diff --git a/docs/b_n_r_backup.md b/docs/b_n_r_backup.md index 9ce771c4b..afc932563 100644 --- a/docs/b_n_r_backup.md +++ b/docs/b_n_r_backup.md @@ -5,17 +5,20 @@ You can use the provided script `helper-scripts/backup_and_restore.sh` to backup Please do not copy this script to another location. To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. -You can also use "all" as second parameter to backup all components. +You can also use "all" as second parameter to backup all components. Append `--delete-days n` to delete backups older than n days. ``` # Syntax: -# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all) +# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) -# Backup all -./helper-scripts/backup_and_restore.sh backup all +# Backup all, delete backups older than 3 days +./helper-scripts/backup_and_restore.sh backup all --delete-days 3 -# Backup vmail, crypt and mysql data -./helper-scripts/backup_and_restore.sh backup vmail crypt mysql +# Backup vmail, crypt and mysql data, delete backups older than 30 days +./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 + +# Backup vmail +./helper-scripts/backup_and_restore.sh backup vmail ``` diff --git a/docs/firststeps-disable_ipv6.md b/docs/firststeps-disable_ipv6.md index 0017ed95a..3a1f6450c 100644 --- a/docs/firststeps-disable_ipv6.md +++ b/docs/firststeps-disable_ipv6.md @@ -1,4 +1,4 @@ -This is **NOT** recommended! +This is **ONLY** recommended if you do not have an IPv6 enabled network on your host! If IPv6 MUST be disabled to fit a network, open `docker-compose.yml`, search for `enable_ipv6`... diff --git a/docs/firststeps-logging.md b/docs/firststeps-logging.md index 08a130f1d..892b6b469 100644 --- a/docs/firststeps-logging.md +++ b/docs/firststeps-logging.md @@ -28,19 +28,19 @@ Redis keys will only hold logs from applications and filter out system messages Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease. -Docker logging drivers can now be implemented as plugins, next to Dockers integrated drivers. -Logging driver plugins are available in Docker 17.05 and higher. - -Edit `docker-compose.yml` and append, for example, this block to use the "gelf" logging plugin: +Create a `docker-compose.override.yml` and add, for example, this block to use the "gelf" logging plugin for `postfix-mailcow`: ``` -logging: - driver: "gelf" - options: - gelf-address: "udp://graylog:12201" +version: '2.1' +services: + postfix-mailcow: # or any other + logging: + driver: "gelf" + options: + gelf-address: "udp://graylog:12201" ``` -Linux users can also add or edit the Docker daemons configuration file `/etc/docker/daemon.json` to affect the global logging behavior. Windows users please have a look at the [docker documentation](https://docs.docker.com/engine/reference/commandline/dockerd//#windows-configuration-file): +If you want to change the logging driver globally, edit Dockers daemon configuration file `/etc/docker/daemon.json` and restart the Docker service: ``` { diff --git a/docs/firststeps-ssl.md b/docs/firststeps-ssl.md index 3514863d6..d97d02dd3 100644 --- a/docs/firststeps-ssl.md +++ b/docs/firststeps-ssl.md @@ -86,7 +86,7 @@ Make sure you disable mailcows internal LE client (see above). To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to `data/assets/ssl/cert.pem` and the corresponding key to `data/assets/ssl/key.pem`. -Reload affected service: +Reload affected services afterwards: ``` docker exec $(docker ps -qaf name=postfix-mailcow) postfix reload @@ -94,6 +94,8 @@ docker exec $(docker ps -qaf name=nginx-mailcow) nginx -s reload docker exec $(docker ps -qaf name=dovecot-mailcow) dovecot reload ``` +See https://mailcow.github.io/mailcow-dockerized-docs/firststeps-rp/#optional-post-hook-script-for-non-mailcow-acme-clients for a full example script. + ### Check your configuration Run `docker-compose logs acme-mailcow` to find out why a validation fails. diff --git a/docs/i_u_m_install.md b/docs/i_u_m_install.md index b084c3d9d..a7136257e 100644 --- a/docs/i_u_m_install.md +++ b/docs/i_u_m_install.md @@ -63,6 +63,13 @@ networks: ... ``` +**4\.2\.** Users without an IPv6 enabled network on their host system: + +**Enable IPv6. Finally.** + +If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to [disable IPv6](https://mailcow.github.io/mailcow-dockerized-docs/firststeps-disable_ipv6/) for the mailcow network to prevent unforeseen issues. + + **5\.