Installing Mailcow and Mailman3 based on dockerized versions¶
+This guide is a copy from dockerized-mailcow-mailman. Please post issues, questions and improvements in the issue tracker there.
+Introduction¶
+This guide aims to install and configure mailcow-dockerized with docker-mailman and to provide some useful scripts. An essential condition is, to preserve Mailcow and Mailman in their own installations for independent updates.
+There are some guides and projects on the internet, but they are not up to date and/or incomplete in documentation or configuration. This guide is based on the work of:
+ +After finishing this guide, mailcow-dockerized and docker-mailman will run and Apache as a reverse proxy will serve the web frontends.
+The operating system used is an Ubuntu 20.04 LTS.
+Disclaimer¶
+I'm not responsible for any data loss, hardware damage or broken keyboards. This guide comes without any warranty. Make backups before starting, 'coze: No backup no pity!
+Installation¶
+This guide ist based on different steps:
+-
+
- DNS setup +
- Install Apache as a reverse proxy +
- Obtain ssl certificates with Let's Encrypt +
- Install Mailcow with Mailman integration +
- Install Mailman +
- 🏃 Run +
DNS setup¶
+Most of the configuration ist covered by Mailcows DNS setup. After finishing this setup add another subdomain for Mailman, e.g. lists.example.org that points to the same server:
# Name Type Value
+lists IN A 1.2.3.4
+lists IN AAAA dead:beef
+Install Apache as a reverse proxy¶
+Install Apache, e.g. with this guide from Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04.
+Activate certain Apache modules (as root or sudo):
+a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
+Maybe you have to install further packages to get these modules. This PPA by Ondřej Surý may help you.
+vhost configuration¶
+Copy the mailcow.conf and the mailman.conf to the Apache conf folder sites-available (e.g. under /etc/apache2/sites-available).
Change in mailcow.conf:
+- MAILCOW_HOSTNAME to your MAILCOW_HOSTNAME
Change in mailman.conf:
+- MAILMAN_DOMAIN to your Mailman domain (e.g. lists.example.org)
Don't activate the configuration, as the ssl certificates and directories are missing yet.
+Obtain ssl certificates with Let's Encrypt¶
+Check if your DNS config is available over the internet and points to the right IP addresses, e.g. with MXToolBox:
+-
+
- https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILCOW_HOSTNAME +
- https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILCOW_HOSTNAME +
- https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILMAN_DOMAIN +
- https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN +
Install certbot (as root or sudo):
+apt install certbot
+Get the desired certificates (as root or sudo):
+certbot certonly -d MAILCOW_HOSTNAME
+certbot certonly -d MAILMAN_DOMAIN
+Install Mailcow with Mailman integration¶
+install Mailcow¶
+Follow the Mailcow installation. Omit step 5 and do not pull and up with docker-compose!
configure Mailcow¶
+This is also Step 4 in the official Mailcow installation (nano mailcow.conf). So change to your needs and alter the following variables:
HTTP_PORT=18080 # don't use 8080 as mailman needs it
+HTTP_BIND=127.0.0.1 #
+HTTPS_PORT=18443 # you may use 8443
+HTTPS_BIND=127.0.0.1 #
+
+SKIP_LETS_ENCRYPT=y # reverse proxy will do the ssl termination
+
+SNAT_TO_SOURCE=1.2.3.4 # change this to your ipv4
+SNAT6_TO_SOURCE=dead:beef # change this to your global ipv6
+add Mailman integration¶
+Create the file /opt/mailcow-dockerized/docker-compose.override.yml (e.g. with nano) and add the following lines:
version: '2.1'
+
+services:
+ postfix-mailcow:
+ volumes:
+ - /opt/mailman:/opt/mailman
+ networks:
+ - docker-mailman_mailman
+
+networks:
+ docker-mailman_mailman:
+ external: true
+/opt/mailcow-dockerized/data/conf/postfix/extra.cf (e.g. with nano) and add the following lines:
+# mailman
+
+recipient_delimiter = +
+unknown_local_recipient_reject_code = 550
+owner_request_special = no
+
+local_recipient_maps =
+ regexp:/opt/mailman/core/var/data/postfix_lmtp,
+ proxy:unix:passwd.byname,
+ $alias_maps
+virtual_mailbox_maps =
+ proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf,
+ regexp:/opt/mailman/core/var/data/postfix_lmtp
+transport_maps =
+ pcre:/opt/postfix/conf/custom_transport.pcre,
+ pcre:/opt/postfix/conf/local_transport,
+ proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
+ proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
+ regexp:/opt/mailman/core/var/data/postfix_lmtp
+relay_domains =
+ proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf,
+ regexp:/opt/mailman/core/var/data/postfix_domains
+relay_recipient_maps =
+ proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
+ regexp:/opt/mailman/core/var/data/postfix_lmtp
+ssl certificates¶
+As we proxying Mailcow, we need to copy the ssl certificates into the Mailcow file structure. This task will do the script renew-ssl.sh for us:
+-
+
- copy the file to
/opt/mailcow-dockerized
+ - change MAILCOW_HOSTNAME to your Mailcow hostname +
- make it executable (
chmod a+x renew-ssl.sh)
+ - do not run it yet, as we first need Mailman +
You have to create a cronjob, so that new certificates will be copied. Execute as root or sudo:
+crontab -e
+To run the script every day at 5am, add:
+0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh
+Install Mailman¶
+Basicly follow the instructions at docker-mailman. As they are a lot, here is in a nuthshell what to do:
+As root or sudo:
+cd /opt
+mkdir -p mailman/core
+mkdir -p mailman/web
+git clone https://github.com/maxking/docker-mailman
+cd docker-mailman
+configure Mailman¶
+Create a long key for Hyperkitty, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as HYPERKITTY_KEY.
Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this password for a moment as DBPASS.
Create a long key for Django, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo. Save this key for a moment as DJANGO_KEY.
Create the file /opt/docker-mailman/docker-compose.override.yaml and replace HYPERKITTY_KEY, DBPASS and DJANGO_KEY with the generated values:
version: '2'
+
+services:
+ mailman-core:
+ environment:
+ - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
+ - HYPERKITTY_API_KEY=HYPERKITTY_KEY
+ - TZ=Europe/Berlin
+ - MTA=postfix
+ restart: always
+ networks:
+ - mailman
+
+ mailman-web:
+ environment:
+ - DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
+ - HYPERKITTY_API_KEY=HYPERKITTY_KEY
+ - TZ=Europe/Berlin
+ - SECRET_KEY=DJANGO_KEY
+ - SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org
+ - MAILMAN_ADMIN_USER=admin # the admin user
+ - MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address
+ - UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
+ restart: always
+
+ database:
+ environment:
+ - POSTGRES_PASSWORD=DBPASS
+ restart: always
+At mailman-web fill in correct values for SERVE_FROM_DOMAIN (e.g. lists.example.org), MAILMAN_ADMIN_USER and MAILMAN_ADMIN_EMAIL. You need the admin credentials to log into the web interface (Pistorius). For setting the password for the first time use the Forgot password function in the web interface.
About other configuration options read Mailman-web and Mailman-core documentation.
+configure Mailman core and Mailman web¶
+Create the file /opt/mailman/core/mailman-extra.cfg with the following content. mailman@example.org should be pointing to a valid mail box or redirection.
[mailman]
+default_language: de
+site_owner: mailman@example.org
+Create the file /opt/mailman/web/settings_local.py with the following content. mailman@example.org should be pointing to a valid mail box or redirection.
# locale
+LANGUAGE_CODE = 'de-de'
+
+# disable social authentication
+SOCIALACCOUNT_PROVIDERS = {}
+
+# change it
+DEFAULT_FROM_EMAIL = 'mailman@example.org'
+
+DEBUG = False
+LANGUAGE_CODE and SOCIALACCOUNT_PROVIDERS to your needs. At the moment SOCIALACCOUNT_PROVIDERS has no effect, see issue #2.
+🏃 Run¶
+Run (as root or sudo)
+a2ensite mailcow.conf
+a2ensite mailman.conf
+systemctl restart apache2
+
+cd /opt/docker-mailman
+docker-compose pull
+docker-compose up -d
+
+cd /opt/mailcow-dockerized/
+docker-compose pull
+./renew-ssl.sh
+Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.
+Remarks¶
+New lists aren't recognized by postfix instantly¶
+When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist, because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp is not instantly updated. If you need the list instantly, restart postifx manually:
cd /opt/mailcow-dockerized
+docker-compose restart postfix-mailcow
+Update¶
+Mailcow has it's own update script in `/opt/mailcow-dockerized/update.sh', see the docs.
+For Mailman just fetch the newest version from the github repository.
+Backup¶
+Mailcow has an own backup script. Read the docs for further informations.
+Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.
+ToDo¶
+install script¶
+Write a script like in mailman-mailcow-integration/mailman-install.sh as many of the steps are automatable.
+-
+
- Ask for all the configuration variables and create passwords and keys. +
- Do a (semi-)automatic installation. +
- Have fun! +