Mail Server Series — Part 13

Through Parts 1–12, we have built a complete enterprise-grade email platform:

Postfix (SMTP/Submissions)
Dovecot (IMAP/LMTP/Sieve)
MariaDB (PostfixAdmin/SpamAssassin/Piler)
PostfixAdmin (Domain & mailbox management)
SpamAssassin (SQL Bayes + TxRep + Remote Learning)
ClamAV (AV scanning)
Amavis (Content filtering + DKIM signing)
Piler (Email archive)
Manticore (CJK full-text search)
Piler Milter (X-Envelope-To header injector)
Roundcube Webmail
Apache (SNI reverse proxy + Let’s Encrypt automation)
Firewall & routing
Monitoring & HA (Part 12)

Part 13 provides two things:
✔ A unified deployment automation script
✔ A fully documented enterprise SOP for daily/weekly/monthly operations

This is the chapter you can hand directly to another IT engineer to maintain the system.

🔶 1. Complete Architecture Summary

Service	Purpose	Ports	Container
Postfix	SMTP / Submission / Milter	25 / 587	postfix
Dovecot	IMAP / LMTP / Sieve	143 / 993 / 24 / 4190	dovecot
MariaDB	PostfixAdmin / SA / Piler DB	3306	maildb
PostfixAdmin	Domain/mailbox management	proxied	postfixadmin
SpamAssassin	Anti-spam engine	783	spamassassin
ClamAV	Virus scanning	3310	clamav
Amavis	Content filter + DKIM	10024 / 10026	amavis
Piler	Email archive	25 (proxy)	piler
Manticore	Full-text search (CJK)	9306 / 9307	manticore
Piler Milter	Add X-Envelope-To	33333	pilermilter
Roundcube	Webmail	8000 (proxied)	webmail
Apache	SSL/TLS reverse proxy	80 / 443	wwwapp

🔶 2. Recommended Deployment Order

To ensure the fewest errors, always deploy in this order:

Step 1 — MariaDB

Create the following databases:

postfix
sa40
piler

Create dedicated users and privilege sets.

Step 2 — PostfixAdmin

Needed to manage:

Domains
Mailboxes
Aliases

Postfix + Dovecot SQL map files depend on this.

Step 3 — SpamAssassin

Includes:

SQL Bayes backend
TxRep reputation system
Remote Learning (ham/spam via IMAPSieve)
Auto schema correction (entrypoint)
sa-update & sa-compile cron

Step 4 — ClamAV + Amavis

Critical components:

DKIM key generation
Amavis inbound/outbound integration (10024/10026)
SA settings integrated into Amavis
ClamAV connectivity (clamdscan)

Step 5 — Piler + Manticore

Key items:

X-Envelope-To header handling
CJK search via ICU + ngram
Reverse proxy header forwarding
Manticore schema auto-initialization

Step 6 — Dovecot (SQL/SNI/Quota/IMAPSieve)

Features enabled:

SQL passdb/userdb
LMTP delivery
Quota limits + notifications
IMAPSieve rules calling SpamAssassin Remote Learn

Step 7 — Postfix (SNI + Amavis + Milter)

Includes:

SASL authentication via Dovecot
TLS/SNI with LMDB map
Amavis inbound/outbound (10024/10026)
Piler milter integration
always_bcc → archive email

Step 8 — Roundcube Webmail

Ensure:

IMAP TLS (993)
SMTP TLS submission (587)
ManageSieve (4190)

Step 9 — Apache Reverse Proxy

Domains:

webmail.domain
archive.domain

Handles:

SSL certificates
SNI routing
Reverse proxy headers
Let’s Encrypt renew automation

Step 10 — Firewall rules

Example:

iptables -I DOCKER-USER 1 -s 172.18.0.0/16 -d 172.18.0.1 -j ACCEPT

🔶 3. Unified Deployment Script (installer.sh)

A complete, production-ready automation script:

#!/bin/bash
set -e

echo "[1] Create network"
docker network create intranet-net || true

echo "[2] Deploy MariaDB"
cd maildb
./db.sh

echo "[3] Deploy PostfixAdmin"
cd ../postfixadmin
./postfixadmin.sh

echo "[4] Deploy SpamAssassin"
cd ../spamassassin
./spamd.sh

echo "[5] Deploy ClamAV + Amavis"
cd ../clamav
./clamav.sh

cd ../amavis
./amavis.sh

echo "[6] Deploy Piler + Manticore"
cd ../piler
docker compose up -d

echo "[7] Deploy Dovecot"
cd ../dovecot
./dovecot.sh

echo "[8] Deploy Postfix"
cd ../postfix
./postfix.sh

echo "[9] Deploy Webmail"
cd ../roundcube
./webmail.sh

echo "[10] Deploy Apache"
cd ../../wwwapp
./wwwapp.sh

echo "=== Email Platform Deployment Completed ==="

Place under:

/opt/docker/mail/install/installer.sh

🔶 4. Enterprise SOP (Standard Operating Procedures)

✔ 4.1 Daily Routine

Check Postfix queue:

docker exec postfix mailq

SpamAssassin health:

docker logs spamassassin | grep -i error

Amavis logs:

docker logs amavis | grep -i panic

Dovecot status:

docker logs dovecot

Manticore:

mysql -h manticore -P 9306 -e "show tables"

✔ 4.2 Weekly Maintenance

Verify sa-update / sa-compile
Ensure freshclam is updating
Check Piler storage usage
Review postfix/submission logs
Check SSL certificate expiration dates

✔ 4.3 Monthly Maintenance

Database backup (postfix, sa40, piler)
Docker image updates
Git commit of configuration files
Piler archive backup
Full TLS renewal verification
HA failover test (if implemented)

✔ 4.4 Disaster Recovery Strategy

Recovery priority:

Postfix + Dovecot — restore basic send/receive
MariaDB — mailbox/domain/user settings
SpamAssassin & Amavis — filtering
Piler — archive indexing can be restored later

🔶 5. Common Issues & Troubleshooting Flow

Issue 1 — IMAP login fails

Check:

doveadm auth user@domain
docker logs dovecot

Typical causes:

Wrong SQL credentials
Wrong SSL hostname
Wrong passdb/userdb configuration

Issue 2 — Outgoing email stuck in queue

Check queue:

postqueue -p
postfix flush

Common causes:

DNS resolution failure
Port 25 blocked
Amavis 10026 unreachable

Issue 3 — Webmail fails to connect

Mostly caused by:

Missing firewall rule
IMAP/SMTP TLS name mismatch
Reverse proxy misconfiguration

🔶 6. Documents Recommended for Long-Term Maintenance

Include:

Architecture Diagram
Network Topology
All Container Versions
List of Domain SSL Certificates
DKIM keys backed up
Onboarding/Offboarding mail procedures
Piler usage guide
SOP for adding new domains / DKIM / transport

🔶 7. Conclusion

By completing Part 13, you now possess:

A fully automated deployment procedure
A professional IT operational handbook
Rapid troubleshooting workflow
Standards suitable for enterprise IT audits
A maintainable and scalable mail platform

Your system is no longer just a “mail server”—
It is a full enterprise messaging infrastructure.