** Pull the images and run the composer file. The parameter `-d` will start mailcow: dockerized detached: ``` docker-compose pull diff --git a/docs/third_party-roundcube.md b/docs/third_party-roundcube.md index b2841d666..a0de07fed 100644 --- a/docs/third_party-roundcube.md +++ b/docs/third_party-roundcube.md @@ -123,7 +123,7 @@ $prefs['SOGo'] = array( ``` Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings. -Enable the plugin by adding `carddav` to `$config['plugins']` in `roundcube/config/config.inc.php`. +Enable the plugin by adding `carddav` to `$config['plugins']` in `rc/config/config.inc.php`. If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessable, append `$config['address_book_type'] = '';` to the config file `data/web/rc/config/config.inc.php`. diff --git a/docs/u_e-docker-cust_dockerfiles.md b/docs/u_e-docker-cust_dockerfiles.md index cf06aee6b..366848390 100644 --- a/docs/u_e-docker-cust_dockerfiles.md +++ b/docs/u_e-docker-cust_dockerfiles.md @@ -1,3 +1,9 @@ +You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. `/opt/mailcow-dockerized`): + +``` +cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml +``` + Make your changes in `data/Dockerfiles/$service` and build the image locally: ``` diff --git a/docs/u_e-dovecot-mail-crypt.md b/docs/u_e-dovecot-mail-crypt.md index 6850ed7d7..d211df44b 100644 --- a/docs/u_e-dovecot-mail-crypt.md +++ b/docs/u_e-dovecot-mail-crypt.md @@ -10,9 +10,13 @@ find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r fi if [[ $(head -c7 "$file") == "CRYPTED" ]]; then doveadm fs get crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ "$file" > "/tmp/$(basename "$file")" - chmod 600 "/tmp/$(basename "$file")" - chown 5000:5000 "/tmp/$(basename "$file")" - mv "/tmp/$(basename "$file")" "$file" + if [[ -s "/tmp/$(basename "$file")" ]]; then + chmod 600 "/tmp/$(basename "$file")" + chown 5000:5000 "/tmp/$(basename "$file")" + mv "/tmp/$(basename "$file")" "$file" + else + rm "/tmp/$(basename "$file")" + fi fi done diff --git a/docs/u_e-mailcow_ui-bl_wl.md b/docs/u_e-mailcow_ui-bl_wl.md index 2c39b1112..a46fff96e 100644 --- a/docs/u_e-mailcow_ui-bl_wl.md +++ b/docs/u_e-mailcow_ui-bl_wl.md @@ -5,3 +5,5 @@ To add or edit an entry to your **domain wide** filter table, login to your *mai !!! info Be aware that a user [may override](u_e-mailcow_ui-spamfilter.md) this setting by setting his own black- and whitelist! + +There is also a global filter table in /admin to configure a server-wide filter for multiple Regex maps (Todo: Screenshots). diff --git a/docs/u_e-rspamd.md b/docs/u_e-rspamd.md index 7d25b63d2..424299979 100644 --- a/docs/u_e-rspamd.md +++ b/docs/u_e-rspamd.md @@ -28,9 +28,9 @@ Consider attaching a local folder as new volume to `rspamd-mailcow` in `docker-c for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done ``` -### Reset learned data +### Reset learned data (Bayes, Neural) -You need to delete keys in Redis to reset learned mail, so create a copy of your Redis database now: +You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now: **Backup database** @@ -46,13 +46,30 @@ docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xa docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' ``` -If it complains about... +**Reset Neural data** + +```bash +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' +``` + +**Reset Fuzzy data** + +```bash +# We need to enter the redis-cli first: +docker-compose exec redis-mailcow redis-cli +# In redis-cli: +127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy* +``` + +**Info** + +If redis-cli complains about... ```text (error) ERR wrong number of arguments for 'del' command ``` -...the key pattern was not found and thus no data is available to delete. +...the key pattern was not found and thus no data is available to delete - it is fine. ## CLI tools @@ -78,6 +95,35 @@ Save the file and then restart the rspamd container. See [Rspamd documentation](https://rspamd.com/doc/index.html) +## Custom reject messages + +The default spam reject message can be changed by adding a new file `data/conf/rspamd/override.d/worker-proxy.custom.inc` with the following content: + +``` +reject_message = "My custom reject message"; +``` + +Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`. + +While the above works for rejected mails with a high spam score, global maps (as found in "Global filter maps" in /admin) will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted: + +1. Open `{mailcow-dir}/data/conf/rspamd/local.d/multimap.conf` and find the desired map symbol (e.g. `GLOBAL_SMTP_FROM_BL`). + +2. Add your custom message as new line: + +``` +GLOBAL_SMTP_FROM_BL { + type = "from"; + message = "Your domain is blacklisted, contact postmaster@your.domain to resolve this case.";` + map = "$LOCAL_CONFDIR/custom/global_smtp_from_blacklist.map"; + regexp = true; + prefilter = true; + action = "reject"; +} +``` + +3. Save the file and restart Rspamd: `docker-compose restart rspamd-mailcow`. + ## Whitelist specific ClamAV signatures You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with `VIRUS_FOUND`). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: diff --git a/docs/u_e-webmail-site.md b/docs/u_e-webmail-site.md index af0b10d22..9ff1eb309 100644 --- a/docs/u_e-webmail-site.md +++ b/docs/u_e-webmail-site.md @@ -1,3 +1,5 @@ +**Edit**: TODO: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like `ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem;` will do. + To create a subdomain `webmail.example.org` and redirect it to SOGo, you need to create a **new** Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"! **nano data/conf/nginx/webmail.conf**