From b91f9571ff02a2574dccf69bc9525a4bb0715f6a Mon Sep 17 00:00:00 2001
From: milkmaker
webmail.example.org
zu diesem Array hinzu, verwenden Sie
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
index 14a739b76..67167ab8e 100644
--- a/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
@@ -2278,7 +2278,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html b/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
index bac5b4c5d..915cdbcfc 100644
--- a/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
@@ -2277,7 +2277,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
index 02c64b2c5..915309509 100644
--- a/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
@@ -2369,7 +2369,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
index 6c0dffb8b..2d4409715 100644
--- a/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
@@ -2280,7 +2280,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
index fd8f1dd22..3a550a253 100644
--- a/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
@@ -2283,7 +2283,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
index ec40f58e1..e89d299d0 100644
--- a/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
@@ -2286,7 +2286,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html b/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html
index d38cc3f76..59a943e01 100644
--- a/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-relayhost/index.html
@@ -2402,7 +2402,7 @@ Beachten Sie, dass die Anmeldedaten im Klartext gespeichert werden.
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
index e522d9630..b91253fe0 100644
--- a/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
+++ b/de/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
@@ -2405,7 +2405,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Redis/u_e-redis/index.html b/de/manual-guides/Redis/u_e-redis/index.html
index f108ed7e6..8c7136af2 100644
--- a/de/manual-guides/Redis/u_e-redis/index.html
+++ b/de/manual-guides/Redis/u_e-redis/index.html
@@ -2443,7 +2443,7 @@ PONG
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Rspamd/u_e-rspamd/index.html b/de/manual-guides/Rspamd/u_e-rspamd/index.html
index b808f4788..96c0305ff 100644
--- a/de/manual-guides/Rspamd/u_e-rspamd/index.html
+++ b/de/manual-guides/Rspamd/u_e-rspamd/index.html
@@ -2629,7 +2629,7 @@ quarantine_notify.py
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/SOGo/u_e-sogo/index.html b/de/manual-guides/SOGo/u_e-sogo/index.html
index edfc3ce84..7f77a5198 100644
--- a/de/manual-guides/SOGo/u_e-sogo/index.html
+++ b/de/manual-guides/SOGo/u_e-sogo/index.html
@@ -2512,7 +2512,7 @@ Nachdem Sie diese Datei ersetzt haben, müssen Sie SOGo und Memcached Container
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Unbound/u_e-unbound-fwd/index.html b/de/manual-guides/Unbound/u_e-unbound-fwd/index.html
index 40aa43e3e..801483013 100644
--- a/de/manual-guides/Unbound/u_e-unbound-fwd/index.html
+++ b/de/manual-guides/Unbound/u_e-unbound-fwd/index.html
@@ -2373,7 +2373,7 @@ cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.over
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
index f4a0e8df0..ec35f54d1 100644
--- a/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
+++ b/de/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
@@ -2648,7 +2648,7 @@ Beispiel:
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
index f49198eea..7694e3323 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
@@ -2282,7 +2282,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
index 3f47f0340..a2cc5e1d8 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
@@ -2298,7 +2298,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
index 19fecec13..d74e52333 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
@@ -2276,7 +2276,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
index 3de696696..688e7bf50 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
@@ -2377,7 +2377,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
index dcb5444e2..d4bd25bcb 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
@@ -2286,7 +2286,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
index cb10b7c1f..c4c4f5e9b 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
@@ -2277,7 +2277,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
index 4bd6e3cf8..2c2e69145 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
@@ -2281,7 +2281,7 @@ Für eine domainweite Black- und Whitelist lesen Sie bitte unsere Anleitung zu <
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
index 739149ed9..d95eeeea7 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
@@ -2360,7 +2360,7 @@ index e047136e..933c4137 100644
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
index 4c979b4d2..d7d23fe6e 100644
--- a/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
+++ b/de/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
@@ -2574,7 +2574,7 @@ Diese Herstellerzertifikate werden nur zur Überprüfung der Originalhardware ve
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/u_e-80_to_443/index.html b/de/manual-guides/u_e-80_to_443/index.html
index 9ee44ac65..97b7c5ec9 100644
--- a/de/manual-guides/u_e-80_to_443/index.html
+++ b/de/manual-guides/u_e-80_to_443/index.html
@@ -2297,7 +2297,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/u_e-autodiscover_config/index.html b/de/manual-guides/u_e-autodiscover_config/index.html
index 8a02a3fde..f0cab974f 100644
--- a/de/manual-guides/u_e-autodiscover_config/index.html
+++ b/de/manual-guides/u_e-autodiscover_config/index.html
@@ -2318,7 +2318,7 @@ $autodiscover_config = array(
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/u_e-reeanble-weak-protocols/index.html b/de/manual-guides/u_e-reeanble-weak-protocols/index.html
index f8dccfd46..18fcf862e 100644
--- a/de/manual-guides/u_e-reeanble-weak-protocols/index.html
+++ b/de/manual-guides/u_e-reeanble-weak-protocols/index.html
@@ -2286,7 +2286,7 @@ smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/u_e-update-hooks/index.html b/de/manual-guides/u_e-update-hooks/index.html
index bb166732d..0ff60db21 100644
--- a/de/manual-guides/u_e-update-hooks/index.html
+++ b/de/manual-guides/u_e-update-hooks/index.html
@@ -2280,7 +2280,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/manual-guides/u_e-why_unbound/index.html b/de/manual-guides/u_e-why_unbound/index.html
index cf14aab20..3b915b649 100644
--- a/de/manual-guides/u_e-why_unbound/index.html
+++ b/de/manual-guides/u_e-why_unbound/index.html
@@ -2277,7 +2277,7 @@ Wenn Sie einen öffentlichen Resolver wie Google 4x8, OpenDNS oder einen anderen
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/models/model-acl/index.html b/de/models/model-acl/index.html
index 3f68d9713..8b9754ebe 100644
--- a/de/models/model-acl/index.html
+++ b/de/models/model-acl/index.html
@@ -2291,7 +2291,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/models/model-passwd/index.html b/de/models/model-passwd/index.html
index 476794e92..b08d2dfed 100644
--- a/de/models/model-passwd/index.html
+++ b/de/models/model-passwd/index.html
@@ -2395,7 +2395,7 @@ Wenn SOGo deaktiviert ist, können alle unten aufgeführten Hashing-Methoden von
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/models/model-sender_rcv/index.html b/de/models/model-sender_rcv/index.html
index d884f5d7b..2dad54d8f 100644
--- a/de/models/model-sender_rcv/index.html
+++ b/de/models/model-sender_rcv/index.html
@@ -2369,7 +2369,7 @@ Ihnen den Zugang wie oben beschrieben gewähren.
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-disable_ipv6/index.html b/de/post_installation/firststeps-disable_ipv6/index.html
index c2f5c1ea0..905e635b9 100644
--- a/de/post_installation/firststeps-disable_ipv6/index.html
+++ b/de/post_installation/firststeps-disable_ipv6/index.html
@@ -2323,7 +2323,7 @@ inet_protocols = ipv4
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-dmarc_reporting/index.html b/de/post_installation/firststeps-dmarc_reporting/index.html
index d2244ee60..0588ed9cf 100644
--- a/de/post_installation/firststeps-dmarc_reporting/index.html
+++ b/de/post_installation/firststeps-dmarc_reporting/index.html
@@ -2502,7 +2502,7 @@ docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;2021
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-ip_bindings/index.html b/de/post_installation/firststeps-ip_bindings/index.html
index 9a8488a9a..a79b5be46 100644
--- a/de/post_installation/firststeps-ip_bindings/index.html
+++ b/de/post_installation/firststeps-ip_bindings/index.html
@@ -2412,7 +2412,7 @@ services:
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-local_mta/index.html b/de/post_installation/firststeps-local_mta/index.html
index f7a5e0a12..2b5304544 100644
--- a/de/post_installation/firststeps-local_mta/index.html
+++ b/de/post_installation/firststeps-local_mta/index.html
@@ -2287,7 +2287,7 @@ Das Relaying über diese Schnittstelle ist notwendig (anstatt - zum Beispiel - d
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-logging/index.html b/de/post_installation/firststeps-logging/index.html
index d80ee1199..2d90a1aec 100644
--- a/de/post_installation/firststeps-logging/index.html
+++ b/de/post_installation/firststeps-logging/index.html
@@ -2472,7 +2472,7 @@ local3.* /var/log/mailcow.logs
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-rp/index.html b/de/post_installation/firststeps-rp/index.html
index 78f50be28..46fafb1be 100644
--- a/de/post_installation/firststeps-rp/index.html
+++ b/de/post_installation/firststeps-rp/index.html
@@ -2672,7 +2672,7 @@ docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-rspamd_ui/index.html b/de/post_installation/firststeps-rspamd_ui/index.html
index 2ddf64cbe..876ec99ad 100644
--- a/de/post_installation/firststeps-rspamd_ui/index.html
+++ b/de/post_installation/firststeps-rspamd_ui/index.html
@@ -2280,7 +2280,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-snat/index.html b/de/post_installation/firststeps-snat/index.html
index a9c6586df..17514141d 100644
--- a/de/post_installation/firststeps-snat/index.html
+++ b/de/post_installation/firststeps-snat/index.html
@@ -2284,7 +2284,7 @@ SNAT6_TO_SOURCE=dead:beef
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-ssl/index.html b/de/post_installation/firststeps-ssl/index.html
index 19f2fa95e..0930806ed 100644
--- a/de/post_installation/firststeps-ssl/index.html
+++ b/de/post_installation/firststeps-ssl/index.html
@@ -2625,7 +2625,7 @@ bash helper-scripts/expiry-dates.sh
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/post_installation/firststeps-sync_jobs_migration/index.html b/de/post_installation/firststeps-sync_jobs_migration/index.html
index b61c4861c..9ceeb109c 100644
--- a/de/post_installation/firststeps-sync_jobs_migration/index.html
+++ b/de/post_installation/firststeps-sync_jobs_migration/index.html
@@ -2370,7 +2370,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/prerequisite/prerequisite-dns/index.html b/de/prerequisite/prerequisite-dns/index.html
index 5dd37fd86..a486fab3b 100644
--- a/de/prerequisite/prerequisite-dns/index.html
+++ b/de/prerequisite/prerequisite-dns/index.html
@@ -2580,7 +2580,7 @@ Einzelheiten:
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/prerequisite/prerequisite-system/index.html b/de/prerequisite/prerequisite-system/index.html
index bea6ef2fd..b20d6a1df 100644
--- a/de/prerequisite/prerequisite-system/index.html
+++ b/de/prerequisite/prerequisite-system/index.html
@@ -2670,7 +2670,7 @@ Vielleicht möchten Sie 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/third_party/third_party-borgmatic/index.html b/de/third_party/third_party-borgmatic/index.html
index cb2becba5..60c3fcf0c 100644
--- a/de/third_party/third_party-borgmatic/index.html
+++ b/de/third_party/third_party-borgmatic/index.html
@@ -2649,6 +2649,7 @@ cat <<EOF > data/conf/borgmatic/etc/config.yaml
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
+ prefix: ""
hooks:
mysql_databases:
@@ -2755,7 +2756,7 @@ Repository, so dass eine manuelle Sicherung nicht so wichtig ist.
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/third_party/third_party-exchange_onprem/index.html b/de/third_party/third_party-exchange_onprem/index.html
index b00a3c185..ca9a85791 100644
--- a/de/third_party/third_party-exchange_onprem/index.html
+++ b/de/third_party/third_party-exchange_onprem/index.html
@@ -2446,7 +2446,7 @@
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/third_party/third_party-gitea/index.html b/de/third_party/third_party-gitea/index.html
index 5a28dfa76..49e3c0c21 100644
--- a/de/third_party/third_party-gitea/index.html
+++ b/de/third_party/third_party-gitea/index.html
@@ -2310,7 +2310,7 @@ ROOT_URL = https://mx.example.org/gitea/
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/third_party/third_party-gogs/index.html b/de/third_party/third_party-gogs/index.html
index 833df75a0..b2f5a2330 100644
--- a/de/third_party/third_party-gogs/index.html
+++ b/de/third_party/third_party-gogs/index.html
@@ -2309,7 +2309,7 @@ ROOT_URL = https://mx.example.org/gogs/
Letztes Update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/de/third_party/third_party-mailman3/index.html b/de/third_party/third_party-mailman3/index.html
index 6c036084a..66be0a4fa 100644
--- a/de/third_party/third_party-mailman3/index.html
+++ b/de/third_party/third_party-mailman3/index.html
@@ -2912,7 +2912,7 @@ docker-compose restart postfix-mailcow
mailcow hat sein eigenes Update-Skript in /opt/mailcow-dockerized/update.sh
, siehe die Dokumentation.
