This commit is contained in:
fabreg 2017-03-06 16:22:17 +01:00 committed by GitHub
parent 71886834ab
commit 8ab76ce661

View File

@ -1,22 +1,22 @@
# Anonymize headers # Anonymize headers
Save as `data/conf/postfix/mailcow_anonymize_headers.pcre`: Save as `data/conf/postfix/mailcow_anonymize_headers.pcre`:
``` ```
/^\s*Received:[^\)]+\)\s+\(Authenticated sender:(.+)/ /^\s*Received:[^\)]+\)\s+\(Authenticated sender:(.+)/
REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1 REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1
/^\s*User-Agent/ IGNORE /^\s*User-Agent/ IGNORE
/^\s*X-Enigmail/ IGNORE /^\s*X-Enigmail/ IGNORE
/^\s*X-Mailer/ IGNORE /^\s*X-Mailer/ IGNORE
/^\s*X-Originating-IP/ IGNORE /^\s*X-Originating-IP/ IGNORE
/^\s*X-Forward/ IGNORE /^\s*X-Forward/ IGNORE
``` ```
Add this to `data/conf/postfix/main.cf`: Add this to `data/conf/postfix/main.cf`:
``` ```
smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre
``` ```
# Backup and restore maildir (simple tar file) # Backup and restore maildir (simple tar file)
**Backup** **Backup**
@ -38,9 +38,9 @@ cd /path/to/mailcow-dockerized
source mailcow.conf source mailcow.conf
DATE=$(date +"%Y%m%d_%H%M%S") DATE=$(date +"%Y%m%d_%H%M%S")
docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar xvfz /backup/backup_vmail.tar.gz docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar xvfz /backup/backup_vmail.tar.gz
``` ```
# Docker Compose Bash completion # Docker Compose Bash completion
For the tab-tab... :-) For the tab-tab... :-)
``` ```
@ -51,16 +51,16 @@ curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose versio
Edit a domain as (domain) administrator to add an item to the filter table. Edit a domain as (domain) administrator to add an item to the filter table.
Beware that a mailbox user can login to mailcow and override a domain policy filter item. Beware that a mailbox user can login to mailcow and override a domain policy filter item.
# Change default language # Change default language
Change `data/conf/sogo/sogo.conf` and replace "English" by your prefered language. Change `data/conf/sogo/sogo.conf` and replace "English" by your prefered language.
Create a file `data/web/inc/vars.local.inc.php` and add "DEFAULT_LANG" with either "en", "pt", "de" or "nl": Create a file `data/web/inc/vars.local.inc.php` and add "DEFAULT_LANG" with either "en", "pt", "de" or "nl":
``` ```
<?php <?php
$DEFAULT_LANG = "de"; $DEFAULT_LANG = "de";
``` ```
# Change UI theme # Change UI theme
@ -83,8 +83,8 @@ Now auto-recreate modified containers:
``` ```
docker-compose up -d docker-compose up -d
``` ```
# Disable sender addresses verification # Disable sender addresses verification
This option is not best-practice and should only be implemented when there is no other option available to archive whatever you are trying to do. This option is not best-practice and should only be implemented when there is no other option available to archive whatever you are trying to do.
@ -105,7 +105,7 @@ Run postmap on check_sasl_access:
docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
``` ```
Restart the Postfix container. Restart the Postfix container.
# Install Roundcube # Install Roundcube
@ -162,7 +162,7 @@ Initialize the database and leave the installer.
**Enable change password function in Roundcube** **Enable change password function in Roundcube**
Open `data/web/rc/config.inc.php` and enable the password plugin: Open `data/web/rc/config/config.inc.php` and enable the password plugin:
``` ```
... ...
@ -190,8 +190,8 @@ $config['password_driver'] = 'sql';
$config['password_algorithm'] = 'ssha256'; $config['password_algorithm'] = 'ssha256';
$config['password_algorithm_prefix'] = '{SSHA256}'; $config['password_algorithm_prefix'] = '{SSHA256}';
$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u"; $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
``` ```
# MySQL # MySQL
**Connect to the MySQL database** **Connect to the MySQL database**
@ -213,8 +213,8 @@ docker-compose exec mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${
cd /path/to/mailcow-dockerized cd /path/to/mailcow-dockerized
source mailcow.conf source mailcow.conf
docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
``` ```
# Read logs # Read logs
You can use `docker-compose logs $service-name` for all containers. You can use `docker-compose logs $service-name` for all containers.
