From 64d42d3266a4f39560aea15539a449548be9203e Mon Sep 17 00:00:00 2001 From: milkmaker Date: Sun, 24 Apr 2022 17:19:35 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20@=20mailcow/?= =?UTF-8?q?mailcow-dockerized-docs@310d11ad3f50f74a17743da3b92af0563a42d69?= =?UTF-8?q?b=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../b_n_r-accidental_deletion/index.html | 5 +- backup_restore/b_n_r-backup/index.html | 236 +++++++-- .../b_n_r-backup_restore-maildir/index.html | 10 +- .../b_n_r-backup_restore-mysql/index.html | 12 +- backup_restore/b_n_r-coldstandby/index.html | 28 +- backup_restore/b_n_r-restore/index.html | 37 +- .../b_n_r-accidental_deletion/index.html | 5 +- de/backup_restore/b_n_r-backup/index.html | 296 ++++++++--- .../b_n_r-backup_restore-maildir/index.html | 10 +- .../b_n_r-backup_restore-mysql/index.html | 12 +- .../b_n_r-coldstandby/index.html | 28 +- de/backup_restore/b_n_r-restore/index.html | 37 +- de/i_u_m/i_u_m_deinstall/index.html | 3 +- de/i_u_m/i_u_m_install/index.html | 79 ++- de/i_u_m/i_u_m_migration/index.html | 61 ++- de/i_u_m/i_u_m_update/index.html | 249 ++++++++-- .../u_e-clamav-additional_dbs/index.html | 23 +- .../ClamAV/u_e-clamav-whitelist/index.html | 39 +- .../u_e-docker-cust_dockerfiles/index.html | 9 +- .../u_e-docker-dc_bash_compl/index.html | 3 +- .../Dovecot/u_e-dovecot-any_acl/index.html | 3 +- .../Dovecot/u_e-dovecot-expunge/index.html | 120 +++-- .../Dovecot/u_e-dovecot-extra_conf/index.html | 3 +- .../Dovecot/u_e-dovecot-fts/index.html | 92 +++- .../u_e-dovecot-idle_interval/index.html | 9 +- .../Dovecot/u_e-dovecot-mail-crypt/index.html | 48 +- .../Dovecot/u_e-dovecot-more/index.html | 18 +- .../u_e-dovecot-public_folder/index.html | 13 +- .../u_e-dovecot-static_master/index.html | 5 +- .../u_e-dovecot-vmail-volume/index.html | 36 +- .../Nginx/u_e-nginx_custom/index.html | 61 ++- .../Nginx/u_e-nginx_webmail-site/index.html | 21 +- .../u_e-postfix-attachment_size/index.html | 3 +- .../index.html | 9 +- .../Postfix/u_e-postfix-extra_cf/index.html | 3 +- .../Postfix/u_e-postfix-pflogsumm/index.html | 8 +- .../index.html | 20 +- .../u_e-postfix-trust_networks/index.html | 6 +- de/manual-guides/Redis/u_e-redis/index.html | 70 ++- de/manual-guides/Rspamd/u_e-rspamd/index.html | 362 ++++++++++---- de/manual-guides/SOGo/u_e-sogo/index.html | 68 ++- .../Unbound/u_e-unbound-fwd/index.html | 15 +- .../u_e-watchdog-thresholds/index.html | 5 +- .../u_e-mailcow_ui-tagging/index.html | 17 +- de/manual-guides/u_e-80_to_443/index.html | 15 +- .../u_e-autodiscover_config/index.html | 55 ++- .../u_e-reeanble-weak-protocols/index.html | 11 +- .../firststeps-disable_ipv6/index.html | 61 +-- .../firststeps-dmarc_reporting/index.html | 56 +-- .../firststeps-ip_bindings/index.html | 179 +++++-- .../firststeps-local_mta/index.html | 27 +- .../firststeps-logging/index.html | 132 +++-- de/post_installation/firststeps-rp/index.html | 270 ++++++----- .../firststeps-snat/index.html | 23 +- .../firststeps-ssl/index.html | 115 ++++- de/prerequisite/prerequisite-dns/index.html | 211 ++++++-- .../prerequisite-system/index.html | 158 ++++-- .../third_party-borgmatic/index.html | 149 +++--- de/third_party/third_party-gitea/index.html | 65 +-- de/third_party/third_party-gogs/index.html | 65 +-- .../third_party-mailman3/index.html | 447 +++-------------- .../index.html | 28 +- .../third_party-nextcloud/index.html | 28 +- .../third_party-portainer/index.html | 46 +- .../third_party-roundcube/index.html | 459 ++++++++++++------ .../debug-admin_login_sogo/index.html | 6 +- .../debug-attach_service/index.html | 11 +- .../debug-common_problems/index.html | 100 ++-- .../debug-mysql_aria/index.html | 95 +++- .../debug-mysql_upgrade/index.html | 10 +- de/troubleshooting/debug-reset_pw/index.html | 121 +++-- de/troubleshooting/debug-reset_tls/index.html | 7 +- .../debug-rm_volumes/index.html | 3 +- .../debug-rspamd_memory_leaks/index.html | 37 +- .../b_n_r-accidental_deletion/index.html | 5 +- en/backup_restore/b_n_r-backup/index.html | 236 +++++++-- .../b_n_r-backup_restore-maildir/index.html | 10 +- .../b_n_r-backup_restore-mysql/index.html | 12 +- .../b_n_r-coldstandby/index.html | 28 +- en/backup_restore/b_n_r-restore/index.html | 37 +- en/i_u_m/i_u_m_deinstall/index.html | 3 +- en/i_u_m/i_u_m_install/index.html | 79 ++- en/i_u_m/i_u_m_migration/index.html | 61 ++- en/i_u_m/i_u_m_update/index.html | 249 ++++++++-- .../u_e-clamav-additional_dbs/index.html | 23 +- .../ClamAV/u_e-clamav-whitelist/index.html | 39 +- .../u_e-docker-cust_dockerfiles/index.html | 9 +- .../u_e-docker-dc_bash_compl/index.html | 3 +- .../Dovecot/u_e-dovecot-any_acl/index.html | 3 +- .../Dovecot/u_e-dovecot-expunge/index.html | 120 +++-- .../Dovecot/u_e-dovecot-extra_conf/index.html | 3 +- .../Dovecot/u_e-dovecot-fts/index.html | 92 +++- .../u_e-dovecot-idle_interval/index.html | 9 +- .../Dovecot/u_e-dovecot-mail-crypt/index.html | 47 +- .../Dovecot/u_e-dovecot-more/index.html | 18 +- .../u_e-dovecot-public_folder/index.html | 13 +- .../u_e-dovecot-static_master/index.html | 5 +- .../u_e-dovecot-vmail-volume/index.html | 36 +- .../Nginx/u_e-nginx_custom/index.html | 61 ++- .../Nginx/u_e-nginx_webmail-site/index.html | 21 +- .../u_e-postfix-attachment_size/index.html | 3 +- .../index.html | 9 +- .../Postfix/u_e-postfix-extra_cf/index.html | 3 +- .../Postfix/u_e-postfix-pflogsumm/index.html | 8 +- .../index.html | 20 +- .../u_e-postfix-trust_networks/index.html | 6 +- en/manual-guides/Redis/u_e-redis/index.html | 70 ++- en/manual-guides/Rspamd/u_e-rspamd/index.html | 324 +++++++++---- en/manual-guides/SOGo/u_e-sogo/index.html | 67 ++- .../Unbound/u_e-unbound-fwd/index.html | 15 +- .../u_e-watchdog-thresholds/index.html | 5 +- .../u_e-mailcow_ui-tagging/index.html | 17 +- en/manual-guides/u_e-80_to_443/index.html | 15 +- .../u_e-autodiscover_config/index.html | 55 ++- .../u_e-reeanble-weak-protocols/index.html | 11 +- .../firststeps-disable_ipv6/index.html | 61 +-- .../firststeps-dmarc_reporting/index.html | 56 +-- .../firststeps-ip_bindings/index.html | 179 +++++-- .../firststeps-local_mta/index.html | 27 +- .../firststeps-logging/index.html | 132 +++-- en/post_installation/firststeps-rp/index.html | 270 ++++++----- .../firststeps-snat/index.html | 23 +- .../firststeps-ssl/index.html | 115 ++++- en/prerequisite/prerequisite-dns/index.html | 211 ++++++-- .../prerequisite-system/index.html | 158 ++++-- .../third_party-borgmatic/index.html | 157 +++--- en/third_party/third_party-gitea/index.html | 65 +-- en/third_party/third_party-gogs/index.html | 65 +-- .../third_party-mailman3/index.html | 447 +++-------------- .../index.html | 28 +- .../third_party-nextcloud/index.html | 28 +- .../third_party-portainer/index.html | 46 +- .../third_party-roundcube/index.html | 455 +++++++++++------ .../debug-admin_login_sogo/index.html | 6 +- .../debug-attach_service/index.html | 11 +- .../debug-common_problems/index.html | 100 ++-- .../debug-mysql_aria/index.html | 95 +++- .../debug-mysql_upgrade/index.html | 10 +- en/troubleshooting/debug-reset_pw/index.html | 121 +++-- en/troubleshooting/debug-reset_tls/index.html | 7 +- .../debug-rm_volumes/index.html | 3 +- .../debug-rspamd_memory_leaks/index.html | 37 +- i_u_m/i_u_m_deinstall/index.html | 3 +- i_u_m/i_u_m_install/index.html | 79 ++- i_u_m/i_u_m_migration/index.html | 61 ++- i_u_m/i_u_m_update/index.html | 249 ++++++++-- .../u_e-clamav-additional_dbs/index.html | 23 +- .../ClamAV/u_e-clamav-whitelist/index.html | 39 +- .../u_e-docker-cust_dockerfiles/index.html | 9 +- .../u_e-docker-dc_bash_compl/index.html | 3 +- .../Dovecot/u_e-dovecot-any_acl/index.html | 3 +- .../Dovecot/u_e-dovecot-expunge/index.html | 120 +++-- .../Dovecot/u_e-dovecot-extra_conf/index.html | 3 +- .../Dovecot/u_e-dovecot-fts/index.html | 92 +++- .../u_e-dovecot-idle_interval/index.html | 9 +- .../Dovecot/u_e-dovecot-mail-crypt/index.html | 47 +- .../Dovecot/u_e-dovecot-more/index.html | 18 +- .../u_e-dovecot-public_folder/index.html | 13 +- .../u_e-dovecot-static_master/index.html | 5 +- .../u_e-dovecot-vmail-volume/index.html | 36 +- .../Nginx/u_e-nginx_custom/index.html | 61 ++- .../Nginx/u_e-nginx_webmail-site/index.html | 21 +- .../u_e-postfix-attachment_size/index.html | 3 +- .../index.html | 9 +- .../Postfix/u_e-postfix-extra_cf/index.html | 3 +- .../Postfix/u_e-postfix-pflogsumm/index.html | 8 +- .../index.html | 20 +- .../u_e-postfix-trust_networks/index.html | 6 +- manual-guides/Redis/u_e-redis/index.html | 70 ++- manual-guides/Rspamd/u_e-rspamd/index.html | 324 +++++++++---- manual-guides/SOGo/u_e-sogo/index.html | 67 ++- .../Unbound/u_e-unbound-fwd/index.html | 15 +- .../u_e-watchdog-thresholds/index.html | 5 +- .../u_e-mailcow_ui-tagging/index.html | 17 +- manual-guides/u_e-80_to_443/index.html | 15 +- .../u_e-autodiscover_config/index.html | 55 ++- .../u_e-reeanble-weak-protocols/index.html | 11 +- .../firststeps-disable_ipv6/index.html | 61 +-- .../firststeps-dmarc_reporting/index.html | 56 +-- .../firststeps-ip_bindings/index.html | 179 +++++-- .../firststeps-local_mta/index.html | 27 +- .../firststeps-logging/index.html | 132 +++-- post_installation/firststeps-rp/index.html | 270 ++++++----- post_installation/firststeps-snat/index.html | 23 +- post_installation/firststeps-ssl/index.html | 115 ++++- prerequisite/prerequisite-dns/index.html | 211 ++++++-- prerequisite/prerequisite-system/index.html | 158 ++++-- search/search_index.json | 2 +- sitemap.xml.gz | Bin 2180 -> 2180 bytes third_party/third_party-borgmatic/index.html | 157 +++--- third_party/third_party-gitea/index.html | 65 +-- third_party/third_party-gogs/index.html | 65 +-- third_party/third_party-mailman3/index.html | 447 +++-------------- .../index.html | 28 +- third_party/third_party-nextcloud/index.html | 28 +- third_party/third_party-portainer/index.html | 46 +- third_party/third_party-roundcube/index.html | 455 +++++++++++------ .../debug-admin_login_sogo/index.html | 6 +- .../debug-attach_service/index.html | 11 +- .../debug-common_problems/index.html | 100 ++-- troubleshooting/debug-mysql_aria/index.html | 95 +++- .../debug-mysql_upgrade/index.html | 10 +- troubleshooting/debug-reset_pw/index.html | 121 +++-- troubleshooting/debug-reset_tls/index.html | 7 +- troubleshooting/debug-rm_volumes/index.html | 3 +- .../debug-rspamd_memory_leaks/index.html | 37 +- 206 files changed, 8735 insertions(+), 5652 deletions(-) diff --git a/backup_restore/b_n_r-accidental_deletion/index.html b/backup_restore/b_n_r-accidental_deletion/index.html index 83aed22d8..5c813184d 100644 --- a/backup_restore/b_n_r-accidental_deletion/index.html +++ b/backup_restore/b_n_r-accidental_deletion/index.html @@ -2428,9 +2428,8 @@

To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1.

Make sure the user you want to restore exists in your mailcow. Re-create them if they are missing.

Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota:

-
docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
-docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
-
+

docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' +docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net


diff --git a/backup_restore/b_n_r-backup/index.html b/backup_restore/b_n_r-backup/index.html index 878202dea..42cb86aa4 100644 --- a/backup_restore/b_n_r-backup/index.html +++ b/backup_restore/b_n_r-backup/index.html @@ -961,6 +961,47 @@ + + + + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) + + +
  • + +
  • + + Backup all, delete backups older than 3 days + + +
  • + +
  • + + Backup vmail, crypt and mysql data, delete backups older than 30 days + + +
  • + +
  • + + Backup vmail + + + +
  • + +
  • + + !/bin/sh + + +
  • + +
  • + + Backup mailcow data + + +
  • + +
  • + + https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/ + + +
  • + +
  • + + run command + +
  • @@ -978,6 +1047,13 @@ Backup strategy with rsync and mailcow backup script +
  • + +
  • + + If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path + +
  • @@ -2411,6 +2487,47 @@ + + + + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) + + +
  • + +
  • + + Backup all, delete backups older than 3 days + + +
  • + +
  • + + Backup vmail, crypt and mysql data, delete backups older than 30 days + + +
  • + +
  • + + Backup vmail + + + +
  • + +
  • + + !/bin/sh + + +
  • + +
  • + + Backup mailcow data + + +
  • + +
  • + + https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/ + + +
  • + +
  • + + run command + +
  • @@ -2428,6 +2573,13 @@ Backup strategy with rsync and mailcow backup script +
  • + +
  • + + If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path + +
  • @@ -2454,65 +2606,57 @@

    Please do not copy this script to another location.

    To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. You can also use "all" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

    -
    # Syntax:
    -# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
    -
    -# Backup all, delete backups older than 3 days
    -./helper-scripts/backup_and_restore.sh backup all --delete-days 3
    -
    -# Backup vmail, crypt and mysql data, delete backups older than 30 days
    -./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
    -
    -# Backup vmail
    -./helper-scripts/backup_and_restore.sh backup vmail
    -
    +

    ```

    +

    Syntax:

    +

    ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)

    +

    Backup all, delete backups older than 3 days

    +

    ./helper-scripts/backup_and_restore.sh backup all --delete-days 3

    +

    Backup vmail, crypt and mysql data, delete backups older than 30 days

    +

    ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30

    +

    Backup vmail

    +

    ./helper-scripts/backup_and_restore.sh backup vmail

    +

    ```

    The script will ask you for a backup location. Inside of this location it will create folders in the format "mailcow_DATE". You should not rename those folders to not break the restore process.

    To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

    -
    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    -
    +

    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all

    Cronjob

    You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

    -
    5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    -
    +

    5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3

    Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

    This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

    -
    #!/bin/sh
    -
    -# Backup mailcow data
    -# https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/
    -
    -set -e
    -
    -OUT="$(mktemp)"
    -export MAILCOW_BACKUP_LOCATION="/opt/backup"
    -SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
    -PARAMETERS="backup all"
    -OPTIONS="--delete-days 30"
    -
    -# run command
    -set +e
    -"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
    -RESULT=$?
    -
    -if [ $RESULT -ne 0 ]
    +

    ```

    +

    !/bin/sh

    +

    Backup mailcow data

    +

    https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/

    +

    set -e

    +

    OUT="$(mktemp)" +export MAILCOW_BACKUP_LOCATION="/opt/backup" +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh" +PARAMETERS="backup all" +OPTIONS="--delete-days 30"

    +

    run command

    +

    set +e +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT" +RESULT=$?

    +

    if [ $RESULT -ne 0 ] then - echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:" - echo "RESULT=$RESULT" - echo "STDOUT / STDERR:" - cat "$OUT" + echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:" + echo "RESULT=$RESULT" + echo "STDOUT / STDERR:" + cat "$OUT" fi -

    +```

    Backup strategy with rsync and mailcow backup script

    Create the destination directory for mailcows helper script: -

    mkdir -p /external_share/backups/backup_script
    -

    +mkdir -p /external_share/backups/backup_script

    Create cronjobs: -

    25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
    +```
    +25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
     40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
    -5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    -# If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
    -

    +5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3

    +

    If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path

    +

    ```

    On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions!

    To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker-compose pull and docker-compose up -d.

    diff --git a/backup_restore/b_n_r-backup_restore-maildir/index.html b/backup_restore/b_n_r-backup_restore-maildir/index.html index dbcbd50cf..91c31a457 100644 --- a/backup_restore/b_n_r-backup_restore-maildir/index.html +++ b/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -2412,15 +2412,13 @@

    Backup

    This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: -

    cd /path/to/mailcow-dockerized
    -docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
    -

    +cd /path/to/mailcow-dockerized +docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail

    You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

    Restore

    -
    cd /path/to/mailcow-dockerized
    -docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
    -
    +

    cd /path/to/mailcow-dockerized +docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz


    diff --git a/backup_restore/b_n_r-backup_restore-mysql/index.html b/backup_restore/b_n_r-backup_restore-mysql/index.html index b53f6f1c1..2f4231b52 100644 --- a/backup_restore/b_n_r-backup_restore-mysql/index.html +++ b/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -2411,20 +2411,18 @@

    MySQL (mysqldump)

    Backup

    -
    cd /path/to/mailcow-dockerized
    +

    cd /path/to/mailcow-dockerized source mailcow.conf -DATE=$(date +"%Y%m%d_%H%M%S") -docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql -

    +DATE=$(date +"%Y%m%d_%H%M%S") +docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql

    Restore

    Warning

    You should redirect the SQL dump without docker-compose to prevent parsing errors.

    -
    cd /path/to/mailcow-dockerized
    +

    cd /path/to/mailcow-dockerized source mailcow.conf -docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql -

    +docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql


    diff --git a/backup_restore/b_n_r-coldstandby/index.html b/backup_restore/b_n_r-coldstandby/index.html index 216c76aff..acbbbaca3 100644 --- a/backup_restore/b_n_r-coldstandby/index.html +++ b/backup_restore/b_n_r-coldstandby/index.html @@ -2459,10 +2459,9 @@

    You will need a SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

    In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

    Edit this file and change the exported variables:

    -
    export REMOTE_SSH_KEY=/path/to/keyfile
    +

    export REMOTE_SSH_KEY=/path/to/keyfile export REMOTE_SSH_PORT=22 -export REMOTE_SSH_HOST=mailcow-backup.host.name -

    +export REMOTE_SSH_HOST=mailcow-backup.host.name

    The key must be owned and readable by root only.

    Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker-compose v1 available.

    @@ -2470,28 +2469,23 @@ The destination must have Docker and docker-compose v1 availabl

    You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

    Backup and refresh the cold-standby

    Run the first backup, this may take a while depending on the connection:

    -
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    -
    +

    bash /opt/mailcow-dockerized/create_cold_standby.sh

    That was easy, wasn't it?

    Updating your cold-standby is just as easy:

    -
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    -
    +

    bash /opt/mailcow-dockerized/create_cold_standby.sh

    It's the same command.

    Automated backups with cron

    First make sure that the cron service is enabled and running:

    -
    systemctl enable cron.service && systemctl start cron.service
    -
    +

    systemctl enable cron.service && systemctl start cron.service

    To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

    -
    crontab -e
    -
    +

    crontab -e

    Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

    -
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    -
    -0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
    -
    +

    ``` +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

    +

    0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log +```

    If saved correctly, the cron job should be shown by typing:

    -
    crontab -l
    -
    +

    crontab -l


    diff --git a/backup_restore/b_n_r-restore/index.html b/backup_restore/b_n_r-restore/index.html index c48a313ba..e7c129a27 100644 --- a/backup_restore/b_n_r-restore/index.html +++ b/backup_restore/b_n_r-restore/index.html @@ -965,6 +965,20 @@ Restore + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh restore + +
  • @@ -2374,6 +2388,20 @@ Restore + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh restore + +
  • @@ -2394,14 +2422,13 @@ -

    Restore

    -

    Restore

    Please do not copy this script to another location.

    To run a restore, start mailcow, use the script with "restore" as first parameter.

    -
    # Syntax:
    -# ./helper-scripts/backup_and_restore.sh restore
    -
    +

    ```

    +

    Syntax:

    +

    ./helper-scripts/backup_and_restore.sh restore

    +

    ```

    The script will ask you for a backup location containing the mailcow_DATE folders.


    diff --git a/de/backup_restore/b_n_r-accidental_deletion/index.html b/de/backup_restore/b_n_r-accidental_deletion/index.html index 1e73c2139..e338995b7 100644 --- a/de/backup_restore/b_n_r-accidental_deletion/index.html +++ b/de/backup_restore/b_n_r-accidental_deletion/index.html @@ -2428,9 +2428,8 @@

    Um die Mailbox wiederherzustellen, stellen Sie sicher, dass Sie tatsächlich auf die gleiche Mailcow wiederherstellen, von der sie gelöscht wurde, oder Sie verwenden die gleichen Verschlüsselungsschlüssel in crypt-vol-1.

    Stellen Sie sicher, dass der Benutzer, den Sie wiederherstellen wollen, in Ihrer Mailcow existiert. Legen Sie diesen neu an, wenn der Benutzer fehlt.

    Kopieren Sie die Ordner von /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] zurück nach /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] und synchronisieren Sie die Ordner neu und berechnen Sie die Quota (Speicherplatz) neu:

    -
    docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*'
    -docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net
    -
    +

    docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' +docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net


    diff --git a/de/backup_restore/b_n_r-backup/index.html b/de/backup_restore/b_n_r-backup/index.html index 35c7f76ac..dc7f7c212 100644 --- a/de/backup_restore/b_n_r-backup/index.html +++ b/de/backup_restore/b_n_r-backup/index.html @@ -961,6 +961,47 @@ + + + + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) + + +
  • + +
  • + + Alles sichern, Sicherungen älter als 3 Tage löschen + + +
  • + +
  • + + vmail-, crypt- und mysql-Daten sichern, Sicherungen löschen, die älter als 30 Tage sind + + +
  • + +
  • + + vmail sichern + + + +
  • + +
  • + + !/bin/sh + + +
  • + +
  • + + Backup mailcow data + + +
  • + +
  • + + https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ + + +
  • + +
  • + + run command + + +
  • + +
  • + + https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ + + +
  • + +
  • + + Befehl ausführen + +
  • @@ -978,6 +1061,13 @@ Backup-Strategie mit rsync und mailcow Backup-Skript +
  • + +
  • + + Wenn Sie wollen, benutzen Sie acl util, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path + +
  • @@ -2411,6 +2501,47 @@ + + + + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) + + +
  • + +
  • + + Alles sichern, Sicherungen älter als 3 Tage löschen + + +
  • + +
  • + + vmail-, crypt- und mysql-Daten sichern, Sicherungen löschen, die älter als 30 Tage sind + + +
  • + +
  • + + vmail sichern + + + +
  • + +
  • + + !/bin/sh + + +
  • + +
  • + + Backup mailcow data + + +
  • + +
  • + + https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ + + +
  • + +
  • + + run command + + +
  • + +
  • + + https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ + + +
  • + +
  • + + Befehl ausführen + +
  • @@ -2428,6 +2601,13 @@ Backup-Strategie mit rsync und mailcow Backup-Skript +
  • + +
  • + + Wenn Sie wollen, benutzen Sie acl util, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path + +
  • @@ -2454,84 +2634,72 @@

    Bitte kopieren Sie dieses Skript nicht an einen anderen Ort.

    Um ein Backup zu starten, geben Sie "backup" als ersten Parameter an und entweder eine oder mehrere zu sichernde Komponenten als folgende Parameter. Sie können auch "all" als zweiten Parameter verwenden, um alle Komponenten zu sichern. Fügen Sie --delete-days n an, um Sicherungen zu löschen, die älter als n Tage sind.

    -
    # Syntax:
    -# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
    -
    -# Alles sichern, Sicherungen älter als 3 Tage löschen
    -./helper-scripts/backup_and_restore.sh backup all --delete-days 3
    -
    -# vmail-, crypt- und mysql-Daten sichern, Sicherungen löschen, die älter als 30 Tage sind
    -./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
    -
    -# vmail sichern
    -./helper-scripts/backup_and_restore.sh backup vmail
    -
    +

    ```

    +

    Syntax:

    +

    ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)

    +

    Alles sichern, Sicherungen älter als 3 Tage löschen

    +

    ./helper-scripts/backup_and_restore.sh backup all --delete-days 3

    +

    vmail-, crypt- und mysql-Daten sichern, Sicherungen löschen, die älter als 30 Tage sind

    +

    ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30

    +

    vmail sichern

    +

    ./helper-scripts/backup_and_restore.sh backup vmail

    +

    ```

    Das Skript wird Sie nach einem Speicherort für die Sicherung fragen. Innerhalb dieses Speicherortes wird es Ordner im Format "mailcow_DATE" erstellen. Sie sollten diese Ordner nicht umbenennen, um den Wiederherstellungsprozess nicht zu unterbrechen.

    Um ein Backup unbeaufsichtigt durchzuführen, definieren Sie MAILCOW_BACKUP_LOCATION als Umgebungsvariable bevor Sie das Skript starten:

    -
    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
    -
    +

    MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all

    Cronjob

    Sie können das Backup-Skript regelmäßig über einen Cronjob laufen lassen. Stellen Sie sicher, dass BACKUP_LOCATION existiert:

    -
    5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    -
    +

    5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3

    Standardmäßig sendet Cron das komplette Ergebnis jeder Backup-Operation per E-Mail. Wenn Sie möchten, dass cron nur im Fehlerfall (Exit-Code ungleich Null) eine E-Mail sendet, können Sie den folgenden Ausschnitt verwenden. Die Pfade müssen entsprechend Ihrer Einrichtung angepasst werden (dieses Skript ist ein Beitrag des Benutzers).

    Das folgende Skript kann in /etc/cron.daily/mailcow-backup platziert werden - vergessen Sie nicht, es mit chmod +x als ausführbar zu markieren:

    -
    #!/bin/sh
    -
    -# Backup mailcow data
    -# https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/
    -
    -set -e
    -
    -OUT="$(mktemp)"
    -export MAILCOW_BACKUP_LOCATION="/opt/backup"
    -SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
    -PARAMETERS="backup all"
    -OPTIONS="--delete-days 30"
    -
    -# run command
    -set +e
    -"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
    -RESULT=$?
    -
    -if [ $RESULT -ne 0 ]
    +

    ```

    +

    !/bin/sh

    +

    Backup mailcow data

    +

    https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/

    +

    set -e

    +

    OUT="$(mktemp)" +export MAILCOW_BACKUP_LOCATION="/opt/backup" +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh" +PARAMETERS="backup all" +OPTIONS="--delete-days 30"

    +

    run command

    +

    set +e +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT" +RESULT=$?

    +

    if [ $RESULT -ne 0 ] then - echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:" - echo "RESULT=$RESULT" -# https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ - -set -e - -OUT="$(mktemp)" -export MAILCOW_BACKUP_LOCATION="/opt/backup" -SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh" -PARAMETERS="alle sichern" -OPTIONS="--delete-days 30" - -# Befehl ausführen -setzen +e -"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT" -ERGEBNIS=$? - -if [ $RESULT -ne 0 ] + echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:" + echo "RESULT=$RESULT"

    +

    https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/

    +

    set -e

    +

    OUT="$(mktemp)" +export MAILCOW_BACKUP_LOCATION="/opt/backup" +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh" +PARAMETERS="alle sichern" +OPTIONS="--delete-days 30"

    +

    Befehl ausführen

    +

    setzen +e +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT" +ERGEBNIS=$?

    +

    if [ $RESULT -ne 0 ] dann - echo "${SCRIPT} ${PARAMETER} ${OPTIONS} ist auf einen Fehler gestoßen:" - echo "ERGEBNIS=$ERGEBNIS" - echo "STDOUT / STDERR:" - cat "$OUT" + echo "${SCRIPT} ${PARAMETER} ${OPTIONS} ist auf einen Fehler gestoßen:" + echo "ERGEBNIS=$ERGEBNIS" + echo "STDOUT / STDERR:" + cat "$OUT" fi -

    +```

    Backup-Strategie mit rsync und mailcow Backup-Skript

    Erstellen Sie das Zielverzeichnis für mailcows Hilfsskript: -

    mkdir -p /external_share/backups/backup_script
    -

    +mkdir -p /external_share/backups/backup_script

    Cronjobs erstellen: -

    25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
    +```
    +25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
     40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
    -5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
    -# Wenn Sie wollen, benutzen Sie acl util, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path
    -

    +5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3

    +

    Wenn Sie wollen, benutzen Sie acl util, um die Berechtigungen einiger/aller Ordner/Dateien zu sichern: getfacl -Rn /path

    +

    ```

    Am Zielort (in diesem Fall /external_share/backups) möchten Sie vielleicht Snapshot-Fähigkeiten haben (ZFS, Btrfs usw.). Machen Sie täglich einen Snapshot und bewahren Sie ihn für n Tage auf, um ein konsistentes Backup zu erhalten. Führen Sie kein rsync auf eine Samba-Freigabe durch, Sie müssen die richtigen Berechtigungen einhalten!

    Zum Wiederherstellen müssen Sie rsync einfach in umgekehrter Richtung ausführen und Docker neu starten, um die Volumes erneut zu lesen. Führen Sie docker-compose pull und docker-compose up -d aus.

    diff --git a/de/backup_restore/b_n_r-backup_restore-maildir/index.html b/de/backup_restore/b_n_r-backup_restore-maildir/index.html index dec056027..c3968b3f4 100644 --- a/de/backup_restore/b_n_r-backup_restore-maildir/index.html +++ b/de/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -2412,15 +2412,13 @@

    Sicherung

    Diese Zeile sichert das vmail-Verzeichnis in eine Datei backup_vmail.tar.gz im mailcow-Root-Verzeichnis: -

    cd /pfad/zu/mailcow-dockerized
    -docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
    -

    +cd /pfad/zu/mailcow-dockerized +docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail

    Sie können den Pfad ändern, indem Sie ${PWD} (das dem aktuellen Verzeichnis entspricht) an einen beliebigen Pfad anpassen, auf den Sie Schreibzugriff haben. Setzen Sie den Dateinamen backup_vmail.tar.gz auf einen beliebigen Namen, aber lassen Sie den Pfad so wie er ist. Beispiel: [...] tar cvfz /backup/mein_eigener_filename_.tar.gz

    Wiederherstellen

    -
    cd /pfad/zu/mailcow-dockerized
    -docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
    -
    +

    cd /pfad/zu/mailcow-dockerized +docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz


    diff --git a/de/backup_restore/b_n_r-backup_restore-mysql/index.html b/de/backup_restore/b_n_r-backup_restore-mysql/index.html index a8e97879e..1304162aa 100644 --- a/de/backup_restore/b_n_r-backup_restore-mysql/index.html +++ b/de/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -2411,20 +2411,18 @@

    MySQL (mysqldump)

    Sicherung

    -
    cd /pfad/zu/mailcow-dockerized
    +

    cd /pfad/zu/mailcow-dockerized source mailcow.conf -DATE=$(Datum +"%Y%m%d_%H%M%S") -docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql -

    +DATE=$(Datum +"%Y%m%d_%H%M%S") +docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql

    Wiederherstellen

    Warning

    Sie sollten den SQL-Dump ohne docker-compose umleiten, um Parsing-Fehler zu vermeiden.

    -
    cd /pfad/zu/mailcow-dockerized
    +

    cd /pfad/zu/mailcow-dockerized source mailcow.conf -docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql -

    +docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql


    diff --git a/de/backup_restore/b_n_r-coldstandby/index.html b/de/backup_restore/b_n_r-coldstandby/index.html index ac9fba846..80ff3edf9 100644 --- a/de/backup_restore/b_n_r-coldstandby/index.html +++ b/de/backup_restore/b_n_r-coldstandby/index.html @@ -2459,10 +2459,9 @@

    Sie benötigen ein SSH-fähiges Ziel und eine Schlüsseldatei, um sich mit diesem Ziel zu verbinden. Der Schlüssel sollte nicht durch ein Passwort geschützt sein, damit das Skript unbeaufsichtigt arbeiten kann.

    In Ihrem mailcow-Basisverzeichnis, z.B. /opt/mailcow-dockerized, finden Sie eine Datei create_cold_standby.sh.

    Bearbeiten Sie diese Datei und ändern Sie die exportierten Variablen:

    -
    export REMOTE_SSH_KEY=/pfad/zur/keyfile
    +

    export REMOTE_SSH_KEY=/pfad/zur/keyfile export REMOTE_SSH_PORT=22 -export REMOTE_SSH_HOST=mailcow-backup.host.name -

    +export REMOTE_SSH_HOST=mailcow-backup.host.name

    Der Schlüssel muss im Besitz von root sein und darf nur von diesem gelesen werden können.

    Sowohl die Quelle als auch das Ziel benötigen rsync >= v3.1.0. Das Ziel muss über Docker und docker-compose v1 verfügen.

    @@ -2470,28 +2469,23 @@ Das Ziel muss über Docker und docker-compose v1 verfügen.

    Sie können die Verbindung testen, indem Sie ssh mailcow-backup.host.name -p22 -i /path/to/keyfile ausführen.

    Backup und Aktualisierung des Cold-Standby

    Starten Sie das erste Backup, dies kann je nach Verbindung eine Weile dauern:

    -
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    -
    +

    bash /opt/mailcow-dockerized/create_cold_standby.sh

    Das war einfach, nicht wahr?

    Das Aktualisieren des Cold-Standby ist genauso einfach:

    -
    bash /opt/mailcow-dockerized/create_cold_standby.sh
    -
    +

    bash /opt/mailcow-dockerized/create_cold_standby.sh

    Es ist derselbe Befehl.

    Automatisierte Backups mit cron

    Stellen Sie zunächst sicher, dass der cron Dienst aktiviert ist und läuft:

    -
    systemctl enable cron.service && systemctl start cron.service
    -
    +

    systemctl enable cron.service && systemctl start cron.service

    Um die Backups auf dem Cold-Standby-Server zu automatisieren, können Sie einen Cron-Job verwenden. Um die Cron-Jobs für den Root-Benutzer zu bearbeiten, führen Sie aus:

    -
    crontab -e
    -
    +

    crontab -e

    Fügen Sie die folgenden Zeilen hinzu, um den Cold-Standby-Server täglich um 03:00 Uhr zu synchronisieren. In diesem Beispiel werden Fehler der letzten Ausführung in einer Datei protokolliert.

    -
    PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    -
    -0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
    -
    +

    ``` +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

    +

    0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log +```

    Wenn korrekt gespeichert, sollte der Cron-Job durch Eingabe angezeigt werden:

    -
    crontab -l
    -
    +

    crontab -l


    diff --git a/de/backup_restore/b_n_r-restore/index.html b/de/backup_restore/b_n_r-restore/index.html index 28c255d25..5651f0f69 100644 --- a/de/backup_restore/b_n_r-restore/index.html +++ b/de/backup_restore/b_n_r-restore/index.html @@ -965,6 +965,20 @@ Wiederherstellung + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh restore + +
  • @@ -2374,6 +2388,20 @@ Wiederherstellung + + +
  • + + Syntax: + + +
  • + +
  • + + ./helper-scripts/backup_and_restore.sh restore + +
  • @@ -2394,14 +2422,13 @@ -

    Wiederherstellung

    -

    Wiederherstellung

    Bitte kopieren Sie dieses Skript nicht an einen anderen Ort.

    Um eine Wiederherstellung durchzuführen, starten Sie mailcow, verwenden Sie das Skript mit "restore" als ersten Parameter.

    -
    # Syntax:
    -# ./helper-scripts/backup_and_restore.sh restore
    -
    +

    ```

    +

    Syntax:

    +

    ./helper-scripts/backup_and_restore.sh restore

    +

    ```

    Das Skript wird Sie nach einem Speicherort für die Sicherung der mailcow_DATE-Ordner fragen.


    diff --git a/de/i_u_m/i_u_m_deinstall/index.html b/de/i_u_m/i_u_m_deinstall/index.html index 003c482e8..c65bd10d9 100644 --- a/de/i_u_m/i_u_m_deinstall/index.html +++ b/de/i_u_m/i_u_m_deinstall/index.html @@ -2346,8 +2346,7 @@

    Deinstallation

    Um mailcow: dockerized mit all seinen Volumes, Images und Containern zu entfernen, tun Sie dies:

    -
    docker-compose down -v --rmi all --remove-orphans
    -
    +

    docker-compose down -v --rmi all --remove-orphans

    Info

      diff --git a/de/i_u_m/i_u_m_install/index.html b/de/i_u_m/i_u_m_install/index.html index b61c3367a..3f160d616 100644 --- a/de/i_u_m/i_u_m_install/index.html +++ b/de/i_u_m/i_u_m_install/index.html @@ -66,6 +66,11 @@ @@ -2343,66 +2352,58 @@ -

      Installation

      -

      Sie benötigen Docker (eine Version >= 20.10.2 ist erforderlich) und Docker Compose (eine Version <= 2.0 ist erforderlich).

      1. Erfahren Sie, wie Sie Docker und Docker Compose installieren.

      Schnelle Installation für die meisten Betriebssysteme:

        -
      • -

        Docker -

        curl -sSL https://get.docker.com/ | CHANNEL=stable sh
        -# Nachdem der Installationsprozess abgeschlossen ist, müssen Sie eventuell den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)
        -systemctl enable --now docker
        -

        -
      • -
      • -

        Docker-Compose

        -
      • +
      • Docker +``` +curl -sSL https://get.docker.com/ | CHANNEL=stable sh
      • +
      +

      Nachdem der Installationsprozess abgeschlossen ist, müssen Sie eventuell den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)

      +

      systemctl enable --now docker +```

      +
        +
      • Docker-Compose

      Warning

      mailcow benötigt die neueste Version von docker-compose v1. Es wird dringend empfohlen, die untenstehenden Befehle zu verwenden, um docker-compose zu installieren. Paket-Manager (z.B. apt, yum) werden wahrscheinlich nicht die richtige Version liefern. Hinweis: Dieser Befehl lädt docker-compose aus dem offiziellen Docker-Github-Repository herunter und ist eine sichere Methode. Das Snippet ermittelt die neueste unterstützte Version von mailcow. In fast allen Fällen ist dies die letzte verfügbare Version (Ausnahmen sind kaputte Versionen oder größere Änderungen, die noch nicht von mailcow unterstützt werden).

      -
      curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
      -chmod +x /usr/local/bin/docker-compose
      -
      +

      curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose

      Bitte verwenden Sie die neueste verfügbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird.

      1.1.1. Auf SELinux-aktivierten Systemen, z.B. CentOS 7:

      • Prüfen Sie, ob das Paket "container-selinux" auf Ihrem System vorhanden ist:
      -
      rpm -qa | grep container-selinux
      -
      +

      rpm -qa | grep container-selinux

      Wenn der obige Befehl eine leere oder keine Ausgabe liefert, sollten Sie es über Ihren Paketmanager installieren.

      • Prüfen Sie, ob Docker SELinux-Unterstützung aktiviert hat:
      -
      docker info | grep selinux
      -
      +

      docker info | grep selinux

      Wenn der obige Befehl eine leere oder keine Ausgabe liefert, erstellen oder bearbeiten Sie /etc/docker/daemon.json und fügen Sie "selinux-enabled": true hinzu. Beispielhafter Inhalt der Datei:

      -
      {
      -  "selinux-enabled": true
      -}
      -
      +

      { + "selinux-enabled": true +}

      Starten Sie den Docker-Daemon neu und überprüfen Sie, ob SELinux nun aktiviert ist.

      Dieser Schritt ist erforderlich, um sicherzustellen, dass die mailcows-Volumes richtig gekennzeichnet sind, wie in der Compose-Datei angegeben. Wenn Sie daran interessiert sind, wie das funktioniert, können Sie sich die Readme-Datei von https://github.com/containers/container-selinux ansehen, die auf viele nützliche Informationen zu diesem Thema verweist.

      2. Klonen Sie den Master-Zweig des Repositorys und stellen Sie sicher, dass Ihre umask gleich 0022 ist. Bitte klonen Sie das Repository als root-Benutzer und kontrollieren Sie auch den Stack als root. Wir werden die Attribute - wenn nötig - ändern, während wir die Container automatisch bereitstellen und sicherstellen, dass alles gesichert ist. Das update.sh-Skript muss daher ebenfalls als root ausgeführt werden. Es kann notwendig sein, den Besitzer und andere Attribute von Dateien zu ändern, auf die Sie sonst keinen Zugriff haben. Wir geben die Berechtigungen für jede exponierte Anwendung auf und führen einen exponierten Dienst nicht als root aus! Wenn Sie den Docker-Daemon als Nicht-Root-Benutzer steuern, erhalten Sie keine zusätzliche Sicherheit. Der unprivilegierte Benutzer wird die Container ebenfalls als root spawnen. Das Verhalten des Stacks ist identisch.

      -
      $ su
      -# umask
      -0022 # <- Überprüfen, dass es 0022 ist
      -# cd /opt
      -# git clone https://github.com/mailcow/mailcow-dockerized
      -# cd mailcow-dockerized
      -
      +

      ``` +$ su

      +

      umask

      +

      0022 # <- Überprüfen, dass es 0022 ist

      +

      cd /opt

      +

      git clone https://github.com/mailcow/mailcow-dockerized

      +

      cd mailcow-dockerized

      +

      ```

      3. Erzeugen Sie eine Konfigurationsdatei. Verwenden Sie einen FQDN (host.domain.tld) als Hostname, wenn Sie gefragt werden. -

      ./generate_config.sh
      -

      +./generate_config.sh

      4. Ändern Sie die Konfiguration, wenn Sie das wollen oder müssen. -

      nano mailcow.conf
      -
      +nano mailcow.conf Wenn Sie planen, einen Reverse Proxy zu verwenden, können Sie zum Beispiel HTTPS an 127.0.0.1 auf Port 8443 und HTTP an 127.0.0.1 auf Port 8080 binden.

      Möglicherweise müssen Sie einen vorinstallierten MTA stoppen, der Port 25/tcp blockiert. Siehe dieses Kapitel, um zu erfahren, wie man Postfix rekonfiguriert, um nach einer erfolgreichen Installation neben mailcow laufen zu lassen.

      Einige Updates modifizieren mailcow.conf und fügen neue Parameter hinzu. Es ist schwer, in der Dokumentation den Überblick zu behalten. Bitte überprüfen Sie deren Beschreibung und fragen Sie, wenn Sie unsicher sind, in den bekannten Kanälen nach Rat.

      @@ -2410,20 +2411,18 @@ Wenn Sie planen, einen Reverse Proxy zu verwenden, können Sie zum Beispiel HTTP

      Wenn Sie auf Probleme und seltsame Phänomene stoßen, überprüfen Sie bitte Ihre MTU.

      Bearbeiten Sie docker-compose.yml und ändern Sie die Netzwerkeinstellungen entsprechend Ihrer MTU. Fügen Sie den neuen Parameter driver_opts wie folgt hinzu: -

      networks:
      +networks:
         mailcow-network:
           ...
           driver_opts:
             com.docker.network.driver.mtu: 1450
      -    ...
      -

      + ...

      4.2. Benutzer ohne ein IPv6-aktiviertes Netzwerk auf ihrem Hostsystem:

      Einschalten von IPv6. Endlich.

      Wenn Sie kein IPv6-fähiges Netzwerk auf Ihrem Host haben und Sie sich nicht um ein besseres Internet kümmern (hehe), ist es empfehlenswert, IPv6 für das mailcow-Netzwerk zu deaktivieren, um unvorhergesehene Probleme zu vermeiden.

      5. LAden Sie die Images herunter und führen Sie die Compose-Datei aus. Der Parameter -d wird mailcow: dockerized starten: -

      docker-compose pull
      -docker-compose up -d
      -

      +docker-compose pull +docker-compose up -d

      Geschafft!

      Sie können nun auf https://${MAILCOW_HOSTNAME} mit den Standard-Zugangsdaten admin + Passwort moohoo zugreifen.

      diff --git a/de/i_u_m/i_u_m_migration/index.html b/de/i_u_m/i_u_m_migration/index.html index ff09b304f..627de9398 100644 --- a/de/i_u_m/i_u_m_migration/index.html +++ b/de/i_u_m/i_u_m_migration/index.html @@ -66,6 +66,11 @@ @@ -2343,8 +2352,6 @@ -

      Migration

      -

      Warning

      Diese Anleitung geht davon aus, dass Sie beabsichtigen, einen bestehenden Mailcow-Server (Quelle) auf einen brandneuen, leeren Server (Ziel) zu migrieren. Sie kümmert sich nicht um die Erhaltung bestehender Daten auf dem Zielserver und löscht alles innerhalb von /var/lib/docker/volumes und somit alle Docker-Volumes, die Sie bereits eingerichtet haben.

      @@ -2357,45 +2364,37 @@ Installieren Sie
      Docker und Docker Compose auf Ihrem neuen Server.

      Schnelle Installation für die meisten Betriebssysteme:

        -
      • -

        Docker -

        curl -sSL https://get.docker.com/ | CHANNEL=stable sh
        -# Nachdem der Installationsprozess abgeschlossen ist, müssen Sie den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)
        -systemctl enable docker.service
        -

        -
      • -
      • -

        docker-compose -

        curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
        -chmod +x /usr/local/bin/docker-compose
        -

        -
      • +
      • Docker +``` +curl -sSL https://get.docker.com/ | CHANNEL=stable sh
      • +
      +

      Nachdem der Installationsprozess abgeschlossen ist, müssen Sie den Dienst aktivieren und sicherstellen, dass er gestartet ist (z. B. CentOS 7)

      +

      systemctl enable docker.service +```

      +
        +
      • docker-compose +curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose

      Bitte verwenden Sie die neueste verfügbare Docker-Engine und nicht die Engine, die mit Ihrem Distros-Repository ausgeliefert wird.

      2. Stoppen Sie Docker und stellen Sie sicher, dass Docker gestoppt wurde: -

      systemctl stop docker.service
      -systemctl status docker.service
      -

      +systemctl stop docker.service +systemctl status docker.service

      3. Führen Sie die folgenden Befehle auf dem Quellcomputer aus (achten Sie darauf, die abschließenden Schrägstriche im ersten Pfadparameter wie unten gezeigt hinzuzufügen!) - WARNUNG: Dieser Befehl löscht alles, was bereits unter /var/lib/docker/volumes auf dem Zielrechner existiert: -

      rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
      -rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
      -

      +rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized +rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes

      4. Schalten Sie mailcow ab und stoppen Sie Docker auf dem Quellrechner. -

      cd /opt/mailcow-dockerized
      +cd /opt/mailcow-dockerized
       docker-compose herunterfahren
      -systemctl stop docker.service
      -

      +systemctl stop docker.service

      **Wiederholen Sie Schritt 3 mit denselben Befehlen. Dies wird viel schneller gehen als beim ersten Mal.

      6. Wechseln Sie auf den Zielrechner und starten Sie Docker. -

      systemctl start docker.service
      -

      +systemctl start docker.service

      7. Ziehen Sie nun die mailcow Docker-Images auf den Zielrechner. -

      cd /opt/mailcow-dockerized
      -docker-compose pull
      -

      +cd /opt/mailcow-dockerized +docker-compose pull

      8. Starten Sie den gesamten mailcow-Stack und alles sollte fertig sein! -

      docker-compose up -d
      -

      +docker-compose up -d

      9. Zum Schluss ändern Sie Ihre DNS-Einstellungen so, dass sie auf den Zielserver zeigen.


      diff --git a/de/i_u_m/i_u_m_update/index.html b/de/i_u_m/i_u_m_update/index.html index 2805d2bdc..ebf17d43c 100644 --- a/de/i_u_m/i_u_m_update/index.html +++ b/de/i_u_m/i_u_m_update/index.html @@ -419,6 +419,75 @@ +
    + + + + +
  • + + Optionen können kombiniert werden + + +
  • + +
  • + + - Prüft auf Updates und zeigt Änderungen an + + +
  • + +
  • + + Versuchen Sie nicht, docker-compose zu aktualisieren, stellen Sie sicher, dass Sie die neueste verfügbare Version von docker-compose verwenden + + +
  • + +
  • + + - Starten Sie mailcow nicht, nachdem Sie ein Update durchgeführt haben + + +
  • + +
  • + + - Erzwinge Update (unbeaufsichtigt, aber nicht unterstützt, Benutzung auf eigenes Risiko) + + +
  • + +
  • + + - Garbage Collector ausführen, um alte Image-Tags zu bereinigen und beenden + + +
  • + +
  • + + - Update mit der Merge-Strategie-Option "ours" statt "theirs" + + +
  • + +
  • + + Dies wird Konflikte beim Zusammenführen zugunsten Ihrer lokalen Änderungen lösen und sollte vermieden werden. Lokale Änderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY geändert. + + +
  • + +
  • + + - Nicht aktualisieren, nur holen von Docker Images + + + + +
  • + +
  • + + Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID + + + - -
  • - -
  • +
  • Fußnoten +
  • + + + + @@ -2423,6 +2505,75 @@ + + + + + +
  • + + Optionen können kombiniert werden + + +
  • + +
  • + + - Prüft auf Updates und zeigt Änderungen an + + +
  • + +
  • + + Versuchen Sie nicht, docker-compose zu aktualisieren, stellen Sie sicher, dass Sie die neueste verfügbare Version von docker-compose verwenden + + +
  • + +
  • + + - Starten Sie mailcow nicht, nachdem Sie ein Update durchgeführt haben + + +
  • + +
  • + + - Erzwinge Update (unbeaufsichtigt, aber nicht unterstützt, Benutzung auf eigenes Risiko) + + +
  • + +
  • + + - Garbage Collector ausführen, um alte Image-Tags zu bereinigen und beenden + + +
  • + +
  • + + - Update mit der Merge-Strategie-Option "ours" statt "theirs" + + +
  • + +
  • + + Dies wird Konflikte beim Zusammenführen zugunsten Ihrer lokalen Änderungen lösen und sollte vermieden werden. Lokale Änderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY geändert. + + +
  • + +
  • + + - Nicht aktualisieren, nur holen von Docker Images + + + + +
  • + +
  • + + Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID + + + - -
  • - -
  • +
  • Fußnoten +
  • + + + + @@ -2474,57 +2638,48 @@ -

    Update

    -

    Automatische Aktualisierung

    Ein Update-Skript in Ihrem mailcow-dockerized Verzeichnis kümmert sich um Updates.

