diff --git a/backup_restore/b_n_r-accidental_deletion/index.html b/backup_restore/b_n_r-accidental_deletion/index.html index 735d82829..da596ef93 100644 --- a/backup_restore/b_n_r-accidental_deletion/index.html +++ b/backup_restore/b_n_r-accidental_deletion/index.html @@ -2428,9 +2428,9 @@

To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1.

Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota:

-
docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
+
docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
 docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
-

+
diff --git a/backup_restore/b_n_r-backup/index.html b/backup_restore/b_n_r-backup/index.html index f97af78e8..e5644d444 100644 --- a/backup_restore/b_n_r-backup/index.html +++ b/backup_restore/b_n_r-backup/index.html @@ -2454,7 +2454,7 @@

Please do not copy this script to another location.

To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. You can also use "all" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

-
# Syntax:
+
# Syntax:
 # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
 
 # Backup all, delete backups older than 3 days
@@ -2465,19 +2465,19 @@ You can also use "all" as second parameter to backup all components. Append 

+

The script will ask you for a backup location. Inside of this location it will create folders in the format "mailcow_DATE". You should not rename those folders to not break the restore process.

To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

-
MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
-
+
MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
+

Cronjob

You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

-
5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
-
+
5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
+

Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

-
#!/bin/sh
+
#!/bin/sh
 
 # Backup mailcow data
 # https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/
@@ -2502,17 +2502,17 @@ if [ $RESULT -ne 0 ]
             echo "STDOUT / STDERR:"
             cat "$OUT"
 fi
-

+

Backup strategy with rsync and mailcow backup script

Create the destination directory for mailcows helper script: -

mkdir -p /external_share/backups/backup_script
-

+
mkdir -p /external_share/backups/backup_script
+

Create cronjobs: -

25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
+
25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
 # If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
-

+

On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions!

To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker-compose pull and docker-compose up -d.

diff --git a/backup_restore/b_n_r-backup_restore-maildir/index.html b/backup_restore/b_n_r-backup_restore-maildir/index.html index fd47d3be3..e322bb3de 100644 --- a/backup_restore/b_n_r-backup_restore-maildir/index.html +++ b/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -2412,15 +2412,15 @@

Backup

This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: -

cd /path/to/mailcow-dockerized
+
cd /path/to/mailcow-dockerized
 docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
-

+

You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

Restore

-
cd /path/to/mailcow-dockerized
+
cd /path/to/mailcow-dockerized
 docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
-

+
diff --git a/backup_restore/b_n_r-backup_restore-mysql/index.html b/backup_restore/b_n_r-backup_restore-mysql/index.html index 70b48a356..b427aeada 100644 --- a/backup_restore/b_n_r-backup_restore-mysql/index.html +++ b/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -2411,20 +2411,20 @@

MySQL (mysqldump)

Backup

-
cd /path/to/mailcow-dockerized
+
cd /path/to/mailcow-dockerized
 source mailcow.conf
 DATE=$(date +"%Y%m%d_%H%M%S")
 docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
-

+

Restore

Warning

You should redirect the SQL dump without docker-compose to prevent parsing errors.

-
cd /path/to/mailcow-dockerized
+
cd /path/to/mailcow-dockerized
 source mailcow.conf
 docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
-

+
diff --git a/backup_restore/b_n_r-coldstandby/index.html b/backup_restore/b_n_r-coldstandby/index.html index fae35be74..2e1496271 100644 --- a/backup_restore/b_n_r-coldstandby/index.html +++ b/backup_restore/b_n_r-coldstandby/index.html @@ -2459,10 +2459,10 @@

You will need a SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

Edit this file and change the exported variables:

-
export REMOTE_SSH_KEY=/path/to/keyfile
+
export REMOTE_SSH_KEY=/path/to/keyfile
 export REMOTE_SSH_PORT=22
 export REMOTE_SSH_HOST=mailcow-backup.host.name
-

+

The key must be owned and readable by root only.

Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker-compose v1 available.

@@ -2470,28 +2470,28 @@ The destination must have Docker and docker-compose v1 availabl

You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

Backup and refresh the cold-standby

Run the first backup, this may take a while depending on the connection:

-
bash /opt/mailcow-dockerized/create_cold_standby.sh
-
+
bash /opt/mailcow-dockerized/create_cold_standby.sh
+

That was easy, wasn't it?

Updating your cold-standby is just as easy:

-
bash /opt/mailcow-dockerized/create_cold_standby.sh
-
+
bash /opt/mailcow-dockerized/create_cold_standby.sh
+

It's the same command.

Automated backups with cron

First make sure that the cron service is enabled and running:

-
systemctl enable cron.service && systemctl start cron.service
-
+
systemctl enable cron.service && systemctl start cron.service
+

To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

-
crontab -e
-
+
crontab -e
+

Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

-
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
-

+

If saved correctly, the cron job should be shown by typing:

-
crontab -l
-
+
crontab -l
+
diff --git a/backup_restore/b_n_r-restore/index.html b/backup_restore/b_n_r-restore/index.html index bc8942836..60ccabd09 100644 --- a/backup_restore/b_n_r-restore/index.html +++ b/backup_restore/b_n_r-restore/index.html @@ -2399,9 +2399,9 @@

Restore

Please do not copy this script to another location.

To run a restore, start mailcow, use the script with "restore" as first parameter.

-
# Syntax:
+
# Syntax:
 # ./helper-scripts/backup_and_restore.sh restore
-

+

The script will ask you for a backup location containing the mailcow_DATE folders.

diff --git a/de/backup_restore/b_n_r-accidental_deletion/index.html b/de/backup_restore/b_n_r-accidental_deletion/index.html index 9c218b846..1e8c666e2 100644 --- a/de/backup_restore/b_n_r-accidental_deletion/index.html +++ b/de/backup_restore/b_n_r-accidental_deletion/index.html @@ -2428,9 +2428,9 @@

Um die Mailbox wiederherzustellen, stellen Sie sicher, dass Sie tatsächlich auf die gleiche Mailcow wiederherstellen, von der sie gelöscht wurde, oder Sie verwenden die gleichen Verschlüsselungsschlüssel in crypt-vol-1.

Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrer Mailcow existiert. Legen Sie diesen neu an, wenn der Benutzer fehlt.

Kopieren Sie die Ordner von /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] zurück nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] und synchronisieren Sie die Ordner neu und berechnen Sie die Quota (Speicherplatz) neu:

-
docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
+
docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
 docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
-

+
diff --git a/de/backup_restore/b_n_r-backup/index.html b/de/backup_restore/b_n_r-backup/index.html index 7a9824e05..a2cc0ed08 100644 --- a/de/backup_restore/b_n_r-backup/index.html +++ b/de/backup_restore/b_n_r-backup/index.html @@ -2454,7 +2454,7 @@

Bitte kopieren Sie dieses Skript nicht an einen anderen Ort.

Um ein Backup zu starten, geben Sie "backup" als ersten Parameter an und entweder eine oder mehrere zu sichernde Komponenten als folgende Parameter. Sie können auch "all" als zweiten Parameter verwenden, um alle Komponenten zu sichern. Fügen Sie --delete-days n an, um Sicherungen zu löschen, die älter als n Tage sind.

-
# Syntax:
+
# Syntax:
 # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
 
 # Alles sichern, Sicherungen älter als 3 Tage löschen
@@ -2465,19 +2465,19 @@ Sie können auch "all" als zweiten Parameter verwenden, um alle Komponenten zu s
 
 # vmail sichern
 ./helper-scripts/backup_and_restore.sh backup vmail
-

+

Das Skript wird Sie nach einem Speicherort für die Sicherung fragen. Innerhalb dieses Speicherortes wird es Ordner im Format "mailcow_DATE" erstellen. Sie sollten diese Ordner nicht umbenennen, um den Wiederherstellungsprozess nicht zu unterbrechen.

Um ein Backup unbeaufsichtigt durchzuführen, definieren Sie MAILCOW_BACKUP_LOCATION als Umgebungsvariable bevor Sie das Skript starten:

-
MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
-
+
MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
+

Cronjob

Sie können das Backup-Skript regelmäßig über einen Cronjob laufen lassen. Stellen Sie sicher, dass BACKUP_LOCATION existiert:

-
5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
-
+
5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
+

Standardmäßig sendet Cron das komplette Ergebnis jeder Backup-Operation per E-Mail. Wenn Sie möchten, dass cron nur im Fehlerfall (Exit-Code ungleich Null) eine E-Mail sendet, können Sie den folgenden Ausschnitt verwenden. Die Pfade müssen entsprechend Ihrer Einrichtung angepasst werden (dieses Skript ist ein Beitrag des Benutzers).

Das folgende Skript kann in /etc/cron.daily/mailcow-backup platziert werden - vergessen Sie nicht, es mit chmod +x als ausführbar zu markieren:

-
#!/bin/sh
+
#!/bin/sh
 
 # Backup mailcow data
 # https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/
@@ -2521,17 +2521,17 @@ if [ $RESULT -ne 0 ]
             echo "STDOUT / STDERR:"
             cat "$OUT"
 fi
-

+

Backup-Strategie mit rsync und mailcow Backup-Skript

Erstellen Sie das Zielverzeichnis für mailcows Hilfsskript: -

mkdir -p /external_share/backups/backup_script
-

+
mkdir -p /external_share/backups/backup_script
+

Cronjobs erstellen: -

25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
+
25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
 # Wenn Sie wollen, benutzen Sie acl util, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path
-

+

Am Zielort (in diesem Fall /external_share/backups) möchten Sie vielleicht Snapshot-Fähigkeiten haben (ZFS, Btrfs usw.). Machen Sie täglich einen Snapshot und bewahren Sie ihn für n Tage auf, um ein konsistentes Backup zu erhalten. Führen Sie kein rsync auf eine Samba-Freigabe durch, Sie müssen die richtigen Berechtigungen einhalten!

Zum Wiederherstellen müssen Sie rsync einfach in umgekehrter Richtung ausführen und Docker neu starten, um die Volumes erneut zu lesen. Führen Sie docker-compose pull und docker-compose up -d aus.

diff --git a/de/backup_restore/b_n_r-backup_restore-maildir/index.html b/de/backup_restore/b_n_r-backup_restore-maildir/index.html index d9fb853a1..987c692e9 100644 --- a/de/backup_restore/b_n_r-backup_restore-maildir/index.html +++ b/de/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -2412,15 +2412,15 @@

Sicherung

Diese Zeile sichert das vmail-Verzeichnis in eine Datei backup_vmail.tar.gz im mailcow-Root-Verzeichnis: -

cd /pfad/zu/mailcow-dockerized
+
cd /pfad/zu/mailcow-dockerized
 docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
-

+

Sie können den Pfad ändern, indem Sie ${PWD} (das dem aktuellen Verzeichnis entspricht) an einen beliebigen Pfad anpassen, auf den Sie Schreibzugriff haben. Setzen Sie den Dateinamen backup_vmail.tar.gz auf einen beliebigen Namen, aber lassen Sie den Pfad so wie er ist. Beispiel: [...] tar cvfz /backup/mein_eigener_filename_.tar.gz

Wiederherstellen

-
cd /pfad/zu/mailcow-dockerized
+
cd /pfad/zu/mailcow-dockerized
 docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
-

+
diff --git a/de/backup_restore/b_n_r-backup_restore-mysql/index.html b/de/backup_restore/b_n_r-backup_restore-mysql/index.html index 4f27bcc73..fc24e973f 100644 --- a/de/backup_restore/b_n_r-backup_restore-mysql/index.html +++ b/de/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -2411,20 +2411,20 @@

MySQL (mysqldump)

Sicherung

-
cd /pfad/zu/mailcow-dockerized
+
cd /pfad/zu/mailcow-dockerized
 source mailcow.conf
 DATE=$(Datum +"%Y%m%d_%H%M%S")
 docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
-

+

Wiederherstellen

Warning

Sie sollten den SQL-Dump ohne docker-compose umleiten, um Parsing-Fehler zu vermeiden.

-
cd /pfad/zu/mailcow-dockerized
+
cd /pfad/zu/mailcow-dockerized
 source mailcow.conf
 docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
-

+
diff --git a/de/backup_restore/b_n_r-coldstandby/index.html b/de/backup_restore/b_n_r-coldstandby/index.html index b646f3db7..8cfefc18a 100644 --- a/de/backup_restore/b_n_r-coldstandby/index.html +++ b/de/backup_restore/b_n_r-coldstandby/index.html @@ -2459,10 +2459,10 @@

Sie benötigen ein SSH-fähiges Ziel und eine Schlüsseldatei, um sich mit diesem Ziel zu verbinden. Der Schlüssel sollte nicht durch ein Passwort geschützt sein, damit das Skript unbeaufsichtigt arbeiten kann.

In Ihrem mailcow-Basisverzeichnis, z.B. /opt/mailcow-dockerized, finden Sie eine Datei create_cold_standby.sh.

Bearbeiten Sie diese Datei und ändern Sie die exportierten Variablen:

-
export REMOTE_SSH_KEY=/pfad/zur/keyfile
+
export REMOTE_SSH_KEY=/pfad/zur/keyfile
 export REMOTE_SSH_PORT=22
 export REMOTE_SSH_HOST=mailcow-backup.host.name
-

+

Der Schlüssel muss im Besitz von root sein und darf nur von diesem gelesen werden können.

Sowohl die Quelle als auch das Ziel benötigen rsync >= v3.1.0. Das Ziel muss über Docker und docker-compose v1 verfügen.

@@ -2470,28 +2470,28 @@ Das Ziel muss über Docker und docker-compose v1 verfügen.

Sie können die Verbindung testen, indem Sie ssh mailcow-backup.host.name -p22 -i /path/to/keyfile ausführen.

Backup und Aktualisierung des Cold-Standby

Starten Sie das erste Backup, dies kann je nach Verbindung eine Weile dauern:

-
bash /opt/mailcow-dockerized/create_cold_standby.sh
-
+
bash /opt/mailcow-dockerized/create_cold_standby.sh
+

Das war einfach, nicht wahr?

Das Aktualisieren des Cold-Standby ist genauso einfach:

-
bash /opt/mailcow-dockerized/create_cold_standby.sh
-
+
bash /opt/mailcow-dockerized/create_cold_standby.sh
+

Es ist derselbe Befehl.

Automatisierte Backups mit cron

Stellen Sie zunächst sicher, dass der cron Dienst aktiviert ist und läuft:

-
systemctl enable cron.service && systemctl start cron.service
-
+
systemctl enable cron.service && systemctl start cron.service
+

Um die Backups auf dem Cold-Standby-Server zu automatisieren, können Sie einen Cron-Job verwenden. Um die Cron-Jobs für den Root-Benutzer zu bearbeiten, führen Sie aus:

-
crontab -e
-
+
crontab -e
+

Fügen Sie die folgenden Zeilen hinzu, um den Cold-Standby-Server täglich um 03:00 Uhr zu synchronisieren. In diesem Beispiel werden Fehler der letzten Ausführung in einer Datei protokolliert.

-
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
-

+

Wenn korrekt gespeichert, sollte der Cron-Job durch Eingabe angezeigt werden:

-
crontab -l
-
+
crontab -l
+
diff --git a/de/backup_restore/b_n_r-restore/index.html b/de/backup_restore/b_n_r-restore/index.html index 84450690d..504c42476 100644 --- a/de/backup_restore/b_n_r-restore/index.html +++ b/de/backup_restore/b_n_r-restore/index.html @@ -2399,9 +2399,9 @@

Wiederherstellung

Bitte kopieren Sie dieses Skript nicht an einen anderen Ort.

Um eine Wiederherstellung durchzuführen, starten Sie mailcow, verwenden Sie das Skript mit "restore" als ersten Parameter.

-
# Syntax:
+
# Syntax:
 # ./helper-scripts/backup_and_restore.sh restore
-

+

Das Skript wird Sie nach einem Speicherort für die Sicherung der mailcow_DATE-Ordner fragen.

diff --git a/de/i_u_m/i_u_m_deinstall/index.html b/de/i_u_m/i_u_m_deinstall/index.html index 5bb0819a6..a97a50d4d 100644 --- a/de/i_u_m/i_u_m_deinstall/index.html +++ b/de/i_u_m/i_u_m_deinstall/index.html @@ -2346,8 +2346,8 @@

Deinstallation

Um mailcow: dockerized mit all seinen Volumes, Images und Containern zu entfernen, tun Sie dies:

-
docker-compose down -v --rmi all --remove-orphans
-
+
docker-compose down -v --rmi all --remove-orphans
+

Info

    diff --git a/de/i_u_m/i_u_m_install/index.html b/de/i_u_m/i_u_m_install/index.html index 3d623b3d0..b72122f30 100644 --- a/de/i_u_m/i_u_m_install/index.html +++ b/de/i_u_m/i_u_m_install/index.html @@ -2351,10 +2351,10 @@

    • Docker -

      curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+
      curl -sSL https://get.docker.com/ | CHANNEL=stable sh
 # Nachdem der Installationsprozess abgeschlossen ist, müssen Sie eventuell den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)
 systemctl enable --now docker
-
      
+

    • Docker-Compose

      @@ -2365,44 +2365,44 @@ systemctl enable --now docker

      mailcow benötigt die neueste Version von docker-compose v1. Es wird dringend empfohlen, die untenstehenden Befehle zu verwenden, um docker-compose zu installieren. Paket-Manager (z.B. apt, yum) werden wahrscheinlich nicht die richtige Version liefern. Hinweis: Dieser Befehl lädt docker-compose aus dem offiziellen Docker-Github-Repository herunter und ist eine sichere Methode. Das Snippet ermittelt die neueste unterstützte Version von mailcow. In fast allen Fällen ist dies die letzte verfügbare Version (Ausnahmen sind kaputte Versionen oder größere Änderungen, die noch nicht von mailcow unterstützt werden).

-
curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
-

+

Bitte verwenden Sie die neueste verfügbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird.

1.1.1. Auf SELinux-aktivierten Systemen, z.B. CentOS 7:

  • Prüfen Sie, ob das Paket "container-selinux" auf Ihrem System vorhanden ist:
-
rpm -qa | grep container-selinux
-
+
rpm -qa | grep container-selinux
+

Wenn der obige Befehl eine leere oder keine Ausgabe liefert, sollten Sie es über Ihren Paketmanager installieren.

  • Prüfen Sie, ob Docker SELinux-Unterstützung aktiviert hat:
-
docker info | grep selinux
-
+
docker info | grep selinux
+

Wenn der obige Befehl eine leere oder keine Ausgabe liefert, erstellen oder bearbeiten Sie /etc/docker/daemon.json und fügen Sie "selinux-enabled": true hinzu. Beispielhafter Inhalt der Datei:

-
{
+
{
   "selinux-enabled": true
 }
-

+

Starten Sie den Docker-Daemon neu und überprüfen Sie, ob SELinux nun aktiviert ist.

Dieser Schritt ist erforderlich, um sicherzustellen, dass die mailcows-Volumes richtig gekennzeichnet sind, wie in der Compose-Datei angegeben. Wenn Sie daran interessiert sind, wie das funktioniert, können Sie sich die Readme-Datei von https://github.com/containers/container-selinux ansehen, die auf viele nützliche Informationen zu diesem Thema verweist.

2. Klonen Sie den Master-Zweig des Repositorys und stellen Sie sicher, dass Ihre umask gleich 0022 ist. Bitte klonen Sie das Repository als root-Benutzer und kontrollieren Sie auch den Stack als root. Wir werden die Attribute - wenn nötig - ändern, während wir die Container automatisch bereitstellen und sicherstellen, dass alles gesichert ist. Das update.sh-Skript muss daher ebenfalls als root ausgeführt werden. Es kann notwendig sein, den Besitzer und andere Attribute von Dateien zu ändern, auf die Sie sonst keinen Zugriff haben. Wir geben die Berechtigungen für jede exponierte Anwendung auf und führen einen exponierten Dienst nicht als root aus! Wenn Sie den Docker-Daemon als Nicht-Root-Benutzer steuern, erhalten Sie keine zusätzliche Sicherheit. Der unprivilegierte Benutzer wird die Container ebenfalls als root spawnen. Das Verhalten des Stacks ist identisch.

-
$ su
+
$ su
 # umask
 0022 # <- Überprüfen, dass es 0022 ist
 # cd /opt
 # git clone https://github.com/mailcow/mailcow-dockerized
 # cd mailcow-dockerized
-

+

3. Erzeugen Sie eine Konfigurationsdatei. Verwenden Sie einen FQDN (host.domain.tld) als Hostname, wenn Sie gefragt werden. -

./generate_config.sh
-

+
./generate_config.sh
+

4. Ändern Sie die Konfiguration, wenn Sie das wollen oder müssen. -

nano mailcow.conf
-
+
nano mailcow.conf
+
Wenn Sie planen, einen Reverse Proxy zu verwenden, können Sie zum Beispiel HTTPS an 127.0.0.1 auf Port 8443 und HTTP an 127.0.0.1 auf Port 8080 binden.

Möglicherweise müssen Sie einen vorinstallierten MTA stoppen, der Port 25/tcp blockiert. Siehe dieses Kapitel, um zu erfahren, wie man Postfix rekonfiguriert, um nach einer erfolgreichen Installation neben mailcow laufen zu lassen.

Einige Updates modifizieren mailcow.conf und fügen neue Parameter hinzu. Es ist schwer, in der Dokumentation den Überblick zu behalten. Bitte überprüfen Sie deren Beschreibung und fragen Sie, wenn Sie unsicher sind, in den bekannten Kanälen nach Rat.

@@ -2410,20 +2410,20 @@ Wenn Sie planen, einen Reverse Proxy zu verwenden, können Sie zum Beispiel HTTP

Wenn Sie auf Probleme und seltsame Phänomene stoßen, überprüfen Sie bitte Ihre MTU.

Bearbeiten Sie docker-compose.yml und ändern Sie die Netzwerkeinstellungen entsprechend Ihrer MTU. Fügen Sie den neuen Parameter driver_opts wie folgt hinzu: -

networks:
+
networks:
   mailcow-network:
     ...
     driver_opts:
       com.docker.network.driver.mtu: 1450
     ...
-

+

4.2. Benutzer ohne ein IPv6-aktiviertes Netzwerk auf ihrem Hostsystem:

Einschalten von IPv6. Endlich.

Wenn Sie kein IPv6-fähiges Netzwerk auf Ihrem Host haben und Sie sich nicht um ein besseres Internet kümmern (hehe), ist es empfehlenswert, IPv6 für das mailcow-Netzwerk zu deaktivieren, um unvorhergesehene Probleme zu vermeiden.

5. LAden Sie die Images herunter und führen Sie die Compose-Datei aus. Der Parameter -d wird mailcow: dockerized starten: -

docker-compose pull
+
docker-compose pull
 docker-compose up -d
-

+

Geschafft!

Sie können nun auf https://${MAILCOW_HOSTNAME} mit den Standard-Zugangsdaten admin + Passwort moohoo zugreifen.

diff --git a/de/i_u_m/i_u_m_migration/index.html b/de/i_u_m/i_u_m_migration/index.html index a3efb612b..2d93cbab4 100644 --- a/de/i_u_m/i_u_m_migration/index.html +++ b/de/i_u_m/i_u_m_migration/index.html @@ -2359,43 +2359,43 @@ Installieren Sie Do

  • Docker -

    curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+
    curl -sSL https://get.docker.com/ | CHANNEL=stable sh
 # Nachdem der Installationsprozess abgeschlossen ist, müssen Sie den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)
 systemctl enable docker.service
-
    
+

  • docker-compose -

    curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
    curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
-
    
+

Bitte verwenden Sie die neueste verfügbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird.

2. Stoppen Sie Docker und stellen Sie sicher, dass Docker gestoppt wurde: -

systemctl stop docker.service
+
systemctl stop docker.service
 systemctl status docker.service
-

+

3. Führen Sie die folgenden Befehle auf dem Quellcomputer aus (achten Sie darauf, die abschließenden Schrägstriche im ersten Pfadparameter wie unten gezeigt hinzuzufügen!) - WARNUNG: Dieser Befehl löscht alles, was bereits unter /var/lib/docker/volumes auf dem Zielrechner existiert: -

rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
+
rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
 rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
-

+

4. Schalten Sie mailcow ab und stoppen Sie Docker auf dem Quellrechner. -

cd /opt/mailcow-dockerized
+
cd /opt/mailcow-dockerized
 docker-compose herunterfahren
 systemctl stop docker.service
-

+

**Wiederholen Sie Schritt 3 mit denselben Befehlen. Dies wird viel schneller gehen als beim ersten Mal.

6. Wechseln Sie auf den Zielrechner und starten Sie Docker. -

systemctl start docker.service
-

+
systemctl start docker.service
+

7. Ziehen Sie nun die mailcow Docker-Images auf den Zielrechner. -

cd /opt/mailcow-dockerized
+
cd /opt/mailcow-dockerized
 docker-compose pull
-

+

8. Starten Sie den gesamten mailcow-Stack und alles sollte fertig sein! -

docker-compose up -d
-

+
docker-compose up -d
+

9. Zum Schluss ändern Sie Ihre DNS-Einstellungen so, dass sie auf den Zielserver zeigen.

diff --git a/de/i_u_m/i_u_m_update/index.html b/de/i_u_m/i_u_m_update/index.html index 7f5960065..b154f98cf 100644 --- a/de/i_u_m/i_u_m_update/index.html +++ b/de/i_u_m/i_u_m_update/index.html @@ -2480,13 +2480,13 @@

Ein Update-Skript in Ihrem mailcow-dockerized Verzeichnis kümmert sich um Updates.

Aber benutzen Sie es mit Bedacht! Wenn Sie denken, dass Sie viele Änderungen am mailcow-Code vorgenommen haben, sollten Sie die manuelle Update-Anleitung unten verwenden.

Führen sie das Update-Skript aus: -

./update.sh
-

+
./update.sh
+

Wenn es nötig ist, wird es Sie fragen, wie Sie fortfahren möchten. Merge-Fehler werden gemeldet. Einige kleinere Konflikte werden automatisch korrigiert (zugunsten des mailcow: dockerized repository code).

Optionen

-
# Optionen können kombiniert werden
+
# Optionen können kombiniert werden
 
 # - Prüft auf Updates und zeigt Änderungen an
 ./update.sh --check
@@ -2509,22 +2509,22 @@ Einige kleinere Konflikte werden automatisch korrigiert (zugunsten des mailcow:
 
 # - Nicht aktualisieren, nur holen von Docker Images
 ./update.sh --prefetch
-

+

Ich habe vergessen, was ich vor dem Ausführen von update.sh geändert habe.

Siehe git log --pretty=oneline | grep -i "before update", Sie werden eine Ausgabe ähnlich dieser haben:

-
22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
+
22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
-

+

Führen Sie git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab aus, um zu sehen, was sich geändert hat.

Kann ich ein Rollback durchführen?

Ja.

Siehe das obige Thema, anstelle eines Diffs führen Sie checkout aus:

-
docker-compose down
+
docker-compose down
 # Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
 git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
 docker-compose pull
 docker-compose up -d
-

+

Hooks

Sie können sich in den Update-Mechanismus einklinken, indem Sie Skripte namens pre_commit_hook.sh und post_commit_hook.sh zu Ihrem mailcows-Root-Verzeichnis hinzufügen. Siehe hier für weitere Details.

Fußnoten

diff --git a/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html index 680d1dde9..7e782357e 100644 --- a/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html +++ b/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -2466,21 +2466,21 @@
  • Sie brauchen your_id von den Downloadlinks. Diese sind pro User individuell.

  • Fügen Sie diese wie folgt in die data/conf/clamav/freshclam.conf ein und ersetzen Sie den your_id Teil mit Ihrer ID: -

    DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
+
    DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
-
    
+

  • Bei den kostenlosen SecuriteInfo Datenbanken ist die Download-Geschwindigkeit auf 300 kB/s begrenzt. Ändern Sie in data/conf/clamav/freshclam.conf den Standardwert ReceiveTimeout 20 auf ReceiveTimeout 90 (Zeitangabe in Sekunden), da ansonsten einige der Datenbank-Downloads aufgrund ihrer Größe abbrechen können.

  • Passen Sie data/conf/clamav/clamd.conf mit den folgenden Einstellungen an: -

    DetectPUA yes
+
    DetectPUA yes
 ExcludePUA PUA.Win.Packer
 ExcludePUA PUA.Win.Trojan.Packed
 ExcludePUA PUA.Win.Trojan.Molebox
@@ -2493,11 +2493,11 @@ MaxEmbeddedPE 100M
 MaxHTMLNormalize 50M
 MaxScriptNormalize 50M
 MaxZipTypeRcg 50M
-
    
+

  • Starten Sie den ClamAV Container neu: -
    docker-compose restart clamd-mailcow
-
    • +
    docker-compose restart clamd-mailcow
+

    Bitte beachten Sie:

      @@ -2509,14 +2509,14 @@ MaxZipTypeRcg 50M

      InterServer Datenbanken aktivieren

      1. Fügen Sie folgendes in data/conf/clamav/freshclam.conf ein: -
        DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
+
        DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
 DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
 DatabaseCustomURL http://sigs.interserver.net/shell.ldb
 DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
-
        2. +
  • Starten Sie den ClamAV Container neu: -
    docker-compose restart clamd-mailcow
-
    • +
    docker-compose restart clamd-mailcow
+
    diff --git a/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html index 0951c35dc..d38a9a3b3 100644 --- a/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html +++ b/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -2398,22 +2398,22 @@

    Whitelist für bestimmte ClamAV-Signaturen

    Es kann vorkommen, dass legitime (saubere) Mails von ClamAV blockiert werden (Rspamd markiert die Mail mit VIRUS_FOUND). So werden beispielsweise interaktive PDF-Formularanhänge standardmäßig blockiert, da der eingebettete Javascript-Code für schädliche Zwecke verwendet werden könnte. Überprüfen Sie dies anhand der clamd-Protokolle, z.B.:

    -
    docker-compose logs clamd-mailcow | grep "FOUND"
-
    +
    docker-compose logs clamd-mailcow | grep "FOUND"
+

    Diese Zeile bestätigt, dass ein solcher identifiziert wurde:

    -
    clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
-
    +
    clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
+

    Um diese spezielle Signatur auf die Whitelist zu setzen (und den Versand dieses Dateityps im Anhang zu ermöglichen), fügen Sie sie der ClamAV-Signatur-Whitelist-Datei hinzu:

    -
    echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
-
    +
    echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
+

    Dann starten Sie den clamd-mailcow Service Container in der mailcow UI oder mit docker-compose neu:

    -
    docker-compose restart clamd-mailcow
-
    +
    docker-compose restart clamd-mailcow
+

    Bereinigen Sie zwischengespeicherte ClamAV-Ergebnisse in Redis:

    -
    # docker-compose exec redis-mailcow /bin/sh
+
    # docker-compose exec redis-mailcow /bin/sh
 /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
 /data # exit
-
    
+
    diff --git a/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html index 4e8a4161a..39307ff50 100644 --- a/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html +++ b/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -2348,14 +2348,14 @@

    Dockerfiles anpassen

    Sie müssen die Override-Datei mit den entsprechenden Build-Tags in den mailcow: dockerized Root-Ordner (d.h. /opt/mailcow-dockerized) kopieren:

    -
    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
-
    +
    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
+

    Nehmen Sie Ihre Änderungen in data/Dockerfiles/$service vor und erstellen Sie das Image lokal:

    -
    docker build data/Dockerfiles/service -t mailcow/$service
-
    +
    docker build data/Dockerfiles/service -t mailcow/$service
+

    Nun werden die geänderten Container automatisch neu erstellt:

    -
    docker-compose up -d
-
    +
    docker-compose up -d
+
    diff --git a/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html b/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html index 98e01a2b7..60cbda37d 100644 --- a/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html +++ b/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html @@ -2348,8 +2348,8 @@

    Docker Compose Bash Completion

    Um eine schöne Bash-Vervollständigung in Ihren Containern zu erhalten, führen Sie einfach das Folgende aus:

    -
    curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
-
    +
    curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
+
    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html index 6c96f082e..987ea6eae 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -2349,8 +2349,8 @@

    Am 17. August haben wir die Möglichkeit, mit "jedem" oder "allen authentifizierten Benutzern" zu teilen, standardmäßig deaktiviert.

    Diese Funktion kann wieder aktiviert werden, indem ACL_ANYONE auf allow in mailcow.conf gesetzt wird:

    -
    ACL_ANYONE=allow
-
    +
    ACL_ANYONE=allow
+

    Wenden Sie die Änderungen an, indem Sie docker-compose up -d ausführen.

    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html index 03d53fdd1..a74e6600e 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -2454,17 +2454,17 @@

    Der manuelle Weg

    Dann wollen wir mal loslegen:

    Löschen Sie die Mails eines Benutzers im Junk-Ordner, die gelesen und älter als 4 Stunden sind

    -
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
-
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
+

    Lösche alle Mails des Benutzers im Junk-Ordner, die älter als 7 Tage sind

    -
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
-
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
+

    Löscht alle Mails (aller Benutzer) in allen Ordnern, die älter als 52 Wochen sind (internes Datum der Mail, nicht das Datum, an dem sie auf dem System gespeichert wurde => before statt savedbefore). Nützlich zum Löschen sehr alter Mails in allen Benutzern und Ordnern (daher besonders nützlich für GDPR-Compliance).

    -
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
-
    +
    docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
+

    Löschen von Mails in einem benutzerdefinierten Ordner innerhalb des Posteingangs eines Benutzers, die nicht gekennzeichnet und älter als 2 Wochen sind

    -
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
-
    +
    docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
+

    Info

    Für mögliche Zeitspannen oder SearchQuery schauen Sie bitte in man doveadm-search-query

    @@ -2472,21 +2472,21 @@

    Job-Scheduler

    über das Host-System cron

    Wenn Sie eine solche Aufgabe automatisieren wollen, können Sie einen Cron-Job auf Ihrem Rechner erstellen, der ein Skript wie das folgende aufruft:

    -
    #!/bin/bash
+
    #!/bin/bash
 # Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized
 cd /pfad/zu/ihrem/mailcow-dockerized
 
 /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
 /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
 [...]
-
    
+

    Um einen Cronjob zu erstellen, können Sie crontab -e ausführen und etwas wie das Folgende einfügen, um ein Skript auszuführen:

    -
    # Jeden Tag um 04:00 Uhr morgens ausführen.
+
    # Jeden Tag um 04:00 Uhr morgens ausführen.
 0 4 * * * /pfad/zu/ihr/expunge_mailboxes.sh
-
    
+

    über Docker Job Scheduler

    Um dies mit einem Docker-Job-Scheduler zu archivieren, verwenden Sie diese docker-compose.override.yml mit Ihrer Mailcow:

    -
    version: '2.1'
+
    version: '2.1'
 
 services:
 
@@ -2504,12 +2504,12 @@ services:
       - "ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *"
       - "ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w"
       - "ofelia.job-exec.dovecot-expunge-trash.tty=false"
-
    
+

    Der Job-Controller braucht nur Zugriff auf den Docker Control Socket, um das Verhalten von "exec" zu emulieren. Dann fügen wir unserem Dovecot-Container ein paar Labels hinzu, um den Job-Scheduler zu aktivieren und ihm in einem Cron-kompatiblen Scheduling-Format mitzuteilen, wann er laufen soll. Wenn Sie Probleme mit dem Scheduling-String haben, können Sie crontab guru verwenden. Diese docker-compose.override.yml löscht jeden Tag um 4 Uhr morgens alle Mails, die älter als 2 Wochen sind, aus dem Ordner "Junk". Um zu sehen, ob alles richtig gelaufen ist, können Sie nicht nur in Ihrer Mailbox nachsehen, sondern auch im Docker-Log von Ofelia, ob es etwa so aussieht:

    -
    common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
+
    common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
 common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Finished in "285.032291ms", failed: false, skipped: false, error: none,
-
    
+

    Wenn der Vorgang fehlgeschlagen ist, wird dies angegeben und die Ausgabe von doveadm im Protokoll aufgeführt, um Ihnen die Fehlersuche zu erleichtern.

    Falls Sie weitere Jobs hinzufügen wollen, stellen Sie sicher, dass Sie den "dovecot-expunge-trash"-Teil nach "ofelia.job-exec." in etwas anderes ändern, er definiert den Namen des Jobs. Die Syntax der Labels finden Sie unter mcuadros/ofelia.

    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html b/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html index e4b4e3b7f..0912e3f41 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html @@ -2349,8 +2349,8 @@

    Erstellen Sie eine Datei data/conf/dovecot/extra.conf - falls nicht vorhanden - und fügen Sie Ihren zusätzlichen Inhalt hier ein.

    Starten Sie dovecot-mailcow neu, um Ihre Änderungen zu übernehmen:

    -
    docker-compose restart dovecot-mailcow
-
    +
    docker-compose restart dovecot-mailcow
+
    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html b/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html index 2290f508d..6753844e4 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-fts/index.html @@ -2443,19 +2443,19 @@

    Die Standard-Heap-Größe (1024 M) ist in mailcow.conf definiert.

    Da wir in Docker laufen und unsere Container mit dem "restart: always" Flag erstellen, wird eine oom Situation zumindest nur einen Neustart des Containers auslösen.

    FTS-bezogene Dovecot-Befehle

    -

    # Einzelbenutzer
+
    # Einzelbenutzer
 docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain
 # alle Benutzer
 docker-compose exec dovecot-mailcow doveadm fts rescan -A
-
    
+
    Dovecot Wiki: "Scannt, welche Mails im Volltextsuchindex vorhanden sind und vergleicht diese mit den tatsächlich in den Postfächern vorhandenen Mails. Dies entfernt Mails aus dem Index, die bereits gelöscht wurden und stellt sicher, dass der nächste doveadm-Index alle fehlenden Mails (falls vorhanden) indiziert."

    Dies indiziert nicht eine Mailbox neu. Es repariert im Grunde einen gegebenen Index.

    Wenn Sie die Daten sofort neu indizieren wollen, können Sie den folgenden Befehl ausführen, wobei '*' auch eine Postfachmaske wie 'Sent' sein kann. Sie müssen diese Befehle nicht ausführen, aber es wird die Dinge ein wenig beschleunigen:

    -
    # einzelner Benutzer
+
    # einzelner Benutzer
 docker-compose exec dovecot-mailcow doveadm index -u user@domain '*'
 # alle Benutzer, aber offensichtlich langsamer und gefährlicher
 docker-compose exec dovecot-mailcow doveadm index -A '*'
-
    
+

    Dies wird einige Zeit in Anspruch nehmen, abhängig von Ihrer Maschine und Solr kann oom ausführen, überwachen Sie es!

    Da die Neuindizierung sehr sinnvoll ist, haben wir sie nicht in die mailcow UI integriert. Sie müssen sich um eventuelle Fehler beim Re-Indizieren einer Mailbox kümmern.

    Löschen der Mailbox-Daten

    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html b/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html index e7683dca4..7035ae6c5 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html @@ -2462,8 +2462,8 @@

    Konfiguration ändern

    Erstellen Sie eine neue Datei data/conf/dovecot/extra.conf (oder bearbeiten Sie sie, falls sie bereits existiert). Fügen Sie die Einstellung ein, gefolgt von dem neuen Wert. Um zum Beispiel das Intervall auf 5 Minuten zu setzen, können Sie Folgendes eingeben:

    -
    imap_idle_notify_interval = 5 mins
-
    +
    imap_idle_notify_interval = 5 mins
+

    29 Minuten ist der maximale Wert, den der entsprechende RFC erlaubt.

    Warning

    @@ -2471,13 +2471,13 @@ Fügen Sie die Einstellung ein, gefolgt von dem neuen Wert. Um zum Beispiel das

    Dovecot neu laden

    Nun laden Sie Dovecot neu:

    -
    docker-compose exec dovecot-mailcow dovecot reload
-
    +
    docker-compose exec dovecot-mailcow dovecot reload
+

    Info

    Sie können den Wert dieser Einstellung überprüfen mit -

    docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
-
    +
    docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
+
    Wenn Sie den Wert nicht geändert haben, sollte er auf 2m stehen. Wenn Sie ihn geändert haben, sollten Sie den neuen Wert sehen.

    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html b/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html index 612230934..a0e2aaf96 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html @@ -2350,7 +2350,7 @@

    Die Mails werden komprimiert (lz4) und verschlüsselt gespeichert. Das Schlüsselpaar ist in crypt-vol-1 zu finden.

    Wenn Sie vorhandene maildir-Dateien entschlüsseln/verschlüsseln wollen, können Sie das folgende Skript auf eigene Gefahr verwenden:

    Rufen Sie Dovecot auf, indem Sie docker-compose exec dovecot-mailcow /bin/bash im mailcow-dockerisierten Verzeichnis ausführen.

    -
    # Entschlüsseln Sie /var/vmail
+
    # Entschlüsseln Sie /var/vmail
 find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
 if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
 doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
@@ -2375,7 +2375,7 @@ doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=
   chown 5000:5000 "$file"
 fi
 done
-
    
+
    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-more/index.html b/de/manual-guides/Dovecot/u_e-dovecot-more/index.html index 6f07c61eb..1c28b4967 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-more/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -2414,25 +2414,25 @@

    doveadm quota

    Die Befehle quota get und quota recalc1 werden verwendet, um die Quota-Nutzung des aktuellen Benutzers anzuzeigen oder neu zu berechnen. Die angezeigten Werte sind in Kilobytes.

    Um den aktuellen Quota-Status für einen Benutzer / eine Mailbox aufzulisten, tun Sie folgendes:

    -
    doveadm quota get -u 'mailbox@example.org'
-
    +
    doveadm quota get -u 'mailbox@example.org'
+

    Um den Quota-Speicherwert für alle Benutzer aufzulisten, tun Sie folgendes:

    -
    doveadm quota get -A |grep "STORAGE"
-
    +
    doveadm quota get -A |grep "STORAGE"
+

    Berechnen Sie die Quota-Nutzung eines einzelnen Benutzers neu:

    -
    doveadm quota recalc -u 'mailbox@example.org'
-
    +
    doveadm quota recalc -u 'mailbox@example.org'
+

    Der Befehl doveadm search2 wird verwendet, um Nachrichten zu finden, die Ihrer Anfrage entsprechen. Er kann den Benutzernamen, die Mailbox-GUID / -UID und die Nachrichten-GUIDs / -UIDs zurückgeben.

    Um die Anzahl der Nachrichten im .Trash Ordner eines Benutzers zu sehen:

    -
    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
-
    +
    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
+

    Alle Nachrichten im Postfach eines Benutzers anzeigen, die älter als 90 Tage sind:

    -
    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
-
    +
    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
+

    Zeige alle Nachrichten in beliebigen Ordnern, die älter sind als 30 Tage für mailbox@example.org:

    -
    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
-
    +
    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
+
      diff --git a/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html index 0dc47de77..2f2e48486 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -2398,7 +2398,7 @@

      Erstellen Sie einen neuen öffentlichen Namespace "Public" und eine Mailbox "Develcow" innerhalb dieses Namespaces:

      Bearbeiten oder erstellen Sie data/conf/dovecot/extra.conf, fügen Sie hinzu:

      -
      namespace {
+
      namespace {
   type = public
   separator = /
   prefix = Public/
@@ -2408,18 +2408,18 @@
     auto = subscribe
   }
 }
-
      
+

      :INDEXPVT=~/public kann weggelassen werden, wenn die Flags, die pro Benutzer gesehen werden, nicht gewünscht sind.

      Die neue Mailbox im öffentlichen Namensraum wird von den Benutzern automatisch abonniert.

      Um allen authentifizierten Benutzern vollen Zugriff auf das neue Postfach (nicht auf den gesamten Namespace) zu gewähren, führen Sie aus:

      -
      docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
-
      +
      docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
+

      Passen Sie den Befehl an Ihre Bedürfnisse an, wenn Sie detailliertere Rechte pro Benutzer vergeben möchten (verwenden Sie z.B. -u user@domain anstelle von -A).

      Erlaube authentifizierten Benutzern den Zugriff auf den gesamten öffentlichen Namespace

      Um allen authentifizierten Benutzern vollen Zugriff auf den gesamten öffentlichen Namespace und seine Unterordner zu gewähren, erstellen Sie eine neue Datei dovecot-acl im Namespace-Stammverzeichnis:

      Öffnen/bearbeiten/erstellen Sie /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (passen Sie den Pfad entsprechend an), um die globale ACL-Datei mit dem folgenden Inhalt zu erstellen:

      -
      authenticated kxeilprwts
-
      +
      authenticated kxeilprwts
+

      kxeilprwts" ist gleichbedeutend mit "lookup read write write-seen write-deleted insert post delete expunge create".

      Sie können doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read verwenden, um den Zugriff für einen einzelnen Benutzer zu beschränken. Sie können es auch umdrehen und den Zugriff für alle Benutzer auf "lr" beschränken und nur einigen Benutzern vollen Zugriff gewähren.

      Siehe Dovecot ACL für weitere Informationen über ACL.

      diff --git a/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html index 2865c3f92..a206e24ac 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -2351,9 +2351,9 @@

      Das wird empfohlen und sollte nicht geändert werden.

      Wenn der Benutzer trotzdem statisch sein soll, geben Sie bitte zwei Variablen in mailcow.conf an.

      Beide Parameter dürfen nicht leer sein!

      -
      DOVECOT_MASTER_USER=mymasteruser
+
      DOVECOT_MASTER_USER=mymasteruser
 DOVECOT_MASTER_PASS=mysecretpass
-
      
+

      Führen Sie docker-compose up -d aus, um Ihre Änderungen zu übernehmen.

      Der statische Master-Benutzername wird zu DOVECOT_MASTER_USER@mailcow.local erweitert.

      Um sich als test@example.org anzumelden, würde dies test@example.org*mymasteruser@mailcow.local mit dem oben angegebenen Passwort entsprechen.

      diff --git a/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html index 1abf5abc6..50ecd6461 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -2442,26 +2442,26 @@

      Neuere Docker-Versionen scheinen sich über bestehende Volumes zu beschweren. Man kann dies vorübergehend beheben, indem man das bestehende Volume entfernt und mailcow mit der Override-Datei startet. Aber es scheint nach einem Neustart problematisch zu sein (muss bestätigt werden).

    Ein einfacher, schmutziger, aber stabiler Workaround ist es, mailcow zu stoppen (docker-compose down), /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data zu entfernen und einen neuen Link zu Ihrem entfernten Dateisystem zu erstellen, zum Beispiel:

    -
    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
+
    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
 ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
-
    
+

    Starten Sie anschließend mailcow.