@ -240,16 +240,16 @@ server {
Restart the stack, changed containers will be updated: Restart the stack, changed containers will be updated:
`docker-compose up -d` `docker-compose up -d`
# Redis # Redis
**Connect to redis key store** **Connect to redis key store**
``` ```
docker-compose exec redis-mailcow redis-cli docker-compose exec redis-mailcow redis-cli
``` ```
# Remove persistent data # Remove persistent data
- Remove volume `mysql-vol-1` to remove all MySQL data. - Remove volume `mysql-vol-1` to remove all MySQL data.
@ -258,9 +258,9 @@ docker-compose exec redis-mailcow redis-cli
- Remove volume `dkim-vol-1` to remove all DKIM keys. - Remove volume `dkim-vol-1` to remove all DKIM keys.
- Remove volume `rspamd-vol-1` to remove all Rspamd data. - Remove volume `rspamd-vol-1` to remove all Rspamd data.
Running `docker-compose down -v` will **destroy all mailcow: dockerized volumes** and delete any related containers. Running `docker-compose down -v` will **destroy all mailcow: dockerized volumes** and delete any related containers.
# Reset admin password # Reset admin password
Reset mailcow admin to `admin:moohoo`: Reset mailcow admin to `admin:moohoo`:
1\. Drop admin table 1\. Drop admin table
@ -269,111 +269,111 @@ source mailcow.conf
docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;" docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;"
``` ```
2\. Open mailcow UI to auto-init the db 2\. Open mailcow UI to auto-init the db
# Rspamd # Rspamd
**Learn spam and ham** **Learn spam and ham**
Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash.
This is archived by using the Dovecot plugin "antispam" and a simple parser script. This is archived by using the Dovecot plugin "antispam" and a simple parser script.
Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning) Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning)
The bayes statistics are written to Redis as keys `BAYES_HAM` and `BAYES_SPAM`. The bayes statistics are written to Redis as keys `BAYES_HAM` and `BAYES_SPAM`.
You can also use Rspamd's web ui to learn ham and/or spam. You can also use Rspamd's web ui to learn ham and/or spam.
**CLI tools** **CLI tools**
``` ```
docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamc --help
docker-compose exec rspamd-mailcow rspamadm --help docker-compose exec rspamd-mailcow rspamadm --help
``` ```
See [Rspamd documentation](https://rspamd.com/doc/index.html) See [Rspamd documentation](https://rspamd.com/doc/index.html)
# Adjust service configurations # Adjust service configurations
The most important configuration files are mounted from the host into the related containers: The most important configuration files are mounted from the host into the related containers:
``` ```
data/conf data/conf
├── bind9 ├── bind9
│   └── named.conf │   └── named.conf
├── dovecot ├── dovecot
│   ├── dovecot.conf │   ├── dovecot.conf
│   ├── dovecot-master.passwd │   ├── dovecot-master.passwd
│   ├── sieve_after │   ├── sieve_after
│   └── sql │   └── sql
│   ├── dovecot-dict-sql.conf │   ├── dovecot-dict-sql.conf
│   └── dovecot-mysql.conf │   └── dovecot-mysql.conf
├── mysql ├── mysql
│   └── my.cnf │   └── my.cnf
├── nginx ├── nginx
│   ├── dynmaps.conf │   ├── dynmaps.conf
│   ├── site.conf │   ├── site.conf
│   └── templates │   └── templates
│   ├── listen_plain.template │   ├── listen_plain.template
│   ├── listen_ssl.template │   ├── listen_ssl.template
│   └── server_name.template │   └── server_name.template
├── pdns ├── pdns
│   ├── pdns_custom.lua │   ├── pdns_custom.lua
│   └── recursor.conf │   └── recursor.conf
├── postfix ├── postfix
│   ├── main.cf │   ├── main.cf
│   ├── master.cf │   ├── master.cf
