Merge branch 'master' of https://github.com/mailcow/mailcow-dockerized-docs

docs/b_n_r_backup.md

@@ -5,17 +5,20 @@ You can use the provided script `helper-scripts/backup_and_restore.sh` to backup
 Please do not copy this script to another location.
 
 To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters.
-You can also use "all" as second parameter to backup all components.
+You can also use "all" as second parameter to backup all components. Append `--delete-days n` to delete backups older than n days.
 
 ```
 # Syntax:
-# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all)
+# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
 
-# Backup all
-./helper-scripts/backup_and_restore.sh backup all
+# Backup all, delete backups older than 3 days
+./helper-scripts/backup_and_restore.sh backup all --delete-days 3
 
-# Backup vmail, crypt and mysql data
-./helper-scripts/backup_and_restore.sh backup vmail crypt mysql
+# Backup vmail, crypt and mysql data, delete backups older than 30 days
+./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
+
+# Backup vmail
+./helper-scripts/backup_and_restore.sh backup vmail
 
 ```
 

docs/firststeps-disable_ipv6.md

@@ -1,4 +1,4 @@
-This is **NOT** recommended!
+This is **ONLY** recommended if you do not have an IPv6 enabled network on your host!
 
 If IPv6 MUST be disabled to fit a network, open `docker-compose.yml`, search for `enable_ipv6`...
 

docs/firststeps-logging.md

@@ -28,19 +28,19 @@ Redis keys will only hold logs from applications and filter out system messages
 
 Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease.
 
-Docker logging drivers can now be implemented as plugins, next to Dockers integrated drivers.
-Logging driver plugins are available in Docker 17.05 and higher.
-
-Edit `docker-compose.yml` and append, for example, this block to use the "gelf" logging plugin:
+Create a `docker-compose.override.yml` and add, for example, this block to use the "gelf" logging plugin for `postfix-mailcow`:
 
 ```
-logging:
-  driver: "gelf"
-  options:
-    gelf-address: "udp://graylog:12201"  
+version: '2.1'
+services:
+  postfix-mailcow: # or any other
+    logging:
+      driver: "gelf"
+      options:
+        gelf-address: "udp://graylog:12201"  
 ```
 
-Linux users can also add or edit the Docker daemons configuration file `/etc/docker/daemon.json` to affect the global logging behavior. Windows users please have a look at the [docker documentation](https://docs.docker.com/engine/reference/commandline/dockerd//#windows-configuration-file):
+If you want to change the logging driver globally, edit Dockers daemon configuration file `/etc/docker/daemon.json` and restart the Docker service:
 
 ```
 {

docs/firststeps-ssl.md

@@ -86,7 +86,7 @@ Make sure you disable mailcows internal LE client (see above).
 
 To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to `data/assets/ssl/cert.pem` and the corresponding key to `data/assets/ssl/key.pem`.
 
-Reload affected service:
+Reload affected services afterwards:
 
 ```
 docker exec $(docker ps -qaf name=postfix-mailcow) postfix reload
@@ -94,6 +94,8 @@ docker exec $(docker ps -qaf name=nginx-mailcow) nginx -s reload
 docker exec $(docker ps -qaf name=dovecot-mailcow) dovecot reload
 ```
 
+See https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/#optional-post-hook-script-for-non-mailcow-acme-clients for a full example script.
+
 ### Check your configuration
 
 Run `docker-compose logs acme-mailcow` to find out why a validation fails.

docs/i_u_m_install.md

@@ -63,6 +63,13 @@ networks:
     ...
 ```
 
+**4\.2\.** Users without an IPv6 enabled network on their host system:
+
+**Enable IPv6. Finally.**
+
+If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to [disable IPv6](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-disable_ipv6/) for the mailcow network to prevent unforeseen issues.
+
+
 **5\.** Pull the images and run the composer file. The parameter `-d` will start mailcow: dockerized detached:
 ```
 docker-compose pull

docs/third_party-roundcube.md

@@ -123,7 +123,7 @@ $prefs['SOGo'] = array(
 ```
 Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.
 
-Enable the plugin by adding `carddav` to `$config['plugins']` in `roundcube/config/config.inc.php`.
+Enable the plugin by adding `carddav` to `$config['plugins']` in `rc/config/config.inc.php`.
 