    Der "alte" Weg

    Wenn man einen anderen Ordner für das vmail-Volume verwenden möchte, kann man eine docker-compose.override.yml Datei erstellen und den folgenden Inhalt hinzufügen:

    -
    version: '2.1'
+
    version: '2.1'
 volumes:
   vmail-vol-1:
     driver_opts:
       type: none
       device: /data/mailcow/vmail   
       o: bind
-
    
+

    Verschieben eines bestehenden vmail-Ordners:

    • Finden Sie den aktuellen vmail-Ordner anhand seines "Mountpoint"-Attributs: docker volume inspect mailcowdockerized_vmail-vol-1
    -
    [
+
    [
     {
         "CreatedAt": "2019-06-16T22:08:34+02:00",
         "Driver": "local",
@@ -2476,7 +2476,7 @@ volumes:
         "Scope": "local"
     }
 ]
-
    
+
    • Kopieren Sie den Inhalt des Mountpoint-Ordners an den neuen Speicherort (z.B. /data/mailcow/vmail) mit cp -a, rsync -a oder einem ähnlichen, nicht strikten Kopierbefehl
    • Stoppen Sie mailcow durch Ausführen von docker-compose down aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized)
      • diff --git a/de/manual-guides/Nginx/u_e-nginx_custom/index.html b/de/manual-guides/Nginx/u_e-nginx_custom/index.html index 2c0419a1c..55201a6a9 100644 --- a/de/manual-guides/Nginx/u_e-nginx_custom/index.html +++ b/de/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -2444,9 +2444,9 @@

      Neue Website

      Um persistente (über Updates) Sites zu erstellen, die von mailcow: dockerized gehostet werden, muss eine neue Site-Konfiguration in data/conf/nginx/ platziert werden:

      Eine gute Vorlage, um damit zu beginnen:

      -
      nano data/conf/nginx/my_custom_site.conf
-
      -
      server {
+
      nano data/conf/nginx/my_custom_site.conf
+
      
+
      server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2 TLSv1.3;
@@ -2478,12 +2478,12 @@
     return 301 https://$server_name$request_uri;
   }
 }
-
      
+

      Neue Website mit Proxy zu einem entfernten Location

      Ein weiteres Beispiel mit einer Reverse-Proxy-Konfiguration:

      -
      nano data/conf/nginx/my_custom_site.conf
-
      -
      server {
+
      nano data/conf/nginx/my_custom_site.conf
+
      
+
      server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2 TLSv1.3;
@@ -2519,18 +2519,18 @@
     client_max_body_size 0;
   }
 }
-
      
+

      Konfig-Erweiterung in mailcows Nginx

      Der Dateiname, der für eine neue Site verwendet wird, ist nicht wichtig, solange der Dateiname eine .conf-Erweiterung trägt.

      Es ist auch möglich, die Konfiguration der Standarddatei site.conf Datei zu erweitern:

      -
      nano data/conf/nginx/site.my_content.custom
-
      +
      nano data/conf/nginx/site.my_content.custom
+

      Dieser Dateiname muss keine ".conf"-Erweiterung haben, sondern folgt dem Muster site.*.custom, wobei * ein eigener Name ist.

      Wenn PHP in eine benutzerdefinierte Site eingebunden werden soll, verwenden Sie bitte den PHP-FPM-Listener auf phpfpm:9002 oder erstellen Sie einen neuen Listener in data/conf/phpfpm/php-fpm.d/pools.conf.

      Starten Sie Nginx neu (und PHP-FPM, falls ein neuer Listener erstellt wurde):

      -
      docker-compose restart nginx-mailcow
+
      docker-compose restart nginx-mailcow
 docker-compose restart php-fpm-mailcow
-
      
+
      diff --git a/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html index c501f9e8e..531c85e62 100644 --- a/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html +++ b/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -2350,7 +2350,7 @@

      WICHTIG: Diese Anleitung gilt nur für Konfigurationen, bei denen SNI nicht aktiviert ist. Wenn SNI aktiviert ist, muss der Zertifikatspfad angepasst werden. Etwas wie ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; wird genügen. Aber: Das Zertifikat sollte zuerst bezogen werden und erst wenn das Zertifikat existiert, sollte eine Site Config erstellt werden. Nginx wird nicht starten, wenn es das Zertifikat und den Schlüssel nicht finden kann.

      Um eine Subdomain webmail.example.org zu erstellen und sie auf SOGo umzuleiten, müssen Sie eine neue Nginx-Site erstellen. Achten Sie dabei auf "CHANGE_TO_MAILCOW_HOSTNAME"!

      nano data/conf/nginx/webmail.conf

      -
      server {
+
      server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   index index.php index.html;
@@ -2369,12 +2369,12 @@
     return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo;
   }
 }
-
      
+

      Speichern Sie und starten Sie Nginx neu: docker-compose restart nginx-mailcow.

      Öffnen Sie nun mailcow.conf und suchen Sie ADDITIONAL_SAN. Fügen Sie webmail.example.org zu diesem Array hinzu, verwenden Sie keine Anführungszeichen!

      -
      ADDITIONAL_SAN=webmail.example.org
-
      +
      ADDITIONAL_SAN=webmail.example.org
+

      Führen Sie docker-compose up -d aus. Siehe "acme-mailcow" und "nginx-mailcow" Logs, wenn etwas fehlschlägt.

      diff --git a/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html index 9c82c2ebd..26ebb87b3 100644 --- a/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -2349,8 +2349,8 @@

      Öffnen Sie data/conf/postfix/extra.cf und setzen Sie das message_size_limit entsprechend in Bytes. Siehe main.cf für den Standardwert.

      Starten Sie Postfix neu:

      -
      docker-compose restart postfix-mailcow
-
      +
      docker-compose restart postfix-mailcow
+
      diff --git a/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html index c013df469..ce1f0e1d3 100644 --- a/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -2416,14 +2416,14 @@

      Veraltete Anleitung (NICHT FÜR NEUERE MAILCOWS VERWENDEN!)

      Diese Option ist keine Best-Practice und sollte nur verwendet werden, wenn es keine andere Möglichkeit gibt, das zu erreichen, was Sie erreichen wollen.

      Erstellen Sie einfach eine Datei data/conf/postfix/check_sasl_access und tragen Sie den folgenden Inhalt ein. Dieser Benutzer muss in Ihrer Installation existieren und muss sich vor dem Versenden von Mails authentifizieren. -

      user-to-allow-everything@example.com OK
-

      +
      user-to-allow-everything@example.com OK
+

      Öffnen Sie data/conf/postfix/main.cf und suchen Sie smtpd_sender_restrictions. Fügen Sie check_sasl_access hash:/opt/postfix/conf/check_sasl_access wie folgt ein: -

      smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
-

      +
      smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
+

      Postmap auf check_sasl_access ausführen:

      -
      docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
-
      +
      docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
+

      Starten Sie den Postfix-Container neu.

      diff --git a/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html index e6be16918..837917f4a 100644 --- a/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -2351,8 +2351,8 @@

      Postfix wird sich einmal nach dem Start von postfix-mailcow über doppelte Werte beschweren, dies ist beabsichtigt.

      Syslog-ng wurde so konfiguriert, dass es diese Warnungen ausblendet, während Postfix läuft, um die Log-Dateien nicht jedes Mal mit unnötigen Informationen zu spammen, wenn ein Dienst benutzt wird.

      Starten Sie postfix-mailcow neu, um Ihre Änderungen zu übernehmen:

      -
      docker-compose restart postfix-mailcow
-
      +
      docker-compose restart postfix-mailcow
+
      diff --git a/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html index 8b5ed132b..ab4c2b221 100644 --- a/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -2348,13 +2348,13 @@

      Statistik mit pflogsumm

      Um pflogsumm mit dem Standard-Logging-Treiber zu verwenden, müssen wir postfix-mailcow über docker logs abfragen und die Ausgabe zu pflogsumm leiten:

      -
      docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
-
      +
      docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
+

      Die obige Log-Ausgabe ist auf die letzten 24 Stunden beschränkt.

      Es ist auch möglich, einen täglichen pflogsumm-Bericht über cron zu erstellen. Erstellen Sie die Datei /etc/cron.d/pflogsumm mit dem folgenden Inhalt:

      -
      SHELL=/bin/bash
+
      SHELL=/bin/bash
 59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
-
      
+

      Um zu funktionieren muss ein lokaler Postfix auf dem Server installiert werden, welcher an den Postfix der mailcow relayed.

      Genauere Informationen lassen sich unter Sektion Post-Installationsaufgaben -> Lokaler MTA auf Dockerhost finden.

      Basierend auf den Postfix-Logs der letzten 24 Stunden sendet dieses Beispiel dann jeden Tag um 23:59:00 Uhr einen pflogsumm-Bericht an postmaster@example.net.

      diff --git a/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html index fe581f7b3..baba64a7f 100644 --- a/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -2353,11 +2353,11 @@

      CIDR ACTION

      Dabei steht CIDR für eine einzelne IP-Adresse oder einen IP-Bereich in CIDR-Notation und action entweder für "permit" oder "reject".

      Beispiel:

      -
      # Regeln werden in der angegebenen Reihenfolge ausgewertet.
+
      # Regeln werden in der angegebenen Reihenfolge ausgewertet.
 # Schwarze Liste 192.168.* außer 192.168.0.1.
 192.168.0.1 permit
 192.168.0.0/16 reject
-
      
+

      Die Datei wird spontan neu geladen, ein Neustart von Postfix ist nicht erforderlich.

      diff --git a/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html index 287a099ac..63f4e3a2f 100644 --- a/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -2447,15 +2447,15 @@

      IPv4-Hosts/Subnetze

      Um das Subnetz 192.168.2.0/24 zu den vertrauenswürdigen Netzwerken hinzuzufügen, können Sie die folgende Konfiguration verwenden, abhängig von Ihren IPV4_NETWORK und IPV6_NETWORK Bereichen:

      Bearbeiten Sie data/conf/postfix/extra.cf:

      -
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
-
      +
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
+

      Führen Sie docker-compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu übernehmen.

      IPv6-Hosts/Subnets

      Das Hinzufügen von IPv6-Hosts erfolgt auf die gleiche Weise wie bei IPv4, allerdings muss das Subnetz in eckige Klammern [] gesetzt und die Netzmaske angehängt werden.

      Um das Subnetz 2001:db8::/32 zu den vertrauenswürdigen Netzwerken hinzuzufügen, können Sie die folgende Konfiguration verwenden, abhängig von Ihren IPV4_NETWORK- und IPV6_NETWORK-Bereichen:

      Bearbeiten Sie data/conf/postfix/extra.cf:

      -
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
-
      +
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
+

      Führen Sie docker-compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu übernehmen.

      Info

      diff --git a/de/manual-guides/Redis/u_e-redis/index.html b/de/manual-guides/Redis/u_e-redis/index.html index 48729a65a..9909f2b5a 100644 --- a/de/manual-guides/Redis/u_e-redis/index.html +++ b/de/manual-guides/Redis/u_e-redis/index.html @@ -2477,28 +2477,28 @@

      Redis wird als Key-Value-Speicher für die Einstellungen und Daten von rspamd und (einige von) mailcow verwendet. Wenn Sie mit Redis nicht vertraut sind, lesen Sie bitte die Einführung in Redis und besuchen Sie gegebenenfalls diese wunderbare Anleitung, um zu erfahren, wie man Redis benutzt.

      Client

      Um sich mit dem redis cli zu verbinden, führen Sie aus:

      -
      docker-compose exec redis-mailcow redis-cli
-
      +
      docker-compose exec redis-mailcow redis-cli
+

      Fehlersuche

      Hier sind einige nützliche Befehle für den redis-cli zur Fehlersuche:

      MONITOR

      Überwacht alle vom Server empfangenen Anfragen in Echtzeit:

      -
      # docker-compose exec redis-mailcow redis-cli
+
      # docker-compose exec redis-mailcow redis-cli
 127.0.0.1:6379> überwachen
 OK
 1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
 1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
 [...]
-
      
+
      SCHLÜSSEL (Keys)

      Ermittelt alle Schlüssel, die dem Muster entsprechen:

      -
      KEYS *
-
      +
      KEYS *
+
      PING

      Testen Sie eine Verbindung:

      -
      127.0.0.1:6379> PING
+
      127.0.0.1:6379> PING
 PONG
-
      
+

      Wenn Sie mehr wissen wollen, hier ist ein Cheat-Sheet.

      diff --git a/de/manual-guides/Rspamd/u_e-rspamd/index.html b/de/manual-guides/Rspamd/u_e-rspamd/index.html index e5832a892..83f3071e4 100644 --- a/de/manual-guides/Rspamd/u_e-rspamd/index.html +++ b/de/manual-guides/Rspamd/u_e-rspamd/index.html @@ -2528,15 +2528,15 @@ Dies wird durch die Verwendung des Sieve-Plugins "sieve_imapsieve" und Parser-Sk

      Sie können auch die Web-UI von Rspamd verwenden, um Ham und/oder Spam zu lernen oder bestimmte Einstellungen von Rspamd anzupassen.

      Spam oder Ham aus bestehendem Verzeichnis lernen

      Sie können einen Einzeiler verwenden, um Mails im Klartextformat (unkomprimiert) zu lernen:

      -
      # Ham
-for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
+
      # Ham
+for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
 # Spam
-for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
-
      
+for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
+

      Erwägen Sie, einen lokalen Ordner als neues Volume an rspamd-mailcow in docker-compose.yml anzuhängen und die gegebenen Dateien innerhalb des Containers zu lernen. Dies kann als Workaround verwendet werden, um komprimierte Daten mit zcat zu parsen. Beispiel:

      ``bash for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done -

      ### Gelernte Daten zurücksetzen (Bayes, Neural)
+
      ### Gelernte Daten zurücksetzen (Bayes, Neural)
 
 Sie müssen die Schlüssel in Redis löschen, um die gelernten Daten zurückzusetzen, also erstellen Sie jetzt eine Kopie Ihrer Redis-Datenbank:
 
@@ -2545,30 +2545,30 @@ Sie müssen die Schlüssel in Redis löschen, um die gelernten Daten zurückzuse
 ```bash
 # Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren.
 cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
-
      
+

      Bayes-Daten zurücksetzen

      -
      docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
+
      docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
 docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
-
      
+

      Neurale Daten zurücksetzen

      -
      docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
-
      +
      docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
+

      Fuzzy-Daten zurücksetzen

      -
      # Wir müssen zuerst das redis-cli eingeben:
+
      # Wir müssen zuerst das redis-cli eingeben:
 docker-compose exec redis-mailcow redis-cli
 # In redis-cli:
 127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
-
      
+

      Info

      Wenn redis-cli sich beschwert über...

      -
      (error) ERR wrong number of arguments for 'del' command
-
      +
      (error) ERR wrong number of arguments for 'del' command
+

      ...das Schlüsselmuster nicht gefunden wurde und somit keine Daten zum Löschen vorhanden sind - ist es in Ordnung.

      CLI-Werkzeuge

      ``bash docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help -

      ## Greylisting deaktivieren
+
      ## Greylisting deaktivieren
 
 Nur Nachrichten mit einer höheren Punktzahl werden als Greylisting betrachtet (soft rejected). Es ist schlechte Praxis, Greylisting zu deaktivieren.
 
@@ -2580,26 +2580,26 @@ Fügen Sie die Zeile hinzu:
 
 ```cpp
 enabled = false;
-
      
+

      Speichern Sie die Datei und starten Sie "rspamd-mailcow" neu: docker-compose restart rspamd-mailcow

      Spamfilter-Schwellenwerte (global)

      Jeder Benutzer kann seine Spam-Bewertung individuell ändern. Um eine neue serverweite Grenze zu definieren, editieren Sie data/conf/rspamd/local.d/actions.conf:

      -
      reject = 15;
-add_header = 8;
-greylist = 7;
-
      +
      reject = 15;
+add_header = 8;
+greylist = 7;
+

      Speichern Sie die Datei und starten Sie "rspamd-mailcow" neu: docker-compose restart rspamd-mailcow

      Bestehende Einstellungen der Benutzer werden nicht überschrieben!

      Um benutzerdefinierte Schwellenwerte zurückzusetzen, führen Sie aus:

      -
      source mailcow.conf
+
      source mailcow.conf
 docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
 # oder:
 # docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
-
      
+

      Benutzerdefinierte Ablehnungsnachrichten

      Die Standard-Spam-Reject-Meldung kann durch Hinzufügen einer neuen Datei data/conf/rspamd/override.d/worker-proxy.custom.inc mit dem folgenden Inhalt geändert werden:

      -
      reject_message = "Meine eigene Ablehnungsnachricht";
-
      +
      reject_message = "Meine eigene Ablehnungsnachricht";
+

      Speichern Sie die Datei und starten Sie Rspamd neu: docker-compose restart rspamd-mailcow.

      Waehrend das oben genannte fuer abgelehnte Mails mit einem hohen Spam-Score funktioniert, ignorieren Prefilter-Aktionen diese Einstellung. Für diese Karten muss das Multimap-Modul in Rspamd angepasst werden:

        @@ -2610,7 +2610,7 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del

        Fügen Sie Ihre eigene Nachricht als neue Zeile hinzu:

      -
      GLOBAL_RCPT_BL {
+
      GLOBAL_RCPT_BL {
   Typ = "rcpt";
   map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
   regexp = true;
@@ -2618,40 +2618,40 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del
   action = "reject";
   message = "Der Versand von E-Mails an diesen Empfänger ist durch postmaster@your.domain verboten";
 }
-
      
+
      1. Speichern Sie die Datei und starten Sie Rspamd neu: docker-compose restart rspamd-mailcow.

      Verwerfen statt zurückweisen

      Wenn Sie eine Nachricht stillschweigend verwerfen wollen, erstellen oder bearbeiten Sie die Datei data/conf/rspamd/override.d/worker-proxy.custom.inc und fügen Sie den folgenden Inhalt hinzu:

      -
      discard_on_reject = true;
-
      +
      discard_on_reject = true;
+

      Starten Sie Rspamd neu:

      -
      docker-compose restart rspamd-mailcow
-
      +
      docker-compose restart rspamd-mailcow
+

      Lösche alle Ratelimit-Schlüssel

      Wenn Sie das UI nicht verwenden wollen und stattdessen alle Schlüssel in der Redis-Datenbank löschen wollen, können Sie redis-cli für diese Aufgabe verwenden:

      -
      docker-compose exec redis-mailcow sh
+
      docker-compose exec redis-mailcow sh
 # Unlink (verfügbar in Redis >=4.) löscht im Hintergrund
 redis-cli --scan --pattern RL* | xargs redis-cli unlink
-
      
+

      Starten Sie Rspamd neu:

      -
      docker-compose exec redis-mailcow sh
-
      +
      docker-compose exec redis-mailcow sh
+

      Erneutes Senden von Quarantäne-Benachrichtigungen auslösen

      Sollte nur zur Fehlersuche verwendet werden!

      -
      docker-compose exec dovecot-mailcow bash
+
      docker-compose exec dovecot-mailcow bash
 mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
 redis-cli -h redis DEL Q_LAST_NOTIFIED
 quarantine_notify.py
-
      
+

      Speicherung der Historie erhöhen

      Standardmäßig speichert Rspamd 1000 Elemente in der Historie.

      Die Historie wird komprimiert gespeichert.

      Es wird empfohlen, hier keinen unverhältnismäßig hohen Wert zu verwenden, probieren Sie etwas in der Größenordnung von 5000 oder 10000 und sehen Sie, wie Ihr Server damit umgeht:

      Bearbeiten Sie data/conf/rspamd/local.d/history_redis.conf:

      -
      nrows = 1000; # Ändern Sie diesen Wert
-
      +
      nrows = 1000; # Ändern Sie diesen Wert
+

      Starten Sie anschließend Rspamd neu: docker-compose restart rspamd-mailcow

      diff --git a/de/manual-guides/SOGo/u_e-sogo/index.html b/de/manual-guides/SOGo/u_e-sogo/index.html index f8f1cd1f4..3878a07b9 100644 --- a/de/manual-guides/SOGo/u_e-sogo/index.html +++ b/de/manual-guides/SOGo/u_e-sogo/index.html @@ -2491,24 +2491,24 @@ Nachdem Sie data/conf/sogo/custom-theme.js modifiziert und Änderun
    • öffnen Sie die Entwicklerkonsole des Browsers, normalerweise ist die Tastenkombination F12
    • nur wenn Sie Firefox benutzen: schreiben Sie mit der Hand in die Entwicklerkonsole allow pasting und drücken Sie Enter
    • fügen Sie den Java-Script-Schnipsel in die Entwicklungskonsole ein: -
      copy([].slice.call(document.styleSheets)
+
      copy([].slice.call(document.styleSheets)
   .map(e => e.ownerNode)
   .filter(e => e.hasAttribute('md-theme-style'))
   .map(e => e.textInhalt)
   .join('\n')
 )
-
      • +
    • Öffnen Sie den Texteditor und fügen Sie die Daten aus der Zwischenablage ein (Strg+V), Sie sollten ein minimiertes CSS erhalten, speichern Sie es
    • kopieren Sie die CSS-Datei auf den Mailcow-Server data/conf/sogo/custom-theme.css
    • editiere data/conf/sogo/sogo.conf und setze SOGoUIxDebugEnabled = NO;
    • Anhängen/Erstellen von docker-compose.override.yml mit: -
      Version: '2.1'
+
      Version: '2.1'
 
 Dienste:
   sogo-mailcow:
     volumes:
       - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
-
      • +
    • führen Sie docker-compose up -d aus
    • Ausführen von docker-compose restart memcached-mailcow
      • @@ -2516,7 +2516,7 @@ Dienste:
      1. checken Sie data/conf/sogo/custom-theme.js aus, indem Sie git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js ausführen
      2. Suchen Sie in data/conf/sogo/custom-theme.js: -
        // Neue Paletten auf das Standardthema anwenden, einige Farbtöne neu zuordnen
+
        // Neue Paletten auf das Standardthema anwenden, einige Farbtöne neu zuordnen
     $mdThemingProvider.theme('default')
       .primaryPalette('green-cow', {
         'default': '400', // Hintergrundfarbe der oberen Symbolleisten
@@ -2531,13 +2531,13 @@ Dienste:
         hue-3': 'A700'
       })
       .backgroundPalette('frost-grey');
-
        
+
        und ersetzen Sie es durch: -
            $mdThemingProvider.theme('default');
-
        3. +
            $mdThemingProvider.theme('default');
+
      3. Entfernen Sie aus docker-compose.override.yml Volume Mount in sogo-mailcow: -
        - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
-
        4. +
        - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
+
      4. führen Sie docker-compose up -d aus
      5. Starten Sie docker-compose restart memcached-mailcow.
      @@ -2553,16 +2553,16 @@ Nachdem Sie diese Datei ersetzt haben, müssen Sie SOGo und Memcached Container

      Domains sind normalerweise voneinander isoliert.

      Sie können das ändern, indem Sie data/conf/sogo/sogo.conf modifizieren:

      Suche... -

         // SOGoDomainsVisibility = (
+
         // SOGoDomainsVisibility = (
     // (domain1.tld, domain5.tld),
     // (domain3.tld, domain2.tld)
     // );
-
      
+
      ...und ersetzen Sie diese durch - zum Beispiel:

      -
          SOGoDomainsVisibility = (
+
          SOGoDomainsVisibility = (
       (beispiel.org, beispiel.com, beispiel.net)
     );
-
      
+

      SOGo neu starten: docker-compose restart sogo-mailcow

      Deaktivieren Sie die Passwortänderung

      Bearbeiten Sie data/conf/sogo/sogo.conf und ändern Sie SOGoPasswordChangeEnabled auf NO. Bitte fügen Sie keinen neuen Parameter hinzu.

      diff --git a/de/manual-guides/Unbound/u_e-unbound-fwd/index.html b/de/manual-guides/Unbound/u_e-unbound-fwd/index.html index bf6112901..92e6ea1fb 100644 --- a/de/manual-guides/Unbound/u_e-unbound-fwd/index.html +++ b/de/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -2416,18 +2416,18 @@ Wichtig: Nur DNSSEC-validierende DNS-Dienste werden funktionieren.

      Methode A, Unbound

      Bearbeiten Sie data/conf/unbound/unbound.conf und fügen Sie die folgenden Parameter hinzu:

      -
      forward-zone:
+
      forward-zone:
   name: "."
   forward-addr: 8.8.8.8 # VERWENDEN SIE KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL
   forward-addr: 8.8.4.4 # VERWENDET KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL
-
      
+

      Unbound neu starten:

      -
      docker-compose restart unbound-mailcow
-
      +
      docker-compose restart unbound-mailcow
+

      Methode B, Überschreiben der Datei

      -
      cd /opt/mailcow-dockerized
+
      cd /opt/mailcow-dockerized
 cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
-
      
+

      Bearbeiten Sie docker-compose.override.yml und passen Sie die IP an.

      Führen Sie docker-compose down ; docker-compose up -d aus.

      diff --git a/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html index d59e37aef..0b64f8373 100644 --- a/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html +++ b/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -2649,7 +2649,7 @@

      Watchdog verwendet Standardwerte für alle in docker-compose.yml definierten Thresholde.

      Die Standardwerte sind für die meisten Konfigurationen geeignet. Beispiel: -

      - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
+
      - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
 - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
 - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
 - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
@@ -2667,7 +2667,7 @@ Beispiel:
 - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
 - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
 - MAILQ_CRIT=${MAILQ_CRIT:-30}
-
      
+

      Um sie anzupassen, fügen Sie einfach die notwendigen Threshold Variablen (z.B. MAILQ_THRESHOLD=10) zu mailcow.conf hinzu und führen docker-compose up -d aus.

      Threshold Beschreibungen

      NGINX_THRESHOLD

      diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html index 36e0ae06b..5ebf1c0a0 100644 --- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html +++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html @@ -2403,7 +2403,7 @@

      1. Diese Nachricht in einen Unterordner "facebook" verschieben (wird in Kleinbuchstaben erstellt, falls nicht vorhanden)

      2. Den Tag dem Betreff voranstellen: "[facebook] Betreff"

      Bitte beachten Sie: Großgeschriebene Tags werden in Kleinbuchstaben umgewandelt, mit Ausnahme des ersten Buchstabens. Wenn Sie den Tag so lassen wollen, wie er ist, wenden Sie bitte den folgenden Diff an und starten Sie mailcow neu: -

      diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
+
      diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
 index e047136e..933c4137 100644
 --- a/data/conf/dovecot/global_sieve_after
 +++ b/data/conf/dovecot/global_sieve_after
@@ -2416,7 +2416,7 @@ index e047136e..933c4137 100644
    if mailboxexists "INBOX/${1}" {
      fileinto "INBOX/${1}";
    } else {
-
      
+

      diff --git a/de/manual-guides/u_e-80_to_443/index.html b/de/manual-guides/u_e-80_to_443/index.html index 9aa7a1c35..b4f3c728a 100644 --- a/de/manual-guides/u_e-80_to_443/index.html +++ b/de/manual-guides/u_e-80_to_443/index.html @@ -2349,7 +2349,7 @@

      Verwenden Sie die untenstehende Konfiguration nicht für Reverse-Proxy-Setups, bitte lesen Sie dazu unsere Reverse-Proxy-Anleitung, die einen Redirect von HTTP zu HTTPS beinhaltet.

      Öffne mailcow.conf und setze HTTP_BIND= - falls nicht bereits gesetzt.

      Erstellen Sie eine neue Datei data/conf/nginx/redirect.conf und fügen Sie die folgende Serverkonfiguration in die Datei ein:

      -
      server {
+
      server {
   root /web;
   listen 80 default_server;
   listen [::]:80 default_server;
@@ -2363,13 +2363,13 @@
     return 301 https://$host$uri$is_args$args;
   }
 }
-
      
+

      Falls Sie den Parameter HTTP_BIND geändert haben, erstellen Sie den Container neu:

      -
      docker-compose up -d
-
      +
      docker-compose up -d
+

      Andernfalls starten Sie Nginx neu:

      -
      docker-compose restart nginx-mailcow
-
      +
      docker-compose restart nginx-mailcow
+
      diff --git a/de/manual-guides/u_e-autodiscover_config/index.html b/de/manual-guides/u_e-autodiscover_config/index.html index e28cb89e4..4f7831d67 100644 --- a/de/manual-guides/u_e-autodiscover_config/index.html +++ b/de/manual-guides/u_e-autodiscover_config/index.html @@ -2350,7 +2350,7 @@ Denken Sie daran, dass ActiveSync NICHT mit einem Desktop-Client verwendet werden sollte.

      Öffnen/erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie Ihre Änderungen in das Konfigurationsfeld ein.

      Die Änderungen werden mit "$autodiscover_config" in data/web/inc/vars.inc.php zusammengeführt):

      -
      <?php
+
      <?php
 $autodiscover_config = array(
   // General autodiscover service type: "activesync" or "imap"
   // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
@@ -2388,7 +2388,7 @@ $autodiscover_config = array(
     'port' => $https_port,
   ),
 );
-
      
+

      Um immer IMAP und SMTP anstelle von EAS zu verwenden, setzen Sie 'autodiscoverType' => 'imap'.

      Deaktivieren Sie ActiveSync für Outlook-Desktop-Clients, indem Sie "useEASforOutlook" auf "no" setzen.

      diff --git a/de/manual-guides/u_e-reeanble-weak-protocols/index.html b/de/manual-guides/u_e-reeanble-weak-protocols/index.html index 7254a5495..21e2d731b 100644 --- a/de/manual-guides/u_e-reeanble-weak-protocols/index.html +++ b/de/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -2349,15 +2349,15 @@

      Unauthentifizierte Mails über SMTP an Port 25/tcp akzeptieren weiterhin >= TLS 1.0 . Es ist besser, eine schwache Verschlüsselung zu akzeptieren als gar keine.

      Wie kann man schwache Protokolle wieder aktivieren?

      Bearbeiten Sie data/conf/postfix/extra.cf:

      -
      submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
      submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-
      
+

      Bearbeiten Sie data/conf/dovecot/extra.conf:

      -
      ssl_min_protocol = TLSv1
-
      +
      ssl_min_protocol = TLSv1
+

      Starten Sie die betroffenen Dienste neu:

      -
      docker-compose restart postfix-mailcow dovecot-mailcow
-
      +
      docker-compose restart postfix-mailcow dovecot-mailcow
+

      Tipp: Sie können TLS 1.2 in Windows 7 aktivieren.

      diff --git a/de/post_installation/firststeps-disable_ipv6/index.html b/de/post_installation/firststeps-disable_ipv6/index.html index 59f156f02..c4b7f61f6 100644 --- a/de/post_installation/firststeps-disable_ipv6/index.html +++ b/de/post_installation/firststeps-disable_ipv6/index.html @@ -2353,49 +2353,49 @@ zu erstellen und Ihre Änderungen am Dienst dort zu implementieren. Leider schei

      Um IPv6 im mailcow-Netzwerk zu deaktivieren, öffnen Sie docker-compose.yml mit Ihrem bevorzugten Texteditor und suchen Sie nach dem Netzwerk-Abschnitt (er befindet sich am Ende der Datei).

      1. Ändern Sie docker-compose.yml

      Ändern Sie enable_ipv6: true in enable_ipv6: false:

      -
      networks:
+
      networks:
   mailcow-network:
     [...]
     enable_ipv6: true # <<< auf false setzen
     [...]
-
      
+

      2. ipv6nat-mailcow deaktivieren

      Um den ipv6nat-mailcow Container ebenfalls zu deaktivieren, gehen Sie in Ihr mailcow Verzeichnis und erstellen Sie eine neue Datei namens "docker-compose.override.yml":

      HINWEIS: Wenn Sie bereits eine Override-Datei haben, erstellen Sie diese natürlich nicht neu, sondern fügen Sie die untenstehenden Zeilen entsprechend in Ihre bestehende Datei ein!

      -
      # cd /opt/mailcow-dockerized
+
      # cd /opt/mailcow-dockerized
 # touch docker-compose.override.yml
-
      
+

      Öffnen Sie die Datei in Ihrem bevorzugten Texteditor und tragen Sie folgendes ein:

      -
      version: '2.1'
+
      version: '2.1'
 services:
 
     ipv6nat-mailcow:
       image: bash:latest
       restart: "no"
       entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
-
      
+

      Damit diese Änderungen wirksam werden, müssen Sie den Stack vollständig stoppen und dann neu starten, damit Container und Netzwerke neu erstellt werden:

      -
      docker-compose down
+
      docker-compose down
 docker-compose up -d
-
      
+

      3. Deaktivieren Sie IPv6 in unbound-mailcow

      Bearbeiten Sie data/conf/unbound/unbound.conf und setzen Sie do-ip6 auf "no":

      -
      Server:
+
      Server:
   [...]
   do-ip6: no
   [...]
-
      
+

      unbound neu starten:

      -
      docker-compose restart unbound-mailcow
-
      +
      docker-compose restart unbound-mailcow
+

      4. Deaktivieren Sie IPv6 in postfix-mailcow

      Erstellen Sie data/conf/postfix/extra.cf und setzen Sie smtp_address_preference auf ipv4:

      -
      smtp_address_preference = ipv4
+
      smtp_address_preference = ipv4
 inet_protocols = ipv4
-
      
+

      Starten Sie Postfix neu:

      -
      docker-compose restart postfix-mailcow
-
      +
      docker-compose restart postfix-mailcow
+
      diff --git a/de/post_installation/firststeps-dmarc_reporting/index.html b/de/post_installation/firststeps-dmarc_reporting/index.html index d4977634a..77b2e5a6a 100644 --- a/de/post_installation/firststeps-dmarc_reporting/index.html +++ b/de/post_installation/firststeps-dmarc_reporting/index.html @@ -2473,7 +2473,7 @@

      Aktivieren Sie DMARC-Berichterstattung

      Erstellen Sie die Datei data/conf/rspamd/local.d/dmarc.conf und setzen Sie den folgenden Inhalt:

      -
      reporting {
+
      reporting {
     enabled = true;
     email = 'noreply-dmarc@example.com';
     domain = 'example.com';
@@ -2486,9 +2486,9 @@
     max_entries = 2k;
     keys_expire = 2d;
 }
-
      
+

      Erstellen oder ändern Sie docker-compose.override.yml im mailcow-dockerized Basisverzeichnis:

      -
      version: '2.1'
+
      version: '2.1'
 
 services:
   rspamd-mailcow:
@@ -2501,16 +2501,16 @@ services:
   ofelia-mailcow:
     depends_on:
       - rspamd-mailcow
-
      
+

      Starte docker-compose up -d

      Senden Sie eine Kopie der Berichte an sich selbst

      Um eine versteckte Kopie der von Rspamd erzeugten Berichte zu erhalten, können Sie eine bcc_addrs Liste im reporting Konfigurationsabschnitt von data/conf/rspamd/local.d/dmarc.conf setzen:

      -
      reporting {
+
      reporting {
     enabled = true;
     email = 'noreply-dmarc@example.com';
     bcc_addrs = ["noreply-dmarc@example.com", "parsedmarc@example.com"];
 [...]
-
      
+

      Rspamd lädt Änderungen in Echtzeit, so dass Sie den Container zu diesem Zeitpunkt nicht neu starten müssen.

      Dies kann nützlich sein, wenn Sie...

        @@ -2519,21 +2519,21 @@ services:

      Fehlersuche

      Prüfen Sie, wann der Berichtsplan zuletzt ausgeführt wurde:

      -
      docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
-
      +
      docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
+

      Sehen Sie sich die letzte Berichtsausgabe an:

      -
      docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
-
      +
      docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
+

      Manuelles Auslösen eines DMARC-Berichts:

      -
      docker-compose exec rspamd-mailcow rspamadm dmarc_report
-
      +
      docker-compose exec rspamd-mailcow rspamadm dmarc_report
+

      Bestätigen Sie, dass Rspamd Daten in Redis aufgezeichnet hat: Ändern Sie 20220428 in ein anderes interessantes Datum zum schauen.

      -
      docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
-
      +
      docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
+

      Nehmen Sie eine der Zeilen aus der Ausgabe, die Sie interessiert, und fordern Sie sie an, z. B.:

      -
      docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
-
      +
      docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
+

      Ändern Sie die Häufigkeit der DMARC-Berichte

      Im obigen Beispiel werden die Berichte einmal alle 24 Stunden gesendet.

      Der Olefia-Zeitplan hat die gleiche Implementierung wie cron in Go, die unterstützte Syntax ist beschrieben in cron Documentation

      diff --git a/de/post_installation/firststeps-ip_bindings/index.html b/de/post_installation/firststeps-ip_bindings/index.html index 1266cfa65..4fa07e458 100644 --- a/de/post_installation/firststeps-ip_bindings/index.html +++ b/de/post_installation/firststeps-ip_bindings/index.html @@ -2414,7 +2414,7 @@

      IPv4-Binding

      Um eine oder mehrere IPv4-Bind(ings) anzupassen, öffne mailcow.conf und editiere eine, mehrere oder alle Variablen nach deinen Bedürfnissen:

      -
      # Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen.
+
      # Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen.
 # Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port:
 # Beispiel: HTTP_BIND=1.2.3.4
 
@@ -2439,14 +2439,14 @@ SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
 SOLR_PORT=127.0.0.1:18983
-
      
+

      Um Ihre Änderungen zu übernehmen, führen Sie docker-compose down gefolgt von docker-compose up -d aus.

      IPv6-Binding

      Das Ändern von IPv6-Bindings ist anders als bei IPv4. Auch dies hat einen technischen Hintergrund.

      Eine docker-compose.override.yml Datei wird verwendet, anstatt die docker-compose.yml Datei direkt zu bearbeiten. Dies geschieht, um die Aktualisierbarkeit zu erhalten, da die Datei docker-compose.yml regelmäßig aktualisiert wird und Ihre Änderungen höchstwahrscheinlich überschrieben werden.

      Bearbeiten Sie die Datei "docker-compose.override.yml" und erstellen Sie sie mit dem folgenden Inhalt. Ihr Inhalt wird mit der produktiven Datei "docker-compose.yml" zusammengeführt.

      Es wird eine imaginäre IPv6 2a00:dead:beef::abc angegeben. Das erste Suffix :PORT1 definiert den externen Port, während das zweite Suffix :PORT2 zu dem entsprechenden Port innerhalb des Containers führt und nicht verändert werden darf.

      -
      version: '2.1'
+
      version: '2.1'
 services:
 
     dovecot-mailcow:
@@ -2467,7 +2467,7 @@ services:
       ports:
         - '2a00:dead:beef::abc:80:80'
         - '2a00:dead:beef::abc:443:443'
-
      
+

      Um Ihre Änderungen zu übernehmen, führen Sie docker-compose down gefolgt von docker-compose up -d aus.

      diff --git a/de/post_installation/firststeps-local_mta/index.html b/de/post_installation/firststeps-local_mta/index.html index 65486de36..76ce78a15 100644 --- a/de/post_installation/firststeps-local_mta/index.html +++ b/de/post_installation/firststeps-local_mta/index.html @@ -2347,15 +2347,15 @@

      Die einfachste Möglichkeit wäre, den Listener an Port 25/tcp zu deaktivieren.

      Postfix-Benutzer deaktivieren den Listener, indem sie die folgende Zeile (beginnend mit smtp oder 25) in /etc/postfix/master.cf auskommentieren: -

      #smtp      inet  n       -       -       -       -       smtpd
-

      +
      #smtp      inet  n       -       -       -       -       smtpd
+

      Außerdem, um über eine Dockerized mailcow weiterzuleiten, sollten Sie 172.22.1.1 als Relayhost hinzufügen und das Docker-Interface aus "inet_interfaces" entfernen:

      -
      postconf -e 'relayhost = 172.22.1.1'
+
      postconf -e 'relayhost = 172.22.1.1'
 postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
 postconf -e "inet_interfaces = loopback-only"
 postconf -e "relay_transport = relay"
 postconf -e "default_transport = smtp"
-
      
+

      Jetzt ist es wichtig, dass Sie nicht denselben FQDN in myhostname haben, den Sie für Ihre mailcow verwenden. Prüfen Sie Ihre lokale (nicht-Docker) Postfix' main.cf auf myhostname und setzen Sie ihn auf etwas anderes, zum Beispiel local.my.fqdn.tld.

      "172.22.1.1" ist das von mailcow erstellte Netzwerk-Gateway in Docker. Das Relaying über diese Schnittstelle ist notwendig (anstatt - zum Beispiel - direkt über ${MAILCOW_HOSTNAME}), um über ein bekanntes internes Netzwerk weiterzuleiten.

      diff --git a/de/post_installation/firststeps-logging/index.html b/de/post_installation/firststeps-logging/index.html index cd2953ddb..196ff6378 100644 --- a/de/post_installation/firststeps-logging/index.html +++ b/de/post_installation/firststeps-logging/index.html @@ -2466,16 +2466,16 @@ ohne die Fähigkeit zu verlieren, Logs von der UI zu lesen oder verdächtige Cli

      Über docker-compose.override.yml

      Hier ist die gute Nachricht: Da Docker einige großartige Logging-Treiber hat, können Sie mailcow: dockerized mit Leichtigkeit in Ihre bestehende Logging-Umgebung integrieren.

      Erstellen Sie eine docker-compose.override.yml und fügen Sie zum Beispiel diesen Block hinzu, um das "gelf" Logging-Plugin für postfix-mailcow zu verwenden:

      -
      version: '2.1'
+
      version: '2.1'
 services:
   postfix-mailcow: # oder ein anderer
     logging:
       driver: "gelf"
       options:
         gelf-address: "udp://graylog:12201"
-
      
+

      Ein weiteres Beispiel für Syslog:

      -
      version: '2.1'
+
      version: '2.1'
 services:
 
   postfix-mailcow: # oder ein anderer
@@ -2506,10 +2506,10 @@ local3.* /var/log/mailcow.logs
 & ~
 
 # Danach rsyslog neu starten.
-
      
+

      Über daemon.json (global)

      Wenn Sie den Logging-Treiber global ändern wollen, editieren Sie die Konfigurationsdatei des Docker-Daemons /etc/docker/daemon.json und starten Sie den Docker-Dienst neu:

      -
      {
+
      {
 ...
   "log-driver": "gelf",
   "log-opts": {
@@ -2517,9 +2517,9 @@ local3.* /var/log/mailcow.logs
   }
 ...
 }
-
      
+

      Für Syslog:

      -
      {
+
      {
 ...
   "log-driver": "syslog",
   "log-opts": {
@@ -2527,7 +2527,7 @@ local3.* /var/log/mailcow.logs
   }
 ...
 }
-
      
+

      Starten Sie den Docker-Daemon neu und führen Sie docker-compose down && docker-compose up -d aus, um die Container mit dem neuen Protokollierungstreiber neu zu erstellen.

      diff --git a/de/post_installation/firststeps-rp/index.html b/de/post_installation/firststeps-rp/index.html index 68a968f2b..6e23558dd 100644 --- a/de/post_installation/firststeps-rp/index.html +++ b/de/post_installation/firststeps-rp/index.html @@ -2467,11 +2467,11 @@

      Sie müssen die Nginx-Seite, die mit mailcow: dockerized geliefert wird, nicht ändern. mailcow: dockerized vertraut auf das Standard-Gateway IP 172.22.1.1 als Proxy.

      1. Stellen Sie sicher, dass Sie HTTP_BIND und HTTPS_BIND in mailcow.conf auf eine lokale Adresse ändern und die Ports entsprechend einstellen, zum Beispiel: -

      HTTP_BIND=127.0.0.1
+
      HTTP_BIND=127.0.0.1
 HTTP_PORT=8080
 HTTPS_BIND=127.0.0.1
 HTTPS_PORT=8443
-
      
+

      Dadurch werden auch die Bindungen innerhalb des Nginx-Containers geändert! Dies ist wichtig, wenn Sie sich entscheiden, einen Proxy innerhalb von Docker zu verwenden.

      WICHTIG: Verwenden Sie nicht Port 8081, 9081 oder 65510!

      Erzeugen Sie die betroffenen Container neu, indem Sie docker-compose up -d ausführen.

      @@ -2500,56 +2500,56 @@ Auf vielen Servern wird logrotate den Webserver sowieso täglich neu laden.

      2. Konfigurieren Sie Ihren lokalen Webserver als Reverse Proxy:

      Apache 2.4

      Erforderliche Module: -

      a2enmod rewrite proxy proxy_http headers ssl
-

      +
      a2enmod rewrite proxy proxy_http headers ssl
+

      Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden problemlos funktionieren.

      Die hervorgehobenen Zeilen müssen beachtet werden.

      -
      <VirtualHost *:80>
-  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
-  ServerAlias autodiscover.*
-  ServerAlias autoconfig.*
-  RewriteEngine on
+
      <VirtualHost *:80>
+  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
+  ServerAlias autodiscover.*
+  ServerAlias autoconfig.*
+  RewriteEngine on
 
-  RewriteCond %{HTTPS} off
-  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
+  RewriteCond %{HTTPS} off
+  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
 
-  ProxyPass / http://127.0.0.1:8080/
-  ProxyPassReverse / http://127.0.0.1:8080/
-  ProxyPreserveHost On
-  ProxyAddHeaders On
-  RequestHeader set X-Forwarded-Proto "http"
-</VirtualHost>
-<VirtualHost *:443>
-  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
-  ServerAlias autodiscover.*
-  ServerAlias autoconfig.*
+  ProxyPass / http://127.0.0.1:8080/
+  ProxyPassReverse / http://127.0.0.1:8080/
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  RequestHeader set X-Forwarded-Proto "http"
+</VirtualHost>
+<VirtualHost *:443>
+  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
+  ServerAlias autodiscover.*
+  ServerAlias autoconfig.*
 
-  # You should proxy to a plain HTTP session to offload SSL processing
-  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
-  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
-  ProxyPass / http://127.0.0.1:8080/
-  ProxyPassReverse / http://127.0.0.1:8080/
-  ProxyPreserveHost On
-  ProxyAddHeaders On
-  RequestHeader set X-Forwarded-Proto "https"
+  # You should proxy to a plain HTTP session to offload SSL processing
+  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
+  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
+  ProxyPass / http://127.0.0.1:8080/
+  ProxyPassReverse / http://127.0.0.1:8080/
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  RequestHeader set X-Forwarded-Proto "https"
 
-  SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem
-  SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem
+  SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem
+  SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem
 
-  # Wenn Sie einen HTTPS-Host als Proxy verwenden möchten:
-  #SSLProxyEngine On
+  # Wenn Sie einen HTTPS-Host als Proxy verwenden möchten:
+  #SSLProxyEngine On
 
-  # Wenn Sie einen Proxy für einen nicht vertrauenswürdigen HTTPS-Host einrichten wollen:
-  #SSLProxyVerify none
-  #SSLProxyCheckPeerCN off
-  #SSLProxyCheckPeerName off
-  #SSLProxyCheckPeerExpire off
-</VirtualHost>
-
      
+  # Wenn Sie einen Proxy für einen nicht vertrauenswürdigen HTTPS-Host einrichten wollen:
+  #SSLProxyVerify none
+  #SSLProxyCheckPeerCN off
+  #SSLProxyCheckPeerName off
+  #SSLProxyCheckPeerExpire off
+</VirtualHost>
+

      Nginx

      Let's Encrypt folgt unserem Rewrite, Zertifikatsanfragen funktionieren problemlos.

      Achten Sie auf die hervorgehobenen Zeilen.

