2019-01-27 19:40:11 +01:00
#!/usr/bin/env bash
2016-12-29 09:06:21 +01:00
2018-02-28 20:08:20 +01:00
set -o pipefail
2018-02-19 23:39:53 +01:00
2019-09-03 22:01:47 +02:00
if [ [ " $( uname -r) " = ~ ^4\. 15\. 0-60 ] ] ; then
echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!" ;
echo "Please update to 5.x or use another distribution."
exit 1
fi
2019-12-05 19:18:06 +01:00
if [ [ " $( uname -r) " = ~ ^4\. 4\. ] ] ; then
if grep -q Ubuntu <<< $( uname -a) ; then
echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!" ;
echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
2021-10-23 17:49:04 +02:00
exit 1
2019-12-05 19:18:06 +01:00
fi
fi
2018-02-20 08:34:49 +01:00
if grep --help 2>& 1 | grep -q -i "busybox" ; then
2020-11-21 23:28:53 +01:00
echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""
2018-02-14 16:08:03 +01:00
exit 1
fi
2018-02-20 08:34:49 +01:00
if cp --help 2>& 1 | grep -q -i "busybox" ; then
2020-11-21 23:28:53 +01:00
echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""
2018-02-14 16:08:03 +01:00
exit 1
fi
2020-10-14 12:17:07 +02:00
for bin in openssl curl docker-compose docker git awk sha1sum; do
if [ [ -z $( which ${ bin } ) ] ] ; then echo " Cannot find ${ bin } , exiting... " ; exit 1; fi
done
2018-07-18 08:47:53 +02:00
if [ -f mailcow.conf ] ; then
2021-03-06 19:14:13 +01:00
read -r -p "A config file exists and will be overwritten, are you sure you want to continue? [y/N] " response
2016-12-29 09:06:21 +01:00
case $response in
[ yY] [ eE] [ sS] | [ yY] )
mv mailcow.conf mailcow.conf_backup
2019-03-12 23:23:38 +01:00
chmod 600 mailcow.conf_backup
2016-12-29 09:06:21 +01:00
; ;
*)
exit 1
; ;
esac
fi
2018-07-18 08:47:53 +02:00
echo "Press enter to confirm the detected value '[value]' where applicable or enter a custom value."
2018-07-11 19:41:04 +02:00
while [ -z " ${ MAILCOW_HOSTNAME } " ] ; do
2019-05-01 23:17:10 +02:00
read -p "Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: " -e MAILCOW_HOSTNAME
2018-07-11 19:41:04 +02:00
DOTS = ${ MAILCOW_HOSTNAME //[^.] } ;
2018-07-18 08:47:53 +02:00
if [ ${# DOTS } -lt 2 ] && [ ! -z ${ MAILCOW_HOSTNAME } ] ; then
2018-07-11 19:41:04 +02:00
echo " ${ MAILCOW_HOSTNAME } is not a FQDN "
MAILCOW_HOSTNAME =
fi
done
2017-01-23 16:27:42 +01:00
2018-07-18 08:47:53 +02:00
if [ -a /etc/timezone ] ; then
DETECTED_TZ = $( cat /etc/timezone)
elif [ -a /etc/localtime ] ; then
DETECTED_TZ = $( readlink /etc/localtime| sed -n 's|^.*zoneinfo/||p' )
2017-09-16 13:17:37 +02:00
fi
2018-07-18 08:47:53 +02:00
while [ -z " ${ MAILCOW_TZ } " ] ; do
if [ -z " ${ DETECTED_TZ } " ] ; then
read -p "Timezone: " -e MAILCOW_TZ
else
read -p " Timezone [ ${ DETECTED_TZ } ]: " -e MAILCOW_TZ
[ -z " ${ MAILCOW_TZ } " ] && MAILCOW_TZ = ${ DETECTED_TZ }
fi
done
2016-12-29 09:06:21 +01:00
2019-01-16 10:50:34 +01:00
MEM_TOTAL = $( awk '/MemTotal/ {print $2}' /proc/meminfo)
2019-01-17 20:25:38 +01:00
if [ ${ MEM_TOTAL } -le "2621440" ] ; then
echo "Installed memory is <= 2.5 GiB. It is recommended to disable ClamAV to prevent out-of-memory situations."
