponic,dc=xyz
      - LDAP_BIND_DN=uid=admin,ou=people,dc=simponic,dc=xyz
      - LDAP_BIND_PW={{ lldap_admin_pass }}

      - LDAP_QUERY_FILTER_USER=(&(objectClass=mailAccount)(|(uid=%u)))
      - LDAP_QUERY_FILTER_GROUP=(&(cn=mail)(uniquemember=uid=%u,ou=people,dc=simponic,dc=xyz))
      - LDAP_QUERY_FILTER_ALIAS=(&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u)))
      - LDAP_QUERY_FILTER_DOMAIN=(mail=*@%s)

      - DOVECOT_AUTH_BIND=yes
      - DOVECOT_USER_FILTER=(&(objectClass=inetOrgPerson)(|(uid=%u)(mail=%u)))
      - DOVECOT_USER_ATTRS==uid=5000,=gid=5000,=home=/var/mail/%Ln,=mail=maildir:~/Maildir

      - ENABLE_SASLAUTHD=1
      - SASLAUTHD_MECHANISMS=rimap
      - SASLAUTHD_MECH_OPTIONS=127.0.0.1
      - POSTMASTER_ADDRESS={{ postmaster_email }}
    extra_hosts:
      - "lldap.internal.simponic.xyz:{{ johan_ip }}"
    dns:
      - {{ nameserver_ip }}
    restart: always