    Aber benutzen Sie es mit Bedacht! Wenn Sie denken, dass Sie viele Änderungen am mailcow-Code vorgenommen haben, sollten Sie die manuelle Update-Anleitung unten verwenden.

    Führen sie das Update-Skript aus: -

    ./update.sh
    -

    +./update.sh

    Wenn es nötig ist, wird es Sie fragen, wie Sie fortfahren möchten. Merge-Fehler werden gemeldet. Einige kleinere Konflikte werden automatisch korrigiert (zugunsten des mailcow: dockerized repository code).

    Optionen

    -
    # Optionen können kombiniert werden
    -
    -# - Prüft auf Updates und zeigt Änderungen an
    -./update.sh --check
    -
    -# Versuchen Sie nicht, docker-compose zu aktualisieren, **stellen Sie sicher, dass Sie die neueste verfügbare Version von docker-compose verwenden**
    -./update.sh --no-update-compose
    -
    -# - Starten Sie mailcow nicht, nachdem Sie ein Update durchgeführt haben
    -./update.sh --skip-start
    -
    -# - Erzwinge Update (unbeaufsichtigt, aber nicht unterstützt, Benutzung auf eigenes Risiko)
    -./update.sh --force
    -
    -# - Garbage Collector ausführen, um alte Image-Tags zu bereinigen und beenden
    -./update.sh --gc
    -
    -# - Update mit der Merge-Strategie-Option "ours" statt "theirs"
    -# Dies wird **Konflikte** beim Zusammenführen zugunsten Ihrer lokalen Änderungen lösen und sollte vermieden werden. Lokale Änderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY geändert.
    -./update.sh --ours
    -
    -# - Nicht aktualisieren, nur holen von Docker Images
    -./update.sh --prefetch
    -
    +

    ```

    +

    Optionen können kombiniert werden

    +

    - Prüft auf Updates und zeigt Änderungen an

    +

    ./update.sh --check

    +

    Versuchen Sie nicht, docker-compose zu aktualisieren, stellen Sie sicher, dass Sie die neueste verfügbare Version von docker-compose verwenden

    +

    ./update.sh --no-update-compose

    +

    - Starten Sie mailcow nicht, nachdem Sie ein Update durchgeführt haben

    +

    ./update.sh --skip-start

    +

    - Erzwinge Update (unbeaufsichtigt, aber nicht unterstützt, Benutzung auf eigenes Risiko)

    +

    ./update.sh --force

    +

    - Garbage Collector ausführen, um alte Image-Tags zu bereinigen und beenden

    +

    ./update.sh --gc

    +

    - Update mit der Merge-Strategie-Option "ours" statt "theirs"

    +

    Dies wird Konflikte beim Zusammenführen zugunsten Ihrer lokalen Änderungen lösen und sollte vermieden werden. Lokale Änderungen werden immer beibehalten, es sei denn, wir haben auch die Datei XY geändert.

    +

    ./update.sh --ours

    +

    - Nicht aktualisieren, nur holen von Docker Images

    +

    ./update.sh --prefetch +```

    Ich habe vergessen, was ich vor dem Ausführen von update.sh geändert habe.

    Siehe git log --pretty=oneline | grep -i "before update", Sie werden eine Ausgabe ähnlich dieser haben:

    -
    22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
    -dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
    -
    +

    22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 +dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31

    Führen Sie git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab aus, um zu sehen, was sich geändert hat.

    Kann ich ein Rollback durchführen?

    Ja.

    Siehe das obige Thema, anstelle eines Diffs führen Sie checkout aus:

    -
    docker-compose down
    -# Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID
    -git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
    +

    ``` +docker-compose down

    +

    Ersetzen Sie die Commit-ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab durch Ihre ID

    +

    git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d -

    +```

    Hooks

    Sie können sich in den Update-Mechanismus einklinken, indem Sie Skripte namens pre_commit_hook.sh und post_commit_hook.sh zu Ihrem mailcows-Root-Verzeichnis hinzufügen. Siehe hier für weitere Details.

    Fußnoten

    diff --git a/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html index d98442006..19466c3e9 100644 --- a/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html +++ b/de/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -2466,21 +2466,20 @@
  • Sie brauchen your_id von den Downloadlinks. Diese sind pro User individuell.
  • Fügen Sie diese wie folgt in die data/conf/clamav/freshclam.conf ein und ersetzen Sie den your_id Teil mit Ihrer ID: -

    DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
    +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
     DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
     DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
     DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
     DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
     DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
    -DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
    -

    +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb

  • Bei den kostenlosen SecuriteInfo Datenbanken ist die Download-Geschwindigkeit auf 300 kB/s begrenzt. Ändern Sie in data/conf/clamav/freshclam.conf den Standardwert ReceiveTimeout 20 auf ReceiveTimeout 90 (Zeitangabe in Sekunden), da ansonsten einige der Datenbank-Downloads aufgrund ihrer Größe abbrechen können.

  • Passen Sie data/conf/clamav/clamd.conf mit den folgenden Einstellungen an: -

    DetectPUA yes
    +DetectPUA yes
     ExcludePUA PUA.Win.Packer
     ExcludePUA PUA.Win.Trojan.Packed
     ExcludePUA PUA.Win.Trojan.Molebox
    @@ -2492,12 +2491,11 @@ MaxRecursion 40
     MaxEmbeddedPE 100M
     MaxHTMLNormalize 50M
     MaxScriptNormalize 50M
    -MaxZipTypeRcg 50M
    -

    +MaxZipTypeRcg 50M

  • Starten Sie den ClamAV Container neu: -
    docker-compose restart clamd-mailcow
    -
  • +bash +docker-compose restart clamd-mailcow

    Bitte beachten Sie:

      @@ -2509,14 +2507,13 @@ MaxZipTypeRcg 50M

      InterServer Datenbanken aktivieren

      1. Fügen Sie folgendes in data/conf/clamav/freshclam.conf ein: -
        DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
        +DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
         DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
         DatabaseCustomURL http://sigs.interserver.net/shell.ldb
        -DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
        -
      2. +DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
      3. Starten Sie den ClamAV Container neu: -
        docker-compose restart clamd-mailcow
        -
      4. +bash +docker-compose restart clamd-mailcow

      diff --git a/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html index e8fc0b105..ba1c203af 100644 --- a/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html +++ b/de/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -1842,6 +1842,13 @@ Whitelist für bestimmte ClamAV-Signaturen + + +
    • + + docker-compose exec redis-mailcow /bin/sh + +
    @@ -2374,6 +2381,13 @@ Whitelist für bestimmte ClamAV-Signaturen + + +
  • + + docker-compose exec redis-mailcow /bin/sh + +
  • @@ -2394,26 +2408,25 @@ -

    Whitelist

    -

    Whitelist für bestimmte ClamAV-Signaturen

    Es kann vorkommen, dass legitime (saubere) Mails von ClamAV blockiert werden (Rspamd markiert die Mail mit VIRUS_FOUND). So werden beispielsweise interaktive PDF-Formularanhänge standardmäßig blockiert, da der eingebettete Javascript-Code für schädliche Zwecke verwendet werden könnte. Überprüfen Sie dies anhand der clamd-Protokolle, z.B.:

    -
    docker-compose logs clamd-mailcow | grep "FOUND"
    -
    +

    bash +docker-compose logs clamd-mailcow | grep "FOUND"

    Diese Zeile bestätigt, dass ein solcher identifiziert wurde:

    -
    clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
    -
    +

    text +clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND

    Um diese spezielle Signatur auf die Whitelist zu setzen (und den Versand dieses Dateityps im Anhang zu ermöglichen), fügen Sie sie der ClamAV-Signatur-Whitelist-Datei hinzu:

    -
    echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
    -
    +

    bash +echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2

    Dann starten Sie den clamd-mailcow Service Container in der mailcow UI oder mit docker-compose neu:

    -
    docker-compose restart clamd-mailcow
    -
    +

    bash +docker-compose restart clamd-mailcow

    Bereinigen Sie zwischengespeicherte ClamAV-Ergebnisse in Redis:

    -
    # docker-compose exec redis-mailcow /bin/sh
    -/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
    +

    ```

    +

    docker-compose exec redis-mailcow /bin/sh

    +

    /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit -

    +```


    diff --git a/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html index e149f5b1d..d78f9fe79 100644 --- a/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html +++ b/de/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -2348,14 +2348,11 @@

    Dockerfiles anpassen

    Sie müssen die Override-Datei mit den entsprechenden Build-Tags in den mailcow: dockerized Root-Ordner (d.h. /opt/mailcow-dockerized) kopieren:

    -
    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
    -
    +

    cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml

    Nehmen Sie Ihre Änderungen in data/Dockerfiles/$service vor und erstellen Sie das Image lokal:

    -
    docker build data/Dockerfiles/service -t mailcow/$service
    -
    +

    docker build data/Dockerfiles/service -t mailcow/$service

    Nun werden die geänderten Container automatisch neu erstellt:

    -
    docker-compose up -d
    -
    +

    docker-compose up -d


    diff --git a/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html b/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html index 49142112c..69df6cd9b 100644 --- a/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html +++ b/de/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html @@ -2348,8 +2348,7 @@

    Docker Compose Bash Completion

    Um eine schöne Bash-Vervollständigung in Ihren Containern zu erhalten, führen Sie einfach das Folgende aus:

    -
    curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
    -
    +

    curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose


    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html index 83f9526d8..deef6cca3 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -2349,8 +2349,7 @@

    Am 17. August haben wir die Möglichkeit, mit "jedem" oder "allen authentifizierten Benutzern" zu teilen, standardmäßig deaktiviert.

    Diese Funktion kann wieder aktiviert werden, indem ACL_ANYONE auf allow in mailcow.conf gesetzt wird:

    -
    ACL_ANYONE=allow
    -
    +

    ACL_ANYONE=allow

    Wenden Sie die Änderungen an, indem Sie docker-compose up -d ausführen.


    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html index 150ac3f32..36537c6ba 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -1564,6 +1564,33 @@ + + + + + +
  • + + !/bin/bash + + +
  • + +
  • + + Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized + + +
  • + +
  • + + Jeden Tag um 04:00 Uhr morgens ausführen. + + + + +
  • + +
  • + + !/bin/bash + + +
  • + +
  • + + Pfad zu mailcow-dockerized, z.B. /opt/mailcow-dockerized + + +
  • + +
  • + + Jeden Tag um 04:00 Uhr morgens ausführen. + + + + +
  • + +
  • + + Einzelbenutzer + + +
  • + +
  • + + alle Benutzer + + +
  • + +
  • + + einzelner Benutzer + + +
  • + +
  • + + alle Benutzer, aber offensichtlich langsamer und gefährlicher + + + + +
  • + +
  • + + Einzelbenutzer + + +
  • + +
  • + + alle Benutzer + + +
  • + +
  • + + einzelner Benutzer + + +
  • + +
  • + + alle Benutzer, aber offensichtlich langsamer und gefährlicher + + +
  • @@ -2345,37 +2354,34 @@ -

    Mail crypt

    -

    Die Mails werden komprimiert (lz4) und verschlüsselt gespeichert. Das Schlüsselpaar ist in crypt-vol-1 zu finden.

    Wenn Sie vorhandene maildir-Dateien entschlüsseln/verschlüsseln wollen, können Sie das folgende Skript auf eigene Gefahr verwenden:

    Rufen Sie Dovecot auf, indem Sie docker-compose exec dovecot-mailcow /bin/bash im mailcow-dockerisierten Verzeichnis ausführen.

    -
    # Entschlüsseln Sie /var/vmail
    -find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
    -if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
    +

    ```

    +

    Entschlüsseln Sie /var/vmail

    +

    find /var/vmail/ -type f -regextype egrep -regex '.S=.W=.*' | while read -r file; do +if [[ $(head -c7 "$file") == "CRYPTED" ]]; then doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ - "$file" > "/tmp/$(basename "$file")" - if [[ -s "/tmp/$(basename "$file")" ]]; then - chmod 600 "/tmp/$(basename "$file")" - chown 5000:5000 "/tmp/$(basename "$file")" - mv "/tmp/$(basename "$file")" "$file" + "$file" > "/tmp/$(basename "$file")" + if [[ -s "/tmp/$(basename "$file")" ]]; then + chmod 600 "/tmp/$(basename "$file")" + chown 5000:5000 "/tmp/$(basename "$file")" + mv "/tmp/$(basename "$file")" "$file" else - rm "/tmp/$(basename "$file")" + rm "/tmp/$(basename "$file")" fi fi -done - - -# Verschlüsseln von /var/vmail -find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do -if [[ $(head -c7 "$file") != "CRYPTED" ]]; then +done

    +

    Verschlüsseln von /var/vmail

    +

    find /var/vmail/ -type f -regextype egrep -regex '.S=.W=.*' | while read -r file; do +if [[ $(head -c7 "$file") != "CRYPTED" ]]; then doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ - "$file" "$file" - chmod 600 "$file" - chown 5000:5000 "$file" + "$file" "$file" + chmod 600 "$file" + chown 5000:5000 "$file" fi done -

    +```


    diff --git a/de/manual-guides/Dovecot/u_e-dovecot-more/index.html b/de/manual-guides/Dovecot/u_e-dovecot-more/index.html index bb557fe52..11119273a 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-more/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -2414,25 +2414,19 @@

    doveadm quota

    Die Befehle quota get und quota recalc1 werden verwendet, um die Quota-Nutzung des aktuellen Benutzers anzuzeigen oder neu zu berechnen. Die angezeigten Werte sind in Kilobytes.

    Um den aktuellen Quota-Status für einen Benutzer / eine Mailbox aufzulisten, tun Sie folgendes:

    -
    doveadm quota get -u 'mailbox@example.org'
    -
    +

    doveadm quota get -u 'mailbox@example.org'

    Um den Quota-Speicherwert für alle Benutzer aufzulisten, tun Sie folgendes:

    -
    doveadm quota get -A |grep "STORAGE"
    -
    +

    doveadm quota get -A |grep "STORAGE"

    Berechnen Sie die Quota-Nutzung eines einzelnen Benutzers neu:

    -
    doveadm quota recalc -u 'mailbox@example.org'
    -
    +

    doveadm quota recalc -u 'mailbox@example.org'

    Der Befehl doveadm search2 wird verwendet, um Nachrichten zu finden, die Ihrer Anfrage entsprechen. Er kann den Benutzernamen, die Mailbox-GUID / -UID und die Nachrichten-GUIDs / -UIDs zurückgeben.

    Um die Anzahl der Nachrichten im .Trash Ordner eines Benutzers zu sehen:

    -
    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
    -
    +

    doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c

    Alle Nachrichten im Postfach eines Benutzers anzeigen, die älter als 90 Tage sind:

    -
    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
    -
    +

    doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d

    Zeige alle Nachrichten in beliebigen Ordnern, die älter sind als 30 Tage für mailbox@example.org:

    -
    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
    -
    +

    doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d


      diff --git a/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html index 62c383f74..71a92509e 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -2398,28 +2398,25 @@

      Erstellen Sie einen neuen öffentlichen Namespace "Public" und eine Mailbox "Develcow" innerhalb dieses Namespaces:

      Bearbeiten oder erstellen Sie data/conf/dovecot/extra.conf, fügen Sie hinzu:

      -
      namespace {
      +

      namespace { type = public separator = / prefix = Public/ location = maildir:/var/vmail/public:INDEXPVT=~/public subscriptions = yes - mailbox "Develcow" { + mailbox "Develcow" { auto = subscribe } -} -

      +}

      :INDEXPVT=~/public kann weggelassen werden, wenn die Flags, die pro Benutzer gesehen werden, nicht gewünscht sind.

      Die neue Mailbox im öffentlichen Namensraum wird von den Benutzern automatisch abonniert.

      Um allen authentifizierten Benutzern vollen Zugriff auf das neue Postfach (nicht auf den gesamten Namespace) zu gewähren, führen Sie aus:

      -
      docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
      -
      +

      docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create

      Passen Sie den Befehl an Ihre Bedürfnisse an, wenn Sie detailliertere Rechte pro Benutzer vergeben möchten (verwenden Sie z.B. -u user@domain anstelle von -A).

      Erlaube authentifizierten Benutzern den Zugriff auf den gesamten öffentlichen Namespace

      Um allen authentifizierten Benutzern vollen Zugriff auf den gesamten öffentlichen Namespace und seine Unterordner zu gewähren, erstellen Sie eine neue Datei dovecot-acl im Namespace-Stammverzeichnis:

      Öffnen/bearbeiten/erstellen Sie /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (passen Sie den Pfad entsprechend an), um die globale ACL-Datei mit dem folgenden Inhalt zu erstellen:

      -
      authenticated kxeilprwts
      -
      +

      authenticated kxeilprwts

      kxeilprwts" ist gleichbedeutend mit "lookup read write write-seen write-deleted insert post delete expunge create".

      Sie können doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read verwenden, um den Zugriff für einen einzelnen Benutzer zu beschränken. Sie können es auch umdrehen und den Zugriff für alle Benutzer auf "lr" beschränken und nur einigen Benutzern vollen Zugriff gewähren.

      Siehe Dovecot ACL für weitere Informationen über ACL.

      diff --git a/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html index 3c74408a3..ff8994bb6 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -2351,9 +2351,8 @@

      Das wird empfohlen und sollte nicht geändert werden.

      Wenn der Benutzer trotzdem statisch sein soll, geben Sie bitte zwei Variablen in mailcow.conf an.

      Beide Parameter dürfen nicht leer sein!

      -
      DOVECOT_MASTER_USER=mymasteruser
      -DOVECOT_MASTER_PASS=mysecretpass
      -
      +

      DOVECOT_MASTER_USER=mymasteruser +DOVECOT_MASTER_PASS=mysecretpass

      Führen Sie docker-compose up -d aus, um Ihre Änderungen zu übernehmen.

      Der statische Master-Benutzername wird zu DOVECOT_MASTER_USER@mailcow.local erweitert.

      Um sich als test@example.org anzumelden, würde dies test@example.org*mymasteruser@mailcow.local mit dem oben angegebenen Passwort entsprechen.

      diff --git a/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html index df63172fb..33d6966cd 100644 --- a/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html +++ b/de/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -2442,41 +2442,39 @@

      Neuere Docker-Versionen scheinen sich über bestehende Volumes zu beschweren. Man kann dies vorübergehend beheben, indem man das bestehende Volume entfernt und mailcow mit der Override-Datei startet. Aber es scheint nach einem Neustart problematisch zu sein (muss bestätigt werden).

    Ein einfacher, schmutziger, aber stabiler Workaround ist es, mailcow zu stoppen (docker-compose down), /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data zu entfernen und einen neuen Link zu Ihrem entfernten Dateisystem zu erstellen, zum Beispiel:

    -
    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
    -ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
    -
    +

    mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup +ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data

    Starten Sie anschließend mailcow.


    Der "alte" Weg

    Wenn man einen anderen Ordner für das vmail-Volume verwenden möchte, kann man eine docker-compose.override.yml Datei erstellen und den folgenden Inhalt hinzufügen:

    -
    version: '2.1'
    +

    version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail - o: bind -

    + o: bind

    Verschieben eines bestehenden vmail-Ordners:

    • Finden Sie den aktuellen vmail-Ordner anhand seines "Mountpoint"-Attributs: docker volume inspect mailcowdockerized_vmail-vol-1
    -
    [
    +

    hl_lines="10" +[ { - "CreatedAt": "2019-06-16T22:08:34+02:00", - "Driver": "local", - "Labels": { - "com.docker.compose.project": "mailcowdockerized", - "com.docker.compose.version": "1.23.2", - "com.docker.compose.volume": "vmail-vol-1" + "CreatedAt": "2019-06-16T22:08:34+02:00", + "Driver": "local", + "Labels": { + "com.docker.compose.project": "mailcowdockerized", + "com.docker.compose.version": "1.23.2", + "com.docker.compose.volume": "vmail-vol-1" }, - "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data", - "Name": "mailcowdockerized_vmail-vol-1", - "Options": null, - "Scope": "local" + "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data", + "Name": "mailcowdockerized_vmail-vol-1", + "Options": null, + "Scope": "local" } -] -

    +]

    • Kopieren Sie den Inhalt des Mountpoint-Ordners an den neuen Speicherort (z.B. /data/mailcow/vmail) mit cp -a, rsync -a oder einem ähnlichen, nicht strikten Kopierbefehl
    • Stoppen Sie mailcow durch Ausführen von docker-compose down aus Ihrem mailcow-Stammverzeichnis (z.B. /opt/mailcow-dockerized)
    • diff --git a/de/manual-guides/Nginx/u_e-nginx_custom/index.html b/de/manual-guides/Nginx/u_e-nginx_custom/index.html index f5f9b7ec9..2c9fc1f5d 100644 --- a/de/manual-guides/Nginx/u_e-nginx_custom/index.html +++ b/de/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -2444,9 +2444,9 @@

      Neue Website

      Um persistente (über Updates) Sites zu erstellen, die von mailcow: dockerized gehostet werden, muss eine neue Site-Konfiguration in data/conf/nginx/ platziert werden:

      Eine gute Vorlage, um damit zu beginnen:

      -
      nano data/conf/nginx/my_custom_site.conf
      -
      -
      server {
      +

      nano data/conf/nginx/my_custom_site.conf

      +

      ``` hl_lines="16" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -2461,29 +2461,27 @@ # Location: data/web root /web; # Location: data/web/mysite.com - #root /web/mysite.com - include /etc/nginx/conf.d/listen_plain.active; + #root /web/mysite.com + include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; - server_tokens off; - - # This allows acme to be validated even with a different web root + server_tokens off;

      +

      # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { - default_type "text/plain"; + default_type "text/plain"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; - } - - if ($scheme = http) { + }

      +

      if ($scheme = http) { return 301 https://$server_name$request_uri; } } -

      +```

      Neue Website mit Proxy zu einem entfernten Location

      Ein weiteres Beispiel mit einer Reverse-Proxy-Konfiguration:

      -
      nano data/conf/nginx/my_custom_site.conf
      -
      -
      server {
      +

      nano data/conf/nginx/my_custom_site.conf

      +

      ``` hl_lines="16 28" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -2498,20 +2496,17 @@ root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; - server_name example.domain.tld; - server_tokens off; - - location ^~ /.well-known/acme-challenge/ { + server_name example.domain.tld; + server_tokens off;

      +

      location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; - } - - if ($scheme = http) { + default_type "text/plain"; + }

      +

      if ($scheme = http) { return 301 https://$host$request_uri; - } - - location / { - proxy_pass http://service:3000/; + }

      +

      location / { + proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -2519,18 +2514,16 @@ client_max_body_size 0; } } -

      +```

      Konfig-Erweiterung in mailcows Nginx

      Der Dateiname, der für eine neue Site verwendet wird, ist nicht wichtig, solange der Dateiname eine .conf-Erweiterung trägt.

      Es ist auch möglich, die Konfiguration der Standarddatei site.conf Datei zu erweitern:

      -
      nano data/conf/nginx/site.my_content.custom
      -
      +

      nano data/conf/nginx/site.my_content.custom

      Dieser Dateiname muss keine ".conf"-Erweiterung haben, sondern folgt dem Muster site.*.custom, wobei * ein eigener Name ist.

      Wenn PHP in eine benutzerdefinierte Site eingebunden werden soll, verwenden Sie bitte den PHP-FPM-Listener auf phpfpm:9002 oder erstellen Sie einen neuen Listener in data/conf/phpfpm/php-fpm.d/pools.conf.

      Starten Sie Nginx neu (und PHP-FPM, falls ein neuer Listener erstellt wurde):

      -
      docker-compose restart nginx-mailcow
      -docker-compose restart php-fpm-mailcow
      -
      +

      docker-compose restart nginx-mailcow +docker-compose restart php-fpm-mailcow


      diff --git a/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html index e544857fb..703ab43b6 100644 --- a/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html +++ b/de/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -2350,7 +2350,8 @@

      WICHTIG: Diese Anleitung gilt nur für Konfigurationen, bei denen SNI nicht aktiviert ist. Wenn SNI aktiviert ist, muss der Zertifikatspfad angepasst werden. Etwas wie ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; wird genügen. Aber: Das Zertifikat sollte zuerst bezogen werden und erst wenn das Zertifikat existiert, sollte eine Site Config erstellt werden. Nginx wird nicht starten, wenn es das Zertifikat und den Schlüssel nicht finden kann.

      Um eine Subdomain webmail.example.org zu erstellen und sie auf SOGo umzuleiten, müssen Sie eine neue Nginx-Site erstellen. Achten Sie dabei auf "CHANGE_TO_MAILCOW_HOSTNAME"!

      nano data/conf/nginx/webmail.conf

      -
      server {
      +

      ``` hl_lines="9 17" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; index index.php index.html; @@ -2358,23 +2359,21 @@ root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; - server_name webmail.example.org; - server_tokens off; + server_name webmail.example.org; + server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; + default_type "text/plain"; + }

      +

      location / { + return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; } - - location / { - return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; - } } -

      +```

      Speichern Sie und starten Sie Nginx neu: docker-compose restart nginx-mailcow.

      Öffnen Sie nun mailcow.conf und suchen Sie ADDITIONAL_SAN. Fügen Sie webmail.example.org zu diesem Array hinzu, verwenden Sie keine Anführungszeichen!

      -
      ADDITIONAL_SAN=webmail.example.org
      -
      +

      ADDITIONAL_SAN=webmail.example.org

      Führen Sie docker-compose up -d aus. Siehe "acme-mailcow" und "nginx-mailcow" Logs, wenn etwas fehlschlägt.


      diff --git a/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html index 9f29dde26..f7fb6b207 100644 --- a/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -2349,8 +2349,7 @@

      Öffnen Sie data/conf/postfix/extra.cf und setzen Sie das message_size_limit entsprechend in Bytes. Siehe main.cf für den Standardwert.

      Starten Sie Postfix neu:

      -
      docker-compose restart postfix-mailcow
      -
      +

      docker-compose restart postfix-mailcow


      diff --git a/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html index b70d27705..1f15f31a3 100644 --- a/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -2416,14 +2416,11 @@

      Veraltete Anleitung (NICHT FÜR NEUERE MAILCOWS VERWENDEN!)

      Diese Option ist keine Best-Practice und sollte nur verwendet werden, wenn es keine andere Möglichkeit gibt, das zu erreichen, was Sie erreichen wollen.

      Erstellen Sie einfach eine Datei data/conf/postfix/check_sasl_access und tragen Sie den folgenden Inhalt ein. Dieser Benutzer muss in Ihrer Installation existieren und muss sich vor dem Versenden von Mails authentifizieren. -

      user-to-allow-everything@example.com OK
      -

      +user-to-allow-everything@example.com OK

      Öffnen Sie data/conf/postfix/main.cf und suchen Sie smtpd_sender_restrictions. Fügen Sie check_sasl_access hash:/opt/postfix/conf/check_sasl_access wie folgt ein: -

      smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
      -

      +smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]

      Postmap auf check_sasl_access ausführen:

      -
      docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
      -
      +

      docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access

      Starten Sie den Postfix-Container neu.


      diff --git a/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html index 7605a6534..df67a6af7 100644 --- a/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -2351,8 +2351,7 @@

      Postfix wird sich einmal nach dem Start von postfix-mailcow über doppelte Werte beschweren, dies ist beabsichtigt.

      Syslog-ng wurde so konfiguriert, dass es diese Warnungen ausblendet, während Postfix läuft, um die Log-Dateien nicht jedes Mal mit unnötigen Informationen zu spammen, wenn ein Dienst benutzt wird.

      Starten Sie postfix-mailcow neu, um Ihre Änderungen zu übernehmen:

      -
      docker-compose restart postfix-mailcow
      -
      +

      docker-compose restart postfix-mailcow


      diff --git a/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html index f00897940..06f67dd46 100644 --- a/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -2348,13 +2348,11 @@

      Statistik mit pflogsumm

      Um pflogsumm mit dem Standard-Logging-Treiber zu verwenden, müssen wir postfix-mailcow über docker logs abfragen und die Ausgabe zu pflogsumm leiten:

      -
      docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
      -
      +

      docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm

      Die obige Log-Ausgabe ist auf die letzten 24 Stunden beschränkt.

      Es ist auch möglich, einen täglichen pflogsumm-Bericht über cron zu erstellen. Erstellen Sie die Datei /etc/cron.d/pflogsumm mit dem folgenden Inhalt:

      -
      SHELL=/bin/bash
      -59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
      -
      +

      SHELL=/bin/bash +59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net

      Um zu funktionieren muss ein lokaler Postfix auf dem Server installiert werden, welcher an den Postfix der mailcow relayed.

      Genauere Informationen lassen sich unter Sektion Post-Installationsaufgaben -> Lokaler MTA auf Dockerhost finden.

      Basierend auf den Postfix-Logs der letzten 24 Stunden sendet dieses Beispiel dann jeden Tag um 23:59:00 Uhr einen pflogsumm-Bericht an postmaster@example.net.

      diff --git a/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html index 668757dc1..9e8b642b3 100644 --- a/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -66,6 +66,11 @@ @@ -2345,19 +2354,18 @@ -

      IP in Postscreen auf die Whitelist setzen

      -

      IPs können in der Datei data/conf/postfix/custom_postscreen_whitelist.cidr aus dem Postscreen und damit auch aus den RBL-Prüfungen entfernt werden.

      Postscreen führt mehrere Prüfungen durch, um bösartige Absender zu identifizieren. In den meisten Fällen möchten Sie eine IP-Adresse auf die Whitelist setzen, um sie von der Suche nach einer schwarzen Liste auszuschließen.

      Das Format der Datei ist wie folgt

      CIDR ACTION

      Dabei steht CIDR für eine einzelne IP-Adresse oder einen IP-Bereich in CIDR-Notation und action entweder für "permit" oder "reject".

      Beispiel:

      -
      +```

      Die Datei wird spontan neu geladen, ein Neustart von Postfix ist nicht erforderlich.


      diff --git a/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html index a1dac31db..4f2f6121c 100644 --- a/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html +++ b/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -2447,15 +2447,13 @@

      IPv4-Hosts/Subnetze

      Um das Subnetz 192.168.2.0/24 zu den vertrauenswürdigen Netzwerken hinzuzufügen, können Sie die folgende Konfiguration verwenden, abhängig von Ihren IPV4_NETWORK und IPV6_NETWORK Bereichen:

      Bearbeiten Sie data/conf/postfix/extra.cf:

      -
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
      -
      +

      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24

      Führen Sie docker-compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu übernehmen.

      IPv6-Hosts/Subnets

      Das Hinzufügen von IPv6-Hosts erfolgt auf die gleiche Weise wie bei IPv4, allerdings muss das Subnetz in eckige Klammern [] gesetzt und die Netzmaske angehängt werden.

      Um das Subnetz 2001:db8::/32 zu den vertrauenswürdigen Netzwerken hinzuzufügen, können Sie die folgende Konfiguration verwenden, abhängig von Ihren IPV4_NETWORK- und IPV6_NETWORK-Bereichen:

      Bearbeiten Sie data/conf/postfix/extra.cf:

      -
      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
      -
      +

      mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32

      Führen Sie docker-compose restart postfix-mailcow aus, um Ihre neuen Einstellungen zu übernehmen.

      Info

      diff --git a/de/manual-guides/Redis/u_e-redis/index.html b/de/manual-guides/Redis/u_e-redis/index.html index a97126f05..df5b3682f 100644 --- a/de/manual-guides/Redis/u_e-redis/index.html +++ b/de/manual-guides/Redis/u_e-redis/index.html @@ -1804,6 +1804,24 @@ +
    + + + + + + + + + +
  • + + docker-compose exec redis-mailcow redis-cli + + + -
  • - - - - @@ -2430,6 +2443,24 @@ + + + + + + + + + + +
  • + + docker-compose exec redis-mailcow redis-cli + + + -
  • - - - - @@ -2472,33 +2498,29 @@ -

    Redis

    -

    Redis wird als Key-Value-Speicher für die Einstellungen und Daten von rspamd und (einige von) mailcow verwendet. Wenn Sie mit Redis nicht vertraut sind, lesen Sie bitte die Einführung in Redis und besuchen Sie gegebenenfalls diese wunderbare Anleitung, um zu erfahren, wie man Redis benutzt.

    Client

    Um sich mit dem redis cli zu verbinden, führen Sie aus:

    -
    docker-compose exec redis-mailcow redis-cli
    -
    +

    docker-compose exec redis-mailcow redis-cli

    Fehlersuche

    Hier sind einige nützliche Befehle für den redis-cli zur Fehlersuche:

    MONITOR

    Überwacht alle vom Server empfangenen Anfragen in Echtzeit:

    -
    # docker-compose exec redis-mailcow redis-cli
    -127.0.0.1:6379> überwachen
    +

    ```

    +

    docker-compose exec redis-mailcow redis-cli

    +

    127.0.0.1:6379> überwachen OK -1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys" -1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys" +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys" +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys" [...] -

    +```

    SCHLÜSSEL (Keys)

    Ermittelt alle Schlüssel, die dem Muster entsprechen:

    -
    KEYS *
    -
    +

    KEYS *

    PING

    Testen Sie eine Verbindung:

    -
    127.0.0.1:6379> PING
    -PONG
    -
    +

    127.0.0.1:6379> PING +PONG

    Wenn Sie mehr wissen wollen, hier ist ein Cheat-Sheet.


    diff --git a/de/manual-guides/Rspamd/u_e-rspamd/index.html b/de/manual-guides/Rspamd/u_e-rspamd/index.html index fff5a75a0..865310625 100644 --- a/de/manual-guides/Rspamd/u_e-rspamd/index.html +++ b/de/manual-guides/Rspamd/u_e-rspamd/index.html @@ -1816,52 +1816,146 @@
  • + + Ham + + +
  • + +
  • + + Spam + + + + +
  • + +
  • + + Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren. + + +
  • + +
  • + + Wir müssen zuerst das redis-cli eingeben: + + +
  • + +
  • + + In redis-cli: + + + +
  • + + oder: + + +
  • + +
  • + + docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'amp#111;amp#110;amp#108;amp#121;amp#45;amp#116;amp#104;amp#105;amp#115;amp#45;amp#109;amp#97;amp#105;amp#108;amp#98;amp#111;amp#120;amp#64;amp#101;amp#120;amp#97;amp#109;amp#112;amp#108;amp#101;amp#46;amp#111;amp#114;amp#103;';" + + + +
  • + + Unlink (verfügbar in Redis >=4.) löscht im Hintergrund + + + +
  • @@ -2450,52 +2544,146 @@
  • + + Ham + + +
  • + +
  • + + Spam + + + + +
  • + +
  • + + Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren. + + +
  • + +
  • + + Wir müssen zuerst das redis-cli eingeben: + + +
  • + +
  • + + In redis-cli: + + + +
  • + + oder: + + +
  • + +
  • + + docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'amp#111;amp#110;amp#108;amp#121;amp#45;amp#116;amp#104;amp#105;amp#115;amp#45;amp#109;amp#97;amp#105;amp#108;amp#98;amp#111;amp#120;amp#64;amp#101;amp#120;amp#97;amp#109;amp#112;amp#108;amp#101;amp#46;amp#111;amp#114;amp#103;';" + + + +
  • + + Unlink (verfügbar in Redis >=4.) löscht im Hintergrund + + + +
  • @@ -2516,8 +2704,6 @@ -

    Rspamd

    -

    Rspamd wird für die AV-Verarbeitung, DKIM-Signierung und SPAM-Verarbeitung verwendet. Es ist ein leistungsfähiges und schnelles Filtersystem. Für eine ausführlichere Dokumentation über Rspamd besuchen Sie bitte die [Rspamd Dokumentation] (https://rspamd.com/doc/index.html).

    Spam & Ham lernen

    Rspamd lernt, ob es sich um Spam oder Ham handelt, wenn Sie eine Nachricht in oder aus dem Junk-Ordner in ein anderes Postfach als den Papierkorb verschieben. @@ -2528,78 +2714,73 @@ Dies wird durch die Verwendung des Sieve-Plugins "sieve_imapsieve" und Parser-Sk

    Sie können auch die Web-UI von Rspamd verwenden, um Ham und/oder Spam zu lernen oder bestimmte Einstellungen von Rspamd anzupassen.

    Spam oder Ham aus bestehendem Verzeichnis lernen

    Sie können einen Einzeiler verwenden, um Mails im Klartextformat (unkomprimiert) zu lernen:

    -
    # Ham
    -for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done
    -# Spam
    -for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done
    -
    +

    ```bash

    +

    Ham

    +

    for file in /my/folder/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_ham < $file; done

    +

    Spam

    +

    for file in /my/folder/.Junk/cur/*; do docker exec -i $(docker-compose ps -q rspamd-mailcow) rspamc learn_spam < $file; done +```

    Erwägen Sie, einen lokalen Ordner als neues Volume an rspamd-mailcow in docker-compose.yml anzuhängen und die gegebenen Dateien innerhalb des Containers zu lernen. Dies kann als Workaround verwendet werden, um komprimierte Daten mit zcat zu parsen. Beispiel:

    ``bash for file in /data/old_mail/.Junk/cur/*; do rspamc learn_spam < zcat $file; done -

    ### Gelernte Daten zurücksetzen (Bayes, Neural)
    -
    -Sie müssen die Schlüssel in Redis löschen, um die gelernten Daten zurückzusetzen, also erstellen Sie jetzt eine Kopie Ihrer Redis-Datenbank:
    -
    -**Backup Datenbank**
    -
    -```bash
    -# Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren.
    -cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/
    -

    +```

    +

    Gelernte Daten zurücksetzen (Bayes, Neural)

    +

    Sie müssen die Schlüssel in Redis löschen, um die gelernten Daten zurückzusetzen, also erstellen Sie jetzt eine Kopie Ihrer Redis-Datenbank:

    +

    Backup Datenbank

    +

    ```bash

    +

    Es ist besser, Redis zu stoppen, bevor Sie die Datei kopieren.

    +

    cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ +```

    Bayes-Daten zurücksetzen

    -
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del'
    -docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'
    -
    +

    bash +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del'

    Neurale Daten zurücksetzen

    -
    docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'
    -
    +

    bash +docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del'

    Fuzzy-Daten zurücksetzen

    -
    # Wir müssen zuerst das redis-cli eingeben:
    -docker-compose exec redis-mailcow redis-cli
    -# In redis-cli:
    -127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy*
    -
    +

    ```bash

    +

    Wir müssen zuerst das redis-cli eingeben:

    +

    docker-compose exec redis-mailcow redis-cli

    +

    In redis-cli:

    +

    127.0.0.1:6379> EVAL "for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end" 0 fuzzy* +```

    Info

    Wenn redis-cli sich beschwert über...

    -
    (error) ERR wrong number of arguments for 'del' command
    -
    +

    Text +(error) ERR wrong number of arguments for 'del' command

    ...das Schlüsselmuster nicht gefunden wurde und somit keine Daten zum Löschen vorhanden sind - ist es in Ordnung.

    CLI-Werkzeuge

    ``bash docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help -

    ## Greylisting deaktivieren
    -
    -Nur Nachrichten mit einer höheren Punktzahl werden als Greylisting betrachtet (soft rejected). Es ist schlechte Praxis, Greylisting zu deaktivieren.
    -
    -Sie können Greylisting serverweit durch Editieren deaktivieren:
    -
    -`{mailcow-dir}/data/conf/rspamd/local.d/greylist.conf`
    -
    -Fügen Sie die Zeile hinzu:
    -
    -```cpp
    -enabled = false;
    -

    +```

    +

    Greylisting deaktivieren

    +

    Nur Nachrichten mit einer höheren Punktzahl werden als Greylisting betrachtet (soft rejected). Es ist schlechte Praxis, Greylisting zu deaktivieren.

    +

    Sie können Greylisting serverweit durch Editieren deaktivieren:

    +

    {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf

    +

    Fügen Sie die Zeile hinzu:

    +

    cpp +enabled = false;

    Speichern Sie die Datei und starten Sie "rspamd-mailcow" neu: docker-compose restart rspamd-mailcow

    Spamfilter-Schwellenwerte (global)

    Jeder Benutzer kann seine Spam-Bewertung individuell ändern. Um eine neue serverweite Grenze zu definieren, editieren Sie data/conf/rspamd/local.d/actions.conf:

    -
    reject = 15;
    -add_header = 8;
    -greylist = 7;
    -
    +

    cpp +reject = 15; +add_header = 8; +greylist = 7;

    Speichern Sie die Datei und starten Sie "rspamd-mailcow" neu: docker-compose restart rspamd-mailcow

    Bestehende Einstellungen der Benutzer werden nicht überschrieben!

    Um benutzerdefinierte Schwellenwerte zurückzusetzen, führen Sie aus:

    -
    source mailcow.conf
    -docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"
    -# oder:
    -# docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"
    -
    +

    ``` +source mailcow.conf +docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';"

    +

    oder:

    +

    docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';"

    +

    ```

    Benutzerdefinierte Ablehnungsnachrichten

    Die Standard-Spam-Reject-Meldung kann durch Hinzufügen einer neuen Datei data/conf/rspamd/override.d/worker-proxy.custom.inc mit dem folgenden Inhalt geändert werden:

    -
    reject_message = "Meine eigene Ablehnungsnachricht";
    -
    +

    reject_message = "Meine eigene Ablehnungsnachricht";

    Speichern Sie die Datei und starten Sie Rspamd neu: docker-compose restart rspamd-mailcow.

    Waehrend das oben genannte fuer abgelehnte Mails mit einem hohen Spam-Score funktioniert, ignorieren Prefilter-Aktionen diese Einstellung. Für diese Karten muss das Multimap-Modul in Rspamd angepasst werden:

      @@ -2610,48 +2791,45 @@ docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e "del

      Fügen Sie Ihre eigene Nachricht als neue Zeile hinzu:

    -
    GLOBAL_RCPT_BL {
    -  Typ = "rcpt";
    -  map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map";
    +

    GLOBAL_RCPT_BL { + Typ = "rcpt"; + map = "${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map"; regexp = true; prefilter = true; - action = "reject"; - message = "Der Versand von E-Mails an diesen Empfänger ist durch postmaster@your.domain verboten"; -} -

    + action = "reject"; + message = "Der Versand von E-Mails an diesen Empfänger ist durch postmaster@your.domain verboten"; +}

    1. Speichern Sie die Datei und starten Sie Rspamd neu: docker-compose restart rspamd-mailcow.

    Verwerfen statt zurückweisen

    Wenn Sie eine Nachricht stillschweigend verwerfen wollen, erstellen oder bearbeiten Sie die Datei data/conf/rspamd/override.d/worker-proxy.custom.inc und fügen Sie den folgenden Inhalt hinzu:

    -
    discard_on_reject = true;
    -
    +

    discard_on_reject = true;

    Starten Sie Rspamd neu:

    -
    docker-compose restart rspamd-mailcow
    -
    +

    bash +docker-compose restart rspamd-mailcow

    Lösche alle Ratelimit-Schlüssel

    Wenn Sie das UI nicht verwenden wollen und stattdessen alle Schlüssel in der Redis-Datenbank löschen wollen, können Sie redis-cli für diese Aufgabe verwenden:

    -
    docker-compose exec redis-mailcow sh
    -# Unlink (verfügbar in Redis >=4.) löscht im Hintergrund
    -redis-cli --scan --pattern RL* | xargs redis-cli unlink
    -
    +

    ``` +docker-compose exec redis-mailcow sh

    +

    Unlink (verfügbar in Redis >=4.) löscht im Hintergrund

    +

    redis-cli --scan --pattern RL* | xargs redis-cli unlink +```

    Starten Sie Rspamd neu:

    -
    docker-compose exec redis-mailcow sh
    -
    +

    bash +docker-compose exec redis-mailcow sh

    Erneutes Senden von Quarantäne-Benachrichtigungen auslösen

    Sollte nur zur Fehlersuche verwendet werden!

    -
    docker-compose exec dovecot-mailcow bash
    -mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;"
    +

    docker-compose exec dovecot-mailcow bash +mysql -umailcow -p$DBPASS mailcow -e "update quarantine set notified = 0;" redis-cli -h redis DEL Q_LAST_NOTIFIED -quarantine_notify.py -

    +quarantine_notify.py

    Speicherung der Historie erhöhen

    Standardmäßig speichert Rspamd 1000 Elemente in der Historie.

    Die Historie wird komprimiert gespeichert.

    Es wird empfohlen, hier keinen unverhältnismäßig hohen Wert zu verwenden, probieren Sie etwas in der Größenordnung von 5000 oder 10000 und sehen Sie, wie Ihr Server damit umgeht:

    Bearbeiten Sie data/conf/rspamd/local.d/history_redis.conf:

    -
    nrows = 1000; # Ändern Sie diesen Wert
    -
    +

    nrows = 1000; # Ändern Sie diesen Wert

    Starten Sie anschließend Rspamd neu: docker-compose restart rspamd-mailcow


    diff --git a/de/manual-guides/SOGo/u_e-sogo/index.html b/de/manual-guides/SOGo/u_e-sogo/index.html index 0ff6c2d37..34e82e06c 100644 --- a/de/manual-guides/SOGo/u_e-sogo/index.html +++ b/de/manual-guides/SOGo/u_e-sogo/index.html @@ -2491,53 +2491,51 @@ Nachdem Sie data/conf/sogo/custom-theme.js modifiziert und Änderun
  • öffnen Sie die Entwicklerkonsole des Browsers, normalerweise ist die Tastenkombination F12
  • nur wenn Sie Firefox benutzen: schreiben Sie mit der Hand in die Entwicklerkonsole allow pasting und drücken Sie Enter
  • fügen Sie den Java-Script-Schnipsel in die Entwicklungskonsole ein: -
    copy([].slice.call(document.styleSheets)
    +copy([].slice.call(document.styleSheets)
       .map(e => e.ownerNode)
    -  .filter(e => e.hasAttribute('md-theme-style'))
    +  .filter(e => e.hasAttribute('md-theme-style'))
       .map(e => e.textInhalt)
    -  .join('\n')
    -)
    -
  • + .join('\n') +)
  • Öffnen Sie den Texteditor und fügen Sie die Daten aus der Zwischenablage ein (Strg+V), Sie sollten ein minimiertes CSS erhalten, speichern Sie es
  • kopieren Sie die CSS-Datei auf den Mailcow-Server data/conf/sogo/custom-theme.css
  • editiere data/conf/sogo/sogo.conf und setze SOGoUIxDebugEnabled = NO;
  • Anhängen/Erstellen von docker-compose.override.yml mit: -
    Version: '2.1'
    -
    -Dienste:
    +```
    +Version: '2.1'
  • + +

    Dienste: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z -

    -
  • führen Sie docker-compose up -d aus
  • -
  • Ausführen von docker-compose restart memcached-mailcow
  • - +`` +11. führen Siedocker-compose up -daus +12. Ausführen vondocker-compose restart memcached-mailcow`

    Zurücksetzen auf das SOGo Standardthema

    1. checken Sie data/conf/sogo/custom-theme.js aus, indem Sie git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js ausführen
    2. Suchen Sie in data/conf/sogo/custom-theme.js: -
      // Neue Paletten auf das Standardthema anwenden, einige Farbtöne neu zuordnen
      -    $mdThemingProvider.theme('default')
      -      .primaryPalette('green-cow', {
      -        'default': '400', // Hintergrundfarbe der oberen Symbolleisten
      -        hue-1': '400',
      -        'hue-2': '600', // Hintergrundfarbe der Seitenleiste
      -        'hue-3': 'A700'
      +// Neue Paletten auf das Standardthema anwenden, einige Farbtöne neu zuordnen
      +    $mdThemingProvider.theme('default')
      +      .primaryPalette('green-cow', {
      +        'default': '400', // Hintergrundfarbe der oberen Symbolleisten
      +        hue-1': '400',
      +        'hue-2': '600', // Hintergrundfarbe der Seitenleiste
      +        'hue-3': 'A700'
             })
      -      .accentPalette('green', {
      -        'default': '600', // Hintergrundfarbe der Fab-Schaltflächen und des Anmeldebildschirms
      -        hue-1': '300', // Hintergrundfarbe der Symbolleiste der mittleren Liste
      -        hue-2': '300', // Hervorhebungsfarbe für ausgewählte Nachrichten und den aktuellen Tageskalender
      -        hue-3': 'A700'
      +      .accentPalette('green', {
      +        'default': '600', // Hintergrundfarbe der Fab-Schaltflächen und des Anmeldebildschirms
      +        hue-1': '300', // Hintergrundfarbe der Symbolleiste der mittleren Liste
      +        hue-2': '300', // Hervorhebungsfarbe für ausgewählte Nachrichten und den aktuellen Tageskalender
      +        hue-3': 'A700'
             })
      -      .backgroundPalette('frost-grey');
      -
      + .backgroundPalette('frost-grey'); und ersetzen Sie es durch: -
          $mdThemingProvider.theme('default');
      -
    3. +$mdThemingProvider.theme('default');
    4. Entfernen Sie aus docker-compose.override.yml Volume Mount in sogo-mailcow: -
      - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
      -
    5. +``` +
    6. ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z +```
    7. führen Sie docker-compose up -d aus
    8. Starten Sie docker-compose restart memcached-mailcow.
    @@ -2553,16 +2551,14 @@ Nachdem Sie diese Datei ersetzt haben, müssen Sie SOGo und Memcached Container

    Domains sind normalerweise voneinander isoliert.

    Sie können das ändern, indem Sie data/conf/sogo/sogo.conf modifizieren:

    Suche... -

       // SOGoDomainsVisibility = (
    +// SOGoDomainsVisibility = (
         // (domain1.tld, domain5.tld),
         // (domain3.tld, domain2.tld)
    -    // );
    -
    + // ); ...und ersetzen Sie diese durch - zum Beispiel:

    -
        SOGoDomainsVisibility = (
    +

    SOGoDomainsVisibility = ( (beispiel.org, beispiel.com, beispiel.net) - ); -

    + );

    SOGo neu starten: docker-compose restart sogo-mailcow

    Deaktivieren Sie die Passwortänderung

    Bearbeiten Sie data/conf/sogo/sogo.conf und ändern Sie SOGoPasswordChangeEnabled auf NO. Bitte fügen Sie keinen neuen Parameter hinzu.

    diff --git a/de/manual-guides/Unbound/u_e-unbound-fwd/index.html b/de/manual-guides/Unbound/u_e-unbound-fwd/index.html index 9dfa07f90..22d209ad6 100644 --- a/de/manual-guides/Unbound/u_e-unbound-fwd/index.html +++ b/de/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -2416,18 +2416,15 @@ Wichtig: Nur DNSSEC-validierende DNS-Dienste werden funktionieren.

    Methode A, Unbound

    Bearbeiten Sie data/conf/unbound/unbound.conf und fügen Sie die folgenden Parameter hinzu:

    -
    forward-zone:
    -  name: "."
    +

    forward-zone: + name: "." forward-addr: 8.8.8.8 # VERWENDEN SIE KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL - forward-addr: 8.8.4.4 # VERWENDET KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL -

    + forward-addr: 8.8.4.4 # VERWENDET KEINE ÖFFENTLICHEN DNS-SERVER - NUR EIN BEISPIEL

    Unbound neu starten:

    -
    docker-compose restart unbound-mailcow
    -
    +

    docker-compose restart unbound-mailcow

    Methode B, Überschreiben der Datei

    -
    cd /opt/mailcow-dockerized
    -cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
    -
    +

    cd /opt/mailcow-dockerized +cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .

    Bearbeiten Sie docker-compose.override.yml und passen Sie die IP an.

    Führen Sie docker-compose down ; docker-compose up -d aus.

    diff --git a/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html index 2c89184ba..290db0934 100644 --- a/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html +++ b/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -2649,7 +2649,7 @@

    Watchdog verwendet Standardwerte für alle in docker-compose.yml definierten Thresholde.

    Die Standardwerte sind für die meisten Konfigurationen geeignet. Beispiel: -

    - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
    +- NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
     - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
     - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
     - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
    @@ -2666,8 +2666,7 @@ Beispiel:
     - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
     - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
     - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
    -- MAILQ_CRIT=${MAILQ_CRIT:-30}
    -

    +- MAILQ_CRIT=${MAILQ_CRIT:-30}

    Um sie anzupassen, fügen Sie einfach die notwendigen Threshold Variablen (z.B. MAILQ_THRESHOLD=10) zu mailcow.conf hinzu und führen docker-compose up -d aus.