 If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessable, append `$config['address_book_type'] = '';` to the config file `data/web/rc/config/config.inc.php`.
 

docs/u_e-docker-cust_dockerfiles.md

@@ -1,3 +1,9 @@
+You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. `/opt/mailcow-dockerized`):
+
+```
+cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
+```
+
 Make your changes in `data/Dockerfiles/$service` and build the image locally:
 
 ```

docs/u_e-dovecot-mail-crypt.md

@@ -10,9 +10,13 @@ find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r fi
 if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
 doveadm fs get crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \
   "$file" > "/tmp/$(basename "$file")"
-  chmod 600 "/tmp/$(basename "$file")"
-  chown 5000:5000 "/tmp/$(basename "$file")"
-  mv "/tmp/$(basename "$file")" "$file"
+  if [[ -s "/tmp/$(basename "$file")" ]]; then
+    chmod 600 "/tmp/$(basename "$file")"
+    chown 5000:5000 "/tmp/$(basename "$file")"
+    mv "/tmp/$(basename "$file")" "$file"
+  else
+    rm "/tmp/$(basename "$file")"
+  fi
 fi
 done
 

docs/u_e-mailcow_ui-bl_wl.md

@@ -5,3 +5,5 @@ To add or edit an entry to your **domain wide** filter table, login to your *mai
 
 !!! info
     Be aware that a user [may override](u_e-mailcow_ui-spamfilter.md) this setting by setting his own black- and whitelist!
+
+There is also a global filter table in /admin to configure a server-wide filter for multiple Regex maps (Todo: Screenshots). 

docs/u_e-rspamd.md

@@ -28,9 +28,9 @@ Consider attaching a local folder as new volume to `rspamd-mailcow` in `docker-c
 for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done
 ```
 
-### Reset learned data
+### Reset learned data (Bayes, Neural)
 
-You need to delete keys in Redis to reset learned mail, so create a copy of your Redis database now:
+You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now:
 
 **Backup database**
 
@@ -46,13 +46,30 @@ docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xa
 docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
 ```
 
-If it complains about...
+**Reset Neural data**
+
+```bash
+docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
+```
+
+**Reset Fuzzy data**
+
+```bash
+# We need to enter the redis-cli first:
+docker-compose exec redis-mailcow redis-cli
+# In redis-cli:
+127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
+```
+
+**Info**
+
+If redis-cli complains about...
 
 ```text
 (error) ERR wrong number of arguments for 'del' command
 ```
 
-...the key pattern was not found and thus no data is available to delete.
+...the key pattern was not found and thus no data is available to delete - it is fine.
 
 
 ## CLI tools
@@ -78,6 +95,35 @@ Save the file and then restart the rspamd container.
 
 See [Rspamd documentation](https://rspamd.com/doc/index.html)
 
+## Custom reject messages
+
+The default spam reject message can be changed by adding a new file `data/conf/rspamd/override.d/worker-proxy.custom.inc` with the following content:
+
+```
+reject_message = "My custom reject message";
+```
+
+Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`.
+
+While the above works for rejected mails with a high spam score, global maps (as found in "Global filter maps" in /admin) will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted:
+
+1. Open `{mailcow-dir}/data/conf/rspamd/local.d/multimap.conf` and find the desired map symbol (e.g. `GLOBAL_SMTP_FROM_BL`).
+
+2. Add your custom message as new line:
+
+```
+GLOBAL_SMTP_FROM_BL {
+  type = "from";
+  message = "Your domain is blacklisted, contact postmaster@your.domain to resolve this case.";`
+  map = "$LOCAL_CONFDIR/custom/global_smtp_from_blacklist.map";
+  regexp = true;
+  prefilter = true;
+  action = "reject";
+}
+```
+
+3. Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`.
+
 ## Whitelist specific ClamAV signatures
 
 You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

docs/u_e-webmail-site.md

@@ -1,3 +1,5 @@
+**Edit**: TODO: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like `ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem;` will do.
+
 To create a subdomain `webmail.example.org` and redirect it to SOGo, you need to create a **new** Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!
 
 **nano data/conf/nginx/webmail.conf**