      -
      server {
+
      server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*;
@@ -2600,14 +2600,14 @@ server {
     proxy_busy_buffers_size 512k;
   }
 }
-
      
+

      HAProxy (von der Community unterstützt)

      Warning

      Dies ist ein nicht unterstützter Community Beitrag. Sie können gerne Korrekturen bereitstellen.

      Wichtig/Fix erwünscht: Dieses Beispiel leitet nur HTTPS-Verkehr weiter und benutzt nicht den in mailcow eingebauten ACME-Client.

      -
      frontend https-in
+
      frontend https-in
   bind :::443 v4v6 ssl crt mailcow.pem
   default_backend mailcow
 
@@ -2616,7 +2616,7 @@ backend mailcow
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   server mailcow 127.0.0.1:8080 check
-
      
+

      Traefik v2 (von der Community unterstützt)

      Warning

      @@ -2627,50 +2627,50 @@ backend mailcow

      Zuallererst werden wir den acme-mailcow-Container deaktivieren, da wir die von traefik bereitgestellten Zertifikate verwenden werden. Dazu müssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf setzen und docker-compose up -d ausführen, um die Änderungen zu übernehmen.

      Dann erstellen wir eine docker-compose.override.yml Datei, um die Hauptdatei docker-compose.yml zu überschreiben, die sich im Mailcow-Stammverzeichnis befindet.

      -
      version: '2.1'
+
      version: '2.1'
 
-services:
-    nginx-mailcow:
-      networks:
-        # Traefiks Netzwerk hinzufügen
-        web:
-      labels:
-        - traefik.enable=true
-        # Erstellt einen Router namens "moo" für den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verknüpfen,
-        # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable.
-        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
-        # Aktiviert tls über den zuvor erstellten Router.
-        - traefik.http.routers.moo.tls=true
-        # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt).
-        - traefik.http.routers.moo.tls.certresolver=le
-        # Erzeugt einen Dienst namens "moo" für den Container und gibt an, welchen internen Port des Containers
-        # Traefik die eingehenden Daten weiterleiten soll.
-        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
-        # Gibt an, welchen Eingangspunkt (externer Port) traefik für diesen Container abhören soll.
-        # Websecure ist Port 443, siehe die Datei traefik.toml wie oben.
-        - traefik.http.routers.moo.entrypoints=websecure
-        # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network
-        - traefik.docker.network=web
+services:
+    nginx-mailcow:
+      networks:
+        # Traefiks Netzwerk hinzufügen
+        web:
+      labels:
+        - traefik.enable=true
+        # Erstellt einen Router namens "moo" für den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verknüpfen,
+        # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable.
+        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
+        # Aktiviert tls über den zuvor erstellten Router.
+        - traefik.http.routers.moo.tls=true
+        # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt).
+        - traefik.http.routers.moo.tls.certresolver=le
+        # Erzeugt einen Dienst namens "moo" für den Container und gibt an, welchen internen Port des Containers
+        # Traefik die eingehenden Daten weiterleiten soll.
+        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
+        # Gibt an, welchen Eingangspunkt (externer Port) traefik für diesen Container abhören soll.
+        # Websecure ist Port 443, siehe die Datei traefik.toml wie oben.
+        - traefik.http.routers.moo.entrypoints=websecure
+        # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network
+        - traefik.docker.network=web
 
-    certdumper:
-        image: humenius/traefik-certs-dumper
-        container_name: traefik_certdumper
-        network_mode: none
-        volumes:
-          # mounten Sie den Ordner, der Traefiks `acme.json' Datei enthält
-          # in diesem Fall wird Traefik von seinem eigenen docker-compose in ../traefik gestartet
-          - ../traefik/data:/traefik:ro
-          # SSL-Ordner von mailcow einhängen
-          - ./data/assets/ssl/:/output:rw
-        restart: always
-        environment:
-          # Ändern Sie dies nur, wenn Sie eine andere Domain für Mailcows Web-Frontend verwenden als in der Standard-Konfiguration
-          - DOMAIN=${MAILCOW_HOSTNAME}
+    certdumper:
+        image: humenius/traefik-certs-dumper
+        container_name: traefik_certdumper
+        network_mode: none
+        volumes:
+          # mounten Sie den Ordner, der Traefiks `acme.json' Datei enthält
+          # in diesem Fall wird Traefik von seinem eigenen docker-compose in ../traefik gestartet
+          - ../traefik/data:/traefik:ro
+          # SSL-Ordner von mailcow einhängen
+          - ./data/assets/ssl/:/output:rw
+        restart: always
+        environment:
+          # Ändern Sie dies nur, wenn Sie eine andere Domain für Mailcows Web-Frontend verwenden als in der Standard-Konfiguration
+          - DOMAIN=${MAILCOW_HOSTNAME}
 
-networks:
-  web:
-    external: true
-
      
+networks:
+  web:
+    external: true
+

      Starten Sie die neuen Container mit docker-compose up -d.

      Da Traefik 2 ein acme v2 Format verwendet, um ALLE Lizenzen von allen Domains zu speichern, müssen wir einen Weg finden, die Zertifikate auszulagern. Zum Glück haben wir [diesen kleinen Container] (https://hub.docker.com/r/humenius/traefik-certs-dumper), der die Datei acme.json über ein Volume und eine Variable DOMAIN=example. org, und damit wird der Container die cert.pem und key.pem Dateien ausgeben, dafür lassen wir einfach den traefik-certs-dumper Container laufen, binden das /traefik Volume an den Ordner, in dem unsere acme.json gespeichert ist, binden das /output Volume an unseren mailcow data/assets/ssl/ Ordner, und setzen die DOMAIN=example.org Variable auf die Domain, von der wir die Zertifikate ausgeben wollen.

      Dieser Container überwacht die Datei acme.json auf Änderungen und generiert die Dateien cert.pem und key.pem direkt in data/assets/ssl/, wobei der Pfad mit dem /output-Pfad des Containers verbunden ist.

      @@ -2680,18 +2680,18 @@ Dazu müssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf<

      Optional: Post-Hook-Skript für nicht-mailcow ACME-Clients

      Die Verwendung eines lokalen Certbots (oder eines anderen ACME-Clients) erfordert den Neustart einiger Container, was Sie mit einem Post-Hook-Skript erledigen können. Stellen Sie sicher, dass Sie die Pfade entsprechend ändern: -

      #!/bin/bash
+
      #!/bin/bash
 cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
 cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
 postfix_c=$(docker ps -qaf name=postfix-mailcow)
 dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
 nginx_c=$(docker ps -qaf name=nginx-mailcow)
 docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
-
      
+

      Hinzufügen weiterer Servernamen für mailcow UI

      Wenn Sie vorhaben, einen Servernamen zu verwenden, der nicht MAILCOW_HOSTNAME in Ihrem Reverse-Proxy ist, stellen Sie sicher, dass Sie diesen Namen zuerst in mailcow.conf über ADDITIONAL_SERVER_NAMES einpflegen. Die Namen müssen durch Kommas getrennt werden und dürfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt überspringen, kann es sein, dass mailcow auf Ihren Reverse-Proxy mit einer falschen Seite antwortet.

      -
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
-
      +
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
+

      Führen Sie docker-compose up -d zum Anwenden aus.

      diff --git a/de/post_installation/firststeps-snat/index.html b/de/post_installation/firststeps-snat/index.html index d3a58d591..eca569007 100644 --- a/de/post_installation/firststeps-snat/index.html +++ b/de/post_installation/firststeps-snat/index.html @@ -2348,12 +2348,12 @@

      SNAT wird verwendet, um die Quelladresse der von mailcow gesendeten Pakete zu ändern. Es kann verwendet werden, um die ausgehende IP-Adresse auf Systemen mit mehreren IP-Adressen zu ändern.

      Öffnen Sie mailcow.conf, setzen Sie einen oder beide der folgenden Parameter:

      -
      # Benutze diese IPv4 für ausgehende Verbindungen (SNAT)
+
      # Benutze diese IPv4 für ausgehende Verbindungen (SNAT)
 SNAT_TO_SOURCE=1.2.3.4
 
 # Benutze dieses IPv6 für ausgehende Verbindungen (SNAT)
 SNAT6_TO_SOURCE=dead:beef
-
      
+

      Führen Sie docker-compose up -d aus.

      Die Werte werden von netfilter-mailcow gelesen. netfilter-mailcow stellt sicher, dass die Post-Routing-Regeln auf Position 1 in der Netfilter-Tabelle stehen. Es löscht sie automatisch und legt sie neu an, wenn sie an einer anderen Position als 1 gefunden werden.

      Überprüfen Sie die Ausgabe von docker-compose logs --tail=200 netfilter-mailcow, um sicherzustellen, dass die SNAT-Einstellungen angewendet wurden.

      diff --git a/de/post_installation/firststeps-ssl/index.html b/de/post_installation/firststeps-ssl/index.html index 4fce209bf..dddd36c0d 100644 --- a/de/post_installation/firststeps-ssl/index.html +++ b/de/post_installation/firststeps-ssl/index.html @@ -2586,8 +2586,8 @@

      Zusätzliche Domain-Namen

      Bearbeiten Sie "mailcow.conf" und fügen Sie einen Parameter ADDITIONAL_SAN wie folgt hinzu:

      Verwenden Sie keine Anführungszeichen (") und keine Leerzeichen zwischen den Namen!

      -
      ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
-
      +
      ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
+

      Jeder Name wird anhand seiner IPv6-Adresse oder - wenn IPv6 in Ihrer Domäne nicht konfiguriert ist - anhand seiner IPv4-Adresse überprüft.

      Ein Wildcard-Name wie smtp.* wird versuchen, ein smtp.DOMAIN_NAME SAN für jede zu mailcow hinzugefügte Domain zu erhalten.

      Führen Sie docker-compose up -d aus, um betroffene Container automatisch neu zu erstellen.

      @@ -2596,17 +2596,17 @@

      Die Verwendung anderer Namen als MAILCOW_HOSTNAME für den Zugriff auf das mailcow UI kann weitere Konfiguration erfordern.

      Wenn Sie planen, einen anderen Servernamen als MAILCOW_HOSTNAME für den Zugriff auf die mailcow UI zu verwenden (z.B. durch Hinzufügen von mail.* zu ADDITIONAL_SAN), stellen Sie sicher, dass Sie diesen Namen in mailcow.conf über ADDITIONAL_SERVER_NAMES eintragen. Die Namen müssen durch Kommas getrennt sein und dürfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt auslassen, kann mailcow mit einer falschen Seite antworten.

      -
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
-
      +
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
+

      Führen Sie docker-compose up -d aus, um es anzuwenden.

      Erneuerung erzwingen

      Um eine Erneuerung zu erzwingen, müssen Sie eine Datei namens force_renew erstellen und den acme-mailcow Container neu starten:

      -
      cd /opt/mailcow-dockerized
+
      cd /opt/mailcow-dockerized
 touch data/assets/ssl/force_renew
 docker-compose restart acme-mailcow
 # Prüfen Sie nun die Logs auf eine Erneuerung
 docker-compose logs --tail=200 -f acme-mailcow
-
      
+

      Die Datei wird automatisch gelöscht.

      Validierungsfehler und wie man die Validierung überspringt

      Sie können die IP-Überprüfung überspringen, indem Sie SKIP_IP_CHECK=y in mailcow.conf setzen (keine Anführungszeichen). Seien Sie gewarnt, dass eine Fehlkonfiguration dazu führt, dass Sie von Let's Encrypt eingeschränkt werden! Dies ist vor allem für Multi-IP-Setups nützlich, bei denen der IP-Check die falsche Quell-IP-Adresse zurückgeben würde. Aufgrund der Verwendung von dynamischen IPs für acme-mailcow ist Source-NAT bei Neustarts nicht konsistent.

      @@ -2653,35 +2653,35 @@ Sie sollten sicherstellen, dass diese Clients den MAILCOW_HOSTNAME

      Um Ihre eigenen Zertifikate zu verwenden, speichern Sie einfach das kombinierte Zertifikat (mit dem Zertifikat und der zwischengeschalteten CA/CA, falls vorhanden) unter data/assets/ssl/cert.pem und den entsprechenden Schlüssel unter data/assets/ssl/key.pem.

      WICHTIG: Verwenden Sie keine symbolischen Links! Stellen Sie sicher, dass Sie die Zertifikate kopieren und sie nicht mit data/assets/ssl verknüpfen.

      Starten Sie die betroffenen Dienste anschließend neu:

      -
      docker restart $(docker ps -qaf name=postfix-mailcow)
+
      docker restart $(docker ps -qaf name=postfix-mailcow)
 docker neu starten $(docker ps -qaf name=nginx-mailcow)
 docker restart $(docker ps -qaf name=dovecot-mailcow)
-
      
+

      Siehe Post-Hook-Skript für Nicht-Mailcow-ACME-Clients für ein vollständiges Beispielskript.

      Test gegen das ACME-Verzeichnis

      Bearbeiten Sie mailcow.conf und fügen Sie LE_STAGING=y hinzu.

      Führen Sie docker-compose up -d aus, um Ihre Änderungen zu aktivieren.

      Benutzerdefinierte Verzeichnis-URL

      Editieren Sie mailcow.conf und fügen Sie die entsprechende Verzeichnis-URL in die neue Variable DIRECTORY_URL ein:

      -
      DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
-
      +
      DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
+

      Sie können LE_STAGING nicht mit DIRECTORY_URL verwenden. Wenn beide gesetzt sind, wird nur LE_STAGING verwendet.

      Führen Sie docker-compose up -d aus, um Ihre Änderungen zu aktivieren.

      Überprüfen Sie Ihre Konfiguration

      Führen Sie docker-compose logs acme-mailcow aus, um herauszufinden, warum eine Validierung fehlschlägt.

      Um zu überprüfen, ob nginx das richtige Zertifikat verwendet, benutzen Sie einfach einen Browser Ihrer Wahl und überprüfen Sie das angezeigte Zertifikat.

      Um das von Postfix, Dovecot und Nginx verwendete Zertifikat zu überprüfen, verwenden wir openssl:

      -
      # Verbindung über SMTP (587)
+
      # Verbindung über SMTP (587)
 echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
 # Verbindung über IMAP (143)
 echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
 # Verbindung über HTTPS (443)
 echo "Q" | openssl s_client -connect mx.mailcow.email:443
-
      
+

      Um die von openssl zurückgegebenen Verfallsdaten gegen MAILCOW_HOSTNAME zu validieren, können Sie unser Hilfsskript verwenden:

      -
      cd /opt/mailcow-dockerized
+
      cd /opt/mailcow-dockerized
 bash helper-scripts/expiry-dates.sh
-
      
+
      diff --git a/de/prerequisite/prerequisite-dns/index.html b/de/prerequisite/prerequisite-dns/index.html index 0001e7fe8..77d1c8893 100644 --- a/de/prerequisite/prerequisite-dns/index.html +++ b/de/prerequisite/prerequisite-dns/index.html @@ -2548,28 +2548,28 @@

      Stellen Sie sicher, dass der PTR-Eintrag Ihrer IP-Adresse mit dem FQDN Ihres mailcow-Hosts übereinstimmt: ${MAILCOW_HOSTNAME} 1. Dieser Eintrag wird normalerweise bei dem Provider gesetzt, von dem Sie die IP-Adresse (Server) gemietet haben.

      Die minimale DNS-Konfiguration

      Dieses Beispiel zeigt Ihnen eine Reihe von Einträgen für eine von mailcow verwaltete Domain. Jede Domain, die zu mailcow hinzugefügt wird, benötigt mindestens diesen Satz an Einträgen, um korrekt zu funktionieren.

      -
      # Name Typ Wert
+
      # Name Typ Wert
 mail IN A 1.2.3.4
 autodiscover IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 autoconfig IN CNAME mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 @ IN MX 10 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
-
      
+

      DKIM, SPF und DMARC

      Im folgenden Beispiel für eine DNS-Zonendatei wird ein einfacher SPF TXT-Eintrag verwendet, um nur DIESEM Server (dem MX) zu erlauben, E-Mails für Ihre Domäne zu senden. Jeder andere Server ist nicht zugelassen, kann es aber tun ("~all"). Weitere Informationen finden Sie im SPF-Projekt.

      -
      # Name Typ Wert
+
      # Name Typ Wert
 @ IN TXT "v=spf1 mx a -all"
-
      
+

      Es wird dringend empfohlen, einen DKIM TXT-Eintrag in Ihrer mailcow UI zu erstellen und den entsprechenden TXT-Eintrag in Ihren DNS-Einträgen zu setzen. Bitte lesen Sie OpenDKIM für weitere Informationen.

      -
      # Name Typ Wert
+
      # Name Typ Wert
 dkim._domainkey IN TXT "v=DKIM1; k=rsa; t=s; s=email; p=..."
-
      
+

      Der letzte Schritt, um sich selbst und andere zu schützen, ist die Implementierung eines DMARC TXT-Datensatzes, zum Beispiel mit Hilfe des DMARC-Assistenten (check).

      -
      # Name Typ Wert
+
      # Name Typ Wert
 _dmarc IN TXT "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
-
      
+

      Die erweiterte DNS-Konfiguration

      SRV-Einträge geben den/die Server für ein bestimmtes Protokoll in Ihrer Domäne an. Wenn Sie einen Dienst explizit als nicht bereitgestellt ankündigen wollen, geben Sie "." als Zieladresse an (statt "mail.example.org."). Bitte beachten Sie RFC 2782.

      -
      # Name Typ Priorität Gewicht Port Wert
+
      # Name Typ Priorität Gewicht Port Wert
 _autodiscover._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 _caldavs._tcp IN SRV 0 1 443 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 _caldavs._tcp IN TXT "path=/SOGo/dav/"
@@ -2582,7 +2582,7 @@ _pop3s._tcp IN SRV 0 1 995 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 _sieve._tcp IN SRV 0 1 4190 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 _smtps._tcp IN SRV 0 1 465 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
 _submission._tcp IN SRV 0 1 587 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})
-
      
+

      Testen

      Hier finden Sie einige Tools, mit denen Sie Ihre DNS-Konfiguration überprüfen können:

        @@ -2613,7 +2613,7 @@ _submission._tcp IN SRV 0 1 587 mail.example.org. (Ihr ${MAILCOW_HOSTNAME})

        Diese Dienste stellen Ihnen möglicherweise einen TXT-Eintrag zur Verfügung, den Sie in Ihre DNS-Einträge einfügen müssen, so wie es der Anbieter vorschreibt. Bitte stellen Sie sicher, dass Sie die Dokumentation des Anbieters des von Ihnen gewählten Dienstes lesen, da dieser Prozess variieren kann.

        E-Mail-Test für SPF, DKIM und DMARC:

        Um eine rudimentäre E-Mail-Authentifizierungsprüfung durchzuführen, senden Sie eine E-Mail an check-auth at verifier.port25.com und warten Sie auf eine Antwort. Sie werden einen Bericht ähnlich dem folgenden finden:

        -
        ==========================================================
+
        ==========================================================
 Zusammenfassung der Ergebnisse
 ==========================================================
 SPF-Prüfung: bestanden
@@ -2626,7 +2626,7 @@ SpamAssassin-Prüfung: ham
 Einzelheiten:
 ==========================================================
 ....
-
        
+

        Der vollständige Bericht enthält weitere technische Details.

        Fully Qualified Domain Name (FQDN)

        diff --git a/de/prerequisite/prerequisite-system/index.html b/de/prerequisite/prerequisite-system/index.html index 7e198d6c7..a83038f78 100644 --- a/de/prerequisite/prerequisite-system/index.html +++ b/de/prerequisite/prerequisite-system/index.html @@ -2616,10 +2616,10 @@ Diese kommt mit einem Webserver, Webmailer, ActiveSync (MS), Antivirus, Antispam

        Andere (nicht genannte Betriebssysteme) können auch funktionieren, sind jedoch nicht offiziell getestet worden.

        Firewall & Ports

        Bitte überprüfen Sie, ob alle Standard-Ports von mailcow offen sind und nicht von anderen Anwendungen genutzt werden:

        -
        ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
+
        ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
 # oder:
 netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
-
        
+

        Vorsicht

        Es gibt einige Probleme mit dem Betrieb von mailcow auf einem Firewalld/ufw aktivierten System.
        @@ -2715,34 +2715,34 @@ Verwenden Sie stattdessen die FORWARD-Kette.

        Port 53 ist in diesem Fall für die Firewall-Konfiguration unwichtig. Laut Dokumentation verwendet unbound den Portbereich 1024-65535 für ausgehende Anfragen. Da es sich bei der Hetzner Robot Firewall um eine statische Firewall handelt (jedes eingehende Paket wird isoliert geprüft) - müssen die folgenden Regeln angewendet werden:

        Für TCP -

        SRC-IP: ---
+
        SRC-IP: ---
 DST-IP: ---
 SRC-Port: ---
 DST-Port: 1024-65535
 Protokoll: tcp
 TCP-Flags: ack
 Aktion:      Akzeptieren
-
        
+

        Für UDP -

        SRC-IP: ---
+
        SRC-IP: ---
 DST-IP: ---
 SRC-Port: ---
 DST-Port: 1024-65535
 Protokoll: udp
 Aktion:      Akzeptieren
-
        
+

        Wenn man einen restriktiveren Portbereich anwenden will, muss man zuerst die Konfiguration von unbound ändern (nach der Installation):

        {mailcow-dockerized}/data/conf/unbound/unbound.conf: -

        ausgehender-Port-vermeiden: 0-32767
-

        +
        ausgehender-Port-vermeiden: 0-32767
+

        Nun können die Firewall-Regeln wie folgt angepasst werden:

        -
        [...]
+
        [...]
 DST Port: 32768-65535
 [...]
-
        
+

        Datum und Uhrzeit

        Um sicherzustellen, dass Sie das richtige Datum und die richtige Zeit auf Ihrem System eingestellt haben, überprüfen Sie bitte die Ausgabe von timedatectl status:

        -
        $ timedatectl status
+
        $ timedatectl status
       Lokale Zeit: Sat 2017-05-06 02:12:33 CEST
   Weltzeit: Sa 2017-05-06 00:12:33 UTC
         RTC-Zeit: Sa 2017-05-06 00:12:32
@@ -2757,22 +2757,22 @@ NTP synchronisiert: ja
  Nächste Sommerzeitänderung: Die Sommerzeit endet (die Uhr springt eine Stunde rückwärts) am
                   Sun 2017-10-29 02:59:59 MESZ
                   Sun 2017-10-29 02:00:00 MEZ
-
        
+

        Die Zeilen NTP aktiviert: ja und NTP synchronisiert: ja zeigen an, ob Sie NTP aktiviert haben und ob es synchronisiert ist.

        Um NTP zu aktivieren, müssen Sie den Befehl timedatectl set-ntp true ausführen. Sie müssen auch Ihre /etc/systemd/timesyncd.conf bearbeiten:

        -
        # vim /etc/systemd/timesyncd.conf
+
        # vim /etc/systemd/timesyncd.conf
 [Zeit]
 NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
-
        
+

        Hetzner Cloud (und wahrscheinlich andere)

        Prüfen Sie /etc/network/interfaces.d/50-cloud-init.cfg und ändern Sie die IPv6-Schnittstelle von eth0:0 auf eth0:

        -
        # Falsch:
+
        # Falsch:
 auto eth0:0
 iface eth0:0 inet6 static
 # Richtig:
 auto eth0
 iface eth0 inet6 static
-
        
+

        Starten Sie die Schnittstelle neu, um die Einstellungen zu übernehmen. Sie können außerdem die cloud-init Netzwerkänderungen deaktivieren.

        MTU

        diff --git a/de/third_party/third_party-borgmatic/index.html b/de/third_party/third_party-borgmatic/index.html index fdce30ec0..578f32766 100644 --- a/de/third_party/third_party-borgmatic/index.html +++ b/de/third_party/third_party-borgmatic/index.html @@ -2659,43 +2659,43 @@ Diese Anleitung behandelt nur die Grundlagen.

        Erstellen oder ändern Sie docker-compose.override.yml

        Im mailcow-dockerized Stammverzeichnis erstellen oder bearbeiten Sie docker-compose.override.yml und fügen Sie die folgende Konfiguration ein: -

        version: '2.1'
+
        version: '2.1'
 
-services:
-  borgmatic-mailcow:
-    image: b3vis/borgmatic
-    hostname: mailcow
-    restart: always
-    dns: ${IPV4_NETWORK:-172.22.1}.254
-    volumes:
-      - vmail-vol-1:/mnt/source/vmail:ro
-      - crypt-vol-1:/mnt/source/crypt:ro
-      - redis-vol-1:/mnt/source/redis:ro,z
-      - rspamd-vol-1:/mnt/source/rspamd:ro,z
-      - postfix-vol-1:/mnt/source/postfix:ro,z
-      - mysql-socket-vol-1:/var/run/mysqld/:z
-      - borg-config-vol-1:/root/.config/borg:Z
-      - borg-cache-vol-1:/root/.cache/borg:Z
-      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
-      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
-    environment:
-      - TZ=${TZ}
-      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
-    networks:
-      mailcow-network:
-        aliases:
-          - borgmatic
+services:
+  borgmatic-mailcow:
+    image: b3vis/borgmatic
+    hostname: mailcow
+    restart: always
+    dns: ${IPV4_NETWORK:-172.22.1}.254
+    volumes:
+      - vmail-vol-1:/mnt/source/vmail:ro
+      - crypt-vol-1:/mnt/source/crypt:ro
+      - redis-vol-1:/mnt/source/redis:ro,z
+      - rspamd-vol-1:/mnt/source/rspamd:ro,z
+      - postfix-vol-1:/mnt/source/postfix:ro,z
+      - mysql-socket-vol-1:/var/run/mysqld/:z
+      - borg-config-vol-1:/root/.config/borg:Z
+      - borg-cache-vol-1:/root/.cache/borg:Z
+      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
+      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
+    environment:
+      - TZ=${TZ}
+      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
+    networks:
+      mailcow-network:
+        aliases:
+          - borgmatic
 
-volumes:
-  borg-cache-vol-1:
-  borg-config-vol-1:
-
        
+volumes:
+  borg-cache-vol-1:
+  borg-config-vol-1:
+

        Stellen Sie sicher, dass Sie die BORG_PASSPHRASE in eine sichere Passphrase Ihrer Wahl ändern.

        Aus Sicherheitsgründen mounten wir das maildir als schreibgeschützt. Wenn Sie später Daten wiederherstellen wollen, müssen Sie das müssen Sie das ro-Flag entfernen, bevor Sie die Daten wiederherstellen. Dies wird im Abschnitt über die Wiederherstellung von Backups beschrieben.

        Erstellen Sie data/conf/borgmatic/etc/config.yaml

        Als nächstes müssen wir die borgmatic-Konfiguration erstellen.

        -
        source mailcow.conf
+
        source mailcow.conf
 cat <<EOF > data/conf/borgmatic/etc/config.yaml
 location:
     source_directories:
@@ -2721,7 +2721,7 @@ cat <<EOF > data/conf/borgmatic/etc/config.yaml
           password: ${DBPASS}
           options: --default-character-set=utf8mb4
 EOF
-
        
+

        Das Erstellen der Datei auf diese Weise stellt sicher, dass die korrekten MySQL-Zugangsdaten aus mailcow.conf übernommen werden.

        Diese Datei ist ein minimales Beispiel für die Verwendung von borgmatic mit einem Konto user beim Cloud-Speicheranbieter rsync.net für ein Repository namens mailcow (siehe repositories Einstellung). Es wird sowohl das maildir als auch die MySQL-Datenbank sichern, was alles ist @@ -2737,8 +2737,8 @@ Container einbinden. Der Container definiert zu diesem Zweck ein Volume namens <

        Erstellen Sie einen crontab

        Erstellen Sie eine neue Textdatei in data/conf/borgmatic/etc/crontab.txt mit folgendem Inhalt:

        -
        14 * * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
-
        +
        14 * * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
+

        Diese Datei erwartet eine crontab-Syntax. Das hier gezeigte Beispiel veranlasst das Backup, jede Stunde um 14 Minuten nach nach der vollen Stunde auszuführen und am Ende einige nette Statistiken zu protokollieren.

        SSH-Schlüssel in Ordner ablegen

        @@ -2747,8 +2747,8 @@ nach der vollen Stunde auszuführen und am Ende einige nette Statistiken zu prot oder OpenSSH wird sich weigern, den SSH-Schlüssel zu benutzen.

        Den Container hochfahren

        Für den nächsten Schritt müssen wir den Container in einem konfigurierten Zustand hochfahren und laufen lassen. Um das zu tun, führen Sie aus:

        -
        docker-compose up -d
-
        +
        docker-compose up -d
+

        Wiederherstellung von einem Backup

        Das Wiederherstellen eines Backups setzt voraus, dass Sie mit einer neuen Installation von mailcow beginnen, und dass Sie derzeit keine keine benutzerdefinierten Daten in ihrem maildir oder ihrer mailcow Datenbank.

        @@ -2768,8 +2768,8 @@ dieses Volume zu schreiben.

        Bevor Sie eine Wiederherstellung durchführen, müssen Sie das vmail-Volume in docker-compose.override.yml beschreibbar machen, indem Sie das das ro-Flag aus dem Volume entfernen. Dann können Sie den folgenden Befehl verwenden, um das Maildir aus einem Backup wiederherzustellen:

        -
        docker-compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
-
        +
        docker-compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
+

        Alternativ können Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe Auflistung aller verfügbaren Archive)

        MySQL wiederherstellen

        @@ -2778,30 +2778,30 @@ Dann können Sie den folgenden Befehl verwenden, um das Maildir aus einem Backup

        Die Ausführung dieses Befehls löscht und erstellt die mailcow-Datenbank neu! Führen sie diesen Befehl nicht aus, es sei denn sie beabsichtigen, die mailcow-Datenbank von einem Backup wiederherzustellen.

        Um die MySQL-Datenbank aus dem letzten Archiv wiederherzustellen, verwenden Sie diesen Befehl:

        -
        docker-compose exec borgmatic-mailcow borgmatic restore --archive latest
-
        +
        docker-compose exec borgmatic-mailcow borgmatic restore --archive latest
+

        Alternativ können Sie auch einen beliebigen Archivnamen aus der Liste der Archive angeben (siehe Auflistung aller verfügbaren Archive)

        Nach der Wiederherstellung

        Nach der Wiederherstellung müssen Sie mailcow neu starten. Wenn Sie den SELinux-Erzwingungsmodus deaktiviert haben, wäre jetzt ein guter Zeitpunkt, um ihn wieder zu aktivieren.

        Um mailcow neu zu starten, verwenden Sie den folgenden Befehl:

        -
        docker-compose down && docker-compose up -d
-
        +
        docker-compose down && docker-compose up -d
+

        Wenn Sie SELinux verwenden, werden dadurch auch alle Dateien in Ihrem vmail-Volume neu benannt. Seien Sie geduldig, denn dies kann eine Weile dauern kann, wenn Sie viele Dateien haben.

        Nützliche Befehle

        Manueller Archivierungslauf (mit Debugging-Ausgabe)

        -
        docker-compose exec borgmatic-mailcow borgmatic -v 2
-
        +
        docker-compose exec borgmatic-mailcow borgmatic -v 2
+

        Auflistung aller verfügbaren Archive

        -
        docker-compose exec borgmatic-mailcow borgmatic list
-
        +
        docker-compose exec borgmatic-mailcow borgmatic list
+

        Sperre aufheben

        Wenn borg während eines Archivierungslaufs unterbrochen wird, hinterlässt es eine veraltete Sperre, die gelöscht werden muss, bevor neue Operationen durchgeführt werden können:

        -
        docker-compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
-
        +
        docker-compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
+

        Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist.

        Jetzt wäre ein guter Zeitpunkt, einen manuellen Archivierungslauf durchzuführen, um sicherzustellen, dass er erfolgreich durchgeführt werden kann.

        Exportieren von Schlüsseln

        @@ -2810,8 +2810,8 @@ Schlüsseldateien werden erzeugt, wenn Sie das Repository initialisieren. Die

        Beachten Sie, dass Sie in beiden Fällen auch die Passphrase haben müssen, um die Archive zu entschlüsseln.

        Um die keyfile zu holen, führen Sie aus:

        -
        docker-compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
-
        +
        docker-compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
+

        Wobei user@rsync.net:mailcow die URI zu Ihrem Repository ist.

        diff --git a/de/third_party/third_party-gitea/index.html b/de/third_party/third_party-gitea/index.html index ea2db2d85..8ac845547 100644 --- a/de/third_party/third_party-gitea/index.html +++ b/de/third_party/third_party-gitea/index.html @@ -2347,7 +2347,7 @@

        Mit der Fähigkeit von Gitea, sich über SMTP zu authentifizieren, ist es trivial, es mit mailcow zu integrieren. Es sind nur wenige Änderungen erforderlich:

        1. Öffnen Sie docker-compose.override.yml und fügen Sie Gitea hinzu:

        -
        version: '2.1'
+
        version: '2.1'
 services:
 
         gitea-mailcow:
@@ -2360,28 +2360,28 @@ services:
                         - gitea
             ports:
                 - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
-
        
+

        2. Erstellen Sie data/conf/nginx/site.gitea.custom, fügen Sie folgendes hinzu: -

        location /gitea/ {
+
        location /gitea/ {
         proxy_pass http://gitea:3000/;
 }
-
        
+

        3. Öffne mailcow.conf und definiere den Port Bind, den Gitea für SSH verwenden soll. Beispiel:

        -
        GITEA_SSH_PORT=127.0.0.1:4000
-
        +
        GITEA_SSH_PORT=127.0.0.1:4000
+

        5. Führen Sie docker-compose up -d aus, um den Gitea-Container hochzufahren und führen Sie anschließend docker-compose restart nginx-mailcow aus.

        6. Wenn Sie mailcow zu https gezwungen haben, führen Sie Schritt 9 aus und starten Sie gitea mit docker-compose restart gitea-mailcow neu. Fahren Sie mit Schritt 7 fort (Denken Sie daran, https anstelle von http zu verwenden, https://mx.example.org/gitea/

        7. Öffnen Sie http://${MAILCOW_HOSTNAME}/gitea/, zum Beispiel http://mx.example.org/gitea/. Für die Datenbankdetails stellen Sie mysql als Datenbankhost ein. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort.

        8. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie "Einstellungen" -> "Autorisierung" -> "SMTP aktivieren". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify, da wir ein nicht gelistetes SAN verwenden ("postfix" ist höchstwahrscheinlich nicht Teil Ihres Zertifikats).

        9. Erstellen Sie data/gitea/gitea/conf/app.ini und setzen Sie die folgenden Werte. Sie können gitea cheat sheet, leider bisher nur in Englisch verfügbar für deren Bedeutung und andere mögliche Werte konsultieren.

        -
        [server]
+
        [server]
 SSH_LISTEN_PORT = 22
 # Für GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:
 SSH_DOMAIN = 127.0.0.1
 SSH_PORT = 4000
 # Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:
 ROOT_URL = https://mx.example.org/gitea/
-
        
+

        10. Starten Sie gitea neu mit docker-compose restart gitea-mailcow. Ihre Nutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten anzumelden.

        diff --git a/de/third_party/third_party-gogs/index.html b/de/third_party/third_party-gogs/index.html index 436b12ae5..9ea272779 100644 --- a/de/third_party/third_party-gogs/index.html +++ b/de/third_party/third_party-gogs/index.html @@ -2347,7 +2347,7 @@

        Mit Gogs' Fähigkeit, sich über SMTP zu authentifizieren, ist es einfach, es mit mailcow zu verbinden. Es sind nur wenige Änderungen erforderlich:

        1. Öffne docker-compose.override.yml und füge Gogs hinzu:

        -
        version: '2.1'
+
        version: '2.1'
 services:
 
     gogs-mailcow:
@@ -2360,27 +2360,27 @@ services:
             - gogs
       ports:
         - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
-
        
+

        2. Erstelle data/conf/nginx/site.gogs.custom, füge hinzu: -

        location /gogs/ {
+
        location /gogs/ {
     proxy_pass http://gogs:3000/;
 }
-
        
+

        3. Öffne mailcow.conf und definiere die Bindung, die Gogs für SSH verwenden soll. Beispiel:

        -
        GOGS_SSH_PORT=127.0.0.1:4000
-
        +
        GOGS_SSH_PORT=127.0.0.1:4000
+

        5. Führen Sie docker-compose up -d aus, um den Gogs-Container hochzufahren und führen Sie anschließend docker-compose restart nginx-mailcow aus.

        6. Öffnen Sie http://${MAILCOW_HOSTNAME}/gogs/, zum Beispiel http://mx.example.org/gogs/. Für Datenbank-Details setzen Sie mysql als Datenbank-Host. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort.

        7. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie "Einstellungen" -> "Autorisierung" -> "SMTP aktivieren". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify, da wir ein nicht gelistetes SAN verwenden ("postfix" ist höchstwahrscheinlich nicht Teil Ihres Zertifikats).

        8. Erstellen Sie data/gogs/gogs/conf/app.ini und setzen Sie die folgenden Werte. Sie können Gogs cheat sheet für ihre Bedeutung und andere mögliche Werte konsultieren.

        -
        [server]
+
        [server]
 SSH_LISTEN_PORT = 22
 # Für GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:
 SSH_DOMAIN = 127.0.0.1
 SSH_PORT = 4000
 # Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:
 ROOT_URL = https://mx.example.org/gogs/
-
        
+

        9. Starten Sie Gogs neu mit docker-compose restart gogs-mailcow. Ihre Benutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten einzuloggen.

        diff --git a/de/third_party/third_party-mailman3/index.html b/de/third_party/third_party-mailman3/index.html index 574d14e85..1f2f0b522 100644 --- a/de/third_party/third_party-mailman3/index.html +++ b/de/third_party/third_party-mailman3/index.html @@ -2780,15 +2780,15 @@

        DNS-Einrichtung

        Der größte Teil der Konfiguration ist in mailcows DNS Konfiguration enthalten. Nachdem diese Einrichtung abgeschlossen ist, fügen Sie eine weitere Subdomain für Mailman hinzu, z.B. lists.example.org, die auf denselben Server zeigt:

        -
        # Name Typ Wert
+
        # Name Typ Wert
 lists IN A 1.2.3.4
 lists IN AAAA dead:beef
-
        
+

        Installieren Sie Apache als Reverse Proxy

        Installieren Sie Apache, z.B. mit dieser Anleitung von Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04 (Englisch).

        Aktivieren Sie bestimmte Apache Module (als root oder sudo):

        -
        a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
-
        +
        a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
+

        Möglicherweise müssen Sie weitere Pakete installieren, um diese Module zu erhalten. Dieses PPA von Ondřej Surý könnte Ihnen helfen.

        vHost-Konfiguration

        Kopieren Sie die mailcow.conf und die mailman.conf in den Apache conf Ordner sites-available (z.B. unter /etc/apache2/sites-available).

        @@ -2806,18 +2806,18 @@ lists IN AAAA dead:beef
      • https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN

      Installieren Sie certbot (als root oder sudo):

      -
      apt install certbot
-
      +
      apt install certbot
+

      Holen Sie sich die gewünschten Zertifikate (als root oder sudo):

      -
      certbot certonly -d mailcow_HOSTNAME
+
      certbot certonly -d mailcow_HOSTNAME
 certbot certonly -d MAILMAN_DOMAIN
-
      
+

      Installieren Sie mailcow mit Mailman Integration

      Installieren Sie mailcow

      Folgen Sie der mailcow installation. Schritt 5 auslassen und nicht mit docker-compose starten!

      Mailcow konfigurieren

      Dies ist auch Schritt 4 in der offiziellen mailcow-Installation (nano mailcow.conf). Passen Sie also Ihre Bedürfnisse an und ändern Sie die folgenden Variablen:

      -
      HTTP_PORT=18080 # verwenden Sie nicht 8080, da mailman es braucht
+
      HTTP_PORT=18080 # verwenden Sie nicht 8080, da mailman es braucht
 HTTP_BIND=127.0.0.1 #
 HTTPS_PORT=18443 # Sie können 8443 verwenden
 HTTPS_BIND=127.0.0.1 # # HTTPS_BIND=127.0.0.1
@@ -2826,10 +2826,10 @@ SKIP_LETS_ENCRYPT=y # Der Reverse Proxy wird die SSL-Verifizierung durchführen
 
 SNAT_TO_SOURCE=1.2.3.4 # ändern Sie dies in Ihre IPv4
 SNAT6_TO_SOURCE=dead:beef # Ändern Sie dies in Ihre globale IPv6
-
      
+

      Mailman-Integration hinzufügen

      Erstelle die Datei /opt/mailcow-dockerized/docker-compose.override.yml (z.B. mit nano) und füge die folgenden Zeilen hinzu:

      -
      version: '2.1'
+
      version: '2.1'
 
 services:
   postfix-mailcow:
@@ -2841,10 +2841,10 @@ services:
 networks:
   docker-mailman_mailman:
     external: true
-
      
+

      Das zusätzliche Volume wird von Mailman verwendet, um zusätzliche Konfigurationsdateien für mailcow postfix zu generieren. Das externe Netzwerk wird von Mailman erstellt und verwendet. mailcow benötigt es, um eingehende Listenmails an Mailman zu liefern.

      Erstellen Sie die Datei /opt/mailcow-dockerized/data/conf/postfix/extra.cf (z.B. mit nano) und fügen Sie die folgenden Zeilen hinzu:

      -
      # mailman
+
      # mailman
 
 recipient_delimiter = +
 unknown_local_recipient_reject_code = 550
@@ -2869,7 +2869,7 @@ relay_domains =
 relay_recipient_maps =
   proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
   regexp:/opt/mailman/core/var/data/postfix_lmtp
-
      
+

      Da wir hier die mailcow postfix Konfiguration überschreiben, kann dieser Schritt Ihre normalen Mailtransporte unterbrechen. Überprüfen Sie die originalen Konfigurationsdateien, wenn sich etwas geändert hat.

      SSL-Zertifikate

      Da wir mailcow als Proxy verwenden, müssen wir die SSL-Zertifikate in die mailcow-Dateistruktur kopieren. Diese Aufgabe wird das Skript renew-ssl.sh für uns erledigen:

      @@ -2880,26 +2880,26 @@ relay_recipient_maps =
    • Noch nicht ausführen, da wir zuerst Mailman benötigen

    Sie müssen einen cronjob erstellen, so dass neue Zertifikate kopiert werden. Führen Sie ihn als root oder sudo aus:

    -
    crontab -e
-
    +
    crontab -e
+

    Um das Skript jeden Tag um 5 Uhr morgens laufen zu lassen, fügen Sie hinzu:

    -
    0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh
-
    +
    0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh
+

    Installieren Sie Mailman.

    Befolgen Sie im Wesentlichen die Anweisungen unter docker-mailman. Da sie sehr umfangreich sind, ist hier in aller Kürze beschrieben, was zu tun ist:

    Als root oder sudo:

    -
    cd /opt
+
    cd /opt
 mkdir -p mailman/core
 mkdir -p mailman/web
 git clone https://github.com/maxking/docker-mailman
 cd docker-mailman
-
    
+

    Mailman konfigurieren

    Erstellen Sie einen langen Schlüssel für Hyperkitty, z.B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Speichern Sie diesen Schlüssel vorerst als HYPERKITTY_KEY.

    Erstellen Sie ein langes Passwort für die Datenbank, z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Speichern Sie dieses Passwort zunächst als DBPASS.

    Erstellen Sie einen langen Schlüssel für Django, z. B. mit dem Linux-Befehl cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Speichern Sie diesen Schlüssel für einen Moment als DJANGO_KEY.

    Erstellen Sie die Datei /opt/docker-mailman/docker-compose.override.yaml und ersetzen Sie HYPERKITTY_KEY, DBPASS und DJANGO_KEY durch die generierten Werte:

    -
    version: '2'
+
    version: '2'
 
 services:
   mailman-core:
@@ -2928,17 +2928,17 @@ services:
     environment:
     - POSTGRES_PASSWORD=DBPASS
     restart: always
-
    
+

    Bei mailman-web geben Sie die korrekten Werte für SERVE_FROM_DOMAIN (z.B. lists.example.org), MAILMAN_ADMIN_USER und MAILMAN_ADMIN_EMAIL ein. Sie benötigen die Admin-Zugangsdaten, um sich in der Web-Oberfläche (Pistorius) anzumelden. Um das Passwort zum ersten Mal zu setzen, verwenden Sie die Funktion Passwort vergessen im Webinterface.

    Über andere Konfigurationsoptionen lesen Sie die Dokumentationen Mailman-web und Mailman-core.

    Konfigurieren Sie Mailman core und Mailman web

    Erstellen Sie die Datei /opt/mailman/core/mailman-extra.cfg mit dem folgenden Inhalt. mailman@example.org sollte auf ein gültiges Postfach oder eine Umleitung verweisen.

    -
    [mailman]
+
    [mailman]
 default_language: de
 site_owner: mailman@example.org
-
    
+

    Erstellen Sie die Datei /opt/mailman/web/settings_local.py mit dem folgenden Inhalt. mailman@example.org sollte auf ein gültiges Postfach oder eine Umleitung verweisen.

    -

    # Gebietsschema
+
    # Gebietsschema
 LANGUAGE_CODE = 'de-de'
 
 # soziale Authentifizierung deaktivieren
@@ -2948,11 +2948,11 @@ SOCIALACCOUNT_PROVIDERS = {}
 DEFAULT_FROM_EMAIL = 'mailman@example.org'
 
 DEBUG = False
-
    
+
    Sie können LANGUAGE_CODE und SOCIALACCOUNT_PROVIDERS an Ihre Bedürfnisse anpassen. Im Moment hat SOCIALACCOUNT_PROVIDERS keinen Effekt, siehe issue #2.

    🏃 Ausführen

    Ausführen (als root oder sudo)

    -
    a2ensite mailcow.conf
+
    a2ensite mailcow.conf
 a2ensite mailman.conf
 systemctl restart apache2
 
@@ -2963,14 +2963,14 @@ docker-compose up -d
 cd /opt/mailcow-dockerized/
 docker-compose pull
 ./renew-ssl.sh
-
    
+

    Warten Sie ein paar Minuten! Die Container müssen ihre Datenbanken und Konfigurationsdateien erstellen. Dies kann bis zu 1 Minute und mehr dauern.

    Bemerkungen

    Neue Listen werden von Postfix nicht sofort erkannt

    Wenn man eine neue Liste anlegt und versucht, sofort eine E-Mail zu versenden, antwortet postfix mit Benutzer existiert nicht, weil postfix die Liste noch nicht an Mailman übergeben hat. Die Konfiguration unter /opt/mailman/core/var/data/postfix_lmtp wird nicht sofort aktualisiert. Wenn Sie die Liste sofort benötigen, starten Sie postifx manuell neu:

    -
    cd /opt/mailcow-dockerized
+
    cd /opt/mailcow-dockerized
 docker-compose restart postfix-mailcow
-
    
+

    Update

    mailcow hat sein eigenes Update-Skript in /opt/mailcow-dockerized/update.sh, siehe die Dokumentation.

