Merge branch 'master' of github.com:mailcow/mailcow-dockerized-docs

Dieser Commit ist enthalten in:
andryyy 2021-05-28 11:11:37 +02:00
Commit 9d06f62833
10 geänderte Dateien mit 121 neuen und 42 gelöschten Zeilen

Datei anzeigen

@ -14,14 +14,14 @@ jobs:
run: | run: |
sudo apt-get -y update sudo apt-get -y update
sudo apt-get -y install python3-pip sudo apt-get -y install python3-pip
pip install mkdocs-material pygments==2.8.1 mkdocs-redirects pip install mkdocs-material==7.1.5 pygments==2.9.0 mkdocs-redirects==1.0.3
- name: Build site 🔧 - name: Build site 🔧
run: | run: |
mkdocs build --verbose --clean mkdocs build --verbose --clean
- name: Deploy 🚀 - name: Deploy 🚀
uses: JamesIves/github-pages-deploy-action@4.1.1 uses: JamesIves/github-pages-deploy-action@4.1.3
with: with:
branch: gh-pages # The branch the action should deploy to. branch: gh-pages # The branch the action should deploy to.
folder: site # The folder the action should deploy. folder: site # The folder the action should deploy.

Datei anzeigen

@ -9,6 +9,6 @@ https://mailcow.github.io/mailcow-dockerized-docs
To build it locally, you need the [Material theme for MkDocs](https://squidfunk.github.io/mkdocs-material/), [MkDocs](https://www.mkdocs.org/) itself and [Pygments](http://pygments.org/). To install these with [pip](https://pip.pypa.io/en/stable/) and get it up and running, fire up your terminal and enter To build it locally, you need the [Material theme for MkDocs](https://squidfunk.github.io/mkdocs-material/), [MkDocs](https://www.mkdocs.org/) itself and [Pygments](http://pygments.org/). To install these with [pip](https://pip.pypa.io/en/stable/) and get it up and running, fire up your terminal and enter
``` ```
pip install mkdocs-material pip install mkdocs-material==7.1.5 pygments==2.9.0 mkdocs-redirects==1.0.3
mkdocs serve mkdocs serve
``` ```

Datei anzeigen

@ -1,5 +1,7 @@
### Backup ### Backup
#### Manual
You can use the provided script `helper-scripts/backup_and_restore.sh` to backup mailcow automatically. You can use the provided script `helper-scripts/backup_and_restore.sh` to backup mailcow automatically.
Please do not copy this script to another location. Please do not copy this script to another location.
@ -30,3 +32,43 @@ To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variab
``` ```
MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all
``` ```
#### Cronjob
You can run the backup script regularly via cronjob. Make sure `BACKUP_LOCATION` exists:
```
5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3
```
Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution).
This following script may be placed in `/etc/cron.daily/mailcow-backup` - do not forget to mark it as executable via `chmod +x`:
```
#!/bin/sh
# Backup mailcow data
# https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/
set -e
OUT="$(mktemp)"
export MAILCOW_BACKUP_LOCATION="/opt/backup"
SCRIPT="/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh"
PARAMETERS="backup all"
OPTIONS="--delete-days 30"
# run command
set +e
"${SCRIPT}" ${PARAMETERS} ${OPTIONS} 2>&1 > "$OUT"
RESULT=$?
if [ $RESULT -ne 0 ]
then
echo "${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:"
echo "RESULT=$RESULT"
echo "STDOUT / STDERR:"
cat "$OUT"
fi
```

Datei anzeigen

@ -1,7 +1,7 @@
if (window.location.href.indexOf('/client/') >= 0) { if (window.location.href.indexOf('/client/') >= 0) {
window.window.addEventListener('load', function () { window.window.addEventListener('load', function () {
function setCookie(name, value) { function setCookie(name, value) {
document.cookie = encodeURIComponent(name) + "=" + encodeURIComponent(value) + "; path=/"; sessionStorage.setItem(name, value);
} }
function getParameterByName(name) { function getParameterByName(name) {
@ -39,18 +39,7 @@ if (window.location.href.indexOf('/client/') >= 0) {
if (window.location.href.indexOf('/client') >= 0) { if (window.location.href.indexOf('/client') >= 0) {
window.window.addEventListener('load', function () { window.window.addEventListener('load', function () {
function getCookie(cn) { function getCookie(cn) {
var fixedcn = encodeURIComponent(cn); return sessionStorage.getItem(cn);
var cs = document.cookie.split(';');
for (var i = 0; i < cs.length; i++) {
var c = cs[i];
while (c.charAt(0) == ' ') {
c = c.substring(1);
}
if (c.indexOf(fixedcn + "=") == 0) {
return decodeURIComponent(c.substring(cn.length + 1, c.length));
}
}
return "";
} }
/* Hide variable fields if no values are available */ /* Hide variable fields if no values are available */