Für Mailman holen Sie sich einfach die neueste Version aus dem github repository.
mailcow hat ein eigenes Backup-Skript. Lies die Docs für weitere Informationen.
+mailcow hat ein eigenes Backup-Skript. Lies die Docs für weitere Informationen.
Mailman gibt keine Backup-Anweisungen in der README.md an. Im gitbucket von pgollor befindet sich ein Skript, das hilfreich sein könnte.
webmail.example.org
to this array, don't use quotes!
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
index 044702d42..d8fba86f3 100644
--- a/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
@@ -2278,7 +2278,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html b/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
index e9e9f1b12..57a1497c9 100644
--- a/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
@@ -2277,7 +2277,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
index 8f11133a6..8d9866ca3 100644
--- a/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
@@ -2368,7 +2368,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
index 9a5f24bd5..7ede47a4c 100644
--- a/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
@@ -2280,7 +2280,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
index 9555f074b..3894dd1d1 100644
--- a/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
@@ -2283,7 +2283,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
index f0546ecc7..24b87caf6 100644
--- a/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
@@ -2286,7 +2286,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html b/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html
index 7283ff7d8..ebb810966 100644
--- a/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-relayhost/index.html
@@ -2401,7 +2401,7 @@ Keep in mind the credentials will be stored in plain text.
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
index 5fc2b34fb..af3a71f9c 100644
--- a/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
+++ b/en/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
@@ -2404,7 +2404,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Redis/u_e-redis/index.html b/en/manual-guides/Redis/u_e-redis/index.html
index 6ab44f4b0..2086a9e73 100644
--- a/en/manual-guides/Redis/u_e-redis/index.html
+++ b/en/manual-guides/Redis/u_e-redis/index.html
@@ -2443,7 +2443,7 @@ PONG
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Rspamd/u_e-rspamd/index.html b/en/manual-guides/Rspamd/u_e-rspamd/index.html
index 0ae2b0728..9a427c505 100644
--- a/en/manual-guides/Rspamd/u_e-rspamd/index.html
+++ b/en/manual-guides/Rspamd/u_e-rspamd/index.html
@@ -2646,7 +2646,7 @@ quarantine_notify.py
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/SOGo/u_e-sogo/index.html b/en/manual-guides/SOGo/u_e-sogo/index.html
index 594dbd012..e1f6ea64b 100644
--- a/en/manual-guides/SOGo/u_e-sogo/index.html
+++ b/en/manual-guides/SOGo/u_e-sogo/index.html
@@ -2512,7 +2512,7 @@ After you replaced said file you need to restart SOGo and Memcached containers b
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Unbound/u_e-unbound-fwd/index.html b/en/manual-guides/Unbound/u_e-unbound-fwd/index.html
index 601a223c2..87d52c5c2 100644
--- a/en/manual-guides/Unbound/u_e-unbound-fwd/index.html
+++ b/en/manual-guides/Unbound/u_e-unbound-fwd/index.html
@@ -2373,7 +2373,7 @@ cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.over
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
index 9e1fad566..69b4836c7 100644
--- a/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
+++ b/en/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
@@ -2647,7 +2647,7 @@ Example:
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
index f9ca2a68c..8d2200bb4 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
@@ -2282,7 +2282,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
index d4b963aad..24b02e6a9 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
@@ -2298,7 +2298,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
index c901a2ffd..996e9e861 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
@@ -2276,7 +2276,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
index efd4c0732..06264f698 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
@@ -2377,7 +2377,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
index 8a0962b5d..f0da15750 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
@@ -2286,7 +2286,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
index 6f6f8b21d..10dbf02ad 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
@@ -2277,7 +2277,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
index 9e8044d91..912fb3897 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
@@ -2281,7 +2281,7 @@ For a domain wide black- and whitelist please check our guide on 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
index b053ee64b..bb63777ac 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
@@ -2360,7 +2360,7 @@ index e047136e..933c4137 100644
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
index 0884c453a..180499bb8 100644
--- a/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
+++ b/en/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
@@ -2575,7 +2575,7 @@ These vendor certificates are only used to verify original hardware, not to secu
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/u_e-80_to_443/index.html b/en/manual-guides/u_e-80_to_443/index.html
index 4ff4e893a..a9de4220c 100644
--- a/en/manual-guides/u_e-80_to_443/index.html
+++ b/en/manual-guides/u_e-80_to_443/index.html
@@ -2297,7 +2297,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/u_e-autodiscover_config/index.html b/en/manual-guides/u_e-autodiscover_config/index.html
index b1029630e..d2feeb6cf 100644
--- a/en/manual-guides/u_e-autodiscover_config/index.html
+++ b/en/manual-guides/u_e-autodiscover_config/index.html
@@ -2318,7 +2318,7 @@ $autodiscover_config = array(
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/u_e-reeanble-weak-protocols/index.html b/en/manual-guides/u_e-reeanble-weak-protocols/index.html
index 174165b32..d664e85a8 100644
--- a/en/manual-guides/u_e-reeanble-weak-protocols/index.html
+++ b/en/manual-guides/u_e-reeanble-weak-protocols/index.html
@@ -2286,7 +2286,7 @@ smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/u_e-update-hooks/index.html b/en/manual-guides/u_e-update-hooks/index.html
index 3967af1a1..3a0a15a14 100644
--- a/en/manual-guides/u_e-update-hooks/index.html
+++ b/en/manual-guides/u_e-update-hooks/index.html
@@ -2280,7 +2280,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/manual-guides/u_e-why_unbound/index.html b/en/manual-guides/u_e-why_unbound/index.html
index b22ea8e11..f660295ba 100644
--- a/en/manual-guides/u_e-why_unbound/index.html
+++ b/en/manual-guides/u_e-why_unbound/index.html
@@ -2277,7 +2277,7 @@ Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolv
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/models/model-acl/index.html b/en/models/model-acl/index.html
index 18c75009e..8bc054f11 100644
--- a/en/models/model-acl/index.html
+++ b/en/models/model-acl/index.html
@@ -2291,7 +2291,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/models/model-passwd/index.html b/en/models/model-passwd/index.html
index 17a84df92..5aa69b424 100644
--- a/en/models/model-passwd/index.html
+++ b/en/models/model-passwd/index.html
@@ -2395,7 +2395,7 @@ With SOGo disabled, all hashing methods below will be able to be read by mailcow
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/models/model-sender_rcv/index.html b/en/models/model-sender_rcv/index.html
index c9a589cda..cc35d7985 100644
--- a/en/models/model-sender_rcv/index.html
+++ b/en/models/model-sender_rcv/index.html
@@ -2369,7 +2369,7 @@ needs to grant you access as described above.
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-disable_ipv6/index.html b/en/post_installation/firststeps-disable_ipv6/index.html
index 27f2b70aa..4f9d32578 100644
--- a/en/post_installation/firststeps-disable_ipv6/index.html
+++ b/en/post_installation/firststeps-disable_ipv6/index.html
@@ -2323,7 +2323,7 @@ inet_protocols = ipv4
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-dmarc_reporting/index.html b/en/post_installation/firststeps-dmarc_reporting/index.html
index cb46ddb45..2c9805bea 100644
--- a/en/post_installation/firststeps-dmarc_reporting/index.html
+++ b/en/post_installation/firststeps-dmarc_reporting/index.html
@@ -2502,7 +2502,7 @@ docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;2021
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-ip_bindings/index.html b/en/post_installation/firststeps-ip_bindings/index.html
index 4c147b823..af80ea518 100644
--- a/en/post_installation/firststeps-ip_bindings/index.html
+++ b/en/post_installation/firststeps-ip_bindings/index.html
@@ -2412,7 +2412,7 @@ services:
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-local_mta/index.html b/en/post_installation/firststeps-local_mta/index.html
index 898548358..f53bb8403 100644
--- a/en/post_installation/firststeps-local_mta/index.html
+++ b/en/post_installation/firststeps-local_mta/index.html
@@ -2287,7 +2287,7 @@ Relaying over this interface is necessary (instead of - for example - relaying d
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-logging/index.html b/en/post_installation/firststeps-logging/index.html
index 1fb66bb78..fc1295f6a 100644
--- a/en/post_installation/firststeps-logging/index.html
+++ b/en/post_installation/firststeps-logging/index.html
@@ -2472,7 +2472,7 @@ local3.* /var/log/mailcow.logs
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-rp/index.html b/en/post_installation/firststeps-rp/index.html
index 1973a1bb0..b86942a77 100644
--- a/en/post_installation/firststeps-rp/index.html
+++ b/en/post_installation/firststeps-rp/index.html
@@ -2630,7 +2630,7 @@ docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-rspamd_ui/index.html b/en/post_installation/firststeps-rspamd_ui/index.html
index 6cbe27b2e..a3b72972d 100644
--- a/en/post_installation/firststeps-rspamd_ui/index.html
+++ b/en/post_installation/firststeps-rspamd_ui/index.html
@@ -2280,7 +2280,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-snat/index.html b/en/post_installation/firststeps-snat/index.html
index e2920b126..9764d3ec7 100644
--- a/en/post_installation/firststeps-snat/index.html
+++ b/en/post_installation/firststeps-snat/index.html
@@ -2284,7 +2284,7 @@ SNAT6_TO_SOURCE=dead:beef
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-ssl/index.html b/en/post_installation/firststeps-ssl/index.html
index 2f0543204..88d082f7a 100644
--- a/en/post_installation/firststeps-ssl/index.html
+++ b/en/post_installation/firststeps-ssl/index.html
@@ -2625,7 +2625,7 @@ bash helper-scripts/expiry-dates.sh
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/post_installation/firststeps-sync_jobs_migration/index.html b/en/post_installation/firststeps-sync_jobs_migration/index.html
index e892096bf..8ca14b706 100644
--- a/en/post_installation/firststeps-sync_jobs_migration/index.html
+++ b/en/post_installation/firststeps-sync_jobs_migration/index.html
@@ -2370,7 +2370,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/prerequisite/prerequisite-dns/index.html b/en/prerequisite/prerequisite-dns/index.html
index c0a1d5b84..2595d650f 100644
--- a/en/prerequisite/prerequisite-dns/index.html
+++ b/en/prerequisite/prerequisite-dns/index.html
@@ -2580,7 +2580,7 @@ Details:
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/prerequisite/prerequisite-system/index.html b/en/prerequisite/prerequisite-system/index.html
index 6d8bbcfc4..8a37e18f3 100644
--- a/en/prerequisite/prerequisite-system/index.html
+++ b/en/prerequisite/prerequisite-system/index.html
@@ -2670,7 +2670,7 @@ You may want to 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/third_party/third_party-borgmatic/index.html b/en/third_party/third_party-borgmatic/index.html
index f8e85b7ab..9ba001264 100644
--- a/en/third_party/third_party-borgmatic/index.html
+++ b/en/third_party/third_party-borgmatic/index.html
@@ -2677,6 +2677,7 @@ cat <<EOF > data/conf/borgmatic/etc/config.yaml
keep_daily: 7
keep_weekly: 4
keep_monthly: 6
+ prefix: ""
hooks:
mysql_databases:
@@ -2802,7 +2803,7 @@ repository, so a manual backup isn't as essential.
