Self Hosted Email Server With Unraid and Poste.IO

I use NginxProxyManager as the main entry point of web traffic onto my local server. I exclusively use it as a proxy host for multiple subdomains. Each subdomain managed by NPM gets proxied to a docker container. Adding new services is mostly setting up the docker container and using NPM to create a ssl certificate with letsencrypt and directing the traffic from that subdomain to the container.

A few weeks ago I randomly discovered Poste.io through the community apps page of unraid. It’s an all-in-one dockerized email server. Since Unraid has a template for it, installing was a breeze:

Community Applications plugin has a template ready to go

Email requires more ports than just 443/80, but following their documentation I was able to get it up and running. Thanks to my local ISP I am able to have port 25 and all the rest unblocked, normally ISPs don’t allow these ports.

slick looking admin console

The docker container comes complete with an admin site for managing users, domains, and server settings. The mail app isn’t half bad either:

Once I tried to connect Thunderbird though I got SSL verification errors. I soon found out even through NPM handles the SSL offloading for port 443 (HTTPS web traffic), it doesn’t do the same for the mail ports (143, 993, etc). Thunderbird was getting a generic mail.poste.io SSL certificate instead of mail.mattlapaglia.com!

Poste.io does support LetsEncrypt, but trying to run LE validation behind another LE instance (NPM) is problematic. When the Poste.IO LE tries to validate domain ownership the LE server ends up calling the NPM LE, which says “uh, what, 404 for me I guess”.

LE servers not able to validate that I own the domain name 🙁

I tried getting the LE functionality in Poste.io to work with the NPM LE but couldn’t come up with a solution that would result in automatic SSL certificate renewals in the future. Then I thought to myself, “NPM LE stores the certificates in the AppData folder of Unraid, I could use that!”

I went back to the Poste.io docker configuration page and added 4 paths to map:

  • ca.crt
  • server.key
  • server.crt
  • server-combined.crt

I mapped them from the NPM appdata folder to the Poste container.

  • /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/chain.pem
  • /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/privkey.pem
  • /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/cert.pem
  • /mnt/user/appdata/NginxProxyManager/letsencrypt/live/npm-33/fullchain.pem

were mapped to:

  • /etc/ssl/ca.crt
  • /etc/ssl/server.key
  • /etc/ssl/server.crt
  • /etc/ssl/server-combined.crt

After this I was able to successfully connect to the email server from my computer and other devices! Now when NPM updates the mail.mattlapaglia.com domain name automatically, poste will directly reference the new certificates without any manual intervention.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.