    Für Mailman holen Sie sich einfach die neueste Version aus dem github repository.

    diff --git a/de/third_party/third_party-mailpiler_integration/index.html b/de/third_party/third_party-mailpiler_integration/index.html index d73416a27..725738995 100644 --- a/de/third_party/third_party-mailpiler_integration/index.html +++ b/de/third_party/third_party-mailpiler_integration/index.html @@ -2456,11 +2456,11 @@

    Das zu lösende Problem

    mailpiler bietet die Authentifizierung auf Basis von IMAP an, zum Beispiel:

    -
    $config['ENABLE_IMAP_AUTH'] = 1;
+
    $config['ENABLE_IMAP_AUTH'] = 1;
 $config['IMAP_HOST'] = 'mail.example.com';
 $config['IMAP_PORT'] = 993;
 $config['IMAP_SSL'] = true;
-
    
+
    • Wenn Sie sich also mit patrik@example.com anmelden, sehen Sie nur zugestellte E-Mails, die von oder an diese spezielle E-Mail-Adresse gesendet wurden.
    • Wenn zusätzliche Aliase in mailcow definiert werden, wie z.B. team@example.com, werden Sie keine Emails sehen, die an oder von dieser Email-Adresse gesendet wurden, auch wenn Sie ein Empfänger von Emails sind, die an diese Alias-Adresse gesendet wurden.
      • @@ -2487,19 +2487,19 @@

      1. Setzen Sie die benutzerdefinierte Abfragefunktion von mailpiler und fügen Sie diese an /usr/local/etc/piler/config-site.php an:

        -
        $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
+
        $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
 $config['MAILCOW_SET_REALNAME'] = true; // wenn nicht angegeben, dann ist der Standardwert false
 $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
 include('auth-mailcow.php');
-
        
+

        Sie können auch den mailcow-Hostnamen ändern, falls erforderlich: -

        $config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardmäßig $config['IMAP_HOST']
-

        +
        $config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardmäßig $config['IMAP_HOST']
+

      2. Laden Sie die PHP-Datei mit den Funktionen aus dem GitHub Repo herunter:

        -
        curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
-
        +
        curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
+

      3. Erledigt!

        diff --git a/de/third_party/third_party-nextcloud/index.html b/de/third_party/third_party-nextcloud/index.html index 90196bb07..92067b397 100644 --- a/de/third_party/third_party-nextcloud/index.html +++ b/de/third_party/third_party-nextcloud/index.html @@ -2458,14 +2458,14 @@

        Hintergrund-Aufgaben

        Zur Verwendung der empfohlenen Einstellung (Cron) zur Verarbeitung der Hintergrund-Aufgaben müssen in der docker-compose.override.yml folgende Zeilen hinzugefügt werden:

        -
        version: '2.1'
+
        version: '2.1'
 services:
   php-fpm-mailcow:
     labels:
       ofelia.enabled: "true"
       ofelia.job-exec.nextcloud-cron.schedule: "@every 5m"
       ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""
-
        
+

        Nachdem diese Zeilen hinzugefügt wurden muss docker-compose up -d ausgeführt werden, um das Docker Image mit den entsprechenden Labels zu versehen. Danach muss zudem der docker scheduler neu gestartet werden, um den neuen Job zu registrieren. Dazu wird docker-compose restart ofelia-mailcow ausgeführt. Zur Überprüfung, ob die ofelia Konfiguration korrekt ist geladen wurde, kann mittels docker-compose logs ofelia-mailcow nach einer Zeile mit dem Inhalt @@ -2518,14 +2518,14 @@ services:

        Wenn Sie bisher Nextcloud mit mailcow-Authentifizierung über user_external/IMAP verwendet haben, müssen Sie einige zusätzliche Schritte durchführen, um Ihre bestehenden Benutzerkonten mit OAuth2 zu verknüpfen.

        1. Klicken Sie auf die Schaltfläche in der oberen rechten Ecke und wählen Sie Apps. Scrollen Sie nach unten zur App Externe Benutzerauthentifizierung und klicken Sie daneben auf Entfernen. 2. Führen Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, können Sie source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausführen): -

        INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
+
        INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
 INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
-
        
+

        Wenn Sie Nextcloud bisher ohne mailcow-Authentifizierung, aber mit den gleichen Benutzernamen wie mailcow genutzt haben, können Sie Ihre bestehenden Benutzerkonten auch mit OAuth2 verknüpfen.

        1. Führen Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, können Sie source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausführen): -

        INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
-

        +
        INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
+

        Aktualisieren

        Die Nextcloud-Instanz kann einfach mit dem Web-Update-Mechanismus aktualisiert werden. Bei größeren Updates können nach dem Update weitere Änderungen vorgenommen werden. Nachdem die Nextcloud-Instanz geprüft wurde, werden Probleme angezeigt. Dies können z.B. fehlende Indizes in der DB oder ähnliches sein. @@ -2535,13 +2535,13 @@ Es wird angezeigt, welche Befehle ausgeführt werden müssen, diese müssen im p

        Fehlersuche und Fehlerbehebung

        Es kann vorkommen, dass Sie die Nextcloud-Instanz von Ihrem Netzwerk aus nicht erreichen können. Dies kann daran liegen, dass der Eintrag Ihres Subnetzes im Array 'trusted_proxies' fehlt. Sie können Änderungen in der Nextcloud config.php in data/web/nextcloud/config/* vornehmen.

        -
        'trusted_proxies' =>
+
        'trusted_proxies' =>
   array (
     0 => 'fd4d:6169:6c63:6f77::/64',
     1 => '172.22.1.0/24',
     2 => 'NewSubnet/24',
   ),
-
        
+

        Nachdem die Änderungen vorgenommen wurden, muss der nginx-Container neu gestartet werden. docker-compose restart nginx-mailcow

        diff --git a/de/third_party/third_party-portainer/index.html b/de/third_party/third_party-portainer/index.html index c5aed8c43..e6c4655d9 100644 --- a/de/third_party/third_party-portainer/index.html +++ b/de/third_party/third_party-portainer/index.html @@ -2347,7 +2347,7 @@

        Um Portainer zu aktivieren, müssen die docker-compose.yml und site.conf für Nginx geändert werden.

        1. Erstellen Sie eine neue Datei docker-compose.override.yml im mailcow-dockerized Stammverzeichnis und fügen Sie die folgende Konfiguration ein -

        version: '2.1'
+
        version: '2.1'
 services:
     portainer-mailcow:
       image: portainer/portainer-ce
@@ -2362,9 +2362,9 @@ services:
         mailcow-network:
           aliases:
             - portainer
-
        
+
        2a. Erstelle data/conf/nginx/portainer.conf: -
        upstream portainer {
+
        upstream portainer {
   server portainer-mailcow:9000;
 }
 
@@ -2372,9 +2372,9 @@ map $http_upgrade $connection_upgrade {
   default upgrade;
   '' close;
 }
-
        
+

        2b. Fügen Sie einen neuen Standort für die Standard-Mailcow-Site ein, indem Sie die Datei data/conf/nginx/site.portainer.custom erstellen: -

          location /portainer/ {
+
          location /portainer/ {
     proxy_http_version 1.1;
     proxy_set_header Host              $http_host;   # required for docker client's sake
     proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
@@ -2393,10 +2393,10 @@ map $http_upgrade $connection_upgrade {
     proxy_set_header Connection $connection_upgrade;
     proxy_pass http://portainer/api/websocket/;
   }
-
        
+

        3. Übernehmen Sie Ihre Änderungen: -

        docker-compose up -d && docker-compose restart nginx-mailcow
-

        +
        docker-compose up -d && docker-compose restart nginx-mailcow
+

        Nun können Sie einfach zu https://${MAILCOW_HOSTNAME}/portainer/ navigieren, um Ihre Portainer-Container-Überwachungsseite anzuzeigen. Sie werden dann aufgefordert, ein neues Passwort für den admin Account anzugeben. Nachdem Sie Ihr Passwort eingegeben haben, können Sie sich mit der Portainer UI verbinden.

        diff --git a/de/third_party/third_party-roundcube/index.html b/de/third_party/third_party-roundcube/index.html index f80985915..e5e62056d 100644 --- a/de/third_party/third_party-roundcube/index.html +++ b/de/third_party/third_party-roundcube/index.html @@ -2466,7 +2466,7 @@

        Installation von Roundcube

        Laden Sie Roundcube 1.5.x in das Web htdocs Verzeichnis herunter und entpacken Sie es (hier rc/): -

        # Prüfen Sie, ob eine neuere Version vorliegt!
+
        # Prüfen Sie, ob eine neuere Version vorliegt!
 cd daten/web
 wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -
 
@@ -2478,17 +2478,17 @@ chown -R root: rc/
 
 # Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht erforderlich sein
 sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php
-
        
+

        Wenn Sie eine Rechtschreibprüfung benötigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibprüfung installiert. Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibprüfung haben, so dass Sie diese vielleicht nicht benötigen. -

        #!/bin/bash
+
        #!/bin/bash
 apk update
 apk add aspell-de # oder jede andere Sprache
-
        
+

        Erstellen Sie eine Datei data/web/rc/config/config.inc.php mit dem folgenden Inhalt. - Ändern Sie den Parameter des_key auf einen Zufallswert. Er wird verwendet, um Ihr IMAP-Passwort vorübergehend zu speichern. - Der db_prefix ist optional, wird aber empfohlen. - Wenn Sie die Rechtschreibprüfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter spellcheck_engine und ersetzen ihn durch $config['enable_spellcheck'] = false;. -

        <?php
+
        <?php
 error_reporting(0);
 if (!file_exists('/tmp/mime.types')) {
 file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
@@ -2520,13 +2520,13 @@ $config['smtp_conn_options'] = array(
   'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
 );
 $config['db_prefix'] = 'mailcow_rc1';
-
        
+

        Richten Sie Ihren Browser auf https://myserver/rc/installer und folgen Sie den Anweisungen. Initialisiere die Datenbank und verlasse das Installationsprogramm.

        **Löschen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation!

        Konfigurieren Sie die ManageSieve-Filterung

        Öffnen Sie data/web/rc/plugins/managesieve/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu): -

        $config['managesieve_port'] = 4190;
+
        $config['managesieve_port'] = 4190;
 $config['managesieve_host'] = 'tls://dovecot';
 $config['managesieve_conn_options'] = array(
   ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
@@ -2536,37 +2536,37 @@ $config['managesieve_conn_options'] = array(
 // 1 - Abschnitt "Urlaub" hinzufügen,
 // 2 - Abschnitt "Urlaub" hinzufügen, aber Abschnitt "Filter" ausblenden
 $config['managesieve_vacation'] = 1;
-
        
+

        Aktivieren Sie die Funktion "Passwort ändern" in Roundcube

        Öffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin:

        -
        [...]
+
        [...]
 $config['plugins'] = array(
     'archive',
     'password',
 );
 [...]
-
        
+

        Öffnen Sie data/web/rc/plugins/password/password.php, suchen Sie nach case 'ssha': und fügen Sie oben hinzu:

        -
                case 'ssha256':
+
                case 'ssha256':
             $salt = rcube_utils::random_bytes(8);
             $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
             $prefix  = '{SSHA256}';
             break;
-
        
+

        Öffnen Sie data/web/rc/plugins/password/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu):

        -
        $config['password_driver'] = 'sql';
+
        $config['password_driver'] = 'sql';
 $config['password_algorithm'] = 'ssha256';
 $config['password_algorithm_prefix'] = '{SSHA256}';
 $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
-
        
+

        CardDAV Adressbücher in Roundcube einbinden

        Laden Sie die neueste Version von RCMCardDAV in das Roundcube Plugin Verzeichnis und entpacken Sie es (hier rc/plugins): -

        cd data/web/rc/plugins
+
        cd data/web/rc/plugins
 wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz | tar xfvz -
 chown -R root: carddav/
-
        
+

        Kopieren Sie die Datei config.inc.php.dist nach config.inc.php (hier in rc/plugins/carddav) und fügen Sie die folgende Voreinstellung an das Ende der Datei an - vergessen Sie nicht, mx.example.org durch Ihren eigenen Hostnamen zu ersetzen: -

        $prefs['SOGo'] = array(
+
        $prefs['SOGo'] = array(
     'name'         =>  'SOGo',
     'username'     =>  '%u',
     'password'     =>  '%p',
@@ -2579,7 +2579,7 @@ chown -R root: carddav/
     'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
     'hide'        =>  false,
 );
-
        
+
        Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (dasjenige, das den Namen "Persönliches Adressbuch" trägt und nicht gelöscht werden kann). Weitere Adressbücher werden derzeit nicht automatisch erkannt, können aber manuell in den Roundcube-Einstellungen hinzugefügt werden.

        Aktivieren Sie das Plugin, indem Sie carddav zu $config['plugins'] in rc/config/config.inc.php hinzufügen.

        Wenn Sie die Standard-Adressbücher (die in der Roundcube-Datenbank gespeichert sind) entfernen möchten, so dass nur die CardDAV-Adressbücher zugänglich sind, fügen Sie $config['address_book_type'] = ''; in die Konfigurationsdatei data/web/rc/config/config.inc.php ein.

        @@ -2587,7 +2587,7 @@ Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (d

        Optional können Sie Roundcube's Link zu der mailcow Apps Liste hinzufügen. Um dies zu tun, öffnen oder erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie den folgenden Code-Block hinzu:

        HINWEIS: Vergessen Sie nicht, das <?php Trennzeichen in der ersten Zeile einzufügen

        -
        ...
+
        ...
 $MAILCOW_APPS = array(
   array(
     'name' => 'SOGo',
@@ -2599,10 +2599,10 @@ $MAILCOW_APPS = array(
    )
 );
 ...
-
        
+

        Aktualisierung von Roundcube

        Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die Github releases Seite für Roundcube und holen Sie sich den Link für die "complete.tar.gz" Datei für die gewünschte Version. Dann folgen Sie den untenstehenden Befehlen und ändern Sie die URL und den Namen des Roundcube-Ordners, falls nötig.

        -
        # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers
+
        # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers
 docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash
 
 # Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version
@@ -2620,42 +2620,42 @@ rm -rf roundcube*
 
 # Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht benötigt werden
 sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php
-
        
+

        Administratoren ohne Passwort in Roundcube einloggen lassen

        Installieren Sie zunächst das Plugin [dovecot_impersonate] (https://github.com/corbosman/dovecot_impersonate/) und fügen Sie Roundcube als App hinzu (siehe oben).

        Editieren Sie mailcow.conf und fügen Sie folgendes hinzu:

        -
        # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort)
+
        # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort)
 # Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden
 
 ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
-
        
+

        Editieren Sie docker-compose.override.yml und verfassen/erweitern Sie den Abschnitt für php-fpm-mailcow:

        -
        version: '2.1'
+
        version: '2.1'
 services:
   php-fpm-mailcow:
     environment:
       - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}
-
        
+

        Bearbeiten Sie data/web/js/site/mailbox.js und den folgenden Code nach if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

        -
        if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
+
        if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
   item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
 }
-
        
+

        Bearbeiten Sie data/web/mailbox.php und fügen Sie diese Zeile zum Array $template_data hinzu:

        -
          'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
-
        +
          'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
+

        Bearbeiten Sie data/web/templates/mailbox.twig und fügen Sie diesen Code am Ende des [javascript-Abschnitts] ein (https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/templates/mailbox.twig#L49-L57):

        -
          var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
-
        +
          var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
+

        Kopieren Sie den Inhalt der folgenden Dateien aus diesem Snippet:

        • data/web/inc/lib/RoundcubeAutoLogin.php
        • data/web/rc-auth.php

        Starten Sie schließlich mailcow neu

        -
        docker-compose down
+
        docker-compose down
 docker-compose up -d
-
        
+
        diff --git a/de/troubleshooting/debug-admin_login_sogo/index.html b/de/troubleshooting/debug-admin_login_sogo/index.html index 3b26680a7..1eb23b7bc 100644 --- a/de/troubleshooting/debug-admin_login_sogo/index.html +++ b/de/troubleshooting/debug-admin_login_sogo/index.html @@ -2427,11 +2427,11 @@ Dazu wird ein zusätzlicher Link zu SOGo in der Mailbox-Liste (mailcow UI) angez

        Auch mehrere gleichzeitige Admin-Logins auf verschiedene Postfächer sind mit dieser Funktion möglich.

        Aktivieren der Funktion

        Die Funktion ist standardmäßig deaktiviert. Es kann in der mailcow.conf durch Setzen aktiviert werden: -

        ALLOW_ADMIN_EMAIL_LOGIN=y
-
        +
        ALLOW_ADMIN_EMAIL_LOGIN=y
+
        und die betroffenen Container neu erstellen mit -
        docker-compose up -d
-

        +
        docker-compose up -d
+

        Nachteile bei Aktivierung

        • Jeder SOGo-Seiten-Load und jede Active-Sync-Anfrage verursacht eine zusätzliche Ausführung eines internen PHP-Skripts. diff --git a/de/troubleshooting/debug-attach_service/index.html b/de/troubleshooting/debug-attach_service/index.html index d05ccd216..52292bd95 100644 --- a/de/troubleshooting/debug-attach_service/index.html +++ b/de/troubleshooting/debug-attach_service/index.html @@ -2476,17 +2476,17 @@

          Anhängen eines Containers an Ihre Shell

          Um einen Container an Ihre Shell anzuhängen, können Sie einfach folgendes ausführen

          -
          docker-compose exec $Dienst_Name /bin/bash
-
          +
          docker-compose exec $Dienst_Name /bin/bash
+

          Verbindung zu Diensten herstellen

          Wenn Sie sich direkt mit einem Dienst / einer Anwendung verbinden wollen, ist es immer eine gute Idee, source mailcow.conf zu benutzen, um alle relevanten Variablen in Ihre Umgebung zu bekommen.

          MySQL

          -
          Quelle mailcow.conf
+
          Quelle mailcow.conf
 docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
-
          
+

          Redis

          -
          docker-compose exec redis-mailcow redis-cli
-
          +
          docker-compose exec redis-mailcow redis-cli
+

          Dienstbeschreibungen

          Hier ist eine kurze Übersicht, welcher Container / Dienst was macht:

          diff --git a/de/troubleshooting/debug-common_problems/index.html b/de/troubleshooting/debug-common_problems/index.html index 0f292be1f..f18f23285 100644 --- a/de/troubleshooting/debug-common_problems/index.html +++ b/de/troubleshooting/debug-common_problems/index.html @@ -2516,11 +2516,11 @@
        • Prüfen Sie, ob Ihre IP-Adresse auf einer schwarzen Liste steht. Sie können dnsbl.info oder einen ähnlichen Dienst verwenden, um Ihre IP-Adresse zu überprüfen.
        • Es gibt einige ISP-Router, die Mail-Ports für nicht auf der Blacklist stehende Domains blockieren. Bitte überprüfen Sie, ob Sie Ihren Server über die Ports 465 oder 587 erreichen können:
          • -
          # telnet 74.125.133.27 465
+
          # telnet 74.125.133.27 465
 Versucht 74.125.133.27...
 Verbunden mit 74.125.133.27.
 Escape-Zeichen ist '^]'.
-
          
+

          Meine Mails werden als Spam identifiziert

          Bitte lesen Sie unsere DNS-Konfiguration Anleitung.

          docker-compose wirft seltsame Fehler aus.

          @@ -2537,8 +2537,8 @@ Escape-Zeichen ist '^]'.

          Es könnte auch eine falsch verknüpfte Datei sein (z. B. ein SSL-Zertifikat), die den Start eines wichtigen Containers (nginx) verhindert. Prüfen Sie daher immer Ihre Protokolle, um herauszufinden, woher das Problem kommt.

          Adresse bereits in Gebrauch

          Wenn Sie eine Fehlermeldung erhalten wie:

          -
          ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use
-
          +
          ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use
+

          während Sie versuchen, mailcow: dockerized zu starten / zu installieren, stellen Sie sicher, dass Sie unseren Abschnitt über prerequisites befolgt haben.

          XYZ kann keine Verbindung zu ...

          Bitte überprüfen Sie Ihre lokale Firewall! @@ -2546,19 +2546,19 @@ Docker und iptables-basierte Firewalls erstellen manchmal widersprüchliche Rege

          Wenn Sie Verbindungsprobleme von zu Hause aus haben, überprüfen Sie bitte auch die Firewall Ihres ISP-Routers, da einige von ihnen den E-Mail-Verkehr über die Ports SMTP (587) oder SMTPS (465) blockieren. Es könnte auch sein, dass Ihr ISP die Ports für SUBMISSION (25) blockiert.

          Während Linux-Benutzer aus einer Vielzahl von Tools1 wählen können, um zu überprüfen, ob ein Port offen ist, steht Windows-Benutzern standardmäßig nur der PowerShell-Befehl Test-NetConnection -ComputerName host -Port port zur Verfügung.

          Um Telnet auf einem Windows nach Vista zu aktivieren, lesen Sie bitte diese Anleitung oder geben Sie den folgenden Befehl in einem Terminal mit Administratorrechten ein:

          -
          dism /online /Enable-Feature /FeatureName:TelnetClient
-
          +
          dism /online /Enable-Feature /FeatureName:TelnetClient
+

          Inotify-Instanz-Limit überschritten für Benutzer 5000 (UID vmail) (siehe #453).

          Docker-Container verwenden die inotify-Limits von Docker-Hosts. Wenn Sie sie auf Ihrem Docker-Host setzen, werden sie an den Container weitergegeben.

          Dovecot startet ständig neu (siehe #2672).

          Stellen Sie sicher, dass Sie mindestens die folgenden Dateien in data/assets/ssl haben:

          -
          cert.pem
+
          cert.pem
 dhparams.pem
 key.pem
-
          
+

          Wenn dhparams.pem fehlt, können Sie es mit Bash

          -
          openssl dhparam -out data/assets/ssl/dhparams.pem 4096
-
          +
          openssl dhparam -out data/assets/ssl/dhparams.pem 4096
+
            diff --git a/de/troubleshooting/debug-mysql_aria/index.html b/de/troubleshooting/debug-mysql_aria/index.html index 645e23d01..2d75244a8 100644 --- a/de/troubleshooting/debug-mysql_aria/index.html +++ b/de/troubleshooting/debug-mysql_aria/index.html @@ -2398,7 +2398,7 @@

            Wenn Ihr Server abgestürzt ist und MariaDB eine Fehlermeldung ähnlich [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files, können Sie Folgendes versuchen, um die Datenbank in einen gesunden Zustand zu bringen:

            Starten Sie den Stack und warten Sie, bis mysql-mailcow beginnt, einen Neustart zu melden. Überprüfen Sie dies, indem Sie docker-compose ps ausführen.

            Führen Sie nun die folgenden Befehle aus:

            -
            # Stoppe den Stack, führe nicht "down" aus
+
            # Stoppe den Stack, führe nicht "down" aus
 docker-compose stop
 # Führen Sie eine Bash in dem gestoppten Container als Benutzer mysql aus
 docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
@@ -2408,7 +2408,7 @@ cd /var/lib/mysql
 aria_chk --check --force */*.MAI
 # Löschen der aria-Logdateien
 rm aria_log.*
-
            
+

            Führen Sie nun docker-compose down gefolgt von docker-compose up -d aus.

            diff --git a/de/troubleshooting/debug-mysql_upgrade/index.html b/de/troubleshooting/debug-mysql_upgrade/index.html index d1494106d..b578ac0f9 100644 --- a/de/troubleshooting/debug-mysql_upgrade/index.html +++ b/de/troubleshooting/debug-mysql_upgrade/index.html @@ -2396,13 +2396,13 @@

            Führen Sie ein manuelles mysql_upgrade durch.

            Dieser Schritt ist normalerweise nicht notwendig.

            -
            docker-compose stop mysql-mailcow watchdog-mailcow
+
            docker-compose stop mysql-mailcow watchdog-mailcow
 docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
-
            
+

            Sobald die SQL-Shell gestartet wurde, führen Sie mysql_upgrade aus und verlassen den Container:

            -
            mysql_upgrade
+
            mysql_upgrade
 exit
-
            
+
            diff --git a/de/troubleshooting/debug-reset_pw/index.html b/de/troubleshooting/debug-reset_pw/index.html index 85b16c25d..5d4a99100 100644 --- a/de/troubleshooting/debug-reset_pw/index.html +++ b/de/troubleshooting/debug-reset_pw/index.html @@ -2544,16 +2544,16 @@

            mailcow Admin-Konto

            Setzt den mailcow Admin Account auf ein zufälliges Passwort zurück. Ältere mailcow: dockerisierte Installationen können das mailcow-reset-admin.sh Skript in ihrem mailcow Stammverzeichnis (mailcow_path) finden.

            -
            cd mailcow_pfad
+
            cd mailcow_pfad
 ./helper-scripts/mailcow-reset-admin.sh
-
            
+

            MySQL-Passwörter zurücksetzen

            Stoppen Sie den Stack, indem Sie docker-compose stop ausführen.

            Wenn die Container heruntergefahren sind, führen Sie diesen Befehl aus:

            -
            docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
-
            +
            docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
+

            1. Datenbank-Name finden

            -
            # source mailcow.conf
+
            # source mailcow.conf
 # docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
 MariaDB [(none)]> show databases;
 +--------------------+
@@ -2565,11 +2565,11 @@ MariaDB [(none)]> show databases;
 | performance_schema |
 +--------------------+
 4 rows in set (0.00 sec)
-
            
+

            2. Einen oder mehrere Benutzer zurücksetzen

            2.1 Maria DB < 10.4 (ältere mailcow-Installationen)

            Sowohl "password" als auch "authentication_string" existieren. Derzeit wird "password" verwendet, aber besser ist es, beide zu setzen.

            -
            MariaDB [(none)]> SELECT user FROM mysql.user;
+
            MariaDB [(none)]> SELECT user FROM mysql.user;
 +--------------+
 | user |
 +--------------+
@@ -2582,9 +2582,9 @@ MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root';
 MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%';
 MariaDB [(none)]> FLUSH PRIVILEGES;
-
            
+

            2.2 Maria DB >= 10.4 (aktuelle mailcows)

            -
            MariaDB [(none)]> SELECT user FROM mysql.user;
+
            MariaDB [(none)]> SELECT user FROM mysql.user;
 +--------------+
 | user |
 +--------------+
@@ -2598,16 +2598,16 @@ MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY '
 MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t';
 MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t';
 MariaDB [(none)]> FLUSH PRIVILEGES;
-
            
+

            Zwei-Faktor-Authentifizierung entfernen

            Für mailcow WebUI:

            Dies funktioniert ähnlich wie das Zurücksetzen eines MySQL-Passworts, jetzt machen wir es vom Host aus, ohne uns mit dem MySQL CLI zu verbinden:

            -
            Quelle mailcow.conf
+
            Quelle mailcow.conf
 docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
-
            
+

            Für SOGo:

            -
            docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
-
            +
            docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
+
            diff --git a/de/troubleshooting/debug-reset_tls/index.html b/de/troubleshooting/debug-reset_tls/index.html index ebed2398b..96d3fd3e0 100644 --- a/de/troubleshooting/debug-reset_tls/index.html +++ b/de/troubleshooting/debug-reset_tls/index.html @@ -2346,14 +2346,14 @@

            TLS-Zertifikate zurücksetzen

            Sollten Sie Probleme mit Ihrem Zertifikat, Schlüssel oder Let's Encrypt-Konto haben, versuchen Sie bitte, die TLS-Assets zurückzusetzen:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose down
 rm -rf data/assets/ssl
 mkdir data/assets/ssl
 openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 docker-compose up -d
-
            
+

            Dies wird mailcow stoppen, die benötigten Variablen beschaffen, ein selbstsigniertes Zertifikat erstellen und mailcow starten.

            Wenn Sie Let's Encrypt verwenden, sollten Sie vorsichtig sein, da Sie ein neues Konto und einen neuen Satz von Zertifikaten erstellen werden. Sie werden früher oder später auf ein Ratelimit stoßen.

            Bitte beachten Sie auch, dass frühere TLSA-Datensätze ungültig werden.

            diff --git a/de/troubleshooting/debug-rm_volumes/index.html b/de/troubleshooting/debug-rm_volumes/index.html index 4e3191598..153518e06 100644 --- a/de/troubleshooting/debug-rm_volumes/index.html +++ b/de/troubleshooting/debug-rm_volumes/index.html @@ -2348,8 +2348,8 @@

            Es kann sein, dass Sie einen Satz persistenter Daten entfernen wollen, um einen Konflikt zu lösen oder um neu zu beginnen.

            mailcowdockerized kann variieren und hängt von Ihrem Compose-Projektnamen ab (wenn er unverändert ist, ist mailcowdockerized der richtige Wert). Wenn Sie sich unsicher sind, führen Sie docker volume ls aus, um eine vollständige Liste zu erhalten.

            Löschen Sie ein einzelnes Volume:

            -
            docker volume rm mailcowdockerized_${VOLUME_NAME}
-
            +
            docker volume rm mailcowdockerized_${VOLUME_NAME}
+
            • Entfernen Sie Volume mysql-vol-1, um alle MySQL-Daten zu entfernen.
            • Entfernen Sie Volume redis-vol-1 um alle Redis Daten zu entfernen.
              • diff --git a/de/troubleshooting/debug-rspamd_memory_leaks/index.html b/de/troubleshooting/debug-rspamd_memory_leaks/index.html index 1c3fe9bb0..b3a98ce21 100644 --- a/de/troubleshooting/debug-rspamd_memory_leaks/index.html +++ b/de/troubleshooting/debug-rspamd_memory_leaks/index.html @@ -2346,7 +2346,7 @@

              Fortgeschritten: Memory-Leaks in Rspamd finden

              Eine kurze Anleitung, um einen schlecht funktionierenden Rspamd tiefgehend zu analysieren.

              -
              docker-compose exec rspamd-mailcow bash
+
              docker-compose exec rspamd-mailcow bash
 
 if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then
   sed -i 's/apt-stabil/apt-stabil-asan/i' /etc/apt/sources.list.d/rspamd.list
@@ -2360,7 +2360,7 @@ nano /docker-entrypoint.sh
 
 export G_SLICE=always-malloc
 export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0
-
              
+

              Starten Sie Rspamd neu: docker-compose restart rspamd-mailcow

              Ihr Speicherverbrauch wird stark ansteigen, er wird auch stetig wachsen, was nicht mit einem möglichen Memory Leak zusammenhängt, nach dem Sie suchen.

              Lassen Sie den Container für ein paar Minuten, Stunden oder Tage laufen (es sollte die Zeit sein, die Sie normalerweise warten, bis der Memory Leak "passiert") und starten Sie ihn neu: docker-compose restart rspamd-mailcow.

              diff --git a/en/backup_restore/b_n_r-accidental_deletion/index.html b/en/backup_restore/b_n_r-accidental_deletion/index.html index b207d5cb2..0fc97074f 100644 --- a/en/backup_restore/b_n_r-accidental_deletion/index.html +++ b/en/backup_restore/b_n_r-accidental_deletion/index.html @@ -2428,9 +2428,9 @@

              To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1.

              Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

              Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota:

              -
              docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
+
              docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
 docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
-
              
+
              diff --git a/en/backup_restore/b_n_r-backup/index.html b/en/backup_restore/b_n_r-backup/index.html index 8b512cc14..c9c4e0458 100644 --- a/en/backup_restore/b_n_r-backup/index.html +++ b/en/backup_restore/b_n_r-backup/index.html @@ -2454,7 +2454,7 @@

              Please do not copy this script to another location.

              To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. You can also use "all" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

              -
              # Syntax:
+
              # Syntax:
 # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
 
 # Backup all, delete backups older than 3 days
@@ -2465,19 +2465,19 @@ You can also use "all" as second parameter to backup all components. Append 
              
+

              The script will ask you for a backup location. Inside of this location it will create folders in the format "mailcow_DATE". You should not rename those folders to not break the restore process.

              To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

              -
              MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
-
              +
              MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
+

              Cronjob

              You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

              -
              5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
-
              +
              5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
+

              Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

              This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

              -
              #!/bin/sh
+
              #!/bin/sh
 
 # Backup mailcow data
 # https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/
@@ -2502,17 +2502,17 @@ if [ $RESULT -ne 0 ]
             echo "STDOUT / STDERR:"
             cat "$OUT"
 fi
-
              
+

              Backup strategy with rsync and mailcow backup script

              Create the destination directory for mailcows helper script: -

              mkdir -p /external_share/backups/backup_script
-

              +
              mkdir -p /external_share/backups/backup_script
+

              Create cronjobs: -

              25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
+
              25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
 # If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
-
              
+

              On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions!

              To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker-compose pull and docker-compose up -d.

              diff --git a/en/backup_restore/b_n_r-backup_restore-maildir/index.html b/en/backup_restore/b_n_r-backup_restore-maildir/index.html index 926e65c54..0fec8a52f 100644 --- a/en/backup_restore/b_n_r-backup_restore-maildir/index.html +++ b/en/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -2412,15 +2412,15 @@

              Backup

              This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: -

              cd /path/to/mailcow-dockerized
+
              cd /path/to/mailcow-dockerized
 docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
-
              
+

              You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

              Restore

              -
              cd /path/to/mailcow-dockerized
+
              cd /path/to/mailcow-dockerized
 docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
-
              
+
              diff --git a/en/backup_restore/b_n_r-backup_restore-mysql/index.html b/en/backup_restore/b_n_r-backup_restore-mysql/index.html index eaed07a59..081ba1d13 100644 --- a/en/backup_restore/b_n_r-backup_restore-mysql/index.html +++ b/en/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -2411,20 +2411,20 @@

              MySQL (mysqldump)

              Backup

              -
              cd /path/to/mailcow-dockerized
+
              cd /path/to/mailcow-dockerized
 source mailcow.conf
 DATE=$(date +"%Y%m%d_%H%M%S")
 docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
-
              
+

              Restore

              Warning

              You should redirect the SQL dump without docker-compose to prevent parsing errors.

              -
              cd /path/to/mailcow-dockerized
+
              cd /path/to/mailcow-dockerized
 source mailcow.conf
 docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
-
              
+
              diff --git a/en/backup_restore/b_n_r-coldstandby/index.html b/en/backup_restore/b_n_r-coldstandby/index.html index 97f60cee6..4a02bc659 100644 --- a/en/backup_restore/b_n_r-coldstandby/index.html +++ b/en/backup_restore/b_n_r-coldstandby/index.html @@ -2459,10 +2459,10 @@

              You will need a SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

              In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

              Edit this file and change the exported variables:

              -
              export REMOTE_SSH_KEY=/path/to/keyfile
+
              export REMOTE_SSH_KEY=/path/to/keyfile
 export REMOTE_SSH_PORT=22
 export REMOTE_SSH_HOST=mailcow-backup.host.name
-
              
+

              The key must be owned and readable by root only.

              Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker-compose v1 available.

              @@ -2470,28 +2470,28 @@ The destination must have Docker and docker-compose v1 availabl

              You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

              Backup and refresh the cold-standby

              Run the first backup, this may take a while depending on the connection:

              -
              bash /opt/mailcow-dockerized/create_cold_standby.sh
-
              +
              bash /opt/mailcow-dockerized/create_cold_standby.sh
+

              That was easy, wasn't it?

              Updating your cold-standby is just as easy:

              -
              bash /opt/mailcow-dockerized/create_cold_standby.sh
-
              +
              bash /opt/mailcow-dockerized/create_cold_standby.sh
+

              It's the same command.

              Automated backups with cron

              First make sure that the cron service is enabled and running:

              -
              systemctl enable cron.service && systemctl start cron.service
-
              +
              systemctl enable cron.service && systemctl start cron.service
+

              To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

              -
              crontab -e
-
              +
              crontab -e
+

              Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

              -
              PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
+
              PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
-
              
+

              If saved correctly, the cron job should be shown by typing:

              -
              crontab -l
-
              +
              crontab -l
+
              diff --git a/en/backup_restore/b_n_r-restore/index.html b/en/backup_restore/b_n_r-restore/index.html index 5a0f3bfd0..46cc30a03 100644 --- a/en/backup_restore/b_n_r-restore/index.html +++ b/en/backup_restore/b_n_r-restore/index.html @@ -2399,9 +2399,9 @@

              Restore

              Please do not copy this script to another location.

              To run a restore, start mailcow, use the script with "restore" as first parameter.

              -
              # Syntax:
+
              # Syntax:
 # ./helper-scripts/backup_and_restore.sh restore
-
              
+

              The script will ask you for a backup location containing the mailcow_DATE folders.

              diff --git a/en/i_u_m/i_u_m_deinstall/index.html b/en/i_u_m/i_u_m_deinstall/index.html index adc94c7ff..e37aab533 100644 --- a/en/i_u_m/i_u_m_deinstall/index.html +++ b/en/i_u_m/i_u_m_deinstall/index.html @@ -2346,8 +2346,8 @@

              Deinstallation

              To remove mailcow: dockerized with all it's volumes, images and containers do:

              -
              docker-compose down -v --rmi all --remove-orphans
-
              +
              docker-compose down -v --rmi all --remove-orphans
+

              Info

                diff --git a/en/i_u_m/i_u_m_install/index.html b/en/i_u_m/i_u_m_install/index.html index 002337086..06831534a 100644 --- a/en/i_u_m/i_u_m_install/index.html +++ b/en/i_u_m/i_u_m_install/index.html @@ -2351,10 +2351,10 @@

                • Docker -

                  curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+
                  curl -sSL https://get.docker.com/ | CHANNEL=stable sh
 # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
 systemctl enable --now docker
-
                  
+

                • Docker-Compose

                  @@ -2365,44 +2365,44 @@ systemctl enable --now docker

                  mailcow requires the latest version of docker-compose v1. It is highly recommended to use the commands below to install docker-compose. Package managers (e.g. apt, yum) likely won't give you the correct version. Note: This command downloads docker-compose from the official Docker Github repository and is a safe method. The snippet will determine the latest supported version by mailcow. In almost all cases this is the latest version available (exceptions are broken releases or major changes not yet supported by mailcow).

              -
              curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
              curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
-
              
+

              Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

              1.1. On SELinux enabled systems, e.g. CentOS 7:

              • Check if "container-selinux" package is present on your system:
              -
              rpm -qa | grep container-selinux
-
              +
              rpm -qa | grep container-selinux
+

              If the above command returns an empty or no output, you should install it via your package manager.

              • Check if docker has SELinux support enabled:
              -
              docker info | grep selinux
-
              +
              docker info | grep selinux
+

              If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add "selinux-enabled": true. Example file content:

              -
              {
+
              {
   "selinux-enabled": true
 }
-
              
+

              Restart the docker daemon and verify SELinux is now enabled.

              This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic.

              2. Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical.

              -
              $ su
+
              $ su
 # umask
 0022 # <- Verify it is 0022
 # cd /opt
 # git clone https://github.com/mailcow/mailcow-dockerized
 # cd mailcow-dockerized
-
              
+

              3. Generate a configuration file. Use a FQDN (host.domain.tld) as hostname when asked. -

              ./generate_config.sh
-

              +
              ./generate_config.sh
+

              4. Change configuration if you want or need to. -

              nano mailcow.conf
-
              +
              nano mailcow.conf
+
              If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.

              You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation.

              Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise.

              @@ -2410,20 +2410,20 @@ If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.

              Whenever you run into trouble and strange phenomena, please check your MTU.

              Edit docker-compose.yml and change the network settings according to your MTU. Add the new driver_opts parameter like this: -

              networks:
+
              networks:
   mailcow-network:
     ...
     driver_opts:
       com.docker.network.driver.mtu: 1450
     ...
-
              
+

              4.2. Users without an IPv6 enabled network on their host system:

              Enable IPv6. Finally.

              If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues.

              5. Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached: -

              docker-compose pull
+
              docker-compose pull
 docker-compose up -d
-
              
+

              Done!

              You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo.

              diff --git a/en/i_u_m/i_u_m_migration/index.html b/en/i_u_m/i_u_m_migration/index.html index 213339b53..c43c91db6 100644 --- a/en/i_u_m/i_u_m_migration/index.html +++ b/en/i_u_m/i_u_m_migration/index.html @@ -2359,43 +2359,43 @@ Install Docker

              • Docker -

                curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+
                curl -sSL https://get.docker.com/ | CHANNEL=stable sh
 # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
 systemctl enable docker.service
-
                
+

              • docker-compose -

                curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
                curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
-
                
+

              Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

              2. Stop Docker and assure Docker has stopped: -

              systemctl stop docker.service
+
              systemctl stop docker.service
 systemctl status docker.service
-
              
+

              3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine: -

              rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
+
              rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
 rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
-
              
+

              4. Shut down mailcow and stop Docker on the source machine. -

              cd /opt/mailcow-dockerized
+
              cd /opt/mailcow-dockerized
 docker-compose down
 systemctl stop docker.service
-
              
+

              5. Repeat step 3 with the same commands. This will be much quicker than the first time.

              6. Switch over to the target machine and start Docker. -

              systemctl start docker.service
-

              +
              systemctl start docker.service
+

              7. Now pull the mailcow Docker images on the target machine. -

              cd /opt/mailcow-dockerized
+
              cd /opt/mailcow-dockerized
 docker-compose pull
-
              
+

              8. Start the whole mailcow stack and everything should be done! -

              docker-compose up -d
-

              +
              docker-compose up -d
+

              9. Finally, change your DNS settings to point to the target server.

              diff --git a/en/i_u_m/i_u_m_update/index.html b/en/i_u_m/i_u_m_update/index.html index 854164a1f..fdfa96390 100644 --- a/en/i_u_m/i_u_m_update/index.html +++ b/en/i_u_m/i_u_m_update/index.html @@ -2480,13 +2480,13 @@

              An update script in your mailcow-dockerized directory will take care of updates.

              But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below.

              Run the update script: -

              ./update.sh
-

              +
              ./update.sh
+

              If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow: dockerized repository code).

              Options

              -
              # Options can be combined
+
              # Options can be combined
 
 # - Check for updates and show changes
 ./update.sh --check
@@ -2509,22 +2509,22 @@ Some minor conflicts will be auto-corrected (in favour for the mailcow: dockeriz
 
 # - Don't update, but prefetch images and exit
 ./update.sh --prefetch
-
              
+

              I forgot what I changed before running update.sh

              See git log --pretty=oneline | grep -i "before update", you will have an output similar to this:

              -
              22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
+
              22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
-
              
+

              Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.

              Can I roll back?

              Yes.

              See the topic above, instead of a diff, you run checkout:

              -
              docker-compose down
+
              docker-compose down
 # Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID
 git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
 docker-compose pull
 docker-compose up -d
-
              
+

              Hooks

              You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.

              Footnotes

              diff --git a/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html index 836cd1060..26ad6e44d 100644 --- a/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html +++ b/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -2466,21 +2466,21 @@
            • You will need to get your_id from one of the download links, they are individual for every user

            • Add to data/conf/clamav/freshclam.conf with replaced your_id part: -

              DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
+
              DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
-
              
+

            • For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf, increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size.

            • Adjust data/conf/clamav/clamd.conf to align with next settings: -

              DetectPUA yes
+
              DetectPUA yes
 ExcludePUA PUA.Win.Packer
 ExcludePUA PUA.Win.Trojan.Packed
 ExcludePUA PUA.Win.Trojan.Molebox
@@ -2493,11 +2493,11 @@ MaxEmbeddedPE 100M
 MaxHTMLNormalize 50M
 MaxScriptNormalize 50M
 MaxZipTypeRcg 50M
-
              
+

            • Restart ClamAV container: -
              docker-compose restart clamd-mailcow
-
              • +
              docker-compose restart clamd-mailcow
+

          Please note:

            @@ -2509,14 +2509,14 @@ MaxZipTypeRcg 50M

            Enable InterServer databases

            1. Add to data/conf/clamav/freshclam.conf: -
              DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
+
              DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
 DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
 DatabaseCustomURL http://sigs.interserver.net/shell.ldb
 DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
-
              2. +
        • Restart ClamAV container: -
          docker-compose restart clamd-mailcow
-
          • +
          docker-compose restart clamd-mailcow
+
          diff --git a/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html index efd22c212..e3c3809b9 100644 --- a/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html +++ b/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -2398,22 +2398,22 @@

          Whitelist specific ClamAV signatures

          You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

          -
          docker-compose logs clamd-mailcow | grep "FOUND"
-
          +
          docker-compose logs clamd-mailcow | grep "FOUND"
+

          This line confirms that such was identified:

          -
          clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
-
          +
          clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
+

          To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:

          -
          echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
-
          +
          echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
+

          Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose:

          -
          docker-compose restart clamd-mailcow
-
          +
          docker-compose restart clamd-mailcow
+

          Cleanup cached ClamAV results in Redis:

          -
          # docker-compose exec redis-mailcow  /bin/sh
+
          # docker-compose exec redis-mailcow  /bin/sh
 /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
 /data # exit
-
          
+
          diff --git a/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html index cfa8ef675..5412a6b4a 100644 --- a/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html +++ b/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -2348,14 +2348,14 @@

          Customize Dockerfiles

          You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized):

          -
          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
-
          +
          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
+

          Make your changes in data/Dockerfiles/$service and build the image locally:

          -
          docker build data/Dockerfiles/service -t mailcow/$service
-
          +
          docker build data/Dockerfiles/service -t mailcow/$service
+

          Now auto-recreate modified containers:

          -
          docker-compose up -d
-
          +
          docker-compose up -d
+
          diff --git a/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html b/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html index 3404a09c2..789e301cf 100644 --- a/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html +++ b/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html @@ -2348,8 +2348,8 @@

          Docker Compose Bash Completion

          To get some sexy bash completion inside your containers simply execute the following:

          -
          curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
-
          +
          curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
+
          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html index b2eb32914..ea5323be5 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -2349,8 +2349,8 @@

          On August the 17th, we disabled the possibility to share with "any" or "all authenticated users" by default.

          This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf:

          -
          ACL_ANYONE=allow
-
          +
          ACL_ANYONE=allow
+

          Apply the changes by running docker-compose up -d.

          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html index 1beefec86..0b7303fb4 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -2454,17 +2454,17 @@

          The manual way

          That said, let's dive in:

          Delete a user's mails inside the junk folder that are read and older than 4 hours

          -
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
+

          Delete all user's mails in the junk folder that are older than 7 days

          -
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
+

          Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance).

          -
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
+

          Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks

          -
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
+

          Info

          For possible time spans or search keys have a look at man doveadm-search-query

          @@ -2472,21 +2472,21 @@

          Job scheduler

          via the host system cron

          If you want to automate such a task you can create a cron job on your host that calls a script like the one below:

          -
          #!/bin/bash
+
          #!/bin/bash
 # Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized
 cd /path/to/your/mailcow-dockerized
 
 /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
 /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
 [...]
-
          
+

          To create a cron job you may execute crontab -e and insert something like the following to execute a script:

          -
          # Execute everyday at 04:00 A.M.
+
          # Execute everyday at 04:00 A.M.
 0 4 * * * /path/to/your/expunge_mailboxes.sh
-
          
+

          via Docker job scheduler

          To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow:

          -
          version: '2.1'
+
          version: '2.1'
 
 services:
 
@@ -2504,12 +2504,12 @@ services:
       - "ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *"
       - "ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w"
       - "ofelia.job-exec.dovecot-expunge-trash.tty=false"
-
          
+

          The job controller just need access to the docker control socket to be able to emulate the behavior of "exec". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru. This docker-compose.override.yml deletes all mails older then 2 weeks from the "Junk" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this:

          -
          common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
+
          common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
 common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Finished in "285.032291ms", failed: false, skipped: false, error: none,
-
          
+

          If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug.