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/third_party/third_party-exchange_onprem/index.html b/en/third_party/third_party-exchange_onprem/index.html
index aa3844917..46df2912f 100644
--- a/en/third_party/third_party-exchange_onprem/index.html
+++ b/en/third_party/third_party-exchange_onprem/index.html
@@ -2446,7 +2446,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/third_party/third_party-gitea/index.html b/en/third_party/third_party-gitea/index.html
index 9fe556999..935bf5850 100644
--- a/en/third_party/third_party-gitea/index.html
+++ b/en/third_party/third_party-gitea/index.html
@@ -2310,7 +2310,7 @@ ROOT_URL = https://mx.example.org/gitea/
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/third_party/third_party-gogs/index.html b/en/third_party/third_party-gogs/index.html
index 6354dce64..ec583f5bd 100644
--- a/en/third_party/third_party-gogs/index.html
+++ b/en/third_party/third_party-gogs/index.html
@@ -2309,7 +2309,7 @@ ROOT_URL = https://mx.example.org/gogs/
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/en/third_party/third_party-mailman3/index.html b/en/third_party/third_party-mailman3/index.html
index 01d6fb34c..21e462f01 100644
--- a/en/third_party/third_party-mailman3/index.html
+++ b/en/third_party/third_party-mailman3/index.html
@@ -2912,7 +2912,7 @@ docker-compose restart postfix-mailcow
mailcow has it's own update script in /opt/mailcow-dockerized/update.sh
, see the docs.
For Mailman just fetch the newest version from the github repository.
mailcow has an own backup script. Read the docs for further informations.
+mailcow has an own backup script. Read the docs for further informations.
Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.
webmail.example.org
to this array, don't use quotes!
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-attachment_size/index.html b/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
index 3d72680fa..3b1c30830 100644
--- a/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
+++ b/manual-guides/Postfix/u_e-postfix-attachment_size/index.html
@@ -2278,7 +2278,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-custom_transport/index.html b/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
index 624b5adb5..cd654e4ec 100644
--- a/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
+++ b/manual-guides/Postfix/u_e-postfix-custom_transport/index.html
@@ -2277,7 +2277,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html b/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
index 0d07cd175..79d977c87 100644
--- a/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
+++ b/manual-guides/Postfix/u_e-postfix-disable_sender_verification/index.html
@@ -2368,7 +2368,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-extra_cf/index.html b/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
index 500475eb0..f2cd7f527 100644
--- a/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
+++ b/manual-guides/Postfix/u_e-postfix-extra_cf/index.html
@@ -2280,7 +2280,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html b/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
index 12c4cdcb1..5aa73e1af 100644
--- a/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
+++ b/manual-guides/Postfix/u_e-postfix-pflogsumm/index.html
@@ -2283,7 +2283,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html b/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
index 33f140856..31680080a 100644
--- a/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
+++ b/manual-guides/Postfix/u_e-postfix-postscreen_whitelist/index.html
@@ -2286,7 +2286,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-relayhost/index.html b/manual-guides/Postfix/u_e-postfix-relayhost/index.html
index 92c6614eb..04b59eb62 100644
--- a/manual-guides/Postfix/u_e-postfix-relayhost/index.html
+++ b/manual-guides/Postfix/u_e-postfix-relayhost/index.html
@@ -2401,7 +2401,7 @@ Keep in mind the credentials will be stored in plain text.
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Postfix/u_e-postfix-trust_networks/index.html b/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
index c227fa320..5de170a45 100644
--- a/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
+++ b/manual-guides/Postfix/u_e-postfix-trust_networks/index.html
@@ -2404,7 +2404,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Redis/u_e-redis/index.html b/manual-guides/Redis/u_e-redis/index.html
index 71d75a2e5..3871440d8 100644
--- a/manual-guides/Redis/u_e-redis/index.html
+++ b/manual-guides/Redis/u_e-redis/index.html
@@ -2443,7 +2443,7 @@ PONG
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Rspamd/u_e-rspamd/index.html b/manual-guides/Rspamd/u_e-rspamd/index.html
index 41ea4b322..40bd4b462 100644
--- a/manual-guides/Rspamd/u_e-rspamd/index.html
+++ b/manual-guides/Rspamd/u_e-rspamd/index.html
@@ -2646,7 +2646,7 @@ quarantine_notify.py
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/SOGo/u_e-sogo/index.html b/manual-guides/SOGo/u_e-sogo/index.html
index bffc912df..62e73da90 100644
--- a/manual-guides/SOGo/u_e-sogo/index.html
+++ b/manual-guides/SOGo/u_e-sogo/index.html
@@ -2512,7 +2512,7 @@ After you replaced said file you need to restart SOGo and Memcached containers b
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Unbound/u_e-unbound-fwd/index.html b/manual-guides/Unbound/u_e-unbound-fwd/index.html
index 7e3363037..3ddf11d7b 100644
--- a/manual-guides/Unbound/u_e-unbound-fwd/index.html
+++ b/manual-guides/Unbound/u_e-unbound-fwd/index.html
@@ -2373,7 +2373,7 @@ cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.over
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html b/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
index 9fcfd6156..330e3d17e 100644
--- a/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
+++ b/manual-guides/Watchdog/u_e-watchdog-thresholds/index.html
@@ -2647,7 +2647,7 @@ Example:
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
index 9c25af2b2..b4c779c9c 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/index.html
@@ -2282,7 +2282,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
index 8a1d07099..e6234abfb 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-config/index.html
@@ -2298,7 +2298,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
index bb760ccd7..d88775e53 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-css/index.html
@@ -2276,7 +2276,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
index b6e878afc..0b346e687 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-fido/index.html
@@ -2377,7 +2377,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
index e7f1e4c67..164582d4d 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/index.html
@@ -2286,7 +2286,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
index a75f9e16c..4770548f3 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/index.html
@@ -2277,7 +2277,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
index c033f8d9a..411f7631b 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/index.html
@@ -2281,7 +2281,7 @@ For a domain wide black- and whitelist please check our guide on 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
index d6206f0e4..9520f3a9a 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/index.html
@@ -2360,7 +2360,7 @@ index e047136e..933c4137 100644
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html b/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
index 7f7d246b8..1322506bb 100644
--- a/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
+++ b/manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/index.html
@@ -2575,7 +2575,7 @@ These vendor certificates are only used to verify original hardware, not to secu
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/u_e-80_to_443/index.html b/manual-guides/u_e-80_to_443/index.html
index 16207daaf..9125926bd 100644
--- a/manual-guides/u_e-80_to_443/index.html
+++ b/manual-guides/u_e-80_to_443/index.html
@@ -2297,7 +2297,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/u_e-autodiscover_config/index.html b/manual-guides/u_e-autodiscover_config/index.html
index 732371ac6..b889e34d5 100644
--- a/manual-guides/u_e-autodiscover_config/index.html
+++ b/manual-guides/u_e-autodiscover_config/index.html
@@ -2318,7 +2318,7 @@ $autodiscover_config = array(
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/u_e-reeanble-weak-protocols/index.html b/manual-guides/u_e-reeanble-weak-protocols/index.html
index 4adb8282b..c24c339b8 100644
--- a/manual-guides/u_e-reeanble-weak-protocols/index.html
+++ b/manual-guides/u_e-reeanble-weak-protocols/index.html
@@ -2286,7 +2286,7 @@ smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/u_e-update-hooks/index.html b/manual-guides/u_e-update-hooks/index.html
index 001fae2b1..424664502 100644
--- a/manual-guides/u_e-update-hooks/index.html
+++ b/manual-guides/u_e-update-hooks/index.html
@@ -2280,7 +2280,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/manual-guides/u_e-why_unbound/index.html b/manual-guides/u_e-why_unbound/index.html
index 4b44410aa..06cce6329 100644
--- a/manual-guides/u_e-why_unbound/index.html
+++ b/manual-guides/u_e-why_unbound/index.html
@@ -2277,7 +2277,7 @@ Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolv
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/models/model-acl/index.html b/models/model-acl/index.html
index 79c090f4b..e5481374b 100644
--- a/models/model-acl/index.html
+++ b/models/model-acl/index.html
@@ -2291,7 +2291,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/models/model-passwd/index.html b/models/model-passwd/index.html
index 77f0c7611..52c162419 100644
--- a/models/model-passwd/index.html
+++ b/models/model-passwd/index.html
@@ -2395,7 +2395,7 @@ With SOGo disabled, all hashing methods below will be able to be read by mailcow
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/models/model-sender_rcv/index.html b/models/model-sender_rcv/index.html
index 158fcecc8..617fe2961 100644
--- a/models/model-sender_rcv/index.html
+++ b/models/model-sender_rcv/index.html
@@ -2369,7 +2369,7 @@ needs to grant you access as described above.
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-disable_ipv6/index.html b/post_installation/firststeps-disable_ipv6/index.html
index 661dae9b1..7a159b483 100644
--- a/post_installation/firststeps-disable_ipv6/index.html
+++ b/post_installation/firststeps-disable_ipv6/index.html
@@ -2323,7 +2323,7 @@ inet_protocols = ipv4
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-dmarc_reporting/index.html b/post_installation/firststeps-dmarc_reporting/index.html
index ccd02695b..293009e51 100644
--- a/post_installation/firststeps-dmarc_reporting/index.html
+++ b/post_installation/firststeps-dmarc_reporting/index.html
@@ -2502,7 +2502,7 @@ docker-compose exec redis-mailcow redis-cli HGETALL "dmarc;example.com;2021
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-ip_bindings/index.html b/post_installation/firststeps-ip_bindings/index.html
index 8410a7097..e0f2ca245 100644
--- a/post_installation/firststeps-ip_bindings/index.html
+++ b/post_installation/firststeps-ip_bindings/index.html
@@ -2412,7 +2412,7 @@ services:
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-local_mta/index.html b/post_installation/firststeps-local_mta/index.html
index 871bc4b72..15913999c 100644
--- a/post_installation/firststeps-local_mta/index.html
+++ b/post_installation/firststeps-local_mta/index.html
@@ -2287,7 +2287,7 @@ Relaying over this interface is necessary (instead of - for example - relaying d
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-logging/index.html b/post_installation/firststeps-logging/index.html
index bbb64bc5a..6e0effb31 100644
--- a/post_installation/firststeps-logging/index.html
+++ b/post_installation/firststeps-logging/index.html
@@ -2472,7 +2472,7 @@ local3.* /var/log/mailcow.logs
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-rp/index.html b/post_installation/firststeps-rp/index.html
index 2a9b61019..7e4652b21 100644
--- a/post_installation/firststeps-rp/index.html
+++ b/post_installation/firststeps-rp/index.html
@@ -2630,7 +2630,7 @@ docker restart ${postfix_c} ${dovecot_c} ${nginx_c}
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-rspamd_ui/index.html b/post_installation/firststeps-rspamd_ui/index.html
index 686794e4d..2fbeb8212 100644
--- a/post_installation/firststeps-rspamd_ui/index.html
+++ b/post_installation/firststeps-rspamd_ui/index.html
@@ -2280,7 +2280,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-snat/index.html b/post_installation/firststeps-snat/index.html
index b83b1b151..a1690cdae 100644
--- a/post_installation/firststeps-snat/index.html
+++ b/post_installation/firststeps-snat/index.html
@@ -2284,7 +2284,7 @@ SNAT6_TO_SOURCE=dead:beef
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-ssl/index.html b/post_installation/firststeps-ssl/index.html
index d65e2f357..242a6e316 100644
--- a/post_installation/firststeps-ssl/index.html
+++ b/post_installation/firststeps-ssl/index.html
@@ -2625,7 +2625,7 @@ bash helper-scripts/expiry-dates.sh
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/post_installation/firststeps-sync_jobs_migration/index.html b/post_installation/firststeps-sync_jobs_migration/index.html
index 75c0db693..e9d35a7de 100644
--- a/post_installation/firststeps-sync_jobs_migration/index.html
+++ b/post_installation/firststeps-sync_jobs_migration/index.html
@@ -2370,7 +2370,7 @@
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/prerequisite/prerequisite-dns/index.html b/prerequisite/prerequisite-dns/index.html
index ed9a197a5..a79c1bf70 100644
--- a/prerequisite/prerequisite-dns/index.html
+++ b/prerequisite/prerequisite-dns/index.html
@@ -2580,7 +2580,7 @@ Details:
Last update:
- 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/prerequisite/prerequisite-system/index.html b/prerequisite/prerequisite-system/index.html
index 4e1120a78..58044e14d 100644
--- a/prerequisite/prerequisite-system/index.html
+++ b/prerequisite/prerequisite-system/index.html
@@ -2670,7 +2670,7 @@ You may want to 2022-02-04 16:51:15
+ 2022-02-05 22:50:13
diff --git a/search/search_index.json b/search/search_index.json
index b9a9374e9..f4ff7e6aa 100644
--- a/search/search_index.json
+++ b/search/search_index.json
@@ -1 +1 @@