    Threshold Beschreibungen

    NGINX_THRESHOLD

    diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html index a1cc6d0af..3034d6330 100644 --- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html +++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html @@ -2403,20 +2403,19 @@

    1. Diese Nachricht in einen Unterordner "facebook" verschieben (wird in Kleinbuchstaben erstellt, falls nicht vorhanden)

    2. Den Tag dem Betreff voranstellen: "[facebook] Betreff"

    Bitte beachten Sie: Großgeschriebene Tags werden in Kleinbuchstaben umgewandelt, mit Ausnahme des ersten Buchstabens. Wenn Sie den Tag so lassen wollen, wie er ist, wenden Sie bitte den folgenden Diff an und starten Sie mailcow neu: -

    diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
    +diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
     index e047136e..933c4137 100644
     --- a/data/conf/dovecot/global_sieve_after
     +++ b/data/conf/dovecot/global_sieve_after
     @@ -15,7 +15,7 @@ if allof (
    -   envelope :detail :matches "to" "*",
    -   header :contains "X-Moo-Tag" "YES"
    +   envelope :detail :matches "to" "*",
    +   header :contains "X-Moo-Tag" "YES"
        ) {
    --  set :lower :upperfirst "tag" "${1}";
    -+  set "tag" "${1}";
    -   if mailboxexists "INBOX/${1}" {
    -     fileinto "INBOX/${1}";
    -   } else {
    -

    +- set :lower :upperfirst "tag" "${1}"; ++ set "tag" "${1}"; + if mailboxexists "INBOX/${1}" { + fileinto "INBOX/${1}"; + } else {


    diff --git a/de/manual-guides/u_e-80_to_443/index.html b/de/manual-guides/u_e-80_to_443/index.html index 43ead7c9c..323425e66 100644 --- a/de/manual-guides/u_e-80_to_443/index.html +++ b/de/manual-guides/u_e-80_to_443/index.html @@ -2349,27 +2349,24 @@

    Verwenden Sie die untenstehende Konfiguration nicht für Reverse-Proxy-Setups, bitte lesen Sie dazu unsere Reverse-Proxy-Anleitung, die einen Redirect von HTTP zu HTTPS beinhaltet.

    Öffne mailcow.conf und setze HTTP_BIND= - falls nicht bereits gesetzt.

    Erstellen Sie eine neue Datei data/conf/nginx/redirect.conf und fügen Sie die folgende Serverkonfiguration in die Datei ein:

    -
    server {
    +

    server { root /web; listen 80 default_server; listen [::]:80 default_server; include /etc/nginx/conf.d/server_name.active; - if ( $request_uri ~* "%0A|%0D" ) { return 403; } + if ( $request_uri ~* "%0A|%0D" ) { return 403; } location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; + default_type "text/plain"; } location / { return 301 https://$host$uri$is_args$args; } -} -

    +}

    Falls Sie den Parameter HTTP_BIND geändert haben, erstellen Sie den Container neu:

    -
    docker-compose up -d
    -
    +

    docker-compose up -d

    Andernfalls starten Sie Nginx neu:

    -
    docker-compose restart nginx-mailcow
    -
    +

    docker-compose restart nginx-mailcow


    diff --git a/de/manual-guides/u_e-autodiscover_config/index.html b/de/manual-guides/u_e-autodiscover_config/index.html index d650833d7..5e0c53b6e 100644 --- a/de/manual-guides/u_e-autodiscover_config/index.html +++ b/de/manual-guides/u_e-autodiscover_config/index.html @@ -2350,45 +2350,44 @@ Denken Sie daran, dass ActiveSync NICHT mit einem Desktop-Client verwendet werden sollte.

    Öffnen/erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie Ihre Änderungen in das Konfigurationsfeld ein.

    Die Änderungen werden mit "$autodiscover_config" in data/web/inc/vars.inc.php zusammengeführt):

    -
    <?php
    +

    <?php $autodiscover_config = array( - // General autodiscover service type: "activesync" or "imap" + // General autodiscover service type: "activesync" or "imap" // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync. - 'autodiscoverType' => 'activesync', + 'autodiscoverType' => 'activesync', // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows) // Outlook for Mac does not support ActiveSync - 'useEASforOutlook' => 'yes', - // Please don't use STARTTLS-enabled service ports in the "port" variable. + 'useEASforOutlook' => 'yes', + // Please don't use STARTTLS-enabled service ports in the "port" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). - // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. - 'imap' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), + // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. + 'imap' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), ), - 'pop3' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('POPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), + 'pop3' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('POPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), ), - 'smtp' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), + 'smtp' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), ), - 'activesync' => array( - 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', + 'activesync' => array( + 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', ), - 'caldav' => array( - 'server' => $mailcow_hostname, - 'port' => $https_port, + 'caldav' => array( + 'server' => $mailcow_hostname, + 'port' => $https_port, ), - 'carddav' => array( - 'server' => $mailcow_hostname, - 'port' => $https_port, + 'carddav' => array( + 'server' => $mailcow_hostname, + 'port' => $https_port, ), -); -

    +);

    Um immer IMAP und SMTP anstelle von EAS zu verwenden, setzen Sie 'autodiscoverType' => 'imap'.

    Deaktivieren Sie ActiveSync für Outlook-Desktop-Clients, indem Sie "useEASforOutlook" auf "no" setzen.

    diff --git a/de/manual-guides/u_e-reeanble-weak-protocols/index.html b/de/manual-guides/u_e-reeanble-weak-protocols/index.html index 7fab04170..39b4c917e 100644 --- a/de/manual-guides/u_e-reeanble-weak-protocols/index.html +++ b/de/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -2349,15 +2349,12 @@

    Unauthentifizierte Mails über SMTP an Port 25/tcp akzeptieren weiterhin >= TLS 1.0 . Es ist besser, eine schwache Verschlüsselung zu akzeptieren als gar keine.

    Wie kann man schwache Protokolle wieder aktivieren?

    Bearbeiten Sie data/conf/postfix/extra.cf:

    -
    submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    -smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
    -
    +

    submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

    Bearbeiten Sie data/conf/dovecot/extra.conf:

    -
    ssl_min_protocol = TLSv1
    -
    +

    ssl_min_protocol = TLSv1

    Starten Sie die betroffenen Dienste neu:

    -
    docker-compose restart postfix-mailcow dovecot-mailcow
    -
    +

    docker-compose restart postfix-mailcow dovecot-mailcow

    Tipp: Sie können TLS 1.2 in Windows 7 aktivieren.


    diff --git a/de/post_installation/firststeps-disable_ipv6/index.html b/de/post_installation/firststeps-disable_ipv6/index.html index 2479bb00c..f7392e2f0 100644 --- a/de/post_installation/firststeps-disable_ipv6/index.html +++ b/de/post_installation/firststeps-disable_ipv6/index.html @@ -66,6 +66,11 @@ @@ -2343,8 +2352,6 @@ -

    IPv6 deaktivieren

    -

    Dies wird NUR empfohlen, wenn Sie kein IPv6-fähiges Netzwerk auf Ihrem Host haben!

    Wenn Sie es wirklich brauchen, können Sie die Verwendung von IPv6 in der Compose-Datei deaktivieren. Zusätzlich können Sie auch den Start des Containers "ipv6nat-mailcow" deaktivieren, da er nicht benötigt wird, wenn Sie IPv6 nicht verwenden.

    @@ -2353,49 +2360,45 @@ zu erstellen und Ihre Änderungen am Dienst dort zu implementieren. Leider schei

    Um IPv6 im mailcow-Netzwerk zu deaktivieren, öffnen Sie docker-compose.yml mit Ihrem bevorzugten Texteditor und suchen Sie nach dem Netzwerk-Abschnitt (er befindet sich am Ende der Datei).

    1. Ändern Sie docker-compose.yml

    Ändern Sie enable_ipv6: true in enable_ipv6: false:

    -
    networks:
    +

    networks: mailcow-network: [...] enable_ipv6: true # <<< auf false setzen - [...] -

    + [...]

    2. ipv6nat-mailcow deaktivieren

    Um den ipv6nat-mailcow Container ebenfalls zu deaktivieren, gehen Sie in Ihr mailcow Verzeichnis und erstellen Sie eine neue Datei namens "docker-compose.override.yml":

    HINWEIS: Wenn Sie bereits eine Override-Datei haben, erstellen Sie diese natürlich nicht neu, sondern fügen Sie die untenstehenden Zeilen entsprechend in Ihre bestehende Datei ein!

    -
    # cd /opt/mailcow-dockerized
    -# touch docker-compose.override.yml
    -
    +

    ```

    +

    cd /opt/mailcow-dockerized

    +

    touch docker-compose.override.yml

    +

    ```

    Öffnen Sie die Datei in Ihrem bevorzugten Texteditor und tragen Sie folgendes ein:

    -
    version: '2.1'
    -services:
    -
    -    ipv6nat-mailcow:
    -      image: bash:latest
    -      restart: "no"
    -      entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
    -
    +

    ``` +version: '2.1' +services:

    +
    ipv6nat-mailcow:
    +  image: bash:latest
    +  restart: "no"
    +  entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
    +
    +

    ```

    Damit diese Änderungen wirksam werden, müssen Sie den Stack vollständig stoppen und dann neu starten, damit Container und Netzwerke neu erstellt werden:

    -
    docker-compose down
    -docker-compose up -d
    -
    +

    docker-compose down +docker-compose up -d

    3. Deaktivieren Sie IPv6 in unbound-mailcow

    Bearbeiten Sie data/conf/unbound/unbound.conf und setzen Sie do-ip6 auf "no":

    -
    Server:
    +

    Server: [...] do-ip6: no - [...] -

    + [...]

    unbound neu starten:

    -
    docker-compose restart unbound-mailcow
    -
    +

    docker-compose restart unbound-mailcow

    4. Deaktivieren Sie IPv6 in postfix-mailcow

    Erstellen Sie data/conf/postfix/extra.cf und setzen Sie smtp_address_preference auf ipv4:

    -
    smtp_address_preference = ipv4
    -inet_protocols = ipv4
    -
    +

    smtp_address_preference = ipv4 +inet_protocols = ipv4

    Starten Sie Postfix neu:

    -
    docker-compose restart postfix-mailcow
    -
    +

    docker-compose restart postfix-mailcow


    diff --git a/de/post_installation/firststeps-dmarc_reporting/index.html b/de/post_installation/firststeps-dmarc_reporting/index.html index 57e5b636e..6f8251c4c 100644 --- a/de/post_installation/firststeps-dmarc_reporting/index.html +++ b/de/post_installation/firststeps-dmarc_reporting/index.html @@ -2473,44 +2473,42 @@

    Aktivieren Sie DMARC-Berichterstattung

    Erstellen Sie die Datei data/conf/rspamd/local.d/dmarc.conf und setzen Sie den folgenden Inhalt:

    -
    reporting {
    +

    reporting { enabled = true; - email = 'noreply-dmarc@example.com'; - domain = 'example.com'; - org_name = 'Example'; - helo = 'rspamd'; - smtp = 'postfix'; + email = 'noreply-dmarc@example.com'; + domain = 'example.com'; + org_name = 'Example'; + helo = 'rspamd'; + smtp = 'postfix'; smtp_port = 25; - from_name = 'Example DMARC Report'; - msgid_from = 'rspamd.mail.example.com'; + from_name = 'Example DMARC Report'; + msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; -} -

    +}

    Erstellen oder ändern Sie docker-compose.override.yml im mailcow-dockerized Basisverzeichnis:

    -
    version: '2.1'
    -
    -services:
    +

    ``` +version: '2.1'

    +

    services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: - ofelia.enabled: "true" - ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" - ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" + ofelia.enabled: "true" + ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" + ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" ofelia-mailcow: depends_on: - rspamd-mailcow -

    +```

    Starte docker-compose up -d

    Senden Sie eine Kopie der Berichte an sich selbst

    Um eine versteckte Kopie der von Rspamd erzeugten Berichte zu erhalten, können Sie eine bcc_addrs Liste im reporting Konfigurationsabschnitt von data/conf/rspamd/local.d/dmarc.conf setzen:

    -
    reporting {
    +

    reporting { enabled = true; - email = 'noreply-dmarc@example.com'; - bcc_addrs = ["noreply-dmarc@example.com", "parsedmarc@example.com"]; -[...] -

    + email = 'noreply-dmarc@example.com'; + bcc_addrs = ["noreply-dmarc@example.com", "parsedmarc@example.com"]; +[...]

    Rspamd lädt Änderungen in Echtzeit, so dass Sie den Container zu diesem Zeitpunkt nicht neu starten müssen.

    Dies kann nützlich sein, wenn Sie...

      @@ -2519,18 +2517,14 @@ services:

    Fehlersuche

    Prüfen Sie, wann der Berichtsplan zuletzt ausgeführt wurde:

    -
    docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
    -
    +

    docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log

    Sehen Sie sich die letzte Berichtsausgabe an:

    -
    docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
    -
    +

    docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log

    Manuelles Auslösen eines DMARC-Berichts:

    -
    docker-compose exec rspamd-mailcow rspamadm dmarc_report
    -
    +

    docker-compose exec rspamd-mailcow rspamadm dmarc_report

    Bestätigen Sie, dass Rspamd Daten in Redis aufgezeichnet hat:

    -
    docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
    -docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
    -
    +

    docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' +docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"

    Ändern Sie die Häufigkeit der DMARC-Berichte

    Im obigen Beispiel werden die Berichte einmal alle 24 Stunden gesendet.

    Der Olefia-Zeitplan hat die gleiche Implementierung wie cron in Go, die unterstützte Syntax ist beschrieben in cron Documentation

    diff --git a/de/post_installation/firststeps-ip_bindings/index.html b/de/post_installation/firststeps-ip_bindings/index.html index 226942f0a..e8cbd8b7b 100644 --- a/de/post_installation/firststeps-ip_bindings/index.html +++ b/de/post_installation/firststeps-ip_bindings/index.html @@ -530,10 +530,65 @@
  • + + Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen. + + +
  • + +
  • + + Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port: + + +
  • + +
  • + + Beispiel: HTTP_BIND=1.2.3.4 + + +
  • + +
  • + + Andere Dienste werden nach folgendem Format gebunden: + + +
  • + +
  • + + SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25 + + +
  • + +
  • + + Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x übersprungen. + + +
  • + +
  • + + doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte ändern Sie das nicht, es sei denn, Sie wissen, was Sie tun. + + + +
  • @@ -2382,10 +2437,65 @@
  • + + Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen. + + +
  • + +
  • + + Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port: + + +
  • + +
  • + + Beispiel: HTTP_BIND=1.2.3.4 + + +
  • + +
  • + + Andere Dienste werden nach folgendem Format gebunden: + + +
  • + +
  • + + SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25 + + +
  • + +
  • + + Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x übersprungen. + + +
  • + +
  • + + doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte ändern Sie das nicht, es sei denn, Sie wissen, was Sie tun. + + + +
  • @@ -2406,29 +2516,25 @@ -

    IP-Verbindungen

    -

    Warning

    Das Ändern der Bindung hat keinen Einfluss auf Source-NAT. Siehe SNAT für die erforderlichen Schritte.

    IPv4-Binding

    Um eine oder mehrere IPv4-Bind(ings) anzupassen, öffne mailcow.conf und editiere eine, mehrere oder alle Variablen nach deinen Bedürfnissen:

    -
    # Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen.
    -# Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port:
    -# Beispiel: HTTP_BIND=1.2.3.4
    -
    -HTTP_PORT=80
    +

    ```

    +

    Aus technischen Gründen unterscheiden sich die http-Bindungen ein wenig von anderen Service-Bindungen.

    +

    Sie werden die folgenden Variablen finden, getrennt durch eine Bindungsadresse und deren Port:

    +

    Beispiel: HTTP_BIND=1.2.3.4

    +

    HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 -HTTPS_BIND= - -# Andere Dienste werden nach folgendem Format gebunden: -# SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25 -# Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x übersprungen. -# doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte ändern Sie das nicht, es sei denn, Sie wissen, was Sie tun. - -SMTP_PORT=25 +HTTPS_BIND=

    +

    Andere Dienste werden nach folgendem Format gebunden:

    +

    SMTP_PORT=1.2.3.4:25 bindet SMTP an die IP 1.2.3.4 auf Port 25

    +

    Wichtig! Durch die Angabe einer IPv4-Adresse werden alle IPv6-Bindungen seit Docker 20.x übersprungen.

    +

    doveadm, SQL sowie Solr sind nur an lokale Ports gebunden, bitte ändern Sie das nicht, es sei denn, Sie wissen, was Sie tun.

    +

    SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 @@ -2439,35 +2545,36 @@ SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 -

    +```

    Um Ihre Änderungen zu übernehmen, führen Sie docker-compose down gefolgt von docker-compose up -d aus.

    IPv6-Binding

    Das Ändern von IPv6-Bindings ist anders als bei IPv4. Auch dies hat einen technischen Hintergrund.

    Eine docker-compose.override.yml Datei wird verwendet, anstatt die docker-compose.yml Datei direkt zu bearbeiten. Dies geschieht, um die Aktualisierbarkeit zu erhalten, da die Datei docker-compose.yml regelmäßig aktualisiert wird und Ihre Änderungen höchstwahrscheinlich überschrieben werden.

    Bearbeiten Sie die Datei "docker-compose.override.yml" und erstellen Sie sie mit dem folgenden Inhalt. Ihr Inhalt wird mit der produktiven Datei "docker-compose.yml" zusammengeführt.

    Es wird eine imaginäre IPv6 2a00:dead:beef::abc angegeben. Das erste Suffix :PORT1 definiert den externen Port, während das zweite Suffix :PORT2 zu dem entsprechenden Port innerhalb des Containers führt und nicht verändert werden darf.

    -
    version: '2.1'
    -services:
    +

    ``` +version: '2.1' +services:

    +
    dovecot-mailcow:
    +  ports:
    +    - '2a00:dead:beef::abc:143:143'
    +    - '2a00:dead:beef::abc:993:993'
    +    - '2a00:dead:beef::abc:110:110'
    +    - '2a00:dead:beef::abc:995:995'
    +    - '2a00:dead:beef::abc:4190:4190'
     
    -    dovecot-mailcow:
    -      ports:
    -        - '2a00:dead:beef::abc:143:143'
    -        - '2a00:dead:beef::abc:993:993'
    -        - '2a00:dead:beef::abc:110:110'
    -        - '2a00:dead:beef::abc:995:995'
    -        - '2a00:dead:beef::abc:4190:4190'
    +postfix-mailcow:
    +  ports:
    +    - '2a00:dead:beef::abc:25:25'
    +    - '2a00:dead:beef::abc:465:465'
    +    - '2a00:dead:beef::abc:587:587'
     
    -    postfix-mailcow:
    -      ports:
    -        - '2a00:dead:beef::abc:25:25'
    -        - '2a00:dead:beef::abc:465:465'
    -        - '2a00:dead:beef::abc:587:587'
    -
    -    nginx-mailcow:
    -      ports:
    -        - '2a00:dead:beef::abc:80:80'
    -        - '2a00:dead:beef::abc:443:443'
    -
    +nginx-mailcow: + ports: + - '2a00:dead:beef::abc:80:80' + - '2a00:dead:beef::abc:443:443' + +

    ```

    Um Ihre Änderungen zu übernehmen, führen Sie docker-compose down gefolgt von docker-compose up -d aus.


    diff --git a/de/post_installation/firststeps-local_mta/index.html b/de/post_installation/firststeps-local_mta/index.html index c83c2ae42..eb2194dc9 100644 --- a/de/post_installation/firststeps-local_mta/index.html +++ b/de/post_installation/firststeps-local_mta/index.html @@ -66,6 +66,11 @@ @@ -2343,19 +2352,17 @@ -

    Lokaler MTA auf Docker-Host

    -

    Die einfachste Möglichkeit wäre, den Listener an Port 25/tcp zu deaktivieren.

    Postfix-Benutzer deaktivieren den Listener, indem sie die folgende Zeile (beginnend mit smtp oder 25) in /etc/postfix/master.cf auskommentieren: -

    #smtp      inet  n       -       -       -       -       smtpd
    -

    +```

    +

    smtp inet n - - - - smtpd

    +

    ```

    Außerdem, um über eine Dockerized mailcow weiterzuleiten, sollten Sie 172.22.1.1 als Relayhost hinzufügen und das Docker-Interface aus "inet_interfaces" entfernen:

    -
    postconf -e 'relayhost = 172.22.1.1'
    -postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
    -postconf -e "inet_interfaces = loopback-only"
    -postconf -e "relay_transport = relay"
    -postconf -e "default_transport = smtp"
    -
    +

    postconf -e 'relayhost = 172.22.1.1' +postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" +postconf -e "inet_interfaces = loopback-only" +postconf -e "relay_transport = relay" +postconf -e "default_transport = smtp"

    Jetzt ist es wichtig, dass Sie nicht denselben FQDN in myhostname haben, den Sie für Ihre mailcow verwenden. Prüfen Sie Ihre lokale (nicht-Docker) Postfix' main.cf auf myhostname und setzen Sie ihn auf etwas anderes, zum Beispiel local.my.fqdn.tld.

    "172.22.1.1" ist das von mailcow erstellte Netzwerk-Gateway in Docker. Das Relaying über diese Schnittstelle ist notwendig (anstatt - zum Beispiel - direkt über ${MAILCOW_HOSTNAME}), um über ein bekanntes internes Netzwerk weiterzuleiten.

    diff --git a/de/post_installation/firststeps-logging/index.html b/de/post_installation/firststeps-logging/index.html index b5ed8bcdd..034f05856 100644 --- a/de/post_installation/firststeps-logging/index.html +++ b/de/post_installation/firststeps-logging/index.html @@ -572,6 +572,33 @@ + + + + + +
  • + + Nur für Rsyslog: + + +
  • + +
  • + + Um die local3-Eingabe nach /var/log/mailcow.log zu verschieben und die Verarbeitung zu beenden, erstellen Sie eine Datei "/etc/rsyslog.d/docker.conf": + + +
  • + +
  • + + Danach rsyslog neu starten. + + + + +
  • + +
  • + + Nur für Rsyslog: + + +
  • + +
  • + + Um die local3-Eingabe nach /var/log/mailcow.log zu verschieben und die Verarbeitung zu beenden, erstellen Sie eine Datei "/etc/rsyslog.d/docker.conf": + + +
  • + +
  • + + Danach rsyslog neu starten. + + +
  • + + !/bin/bash + + + +
  • @@ -2462,16 +2488,14 @@ -

    Reverse Proxy

    -

    Sie müssen die Nginx-Seite, die mit mailcow: dockerized geliefert wird, nicht ändern. mailcow: dockerized vertraut auf das Standard-Gateway IP 172.22.1.1 als Proxy.

    1. Stellen Sie sicher, dass Sie HTTP_BIND und HTTPS_BIND in mailcow.conf auf eine lokale Adresse ändern und die Ports entsprechend einstellen, zum Beispiel: -

    HTTP_BIND=127.0.0.1
    -HTTP_PORT=8080
    -HTTPS_BIND=127.0.0.1
    -HTTPS_PORT=8443
    -

    +bash +HTTP_BIND=127.0.0.1 +HTTP_PORT=8080 +HTTPS_BIND=127.0.0.1 +HTTPS_PORT=8443

    Dadurch werden auch die Bindungen innerhalb des Nginx-Containers geändert! Dies ist wichtig, wenn Sie sich entscheiden, einen Proxy innerhalb von Docker zu verwenden.

    WICHTIG: Verwenden Sie nicht Port 8081, 9081 oder 65510!

    Erzeugen Sie die betroffenen Container neu, indem Sie docker-compose up -d ausführen.

    @@ -2500,81 +2524,73 @@ Auf vielen Servern wird logrotate den Webserver sowieso täglich neu laden.

    2. Konfigurieren Sie Ihren lokalen Webserver als Reverse Proxy:

    Apache 2.4

    Erforderliche Module: -

    a2enmod rewrite proxy proxy_http headers ssl
    -

    +a2enmod rewrite proxy proxy_http headers ssl

    Let's Encrypt wird unserem Rewrite folgen, Zertifikatsanfragen in mailcow werden problemlos funktionieren.

    Die hervorgehobenen Zeilen müssen beachtet werden.

    -
    <VirtualHost *:80>
    -  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
    -  ServerAlias autodiscover.*
    -  ServerAlias autoconfig.*
    -  RewriteEngine on
    -
    -  RewriteCond %{HTTPS} off
    -  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
    -
    -  ProxyPass / http://127.0.0.1:8080/
    -  ProxyPassReverse / http://127.0.0.1:8080/
    -  ProxyPreserveHost On
    -  ProxyAddHeaders On
    -  RequestHeader set X-Forwarded-Proto "http"
    -</VirtualHost>
    -<VirtualHost *:443>
    -  ServerName ZU MAILCOW HOSTNAMEN ÄNDERN
    -  ServerAlias autodiscover.*
    -  ServerAlias autoconfig.*
    -
    -  # You should proxy to a plain HTTP session to offload SSL processing
    -  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
    -  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
    -  ProxyPass / http://127.0.0.1:8080/
    -  ProxyPassReverse / http://127.0.0.1:8080/
    -  ProxyPreserveHost On
    -  ProxyAddHeaders On
    -  RequestHeader set X-Forwarded-Proto "https"
    -
    -  SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem
    -  SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem
    -
    -  # Wenn Sie einen HTTPS-Host als Proxy verwenden möchten:
    -  #SSLProxyEngine On
    -
    -  # Wenn Sie einen Proxy für einen nicht vertrauenswürdigen HTTPS-Host einrichten wollen:
    -  #SSLProxyVerify none
    -  #SSLProxyCheckPeerCN off
    -  #SSLProxyCheckPeerName off
    -  #SSLProxyCheckPeerExpire off
    -</VirtualHost>
    -
    +

    ``` apache hl_lines="2 10 11 17 22 23 24 25 30 31" + + ServerName ZU MAILCOW HOSTNAMEN ÄNDERN + ServerAlias autodiscover.* + ServerAlias autoconfig.* + RewriteEngine on

    +

    RewriteCond %{HTTPS} off + RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]

    +

    ProxyPass / http://127.0.0.1:8080/ + ProxyPassReverse / http://127.0.0.1:8080/ + ProxyPreserveHost On + ProxyAddHeaders On + RequestHeader set X-Forwarded-Proto "http" + + + ServerName ZU MAILCOW HOSTNAMEN ÄNDERN + ServerAlias autodiscover.* + ServerAlias autoconfig.*

    +

    # You should proxy to a plain HTTP session to offload SSL processing + ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 + ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync + ProxyPass / http://127.0.0.1:8080/ + ProxyPassReverse / http://127.0.0.1:8080/ + ProxyPreserveHost On + ProxyAddHeaders On + RequestHeader set X-Forwarded-Proto "https"

    +

    SSLCertificateFile MAILCOW_ORDNER/data/assets/ssl/cert.pem + SSLCertificateKeyFile MAILCOW_ORDNER/data/assets/ssl/key.pem

    +

    # Wenn Sie einen HTTPS-Host als Proxy verwenden möchten: + #SSLProxyEngine On

    +

    # Wenn Sie einen Proxy für einen nicht vertrauenswürdigen HTTPS-Host einrichten wollen: + #SSLProxyVerify none + #SSLProxyCheckPeerCN off + #SSLProxyCheckPeerName off + #SSLProxyCheckPeerExpire off + +```

    Nginx

    Let's Encrypt folgt unserem Rewrite, Zertifikatsanfragen funktionieren problemlos.

    Achten Sie auf die hervorgehobenen Zeilen.

    -
    server {
    +

    ``` hl_lines="4 10 12 13 25 39" +server { listen 80 default_server; listen [::]:80 default_server; - server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*; - return 301 https://$host$request_uri; + server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.; + return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover.* autoconfig.*; - - ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; - ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; - ssl_session_timeout 1d; + server_name ZU MAILCOW HOSTNAMEN ÄNDERN autodiscover. autoconfig.*;

    +

    ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; + ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; + ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - - # Siehe https://ssl-config.mozilla.org/#server=nginx für die neuesten Empfehlungen zu ssl-Einstellungen + ssl_session_tickets off;

    +

    # Siehe https://ssl-config.mozilla.org/#server=nginx für die neuesten Empfehlungen zu ssl-Einstellungen # Ein Beispiel für eine Konfiguration ist unten angegeben ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; - ssl_prefer_server_ciphers off; - - location /Microsoft-Server-ActiveSync { - proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; - proxy_set_header Host $http_host; + ssl_prefer_server_ciphers off;

    +

    location /Microsoft-Server-ActiveSync { + proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -2584,39 +2600,38 @@ server { proxy_buffers 64 512k; # Seit dem 2022-04 Update nötig für SOGo client_body_buffer_size 512k; client_max_body_size 0; - } - - location / { - proxy_pass http://127.0.0.1:8080/; - proxy_set_header Host $http_host; + }

    +

    location / { + proxy_pass http://127.0.0.1:8080/; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # Die folgenden Proxy-Buffer müssen gesetzt werden, wenn Sie SOGo nach dem Update 2022-04 (April 2022) verwenden wollen - # Andernfalls wird ein Login wie folgt fehlschlagen: https://github.com/mailcow/mailcow-dockerized/issues/4537 + # Andernfalls wird ein Login wie folgt fehlschlagen: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } } -

    +```

    HAProxy (von der Community unterstützt)

    Warning

    Dies ist ein nicht unterstützter Community Beitrag. Sie können gerne Korrekturen bereitstellen.

    Wichtig/Fix erwünscht: Dieses Beispiel leitet nur HTTPS-Verkehr weiter und benutzt nicht den in mailcow eingebauten ACME-Client.

    -
    frontend https-in
    +

    ``` +frontend https-in bind :::443 v4v6 ssl crt mailcow.pem - default_backend mailcow - -backend mailcow + default_backend mailcow

    +

    backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check -

    +```

    Traefik v2 (von der Community unterstützt)

    Warning

    @@ -2627,50 +2642,49 @@ backend mailcow

    Zuallererst werden wir den acme-mailcow-Container deaktivieren, da wir die von traefik bereitgestellten Zertifikate verwenden werden. Dazu müssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf setzen und docker-compose up -d ausführen, um die Änderungen zu übernehmen.

    Dann erstellen wir eine docker-compose.override.yml Datei, um die Hauptdatei docker-compose.yml zu überschreiben, die sich im Mailcow-Stammverzeichnis befindet.

    -
    version: '2.1'
    -
    -services:
    -    nginx-mailcow:
    -      networks:
    -        # Traefiks Netzwerk hinzufügen
    -        web:
    -      labels:
    -        - traefik.enable=true
    -        # Erstellt einen Router namens "moo" für den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verknüpfen,
    -        # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable.
    -        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
    -        # Aktiviert tls über den zuvor erstellten Router.
    -        - traefik.http.routers.moo.tls=true
    -        # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt).
    -        - traefik.http.routers.moo.tls.certresolver=le
    -        # Erzeugt einen Dienst namens "moo" für den Container und gibt an, welchen internen Port des Containers
    -        # Traefik die eingehenden Daten weiterleiten soll.
    -        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
    -        # Gibt an, welchen Eingangspunkt (externer Port) traefik für diesen Container abhören soll.
    -        # Websecure ist Port 443, siehe die Datei traefik.toml wie oben.
    -        - traefik.http.routers.moo.entrypoints=websecure
    -        # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network
    -        - traefik.docker.network=web
    -
    -    certdumper:
    -        image: humenius/traefik-certs-dumper
    -        container_name: traefik_certdumper
    -        network_mode: none
    -        volumes:
    -          # mounten Sie den Ordner, der Traefiks `acme.json' Datei enthält
    -          # in diesem Fall wird Traefik von seinem eigenen docker-compose in ../traefik gestartet
    -          - ../traefik/data:/traefik:ro
    -          # SSL-Ordner von mailcow einhängen
    -          - ./data/assets/ssl/:/output:rw
    -        restart: always
    -        environment:
    -          # Ändern Sie dies nur, wenn Sie eine andere Domain für Mailcows Web-Frontend verwenden als in der Standard-Konfiguration
    -          - DOMAIN=${MAILCOW_HOSTNAME}
    -
    -networks:
    -  web:
    -    external: true
    -
    +

    ```yaml +version: '2.1'

    +

    services: + nginx-mailcow: + networks: + # Traefiks Netzwerk hinzufügen + web: + labels: + - traefik.enable=true + # Erstellt einen Router namens "moo" für den Container und richtet eine Regel ein, um den Container mit einer bestimmten Regel zu verknüpfen, + # in diesem Fall eine Host-Regel mit unserer MAILCOW_HOSTNAME-Variable. + - traefik.http.routers.moo.rule=Host(${MAILCOW_HOSTNAME}) + # Aktiviert tls über den zuvor erstellten Router. + - traefik.http.routers.moo.tls=true + # Gibt an, welche Art von Cert-Resolver wir verwenden werden, in diesem Fall le (Lets Encrypt). + - traefik.http.routers.moo.tls.certresolver=le + # Erzeugt einen Dienst namens "moo" für den Container und gibt an, welchen internen Port des Containers + # Traefik die eingehenden Daten weiterleiten soll. + - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} + # Gibt an, welchen Eingangspunkt (externer Port) traefik für diesen Container abhören soll. + # Websecure ist Port 443, siehe die Datei traefik.toml wie oben. + - traefik.http.routers.moo.entrypoints=websecure + # Stellen Sie sicher, dass traefik das Web-Netzwerk verwendet, nicht das mailcowdockerized_mailcow-network + - traefik.docker.network=web

    +
    certdumper:
    +    image: humenius/traefik-certs-dumper
    +    container_name: traefik_certdumper
    +    network_mode: none
    +    volumes:
    +      # mounten Sie den Ordner, der Traefiks `acme.json' Datei enthält
    +      # in diesem Fall wird Traefik von seinem eigenen docker-compose in ../traefik gestartet
    +      - ../traefik/data:/traefik:ro
    +      # SSL-Ordner von mailcow einhängen
    +      - ./data/assets/ssl/:/output:rw
    +    restart: always
    +    environment:
    +      # Ändern Sie dies nur, wenn Sie eine andere Domain für Mailcows Web-Frontend verwenden als in der Standard-Konfiguration
    +      - DOMAIN=${MAILCOW_HOSTNAME}
    +
    +

    networks: + web: + external: true +```

    Starten Sie die neuen Container mit docker-compose up -d.

    Da Traefik 2 ein acme v2 Format verwendet, um ALLE Lizenzen von allen Domains zu speichern, müssen wir einen Weg finden, die Zertifikate auszulagern. Zum Glück haben wir [diesen kleinen Container] (https://hub.docker.com/r/humenius/traefik-certs-dumper), der die Datei acme.json über ein Volume und eine Variable DOMAIN=example. org, und damit wird der Container die cert.pem und key.pem Dateien ausgeben, dafür lassen wir einfach den traefik-certs-dumper Container laufen, binden das /traefik Volume an den Ordner, in dem unsere acme.json gespeichert ist, binden das /output Volume an unseren mailcow data/assets/ssl/ Ordner, und setzen die DOMAIN=example.org Variable auf die Domain, von der wir die Zertifikate ausgeben wollen.

    Dieser Container überwacht die Datei acme.json auf Änderungen und generiert die Dateien cert.pem und key.pem direkt in data/assets/ssl/, wobei der Pfad mit dem /output-Pfad des Containers verbunden ist.

    @@ -2680,18 +2694,18 @@ Dazu müssen wir SKIP_LETS_ENCRYPT=y in unserer mailcow.conf<

    Optional: Post-Hook-Skript für nicht-mailcow ACME-Clients

    Die Verwendung eines lokalen Certbots (oder eines anderen ACME-Clients) erfordert den Neustart einiger Container, was Sie mit einem Post-Hook-Skript erledigen können. Stellen Sie sicher, dass Sie die Pfade entsprechend ändern: -

    #!/bin/bash
    -cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
    +```

    +

    !/bin/bash

    +

    cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c} -

    +```

    Hinzufügen weiterer Servernamen für mailcow UI

    Wenn Sie vorhaben, einen Servernamen zu verwenden, der nicht MAILCOW_HOSTNAME in Ihrem Reverse-Proxy ist, stellen Sie sicher, dass Sie diesen Namen zuerst in mailcow.conf über ADDITIONAL_SERVER_NAMES einpflegen. Die Namen müssen durch Kommas getrennt werden und dürfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt überspringen, kann es sein, dass mailcow auf Ihren Reverse-Proxy mit einer falschen Seite antwortet.

    -
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    -
    +

    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld

    Führen Sie docker-compose up -d zum Anwenden aus.


    diff --git a/de/post_installation/firststeps-snat/index.html b/de/post_installation/firststeps-snat/index.html index 1f57ddda9..ee3c2dc16 100644 --- a/de/post_installation/firststeps-snat/index.html +++ b/de/post_installation/firststeps-snat/index.html @@ -66,6 +66,11 @@
    @@ -564,6 +569,8 @@ + + SNAT @@ -2326,6 +2333,8 @@ + +
    @@ -2343,17 +2352,15 @@ -

    SNAT

    -

    SNAT wird verwendet, um die Quelladresse der von mailcow gesendeten Pakete zu ändern. Es kann verwendet werden, um die ausgehende IP-Adresse auf Systemen mit mehreren IP-Adressen zu ändern.

    Öffnen Sie mailcow.conf, setzen Sie einen oder beide der folgenden Parameter:

    -
    # Benutze diese IPv4 für ausgehende Verbindungen (SNAT)
    -SNAT_TO_SOURCE=1.2.3.4
    -
    -# Benutze dieses IPv6 für ausgehende Verbindungen (SNAT)
    -SNAT6_TO_SOURCE=dead:beef
    -
    +

    ```

    +

    Benutze diese IPv4 für ausgehende Verbindungen (SNAT)

    +

    SNAT_TO_SOURCE=1.2.3.4

    +

    Benutze dieses IPv6 für ausgehende Verbindungen (SNAT)

    +

    SNAT6_TO_SOURCE=dead:beef +```

    Führen Sie docker-compose up -d aus.

    Die Werte werden von netfilter-mailcow gelesen. netfilter-mailcow stellt sicher, dass die Post-Routing-Regeln auf Position 1 in der Netfilter-Tabelle stehen. Es löscht sie automatisch und legt sie neu an, wenn sie an einer anderen Position als 1 gefunden werden.

    Überprüfen Sie die Ausgabe von docker-compose logs --tail=200 netfilter-mailcow, um sicherzustellen, dass die SNAT-Einstellungen angewendet wurden.

    diff --git a/de/post_installation/firststeps-ssl/index.html b/de/post_installation/firststeps-ssl/index.html index 8e470b30b..dae118605 100644 --- a/de/post_installation/firststeps-ssl/index.html +++ b/de/post_installation/firststeps-ssl/index.html @@ -502,6 +502,19 @@ + + + + + +
  • + + Prüfen Sie nun die Logs auf eine Erneuerung + + + +
  • + +
  • + + Verbindung über SMTP (587) + + +
  • + +
  • + + Verbindung über IMAP (143) + + +
  • + +
  • + + Verbindung über HTTPS (443) + +
  • @@ -2478,6 +2512,19 @@ + + + + + +
  • + + Prüfen Sie nun die Logs auf eine Erneuerung + + + +
  • + +
  • + + Verbindung über SMTP (587) + + +
  • + +
  • + + Verbindung über IMAP (143) + + +
  • + +
  • + + Verbindung über HTTPS (443) + +
  • @@ -2570,8 +2638,6 @@ -

    Erweitertes SSL

    -

    Let's Encrypt (wird mitgeliefert)

    Der "acme-mailcow" Container wird versuchen, ein LE-Zertifikat für ${MAILCOW_HOSTNAME}, autodiscover.ADDED_MAIL_DOMAIN und autoconfig.ADDED_MAIL_DOMAIN zu erhalten.

    @@ -2586,8 +2652,7 @@

    Zusätzliche Domain-Namen

    Bearbeiten Sie "mailcow.conf" und fügen Sie einen Parameter ADDITIONAL_SAN wie folgt hinzu:

    Verwenden Sie keine Anführungszeichen (") und keine Leerzeichen zwischen den Namen!

    -
    ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
    -
    +

    ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*

    Jeder Name wird anhand seiner IPv6-Adresse oder - wenn IPv6 in Ihrer Domäne nicht konfiguriert ist - anhand seiner IPv4-Adresse überprüft.

    Ein Wildcard-Name wie smtp.* wird versuchen, ein smtp.DOMAIN_NAME SAN für jede zu mailcow hinzugefügte Domain zu erhalten.

    Führen Sie docker-compose up -d aus, um betroffene Container automatisch neu zu erstellen.

    @@ -2596,17 +2661,17 @@

    Die Verwendung anderer Namen als MAILCOW_HOSTNAME für den Zugriff auf das mailcow UI kann weitere Konfiguration erfordern.

    Wenn Sie planen, einen anderen Servernamen als MAILCOW_HOSTNAME für den Zugriff auf die mailcow UI zu verwenden (z.B. durch Hinzufügen von mail.* zu ADDITIONAL_SAN), stellen Sie sicher, dass Sie diesen Namen in mailcow.conf über ADDITIONAL_SERVER_NAMES eintragen. Die Namen müssen durch Kommas getrennt sein und dürfen keine Leerzeichen enthalten. Wenn Sie diesen Schritt auslassen, kann mailcow mit einer falschen Seite antworten.

    -
    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
    -
    +

    ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld

    Führen Sie docker-compose up -d aus, um es anzuwenden.

    Erneuerung erzwingen

    Um eine Erneuerung zu erzwingen, müssen Sie eine Datei namens force_renew erstellen und den acme-mailcow Container neu starten:

    -
    cd /opt/mailcow-dockerized
    +

    ``` +cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew -docker-compose restart acme-mailcow -# Prüfen Sie nun die Logs auf eine Erneuerung -docker-compose logs --tail=200 -f acme-mailcow -

    +docker-compose restart acme-mailcow

    +

    Prüfen Sie nun die Logs auf eine Erneuerung

    +

    docker-compose logs --tail=200 -f acme-mailcow +```

    Die Datei wird automatisch gelöscht.

    Validierungsfehler und wie man die Validierung überspringt

    Sie können die IP-Überprüfung überspringen, indem Sie SKIP_IP_CHECK=y in mailcow.conf setzen (keine Anführungszeichen). Seien Sie gewarnt, dass eine Fehlkonfiguration dazu führt, dass Sie von Let's Encrypt eingeschränkt werden! Dies ist vor allem für Multi-IP-Setups nützlich, bei denen der IP-Check die falsche Quell-IP-Adresse zurückgeben würde. Aufgrund der Verwendung von dynamischen IPs für acme-mailcow ist Source-NAT bei Neustarts nicht konsistent.

    @@ -2653,35 +2718,33 @@ Sie sollten sicherstellen, dass diese Clients den MAILCOW_HOSTNAME

    Um Ihre eigenen Zertifikate zu verwenden, speichern Sie einfach das kombinierte Zertifikat (mit dem Zertifikat und der zwischengeschalteten CA/CA, falls vorhanden) unter data/assets/ssl/cert.pem und den entsprechenden Schlüssel unter data/assets/ssl/key.pem.

    WICHTIG: Verwenden Sie keine symbolischen Links! Stellen Sie sicher, dass Sie die Zertifikate kopieren und sie nicht mit data/assets/ssl verknüpfen.

    Starten Sie die betroffenen Dienste anschließend neu:

    -
    docker restart $(docker ps -qaf name=postfix-mailcow)
    +

    docker restart $(docker ps -qaf name=postfix-mailcow) docker neu starten $(docker ps -qaf name=nginx-mailcow) -docker restart $(docker ps -qaf name=dovecot-mailcow) -

    +docker restart $(docker ps -qaf name=dovecot-mailcow)

    Siehe Post-Hook-Skript für Nicht-Mailcow-ACME-Clients für ein vollständiges Beispielskript.

    Test gegen das ACME-Verzeichnis

    Bearbeiten Sie mailcow.conf und fügen Sie LE_STAGING=y hinzu.

    Führen Sie docker-compose up -d aus, um Ihre Änderungen zu aktivieren.

    Benutzerdefinierte Verzeichnis-URL

    Editieren Sie mailcow.conf und fügen Sie die entsprechende Verzeichnis-URL in die neue Variable DIRECTORY_URL ein:

    -
    DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
    -
    +

    DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory

    Sie können LE_STAGING nicht mit DIRECTORY_URL verwenden. Wenn beide gesetzt sind, wird nur LE_STAGING verwendet.

    Führen Sie docker-compose up -d aus, um Ihre Änderungen zu aktivieren.

    Überprüfen Sie Ihre Konfiguration

    Führen Sie docker-compose logs acme-mailcow aus, um herauszufinden, warum eine Validierung fehlschlägt.

    Um zu überprüfen, ob nginx das richtige Zertifikat verwendet, benutzen Sie einfach einen Browser Ihrer Wahl und überprüfen Sie das angezeigte Zertifikat.

    Um das von Postfix, Dovecot und Nginx verwendete Zertifikat zu überprüfen, verwenden wir openssl:

    -
    # Verbindung über SMTP (587)
    -echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
    -# Verbindung über IMAP (143)
    -echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
    -# Verbindung über HTTPS (443)
    -echo "Q" | openssl s_client -connect mx.mailcow.email:443
    -
    +

    ```

    +

    Verbindung über SMTP (587)

    +

    echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587

    +

    Verbindung über IMAP (143)

    +

    echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143

    +

    Verbindung über HTTPS (443)

    +

    echo "Q" | openssl s_client -connect mx.mailcow.email:443 +```

    Um die von openssl zurückgegebenen Verfallsdaten gegen MAILCOW_HOSTNAME zu validieren, können Sie unser Hilfsskript verwenden:

    -
    cd /opt/mailcow-dockerized
    -bash helper-scripts/expiry-dates.sh
    -
    +

    cd /opt/mailcow-dockerized +bash helper-scripts/expiry-dates.sh


    diff --git a/de/prerequisite/prerequisite-dns/index.html b/de/prerequisite/prerequisite-dns/index.html index 31c650e31..8653a2da3 100644 --- a/de/prerequisite/prerequisite-dns/index.html +++ b/de/prerequisite/prerequisite-dns/index.html @@ -364,27 +364,75 @@
  • + + Name Typ Wert + + + +
  • + + Name Typ Wert + + +
  • + +
  • + + Name Typ Wert + + +
  • + +
  • + + Name Typ Wert + + + +
  • + + Name Typ Priorität Gewicht Port Wert + + + + +
  • + + + + + + +
  • + + ``` + + +
  • + +
  • + + Zusammenfassung der Ergebnisse + + + + +
  • + +
  • + + ``` + + +
  • + +
  • + + Zusammenfassung der Ergebnisse + + +
  • @@ -2343,45 +2352,43 @@ -

    Gitea

    -

    Mit der Fähigkeit von Gitea, sich über SMTP zu authentifizieren, ist es trivial, es mit mailcow zu integrieren. Es sind nur wenige Änderungen erforderlich:

    1. Öffnen Sie docker-compose.override.yml und fügen Sie Gitea hinzu:

    -
    version: '2.1'
    -services:
    -
    -        gitea-mailcow:
    -            image: gitea/gitea:1
    -            volumes:
    -                - ./data/gitea:/data
    -            networks:
    -                mailcow-network:
    -                    aliases:
    -                        - gitea
    -            ports:
    -                - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
    -
    +

    ``` +version: '2.1' +services:

    +
        gitea-mailcow:
    +        image: gitea/gitea:1
    +        volumes:
    +            - ./data/gitea:/data
    +        networks:
    +            mailcow-network:
    +                aliases:
    +                    - gitea
    +        ports:
    +            - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    ```

    2. Erstellen Sie data/conf/nginx/site.gitea.custom, fügen Sie folgendes hinzu: -

    location /gitea/ {
    +location /gitea/ {
             proxy_pass http://gitea:3000/;
    -}
    -

    +}

    3. Öffne mailcow.conf und definiere den Port Bind, den Gitea für SSH verwenden soll. Beispiel:

    -
    GITEA_SSH_PORT=127.0.0.1:4000
    -
    +

    GITEA_SSH_PORT=127.0.0.1:4000

    5. Führen Sie docker-compose up -d aus, um den Gitea-Container hochzufahren und führen Sie anschließend docker-compose restart nginx-mailcow aus.

    6. Wenn Sie mailcow zu https gezwungen haben, führen Sie Schritt 9 aus und starten Sie gitea mit docker-compose restart gitea-mailcow neu. Fahren Sie mit Schritt 7 fort (Denken Sie daran, https anstelle von http zu verwenden, https://mx.example.org/gitea/

    7. Öffnen Sie http://${MAILCOW_HOSTNAME}/gitea/, zum Beispiel http://mx.example.org/gitea/. Für die Datenbankdetails stellen Sie mysql als Datenbankhost ein. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort.

    8. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie "Einstellungen" -> "Autorisierung" -> "SMTP aktivieren". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify, da wir ein nicht gelistetes SAN verwenden ("postfix" ist höchstwahrscheinlich nicht Teil Ihres Zertifikats).

    9. Erstellen Sie data/gitea/gitea/conf/app.ini und setzen Sie die folgenden Werte. Sie können gitea cheat sheet, leider bisher nur in Englisch verfügbar für deren Bedeutung und andere mögliche Werte konsultieren.

    -
    [server]
    -SSH_LISTEN_PORT = 22
    -# Für GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:
    -SSH_DOMAIN = 127.0.0.1
    -SSH_PORT = 4000
    -# Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:
    -ROOT_URL = https://mx.example.org/gitea/
    -
    +

    ``` +[server] +SSH_LISTEN_PORT = 22

    +

    Für GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:

    +

    SSH_DOMAIN = 127.0.0.1 +SSH_PORT = 4000

    +

    Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:

    +

    ROOT_URL = https://mx.example.org/gitea/ +```

    10. Starten Sie gitea neu mit docker-compose restart gitea-mailcow. Ihre Nutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten anzumelden.


    diff --git a/de/third_party/third_party-gogs/index.html b/de/third_party/third_party-gogs/index.html index 6317c991d..0d49f44c2 100644 --- a/de/third_party/third_party-gogs/index.html +++ b/de/third_party/third_party-gogs/index.html @@ -66,6 +66,11 @@
    @@ -2223,6 +2228,8 @@ + + Gogs @@ -2326,6 +2333,8 @@ + +
    @@ -2343,44 +2352,42 @@ -

    Gogs

    -

    Mit Gogs' Fähigkeit, sich über SMTP zu authentifizieren, ist es einfach, es mit mailcow zu verbinden. Es sind nur wenige Änderungen erforderlich:

    1. Öffne docker-compose.override.yml und füge Gogs hinzu:

    -
    version: '2.1'
    -services:
    -
    -    gogs-mailcow:
    -      image: gogs/gogs
    -      volumes:
    -        - ./data/gogs:/data
    -      networks:
    -        mailcow-network:
    -          aliases:
    -            - gogs
    -      ports:
    -        - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
    -
    +

    ``` +version: '2.1' +services:

    +
    gogs-mailcow:
    +  image: gogs/gogs
    +  volumes:
    +    - ./data/gogs:/data
    +  networks:
    +    mailcow-network:
    +      aliases:
    +        - gogs
    +  ports:
    +    - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
    +
    +

    ```

    2. Erstelle data/conf/nginx/site.gogs.custom, füge hinzu: -

    location /gogs/ {
    +location /gogs/ {
         proxy_pass http://gogs:3000/;
    -}
    -

    +}

    3. Öffne mailcow.conf und definiere die Bindung, die Gogs für SSH verwenden soll. Beispiel:

    -
    GOGS_SSH_PORT=127.0.0.1:4000
    -
    +

    GOGS_SSH_PORT=127.0.0.1:4000

    5. Führen Sie docker-compose up -d aus, um den Gogs-Container hochzufahren und führen Sie anschließend docker-compose restart nginx-mailcow aus.