          In case you want to add more jobs, ensure you change the "dovecot-expunge-trash" part after "ofelia.job-exec." to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia.

          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html b/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html index 108ac39d3..9b0cc2611 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html @@ -2349,8 +2349,8 @@

          Create a file data/conf/dovecot/extra.conf - if missing - and add your additional content here.

          Restart dovecot-mailcow to apply your changes:

          -
          docker-compose restart dovecot-mailcow
-
          +
          docker-compose restart dovecot-mailcow
+
          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html b/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html index 76281c276..c14942d48 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-fts/index.html @@ -2443,19 +2443,19 @@

          The default heap size (1024 M) is defined in mailcow.conf.

          Since we run in Docker and create our containers with the "restart: always" flag, a oom situation will at least only trigger a restart of the container.

          -
          # single user
+
          # single user
 docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain
 # all users
 docker-compose exec dovecot-mailcow doveadm fts rescan -A
-
          
+

          Dovecot Wiki: "Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any)."

          This does not re-index a mailbox. It basically repairs a given index.

          If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit:

          -
          # single user
+
          # single user
 docker-compose exec dovecot-mailcow doveadm index -u user@domain '*'
 # all users, but obviously slower and more dangerous
 docker-compose exec dovecot-mailcow doveadm index -A '*'
-
          
+

          This will take some time depending on your machine and Solr can run oom, monitor it!

          Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox.

          Delete mailbox data

          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html b/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html index 49f3cb48e..234ff7ee4 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html @@ -2462,8 +2462,8 @@

          Change configuration

          Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type:

          -
          imap_idle_notify_interval = 5 mins
-
          +
          imap_idle_notify_interval = 5 mins
+

          29 minutes is the maximum value allowed by the corresponding RFC.

          Warning

          @@ -2471,13 +2471,13 @@ Insert the setting followed by the new value. For example, to set the interval t

          Reload Dovecot

          Now reload Dovecot: -

          docker-compose exec dovecot-mailcow dovecot reload
-

          +
          docker-compose exec dovecot-mailcow dovecot reload
+

          Info

          You can check the value of this setting with -

          docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
-
          +
          docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
+
          If you didn't change it, it should be at 2m. If you did change it, you should see your new value.

          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html b/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html index acc38ea93..6a07d6c1a 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html @@ -2350,7 +2350,7 @@

          Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1.

          If you want to decode/encode existing maildir files, you can use the following script at your own risk:

          Enter Dovecot by running docker-compose exec dovecot-mailcow /bin/bash in the mailcow-dockerized location.

          -
          # Decrypt /var/vmail
+
          # Decrypt /var/vmail
 find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
 if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
 doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
@@ -2374,7 +2374,7 @@ doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=
   chown 5000:5000 "$file"
 fi
 done
-
          
+
          diff --git a/en/manual-guides/Dovecot/u_e-dovecot-more/index.html b/en/manual-guides/Dovecot/u_e-dovecot-more/index.html index 8c0174c86..f1796cf62 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-more/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -2414,25 +2414,25 @@

          doveadm quota

          The quota get and quota recalc1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes.

          To list the current quota status for a user / mailbox, do:

          -
          doveadm quota get -u 'mailbox@example.org'
-
          +
          doveadm quota get -u 'mailbox@example.org'
+

          To list the quota storage value for all users, do:

          -
          doveadm quota get -A |grep "STORAGE"
-
          +
          doveadm quota get -A |grep "STORAGE"
+

          Recalculate a single user's quota usage:

          -
          doveadm quota recalc -u 'mailbox@example.org'
-
          +
          doveadm quota recalc -u 'mailbox@example.org'
+

          The doveadm search2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs.

          To view the number of messages, by user, in their .Trash folder:

          -
          doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
-
          +
          doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
+

          Show all messages in a user's inbox older then 90 days:

          -
          doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
-
          +
          doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
+

          Show all messages in any folder that are older then 30 days for mailbox@example.org:

          -
          doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
-
          +
          doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
+
            diff --git a/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html index 856ca167e..dbee87f25 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -2398,7 +2398,7 @@

            Create a new public namespace "Public" and a mailbox "Develcow" inside that namespace:

            Edit or create data/conf/dovecot/extra.conf, add:

            -
            namespace {
+
            namespace {
   type = public
   separator = /
   prefix = Public/
@@ -2408,18 +2408,18 @@
     auto = subscribe
   }
 }
-
            
+

            :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted.

            The new mailbox in the public namespace will be auto-subscribed by users.

            To allow all authenticated users access full to that new mailbox (not the whole namespace), run:

            -
            docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
-
            +
            docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
+

            Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example).

            Allow authenticated users access to the whole public namespace

            To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory:

            Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content:

            -
            authenticated kxeilprwts
-
            +
            authenticated kxeilprwts
+

            kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create.

            You can use doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to "lr" and grant only some users full access.

            See Dovecot ACL for further information about ACL.

            diff --git a/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html index 43215acfe..abcaef1b7 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -2351,9 +2351,9 @@

            That's recommended and should not be changed.

            If you need the user to be static anyway, please specify two variables in mailcow.conf.

            Both parameters must not be empty!

            -
            DOVECOT_MASTER_USER=mymasteruser
+
            DOVECOT_MASTER_USER=mymasteruser
 DOVECOT_MASTER_PASS=mysecretpass
-
            
+

            Run docker-compose up -d to apply your changes.

            The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local.

            To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above.

            diff --git a/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html index 294356bc6..cbb5bbbc2 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -2442,26 +2442,26 @@

            Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed).

          An easy, dirty, yet stable workaround is to stop mailcow (docker-compose down), remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example:

          -
          mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
+
          mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
 ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
-
          
+

          Start mailcow afterwards.

          The "old" way

          If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content:

          -
          version: '2.1'
+
          version: '2.1'
 volumes:
   vmail-vol-1:
     driver_opts:
       type: none
       device: /data/mailcow/vmail   
       o: bind
-
          
+

          Moving an existing vmail folder:

          • Locate the current vmail folder by its "Mountpoint" attribute: docker volume inspect mailcowdockerized_vmail-vol-1
          -
          [
+
          [
     {
         "CreatedAt": "2019-06-16T22:08:34+02:00",
         "Driver": "local",
@@ -2476,7 +2476,7 @@ volumes:
         "Scope": "local"
     }
 ]
-
          
+
          • Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail) using cp -a, rsync -a or a similar non strcuture breaking copy command
          • Stop mailcow by executing docker-compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
            • diff --git a/en/manual-guides/Nginx/u_e-nginx_custom/index.html b/en/manual-guides/Nginx/u_e-nginx_custom/index.html index d0b453e42..6122008bb 100644 --- a/en/manual-guides/Nginx/u_e-nginx_custom/index.html +++ b/en/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -2444,9 +2444,9 @@

            New site

            To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/:

            A good template to begin with:

            -
            nano data/conf/nginx/my_custom_site.conf
-
            -
            server {
+
            nano data/conf/nginx/my_custom_site.conf
+
            
+
            server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2 TLSv1.3;
@@ -2478,12 +2478,12 @@
     return 301 https://$server_name$request_uri;
   }
 }
-
            
+

            New site with proxy to a remote location

            Another example with a reverse proxy configuration:

            -
            nano data/conf/nginx/my_custom_site.conf
-
            -
            server {
+
            nano data/conf/nginx/my_custom_site.conf
+
            
+
            server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2 TLSv1.3;
@@ -2519,18 +2519,18 @@
     client_max_body_size 0;
   }
 }
-
            
+

            Config expansion in mailcows Nginx

            The filename used for a new site is not important, as long as the filename carries a .conf extension.

            It is also possible to extend the configuration of the default file site.conf file:

            -
            nano data/conf/nginx/site.my_content.custom
-
            +
            nano data/conf/nginx/site.my_content.custom
+

            This filename does not need to have a ".conf" extension but follows the pattern site.*.custom, where * is a custom name.

            If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf.

            Restart Nginx (and PHP-FPM, if a new listener was created):

            -
            docker-compose restart nginx-mailcow
+
            docker-compose restart nginx-mailcow
 docker-compose restart php-fpm-mailcow
-
            
+
            diff --git a/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html index 0504223d3..d072fb363 100644 --- a/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html +++ b/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -2350,7 +2350,7 @@

            IMPORTANT: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But: The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key.

            To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!

            nano data/conf/nginx/webmail.conf

            -
            server {
+
            server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   index index.php index.html;
@@ -2369,12 +2369,12 @@
     return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo;
   }
 }
-
            
+

            Save and restart Nginx: docker-compose restart nginx-mailcow.

            Now open mailcow.conf and find ADDITIONAL_SAN. Add webmail.example.org to this array, don't use quotes!

            -
            ADDITIONAL_SAN=webmail.example.org
-
            +
            ADDITIONAL_SAN=webmail.example.org
+

            Run docker-compose up -d. See "acme-mailcow" and "nginx-mailcow" logs if anything fails.

            diff --git a/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html index 70dd921da..dbbf2ec3a 100644 --- a/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -2349,8 +2349,8 @@

            Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value.

            Restart Postfix:

            -
            docker-compose restart postfix-mailcow
-
            +
            docker-compose restart postfix-mailcow
+
            diff --git a/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html index 74110d613..807158aac 100644 --- a/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -2416,14 +2416,14 @@

            Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)

            This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do.

            Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. -

            user-to-allow-everything@example.com OK
-

            +
            user-to-allow-everything@example.com OK
+

            Open data/conf/postfix/main.cf and find smtpd_sender_restrictions. Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: -

            smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
-

            +
            smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
+

            Run postmap on check_sasl_access:

            -
            docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
-
            +
            docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
+

            Restart the Postfix container.

            diff --git a/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html index 04e878bdc..079dee025 100644 --- a/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -2351,8 +2351,8 @@

            Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended.

            Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used.

            Restart postfix-mailcow to apply your changes:

            -
            docker-compose restart postfix-mailcow
-
            +
            docker-compose restart postfix-mailcow
+
            diff --git a/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html index e342474d5..ef9a6c44e 100644 --- a/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -2348,13 +2348,13 @@

            Statistics with pflogsumm

            To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm:

            -
            docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
-
            +
            docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
+

            The above log output is limited to the last 24 hours.

            It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content:

            -
            SHELL=/bin/bash
+
            SHELL=/bin/bash
 59 23 * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
-
            
+

            To work, a local postfix must be installed on the server, which relays to the mailcow postfix.

            More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost.

            Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.

            diff --git a/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html index dc46f2166..94550a98a 100644 --- a/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -2353,11 +2353,11 @@

            CIDR ACTION

            Where CIDR is a single IP address or IP range in CIDR notation, and action is either "permit" or "reject".

            Example:

            -
            # Rules are evaluated in the order as specified.
+
            # Rules are evaluated in the order as specified.
 # Blacklist 192.168.* except 192.168.0.1.
 192.168.0.1          permit
 192.168.0.0/16       reject
-
            
+

            The file is reloaded on the fly, postfix restart is not required.

            diff --git a/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html index 3e5db7433..0903f20f0 100644 --- a/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -2447,15 +2447,15 @@

            IPv4 hosts/subnets

            To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

            Edit data/conf/postfix/extra.cf:

            -
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
-
            +
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
+

            Run docker-compose restart postfix-mailcow to apply your new settings.

            IPv6 hosts/subnets

            Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

            To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

            Edit data/conf/postfix/extra.cf:

            -
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
-
            +
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
+

            Run docker-compose restart postfix-mailcow to apply your new settings.

            Info

            diff --git a/en/manual-guides/Redis/u_e-redis/index.html b/en/manual-guides/Redis/u_e-redis/index.html index 2747c54f6..76090d576 100644 --- a/en/manual-guides/Redis/u_e-redis/index.html +++ b/en/manual-guides/Redis/u_e-redis/index.html @@ -2477,28 +2477,28 @@

            Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it.

            Client

            To connect to the redis cli execute:

            -
            docker-compose exec redis-mailcow redis-cli
-
            +
            docker-compose exec redis-mailcow redis-cli
+

            Debugging

            Here are some useful commands for the redis-cli for debugging:

            MONITOR

            Listens for all requests received by the server in real time:

            -
            # docker-compose exec redis-mailcow redis-cli
+
            # docker-compose exec redis-mailcow redis-cli
 127.0.0.1:6379> monitor
 OK
 1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
 1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
 [...]
-
            
+
            KEYS

            Get all keys matching your pattern:

            -
            KEYS *
-
            +
            KEYS *
+
            PING

            Test a connection:

            -
            127.0.0.1:6379> PING
+
            127.0.0.1:6379> PING
 PONG
-
            
+

            If you want to know more, here is a cheat sheet.

            diff --git a/en/manual-guides/Rspamd/u_e-rspamd/index.html b/en/manual-guides/Rspamd/u_e-rspamd/index.html index 6ba85c637..852978c25 100644 --- a/en/manual-guides/Rspamd/u_e-rspamd/index.html +++ b/en/manual-guides/Rspamd/u_e-rspamd/index.html @@ -2556,68 +2556,68 @@ This is achieved by using the Sieve plugin "sieve_imapsieve" and parser scripts.

            You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd.

            Learn Spam or Ham from existing directory

            You can use a one-liner to learn mail in plain-text (uncompressed) format:

            -
            # Ham
-for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
+
            # Ham
+for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
 # Spam
-for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
-
            
+for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
+

            Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example:

            -
            for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
-
            +
            for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
+

            Reset learned data (Bayes, Neural)

            You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now:

            Backup database

            -
            # It is better to stop Redis before you copy the file.
+
            # It is better to stop Redis before you copy the file.
 cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
-
            
+

            Reset Bayes data

            -
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
+
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
 docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
-
            
+

            Reset Neural data

            -
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
-
            +
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
+

            Reset Fuzzy data

            -
            # We need to enter the redis-cli first:
+
            # We need to enter the redis-cli first:
 docker-compose exec redis-mailcow redis-cli
 # In redis-cli:
 127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
-
            
+

            Info

            If redis-cli complains about...

            -
            (error) ERR wrong number of arguments for 'del' command
-
            +
            (error) ERR wrong number of arguments for 'del' command
+

            ...the key pattern was not found and thus no data is available to delete - it is fine.

            CLI tools

            -
            docker-compose exec rspamd-mailcow rspamc --help
+
            docker-compose exec rspamd-mailcow rspamc --help
 docker-compose exec rspamd-mailcow rspamadm --help
-
            
+

            Disable Greylisting

            Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting.

            You can disable greylisting server-wide by editing:

            {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf

            Add the line:

            -
            enabled = false;
-
            +
            enabled = false;
+

            Save the file and restart "rspamd-mailcow": docker-compose restart rspamd-mailcow

            Spam filter thresholds (global)

            Each user is able to change their spam rating individually. To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf:

            -
            reject = 15;
-add_header = 8;
-greylist = 7;
-
            +
            reject = 15;
+add_header = 8;
+greylist = 7;
+

            Save the file and restart "rspamd-mailcow": docker-compose restart rspamd-mailcow

            Existing settings of users will not be overwritten!

            To reset custom defined thresholds, run:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
 # or:
 # docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
-
            
+

            Custom reject messages

            The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content:

            -
            reject_message = "My custom reject message";
-
            +
            reject_message = "My custom reject message";
+

            Save the file and restart Rspamd: docker-compose restart rspamd-mailcow.

            While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted:

              @@ -2628,7 +2628,7 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del

              Add your custom message as new line:

            -
            GLOBAL_RCPT_BL {
+
            GLOBAL_RCPT_BL {
   type = "rcpt";
   map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
   regexp = true;
@@ -2636,40 +2636,40 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del
   action = "reject";
   message = "Sending mail to this recipient is prohibited by postmaster@your.domain";
 }
-
            
+
            1. Save the file and restart Rspamd: docker-compose restart rspamd-mailcow.

            Discard instead of reject

            If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content:

            -
            discard_on_reject = true;
-
            +
            discard_on_reject = true;
+

            Restart Rspamd:

            -
            docker-compose restart rspamd-mailcow
-
            +
            docker-compose restart rspamd-mailcow
+

            Wipe all ratelimit keys

            If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task:

            -
            docker-compose exec redis-mailcow sh
+
            docker-compose exec redis-mailcow sh
 # Unlink (available in Redis >=4.) will delete in the backgronud
 redis-cli --scan --pattern RL* | xargs redis-cli unlink
-
            
+

            Restart Rspamd:

            -
            docker-compose exec redis-mailcow sh
-
            +
            docker-compose exec redis-mailcow sh
+

            Trigger a resend of quarantine notifications

            Should be used for debugging only!

            -
            docker-compose exec dovecot-mailcow bash
+
            docker-compose exec dovecot-mailcow bash
 mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
 redis-cli -h redis DEL Q_LAST_NOTIFIED
 quarantine_notify.py
-
            
+

            Increase history retention

            By default Rspamd keeps 1000 elements in the history.

            The history is stored compressed.

            It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it:

            Edit data/conf/rspamd/local.d/history_redis.conf:

            -
            nrows = 1000; # change this value
-
            +
            nrows = 1000; # change this value
+

            Restart Rspamd afterwards: docker-compose restart rspamd-mailcow

            diff --git a/en/manual-guides/SOGo/u_e-sogo/index.html b/en/manual-guides/SOGo/u_e-sogo/index.html index 5f85cb267..ba8213824 100644 --- a/en/manual-guides/SOGo/u_e-sogo/index.html +++ b/en/manual-guides/SOGo/u_e-sogo/index.html @@ -2491,24 +2491,24 @@ After you modified data/conf/sogo/custom-theme.js and made changes
          • open browser developer console, usually shortcut is F12
          • only if you use Firefox: write by hands in dev console allow pasting and press enter
          • paste java script snipet in dev console: -
            copy([].slice.call(document.styleSheets)
+
            copy([].slice.call(document.styleSheets)
   .map(e => e.ownerNode)
   .filter(e => e.hasAttribute('md-theme-style'))
   .map(e => e.textContent)
   .join('\n')
 )
-
            • +
          • open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it
          • copy CSS file to mailcow server data/conf/sogo/custom-theme.css
          • edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO;
          • append/create docker-compose.override.yml with: -
            version: '2.1'
+
            version: '2.1'
 
 services:
   sogo-mailcow:
     volumes:
       - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
-
            • +
          • run docker-compose up -d
          • run docker-compose restart memcached-mailcow
            • @@ -2516,7 +2516,7 @@ services:
            1. checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js
            2. find in data/conf/sogo/custom-theme.js: -
              // Apply new palettes to the default theme, remap some of the hues
+
              // Apply new palettes to the default theme, remap some of the hues
     $mdThemingProvider.theme('default')
       .primaryPalette('green-cow', {
         'default': '400',  // background color of top toolbars
@@ -2531,13 +2531,13 @@ services:
         'hue-3': 'A700'
       })
       .backgroundPalette('frost-grey');
-
              
+
              and replace it with: -
                  $mdThemingProvider.theme('default');
-
              3. +
                  $mdThemingProvider.theme('default');
+
            3. remove from docker-compose.override.yml volume mount in sogo-mailcow: -
              - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
-
              4. +
              - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
+
            4. run docker-compose up -d
            5. run docker-compose restart memcached-mailcow
            @@ -2553,16 +2553,16 @@ After you replaced said file you need to restart SOGo and Memcached containers b

            Domains are usually isolated from eachother.

            You can change that by modifying data/conf/sogo/sogo.conf:

            Search... -

               // SOGoDomainsVisibility = (
+
               // SOGoDomainsVisibility = (
     //  (domain1.tld, domain5.tld),
     //  (domain3.tld, domain2.tld)
     // );
-
            
+
            ...and replace it by - for example:

            -
                SOGoDomainsVisibility = (
+
                SOGoDomainsVisibility = (
       (example.org, example.com, example.net)
     );
-
            
+

            Restart SOGo: docker-compose restart sogo-mailcow

            Disable password changing

            Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO. Please do not add a new parameter.

            diff --git a/en/manual-guides/Unbound/u_e-unbound-fwd/index.html b/en/manual-guides/Unbound/u_e-unbound-fwd/index.html index 7bca36dd5..26e5425df 100644 --- a/en/manual-guides/Unbound/u_e-unbound-fwd/index.html +++ b/en/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -2416,18 +2416,18 @@ Important: Only DNSSEC validating DNS services will work.

            Method A, Unbound

            Edit data/conf/unbound/unbound.conf and append the following parameters:

            -
            forward-zone:
+
            forward-zone:
   name: "."
   forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
   forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
-
            
+

            Restart Unbound:

            -
            docker-compose restart unbound-mailcow
-
            +
            docker-compose restart unbound-mailcow
+

            Method B, Override file

            -
            cd /opt/mailcow-dockerized
+
            cd /opt/mailcow-dockerized
 cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
-
            
+

            Edit docker-compose.override.yml and adjust the IP.

            Run docker-compose down ; docker-compose up -d.

            diff --git a/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html index b6aeff15e..c28cea627 100644 --- a/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html +++ b/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -2649,7 +2649,7 @@

            Watchdog uses default values for all thresholds defined in docker-compose.yml.

            The default values will work for most setups. Example: -

            - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
+
            - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
 - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
 - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
 - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
@@ -2667,7 +2667,7 @@ Example:
 - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
 - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
 - MAILQ_CRIT=${MAILQ_CRIT:-30}
-
            
+

            To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10) to mailcow.conf and run docker-compose up -d.

            Thresholds descriptions

            NGINX_THRESHOLD

            diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html index 806cb05d5..254a63687 100644 --- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html +++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html @@ -2403,7 +2403,7 @@

            1. Move this message to a sub folder "facebook" (will be created lower case if not existing)

            2. Prepend the tag to the subject: "[facebook] Subject"

            Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: -

            diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
+
            diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
 index e047136e..933c4137 100644
 --- a/data/conf/dovecot/global_sieve_after
 +++ b/data/conf/dovecot/global_sieve_after
@@ -2416,7 +2416,7 @@ index e047136e..933c4137 100644
    if mailboxexists "INBOX/${1}" {
      fileinto "INBOX/${1}";
    } else {
-
            
+

            diff --git a/en/manual-guides/u_e-80_to_443/index.html b/en/manual-guides/u_e-80_to_443/index.html index 33a00f6c7..00c798bf2 100644 --- a/en/manual-guides/u_e-80_to_443/index.html +++ b/en/manual-guides/u_e-80_to_443/index.html @@ -2349,7 +2349,7 @@

            Do not use the config below for reverse proxy setups, please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS.

            Open mailcow.conf and set HTTP_BIND= - if not already set.

            Create a new file data/conf/nginx/redirect.conf and add the following server config to the file:

            -
            server {
+
            server {
   root /web;
   listen 80 default_server;
   listen [::]:80 default_server;
@@ -2363,13 +2363,13 @@
     return 301 https://$host$uri$is_args$args;
   }
 }
-
            
+

            In case you changed the HTTP_BIND parameter, recreate the container:

            -
            docker-compose up -d
-
            +
            docker-compose up -d
+

            Otherwise restart Nginx:

            -
            docker-compose restart nginx-mailcow
-
            +
            docker-compose restart nginx-mailcow
+
            diff --git a/en/manual-guides/u_e-autodiscover_config/index.html b/en/manual-guides/u_e-autodiscover_config/index.html index 842247929..5d40586dd 100644 --- a/en/manual-guides/u_e-autodiscover_config/index.html +++ b/en/manual-guides/u_e-autodiscover_config/index.html @@ -2350,7 +2350,7 @@ Keep in mind, that ActiveSync should NOT be used with a desktop client.

            Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array.

            Changes will be merged with "$autodiscover_config" in data/web/inc/vars.inc.php):

            -
            <?php
+
            <?php
 $autodiscover_config = array(
   // General autodiscover service type: "activesync" or "imap"
   // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
@@ -2388,7 +2388,7 @@ $autodiscover_config = array(
     'port' => $https_port,
   ),
 );
-
            
+

            To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap'.

            Disable ActiveSync for Outlook desktop clients by setting "useEASforOutlook" to "no".

            diff --git a/en/manual-guides/u_e-reeanble-weak-protocols/index.html b/en/manual-guides/u_e-reeanble-weak-protocols/index.html index 64ac8cb9d..5cf736118 100644 --- a/en/manual-guides/u_e-reeanble-weak-protocols/index.html +++ b/en/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -2349,15 +2349,15 @@

            Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

            How to re-enable weak protocols?

            Edit data/conf/postfix/extra.cf:

            -
            submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
            submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-
            
+

            Edit data/conf/dovecot/extra.conf:

            -
            ssl_min_protocol = TLSv1
-
            +
            ssl_min_protocol = TLSv1
+

            Restart the affected services:

            -
            docker-compose restart postfix-mailcow dovecot-mailcow
-
            +
            docker-compose restart postfix-mailcow dovecot-mailcow
+

            Hint: You can enable TLS 1.2 in Windows 7.

            diff --git a/en/post_installation/firststeps-disable_ipv6/index.html b/en/post_installation/firststeps-disable_ipv6/index.html index 0878c47ee..50b66e1f8 100644 --- a/en/post_installation/firststeps-disable_ipv6/index.html +++ b/en/post_installation/firststeps-disable_ipv6/index.html @@ -2353,49 +2353,49 @@ and implement your changes to the service there. Unfortunately, this right now o

            To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file).

            1. Modify docker-compose.yml

            Change enable_ipv6: true to enable_ipv6: false:

            -
            networks:
+
            networks:
   mailcow-network:
     [...]
     enable_ipv6: true # <<< set to false
     [...]
-
            
+

            2. Disable ipv6nat-mailcow

            To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called "docker-compose.override.yml":

            NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly!

            -
            # cd /opt/mailcow-dockerized
+
            # cd /opt/mailcow-dockerized
 # touch docker-compose.override.yml
-
            
+

            Open the file in your favourite text editor and fill in the following:

            -
            version: '2.1'
+
            version: '2.1'
 services:
 
     ipv6nat-mailcow:
       image: bash:latest
       restart: "no"
       entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
-
            
+

            For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

            -
            docker-compose down
+
            docker-compose down
 docker-compose up -d
-
            
+

            3. Disable IPv6 in unbound-mailcow

            Edit data/conf/unbound/unbound.conf and set do-ip6 to "no":

            -
            server:
+
            server:
   [...]
   do-ip6: no
   [...]
-
            
+

            Restart Unbound:

            -
            docker-compose restart unbound-mailcow
-
            +
            docker-compose restart unbound-mailcow
+

            4. Disable IPv6 in postfix-mailcow

            Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

            -
            smtp_address_preference = ipv4
+
            smtp_address_preference = ipv4
 inet_protocols = ipv4
-
            
+

            Restart Postfix:

            -
            docker-compose restart postfix-mailcow
-
            +
            docker-compose restart postfix-mailcow
+
            diff --git a/en/post_installation/firststeps-dmarc_reporting/index.html b/en/post_installation/firststeps-dmarc_reporting/index.html index dc786a841..6fafd76a1 100644 --- a/en/post_installation/firststeps-dmarc_reporting/index.html +++ b/en/post_installation/firststeps-dmarc_reporting/index.html @@ -2473,7 +2473,7 @@

            Enable DMARC reporting

            Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content:

            -
            reporting {
+
            reporting {
     enabled = true;
     email = 'noreply-dmarc@example.com';
     domain = 'example.com';
@@ -2486,9 +2486,9 @@
     max_entries = 2k;
     keys_expire = 2d;
 }
-
            
+

            Create or modify docker-compose.override.yml in the mailcow-dockerized base directory:

            -
            version: '2.1'
+
            version: '2.1'
 
 services:
   rspamd-mailcow:
@@ -2501,16 +2501,16 @@ services:
   ofelia-mailcow:
     depends_on:
       - rspamd-mailcow
-
            
+

            Run docker-compose up -d

            Send a copy reports to yourself

            To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:

            -
            reporting {
+
            reporting {
     enabled = true;
     email = 'noreply-dmarc@example.com';
     bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
 [...]
-
            
+

            Rspamd will load changes in real time, so you won't need to restart the container at this point.

            This can be useful if you...

              @@ -2519,21 +2519,21 @@ services:

            Troubleshooting

            Check when the report schedule last ran:

            -
            docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
-
            +
            docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
+

            See the latest report output:

            -
            docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
-
            +
            docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
+

            Manually trigger a DMARC report:

            -
            docker-compose exec rspamd-mailcow rspamadm dmarc_report
-
            +
            docker-compose exec rspamd-mailcow rspamadm dmarc_report
+

            Validate that Rspamd has recorded data in Redis: Change 20220428 to date which you interested in.

            -

            docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
-
            +

            docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
+
            Take one of the lines from output you interested in and request it, f.e.: -
            docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
-

            +
            docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
+

            Change DMARC reporting frequency

            In the example above reports are sent once every 24 hours.

            Olefia schedule has same implementation as cron in Go, supported syntax described at cron Documentation

            diff --git a/en/post_installation/firststeps-ip_bindings/index.html b/en/post_installation/firststeps-ip_bindings/index.html index aa0ddc0c0..467adb3f6 100644 --- a/en/post_installation/firststeps-ip_bindings/index.html +++ b/en/post_installation/firststeps-ip_bindings/index.html @@ -2414,7 +2414,7 @@

            IPv4 binding

            To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs:

            -
            # For technical reasons, http bindings are a bit different from other service bindings.
+
            # For technical reasons, http bindings are a bit different from other service bindings.
 # You will find the following variables, separated by a bind address and its port:
 # Example: HTTP_BIND=1.2.3.4
 
@@ -2439,14 +2439,14 @@ SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
 SOLR_PORT=127.0.0.1:18983
-
            
+

            To apply your changes, run docker-compose down followed by docker-compose up -d.

            IPv6 binding

            Changing IPv6 bindings is different from IPv4. Again, this has a technical background.

            A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten.

            Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file.

            An imaginary IPv6 2a00:dead:beef::abc is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed.

            -
            version: '2.1'
+
            version: '2.1'
 services:
 
     dovecot-mailcow:
@@ -2467,7 +2467,7 @@ services:
       ports:
         - '2a00:dead:beef::abc:80:80'
         - '2a00:dead:beef::abc:443:443'
-
            
+

            To apply your changes, run docker-compose down followed by docker-compose up -d.

            diff --git a/en/post_installation/firststeps-local_mta/index.html b/en/post_installation/firststeps-local_mta/index.html index 05b07bca0..75dc0a79c 100644 --- a/en/post_installation/firststeps-local_mta/index.html +++ b/en/post_installation/firststeps-local_mta/index.html @@ -2347,15 +2347,15 @@

            The easiest option would be to disable the listener on port 25/tcp.

            Postfix users disable the listener by commenting the following line (starting with smtp or 25) in /etc/postfix/master.cf: -

            #smtp      inet  n       -       -       -       -       smtpd
-

            +
            #smtp      inet  n       -       -       -       -       smtpd
+

            Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from "inet_interfaces":

            -
            postconf -e 'relayhost = 172.22.1.1'
+
            postconf -e 'relayhost = 172.22.1.1'
 postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
 postconf -e "inet_interfaces = loopback-only"
 postconf -e "relay_transport = relay"
 postconf -e "default_transport = smtp"
-
            
+

            Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld.

            "172.22.1.1" is the mailcow created network gateway in Docker. Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network.

            diff --git a/en/post_installation/firststeps-logging/index.html b/en/post_installation/firststeps-logging/index.html index 86dec2589..efb2ef084 100644 --- a/en/post_installation/firststeps-logging/index.html +++ b/en/post_installation/firststeps-logging/index.html @@ -2466,16 +2466,16 @@ the ability to read logs from the UI or ban suspicious clients with netfilter-ma

            Via docker-compose.override.yml

            Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease.

            Create a docker-compose.override.yml and add, for example, this block to use the "gelf" logging plugin for postfix-mailcow:

            -
            version: '2.1'
+
            version: '2.1'
 services:
   postfix-mailcow: # or any other
     logging:
       driver: "gelf"
       options:
         gelf-address: "udp://graylog:12201"
-
            
+

            Another example for Syslog:

            -
            version: '2.1'
+
            version: '2.1'
 services:
 
   postfix-mailcow: # or any other
@@ -2506,10 +2506,10 @@ local3.*        /var/log/mailcow.logs
 & ~
 
 # Restart rsyslog afterwards.
-
            
+

            via daemon.json (globally)

            If you want to change the logging driver globally, edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service:

            -
            {
+
            {
 ...
   "log-driver": "gelf",
   "log-opts": {
@@ -2517,9 +2517,9 @@ local3.*        /var/log/mailcow.logs
   }
 ...
 }
-
            
+

            For Syslog:

            -
            {
+
            {
 ...
   "log-driver": "syslog",
   "log-opts": {
@@ -2527,7 +2527,7 @@ local3.*        /var/log/mailcow.logs
   }
 ...
 }
-
            
+

            Restart the Docker daemon and run docker-compose down && docker-compose up -d to recreate the containers with the new logging driver.

            diff --git a/en/post_installation/firststeps-rp/index.html b/en/post_installation/firststeps-rp/index.html index e4f7eecb4..52d5c1904 100644 --- a/en/post_installation/firststeps-rp/index.html +++ b/en/post_installation/firststeps-rp/index.html @@ -2467,11 +2467,11 @@

            You don't need to change the Nginx site that comes with mailcow: dockerized. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy.

            1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: -

            HTTP_BIND=127.0.0.1
+
            HTTP_BIND=127.0.0.1
 HTTP_PORT=8080
 HTTPS_BIND=127.0.0.1
 HTTPS_PORT=8443
-
            
+

            This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker.

            IMPORTANT: Do not use port 8081, 9081 or 65510!

            Recreate affected containers by running docker-compose up -d.

            @@ -2500,56 +2500,56 @@ On many servers logrotate will reload the webserver daily anyway.

            2. Configure your local webserver as reverse proxy:

            Apache 2.4

            Required modules: -

            a2enmod rewrite proxy proxy_http headers ssl
-

            +
            a2enmod rewrite proxy proxy_http headers ssl
+

            Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine.

            Take care of highlighted lines.

            -
            <VirtualHost *:80>
-  ServerName CHANGE_TO_MAILCOW_HOSTNAME
-  ServerAlias autodiscover.*
-  ServerAlias autoconfig.*
-  RewriteEngine on
+
            <VirtualHost *:80>
+  ServerName CHANGE_TO_MAILCOW_HOSTNAME
+  ServerAlias autodiscover.*
+  ServerAlias autoconfig.*
+  RewriteEngine on
 
-  RewriteCond %{HTTPS} off
-  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
+  RewriteCond %{HTTPS} off
+  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
 
-  ProxyPass / http://127.0.0.1:8080/
-  ProxyPassReverse / http://127.0.0.1:8080/
-  ProxyPreserveHost On
-  ProxyAddHeaders On
-  RequestHeader set X-Forwarded-Proto "http"
-</VirtualHost>
-<VirtualHost *:443>
-  ServerName CHANGE_TO_MAILCOW_HOSTNAME
-  ServerAlias autodiscover.*
-  ServerAlias autoconfig.*
+  ProxyPass / http://127.0.0.1:8080/
+  ProxyPassReverse / http://127.0.0.1:8080/
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  RequestHeader set X-Forwarded-Proto "http"
+</VirtualHost>
+<VirtualHost *:443>
+  ServerName CHANGE_TO_MAILCOW_HOSTNAME
+  ServerAlias autodiscover.*
+  ServerAlias autoconfig.*
 
-  # You should proxy to a plain HTTP session to offload SSL processing
-  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
-  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
-  ProxyPass / http://127.0.0.1:8080/
-  ProxyPassReverse / http://127.0.0.1:8080/
-  ProxyPreserveHost On
-  ProxyAddHeaders On
-  RequestHeader set X-Forwarded-Proto "https"
+  # You should proxy to a plain HTTP session to offload SSL processing
+  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
+  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
+  ProxyPass / http://127.0.0.1:8080/
+  ProxyPassReverse / http://127.0.0.1:8080/
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  RequestHeader set X-Forwarded-Proto "https"
 
-  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
-  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
+  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
+  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
 
-  # If you plan to proxy to a HTTPS host:
-  #SSLProxyEngine On
+  # If you plan to proxy to a HTTPS host:
+  #SSLProxyEngine On
 
-  # If you plan to proxy to an untrusted HTTPS host:
-  #SSLProxyVerify none
-  #SSLProxyCheckPeerCN off
-  #SSLProxyCheckPeerName off
-  #SSLProxyCheckPeerExpire off
-</VirtualHost>
-
            
+  # If you plan to proxy to an untrusted HTTPS host:
+  #SSLProxyVerify none
+  #SSLProxyCheckPeerCN off
+  #SSLProxyCheckPeerName off
+  #SSLProxyCheckPeerExpire off
+</VirtualHost>
+

            Nginx

            Let's Encrypt will follow our rewrite, certificate requests will work fine.

            Take care of highlighted lines.

            -
            server {
+
            server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
@@ -2600,14 +2600,14 @@ server {
     proxy_busy_buffers_size 512k;
   }
 }
-
            
+

            HAProxy (community supported)

            Warning

            This is an unsupported community contribution. Feel free to provide fixes.

            Important/Fixme: This example only forwards HTTPS traffic and does not use mailcows built-in ACME client.

            -
            frontend https-in
+
            frontend https-in
   bind :::443 v4v6 ssl crt mailcow.pem
   default_backend mailcow
 
@@ -2616,7 +2616,7 @@ backend mailcow
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   server mailcow 127.0.0.1:8080 check
-
            
+

            Traefik v2 (community supported)

            Warning

            @@ -2627,50 +2627,50 @@ backend mailcow

            So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf, and run docker-compose up -d to apply the changes.

            Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder.

            -
            version: '2.1'
+
            version: '2.1'
 
-services:
-    nginx-mailcow:
-      networks:
-        # add Traefik's network
-        web:
-      labels:
-        - traefik.enable=true
-        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
-        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
-        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
-        # Enables tls over the router we created before.
-        - traefik.http.routers.moo.tls=true
-        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
-        - traefik.http.routers.moo.tls.certresolver=le
-        # Creates a service called "moo" for the container, and specifies which internal port of the container
-        #   should traefik route the incoming data to.
-        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
-        # Specifies which entrypoint (external port) should traefik listen to, for this container.
-        #   websecure being port 443, check the traefik.toml file liked above.
-        - traefik.http.routers.moo.entrypoints=websecure
-        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
-        - traefik.docker.network=web
+services:
+    nginx-mailcow:
+      networks:
+        # add Traefik's network
+        web:
+      labels:
+        - traefik.enable=true
+        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
+        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
+        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
+        # Enables tls over the router we created before.
+        - traefik.http.routers.moo.tls=true
+        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
+        - traefik.http.routers.moo.tls.certresolver=le
+        # Creates a service called "moo" for the container, and specifies which internal port of the container
+        #   should traefik route the incoming data to.
+        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
+        # Specifies which entrypoint (external port) should traefik listen to, for this container.
+        #   websecure being port 443, check the traefik.toml file liked above.
+        - traefik.http.routers.moo.entrypoints=websecure
+        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
+        - traefik.docker.network=web
 
-    certdumper:
-        image: humenius/traefik-certs-dumper
-        container_name: traefik_certdumper
-        network_mode: none
-        volumes:
-          # mount the folder which contains Traefik's `acme.json' file
-          #   in this case Traefik is started from its own docker-compose in ../traefik
-          - ../traefik/data:/traefik:ro
-          # mount mailcow's SSL folder
-          - ./data/assets/ssl/:/output:rw
-        restart: always
-        environment:
-          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
-          - DOMAIN=${MAILCOW_HOSTNAME}
+    certdumper:
+        image: humenius/traefik-certs-dumper
+        container_name: traefik_certdumper
+        network_mode: none
+        volumes:
+          # mount the folder which contains Traefik's `acme.json' file
+          #   in this case Traefik is started from its own docker-compose in ../traefik
+          - ../traefik/data:/traefik:ro
+          # mount mailcow's SSL folder
+          - ./data/assets/ssl/:/output:rw
+        restart: always
+        environment:
+          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
+          - DOMAIN=${MAILCOW_HOSTNAME}
 
-networks:
-  web:
-    external: true
-
            
+networks:
+  web:
+    external: true
+

            Start the new containers with docker-compose up -d.

            Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org, and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from.

            This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path.

            @@ -2680,18 +2680,18 @@ For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow

            Optional: Post-hook script for non-mailcow ACME clients

            Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. Make sure you change the paths accordingly: -

            #!/bin/bash
+
            #!/bin/bash
 cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
 cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
 postfix_c=$(docker ps -qaf name=postfix-mailcow)
 dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
 nginx_c=$(docker ps -qaf name=nginx-mailcow)
 docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
-
            
+

            Adding additional server names for mailcow UI

            If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site.

            -
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
-
            +
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
+

            Run docker-compose up -d to apply.

            diff --git a/en/post_installation/firststeps-snat/index.html b/en/post_installation/firststeps-snat/index.html index f477dea31..59ea28c19 100644 --- a/en/post_installation/firststeps-snat/index.html +++ b/en/post_installation/firststeps-snat/index.html @@ -2348,12 +2348,12 @@

            SNAT is used to change the source address of the packets sent by mailcow. It can be used to change the outgoing IP address on systems with multiple IP addresses.

            Open mailcow.conf, set either or both of the following parameters:

            -
            # Use this IPv4 for outgoing connections (SNAT)
+
            # Use this IPv4 for outgoing connections (SNAT)
 SNAT_TO_SOURCE=1.2.3.4
 
 # Use this IPv6 for outgoing connections (SNAT)
 SNAT6_TO_SOURCE=dead:beef
-
            
+

            Run docker-compose up -d.

            The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1.

            Check the output of docker-compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.

            diff --git a/en/post_installation/firststeps-ssl/index.html b/en/post_installation/firststeps-ssl/index.html index b8d6294f7..5c91cd04f 100644 --- a/en/post_installation/firststeps-ssl/index.html +++ b/en/post_installation/firststeps-ssl/index.html @@ -2586,8 +2586,8 @@

            Additional domain names

            Edit "mailcow.conf" and add a parameter ADDITIONAL_SAN like this:

            Do not use quotes (") and do not use spaces between the names!

            -
            ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
-
            +
            ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
+

            Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address.

            A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow.

            Run docker-compose up -d to recreate affected containers automatically.

            @@ -2596,17 +2596,17 @@

            Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration.

            If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site.

            -
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
-
            +
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
+

            Run docker-compose up -d to apply.

            Force renewal

            To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container:

            -
            cd /opt/mailcow-dockerized
+
            cd /opt/mailcow-dockerized
 touch data/assets/ssl/force_renew
 docker-compose restart acme-mailcow
 # Now check the logs for a renewal
 docker-compose logs --tail=200 -f acme-mailcow
-
            
+

            The file will be deleted automatically.

            Validation errors and how to skip validation

            You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.

            @@ -2653,35 +2653,35 @@ You should make sure these clients use the MAILCOW_HOSTNAME for sec

            To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem.

            IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl.

            Restart affected services afterwards:

            -
            docker restart $(docker ps -qaf name=postfix-mailcow)
+
            docker restart $(docker ps -qaf name=postfix-mailcow)
 docker restart $(docker ps -qaf name=nginx-mailcow)
 docker restart $(docker ps -qaf name=dovecot-mailcow)
-
            
+

            See Post-hook script for non-mailcow ACME clients for a full example script.

            Test against staging ACME directory

            Edit mailcow.conf and add LE_STAGING=y.

            Run docker-compose up -d to activate your changes.

            Custom directory URL

            Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL:

            -
            DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
-
            +
            DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
+

            You cannot use LE_STAGING with DIRECTORY_URL. If both are set, only LE_STAGING is used.

            Run docker-compose up -d to activate your changes.

            Check your configuration

            Run docker-compose logs acme-mailcow to find out why a validation fails.

            To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate.

            To check the certificate served by Postfix, Dovecot and Nginx we will use openssl:

            -
            # Connect via SMTP (587)
+
            # Connect via SMTP (587)
 echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
 # Connect via IMAP (143)
 echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
 # Connect via HTTPS (443)
 echo "Q" | openssl s_client -connect mx.mailcow.email:443
-
            
+

            To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script:

            -
            cd /opt/mailcow-dockerized
+
            cd /opt/mailcow-dockerized
 bash helper-scripts/expiry-dates.sh
-
            
+
            diff --git a/en/prerequisite/prerequisite-dns/index.html b/en/prerequisite/prerequisite-dns/index.html index 5cd408c5f..4c6cd9978 100644 --- a/en/prerequisite/prerequisite-dns/index.html +++ b/en/prerequisite/prerequisite-dns/index.html @@ -2548,28 +2548,28 @@

            Make sure that the PTR record of your IP address matches the FQDN of your mailcow host: ${MAILCOW_HOSTNAME} 1. This record is usually set at the provider you leased the IP address (server) from.

            The minimal DNS configuration

            This example shows you a set of records for one domain managed by mailcow. Each domain that is added to mailcow needs at least this set of records to function correctly.

            -
            # Name              Type       Value
+
            # Name              Type       Value
 mail                IN A       1.2.3.4
 autodiscover        IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
 autoconfig          IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
 @                   IN MX 10   mail.example.org. (your ${MAILCOW_HOSTNAME})
-
            
+

            DKIM, SPF and DMARC

            In the example DNS zone file snippet below, a simple SPF TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to ("~all"). Please refer to SPF Project for further reading.

            -
            # Name              Type       Value
+
            # Name              Type       Value
 @                   IN TXT     "v=spf1 mx a -all"
-
            
+

            It is highly recommended to create a DKIM TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to OpenDKIM for further reading.

            -
            # Name              Type       Value
+
            # Name              Type       Value
 dkim._domainkey     IN TXT     "v=DKIM1; k=rsa; t=s; s=email; p=..."
-
            
+

            The last step in protecting yourself and others is the implementation of a DMARC TXT record, for example by using the DMARC Assistant (check).

            -
            # Name              Type       Value
+
            # Name              Type       Value
 _dmarc              IN TXT     "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
-
            
+

            The advanced DNS configuration

            SRV records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give "." as the target address (instead of "mail.example.org."). Please refer to RFC 2782.