-{"config":{"indexing":"full","lang":["en","de"],"min_search_length":3,"prebuild_index":false,"separator":"[\\s\\-]+"},"docs":[{"location":"","text":"\ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95 \u00b6 Help mailcow \u00b6 Please consider a support contract for a small monthly fee at Servercow EN to support further development. We support you while you support us . :) If you are super awesome and would like to support without a contract, you can get a SAL license that confirms your awesomeness (a flexible one-time payment) at Servercow EN . Get support \u00b6 There are two ways to achieve support for your mailcow installation. Commercial support \u00b6 For professional and prioritized commercial support you can sign a basic support subscription at Servercow EN . For custom inquiries or questions please contact us at info@servercow.de instead. Furthermore we do also provide a fully featured and managed mailcow here . This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way. Community support and chat \u00b6 The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything. Our mailcow community @ community.mailcow.email Telegram @ t.me/mailcow . Telegram @ t.me/mailcowOfftopic . Twitter @mailcow_email Telegram desktop clients are available for multiple platforms . You can search the groups history for keywords. For bug tracking, feature requests and code contributions only: GitHub @ mailcow/mailcow-dockerized Demo \u00b6 You can find a demo at demo.mailcow.email , use the following credentials to login: Administrator : admin / moohoo Domain administrator : department / moohoo Mailbox : demo@440044.xyz / moohoo Overview \u00b6 The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access: DKIM and ARC support Black- and whitelists per domain and per user Spam score management per-user (reject spam, mark spam, greylist) Allow mailbox users to create temporary spam aliases Prepend mail tags to subject or move mail to sub folder (per-user) Allow mailbox users to toggle incoming and outgoing TLS enforcement Allow users to reset SOGo ActiveSync device caches imapsync to migrate or pull remote mailboxes regularly TFA: Yubikey OTP and U2F USB (Google Chrome and derivatives only), TOTP Add domains, mailboxes, aliases, domain aliases and SOGo resources Add whitelisted hosts to forward mail to mailcow Fail2ban-like integration Quarantine system Antivirus scanning incl. macro scanning in office documents Integrated basic monitoring A lot more... mailcow: dockerized comes with multiple containers linked in one bridged network. Each container represents a single application. ACME ClamAV (optional) Dovecot MariaDB Memcached Netfilter (Fail2ban-like integration by @mkuron ) Nginx Oletools via Olefy PHP Postfix Redis Rspamd SOGo Solr (optional) Unbound A Watchdog to provide basic monitoring Docker volumes to keep dynamic data - take care of them! crypt-vol-1 mysql-socket-vol-1 mysql-vol-1 postfix-vol-1 redis-vol-1 rspamd-vol-1 sogo-userdata-backup-vol-1 sogo-web-vol-1 solr-vol-1 vmail-index-vol-1 vmail-vol-1","title":"Information & Support"},{"location":"#_1","text":"","title":"\ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95"},{"location":"#help-mailcow","text":"Please consider a support contract for a small monthly fee at Servercow EN to support further development. We support you while you support us . :) If you are super awesome and would like to support without a contract, you can get a SAL license that confirms your awesomeness (a flexible one-time payment) at Servercow EN .","title":"Help mailcow"},{"location":"#get-support","text":"There are two ways to achieve support for your mailcow installation.","title":"Get support"},{"location":"#commercial-support","text":"For professional and prioritized commercial support you can sign a basic support subscription at Servercow EN . For custom inquiries or questions please contact us at info@servercow.de instead. Furthermore we do also provide a fully featured and managed mailcow here . This way we take care about the technical magic underneath and you can enjoy your whole mail experience in a hassle-free way.","title":"Commercial support"},{"location":"#community-support-and-chat","text":"The other alternative is our free community-support on our various channels below. Please notice, that this support is driven by our awesome community around mailcow. This kind of support is best-effort, voluntary and there is no guarantee for anything. Our mailcow community @ community.mailcow.email Telegram @ t.me/mailcow . Telegram @ t.me/mailcowOfftopic . Twitter @mailcow_email Telegram desktop clients are available for multiple platforms . You can search the groups history for keywords. For bug tracking, feature requests and code contributions only: GitHub @ mailcow/mailcow-dockerized","title":"Community support and chat"},{"location":"#demo","text":"You can find a demo at demo.mailcow.email , use the following credentials to login: Administrator : admin / moohoo Domain administrator : department / moohoo Mailbox : demo@440044.xyz / moohoo","title":"Demo"},{"location":"#overview","text":"The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access: DKIM and ARC support Black- and whitelists per domain and per user Spam score management per-user (reject spam, mark spam, greylist) Allow mailbox users to create temporary spam aliases Prepend mail tags to subject or move mail to sub folder (per-user) Allow mailbox users to toggle incoming and outgoing TLS enforcement Allow users to reset SOGo ActiveSync device caches imapsync to migrate or pull remote mailboxes regularly TFA: Yubikey OTP and U2F USB (Google Chrome and derivatives only), TOTP Add domains, mailboxes, aliases, domain aliases and SOGo resources Add whitelisted hosts to forward mail to mailcow Fail2ban-like integration Quarantine system Antivirus scanning incl. macro scanning in office documents Integrated basic monitoring A lot more... mailcow: dockerized comes with multiple containers linked in one bridged network. Each container represents a single application. ACME ClamAV (optional) Dovecot MariaDB Memcached Netfilter (Fail2ban-like integration by @mkuron ) Nginx Oletools via Olefy PHP Postfix Redis Rspamd SOGo Solr (optional) Unbound A Watchdog to provide basic monitoring Docker volumes to keep dynamic data - take care of them! crypt-vol-1 mysql-socket-vol-1 mysql-vol-1 postfix-vol-1 redis-vol-1 rspamd-vol-1 sogo-userdata-backup-vol-1 sogo-web-vol-1 solr-vol-1 vmail-index-vol-1 vmail-vol-1","title":"Overview"},{"location":"backup_restore/b_n_r-accidental_deletion/","text":"So you deleted a mailbox and have no backups, he? If you noticed your mistake within a few hours, you can probably recover the users data. SOGo \u00b6 We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/ . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo . 1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo 2. Run docker-compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org Run sogo-tool without parameters to check for possible restore options. 3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo 4. Restart SOGo and Memcached: docker-compose restart sogo-mailcow memcached-mailcow Mail \u00b6 In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf . A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage . The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized] , for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708. To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1 . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota: docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net","title":"Recover accidentally deleted data"},{"location":"backup_restore/b_n_r-accidental_deletion/#sogo","text":"We automatically create daily backups (24h interval starting from running up -d) in /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/ . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the file named after the user you want to restore to __MAILCOW_DIRECTORY__/data/conf/sogo . 1. Copy the backup: cp /var/lib/docker/volumes/mailcowdockerized_sogo-userdata-backup-vol-1/_data/restoreme@example.org __MAILCOW_DIRECTORY__/data/conf/sogo 2. Run docker-compose exec -u sogo sogo-mailcow sogo-tool restore -F ALL /etc/sogo restoreme@example.org Run sogo-tool without parameters to check for possible restore options. 3. Delete the copied backup by running rm __MAILCOW_DIRECTORY__/data/conf/sogo 4. Restart SOGo and Memcached: docker-compose restart sogo-mailcow memcached-mailcow","title":"SOGo"},{"location":"backup_restore/b_n_r-accidental_deletion/#mail","text":"In case of an accidental deletion of a mailbox, you will be able to recover for (by default) 5 days. This depends on the MAILDIR_GC_TIME parameter in mailcow.conf . A deleted mailbox is copied in its encrypted form to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage . The folder inside _garbage follows the structure [timestamp]_[domain_sanitized][user_sanitized] , for example 1629109708_exampleorgtest in case of test@example.org deleted on 1629109708. To restore make sure you are actually restoring to the same mailcow it was deleted from or you use the same encryption keys in crypt-vol-1 . Make sure the user you want to restore exists in your mailcow . Re-create them if they are missing. Copy the folders from /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/_garbage/[timestamp]_[domain_sanitized][user_sanitized] back to /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/[domain]/[user] and resync the folder and recalc the quota: docker-compose exec dovecot-mailcow doveadm force-resync -u restoreme@example.net '*' docker-compose exec dovecot-mailcow doveadm quota recalc -u restoreme@example.net","title":"Mail"},{"location":"backup_restore/b_n_r-backup/","text":"Backup \u00b6 Manual \u00b6 You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically. Please do not copy this script to another location. To run a backup, write \"backup\" as first parameter and either one or more components to backup as following parameters. You can also use \"all\" as second parameter to backup all components. Append --delete-days n to delete backups older than n days. # Syntax: # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) # Backup all, delete backups older than 3 days ./helper-scripts/backup_and_restore.sh backup all --delete-days 3 # Backup vmail, crypt and mysql data, delete backups older than 30 days ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 # Backup vmail ./helper-scripts/backup_and_restore.sh backup vmail The script will ask you for a backup location. Inside of this location it will create folders in the format \"mailcow_DATE\". You should not rename those folders to not break the restore process. To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script: MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all Cronjob \u00b6 You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists: 5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution). This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x : #!/bin/sh # Backup mailcow data # https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ set -e OUT=\"$(mktemp)\" export MAILCOW_BACKUP_LOCATION=\"/opt/backup\" SCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\" PARAMETERS=\"backup all\" OPTIONS=\"--delete-days 30\" # run command set +e \"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\" RESULT=$? if [ $RESULT -ne 0 ] then echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\" echo \"RESULT=$RESULT\" echo \"STDOUT / STDERR:\" cat \"$OUT\" fi Backup strategy with rsync and mailcow backup script \u00b6 Create the destination directory for mailcows helper script: mkdir -p /external_share/backups/backup_script Create cronjobs: 25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 # If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path On the destination (in this case /external_share/backups ) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions! To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker-compose pull and docker-compose up -d . If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!","title":"Backup"},{"location":"backup_restore/b_n_r-backup/#backup","text":"","title":"Backup"},{"location":"backup_restore/b_n_r-backup/#manual","text":"You can use the provided script helper-scripts/backup_and_restore.sh to backup mailcow automatically. Please do not copy this script to another location. To run a backup, write \"backup\" as first parameter and either one or more components to backup as following parameters. You can also use \"all\" as second parameter to backup all components. Append --delete-days n to delete backups older than n days. # Syntax: # ./helper-scripts/backup_and_restore.sh backup (vmail|crypt|redis|rspamd|postfix|mysql|all|--delete-days) # Backup all, delete backups older than 3 days ./helper-scripts/backup_and_restore.sh backup all --delete-days 3 # Backup vmail, crypt and mysql data, delete backups older than 30 days ./helper-scripts/backup_and_restore.sh backup vmail crypt mysql --delete-days 30 # Backup vmail ./helper-scripts/backup_and_restore.sh backup vmail The script will ask you for a backup location. Inside of this location it will create folders in the format \"mailcow_DATE\". You should not rename those folders to not break the restore process. To run a backup unattended, define MAILCOW_BACKUP_LOCATION as environment variable before starting the script: MAILCOW_BACKUP_LOCATION=/opt/backup /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup all","title":"Manual"},{"location":"backup_restore/b_n_r-backup/#cronjob","text":"You can run the backup script regularly via cronjob. Make sure BACKUP_LOCATION exists: 5 4 * * * cd /opt/mailcow-dockerized/; MAILCOW_BACKUP_LOCATION=/mnt/mailcow_backups /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 Per default cron sends the full result of each backup operation by email. If you want cron to only mail on error (non-zero exit code) you may want to use the following snippet. Pathes need to be modified according to your setup (this script is a user contribution). This following script may be placed in /etc/cron.daily/mailcow-backup - do not forget to mark it as executable via chmod +x : #!