Datei anzeigen

@ -1,11 +1,39 @@
Per default mailcow considers all networks as untrusted, except for its own IPV4_NETWORK and IPV6_NETWORK scope. Though it is reasonable in most cases, you may want to loosen this restriction under certain circumstances to allow connections from other networks. By default mailcow considers **all networks as untrusted** excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction.
To change this behaviour override the default value of `mynetworks` parameter through the `data/conf/postfix/extra.cf` configuration file. By default mailcow uses `mynetworks_style = subnet` to determine internal subnets and leaves `mynetworks` unconfigured.
**Important**: Do **not** remove the networks listed as `IPV4_NETWORK` and `IPV6_NETWORK` in your mailcow.conf. You should also keep local addresses. To add `1.2.3.4/32` it may look like the configuration below: If you decide to set `mynetworks`, Postfix ignores the mynetworks_style setting. This means you **have to** add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually!
## Unauthenticated relaying
!!! Warning
Incorrect setup of `mynetworks` will allow your server to be used as an open relay. If abused, this **will** affect your ability to send emails and can take some time to be resolved.
### IPv4 hosts/subnets
To add the subnet `192.168.2.0/24` to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:
Edit `data/conf/postfix/extra.cf`:
``` ```
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 1.2.3.4/32 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24
``` ```
Per default we use "mynetworks_style = subnet" to only include local networks we are part of. Run `docker-compose restart postfix-mailcow` to apply your new settings.
### IPv6 hosts/subnets
Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets `[]` with the netmask appended.
To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes:
Edit `data/conf/postfix/extra.cf`:
```
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32
```
Run `docker-compose restart postfix-mailcow` to apply your new settings.
!!! Info
More information about mynetworks can be found in the [Postfix documentation](http://www.postfix.org/postconf.5.html#mynetworks).

Datei anzeigen

@ -84,9 +84,11 @@ Here are some tools you can use to verify your DNS configuration:
## Misc ## Misc
### Optional DMARC Statistics ### Optional DMARC Statistics
If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services, or self-host your own.
**NOTE:** It is worth considering that if you request DMARC statistic reports to your mailcow server, if there are issues with that domain you may not get accurate results. You can consider using an alternative email domain for recieving DMARC reports. If you are interested in statistics, you can additionally register with some of the many below DMARC statistic services - or self-host your own.
!!! Tip
It is worth considering that if you request DMARC statistic reports to your mailcow server and your mailcow server is not configured correctly to receive these reports, you may not get accurate and complete results. Please consider using an alternative email domain for receiving DMARC reports.
It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools avaialble, but only a small few of the many choices. It is worth mentioning, that the following suggestions are not a comprehensive list of all services and tools avaialble, but only a small few of the many choices.
@ -96,18 +98,15 @@ It is worth mentioning, that the following suggestions are not a comprehensive l
- [Postmark](https://dmarc.postmarkapp.com) - [Postmark](https://dmarc.postmarkapp.com)
- [Dmarcian](https://dmarcian.com/) - [Dmarcian](https://dmarcian.com/)
**NOTE:** The services may provide you with a TXT record, which you would insert into your DNS records as the provider specifies. This record will give you details about spam-classified mails by your domain. However, please ensure to read the providers documentation from the service you choose, as this process may vary and not all providers may use a TXT record. !!! Tip
### Email Test for SPF, DKIM and DMARC: These services may provide you with a TXT record you need to insert into your DNS records as the provider specifies. Please ensure to read the providers documentation from the service you choose as this process may vary.
To test send an email to the email below and wait for a reply: ### Email test for SPF, DKIM and DMARC:
check-auth@verifier.port25.com To run a rudimentary email authentication check, send a mail to `check-auth at verifier.port25.com` and wait for a reply. You will find a report similar to the following:
You will get a report back that looks like the following:
``` ```
========================================================== ==========================================================
Summary of Results Summary of Results
========================================================== ==========================================================
@ -122,8 +121,10 @@ Details:
========================================================== ==========================================================
.... ....
``` ```
The full report will contain more technical details this is just the first section, we found this to be quite usful for testing both outgoing mail and spam scores.
The full report will contain more technical details.
### Fully Qualified Domain Name (FQDN) ### Fully Qualified Domain Name (FQDN)
[^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`. [^1]: A **Fully Qualified Domain Name** (**FQDN**) is the complete (absolute) domain name for a specific computer or host, on the Internet. The FQDN consists of at least three parts divided by a dot: the hostname (myhost), the domain name (mydomain) and the top level domain in short **tld** (com). In the example of `mx.mailcow.email` the hostname would be `mx`, the domain name `mailcow` and the tld `email`.