echo "ClamAV can be re-enabled by setting SKIP_CLAMD=n in mailcow.conf."
read -r -p "Do you want to disable ClamAV now? [Y/n] " response
2019-01-16 10:50:34 +01:00
case $response in
[ nN] [ oO] | [ nN] )
SKIP_CLAMD = n
; ;
*)
SKIP_CLAMD = y
; ;
esac
else
2019-01-17 20:25:38 +01:00
SKIP_CLAMD = n
2019-01-16 10:50:34 +01:00
fi
2019-01-17 20:25:38 +01:00
if [ ${ MEM_TOTAL } -le "2097152" ] ; then
echo "Disabling Solr on low-memory system."
SKIP_SOLR = y
elif [ ${ MEM_TOTAL } -le "3670016" ] ; then
echo "Installed memory is <= 3.5 GiB. It is recommended to disable Solr to prevent out-of-memory situations."
echo "Solr is a prone to run OOM and should be monitored. The default Solr heap size is 1024 MiB and should be set in mailcow.conf according to your expected load."
echo "Solr can be re-enabled by setting SKIP_SOLR=n in mailcow.conf but will refuse to start with less than 2 GB total memory."
read -r -p "Do you want to disable Solr now? [Y/n] " response
2019-01-16 10:50:34 +01:00
case $response in
[ nN] [ oO] | [ nN] )
SKIP_SOLR = n
; ;
*)
SKIP_SOLR = y
; ;
esac
else
SKIP_SOLR = n
fi
2018-07-18 08:47:53 +02:00
[ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
2018-02-08 23:53:06 +01:00
2016-12-29 09:06:21 +01:00
cat << EOF > mailcow.conf
2016-12-28 11:36:15 +01:00
# ------------------------------
2016-12-09 20:39:02 +01:00
# mailcow web ui configuration
2016-12-28 11:36:15 +01:00
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
2016-12-09 20:39:02 +01:00
# Default admin user is "admin"
# Default password is "moohoo"
2018-11-12 10:06:22 +01:00
2016-12-29 21:12:07 +01:00
MAILCOW_HOSTNAME = ${ MAILCOW_HOSTNAME }
2016-12-28 11:36:15 +01:00
2020-11-15 20:22:35 +01:00
# Password hash algorithm
# Only certain password hash algorithm are supported. For a fully list of supported schemes,
# see https://mailcow.github.io/mailcow-dockerized-docs/model-passwd/
MAILCOW_PASS_SCHEME = BLF-CRYPT
2016-12-28 11:36:15 +01:00
# ------------------------------
2016-12-10 21:49:41 +01:00
# SQL database configuration
2016-12-28 11:36:15 +01:00
# ------------------------------
2018-11-12 10:06:22 +01:00
2016-12-09 20:39:02 +01:00
DBNAME = mailcow
DBUSER = mailcow
2017-01-03 10:33:06 +01:00
2016-12-27 20:28:45 +01:00
# Please use long, random alphanumeric strings (A-Za-z0-9)
2018-11-12 10:06:22 +01:00
2018-07-13 06:48:38 +02:00
DBPASS = $( LC_ALL = C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
DBROOT = $( LC_ALL = C </dev/urandom tr -dc A-Za-z0-9 | head -c 28)