            -
            # Name              Type       Priority Weight Port    Value
+
            # Name              Type       Priority Weight Port    Value
 _autodiscover._tcp  IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
 _caldavs._tcp       IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
 _caldavs._tcp       IN TXT                              "path=/SOGo/dav/"
@@ -2582,7 +2582,7 @@ _pop3s._tcp         IN SRV     0        1      995      mail.example.org. (your
 _sieve._tcp         IN SRV     0        1      4190     mail.example.org. (your ${MAILCOW_HOSTNAME})
 _smtps._tcp         IN SRV     0        1      465      mail.example.org. (your ${MAILCOW_HOSTNAME})
 _submission._tcp    IN SRV     0        1      587      mail.example.org. (your ${MAILCOW_HOSTNAME})
-
            
+

            Testing

            Here are some tools you can use to verify your DNS configuration:

              @@ -2613,7 +2613,7 @@ _submission._tcp IN SRV 0 1 587 mail.example.org. (your

              These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary.

              Email test for SPF, DKIM and DMARC:

              To run a rudimentary email authentication check, send a mail to check-auth at verifier.port25.com and wait for a reply. You will find a report similar to the following:

              -
              ==========================================================
+
              ==========================================================
 Summary of Results
 ==========================================================
 SPF check:          pass
@@ -2626,7 +2626,7 @@ SpamAssassin check: ham
 Details:
 ==========================================================
 ....
-
              
+

              The full report will contain more technical details.

              Fully Qualified Domain Name (FQDN)

              diff --git a/en/prerequisite/prerequisite-system/index.html b/en/prerequisite/prerequisite-system/index.html index 10557f90b..eb46a7f09 100644 --- a/en/prerequisite/prerequisite-system/index.html +++ b/en/prerequisite/prerequisite-system/index.html @@ -2614,10 +2614,10 @@

              Other Distributions may work as well but weren´t tested by us!

              Firewall & Ports

              Please check if any of mailcow's standard ports are open and not in use by other applications:

              -
              ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
+
              ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
 # or:
 netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
-
              
+

              Danger

              There are several problems with running mailcow on a firewalld/ufw enabled system.
              @@ -2713,34 +2713,34 @@ Use the FORWARD chain instead.

              Port 53 unimportant for the firewall configuration in this case. According to the documentation unbound uses the port range 1024-65535 for outgoing requests. Since the Hetzner Robot Firewall is a static firewall (each incoming packet is checked isolated) - the following rules must be applied:

              For TCP -

              SRC-IP:       ---
+
              SRC-IP:       ---
 DST IP:       ---
 SRC Port:    ---
 DST Port:    1024-65535
 Protocol:    tcp
 TCP flags:   ack
 Action:      Accept
-
              
+

              For UDP -

              SRC-IP:       ---
+
              SRC-IP:       ---
 DST IP:       ---
 SRC Port:    ---
 DST Port:    1024-65535
 Protocol:    udp
 Action:      Accept
-
              
+

              If you want to apply a more restrictive port range you have to change the config of unbound first (after installation):

              {mailcow-dockerized}/data/conf/unbound/unbound.conf: -

              outgoing-port-avoid: 0-32767
-

              +
              outgoing-port-avoid: 0-32767
+

              Now the firewall rules can be adjusted as follows:

              -
              [...]
+
              [...]
 DST Port:  32768-65535
 [...]
-
              
+

              Date and Time

              To ensure that you have the correct date and time setup on your system, please check the output of timedatectl status:

              -
              $ timedatectl status
+
              $ timedatectl status
       Local time: Sat 2017-05-06 02:12:33 CEST
   Universal time: Sat 2017-05-06 00:12:33 UTC
         RTC time: Sat 2017-05-06 00:12:32
@@ -2755,22 +2755,22 @@ NTP synchronized: yes
  Next DST change: DST ends (the clock jumps one hour backwards) at
                   Sun 2017-10-29 02:59:59 CEST
                   Sun 2017-10-29 02:00:00 CET
-
              
+

              The lines NTP enabled: yes and NTP synchronized: yes indicate whether you have NTP enabled and if it's synchronized.

              To enable NTP you need to run the command timedatectl set-ntp true. You also need to edit your /etc/systemd/timesyncd.conf:

              -
              # vim /etc/systemd/timesyncd.conf
+
              # vim /etc/systemd/timesyncd.conf
 [Time]
 NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
-
              
+

              Hetzner Cloud (and probably others)

              Check /etc/network/interfaces.d/50-cloud-init.cfg and change the IPv6 interface from eth0:0 to eth0:

              -
              # Wrong:
+
              # Wrong:
 auto eth0:0
 iface eth0:0 inet6 static
 # Right:
 auto eth0
 iface eth0 inet6 static
-
              
+

              Reboot or restart the interface. You may want to disable cloud-init network changes.

              MTU

              diff --git a/en/third_party/third_party-borgmatic/index.html b/en/third_party/third_party-borgmatic/index.html index da0add0ca..01c298ac8 100644 --- a/en/third_party/third_party-borgmatic/index.html +++ b/en/third_party/third_party-borgmatic/index.html @@ -2687,43 +2687,43 @@ This guide only covers the basics.

              Create or amend docker-compose.override.yml

              In the mailcow-dockerized root folder create or edit docker-compose.override.yml and insert the following configuration:

              -
              version: '2.1'
+
              version: '2.1'
 
-services:
-  borgmatic-mailcow:
-    image: b3vis/borgmatic
-    hostname: mailcow
-    restart: always
-    dns: ${IPV4_NETWORK:-172.22.1}.254
-    volumes:
-      - vmail-vol-1:/mnt/source/vmail:ro
-      - crypt-vol-1:/mnt/source/crypt:ro
-      - redis-vol-1:/mnt/source/redis:ro,z
-      - rspamd-vol-1:/mnt/source/rspamd:ro,z
-      - postfix-vol-1:/mnt/source/postfix:ro,z
-      - mysql-socket-vol-1:/var/run/mysqld/:z
-      - borg-config-vol-1:/root/.config/borg:Z
-      - borg-cache-vol-1:/root/.cache/borg:Z
-      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
-      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
-    environment:
-      - TZ=${TZ}
-      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
-    networks:
-      mailcow-network:
-        aliases:
-          - borgmatic
+services:
+  borgmatic-mailcow:
+    image: b3vis/borgmatic
+    hostname: mailcow
+    restart: always
+    dns: ${IPV4_NETWORK:-172.22.1}.254
+    volumes:
+      - vmail-vol-1:/mnt/source/vmail:ro
+      - crypt-vol-1:/mnt/source/crypt:ro
+      - redis-vol-1:/mnt/source/redis:ro,z
+      - rspamd-vol-1:/mnt/source/rspamd:ro,z
+      - postfix-vol-1:/mnt/source/postfix:ro,z
+      - mysql-socket-vol-1:/var/run/mysqld/:z
+      - borg-config-vol-1:/root/.config/borg:Z
+      - borg-cache-vol-1:/root/.cache/borg:Z
+      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
+      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
+    environment:
+      - TZ=${TZ}
+      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
+    networks:
+      mailcow-network:
+        aliases:
+          - borgmatic
 
-volumes:
-  borg-cache-vol-1:
-  borg-config-vol-1:
-
              
+volumes:
+  borg-cache-vol-1:
+  borg-config-vol-1:
+

              Ensure that you change the BORG_PASSPHRASE to a secure passphrase of your choosing.

              For security reasons we mount the maildir as read-only. If you later want to restore data you will need to remove the ro flag prior to restoring the data. This is described in the section on restoring backups.

              Create data/conf/borgmatic/etc/config.yaml

              Next, we need to create the borgmatic configuration.

              -
              source mailcow.conf
+
              source mailcow.conf
 cat <<EOF > data/conf/borgmatic/etc/config.yaml
 location:
     source_directories:
@@ -2749,7 +2749,7 @@ cat <<EOF > data/conf/borgmatic/etc/config.yaml
           password: ${DBPASS}
           options: --default-character-set=utf8mb4
 EOF
-
              
+

              Creating the file in this way ensures the correct MySQL credentials are pulled in from mailcow.conf.

              This file is a minimal example for using borgmatic with an account user on the cloud storage provider rsync.net for a repository called mailcow (see repositories setting). It will backup both the maildir and MySQL database, which is @@ -2765,8 +2765,8 @@ container. The container defines a volume called /mnt/borg-repository

              Create a crontab

              Create a new text file in data/conf/borgmatic/etc/crontab.txt with the following content:

              -
              14 * * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
-
              +
              14 * * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
+

              This file expects crontab syntax. The example shown here will trigger the backup to run every hour at 14 minutes past the hour and log some nice stats at the end.

              Place SSH keys in folder

              @@ -2775,14 +2775,14 @@ usual id_rsa, id_ed25519 or similar to be in this dire or OpenSSH will refuse to use the SSH key.

              Bring up the container

              For the next step we need the container to be up and running in a configured state. To do that run:

              -
              docker-compose up -d
-
              +
              docker-compose up -d
+

              Initialize the repository

              By now your borgmatic container is up and running, but the backups will currently fail due to the repository not being initialized.

              To initialize the repository run:

              -
              docker-compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2
-
              +
              docker-compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2
+

              You will be asked you to authenticate the SSH host key of your remote repository server. See if it matches and confirm the prompt by entering yes. The repository will be initialized with the passphrase you set in the BORG_PASSPHRASE environment variable earlier.

              @@ -2793,8 +2793,8 @@ for how to retrieve the key.

              Restart container

              Now that we finished configuring and initializing the repository restart the container to ensure it is in a defined state:

              -
              docker-compose restart borgmatic-mailcow
-
              +
              docker-compose restart borgmatic-mailcow
+

              Restoring from a backup

              Restoring a backup assumes you are starting off with a fresh installation of mailcow, and you currently do not have any custom data in your maildir or your mailcow database.

              @@ -2814,8 +2814,8 @@ this volume.

              Before running a restore you must make the vmail volume writeable in docker-compose.override.yml by removing the ro flag from the volume. Then you can use the following command to restore the maildir from a backup:

              -
              docker-compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
-
              +
              docker-compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
+

              Alternatively you can specify any archive name from the list of archives (see Listing all available archives)

              Restore MySQL

              @@ -2825,30 +2825,30 @@ Then you can use the following command to restore the maildir from a backup:

              intend to recover the mailcow database from a backup.

              To restore the MySQL database from the latest archive use this command:

              -
              docker-compose exec borgmatic-mailcow borgmatic restore --archive latest
-
              +
              docker-compose exec borgmatic-mailcow borgmatic restore --archive latest
+

              Alternatively you can specify any archive name from the list of archives (see Listing all available archives)

              After restoring

              After restoring you need to restart mailcow. If you disabled SELinux enforcing mode now would be a good time to re-enable it.

              To restart mailcow use the follwing command:

              -
              docker-compose down && docker-compose up -d
-
              +
              docker-compose down && docker-compose up -d
+

              If you use SELinux this will also trigger the re-labeling of all files in your vmail volume. Be patient, as this may take a while if you have lots of files.

              Useful commands

              Manual archiving run (with debugging output)

              -
              docker-compose exec borgmatic-mailcow borgmatic -v 2
-
              +
              docker-compose exec borgmatic-mailcow borgmatic -v 2
+

              Listing all available archives

              -
              docker-compose exec borgmatic-mailcow borgmatic list
-
              +
              docker-compose exec borgmatic-mailcow borgmatic list
+

              Break lock

              When borg is interrupted during an archiving run it will leave behind a stale lock that needs to be cleared before any new operations can be performed:

              -
              docker-compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
-
              +
              docker-compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
+

              Where user@rsync.net:mailcow is the URI to your repository.

              Now would be a good time to do a manual archiving run to ensure it can be successfully performed.

              Exporting keys

              @@ -2857,8 +2857,8 @@ key files are generated when you initialize the repository. The repokey

              Note that in either case you also must have the passphrase to decrypt any archives.

              To fetch the keyfile run:

              -
              docker-compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
-
              +
              docker-compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
+

              Where user@rsync.net:mailcow is the URI to your repository.

              diff --git a/en/third_party/third_party-gitea/index.html b/en/third_party/third_party-gitea/index.html index d9021788d..d70f7c7ba 100644 --- a/en/third_party/third_party-gitea/index.html +++ b/en/third_party/third_party-gitea/index.html @@ -2347,7 +2347,7 @@

              With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

              1. Open docker-compose.override.yml and add gitea:

              -
              version: '2.1'
+
              version: '2.1'
 services:
 
         gitea-mailcow:
@@ -2360,28 +2360,28 @@ services:
                         - gitea
             ports:
                 - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
-
              
+

              2. Create data/conf/nginx/site.gitea.custom, add: -

              location /gitea/ {
+
              location /gitea/ {
         proxy_pass http://gitea:3000/;
 }
-
              
+

              3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example:

              -
              GITEA_SSH_PORT=127.0.0.1:4000
-
              +
              GITEA_SSH_PORT=127.0.0.1:4000
+

              5. Run docker-compose up -d to bring up the gitea container and run docker-compose restart nginx-mailcow afterwards.

              6. If you forced mailcow to https, execute step 9 and restart gitea with docker-compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/

              7. Open http://${MAILCOW_HOSTNAME}/gitea/, for example http://mx.example.org/gitea/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

              8. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

              9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values.

              -
              [server]
+
              [server]
 SSH_LISTEN_PORT = 22
 # For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
 SSH_DOMAIN = 127.0.0.1
 SSH_PORT = 4000
 # For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
 ROOT_URL = https://mx.example.org/gitea/
-
              
+

              10. Restart gitea with docker-compose restart gitea-mailcow. Your users should be able to login with mailcow managed accounts.

              diff --git a/en/third_party/third_party-gogs/index.html b/en/third_party/third_party-gogs/index.html index 146ebecfc..085bdd836 100644 --- a/en/third_party/third_party-gogs/index.html +++ b/en/third_party/third_party-gogs/index.html @@ -2347,7 +2347,7 @@

              With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

              1. Open docker-compose.override.yml and add Gogs:

              -
              version: '2.1'
+
              version: '2.1'
 services:
 
     gogs-mailcow:
@@ -2360,27 +2360,27 @@ services:
             - gogs
       ports:
         - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
-
              
+

              2. Create data/conf/nginx/site.gogs.custom, add: -

              location /gogs/ {
+
              location /gogs/ {
     proxy_pass http://gogs:3000/;
 }
-
              
+

              3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example:

              -
              GOGS_SSH_PORT=127.0.0.1:4000
-
              +
              GOGS_SSH_PORT=127.0.0.1:4000
+

              5. Run docker-compose up -d to bring up the Gogs container and run docker-compose restart nginx-mailcow afterwards.

              6. Open http://${MAILCOW_HOSTNAME}/gogs/, for example http://mx.example.org/gogs/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

              7. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

              8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values.

              -
              [server]
+
              [server]
 SSH_LISTEN_PORT = 22
 # For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
 SSH_DOMAIN = 127.0.0.1
 SSH_PORT = 4000
 # For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
 ROOT_URL = https://mx.example.org/gogs/
-
              
+

              9. Restart Gogs with docker-compose restart gogs-mailcow. Your users should be able to login with mailcow managed accounts.

              diff --git a/en/third_party/third_party-mailman3/index.html b/en/third_party/third_party-mailman3/index.html index e8a396cc6..e0760ed2c 100644 --- a/en/third_party/third_party-mailman3/index.html +++ b/en/third_party/third_party-mailman3/index.html @@ -2780,15 +2780,15 @@

              DNS setup

              Most of the configuration is covered by mailcows DNS setup. After finishing this setup add another subdomain for Mailman, e.g. lists.example.org that points to the same server:

              -
              # Name    Type       Value
+
              # Name    Type       Value
 lists     IN A       1.2.3.4
 lists     IN AAAA    dead:beef
-
              
+

              Install Apache as a reverse proxy

              Install Apache, e.g. with this guide from Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04.

              Activate certain Apache modules (as root or sudo):

              -
              a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
-
              +
              a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
+

              Maybe you have to install further packages to get these modules. This PPA by Ondřej Surý may help you.

              vHost configuration

              Copy the mailcow.conf and the mailman.conf in the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available).

              @@ -2806,18 +2806,18 @@ lists IN AAAA dead:beef
            • https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN

            Install certbot (as root or sudo):

            -
            apt install certbot
-
            +
            apt install certbot
+

            Get the desired certificates (as root or sudo):

            -
            certbot certonly -d mailcow_HOSTNAME
+
            certbot certonly -d mailcow_HOSTNAME
 certbot certonly -d MAILMAN_DOMAIN
-
            
+

            Install mailcow with Mailman integration

            Install mailcow

            Follow the mailcow installation. Omit step 5 and do not pull and up with docker-compose!

            Configure mailcow

            This is also Step 4 in the official mailcow installation (nano mailcow.conf). So change to your needs and alter the following variables:

            -
            HTTP_PORT=18080            # don't use 8080 as mailman needs it
+
            HTTP_PORT=18080            # don't use 8080 as mailman needs it
 HTTP_BIND=127.0.0.1        #
 HTTPS_PORT=18443           # you may use 8443
 HTTPS_BIND=127.0.0.1       #
@@ -2826,10 +2826,10 @@ SKIP_LETS_ENCRYPT=y        # reverse proxy will do the SSL termination
 
 SNAT_TO_SOURCE=1.2.3.4     # change this to your IPv4
 SNAT6_TO_SOURCE=dead:beef  # change this to your global IPv6
-
            
+

            Add Mailman integration

            Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano) and add the following lines:

            -

            version: '2.1'
+
            version: '2.1'
 
 services:
   postfix-mailcow:
@@ -2841,10 +2841,10 @@ services:
 networks:
   docker-mailman_mailman:
     external: true
-
            
+
            The additional volume is used by Mailman to generate additional config files for mailcow postfix. The external network is build and used by Mailman. mailcow needs it to deliver incoming list mails to Mailman.

            Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano) and add the following lines:

            -

            # mailman
+
            # mailman
 
 recipient_delimiter = +
 unknown_local_recipient_reject_code = 550
@@ -2869,7 +2869,7 @@ relay_domains =
 relay_recipient_maps =
   proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
   regexp:/opt/mailman/core/var/data/postfix_lmtp
-
            
+
            As we overwrite mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed.

            SSL certificates

            As we proxying mailcow, we need to copy the SSL certificates into the mailcow file structure. This task will do the script renew-ssl.sh for us:

            @@ -2880,26 +2880,26 @@ As we overwrite mailcow postfix configuration here, this step may break
          • Do not run it yet, as we first need Mailman

          You have to create a cronjob, so that new certificates will be copied. Execute as root or sudo:

          -
          crontab -e
-
          +
          crontab -e
+

          To run the script every day at 5am, add:

          -
          0   5  *   *   *     /opt/mailcow-dockerized/renew-ssl.sh
-
          +
          0   5  *   *   *     /opt/mailcow-dockerized/renew-ssl.sh
+

          Install Mailman

          Basicly follow the instructions at docker-mailman. As they are a lot, here is in a nuthshell what to do:

          As root or sudo:

          -
          cd /opt
+
          cd /opt
 mkdir -p mailman/core
 mkdir -p mailman/web
 git clone https://github.com/maxking/docker-mailman
 cd docker-mailman
-
          
+

          Configure Mailman

          Create a long key for Hyperkitty, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as HYPERKITTY_KEY.

          Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this password for a moment as DBPASS.

          Create a long key for Django, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as DJANGO_KEY.

          Create the file /opt/docker-mailman/docker-compose.override.yaml and replace HYPERKITTY_KEY, DBPASS and DJANGO_KEY with the generated values:

          -
          version: '2'
+
          version: '2'
 
 services:
   mailman-core:
@@ -2928,17 +2928,17 @@ services:
     environment:
     - POSTGRES_PASSWORD=DBPASS
     restart: always
-
          
+

          At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL. You need the admin credentials to log into the web interface (Pistorius). For setting the password for the first time use the Forgot password function in the web interface.

          About other configuration options read Mailman-web and Mailman-core documentation.

          Configure Mailman core and Mailman web

          Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

          -
          [mailman]
+
          [mailman]
 default_language: de
 site_owner: mailman@example.org
-
          
+

          Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

          -

          # locale
+
          # locale
 LANGUAGE_CODE = 'de-de'
 
 # disable social authentication
@@ -2948,11 +2948,11 @@ SOCIALACCOUNT_PROVIDERS = {}
 DEFAULT_FROM_EMAIL = 'mailman@example.org'
 
 DEBUG = False
-
          
+
          You can change LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs. At the moment SOCIALACCOUNT_PROVIDERS has no effect, see issue #2.

          🏃 Run

          Run (as root or sudo)

          -
          a2ensite mailcow.conf
+
          a2ensite mailcow.conf
 a2ensite mailman.conf
 systemctl restart apache2
 
@@ -2963,14 +2963,14 @@ docker-compose up -d
 cd /opt/mailcow-dockerized/
 docker-compose pull
 ./renew-ssl.sh
-
          
+

          Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.

          Remarks

          New lists aren't recognized by postfix instantly

          When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist, because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually:

          -
          cd /opt/mailcow-dockerized
+
          cd /opt/mailcow-dockerized
 docker-compose restart postfix-mailcow
-
          
+

          Update

          mailcow has it's own update script in /opt/mailcow-dockerized/update.sh, see the docs.

          For Mailman just fetch the newest version from the github repository.

          diff --git a/en/third_party/third_party-mailpiler_integration/index.html b/en/third_party/third_party-mailpiler_integration/index.html index 95c8c7ae1..300d87694 100644 --- a/en/third_party/third_party-mailpiler_integration/index.html +++ b/en/third_party/third_party-mailpiler_integration/index.html @@ -2456,11 +2456,11 @@

          The problem to solve

          mailpiler offers the authentication based on IMAP, for example:

          -
          $config['ENABLE_IMAP_AUTH'] = 1;
+
          $config['ENABLE_IMAP_AUTH'] = 1;
 $config['IMAP_HOST'] = 'mail.example.com';
 $config['IMAP_PORT'] =  993;
 $config['IMAP_SSL'] = true;
-
          
+
          • So when you log in using patrik@example.com, you will only see delivered emails sent from or to this specific email address.
          • When additional aliases are defined in mailcow, like team@example.com, you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address.
            • @@ -2487,19 +2487,19 @@

            1. Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php:

              -
              $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
+
              $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
 $config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false
 $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
 include('auth-mailcow.php');
-
              
+

              You can also change the mailcow hostname, if required: -

              $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
-

              +
              $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
+

            2. Download the PHP file with the functions from the GitHub repo:

              -
              curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
-
              +
              curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
+

            3. Done!

              diff --git a/en/third_party/third_party-nextcloud/index.html b/en/third_party/third_party-nextcloud/index.html index b2416e985..9210d9524 100644 --- a/en/third_party/third_party-nextcloud/index.html +++ b/en/third_party/third_party-nextcloud/index.html @@ -2457,14 +2457,14 @@

              In order for mailcow to generate a a certificate for the nextcloud domain you need to add "nextcloud.domain.tld" to ADDITIONAL_SAN in mailcow.conf and run docker-compose up -d to apply. For more informaton refer to: Advanced SSL.

              Background jobs

              To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml:

              -
              version: '2.1'
+
              version: '2.1'
 services:
   php-fpm-mailcow:
     labels:
       ofelia.enabled: "true"
       ofelia.job-exec.nextcloud-cron.schedule: "@every 5m"
       ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""
-
              
+

              After adding these lines the docker-compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to pick up the new job definition by executing docker-compose restart ofelia-mailcow. To check if the job was successfully picked up by ofelia the command docker-compose logs ofelia-mailcow will contain a line similar to New job registered "nextcloud-cron" - ....

              @@ -2516,14 +2516,14 @@ services:

              If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

              1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it. 2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

              INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
+
              INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
 INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
-
              
+

              If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

              1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

              INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
-

              +
              INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
+

              Update

              The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. @@ -2533,13 +2533,13 @@ It shows which commands have to be executed, these have to be placed in the php-

              Debugging & Troubleshooting

              It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/*.

              -
              'trusted_proxies' =>
+
              'trusted_proxies' =>
   array (
     0 => 'fd4d:6169:6c63:6f77::/64',
     1 => '172.22.1.0/24',
     2 => 'NewSubnet/24',
   ),
-
              
+

              After the changes have been made, the nginx container must be restarted. docker-compose restart nginx-mailcow

              diff --git a/en/third_party/third_party-portainer/index.html b/en/third_party/third_party-portainer/index.html index 36b4b74f6..6d5f6f399 100644 --- a/en/third_party/third_party-portainer/index.html +++ b/en/third_party/third_party-portainer/index.html @@ -2347,7 +2347,7 @@

              In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified.

              1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration -

              version: '2.1'
+
              version: '2.1'
 services:
     portainer-mailcow:
       image: portainer/portainer-ce
@@ -2362,9 +2362,9 @@ services:
         mailcow-network:
           aliases:
             - portainer
-
              
+
              2a. Create data/conf/nginx/portainer.conf: -
              upstream portainer {
+
              upstream portainer {
   server portainer-mailcow:9000;
 }
 
@@ -2372,9 +2372,9 @@ map $http_upgrade $connection_upgrade {
   default upgrade;
   '' close;
 }
-
              
+

              2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom: -

                location /portainer/ {
+
                location /portainer/ {
     proxy_http_version 1.1;
     proxy_set_header Host              $http_host;   # required for docker client's sake
     proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
@@ -2393,10 +2393,10 @@ map $http_upgrade $connection_upgrade {
     proxy_set_header Connection $connection_upgrade;
     proxy_pass http://portainer/api/websocket/;
   }
-
              
+

              3. Apply your changes: -

              docker-compose up -d && docker-compose restart nginx-mailcow
-

              +
              docker-compose up -d && docker-compose restart nginx-mailcow
+

              Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the admin account. After specifying your password, you’ll then be able to connect to the Portainer UI.

              diff --git a/en/third_party/third_party-roundcube/index.html b/en/third_party/third_party-roundcube/index.html index bc33dfb41..b3cacb438 100644 --- a/en/third_party/third_party-roundcube/index.html +++ b/en/third_party/third_party-roundcube/index.html @@ -2466,7 +2466,7 @@

              Installing Roundcube

              Download Roundcube 1.5.x to the web htdocs directory and extract it (here rc/): -

              # Check for a newer release!
+
              # Check for a newer release!
 cd data/web
 wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -
 
@@ -2478,17 +2478,17 @@ chown -R root: rc/
 
 # Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6
 sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php
-
              
+

              If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. -

              #!/bin/bash
+
              #!/bin/bash
 apk update
 apk add aspell-en # or any other language
-
              
+

              Create a file data/web/rc/config/config.inc.php with the following content. - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - The db_prefix is optional but recommended. - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. -

              <?php
+
              <?php
 error_reporting(0);
 if (!file_exists('/tmp/mime.types')) {
 file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
@@ -2520,13 +2520,13 @@ $config['smtp_conn_options'] = array(
   'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
 );
 $config['db_prefix'] = 'mailcow_rc1';
-
              
+

              Point your browser to https://myserver/rc/installer and follow the instructions. Initialize the database and leave the installer.

              Delete the directory data/web/rc/installer after a successful installation!

              Configure ManageSieve filtering

              Open data/web/rc/plugins/managesieve/config.inc.php and change the following parameters (or add them at the bottom of that file): -

              $config['managesieve_port'] = 4190;
+
              $config['managesieve_port'] = 4190;
 $config['managesieve_host'] = 'tls://dovecot';
 $config['managesieve_conn_options'] = array(
   'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
@@ -2536,37 +2536,37 @@ $config['managesieve_conn_options'] = array(
 // 1 - add Vacation section,
 // 2 - add Vacation section, but hide Filters section
 $config['managesieve_vacation'] = 1;
-
              
+

              Enable change password function in Roundcube

              Open data/web/rc/config/config.inc.php and enable the password plugin:

              -
              ...
+
              ...
 $config['plugins'] = array(
     'archive',
     'password',
 );
 ...
-
              
+

              Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

              -
                      case 'ssha256':
+
                      case 'ssha256':
             $salt = rcube_utils::random_bytes(8);
             $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
             $prefix  = '{SSHA256}';
             break;
-
              
+

              Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

              -
              $config['password_driver'] = 'sql';
+
              $config['password_driver'] = 'sql';
 $config['password_algorithm'] = 'ssha256';
 $config['password_algorithm_prefix'] = '{SSHA256}';
 $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
-
              
+

              Integrate CardDAV addressbooks in Roundcube

              Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): -

              cd data/web/rc/plugins
+
              cd data/web/rc/plugins
 wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz  | tar xfvz -
 chown -R root: carddav/
-
              
+

              Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: -

              $prefs['SOGo'] = array(
+
              $prefs['SOGo'] = array(
     'name'         =>  'SOGo',
     'username'     =>  '%u',
     'password'     =>  '%p',
@@ -2579,7 +2579,7 @@ chown -R root: carddav/
     'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
     'hide'        =>  false,
 );
-
              
+
              Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

              Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

              If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

              @@ -2587,7 +2587,7 @@ Please note, that this preset only integrates the default addressbook (the one t

              Optionally, you can add Roundcube's link to the mailcow Apps list. To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

              NOTE: Don't forget to add the <?php delimiter on the first line

              -
              ...
+
              ...
 $MAILCOW_APPS = array(
   array(
     'name' => 'SOGo',
@@ -2599,10 +2599,10 @@ $MAILCOW_APPS = array(
    )
 );
 ...
-
              
+

              Upgrading Roundcube

              Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

              -
              # Enter a bash session of the mailcow PHP container
+
              # Enter a bash session of the mailcow PHP container
 docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash
 
 # Install required upgrade dependency, then upgrade Roundcube to wanted release
@@ -2620,42 +2620,42 @@ rm -rf roundcube*
 
 # Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6
 sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php
-
              
+

              Let admins log into Roundcube without password

              First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

              Edit mailcow.conf and add the following:

              -
              # Allow admins to log into Roundcube as email user (without any password)
+
              # Allow admins to log into Roundcube as email user (without any password)
 # Roundcube with plugin dovecot_impersonate must be installed first
 
 ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
-
              
+

              Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow:

              -
              version: '2.1'
+
              version: '2.1'
 services:
   php-fpm-mailcow:
     environment:
       - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}
-
              
+

              Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

              -
              if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
+
              if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
   item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
 }
-
              
+

              Edit data/web/mailbox.php and add this line to array $template_data:

              -
                'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
-
              +
                'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
+

              Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section:

              -
                var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
-
              +
                var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
+

              Copy the contents of the following files from this Snippet:

              • data/web/inc/lib/RoundcubeAutoLogin.php
              • data/web/rc-auth.php

              Finally, restart mailcow

              -
              docker-compose down
+
              docker-compose down
 docker-compose up -d
-
              
+
              diff --git a/en/troubleshooting/debug-admin_login_sogo/index.html b/en/troubleshooting/debug-admin_login_sogo/index.html index c3f5199dc..a73f5246c 100644 --- a/en/troubleshooting/debug-admin_login_sogo/index.html +++ b/en/troubleshooting/debug-admin_login_sogo/index.html @@ -2428,11 +2428,11 @@ log into SOGo as a mailbox user, without knowing the users password.

              Multiple concurrent admin-logins to different mailboxes are also possible when using this feature.

              Enabling the feature

              The feature is disabled by default. It can be enabled in the mailcow.conf by setting: -

              ALLOW_ADMIN_EMAIL_LOGIN=y
-
              +
              ALLOW_ADMIN_EMAIL_LOGIN=y
+
              and recreating the affected containers with -
              docker-compose up -d
-

              +
              docker-compose up -d
+

              Drawbacks when enabled

              • Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. diff --git a/en/troubleshooting/debug-attach_service/index.html b/en/troubleshooting/debug-attach_service/index.html index 816617af8..df8c36a4b 100644 --- a/en/troubleshooting/debug-attach_service/index.html +++ b/en/troubleshooting/debug-attach_service/index.html @@ -2476,17 +2476,17 @@

                Attaching a Container to your Shell

                To attach a container to your shell you can simply run

                -
                docker-compose exec $Service_Name /bin/bash
-
                +
                docker-compose exec $Service_Name /bin/bash
+

                Connecting to Services

                If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.

                MySQL

                -
                source mailcow.conf
+
                source mailcow.conf
 docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
-
                
+

                Redis

                -
                docker-compose exec redis-mailcow redis-cli
-
                +
                docker-compose exec redis-mailcow redis-cli
+

                Service Descriptions

                Here is a brief overview of what container / service does what:

          diff --git a/en/troubleshooting/debug-common_problems/index.html b/en/troubleshooting/debug-common_problems/index.html index c38562215..f29b16424 100644 --- a/en/troubleshooting/debug-common_problems/index.html +++ b/en/troubleshooting/debug-common_problems/index.html @@ -2516,11 +2516,11 @@
        • Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address.
        • There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587:
          • -
          # telnet 74.125.133.27 465
+
          # telnet 74.125.133.27 465
 Trying 74.125.133.27...
 Connected to 74.125.133.27.
 Escape character is '^]'.
-
          
+

          My mails are identified as Spam

          Please read our guide on DNS configuration.

          docker-compose throws weird errors

          @@ -2537,8 +2537,8 @@ Escape character is '^]'.

          It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.

          Address already in use

          If you get an error message like:

          -
          ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
-
          +
          ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
+

          while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites.

          XYZ can't connect to ...

          Please check your local firewall! @@ -2546,19 +2546,19 @@ Docker and iptables-based firewalls sometimes create conflicting rules, so disab

          If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25).

          While Linux users can chose from a variety of tools1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default.

          To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges:

          -
          dism /online /Enable-Feature /FeatureName:TelnetClient
-
          +
          dism /online /Enable-Feature /FeatureName:TelnetClient
+

          Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)

          Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.

          Dovecot keeps restarting (see #2672)

          Check that you have at least the following files in data/assets/ssl:

          -
          cert.pem
+
          cert.pem
 dhparams.pem
 key.pem
-
          
+

          If dhparams.pem is missing, you can generate it with

          -
          openssl dhparam -out data/assets/ssl/dhparams.pem 4096
-
          +
          openssl dhparam -out data/assets/ssl/dhparams.pem 4096
+
            diff --git a/en/troubleshooting/debug-mysql_aria/index.html b/en/troubleshooting/debug-mysql_aria/index.html index d5af4af53..bb44de854 100644 --- a/en/troubleshooting/debug-mysql_aria/index.html +++ b/en/troubleshooting/debug-mysql_aria/index.html @@ -2398,7 +2398,7 @@

            If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state:

            Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker-compose ps.

            Now run the following commands:

            -
            # Stop the stack, don't run "down"
+
            # Stop the stack, don't run "down"
 docker-compose stop
 # Run a bash in the stopped container as user mysql
 docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
@@ -2408,7 +2408,7 @@ cd /var/lib/mysql
 aria_chk --check --force */*.MAI
 # Delete aria log files
 rm aria_log.*
-
            
+

            Now run docker-compose down followed by docker-compose up -d.

            diff --git a/en/troubleshooting/debug-mysql_upgrade/index.html b/en/troubleshooting/debug-mysql_upgrade/index.html index 6c52e09bb..148b3b52d 100644 --- a/en/troubleshooting/debug-mysql_upgrade/index.html +++ b/en/troubleshooting/debug-mysql_upgrade/index.html @@ -2396,13 +2396,13 @@

            Run a manual mysql_upgrade

            This step is usually not necessary.

            -
            docker-compose stop mysql-mailcow watchdog-mailcow
+
            docker-compose stop mysql-mailcow watchdog-mailcow
 docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
-
            
+

            As soon as the SQL shell spawned, run mysql_upgrade and exit the container:

            -
            mysql_upgrade
+
            mysql_upgrade
 exit
-
            
+
            diff --git a/en/troubleshooting/debug-reset_pw/index.html b/en/troubleshooting/debug-reset_pw/index.html index f8f46ffb5..3a4dee318 100644 --- a/en/troubleshooting/debug-reset_pw/index.html +++ b/en/troubleshooting/debug-reset_pw/index.html @@ -2544,16 +2544,16 @@

            mailcow Admin Account

            Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path).

            -
            cd mailcow_path
+
            cd mailcow_path
 ./helper-scripts/mailcow-reset-admin.sh
-
            
+

            Reset MySQL Passwords

            Stop the stack by running docker-compose stop.

            When the containers came to a stop, run this command:

            -
            docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
-
            +
            docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
+

            1. Find database name

            -
            # source mailcow.conf
+
            # source mailcow.conf
 # docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
 MariaDB [(none)]> show databases;
 +--------------------+
@@ -2565,11 +2565,11 @@ MariaDB [(none)]> show databases;
 | performance_schema |
 +--------------------+
 4 rows in set (0.00 sec)
-
            
+

            2. Reset one or more users

            2.1 Maria DB < 10.4 (older mailcow installations)

            Both "password" and "authentication_string" exist. Currently "password" is used, but better set both.

            -
            MariaDB [(none)]> SELECT user FROM mysql.user;
+
            MariaDB [(none)]> SELECT user FROM mysql.user;
 +--------------+
 | user         |
 +--------------+
@@ -2582,9 +2582,9 @@ MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root';
 MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%';
 MariaDB [(none)]> FLUSH PRIVILEGES;
-
            
+

            2.2 Maria DB >= 10.4 (current mailcows)

            -
            MariaDB [(none)]> SELECT user FROM mysql.user;
+
            MariaDB [(none)]> SELECT user FROM mysql.user;
 +--------------+
 | user         |
 +--------------+
@@ -2598,16 +2598,16 @@ MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY '
 MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t';
 MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t';
 MariaDB [(none)]> FLUSH PRIVILEGES;
-
            
+

            Remove Two-Factor Authentication

            For mailcow WebUI:

            This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
-
            
+

            For SOGo:

            -
            docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
-
            +
            docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
+
            diff --git a/en/troubleshooting/debug-reset_tls/index.html b/en/troubleshooting/debug-reset_tls/index.html index bdb72abfa..c73859b13 100644 --- a/en/troubleshooting/debug-reset_tls/index.html +++ b/en/troubleshooting/debug-reset_tls/index.html @@ -2346,14 +2346,14 @@

            Reset TLS certificates

            In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose down
 rm -rf data/assets/ssl
 mkdir data/assets/ssl
 openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 docker-compose up -d
-
            
+

            This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow.

            If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later.

            Please also note that previous TLSA records will be invalid.

            diff --git a/en/troubleshooting/debug-rm_volumes/index.html b/en/troubleshooting/debug-rm_volumes/index.html index 6cb731740..bd90427fb 100644 --- a/en/troubleshooting/debug-rm_volumes/index.html +++ b/en/troubleshooting/debug-rm_volumes/index.html @@ -2348,8 +2348,8 @@

            You may want to remove a set of persistent data to resolve a conflict or to start over.

            mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list.

            Delete a single volume:

            -
            docker volume rm mailcowdockerized_${VOLUME_NAME}
-
            +
            docker volume rm mailcowdockerized_${VOLUME_NAME}
+
            • Remove volume mysql-vol-1 to remove all MySQL data.
            • Remove volume redis-vol-1 to remove all Redis data.
              • diff --git a/en/troubleshooting/debug-rspamd_memory_leaks/index.html b/en/troubleshooting/debug-rspamd_memory_leaks/index.html index f420b6191..757e8a185 100644 --- a/en/troubleshooting/debug-rspamd_memory_leaks/index.html +++ b/en/troubleshooting/debug-rspamd_memory_leaks/index.html @@ -2346,7 +2346,7 @@

              Advanced: Find memory leaks in Rspamd

              A quick guide to deeply analyze a malfunctioning Rspamd.

              -
              docker-compose exec rspamd-mailcow bash
+
              docker-compose exec rspamd-mailcow bash
 
 if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then
   sed -i 's/apt-stable/apt-stable-asan/i' /etc/apt/sources.list.d/rspamd.list
@@ -2360,7 +2360,7 @@ nano /docker-entrypoint.sh
 
 export G_SLICE=always-malloc
 export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0
-
              
+

              Restart Rspamd: docker-compose restart rspamd-mailcow

              Your memory consumption will increase by a lot, it will also steadily grow, which is not related to a possible memory leak you are looking for.

              Leave the container running for a few minutes, hours or days (it should match the time you usually wait for the leak to "happen") and restart it: docker-compose restart rspamd-mailcow.

              diff --git a/i_u_m/i_u_m_deinstall/index.html b/i_u_m/i_u_m_deinstall/index.html index 90aeeee73..b783d1b02 100644 --- a/i_u_m/i_u_m_deinstall/index.html +++ b/i_u_m/i_u_m_deinstall/index.html @@ -2346,8 +2346,8 @@

              Deinstallation

              To remove mailcow: dockerized with all it's volumes, images and containers do:

              -
              docker-compose down -v --rmi all --remove-orphans
-
              +
              docker-compose down -v --rmi all --remove-orphans
+

              Info

                diff --git a/i_u_m/i_u_m_install/index.html b/i_u_m/i_u_m_install/index.html index cc2bdc167..967f7283c 100644 --- a/i_u_m/i_u_m_install/index.html +++ b/i_u_m/i_u_m_install/index.html @@ -2351,10 +2351,10 @@

                • Docker -

                  curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+
                  curl -sSL https://get.docker.com/ | CHANNEL=stable sh
 # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
 systemctl enable --now docker
-
                  
+

                • Docker-Compose

                  @@ -2365,44 +2365,44 @@ systemctl enable --now docker

                  mailcow requires the latest version of docker-compose v1. It is highly recommended to use the commands below to install docker-compose. Package managers (e.g. apt, yum) likely won't give you the correct version. Note: This command downloads docker-compose from the official Docker Github repository and is a safe method. The snippet will determine the latest supported version by mailcow. In almost all cases this is the latest version available (exceptions are broken releases or major changes not yet supported by mailcow).

              -
              curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
              curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
-
              
+

              Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

              1.1. On SELinux enabled systems, e.g. CentOS 7:

              • Check if "container-selinux" package is present on your system:
              -
              rpm -qa | grep container-selinux
-
              +
              rpm -qa | grep container-selinux
+

              If the above command returns an empty or no output, you should install it via your package manager.

              • Check if docker has SELinux support enabled:
              -
              docker info | grep selinux
-
              +
              docker info | grep selinux
+

              If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add "selinux-enabled": true. Example file content:

              -
              {
+
              {
   "selinux-enabled": true
 }
-
              
+

              Restart the docker daemon and verify SELinux is now enabled.

              This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic.

              2. Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical.

              -
              $ su
+
              $ su
 # umask
 0022 # <- Verify it is 0022
 # cd /opt
 # git clone https://github.com/mailcow/mailcow-dockerized
 # cd mailcow-dockerized
-
              
+

              3. Generate a configuration file. Use a FQDN (host.domain.tld) as hostname when asked. -

              ./generate_config.sh
-

              +
              ./generate_config.sh
+

              4. Change configuration if you want or need to. -

              nano mailcow.conf
-
              +
              nano mailcow.conf
+
              If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.

              You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation.

              Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise.

              @@ -2410,20 +2410,20 @@ If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.

              Whenever you run into trouble and strange phenomena, please check your MTU.

              Edit docker-compose.yml and change the network settings according to your MTU. Add the new driver_opts parameter like this: -

              networks:
+
              networks:
   mailcow-network:
     ...
     driver_opts:
       com.docker.network.driver.mtu: 1450
     ...
-
              
+

              4.2. Users without an IPv6 enabled network on their host system:

              Enable IPv6. Finally.

              If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues.

              5. Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached: -

              docker-compose pull
+
              docker-compose pull
 docker-compose up -d
-
              
+

              Done!

              You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo.

              diff --git a/i_u_m/i_u_m_migration/index.html b/i_u_m/i_u_m_migration/index.html index 614e6cecb..e740d0358 100644 --- a/i_u_m/i_u_m_migration/index.html +++ b/i_u_m/i_u_m_migration/index.html @@ -2359,43 +2359,43 @@ Install Docker

              • Docker -

                curl -sSL https://get.docker.com/ | CHANNEL=stable sh
+
                curl -sSL https://get.docker.com/ | CHANNEL=stable sh
 # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
 systemctl enable docker.service
-
                
+

              • docker-compose -

                curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
+
                curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
 chmod +x /usr/local/bin/docker-compose
-
                
+

              Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

              2. Stop Docker and assure Docker has stopped: -

              systemctl stop docker.service
+
              systemctl stop docker.service
 systemctl status docker.service
-
              
+

              3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine: -

              rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
+
              rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
 rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
-
              
+

              4. Shut down mailcow and stop Docker on the source machine. -

              cd /opt/mailcow-dockerized
+
              cd /opt/mailcow-dockerized
 docker-compose down
 systemctl stop docker.service
-
              
+

              5. Repeat step 3 with the same commands. This will be much quicker than the first time.

              6. Switch over to the target machine and start Docker. -

              systemctl start docker.service
-

              +
              systemctl start docker.service
+

              7. Now pull the mailcow Docker images on the target machine. -

              cd /opt/mailcow-dockerized
+
              cd /opt/mailcow-dockerized
 docker-compose pull
-
              
+

              8. Start the whole mailcow stack and everything should be done! -

              docker-compose up -d
-

              +
              docker-compose up -d
+

              9. Finally, change your DNS settings to point to the target server.

              diff --git a/i_u_m/i_u_m_update/index.html b/i_u_m/i_u_m_update/index.html index 079ca5d64..f09029f94 100644 --- a/i_u_m/i_u_m_update/index.html +++ b/i_u_m/i_u_m_update/index.html @@ -2480,13 +2480,13 @@

              An update script in your mailcow-dockerized directory will take care of updates.

              But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below.

              Run the update script: -

              ./update.sh
-

              +
              ./update.sh
+

              If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow: dockerized repository code).

              Options

              -
              # Options can be combined
+
              # Options can be combined
 
 # - Check for updates and show changes
 ./update.sh --check
@@ -2509,22 +2509,22 @@ Some minor conflicts will be auto-corrected (in favour for the mailcow: dockeriz
 
 # - Don't update, but prefetch images and exit
 ./update.sh --prefetch
-
              
+

              I forgot what I changed before running update.sh

              See git log --pretty=oneline | grep -i "before update", you will have an output similar to this:

              -
              22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
+
              22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
-
              
+

              Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.

              Can I roll back?

              Yes.

              See the topic above, instead of a diff, you run checkout:

              -
              docker-compose down
+
              docker-compose down
 # Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID
 git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
 docker-compose pull
 docker-compose up -d
-
              
+

              Hooks

              You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.

              Footnotes

              diff --git a/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html index 070d0bf0b..05ae2ed9c 100644 --- a/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html +++ b/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -2466,21 +2466,21 @@
            • You will need to get your_id from one of the download links, they are individual for every user

            • Add to data/conf/clamav/freshclam.conf with replaced your_id part: -

              DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
+
              DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
 DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
-
              
+

            • For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf, increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size.