    6. Öffnen Sie http://${MAILCOW_HOSTNAME}/gogs/, zum Beispiel http://mx.example.org/gogs/. Für Datenbank-Details setzen Sie mysql als Datenbank-Host. Verwenden Sie den in mailcow.conf gefundenen Wert von DBNAME als Datenbankname, DBUSER als Datenbankbenutzer und DBPASS als Datenbankpasswort.

    7. Sobald die Installation abgeschlossen ist, loggen Sie sich als Administrator ein und setzen Sie "Einstellungen" -> "Autorisierung" -> "SMTP aktivieren". SMTP-Host sollte postfix mit Port 587 sein, setzen Sie Skip TLS Verify, da wir ein nicht gelistetes SAN verwenden ("postfix" ist höchstwahrscheinlich nicht Teil Ihres Zertifikats).

    8. Erstellen Sie data/gogs/gogs/conf/app.ini und setzen Sie die folgenden Werte. Sie können Gogs cheat sheet für ihre Bedeutung und andere mögliche Werte konsultieren.

    -
    [server]
    -SSH_LISTEN_PORT = 22
    -# Für GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:
    -SSH_DOMAIN = 127.0.0.1
    -SSH_PORT = 4000
    -# Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:
    -ROOT_URL = https://mx.example.org/gogs/
    -
    +

    ``` +[server] +SSH_LISTEN_PORT = 22

    +

    Für GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, setzen:

    +

    SSH_DOMAIN = 127.0.0.1 +SSH_PORT = 4000

    +

    Für MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (und Standard-Ports für HTTPS), setzen:

    +

    ROOT_URL = https://mx.example.org/gogs/ +```

    9. Starten Sie Gogs neu mit docker-compose restart gogs-mailcow. Ihre Benutzer sollten in der Lage sein, sich mit von mailcow verwalteten Konten einzuloggen.


    diff --git a/de/third_party/third_party-mailman3/index.html b/de/third_party/third_party-mailman3/index.html index 336ec3f4b..476b64cf8 100644 --- a/de/third_party/third_party-mailman3/index.html +++ b/de/third_party/third_party-mailman3/index.html @@ -2289,162 +2289,6 @@ DNS-Einrichtung - - -
  • - - Installieren Sie Apache als Reverse Proxy - - - - -
  • - -
  • - - Beziehen Sie SSL-Zertifikate mit Let's Encrypt. - - -
  • - -
  • - - Installieren Sie mailcow mit Mailman Integration - - - - -
  • - -
  • - - Installieren Sie Mailman. - - - - -
  • - -
  • - - 🏃 Ausführen - - -
  • - - - - - - -
  • - - Bemerkungen - - - - -
  • - -
  • - - Update - - -
  • - -
  • - - Sicherung - - -
  • - -
  • - - ToDo - - -
  • - -
  • - - Installieren Sie Apache als Reverse Proxy - - - - -
  • - -
  • - - Beziehen Sie SSL-Zertifikate mit Let's Encrypt. - - -
  • - -
  • - - Installieren Sie mailcow mit Mailman Integration - - - - -
  • - -
  • - - Installieren Sie Mailman. - - - - -
  • - -
  • - - 🏃 Ausführen - - -
  • - - - - - - -
  • - - Bemerkungen - - - - -
  • - -
  • - - Update - - -
  • - -
  • - - Sicherung - - -
  • - -
  • - - ToDo - - -
  • Das zu lösende Problem

    mailpiler bietet die Authentifizierung auf Basis von IMAP an, zum Beispiel:

    -
    $config['ENABLE_IMAP_AUTH'] = 1;
    -$config['IMAP_HOST'] = 'mail.example.com';
    -$config['IMAP_PORT'] = 993;
    -$config['IMAP_SSL'] = true;
    -
    +

    php +$config['ENABLE_IMAP_AUTH'] = 1; +$config['IMAP_HOST'] = 'mail.example.com'; +$config['IMAP_PORT'] = 993; +$config['IMAP_SSL'] = true;

    • Wenn Sie sich also mit patrik@example.com anmelden, sehen Sie nur zugestellte E-Mails, die von oder an diese spezielle E-Mail-Adresse gesendet wurden.
    • Wenn zusätzliche Aliase in mailcow definiert werden, wie z.B. team@example.com, werden Sie keine Emails sehen, die an oder von dieser Email-Adresse gesendet wurden, auch wenn Sie ein Empfänger von Emails sind, die an diese Alias-Adresse gesendet wurden.
    • @@ -2487,19 +2487,19 @@
      1. Setzen Sie die benutzerdefinierte Abfragefunktion von mailpiler und fügen Sie diese an /usr/local/etc/piler/config-site.php an:

        -
        $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
        -$config['MAILCOW_SET_REALNAME'] = true; // wenn nicht angegeben, dann ist der Standardwert false
        -$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
        -include('auth-mailcow.php');
        -
        +

        php +$config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; +$config['MAILCOW_SET_REALNAME'] = true; // wenn nicht angegeben, dann ist der Standardwert false +$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; +include('auth-mailcow.php');

        Sie können auch den mailcow-Hostnamen ändern, falls erforderlich: -

        $config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardmäßig $config['IMAP_HOST']
        -

        +php +$config['MAILCOW_HOST'] = 'mail.domain.tld'; // standardmäßig $config['IMAP_HOST']

      2. Laden Sie die PHP-Datei mit den Funktionen aus dem GitHub Repo herunter:

        -
        curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
        -
        +

        sh +curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php

      3. Erledigt!

        diff --git a/de/third_party/third_party-nextcloud/index.html b/de/third_party/third_party-nextcloud/index.html index 2483a5bbc..4ea8de4b4 100644 --- a/de/third_party/third_party-nextcloud/index.html +++ b/de/third_party/third_party-nextcloud/index.html @@ -2458,14 +2458,13 @@

        Hintergrund-Aufgaben

        Zur Verwendung der empfohlenen Einstellung (Cron) zur Verarbeitung der Hintergrund-Aufgaben müssen in der docker-compose.override.yml folgende Zeilen hinzugefügt werden:

        -
        version: '2.1'
        +

        version: '2.1' services: php-fpm-mailcow: labels: - ofelia.enabled: "true" - ofelia.job-exec.nextcloud-cron.schedule: "@every 5m" - ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\"" -

        + ofelia.enabled: "true" + ofelia.job-exec.nextcloud-cron.schedule: "@every 5m" + ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""

        Nachdem diese Zeilen hinzugefügt wurden muss docker-compose up -d ausgeführt werden, um das Docker Image mit den entsprechenden Labels zu versehen. Danach muss zudem der docker scheduler neu gestartet werden, um den neuen Job zu registrieren. Dazu wird docker-compose restart ofelia-mailcow ausgeführt. Zur Überprüfung, ob die ofelia Konfiguration korrekt ist geladen wurde, kann mittels docker-compose logs ofelia-mailcow nach einer Zeile mit dem Inhalt @@ -2518,14 +2517,12 @@ services:

        Wenn Sie bisher Nextcloud mit mailcow-Authentifizierung über user_external/IMAP verwendet haben, müssen Sie einige zusätzliche Schritte durchführen, um Ihre bestehenden Benutzerkonten mit OAuth2 zu verknüpfen.

        1. Klicken Sie auf die Schaltfläche in der oberen rechten Ecke und wählen Sie Apps. Scrollen Sie nach unten zur App Externe Benutzerauthentifizierung und klicken Sie daneben auf Entfernen. 2. Führen Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, können Sie source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausführen): -

        INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
        -INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
        -

        +INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;


        Wenn Sie Nextcloud bisher ohne mailcow-Authentifizierung, aber mit den gleichen Benutzernamen wie mailcow genutzt haben, können Sie Ihre bestehenden Benutzerkonten auch mit OAuth2 verknüpfen.

        1. Führen Sie die folgenden Abfragen in Ihrer Nextcloud-Datenbank aus (wenn Sie Nextcloud mit dem Skript von mailcow einrichten, können Sie source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME ausführen): -

        INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
        -

        +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;


        Aktualisieren

        Die Nextcloud-Instanz kann einfach mit dem Web-Update-Mechanismus aktualisiert werden. Bei größeren Updates können nach dem Update weitere Änderungen vorgenommen werden. Nachdem die Nextcloud-Instanz geprüft wurde, werden Probleme angezeigt. Dies können z.B. fehlende Indizes in der DB oder ähnliches sein. @@ -2535,13 +2532,12 @@ Es wird angezeigt, welche Befehle ausgeführt werden müssen, diese müssen im p


        Fehlersuche und Fehlerbehebung

        Es kann vorkommen, dass Sie die Nextcloud-Instanz von Ihrem Netzwerk aus nicht erreichen können. Dies kann daran liegen, dass der Eintrag Ihres Subnetzes im Array 'trusted_proxies' fehlt. Sie können Änderungen in der Nextcloud config.php in data/web/nextcloud/config/* vornehmen.

        -
        'trusted_proxies' =>
        +

        'trusted_proxies' => array ( - 0 => 'fd4d:6169:6c63:6f77::/64', - 1 => '172.22.1.0/24', - 2 => 'NewSubnet/24', - ), -

        + 0 => 'fd4d:6169:6c63:6f77::/64', + 1 => '172.22.1.0/24', + 2 => 'NewSubnet/24', + ),

        Nachdem die Änderungen vorgenommen wurden, muss der nginx-Container neu gestartet werden. docker-compose restart nginx-mailcow

        diff --git a/de/third_party/third_party-portainer/index.html b/de/third_party/third_party-portainer/index.html index cecdfe23c..5ea980d28 100644 --- a/de/third_party/third_party-portainer/index.html +++ b/de/third_party/third_party-portainer/index.html @@ -2347,7 +2347,7 @@

        Um Portainer zu aktivieren, müssen die docker-compose.yml und site.conf für Nginx geändert werden.

        1. Erstellen Sie eine neue Datei docker-compose.override.yml im mailcow-dockerized Stammverzeichnis und fügen Sie die folgende Konfiguration ein -

        version: '2.1'
        +version: '2.1'
         services:
             portainer-mailcow:
               image: portainer/portainer-ce
        @@ -2361,42 +2361,40 @@ services:
               networks:
                 mailcow-network:
                   aliases:
        -            - portainer
        -
        + - portainer 2a. Erstelle data/conf/nginx/portainer.conf: -
        upstream portainer {
        +```
        +upstream portainer {
           server portainer-mailcow:9000;
        -}
        -
        -map $http_upgrade $connection_upgrade {
        +}

        +

        map $http_upgrade $connection_upgrade { default upgrade; - '' close; + '' close; } -

        +```

        2b. Fügen Sie einen neuen Standort für die Standard-Mailcow-Site ein, indem Sie die Datei data/conf/nginx/site.portainer.custom erstellen: -

          location /portainer/ {
        +```
        +  location /portainer/ {
             proxy_http_version 1.1;
        -    proxy_set_header Host              $http_host;   # required for docker client's sake
        -    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
        +    proxy_set_header Host              $http_host;   # required for docker client's sake
        +    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
             proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
        -    proxy_read_timeout                 900;
        -
        -    proxy_set_header Connection "";
        -    proxy_buffers 32 4k;
        -    proxy_pass http://portainer/;
        -  }
        -
        -  location /portainer/api/websocket/ {
        +    proxy_read_timeout                 900;

        +
        proxy_set_header Connection "";
        +proxy_buffers 32 4k;
        +proxy_pass http://portainer/;
        +
        +

        }

        +

        location /portainer/api/websocket/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass http://portainer/api/websocket/; + proxy_pass http://portainer/api/websocket/; } -

        +```

        3. Übernehmen Sie Ihre Änderungen: -

        docker-compose up -d && docker-compose restart nginx-mailcow
        -

        +docker-compose up -d && docker-compose restart nginx-mailcow

        Nun können Sie einfach zu https://${MAILCOW_HOSTNAME}/portainer/ navigieren, um Ihre Portainer-Container-Überwachungsseite anzuzeigen. Sie werden dann aufgefordert, ein neues Passwort für den admin Account anzugeben. Nachdem Sie Ihr Passwort eingegeben haben, können Sie sich mit der Portainer UI verbinden.


        diff --git a/de/third_party/third_party-roundcube/index.html b/de/third_party/third_party-roundcube/index.html index 287dfd8cc..213a2ece2 100644 --- a/de/third_party/third_party-roundcube/index.html +++ b/de/third_party/third_party-roundcube/index.html @@ -2329,38 +2329,134 @@
      4. + + Prüfen Sie, ob eine neuere Version vorliegt! + + +
      5. + +
      6. + + Ändern Sie den Ordnernamen + + +
      7. + +
      8. + + Berechtigungen ändern + + +
      9. + +
      10. + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht erforderlich sein + + +
      11. + +
      12. + + !/bin/bash + + + +
      13. + + Starten Sie eine Bash-Sitzung des mailcow PHP-Containers + + +
      14. + +
      15. + + Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version + + +
      16. + +
      17. + + Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren. + + +
      18. + +
      19. + + Entfernen Sie übrig gebliebene Dateien + + +
      20. + +
      21. + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht benötigt werden + + + + +
      22. + +
      23. + + Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort) + + +
      24. + +
      25. + + Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden + +
    @@ -2410,38 +2506,134 @@
  • + + Prüfen Sie, ob eine neuere Version vorliegt! + + +
  • + +
  • + + Ändern Sie den Ordnernamen + + +
  • + +
  • + + Berechtigungen ändern + + +
  • + +
  • + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht erforderlich sein + + +
  • + +
  • + + !/bin/bash + + + +
  • + + Starten Sie eine Bash-Sitzung des mailcow PHP-Containers + + +
  • + +
  • + + Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version + + +
  • + +
  • + + Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren. + + +
  • + +
  • + + Entfernen Sie übrig gebliebene Dateien + + +
  • + +
  • + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht benötigt werden + + + + +
  • + +
  • + + Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort) + + +
  • + +
  • + + Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden + +
  • @@ -2462,124 +2654,114 @@ -

    Roundcube

    -

    Installation von Roundcube

    Laden Sie Roundcube 1.5.x in das Web htdocs Verzeichnis herunter und entpacken Sie es (hier rc/): -

    # Prüfen Sie, ob eine neuere Version vorliegt!
    -cd daten/web
    -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -
    -
    -# Ändern Sie den Ordnernamen
    -mv roundcubemail-1.5.2 rc
    -
    -# Berechtigungen ändern
    -chown -R root: rc/
    -
    -# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht erforderlich sein
    -sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php
    -

    +```

    +

    Prüfen Sie, ob eine neuere Version vorliegt!

    +

    cd daten/web +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -

    +

    Ändern Sie den Ordnernamen

    +

    mv roundcubemail-1.5.2 rc

    +

    Berechtigungen ändern

    +

    chown -R root: rc/

    +

    Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht erforderlich sein

    +

    sed -i "s/\$prefix = '.\/';/\$prefix = preg_replace('\/[\?\&].*\$\/', '', \$_SERVER['REQUEST_URI'] \?\? '') \?: '.\/';/g" rc/program/include/rcmail.php +```

    Wenn Sie eine Rechtschreibprüfung benötigen, erstellen Sie eine Datei data/hooks/phpfpm/aspell.sh mit folgendem Inhalt und geben Sie dann chmod +x data/hooks/phpfpm/aspell.sh ein. Dadurch wird eine lokale Rechtschreibprüfung installiert. Beachten Sie, dass die meisten modernen Webbrowser eine eingebaute Rechtschreibprüfung haben, so dass Sie diese vielleicht nicht benötigen. -

    #!/bin/bash
    -apk update
    +```

    +

    !/bin/bash

    +

    apk update apk add aspell-de # oder jede andere Sprache -

    +```

    Erstellen Sie eine Datei data/web/rc/config/config.inc.php mit dem folgenden Inhalt. - Ändern Sie den Parameter des_key auf einen Zufallswert. Er wird verwendet, um Ihr IMAP-Passwort vorübergehend zu speichern. - Der db_prefix ist optional, wird aber empfohlen. - Wenn Sie die Rechtschreibprüfung im obigen Schritt nicht installiert haben, entfernen Sie den Parameter spellcheck_engine und ersetzen ihn durch $config['enable_spellcheck'] = false;. -

    <?php
    +<?php
     error_reporting(0);
    -if (!file_exists('/tmp/mime.types')) {
    -file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
    +if (!file_exists('/tmp/mime.types')) {
    +file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
     }
     $config = array();
    -$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
    -$config['default_host'] = 'tls://dovecot';
    -$config['default_port'] = '143';
    -$config['smtp_server'] = 'tls://postfix';
    -$config['smtp_port'] = 587;
    -$config['smtp_user'] = '%u';
    -$config['smtp_pass'] = '%p';
    -$config['support_url'] = '';
    -$config['product_name'] = 'Roundcube Webmail';
    -$config['des_key'] = 'yourrandomstring_changeme';
    -$config['log_dir'] = '/dev/null';
    -$config['temp_dir'] = '/tmp';
    -$config['plugins'] = array(
    -  'archive',
    -  'managesieve'
    +$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
    +$config['default_host'] = 'tls://dovecot';
    +$config['default_port'] = '143';
    +$config['smtp_server'] = 'tls://postfix';
    +$config['smtp_port'] = 587;
    +$config['smtp_user'] = '%u';
    +$config['smtp_pass'] = '%p';
    +$config['support_url'] = '';
    +$config['product_name'] = 'Roundcube Webmail';
    +$config['des_key'] = 'yourrandomstring_changeme';
    +$config['log_dir'] = '/dev/null';
    +$config['temp_dir'] = '/tmp';
    +$config['plugins'] = array(
    +  'archive',
    +  'managesieve'
     );
    -$config['spellcheck_engine'] = 'aspell';
    -$config['mime_types'] = '/tmp/mime.types';
    -$config['imap_conn_options'] = array(
    -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +$config['spellcheck_engine'] = 'aspell';
    +$config['mime_types'] = '/tmp/mime.types';
    +$config['imap_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
     );
    -$config['enable_installer'] = true;
    -$config['smtp_conn_options'] = array(
    -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +$config['enable_installer'] = true;
    +$config['smtp_conn_options'] = array(
    +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
     );
    -$config['db_prefix'] = 'mailcow_rc1';
    -

    +$config['db_prefix'] = 'mailcow_rc1';

    Richten Sie Ihren Browser auf https://myserver/rc/installer und folgen Sie den Anweisungen. Initialisiere die Datenbank und verlasse das Installationsprogramm.

    **Löschen Sie das Verzeichnis data/web/rc/installer nach einer erfolgreichen Installation!

    Konfigurieren Sie die ManageSieve-Filterung

    Öffnen Sie data/web/rc/plugins/managesieve/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu): -

    $config['managesieve_port'] = 4190;
    -$config['managesieve_host'] = 'tls://dovecot';
    -$config['managesieve_conn_options'] = array(
    -  ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
    +$config['managesieve_port'] = 4190;
    +$config['managesieve_host'] = 'tls://dovecot';
    +$config['managesieve_conn_options'] = array(
    +  ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
     );
     // Aktiviert separate Verwaltungsschnittstelle für Urlaubsantworten (außer Haus)
     // 0 - kein separater Abschnitt (Standard),
    -// 1 - Abschnitt "Urlaub" hinzufügen,
    -// 2 - Abschnitt "Urlaub" hinzufügen, aber Abschnitt "Filter" ausblenden
    -$config['managesieve_vacation'] = 1;
    -

    +// 1 - Abschnitt "Urlaub" hinzufügen, +// 2 - Abschnitt "Urlaub" hinzufügen, aber Abschnitt "Filter" ausblenden +$config['managesieve_vacation'] = 1;

    Aktivieren Sie die Funktion "Passwort ändern" in Roundcube

    Öffnen Sie data/web/rc/config/config.inc.php und aktivieren Sie das Passwort-Plugin:

    -
    [...]
    -$config['plugins'] = array(
    -    'archive',
    -    'password',
    +

    [...] +$config['plugins'] = array( + 'archive', + 'password', ); -[...] -

    +[...]

    Öffnen Sie data/web/rc/plugins/password/password.php, suchen Sie nach case 'ssha': und fügen Sie oben hinzu:

    -
            case 'ssha256':
    +

    case 'ssha256': $salt = rcube_utils::random_bytes(8); - $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); - $prefix = '{SSHA256}'; - break; -

    + $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); + $prefix = '{SSHA256}'; + break;

    Öffnen Sie data/web/rc/plugins/password/config.inc.php und ändern Sie die folgenden Parameter (oder fügen Sie sie am Ende der Datei hinzu):

    -
    $config['password_driver'] = 'sql';
    -$config['password_algorithm'] = 'ssha256';
    -$config['password_algorithm_prefix'] = '{SSHA256}';
    -$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
    -
    +

    $config['password_driver'] = 'sql'; +$config['password_algorithm'] = 'ssha256'; +$config['password_algorithm_prefix'] = '{SSHA256}'; +$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";

    CardDAV Adressbücher in Roundcube einbinden

    Laden Sie die neueste Version von RCMCardDAV in das Roundcube Plugin Verzeichnis und entpacken Sie es (hier rc/plugins): -

    cd data/web/rc/plugins
    +cd data/web/rc/plugins
     wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz | tar xfvz -
    -chown -R root: carddav/
    -

    +chown -R root: carddav/

    Kopieren Sie die Datei config.inc.php.dist nach config.inc.php (hier in rc/plugins/carddav) und fügen Sie die folgende Voreinstellung an das Ende der Datei an - vergessen Sie nicht, mx.example.org durch Ihren eigenen Hostnamen zu ersetzen: -

    $prefs['SOGo'] = array(
    -    'name'         =>  'SOGo',
    -    'username'     =>  '%u',
    -    'password'     =>  '%p',
    -    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
    -    'carddav_name_only' => true,
    -    'use_categories' => true,
    -    'active'       =>  true,
    -    'readonly'     =>  false,
    -    'refresh_time' => '02:00:00',
    -    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
    -    'hide'        =>  false,
    -);
    -
    +$prefs['SOGo'] = array( + 'name' => 'SOGo', + 'username' => '%u', + 'password' => '%p', + 'url' => 'https://mx.example.org/SOGo/dav/%u/', + 'carddav_name_only' => true, + 'use_categories' => true, + 'active' => true, + 'readonly' => false, + 'refresh_time' => '02:00:00', + 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), + 'hide' => false, +); Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (dasjenige, das den Namen "Persönliches Adressbuch" trägt und nicht gelöscht werden kann). Weitere Adressbücher werden derzeit nicht automatisch erkannt, können aber manuell in den Roundcube-Einstellungen hinzugefügt werden.

    Aktivieren Sie das Plugin, indem Sie carddav zu $config['plugins'] in rc/config/config.inc.php hinzufügen.

    Wenn Sie die Standard-Adressbücher (die in der Roundcube-Datenbank gespeichert sind) entfernen möchten, so dass nur die CardDAV-Adressbücher zugänglich sind, fügen Sie $config['address_book_type'] = ''; in die Konfigurationsdatei data/web/rc/config/config.inc.php ein.

    @@ -2587,75 +2769,70 @@ Bitte beachten Sie, dass dieses Preset nur das Standard-Adressbuch integriert (d

    Optional können Sie Roundcube's Link zu der mailcow Apps Liste hinzufügen. Um dies zu tun, öffnen oder erstellen Sie data/web/inc/vars.local.inc.php und fügen Sie den folgenden Code-Block hinzu:

    HINWEIS: Vergessen Sie nicht, das <?php Trennzeichen in der ersten Zeile einzufügen

    -
    ...
    +

    ... $MAILCOW_APPS = array( array( - 'name' => 'SOGo', - 'link' => '/SOGo/' + 'name' => 'SOGo', + 'link' => '/SOGo/' ), array( - 'name' => 'Roundcube', - 'link' => '/rc/' + 'name' => 'Roundcube', + 'link' => '/rc/' ) ); -... -

    +...

    Aktualisierung von Roundcube

    Ein Upgrade von Roundcube ist recht einfach: Gehen Sie auf die Github releases Seite für Roundcube und holen Sie sich den Link für die "complete.tar.gz" Datei für die gewünschte Version. Dann folgen Sie den untenstehenden Befehlen und ändern Sie die URL und den Namen des Roundcube-Ordners, falls nötig.

    -
    # Starten Sie eine Bash-Sitzung des mailcow PHP-Containers
    -docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash
    -
    -# Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version
    -apk add rsync
    +

    ```

    +

    Starten Sie eine Bash-Sitzung des mailcow PHP-Containers

    +

    docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash

    +

    Installieren Sie die erforderliche Upgrade-Abhängigkeit, dann aktualisieren Sie Roundcube auf die gewünschte Version

    +

    apk add rsync cd /tmp -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - cd roundcubemail-1.5.2 -bin/installto.sh /web/rc - -# Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren. - -# Entfernen Sie übrig gebliebene Dateien -cd /tmp -rm -rf roundcube* - -# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht benötigt werden -sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php -

    +bin/installto.sh /web/rc

    +

    Geben Sie 'Y' ein und drücken Sie die Eingabetaste, um Ihre Installation von Roundcube zu aktualisieren.

    +

    Entfernen Sie übrig gebliebene Dateien

    +

    cd /tmp +rm -rf roundcube*

    +

    Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) sollte in 1.6 nicht benötigt werden

    +

    sed -i "s/\$prefix = '.\/';/\$prefix = preg_replace('\/[\?\&].*\$\/', '', \$_SERVER['REQUEST_URI'] \?\? '') \?: '.\/';/g" /web/rc/program/include/rcmail.php +```

    Administratoren ohne Passwort in Roundcube einloggen lassen

    Installieren Sie zunächst das Plugin [dovecot_impersonate] (https://github.com/corbosman/dovecot_impersonate/) und fügen Sie Roundcube als App hinzu (siehe oben).

    Editieren Sie mailcow.conf und fügen Sie folgendes hinzu:

    -
    # Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort)
    -# Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden
    -
    -ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
    -
    +

    ```

    +

    Erlaube Admins, sich in Roundcube als Email-Benutzer einzuloggen (ohne Passwort)

    +

    Roundcube mit Plugin dovecot_impersonate muss zuerst installiert werden

    +

    ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y +```

    Editieren Sie docker-compose.override.yml und verfassen/erweitern Sie den Abschnitt für php-fpm-mailcow:

    -
    version: '2.1'
    +

    yml +version: '2.1' services: php-fpm-mailcow: environment: - - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} -

    + - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}

    Bearbeiten Sie data/web/js/site/mailbox.js und den folgenden Code nach if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

    -
    if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
    -  item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
    -}
    -
    +

    js +if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) { + item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>'; +}

    Bearbeiten Sie data/web/mailbox.php und fügen Sie diese Zeile zum Array $template_data hinzu:

    -
      'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
    -
    +

    php + 'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',

    Bearbeiten Sie data/web/templates/mailbox.twig und fügen Sie diesen Code am Ende des [javascript-Abschnitts] ein (https://github.com/mailcow/mailcow-dockerized/blob/2f9da5ae93d93bf62a8c2b7a5a6ae50a41170c48/data/web/templates/mailbox.twig#L49-L57):

    -
      var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
    -
    +

    js + var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};

    Kopieren Sie den Inhalt der folgenden Dateien aus diesem Snippet:

    • data/web/inc/lib/RoundcubeAutoLogin.php
    • data/web/rc-auth.php

    Starten Sie schließlich mailcow neu

    -
    docker-compose down
    -docker-compose up -d
    -
    +

    docker-compose down +docker-compose up -d


    diff --git a/de/troubleshooting/debug-admin_login_sogo/index.html b/de/troubleshooting/debug-admin_login_sogo/index.html index cba2a9e48..02e68c633 100644 --- a/de/troubleshooting/debug-admin_login_sogo/index.html +++ b/de/troubleshooting/debug-admin_login_sogo/index.html @@ -2427,11 +2427,9 @@ Dazu wird ein zusätzlicher Link zu SOGo in der Mailbox-Liste (mailcow UI) angez

    Auch mehrere gleichzeitige Admin-Logins auf verschiedene Postfächer sind mit dieser Funktion möglich.

    Aktivieren der Funktion

    Die Funktion ist standardmäßig deaktiviert. Es kann in der mailcow.conf durch Setzen aktiviert werden: -

    ALLOW_ADMIN_EMAIL_LOGIN=y
    -
    +ALLOW_ADMIN_EMAIL_LOGIN=y und die betroffenen Container neu erstellen mit -
    docker-compose up -d
    -

    +docker-compose up -d

    Nachteile bei Aktivierung

    • Jeder SOGo-Seiten-Load und jede Active-Sync-Anfrage verursacht eine zusätzliche Ausführung eines internen PHP-Skripts. diff --git a/de/troubleshooting/debug-attach_service/index.html b/de/troubleshooting/debug-attach_service/index.html index c57384c5f..824fd8b00 100644 --- a/de/troubleshooting/debug-attach_service/index.html +++ b/de/troubleshooting/debug-attach_service/index.html @@ -2476,17 +2476,14 @@

      Anhängen eines Containers an Ihre Shell

      Um einen Container an Ihre Shell anzuhängen, können Sie einfach folgendes ausführen

      -
      docker-compose exec $Dienst_Name /bin/bash
      -
      +

      docker-compose exec $Dienst_Name /bin/bash

      Verbindung zu Diensten herstellen

      Wenn Sie sich direkt mit einem Dienst / einer Anwendung verbinden wollen, ist es immer eine gute Idee, source mailcow.conf zu benutzen, um alle relevanten Variablen in Ihre Umgebung zu bekommen.

      MySQL

      -
      Quelle mailcow.conf
      -docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
      -
      +

      Quelle mailcow.conf +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}

      Redis

      -
      docker-compose exec redis-mailcow redis-cli
      -
      +

      docker-compose exec redis-mailcow redis-cli

      Dienstbeschreibungen

      Hier ist eine kurze Übersicht, welcher Container / Dienst was macht:

      diff --git a/de/troubleshooting/debug-common_problems/index.html b/de/troubleshooting/debug-common_problems/index.html index 0b7623599..d66929767 100644 --- a/de/troubleshooting/debug-common_problems/index.html +++ b/de/troubleshooting/debug-common_problems/index.html @@ -801,52 +801,65 @@
    • + + telnet 74.125.133.27 465 + + + +
    • @@ -2438,52 +2451,65 @@
    • + + telnet 74.125.133.27 465 + + + +
    • @@ -2504,8 +2530,6 @@ -

      Häufig auftretende Probleme

      -

      Hier sind häufige Probleme und mögliche Lösungen:

      Mail kommt in einer Schleife zu sich selbst zurück.

      Bitte überprüfen Sie in Ihrer mailcow UI, ob Sie die Domain als Backup MX eingestellt haben: @@ -2516,11 +2540,12 @@

    • Prüfen Sie, ob Ihre IP-Adresse auf einer schwarzen Liste steht. Sie können dnsbl.info oder einen ähnlichen Dienst verwenden, um Ihre IP-Adresse zu überprüfen.
    • Es gibt einige ISP-Router, die Mail-Ports für nicht auf der Blacklist stehende Domains blockieren. Bitte überprüfen Sie, ob Sie Ihren Server über die Ports 465 oder 587 erreichen können:
    • -
      # telnet 74.125.133.27 465
      -Versucht 74.125.133.27...
      +

      ```

      +

      telnet 74.125.133.27 465

      +

      Versucht 74.125.133.27... Verbunden mit 74.125.133.27. -Escape-Zeichen ist '^]'. -

      +Escape-Zeichen ist '^]'. +```

      Meine Mails werden als Spam identifiziert

      Bitte lesen Sie unsere DNS-Konfiguration Anleitung.

      docker-compose wirft seltsame Fehler aus.

      @@ -2537,8 +2562,7 @@ Escape-Zeichen ist '^]'.

      Es könnte auch eine falsch verknüpfte Datei sein (z. B. ein SSL-Zertifikat), die den Start eines wichtigen Containers (nginx) verhindert. Prüfen Sie daher immer Ihre Protokolle, um herauszufinden, woher das Problem kommt.

      Adresse bereits in Gebrauch

      Wenn Sie eine Fehlermeldung erhalten wie:

      -
      ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use
      -
      +

      ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0:25: bind: address already in use

      während Sie versuchen, mailcow: dockerized zu starten / zu installieren, stellen Sie sicher, dass Sie unseren Abschnitt über prerequisites befolgt haben.

      XYZ kann keine Verbindung zu ...

      Bitte überprüfen Sie Ihre lokale Firewall! @@ -2546,19 +2570,17 @@ Docker und iptables-basierte Firewalls erstellen manchmal widersprüchliche Rege

      Wenn Sie Verbindungsprobleme von zu Hause aus haben, überprüfen Sie bitte auch die Firewall Ihres ISP-Routers, da einige von ihnen den E-Mail-Verkehr über die Ports SMTP (587) oder SMTPS (465) blockieren. Es könnte auch sein, dass Ihr ISP die Ports für SUBMISSION (25) blockiert.

      Während Linux-Benutzer aus einer Vielzahl von Tools1 wählen können, um zu überprüfen, ob ein Port offen ist, steht Windows-Benutzern standardmäßig nur der PowerShell-Befehl Test-NetConnection -ComputerName host -Port port zur Verfügung.

      Um Telnet auf einem Windows nach Vista zu aktivieren, lesen Sie bitte diese Anleitung oder geben Sie den folgenden Befehl in einem Terminal mit Administratorrechten ein:

      -
      dism /online /Enable-Feature /FeatureName:TelnetClient
      -
      +

      dism /online /Enable-Feature /FeatureName:TelnetClient

      Inotify-Instanz-Limit überschritten für Benutzer 5000 (UID vmail) (siehe #453).

      Docker-Container verwenden die inotify-Limits von Docker-Hosts. Wenn Sie sie auf Ihrem Docker-Host setzen, werden sie an den Container weitergegeben.

      Dovecot startet ständig neu (siehe #2672).

      Stellen Sie sicher, dass Sie mindestens die folgenden Dateien in data/assets/ssl haben:

      -
      cert.pem
      +

      cert.pem dhparams.pem -key.pem -

      +key.pem

      Wenn dhparams.pem fehlt, können Sie es mit Bash

      -
      openssl dhparam -out data/assets/ssl/dhparams.pem 4096
      -
      +

      bash +openssl dhparam -out data/assets/ssl/dhparams.pem 4096


        diff --git a/de/troubleshooting/debug-mysql_aria/index.html b/de/troubleshooting/debug-mysql_aria/index.html index 3a53237ca..126559938 100644 --- a/de/troubleshooting/debug-mysql_aria/index.html +++ b/de/troubleshooting/debug-mysql_aria/index.html @@ -833,6 +833,41 @@ MariaDB: Aria-Wiederherstellung nach Absturz + + +
      1. + + Stoppe den Stack, führe nicht "down" aus + + +
      2. + +
      3. + + Führen Sie eine Bash in dem gestoppten Container als Benutzer mysql aus + + +
      4. + +
      5. + + cd in das SQL-Datenverzeichnis + + +
      6. + +
      7. + + aria_chk ausführen + + +
      8. + +
      9. + + Löschen der aria-Logdateien + +
      10. @@ -2372,6 +2407,41 @@ MariaDB: Aria-Wiederherstellung nach Absturz + + +
      11. + + Stoppe den Stack, führe nicht "down" aus + + +
      12. + +
      13. + + Führen Sie eine Bash in dem gestoppten Container als Benutzer mysql aus + + +
      14. + +
      15. + + cd in das SQL-Datenverzeichnis + + +
      16. + +
      17. + + aria_chk ausführen + + +
      18. + +
      19. + + Löschen der aria-Logdateien + +
      20. @@ -2392,23 +2462,22 @@ -

        Abgestürzte Aria-Speicher-Engine wiederherstellen

        -

        MariaDB: Aria-Wiederherstellung nach Absturz

        Wenn Ihr Server abgestürzt ist und MariaDB eine Fehlermeldung ähnlich [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files, können Sie Folgendes versuchen, um die Datenbank in einen gesunden Zustand zu bringen:

        Starten Sie den Stack und warten Sie, bis mysql-mailcow beginnt, einen Neustart zu melden. Überprüfen Sie dies, indem Sie docker-compose ps ausführen.

        Führen Sie nun die folgenden Befehle aus:

        -
        # Stoppe den Stack, führe nicht "down" aus
        -docker-compose stop
        -# Führen Sie eine Bash in dem gestoppten Container als Benutzer mysql aus
        -docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
        -# cd in das SQL-Datenverzeichnis
        -cd /var/lib/mysql
        -# aria_chk ausführen
        -aria_chk --check --force */*.MAI
        -# Löschen der aria-Logdateien
        -rm aria_log.*
        -
        +

        ```

        +

        Stoppe den Stack, führe nicht "down" aus

        +

        docker-compose stop

        +

        Führen Sie eine Bash in dem gestoppten Container als Benutzer mysql aus

        +

        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow

        +

        cd in das SQL-Datenverzeichnis

        +

        cd /var/lib/mysql

        +

        aria_chk ausführen

        +

        aria_chk --check --force /.MAI

        +

        Löschen der aria-Logdateien

        +

        rm aria_log.* +```

        Führen Sie nun docker-compose down gefolgt von docker-compose up -d aus.


        diff --git a/de/troubleshooting/debug-mysql_upgrade/index.html b/de/troubleshooting/debug-mysql_upgrade/index.html index 43bf7aa28..ecb77eac0 100644 --- a/de/troubleshooting/debug-mysql_upgrade/index.html +++ b/de/troubleshooting/debug-mysql_upgrade/index.html @@ -2396,13 +2396,11 @@

        Führen Sie ein manuelles mysql_upgrade durch.

        Dieser Schritt ist normalerweise nicht notwendig.

        -
        docker-compose stop mysql-mailcow watchdog-mailcow
        -docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
        -
        +

        docker-compose stop mysql-mailcow watchdog-mailcow +docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow

        Sobald die SQL-Shell gestartet wurde, führen Sie mysql_upgrade aus und verlassen den Container:

        -
        mysql_upgrade
        -exit
        -
        +

        mysql_upgrade +exit


        diff --git a/de/troubleshooting/debug-reset_pw/index.html b/de/troubleshooting/debug-reset_pw/index.html index e91278504..c298646ad 100644 --- a/de/troubleshooting/debug-reset_pw/index.html +++ b/de/troubleshooting/debug-reset_pw/index.html @@ -878,6 +878,26 @@ + + + + + +
      21. + + source mailcow.conf + + +
      22. + +
      23. + + docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} + + + - -
      24. - -
      25. +
      26. Zwei-Faktor-Authentifizierung entfernen @@ -935,6 +950,11 @@ +
      27. + + + + @@ -2463,6 +2483,26 @@ + + + + + +
      28. + + source mailcow.conf + + +
      29. + +
      30. + + docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} + + + - -
      31. - -
      32. +
      33. Zwei-Faktor-Authentifizierung entfernen @@ -2520,6 +2555,11 @@ +
      34. + + + + @@ -2540,22 +2580,19 @@ -

        Passwörter zurücksetzen (inkl. SQL)

        -

        mailcow Admin-Konto

        Setzt den mailcow Admin Account auf ein zufälliges Passwort zurück. Ältere mailcow: dockerisierte Installationen können das mailcow-reset-admin.sh Skript in ihrem mailcow Stammverzeichnis (mailcow_path) finden.

        -
        cd mailcow_pfad
        -./helper-scripts/mailcow-reset-admin.sh
        -
        +

        cd mailcow_pfad +./helper-scripts/mailcow-reset-admin.sh

        MySQL-Passwörter zurücksetzen

        Stoppen Sie den Stack, indem Sie docker-compose stop ausführen.

        Wenn die Container heruntergefahren sind, führen Sie diesen Befehl aus:

        -
        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
        -
        +

        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow

        1. Datenbank-Name finden

        -
        # source mailcow.conf
        -# docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
        -MariaDB [(none)]> show databases;
        +

        ```

        +

        source mailcow.conf

        +

        docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}

        +

        MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ @@ -2565,49 +2602,47 @@ MariaDB [(none)]> show databases; | performance_schema | +--------------------+ 4 rows in set (0.00 sec) -

        +```

        2. Einen oder mehrere Benutzer zurücksetzen

        2.1 Maria DB < 10.4 (ältere mailcow-Installationen)

        Sowohl "password" als auch "authentication_string" existieren. Derzeit wird "password" verwendet, aber besser ist es, beide zu setzen.

        -
        MariaDB [(none)]> SELECT user FROM mysql.user;
        +

        ``` +MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ -2 rows in set (0.00 sec) - +2 rows in set (0.00 sec)

        +

        MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES; -MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; -MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; -MariaDB [(none)]> FLUSH PRIVILEGES; -

        +```

        2.2 Maria DB >= 10.4 (aktuelle mailcows)

        -
        MariaDB [(none)]> SELECT user FROM mysql.user;
        +

        ``` +MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ -2 rows in set (0.00 sec) - +2 rows in set (0.00 sec)

        +

        MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; +MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; +MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES; -MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; -MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; -MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; -MariaDB [(none)]> FLUSH PRIVILEGES; -

        +```

        Zwei-Faktor-Authentifizierung entfernen

        Für mailcow WebUI:

        Dies funktioniert ähnlich wie das Zurücksetzen eines MySQL-Passworts, jetzt machen wir es vom Host aus, ohne uns mit dem MySQL CLI zu verbinden:

        -
        Quelle mailcow.conf
        -docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
        -
        +

        Quelle mailcow.conf +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"

        Für SOGo:

        -
        docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
        -
        +

        docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'


        diff --git a/de/troubleshooting/debug-reset_tls/index.html b/de/troubleshooting/debug-reset_tls/index.html index 62a0f00df..f00b537d3 100644 --- a/de/troubleshooting/debug-reset_tls/index.html +++ b/de/troubleshooting/debug-reset_tls/index.html @@ -2346,14 +2346,13 @@

        TLS-Zertifikate zurücksetzen

        Sollten Sie Probleme mit Ihrem Zertifikat, Schlüssel oder Let's Encrypt-Konto haben, versuchen Sie bitte, die TLS-Assets zurückzusetzen:

        -
        source mailcow.conf
        +

        source mailcow.conf docker-compose down rm -rf data/assets/ssl mkdir data/assets/ssl -openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ -docker-compose up -d -

        +docker-compose up -d

        Dies wird mailcow stoppen, die benötigten Variablen beschaffen, ein selbstsigniertes Zertifikat erstellen und mailcow starten.

        Wenn Sie Let's Encrypt verwenden, sollten Sie vorsichtig sein, da Sie ein neues Konto und einen neuen Satz von Zertifikaten erstellen werden. Sie werden früher oder später auf ein Ratelimit stoßen.

        Bitte beachten Sie auch, dass frühere TLSA-Datensätze ungültig werden.

        diff --git a/de/troubleshooting/debug-rm_volumes/index.html b/de/troubleshooting/debug-rm_volumes/index.html index 2eda14cad..813a1129c 100644 --- a/de/troubleshooting/debug-rm_volumes/index.html +++ b/de/troubleshooting/debug-rm_volumes/index.html @@ -2348,8 +2348,7 @@

        Es kann sein, dass Sie einen Satz persistenter Daten entfernen wollen, um einen Konflikt zu lösen oder um neu zu beginnen.

        mailcowdockerized kann variieren und hängt von Ihrem Compose-Projektnamen ab (wenn er unverändert ist, ist mailcowdockerized der richtige Wert). Wenn Sie sich unsicher sind, führen Sie docker volume ls aus, um eine vollständige Liste zu erhalten.

        Löschen Sie ein einzelnes Volume:

        -
        docker volume rm mailcowdockerized_${VOLUME_NAME}
        -
        +

        docker volume rm mailcowdockerized_${VOLUME_NAME}

        + + + + +
      35. + + Syntax: + + +
      36. + +
      37. + + ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) + + +
      38. + +
      39. + + Backup all, delete backups older than 3 days + + +
      40. + +
      41. + + Backup vmail, crypt and mysql data, delete backups older than 30 days + + +
      42. + +
      43. + + Backup vmail + + + +
      44. + +
      45. + + !/bin/sh + + +
      46. + +
      47. + + Backup mailcow data + + +
      48. + +
      49. + + https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/ + + +
      50. + +
      51. + + run command + +
      52. @@ -978,6 +1047,13 @@ Backup strategy with rsync and mailcow backup script +
      53. + +
      54. + + If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path + +
      55. @@ -2411,6 +2487,47 @@ + + + + + +
      56. + + Syntax: + + +
      57. + +
      58. + + ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) + + +
      59. + +
      60. + + Backup all, delete backups older than 3 days + + +
      61. + +
      62. + + Backup vmail, crypt and mysql data, delete backups older than 30 days + + +
      63. + +
      64. + + Backup vmail + + + +
      65. + +
      66. + + !/bin/sh + + +
      67. + +
      68. + + Backup mailcow data + + +
      69. + +
      70. + + https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/ + + +
      71. + +
      72. + + run command + +
      73. @@ -2428,6 +2573,13 @@ Backup strategy with rsync and mailcow backup script +
      74. + +
      75. + + If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path + +
      76. @@ -2454,65 +2606,57 @@

        Please do not copy this script to another location.

        To run a backup, write "backup" as first parameter and either one or more components to backup as following parameters. You can also use "all" as second parameter to backup all components. Append --delete-days n to delete backups older than n days.

        -
        # Syntax:
        -# ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)
        -
        -# Backup all, delete backups older than 3 days
        -./helper-scripts/backup_and_restore.sh backup all --delete-days 3
        -
        -# Backup vmail, crypt and mysql data, delete backups older than 30 days
        -./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30
        -
        -# Backup vmail
        -./helper-scripts/backup_and_restore.sh backup vmail
        -
        +

        ```

        +

        Syntax:

        +

        ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days)

        +

        Backup all, delete backups older than 3 days

        +

        ./helper-scripts/backup_and_restore.sh backup all --delete-days 3

        +

        Backup vmail, crypt and mysql data, delete backups older than 30 days

        +

        ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30

        +

        Backup vmail

        +

        ./helper-scripts/backup_and_restore.sh backup vmail

        +

        ```

        The script will ask you for a backup location. Inside of this location it will create folders in the format "mailcow_DATE". You should not rename those folders to not break the restore process.

        To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script:

        -
        MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
        -
        +

        MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all

        Cronjob

        You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists:

        -
        5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
        -
        +

        5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3

        Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).

        This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x:

        -
        #!/bin/sh
        -
        -# Backup mailcow data
        -# https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/
        -
        -set -e
        -
        -OUT="$(mktemp)"
        -export MAILCOW_BACKUP_LOCATION="/opt/backup"
        -SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
        -PARAMETERS="backup all"
        -OPTIONS="--delete-days 30"
        -
        -# run command
        -set +e
        -"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
        -RESULT=$?
        -
        -if [ $RESULT -ne 0 ]
        +

        ```

        +

        !/bin/sh

        +

        Backup mailcow data

        +

        https://mailcow.github.io/mailcow-dockerized-docs/backup_restore/b_n_r-backup/

        +

        set -e

        +

        OUT="$(mktemp)" +export MAILCOW_BACKUP_LOCATION="/opt/backup" +SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh" +PARAMETERS="backup all" +OPTIONS="--delete-days 30"

        +

        run command

        +

        set +e +"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT" +RESULT=$?

        +

        if [ $RESULT -ne 0 ] then - echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:" - echo "RESULT=$RESULT" - echo "STDOUT / STDERR:" - cat "$OUT" + echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:" + echo "RESULT=$RESULT" + echo "STDOUT / STDERR:" + cat "$OUT" fi -

        +```

        Backup strategy with rsync and mailcow backup script

        Create the destination directory for mailcows helper script: -

        mkdir -p /external_share/backups/backup_script
        -

        +mkdir -p /external_share/backups/backup_script

        Create cronjobs: -

        25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
        +```
        +25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized
         40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes
        -5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
        -# If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path
        -

        +5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3

        +

        If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path

        +

        ```

        On the destination (in this case /external_share/backups) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions!

        To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker-compose pull and docker-compose up -d.

        diff --git a/en/backup_restore/b_n_r-backup_restore-maildir/index.html b/en/backup_restore/b_n_r-backup_restore-maildir/index.html index d7775ee1a..09b6a0691 100644 --- a/en/backup_restore/b_n_r-backup_restore-maildir/index.html +++ b/en/backup_restore/b_n_r-backup_restore-maildir/index.html @@ -2412,15 +2412,13 @@

        Backup

        This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: -

        cd /path/to/mailcow-dockerized
        -docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail
        -

        +cd /path/to/mailcow-dockerized +docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail

        You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz

        Restore

        -
        cd /path/to/mailcow-dockerized
        -docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz
        -
        +

        cd /path/to/mailcow-dockerized +docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz


        diff --git a/en/backup_restore/b_n_r-backup_restore-mysql/index.html b/en/backup_restore/b_n_r-backup_restore-mysql/index.html index 66c02ddd8..9f03cf13c 100644 --- a/en/backup_restore/b_n_r-backup_restore-mysql/index.html +++ b/en/backup_restore/b_n_r-backup_restore-mysql/index.html @@ -2411,20 +2411,18 @@

        MySQL (mysqldump)

        Backup

        -
        cd /path/to/mailcow-dockerized
        +

        cd /path/to/mailcow-dockerized source mailcow.conf -DATE=$(date +"%Y%m%d_%H%M%S") -docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql -

        +DATE=$(date +"%Y%m%d_%H%M%S") +docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql

        Restore

        Warning

        You should redirect the SQL dump without docker-compose to prevent parsing errors.

        -
        cd /path/to/mailcow-dockerized
        +

        cd /path/to/mailcow-dockerized source mailcow.conf -docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql -

        +docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql


        diff --git a/en/backup_restore/b_n_r-coldstandby/index.html b/en/backup_restore/b_n_r-coldstandby/index.html index a2346e61e..6d43df2d0 100644 --- a/en/backup_restore/b_n_r-coldstandby/index.html +++ b/en/backup_restore/b_n_r-coldstandby/index.html @@ -2459,10 +2459,9 @@

        You will need a SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended.

        In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh.

        Edit this file and change the exported variables:

        -
        export REMOTE_SSH_KEY=/path/to/keyfile
        +

        export REMOTE_SSH_KEY=/path/to/keyfile export REMOTE_SSH_PORT=22 -export REMOTE_SSH_HOST=mailcow-backup.host.name -

        +export REMOTE_SSH_HOST=mailcow-backup.host.name

        The key must be owned and readable by root only.

        Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker-compose v1 available.

        @@ -2470,28 +2469,23 @@ The destination must have Docker and docker-compose v1 availabl

        You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile.

        Backup and refresh the cold-standby

        Run the first backup, this may take a while depending on the connection:

        -
        bash /opt/mailcow-dockerized/create_cold_standby.sh
        -
        +

        bash /opt/mailcow-dockerized/create_cold_standby.sh

        That was easy, wasn't it?

        Updating your cold-standby is just as easy:

        -
        bash /opt/mailcow-dockerized/create_cold_standby.sh
        -
        +

        bash /opt/mailcow-dockerized/create_cold_standby.sh

        It's the same command.

        Automated backups with cron

        First make sure that the cron service is enabled and running:

        -
        systemctl enable cron.service && systemctl start cron.service
        -
        +

        systemctl enable cron.service && systemctl start cron.service

        To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run:

        -
        crontab -e
        -
        +

        crontab -e

        Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file.

        -
        PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
        -
        -0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log
        -
        +

        ``` +PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

        +

        0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log +```

        If saved correctly, the cron job should be shown by typing:

        -
        crontab -l
        -
        +

        crontab -l


        diff --git a/en/backup_restore/b_n_r-restore/index.html b/en/backup_restore/b_n_r-restore/index.html index f71b8eb3b..c9f86a421 100644 --- a/en/backup_restore/b_n_r-restore/index.html +++ b/en/backup_restore/b_n_r-restore/index.html @@ -965,6 +965,20 @@ Restore + + +
      77. + + Syntax: + + +
      78. + +
      79. + + ./helper-scripts/backup_and_restore.sh restore + +
      80. @@ -2374,6 +2388,20 @@ Restore + + +
      81. + + Syntax: + + +
      82. + +
      83. + + ./helper-scripts/backup_and_restore.sh restore + +
      84. @@ -2394,14 +2422,13 @@ -

        Restore

        -

        Restore

        Please do not copy this script to another location.