2016-12-28 11:36:15 +01:00
# ------------------------------
2017-02-28 10:00:35 +01:00
# HTTP/S Bindings
2016-12-28 11:36:15 +01:00
# ------------------------------
2017-02-23 16:23:30 +01:00
2017-02-28 10:00:35 +01:00
# You should use HTTPS, but in case of SSL offloaded reverse proxies:
2019-09-09 10:51:12 +02:00
# Might be important: This will also change the binding within the container.
# If you use a proxy within Docker, point it to the ports you set below.
2020-07-04 19:31:28 +02:00
# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
2020-03-20 22:30:41 +01:00
# IMPORTANT: Do not use port 8081, 9081 or 65510!
2021-01-07 16:48:08 +01:00
# Example: HTTP_BIND=1.2.3.4
2021-07-28 21:43:27 +02:00
# For IPv4 and IPv6 leave it empty: HTTP_BIND= & HTTPS_PORT=
2021-01-07 16:48:08 +01:00
# For IPv6 see https://mailcow.github.io/mailcow-dockerized-docs/firststeps-ip_bindings/
2018-11-12 10:06:22 +01:00
2017-03-06 15:42:45 +01:00
HTTP_PORT = 80
2021-01-07 16:48:08 +01:00
HTTP_BIND =
2017-02-28 10:00:35 +01:00
2017-01-12 21:40:42 +01:00
HTTPS_PORT = 443
2021-01-07 16:48:08 +01:00
HTTPS_BIND =
2017-02-23 16:23:30 +01:00
# ------------------------------
# Other bindings
# ------------------------------
# You should leave that alone
2021-01-07 16:51:05 +01:00
# Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
2017-02-23 16:23:30 +01:00
2017-01-03 10:33:06 +01:00
SMTP_PORT = 25
SMTPS_PORT = 465
SUBMISSION_PORT = 587
IMAP_PORT = 143
IMAPS_PORT = 993
POP_PORT = 110
POPS_PORT = 995
SIEVE_PORT = 4190
2017-07-10 21:29:03 +02:00
DOVEADM_PORT = 127.0.0.1:19991
2018-02-05 21:42:13 +01:00
SQL_PORT = 127.0.0.1:13306
2019-09-18 08:48:59 +02:00
SOLR_PORT = 127.0.0.1:18983
2020-03-19 12:19:17 +01:00
REDIS_PORT = 127.0.0.1:7654
2017-01-03 10:33:06 +01:00
# Your timezone
2020-12-06 13:34:39 +01:00
# See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
# Use the row named 'TZ database name' + pay attention for 'Notes' row
2018-11-12 10:06:22 +01:00
2018-07-13 06:48:38 +02:00
TZ = ${ MAILCOW_TZ }
2017-05-26 23:01:34 +02:00
# Fixed project name
2020-08-27 20:42:41 +02:00
# Please use lowercase letters only
2018-11-12 10:06:22 +01:00
2018-04-13 14:13:24 +02:00
COMPOSE_PROJECT_NAME = mailcowdockerized
2017-05-26 23:01:34 +02:00
2019-01-26 19:31:01 +01:00
# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
# When enabled, ACL can be created, that apply to "All authenticated users"
# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
# Otherwise a user might share data with too many other users.
ACL_ANYONE = disallow
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
# Garbage collector cleanup
# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
# How long should objects remain in the garbage until they are being deleted? (value in minutes)
2018-10-02 09:32:51 +02:00
# Check interval is hourly
2018-11-12 10:06:22 +01:00
2020-09-23 11:21:50 +02:00
MAILDIR_GC_TIME = 7200
[Docker API] Use TLS encryption for communication with "on-the-fly" created key paris (non-exposed)
[Docker API] Create pipe to pass Rspamd UI worker password
[Dovecot] Pull Spamassassin ruleset to be read by Rspamd (MANY THANKS to Peer Heinlein!)
[Dovecot] Garbage collector for deleted maildirs (set keep time via MAILDIR_GC_TIME which defaults to 1440 minutes)
[Web] Flush memcached after mailbox item changes, fixes #1808
[Web] Fix duplicate IDs, fixes #1792
[Compose] Use SQL sockets
[PHP-FPM] Update APCu and Redis libs
[Dovecot] Encrypt maildir with global key pair in crypt-vol-1 (BACKUP!), also fixes #1791
[Web] Fix deletion of spam aliases
[Helper] Add "crypt" to backup script
[Helper] Override file for external SQL socket (not supported!)