│   ├── postscreen_access.cidr │   ├── postscreen_access.cidr
│   ├── smtp_dsn_filter │   ├── smtp_dsn_filter
│   └── sql │   └── sql
│   ├── mysql_relay_recipient_maps.cf │   ├── mysql_relay_recipient_maps.cf
│   ├── mysql_tls_enforce_in_policy.cf │   ├── mysql_tls_enforce_in_policy.cf
│   ├── mysql_tls_enforce_out_policy.cf │   ├── mysql_tls_enforce_out_policy.cf
│   ├── mysql_virtual_alias_domain_catchall_maps.cf │   ├── mysql_virtual_alias_domain_catchall_maps.cf
│   ├── mysql_virtual_alias_domain_maps.cf │   ├── mysql_virtual_alias_domain_maps.cf
│   ├── mysql_virtual_alias_maps.cf │   ├── mysql_virtual_alias_maps.cf
│   ├── mysql_virtual_domains_maps.cf │   ├── mysql_virtual_domains_maps.cf
│   ├── mysql_virtual_mailbox_maps.cf │   ├── mysql_virtual_mailbox_maps.cf
│   ├── mysql_virtual_relay_domain_maps.cf │   ├── mysql_virtual_relay_domain_maps.cf
│   ├── mysql_virtual_sender_acl.cf │   ├── mysql_virtual_sender_acl.cf
│   └── mysql_virtual_spamalias_maps.cf │   └── mysql_virtual_spamalias_maps.cf
├── rmilter ├── rmilter
│   └── rmilter.conf │   └── rmilter.conf
├── rspamd ├── rspamd
│   ├── dynmaps │   ├── dynmaps
│   │   ├── authoritative.php │   │   ├── authoritative.php
│   │   ├── settings.php │   │   ├── settings.php
│   │   ├── tags.php │   │   ├── tags.php
│   │   └── vars.inc.php -> ../../../web/inc/vars.inc.php │   │   └── vars.inc.php -> ../../../web/inc/vars.inc.php
│   ├── local.d │   ├── local.d
│   │   ├── dkim.conf │   │   ├── dkim.conf
│   │   ├── metrics.conf │   │   ├── metrics.conf
│   │   ├── options.inc │   │   ├── options.inc
│   │   ├── redis.conf │   │   ├── redis.conf
│   │   ├── rspamd.conf.local │   │   ├── rspamd.conf.local
│   │   └── statistic.conf │   │   └── statistic.conf
│   ├── lua │   ├── lua
│   │   └── rspamd.local.lua │   │   └── rspamd.local.lua
│   └── override.d │   └── override.d
│   ├── logging.inc │   ├── logging.inc
│   ├── worker-controller.inc │   ├── worker-controller.inc
│   └── worker-normal.inc │   └── worker-normal.inc
└── sogo └── sogo
├── sieve.creds ├── sieve.creds
└── sogo.conf └── sogo.conf
``` ```
Just change the according configuration file on the host and restart the related service: Just change the according configuration file on the host and restart the related service:
``` ```
docker-compose restart service-mailcow docker-compose restart service-mailcow
``` ```
# Tagging # Tagging
Mailbox users can tag their mail address like in `me+facebook@example.org` and choose between to setups to handle this tag: Mailbox users can tag their mail address like in `me+facebook@example.org` and choose between to setups to handle this tag:
1\. Move this message to a subfolder "facebook" (will be created lower case if not existing) 1\. Move this message to a subfolder "facebook" (will be created lower case if not existing)
2\. Prepend the tag to the subject: "[facebook] Subject" 2\. Prepend the tag to the subject: "[facebook] Subject"
# Two-factor authentication # Two-factor authentication
@ -396,8 +396,8 @@ The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are
Only Google Chrome (+derivates) and Opera support U2F authentication to this day natively. Only Google Chrome (+derivates) and Opera support U2F authentication to this day natively.
For Firefox you will need to install the "U2F Support Add-on" as provided on [mozilla.org](https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/). For Firefox you will need to install the "U2F Support Add-on" as provided on [mozilla.org](https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/).
U2F works without an internet connection. U2F works without an internet connection.
# Why Bind? # Why Bind?
For DNS blacklist lookups and DNSSEC. For DNS blacklist lookups and DNSSEC.