        To run a restore, start mailcow, use the script with "restore" as first parameter.

        -
        # Syntax:
        -# ./helper-scripts/backup_and_restore.sh restore
        -
        +

        ```

        +

        Syntax:

        +

        ./helper-scripts/backup_and_restore.sh restore

        +

        ```

        The script will ask you for a backup location containing the mailcow_DATE folders.


        diff --git a/en/i_u_m/i_u_m_deinstall/index.html b/en/i_u_m/i_u_m_deinstall/index.html index 5315f3b8c..2aa8f6667 100644 --- a/en/i_u_m/i_u_m_deinstall/index.html +++ b/en/i_u_m/i_u_m_deinstall/index.html @@ -2346,8 +2346,7 @@

        Deinstallation

        To remove mailcow: dockerized with all it's volumes, images and containers do:

        -
        docker-compose down -v --rmi all --remove-orphans
        -
        +

        docker-compose down -v --rmi all --remove-orphans

        Info

          diff --git a/en/i_u_m/i_u_m_install/index.html b/en/i_u_m/i_u_m_install/index.html index 39ca5a652..fdffd778d 100644 --- a/en/i_u_m/i_u_m_install/index.html +++ b/en/i_u_m/i_u_m_install/index.html @@ -66,6 +66,11 @@ @@ -2343,66 +2352,58 @@ -

          Installation

          -

          You need Docker (a version >= 20.10.2 is required) and Docker Compose (a version <= 2.0 is required).

          1. Learn how to install Docker and Docker Compose.

          Quick installation for most operation systems:

            -
          • -

            Docker -

            curl -sSL https://get.docker.com/ | CHANNEL=stable sh
            -# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
            -systemctl enable --now docker
            -

            -
          • -
          • -

            Docker-Compose

            -
          • +
          • Docker +``` +curl -sSL https://get.docker.com/ | CHANNEL=stable sh
          • +
          +

          After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)

          +

          systemctl enable --now docker +```

          +
            +
          • Docker-Compose

          Warning

          mailcow requires the latest version of docker-compose v1. It is highly recommended to use the commands below to install docker-compose. Package managers (e.g. apt, yum) likely won't give you the correct version. Note: This command downloads docker-compose from the official Docker Github repository and is a safe method. The snippet will determine the latest supported version by mailcow. In almost all cases this is the latest version available (exceptions are broken releases or major changes not yet supported by mailcow).

          -
          curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
          -chmod +x /usr/local/bin/docker-compose
          -
          +

          curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose

          Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

          1.1. On SELinux enabled systems, e.g. CentOS 7:

          • Check if "container-selinux" package is present on your system:
          -
          rpm -qa | grep container-selinux
          -
          +

          rpm -qa | grep container-selinux

          If the above command returns an empty or no output, you should install it via your package manager.

          • Check if docker has SELinux support enabled:
          -
          docker info | grep selinux
          -
          +

          docker info | grep selinux

          If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add "selinux-enabled": true. Example file content:

          -
          {
          -  "selinux-enabled": true
          -}
          -
          +

          { + "selinux-enabled": true +}

          Restart the docker daemon and verify SELinux is now enabled.

          This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic.

          2. Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while bootstrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical.

          -
          $ su
          -# umask
          -0022 # <- Verify it is 0022
          -# cd /opt
          -# git clone https://github.com/mailcow/mailcow-dockerized
          -# cd mailcow-dockerized
          -
          +

          ``` +$ su

          +

          umask

          +

          0022 # <- Verify it is 0022

          +

          cd /opt

          +

          git clone https://github.com/mailcow/mailcow-dockerized

          +

          cd mailcow-dockerized

          +

          ```

          3. Generate a configuration file. Use a FQDN (host.domain.tld) as hostname when asked. -

          ./generate_config.sh
          -

          +./generate_config.sh

          4. Change configuration if you want or need to. -

          nano mailcow.conf
          -
          +nano mailcow.conf If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080.

          You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation.

          Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise.

          @@ -2410,20 +2411,18 @@ If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.

          Whenever you run into trouble and strange phenomena, please check your MTU.

          Edit docker-compose.yml and change the network settings according to your MTU. Add the new driver_opts parameter like this: -

          networks:
          +networks:
             mailcow-network:
               ...
               driver_opts:
                 com.docker.network.driver.mtu: 1450
          -    ...
          -

          + ...

          4.2. Users without an IPv6 enabled network on their host system:

          Enable IPv6. Finally.

          If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues.

          5. Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached: -

          docker-compose pull
          -docker-compose up -d
          -

          +docker-compose pull +docker-compose up -d

          Done!

          You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo.

          diff --git a/en/i_u_m/i_u_m_migration/index.html b/en/i_u_m/i_u_m_migration/index.html index a73d9ea0b..30940ff34 100644 --- a/en/i_u_m/i_u_m_migration/index.html +++ b/en/i_u_m/i_u_m_migration/index.html @@ -66,6 +66,11 @@ @@ -2343,8 +2352,6 @@ -

          Migration

          -

          Warning

          This guide assumes you intend to migrate an existing mailcow server (source) over to a brand new, empty server (target). It takes no care about preserving any existing data on your target server and will erase anything within /var/lib/docker/volumes and thus any Docker volumes you may have already set up.

          @@ -2357,45 +2364,37 @@ Install
          Docker and Docker Compose on your new server.

          Quick installation for most operation systems:

            -
          • -

            Docker -

            curl -sSL https://get.docker.com/ | CHANNEL=stable sh
            -# After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)
            -systemctl enable docker.service
            -

            -
          • -
          • -

            docker-compose -

            curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose
            -chmod +x /usr/local/bin/docker-compose
            -

            -
          • +
          • Docker +``` +curl -sSL https://get.docker.com/ | CHANNEL=stable sh
          • +
          +

          After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7)

          +

          systemctl enable docker.service +```

          +
            +
          • docker-compose +curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose +chmod +x /usr/local/bin/docker-compose

          Please use the latest Docker engine available and do not use the engine that ships with your distros repository.

          2. Stop Docker and assure Docker has stopped: -

          systemctl stop docker.service
          -systemctl status docker.service
          -

          +systemctl stop docker.service +systemctl status docker.service

          3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine: -

          rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized
          -rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes
          -

          +rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized +rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes

          4. Shut down mailcow and stop Docker on the source machine. -

          cd /opt/mailcow-dockerized
          +cd /opt/mailcow-dockerized
           docker-compose down
          -systemctl stop docker.service
          -

          +systemctl stop docker.service

          5. Repeat step 3 with the same commands. This will be much quicker than the first time.

          6. Switch over to the target machine and start Docker. -

          systemctl start docker.service
          -

          +systemctl start docker.service

          7. Now pull the mailcow Docker images on the target machine. -

          cd /opt/mailcow-dockerized
          -docker-compose pull
          -

          +cd /opt/mailcow-dockerized +docker-compose pull

          8. Start the whole mailcow stack and everything should be done! -

          docker-compose up -d
          -

          +docker-compose up -d

          9. Finally, change your DNS settings to point to the target server.


          diff --git a/en/i_u_m/i_u_m_update/index.html b/en/i_u_m/i_u_m_update/index.html index a741457be..8c659528b 100644 --- a/en/i_u_m/i_u_m_update/index.html +++ b/en/i_u_m/i_u_m_update/index.html @@ -419,6 +419,75 @@ +
        + + + + +
      85. + + Options can be combined + + +
      86. + +
      87. + + - Check for updates and show changes + + +
      88. + +
      89. + + Do not try to update docker-compose, make sure to use the latest docker-compose available + + +
      90. + +
      91. + + - Do not start mailcow after applying an update + + +
      92. + +
      93. + + - Force update (unattended, but unsupported, use at own risk) + + +
      94. + +
      95. + + - Run garbage collector to cleanup old image tags and exit + + +
      96. + +
      97. + + - Update with merge strategy option "ours" instead of "theirs" + + +
      98. + +
      99. + + This will solve conflicts when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. + + +
      100. + +
      101. + + - Don't update, but prefetch images and exit + + + + +
      102. + +
      103. + + Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID + + + - -
      104. - -
      105. +
      106. Footnotes +
      107. + + + + @@ -2423,6 +2505,75 @@ + + + + + +
      108. + + Options can be combined + + +
      109. + +
      110. + + - Check for updates and show changes + + +
      111. + +
      112. + + Do not try to update docker-compose, make sure to use the latest docker-compose available + + +
      113. + +
      114. + + - Do not start mailcow after applying an update + + +
      115. + +
      116. + + - Force update (unattended, but unsupported, use at own risk) + + +
      117. + +
      118. + + - Run garbage collector to cleanup old image tags and exit + + +
      119. + +
      120. + + - Update with merge strategy option "ours" instead of "theirs" + + +
      121. + +
      122. + + This will solve conflicts when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. + + +
      123. + +
      124. + + - Don't update, but prefetch images and exit + + + + +
      125. + +
      126. + + Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID + + + - -
      127. - -
      128. +
      129. Footnotes +
      130. + + + + @@ -2474,57 +2638,48 @@ -

        Update

        -

        Automatic update

        An update script in your mailcow-dockerized directory will take care of updates.

        But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below.

        Run the update script: -

        ./update.sh
        -

        +./update.sh

        If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow: dockerized repository code).

        Options

        -
        # Options can be combined
        -
        -# - Check for updates and show changes
        -./update.sh --check
        -
        -# Do not try to update docker-compose, **make sure to use the latest docker-compose available**
        -./update.sh --no-update-compose
        -
        -# - Do not start mailcow after applying an update
        -./update.sh --skip-start
        -
        -# - Force update (unattended, but unsupported, use at own risk)
        -./update.sh --force
        -
        -# - Run garbage collector to cleanup old image tags and exit
        -./update.sh --gc
        -
        -# - Update with merge strategy option "ours" instead of "theirs"
        -#   This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too.
        -./update.sh --ours
        -
        -# - Don't update, but prefetch images and exit
        -./update.sh --prefetch
        -
        +

        ```

        +

        Options can be combined

        +

        - Check for updates and show changes

        +

        ./update.sh --check

        +

        Do not try to update docker-compose, make sure to use the latest docker-compose available

        +

        ./update.sh --no-update-compose

        +

        - Do not start mailcow after applying an update

        +

        ./update.sh --skip-start

        +

        - Force update (unattended, but unsupported, use at own risk)

        +

        ./update.sh --force

        +

        - Run garbage collector to cleanup old image tags and exit

        +

        ./update.sh --gc

        +

        - Update with merge strategy option "ours" instead of "theirs"

        +

        This will solve conflicts when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too.

        +

        ./update.sh --ours

        +

        - Don't update, but prefetch images and exit

        +

        ./update.sh --prefetch +```

        I forgot what I changed before running update.sh

        See git log --pretty=oneline | grep -i "before update", you will have an output similar to this:

        -
        22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
        -dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
        -
        +

        22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 +dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31

        Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.

        Can I roll back?

        Yes.

        See the topic above, instead of a diff, you run checkout:

        -
        docker-compose down
        -# Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID
        -git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
        +

        ``` +docker-compose down

        +

        Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID

        +

        git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d -

        +```

        Hooks

        You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.

        Footnotes

        diff --git a/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html index bec8f54d7..190e443f2 100644 --- a/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html +++ b/en/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -2466,21 +2466,20 @@
      131. You will need to get your_id from one of the download links, they are individual for every user
      132. Add to data/conf/clamav/freshclam.conf with replaced your_id part: -

        DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
        +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
        -DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
        -

        +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb

      133. For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf, increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size.

      134. Adjust data/conf/clamav/clamd.conf to align with next settings: -

        DetectPUA yes
        +DetectPUA yes
         ExcludePUA PUA.Win.Packer
         ExcludePUA PUA.Win.Trojan.Packed
         ExcludePUA PUA.Win.Trojan.Molebox
        @@ -2492,12 +2491,11 @@ MaxRecursion 40
         MaxEmbeddedPE 100M
         MaxHTMLNormalize 50M
         MaxScriptNormalize 50M
        -MaxZipTypeRcg 50M
        -

        +MaxZipTypeRcg 50M

      135. Restart ClamAV container: -
        docker-compose restart clamd-mailcow
        -
      136. +bash +docker-compose restart clamd-mailcow

      Please note:

        @@ -2509,14 +2507,13 @@ MaxZipTypeRcg 50M

        Enable InterServer databases

        1. Add to data/conf/clamav/freshclam.conf: -
          DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
          +DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
           DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
           DatabaseCustomURL http://sigs.interserver.net/shell.ldb
          -DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
          -
        2. +DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
        3. Restart ClamAV container: -
          docker-compose restart clamd-mailcow
          -
        4. +bash +docker-compose restart clamd-mailcow

        diff --git a/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html index 799fb7635..694951ed7 100644 --- a/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html +++ b/en/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -1842,6 +1842,13 @@ Whitelist specific ClamAV signatures + + +
      • + + docker-compose exec redis-mailcow /bin/sh + +
      @@ -2374,6 +2381,13 @@ Whitelist specific ClamAV signatures + + +
    • + + docker-compose exec redis-mailcow /bin/sh + +
    • @@ -2394,26 +2408,25 @@ -

      Whitelist

      -

      Whitelist specific ClamAV signatures

      You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

      -
      docker-compose logs clamd-mailcow | grep "FOUND"
      -
      +

      bash +docker-compose logs clamd-mailcow | grep "FOUND"

      This line confirms that such was identified:

      -
      clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
      -
      +

      text +clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND

      To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:

      -
      echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
      -
      +

      bash +echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2

      Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose:

      -
      docker-compose restart clamd-mailcow
      -
      +

      bash +docker-compose restart clamd-mailcow

      Cleanup cached ClamAV results in Redis:

      -
      # docker-compose exec redis-mailcow  /bin/sh
      -/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
      +

      ```

      +

      docker-compose exec redis-mailcow /bin/sh

      +

      /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit -

      +```


      diff --git a/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html index 7d9808bd2..c9d36f9e0 100644 --- a/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html +++ b/en/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -2348,14 +2348,11 @@

      Customize Dockerfiles

      You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized):

      -
      cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
      -
      +

      cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml

      Make your changes in data/Dockerfiles/$service and build the image locally:

      -
      docker build data/Dockerfiles/service -t mailcow/$service
      -
      +

      docker build data/Dockerfiles/service -t mailcow/$service

      Now auto-recreate modified containers:

      -
      docker-compose up -d
      -
      +

      docker-compose up -d


      diff --git a/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html b/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html index 82ee7adf3..15d023ae4 100644 --- a/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html +++ b/en/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html @@ -2348,8 +2348,7 @@

      Docker Compose Bash Completion

      To get some sexy bash completion inside your containers simply execute the following:

      -
      curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
      -
      +

      curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose


      diff --git a/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html index 44aa33bf8..197b223f5 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -2349,8 +2349,7 @@

      On August the 17th, we disabled the possibility to share with "any" or "all authenticated users" by default.

      This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf:

      -
      ACL_ANYONE=allow
      -
      +

      ACL_ANYONE=allow

      Apply the changes by running docker-compose up -d.


      diff --git a/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html index 884d1bd2f..ef6ae2ef1 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -1564,6 +1564,33 @@ + + + + + +
    • + + !/bin/bash + + +
    • + +
    • + + Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized + + +
    • + +
    • + + Execute everyday at 04:00 A.M. + + + + +
    • + +
    • + + !/bin/bash + + +
    • + +
    • + + Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized + + +
    • + +
    • + + Execute everyday at 04:00 A.M. + + + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users, but obviously slower and more dangerous + + + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users, but obviously slower and more dangerous + + +
    • @@ -2345,36 +2354,34 @@ -

      Mail crypt

      -

      Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1.

      If you want to decode/encode existing maildir files, you can use the following script at your own risk:

      Enter Dovecot by running docker-compose exec dovecot-mailcow /bin/bash in the mailcow-dockerized location.

      -
      # Decrypt /var/vmail
      -find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
      -if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
      +

      ```

      +

      Decrypt /var/vmail

      +

      find /var/vmail/ -type f -regextype egrep -regex '.S=.W=.*' | while read -r file; do +if [[ $(head -c7 "$file") == "CRYPTED" ]]; then doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ - "$file" > "/tmp/$(basename "$file")" - if [[ -s "/tmp/$(basename "$file")" ]]; then - chmod 600 "/tmp/$(basename "$file")" - chown 5000:5000 "/tmp/$(basename "$file")" - mv "/tmp/$(basename "$file")" "$file" + "$file" > "/tmp/$(basename "$file")" + if [[ -s "/tmp/$(basename "$file")" ]]; then + chmod 600 "/tmp/$(basename "$file")" + chown 5000:5000 "/tmp/$(basename "$file")" + mv "/tmp/$(basename "$file")" "$file" else - rm "/tmp/$(basename "$file")" + rm "/tmp/$(basename "$file")" fi fi -done - -# Encrypt /var/vmail -find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do -if [[ $(head -c7 "$file") != "CRYPTED" ]]; then +done

      +

      Encrypt /var/vmail

      +

      find /var/vmail/ -type f -regextype egrep -regex '.S=.W=.*' | while read -r file; do +if [[ $(head -c7 "$file") != "CRYPTED" ]]; then doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ - "$file" "$file" - chmod 600 "$file" - chown 5000:5000 "$file" + "$file" "$file" + chmod 600 "$file" + chown 5000:5000 "$file" fi done -

      +```


      diff --git a/en/manual-guides/Dovecot/u_e-dovecot-more/index.html b/en/manual-guides/Dovecot/u_e-dovecot-more/index.html index 27b20d7e8..aea7d6fc2 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-more/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -2414,25 +2414,19 @@

      doveadm quota

      The quota get and quota recalc1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes.

      To list the current quota status for a user / mailbox, do:

      -
      doveadm quota get -u 'mailbox@example.org'
      -
      +

      doveadm quota get -u 'mailbox@example.org'

      To list the quota storage value for all users, do:

      -
      doveadm quota get -A |grep "STORAGE"
      -
      +

      doveadm quota get -A |grep "STORAGE"

      Recalculate a single user's quota usage:

      -
      doveadm quota recalc -u 'mailbox@example.org'
      -
      +

      doveadm quota recalc -u 'mailbox@example.org'

      The doveadm search2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs.

      To view the number of messages, by user, in their .Trash folder:

      -
      doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
      -
      +

      doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c

      Show all messages in a user's inbox older then 90 days:

      -
      doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
      -
      +

      doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d

      Show all messages in any folder that are older then 30 days for mailbox@example.org:

      -
      doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
      -
      +

      doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d


        diff --git a/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html index 98c04732e..fc04113be 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -2398,28 +2398,25 @@

        Create a new public namespace "Public" and a mailbox "Develcow" inside that namespace:

        Edit or create data/conf/dovecot/extra.conf, add:

        -
        namespace {
        +

        namespace { type = public separator = / prefix = Public/ location = maildir:/var/vmail/public:INDEXPVT=~/public subscriptions = yes - mailbox "Develcow" { + mailbox "Develcow" { auto = subscribe } -} -

        +}

        :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted.

        The new mailbox in the public namespace will be auto-subscribed by users.

        To allow all authenticated users access full to that new mailbox (not the whole namespace), run:

        -
        docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
        -
        +

        docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create

        Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example).

        Allow authenticated users access to the whole public namespace

        To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory:

        Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content:

        -
        authenticated kxeilprwts
        -
        +

        authenticated kxeilprwts

        kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create.

        You can use doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to "lr" and grant only some users full access.

        See Dovecot ACL for further information about ACL.

        diff --git a/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html index 002e8c592..b0d897faf 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -2351,9 +2351,8 @@

        That's recommended and should not be changed.

        If you need the user to be static anyway, please specify two variables in mailcow.conf.

        Both parameters must not be empty!

        -
        DOVECOT_MASTER_USER=mymasteruser
        -DOVECOT_MASTER_PASS=mysecretpass
        -
        +

        DOVECOT_MASTER_USER=mymasteruser +DOVECOT_MASTER_PASS=mysecretpass

        Run docker-compose up -d to apply your changes.

        The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local.

        To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above.

        diff --git a/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html index 9bddba1b8..babedd0ca 100644 --- a/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html +++ b/en/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -2442,41 +2442,39 @@

        Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed).

      An easy, dirty, yet stable workaround is to stop mailcow (docker-compose down), remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example:

      -
      mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
      -ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
      -
      +

      mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup +ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data

      Start mailcow afterwards.


      The "old" way

      If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content:

      -
      version: '2.1'
      +

      version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail - o: bind -

      + o: bind

      Moving an existing vmail folder:

      • Locate the current vmail folder by its "Mountpoint" attribute: docker volume inspect mailcowdockerized_vmail-vol-1
      -
      [
      +

      hl_lines="10" +[ { - "CreatedAt": "2019-06-16T22:08:34+02:00", - "Driver": "local", - "Labels": { - "com.docker.compose.project": "mailcowdockerized", - "com.docker.compose.version": "1.23.2", - "com.docker.compose.volume": "vmail-vol-1" + "CreatedAt": "2019-06-16T22:08:34+02:00", + "Driver": "local", + "Labels": { + "com.docker.compose.project": "mailcowdockerized", + "com.docker.compose.version": "1.23.2", + "com.docker.compose.volume": "vmail-vol-1" }, - "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data", - "Name": "mailcowdockerized_vmail-vol-1", - "Options": null, - "Scope": "local" + "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data", + "Name": "mailcowdockerized_vmail-vol-1", + "Options": null, + "Scope": "local" } -] -

      +]

      • Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail) using cp -a, rsync -a or a similar non strcuture breaking copy command
      • Stop mailcow by executing docker-compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
      • diff --git a/en/manual-guides/Nginx/u_e-nginx_custom/index.html b/en/manual-guides/Nginx/u_e-nginx_custom/index.html index fdb1c4603..4eb163dd0 100644 --- a/en/manual-guides/Nginx/u_e-nginx_custom/index.html +++ b/en/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -2444,9 +2444,9 @@

        New site

        To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/:

        A good template to begin with:

        -
        nano data/conf/nginx/my_custom_site.conf
        -
        -
        server {
        +

        nano data/conf/nginx/my_custom_site.conf

        +

        ``` hl_lines="16" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -2461,29 +2461,27 @@ # Location: data/web root /web; # Location: data/web/mysite.com - #root /web/mysite.com - include /etc/nginx/conf.d/listen_plain.active; + #root /web/mysite.com + include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; - server_tokens off; - - # This allows acme to be validated even with a different web root + server_tokens off;

        +

        # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { - default_type "text/plain"; + default_type "text/plain"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; - } - - if ($scheme = http) { + }

        +

        if ($scheme = http) { return 301 https://$server_name$request_uri; } } -

        +```

        New site with proxy to a remote location

        Another example with a reverse proxy configuration:

        -
        nano data/conf/nginx/my_custom_site.conf
        -
        -
        server {
        +

        nano data/conf/nginx/my_custom_site.conf

        +

        ``` hl_lines="16 28" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -2498,20 +2496,17 @@ root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; - server_name example.domain.tld; - server_tokens off; - - location ^~ /.well-known/acme-challenge/ { + server_name example.domain.tld; + server_tokens off;

        +

        location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; - } - - if ($scheme = http) { + default_type "text/plain"; + }

        +

        if ($scheme = http) { return 301 https://$host$request_uri; - } - - location / { - proxy_pass http://service:3000/; + }

        +

        location / { + proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -2519,18 +2514,16 @@ client_max_body_size 0; } } -

        +```

        Config expansion in mailcows Nginx

        The filename used for a new site is not important, as long as the filename carries a .conf extension.

        It is also possible to extend the configuration of the default file site.conf file:

        -
        nano data/conf/nginx/site.my_content.custom
        -
        +

        nano data/conf/nginx/site.my_content.custom

        This filename does not need to have a ".conf" extension but follows the pattern site.*.custom, where * is a custom name.

        If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf.

        Restart Nginx (and PHP-FPM, if a new listener was created):

        -
        docker-compose restart nginx-mailcow
        -docker-compose restart php-fpm-mailcow
        -
        +

        docker-compose restart nginx-mailcow +docker-compose restart php-fpm-mailcow


        diff --git a/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html index f91864d53..81f748220 100644 --- a/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html +++ b/en/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -2350,7 +2350,8 @@

        IMPORTANT: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But: The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key.

        To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!

        nano data/conf/nginx/webmail.conf

        -
        server {
        +

        ``` hl_lines="9 17" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; index index.php index.html; @@ -2358,23 +2359,21 @@ root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; - server_name webmail.example.org; - server_tokens off; + server_name webmail.example.org; + server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; + default_type "text/plain"; + }

        +

        location / { + return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; } - - location / { - return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; - } } -

        +```

        Save and restart Nginx: docker-compose restart nginx-mailcow.

        Now open mailcow.conf and find ADDITIONAL_SAN. Add webmail.example.org to this array, don't use quotes!

        -
        ADDITIONAL_SAN=webmail.example.org
        -
        +

        ADDITIONAL_SAN=webmail.example.org

        Run docker-compose up -d. See "acme-mailcow" and "nginx-mailcow" logs if anything fails.


        diff --git a/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html index ad184d7cd..134c1047a 100644 --- a/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -2349,8 +2349,7 @@

        Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value.

        Restart Postfix:

        -
        docker-compose restart postfix-mailcow
        -
        +

        docker-compose restart postfix-mailcow


        diff --git a/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html index c7df4b478..e7c2cb19e 100644 --- a/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -2416,14 +2416,11 @@

        Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)

        This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do.

        Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. -

        user-to-allow-everything@example.com OK
        -

        +user-to-allow-everything@example.com OK

        Open data/conf/postfix/main.cf and find smtpd_sender_restrictions. Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: -

        smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
        -

        +smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]

        Run postmap on check_sasl_access:

        -
        docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
        -
        +

        docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access

        Restart the Postfix container.


        diff --git a/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html index 0a89dbc22..2ca609c13 100644 --- a/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -2351,8 +2351,7 @@

        Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended.

        Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used.

        Restart postfix-mailcow to apply your changes:

        -
        docker-compose restart postfix-mailcow
        -
        +

        docker-compose restart postfix-mailcow


        diff --git a/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html index a369af940..e97292ccc 100644 --- a/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -2348,13 +2348,11 @@

        Statistics with pflogsumm

        To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm:

        -
        docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
        -
        +

        docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm

        The above log output is limited to the last 24 hours.

        It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content:

        -
        SHELL=/bin/bash
        -59 23 * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
        -
        +

        SHELL=/bin/bash +59 23 * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net

        To work, a local postfix must be installed on the server, which relays to the mailcow postfix.

        More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost.

        Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.

        diff --git a/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html index 186130d0e..038aaab4e 100644 --- a/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -66,6 +66,11 @@ @@ -2345,19 +2354,18 @@ -

        Whitelist IP in Postscreen

        -

        IPs can be removed from Postscreen and therefore also from RBL checks in data/conf/postfix/custom_postscreen_whitelist.cidr.

        Postscreen does multiple checks to identify malicious senders. In most cases you want to whitelist an IP to exclude it from blacklist lookups.

        The format of the file is as follows:

        CIDR ACTION

        Where CIDR is a single IP address or IP range in CIDR notation, and action is either "permit" or "reject".

        Example:

        -
        +```

        The file is reloaded on the fly, postfix restart is not required.


        diff --git a/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html index ece707e37..312309aab 100644 --- a/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html +++ b/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -2447,15 +2447,13 @@

        IPv4 hosts/subnets

        To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

        Edit data/conf/postfix/extra.cf:

        -
        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
        -
        +

        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24

        Run docker-compose restart postfix-mailcow to apply your new settings.

        IPv6 hosts/subnets

        Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

        To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

        Edit data/conf/postfix/extra.cf:

        -
        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
        -
        +

        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32

        Run docker-compose restart postfix-mailcow to apply your new settings.

        Info

        diff --git a/en/manual-guides/Redis/u_e-redis/index.html b/en/manual-guides/Redis/u_e-redis/index.html index d91c74ee2..db0c5956d 100644 --- a/en/manual-guides/Redis/u_e-redis/index.html +++ b/en/manual-guides/Redis/u_e-redis/index.html @@ -1804,6 +1804,24 @@ +
      + + + + + + + + + +
    • + + docker-compose exec redis-mailcow redis-cli + + + -
    • - - - - @@ -2430,6 +2443,24 @@ + + + + + + + + + + +
    • + + docker-compose exec redis-mailcow redis-cli + + + -
    • - - - - @@ -2472,33 +2498,29 @@ -

      Redis

      -

      Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it.

      Client

      To connect to the redis cli execute:

      -
      docker-compose exec redis-mailcow redis-cli
      -
      +

      docker-compose exec redis-mailcow redis-cli

      Debugging

      Here are some useful commands for the redis-cli for debugging:

      MONITOR

      Listens for all requests received by the server in real time:

      -
      # docker-compose exec redis-mailcow redis-cli
      -127.0.0.1:6379> monitor
      +

      ```

      +

      docker-compose exec redis-mailcow redis-cli

      +

      127.0.0.1:6379> monitor OK -1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys" -1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys" +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys" +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys" [...] -

      +```

      KEYS

      Get all keys matching your pattern:

      -
      KEYS *
      -
      +

      KEYS *

      PING

      Test a connection:

      -
      127.0.0.1:6379> PING
      -PONG
      -
      +

      127.0.0.1:6379> PING +PONG

      If you want to know more, here is a cheat sheet.


      diff --git a/en/manual-guides/Rspamd/u_e-rspamd/index.html b/en/manual-guides/Rspamd/u_e-rspamd/index.html index 4d7f44e91..6cbbc7a37 100644 --- a/en/manual-guides/Rspamd/u_e-rspamd/index.html +++ b/en/manual-guides/Rspamd/u_e-rspamd/index.html @@ -1810,6 +1810,26 @@ + + + + + +
    • + + Ham + + +
    • + +
    • + + Spam + + +
    • + + + + + +
    • + + Ham + + +
    • + +
    • + + Spam + + +
    • open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it
    • copy CSS file to mailcow server data/conf/sogo/custom-theme.css
    • edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO;
    • append/create docker-compose.override.yml with: -
      version: '2.1'
      -
      -services:
      +```
      +version: '2.1'
    • + +

      services: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z -

      -
    • run docker-compose up -d
    • -
    • run docker-compose restart memcached-mailcow
    • - +`` +11. rundocker-compose up -d12. rundocker-compose restart memcached-mailcow`

      Reset to SOGo default theme

      1. checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js
      2. find in data/conf/sogo/custom-theme.js: -
        // Apply new palettes to the default theme, remap some of the hues
        -    $mdThemingProvider.theme('default')
        -      .primaryPalette('green-cow', {
        -        'default': '400',  // background color of top toolbars
        -        'hue-1': '400',
        -        'hue-2': '600',    // background color of sidebar toolbar
        -        'hue-3': 'A700'
        +// Apply new palettes to the default theme, remap some of the hues
        +    $mdThemingProvider.theme('default')
        +      .primaryPalette('green-cow', {
        +        'default': '400',  // background color of top toolbars
        +        'hue-1': '400',
        +        'hue-2': '600',    // background color of sidebar toolbar
        +        'hue-3': 'A700'
               })
        -      .accentPalette('green', {
        -        'default': '600',  // background color of fab buttons and login screen
        -        'hue-1': '300',    // background color of center list toolbar
        -        'hue-2': '300',    // highlight color for selected mail and current day calendar
        -        'hue-3': 'A700'
        +      .accentPalette('green', {
        +        'default': '600',  // background color of fab buttons and login screen
        +        'hue-1': '300',    // background color of center list toolbar
        +        'hue-2': '300',    // highlight color for selected mail and current day calendar
        +        'hue-3': 'A700'
               })
        -      .backgroundPalette('frost-grey');
        -
        + .backgroundPalette('frost-grey'); and replace it with: -
            $mdThemingProvider.theme('default');
        -
      3. +$mdThemingProvider.theme('default');
      4. remove from docker-compose.override.yml volume mount in sogo-mailcow: -
        - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
        -
      5. +``` +
      6. ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z +```
      7. run docker-compose up -d
      8. run docker-compose restart memcached-mailcow
      @@ -2553,16 +2550,14 @@ After you replaced said file you need to restart SOGo and Memcached containers b

      Domains are usually isolated from eachother.

      You can change that by modifying data/conf/sogo/sogo.conf:

      Search... -

         // SOGoDomainsVisibility = (
      +// SOGoDomainsVisibility = (
           //  (domain1.tld, domain5.tld),
           //  (domain3.tld, domain2.tld)
      -    // );
      -
      + // ); ...and replace it by - for example:

      -
          SOGoDomainsVisibility = (
      +

      SOGoDomainsVisibility = ( (example.org, example.com, example.net) - ); -

      + );

      Restart SOGo: docker-compose restart sogo-mailcow

      Disable password changing

      Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO. Please do not add a new parameter.

      diff --git a/en/manual-guides/Unbound/u_e-unbound-fwd/index.html b/en/manual-guides/Unbound/u_e-unbound-fwd/index.html index b7a216e49..99ff3c2ac 100644 --- a/en/manual-guides/Unbound/u_e-unbound-fwd/index.html +++ b/en/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -2416,18 +2416,15 @@ Important: Only DNSSEC validating DNS services will work.

      Method A, Unbound

      Edit data/conf/unbound/unbound.conf and append the following parameters:

      -
      forward-zone:
      -  name: "."
      +

      forward-zone: + name: "." forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE - forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE -

      + forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE

      Restart Unbound:

      -
      docker-compose restart unbound-mailcow
      -
      +

      docker-compose restart unbound-mailcow

      Method B, Override file

      -
      cd /opt/mailcow-dockerized
      -cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
      -
      +

      cd /opt/mailcow-dockerized +cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .

      Edit docker-compose.override.yml and adjust the IP.

      Run docker-compose down ; docker-compose up -d.

      diff --git a/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html index 42b44f3dd..9a515df76 100644 --- a/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html +++ b/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -2649,7 +2649,7 @@

      Watchdog uses default values for all thresholds defined in docker-compose.yml.

      The default values will work for most setups. Example: -

      - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
      +- NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
       - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
       - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
       - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
      @@ -2666,8 +2666,7 @@ Example:
       - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
       - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
       - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
      -- MAILQ_CRIT=${MAILQ_CRIT:-30}
      -

      +- MAILQ_CRIT=${MAILQ_CRIT:-30}

      To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10) to mailcow.conf and run docker-compose up -d.

      Thresholds descriptions

      NGINX_THRESHOLD

      diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html index 93fe47c8b..e6715b0ce 100644 --- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html +++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html @@ -2403,20 +2403,19 @@

      1. Move this message to a sub folder "facebook" (will be created lower case if not existing)

      2. Prepend the tag to the subject: "[facebook] Subject"

      Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: -

      diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
      +diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
       index e047136e..933c4137 100644
       --- a/data/conf/dovecot/global_sieve_after
       +++ b/data/conf/dovecot/global_sieve_after
       @@ -15,7 +15,7 @@ if allof (
      -   envelope :detail :matches "to" "*",
      -   header :contains "X-Moo-Tag" "YES"
      +   envelope :detail :matches "to" "*",
      +   header :contains "X-Moo-Tag" "YES"
          ) {
      --  set :lower :upperfirst "tag" "${1}";
      -+  set "tag" "${1}";
      -   if mailboxexists "INBOX/${1}" {
      -     fileinto "INBOX/${1}";
      -   } else {
      -

      +- set :lower :upperfirst "tag" "${1}"; ++ set "tag" "${1}"; + if mailboxexists "INBOX/${1}" { + fileinto "INBOX/${1}"; + } else {


      diff --git a/en/manual-guides/u_e-80_to_443/index.html b/en/manual-guides/u_e-80_to_443/index.html index d23f0f973..c6b6b68e0 100644 --- a/en/manual-guides/u_e-80_to_443/index.html +++ b/en/manual-guides/u_e-80_to_443/index.html @@ -2349,27 +2349,24 @@

      Do not use the config below for reverse proxy setups, please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS.

      Open mailcow.conf and set HTTP_BIND= - if not already set.

      Create a new file data/conf/nginx/redirect.conf and add the following server config to the file:

      -
      server {
      +

      server { root /web; listen 80 default_server; listen [::]:80 default_server; include /etc/nginx/conf.d/server_name.active; - if ( $request_uri ~* "%0A|%0D" ) { return 403; } + if ( $request_uri ~* "%0A|%0D" ) { return 403; } location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; + default_type "text/plain"; } location / { return 301 https://$host$uri$is_args$args; } -} -

      +}

      In case you changed the HTTP_BIND parameter, recreate the container:

      -
      docker-compose up -d
      -
      +

      docker-compose up -d

      Otherwise restart Nginx:

      -
      docker-compose restart nginx-mailcow
      -
      +

      docker-compose restart nginx-mailcow


      diff --git a/en/manual-guides/u_e-autodiscover_config/index.html b/en/manual-guides/u_e-autodiscover_config/index.html index 3f9f1d721..61efa7f7a 100644 --- a/en/manual-guides/u_e-autodiscover_config/index.html +++ b/en/manual-guides/u_e-autodiscover_config/index.html @@ -2350,45 +2350,44 @@ Keep in mind, that ActiveSync should NOT be used with a desktop client.

      Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array.

      Changes will be merged with "$autodiscover_config" in data/web/inc/vars.inc.php):

      -
      <?php
      +

      <?php $autodiscover_config = array( - // General autodiscover service type: "activesync" or "imap" + // General autodiscover service type: "activesync" or "imap" // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync. - 'autodiscoverType' => 'activesync', + 'autodiscoverType' => 'activesync', // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows) // Outlook for Mac does not support ActiveSync - 'useEASforOutlook' => 'yes', - // Please don't use STARTTLS-enabled service ports in the "port" variable. + 'useEASforOutlook' => 'yes', + // Please don't use STARTTLS-enabled service ports in the "port" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). - // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. - 'imap' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), + // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. + 'imap' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), ), - 'pop3' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('POPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), + 'pop3' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('POPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), ), - 'smtp' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), + 'smtp' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), ), - 'activesync' => array( - 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', + 'activesync' => array( + 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', ), - 'caldav' => array( - 'server' => $mailcow_hostname, - 'port' => $https_port, + 'caldav' => array( + 'server' => $mailcow_hostname, + 'port' => $https_port, ), - 'carddav' => array( - 'server' => $mailcow_hostname, - 'port' => $https_port, + 'carddav' => array( + 'server' => $mailcow_hostname, + 'port' => $https_port, ), -); -

      +);

      To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap'.

      Disable ActiveSync for Outlook desktop clients by setting "useEASforOutlook" to "no".

      diff --git a/en/manual-guides/u_e-reeanble-weak-protocols/index.html b/en/manual-guides/u_e-reeanble-weak-protocols/index.html index dfe130d99..abf61a49e 100644 --- a/en/manual-guides/u_e-reeanble-weak-protocols/index.html +++ b/en/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -2349,15 +2349,12 @@

      Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

      How to re-enable weak protocols?

      Edit data/conf/postfix/extra.cf:

      -
      submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
      -smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
      -
      +

      submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

      Edit data/conf/dovecot/extra.conf:

      -
      ssl_min_protocol = TLSv1
      -
      +

      ssl_min_protocol = TLSv1

      Restart the affected services:

      -
      docker-compose restart postfix-mailcow dovecot-mailcow
      -
      +

      docker-compose restart postfix-mailcow dovecot-mailcow

      Hint: You can enable TLS 1.2 in Windows 7.


      diff --git a/en/post_installation/firststeps-disable_ipv6/index.html b/en/post_installation/firststeps-disable_ipv6/index.html index 84c4a947d..5d0ff3439 100644 --- a/en/post_installation/firststeps-disable_ipv6/index.html +++ b/en/post_installation/firststeps-disable_ipv6/index.html @@ -66,6 +66,11 @@ @@ -2343,8 +2352,6 @@ -

      Disable IPv6

      -

      This is ONLY recommended if you do not have an IPv6 enabled network on your host!

      If you really need to, you can disable the usage of IPv6 in the compose file. Additionally, you can also disable the startup of container "ipv6nat-mailcow", as it's not needed if you won't use IPv6.

      @@ -2353,49 +2360,45 @@ and implement your changes to the service there. Unfortunately, this right now o

      To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file).

      1. Modify docker-compose.yml

      Change enable_ipv6: true to enable_ipv6: false:

      -
      networks:
      +

      networks: mailcow-network: [...] enable_ipv6: true # <<< set to false - [...] -

      + [...]

      2. Disable ipv6nat-mailcow

      To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called "docker-compose.override.yml":

      NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly!

      -
      # cd /opt/mailcow-dockerized
      -# touch docker-compose.override.yml
      -
      +

      ```

      +

      cd /opt/mailcow-dockerized

      +

      touch docker-compose.override.yml

      +

      ```

      Open the file in your favourite text editor and fill in the following:

      -
      version: '2.1'
      -services:
      -
      -    ipv6nat-mailcow:
      -      image: bash:latest
      -      restart: "no"
      -      entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
      -
      +

      ``` +version: '2.1' +services:

      +
      ipv6nat-mailcow:
      +  image: bash:latest
      +  restart: "no"
      +  entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
      +
      +

      ```

      For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

      -
      docker-compose down
      -docker-compose up -d
      -
      +

      docker-compose down +docker-compose up -d

      3. Disable IPv6 in unbound-mailcow

      Edit data/conf/unbound/unbound.conf and set do-ip6 to "no":

      -
      server:
      +

      server: [...] do-ip6: no - [...] -

      + [...]

      Restart Unbound:

      -
      docker-compose restart unbound-mailcow
      -
      +

      docker-compose restart unbound-mailcow

      4. Disable IPv6 in postfix-mailcow

      Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

      -
      smtp_address_preference = ipv4
      -inet_protocols = ipv4
      -
      +

      smtp_address_preference = ipv4 +inet_protocols = ipv4

      Restart Postfix:

      -
      docker-compose restart postfix-mailcow
      -
      +

      docker-compose restart postfix-mailcow


      diff --git a/en/post_installation/firststeps-dmarc_reporting/index.html b/en/post_installation/firststeps-dmarc_reporting/index.html index 2965bfa27..553b1fb16 100644 --- a/en/post_installation/firststeps-dmarc_reporting/index.html +++ b/en/post_installation/firststeps-dmarc_reporting/index.html @@ -2473,44 +2473,42 @@

      Enable DMARC reporting

      Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content:

      -
      reporting {
      +

      reporting { enabled = true; - email = 'noreply-dmarc@example.com'; - domain = 'example.com'; - org_name = 'Example'; - helo = 'rspamd'; - smtp = 'postfix'; + email = 'noreply-dmarc@example.com'; + domain = 'example.com'; + org_name = 'Example'; + helo = 'rspamd'; + smtp = 'postfix'; smtp_port = 25; - from_name = 'Example DMARC Report'; - msgid_from = 'rspamd.mail.example.com'; + from_name = 'Example DMARC Report'; + msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; -} -

      +}

      Create or modify docker-compose.override.yml in the mailcow-dockerized base directory:

      -
      version: '2.1'
      -
      -services:
      +

      ``` +version: '2.1'

      +

      services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: - ofelia.enabled: "true" - ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" - ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" + ofelia.enabled: "true" + ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" + ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" ofelia-mailcow: depends_on: - rspamd-mailcow -

      +```

      Run docker-compose up -d

      Send a copy reports to yourself

      To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:

      -
      reporting {
      +

      reporting { enabled = true; - email = 'noreply-dmarc@example.com'; - bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; -[...] -

      + email = 'noreply-dmarc@example.com'; + bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; +[...]

      Rspamd will load changes in real time, so you won't need to restart the container at this point.

      This can be useful if you...

        @@ -2519,18 +2517,14 @@ services:

      Troubleshooting

      Check when the report schedule last ran:

      -
      docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
      -
      +

      docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log

      See the latest report output:

      -
      docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
      -
      +

      docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log

      Manually trigger a DMARC report:

      -
      docker-compose exec rspamd-mailcow rspamadm dmarc_report
      -
      +

      docker-compose exec rspamd-mailcow rspamadm dmarc_report

      Validate that Rspamd has recorded data in Redis:

      -
      docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
      -docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
      -
      +

      docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' +docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"

      Change DMARC reporting frequency

      In the example above reports are sent once every 24 hours.

      Olefia schedule has same implementation as cron in Go, supported syntax described at cron Documentation

      diff --git a/en/post_installation/firststeps-ip_bindings/index.html b/en/post_installation/firststeps-ip_bindings/index.html index 8d97ece46..29aa06ad0 100644 --- a/en/post_installation/firststeps-ip_bindings/index.html +++ b/en/post_installation/firststeps-ip_bindings/index.html @@ -530,10 +530,65 @@
    • + + For technical reasons, http bindings are a bit different from other service bindings. + + +
    • + +
    • + + You will find the following variables, separated by a bind address and its port: + + +
    • + +
    • + + Example: HTTP_BIND=1.2.3.4 + + +
    • + +
    • + + Other services are bound by using the following format: + + +
    • + +
    • + + SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 + + +
    • + +
    • + + Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. + + +
    • + +
    • + + doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. + + + +
    • @@ -2382,10 +2437,65 @@
    • + + For technical reasons, http bindings are a bit different from other service bindings. + + +
    • + +
    • + + You will find the following variables, separated by a bind address and its port: + + +
    • + +
    • + + Example: HTTP_BIND=1.2.3.4 + + +
    • + +
    • + + Other services are bound by using the following format: + + +
    • + +
    • + + SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 + + +
    • + +
    • + + Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. + + +
    • + +
    • + + doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. + + + +
    • @@ -2406,29 +2516,25 @@ -

      IP bindings

      -

      Warning

      Changing the binding does not affect source NAT. See SNAT for required steps.

      IPv4 binding

      To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs:

      -
      # For technical reasons, http bindings are a bit different from other service bindings.
      -# You will find the following variables, separated by a bind address and its port:
      -# Example: HTTP_BIND=1.2.3.4
      -
      -HTTP_PORT=80
      +

      ```

      +

      For technical reasons, http bindings are a bit different from other service bindings.

      +

      You will find the following variables, separated by a bind address and its port:

      +

      Example: HTTP_BIND=1.2.3.4

      +

      HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 -HTTPS_BIND= - -# Other services are bound by using the following format: -# SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 -# Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. -# doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. - -SMTP_PORT=25 +HTTPS_BIND=

      +

      Other services are bound by using the following format:

      +

      SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25

      +

      Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x.

      +

      doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing.

      +

      SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 @@ -2439,35 +2545,36 @@ SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 -

      +```

      To apply your changes, run docker-compose down followed by docker-compose up -d.

      IPv6 binding

      Changing IPv6 bindings is different from IPv4. Again, this has a technical background.

      A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten.

      Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file.

      An imaginary IPv6 2a00:dead:beef::abc is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed.

      -
      version: '2.1'
      -services:
      +

      ``` +version: '2.1' +services:

      +
      dovecot-mailcow:
      +  ports:
      +    - '2a00:dead:beef::abc:143:143'
      +    - '2a00:dead:beef::abc:993:993'
      +    - '2a00:dead:beef::abc:110:110'
      +    - '2a00:dead:beef::abc:995:995'
      +    - '2a00:dead:beef::abc:4190:4190'
       
      -    dovecot-mailcow:
      -      ports:
      -        - '2a00:dead:beef::abc:143:143'
      -        - '2a00:dead:beef::abc:993:993'
      -        - '2a00:dead:beef::abc:110:110'
      -        - '2a00:dead:beef::abc:995:995'
      -        - '2a00:dead:beef::abc:4190:4190'
      +postfix-mailcow:
      +  ports:
      +    - '2a00:dead:beef::abc:25:25'
      +    - '2a00:dead:beef::abc:465:465'
      +    - '2a00:dead:beef::abc:587:587'
       
      -    postfix-mailcow:
      -      ports:
      -        - '2a00:dead:beef::abc:25:25'
      -        - '2a00:dead:beef::abc:465:465'
      -        - '2a00:dead:beef::abc:587:587'
      -
      -    nginx-mailcow:
      -      ports:
      -        - '2a00:dead:beef::abc:80:80'
      -        - '2a00:dead:beef::abc:443:443'
      -
      +nginx-mailcow: + ports: + - '2a00:dead:beef::abc:80:80' + - '2a00:dead:beef::abc:443:443' + +

      ```

      To apply your changes, run docker-compose down followed by docker-compose up -d.


      diff --git a/en/post_installation/firststeps-local_mta/index.html b/en/post_installation/firststeps-local_mta/index.html index 39bd7e66f..ed6741884 100644 --- a/en/post_installation/firststeps-local_mta/index.html +++ b/en/post_installation/firststeps-local_mta/index.html @@ -66,6 +66,11 @@ @@ -2343,19 +2352,17 @@ -

      Local MTA on Docker host

      -

      The easiest option would be to disable the listener on port 25/tcp.

      Postfix users disable the listener by commenting the following line (starting with smtp or 25) in /etc/postfix/master.cf: -

      #smtp      inet  n       -       -       -       -       smtpd
      -

      +```

      +

      smtp inet n - - - - smtpd

      +

      ```

      Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from "inet_interfaces":

      -
      postconf -e 'relayhost = 172.22.1.1'
      -postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
      -postconf -e "inet_interfaces = loopback-only"
      -postconf -e "relay_transport = relay"
      -postconf -e "default_transport = smtp"
      -
      +

      postconf -e 'relayhost = 172.22.1.1' +postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" +postconf -e "inet_interfaces = loopback-only" +postconf -e "relay_transport = relay" +postconf -e "default_transport = smtp"

      Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld.

      "172.22.1.1" is the mailcow created network gateway in Docker. Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network.

      diff --git a/en/post_installation/firststeps-logging/index.html b/en/post_installation/firststeps-logging/index.html index f99e402ee..42bac509c 100644 --- a/en/post_installation/firststeps-logging/index.html +++ b/en/post_installation/firststeps-logging/index.html @@ -572,6 +572,33 @@ + + + + + +
    • + + For Rsyslog only: + + +
    • + +
    • + + To move local3 input to /var/log/mailcow.log and stop processing, create a file "/etc/rsyslog.d/docker.conf": + + +
    • + +
    • + + Restart rsyslog afterwards. + + + + +
    • + +
    • + + For Rsyslog only: + + +
    • + +
    • + + To move local3 input to /var/log/mailcow.log and stop processing, create a file "/etc/rsyslog.d/docker.conf": + + +
    • + +
    • + + Restart rsyslog afterwards. + + +
    • + + !/bin/bash + + + +
    • @@ -2462,16 +2488,14 @@ -

      Reverse Proxy

      -

      You don't need to change the Nginx site that comes with mailcow: dockerized. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy.

      1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: -

      HTTP_BIND=127.0.0.1
      -HTTP_PORT=8080
      -HTTPS_BIND=127.0.0.1
      -HTTPS_PORT=8443
      -

      +bash +HTTP_BIND=127.0.0.1 +HTTP_PORT=8080 +HTTPS_BIND=127.0.0.1 +HTTPS_PORT=8443

      This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker.

      IMPORTANT: Do not use port 8081, 9081 or 65510!

      Recreate affected containers by running docker-compose up -d.

      @@ -2500,81 +2524,73 @@ On many servers logrotate will reload the webserver daily anyway.

      2. Configure your local webserver as reverse proxy:

      Apache 2.4

      Required modules: -

      a2enmod rewrite proxy proxy_http headers ssl
      -

      +a2enmod rewrite proxy proxy_http headers ssl

      Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine.

      Take care of highlighted lines.