[Compose] New images for Rspamd, PHP-FPM, SOGo, Dovecot, Docker API, Watchdog, ACME, Postfix
2018-09-29 22:01:23 +02:00
2017-06-12 10:38:56 +02:00
# Additional SAN for the certificate
2018-11-12 10:06:22 +01:00
#
# You can use wildcard records to create specific names for every domain you add to mailcow.
# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
#ADDITIONAL_SAN=imap.*,smtp.*
# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "imap.example.net"
# plus every domain you add in the future.
#
# You can also just add static names...
#ADDITIONAL_SAN=srv1.example.net
# ...or combine wildcard and static names:
#ADDITIONAL_SAN=imap.*,srv1.example.com
#
2017-06-12 10:38:56 +02:00
ADDITIONAL_SAN =
2021-02-16 16:38:28 +01:00
# Additional server names for mailcow UI
#
# Specify alternative addresses for the mailcow UI to respond to
# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
# You can understand this as server_name directive in Nginx.
# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
ADDITIONAL_SERVER_NAMES =
2017-10-08 22:48:56 +02:00
# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
2018-11-12 10:06:22 +01:00
2017-10-08 22:48:56 +02:00
SKIP_LETS_ENCRYPT = n
2018-02-01 13:32:28 +01:00
2019-10-19 13:00:01 +02:00
# Create seperate certificates for all domains - y/n
# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
# see https://wiki.dovecot.org/SSL/SNIClientSupport
ENABLE_SSL_SNI = n
2017-10-08 22:48:56 +02:00
# Skip IPv4 check in ACME container - y/n
2018-11-12 10:06:22 +01:00
2017-07-01 23:14:13 +02:00
SKIP_IP_CHECK = n
2019-03-29 07:48:31 +01:00
# Skip HTTP verification in ACME container - y/n
SKIP_HTTP_VERIFICATION = n
2017-10-08 22:48:56 +02:00
# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
2018-11-12 10:06:22 +01:00
2019-01-17 22:23:24 +01:00
SKIP_CLAMD = ${ SKIP_CLAMD }
2017-07-04 21:33:25 +02:00
2020-04-29 10:11:22 +02:00
# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
2020-04-27 17:27:47 +02:00
SKIP_SOGO = n
2019-01-29 13:29:30 +01:00
# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
2019-06-13 19:38:53 +02:00
2019-01-16 10:50:34 +01:00
SKIP_SOLR = ${ SKIP_SOLR }
# Solr heap size in MB, there is no recommendation, please see Solr docs.
# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
2019-06-13 19:38:53 +02:00
2019-01-16 10:50:34 +01:00
SOLR_HEAP = 1024
2019-02-23 17:59:18 +01:00
# Allow admins to log into SOGo as email user (without any password)
ALLOW_ADMIN_EMAIL_LOGIN = n
2020-10-08 16:50:45 +02:00
# Enable watchdog (watchdog-mailcow) to restart unhealthy containers
USE_WATCHDOG = y
# Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
2020-01-30 18:09:22 +01:00
# CAUTION:
# 1. You should use external recipients
# 2. Mails are sent unsigned (no DKIM)
# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
# Multiple rcpts allowed, NO quotation marks, NO spaces
2018-11-12 10:06:22 +01:00
2018-10-26 10:07:23 +02:00
#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
2017-10-08 22:48:56 +02:00
#WATCHDOG_NOTIFY_EMAIL=
2017-09-20 10:56:49 +02:00
2019-06-13 19:38:53 +02:00
# Notify about banned IP (includes whois lookup)
2020-09-23 11:21:50 +02:00
WATCHDOG_NOTIFY_BAN = n
2019-06-13 19:38:53 +02:00
2021-03-13 12:36:29 +01:00
# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
#WATCHDOG_SUBJECT=
2020-01-25 18:26:56 +01:00
# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
# https://www.servercow.de/mailcow?lang=en
# https://www.servercow.de/mailcow?lang=de
# No data is collected. Opt-in and anonymous.
# Will only work with unmodified mailcow setups.
WATCHDOG_EXTERNAL_CHECKS = n