/bin/sh # Backup mailcow data # https://mailcow.github.io/mailcow-dockerized-docs/b_n_r_backup/ set -e OUT=\"$(mktemp)\" export MAILCOW_BACKUP_LOCATION=\"/opt/backup\" SCRIPT=\"/opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh\" PARAMETERS=\"backup all\" OPTIONS=\"--delete-days 30\" # run command set +e \"${SCRIPT}\" ${PARAMETERS} ${OPTIONS} 2>&1 > \"$OUT\" RESULT=$? if [ $RESULT -ne 0 ] then echo \"${SCRIPT} ${PARAMETERS} ${OPTIONS} encounters an error:\" echo \"RESULT=$RESULT\" echo \"STDOUT / STDERR:\" cat \"$OUT\" fi","title":"Cronjob"},{"location":"backup_restore/b_n_r-backup/#backup-strategy-with-rsync-and-mailcow-backup-script","text":"Create the destination directory for mailcows helper script: mkdir -p /external_share/backups/backup_script Create cronjobs: 25 1 * * * rsync -aH --delete /opt/mailcow-dockerized /external_share/backups/mailcow-dockerized 40 2 * * * rsync -aH --delete /var/lib/docker/volumes /external_share/backups/var_lib_docker_volumes 5 4 * * * cd /opt/mailcow-dockerized/; BACKUP_LOCATION=/external_share/backups/backup_script /opt/mailcow-dockerized/helper-scripts/backup_and_restore.sh backup mysql crypt redis --delete-days 3 # If you want to, use the acl util to backup permissions of some/all folders/files: getfacl -Rn /path On the destination (in this case /external_share/backups ) you may want to have snapshot capabilities (ZFS, Btrfs etc.). Snapshot daily and keep for n days for a consistent backup. Do not rsync to a Samba share, you need to keep the correct permissions! To restore you'd simply need to run rsync the other way round and restart Docker to re-read the volumes. Run docker-compose pull and docker-compose up -d . If you are lucky Redis and MariaDB can automatically fix the inconsistent databases (if they are inconsistent). In case of a corrupted database you'd need to use the helper script to restore the inconsistent elements. If a restore fails, try to extract the backups and copy the files back manually. Keep the file permissions!","title":"Backup strategy with rsync and mailcow backup script"},{"location":"backup_restore/b_n_r-backup_restore-maildir/","text":"Backup \u00b6 This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: cd /path/to/mailcow-dockerized docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz Restore \u00b6 cd /path/to/mailcow-dockerized docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz","title":"Maildir"},{"location":"backup_restore/b_n_r-backup_restore-maildir/#backup","text":"This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: cd /path/to/mailcow-dockerized docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar cvfz /backup/backup_vmail.tar.gz /vmail You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to. Set the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz","title":"Backup"},{"location":"backup_restore/b_n_r-backup_restore-maildir/#restore","text":"cd /path/to/mailcow-dockerized docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \"/var/vmail\" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim tar xvfz /backup/backup_vmail.tar.gz","title":"Restore"},{"location":"backup_restore/b_n_r-backup_restore-mysql/","text":"Backup \u00b6 cd /path/to/mailcow-dockerized source mailcow.conf DATE=$(date +\"%Y%m%d_%H%M%S\") docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql Restore \u00b6 Warning You should redirect the SQL dump without docker-compose to prevent parsing errors. cd /path/to/mailcow-dockerized source mailcow.conf docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql","title":"MySQL (mysqldump)"},{"location":"backup_restore/b_n_r-backup_restore-mysql/#backup","text":"cd /path/to/mailcow-dockerized source mailcow.conf DATE=$(date +\"%Y%m%d_%H%M%S\") docker-compose exec -T mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql","title":"Backup"},{"location":"backup_restore/b_n_r-backup_restore-mysql/#restore","text":"Warning You should redirect the SQL dump without docker-compose to prevent parsing errors. cd /path/to/mailcow-dockerized source mailcow.conf docker exec -i $(docker-compose ps -q mysql-mailcow) mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql","title":"Restore"},{"location":"backup_restore/b_n_r-coldstandby/","text":"Cold-standby backup \u00b6 mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime. This may also be used to transfer your mailcow to a new server. You should know \u00b6 The provided script will work on default installations. It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes. The script will use the same pathes as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints. To find the pathes of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in a override file. Local bind mounts may or may not work. The use rsync with the --delete flag. The destination will be an exact copy of the source. mariabackup is used to create a consistent copy of the SQL data directory. After rsync'ing the data we will run docker-compose pull and remove old image tags from the destination. Your source will not be changed at any time. You may want to make sure to use the same /etc/docker/daemon.json on the remote target. You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run. Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that. Prepare \u00b6 You will need a SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended. In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh . Edit this file and change the exported variables: export REMOTE_SSH_KEY=/path/to/keyfile export REMOTE_SSH_PORT=22 export REMOTE_SSH_HOST=mailcow-backup.host.name The key must be owned and readable by root only. Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker-compose v1 available. The script will detect errors automatically and exit. You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile . Backup and refresh the cold-standby \u00b6 Run the first backup, this may take a while depending on the connection: bash /opt/mailcow-dockerized/create_cold_standby.sh That was easy, wasn't it? Updating your cold-standby is just as easy: bash /opt/mailcow-dockerized/create_cold_standby.sh It's the same command. Automated backups with cron \u00b6 First make sure that the cron service is enabled and running: systemctl enable cron.service && systemctl start cron.service To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run: crontab -e Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log If saved correctly, the cron job should be shown by typing: crontab -l","title":"Cold-standby (rolling backup)"},{"location":"backup_restore/b_n_r-coldstandby/#cold-standby-backup","text":"mailcow offers an easy way to create a consistent copy of itself to be rsync'ed to a remote location without downtime. This may also be used to transfer your mailcow to a new server.","title":"Cold-standby backup"},{"location":"backup_restore/b_n_r-coldstandby/#you-should-know","text":"The provided script will work on default installations. It may break when you use unsupported volume overrides. We don't support that and we will not include hacks to support that. Please run and maintain a fork if you plan to keep your changes. The script will use the same pathes as your default mailcow installation. That is the mailcow base directory - for most users /opt/mailcow-dockerized - as well as the mountpoints. To find the pathes of your source volumes we use docker inspect and read the destination directory of every volume related to your mailcow compose project. This means we will also transfer volumes you may have added in a override file. Local bind mounts may or may not work. The use rsync with the --delete flag. The destination will be an exact copy of the source. mariabackup is used to create a consistent copy of the SQL data directory. After rsync'ing the data we will run docker-compose pull and remove old image tags from the destination. Your source will not be changed at any time. You may want to make sure to use the same /etc/docker/daemon.json on the remote target. You should not run disk snapshots (e.g. via ZFS, LVM etc.) on the target at the very same time as this script is run. Versioning is not part of this script, we rely on the destination (snapshots or backups). You may also want to use any other tool for that.","title":"You should know"},{"location":"backup_restore/b_n_r-coldstandby/#prepare","text":"You will need a SSH-enabled destination and a keyfile to connect to said destination. The key should not be protected by a password for the script to work unattended. In your mailcow base directory, e.g. /opt/mailcow-dockerized you will find a file create_cold_standby.sh . Edit this file and change the exported variables: export REMOTE_SSH_KEY=/path/to/keyfile export REMOTE_SSH_PORT=22 export REMOTE_SSH_HOST=mailcow-backup.host.name The key must be owned and readable by root only. Both the source and destination require rsync >= v3.1.0. The destination must have Docker and docker-compose v1 available. The script will detect errors automatically and exit. You may want to test the connection by running ssh mailcow-backup.host.name -p22 -i /path/to/keyfile .","title":"Prepare"},{"location":"backup_restore/b_n_r-coldstandby/#backup-and-refresh-the-cold-standby","text":"Run the first backup, this may take a while depending on the connection: bash /opt/mailcow-dockerized/create_cold_standby.sh That was easy, wasn't it? Updating your cold-standby is just as easy: bash /opt/mailcow-dockerized/create_cold_standby.sh It's the same command.","title":"Backup and refresh the cold-standby"},{"location":"backup_restore/b_n_r-coldstandby/#automated-backups-with-cron","text":"First make sure that the cron service is enabled and running: systemctl enable cron.service && systemctl start cron.service To automate the backups to the cold-standby server you can use a cron job. To edit the cron jobs for the root user run: crontab -e Add the following lines to synchronize the cold standby server daily at 03:00. In this example errors of the last execution are logged into a file. PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin 0 3 * * * bash /opt/mailcow-dockerized/create_cold_standby.sh 2> /var/log/mailcow-coldstandby-sync.log If saved correctly, the cron job should be shown by typing: crontab -l","title":"Automated backups with cron"},{"location":"backup_restore/b_n_r-restore/","text":"Restore \u00b6 Please do not copy this script to another location. To run a restore, start mailcow , use the script with \"restore\" as first parameter. # Syntax: # ./helper-scripts/backup_and_restore.sh restore The script will ask you for a backup location containing the mailcow_DATE folders.","title":"Restore"},{"location":"backup_restore/b_n_r-restore/#restore","text":"Please do not copy this script to another location. To run a restore, start mailcow , use the script with \"restore\" as first parameter. # Syntax: # ./helper-scripts/backup_and_restore.sh restore The script will ask you for a backup location containing the mailcow_DATE folders.","title":"Restore"},{"location":"client/client-android/","text":"Open the Email app. If this is your first email account, tap Add Account ; if not, tap More and Settings and then Add account . Select Microsoft Exchange ActiveSync . Enter your email address ( ) and password. Tap Sign in .","title":"Android"},{"location":"client/client-apple/","text":"Method 1 via Mobileconfig \u00b6 Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first. Method 1.1: IMAP, SMTP and Cal/CardDAV \u00b6 This method configures IMAP, CardDAV and CalDAV. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password three times when prompted. Method 1.2: IMAP, SMTP (no DAV) \u00b6 This method configures IMAP and SMTP only. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_email mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password when prompted. Method 2 (Exchange ActiveSync emulation) \u00b6 On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead. Open the Settings app, tap Mail , tap Accounts , tap Add Acccount , select Exchange . Enter your email address ( ) and tap Next . Enter your password, tap Next again. Finally, tap Save .","title":"Apple macOS / iOS"},{"location":"client/client-apple/#method-1-via-mobileconfig","text":"Email, contacts and calendars can be configured automatically on Apple devices by installing a profile. To download a profile you must login to the mailcow UI first.","title":"Method 1 via Mobileconfig"},{"location":"client/client-apple/#method-11-imap-smtp-and-calcarddav","text":"This method configures IMAP, CardDAV and CalDAV. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password three times when prompted.","title":"Method 1.1: IMAP, SMTP and Cal/CardDAV"},{"location":"client/client-apple/#method-12-imap-smtp-no-dav","text":"This method configures IMAP and SMTP only. Download and open the file from https://${MAILCOW_HOSTNAME}/mobileconfig.php?only_email mailcow.mobileconfig . Enter the unlock code (iPhone) or computer password (Mac). Enter your email password when prompted.","title":"Method 1.2: IMAP, SMTP (no DAV)"},{"location":"client/client-apple/#method-2-exchange-activesync-emulation","text":"On iOS, Exchange ActiveSync is also supported as an alternative to the procedure above. It has the advantage of supporting push email (i.e. you are immediately notified of incoming messages), but has some limitations, e.g. it does not support more than three email addresses per contact in your address book. Follow the steps below if you decide to use Exchange instead. Open the Settings app, tap Mail , tap Accounts , tap Add Acccount , select Exchange . Enter your email address ( ) and tap Next . Enter your password, tap Next again. Finally, tap Save .","title":"Method 2 (Exchange ActiveSync emulation)"},{"location":"client/client-emclient/","text":"Launch eM Client. If this is the first time you launched eM Client, it asks you to set up your account. Proceed to step 4. Go to Menu at the top, select Tools and Accounts . Enter your email address ( ) and click Start Now . Enter your password and click Continue . Enter your name ( ) and click Next . Click Finish .","title":"eM Client"},{"location":"client/client-kontact/","text":"Launch Kontact. If this is the first time you launched Kontact or KMail, it asks you to set up your account. Proceed to step 4. Go to Mail in the sidebar. Go to the Tools menu and select Account Wizard . Enter your name ( ) , email address ( ) and your password. Click Next . Click Create Account . If prompted, re-enter your password and click OK . Close the window by clicking Finish . Go to Calendar in the sidebar. Go to the Settings menu and select Configure KOrganizer . Go to the Calendars tab and click the Add button. Choose DAV groupware resource and click OK . Enter your email address ( ) and your password. Click Next . Select ScalableOGo from the dropdown menu and click Next . Enter your mailcow hostname into the Host field and click Next . Click Test Connection and then Finish . Finally, click OK twice. Once you have set up Kontact, you can also use KMail, KOrganizer and KAddressBook individually.","title":"KDE Kontact"},{"location":"client/client-manual/","text":"These instructions are valid for unchanged port bindings only! Email \u00b6 Service Encryption Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465 Please use \"plain\" as authentication mechanisms. Contrary to the assumption no passwords will be transferred plain text, as no authentication is allowed to take place without TLS. Contacts and calendars \u00b6 SOGos default calendar (CalDAV) and contacts (CardDAV) URLs: CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/ CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/ Some applications may require you to use https://mail.example.com/SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.","title":"Manual configuration"},{"location":"client/client-manual/#email","text":"Service Encryption Host Port IMAP STARTTLS mailcow hostname 143 IMAPS SSL mailcow hostname 993 POP3 STARTTLS mailcow hostname 110 POP3S SSL mailcow hostname 995 SMTP STARTTLS mailcow hostname 587 SMTPS SSL mailcow hostname 465 Please use \"plain\" as authentication mechanisms. Contrary to the assumption no passwords will be transferred plain text, as no authentication is allowed to take place without TLS.","title":"Email"},{"location":"client/client-manual/#contacts-and-calendars","text":"SOGos default calendar (CalDAV) and contacts (CardDAV) URLs: CalDAV - https://mail.example.com/SOGo/dav/user@example.com/Calendar/personal/ CardDAV - https://mail.example.com/SOGo/dav/user@example.com/Contacts/personal/ Some applications may require you to use https://mail.example.com/SOGo/dav/ or the full path to your calendar, which can be found and copied from within SOGo.","title":"Contacts and calendars"},{"location":"client/client-outlook/","text":"Outlook 2016 or higher from Office 365 on Windows \u00b6 This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Outlook 2016 has an issue with autodiscover . Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher. For EAS you must use the old assistant by launching C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE . If this application opens, you can go to step 4 of the guide for Outlook 2013 below. If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below. Outlook 2013 or higher on Windows \u00b6 This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . When prompted, enter your password again, check Remember my credentials and click OK . Click the Allow button. Click Finish . Outlook 2007 or 2010 on Windows \u00b6 Outlook 2007 or higher on Windows \u00b6 Download and install Outlook CalDav Synchronizer . Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . Click Finish . Go to the CalDav Synchronizer ribbon and click Synchronization Profiles . Click the second button at top ( Add multiple profiles ), select Sogo , click Ok . Click the Get IMAP/POP3 account settings button. Click Discover resources and assign to Outlook folders . In the Select Resource window that pops up, select your main calendar (usually Personal Calendar ), click the ... button, assign it to Calendar , and click OK . Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists! Close all windows with the OK buttons. Outlook 2011 or higher on macOS \u00b6 The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.","title":"Microsoft Outlook"},{"location":"client/client-outlook/#outlook-2016-or-higher-from-office-365-on-windows","text":"This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Outlook 2016 has an issue with autodiscover . Only Outlook from Office 365 is affected. If you installed Outlook from another source, please follow the guide for Outlook 2013 or higher. For EAS you must use the old assistant by launching C:\\Program Files (x86)\\Microsoft Office\\root\\Office16\\OLCFG.EXE . If this application opens, you can go to step 4 of the guide for Outlook 2013 below. If it does not open, you can completely disable the new account creation wizard and follow the guide for Outlook 2013 below.","title":"Outlook 2016 or higher from Office 365 on Windows"},{"location":"client/client-outlook/#outlook-2013-or-higher-on-windows","text":"This is only applicable if your server administrator has not disabled EAS for Outlook. If it is disabled, please follow the guide for Outlook 2007 instead. Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 4. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . When prompted, enter your password again, check Remember my credentials and click OK . Click the Allow button. Click Finish .","title":"Outlook 2013 or higher on Windows"},{"location":"client/client-outlook/#outlook-2007-or-2010-on-windows","text":"","title":"Outlook 2007 or 2010 on Windows"},{"location":"client/client-outlook/#outlook-2007-or-higher-on-windows","text":"Download and install Outlook CalDav Synchronizer . Launch Outlook. If this is the first time you launched Outlook, it asks you to set up your account. Proceed to step 5. Go to the File menu and click Add Account . Enter your name ( ) , email address ( ) and your password. Click Next . Click Finish . Go to the CalDav Synchronizer ribbon and click Synchronization Profiles . Click the second button at top ( Add multiple profiles ), select Sogo , click Ok . Click the Get IMAP/POP3 account settings button. Click Discover resources and assign to Outlook folders . In the Select Resource window that pops up, select your main calendar (usually Personal Calendar ), click the ... button, assign it to Calendar , and click OK . Go to the Address Books and Tasks tabs and repeat repeat the process accordingly. Do not assign multiple calendars, address books or task lists! Close all windows with the OK buttons.","title":"Outlook 2007 or higher on Windows"},{"location":"client/client-outlook/#outlook-2011-or-higher-on-macos","text":"The Mac version of Outlook does not synchronize calendars and contacts and therefore is not supported.","title":"Outlook 2011 or higher on macOS"},{"location":"client/client-thunderbird/","text":"Launch Thunderbird. If this is the first time you launched Thunderbird, it asks you whether you would like a new email address. Click Skip this and use my existing email and proceed to step 4. Go to the File menu and select New , Existing Mail Account... . Enter your name ( ) , email address ( ) and your password. Make sure the Remember password checkbox is selected and click Continue . Once the configuration has been automatically detected, make sure IMAP is selected and click Done . To use your contacts from the server, click on the arrow next to \"Address Books\" and click the Connect button on each address book you would like to use. To use your calendars from the server, click on the arrow next to \"Calendars\" and click the Connect button on each calendar you would like to use. Click Finish to close the Account Setup window.","title":"Mozilla Thunderbird"},{"location":"client/client-windows/","text":"Windows 8 and higher support email, contacts and calendar via Exchange ActiveSync. Open the Mail app. If you have not previously used Mail, you can click Add Account in the main window. Proceed to step 4. Click Accounts in the sidebar on the left, then click Add Account on the far right. Select Exchange . Enter your email address ( ) and click Next . Enter your password and click Log in . Once you have set up the Mail app, you can also use the People and Calendar apps.","title":"Windows Mail"},{"location":"client/client/","text":"mailcow supports a variety of email clients, both on desktop computers and on smartphones. Below, you can find a number of configuration guides that explain how to configure your mailcow account. Tip If you access this page by logging into your mailcow server and clicking the \"Show configuration guides for email clients and smartphones\" link, all of the guides will be personalized with your email address and server name. Success Since you accessed this page after logging into your mailcow server, all of the guides have been personalized with your email address and server name. Android Apple iOS / macOS eM Client KDE Kontact / KMail Microsoft Outlook Mozilla Thunderbird Windows Mail Manual configuration","title":"Overview"},{"location":"i_u_m/i_u_m_deinstall/","text":"To remove mailcow: dockerized with all it's volumes, images and containers do: docker-compose down -v --rmi all --remove-orphans Info -v Remove named volumes declared in the volumes section of the Compose file and anonymous volumes attached to containers. --rmi Remove images. Type must be one of: all : Remove all images used by any service. local : Remove only images that don't have a custom tag set by the image field. --remove-orphans Remove containers for services not defined in the compose file. By default docker-compose down only removes currently active containers and networks defined in the docker-compose.yml .","title":"Deinstallation"},{"location":"i_u_m/i_u_m_install/","text":"You need Docker (a version >= 20.10.2 is required) and Docker Compose (a version <= 2.0 is required). 1. Learn how to install Docker and Docker Compose . Quick installation for most operation systems: Docker curl -sSL https://get.docker.com/ | CHANNEL=stable sh # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7) systemctl enable --now docker Docker-Compose Warning mailcow requires the latest version of docker-compose v1. It is highly recommended to use the commands below to install docker-compose . Package managers (e.g. apt , yum ) likely won't give you the correct version. Note: This command downloads docker-compose from the official Docker Github repository and is a safe method. The snippet will determine the latest supported version by mailcow. In almost all cases this is the latest version available (exceptions are broken releases or major changes not yet supported by mailcow). curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Please use the latest Docker engine available and do not use the engine that ships with your distros repository. 1.1. On SELinux enabled systems, e.g. CentOS 7: Check if \"container-selinux\" package is present on your system: rpm -qa | grep container-selinux If the above command returns an empty or no output, you should install it via your package manager. Check if docker has SELinux support enabled: docker info | grep selinux If the above command returns an empty or no output, create or edit /etc/docker/daemon.json and add \"selinux-enabled\": true . Example file content: { \"selinux-enabled\": true } Restart the docker daemon and verify SELinux is now enabled. This step is required to make sure mailcows volumes are properly labeled as declared in the compose file. If you are interested in how this works, you can check out the readme of https://github.com/containers/container-selinux which links to a lot of useful information on that topic. 2. Clone the master branch of the repository, make sure your umask equals 0022. Please clone the repository as root user and also control the stack as root. We will modify attributes - if necessary - while boostrapping the containers automatically and make sure everything is secured. The update.sh script must therefore also be run as root. It might be necessary to change ownership and other attributes of files you will otherwise not have access to. We drop permissions for every exposed application and will not run an exposed service as root! Controlling the Docker daemon as non-root user does not give you additional security. The unprivileged user will spawn the containers as root likewise. The behaviour of the stack is identical. $ su # umask 0022 # <- Verify it is 0022 # cd /opt # git clone https://github.com/mailcow/mailcow-dockerized # cd mailcow-dockerized 3. Generate a configuration file. Use a FQDN ( host.domain.tld ) as hostname when asked. ./generate_config.sh 4. Change configuration if you want or need to. nano mailcow.conf If you plan to use a reverse proxy, you can, for example, bind HTTPS to 127.0.0.1 on port 8443 and HTTP to 127.0.0.1 on port 8080. You may need to stop an existing pre-installed MTA which blocks port 25/tcp. See this chapter to learn how to reconfigure Postfix to run besides mailcow after a successful installation. Some updates modify mailcow.conf and add new parameters. It is hard to keep track of them in the documentation. Please check their description and, if unsure, ask at the known channels for advise. 4.1. Users with a MTU not equal to 1500 (e.g. OpenStack): Whenever you run into trouble and strange phenomena, please check your MTU. Edit docker-compose.yml and change the network settings according to your MTU. Add the new driver_opts parameter like this: networks: mailcow-network: ... driver_opts: com.docker.network.driver.mtu: 1450 ... 4.2. Users without an IPv6 enabled network on their host system: Enable IPv6. Finally. If you do not have an IPv6 enabled network on your host and you don't care for a better internet (thehe), it is recommended to disable IPv6 for the mailcow network to prevent unforeseen issues. 5. Pull the images and run the compose file. The parameter -d will start mailcow: dockerized detached: docker-compose pull docker-compose up -d Done! You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo . Info If you are not using mailcow behind a reverse proxy, you should redirect all HTTP requests to HTTPS . The database will be initialized right after a connection to MySQL can be established. Your data will persist in multiple Docker volumes, that are not deleted when you recreate or delete containers. Run docker volume ls to see a list of all volumes. You can safely run docker-compose down without removing persistent data.","title":"Installation"},{"location":"i_u_m/i_u_m_migration/","text":"Warning This guide assumes you intend to migrate an existing mailcow server (source) over to a brand new, empty server (target). It takes no care about preserving any existing data on your target server and will erase anything within /var/lib/docker/volumes and thus any Docker volumes you may have already set up. Tip Alternatively, you can use the ./helper-scripts/backup_and_restore.sh script to create a full backup on the source machine, then install mailcow on the target machine as usual, copy over your mailcow.conf and use the same script to restore your backup to the target machine. 