      -
      <VirtualHost *:80>
      -  ServerName CHANGE_TO_MAILCOW_HOSTNAME
      -  ServerAlias autodiscover.*
      -  ServerAlias autoconfig.*
      -  RewriteEngine on
      -
      -  RewriteCond %{HTTPS} off
      -  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
      -
      -  ProxyPass / http://127.0.0.1:8080/
      -  ProxyPassReverse / http://127.0.0.1:8080/
      -  ProxyPreserveHost On
      -  ProxyAddHeaders On
      -  RequestHeader set X-Forwarded-Proto "http"
      -</VirtualHost>
      -<VirtualHost *:443>
      -  ServerName CHANGE_TO_MAILCOW_HOSTNAME
      -  ServerAlias autodiscover.*
      -  ServerAlias autoconfig.*
      -
      -  # You should proxy to a plain HTTP session to offload SSL processing
      -  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
      -  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
      -  ProxyPass / http://127.0.0.1:8080/
      -  ProxyPassReverse / http://127.0.0.1:8080/
      -  ProxyPreserveHost On
      -  ProxyAddHeaders On
      -  RequestHeader set X-Forwarded-Proto "https"
      -
      -  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
      -  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
      -
      -  # If you plan to proxy to a HTTPS host:
      -  #SSLProxyEngine On
      -
      -  # If you plan to proxy to an untrusted HTTPS host:
      -  #SSLProxyVerify none
      -  #SSLProxyCheckPeerCN off
      -  #SSLProxyCheckPeerName off
      -  #SSLProxyCheckPeerExpire off
      -</VirtualHost>
      -
      +

      ``` apache hl_lines="2 10 11 17 22 23 24 25 30 31" + + ServerName CHANGE_TO_MAILCOW_HOSTNAME + ServerAlias autodiscover.* + ServerAlias autoconfig.* + RewriteEngine on

      +

      RewriteCond %{HTTPS} off + RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]

      +

      ProxyPass / http://127.0.0.1:8080/ + ProxyPassReverse / http://127.0.0.1:8080/ + ProxyPreserveHost On + ProxyAddHeaders On + RequestHeader set X-Forwarded-Proto "http" + + + ServerName CHANGE_TO_MAILCOW_HOSTNAME + ServerAlias autodiscover.* + ServerAlias autoconfig.*

      +

      # You should proxy to a plain HTTP session to offload SSL processing + ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 + ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync + ProxyPass / http://127.0.0.1:8080/ + ProxyPassReverse / http://127.0.0.1:8080/ + ProxyPreserveHost On + ProxyAddHeaders On + RequestHeader set X-Forwarded-Proto "https"

      +

      SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem + SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem

      +

      # If you plan to proxy to a HTTPS host: + #SSLProxyEngine On

      +

      # If you plan to proxy to an untrusted HTTPS host: + #SSLProxyVerify none + #SSLProxyCheckPeerCN off + #SSLProxyCheckPeerName off + #SSLProxyCheckPeerExpire off + +```

      Nginx

      Let's Encrypt will follow our rewrite, certificate requests will work fine.

      Take care of highlighted lines.

      -
      server {
      +

      ``` hl_lines="4 10 12 13 25 39" +server { listen 80 default_server; listen [::]:80 default_server; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; - return 301 https://$host$request_uri; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.; + return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; - - ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; - ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; - ssl_session_timeout 1d; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover. autoconfig.*;

      +

      ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; + ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; + ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - - # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations + ssl_session_tickets off;

      +

      # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; - ssl_prefer_server_ciphers off; - - location /Microsoft-Server-ActiveSync { - proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; - proxy_set_header Host $http_host; + ssl_prefer_server_ciphers off;

      +

      location /Microsoft-Server-ActiveSync { + proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -2584,39 +2600,38 @@ server { proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo client_body_buffer_size 512k; client_max_body_size 0; - } - - location / { - proxy_pass http://127.0.0.1:8080/; - proxy_set_header Host $http_host; + }

      +

      location / { + proxy_pass http://127.0.0.1:8080/; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update - # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 + # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } } -

      +```

      HAProxy (community supported)

      Warning

      This is an unsupported community contribution. Feel free to provide fixes.

      Important/Fixme: This example only forwards HTTPS traffic and does not use mailcows built-in ACME client.

      -
      frontend https-in
      +

      ``` +frontend https-in bind :::443 v4v6 ssl crt mailcow.pem - default_backend mailcow - -backend mailcow + default_backend mailcow

      +

      backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check -

      +```

      Traefik v2 (community supported)

      Warning

      @@ -2627,50 +2642,49 @@ backend mailcow

      So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf, and run docker-compose up -d to apply the changes.

      Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder.

      -
      version: '2.1'
      -
      -services:
      -    nginx-mailcow:
      -      networks:
      -        # add Traefik's network
      -        web:
      -      labels:
      -        - traefik.enable=true
      -        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
      -        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
      -        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
      -        # Enables tls over the router we created before.
      -        - traefik.http.routers.moo.tls=true
      -        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
      -        - traefik.http.routers.moo.tls.certresolver=le
      -        # Creates a service called "moo" for the container, and specifies which internal port of the container
      -        #   should traefik route the incoming data to.
      -        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
      -        # Specifies which entrypoint (external port) should traefik listen to, for this container.
      -        #   websecure being port 443, check the traefik.toml file liked above.
      -        - traefik.http.routers.moo.entrypoints=websecure
      -        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
      -        - traefik.docker.network=web
      -
      -    certdumper:
      -        image: humenius/traefik-certs-dumper
      -        container_name: traefik_certdumper
      -        network_mode: none
      -        volumes:
      -          # mount the folder which contains Traefik's `acme.json' file
      -          #   in this case Traefik is started from its own docker-compose in ../traefik
      -          - ../traefik/data:/traefik:ro
      -          # mount mailcow's SSL folder
      -          - ./data/assets/ssl/:/output:rw
      -        restart: always
      -        environment:
      -          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
      -          - DOMAIN=${MAILCOW_HOSTNAME}
      -
      -networks:
      -  web:
      -    external: true
      -
      +

      ```yaml +version: '2.1'

      +

      services: + nginx-mailcow: + networks: + # add Traefik's network + web: + labels: + - traefik.enable=true + # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule, + # in this case, a Host rule with our MAILCOW_HOSTNAME var. + - traefik.http.routers.moo.rule=Host(${MAILCOW_HOSTNAME}) + # Enables tls over the router we created before. + - traefik.http.routers.moo.tls=true + # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt). + - traefik.http.routers.moo.tls.certresolver=le + # Creates a service called "moo" for the container, and specifies which internal port of the container + # should traefik route the incoming data to. + - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} + # Specifies which entrypoint (external port) should traefik listen to, for this container. + # websecure being port 443, check the traefik.toml file liked above. + - traefik.http.routers.moo.entrypoints=websecure + # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network + - traefik.docker.network=web

      +
      certdumper:
      +    image: humenius/traefik-certs-dumper
      +    container_name: traefik_certdumper
      +    network_mode: none
      +    volumes:
      +      # mount the folder which contains Traefik's `acme.json' file
      +      #   in this case Traefik is started from its own docker-compose in ../traefik
      +      - ../traefik/data:/traefik:ro
      +      # mount mailcow's SSL folder
      +      - ./data/assets/ssl/:/output:rw
      +    restart: always
      +    environment:
      +      # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
      +      - DOMAIN=${MAILCOW_HOSTNAME}
      +
      +

      networks: + web: + external: true +```

      Start the new containers with docker-compose up -d.

      Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org, and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from.

      This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path.

      @@ -2680,18 +2694,18 @@ For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow

      Optional: Post-hook script for non-mailcow ACME clients

      Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. Make sure you change the paths accordingly: -

      #!/bin/bash
      -cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
      +```

      +

      !/bin/bash

      +

      cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c} -

      +```

      Adding additional server names for mailcow UI

      If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site.

      -
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
      -
      +

      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld

      Run docker-compose up -d to apply.


      diff --git a/en/post_installation/firststeps-snat/index.html b/en/post_installation/firststeps-snat/index.html index e4dbc4f2a..bfb8bdaa3 100644 --- a/en/post_installation/firststeps-snat/index.html +++ b/en/post_installation/firststeps-snat/index.html @@ -66,6 +66,11 @@
      @@ -564,6 +569,8 @@ + + SNAT @@ -2326,6 +2333,8 @@ + +
      @@ -2343,17 +2352,15 @@ -

      SNAT

      -

      SNAT is used to change the source address of the packets sent by mailcow. It can be used to change the outgoing IP address on systems with multiple IP addresses.

      Open mailcow.conf, set either or both of the following parameters:

      -
      # Use this IPv4 for outgoing connections (SNAT)
      -SNAT_TO_SOURCE=1.2.3.4
      -
      -# Use this IPv6 for outgoing connections (SNAT)
      -SNAT6_TO_SOURCE=dead:beef
      -
      +

      ```

      +

      Use this IPv4 for outgoing connections (SNAT)

      +

      SNAT_TO_SOURCE=1.2.3.4

      +

      Use this IPv6 for outgoing connections (SNAT)

      +

      SNAT6_TO_SOURCE=dead:beef +```

      Run docker-compose up -d.

      The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1.

      Check the output of docker-compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.

      diff --git a/en/post_installation/firststeps-ssl/index.html b/en/post_installation/firststeps-ssl/index.html index 8d57d572d..86ac91a8e 100644 --- a/en/post_installation/firststeps-ssl/index.html +++ b/en/post_installation/firststeps-ssl/index.html @@ -502,6 +502,19 @@ + + + + + +
    • + + Now check the logs for a renewal + + + +
    • + +
    • + + Connect via SMTP (587) + + +
    • + +
    • + + Connect via IMAP (143) + + +
    • + +
    • + + Connect via HTTPS (443) + +
    • @@ -2478,6 +2512,19 @@ + + + + + +
    • + + Now check the logs for a renewal + + + +
    • + +
    • + + Connect via SMTP (587) + + +
    • + +
    • + + Connect via IMAP (143) + + +
    • + +
    • + + Connect via HTTPS (443) + +
    • @@ -2570,8 +2638,6 @@ -

      Advanced SSL

      -

      Let's Encrypt (out-of-the-box)

      The "acme-mailcow" container will try to obtain a LE certificate for ${MAILCOW_HOSTNAME}, autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN.

      @@ -2586,8 +2652,7 @@

      Additional domain names

      Edit "mailcow.conf" and add a parameter ADDITIONAL_SAN like this:

      Do not use quotes (") and do not use spaces between the names!

      -
      ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
      -
      +

      ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*

      Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address.

      A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow.

      Run docker-compose up -d to recreate affected containers automatically.

      @@ -2596,17 +2661,17 @@

      Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration.

      If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site.

      -
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
      -
      +

      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld

      Run docker-compose up -d to apply.

      Force renewal

      To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container:

      -
      cd /opt/mailcow-dockerized
      +

      ``` +cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew -docker-compose restart acme-mailcow -# Now check the logs for a renewal -docker-compose logs --tail=200 -f acme-mailcow -

      +docker-compose restart acme-mailcow

      +

      Now check the logs for a renewal

      +

      docker-compose logs --tail=200 -f acme-mailcow +```

      The file will be deleted automatically.

      Validation errors and how to skip validation

      You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.

      @@ -2653,35 +2718,33 @@ You should make sure these clients use the MAILCOW_HOSTNAME for sec

      To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem.

      IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl.

      Restart affected services afterwards:

      -
      docker restart $(docker ps -qaf name=postfix-mailcow)
      +

      docker restart $(docker ps -qaf name=postfix-mailcow) docker restart $(docker ps -qaf name=nginx-mailcow) -docker restart $(docker ps -qaf name=dovecot-mailcow) -

      +docker restart $(docker ps -qaf name=dovecot-mailcow)

      See Post-hook script for non-mailcow ACME clients for a full example script.

      Test against staging ACME directory

      Edit mailcow.conf and add LE_STAGING=y.

      Run docker-compose up -d to activate your changes.

      Custom directory URL

      Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL:

      -
      DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
      -
      +

      DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory

      You cannot use LE_STAGING with DIRECTORY_URL. If both are set, only LE_STAGING is used.

      Run docker-compose up -d to activate your changes.

      Check your configuration

      Run docker-compose logs acme-mailcow to find out why a validation fails.

      To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate.

      To check the certificate served by Postfix, Dovecot and Nginx we will use openssl:

      -
      # Connect via SMTP (587)
      -echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
      -# Connect via IMAP (143)
      -echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
      -# Connect via HTTPS (443)
      -echo "Q" | openssl s_client -connect mx.mailcow.email:443
      -
      +

      ```

      +

      Connect via SMTP (587)

      +

      echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587

      +

      Connect via IMAP (143)

      +

      echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143

      +

      Connect via HTTPS (443)

      +

      echo "Q" | openssl s_client -connect mx.mailcow.email:443 +```

      To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script:

      -
      cd /opt/mailcow-dockerized
      -bash helper-scripts/expiry-dates.sh
      -
      +

      cd /opt/mailcow-dockerized +bash helper-scripts/expiry-dates.sh


      diff --git a/en/prerequisite/prerequisite-dns/index.html b/en/prerequisite/prerequisite-dns/index.html index c54d54a53..78a17cd07 100644 --- a/en/prerequisite/prerequisite-dns/index.html +++ b/en/prerequisite/prerequisite-dns/index.html @@ -364,27 +364,75 @@
    • + + Name Type Value + + + +
    • + + Name Type Value + + +
    • + +
    • + + Name Type Value + + +
    • + +
    • + + Name Type Value + + + +
    • + + Name Type Priority Weight Port Value + + + + +
    • + + + + + + +
    • + + ``` + + +
    • + +
    • + + Summary of Results + + + + +
    • + +
    • + + ``` + + +
    • + +
    • + + Summary of Results + + +
    • @@ -2343,45 +2352,43 @@ -

      Gitea

      -

      With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

      1. Open docker-compose.override.yml and add gitea:

      -
      version: '2.1'
      -services:
      -
      -        gitea-mailcow:
      -            image: gitea/gitea:1
      -            volumes:
      -                - ./data/gitea:/data
      -            networks:
      -                mailcow-network:
      -                    aliases:
      -                        - gitea
      -            ports:
      -                - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
      -
      +

      ``` +version: '2.1' +services:

      +
          gitea-mailcow:
      +        image: gitea/gitea:1
      +        volumes:
      +            - ./data/gitea:/data
      +        networks:
      +            mailcow-network:
      +                aliases:
      +                    - gitea
      +        ports:
      +            - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
      +
      +

      ```

      2. Create data/conf/nginx/site.gitea.custom, add: -

      location /gitea/ {
      +location /gitea/ {
               proxy_pass http://gitea:3000/;
      -}
      -

      +}

      3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example:

      -
      GITEA_SSH_PORT=127.0.0.1:4000
      -
      +

      GITEA_SSH_PORT=127.0.0.1:4000

      5. Run docker-compose up -d to bring up the gitea container and run docker-compose restart nginx-mailcow afterwards.

      6. If you forced mailcow to https, execute step 9 and restart gitea with docker-compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/

      7. Open http://${MAILCOW_HOSTNAME}/gitea/, for example http://mx.example.org/gitea/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

      8. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

      9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values.

      -
      [server]
      -SSH_LISTEN_PORT = 22
      -# For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
      -SSH_DOMAIN = 127.0.0.1
      -SSH_PORT = 4000
      -# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
      -ROOT_URL = https://mx.example.org/gitea/
      -
      +

      ``` +[server] +SSH_LISTEN_PORT = 22

      +

      For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:

      +

      SSH_DOMAIN = 127.0.0.1 +SSH_PORT = 4000

      +

      For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:

      +

      ROOT_URL = https://mx.example.org/gitea/ +```

      10. Restart gitea with docker-compose restart gitea-mailcow. Your users should be able to login with mailcow managed accounts.


      diff --git a/en/third_party/third_party-gogs/index.html b/en/third_party/third_party-gogs/index.html index ec12e3a40..724c68153 100644 --- a/en/third_party/third_party-gogs/index.html +++ b/en/third_party/third_party-gogs/index.html @@ -66,6 +66,11 @@
      @@ -2223,6 +2228,8 @@ + + Gogs @@ -2326,6 +2333,8 @@ + +
      @@ -2343,44 +2352,42 @@ -

      Gogs

      -

      With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

      1. Open docker-compose.override.yml and add Gogs:

      -
      version: '2.1'
      -services:
      -
      -    gogs-mailcow:
      -      image: gogs/gogs
      -      volumes:
      -        - ./data/gogs:/data
      -      networks:
      -        mailcow-network:
      -          aliases:
      -            - gogs
      -      ports:
      -        - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
      -
      +

      ``` +version: '2.1' +services:

      +
      gogs-mailcow:
      +  image: gogs/gogs
      +  volumes:
      +    - ./data/gogs:/data
      +  networks:
      +    mailcow-network:
      +      aliases:
      +        - gogs
      +  ports:
      +    - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
      +
      +

      ```

      2. Create data/conf/nginx/site.gogs.custom, add: -

      location /gogs/ {
      +location /gogs/ {
           proxy_pass http://gogs:3000/;
      -}
      -

      +}

      3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example:

      -
      GOGS_SSH_PORT=127.0.0.1:4000
      -
      +

      GOGS_SSH_PORT=127.0.0.1:4000

      5. Run docker-compose up -d to bring up the Gogs container and run docker-compose restart nginx-mailcow afterwards.

      6. Open http://${MAILCOW_HOSTNAME}/gogs/, for example http://mx.example.org/gogs/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

      7. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

      8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values.

      -
      [server]
      -SSH_LISTEN_PORT = 22
      -# For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
      -SSH_DOMAIN = 127.0.0.1
      -SSH_PORT = 4000
      -# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
      -ROOT_URL = https://mx.example.org/gogs/
      -
      +

      ``` +[server] +SSH_LISTEN_PORT = 22

      +

      For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:

      +

      SSH_DOMAIN = 127.0.0.1 +SSH_PORT = 4000

      +

      For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:

      +

      ROOT_URL = https://mx.example.org/gogs/ +```

      9. Restart Gogs with docker-compose restart gogs-mailcow. Your users should be able to login with mailcow managed accounts.


      diff --git a/en/third_party/third_party-mailman3/index.html b/en/third_party/third_party-mailman3/index.html index b9c10765f..ce4de42e3 100644 --- a/en/third_party/third_party-mailman3/index.html +++ b/en/third_party/third_party-mailman3/index.html @@ -2289,162 +2289,6 @@ DNS setup - - -
    • - - Install Apache as a reverse proxy - - - - -
    • - -
    • - - Obtain SSL certificates with Let's Encrypt - - -
    • - -
    • - - Install mailcow with Mailman integration - - - - -
    • - -
    • - - Install Mailman - - - - -
    • - -
    • - - 🏃 Run - - -
    • - - - - - - -
    • - - Remarks - - - - -
    • - -
    • - - Update - - -
    • - -
    • - - Backup - - -
    • - -
    • - - ToDo - - -
    • - -
    • - - Install Apache as a reverse proxy - - - - -
    • - -
    • - - Obtain SSL certificates with Let's Encrypt - - -
    • - -
    • - - Install mailcow with Mailman integration - - - - -
    • - -
    • - - Install Mailman - - - - -
    • - -
    • - - 🏃 Run - - -
    • - - - - - - -
    • - - Remarks - - - - -
    • - -
    • - - Update - - -
    • - -
    • - - Backup - - -
    • - -
    • - - ToDo - - -
    • The problem to solve

      mailpiler offers the authentication based on IMAP, for example:

      -
      $config['ENABLE_IMAP_AUTH'] = 1;
      -$config['IMAP_HOST'] = 'mail.example.com';
      -$config['IMAP_PORT'] =  993;
      -$config['IMAP_SSL'] = true;
      -
      +

      php +$config['ENABLE_IMAP_AUTH'] = 1; +$config['IMAP_HOST'] = 'mail.example.com'; +$config['IMAP_PORT'] = 993; +$config['IMAP_SSL'] = true;

      • So when you log in using patrik@example.com, you will only see delivered emails sent from or to this specific email address.
      • When additional aliases are defined in mailcow, like team@example.com, you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address.
      • @@ -2487,19 +2487,19 @@
        1. Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php:

          -
          $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
          -$config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false
          -$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
          -include('auth-mailcow.php');
          -
          +

          php +$config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; +$config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false +$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; +include('auth-mailcow.php');

          You can also change the mailcow hostname, if required: -

          $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
          -

          +php +$config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']

        2. Download the PHP file with the functions from the GitHub repo:

          -
          curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
          -
          +

          sh +curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php

        3. Done!

          diff --git a/en/third_party/third_party-nextcloud/index.html b/en/third_party/third_party-nextcloud/index.html index 50abfd05c..74f6c94a4 100644 --- a/en/third_party/third_party-nextcloud/index.html +++ b/en/third_party/third_party-nextcloud/index.html @@ -2457,14 +2457,13 @@

          In order for mailcow to generate a a certificate for the nextcloud domain you need to add "nextcloud.domain.tld" to ADDITIONAL_SAN in mailcow.conf and run docker-compose up -d to apply. For more informaton refer to: Advanced SSL.

          Background jobs

          To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml:

          -
          version: '2.1'
          +

          version: '2.1' services: php-fpm-mailcow: labels: - ofelia.enabled: "true" - ofelia.job-exec.nextcloud-cron.schedule: "@every 5m" - ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\"" -

          + ofelia.enabled: "true" + ofelia.job-exec.nextcloud-cron.schedule: "@every 5m" + ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""

          After adding these lines the docker-compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to pick up the new job definition by executing docker-compose restart ofelia-mailcow. To check if the job was successfully picked up by ofelia the command docker-compose logs ofelia-mailcow will contain a line similar to New job registered "nextcloud-cron" - ....

          @@ -2516,14 +2515,12 @@ services:

          If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

          1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it. 2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

          INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
          -INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
          -

          +INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;


          If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

          1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

          INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
          -

          +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;


          Update

          The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. @@ -2533,13 +2530,12 @@ It shows which commands have to be executed, these have to be placed in the php-


          Debugging & Troubleshooting

          It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/*.

          -
          'trusted_proxies' =>
          +

          'trusted_proxies' => array ( - 0 => 'fd4d:6169:6c63:6f77::/64', - 1 => '172.22.1.0/24', - 2 => 'NewSubnet/24', - ), -

          + 0 => 'fd4d:6169:6c63:6f77::/64', + 1 => '172.22.1.0/24', + 2 => 'NewSubnet/24', + ),

          After the changes have been made, the nginx container must be restarted. docker-compose restart nginx-mailcow

          diff --git a/en/third_party/third_party-portainer/index.html b/en/third_party/third_party-portainer/index.html index 4193cc181..b7e705206 100644 --- a/en/third_party/third_party-portainer/index.html +++ b/en/third_party/third_party-portainer/index.html @@ -2347,7 +2347,7 @@

          In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified.

          1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration -

          version: '2.1'
          +version: '2.1'
           services:
               portainer-mailcow:
                 image: portainer/portainer-ce
          @@ -2361,42 +2361,40 @@ services:
                 networks:
                   mailcow-network:
                     aliases:
          -            - portainer
          -
          + - portainer 2a. Create data/conf/nginx/portainer.conf: -
          upstream portainer {
          +```
          +upstream portainer {
             server portainer-mailcow:9000;
          -}
          -
          -map $http_upgrade $connection_upgrade {
          +}

          +

          map $http_upgrade $connection_upgrade { default upgrade; - '' close; + '' close; } -

          +```

          2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom: -

            location /portainer/ {
          +```
          +  location /portainer/ {
               proxy_http_version 1.1;
          -    proxy_set_header Host              $http_host;   # required for docker client's sake
          -    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
          +    proxy_set_header Host              $http_host;   # required for docker client's sake
          +    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
               proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
          -    proxy_read_timeout                 900;
          -
          -    proxy_set_header Connection "";
          -    proxy_buffers 32 4k;
          -    proxy_pass http://portainer/;
          -  }
          -
          -  location /portainer/api/websocket/ {
          +    proxy_read_timeout                 900;

          +
          proxy_set_header Connection "";
          +proxy_buffers 32 4k;
          +proxy_pass http://portainer/;
          +
          +

          }

          +

          location /portainer/api/websocket/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass http://portainer/api/websocket/; + proxy_pass http://portainer/api/websocket/; } -

          +```

          3. Apply your changes: -

          docker-compose up -d && docker-compose restart nginx-mailcow
          -

          +docker-compose up -d && docker-compose restart nginx-mailcow

          Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the admin account. After specifying your password, you’ll then be able to connect to the Portainer UI.


          diff --git a/en/third_party/third_party-roundcube/index.html b/en/third_party/third_party-roundcube/index.html index 86df55e30..e0aa66c86 100644 --- a/en/third_party/third_party-roundcube/index.html +++ b/en/third_party/third_party-roundcube/index.html @@ -2329,38 +2329,134 @@
        4. + + Check for a newer release! + + +
        5. + +
        6. + + Change folder name + + +
        7. + +
        8. + + Change permissions + + +
        9. + +
        10. + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + +
        11. + +
        12. + + !/bin/bash + + + +
        13. + + Enter a bash session of the mailcow PHP container + + +
        14. + +
        15. + + Install required upgrade dependency, then upgrade Roundcube to wanted release + + +
        16. + +
        17. + + Type 'Y' and press enter to upgrade your install of Roundcube + + +
        18. + +
        19. + + Remove leftover files + + +
        20. + +
        21. + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + + + +
        22. + +
        23. + + Allow admins to log into Roundcube as email user (without any password) + + +
        24. + +
        25. + + Roundcube with plugin dovecot_impersonate must be installed first + +
      @@ -2410,38 +2506,134 @@
    • + + Check for a newer release! + + +
    • + +
    • + + Change folder name + + +
    • + +
    • + + Change permissions + + +
    • + +
    • + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + +
    • + +
    • + + !/bin/bash + + + +
    • + + Enter a bash session of the mailcow PHP container + + +
    • + +
    • + + Install required upgrade dependency, then upgrade Roundcube to wanted release + + +
    • + +
    • + + Type 'Y' and press enter to upgrade your install of Roundcube + + +
    • + +
    • + + Remove leftover files + + +
    • + +
    • + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + + + +
    • + +
    • + + Allow admins to log into Roundcube as email user (without any password) + + +
    • + +
    • + + Roundcube with plugin dovecot_impersonate must be installed first + +
    • @@ -2462,124 +2654,114 @@ -

      Roundcube

      -

      Installing Roundcube

      Download Roundcube 1.5.x to the web htdocs directory and extract it (here rc/): -

      # Check for a newer release!
      -cd data/web
      -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -
      -
      -# Change folder name
      -mv roundcubemail-1.5.2 rc
      -
      -# Change permissions
      -chown -R root: rc/
      -
      -# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6
      -sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php
      -

      +```

      +

      Check for a newer release!

      +

      cd data/web +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -

      +

      Change folder name

      +

      mv roundcubemail-1.5.2 rc

      +

      Change permissions

      +

      chown -R root: rc/

      +

      Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6

      +

      sed -i "s/\$prefix = '.\/';/\$prefix = preg_replace('\/[\?\&].*\$\/', '', \$_SERVER['REQUEST_URI'] \?\? '') \?: '.\/';/g" rc/program/include/rcmail.php +```

      If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. -

      #!/bin/bash
      -apk update
      +```

      +

      !/bin/bash

      +

      apk update apk add aspell-en # or any other language -

      +```

      Create a file data/web/rc/config/config.inc.php with the following content. - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - The db_prefix is optional but recommended. - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. -

      <?php
      +<?php
       error_reporting(0);
      -if (!file_exists('/tmp/mime.types')) {
      -file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
      +if (!file_exists('/tmp/mime.types')) {
      +file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
       }
       $config = array();
      -$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
      -$config['default_host'] = 'tls://dovecot';
      -$config['default_port'] = '143';
      -$config['smtp_server'] = 'tls://postfix';
      -$config['smtp_port'] = 587;
      -$config['smtp_user'] = '%u';
      -$config['smtp_pass'] = '%p';
      -$config['support_url'] = '';
      -$config['product_name'] = 'Roundcube Webmail';
      -$config['des_key'] = 'yourrandomstring_changeme';
      -$config['log_dir'] = '/dev/null';
      -$config['temp_dir'] = '/tmp';
      -$config['plugins'] = array(
      -  'archive',
      -  'managesieve'
      +$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
      +$config['default_host'] = 'tls://dovecot';
      +$config['default_port'] = '143';
      +$config['smtp_server'] = 'tls://postfix';
      +$config['smtp_port'] = 587;
      +$config['smtp_user'] = '%u';
      +$config['smtp_pass'] = '%p';
      +$config['support_url'] = '';
      +$config['product_name'] = 'Roundcube Webmail';
      +$config['des_key'] = 'yourrandomstring_changeme';
      +$config['log_dir'] = '/dev/null';
      +$config['temp_dir'] = '/tmp';
      +$config['plugins'] = array(
      +  'archive',
      +  'managesieve'
       );
      -$config['spellcheck_engine'] = 'aspell';
      -$config['mime_types'] = '/tmp/mime.types';
      -$config['imap_conn_options'] = array(
      -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
      +$config['spellcheck_engine'] = 'aspell';
      +$config['mime_types'] = '/tmp/mime.types';
      +$config['imap_conn_options'] = array(
      +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
       );
      -$config['enable_installer'] = true;
      -$config['smtp_conn_options'] = array(
      -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
      +$config['enable_installer'] = true;
      +$config['smtp_conn_options'] = array(
      +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
       );
      -$config['db_prefix'] = 'mailcow_rc1';
      -

      +$config['db_prefix'] = 'mailcow_rc1';

      Point your browser to https://myserver/rc/installer and follow the instructions. Initialize the database and leave the installer.

      Delete the directory data/web/rc/installer after a successful installation!

      Configure ManageSieve filtering

      Open data/web/rc/plugins/managesieve/config.inc.php and change the following parameters (or add them at the bottom of that file): -

      $config['managesieve_port'] = 4190;
      -$config['managesieve_host'] = 'tls://dovecot';
      -$config['managesieve_conn_options'] = array(
      -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
      +$config['managesieve_port'] = 4190;
      +$config['managesieve_host'] = 'tls://dovecot';
      +$config['managesieve_conn_options'] = array(
      +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
       );
       // Enables separate management interface for vacation responses (out-of-office)
       // 0 - no separate section (default),
       // 1 - add Vacation section,
       // 2 - add Vacation section, but hide Filters section
      -$config['managesieve_vacation'] = 1;
      -

      +$config['managesieve_vacation'] = 1;

      Enable change password function in Roundcube

      Open data/web/rc/config/config.inc.php and enable the password plugin:

      -
      ...
      -$config['plugins'] = array(
      -    'archive',
      -    'password',
      +

      ... +$config['plugins'] = array( + 'archive', + 'password', ); -... -

      +...

      Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

      -
              case 'ssha256':
      +

      case 'ssha256': $salt = rcube_utils::random_bytes(8); - $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); - $prefix = '{SSHA256}'; - break; -

      + $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); + $prefix = '{SSHA256}'; + break;

      Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

      -
      $config['password_driver'] = 'sql';
      -$config['password_algorithm'] = 'ssha256';
      -$config['password_algorithm_prefix'] = '{SSHA256}';
      -$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
      -
      +

      $config['password_driver'] = 'sql'; +$config['password_algorithm'] = 'ssha256'; +$config['password_algorithm_prefix'] = '{SSHA256}'; +$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";

      Integrate CardDAV addressbooks in Roundcube

      Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): -

      cd data/web/rc/plugins
      +cd data/web/rc/plugins
       wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz  | tar xfvz -
      -chown -R root: carddav/
      -

      +chown -R root: carddav/

      Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: -

      $prefs['SOGo'] = array(
      -    'name'         =>  'SOGo',
      -    'username'     =>  '%u',
      -    'password'     =>  '%p',
      -    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
      -    'carddav_name_only' => true,
      -    'use_categories' => true,
      -    'active'       =>  true,
      -    'readonly'     =>  false,
      -    'refresh_time' => '02:00:00',
      -    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
      -    'hide'        =>  false,
      -);
      -
      +$prefs['SOGo'] = array( + 'name' => 'SOGo', + 'username' => '%u', + 'password' => '%p', + 'url' => 'https://mx.example.org/SOGo/dav/%u/', + 'carddav_name_only' => true, + 'use_categories' => true, + 'active' => true, + 'readonly' => false, + 'refresh_time' => '02:00:00', + 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), + 'hide' => false, +); Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

      Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

      If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

      @@ -2587,75 +2769,70 @@ Please note, that this preset only integrates the default addressbook (the one t

      Optionally, you can add Roundcube's link to the mailcow Apps list. To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

      NOTE: Don't forget to add the <?php delimiter on the first line

      -
      ...
      +

      ... $MAILCOW_APPS = array( array( - 'name' => 'SOGo', - 'link' => '/SOGo/' + 'name' => 'SOGo', + 'link' => '/SOGo/' ), array( - 'name' => 'Roundcube', - 'link' => '/rc/' + 'name' => 'Roundcube', + 'link' => '/rc/' ) ); -... -

      +...

      Upgrading Roundcube

      Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

      -
      # Enter a bash session of the mailcow PHP container
      -docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash
      -
      -# Install required upgrade dependency, then upgrade Roundcube to wanted release
      -apk add rsync
      +

      ```

      +

      Enter a bash session of the mailcow PHP container

      +

      docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash

      +

      Install required upgrade dependency, then upgrade Roundcube to wanted release

      +

      apk add rsync cd /tmp -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - cd roundcubemail-1.5.2 -bin/installto.sh /web/rc - -# Type 'Y' and press enter to upgrade your install of Roundcube - -# Remove leftover files -cd /tmp -rm -rf roundcube* - -# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 -sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php -

      +bin/installto.sh /web/rc

      +

      Type 'Y' and press enter to upgrade your install of Roundcube

      +

      Remove leftover files

      +

      cd /tmp +rm -rf roundcube*

      +

      Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6

      +

      sed -i "s/\$prefix = '.\/';/\$prefix = preg_replace('\/[\?\&].*\$\/', '', \$_SERVER['REQUEST_URI'] \?\? '') \?: '.\/';/g" /web/rc/program/include/rcmail.php +```

      Let admins log into Roundcube without password

      First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

      Edit mailcow.conf and add the following:

      -
      # Allow admins to log into Roundcube as email user (without any password)
      -# Roundcube with plugin dovecot_impersonate must be installed first
      -
      -ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
      -
      +

      ```

      +

      Allow admins to log into Roundcube as email user (without any password)

      +

      Roundcube with plugin dovecot_impersonate must be installed first

      +

      ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y +```

      Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow:

      -
      version: '2.1'
      +

      yml +version: '2.1' services: php-fpm-mailcow: environment: - - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} -

      + - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}

      Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

      -
      if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
      -  item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
      -}
      -
      +

      js +if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) { + item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>'; +}

      Edit data/web/mailbox.php and add this line to array $template_data:

      -
        'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
      -
      +

      php + 'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',

      Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section:

      -
        var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
      -
      +

      js + var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};

      Copy the contents of the following files from this Snippet:

      • data/web/inc/lib/RoundcubeAutoLogin.php
      • data/web/rc-auth.php

      Finally, restart mailcow

      -
      docker-compose down
      -docker-compose up -d
      -
      +

      docker-compose down +docker-compose up -d


      diff --git a/en/troubleshooting/debug-admin_login_sogo/index.html b/en/troubleshooting/debug-admin_login_sogo/index.html index e59fbdbb8..7f80a9e77 100644 --- a/en/troubleshooting/debug-admin_login_sogo/index.html +++ b/en/troubleshooting/debug-admin_login_sogo/index.html @@ -2428,11 +2428,9 @@ log into SOGo as a mailbox user, without knowing the users password.

      Multiple concurrent admin-logins to different mailboxes are also possible when using this feature.

      Enabling the feature

      The feature is disabled by default. It can be enabled in the mailcow.conf by setting: -

      ALLOW_ADMIN_EMAIL_LOGIN=y
      -
      +ALLOW_ADMIN_EMAIL_LOGIN=y and recreating the affected containers with -
      docker-compose up -d
      -

      +docker-compose up -d

      Drawbacks when enabled

      • Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. diff --git a/en/troubleshooting/debug-attach_service/index.html b/en/troubleshooting/debug-attach_service/index.html index 7b9d815f5..91ba8ad19 100644 --- a/en/troubleshooting/debug-attach_service/index.html +++ b/en/troubleshooting/debug-attach_service/index.html @@ -2476,17 +2476,14 @@

        Attaching a Container to your Shell

        To attach a container to your shell you can simply run

        -
        docker-compose exec $Service_Name /bin/bash
        -
        +

        docker-compose exec $Service_Name /bin/bash

        Connecting to Services

        If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.

        MySQL

        -
        source mailcow.conf
        -docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
        -
        +

        source mailcow.conf +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}

        Redis

        -
        docker-compose exec redis-mailcow redis-cli
        -
        +

        docker-compose exec redis-mailcow redis-cli

        Service Descriptions

        Here is a brief overview of what container / service does what:

      diff --git a/en/troubleshooting/debug-common_problems/index.html b/en/troubleshooting/debug-common_problems/index.html index 6afcc1f66..720c4ab5f 100644 --- a/en/troubleshooting/debug-common_problems/index.html +++ b/en/troubleshooting/debug-common_problems/index.html @@ -801,52 +801,65 @@
    • + + telnet 74.125.133.27 465 + + + +
    • @@ -2438,52 +2451,65 @@
    • + + telnet 74.125.133.27 465 + + + +
    • @@ -2504,8 +2530,6 @@ -

      Common Problems

      -

      Here we list common problems and possible solutions:

      Mail loops back to myself

      Please check in your mailcow UI if you made the domain a backup MX:

      @@ -2516,11 +2540,12 @@
    • Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address.
    • There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587:
    • -
      # telnet 74.125.133.27 465
      -Trying 74.125.133.27...
      +

      ```

      +

      telnet 74.125.133.27 465

      +

      Trying 74.125.133.27... Connected to 74.125.133.27. -Escape character is '^]'. -

      +Escape character is '^]'. +```

      My mails are identified as Spam

      Please read our guide on DNS configuration.

      docker-compose throws weird errors

      @@ -2537,8 +2562,7 @@ Escape character is '^]'.

      It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.

      Address already in use

      If you get an error message like:

      -
      ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
      -
      +

      ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use

      while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites.

      XYZ can't connect to ...

      Please check your local firewall! @@ -2546,19 +2570,17 @@ Docker and iptables-based firewalls sometimes create conflicting rules, so disab

      If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25).

      While Linux users can chose from a variety of tools1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default.

      To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges:

      -
      dism /online /Enable-Feature /FeatureName:TelnetClient
      -
      +

      dism /online /Enable-Feature /FeatureName:TelnetClient

      Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)

      Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.

      Dovecot keeps restarting (see #2672)

      Check that you have at least the following files in data/assets/ssl:

      -
      cert.pem
      +

      cert.pem dhparams.pem -key.pem -

      +key.pem

      If dhparams.pem is missing, you can generate it with

      -
      openssl dhparam -out data/assets/ssl/dhparams.pem 4096
      -
      +

      bash +openssl dhparam -out data/assets/ssl/dhparams.pem 4096


        diff --git a/en/troubleshooting/debug-mysql_aria/index.html b/en/troubleshooting/debug-mysql_aria/index.html index 94ec39d03..63f28e93d 100644 --- a/en/troubleshooting/debug-mysql_aria/index.html +++ b/en/troubleshooting/debug-mysql_aria/index.html @@ -833,6 +833,41 @@ MariaDB: Aria recovery after crash + + +
      1. + + Stop the stack, don't run "down" + + +
      2. + +
      3. + + Run a bash in the stopped container as user mysql + + +
      4. + +
      5. + + cd to the SQL data directory + + +
      6. + +
      7. + + Run aria_chk + + +
      8. + +
      9. + + Delete aria log files + +
      10. @@ -2372,6 +2407,41 @@ MariaDB: Aria recovery after crash + + +
      11. + + Stop the stack, don't run "down" + + +
      12. + +
      13. + + Run a bash in the stopped container as user mysql + + +
      14. + +
      15. + + cd to the SQL data directory + + +
      16. + +
      17. + + Run aria_chk + + +
      18. + +
      19. + + Delete aria log files + +
      20. @@ -2392,23 +2462,22 @@ -

        Recover crashed Aria storage engine

        -

        MariaDB: Aria recovery after crash

        If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state:

        Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker-compose ps.

        Now run the following commands:

        -
        # Stop the stack, don't run "down"
        -docker-compose stop
        -# Run a bash in the stopped container as user mysql
        -docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
        -# cd to the SQL data directory
        -cd /var/lib/mysql
        -# Run aria_chk
        -aria_chk --check --force */*.MAI
        -# Delete aria log files
        -rm aria_log.*
        -
        +

        ```

        +

        Stop the stack, don't run "down"

        +

        docker-compose stop

        +

        Run a bash in the stopped container as user mysql

        +

        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow

        +

        cd to the SQL data directory

        +

        cd /var/lib/mysql

        +

        Run aria_chk

        +

        aria_chk --check --force /.MAI

        +

        Delete aria log files

        +

        rm aria_log.* +```

        Now run docker-compose down followed by docker-compose up -d.


        diff --git a/en/troubleshooting/debug-mysql_upgrade/index.html b/en/troubleshooting/debug-mysql_upgrade/index.html index 862f2e6d9..bb68268de 100644 --- a/en/troubleshooting/debug-mysql_upgrade/index.html +++ b/en/troubleshooting/debug-mysql_upgrade/index.html @@ -2396,13 +2396,11 @@

        Run a manual mysql_upgrade

        This step is usually not necessary.

        -
        docker-compose stop mysql-mailcow watchdog-mailcow
        -docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
        -
        +

        docker-compose stop mysql-mailcow watchdog-mailcow +docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow

        As soon as the SQL shell spawned, run mysql_upgrade and exit the container:

        -
        mysql_upgrade
        -exit
        -
        +

        mysql_upgrade +exit


        diff --git a/en/troubleshooting/debug-reset_pw/index.html b/en/troubleshooting/debug-reset_pw/index.html index 28c8bfbfe..8522083e9 100644 --- a/en/troubleshooting/debug-reset_pw/index.html +++ b/en/troubleshooting/debug-reset_pw/index.html @@ -878,6 +878,26 @@ + + + + + +
      21. + + source mailcow.conf + + +
      22. + +
      23. + + docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} + + + - -
      24. - -
      25. +
      26. Remove Two-Factor Authentication @@ -935,6 +950,11 @@ +
      27. + + + + @@ -2463,6 +2483,26 @@ + + + + + +
      28. + + source mailcow.conf + + +
      29. + +
      30. + + docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} + + + - -
      31. - -
      32. +
      33. Remove Two-Factor Authentication @@ -2520,6 +2555,11 @@ +
      34. + + + + @@ -2540,22 +2580,19 @@ -

        Reset Passwords (incl. SQL)

        -

        mailcow Admin Account

        Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path).

        -
        cd mailcow_path
        -./helper-scripts/mailcow-reset-admin.sh
        -
        +

        cd mailcow_path +./helper-scripts/mailcow-reset-admin.sh

        Reset MySQL Passwords

        Stop the stack by running docker-compose stop.

        When the containers came to a stop, run this command:

        -
        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
        -
        +

        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow

        1. Find database name

        -
        # source mailcow.conf
        -# docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
        -MariaDB [(none)]> show databases;
        +

        ```

        +

        source mailcow.conf

        +

        docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}

        +

        MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ @@ -2565,49 +2602,47 @@ MariaDB [(none)]> show databases; | performance_schema | +--------------------+ 4 rows in set (0.00 sec) -

        +```

        2. Reset one or more users

        2.1 Maria DB < 10.4 (older mailcow installations)

        Both "password" and "authentication_string" exist. Currently "password" is used, but better set both.

        -
        MariaDB [(none)]> SELECT user FROM mysql.user;
        +

        ``` +MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ -2 rows in set (0.00 sec) - +2 rows in set (0.00 sec)

        +

        MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES; -MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; -MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; -MariaDB [(none)]> FLUSH PRIVILEGES; -

        +```

        2.2 Maria DB >= 10.4 (current mailcows)

        -
        MariaDB [(none)]> SELECT user FROM mysql.user;
        +

        ``` +MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ -2 rows in set (0.00 sec) - +2 rows in set (0.00 sec)

        +

        MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; +MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; +MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES; -MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; -MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; -MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; -MariaDB [(none)]> FLUSH PRIVILEGES; -

        +```

        Remove Two-Factor Authentication

        For mailcow WebUI:

        This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI:

        -
        source mailcow.conf
        -docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
        -
        +

        source mailcow.conf +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"

        For SOGo:

        -
        docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
        -
        +

        docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'


        diff --git a/en/troubleshooting/debug-reset_tls/index.html b/en/troubleshooting/debug-reset_tls/index.html index 0c254e14e..e831d3a0d 100644 --- a/en/troubleshooting/debug-reset_tls/index.html +++ b/en/troubleshooting/debug-reset_tls/index.html @@ -2346,14 +2346,13 @@

        Reset TLS certificates

        In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets:

        -
        source mailcow.conf
        +

        source mailcow.conf docker-compose down rm -rf data/assets/ssl mkdir data/assets/ssl -openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ -docker-compose up -d -

        +docker-compose up -d

        This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow.

        If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later.

        Please also note that previous TLSA records will be invalid.

        diff --git a/en/troubleshooting/debug-rm_volumes/index.html b/en/troubleshooting/debug-rm_volumes/index.html index b4426b837..edc2505d2 100644 --- a/en/troubleshooting/debug-rm_volumes/index.html +++ b/en/troubleshooting/debug-rm_volumes/index.html @@ -2348,8 +2348,7 @@

        You may want to remove a set of persistent data to resolve a conflict or to start over.

        mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list.

        Delete a single volume:

        -
        docker volume rm mailcowdockerized_${VOLUME_NAME}
        -
        +

        docker volume rm mailcowdockerized_${VOLUME_NAME}

        + + @@ -2423,6 +2505,75 @@ + + + + + +
      35. + + Options can be combined + + +
      36. + +
      37. + + - Check for updates and show changes + + +
      38. + +
      39. + + Do not try to update docker-compose, make sure to use the latest docker-compose available + + +
      40. + +
      41. + + - Do not start mailcow after applying an update + + +
      42. + +
      43. + + - Force update (unattended, but unsupported, use at own risk) + + +
      44. + +
      45. + + - Run garbage collector to cleanup old image tags and exit + + +
      46. + +
      47. + + - Update with merge strategy option "ours" instead of "theirs" + + +
      48. + +
      49. + + This will solve conflicts when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. + + +
      50. + +
      51. + + - Don't update, but prefetch images and exit + + + + +
      52. + +
      53. + + Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID + + + - -
      54. - -
      55. +
      56. Footnotes +
      57. + + + + @@ -2474,57 +2638,48 @@ -

        Update

        -

        Automatic update

        An update script in your mailcow-dockerized directory will take care of updates.

        But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below.

        Run the update script: -

        ./update.sh
        -

        +./update.sh

        If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow: dockerized repository code).

        Options

        -
        # Options can be combined
        -
        -# - Check for updates and show changes
        -./update.sh --check
        -
        -# Do not try to update docker-compose, **make sure to use the latest docker-compose available**
        -./update.sh --no-update-compose
        -
        -# - Do not start mailcow after applying an update
        -./update.sh --skip-start
        -
        -# - Force update (unattended, but unsupported, use at own risk)
        -./update.sh --force
        -
        -# - Run garbage collector to cleanup old image tags and exit
        -./update.sh --gc
        -
        -# - Update with merge strategy option "ours" instead of "theirs"
        -#   This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too.
        -./update.sh --ours
        -
        -# - Don't update, but prefetch images and exit
        -./update.sh --prefetch
        -
        +

        ```

        +

        Options can be combined

        +

        - Check for updates and show changes

        +

        ./update.sh --check

        +

        Do not try to update docker-compose, make sure to use the latest docker-compose available

        +

        ./update.sh --no-update-compose

        +

        - Do not start mailcow after applying an update

        +

        ./update.sh --skip-start

        +

        - Force update (unattended, but unsupported, use at own risk)

        +

        ./update.sh --force

        +

        - Run garbage collector to cleanup old image tags and exit

        +

        ./update.sh --gc

        +

        - Update with merge strategy option "ours" instead of "theirs"

        +

        This will solve conflicts when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too.

        +

        ./update.sh --ours

        +

        - Don't update, but prefetch images and exit

        +

        ./update.sh --prefetch +```

        I forgot what I changed before running update.sh

        See git log --pretty=oneline | grep -i "before update", you will have an output similar to this:

        -
        22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45
        -dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31
        -
        +

        22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 +dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31

        Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.

        Can I roll back?

        Yes.

        See the topic above, instead of a diff, you run checkout:

        -
        docker-compose down
        -# Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID
        -git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab
        +

        ``` +docker-compose down

        +

        Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID

        +

        git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d -

        +```

        Hooks

        You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.

        Footnotes

        diff --git a/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html b/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html index 2c5d3f040..1a7483ed7 100644 --- a/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html +++ b/manual-guides/ClamAV/u_e-clamav-additional_dbs/index.html @@ -2466,21 +2466,20 @@
      58. You will need to get your_id from one of the download links, they are individual for every user
      59. Add to data/conf/clamav/freshclam.conf with replaced your_id part: -

        DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
        +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.hdb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfo.ign2
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/javascript.ndb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/spam_marketing.ndb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfohtml.hdb
         DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfoascii.hdb
        -DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb
        -

        +DatabaseCustomURL https://www.securiteinfo.com/get/signatures/your_id/securiteinfopdf.hdb

      60. For free SecuriteInfo databases, download speed is limited to 300 kB/s. In data/conf/clamav/freshclam.conf, increase the default ReceiveTimeout 20 value to ReceiveTimeout 90 (time in seconds), otherwise some of the database downloads could fail because of their size.

      61. Adjust data/conf/clamav/clamd.conf to align with next settings: -

        DetectPUA yes
        +DetectPUA yes
         ExcludePUA PUA.Win.Packer
         ExcludePUA PUA.Win.Trojan.Packed
         ExcludePUA PUA.Win.Trojan.Molebox
        @@ -2492,12 +2491,11 @@ MaxRecursion 40
         MaxEmbeddedPE 100M
         MaxHTMLNormalize 50M
         MaxScriptNormalize 50M
        -MaxZipTypeRcg 50M
        -

        +MaxZipTypeRcg 50M

      62. Restart ClamAV container: -
        docker-compose restart clamd-mailcow
        -
      63. +bash +docker-compose restart clamd-mailcow

      Please note:

        @@ -2509,14 +2507,13 @@ MaxZipTypeRcg 50M

        Enable InterServer databases

        1. Add to data/conf/clamav/freshclam.conf: -
          DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
          +DatabaseCustomURL http://sigs.interserver.net/interserver256.hdb
           DatabaseCustomURL http://sigs.interserver.net/interservertopline.db
           DatabaseCustomURL http://sigs.interserver.net/shell.ldb
          -DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
          -
        2. +DatabaseCustomURL http://sigs.interserver.net/whitelist.fp
        3. Restart ClamAV container: -
          docker-compose restart clamd-mailcow
          -
        4. +bash +docker-compose restart clamd-mailcow

        diff --git a/manual-guides/ClamAV/u_e-clamav-whitelist/index.html b/manual-guides/ClamAV/u_e-clamav-whitelist/index.html index 5227654a2..66942aa5c 100644 --- a/manual-guides/ClamAV/u_e-clamav-whitelist/index.html +++ b/manual-guides/ClamAV/u_e-clamav-whitelist/index.html @@ -1842,6 +1842,13 @@ Whitelist specific ClamAV signatures + + +
      • + + docker-compose exec redis-mailcow /bin/sh + +
      @@ -2374,6 +2381,13 @@ Whitelist specific ClamAV signatures + + +
    • + + docker-compose exec redis-mailcow /bin/sh + +
    • @@ -2394,26 +2408,25 @@ -

      Whitelist

      -

      Whitelist specific ClamAV signatures

      You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.:

      -
      docker-compose logs clamd-mailcow | grep "FOUND"
      -
      +

      bash +docker-compose logs clamd-mailcow | grep "FOUND"

      This line confirms that such was identified:

      -
      clamd-mailcow_1      | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND
      -
      +

      text +clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND

      To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file:

      -
      echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2
      -
      +

      bash +echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2

      Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose:

      -
      docker-compose restart clamd-mailcow
      -
      +

      bash +docker-compose restart clamd-mailcow

      Cleanup cached ClamAV results in Redis:

      -
      # docker-compose exec redis-mailcow  /bin/sh
      -/data # redis-cli KEYS rs_cl* | xargs redis-cli DEL
      +

      ```

      +

      docker-compose exec redis-mailcow /bin/sh

      +

      /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit -

      +```


      diff --git a/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html b/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html index 5bd19481d..dddcf23e4 100644 --- a/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html +++ b/manual-guides/Docker/u_e-docker-cust_dockerfiles/index.html @@ -2348,14 +2348,11 @@

      Customize Dockerfiles

      You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized):

      -
      cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml
      -
      +

      cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml

      Make your changes in data/Dockerfiles/$service and build the image locally:

      -
      docker build data/Dockerfiles/service -t mailcow/$service
      -
      +

      docker build data/Dockerfiles/service -t mailcow/$service

      Now auto-recreate modified containers:

      -
      docker-compose up -d
      -
      +

      docker-compose up -d


      diff --git a/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html b/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html index 909a8ce9e..4bb1c0087 100644 --- a/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html +++ b/manual-guides/Docker/u_e-docker-dc_bash_compl/index.html @@ -2348,8 +2348,7 @@

      Docker Compose Bash Completion

      To get some sexy bash completion inside your containers simply execute the following:

      -
      curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
      -
      +

      curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose


      diff --git a/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html b/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html index 5e99fc0d7..1a8480f8a 100644 --- a/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-any_acl/index.html @@ -2349,8 +2349,7 @@

      On August the 17th, we disabled the possibility to share with "any" or "all authenticated users" by default.