2021-10-29 06:48:49 +02:00
# Enable watchdog verbose logging
WATCHDOG_VERBOSE = n
2018-01-27 16:52:56 +01:00
# Max log lines per service to keep in Redis logs
2018-11-12 10:06:22 +01:00
2018-01-08 22:00:54 +01:00
LOG_LINES = 9999
2018-12-30 14:10:30 +01:00
# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
2020-07-09 19:52:12 +02:00
# Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
2018-11-12 10:06:22 +01:00
2018-01-27 16:52:56 +01:00
IPV4_NETWORK = 172.22.1
2018-02-01 13:32:28 +01:00
# Internal IPv6 subnet in fc00::/7
2020-07-09 19:52:12 +02:00
# Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
2018-11-12 10:06:22 +01:00
2018-01-27 16:52:56 +01:00
IPV6_NETWORK = fd4d:6169:6c63:6f77::/64
2018-07-11 19:41:04 +02:00
# Use this IPv4 for outgoing connections (SNAT)
2018-11-12 10:06:22 +01:00
2018-05-03 22:31:20 +02:00
#SNAT_TO_SOURCE=
2018-02-05 21:42:13 +01:00
2018-07-11 19:41:04 +02:00
# Use this IPv6 for outgoing connections (SNAT)
2018-11-12 10:06:22 +01:00
#SNAT6_TO_SOURCE=
2018-01-27 16:52:56 +01:00
2020-04-11 20:57:35 +02:00
# Create or override an API key for the web UI
2018-06-08 09:11:03 +02:00
# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
2020-04-11 20:57:35 +02:00
# An API key defined as API_KEY has read-write access
# An API key defined as API_KEY_READ_ONLY has read-only access
# Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
# You can define API_KEY and/or API_KEY_READ_ONLY
2018-11-12 10:06:22 +01:00
2018-06-08 09:11:03 +02:00
#API_KEY=
2020-04-11 20:57:35 +02:00
#API_KEY_READ_ONLY=
2019-01-03 00:58:25 +01:00
#API_ALLOW_FROM=172.22.1.1,127.0.0.1
2018-06-08 09:11:03 +02:00
2019-03-18 14:09:32 +01:00
# mail_home is ~/Maildir
MAILDIR_SUB = Maildir
2019-07-21 13:07:48 +02:00
# SOGo session timeout in minutes
SOGO_EXPIRE_SESSION = 480
2020-10-20 15:43:02 +02:00
# DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
# Empty by default to auto-generate master user and password on start.
# User expands to DOVECOT_MASTER_USER@mailcow.local
# LEAVE EMPTY IF UNSURE
DOVECOT_MASTER_USER =
# LEAVE EMPTY IF UNSURE
DOVECOT_MASTER_PASS =
2021-04-29 23:32:42 +02:00
# Let's Encrypt registration contact information
# Optional: Leave empty for none
# This value is only used on first order!
# Setting it at a later point will require the following steps:
2021-11-15 12:16:59 +01:00
# https://mailcow.github.io/mailcow-dockerized-docs/debug-reset_tls/
2021-04-29 23:32:42 +02:00
ACME_CONTACT =
2022-01-19 20:18:46 +01:00
# Disable including device root ca's for WebAuthn
# setting WEBAUTHN_DISABLE_ROOTCA=y will allow you to use Fido2 devices from untrusted Manufacturers
# It will solve "Error: invalid root certificate" at TFA device registration
# Suported devices are
# solo certified
# apple certified
# nitro certified
# yubico certified
# hypersecu certified
# globalSign certified
# googleHardware certified
# microsoftTpmCollection certified
# huawei certified
# trustkey certified
# bsi certified
WEBAUTHN_DISABLE_ROOTCA =
2016-12-29 09:06:21 +01:00
EOF
2017-06-15 10:20:54 +02:00
2017-06-15 17:39:41 +02:00
mkdir -p data/assets/ssl
2019-03-12 23:23:38 +01:00
chmod 600 mailcow.conf
2017-06-15 10:20:54 +02:00
# copy but don't overwrite existing certificate
2020-10-14 12:17:07 +02:00
echo "Generating snake-oil certificate..."
# Making Willich more popular
openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj " /C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN= ${ MAILCOW_HOSTNAME } " -sha256 -nodes
echo "Copying snake-oil certificate..."
2019-10-19 13:00:01 +02:00
cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/