1. Install Docker and Docker Compose on your new server. Quick installation for most operation systems: Docker curl -sSL https://get.docker.com/ | CHANNEL=stable sh # After the installation process is finished, you may need to enable the service and make sure it is started (e.g. CentOS 7) systemctl enable docker.service docker-compose curl -L https://github.com/docker/compose/releases/download/$(curl -Ls https://www.servercow.de/docker-compose/latest.php)/docker-compose-$(uname -s)-$(uname -m) > /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Please use the latest Docker engine available and do not use the engine that ships with your distros repository. 2. Stop Docker and assure Docker has stopped: systemctl stop docker.service systemctl status docker.service 3. Run the following commands on the source machine (take care of adding the trailing slashes in the first path parameter as shown below!) - WARNING: This command will erase anything that may already exist under /var/lib/docker/volumes on the target machine : rsync -aHhP --numeric-ids --delete /opt/mailcow-dockerized/ root@target-machine.example.com:/opt/mailcow-dockerized rsync -aHhP --numeric-ids --delete /var/lib/docker/volumes/ root@target-machine.example.com:/var/lib/docker/volumes 4. Shut down mailcow and stop Docker on the source machine. cd /opt/mailcow-dockerized docker-compose down systemctl stop docker.service 5. Repeat step 3 with the same commands. This will be much quicker than the first time. 6. Switch over to the target machine and start Docker. systemctl start docker.service 7. Now pull the mailcow Docker images on the target machine. cd /opt/mailcow-dockerized docker-compose pull 8. Start the whole mailcow stack and everything should be done! docker-compose up -d 9. Finally, change your DNS settings to point to the target server.","title":"Migration"},{"location":"i_u_m/i_u_m_update/","text":"Automatic update \u00b6 An update script in your mailcow-dockerized directory will take care of updates. But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below. Run the update script: ./update.sh If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow: dockerized repository code). Options \u00b6 # Options can be combined # - Check for updates and show changes ./update.sh --check # Do not try to update docker-compose, **make sure to use the latest docker-compose available** ./update.sh --no-update-compose # - Do not start mailcow after applying an update ./update.sh --skip-start # - Force update (unattended, but unsupported, use at own risk) ./update.sh --force # - Run garbage collector to cleanup old image tags and exit ./update.sh --gc # - Update with merge strategy option \"ours\" instead of \"theirs\" # This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. ./update.sh --ours # - Don't update, but prefetch images and exit ./update.sh --prefetch I forgot what I changed before running update.sh \u00b6 See git log --pretty=oneline | grep -i \"before update\" , you will have an output similar to this: 22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31 Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed. Can I roll back? \u00b6 Yes. See the topic above, instead of a diff, you run checkout: docker-compose down # Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d Hooks \u00b6 You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details. Footnotes \u00b6 We schedule a monthly release cycle for updates.","title":"Update"},{"location":"i_u_m/i_u_m_update/#automatic-update","text":"An update script in your mailcow-dockerized directory will take care of updates. But use it with caution! If you think you made a lot of changes to the mailcow code, you should use the manual update guide below. Run the update script: ./update.sh If it needs to, it will ask you how you wish to proceed. Merge errors will be reported. Some minor conflicts will be auto-corrected (in favour for the mailcow: dockerized repository code).","title":"Automatic update"},{"location":"i_u_m/i_u_m_update/#options","text":"# Options can be combined # - Check for updates and show changes ./update.sh --check # Do not try to update docker-compose, **make sure to use the latest docker-compose available** ./update.sh --no-update-compose # - Do not start mailcow after applying an update ./update.sh --skip-start # - Force update (unattended, but unsupported, use at own risk) ./update.sh --force # - Run garbage collector to cleanup old image tags and exit ./update.sh --gc # - Update with merge strategy option \"ours\" instead of \"theirs\" # This will **solve conflicts** when merging in favor for your local changes and should be avoided. Local changes will always be kept, unless we changed file XY, too. ./update.sh --ours # - Don't update, but prefetch images and exit ./update.sh --prefetch","title":"Options"},{"location":"i_u_m/i_u_m_update/#i-forgot-what-i-changed-before-running-updatesh","text":"See git log --pretty=oneline | grep -i \"before update\" , you will have an output similar to this: 22cd00b5e28893ef9ddef3c2b5436453cc5223ab Before update on 2020-09-28_19_25_45 dacd4fb9b51e9e1c8a37d84485b92ffaf6c59353 Before update on 2020-08-07_13_31_31 Run git diff 22cd00b5e28893ef9ddef3c2b5436453cc5223ab to see what changed.","title":"I forgot what I changed before running update.sh"},{"location":"i_u_m/i_u_m_update/#can-i-roll-back","text":"Yes. See the topic above, instead of a diff, you run checkout: docker-compose down # Replace commit ID 22cd00b5e28893ef9ddef3c2b5436453cc5223ab by your ID git checkout 22cd00b5e28893ef9ddef3c2b5436453cc5223ab docker-compose pull docker-compose up -d","title":"Can I roll back?"},{"location":"i_u_m/i_u_m_update/#hooks","text":"You can hook into the update mechanism by adding scripts called pre_commit_hook.sh and post_commit_hook.sh to your mailcows root directory. See this for more details.","title":"Hooks"},{"location":"i_u_m/i_u_m_update/#footnotes","text":"We schedule a monthly release cycle for updates.","title":"Footnotes"},{"location":"manual-guides/u_e-80_to_443/","text":"Since February the 28th 2017 mailcow does come with port 80 and 443 enabled. Do not use the config below for reverse proxy setups , please see our reverse proxy guide for this, which includes a redirect from HTTP to HTTPS. Open mailcow.conf and set HTTP_BIND= - if not already set. Create a new file data/conf/nginx/redirect.conf and add the following server config to the file: server { root /web; listen 80 default_server; listen [::]:80 default_server; include /etc/nginx/conf.d/server_name.active; if ( $request_uri ~* \"%0A|%0D\" ) { return 403; } location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } location / { return 301 https://$host$uri$is_args$args; } } In case you changed the HTTP_BIND parameter, recreate the container: docker-compose up -d Otherwise restart Nginx: docker-compose restart nginx-mailcow","title":"Redirect HTTP to HTTPS"},{"location":"manual-guides/u_e-autodiscover_config/","text":"You do not need to change or create this file, autodiscover works out of the box . This guide is only meant for customizations to the autodiscover or autoconfig process. Newer Outlook clients (especially those delivered with O365) will not autodiscover mail profiles. Keep in mind, that ActiveSync should NOT be used with a desktop client . Open/create data/web/inc/vars.local.inc.php and add your changes to the configuration array. Changes will be merged with \"$autodiscover_config\" in data/web/inc/vars.inc.php ): 'activesync', // If autodiscoverType => activesync, also use ActiveSync (EAS) for Outlook desktop clients (>= Outlook 2013 on Windows) // Outlook for Mac does not support ActiveSync 'useEASforOutlook' => 'yes', // Please don't use STARTTLS-enabled service ports in the \"port\" variable. // The autodiscover service will always point to SMTPS and IMAPS (TLS-wrapped services). // The autoconfig service will additionally announce the STARTTLS-enabled ports, specified in the \"tlsport\" variable. 'imap' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('IMAPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('IMAP_PORT'))), ), 'pop3' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('POPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('POP_PORT'))), ), 'smtp' => array( 'server' => $mailcow_hostname, 'port' => array_pop(explode(':', getenv('SMTPS_PORT'))), 'tlsport' => array_pop(explode(':', getenv('SUBMISSION_PORT'))), ), 'activesync' => array( 'url' => 'https://'.$mailcow_hostname.($https_port == 443 ? '' : ':'.$https_port).'/Microsoft-Server-ActiveSync', ), 'caldav' => array( 'server' => $mailcow_hostname, 'port' => $https_port, ), 'carddav' => array( 'server' => $mailcow_hostname, 'port' => $https_port, ), ); To always use IMAP and SMTP instead of EAS, set 'autodiscoverType' => 'imap' . Disable ActiveSync for Outlook desktop clients by setting \"useEASforOutlook\" to \"no\".","title":"Autodiscover / Autoconfig"},{"location":"manual-guides/u_e-reeanble-weak-protocols/","text":"On February the 12th 2020 we disabled the deprecated protocols TLS 1.0 and 1.1 in Dovecot (POP3, POP3S, IMAP, IMAPS) and Postfix (SMTPS, SUBMISSION). Unauthenticated mail via SMTP on port 25/tcp does still accept >= TLS 1.0 . It is better to accept a weak encryption than none at all. How to re-enable weak protocols? Edit data/conf/postfix/extra.cf : submission_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 smtps_smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3 Edit data/conf/dovecot/extra.conf : ssl_min_protocol = TLSv1 Restart the affected services: docker-compose restart postfix-mailcow dovecot-mailcow Hint: You can enable TLS 1.2 in Windows 7.","title":"Re-enable TLS 1.0 and TLS 1.1"},{"location":"manual-guides/u_e-update-hooks/","text":"It is possible to add pre- and post-update-hooks to the update.sh script that upgrades your whole mailcow installation. To do so, just add the corresponding bash script into your mailcow root directory: pre_update_hook.sh for commands that should run before the update post_update_hook.sh for commands that should run after the update is completed Keep in mind that pre_update_hook.sh runs every time you call update.sh and post_update_hook.sh will only run if the update was successful and the script doesn't have to be re-run. The scripts will be run by bash, an interpreter (e.g. #!/bin/bash ) as well as an execute permission flag (\"+x\") are not required.","title":"Run scripts before and after updates"},{"location":"manual-guides/u_e-why_unbound/","text":"For DNS blacklist lookups and DNSSEC. Most systems use either a public or a local caching DNS resolver. That's a very bad idea when it comes to filter spam using DNS-based black hole lists (DNSBL) or similar technics. Most if not all providers apply a rate limit based on the DNS resolver that is used to query their service. Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.","title":"Why unbound?"},{"location":"manual-guides/Docker/u_e-docker-cust_dockerfiles/","text":"You need to copy the override file with corresponding build tags to the mailcow: dockerized root folder (i.e. /opt/mailcow-dockerized ): cp helper-scripts/docker-compose.override.yml.d/BUILD_FLAGS/docker-compose.override.yml docker-compose.override.yml Make your changes in data/Dockerfiles/$service and build the image locally: docker build data/Dockerfiles/service -t mailcow/$service Now auto-recreate modified containers: docker-compose up -d","title":"Customize Dockerfiles"},{"location":"manual-guides/Docker/u_e-docker-dc_bash_compl/","text":"To get some sexy bash completion inside your containers simply execute the following: curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose","title":"Docker Compose Bash Completion"},{"location":"manual-guides/Dovecot/u_e-dovecot-any_acl/","text":"On August the 17th, we disabled the possibility to share with \"any\" or \"all authenticated users\" by default. This function can be re-enabled by setting ACL_ANYONE to allow in mailcow.conf: ACL_ANYONE=allow Apply the changes by running docker-compose up -d .","title":"Enable \"any\" ACL settings"},{"location":"manual-guides/Dovecot/u_e-dovecot-catchall_vacation/","text":"The Dovecot parameter sieve_vacation_dont_check_recipient - which was by default set to yes in mailcow configurations pre 21st July 2021 - allows for vacation replies even when a mail is sent to non-existent mailboxes like a catch-all addresses. We decided to switch this parameter back to no and allow a user to specify which recipient address triggers a vacation reply. The triggering recipients can also be configured in SOGos autoresponder feature.","title":"Vacation replies for catchall addresses"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/","text":"If you want to delete old mails out of the .Junk or .Trash folders or maybe delete all read mails that are older than a certain amount of time you may use dovecot's tool doveadm man doveadm-expunge . The manual way \u00b6 That said, let's dive in: Delete a user's mails inside the junk folder that are read and older than 4 hours docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h Delete all user's mails in the junk folder that are older than 7 days docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore ). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance). docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w Info For possible time spans or search keys have a look at man doveadm-search-query Job scheduler \u00b6 via the host system cron \u00b6 If you want to automate such a task you can create a cron job on your host that calls a script like the one below: #!