      This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf:

      -
      ACL_ANYONE=allow
      -
      +

      ACL_ANYONE=allow

      Apply the changes by running docker-compose up -d.


      diff --git a/manual-guides/Dovecot/u_e-dovecot-expunge/index.html b/manual-guides/Dovecot/u_e-dovecot-expunge/index.html index 65fe574be..969fb3547 100644 --- a/manual-guides/Dovecot/u_e-dovecot-expunge/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-expunge/index.html @@ -1564,6 +1564,33 @@ + + + + + +
    • + + !/bin/bash + + +
    • + +
    • + + Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized + + +
    • + +
    • + + Execute everyday at 04:00 A.M. + + + + +
    • + +
    • + + !/bin/bash + + +
    • + +
    • + + Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized + + +
    • + +
    • + + Execute everyday at 04:00 A.M. + + + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users, but obviously slower and more dangerous + + + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users + + +
    • + +
    • + + single user + + +
    • + +
    • + + all users, but obviously slower and more dangerous + + +
    • @@ -2345,36 +2354,34 @@ -

      Mail crypt

      -

      Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1.

      If you want to decode/encode existing maildir files, you can use the following script at your own risk:

      Enter Dovecot by running docker-compose exec dovecot-mailcow /bin/bash in the mailcow-dockerized location.

      -
      # Decrypt /var/vmail
      -find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do
      -if [[ $(head -c7 "$file") == "CRYPTED" ]]; then
      +

      ```

      +

      Decrypt /var/vmail

      +

      find /var/vmail/ -type f -regextype egrep -regex '.S=.W=.*' | while read -r file; do +if [[ $(head -c7 "$file") == "CRYPTED" ]]; then doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ - "$file" > "/tmp/$(basename "$file")" - if [[ -s "/tmp/$(basename "$file")" ]]; then - chmod 600 "/tmp/$(basename "$file")" - chown 5000:5000 "/tmp/$(basename "$file")" - mv "/tmp/$(basename "$file")" "$file" + "$file" > "/tmp/$(basename "$file")" + if [[ -s "/tmp/$(basename "$file")" ]]; then + chmod 600 "/tmp/$(basename "$file")" + chown 5000:5000 "/tmp/$(basename "$file")" + mv "/tmp/$(basename "$file")" "$file" else - rm "/tmp/$(basename "$file")" + rm "/tmp/$(basename "$file")" fi fi -done - -# Encrypt /var/vmail -find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do -if [[ $(head -c7 "$file") != "CRYPTED" ]]; then +done

      +

      Encrypt /var/vmail

      +

      find /var/vmail/ -type f -regextype egrep -regex '.S=.W=.*' | while read -r file; do +if [[ $(head -c7 "$file") != "CRYPTED" ]]; then doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \ - "$file" "$file" - chmod 600 "$file" - chown 5000:5000 "$file" + "$file" "$file" + chmod 600 "$file" + chown 5000:5000 "$file" fi done -

      +```


      diff --git a/manual-guides/Dovecot/u_e-dovecot-more/index.html b/manual-guides/Dovecot/u_e-dovecot-more/index.html index 89b4daaed..021947943 100644 --- a/manual-guides/Dovecot/u_e-dovecot-more/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-more/index.html @@ -2414,25 +2414,19 @@

      doveadm quota

      The quota get and quota recalc1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes.

      To list the current quota status for a user / mailbox, do:

      -
      doveadm quota get -u 'mailbox@example.org'
      -
      +

      doveadm quota get -u 'mailbox@example.org'

      To list the quota storage value for all users, do:

      -
      doveadm quota get -A |grep "STORAGE"
      -
      +

      doveadm quota get -A |grep "STORAGE"

      Recalculate a single user's quota usage:

      -
      doveadm quota recalc -u 'mailbox@example.org'
      -
      +

      doveadm quota recalc -u 'mailbox@example.org'

      The doveadm search2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs.

      To view the number of messages, by user, in their .Trash folder:

      -
      doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c
      -
      +

      doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c

      Show all messages in a user's inbox older then 90 days:

      -
      doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d
      -
      +

      doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d

      Show all messages in any folder that are older then 30 days for mailbox@example.org:

      -
      doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d
      -
      +

      doveadm search -u 'mailbox@example.org' mailbox "*" savedbefore 30d


        diff --git a/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html b/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html index b24121c3f..462dd3787 100644 --- a/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-public_folder/index.html @@ -2398,28 +2398,25 @@

        Create a new public namespace "Public" and a mailbox "Develcow" inside that namespace:

        Edit or create data/conf/dovecot/extra.conf, add:

        -
        namespace {
        +

        namespace { type = public separator = / prefix = Public/ location = maildir:/var/vmail/public:INDEXPVT=~/public subscriptions = yes - mailbox "Develcow" { + mailbox "Develcow" { auto = subscribe } -} -

        +}

        :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted.

        The new mailbox in the public namespace will be auto-subscribed by users.

        To allow all authenticated users access full to that new mailbox (not the whole namespace), run:

        -
        docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create
        -
        +

        docker-compose exec dovecot-mailcow doveadm acl set -A "Public/Develcow" "authenticated" lookup read write write-seen write-deleted insert post delete expunge create

        Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example).

        Allow authenticated users access to the whole public namespace

        To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory:

        Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content:

        -
        authenticated kxeilprwts
        -
        +

        authenticated kxeilprwts

        kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create.

        You can use doveadm acl set -u user@domain "Public/Develcow" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to "lr" and grant only some users full access.

        See Dovecot ACL for further information about ACL.

        diff --git a/manual-guides/Dovecot/u_e-dovecot-static_master/index.html b/manual-guides/Dovecot/u_e-dovecot-static_master/index.html index 4387d62f6..540265637 100644 --- a/manual-guides/Dovecot/u_e-dovecot-static_master/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-static_master/index.html @@ -2351,9 +2351,8 @@

        That's recommended and should not be changed.

        If you need the user to be static anyway, please specify two variables in mailcow.conf.

        Both parameters must not be empty!

        -
        DOVECOT_MASTER_USER=mymasteruser
        -DOVECOT_MASTER_PASS=mysecretpass
        -
        +

        DOVECOT_MASTER_USER=mymasteruser +DOVECOT_MASTER_PASS=mysecretpass

        Run docker-compose up -d to apply your changes.

        The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local.

        To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above.

        diff --git a/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html b/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html index 8a4d7f797..65e65d32e 100644 --- a/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html +++ b/manual-guides/Dovecot/u_e-dovecot-vmail-volume/index.html @@ -2442,41 +2442,39 @@

        Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed).

      An easy, dirty, yet stable workaround is to stop mailcow (docker-compose down), remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example:

      -
      mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup
      -ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data
      -
      +

      mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup +ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data

      Start mailcow afterwards.


      The "old" way

      If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content:

      -
      version: '2.1'
      +

      version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail - o: bind -

      + o: bind

      Moving an existing vmail folder:

      • Locate the current vmail folder by its "Mountpoint" attribute: docker volume inspect mailcowdockerized_vmail-vol-1
      -
      [
      +

      hl_lines="10" +[ { - "CreatedAt": "2019-06-16T22:08:34+02:00", - "Driver": "local", - "Labels": { - "com.docker.compose.project": "mailcowdockerized", - "com.docker.compose.version": "1.23.2", - "com.docker.compose.volume": "vmail-vol-1" + "CreatedAt": "2019-06-16T22:08:34+02:00", + "Driver": "local", + "Labels": { + "com.docker.compose.project": "mailcowdockerized", + "com.docker.compose.version": "1.23.2", + "com.docker.compose.volume": "vmail-vol-1" }, - "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data", - "Name": "mailcowdockerized_vmail-vol-1", - "Options": null, - "Scope": "local" + "Mountpoint": "/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data", + "Name": "mailcowdockerized_vmail-vol-1", + "Options": null, + "Scope": "local" } -] -

      +]

      • Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail) using cp -a, rsync -a or a similar non strcuture breaking copy command
      • Stop mailcow by executing docker-compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized)
      • diff --git a/manual-guides/Nginx/u_e-nginx_custom/index.html b/manual-guides/Nginx/u_e-nginx_custom/index.html index 19d709f2a..35477cb7c 100644 --- a/manual-guides/Nginx/u_e-nginx_custom/index.html +++ b/manual-guides/Nginx/u_e-nginx_custom/index.html @@ -2444,9 +2444,9 @@

        New site

        To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/:

        A good template to begin with:

        -
        nano data/conf/nginx/my_custom_site.conf
        -
        -
        server {
        +

        nano data/conf/nginx/my_custom_site.conf

        +

        ``` hl_lines="16" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -2461,29 +2461,27 @@ # Location: data/web root /web; # Location: data/web/mysite.com - #root /web/mysite.com - include /etc/nginx/conf.d/listen_plain.active; + #root /web/mysite.com + include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; - server_tokens off; - - # This allows acme to be validated even with a different web root + server_tokens off;

        +

        # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { - default_type "text/plain"; + default_type "text/plain"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; - } - - if ($scheme = http) { + }

        +

        if ($scheme = http) { return 301 https://$server_name$request_uri; } } -

        +```

        New site with proxy to a remote location

        Another example with a reverse proxy configuration:

        -
        nano data/conf/nginx/my_custom_site.conf
        -
        -
        server {
        +

        nano data/conf/nginx/my_custom_site.conf

        +

        ``` hl_lines="16 28" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; @@ -2498,20 +2496,17 @@ root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; - server_name example.domain.tld; - server_tokens off; - - location ^~ /.well-known/acme-challenge/ { + server_name example.domain.tld; + server_tokens off;

        +

        location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; - } - - if ($scheme = http) { + default_type "text/plain"; + }

        +

        if ($scheme = http) { return 301 https://$host$request_uri; - } - - location / { - proxy_pass http://service:3000/; + }

        +

        location / { + proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; @@ -2519,18 +2514,16 @@ client_max_body_size 0; } } -

        +```

        Config expansion in mailcows Nginx

        The filename used for a new site is not important, as long as the filename carries a .conf extension.

        It is also possible to extend the configuration of the default file site.conf file:

        -
        nano data/conf/nginx/site.my_content.custom
        -
        +

        nano data/conf/nginx/site.my_content.custom

        This filename does not need to have a ".conf" extension but follows the pattern site.*.custom, where * is a custom name.

        If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf.

        Restart Nginx (and PHP-FPM, if a new listener was created):

        -
        docker-compose restart nginx-mailcow
        -docker-compose restart php-fpm-mailcow
        -
        +

        docker-compose restart nginx-mailcow +docker-compose restart php-fpm-mailcow


        diff --git a/manual-guides/Nginx/u_e-nginx_webmail-site/index.html b/manual-guides/Nginx/u_e-nginx_webmail-site/index.html index 1fe800e27..3b1f3455e 100644 --- a/manual-guides/Nginx/u_e-nginx_webmail-site/index.html +++ b/manual-guides/Nginx/u_e-nginx_webmail-site/index.html @@ -2350,7 +2350,8 @@

        IMPORTANT: This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But: The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key.

        To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of "CHANGE_TO_MAILCOW_HOSTNAME"!

        nano data/conf/nginx/webmail.conf

        -
        server {
        +

        ``` hl_lines="9 17" +server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; index index.php index.html; @@ -2358,23 +2359,21 @@ root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; - server_name webmail.example.org; - server_tokens off; + server_name webmail.example.org; + server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; + default_type "text/plain"; + }

        +

        location / { + return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; } - - location / { - return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; - } } -

        +```

        Save and restart Nginx: docker-compose restart nginx-mailcow.

        Now open mailcow.conf and find ADDITIONAL_SAN. Add webmail.example.org to this array, don't use quotes!

        -
        ADDITIONAL_SAN=webmail.example.org
        -
        +

        ADDITIONAL_SAN=webmail.example.org

        Run docker-compose up -d. See "acme-mailcow" and "nginx-mailcow" logs if anything fails.


        diff --git a/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/manual-guides/Postfix/u_e-postfix-attachment_size/index.html index ebfa2995b..c94780442 100644 --- a/manual-guides/Postfix/u_e-postfix-attachment_size/index.html +++ b/manual-guides/Postfix/u_e-postfix-attachment_size/index.html @@ -2349,8 +2349,7 @@

        Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value.

        Restart Postfix:

        -
        docker-compose restart postfix-mailcow
        -
        +

        docker-compose restart postfix-mailcow


        diff --git a/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html index f2201c3ce..1a7bca29d 100644 --- a/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html +++ b/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html @@ -2416,14 +2416,11 @@

        Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)

        This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do.

        Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. -

        user-to-allow-everything@example.com OK
        -

        +user-to-allow-everything@example.com OK

        Open data/conf/postfix/main.cf and find smtpd_sender_restrictions. Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: -

        smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]
        -

        +smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...]

        Run postmap on check_sasl_access:

        -
        docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
        -
        +

        docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access

        Restart the Postfix container.


        diff --git a/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/manual-guides/Postfix/u_e-postfix-extra_cf/index.html index 3c8e0c566..09481b43e 100644 --- a/manual-guides/Postfix/u_e-postfix-extra_cf/index.html +++ b/manual-guides/Postfix/u_e-postfix-extra_cf/index.html @@ -2351,8 +2351,7 @@

        Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended.

        Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used.

        Restart postfix-mailcow to apply your changes:

        -
        docker-compose restart postfix-mailcow
        -
        +

        docker-compose restart postfix-mailcow


        diff --git a/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html index 04e02c09d..d8f8da192 100644 --- a/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html +++ b/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html @@ -2348,13 +2348,11 @@

        Statistics with pflogsumm

        To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and direct the output to pflogsumm:

        -
        docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm
        -
        +

        docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm

        The above log output is limited to the last 24 hours.

        It is also possible to create a daily pflogsumm report via cron. Create the /etc/cron.d/pflogsumm file with the following content:

        -
        SHELL=/bin/bash
        -59 23 * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net
        -
        +

        SHELL=/bin/bash +59 23 * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s "Postfix Report of $(date)" postmaster@example.net

        To work, a local postfix must be installed on the server, which relays to the mailcow postfix.

        More detailed information can be found in section Post installation tasks -> Local MTA on Dockerhost.

        Based on the postfix logs of the last 24 hours, this example then sends a pflogsumm report to postmaster@example.net every day at 23:59:00.

        diff --git a/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html index 3ce108730..3cafa5f2f 100644 --- a/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html +++ b/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html @@ -66,6 +66,11 @@ @@ -2345,19 +2354,18 @@ -

        Whitelist IP in Postscreen

        -

        IPs can be removed from Postscreen and therefore also from RBL checks in data/conf/postfix/custom_postscreen_whitelist.cidr.

        Postscreen does multiple checks to identify malicious senders. In most cases you want to whitelist an IP to exclude it from blacklist lookups.

        The format of the file is as follows:

        CIDR ACTION

        Where CIDR is a single IP address or IP range in CIDR notation, and action is either "permit" or "reject".

        Example:

        -
        +```

        The file is reloaded on the fly, postfix restart is not required.


        diff --git a/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/manual-guides/Postfix/u_e-postfix-trust_networks/index.html index 37f4a454f..629ebc08d 100644 --- a/manual-guides/Postfix/u_e-postfix-trust_networks/index.html +++ b/manual-guides/Postfix/u_e-postfix-trust_networks/index.html @@ -2447,15 +2447,13 @@

        IPv4 hosts/subnets

        To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

        Edit data/conf/postfix/extra.cf:

        -
        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
        -
        +

        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24

        Run docker-compose restart postfix-mailcow to apply your new settings.

        IPv6 hosts/subnets

        Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended.

        To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:

        Edit data/conf/postfix/extra.cf:

        -
        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
        -
        +

        mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32

        Run docker-compose restart postfix-mailcow to apply your new settings.

        Info

        diff --git a/manual-guides/Redis/u_e-redis/index.html b/manual-guides/Redis/u_e-redis/index.html index 62ecc8f77..a07d179d6 100644 --- a/manual-guides/Redis/u_e-redis/index.html +++ b/manual-guides/Redis/u_e-redis/index.html @@ -1804,6 +1804,24 @@ +
      + + + + + + + + + +
    • + + docker-compose exec redis-mailcow redis-cli + + + -
    • - - - - @@ -2430,6 +2443,24 @@ + + + + + + + + + + +
    • + + docker-compose exec redis-mailcow redis-cli + + + -
    • - - - - @@ -2472,33 +2498,29 @@ -

      Redis

      -

      Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it.

      Client

      To connect to the redis cli execute:

      -
      docker-compose exec redis-mailcow redis-cli
      -
      +

      docker-compose exec redis-mailcow redis-cli

      Debugging

      Here are some useful commands for the redis-cli for debugging:

      MONITOR

      Listens for all requests received by the server in real time:

      -
      # docker-compose exec redis-mailcow redis-cli
      -127.0.0.1:6379> monitor
      +

      ```

      +

      docker-compose exec redis-mailcow redis-cli

      +

      127.0.0.1:6379> monitor OK -1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys" -1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys" +1494077286.401963 [0 172.22.1.253:41228] "SMEMBERS" "BAYES_SPAM_keys" +1494077288.292970 [0 172.22.1.253:41229] "SMEMBERS" "BAYES_SPAM_keys" [...] -

      +```

      KEYS

      Get all keys matching your pattern:

      -
      KEYS *
      -
      +

      KEYS *

      PING

      Test a connection:

      -
      127.0.0.1:6379> PING
      -PONG
      -
      +

      127.0.0.1:6379> PING +PONG

      If you want to know more, here is a cheat sheet.


      diff --git a/manual-guides/Rspamd/u_e-rspamd/index.html b/manual-guides/Rspamd/u_e-rspamd/index.html index a5a126877..73eae9542 100644 --- a/manual-guides/Rspamd/u_e-rspamd/index.html +++ b/manual-guides/Rspamd/u_e-rspamd/index.html @@ -1810,6 +1810,26 @@ + + + + + +
    • + + Ham + + +
    • + +
    • + + Spam + + +
    • + + + + + +
    • + + Ham + + +
    • + +
    • + + Spam + + +
    • open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it
    • copy CSS file to mailcow server data/conf/sogo/custom-theme.css
    • edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO;
    • append/create docker-compose.override.yml with: -
      version: '2.1'
      -
      -services:
      +```
      +version: '2.1'
    • + +

      services: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z -

      -
    • run docker-compose up -d
    • -
    • run docker-compose restart memcached-mailcow
    • - +`` +11. rundocker-compose up -d12. rundocker-compose restart memcached-mailcow`

      Reset to SOGo default theme

      1. checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js
      2. find in data/conf/sogo/custom-theme.js: -
        // Apply new palettes to the default theme, remap some of the hues
        -    $mdThemingProvider.theme('default')
        -      .primaryPalette('green-cow', {
        -        'default': '400',  // background color of top toolbars
        -        'hue-1': '400',
        -        'hue-2': '600',    // background color of sidebar toolbar
        -        'hue-3': 'A700'
        +// Apply new palettes to the default theme, remap some of the hues
        +    $mdThemingProvider.theme('default')
        +      .primaryPalette('green-cow', {
        +        'default': '400',  // background color of top toolbars
        +        'hue-1': '400',
        +        'hue-2': '600',    // background color of sidebar toolbar
        +        'hue-3': 'A700'
               })
        -      .accentPalette('green', {
        -        'default': '600',  // background color of fab buttons and login screen
        -        'hue-1': '300',    // background color of center list toolbar
        -        'hue-2': '300',    // highlight color for selected mail and current day calendar
        -        'hue-3': 'A700'
        +      .accentPalette('green', {
        +        'default': '600',  // background color of fab buttons and login screen
        +        'hue-1': '300',    // background color of center list toolbar
        +        'hue-2': '300',    // highlight color for selected mail and current day calendar
        +        'hue-3': 'A700'
               })
        -      .backgroundPalette('frost-grey');
        -
        + .backgroundPalette('frost-grey'); and replace it with: -
            $mdThemingProvider.theme('default');
        -
      3. +$mdThemingProvider.theme('default');
      4. remove from docker-compose.override.yml volume mount in sogo-mailcow: -
        - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z
        -
      5. +``` +
      6. ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z +```
      7. run docker-compose up -d
      8. run docker-compose restart memcached-mailcow
      @@ -2553,16 +2550,14 @@ After you replaced said file you need to restart SOGo and Memcached containers b

      Domains are usually isolated from eachother.

      You can change that by modifying data/conf/sogo/sogo.conf:

      Search... -

         // SOGoDomainsVisibility = (
      +// SOGoDomainsVisibility = (
           //  (domain1.tld, domain5.tld),
           //  (domain3.tld, domain2.tld)
      -    // );
      -
      + // ); ...and replace it by - for example:

      -
          SOGoDomainsVisibility = (
      +

      SOGoDomainsVisibility = ( (example.org, example.com, example.net) - ); -

      + );

      Restart SOGo: docker-compose restart sogo-mailcow

      Disable password changing

      Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO. Please do not add a new parameter.

      diff --git a/manual-guides/Unbound/u_e-unbound-fwd/index.html b/manual-guides/Unbound/u_e-unbound-fwd/index.html index 0bf5ac7d7..0e186a56b 100644 --- a/manual-guides/Unbound/u_e-unbound-fwd/index.html +++ b/manual-guides/Unbound/u_e-unbound-fwd/index.html @@ -2416,18 +2416,15 @@ Important: Only DNSSEC validating DNS services will work.

      Method A, Unbound

      Edit data/conf/unbound/unbound.conf and append the following parameters:

      -
      forward-zone:
      -  name: "."
      +

      forward-zone: + name: "." forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE - forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE -

      + forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE

      Restart Unbound:

      -
      docker-compose restart unbound-mailcow
      -
      +

      docker-compose restart unbound-mailcow

      Method B, Override file

      -
      cd /opt/mailcow-dockerized
      -cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .
      -
      +

      cd /opt/mailcow-dockerized +cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml .

      Edit docker-compose.override.yml and adjust the IP.

      Run docker-compose down ; docker-compose up -d.

      diff --git a/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html index c732ca90d..19ffc0df2 100644 --- a/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html +++ b/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html @@ -2649,7 +2649,7 @@

      Watchdog uses default values for all thresholds defined in docker-compose.yml.

      The default values will work for most setups. Example: -

      - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
      +- NGINX_THRESHOLD=${NGINX_THRESHOLD:-5}
       - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5}
       - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5}
       - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5}
      @@ -2666,8 +2666,7 @@ Example:
       - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5}
       - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5}
       - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20}
      -- MAILQ_CRIT=${MAILQ_CRIT:-30}
      -

      +- MAILQ_CRIT=${MAILQ_CRIT:-30}

      To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10) to mailcow.conf and run docker-compose up -d.

      Thresholds descriptions

      NGINX_THRESHOLD

      diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html index 2e5b2bab0..59dbaefe8 100644 --- a/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html +++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html @@ -2403,20 +2403,19 @@

      1. Move this message to a sub folder "facebook" (will be created lower case if not existing)

      2. Prepend the tag to the subject: "[facebook] Subject"

      Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: -

      diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
      +diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after
       index e047136e..933c4137 100644
       --- a/data/conf/dovecot/global_sieve_after
       +++ b/data/conf/dovecot/global_sieve_after
       @@ -15,7 +15,7 @@ if allof (
      -   envelope :detail :matches "to" "*",
      -   header :contains "X-Moo-Tag" "YES"
      +   envelope :detail :matches "to" "*",
      +   header :contains "X-Moo-Tag" "YES"
          ) {
      --  set :lower :upperfirst "tag" "${1}";
      -+  set "tag" "${1}";
      -   if mailboxexists "INBOX/${1}" {
      -     fileinto "INBOX/${1}";
      -   } else {
      -

      +- set :lower :upperfirst "tag" "${1}"; ++ set "tag" "${1}"; + if mailboxexists "INBOX/${1}" { + fileinto "INBOX/${1}"; + } else {


      diff --git a/manual-guides/u_e-80_to_443/index.html b/manual-guides/u_e-80_to_443/index.html index fac048bd9..522a20109 100644 --- a/manual-guides/u_e-80_to_443/index.html +++ b/manual-guides/u_e-80_to_443/index.html @@ -2349,27 +2349,24 @@

      Do not use the config below for reverse proxy setups, please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS.

      Open mailcow.conf and set HTTP_BIND= - if not already set.

      Create a new file data/conf/nginx/redirect.conf and add the following server config to the file:

      -
      server {
      +

      server { root /web; listen 80 default_server; listen [::]:80 default_server; include /etc/nginx/conf.d/server_name.active; - if ( $request_uri ~* "%0A|%0D" ) { return 403; } + if ( $request_uri ~* "%0A|%0D" ) { return 403; } location ^~ /.well-known/acme-challenge/ { allow all; - default_type "text/plain"; + default_type "text/plain"; } location / { return 301 https://$host$uri$is_args$args; } -} -

      +}

      In case you changed the HTTP_BIND parameter, recreate the container:

      -
      docker-compose up -d
      -
      +

      docker-compose up -d

      Otherwise restart Nginx:

      -
      docker-compose restart nginx-mailcow
      -
      +

      docker-compose restart nginx-mailcow


      diff --git a/manual-guides/u_e-autodiscover_config/index.html b/manual-guides/u_e-autodiscover_config/index.html index 7f63d14f9..a92a2f5d2 100644 --- a/manual-guides/u_e-autodiscover_config/index.html +++ b/manual-guides/u_e-autodiscover_config/index.html @@ -2350,45 +2350,44 @@ Keep in mind, that ActiveSync should NOT be used with a desktop client.

      Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array.

      Changes will be merged with "$autodiscover_config" in data/web/inc/vars.inc.php):

      -
      <?php
      +

      <?php $autodiscover_config = array( - // General autodiscover service type: "activesync" or "imap" + // General autodiscover service type: "activesync" or "imap" // emClient uses autodiscover, but does not support ActiveSync. mailcow excludes emClient from ActiveSync. - 'autodiscoverType' => 'activesync', + 'autodiscoverType' => 'activesync', // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows) // Outlook for Mac does not support ActiveSync - 'useEASforOutlook' => 'yes', - // Please don't use STARTTLS-enabled service ports in the "port" variable. + 'useEASforOutlook' => 'yes', + // Please don't use STARTTLS-enabled service ports in the "port" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). - // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. - 'imap' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), + // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the "tlsport" variable. + 'imap' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), ), - 'pop3' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('POPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), + 'pop3' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('POPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), ), - 'smtp' => array( - 'server' => $mailcow_hostname, - 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), - 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), + 'smtp' => array( + 'server' => $mailcow_hostname, + 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), + 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), ), - 'activesync' => array( - 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', + 'activesync' => array( + 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', ), - 'caldav' => array( - 'server' => $mailcow_hostname, - 'port' => $https_port, + 'caldav' => array( + 'server' => $mailcow_hostname, + 'port' => $https_port, ), - 'carddav' => array( - 'server' => $mailcow_hostname, - 'port' => $https_port, + 'carddav' => array( + 'server' => $mailcow_hostname, + 'port' => $https_port, ), -); -

      +);

      To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap'.

      Disable ActiveSync for Outlook desktop clients by setting "useEASforOutlook" to "no".

      diff --git a/manual-guides/u_e-reeanble-weak-protocols/index.html b/manual-guides/u_e-reeanble-weak-protocols/index.html index 3e73d6b4f..d004a84bb 100644 --- a/manual-guides/u_e-reeanble-weak-protocols/index.html +++ b/manual-guides/u_e-reeanble-weak-protocols/index.html @@ -2349,15 +2349,12 @@

      Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all.

      How to re-enable weak protocols?

      Edit data/conf/postfix/extra.cf:

      -
      submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
      -smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
      -
      +

      submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 +smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3

      Edit data/conf/dovecot/extra.conf:

      -
      ssl_min_protocol = TLSv1
      -
      +

      ssl_min_protocol = TLSv1

      Restart the affected services:

      -
      docker-compose restart postfix-mailcow dovecot-mailcow
      -
      +

      docker-compose restart postfix-mailcow dovecot-mailcow

      Hint: You can enable TLS 1.2 in Windows 7.


      diff --git a/post_installation/firststeps-disable_ipv6/index.html b/post_installation/firststeps-disable_ipv6/index.html index 1b226de74..9b92ab93b 100644 --- a/post_installation/firststeps-disable_ipv6/index.html +++ b/post_installation/firststeps-disable_ipv6/index.html @@ -66,6 +66,11 @@ @@ -2343,8 +2352,6 @@ -

      Disable IPv6

      -

      This is ONLY recommended if you do not have an IPv6 enabled network on your host!

      If you really need to, you can disable the usage of IPv6 in the compose file. Additionally, you can also disable the startup of container "ipv6nat-mailcow", as it's not needed if you won't use IPv6.

      @@ -2353,49 +2360,45 @@ and implement your changes to the service there. Unfortunately, this right now o

      To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file).

      1. Modify docker-compose.yml

      Change enable_ipv6: true to enable_ipv6: false:

      -
      networks:
      +

      networks: mailcow-network: [...] enable_ipv6: true # <<< set to false - [...] -

      + [...]

      2. Disable ipv6nat-mailcow

      To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called "docker-compose.override.yml":

      NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly!

      -
      # cd /opt/mailcow-dockerized
      -# touch docker-compose.override.yml
      -
      +

      ```

      +

      cd /opt/mailcow-dockerized

      +

      touch docker-compose.override.yml

      +

      ```

      Open the file in your favourite text editor and fill in the following:

      -
      version: '2.1'
      -services:
      -
      -    ipv6nat-mailcow:
      -      image: bash:latest
      -      restart: "no"
      -      entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
      -
      +

      ``` +version: '2.1' +services:

      +
      ipv6nat-mailcow:
      +  image: bash:latest
      +  restart: "no"
      +  entrypoint: ["echo", "ipv6nat disabled in compose.override.yml"]
      +
      +

      ```

      For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated:

      -
      docker-compose down
      -docker-compose up -d
      -
      +

      docker-compose down +docker-compose up -d

      3. Disable IPv6 in unbound-mailcow

      Edit data/conf/unbound/unbound.conf and set do-ip6 to "no":

      -
      server:
      +

      server: [...] do-ip6: no - [...] -

      + [...]

      Restart Unbound:

      -
      docker-compose restart unbound-mailcow
      -
      +

      docker-compose restart unbound-mailcow

      4. Disable IPv6 in postfix-mailcow

      Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4:

      -
      smtp_address_preference = ipv4
      -inet_protocols = ipv4
      -
      +

      smtp_address_preference = ipv4 +inet_protocols = ipv4

      Restart Postfix:

      -
      docker-compose restart postfix-mailcow
      -
      +

      docker-compose restart postfix-mailcow


      diff --git a/post_installation/firststeps-dmarc_reporting/index.html b/post_installation/firststeps-dmarc_reporting/index.html index c0266494c..1bf16d1c0 100644 --- a/post_installation/firststeps-dmarc_reporting/index.html +++ b/post_installation/firststeps-dmarc_reporting/index.html @@ -2473,44 +2473,42 @@

      Enable DMARC reporting

      Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content:

      -
      reporting {
      +

      reporting { enabled = true; - email = 'noreply-dmarc@example.com'; - domain = 'example.com'; - org_name = 'Example'; - helo = 'rspamd'; - smtp = 'postfix'; + email = 'noreply-dmarc@example.com'; + domain = 'example.com'; + org_name = 'Example'; + helo = 'rspamd'; + smtp = 'postfix'; smtp_port = 25; - from_name = 'Example DMARC Report'; - msgid_from = 'rspamd.mail.example.com'; + from_name = 'Example DMARC Report'; + msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; -} -

      +}

      Create or modify docker-compose.override.yml in the mailcow-dockerized base directory:

      -
      version: '2.1'
      -
      -services:
      +

      ``` +version: '2.1'

      +

      services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: - ofelia.enabled: "true" - ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" - ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" + ofelia.enabled: "true" + ofelia.job-exec.rspamd_dmarc_reporting.schedule: "@every 24h" + ofelia.job-exec.rspamd_dmarc_reporting.command: "/bin/bash -c \"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\"" ofelia-mailcow: depends_on: - rspamd-mailcow -

      +```

      Run docker-compose up -d

      Send a copy reports to yourself

      To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf:

      -
      reporting {
      +

      reporting { enabled = true; - email = 'noreply-dmarc@example.com'; - bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; -[...] -

      + email = 'noreply-dmarc@example.com'; + bcc_addrs = ["noreply-dmarc@example.com","parsedmarc@example.com"]; +[...]

      Rspamd will load changes in real time, so you won't need to restart the container at this point.

      This can be useful if you...

        @@ -2519,18 +2517,14 @@ services:

      Troubleshooting

      Check when the report schedule last ran:

      -
      docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log
      -
      +

      docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log

      See the latest report output:

      -
      docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log
      -
      +

      docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log

      Manually trigger a DMARC report:

      -
      docker-compose exec rspamd-mailcow rspamadm dmarc_report
      -
      +

      docker-compose exec rspamd-mailcow rspamadm dmarc_report

      Validate that Rspamd has recorded data in Redis:

      -
      docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*'
      -docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"
      -
      +

      docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' +docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;20211231"

      Change DMARC reporting frequency

      In the example above reports are sent once every 24 hours.

      Olefia schedule has same implementation as cron in Go, supported syntax described at cron Documentation

      diff --git a/post_installation/firststeps-ip_bindings/index.html b/post_installation/firststeps-ip_bindings/index.html index 94d28ccce..0867b4010 100644 --- a/post_installation/firststeps-ip_bindings/index.html +++ b/post_installation/firststeps-ip_bindings/index.html @@ -530,10 +530,65 @@
    • + + For technical reasons, http bindings are a bit different from other service bindings. + + +
    • + +
    • + + You will find the following variables, separated by a bind address and its port: + + +
    • + +
    • + + Example: HTTP_BIND=1.2.3.4 + + +
    • + +
    • + + Other services are bound by using the following format: + + +
    • + +
    • + + SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 + + +
    • + +
    • + + Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. + + +
    • + +
    • + + doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. + + + +
    • @@ -2382,10 +2437,65 @@
    • + + For technical reasons, http bindings are a bit different from other service bindings. + + +
    • + +
    • + + You will find the following variables, separated by a bind address and its port: + + +
    • + +
    • + + Example: HTTP_BIND=1.2.3.4 + + +
    • + +
    • + + Other services are bound by using the following format: + + +
    • + +
    • + + SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 + + +
    • + +
    • + + Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. + + +
    • + +
    • + + doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. + + + +
    • @@ -2406,29 +2516,25 @@ -

      IP bindings

      -

      Warning

      Changing the binding does not affect source NAT. See SNAT for required steps.

      IPv4 binding

      To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs:

      -
      # For technical reasons, http bindings are a bit different from other service bindings.
      -# You will find the following variables, separated by a bind address and its port:
      -# Example: HTTP_BIND=1.2.3.4
      -
      -HTTP_PORT=80
      +

      ```

      +

      For technical reasons, http bindings are a bit different from other service bindings.

      +

      You will find the following variables, separated by a bind address and its port:

      +

      Example: HTTP_BIND=1.2.3.4

      +

      HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 -HTTPS_BIND= - -# Other services are bound by using the following format: -# SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 -# Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. -# doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. - -SMTP_PORT=25 +HTTPS_BIND=

      +

      Other services are bound by using the following format:

      +

      SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25

      +

      Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x.

      +

      doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing.

      +

      SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 @@ -2439,35 +2545,36 @@ SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 -

      +```

      To apply your changes, run docker-compose down followed by docker-compose up -d.

      IPv6 binding

      Changing IPv6 bindings is different from IPv4. Again, this has a technical background.

      A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten.

      Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file.

      An imaginary IPv6 2a00:dead:beef::abc is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed.

      -
      version: '2.1'
      -services:
      +

      ``` +version: '2.1' +services:

      +
      dovecot-mailcow:
      +  ports:
      +    - '2a00:dead:beef::abc:143:143'
      +    - '2a00:dead:beef::abc:993:993'
      +    - '2a00:dead:beef::abc:110:110'
      +    - '2a00:dead:beef::abc:995:995'
      +    - '2a00:dead:beef::abc:4190:4190'
       
      -    dovecot-mailcow:
      -      ports:
      -        - '2a00:dead:beef::abc:143:143'
      -        - '2a00:dead:beef::abc:993:993'
      -        - '2a00:dead:beef::abc:110:110'
      -        - '2a00:dead:beef::abc:995:995'
      -        - '2a00:dead:beef::abc:4190:4190'
      +postfix-mailcow:
      +  ports:
      +    - '2a00:dead:beef::abc:25:25'
      +    - '2a00:dead:beef::abc:465:465'
      +    - '2a00:dead:beef::abc:587:587'
       
      -    postfix-mailcow:
      -      ports:
      -        - '2a00:dead:beef::abc:25:25'
      -        - '2a00:dead:beef::abc:465:465'
      -        - '2a00:dead:beef::abc:587:587'
      -
      -    nginx-mailcow:
      -      ports:
      -        - '2a00:dead:beef::abc:80:80'
      -        - '2a00:dead:beef::abc:443:443'
      -
      +nginx-mailcow: + ports: + - '2a00:dead:beef::abc:80:80' + - '2a00:dead:beef::abc:443:443' + +

      ```

      To apply your changes, run docker-compose down followed by docker-compose up -d.


      diff --git a/post_installation/firststeps-local_mta/index.html b/post_installation/firststeps-local_mta/index.html index 4df30d8c1..2ec9f6401 100644 --- a/post_installation/firststeps-local_mta/index.html +++ b/post_installation/firststeps-local_mta/index.html @@ -66,6 +66,11 @@ @@ -2343,19 +2352,17 @@ -

      Local MTA on Docker host

      -

      The easiest option would be to disable the listener on port 25/tcp.

      Postfix users disable the listener by commenting the following line (starting with smtp or 25) in /etc/postfix/master.cf: -

      #smtp      inet  n       -       -       -       -       smtpd
      -

      +```

      +

      smtp inet n - - - - smtpd

      +

      ```

      Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from "inet_interfaces":

      -
      postconf -e 'relayhost = 172.22.1.1'
      -postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128"
      -postconf -e "inet_interfaces = loopback-only"
      -postconf -e "relay_transport = relay"
      -postconf -e "default_transport = smtp"
      -
      +

      postconf -e 'relayhost = 172.22.1.1' +postconf -e "mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128" +postconf -e "inet_interfaces = loopback-only" +postconf -e "relay_transport = relay" +postconf -e "default_transport = smtp"

      Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld.

      "172.22.1.1" is the mailcow created network gateway in Docker. Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network.

      diff --git a/post_installation/firststeps-logging/index.html b/post_installation/firststeps-logging/index.html index 4880fe618..abf97efd5 100644 --- a/post_installation/firststeps-logging/index.html +++ b/post_installation/firststeps-logging/index.html @@ -572,6 +572,33 @@ + + + + + +
    • + + For Rsyslog only: + + +
    • + +
    • + + To move local3 input to /var/log/mailcow.log and stop processing, create a file "/etc/rsyslog.d/docker.conf": + + +
    • + +
    • + + Restart rsyslog afterwards. + + + + +
    • + +
    • + + For Rsyslog only: + + +
    • + +
    • + + To move local3 input to /var/log/mailcow.log and stop processing, create a file "/etc/rsyslog.d/docker.conf": + + +
    • + +
    • + + Restart rsyslog afterwards. + + +
    • + + !/bin/bash + + + +
    • @@ -2462,16 +2488,14 @@ -

      Reverse Proxy

      -

      You don't need to change the Nginx site that comes with mailcow: dockerized. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy.

      1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: -

      HTTP_BIND=127.0.0.1
      -HTTP_PORT=8080
      -HTTPS_BIND=127.0.0.1
      -HTTPS_PORT=8443
      -

      +bash +HTTP_BIND=127.0.0.1 +HTTP_PORT=8080 +HTTPS_BIND=127.0.0.1 +HTTPS_PORT=8443

      This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker.

      IMPORTANT: Do not use port 8081, 9081 or 65510!

      Recreate affected containers by running docker-compose up -d.

      @@ -2500,81 +2524,73 @@ On many servers logrotate will reload the webserver daily anyway.

      2. Configure your local webserver as reverse proxy:

      Apache 2.4

      Required modules: -

      a2enmod rewrite proxy proxy_http headers ssl
      -

      +a2enmod rewrite proxy proxy_http headers ssl

      Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine.

      Take care of highlighted lines.

      -
      <VirtualHost *:80>
      -  ServerName CHANGE_TO_MAILCOW_HOSTNAME
      -  ServerAlias autodiscover.*
      -  ServerAlias autoconfig.*
      -  RewriteEngine on
      -
      -  RewriteCond %{HTTPS} off
      -  RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]
      -
      -  ProxyPass / http://127.0.0.1:8080/
      -  ProxyPassReverse / http://127.0.0.1:8080/
      -  ProxyPreserveHost On
      -  ProxyAddHeaders On
      -  RequestHeader set X-Forwarded-Proto "http"
      -</VirtualHost>
      -<VirtualHost *:443>
      -  ServerName CHANGE_TO_MAILCOW_HOSTNAME
      -  ServerAlias autodiscover.*
      -  ServerAlias autoconfig.*
      -
      -  # You should proxy to a plain HTTP session to offload SSL processing
      -  ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
      -  ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync
      -  ProxyPass / http://127.0.0.1:8080/
      -  ProxyPassReverse / http://127.0.0.1:8080/
      -  ProxyPreserveHost On
      -  ProxyAddHeaders On
      -  RequestHeader set X-Forwarded-Proto "https"
      -
      -  SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem
      -  SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem
      -
      -  # If you plan to proxy to a HTTPS host:
      -  #SSLProxyEngine On
      -
      -  # If you plan to proxy to an untrusted HTTPS host:
      -  #SSLProxyVerify none
      -  #SSLProxyCheckPeerCN off
      -  #SSLProxyCheckPeerName off
      -  #SSLProxyCheckPeerExpire off
      -</VirtualHost>
      -
      +

      ``` apache hl_lines="2 10 11 17 22 23 24 25 30 31" + + ServerName CHANGE_TO_MAILCOW_HOSTNAME + ServerAlias autodiscover.* + ServerAlias autoconfig.* + RewriteEngine on

      +

      RewriteCond %{HTTPS} off + RewriteRule ^/?(.*) https://%{HTTP_HOST}/$1 [R=301,L]

      +

      ProxyPass / http://127.0.0.1:8080/ + ProxyPassReverse / http://127.0.0.1:8080/ + ProxyPreserveHost On + ProxyAddHeaders On + RequestHeader set X-Forwarded-Proto "http" + + + ServerName CHANGE_TO_MAILCOW_HOSTNAME + ServerAlias autodiscover.* + ServerAlias autoconfig.*

      +

      # You should proxy to a plain HTTP session to offload SSL processing + ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 + ProxyPassReverse /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync + ProxyPass / http://127.0.0.1:8080/ + ProxyPassReverse / http://127.0.0.1:8080/ + ProxyPreserveHost On + ProxyAddHeaders On + RequestHeader set X-Forwarded-Proto "https"

      +

      SSLCertificateFile MAILCOW_PATH/data/assets/ssl/cert.pem + SSLCertificateKeyFile MAILCOW_PATH/data/assets/ssl/key.pem

      +

      # If you plan to proxy to a HTTPS host: + #SSLProxyEngine On

      +

      # If you plan to proxy to an untrusted HTTPS host: + #SSLProxyVerify none + #SSLProxyCheckPeerCN off + #SSLProxyCheckPeerName off + #SSLProxyCheckPeerExpire off + +```

      Nginx

      Let's Encrypt will follow our rewrite, certificate requests will work fine.

      Take care of highlighted lines.

      -
      server {
      +

      ``` hl_lines="4 10 12 13 25 39" +server { listen 80 default_server; listen [::]:80 default_server; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; - return 301 https://$host$request_uri; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.; + return 301 https://$host$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; - server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*; - - ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; - ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; - ssl_session_timeout 1d; + server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover. autoconfig.*;

      +

      ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; + ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; + ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; - ssl_session_tickets off; - - # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations + ssl_session_tickets off;

      +

      # See https://ssl-config.mozilla.org/#server=nginx for the latest ssl settings recommendations # An example config is given below ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5:!SHA1:!kRSA; - ssl_prefer_server_ciphers off; - - location /Microsoft-Server-ActiveSync { - proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; - proxy_set_header Host $http_host; + ssl_prefer_server_ciphers off;

      +

      location /Microsoft-Server-ActiveSync { + proxy_pass http://127.0.0.1:8080/Microsoft-Server-ActiveSync; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; @@ -2584,39 +2600,38 @@ server { proxy_buffers 64 512k; # Needed since the 2022-04 Update for SOGo client_body_buffer_size 512k; client_max_body_size 0; - } - - location / { - proxy_pass http://127.0.0.1:8080/; - proxy_set_header Host $http_host; + }

      +

      location / { + proxy_pass http://127.0.0.1:8080/; + proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; # The following Proxy Buffers has to be set if you want to use SOGo after the 2022-04 (April 2022) Update - # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 + # Otherwise a Login will fail like this: https://github.com/mailcow/mailcow-dockerized/issues/4537 proxy_buffer_size 128k; proxy_buffers 64 512k; proxy_busy_buffers_size 512k; } } -

      +```

      HAProxy (community supported)

      Warning

      This is an unsupported community contribution. Feel free to provide fixes.

      Important/Fixme: This example only forwards HTTPS traffic and does not use mailcows built-in ACME client.

      -
      frontend https-in
      +

      ``` +frontend https-in bind :::443 v4v6 ssl crt mailcow.pem - default_backend mailcow - -backend mailcow + default_backend mailcow

      +

      backend mailcow option forwardfor http-request set-header X-Forwarded-Proto https if { ssl_fc } http-request set-header X-Forwarded-Proto http if !{ ssl_fc } server mailcow 127.0.0.1:8080 check -

      +```

      Traefik v2 (community supported)

      Warning

      @@ -2627,50 +2642,49 @@ backend mailcow

      So, first of all, we are going to disable the acme-mailcow container since we'll use the certs that traefik will provide us. For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow.conf, and run docker-compose up -d to apply the changes.

      Then we'll create a docker-compose.override.yml file in order to override the main docker-compose.yml found in your mailcow root folder.

      -
      version: '2.1'
      -
      -services:
      -    nginx-mailcow:
      -      networks:
      -        # add Traefik's network
      -        web:
      -      labels:
      -        - traefik.enable=true
      -        # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule,
      -        #   in this case, a Host rule with our MAILCOW_HOSTNAME var.
      -        - traefik.http.routers.moo.rule=Host(`${MAILCOW_HOSTNAME}`)
      -        # Enables tls over the router we created before.
      -        - traefik.http.routers.moo.tls=true
      -        # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt).
      -        - traefik.http.routers.moo.tls.certresolver=le
      -        # Creates a service called "moo" for the container, and specifies which internal port of the container
      -        #   should traefik route the incoming data to.
      -        - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT}
      -        # Specifies which entrypoint (external port) should traefik listen to, for this container.
      -        #   websecure being port 443, check the traefik.toml file liked above.
      -        - traefik.http.routers.moo.entrypoints=websecure
      -        # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network
      -        - traefik.docker.network=web
      -
      -    certdumper:
      -        image: humenius/traefik-certs-dumper
      -        container_name: traefik_certdumper
      -        network_mode: none
      -        volumes:
      -          # mount the folder which contains Traefik's `acme.json' file
      -          #   in this case Traefik is started from its own docker-compose in ../traefik
      -          - ../traefik/data:/traefik:ro
      -          # mount mailcow's SSL folder
      -          - ./data/assets/ssl/:/output:rw
      -        restart: always
      -        environment:
      -          # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
      -          - DOMAIN=${MAILCOW_HOSTNAME}
      -
      -networks:
      -  web:
      -    external: true
      -
      +

      ```yaml +version: '2.1'

      +

      services: + nginx-mailcow: + networks: + # add Traefik's network + web: + labels: + - traefik.enable=true + # Creates a router called "moo" for the container, and sets up a rule to link the container to certain rule, + # in this case, a Host rule with our MAILCOW_HOSTNAME var. + - traefik.http.routers.moo.rule=Host(${MAILCOW_HOSTNAME}) + # Enables tls over the router we created before. + - traefik.http.routers.moo.tls=true + # Specifies which kind of cert resolver we'll use, in this case le (Lets Encrypt). + - traefik.http.routers.moo.tls.certresolver=le + # Creates a service called "moo" for the container, and specifies which internal port of the container + # should traefik route the incoming data to. + - traefik.http.services.moo.loadbalancer.server.port=${HTTP_PORT} + # Specifies which entrypoint (external port) should traefik listen to, for this container. + # websecure being port 443, check the traefik.toml file liked above. + - traefik.http.routers.moo.entrypoints=websecure + # Make sure traefik uses the web network, not the mailcowdockerized_mailcow-network + - traefik.docker.network=web

      +
      certdumper:
      +    image: humenius/traefik-certs-dumper
      +    container_name: traefik_certdumper
      +    network_mode: none
      +    volumes:
      +      # mount the folder which contains Traefik's `acme.json' file
      +      #   in this case Traefik is started from its own docker-compose in ../traefik
      +      - ../traefik/data:/traefik:ro
      +      # mount mailcow's SSL folder
      +      - ./data/assets/ssl/:/output:rw
      +    restart: always
      +    environment:
      +      # only change this, if you're using another domain for mailcow's web frontend compared to the standard config
      +      - DOMAIN=${MAILCOW_HOSTNAME}
      +
      +

      networks: + web: + external: true +```

      Start the new containers with docker-compose up -d.

      Now, there's only one thing left to do, which is setup the certs so that the mail services can use them as well, since Traefik 2 uses an acme v2 format to save ALL the license from all the domains we have, we'll need to find a way to dump the certs, lucky we have this tiny container which grabs the acme.json file trough a volume, and a variable DOMAIN=example.org, and with these, the container will output the cert.pem and key.pem files, for this we'll simply run the traefik-certs-dumper container binding the /traefik volume to the folder where our acme.json is saved, bind the /output volume to our mailcow data/assets/ssl/ folder, and set up the DOMAIN=example.org variable to the domain we want the certs dumped from.

      This container will watch over the acme.json file for any changes, and regenerate the cert.pem and key.pem files directly into data/assets/ssl/ being the path binded to the container's /output path.

      @@ -2680,18 +2694,18 @@ For this we'll have to set SKIP_LETS_ENCRYPT=y on our mailcow

      Optional: Post-hook script for non-mailcow ACME clients

      Using a local certbot (or any other ACME client) requires to restart some containers, you can do this with a post-hook script. Make sure you change the paths accordingly: -

      #!/bin/bash
      -cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
      +```

      +

      !/bin/bash

      +

      cp /etc/letsencrypt/live/my.domain.tld/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem cp /etc/letsencrypt/live/my.domain.tld/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem postfix_c=$(docker ps -qaf name=postfix-mailcow) dovecot_c=$(docker ps -qaf name=dovecot-mailcow) nginx_c=$(docker ps -qaf name=nginx-mailcow) docker restart ${postfix_c} ${dovecot_c} ${nginx_c} -

      +```

      Adding additional server names for mailcow UI

      If you plan to use a server name that is not MAILCOW_HOSTNAME in your reverse proxy, make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES first. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond to your reverse proxy with an incorrect site.