            • Adjust data/conf/clamav/clamd.conf to align with next settings: -

              DetectPUA yes
+
              DetectPUA yes
 ExcludePUA PUA.Win.Packer
 ExcludePUA PUA.Win.Trojan.Packed
 ExcludePUA PUA.Win.Trojan.Molebox
@@ -2493,11 +2493,11 @@ MaxEmbeddedPE 100M
 MaxHTMLNormalize 50M
 MaxScriptNormalize 50M
 MaxZipTypeRcg 50M
-
              
+

            • Restart ClamAV container: -
              docker-compose restart clamd-mailcow
-
              • +
              docker-compose restart clamd-mailcow
+

          Please note:

            @@ -2509,14 +2509,14 @@ MaxZipTypeRcg 50M

            Enable InterServer databases

            1. Add to data/conf/clamav/freshclam.conf: -
              DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
+
              DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
 DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
 DatabaseCustomURL http://sigs.interserver.net/shell.ldb
 DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
-
              2. +
        • Restart ClamAV container: -
          docker-compose restart clamd-mailcow
-
          • +
          docker-compose restart clamd-mailcow
+
          diff --git a/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/manual-guides/ClamAV/u_e-clamav-whitelist/index.html index c7ad2cdfe..42ceb41f5 100644 --- a/manual-guides/ClamAV/u_e-clamav-whitelist/index.html +++ b/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -2398,22 +2398,22 @@

          Whitelist specific ClamAV signatures

          You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

          -
          docker-compose logs clamd-mailcow | grep "FOUND"
-
          +
          docker-compose logs clamd-mailcow | grep "FOUND"
+

          This line confirms that such was identified:

          -
          clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
-
          +
          clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
+

          To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:

          -
          echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
-
          +
          echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
+

          Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose:

          -
          docker-compose restart clamd-mailcow
-
          +
          docker-compose restart clamd-mailcow
+

          Cleanup cached ClamAV results in Redis:

          -
          # docker-compose exec redis-mailcow  /bin/sh
+
          # docker-compose exec redis-mailcow  /bin/sh
 /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
 /data # exit
-
          
+
          diff --git a/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html index 489e3e897..4516f1341 100644 --- a/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html +++ b/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -2348,14 +2348,14 @@

          Customize Dockerfiles

          You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized):

          -
          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
-
          +
          cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
+

          Make your changes in data/Dockerfiles/$service and build the image locally:

          -
          docker build data/Dockerfiles/service -t mailcow/$service
-
          +
          docker build data/Dockerfiles/service -t mailcow/$service
+

          Now auto-recreate modified containers:

          -
          docker-compose up -d
-
          +
          docker-compose up -d
+
          diff --git a/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html b/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html index 2f1844e1d..9dedca72a 100644 --- a/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html +++ b/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html @@ -2348,8 +2348,8 @@

          Docker Compose Bash Completion

          To get some sexy bash completion inside your containers simply execute the following:

          -
          curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
-
          +
          curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
+
          diff --git a/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html index ac4fe7bdb..b58a48066 100644 --- a/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -2349,8 +2349,8 @@

          On August the 17th, we disabled the possibility to share with "any" or "all authenticated users" by default.

          This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf:

          -
          ACL_ANYONE=allow
-
          +
          ACL_ANYONE=allow
+

          Apply the changes by running docker-compose up -d.

          diff --git a/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/manual-guides/Dovecot/u_e-dovecot-expunge/index.html index 60120f585..98224b2c8 100644 --- a/manual-guides/Dovecot/u_e-dovecot-expunge/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -2454,17 +2454,17 @@

          The manual way

          That said, let's dive in:

          Delete a user's mails inside the junk folder that are read and older than 4 hours

          -
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h
+

          Delete all user's mails in the junk folder that are older than 7 days

          -
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d
+

          Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance).

          -
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w
+

          Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks

          -
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
-
          +
          docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w
+

          Info

          For possible time spans or search keys have a look at man doveadm-search-query

          @@ -2472,21 +2472,21 @@

          Job scheduler

          via the host system cron

          If you want to automate such a task you can create a cron job on your host that calls a script like the one below:

          -
          #!/bin/bash
+
          #!/bin/bash
 # Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized
 cd /path/to/your/mailcow-dockerized
 
 /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w
 /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h
 [...]
-
          
+

          To create a cron job you may execute crontab -e and insert something like the following to execute a script:

          -
          # Execute everyday at 04:00 A.M.
+
          # Execute everyday at 04:00 A.M.
 0 4 * * * /path/to/your/expunge_mailboxes.sh
-
          
+

          via Docker job scheduler

          To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow:

          -
          version: '2.1'
+
          version: '2.1'
 
 services:
 
@@ -2504,12 +2504,12 @@ services:
       - "ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *"
       - "ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w"
       - "ofelia.job-exec.dovecot-expunge-trash.tty=false"
-
          
+

          The job controller just need access to the docker control socket to be able to emulate the behavior of "exec". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru. This docker-compose.override.yml deletes all mails older then 2 weeks from the "Junk" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this:

          -
          common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
+
          common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w,
 common.go:124 ▶ NOTICE [Job "dovecot-expunge-trash" (8759567efa66)] Finished in "285.032291ms", failed: false, skipped: false, error: none,
-
          
+

          If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug.

          In case you want to add more jobs, ensure you change the "dovecot-expunge-trash" part after "ofelia.job-exec." to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia.

          diff --git a/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html b/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html index b7621383b..f28b8e625 100644 --- a/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-extra_conf/index.html @@ -2349,8 +2349,8 @@

          Create a file data/conf/dovecot/extra.conf - if missing - and add your additional content here.

          Restart dovecot-mailcow to apply your changes:

          -
          docker-compose restart dovecot-mailcow
-
          +
          docker-compose restart dovecot-mailcow
+
          diff --git a/manual-guides/Dovecot/u_e-dovecot-fts/index.html b/manual-guides/Dovecot/u_e-dovecot-fts/index.html index 28db77ad1..979568895 100644 --- a/manual-guides/Dovecot/u_e-dovecot-fts/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-fts/index.html @@ -2443,19 +2443,19 @@

          The default heap size (1024 M) is defined in mailcow.conf.

          Since we run in Docker and create our containers with the "restart: always" flag, a oom situation will at least only trigger a restart of the container.

          -
          # single user
+
          # single user
 docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain
 # all users
 docker-compose exec dovecot-mailcow doveadm fts rescan -A
-
          
+

          Dovecot Wiki: "Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any)."

          This does not re-index a mailbox. It basically repairs a given index.

          If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit:

          -
          # single user
+
          # single user
 docker-compose exec dovecot-mailcow doveadm index -u user@domain '*'
 # all users, but obviously slower and more dangerous
 docker-compose exec dovecot-mailcow doveadm index -A '*'
-
          
+

          This will take some time depending on your machine and Solr can run oom, monitor it!

          Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox.

          Delete mailbox data

          diff --git a/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html b/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html index e8908614e..745201b93 100644 --- a/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-idle_interval/index.html @@ -2462,8 +2462,8 @@

          Change configuration

          Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type:

          -
          imap_idle_notify_interval = 5 mins
-
          +
          imap_idle_notify_interval = 5 mins
+

          29 minutes is the maximum value allowed by the corresponding RFC.

          Warning

          @@ -2471,13 +2471,13 @@ Insert the setting followed by the new value. For example, to set the interval t

          Reload Dovecot

          Now reload Dovecot: -

          docker-compose exec dovecot-mailcow dovecot reload
-

          +
          docker-compose exec dovecot-mailcow dovecot reload
+

          Info

          You can check the value of this setting with -

          docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
-
          +
          docker-compose exec dovecot-mailcow dovecot -a | grep "imap_idle_notify_interval"
+
          If you didn't change it, it should be at 2m. If you did change it, you should see your new value.

          diff --git a/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html b/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html index dd4cfe587..5aa786433 100644 --- a/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-mail-crypt/index.html @@ -2350,7 +2350,7 @@

          Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1.

          If you want to decode/encode existing maildir files, you can use the following script at your own risk:

          Enter Dovecot by running docker-compose exec dovecot-mailcow /bin/bash in the mailcow-dockerized location.

          -
          # Decrypt /var/vmail
+
          # Decrypt /var/vmail
 find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
 if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
 doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
@@ -2374,7 +2374,7 @@ doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=
   chown 5000:5000 "$file"
 fi
 done
-
          
+
          diff --git a/manual-guides/Dovecot/u_e-dovecot-more/index.html b/manual-guides/Dovecot/u_e-dovecot-more/index.html index 1c4baf636..226aad8a6 100644 --- a/manual-guides/Dovecot/u_e-dovecot-more/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -2414,25 +2414,25 @@

          doveadm quota

          The quota get and quota recalc1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes.

          To list the current quota status for a user / mailbox, do:

          -
          doveadm quota get -u 'mailbox@example.org'
-
          +
          doveadm quota get -u 'mailbox@example.org'
+

          To list the quota storage value for all users, do:

          -
          doveadm quota get -A |grep "STORAGE"
-
          +
          doveadm quota get -A |grep "STORAGE"
+

          Recalculate a single user's quota usage:

          -
          doveadm quota recalc -u 'mailbox@example.org'
-
          +
          doveadm quota recalc -u 'mailbox@example.org'
+

          The doveadm search2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs.

          To view the number of messages, by user, in their .Trash folder:

          -
          doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
-
          +
          doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
+

          Show all messages in a user's inbox older then 90 days:

          -
          doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
-
          +
          doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
+

          Show all messages in any folder that are older then 30 days for mailbox@example.org:

          -
          doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
-
          +
          doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
+
            diff --git a/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html index 87d15de04..c8db15b99 100644 --- a/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -2398,7 +2398,7 @@

            Create a new public namespace "Public" and a mailbox "Develcow" inside that namespace:

            Edit or create data/conf/dovecot/extra.conf, add:

            -
            namespace {
+
            namespace {
   type = public
   separator = /
   prefix = Public/
@@ -2408,18 +2408,18 @@
     auto = subscribe
   }
 }
-
            
+

            :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted.

            The new mailbox in the public namespace will be auto-subscribed by users.

            To allow all authenticated users access full to that new mailbox (not the whole namespace), run:

            -
            docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
-
            +
            docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
+

            Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example).

            Allow authenticated users access to the whole public namespace

            To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory:

            Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content:

            -
            authenticated kxeilprwts
-
            +
            authenticated kxeilprwts
+

            kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create.

            You can use doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to "lr" and grant only some users full access.

            See Dovecot ACL for further information about ACL.

            diff --git a/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/manual-guides/Dovecot/u_e-dovecot-static_master/index.html index 9733aad82..d40fa95e7 100644 --- a/manual-guides/Dovecot/u_e-dovecot-static_master/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -2351,9 +2351,9 @@

            That's recommended and should not be changed.

            If you need the user to be static anyway, please specify two variables in mailcow.conf.

            Both parameters must not be empty!

            -
            DOVECOT_MASTER_USER=mymasteruser
+
            DOVECOT_MASTER_USER=mymasteruser
 DOVECOT_MASTER_PASS=mysecretpass
-
            
+

            Run docker-compose up -d to apply your changes.

            The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local.

            To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above.

            diff --git a/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html index 3ea807e78..0bb8ccc1a 100644 --- a/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -2442,26 +2442,26 @@

            Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed).

          An easy, dirty, yet stable workaround is to stop mailcow (docker-compose down), remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example:

          -
          mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
+
          mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
 ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
-
          
+

          Start mailcow afterwards.

          The "old" way

          If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content:

          -
          version: '2.1'
+
          version: '2.1'
 volumes:
   vmail-vol-1:
     driver_opts:
       type: none
       device: /data/mailcow/vmail   
       o: bind
-
          
+

          Moving an existing vmail folder:

          • Locate the current vmail folder by its "Mountpoint" attribute: docker volume inspect mailcowdockerized_vmail-vol-1
          -
          [
+
          [
     {
         "CreatedAt": "2019-06-16T22:08:34+02:00",
         "Driver": "local",
@@ -2476,7 +2476,7 @@ volumes:
         "Scope": "local"
     }
 ]
-
          
+
          • Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail) using cp -a, rsync -a or a similar non strcuture breaking copy command
          • Stop mailcow by executing docker-compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
            • diff --git a/manual-guides/Nginx/u_e-nginx_custom/index.html b/manual-guides/Nginx/u_e-nginx_custom/index.html index 2ef69a8f0..a1a30fe92 100644 --- a/manual-guides/Nginx/u_e-nginx_custom/index.html +++ b/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -2444,9 +2444,9 @@

            New site

            To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/:

            A good template to begin with:

            -
            nano data/conf/nginx/my_custom_site.conf
-
            -
            server {
+
            nano data/conf/nginx/my_custom_site.conf
+
            
+
            server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2 TLSv1.3;
@@ -2478,12 +2478,12 @@
     return 301 https://$server_name$request_uri;
   }
 }
-
            
+

            New site with proxy to a remote location

            Another example with a reverse proxy configuration:

            -
            nano data/conf/nginx/my_custom_site.conf
-
            -
            server {
+
            nano data/conf/nginx/my_custom_site.conf
+
            
+
            server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   ssl_protocols TLSv1.2 TLSv1.3;
@@ -2519,18 +2519,18 @@
     client_max_body_size 0;
   }
 }
-
            
+

            Config expansion in mailcows Nginx

            The filename used for a new site is not important, as long as the filename carries a .conf extension.

            It is also possible to extend the configuration of the default file site.conf file:

            -
            nano data/conf/nginx/site.my_content.custom
-
            +
            nano data/conf/nginx/site.my_content.custom
+

            This filename does not need to have a ".conf" extension but follows the pattern site.*.custom, where * is a custom name.

            If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf.

            Restart Nginx (and PHP-FPM, if a new listener was created):

            -
            docker-compose restart nginx-mailcow
+
            docker-compose restart nginx-mailcow
 docker-compose restart php-fpm-mailcow
-
            
+
            diff --git a/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/manual-guides/Nginx/u_e-nginx_webmail-site/index.html index 334d4a8be..ec42a8650 100644 --- a/manual-guides/Nginx/u_e-nginx_webmail-site/index.html +++ b/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -2350,7 +2350,7 @@

            IMPORTANT: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But: The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key.

            To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!

            nano data/conf/nginx/webmail.conf

            -
            server {
+
            server {
   ssl_certificate /etc/ssl/mail/cert.pem;
   ssl_certificate_key /etc/ssl/mail/key.pem;
   index index.php index.html;
@@ -2369,12 +2369,12 @@
     return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo;
   }
 }
-
            
+

            Save and restart Nginx: docker-compose restart nginx-mailcow.

            Now open mailcow.conf and find ADDITIONAL_SAN. Add webmail.example.org to this array, don't use quotes!

            -
            ADDITIONAL_SAN=webmail.example.org
-
            +
            ADDITIONAL_SAN=webmail.example.org
+

            Run docker-compose up -d. See "acme-mailcow" and "nginx-mailcow" logs if anything fails.

            diff --git a/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/manual-guides/Postfix/u_e-postfix-attachment_size/index.html index 324bd9b30..4ba736fff 100644 --- a/manual-guides/Postfix/u_e-postfix-attachment_size/index.html +++ b/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -2349,8 +2349,8 @@

            Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value.

            Restart Postfix:

            -
            docker-compose restart postfix-mailcow
-
            +
            docker-compose restart postfix-mailcow
+
            diff --git a/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html index 7b88f6b0d..8d572fa9e 100644 --- a/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html +++ b/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -2416,14 +2416,14 @@

            Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)

            This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do.

            Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. -

            user-to-allow-everything@example.com OK
-

            +
            user-to-allow-everything@example.com OK
+

            Open data/conf/postfix/main.cf and find smtpd_sender_restrictions. Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: -

            smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
-

            +
            smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
+

            Run postmap on check_sasl_access:

            -
            docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
-
            +
            docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
+

            Restart the Postfix container.

            diff --git a/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/manual-guides/Postfix/u_e-postfix-extra_cf/index.html index 31c2d294d..300529fe3 100644 --- a/manual-guides/Postfix/u_e-postfix-extra_cf/index.html +++ b/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -2351,8 +2351,8 @@

            Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended.

            Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used.

            Restart postfix-mailcow to apply your changes:

            -
            docker-compose restart postfix-mailcow
-
            +
            docker-compose restart postfix-mailcow
+
            diff --git a/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html index d01dc3afb..0a679cbe7 100644 --- a/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html +++ b/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -2348,13 +2348,13 @@

            Statistics with pflogsumm

            To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm:

            -
            docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
-
            +
            docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
+

            The above log output is limited to the last 24 hours.

            It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content:

            -
            SHELL=/bin/bash
+
            SHELL=/bin/bash
 59 23 * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
-
            
+

            To work, a local postfix must be installed on the server, which relays to the mailcow postfix.

            More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost.

            Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.

            diff --git a/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html index 1948c26d7..0f3f5e439 100644 --- a/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html +++ b/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -2353,11 +2353,11 @@

            CIDR ACTION

            Where CIDR is a single IP address or IP range in CIDR notation, and action is either "permit" or "reject".

            Example:

            -
            # Rules are evaluated in the order as specified.
+
            # Rules are evaluated in the order as specified.
 # Blacklist 192.168.* except 192.168.0.1.
 192.168.0.1          permit
 192.168.0.0/16       reject
-
            
+

            The file is reloaded on the fly, postfix restart is not required.

            diff --git a/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/manual-guides/Postfix/u_e-postfix-trust_networks/index.html index 3990356de..cb2389dfe 100644 --- a/manual-guides/Postfix/u_e-postfix-trust_networks/index.html +++ b/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -2447,15 +2447,15 @@

            IPv4 hosts/subnets

            To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

            Edit data/conf/postfix/extra.cf:

            -
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
-
            +
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
+

            Run docker-compose restart postfix-mailcow to apply your new settings.

            IPv6 hosts/subnets

            Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

            To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

            Edit data/conf/postfix/extra.cf:

            -
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
-
            +
            mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
+

            Run docker-compose restart postfix-mailcow to apply your new settings.

            Info

            diff --git a/manual-guides/Redis/u_e-redis/index.html b/manual-guides/Redis/u_e-redis/index.html index 617eae16c..7dcce51c0 100644 --- a/manual-guides/Redis/u_e-redis/index.html +++ b/manual-guides/Redis/u_e-redis/index.html @@ -2477,28 +2477,28 @@

            Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it.

            Client

            To connect to the redis cli execute:

            -
            docker-compose exec redis-mailcow redis-cli
-
            +
            docker-compose exec redis-mailcow redis-cli
+

            Debugging

            Here are some useful commands for the redis-cli for debugging:

            MONITOR

            Listens for all requests received by the server in real time:

            -
            # docker-compose exec redis-mailcow redis-cli
+
            # docker-compose exec redis-mailcow redis-cli
 127.0.0.1:6379> monitor
 OK
 1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys"
 1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys"
 [...]
-
            
+
            KEYS

            Get all keys matching your pattern:

            -
            KEYS *
-
            +
            KEYS *
+
            PING

            Test a connection:

            -
            127.0.0.1:6379> PING
+
            127.0.0.1:6379> PING
 PONG
-
            
+

            If you want to know more, here is a cheat sheet.

            diff --git a/manual-guides/Rspamd/u_e-rspamd/index.html b/manual-guides/Rspamd/u_e-rspamd/index.html index c35d15f7e..245eeff00 100644 --- a/manual-guides/Rspamd/u_e-rspamd/index.html +++ b/manual-guides/Rspamd/u_e-rspamd/index.html @@ -2556,68 +2556,68 @@ This is achieved by using the Sieve plugin "sieve_imapsieve" and parser scripts.

            You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd.

            Learn Spam or Ham from existing directory

            You can use a one-liner to learn mail in plain-text (uncompressed) format:

            -
            # Ham
-for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
+
            # Ham
+for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
 # Spam
-for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
-
            
+for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
+

            Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example:

            -
            for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
-
            +
            for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
+

            Reset learned data (Bayes, Neural)

            You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now:

            Backup database

            -
            # It is better to stop Redis before you copy the file.
+
            # It is better to stop Redis before you copy the file.
 cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
-
            
+

            Reset Bayes data

            -
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
+
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
 docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
-
            
+

            Reset Neural data

            -
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
-
            +
            docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
+

            Reset Fuzzy data

            -
            # We need to enter the redis-cli first:
+
            # We need to enter the redis-cli first:
 docker-compose exec redis-mailcow redis-cli
 # In redis-cli:
 127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
-
            
+

            Info

            If redis-cli complains about...

            -
            (error) ERR wrong number of arguments for 'del' command
-
            +
            (error) ERR wrong number of arguments for 'del' command
+

            ...the key pattern was not found and thus no data is available to delete - it is fine.

            CLI tools

            -
            docker-compose exec rspamd-mailcow rspamc --help
+
            docker-compose exec rspamd-mailcow rspamc --help
 docker-compose exec rspamd-mailcow rspamadm --help
-
            
+

            Disable Greylisting

            Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting.

            You can disable greylisting server-wide by editing:

            {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf

            Add the line:

            -
            enabled = false;
-
            +
            enabled = false;
+

            Save the file and restart "rspamd-mailcow": docker-compose restart rspamd-mailcow

            Spam filter thresholds (global)

            Each user is able to change their spam rating individually. To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf:

            -
            reject = 15;
-add_header = 8;
-greylist = 7;
-
            +
            reject = 15;
+add_header = 8;
+greylist = 7;
+

            Save the file and restart "rspamd-mailcow": docker-compose restart rspamd-mailcow

            Existing settings of users will not be overwritten!

            To reset custom defined thresholds, run:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
 # or:
 # docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
-
            
+

            Custom reject messages

            The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content:

            -
            reject_message = "My custom reject message";
-
            +
            reject_message = "My custom reject message";
+

            Save the file and restart Rspamd: docker-compose restart rspamd-mailcow.

            While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted:

              @@ -2628,7 +2628,7 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del

              Add your custom message as new line:

            -
            GLOBAL_RCPT_BL {
+
            GLOBAL_RCPT_BL {
   type = "rcpt";
   map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
   regexp = true;
@@ -2636,40 +2636,40 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del
   action = "reject";
   message = "Sending mail to this recipient is prohibited by postmaster@your.domain";
 }
-
            
+
            1. Save the file and restart Rspamd: docker-compose restart rspamd-mailcow.

            Discard instead of reject

            If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content:

            -
            discard_on_reject = true;
-
            +
            discard_on_reject = true;
+

            Restart Rspamd:

            -
            docker-compose restart rspamd-mailcow
-
            +
            docker-compose restart rspamd-mailcow
+

            Wipe all ratelimit keys

            If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task:

            -
            docker-compose exec redis-mailcow sh
+
            docker-compose exec redis-mailcow sh
 # Unlink (available in Redis >=4.) will delete in the backgronud
 redis-cli --scan --pattern RL* | xargs redis-cli unlink
-
            
+

            Restart Rspamd:

            -
            docker-compose exec redis-mailcow sh
-
            +
            docker-compose exec redis-mailcow sh
+

            Trigger a resend of quarantine notifications

            Should be used for debugging only!

            -
            docker-compose exec dovecot-mailcow bash
+
            docker-compose exec dovecot-mailcow bash
 mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
 redis-cli -h redis DEL Q_LAST_NOTIFIED
 quarantine_notify.py
-
            
+

            Increase history retention

            By default Rspamd keeps 1000 elements in the history.

            The history is stored compressed.

            It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it:

            Edit data/conf/rspamd/local.d/history_redis.conf:

            -
            nrows = 1000; # change this value
-
            +
            nrows = 1000; # change this value
+

            Restart Rspamd afterwards: docker-compose restart rspamd-mailcow

            diff --git a/manual-guides/SOGo/u_e-sogo/index.html b/manual-guides/SOGo/u_e-sogo/index.html index 9ae1232d8..ca38aa175 100644 --- a/manual-guides/SOGo/u_e-sogo/index.html +++ b/manual-guides/SOGo/u_e-sogo/index.html @@ -2491,24 +2491,24 @@ After you modified data/conf/sogo/custom-theme.js and made changes
          • open browser developer console, usually shortcut is F12
          • only if you use Firefox: write by hands in dev console allow pasting and press enter
          • paste java script snipet in dev console: -
            copy([].slice.call(document.styleSheets)
+
            copy([].slice.call(document.styleSheets)
   .map(e => e.ownerNode)
   .filter(e => e.hasAttribute('md-theme-style'))
   .map(e => e.textContent)
   .join('\n')
 )
-
            • +
          • open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it
          • copy CSS file to mailcow server data/conf/sogo/custom-theme.css
          • edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO;
          • append/create docker-compose.override.yml with: -
            version: '2.1'
+
            version: '2.1'
 
 services:
   sogo-mailcow:
     volumes:
       - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
-
            • +
          • run docker-compose up -d
          • run docker-compose restart memcached-mailcow
            • @@ -2516,7 +2516,7 @@ services:
            1. checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js
            2. find in data/conf/sogo/custom-theme.js: -
              // Apply new palettes to the default theme, remap some of the hues
+
              // Apply new palettes to the default theme, remap some of the hues
     $mdThemingProvider.theme('default')
       .primaryPalette('green-cow', {
         'default': '400',  // background color of top toolbars
@@ -2531,13 +2531,13 @@ services:
         'hue-3': 'A700'
       })
       .backgroundPalette('frost-grey');
-
              
+
              and replace it with: -
                  $mdThemingProvider.theme('default');
-
              3. +
                  $mdThemingProvider.theme('default');
+
            3. remove from docker-compose.override.yml volume mount in sogo-mailcow: -
              - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
-
              4. +
              - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
+
            4. run docker-compose up -d
            5. run docker-compose restart memcached-mailcow
            @@ -2553,16 +2553,16 @@ After you replaced said file you need to restart SOGo and Memcached containers b

            Domains are usually isolated from eachother.

            You can change that by modifying data/conf/sogo/sogo.conf:

            Search... -

               // SOGoDomainsVisibility = (
+
               // SOGoDomainsVisibility = (
     //  (domain1.tld, domain5.tld),
     //  (domain3.tld, domain2.tld)
     // );
-
            
+
            ...and replace it by - for example:

            -
                SOGoDomainsVisibility = (
+
                SOGoDomainsVisibility = (
       (example.org, example.com, example.net)
     );
-
            
+

            Restart SOGo: docker-compose restart sogo-mailcow

            Disable password changing

            Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO. Please do not add a new parameter.

            diff --git a/manual-guides/Unbound/u_e-unbound-fwd/index.html b/manual-guides/Unbound/u_e-unbound-fwd/index.html index 1ac343167..7b5b4fde3 100644 --- a/manual-guides/Unbound/u_e-unbound-fwd/index.html +++ b/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -2416,18 +2416,18 @@ Important: Only DNSSEC validating DNS services will work.

            Method A, Unbound

            Edit data/conf/unbound/unbound.conf and append the following parameters:

            -
            forward-zone:
+
            forward-zone:
   name: "."
   forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
   forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE
-
            
+

            Restart Unbound:

            -
            docker-compose restart unbound-mailcow
-
            +
            docker-compose restart unbound-mailcow
+

            Method B, Override file

            -
            cd /opt/mailcow-dockerized
+
            cd /opt/mailcow-dockerized
 cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
-
            
+

            Edit docker-compose.override.yml and adjust the IP.

            Run docker-compose down ; docker-compose up -d.

            diff --git a/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html index 8b354f76b..331bba8b9 100644 --- a/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html +++ b/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -2649,7 +2649,7 @@

            Watchdog uses default values for all thresholds defined in docker-compose.yml.

            The default values will work for most setups. Example: -

            - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
+
            - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
 - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
 - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
 - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
@@ -2667,7 +2667,7 @@ Example:
 - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
 - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
 - MAILQ_CRIT=${MAILQ_CRIT:-30}
-
            
+

            To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10) to mailcow.conf and run docker-compose up -d.

            Thresholds descriptions

            NGINX_THRESHOLD

            diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html index f14ac7803..3a6981a4c 100644 --- a/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html +++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html @@ -2403,7 +2403,7 @@

            1. Move this message to a sub folder "facebook" (will be created lower case if not existing)

            2. Prepend the tag to the subject: "[facebook] Subject"

            Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: -

            diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
+
            diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
 index e047136e..933c4137 100644
 --- a/data/conf/dovecot/global_sieve_after
 +++ b/data/conf/dovecot/global_sieve_after
@@ -2416,7 +2416,7 @@ index e047136e..933c4137 100644
    if mailboxexists "INBOX/${1}" {
      fileinto "INBOX/${1}";
    } else {
-
            
+

            diff --git a/manual-guides/u_e-80_to_443/index.html b/manual-guides/u_e-80_to_443/index.html index 9279d4ad0..dd19f371a 100644 --- a/manual-guides/u_e-80_to_443/index.html +++ b/manual-guides/u_e-80_to_443/index.html @@ -2349,7 +2349,7 @@

            Do not use the config below for reverse proxy setups, please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS.

            Open mailcow.conf and set HTTP_BIND= - if not already set.

            Create a new file data/conf/nginx/redirect.conf and add the following server config to the file:

            -
            server {
+
            server {
   root /web;
   listen 80 default_server;
   listen [::]:80 default_server;
@@ -2363,13 +2363,13 @@
     return 301 https://$host$uri$is_args$args;
   }
 }
-
            
+

            In case you changed the HTTP_BIND parameter, recreate the container:

            -
            docker-compose up -d
-
            +
            docker-compose up -d
+

            Otherwise restart Nginx:

            -
            docker-compose restart nginx-mailcow
-
            +
            docker-compose restart nginx-mailcow
+
            diff --git a/manual-guides/u_e-autodiscover_config/index.html b/manual-guides/u_e-autodiscover_config/index.html index 2799dc3ae..33f79b02c 100644 --- a/manual-guides/u_e-autodiscover_config/index.html +++ b/manual-guides/u_e-autodiscover_config/index.html @@ -2350,7 +2350,7 @@ Keep in mind, that ActiveSync should NOT be used with a desktop client.

            Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array.

            Changes will be merged with "$autodiscover_config" in data/web/inc/vars.inc.php):

            -
            <?php
+
            <?php
 $autodiscover_config = array(
   // General autodiscover service type: "activesync" or "imap"
   // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync.
@@ -2388,7 +2388,7 @@ $autodiscover_config = array(
     'port' => $https_port,
   ),
 );
-
            
+

            To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap'.

            Disable ActiveSync for Outlook desktop clients by setting "useEASforOutlook" to "no".

            diff --git a/manual-guides/u_e-reeanble-weak-protocols/index.html b/manual-guides/u_e-reeanble-weak-protocols/index.html index c88ac999b..795b78dcb 100644 --- a/manual-guides/u_e-reeanble-weak-protocols/index.html +++ b/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -2349,15 +2349,15 @@

            Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

            How to re-enable weak protocols?

            Edit data/conf/postfix/extra.cf:

            -
            submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
+
            submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
-
            
+

            Edit data/conf/dovecot/extra.conf:

            -
            ssl_min_protocol = TLSv1
-
            +
            ssl_min_protocol = TLSv1
+

            Restart the affected services:

            -
            docker-compose restart postfix-mailcow dovecot-mailcow
-
            +
            docker-compose restart postfix-mailcow dovecot-mailcow
+

            Hint: You can enable TLS 1.2 in Windows 7.

            diff --git a/post_installation/firststeps-disable_ipv6/index.html b/post_installation/firststeps-disable_ipv6/index.html index 0a3100467..935b66d76 100644 --- a/post_installation/firststeps-disable_ipv6/index.html +++ b/post_installation/firststeps-disable_ipv6/index.html @@ -2353,49 +2353,49 @@ and implement your changes to the service there. Unfortunately, this right now o

            To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file).

            1. Modify docker-compose.yml

            Change enable_ipv6: true to enable_ipv6: false:

            -
            networks:
+
            networks:
   mailcow-network:
     [...]
     enable_ipv6: true # <<< set to false
     [...]
-
            
+

            2. Disable ipv6nat-mailcow

            To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called "docker-compose.override.yml":

            NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly!

            -
            # cd /opt/mailcow-dockerized
+
            # cd /opt/mailcow-dockerized
 # touch docker-compose.override.yml
-
            
+

            Open the file in your favourite text editor and fill in the following:

            -
            version: '2.1'
+
            version: '2.1'
 services:
 
     ipv6nat-mailcow:
       image: bash:latest
       restart: "no"
       entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
-
            
+

            For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

            -
            docker-compose down
+
            docker-compose down
 docker-compose up -d
-
            
+

            3. Disable IPv6 in unbound-mailcow

            Edit data/conf/unbound/unbound.conf and set do-ip6 to "no":

            -
            server:
+
            server:
   [...]
   do-ip6: no
   [...]
-
            
+

            Restart Unbound:

            -
            docker-compose restart unbound-mailcow
-
            +
            docker-compose restart unbound-mailcow
+

            4. Disable IPv6 in postfix-mailcow

            Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

            -
            smtp_address_preference = ipv4
+
            smtp_address_preference = ipv4
 inet_protocols = ipv4
-
            
+

            Restart Postfix:

            -
            docker-compose restart postfix-mailcow
-
            +
            docker-compose restart postfix-mailcow
+
            diff --git a/post_installation/firststeps-dmarc_reporting/index.html b/post_installation/firststeps-dmarc_reporting/index.html index fd4b0a4b7..cbff2f2d7 100644 --- a/post_installation/firststeps-dmarc_reporting/index.html +++ b/post_installation/firststeps-dmarc_reporting/index.html @@ -2473,7 +2473,7 @@

            Enable DMARC reporting

            Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content:

            -
            reporting {
+
            reporting {
     enabled = true;
     email = 'noreply-dmarc@example.com';
     domain = 'example.com';
@@ -2486,9 +2486,9 @@
     max_entries = 2k;
     keys_expire = 2d;
 }
-
            
+

            Create or modify docker-compose.override.yml in the mailcow-dockerized base directory:

            -
            version: '2.1'
+
            version: '2.1'
 
 services:
   rspamd-mailcow:
@@ -2501,16 +2501,16 @@ services:
   ofelia-mailcow:
     depends_on:
       - rspamd-mailcow
-
            
+

            Run docker-compose up -d

            Send a copy reports to yourself

            To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:

            -
            reporting {
+
            reporting {
     enabled = true;
     email = 'noreply-dmarc@example.com';
     bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"];
 [...]
-
            
+

            Rspamd will load changes in real time, so you won't need to restart the container at this point.

            This can be useful if you...

              @@ -2519,21 +2519,21 @@ services:

            Troubleshooting

            Check when the report schedule last ran:

            -
            docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
-
            +
            docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
+

            See the latest report output:

            -
            docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
-
            +
            docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
+

            Manually trigger a DMARC report:

            -
            docker-compose exec rspamd-mailcow rspamadm dmarc_report
-
            +
            docker-compose exec rspamd-mailcow rspamadm dmarc_report
+

            Validate that Rspamd has recorded data in Redis: Change 20220428 to date which you interested in.

            -

            docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
-
            +

            docker-compose exec redis-mailcow redis-cli SMEMBERS "dmarc_idx;20220428"
+
            Take one of the lines from output you interested in and request it, f.e.: -
            docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
-

            +
            docker-compose exec redis-mailcow redis-cli ZRANGE "dmarc_rpt;microsoft.com;mailto:d@rua.agari.com;20220428" 0 49
+

            Change DMARC reporting frequency

            In the example above reports are sent once every 24 hours.

            Olefia schedule has same implementation as cron in Go, supported syntax described at cron Documentation

            diff --git a/post_installation/firststeps-ip_bindings/index.html b/post_installation/firststeps-ip_bindings/index.html index 6a11ebd6a..b68bf35e0 100644 --- a/post_installation/firststeps-ip_bindings/index.html +++ b/post_installation/firststeps-ip_bindings/index.html @@ -2414,7 +2414,7 @@

            IPv4 binding

            To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs:

            -
            # For technical reasons, http bindings are a bit different from other service bindings.
+
            # For technical reasons, http bindings are a bit different from other service bindings.
 # You will find the following variables, separated by a bind address and its port:
 # Example: HTTP_BIND=1.2.3.4
 
@@ -2439,14 +2439,14 @@ SIEVE_PORT=4190
 DOVEADM_PORT=127.0.0.1:19991
 SQL_PORT=127.0.0.1:13306
 SOLR_PORT=127.0.0.1:18983
-
            
+

            To apply your changes, run docker-compose down followed by docker-compose up -d.

            IPv6 binding

            Changing IPv6 bindings is different from IPv4. Again, this has a technical background.

            A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten.

            Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file.

            An imaginary IPv6 2a00:dead:beef::abc is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed.

            -
            version: '2.1'
+
            version: '2.1'
 services:
 
     dovecot-mailcow:
@@ -2467,7 +2467,7 @@ services:
       ports:
         - '2a00:dead:beef::abc:80:80'
         - '2a00:dead:beef::abc:443:443'
-
            
+

            To apply your changes, run docker-compose down followed by docker-compose up -d.

            diff --git a/post_installation/firststeps-local_mta/index.html b/post_installation/firststeps-local_mta/index.html index 5d35217b9..cfc8d1623 100644 --- a/post_installation/firststeps-local_mta/index.html +++ b/post_installation/firststeps-local_mta/index.html @@ -2347,15 +2347,15 @@

            The easiest option would be to disable the listener on port 25/tcp.

            Postfix users disable the listener by commenting the following line (starting with smtp or 25) in /etc/postfix/master.cf: -

            #smtp      inet  n       -       -       -       -       smtpd
-

            +
            #smtp      inet  n       -       -       -       -       smtpd
+

            Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from "inet_interfaces":

            -
            postconf -e 'relayhost = 172.22.1.1'
+
            postconf -e 'relayhost = 172.22.1.1'
 postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
 postconf -e "inet_interfaces = loopback-only"
 postconf -e "relay_transport = relay"
 postconf -e "default_transport = smtp"
-
            
+

            Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld.

            "172.22.1.1" is the mailcow created network gateway in Docker. Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network.

            diff --git a/post_installation/firststeps-logging/index.html b/post_installation/firststeps-logging/index.html index 7ad887e90..ba2d4969a 100644 --- a/post_installation/firststeps-logging/index.html +++ b/post_installation/firststeps-logging/index.html @@ -2466,16 +2466,16 @@ the ability to read logs from the UI or ban suspicious clients with netfilter-ma

            Via docker-compose.override.yml

            Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease.

            Create a docker-compose.override.yml and add, for example, this block to use the "gelf" logging plugin for postfix-mailcow:

            -
            version: '2.1'
+
            version: '2.1'
 services:
   postfix-mailcow: # or any other
     logging:
       driver: "gelf"
       options:
         gelf-address: "udp://graylog:12201"
-
            
+

            Another example for Syslog:

            -
            version: '2.1'
+
            version: '2.1'
 services:
 
   postfix-mailcow: # or any other
@@ -2506,10 +2506,10 @@ local3.*        /var/log/mailcow.logs
 & ~
 
 # Restart rsyslog afterwards.
-
            
+

            via daemon.json (globally)

            If you want to change the logging driver globally, edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service:

            -
            {
+
            {
 ...
   "log-driver": "gelf",
   "log-opts": {
@@ -2517,9 +2517,9 @@ local3.*        /var/log/mailcow.logs
   }
 ...
 }
-
            
+

            For Syslog:

            -
            {
+
            {
 ...
   "log-driver": "syslog",
   "log-opts": {
@@ -2527,7 +2527,7 @@ local3.*        /var/log/mailcow.logs
   }
 ...
 }
-
            
+

            Restart the Docker daemon and run docker-compose down && docker-compose up -d to recreate the containers with the new logging driver.

            diff --git a/post_installation/firststeps-rp/index.html b/post_installation/firststeps-rp/index.html index e9d0c189d..6629bc675 100644 --- a/post_installation/firststeps-rp/index.html +++ b/post_installation/firststeps-rp/index.html @@ -2467,11 +2467,11 @@

            You don't need to change the Nginx site that comes with mailcow: dockerized. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy.

            1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: -

            HTTP_BIND=127.0.0.1
+
            HTTP_BIND=127.0.0.1
 HTTP_PORT=8080
 HTTPS_BIND=127.0.0.1
 HTTPS_PORT=8443
-
            
+

            This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker.

            IMPORTANT: Do not use port 8081, 9081 or 65510!

            Recreate affected containers by running docker-compose up -d.

            @@ -2500,56 +2500,56 @@ On many servers logrotate will reload the webserver daily anyway.

            2. Configure your local webserver as reverse proxy:

            Apache 2.4

            Required modules: -

            a2enmod rewrite proxy proxy_http headers ssl
-

            +
            a2enmod rewrite proxy proxy_http headers ssl
+

            Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine.

            Take care of highlighted lines.

            -
            <VirtualHost *:80>
-  ServerName CHANGE_TO_MAILCOW_HOSTNAME
-  ServerAlias autodiscover.*
-  ServerAlias autoconfig.*
-  RewriteEngine on
+
            <VirtualHost *:80>
+  ServerName CHANGE_TO_MAILCOW_HOSTNAME
+  ServerAlias autodiscover.*
+  ServerAlias autoconfig.*
+  RewriteEngine on
 
-  RewriteCond %{HTTPS} off
-  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
+  RewriteCond %{HTTPS} off
+  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
 
-  ProxyPass / http://127.0.0.1:8080/
-  ProxyPassReverse / http://127.0.0.1:8080/
-  ProxyPreserveHost On
-  ProxyAddHeaders On
-  RequestHeader set X-Forwarded-Proto "http"
-</VirtualHost>
-<VirtualHost *:443>
-  ServerName CHANGE_TO_MAILCOW_HOSTNAME
-  ServerAlias autodiscover.*
-  ServerAlias autoconfig.*
+  ProxyPass / http://127.0.0.1:8080/
+  ProxyPassReverse / http://127.0.0.1:8080/
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  RequestHeader set X-Forwarded-Proto "http"
+</VirtualHost>
+<VirtualHost *:443>
+  ServerName CHANGE_TO_MAILCOW_HOSTNAME
+  ServerAlias autodiscover.*
+  ServerAlias autoconfig.*
 
-  # You should proxy to a plain HTTP session to offload SSL processing
-  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
-  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
-  ProxyPass / http://127.0.0.1:8080/
-  ProxyPassReverse / http://127.0.0.1:8080/
-  ProxyPreserveHost On
-  ProxyAddHeaders On
-  RequestHeader set X-Forwarded-Proto "https"
+  # You should proxy to a plain HTTP session to offload SSL processing
+  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
+  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
+  ProxyPass / http://127.0.0.1:8080/
+  ProxyPassReverse / http://127.0.0.1:8080/
+  ProxyPreserveHost On
+  ProxyAddHeaders On
+  RequestHeader set X-Forwarded-Proto "https"
 
-  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
-  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
+  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
+  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
 
-  # If you plan to proxy to a HTTPS host:
-  #SSLProxyEngine On
+  # If you plan to proxy to a HTTPS host:
+  #SSLProxyEngine On
 
-  # If you plan to proxy to an untrusted HTTPS host:
-  #SSLProxyVerify none
-  #SSLProxyCheckPeerCN off
-  #SSLProxyCheckPeerName off
-  #SSLProxyCheckPeerExpire off
-</VirtualHost>
-
            
+  # If you plan to proxy to an untrusted HTTPS host:
+  #SSLProxyVerify none
+  #SSLProxyCheckPeerCN off
+  #SSLProxyCheckPeerName off
+  #SSLProxyCheckPeerExpire off
+</VirtualHost>
+

            Nginx

            Let's Encrypt will follow our rewrite, certificate requests will work fine.

            Take care of highlighted lines.

            -
            server {
+
            server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
@@ -2600,14 +2600,14 @@ server {
     proxy_busy_buffers_size 512k;
   }
 }
-
            
+

            HAProxy (community supported)

            Warning

            This is an unsupported community contribution. Feel free to provide fixes.

            Important/Fixme: This example only forwards HTTPS traffic and does not use mailcows built-in ACME client.

            -
            frontend https-in
+
            frontend https-in
   bind :::443 v4v6 ssl crt mailcow.pem
   default_backend mailcow
 
@@ -2616,7 +2616,7 @@ backend mailcow
   http-request set-header X-Forwarded-Proto https if { ssl_fc }
   http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   server mailcow 127.0.0.1:8080 check
-
            
+

            Traefik v2 (community supported)

            Warning

            @@ -2627,50 +2627,50 @@ backend mailcow

            So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf, and run docker-compose up -d to apply the changes.

            Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder.

            -
            version: '2.1'
+
            version: '2.1'
 
-services:
-    nginx-mailcow:
-      networks:
-        # add Traefik's network
-        web:
-      labels:
-        - traefik.enable=true
-        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
-        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
-        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
-        # Enables tls over the router we created before.
-        - traefik.http.routers.moo.tls=true
-        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
-        - traefik.http.routers.moo.tls.certresolver=le
-        # Creates a service called "moo" for the container, and specifies which internal port of the container
-        #   should traefik route the incoming data to.
-        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
-        # Specifies which entrypoint (external port) should traefik listen to, for this container.
-        #   websecure being port 443, check the traefik.toml file liked above.
-        - traefik.http.routers.moo.entrypoints=websecure
-        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
-        - traefik.docker.network=web
+services:
+    nginx-mailcow:
+      networks:
+        # add Traefik's network
+        web:
+      labels:
+        - traefik.enable=true
+        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
+        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
+        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
+        # Enables tls over the router we created before.
+        - traefik.http.routers.moo.tls=true
+        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
+        - traefik.http.routers.moo.tls.certresolver=le
+        # Creates a service called "moo" for the container, and specifies which internal port of the container
+        #   should traefik route the incoming data to.
+        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
+        # Specifies which entrypoint (external port) should traefik listen to, for this container.
+        #   websecure being port 443, check the traefik.toml file liked above.
+        - traefik.http.routers.moo.entrypoints=websecure
+        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
+        - traefik.docker.network=web
 
-    certdumper:
-        image: humenius/traefik-certs-dumper
-        container_name: traefik_certdumper
-        network_mode: none
-        volumes:
-          # mount the folder which contains Traefik's `acme.json' file
-          #   in this case Traefik is started from its own docker-compose in ../traefik
-          - ../traefik/data:/traefik:ro
-          # mount mailcow's SSL folder
-          - ./data/assets/ssl/:/output:rw
-        restart: always
-        environment:
-          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
-          - DOMAIN=${MAILCOW_HOSTNAME}
+    certdumper:
+        image: humenius/traefik-certs-dumper
+        container_name: traefik_certdumper
+        network_mode: none
+        volumes:
+          # mount the folder which contains Traefik's `acme.json' file
+          #   in this case Traefik is started from its own docker-compose in ../traefik
+          - ../traefik/data:/traefik:ro
+          # mount mailcow's SSL folder
+          - ./data/assets/ssl/:/output:rw
+        restart: always
+        environment:
+          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
+          - DOMAIN=${MAILCOW_HOSTNAME}
 
-networks:
-  web:
-    external: true
-
            
+networks:
+  web:
+    external: true
+

            Start the new containers with docker-compose up -d.

            Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org, and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from.

            This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path.

            @@ -2680,18 +2680,18 @@ For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow

            Optional: Post-hook script for non-mailcow ACME clients

            Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. Make sure you change the paths accordingly: -

            #!/bin/bash
+
            #!/bin/bash
 cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
 cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
 postfix_c=$(docker ps -qaf name=postfix-mailcow)
 dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
 nginx_c=$(docker ps -qaf name=nginx-mailcow)
 docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
-
            
+

            Adding additional server names for mailcow UI

            If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site.