Datei anzeigen

@ -2,9 +2,9 @@ Download Roundcube 1.4.x to the web htdocs directory and extract it (here `rc/`)
``` ```
# Check for a newer release! # Check for a newer release!
cd data/web cd data/web
wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.4.9/roundcubemail-1.4.9-complete.tar.gz | tar xfvz - wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.4.11/roundcubemail-1.4.11-complete.tar.gz | tar xfvz -
# Change folder name # Change folder name
mv roundcubemail-1.4.9 rc mv roundcubemail-1.4.11 rc
# Change permissions # Change permissions
chown -R root: rc/ chown -R root: rc/
``` ```

Datei anzeigen

@ -6,10 +6,17 @@ nano data/conf/nginx/my_custom_site.conf
A good template to begin with: A good template to begin with:
``` hl_lines="9" ``` hl_lines="16"
server { server {
ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem; ssl_certificate_key /etc/ssl/mail/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
index index.php index.html; index index.php index.html;
client_max_body_size 0; client_max_body_size 0;
root /web; root /web;
@ -31,10 +38,17 @@ server {
Another example with a reverse proxy configuration: Another example with a reverse proxy configuration:
``` hl_lines="9 21" ``` hl_lines="16 28"
server { server {
ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate /etc/ssl/mail/cert.pem;
ssl_certificate_key /etc/ssl/mail/key.pem; ssl_certificate_key /etc/ssl/mail/key.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305;
ssl_ecdh_curve X25519:X448:secp384r1:secp256k1;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
index index.php index.html; index index.php index.html;
client_max_body_size 0; client_max_body_size 0;
root /web; root /web;

Datei anzeigen

@ -1,10 +1,15 @@
SOGo is used for accessing your mails via a webbrowser, adding and sharing your contacts or calendars. For a more in-depth documentation on SOGo please visit its [own documentation](http://wiki.sogo.nu/). SOGo is used for accessing your mails via a webbrowser, adding and sharing your contacts or calendars. For a more in-depth documentation on SOGo please visit its [own documentation](http://wiki.sogo.nu/).
## Change theme ## Apply custom SOGo theme
mailcow builds after 28 January 2021 can change SOGo's theme by editing `data/conf/sogo/custom-theme.js`. mailcow builds after 28 January 2021 can change SOGo's theme by editing `data/conf/sogo/custom-theme.js`.
Please check the AngularJS Material [intro](https://material.angularjs.org/latest/Theming/01_introduction) and [documentation](https://material.angularjs.org/latest/Theming/03_configuring_a_theme) as well as the [material style guideline](https://material.io/archive/guidelines/style/color.html#color-color-palette) to learn how this works. Please check the AngularJS Material [intro](https://material.angularjs.org/latest/Theming/01_introduction) and [documentation](https://material.angularjs.org/latest/Theming/03_configuring_a_theme) as well as the [material style guideline](https://material.io/archive/guidelines/style/color.html#color-color-palette) to learn how this works.
After you updated said file you need to restart SOGo and Memcached containers by executing `docker-compose restart memcached-mailcow sogo-mailcow`.
You can use the provided `custom-theme.js` as an example starting point by removing the comments.
After you modified `data/conf/sogo/custom-theme.js` and made changes to your new SOGo theme you need to
* edit `data/conf/sogo/sogo.conf` and append/set `SOGoUIxDebugEnabled = YES;`
* restart SOGo and Memcached containers by executing `docker-compose restart memcached-mailcow sogo-mailcow`.
## Reset to SOGo default theme ## Reset to SOGo default theme
Checkout `data/conf/sogo/custom-theme.js` by executing `git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js` Checkout `data/conf/sogo/custom-theme.js` by executing `git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js`
@ -19,9 +24,9 @@ Find in `data/conf/sogo/custom-theme.js`:
'hue-3': 'A700' 'hue-3': 'A700'
}) })
.accentPalette('green', { .accentPalette('green', {
'default': '600', // background color of fab buttons 'default': '600', // background color of fab buttons and login screen
'hue-1': '300', // background color of center list toolbar 'hue-1': '300', // background color of center list toolbar
'hue-2': '300', 'hue-2': '300', // highlight color for selected mail and current day calendar
'hue-3': 'A700' 'hue-3': 'A700'
}) })
.backgroundPalette('frost-grey'); .backgroundPalette('frost-grey');

Datei anzeigen

@ -68,7 +68,7 @@ No, they will vanish:
- **How many client sessions can be open at the same time?** - **How many client sessions can be open at the same time?**
10 sessions are allowed per session. 10 sessions are allowed per user.
``` ```
shaper_rules: shaper_rules: