DNS setup
This is a combined mailcow and bahnhof DNS setup. (Don't do like I did and spend hours and hours wondering why it doesn't work when you have set "v=spf1..." with the actual "-signs in the records...)
$ORIGIN domain.se.
$TTL 1800
autodiscover.domain.se. 3600 IN CNAME mail.domain.se.
autoconfig.domain.se. 3600 IN CNAME mail.domain.se.
mail.domain.se. 3600 IN A 123.123.123.123
_dmarc.domain.se. 3600 IN TXT v=DMARC1; p=none
dkim._domainkey.domain.se. 3600 IN TXT v=DKIM1;k=rsa;p=MIIBIj......
domain.se. 3600 IN TXT v=spf1 redirect=_spf.bahnhof.se
Outgoing email with Smarthost
Since Bahnhof (like many other ISP's) are blocking outgoing traffic on port 25, we need to use a smarthost/relay in our setup.
For one reason or the other, I couldn't get it to work using the settings within the mailcow ui, so I opted for some manual steps to make it work.
Setup an extra.cf file (default path: /opt/mailcow-dockerized/data/conf/postfix)
myhostname = mail.domain.se
relayhost = mailout.privat.bahnhof.se:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/opt/postfix/conf/relay_passwords
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymousCreate an relay_passwords file with the username and password for your Bahnhof email account (register one via "My Pages").
mailout.privat.bahnhof.se user:passCreating the hashed file requires some additional steps.
# Accessing the container
docker exec -it mailcowdockerized-postfix-mailcow-1 /bin/bash
# Go to the configuration folder
cd /opt/postfix/conf
# And finally, run this command to create the hash
postmap relay_passwordsSSL/TLS + exposing the server
Forward port 25 to your server.
Check the Mailcow documentation for setting it up using reverse proxy.
Mailcow supports LetsEncrypt out of the box, but not to my knowledge (as of writing) only HTTP verification and not DNS. Found this little gem of a script that can be adjusted for your DNS provider. And scheduled to run via cron two times a day or so. (ex. 0 */12 * * * /opt/certfetcher/certfetcher.sh)