      -
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
      -
      +

      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld

      Run docker-compose up -d to apply.


      diff --git a/post_installation/firststeps-snat/index.html b/post_installation/firststeps-snat/index.html index b51ddabb5..260672bd0 100644 --- a/post_installation/firststeps-snat/index.html +++ b/post_installation/firststeps-snat/index.html @@ -66,6 +66,11 @@
      @@ -564,6 +569,8 @@ + + SNAT @@ -2326,6 +2333,8 @@ + +
      @@ -2343,17 +2352,15 @@ -

      SNAT

      -

      SNAT is used to change the source address of the packets sent by mailcow. It can be used to change the outgoing IP address on systems with multiple IP addresses.

      Open mailcow.conf, set either or both of the following parameters:

      -
      # Use this IPv4 for outgoing connections (SNAT)
      -SNAT_TO_SOURCE=1.2.3.4
      -
      -# Use this IPv6 for outgoing connections (SNAT)
      -SNAT6_TO_SOURCE=dead:beef
      -
      +

      ```

      +

      Use this IPv4 for outgoing connections (SNAT)

      +

      SNAT_TO_SOURCE=1.2.3.4

      +

      Use this IPv6 for outgoing connections (SNAT)

      +

      SNAT6_TO_SOURCE=dead:beef +```

      Run docker-compose up -d.

      The values are read by netfilter-mailcow. netfilter-mailcow will make sure, the post-routing rules are on position 1 in the netfilter table. It does automatically delete and re-create them if they are found on another position than 1.

      Check the output of docker-compose logs --tail=200 netfilter-mailcow to ensure the SNAT settings have been applied.

      diff --git a/post_installation/firststeps-ssl/index.html b/post_installation/firststeps-ssl/index.html index cbb465ac4..8077b7fa1 100644 --- a/post_installation/firststeps-ssl/index.html +++ b/post_installation/firststeps-ssl/index.html @@ -502,6 +502,19 @@ + + + + + +
    • + + Now check the logs for a renewal + + + +
    • + +
    • + + Connect via SMTP (587) + + +
    • + +
    • + + Connect via IMAP (143) + + +
    • + +
    • + + Connect via HTTPS (443) + +
    • @@ -2478,6 +2512,19 @@ + + + + + +
    • + + Now check the logs for a renewal + + + +
    • + +
    • + + Connect via SMTP (587) + + +
    • + +
    • + + Connect via IMAP (143) + + +
    • + +
    • + + Connect via HTTPS (443) + +
    • @@ -2570,8 +2638,6 @@ -

      Advanced SSL

      -

      Let's Encrypt (out-of-the-box)

      The "acme-mailcow" container will try to obtain a LE certificate for ${MAILCOW_HOSTNAME}, autodiscover.ADDED_MAIL_DOMAIN and autoconfig.ADDED_MAIL_DOMAIN.

      @@ -2586,8 +2652,7 @@

      Additional domain names

      Edit "mailcow.conf" and add a parameter ADDITIONAL_SAN like this:

      Do not use quotes (") and do not use spaces between the names!

      -
      ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*
      -
      +

      ADDITIONAL_SAN=smtp.*,cert1.example.com,cert2.example.org,whatever.*

      Each name will be validated against its IPv6 address or - if IPv6 is not configured in your domain - IPv4 address.

      A wildcard name like smtp.* will try to obtain a smtp.DOMAIN_NAME SAN for each domain added to mailcow.

      Run docker-compose up -d to recreate affected containers automatically.

      @@ -2596,17 +2661,17 @@

      Using names other name MAILCOW_HOSTNAME to access the mailcow UI may need further configuration.

      If you plan to use a server name that is not MAILCOW_HOSTNAME to access the mailcow UI (for example by adding mail.* to ADDITIONAL_SAN make sure to populate that name in mailcow.conf via ADDITIONAL_SERVER_NAMES. Names must be separated by commas and must not contain spaces. If you skip this step, mailcow may respond with an incorrect site.

      -
      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld
      -
      +

      ADDITIONAL_SERVER_NAMES=webmail.domain.tld,other.example.tld

      Run docker-compose up -d to apply.

      Force renewal

      To force a renewal, you need to create a file named force_renew and restart the acme-mailcow container:

      -
      cd /opt/mailcow-dockerized
      +

      ``` +cd /opt/mailcow-dockerized touch data/assets/ssl/force_renew -docker-compose restart acme-mailcow -# Now check the logs for a renewal -docker-compose logs --tail=200 -f acme-mailcow -

      +docker-compose restart acme-mailcow

      +

      Now check the logs for a renewal

      +

      docker-compose logs --tail=200 -f acme-mailcow +```

      The file will be deleted automatically.

      Validation errors and how to skip validation

      You can skip the IP verification by setting SKIP_IP_CHECK=y in mailcow.conf (no quotes). Be warned that a misconfiguration will get you ratelimited by Let's Encrypt! This is primarily useful for multi-IP setups where the IP check would return the incorrect source IP address. Due to using dynamic IPs for acme-mailcow, source NAT is not consistent over restarts.

      @@ -2653,35 +2718,33 @@ You should make sure these clients use the MAILCOW_HOSTNAME for sec

      To use your own certificates, just save the combined certificate (containing the certificate and intermediate CA/CA if any) to data/assets/ssl/cert.pem and the corresponding key to data/assets/ssl/key.pem.

      IMPORTANT: Do not use symbolic links! Make sure you copy the certificates and do not link them to data/assets/ssl.

      Restart affected services afterwards:

      -
      docker restart $(docker ps -qaf name=postfix-mailcow)
      +

      docker restart $(docker ps -qaf name=postfix-mailcow) docker restart $(docker ps -qaf name=nginx-mailcow) -docker restart $(docker ps -qaf name=dovecot-mailcow) -

      +docker restart $(docker ps -qaf name=dovecot-mailcow)

      See Post-hook script for non-mailcow ACME clients for a full example script.

      Test against staging ACME directory

      Edit mailcow.conf and add LE_STAGING=y.

      Run docker-compose up -d to activate your changes.

      Custom directory URL

      Edit mailcow.conf and add the corresponding directory URL to the new variable DIRECTORY_URL:

      -
      DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory
      -
      +

      DIRECTORY_URL=https://acme-custom-v9000.api.letsencrypt.org/directory

      You cannot use LE_STAGING with DIRECTORY_URL. If both are set, only LE_STAGING is used.

      Run docker-compose up -d to activate your changes.

      Check your configuration

      Run docker-compose logs acme-mailcow to find out why a validation fails.

      To check if nginx serves the correct certificate, simply use a browser of your choice and check the displayed certificate.

      To check the certificate served by Postfix, Dovecot and Nginx we will use openssl:

      -
      # Connect via SMTP (587)
      -echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587
      -# Connect via IMAP (143)
      -echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143
      -# Connect via HTTPS (443)
      -echo "Q" | openssl s_client -connect mx.mailcow.email:443
      -
      +

      ```

      +

      Connect via SMTP (587)

      +

      echo "Q" | openssl s_client -starttls smtp -crlf -connect mx.mailcow.email:587

      +

      Connect via IMAP (143)

      +

      echo "Q" | openssl s_client -starttls imap -showcerts -connect mx.mailcow.email:143

      +

      Connect via HTTPS (443)

      +

      echo "Q" | openssl s_client -connect mx.mailcow.email:443 +```

      To validate the expiry dates as returned by openssl against MAILCOW_HOSTNAME, you are able to use our helper script:

      -
      cd /opt/mailcow-dockerized
      -bash helper-scripts/expiry-dates.sh
      -
      +

      cd /opt/mailcow-dockerized +bash helper-scripts/expiry-dates.sh


      diff --git a/prerequisite/prerequisite-dns/index.html b/prerequisite/prerequisite-dns/index.html index f70e833b3..1df0ef4d3 100644 --- a/prerequisite/prerequisite-dns/index.html +++ b/prerequisite/prerequisite-dns/index.html @@ -364,27 +364,75 @@
    • + + Name Type Value + + + +
    • + + Name Type Value + + +
    • + +
    • + + Name Type Value + + +
    • + +
    • + + Name Type Value + + + +
    • + + Name Type Priority Weight Port Value + + + + +
    • + + + + + + +
    • + + ``` + + +
    • + +
    • + + Summary of Results + + + + +
    • + +
    • + + ``` + + +
    • + +
    • + + Summary of Results + + +
    • @@ -2343,45 +2352,43 @@ -

      Gitea

      -

      With Gitea' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

      1. Open docker-compose.override.yml and add gitea:

      -
      version: '2.1'
      -services:
      -
      -        gitea-mailcow:
      -            image: gitea/gitea:1
      -            volumes:
      -                - ./data/gitea:/data
      -            networks:
      -                mailcow-network:
      -                    aliases:
      -                        - gitea
      -            ports:
      -                - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
      -
      +

      ``` +version: '2.1' +services:

      +
          gitea-mailcow:
      +        image: gitea/gitea:1
      +        volumes:
      +            - ./data/gitea:/data
      +        networks:
      +            mailcow-network:
      +                aliases:
      +                    - gitea
      +        ports:
      +            - "${GITEA_SSH_PORT:-127.0.0.1:4000}:22"
      +
      +

      ```

      2. Create data/conf/nginx/site.gitea.custom, add: -

      location /gitea/ {
      +location /gitea/ {
               proxy_pass http://gitea:3000/;
      -}
      -

      +}

      3. Open mailcow.conf and define the binding you want gitea to use for SSH. Example:

      -
      GITEA_SSH_PORT=127.0.0.1:4000
      -
      +

      GITEA_SSH_PORT=127.0.0.1:4000

      5. Run docker-compose up -d to bring up the gitea container and run docker-compose restart nginx-mailcow afterwards.

      6. If you forced mailcow to https, execute step 9 and restart gitea with docker-compose restart gitea-mailcow . Go head with step 7 (Remember to use https instead of http, https://mx.example.org/gitea/

      7. Open http://${MAILCOW_HOSTNAME}/gitea/, for example http://mx.example.org/gitea/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

      8. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

      9. Create data/gitea/gitea/conf/app.ini and set following values. You can consult gitea cheat sheet for their meaning and other possible values.

      -
      [server]
      -SSH_LISTEN_PORT = 22
      -# For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
      -SSH_DOMAIN = 127.0.0.1
      -SSH_PORT = 4000
      -# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
      -ROOT_URL = https://mx.example.org/gitea/
      -
      +

      ``` +[server] +SSH_LISTEN_PORT = 22

      +

      For GITEA_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:

      +

      SSH_DOMAIN = 127.0.0.1 +SSH_PORT = 4000

      +

      For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:

      +

      ROOT_URL = https://mx.example.org/gitea/ +```

      10. Restart gitea with docker-compose restart gitea-mailcow. Your users should be able to login with mailcow managed accounts.


      diff --git a/third_party/third_party-gogs/index.html b/third_party/third_party-gogs/index.html index 4060a2509..aec1a8af0 100644 --- a/third_party/third_party-gogs/index.html +++ b/third_party/third_party-gogs/index.html @@ -66,6 +66,11 @@
      @@ -2223,6 +2228,8 @@ + + Gogs @@ -2326,6 +2333,8 @@ + +
      @@ -2343,44 +2352,42 @@ -

      Gogs

      -

      With Gogs' ability to authenticate over SMTP it is trivial to integrate it with mailcow. Few changes are needed:

      1. Open docker-compose.override.yml and add Gogs:

      -
      version: '2.1'
      -services:
      -
      -    gogs-mailcow:
      -      image: gogs/gogs
      -      volumes:
      -        - ./data/gogs:/data
      -      networks:
      -        mailcow-network:
      -          aliases:
      -            - gogs
      -      ports:
      -        - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
      -
      +

      ``` +version: '2.1' +services:

      +
      gogs-mailcow:
      +  image: gogs/gogs
      +  volumes:
      +    - ./data/gogs:/data
      +  networks:
      +    mailcow-network:
      +      aliases:
      +        - gogs
      +  ports:
      +    - "${GOGS_SSH_PORT:-127.0.0.1:4000}:22"
      +
      +

      ```

      2. Create data/conf/nginx/site.gogs.custom, add: -

      location /gogs/ {
      +location /gogs/ {
           proxy_pass http://gogs:3000/;
      -}
      -

      +}

      3. Open mailcow.conf and define the binding you want Gogs to use for SSH. Example:

      -
      GOGS_SSH_PORT=127.0.0.1:4000
      -
      +

      GOGS_SSH_PORT=127.0.0.1:4000

      5. Run docker-compose up -d to bring up the Gogs container and run docker-compose restart nginx-mailcow afterwards.

      6. Open http://${MAILCOW_HOSTNAME}/gogs/, for example http://mx.example.org/gogs/. For database details set mysql as database host. Use the value of DBNAME found in mailcow.conf as database name, DBUSER as database user and DBPASS as database password.

      7. Once the installation is complete, login as admin and set "settings" -> "authorization" -> "enable SMTP". SMTP Host should be postfix with port 587, set Skip TLS Verify as we are using an unlisted SAN ("postfix" is most likely not part of your certificate).

      8. Create data/gogs/gogs/conf/app.ini and set following values. You can consult Gogs cheat sheet for their meaning and other possible values.

      -
      [server]
      -SSH_LISTEN_PORT = 22
      -# For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:
      -SSH_DOMAIN = 127.0.0.1
      -SSH_PORT = 4000
      -# For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:
      -ROOT_URL = https://mx.example.org/gogs/
      -
      +

      ``` +[server] +SSH_LISTEN_PORT = 22

      +

      For GOGS_SSH_PORT=127.0.0.1:4000 in mailcow.conf, set:

      +

      SSH_DOMAIN = 127.0.0.1 +SSH_PORT = 4000

      +

      For MAILCOW_HOSTNAME=mx.example.org in mailcow.conf (and default ports for HTTPS), set:

      +

      ROOT_URL = https://mx.example.org/gogs/ +```

      9. Restart Gogs with docker-compose restart gogs-mailcow. Your users should be able to login with mailcow managed accounts.


      diff --git a/third_party/third_party-mailman3/index.html b/third_party/third_party-mailman3/index.html index 5957e6df3..dabad14f1 100644 --- a/third_party/third_party-mailman3/index.html +++ b/third_party/third_party-mailman3/index.html @@ -2289,162 +2289,6 @@ DNS setup - - -
    • - - Install Apache as a reverse proxy - - - - -
    • - -
    • - - Obtain SSL certificates with Let's Encrypt - - -
    • - -
    • - - Install mailcow with Mailman integration - - - - -
    • - -
    • - - Install Mailman - - - - -
    • - -
    • - - 🏃 Run - - -
    • - - - - - - -
    • - - Remarks - - - - -
    • - -
    • - - Update - - -
    • - -
    • - - Backup - - -
    • - -
    • - - ToDo - - -
    • - -
    • - - Install Apache as a reverse proxy - - - - -
    • - -
    • - - Obtain SSL certificates with Let's Encrypt - - -
    • - -
    • - - Install mailcow with Mailman integration - - - - -
    • - -
    • - - Install Mailman - - - - -
    • - -
    • - - 🏃 Run - - -
    • - - - - - - -
    • - - Remarks - - - - -
    • - -
    • - - Update - - -
    • - -
    • - - Backup - - -
    • - -
    • - - ToDo - - -
    • The problem to solve

      mailpiler offers the authentication based on IMAP, for example:

      -
      $config['ENABLE_IMAP_AUTH'] = 1;
      -$config['IMAP_HOST'] = 'mail.example.com';
      -$config['IMAP_PORT'] =  993;
      -$config['IMAP_SSL'] = true;
      -
      +

      php +$config['ENABLE_IMAP_AUTH'] = 1; +$config['IMAP_HOST'] = 'mail.example.com'; +$config['IMAP_PORT'] = 993; +$config['IMAP_SSL'] = true;

      • So when you log in using patrik@example.com, you will only see delivered emails sent from or to this specific email address.
      • When additional aliases are defined in mailcow, like team@example.com, you won't see emails sent to or from this email address even the fact you're a recipient of mails sent to this alias address.
      • @@ -2487,19 +2487,19 @@
        1. Set the custom query function of mailpiler and append this to /usr/local/etc/piler/config-site.php:

          -
          $config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY';
          -$config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false
          -$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access';
          -include('auth-mailcow.php');
          -
          +

          php +$config['MAILCOW_API_KEY'] = 'YOUR_READONLY_API_KEY'; +$config['MAILCOW_SET_REALNAME'] = true; // when not specified, then default is false +$config['CUSTOM_EMAIL_QUERY_FUNCTION'] = 'query_mailcow_for_email_access'; +include('auth-mailcow.php');

          You can also change the mailcow hostname, if required: -

          $config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']
          -

          +php +$config['MAILCOW_HOST'] = 'mail.domain.tld'; // defaults to $config['IMAP_HOST']

        2. Download the PHP file with the functions from the GitHub repo:

          -
          curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php
          -
          +

          sh +curl -o /usr/local/etc/piler/auth-mailcow.php https://raw.githubusercontent.com/patschi/mailpiler-mailcow-integration/master/auth-mailcow.php

        3. Done!

          diff --git a/third_party/third_party-nextcloud/index.html b/third_party/third_party-nextcloud/index.html index e02263d61..c3425d7ef 100644 --- a/third_party/third_party-nextcloud/index.html +++ b/third_party/third_party-nextcloud/index.html @@ -2457,14 +2457,13 @@

          In order for mailcow to generate a a certificate for the nextcloud domain you need to add "nextcloud.domain.tld" to ADDITIONAL_SAN in mailcow.conf and run docker-compose up -d to apply. For more informaton refer to: Advanced SSL.

          Background jobs

          To use the recommended setting (cron) to execute the background jobs following lines need to be added to the docker-compose.override.yml:

          -
          version: '2.1'
          +

          version: '2.1' services: php-fpm-mailcow: labels: - ofelia.enabled: "true" - ofelia.job-exec.nextcloud-cron.schedule: "@every 5m" - ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\"" -

          + ofelia.enabled: "true" + ofelia.job-exec.nextcloud-cron.schedule: "@every 5m" + ofelia.job-exec.nextcloud-cron.command: "su www-data -s /bin/bash -c \"/usr/local/bin/php -f /web/nextcloud/cron.php\""

          After adding these lines the docker-compose up -d command must be executed to update the docker image and also the docker scheduler image must be restarted to pick up the new job definition by executing docker-compose restart ofelia-mailcow. To check if the job was successfully picked up by ofelia the command docker-compose logs ofelia-mailcow will contain a line similar to New job registered "nextcloud-cron" - ....

          @@ -2516,14 +2515,12 @@ services:

          If you have previously used Nextcloud with mailcow authentication via user_external/IMAP, you need to perform some additional steps to link your existing user accounts with OAuth2.

          1. Click the button in the top right corner and select Apps. Scroll down to the External user authentication app and click Remove next to it. 2. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

          INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external;
          -INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;
          -

          +INSERT INTO nc_users (uid, uid_lower) SELECT DISTINCT uid, LOWER(uid) FROM nc_users_external; +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users_external;


          If you have previously used Nextcloud without mailcow authentication, but with the same usernames as mailcow, you can also link your existing user accounts with OAuth2.

          1. Run the following queries in your Nextcloud database (if you set up Nextcloud using mailcow's script, you can run source mailcow.conf && docker-compose exec mysql-mailcow mysql -u$DBUSER -p$DBPASS $DBNAME): -

          INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;
          -

          +INSERT INTO nc_sociallogin_connect (uid, identifier) SELECT DISTINCT uid, CONCAT("Mailcow-", uid) FROM nc_users;


          Update

          The Nextcloud instance can be updated easily with the web update mechanism. In the case of larger updates, there may be further changes to be made after the update. After the Nextcloud instance has been checked, problems are shown. This can be e.g. missing indices in the DB or similar. @@ -2533,13 +2530,12 @@ It shows which commands have to be executed, these have to be placed in the php-


          Debugging & Troubleshooting

          It may happen that you cannot reach the Nextcloud instance from your network. This may be due to the fact that the entry of your subnet in the array 'trusted_proxies' is missing. You can make changes in the Nextcloud config.php in data/web/nextcloud/config/*.

          -
          'trusted_proxies' =>
          +

          'trusted_proxies' => array ( - 0 => 'fd4d:6169:6c63:6f77::/64', - 1 => '172.22.1.0/24', - 2 => 'NewSubnet/24', - ), -

          + 0 => 'fd4d:6169:6c63:6f77::/64', + 1 => '172.22.1.0/24', + 2 => 'NewSubnet/24', + ),

          After the changes have been made, the nginx container must be restarted. docker-compose restart nginx-mailcow

          diff --git a/third_party/third_party-portainer/index.html b/third_party/third_party-portainer/index.html index 150640eb5..c0d7d2853 100644 --- a/third_party/third_party-portainer/index.html +++ b/third_party/third_party-portainer/index.html @@ -2347,7 +2347,7 @@

          In order to enable Portainer, the docker-compose.yml and site.conf for Nginx must be modified.

          1. Create a new file docker-compose.override.yml in the mailcow-dockerized root folder and insert the following configuration -

          version: '2.1'
          +version: '2.1'
           services:
               portainer-mailcow:
                 image: portainer/portainer-ce
          @@ -2361,42 +2361,40 @@ services:
                 networks:
                   mailcow-network:
                     aliases:
          -            - portainer
          -
          + - portainer 2a. Create data/conf/nginx/portainer.conf: -
          upstream portainer {
          +```
          +upstream portainer {
             server portainer-mailcow:9000;
          -}
          -
          -map $http_upgrade $connection_upgrade {
          +}

          +

          map $http_upgrade $connection_upgrade { default upgrade; - '' close; + '' close; } -

          +```

          2b. Insert a new location to the default mailcow site by creating the file data/conf/nginx/site.portainer.custom: -

            location /portainer/ {
          +```
          +  location /portainer/ {
               proxy_http_version 1.1;
          -    proxy_set_header Host              $http_host;   # required for docker client's sake
          -    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
          +    proxy_set_header Host              $http_host;   # required for docker client's sake
          +    proxy_set_header X-Real-IP         $remote_addr; # pass on real client's IP
               proxy_set_header X-Forwarded-For   $proxy_add_x_forwarded_for;
               proxy_set_header X-Forwarded-Proto $scheme;
          -    proxy_read_timeout                 900;
          -
          -    proxy_set_header Connection "";
          -    proxy_buffers 32 4k;
          -    proxy_pass http://portainer/;
          -  }
          -
          -  location /portainer/api/websocket/ {
          +    proxy_read_timeout                 900;

          +
          proxy_set_header Connection "";
          +proxy_buffers 32 4k;
          +proxy_pass http://portainer/;
          +
          +

          }

          +

          location /portainer/api/websocket/ { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; - proxy_pass http://portainer/api/websocket/; + proxy_pass http://portainer/api/websocket/; } -

          +```

          3. Apply your changes: -

          docker-compose up -d && docker-compose restart nginx-mailcow
          -

          +docker-compose up -d && docker-compose restart nginx-mailcow

          Now you can simply navigate to https://${MAILCOW_HOSTNAME}/portainer/ to view your Portainer container monitoring page. You’ll then be prompted to specify a new password for the admin account. After specifying your password, you’ll then be able to connect to the Portainer UI.


          diff --git a/third_party/third_party-roundcube/index.html b/third_party/third_party-roundcube/index.html index bcf4f87c6..f4803af9e 100644 --- a/third_party/third_party-roundcube/index.html +++ b/third_party/third_party-roundcube/index.html @@ -2329,38 +2329,134 @@
        4. + + Check for a newer release! + + +
        5. + +
        6. + + Change folder name + + +
        7. + +
        8. + + Change permissions + + +
        9. + +
        10. + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + +
        11. + +
        12. + + !/bin/bash + + + +
        13. + + Enter a bash session of the mailcow PHP container + + +
        14. + +
        15. + + Install required upgrade dependency, then upgrade Roundcube to wanted release + + +
        16. + +
        17. + + Type 'Y' and press enter to upgrade your install of Roundcube + + +
        18. + +
        19. + + Remove leftover files + + +
        20. + +
        21. + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + + + +
        22. + +
        23. + + Allow admins to log into Roundcube as email user (without any password) + + +
        24. + +
        25. + + Roundcube with plugin dovecot_impersonate must be installed first + +
      @@ -2410,38 +2506,134 @@
    • + + Check for a newer release! + + +
    • + +
    • + + Change folder name + + +
    • + +
    • + + Change permissions + + +
    • + +
    • + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + +
    • + +
    • + + !/bin/bash + + + +
    • + + Enter a bash session of the mailcow PHP container + + +
    • + +
    • + + Install required upgrade dependency, then upgrade Roundcube to wanted release + + +
    • + +
    • + + Type 'Y' and press enter to upgrade your install of Roundcube + + +
    • + +
    • + + Remove leftover files + + +
    • + +
    • + + Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 + + + + +
    • + +
    • + + Allow admins to log into Roundcube as email user (without any password) + + +
    • + +
    • + + Roundcube with plugin dovecot_impersonate must be installed first + +
    • @@ -2462,124 +2654,114 @@ -

      Roundcube

      -

      Installing Roundcube

      Download Roundcube 1.5.x to the web htdocs directory and extract it (here rc/): -

      # Check for a newer release!
      -cd data/web
      -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -
      -
      -# Change folder name
      -mv roundcubemail-1.5.2 rc
      -
      -# Change permissions
      -chown -R root: rc/
      -
      -# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6
      -sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" rc/program/include/rcmail.php
      -

      +```

      +

      Check for a newer release!

      +

      cd data/web +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz -

      +

      Change folder name

      +

      mv roundcubemail-1.5.2 rc

      +

      Change permissions

      +

      chown -R root: rc/

      +

      Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6

      +

      sed -i "s/\$prefix = '.\/';/\$prefix = preg_replace('\/[\?\&].*\$\/', '', \$_SERVER['REQUEST_URI'] \?\? '') \?: '.\/';/g" rc/program/include/rcmail.php +```

      If you need spell check features, create a file data/hooks/phpfpm/aspell.sh with the following content, then chmod +x data/hooks/phpfpm/aspell.sh. This installs a local spell check engine. Note, most modern web browsers have built in spell check, so you may not want/need this. -

      #!/bin/bash
      -apk update
      +```

      +

      !/bin/bash

      +

      apk update apk add aspell-en # or any other language -

      +```

      Create a file data/web/rc/config/config.inc.php with the following content. - Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. - The db_prefix is optional but recommended. - If you didn't install spell check in the above step, remove spellcheck_engine parameter and replace it with $config['enable_spellcheck'] = false;. -

      <?php
      +<?php
       error_reporting(0);
      -if (!file_exists('/tmp/mime.types')) {
      -file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
      +if (!file_exists('/tmp/mime.types')) {
      +file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
       }
       $config = array();
      -$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
      -$config['default_host'] = 'tls://dovecot';
      -$config['default_port'] = '143';
      -$config['smtp_server'] = 'tls://postfix';
      -$config['smtp_port'] = 587;
      -$config['smtp_user'] = '%u';
      -$config['smtp_pass'] = '%p';
      -$config['support_url'] = '';
      -$config['product_name'] = 'Roundcube Webmail';
      -$config['des_key'] = 'yourrandomstring_changeme';
      -$config['log_dir'] = '/dev/null';
      -$config['temp_dir'] = '/tmp';
      -$config['plugins'] = array(
      -  'archive',
      -  'managesieve'
      +$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
      +$config['default_host'] = 'tls://dovecot';
      +$config['default_port'] = '143';
      +$config['smtp_server'] = 'tls://postfix';
      +$config['smtp_port'] = 587;
      +$config['smtp_user'] = '%u';
      +$config['smtp_pass'] = '%p';
      +$config['support_url'] = '';
      +$config['product_name'] = 'Roundcube Webmail';
      +$config['des_key'] = 'yourrandomstring_changeme';
      +$config['log_dir'] = '/dev/null';
      +$config['temp_dir'] = '/tmp';
      +$config['plugins'] = array(
      +  'archive',
      +  'managesieve'
       );
      -$config['spellcheck_engine'] = 'aspell';
      -$config['mime_types'] = '/tmp/mime.types';
      -$config['imap_conn_options'] = array(
      -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
      +$config['spellcheck_engine'] = 'aspell';
      +$config['mime_types'] = '/tmp/mime.types';
      +$config['imap_conn_options'] = array(
      +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
       );
      -$config['enable_installer'] = true;
      -$config['smtp_conn_options'] = array(
      -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
      +$config['enable_installer'] = true;
      +$config['smtp_conn_options'] = array(
      +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
       );
      -$config['db_prefix'] = 'mailcow_rc1';
      -

      +$config['db_prefix'] = 'mailcow_rc1';

      Point your browser to https://myserver/rc/installer and follow the instructions. Initialize the database and leave the installer.

      Delete the directory data/web/rc/installer after a successful installation!

      Configure ManageSieve filtering

      Open data/web/rc/plugins/managesieve/config.inc.php and change the following parameters (or add them at the bottom of that file): -

      $config['managesieve_port'] = 4190;
      -$config['managesieve_host'] = 'tls://dovecot';
      -$config['managesieve_conn_options'] = array(
      -  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
      +$config['managesieve_port'] = 4190;
      +$config['managesieve_host'] = 'tls://dovecot';
      +$config['managesieve_conn_options'] = array(
      +  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
       );
       // Enables separate management interface for vacation responses (out-of-office)
       // 0 - no separate section (default),
       // 1 - add Vacation section,
       // 2 - add Vacation section, but hide Filters section
      -$config['managesieve_vacation'] = 1;
      -

      +$config['managesieve_vacation'] = 1;

      Enable change password function in Roundcube

      Open data/web/rc/config/config.inc.php and enable the password plugin:

      -
      ...
      -$config['plugins'] = array(
      -    'archive',
      -    'password',
      +

      ... +$config['plugins'] = array( + 'archive', + 'password', ); -... -

      +...

      Open data/web/rc/plugins/password/password.php, search for case 'ssha': and add above:

      -
              case 'ssha256':
      +

      case 'ssha256': $salt = rcube_utils::random_bytes(8); - $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); - $prefix = '{SSHA256}'; - break; -

      + $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt ); + $prefix = '{SSHA256}'; + break;

      Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file):

      -
      $config['password_driver'] = 'sql';
      -$config['password_algorithm'] = 'ssha256';
      -$config['password_algorithm_prefix'] = '{SSHA256}';
      -$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
      -
      +

      $config['password_driver'] = 'sql'; +$config['password_algorithm'] = 'ssha256'; +$config['password_algorithm_prefix'] = '{SSHA256}'; +$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";

      Integrate CardDAV addressbooks in Roundcube

      Download the latest release of RCMCardDAV to the Roundcube plugin directory and extract it (here rc/plugins): -

      cd data/web/rc/plugins
      +cd data/web/rc/plugins
       wget -O - https://github.com/mstilkerich/rcmcarddav/releases/download/v4.3.0/carddav-v4.3.0.tar.gz  | tar xfvz -
      -chown -R root: carddav/
      -

      +chown -R root: carddav/

      Copy the file config.inc.php.dist to config.inc.php (here in rc/plugins/carddav) and append the following preset to the end of the file - don't forget to replace mx.example.org with your own hostname: -

      $prefs['SOGo'] = array(
      -    'name'         =>  'SOGo',
      -    'username'     =>  '%u',
      -    'password'     =>  '%p',
      -    'url'          =>  'https://mx.example.org/SOGo/dav/%u/',
      -    'carddav_name_only' => true,
      -    'use_categories' => true,
      -    'active'       =>  true,
      -    'readonly'     =>  false,
      -    'refresh_time' => '02:00:00',
      -    'fixed'        =>  array( 'active', 'name', 'username', 'password', 'refresh_time' ),
      -    'hide'        =>  false,
      -);
      -
      +$prefs['SOGo'] = array( + 'name' => 'SOGo', + 'username' => '%u', + 'password' => '%p', + 'url' => 'https://mx.example.org/SOGo/dav/%u/', + 'carddav_name_only' => true, + 'use_categories' => true, + 'active' => true, + 'readonly' => false, + 'refresh_time' => '02:00:00', + 'fixed' => array( 'active', 'name', 'username', 'password', 'refresh_time' ), + 'hide' => false, +); Please note, that this preset only integrates the default addressbook (the one that's named "Personal Address Book" and can't be deleted). Additional addressbooks are currently not automatically detected but can be manually added within the roundecube settings.

      Enable the plugin by adding carddav to $config['plugins'] in rc/config/config.inc.php.

      If you want to remove the default addressbooks (stored in the Roundcube database), so that only the CardDAV addressbooks are accessible, append $config['address_book_type'] = ''; to the config file data/web/rc/config/config.inc.php.

      @@ -2587,75 +2769,70 @@ Please note, that this preset only integrates the default addressbook (the one t

      Optionally, you can add Roundcube's link to the mailcow Apps list. To do this, open or create data/web/inc/vars.local.inc.php and add the following code-block:

      NOTE: Don't forget to add the <?php delimiter on the first line

      -
      ...
      +

      ... $MAILCOW_APPS = array( array( - 'name' => 'SOGo', - 'link' => '/SOGo/' + 'name' => 'SOGo', + 'link' => '/SOGo/' ), array( - 'name' => 'Roundcube', - 'link' => '/rc/' + 'name' => 'Roundcube', + 'link' => '/rc/' ) ); -... -

      +...

      Upgrading Roundcube

      Upgrading Roundcube is rather simple, go to the Github releases page for Roundcube and get the link for the "complete.tar.gz" file for the wanted release. Then follow the below commands and change the URL and Roundcube folder name if needed.

      -
      # Enter a bash session of the mailcow PHP container
      -docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash
      -
      -# Install required upgrade dependency, then upgrade Roundcube to wanted release
      -apk add rsync
      +

      ```

      +

      Enter a bash session of the mailcow PHP container

      +

      docker exec -it mailcowdockerized_php-fpm-mailcow_1 bash

      +

      Install required upgrade dependency, then upgrade Roundcube to wanted release

      +

      apk add rsync cd /tmp -wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - +wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.5.2/roundcubemail-1.5.2-complete.tar.gz | tar xfvz - cd roundcubemail-1.5.2 -bin/installto.sh /web/rc - -# Type 'Y' and press enter to upgrade your install of Roundcube - -# Remove leftover files -cd /tmp -rm -rf roundcube* - -# Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6 -sed -i "s/\$prefix = '\.\/';/\$prefix = preg_replace\('\/\[\?\&]\.\*\$\/', '', \$_SERVER\['REQUEST_URI'] \?\? ''\) \?: '\.\/';/g" /web/rc/program/include/rcmail.php -

      +bin/installto.sh /web/rc

      +

      Type 'Y' and press enter to upgrade your install of Roundcube

      +

      Remove leftover files

      +

      cd /tmp +rm -rf roundcube*

      +

      Fix Allow remote resources (https://github.com/roundcube/roundcubemail/issues/8170) should not be required in 1.6

      +

      sed -i "s/\$prefix = '.\/';/\$prefix = preg_replace('\/[\?\&].*\$\/', '', \$_SERVER['REQUEST_URI'] \?\? '') \?: '.\/';/g" /web/rc/program/include/rcmail.php +```

      Let admins log into Roundcube without password

      First, install plugin dovecot_impersonate and add Roundcube as an app (see above).

      Edit mailcow.conf and add the following:

      -
      # Allow admins to log into Roundcube as email user (without any password)
      -# Roundcube with plugin dovecot_impersonate must be installed first
      -
      -ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y
      -
      +

      ```

      +

      Allow admins to log into Roundcube as email user (without any password)

      +

      Roundcube with plugin dovecot_impersonate must be installed first

      +

      ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=y +```

      Edit docker-compose.override.yml and crate/extend the section for php-fpm-mailcow:

      -
      version: '2.1'
      +

      yml +version: '2.1' services: php-fpm-mailcow: environment: - - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n} -

      + - ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE=${ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE:-n}

      Edit data/web/js/site/mailbox.js and the following code after if (ALLOW_ADMIN_EMAIL_LOGIN) { ... }

      -
      if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) {
      -  item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>';
      -}
      -
      +

      js +if (ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE) { + item.action += '<a href="/rc-auth.php?login=' + encodeURIComponent(item.username) + '" class="login_as btn btn-xs ' + btnSize + ' btn-primary" target="_blank"><i class="bi bi-envelope-fill"></i> Roundcube</a>'; +}

      Edit data/web/mailbox.php and add this line to array $template_data:

      -
        'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',
      -
      +

      php + 'allow_admin_email_login_roundcube' => (preg_match("/^(yes|y)+$/i", $_ENV["ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE"])) ? 'true' : 'false',

      Edit data/web/templates/mailbox.twig and add this code to the bottom of the javascript section:

      -
        var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};
      -
      +

      js + var ALLOW_ADMIN_EMAIL_LOGIN_ROUNDCUBE = {{ allow_admin_email_login_roundcube }};

      Copy the contents of the following files from this Snippet:

      • data/web/inc/lib/RoundcubeAutoLogin.php
      • data/web/rc-auth.php

      Finally, restart mailcow

      -
      docker-compose down
      -docker-compose up -d
      -
      +

      docker-compose down +docker-compose up -d


      diff --git a/troubleshooting/debug-admin_login_sogo/index.html b/troubleshooting/debug-admin_login_sogo/index.html index 40c9ced3f..1d0a71815 100644 --- a/troubleshooting/debug-admin_login_sogo/index.html +++ b/troubleshooting/debug-admin_login_sogo/index.html @@ -2428,11 +2428,9 @@ log into SOGo as a mailbox user, without knowing the users password.

      Multiple concurrent admin-logins to different mailboxes are also possible when using this feature.

      Enabling the feature

      The feature is disabled by default. It can be enabled in the mailcow.conf by setting: -

      ALLOW_ADMIN_EMAIL_LOGIN=y
      -
      +ALLOW_ADMIN_EMAIL_LOGIN=y and recreating the affected containers with -
      docker-compose up -d
      -

      +docker-compose up -d

      Drawbacks when enabled

      • Each SOGo page-load and each Active-Sync request will cause an additional execution of an internal PHP script. diff --git a/troubleshooting/debug-attach_service/index.html b/troubleshooting/debug-attach_service/index.html index 6c8a5822b..cf05db808 100644 --- a/troubleshooting/debug-attach_service/index.html +++ b/troubleshooting/debug-attach_service/index.html @@ -2476,17 +2476,14 @@

        Attaching a Container to your Shell

        To attach a container to your shell you can simply run

        -
        docker-compose exec $Service_Name /bin/bash
        -
        +

        docker-compose exec $Service_Name /bin/bash

        Connecting to Services

        If you want to connect to a service / application directly it is always a good idea to source mailcow.conf to get all relevant variables into your environment.

        MySQL

        -
        source mailcow.conf
        -docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
        -
        +

        source mailcow.conf +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}

        Redis

        -
        docker-compose exec redis-mailcow redis-cli
        -
        +

        docker-compose exec redis-mailcow redis-cli

        Service Descriptions

        Here is a brief overview of what container / service does what:

      diff --git a/troubleshooting/debug-common_problems/index.html b/troubleshooting/debug-common_problems/index.html index 90edfaacc..41595e91d 100644 --- a/troubleshooting/debug-common_problems/index.html +++ b/troubleshooting/debug-common_problems/index.html @@ -801,52 +801,65 @@
    • + + telnet 74.125.133.27 465 + + + +
    • @@ -2438,52 +2451,65 @@
    • + + telnet 74.125.133.27 465 + + + +
    • @@ -2504,8 +2530,6 @@ -

      Common Problems

      -

      Here we list common problems and possible solutions:

      Mail loops back to myself

      Please check in your mailcow UI if you made the domain a backup MX:

      @@ -2516,11 +2540,12 @@
    • Check if your IP address is on any blacklists. You could use dnsbl.info or any other similar service to check for your IP address.
    • There are some consumer ISP routers out there, that block mail ports for non whitelisted domains. Please check if you can reach your server on the ports 465 or 587:
    • -
      # telnet 74.125.133.27 465
      -Trying 74.125.133.27...
      +

      ```

      +

      telnet 74.125.133.27 465

      +

      Trying 74.125.133.27... Connected to 74.125.133.27. -Escape character is '^]'. -

      +Escape character is '^]'. +```

      My mails are identified as Spam

      Please read our guide on DNS configuration.

      docker-compose throws weird errors

      @@ -2537,8 +2562,7 @@ Escape character is '^]'.

      It might also be wrongly linked file (i.e. SSL certificate) that prevents a crucial container (nginx) from starting, so always check your logs to get an idea where your problem is coming from.

      Address already in use

      If you get an error message like:

      -
      ERROR: for postfix-mailcow  Cannot start service postfix-mailcow: driver failed programming external     connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use
      -
      +

      ERROR: for postfix-mailcow Cannot start service postfix-mailcow: driver failed programming external connectivity on endpoint mailcowdockerized_postfix-mailcow_1: Error starting userland proxy: listen tcp 0.0.0.0:25: bind: address already in use

      while trying to start / install mailcow: dockerized, make sure you've followed our section on the prerequisites.

      XYZ can't connect to ...

      Please check your local firewall! @@ -2546,19 +2570,17 @@ Docker and iptables-based firewalls sometimes create conflicting rules, so disab

      If you experience connection problems from home, please check your ISP router's firewall too, some of them block mail traffic on the SMTP (587) or SMTPS (465) ports. It could also be, that your ISP is blocking the ports for SUBMISSION (25).

      While Linux users can chose from a variety of tools1 to check if a port is open, the Windows user has only the PowerShell command Test-NetConnection -ComputerName host -Port port available by default.

      To enable telnet on a Windows after Vista please check this guide or enter the following command in an terminal with administrator privileges:

      -
      dism /online /Enable-Feature /FeatureName:TelnetClient
      -
      +

      dism /online /Enable-Feature /FeatureName:TelnetClient

      Inotify instance limit for user 5000 (UID vmail) exceeded (see #453)

      Docker containers use the Docker hosts inotify limits. Setting them on your Docker host will pass them to the container.

      Dovecot keeps restarting (see #2672)

      Check that you have at least the following files in data/assets/ssl:

      -
      cert.pem
      +

      cert.pem dhparams.pem -key.pem -

      +key.pem

      If dhparams.pem is missing, you can generate it with

      -
      openssl dhparam -out data/assets/ssl/dhparams.pem 4096
      -
      +

      bash +openssl dhparam -out data/assets/ssl/dhparams.pem 4096


        diff --git a/troubleshooting/debug-mysql_aria/index.html b/troubleshooting/debug-mysql_aria/index.html index 71f79f5bc..4dbde41cc 100644 --- a/troubleshooting/debug-mysql_aria/index.html +++ b/troubleshooting/debug-mysql_aria/index.html @@ -833,6 +833,41 @@ MariaDB: Aria recovery after crash + + +
      1. + + Stop the stack, don't run "down" + + +
      2. + +
      3. + + Run a bash in the stopped container as user mysql + + +
      4. + +
      5. + + cd to the SQL data directory + + +
      6. + +
      7. + + Run aria_chk + + +
      8. + +
      9. + + Delete aria log files + +
      10. @@ -2372,6 +2407,41 @@ MariaDB: Aria recovery after crash + + +
      11. + + Stop the stack, don't run "down" + + +
      12. + +
      13. + + Run a bash in the stopped container as user mysql + + +
      14. + +
      15. + + cd to the SQL data directory + + +
      16. + +
      17. + + Run aria_chk + + +
      18. + +
      19. + + Delete aria log files + +
      20. @@ -2392,23 +2462,22 @@ -

        Recover crashed Aria storage engine

        -

        MariaDB: Aria recovery after crash

        If your server crashed and MariaDB logs an error similar to [ERROR] mysqld: Aria recovery failed. Please run aria_chk -r on all Aria tables (*.MAI) and delete all aria_log.######## files you may want to try the following to recover the database to a healthy state:

        Start the stack and wait until mysql-mailcow begins to report a restarting state. Check by running docker-compose ps.

        Now run the following commands:

        -
        # Stop the stack, don't run "down"
        -docker-compose stop
        -# Run a bash in the stopped container as user mysql
        -docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow
        -# cd to the SQL data directory
        -cd /var/lib/mysql
        -# Run aria_chk
        -aria_chk --check --force */*.MAI
        -# Delete aria log files
        -rm aria_log.*
        -
        +

        ```

        +

        Stop the stack, don't run "down"

        +

        docker-compose stop

        +

        Run a bash in the stopped container as user mysql

        +

        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql bash"' mysql-mailcow

        +

        cd to the SQL data directory

        +

        cd /var/lib/mysql

        +

        Run aria_chk

        +

        aria_chk --check --force /.MAI

        +

        Delete aria log files

        +

        rm aria_log.* +```

        Now run docker-compose down followed by docker-compose up -d.


        diff --git a/troubleshooting/debug-mysql_upgrade/index.html b/troubleshooting/debug-mysql_upgrade/index.html index 19fa5f1a2..9ce69d837 100644 --- a/troubleshooting/debug-mysql_upgrade/index.html +++ b/troubleshooting/debug-mysql_upgrade/index.html @@ -2396,13 +2396,11 @@

        Run a manual mysql_upgrade

        This step is usually not necessary.

        -
        docker-compose stop mysql-mailcow watchdog-mailcow
        -docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow
        -
        +

        docker-compose stop mysql-mailcow watchdog-mailcow +docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && bash && exit 0"' mysql-mailcow

        As soon as the SQL shell spawned, run mysql_upgrade and exit the container:

        -
        mysql_upgrade
        -exit
        -
        +

        mysql_upgrade +exit


        diff --git a/troubleshooting/debug-reset_pw/index.html b/troubleshooting/debug-reset_pw/index.html index a5febf520..200edeb6d 100644 --- a/troubleshooting/debug-reset_pw/index.html +++ b/troubleshooting/debug-reset_pw/index.html @@ -878,6 +878,26 @@ + + + + + +
      21. + + source mailcow.conf + + +
      22. + +
      23. + + docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} + + + - -
      24. - -
      25. +
      26. Remove Two-Factor Authentication @@ -935,6 +950,11 @@ +
      27. + + + + @@ -2463,6 +2483,26 @@ + + + + + +
      28. + + source mailcow.conf + + +
      29. + +
      30. + + docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} + + + - -
      31. - -
      32. +
      33. Remove Two-Factor Authentication @@ -2520,6 +2555,11 @@ +
      34. + + + + @@ -2540,22 +2580,19 @@ -

        Reset Passwords (incl. SQL)

        -

        mailcow Admin Account

        Resets the mailcow admin account to a random password. Older mailcow: dockerized installations may find the mailcow-reset-admin.sh script in their mailcow root directory (mailcow_path).

        -
        cd mailcow_path
        -./helper-scripts/mailcow-reset-admin.sh
        -
        +

        cd mailcow_path +./helper-scripts/mailcow-reset-admin.sh

        Reset MySQL Passwords

        Stop the stack by running docker-compose stop.

        When the containers came to a stop, run this command:

        -
        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow
        -
        +

        docker-compose run --rm --entrypoint '/bin/sh -c "gosu mysql mysqld --skip-grant-tables & sleep 10 && mysql -hlocalhost -uroot && exit 0"' mysql-mailcow

        1. Find database name

        -
        # source mailcow.conf
        -# docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
        -MariaDB [(none)]> show databases;
        +

        ```

        +

        source mailcow.conf

        +

        docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}

        +

        MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ @@ -2565,49 +2602,47 @@ MariaDB [(none)]> show databases; | performance_schema | +--------------------+ 4 rows in set (0.00 sec) -

        +```

        2. Reset one or more users

        2.1 Maria DB < 10.4 (older mailcow installations)

        Both "password" and "authentication_string" exist. Currently "password" is used, but better set both.

        -
        MariaDB [(none)]> SELECT user FROM mysql.user;
        +

        ``` +MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ -2 rows in set (0.00 sec) - +2 rows in set (0.00 sec)

        +

        MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; +MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; MariaDB [(none)]> FLUSH PRIVILEGES; -MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('gotr00t'), password = PASSWORD('gotr00t') WHERE User = 'root'; -MariaDB [(none)]> UPDATE mysql.user SET authentication_string = PASSWORD('mookuh'), password = PASSWORD('mookuh') WHERE User = 'mailcow' AND Host = '%'; -MariaDB [(none)]> FLUSH PRIVILEGES; -

        +```

        2.2 Maria DB >= 10.4 (current mailcows)

        -
        MariaDB [(none)]> SELECT user FROM mysql.user;
        +

        ``` +MariaDB [(none)]> SELECT user FROM mysql.user; +--------------+ | user | +--------------+ | mailcow | <===== | root | +--------------+ -2 rows in set (0.00 sec) - +2 rows in set (0.00 sec)

        +

        MariaDB [(none)]> FLUSH PRIVILEGES; +MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; +MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; +MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; MariaDB [(none)]> FLUSH PRIVILEGES; -MariaDB [(none)]> ALTER USER 'mailcow'@'%' IDENTIFIED BY 'mookuh'; -MariaDB [(none)]> ALTER USER 'root'@'%' IDENTIFIED BY 'gotr00t'; -MariaDB [(none)]> ALTER USER 'root'@'localhost' IDENTIFIED BY 'gotr00t'; -MariaDB [(none)]> FLUSH PRIVILEGES; -

        +```

        Remove Two-Factor Authentication

        For mailcow WebUI:

        This works similar to resetting a MySQL password, now we do it from the host without connecting to the MySQL CLI:

        -
        source mailcow.conf
        -docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"
        -
        +

        source mailcow.conf +docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DELETE FROM tfa WHERE username='YOUR_USERNAME';"

        For SOGo:

        -
        docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'
        -
        +

        docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@example.com SOGoGoogleAuthenticatorEnabled '{"SOGoGoogleAuthenticatorEnabled":0}'


        diff --git a/troubleshooting/debug-reset_tls/index.html b/troubleshooting/debug-reset_tls/index.html index db8481e85..417e0e031 100644 --- a/troubleshooting/debug-reset_tls/index.html +++ b/troubleshooting/debug-reset_tls/index.html @@ -2346,14 +2346,13 @@

        Reset TLS certificates

        In case you encounter problems with your certificate, key or Let's Encrypt account, please try to reset the TLS assets:

        -
        source mailcow.conf
        +

        source mailcow.conf docker-compose down rm -rf data/assets/ssl mkdir data/assets/ssl -openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes +openssl req -x509 -newkey rsa:4096 -keyout data/assets/ssl-example/key.pem -out data/assets/ssl-example/cert.pem -days 365 -subj "/C=DE/ST=NRW/L=Willich/O=mailcow/OU=mailcow/CN=${MAILCOW_HOSTNAME}" -sha256 -nodes cp -n -d data/assets/ssl-example/*.pem data/assets/ssl/ -docker-compose up -d -

        +docker-compose up -d

        This will stop mailcow, source the variables we need, create a self-signed certificate and start mailcow.

        If you use Let's Encrypt you should be careful as you will create a new account and a new set of certificates. You will run into a ratelimit sooner or later.

        Please also note that previous TLSA records will be invalid.

        diff --git a/troubleshooting/debug-rm_volumes/index.html b/troubleshooting/debug-rm_volumes/index.html index 34bed26ff..4efeec883 100644 --- a/troubleshooting/debug-rm_volumes/index.html +++ b/troubleshooting/debug-rm_volumes/index.html @@ -2348,8 +2348,7 @@

        You may want to remove a set of persistent data to resolve a conflict or to start over.

        mailcowdockerized can vary and depends on your compose project name (if it's unchanged, mailcowdockerized is the correct value). If you are unsure about volume names, run docker volume ls for a full list.

        Delete a single volume:

        -
        docker volume rm mailcowdockerized_${VOLUME_NAME}
        -
        +

        docker volume rm mailcowdockerized_${VOLUME_NAME}