            -
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
-
            +
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
+

            Run docker-compose up -d to apply.

            diff --git a/post_installation/firststeps-snat/index.html b/post_installation/firststeps-snat/index.html index c85462620..0d4c02411 100644 --- a/post_installation/firststeps-snat/index.html +++ b/post_installation/firststeps-snat/index.html @@ -2348,12 +2348,12 @@

            SNAT is used to change the source address of the packets sent by mailcow. It can be used to change the outgoing IP address on systems with multiple IP addresses.

            Open mailcow.conf, set either or both of the following parameters:

            -
            # Use this IPv4 for outgoing connections (SNAT)
+
            # Use this IPv4 for outgoing connections (SNAT)
 SNAT_TO_SOURCE=1.2.3.4
 
 # Use this IPv6 for outgoing connections (SNAT)
 SNAT6_TO_SOURCE=dead:beef
-
            
+

            Run docker-compose up -d.

            The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1.

            Check the output of docker-compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.

            diff --git a/post_installation/firststeps-ssl/index.html b/post_installation/firststeps-ssl/index.html index d85d48555..994b6b6a4 100644 --- a/post_installation/firststeps-ssl/index.html +++ b/post_installation/firststeps-ssl/index.html @@ -2586,8 +2586,8 @@

            Additional domain names

            Edit "mailcow.conf" and add a parameter ADDITIONAL_SAN like this:

            Do not use quotes (") and do not use spaces between the names!

            -
            ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
-
            +
            ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
+

            Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address.

            A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow.

            Run docker-compose up -d to recreate affected containers automatically.

            @@ -2596,17 +2596,17 @@

            Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration.

            If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site.

            -
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
-
            +
            ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
+

            Run docker-compose up -d to apply.

            Force renewal

            To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container:

            -
            cd /opt/mailcow-dockerized
+
            cd /opt/mailcow-dockerized
 touch data/assets/ssl/force_renew
 docker-compose restart acme-mailcow
 # Now check the logs for a renewal
 docker-compose logs --tail=200 -f acme-mailcow
-
            
+

            The file will be deleted automatically.

            Validation errors and how to skip validation

            You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.

            @@ -2653,35 +2653,35 @@ You should make sure these clients use the MAILCOW_HOSTNAME for sec

            To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem.

            IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl.

            Restart affected services afterwards:

            -
            docker restart $(docker ps -qaf name=postfix-mailcow)
+
            docker restart $(docker ps -qaf name=postfix-mailcow)
 docker restart $(docker ps -qaf name=nginx-mailcow)
 docker restart $(docker ps -qaf name=dovecot-mailcow)
-
            
+

            See Post-hook script for non-mailcow ACME clients for a full example script.

            Test against staging ACME directory

            Edit mailcow.conf and add LE_STAGING=y.

            Run docker-compose up -d to activate your changes.

            Custom directory URL

            Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL:

            -
            DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
-
            +
            DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
+

            You cannot use LE_STAGING with DIRECTORY_URL. If both are set, only LE_STAGING is used.

            Run docker-compose up -d to activate your changes.

            Check your configuration

            Run docker-compose logs acme-mailcow to find out why a validation fails.

            To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate.

            To check the certificate served by Postfix, Dovecot and Nginx we will use openssl:

            -
            # Connect via SMTP (587)
+
            # Connect via SMTP (587)
 echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
 # Connect via IMAP (143)
 echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
 # Connect via HTTPS (443)
 echo "Q" | openssl s_client -connect mx.mailcow.email:443
-
            
+

            To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script:

            -
            cd /opt/mailcow-dockerized
+
            cd /opt/mailcow-dockerized
 bash helper-scripts/expiry-dates.sh
-
            
+
            diff --git a/prerequisite/prerequisite-dns/index.html b/prerequisite/prerequisite-dns/index.html index 191afbe52..8c0c72fb5 100644 --- a/prerequisite/prerequisite-dns/index.html +++ b/prerequisite/prerequisite-dns/index.html @@ -2548,28 +2548,28 @@

            Make sure that the PTR record of your IP address matches the FQDN of your mailcow host: ${MAILCOW_HOSTNAME} 1. This record is usually set at the provider you leased the IP address (server) from.

            The minimal DNS configuration

            This example shows you a set of records for one domain managed by mailcow. Each domain that is added to mailcow needs at least this set of records to function correctly.

            -
            # Name              Type       Value
+
            # Name              Type       Value
 mail                IN A       1.2.3.4
 autodiscover        IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
 autoconfig          IN CNAME   mail.example.org. (your ${MAILCOW_HOSTNAME})
 @                   IN MX 10   mail.example.org. (your ${MAILCOW_HOSTNAME})
-
            
+

            DKIM, SPF and DMARC

            In the example DNS zone file snippet below, a simple SPF TXT record is used to only allow THIS server (the MX) to send mail for your domain. Every other server is disallowed but able to ("~all"). Please refer to SPF Project for further reading.

            -
            # Name              Type       Value
+
            # Name              Type       Value
 @                   IN TXT     "v=spf1 mx a -all"
-
            
+

            It is highly recommended to create a DKIM TXT record in your mailcow UI and set the corresponding TXT record in your DNS records. Please refer to OpenDKIM for further reading.

            -
            # Name              Type       Value
+
            # Name              Type       Value
 dkim._domainkey     IN TXT     "v=DKIM1; k=rsa; t=s; s=email; p=..."
-
            
+

            The last step in protecting yourself and others is the implementation of a DMARC TXT record, for example by using the DMARC Assistant (check).

            -
            # Name              Type       Value
+
            # Name              Type       Value
 _dmarc              IN TXT     "v=DMARC1; p=reject; rua=mailto:mailauth-reports@example.org"
-
            
+

            The advanced DNS configuration

            SRV records specify the server(s) for a specific protocol on your domain. If you want to explicitly announce a service as not provided, give "." as the target address (instead of "mail.example.org."). Please refer to RFC 2782.

            -
            # Name              Type       Priority Weight Port    Value
+
            # Name              Type       Priority Weight Port    Value
 _autodiscover._tcp  IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
 _caldavs._tcp       IN SRV     0        1      443      mail.example.org. (your ${MAILCOW_HOSTNAME})
 _caldavs._tcp       IN TXT                              "path=/SOGo/dav/"
@@ -2582,7 +2582,7 @@ _pop3s._tcp         IN SRV     0        1      995      mail.example.org. (your
 _sieve._tcp         IN SRV     0        1      4190     mail.example.org. (your ${MAILCOW_HOSTNAME})
 _smtps._tcp         IN SRV     0        1      465      mail.example.org. (your ${MAILCOW_HOSTNAME})
 _submission._tcp    IN SRV     0        1      587      mail.example.org. (your ${MAILCOW_HOSTNAME})
-
            
+

            Testing

            Here are some tools you can use to verify your DNS configuration:

              @@ -2613,7 +2613,7 @@ _submission._tcp IN SRV 0 1 587 mail.example.org. (your

              These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure you read the provider's documentation from the service you choose as this process may vary.

              Email test for SPF, DKIM and DMARC:

              To run a rudimentary email authentication check, send a mail to check-auth at verifier.port25.com and wait for a reply. You will find a report similar to the following:

              -
              ==========================================================
+
              ==========================================================
 Summary of Results
 ==========================================================
 SPF check:          pass
@@ -2626,7 +2626,7 @@ SpamAssassin check: ham
 Details:
 ==========================================================
 ....
-
              
+

              The full report will contain more technical details.

              Fully Qualified Domain Name (FQDN)

              diff --git a/prerequisite/prerequisite-system/index.html b/prerequisite/prerequisite-system/index.html index d28bdf04c..c5c289639 100644 --- a/prerequisite/prerequisite-system/index.html +++ b/prerequisite/prerequisite-system/index.html @@ -2614,10 +2614,10 @@

              Other Distributions may work as well but weren´t tested by us!

              Firewall & Ports

              Please check if any of mailcow's standard ports are open and not in use by other applications:

              -
              ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
+
              ss -tlpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
 # or:
 netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995|4190'
-
              
+

              Danger

              There are several problems with running mailcow on a firewalld/ufw enabled system.
              @@ -2713,34 +2713,34 @@ Use the FORWARD chain instead.

              Port 53 unimportant for the firewall configuration in this case. According to the documentation unbound uses the port range 1024-65535 for outgoing requests. Since the Hetzner Robot Firewall is a static firewall (each incoming packet is checked isolated) - the following rules must be applied:

              For TCP -

              SRC-IP:       ---
+
              SRC-IP:       ---
 DST IP:       ---
 SRC Port:    ---
 DST Port:    1024-65535
 Protocol:    tcp
 TCP flags:   ack
 Action:      Accept
-
              
+

              For UDP -

              SRC-IP:       ---
+
              SRC-IP:       ---
 DST IP:       ---
 SRC Port:    ---
 DST Port:    1024-65535
 Protocol:    udp
 Action:      Accept
-
              
+

              If you want to apply a more restrictive port range you have to change the config of unbound first (after installation):

              {mailcow-dockerized}/data/conf/unbound/unbound.conf: -

              outgoing-port-avoid: 0-32767
-

              +
              outgoing-port-avoid: 0-32767
+

              Now the firewall rules can be adjusted as follows:

              -
              [...]
+
              [...]
 DST Port:  32768-65535
 [...]
-
              
+

              Date and Time

              To ensure that you have the correct date and time setup on your system, please check the output of timedatectl status:

              -
              $ timedatectl status
+
              $ timedatectl status
       Local time: Sat 2017-05-06 02:12:33 CEST
   Universal time: Sat 2017-05-06 00:12:33 UTC
         RTC time: Sat 2017-05-06 00:12:32
@@ -2755,22 +2755,22 @@ NTP synchronized: yes
  Next DST change: DST ends (the clock jumps one hour backwards) at
                   Sun 2017-10-29 02:59:59 CEST
                   Sun 2017-10-29 02:00:00 CET
-
              
+

              The lines NTP enabled: yes and NTP synchronized: yes indicate whether you have NTP enabled and if it's synchronized.

              To enable NTP you need to run the command timedatectl set-ntp true. You also need to edit your /etc/systemd/timesyncd.conf:

              -
              # vim /etc/systemd/timesyncd.conf
+
              # vim /etc/systemd/timesyncd.conf
 [Time]
 NTP=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
-
              
+

              Hetzner Cloud (and probably others)

              Check /etc/network/interfaces.d/50-cloud-init.cfg and change the IPv6 interface from eth0:0 to eth0:

              -
              # Wrong:
+
              # Wrong:
 auto eth0:0
 iface eth0:0 inet6 static
 # Right:
 auto eth0
 iface eth0 inet6 static
-
              
+

              Reboot or restart the interface. You may want to disable cloud-init network changes.

              MTU

              diff --git a/sitemap.xml.gz b/sitemap.xml.gz index 77c95790f..c1c9b1356 100644 Binary files a/sitemap.xml.gz and b/sitemap.xml.gz differ diff --git a/third_party/third_party-borgmatic/index.html b/third_party/third_party-borgmatic/index.html index ebff48b37..63db16eda 100644 --- a/third_party/third_party-borgmatic/index.html +++ b/third_party/third_party-borgmatic/index.html @@ -2687,43 +2687,43 @@ This guide only covers the basics.

              Create or amend docker-compose.override.yml

              In the mailcow-dockerized root folder create or edit docker-compose.override.yml and insert the following configuration:

              -
              version: '2.1'
+
              version: '2.1'
 
-services:
-  borgmatic-mailcow:
-    image: b3vis/borgmatic
-    hostname: mailcow
-    restart: always
-    dns: ${IPV4_NETWORK:-172.22.1}.254
-    volumes:
-      - vmail-vol-1:/mnt/source/vmail:ro
-      - crypt-vol-1:/mnt/source/crypt:ro
-      - redis-vol-1:/mnt/source/redis:ro,z
-      - rspamd-vol-1:/mnt/source/rspamd:ro,z
-      - postfix-vol-1:/mnt/source/postfix:ro,z
-      - mysql-socket-vol-1:/var/run/mysqld/:z
-      - borg-config-vol-1:/root/.config/borg:Z
-      - borg-cache-vol-1:/root/.cache/borg:Z
-      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
-      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
-    environment:
-      - TZ=${TZ}
-      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
-    networks:
-      mailcow-network:
-        aliases:
-          - borgmatic
+services:
+  borgmatic-mailcow:
+    image: b3vis/borgmatic
+    hostname: mailcow
+    restart: always
+    dns: ${IPV4_NETWORK:-172.22.1}.254
+    volumes:
+      - vmail-vol-1:/mnt/source/vmail:ro
+      - crypt-vol-1:/mnt/source/crypt:ro
+      - redis-vol-1:/mnt/source/redis:ro,z
+      - rspamd-vol-1:/mnt/source/rspamd:ro,z
+      - postfix-vol-1:/mnt/source/postfix:ro,z
+      - mysql-socket-vol-1:/var/run/mysqld/:z
+      - borg-config-vol-1:/root/.config/borg:Z
+      - borg-cache-vol-1:/root/.cache/borg:Z
+      - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
+      - ./data/conf/borgmatic/ssh:/root/.ssh:Z
+    environment:
+      - TZ=${TZ}
+      - BORG_PASSPHRASE=YouBetterPutSomethingRealGoodHere
+    networks:
+      mailcow-network:
+        aliases:
+          - borgmatic
 
-volumes:
-  borg-cache-vol-1:
-  borg-config-vol-1:
-
              
+volumes:
+  borg-cache-vol-1:
+  borg-config-vol-1:
+

              Ensure that you change the BORG_PASSPHRASE to a secure passphrase of your choosing.

              For security reasons we mount the maildir as read-only. If you later want to restore data you will need to remove the ro flag prior to restoring the data. This is described in the section on restoring backups.

              Create data/conf/borgmatic/etc/config.yaml

              Next, we need to create the borgmatic configuration.

              -
              source mailcow.conf
+
              source mailcow.conf
 cat <<EOF > data/conf/borgmatic/etc/config.yaml
 location:
     source_directories:
@@ -2749,7 +2749,7 @@ cat <<EOF > data/conf/borgmatic/etc/config.yaml
           password: ${DBPASS}
           options: --default-character-set=utf8mb4
 EOF
-
              
+

              Creating the file in this way ensures the correct MySQL credentials are pulled in from mailcow.conf.

              This file is a minimal example for using borgmatic with an account user on the cloud storage provider rsync.net for a repository called mailcow (see repositories setting). It will backup both the maildir and MySQL database, which is @@ -2765,8 +2765,8 @@ container. The container defines a volume called /mnt/borg-repository

              Create a crontab

              Create a new text file in data/conf/borgmatic/etc/crontab.txt with the following content:

              -
              14 * * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
-
              +
              14 * * * * PATH=$PATH:/usr/bin /usr/bin/borgmatic --stats -v 0 2>&1
+

              This file expects crontab syntax. The example shown here will trigger the backup to run every hour at 14 minutes past the hour and log some nice stats at the end.

              Place SSH keys in folder

              @@ -2775,14 +2775,14 @@ usual id_rsa, id_ed25519 or similar to be in this dire or OpenSSH will refuse to use the SSH key.

              Bring up the container

              For the next step we need the container to be up and running in a configured state. To do that run:

              -
              docker-compose up -d
-
              +
              docker-compose up -d
+

              Initialize the repository

              By now your borgmatic container is up and running, but the backups will currently fail due to the repository not being initialized.

              To initialize the repository run:

              -
              docker-compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2
-
              +
              docker-compose exec borgmatic-mailcow borgmatic init --encryption repokey-blake2
+

              You will be asked you to authenticate the SSH host key of your remote repository server. See if it matches and confirm the prompt by entering yes. The repository will be initialized with the passphrase you set in the BORG_PASSPHRASE environment variable earlier.

              @@ -2793,8 +2793,8 @@ for how to retrieve the key.

              Restart container

              Now that we finished configuring and initializing the repository restart the container to ensure it is in a defined state:

              -
              docker-compose restart borgmatic-mailcow
-
              +
              docker-compose restart borgmatic-mailcow
+

              Restoring from a backup

              Restoring a backup assumes you are starting off with a fresh installation of mailcow, and you currently do not have any custom data in your maildir or your mailcow database.

              @@ -2814,8 +2814,8 @@ this volume.

              Before running a restore you must make the vmail volume writeable in docker-compose.override.yml by removing the ro flag from the volume. Then you can use the following command to restore the maildir from a backup:

              -
              docker-compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
-
              +
              docker-compose exec borgmatic-mailcow borgmatic extract --path mnt/source --archive latest
+

              Alternatively you can specify any archive name from the list of archives (see Listing all available archives)

              Restore MySQL

              @@ -2825,30 +2825,30 @@ Then you can use the following command to restore the maildir from a backup:

              intend to recover the mailcow database from a backup.

              To restore the MySQL database from the latest archive use this command:

              -
              docker-compose exec borgmatic-mailcow borgmatic restore --archive latest
-
              +
              docker-compose exec borgmatic-mailcow borgmatic restore --archive latest
+

              Alternatively you can specify any archive name from the list of archives (see Listing all available archives)

              After restoring

              After restoring you need to restart mailcow. If you disabled SELinux enforcing mode now would be a good time to re-enable it.

              To restart mailcow use the follwing command:

              -
              docker-compose down && docker-compose up -d
-
              +
              docker-compose down && docker-compose up -d
+

              If you use SELinux this will also trigger the re-labeling of all files in your vmail volume. Be patient, as this may take a while if you have lots of files.

              Useful commands

              Manual archiving run (with debugging output)

              -
              docker-compose exec borgmatic-mailcow borgmatic -v 2
-
              +
              docker-compose exec borgmatic-mailcow borgmatic -v 2
+

              Listing all available archives

              -
              docker-compose exec borgmatic-mailcow borgmatic list
-
              +
              docker-compose exec borgmatic-mailcow borgmatic list
+

              Break lock

              When borg is interrupted during an archiving run it will leave behind a stale lock that needs to be cleared before any new operations can be performed:

              -
              docker-compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
-
              +
              docker-compose exec borgmatic-mailcow borg break-lock user@rsync.net:mailcow
+

              Where user@rsync.net:mailcow is the URI to your repository.

              Now would be a good time to do a manual archiving run to ensure it can be successfully performed.

              Exporting keys

              @@ -2857,8 +2857,8 @@ key files are generated when you initialize the repository. The repokey

              Note that in either case you also must have the passphrase to decrypt any archives.

              To fetch the keyfile run:

              -
              docker-compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
-
              +
              docker-compose exec borgmatic-mailcow borg key export --paper user@rsync.net:mailcow
+

              Where user@rsync.net:mailcow is the URI to your repository.

              diff --git a/third_party/third_party-gitea/index.html b/third_party/third_party-gitea/index.html index 5480ca6ff..dd4136da6 100644 --- a/third_party/third_party-gitea/index.html +++ b/third_party/third_party-gitea/index.html @@ -2347,7 +2347,7 @@

              With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

              1. Open docker-compose.override.yml and add gitea:

              -
              version: '2.1'
+
              version: '2.1'
 services:
 
         gitea-mailcow:
@@ -2360,28 +2360,28 @@ services:
                         - gitea
             ports:
                 - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
-
              
+

              2. Create data/conf/nginx/site.gitea.custom, add: -

              location /gitea/ {
+
              location /gitea/ {
         proxy_pass http://gitea:3000/;
 }
-
              
+

              3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example:

              -
              GITEA_SSH_PORT=127.0.0.1:4000
-
              +
              GITEA_SSH_PORT=127.0.0.1:4000
+

              5. Run docker-compose up -d to bring up the gitea container and run docker-compose restart nginx-mailcow afterwards.

              6. If you forced mailcow to https, execute step 9 and restart gitea with docker-compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/

              7. Open http://${MAILCOW_HOSTNAME}/gitea/, for example http://mx.example.org/gitea/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

              8. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

              9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values.

              -
              [server]
+
              [server]
 SSH_LISTEN_PORT = 22
 # For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
 SSH_DOMAIN = 127.0.0.1
 SSH_PORT = 4000
 # For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
 ROOT_URL = https://mx.example.org/gitea/
-
              
+

              10. Restart gitea with docker-compose restart gitea-mailcow. Your users should be able to login with mailcow managed accounts.

              diff --git a/third_party/third_party-gogs/index.html b/third_party/third_party-gogs/index.html index 8527c9c57..88bbfa471 100644 --- a/third_party/third_party-gogs/index.html +++ b/third_party/third_party-gogs/index.html @@ -2347,7 +2347,7 @@

              With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

              1. Open docker-compose.override.yml and add Gogs:

              -
              version: '2.1'
+
              version: '2.1'
 services:
 
     gogs-mailcow:
@@ -2360,27 +2360,27 @@ services:
             - gogs
       ports:
         - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
-
              
+

              2. Create data/conf/nginx/site.gogs.custom, add: -

              location /gogs/ {
+
              location /gogs/ {
     proxy_pass http://gogs:3000/;
 }
-
              
+

              3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example:

              -
              GOGS_SSH_PORT=127.0.0.1:4000
-
              +
              GOGS_SSH_PORT=127.0.0.1:4000
+

              5. Run docker-compose up -d to bring up the Gogs container and run docker-compose restart nginx-mailcow afterwards.

              6. Open http://${MAILCOW_HOSTNAME}/gogs/, for example http://mx.example.org/gogs/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

              7. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

              8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values.

              -
              [server]
+
              [server]
 SSH_LISTEN_PORT = 22
 # For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
 SSH_DOMAIN = 127.0.0.1
 SSH_PORT = 4000
 # For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
 ROOT_URL = https://mx.example.org/gogs/
-
              
+

              9. Restart Gogs with docker-compose restart gogs-mailcow. Your users should be able to login with mailcow managed accounts.

              diff --git a/third_party/third_party-mailman3/index.html b/third_party/third_party-mailman3/index.html index b0499bb6c..45a0bab87 100644 --- a/third_party/third_party-mailman3/index.html +++ b/third_party/third_party-mailman3/index.html @@ -2780,15 +2780,15 @@

              DNS setup

              Most of the configuration is covered by mailcows DNS setup. After finishing this setup add another subdomain for Mailman, e.g. lists.example.org that points to the same server:

              -
              # Name    Type       Value
+
              # Name    Type       Value
 lists     IN A       1.2.3.4
 lists     IN AAAA    dead:beef
-
              
+

              Install Apache as a reverse proxy

              Install Apache, e.g. with this guide from Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04.

              Activate certain Apache modules (as root or sudo):

              -
              a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
-
              +
              a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
+

              Maybe you have to install further packages to get these modules. This PPA by Ondřej Surý may help you.

              vHost configuration

              Copy the mailcow.conf and the mailman.conf in the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available).

              @@ -2806,18 +2806,18 @@ lists IN AAAA dead:beef
            • https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN

            Install certbot (as root or sudo):

            -
            apt install certbot
-
            +
            apt install certbot
+

            Get the desired certificates (as root or sudo):

            -
            certbot certonly -d mailcow_HOSTNAME
+
            certbot certonly -d mailcow_HOSTNAME
 certbot certonly -d MAILMAN_DOMAIN
-
            
+

            Install mailcow with Mailman integration

            Install mailcow

            Follow the mailcow installation. Omit step 5 and do not pull and up with docker-compose!

            Configure mailcow

            This is also Step 4 in the official mailcow installation (nano mailcow.conf). So change to your needs and alter the following variables:

            -
            HTTP_PORT=18080            # don't use 8080 as mailman needs it
+
            HTTP_PORT=18080            # don't use 8080 as mailman needs it
 HTTP_BIND=127.0.0.1        #
 HTTPS_PORT=18443           # you may use 8443
 HTTPS_BIND=127.0.0.1       #
@@ -2826,10 +2826,10 @@ SKIP_LETS_ENCRYPT=y        # reverse proxy will do the SSL termination
 
 SNAT_TO_SOURCE=1.2.3.4     # change this to your IPv4
 SNAT6_TO_SOURCE=dead:beef  # change this to your global IPv6
-
            
+

            Add Mailman integration

            Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano) and add the following lines:

            -

            version: '2.1'
+
            version: '2.1'
 
 services:
   postfix-mailcow:
@@ -2841,10 +2841,10 @@ services:
 networks:
   docker-mailman_mailman:
     external: true
-
            
+
            The additional volume is used by Mailman to generate additional config files for mailcow postfix. The external network is build and used by Mailman. mailcow needs it to deliver incoming list mails to Mailman.

            Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano) and add the following lines:

            -

            # mailman
+
            # mailman
 
 recipient_delimiter = +
 unknown_local_recipient_reject_code = 550
@@ -2869,7 +2869,7 @@ relay_domains =
 relay_recipient_maps =
   proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
   regexp:/opt/mailman/core/var/data/postfix_lmtp
-
            
+
            As we overwrite mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed.

            SSL certificates

            As we proxying mailcow, we need to copy the SSL certificates into the mailcow file structure. This task will do the script renew-ssl.sh for us:

            @@ -2880,26 +2880,26 @@ As we overwrite mailcow postfix configuration here, this step may break
          • Do not run it yet, as we first need Mailman

          You have to create a cronjob, so that new certificates will be copied. Execute as root or sudo:

          -
          crontab -e
-
          +
          crontab -e
+

          To run the script every day at 5am, add:

          -
          0   5  *   *   *     /opt/mailcow-dockerized/renew-ssl.sh
-
          +
          0   5  *   *   *     /opt/mailcow-dockerized/renew-ssl.sh
+

          Install Mailman

          Basicly follow the instructions at docker-mailman. As they are a lot, here is in a nuthshell what to do:

          As root or sudo:

          -
          cd /opt
+
          cd /opt
 mkdir -p mailman/core
 mkdir -p mailman/web
 git clone https://github.com/maxking/docker-mailman
 cd docker-mailman
-
          
+

          Configure Mailman

          Create a long key for Hyperkitty, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as HYPERKITTY_KEY.

          Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this password for a moment as DBPASS.

          Create a long key for Django, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as DJANGO_KEY.

          Create the file /opt/docker-mailman/docker-compose.override.yaml and replace HYPERKITTY_KEY, DBPASS and DJANGO_KEY with the generated values:

          -
          version: '2'
+
          version: '2'
 
 services:
   mailman-core:
@@ -2928,17 +2928,17 @@ services:
     environment:
     - POSTGRES_PASSWORD=DBPASS
     restart: always
-
          
+

          At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL. You need the admin credentials to log into the web interface (Pistorius). For setting the password for the first time use the Forgot password function in the web interface.

          About other configuration options read Mailman-web and Mailman-core documentation.

          Configure Mailman core and Mailman web

          Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

          -
          [mailman]
+
          [mailman]
 default_language: de
 site_owner: mailman@example.org
-
          
+

          Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection.

          -

          # locale
+
          # locale
 LANGUAGE_CODE = 'de-de'
 
 # disable social authentication
@@ -2948,11 +2948,11 @@ SOCIALACCOUNT_PROVIDERS = {}
 DEFAULT_FROM_EMAIL = 'mailman@example.org'
 
 DEBUG = False
-
          
+
          You can change LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs. At the moment SOCIALACCOUNT_PROVIDERS has no effect, see issue #2.

          🏃 Run

          Run (as root or sudo)

          -
          a2ensite mailcow.conf
+
          a2ensite mailcow.conf
 a2ensite mailman.conf
 systemctl restart apache2
 
@@ -2963,14 +2963,14 @@ docker-compose up -d
 cd /opt/mailcow-dockerized/
 docker-compose pull
 ./renew-ssl.sh
-
          
+

          Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.

          Remarks

          New lists aren't recognized by postfix instantly

          When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist, because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually:

          -
          cd /opt/mailcow-dockerized
+
          cd /opt/mailcow-dockerized
 docker-compose restart postfix-mailcow
-
          
+

          Update

          mailcow has it's own update script in /opt/mailcow-dockerized/update.sh, see the docs.

          For Mailman just fetch the newest version from the github repository.

          diff --git a/third_party/third_party-mailpiler_integration/index.html b/third_party/third_party-mailpiler_integration/index.html index 713eac413..b504dff52 100644 --- a/third_party/third_party-mailpiler_integration/index.html +++ b/third_party/third_party-mailpiler_integration/index.html @@ -2456,11 +2456,11 @@

          The problem to solve

          mailpiler offers the authentication based on IMAP, for example:

          -
          $config['ENABLE_IMAP_AUTH'] = 1;
+
          $config['ENABLE_IMAP_AUTH'] = 1;
 $config['IMAP_HOST'] = 'mail.example.com';
 $config['IMAP_PORT'] =  993;
 $config['IMAP_SSL'] = true;
-
          
+
          • So when you log in using patrik@example.com, you will only see delivered emails sent from or to this specific email address.
          • When additional aliases are defined in mailcow, like team@example.com, you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address.
            • @@ -2487,19 +2487,19 @@

            1. Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php:

              -
              $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
+
              $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
 $config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false
 $config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
 include('auth-mailcow.php');
-
              
+

              You can also change the mailcow hostname, if required: -

              $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
-

              +
              $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
+

            2. Download the PHP file with the functions from the GitHub repo:

              -
              curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
-
              +
              curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
+

            3. Done!

              diff --git a/third_party/third_party-nextcloud/index.html b/third_party/third_party-nextcloud/index.html index dbb723b75..409e4f332 100644 --- a/third_party/third_party-nextcloud/index.html +++ b/third_party/third_party-nextcloud/index.html @@ -2457,14 +2457,14 @@

              In order for mailcow to generate a a certificate for the nextcloud domain you need to add "nextcloud.domain.tld" to ADDITIONAL_SAN in mailcow.conf and run docker-compose up -d to apply. For more informaton refer to: Advanced SSL.

              Background jobs

              To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml:

              -
              version: '2.1'
+
              version: '2.1'
 services:
   php-fpm-mailcow:
     labels:
       ofelia.enabled: "true"
       ofelia.job-exec.nextcloud-cron.schedule: "@every 5m"
       ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""
-
              
+

              After adding these lines the docker-compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to pick up the new job definition by executing docker-compose restart ofelia-mailcow. To check if the job was successfully picked up by ofelia the command docker-compose logs ofelia-mailcow will contain a line similar to New job registered "nextcloud-cron" - ....

              @@ -2516,14 +2516,14 @@ services:

              If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

              1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it. 2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

              INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
+
              INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
 INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
-
              
+

              If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

              1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

              INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
-

              +
              INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
+

              Update

              The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. @@ -2533,13 +2533,13 @@ It shows which commands have to be executed, these have to be placed in the php-

              Debugging & Troubleshooting

              It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/*.

              -
              'trusted_proxies' =>
+
              'trusted_proxies' =>
   array (
     0 => 'fd4d:6169:6c63:6f77::/64',
     1 => '172.22.1.0/24',
     2 => 'NewSubnet/24',
   ),
-
              
+

              After the changes have been made, the nginx container must be restarted. docker-compose restart nginx-mailcow

              diff --git a/third_party/third_party-portainer/index.html b/third_party/third_party-portainer/index.html index 7e2d9c827..46b56273e 100644 --- a/third_party/third_party-portainer/index.html +++ b/third_party/third_party-portainer/index.html @@ -2347,7 +2347,7 @@

              In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified.

              1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration -

              version: '2.1'
+
              version: '2.1'
 services:
     portainer-mailcow:
       image: portainer/portainer-ce
@@ -2362,9 +2362,9 @@ services:
         mailcow-network:
           aliases:
             - portainer
-
              
+
              2a. Create data/conf/nginx/portainer.conf: -
              upstream portainer {
+
              upstream portainer {
   server portainer-mailcow:9000;
 }
 
@@ -2372,9 +2372,9 @@ map $http_upgrade $connection_upgrade {
   default upgrade;
   '' close;
 }
-
              
+

              2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom: -

                location /portainer/ {
+
                location /portainer/ {
     proxy_http_version 1.1;
     proxy_set_header Host              $http_host;   # required for docker client's sake
     proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
@@ -2393,10 +2393,10 @@ map $http_upgrade $connection_upgrade {
     proxy_set_header Connection $connection_upgrade;
     proxy_pass http://portainer/api/websocket/;
   }
-
              
+

              3. Apply your changes: -

              docker-compose up -d && docker-compose restart nginx-mailcow
-

              +
              docker-compose up -d && docker-compose restart nginx-mailcow
+

              Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the admin account. After specifying your password, you’ll then be able to connect to the Portainer UI.

              diff --git a/third_party/third_party-roundcube/index.html b/third_party/third_party-roundcube/index.html index 7b685ce8a..62252026f 100644 --- a/third_party/third_party-roundcube/index.html +++ b/third_party/third_party-roundcube/index.html @@ -2466,7 +2466,7 @@

              Installing Roundcube

              Download Roundcube 1.5.x to the web htdocs directory and extract it (here rc/): -

              # Check for a newer release!
+
              # Check for a newer release!
 cd data/web
 wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -
 
@@ -2478,17 +2478,17 @@ chown -R root: rc/
 
 # Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6
 sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php
-
              
+

              If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. -

              #!/bin/bash
+
              #!/bin/bash
 apk update
 apk add aspell-en # or any other language
-
              
+

              Create a file data/web/rc/config/config.inc.php with the following content. - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - The db_prefix is optional but recommended. - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. -

              <?php
+
              <?php
 error_reporting(0);
 if (!file_exists('/tmp/mime.types')) {
 file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
@@ -2520,13 +2520,13 @@ $config['smtp_conn_options'] = array(
   'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
 );
 $config['db_prefix'] = 'mailcow_rc1';
-
              
+

              Point your browser to https://myserver/rc/installer and follow the instructions. Initialize the database and leave the installer.

              Delete the directory data/web/rc/installer after a successful installation!

              Configure ManageSieve filtering

              Open data/web/rc/plugins/managesieve/config.inc.php and change the following parameters (or add them at the bottom of that file): -

              $config['managesieve_port'] = 4190;
+
              $config['managesieve_port'] = 4190;
 $config['managesieve_host'] = 'tls://dovecot';
 $config['managesieve_conn_options'] = array(
   'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
@@ -2536,37 +2536,37 @@ $config['managesieve_conn_options'] = array(
 // 1 - add Vacation section,
 // 2 - add Vacation section, but hide Filters section
 $config['managesieve_vacation'] = 1;
-
              
+

              Enable change password function in Roundcube

              Open data/web/rc/config/config.inc.php and enable the password plugin:

              -
              ...
+
              ...
 $config['plugins'] = array(
     'archive',
     'password',
 );
 ...
-
              
+

              Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

              -
                      case 'ssha256':
+
                      case 'ssha256':
             $salt = rcube_utils::random_bytes(8);
             $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
             $prefix  = '{SSHA256}';
             break;
-
              
+

              Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

              -
              $config['password_driver'] = 'sql';
+
              $config['password_driver'] = 'sql';
 $config['password_algorithm'] = 'ssha256';
 $config['password_algorithm_prefix'] = '{SSHA256}';
 $config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
-
              
+

              Integrate CardDAV addressbooks in Roundcube

              Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): -

              cd data/web/rc/plugins
+
              cd data/web/rc/plugins
 wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz  | tar xfvz -
 chown -R root: carddav/
-
              
+

              Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: -

              $prefs['SOGo'] = array(
+
              $prefs['SOGo'] = array(
     'name'         =>  'SOGo',
     'username'     =>  '%u',
     'password'     =>  '%p',
@@ -2579,7 +2579,7 @@ chown -R root: carddav/
     'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
     'hide'        =>  false,
 );
-
              
+
              Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

              Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

              If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

              @@ -2587,7 +2587,7 @@ Please note, that this preset only integrates the default addressbook (the one t

              Optionally, you can add Roundcube's link to the mailcow Apps list. To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

              NOTE: Don't forget to add the <?php delimiter on the first line

              -
              ...
+
              ...
 $MAILCOW_APPS = array(
   array(
     'name' => 'SOGo',
@@ -2599,10 +2599,10 @@ $MAILCOW_APPS = array(
    )
 );
 ...
-
              
+

              Upgrading Roundcube

              Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

              -
              # Enter a bash session of the mailcow PHP container
+
              # Enter a bash session of the mailcow PHP container
 docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash
 
 # Install required upgrade dependency, then upgrade Roundcube to wanted release
@@ -2620,42 +2620,42 @@ rm -rf roundcube*
 
 # Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6
 sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php
-
              
+

              Let admins log into Roundcube without password

              First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

              Edit mailcow.conf and add the following:

              -
              # Allow admins to log into Roundcube as email user (without any password)
+
              # Allow admins to log into Roundcube as email user (without any password)
 # Roundcube with plugin dovecot_impersonate must be installed first
 
 ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
-
              
+

              Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow:

              -
              version: '2.1'
+
              version: '2.1'
 services:
   php-fpm-mailcow:
     environment:
       - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}
-
              
+

              Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

              -
              if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
+
              if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
   item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
 }
-
              
+

              Edit data/web/mailbox.php and add this line to array $template_data:

              -
                'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
-
              +
                'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
+

              Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section:

              -
                var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
-
              +
                var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
+

              Copy the contents of the following files from this Snippet:

              • data/web/inc/lib/RoundcubeAutoLogin.php
              • data/web/rc-auth.php

              Finally, restart mailcow

              -
              docker-compose down
+
              docker-compose down
 docker-compose up -d
-
              
+
              diff --git a/troubleshooting/debug-admin_login_sogo/index.html b/troubleshooting/debug-admin_login_sogo/index.html index b5588d662..f44baeb60 100644 --- a/troubleshooting/debug-admin_login_sogo/index.html +++ b/troubleshooting/debug-admin_login_sogo/index.html @@ -2428,11 +2428,11 @@ log into SOGo as a mailbox user, without knowing the users password.

              Multiple concurrent admin-logins to different mailboxes are also possible when using this feature.

              Enabling the feature

              The feature is disabled by default. It can be enabled in the mailcow.conf by setting: -

              ALLOW_ADMIN_EMAIL_LOGIN=y
-
              +
              ALLOW_ADMIN_EMAIL_LOGIN=y
+
              and recreating the affected containers with -
              docker-compose up -d
-

              +
              docker-compose up -d
+

              Drawbacks when enabled

              • Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. diff --git a/troubleshooting/debug-attach_service/index.html b/troubleshooting/debug-attach_service/index.html index 901026958..3bef86063 100644 --- a/troubleshooting/debug-attach_service/index.html +++ b/troubleshooting/debug-attach_service/index.html @@ -2476,17 +2476,17 @@

                Attaching a Container to your Shell

                To attach a container to your shell you can simply run

                -
                docker-compose exec $Service_Name /bin/bash
-
                +
                docker-compose exec $Service_Name /bin/bash
+

                Connecting to Services

                If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.

                MySQL

                -
                source mailcow.conf
+
                source mailcow.conf
 docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
-
                
+

                Redis

                -
                docker-compose exec redis-mailcow redis-cli
-
                +
                docker-compose exec redis-mailcow redis-cli
+

                Service Descriptions

                Here is a brief overview of what container / service does what:

          diff --git a/troubleshooting/debug-common_problems/index.html b/troubleshooting/debug-common_problems/index.html index d7c9e346d..e2085b3a6 100644 --- a/troubleshooting/debug-common_problems/index.html +++ b/troubleshooting/debug-common_problems/index.html @@ -2516,11 +2516,11 @@
        • Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address.
        • There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587:
          • -
          # telnet 74.125.133.27 465
+
          # telnet 74.125.133.27 465
 Trying 74.125.133.27...
 Connected to 74.125.133.27.
 Escape character is '^]'.
-
          
+

          My mails are identified as Spam

          Please read our guide on DNS configuration.

          docker-compose throws weird errors

          @@ -2537,8 +2537,8 @@ Escape character is '^]'.

          It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.

          Address already in use

          If you get an error message like:

          -
          ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
-
          +
          ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
+

          while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites.

          XYZ can't connect to ...

          Please check your local firewall! @@ -2546,19 +2546,19 @@ Docker and iptables-based firewalls sometimes create conflicting rules, so disab

          If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25).

          While Linux users can chose from a variety of tools1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default.

          To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges:

          -
          dism /online /Enable-Feature /FeatureName:TelnetClient
-
          +
          dism /online /Enable-Feature /FeatureName:TelnetClient
+

          Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)

          Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.

          Dovecot keeps restarting (see #2672)

          Check that you have at least the following files in data/assets/ssl:

          -
          cert.pem
+
          cert.pem
 dhparams.pem
 key.pem
-
          
+

          If dhparams.pem is missing, you can generate it with

          -
          openssl dhparam -out data/assets/ssl/dhparams.pem 4096
-
          +
          openssl dhparam -out data/assets/ssl/dhparams.pem 4096
+
            diff --git a/troubleshooting/debug-mysql_aria/index.html b/troubleshooting/debug-mysql_aria/index.html index ab1c1b307..1b0e6bab0 100644 --- a/troubleshooting/debug-mysql_aria/index.html +++ b/troubleshooting/debug-mysql_aria/index.html @@ -2398,7 +2398,7 @@

            If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state:

            Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker-compose ps.

            Now run the following commands:

            -
            # Stop the stack, don't run "down"
+
            # Stop the stack, don't run "down"
 docker-compose stop
 # Run a bash in the stopped container as user mysql
 docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
@@ -2408,7 +2408,7 @@ cd /var/lib/mysql
 aria_chk --check --force */*.MAI
 # Delete aria log files
 rm aria_log.*
-
            
+

            Now run docker-compose down followed by docker-compose up -d.

            diff --git a/troubleshooting/debug-mysql_upgrade/index.html b/troubleshooting/debug-mysql_upgrade/index.html index c3e1e32f0..00a20b48a 100644 --- a/troubleshooting/debug-mysql_upgrade/index.html +++ b/troubleshooting/debug-mysql_upgrade/index.html @@ -2396,13 +2396,13 @@

            Run a manual mysql_upgrade

            This step is usually not necessary.

            -
            docker-compose stop mysql-mailcow watchdog-mailcow
+
            docker-compose stop mysql-mailcow watchdog-mailcow
 docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
-
            
+

            As soon as the SQL shell spawned, run mysql_upgrade and exit the container:

            -
            mysql_upgrade
+
            mysql_upgrade
 exit
-
            
+
            diff --git a/troubleshooting/debug-reset_pw/index.html b/troubleshooting/debug-reset_pw/index.html index 3e28cc0a3..c2e9fcb5a 100644 --- a/troubleshooting/debug-reset_pw/index.html +++ b/troubleshooting/debug-reset_pw/index.html @@ -2544,16 +2544,16 @@

            mailcow Admin Account

            Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path).

            -
            cd mailcow_path
+
            cd mailcow_path
 ./helper-scripts/mailcow-reset-admin.sh
-
            
+

            Reset MySQL Passwords

            Stop the stack by running docker-compose stop.

            When the containers came to a stop, run this command:

            -
            docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
-
            +
            docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
+

            1. Find database name

            -
            # source mailcow.conf
+
            # source mailcow.conf
 # docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
 MariaDB [(none)]> show databases;
 +--------------------+
@@ -2565,11 +2565,11 @@ MariaDB [(none)]> show databases;
 | performance_schema |
 +--------------------+
 4 rows in set (0.00 sec)
-
            
+

            2. Reset one or more users

            2.1 Maria DB < 10.4 (older mailcow installations)

            Both "password" and "authentication_string" exist. Currently "password" is used, but better set both.

            -
            MariaDB [(none)]> SELECT user FROM mysql.user;
+
            MariaDB [(none)]> SELECT user FROM mysql.user;
 +--------------+
 | user         |
 +--------------+
@@ -2582,9 +2582,9 @@ MariaDB [(none)]> FLUSH PRIVILEGES;
 MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root';
 MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%';
 MariaDB [(none)]> FLUSH PRIVILEGES;
-
            
+

            2.2 Maria DB >= 10.4 (current mailcows)

            -
            MariaDB [(none)]> SELECT user FROM mysql.user;
+
            MariaDB [(none)]> SELECT user FROM mysql.user;
 +--------------+
 | user         |
 +--------------+
@@ -2598,16 +2598,16 @@ MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY '
 MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t';
 MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t';
 MariaDB [(none)]> FLUSH PRIVILEGES;
-
            
+

            Remove Two-Factor Authentication

            For mailcow WebUI:

            This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
-
            
+

            For SOGo:

            -
            docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
-
            +
            docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
+
            diff --git a/troubleshooting/debug-reset_tls/index.html b/troubleshooting/debug-reset_tls/index.html index 580d073ff..b7e8cc52f 100644 --- a/troubleshooting/debug-reset_tls/index.html +++ b/troubleshooting/debug-reset_tls/index.html @@ -2346,14 +2346,14 @@

            Reset TLS certificates

            In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets:

            -
            source mailcow.conf
+
            source mailcow.conf
 docker-compose down
 rm -rf data/assets/ssl
 mkdir data/assets/ssl
 openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes
 cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/
 docker-compose up -d
-
            
+

            This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow.

            If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later.

            Please also note that previous TLSA records will be invalid.

            diff --git a/troubleshooting/debug-rm_volumes/index.html b/troubleshooting/debug-rm_volumes/index.html index b1ba7d5b6..0aa33b4e4 100644 --- a/troubleshooting/debug-rm_volumes/index.html +++ b/troubleshooting/debug-rm_volumes/index.html @@ -2348,8 +2348,8 @@

            You may want to remove a set of persistent data to resolve a conflict or to start over.

            mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list.

            Delete a single volume:

            -
            docker volume rm mailcowdockerized_${VOLUME_NAME}
-
            +
            docker volume rm mailcowdockerized_${VOLUME_NAME}
+
            • Remove volume mysql-vol-1 to remove all MySQL data.
            • Remove volume redis-vol-1 to remove all Redis data.
              • diff --git a/troubleshooting/debug-rspamd_memory_leaks/index.html b/troubleshooting/debug-rspamd_memory_leaks/index.html index 3935a46d2..be3662a13 100644 --- a/troubleshooting/debug-rspamd_memory_leaks/index.html +++ b/troubleshooting/debug-rspamd_memory_leaks/index.html @@ -2346,7 +2346,7 @@

              Advanced: Find memory leaks in Rspamd

              A quick guide to deeply analyze a malfunctioning Rspamd.

              -
              docker-compose exec rspamd-mailcow bash
+
              docker-compose exec rspamd-mailcow bash
 
 if ! grep -qi 'apt-stable-asan' /etc/apt/sources.list.d/rspamd.list; then
   sed -i 's/apt-stable/apt-stable-asan/i' /etc/apt/sources.list.d/rspamd.list
@@ -2360,7 +2360,7 @@ nano /docker-entrypoint.sh
 
 export G_SLICE=always-malloc
 export ASAN_OPTIONS=new_delete_type_mismatch=0:detect_leaks=1:detect_odr_violation=0:log_path=/tmp/rspamd-asan:quarantine_size_mb=2048:malloc_context_size=8:fast_unwind_on_malloc=0
-
              
+

              Restart Rspamd: docker-compose restart rspamd-mailcow

              Your memory consumption will increase by a lot, it will also steadily grow, which is not related to a possible memory leak you are looking for.

              Leave the container running for a few minutes, hours or days (it should match the time you usually wait for the leak to "happen") and restart it: docker-compose restart rspamd-mailcow.