/bin/bash # Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized cd /path/to/your/mailcow-dockerized /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [...] To create a cron job you may execute crontab -e and insert something like the following to execute a script: # Execute everyday at 04:00 A.M. 0 4 * * * /path/to/your/expunge_mailboxes.sh via Docker job scheduler \u00b6 To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow: version: '2.1' services: ofelia: image: mcuadros/ofelia:latest restart: always command: daemon --docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro network_mode: none dovecot-mailcow: labels: - \"ofelia.enabled=true\" - \"ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *\" - \"ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w\" - \"ofelia.job-exec.dovecot-expunge-trash.tty=false\" The job controller just need access to the docker control socket to be able to emulate the behavior of \"exec\". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru . This docker-compose.override.yml deletes all mails older then 2 weeks from the \"Junk\" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this: common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w, common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Finished in \"285.032291ms\", failed: false, skipped: false, error: none, If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug. In case you want to add more jobs, ensure you change the \"dovecot-expunge-trash\" part after \"ofelia.job-exec.\" to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia .","title":"Expunge a Users mails"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#the-manual-way","text":"That said, let's dive in: Delete a user's mails inside the junk folder that are read and older than 4 hours docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'Junk' SEEN not SINCE 4h Delete all user's mails in the junk folder that are older than 7 days docker-compose exec dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 7d Delete all mails (of all users) in all folders that are older than 52 weeks (internal date of the mail, not the date it was saved on the system => before instead of savedbefore ). Useful for deleting very old mails on all users and folders (thus especially useful for GDPR-compliance). docker-compose exec dovecot-mailcow doveadm expunge -A mailbox % before 52w Delete mails inside a custom folder inside a user's inbox that are not flagged and older than 2 weeks docker-compose exec dovecot-mailcow doveadm expunge -u 'mailbox@example.com' mailbox 'INBOX/custom-folder' not FLAGGED not SINCE 2w Info For possible time spans or search keys have a look at man doveadm-search-query","title":"The manual way"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#job-scheduler","text":"","title":"Job scheduler"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#via-the-host-system-cron","text":"If you want to automate such a task you can create a cron job on your host that calls a script like the one below: #!/bin/bash # Path to mailcow-dockerized, e.g. /opt/mailcow-dockerized cd /path/to/your/mailcow-dockerized /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' savedbefore 2w /usr/local/bin/docker-compose exec -T dovecot-mailcow doveadm expunge -A mailbox 'Junk' SEEN not SINCE 12h [...] To create a cron job you may execute crontab -e and insert something like the following to execute a script: # Execute everyday at 04:00 A.M. 0 4 * * * /path/to/your/expunge_mailboxes.sh","title":"via the host system cron"},{"location":"manual-guides/Dovecot/u_e-dovecot-expunge/#via-docker-job-scheduler","text":"To archive this with a docker job scheduler use this docker-compose.override.yml with your mailcow: version: '2.1' services: ofelia: image: mcuadros/ofelia:latest restart: always command: daemon --docker volumes: - /var/run/docker.sock:/var/run/docker.sock:ro network_mode: none dovecot-mailcow: labels: - \"ofelia.enabled=true\" - \"ofelia.job-exec.dovecot-expunge-trash.schedule=0 4 * * *\" - \"ofelia.job-exec.dovecot-expunge-trash.command=doveadm expunge -A mailbox 'Junk' savedbefore 2w\" - \"ofelia.job-exec.dovecot-expunge-trash.tty=false\" The job controller just need access to the docker control socket to be able to emulate the behavior of \"exec\". Then we add a few label to our dovecot-container to activate the job scheduler and tell him in a cron compatible scheduling format when to run. If you struggle with that schedule string you can use crontab guru . This docker-compose.override.yml deletes all mails older then 2 weeks from the \"Junk\" folder every day at 4 am. To see if things ran proper, you can not only see in your mailbox but also check Ofelia's docker log if it looks something like this: common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Started - doveadm expunge -A mailbox 'Junk' savedbefore 2w, common.go:124 \u25b6 NOTICE [Job \"dovecot-expunge-trash\" (8759567efa66)] Finished in \"285.032291ms\", failed: false, skipped: false, error: none, If it failed it will say so and give you the output of the doveadm in the log to make it easy on you to debug. In case you want to add more jobs, ensure you change the \"dovecot-expunge-trash\" part after \"ofelia.job-exec.\" to something else, it defines the name of the job. Syntax of the labels you find at mcuadros/ofelia .","title":"via Docker job scheduler"},{"location":"manual-guides/Dovecot/u_e-dovecot-extra_conf/","text":"Create a file data/conf/dovecot/extra.conf - if missing - and add your additional content here. Restart dovecot-mailcow to apply your changes: docker-compose restart dovecot-mailcow","title":"Customize/Expand dovecot.conf"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/","text":"FTS Solr \u00b6 Solr is used for setups with memory >= 3.5 GiB to provide full-text search in Dovecot. Please be aware that applications like Solr may need maintenance from time to time. Besides that, Solr will eat a lot of RAM, depending on the usage of your server. Please avoid it on machines with less than 3 GB RAM. The default heap size (1024 M) is defined in mailcow.conf. Since we run in Docker and create our containers with the \"restart: always\" flag, a oom situation will at least only trigger a restart of the container. FTS related Dovecot commands \u00b6 # single user docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain # all users docker-compose exec dovecot-mailcow doveadm fts rescan -A Dovecot Wiki: \"Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any).\" This does not re-index a mailbox. It basically repairs a given index. If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit: # single user docker-compose exec dovecot-mailcow doveadm index -u user@domain '*' # all users, but obviously slower and more dangerous docker-compose exec dovecot-mailcow doveadm index -A '*' This will take some time depending on your machine and Solr can run oom, monitor it! Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox. Delete mailbox data \u00b6 mailcow will purge index data of a user when deleting a mailbox. FTS Xapian (Release 2022) \u00b6 The Solr replacement Xapian is currently in the development/testing phase. Xapian is much more efficient than Solr because it is not based on Java. Xapian is also not as vulnerable to security vulnerabilities (which often occur in Java applications). The most serious difference between the two FTS is that Xapian (unlike Solr) no longer needs an extra container but from then on runs directly in Dovecot (as a plugin). If you want to know more about the Xapian plugin look here . All settings of the mailcow.conf which concern Solr are converted to Xapian .","title":"FTS (Solr)"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#fts-solr","text":"Solr is used for setups with memory >= 3.5 GiB to provide full-text search in Dovecot. Please be aware that applications like Solr may need maintenance from time to time. Besides that, Solr will eat a lot of RAM, depending on the usage of your server. Please avoid it on machines with less than 3 GB RAM. The default heap size (1024 M) is defined in mailcow.conf. Since we run in Docker and create our containers with the \"restart: always\" flag, a oom situation will at least only trigger a restart of the container.","title":"FTS Solr"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#fts-related-dovecot-commands","text":"# single user docker-compose exec dovecot-mailcow doveadm fts rescan -u user@domain # all users docker-compose exec dovecot-mailcow doveadm fts rescan -A Dovecot Wiki: \"Scan what mails exist in the full text search index and compare those to what actually exist in mailboxes. This removes mails from the index that have already been expunged and makes sure that the next doveadm index will index all the missing mails (if any).\" This does not re-index a mailbox. It basically repairs a given index. If you want to re-index data immediately, you can run the followig command, where '*' can also be a mailbox mask like 'Sent'. You do not need to run these commands, but it will speed things up a bit: # single user docker-compose exec dovecot-mailcow doveadm index -u user@domain '*' # all users, but obviously slower and more dangerous docker-compose exec dovecot-mailcow doveadm index -A '*' This will take some time depending on your machine and Solr can run oom, monitor it! Because re-indexing is very sensible, we did not include it to mailcow UI. You will need to take care of any errors while re-indexing a mailbox.","title":"FTS related Dovecot commands"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#delete-mailbox-data","text":"mailcow will purge index data of a user when deleting a mailbox.","title":"Delete mailbox data"},{"location":"manual-guides/Dovecot/u_e-dovecot-fts/#fts-xapian-release-2022","text":"The Solr replacement Xapian is currently in the development/testing phase. Xapian is much more efficient than Solr because it is not based on Java. Xapian is also not as vulnerable to security vulnerabilities (which often occur in Java applications). The most serious difference between the two FTS is that Xapian (unlike Solr) no longer needs an extra container but from then on runs directly in Dovecot (as a plugin). If you want to know more about the Xapian plugin look here . All settings of the mailcow.conf which concern Solr are converted to Xapian .","title":"FTS Xapian (Release 2022)"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/","text":"Changing the IMAP IDLE interval \u00b6 What is the IDLE interval? \u00b6 Per default, Dovecot sends a \"I'm still here\" notification to every client that has an open connection with Dovecot to get mails as quickly as possible without manually polling it (IMAP PUSH). This notification is controlled by the setting imap_idle_notify_interval , which defaults to 2 minutes. A short interval results in the client getting a lot of messages for this connection, which is bad for mobile devices, because every time the device receives this message, the mailing app has to wake up. This can result in unnecessary battery drain. Edit the value \u00b6 Change configuration \u00b6 Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type: imap_idle_notify_interval = 5 mins 29 minutes is the maximum value allowed by the corresponding RFC . Warning This isn't a default setting in mailcow because we don't know how this setting changes the behavior of other clients. Be careful if you change this and monitor different behavior. Reload Dovecot \u00b6 Now reload Dovecot: docker-compose exec dovecot-mailcow dovecot reload Info You can check the value of this setting with docker-compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" If you didn't change it, it should be at 2m. If you did change it, you should see your new value.","title":"IMAP IDLE interval"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#changing-the-imap-idle-interval","text":"","title":"Changing the IMAP IDLE interval"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#what-is-the-idle-interval","text":"Per default, Dovecot sends a \"I'm still here\" notification to every client that has an open connection with Dovecot to get mails as quickly as possible without manually polling it (IMAP PUSH). This notification is controlled by the setting imap_idle_notify_interval , which defaults to 2 minutes. A short interval results in the client getting a lot of messages for this connection, which is bad for mobile devices, because every time the device receives this message, the mailing app has to wake up. This can result in unnecessary battery drain.","title":"What is the IDLE interval?"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#edit-the-value","text":"","title":"Edit the value"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#change-configuration","text":"Create a new file data/conf/dovecot/extra.conf (or edit it if it already exists). Insert the setting followed by the new value. For example, to set the interval to 5 minutes you could type: imap_idle_notify_interval = 5 mins 29 minutes is the maximum value allowed by the corresponding RFC . Warning This isn't a default setting in mailcow because we don't know how this setting changes the behavior of other clients. Be careful if you change this and monitor different behavior.","title":"Change configuration"},{"location":"manual-guides/Dovecot/u_e-dovecot-idle_interval/#reload-dovecot","text":"Now reload Dovecot: docker-compose exec dovecot-mailcow dovecot reload Info You can check the value of this setting with docker-compose exec dovecot-mailcow dovecot -a | grep \"imap_idle_notify_interval\" If you didn't change it, it should be at 2m. If you did change it, you should see your new value.","title":"Reload Dovecot"},{"location":"manual-guides/Dovecot/u_e-dovecot-mail-crypt/","text":"Mails are stored compressed (lz4) and encrypted. The key pair can be found in crypt-vol-1. If you want to decode/encode existing maildir files, you can use the following script at your own risk: Enter Dovecot by running docker-compose exec dovecot-mailcow /bin/bash in the mailcow-dockerized location. # Decrypt /var/vmail find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do if [[ $(head -c7 \"$file\") == \"CRYPTED\" ]]; then doveadm fs get compress lz4:0:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \\ \"$file\" > \"/tmp/$(basename \"$file\")\" if [[ -s \"/tmp/$(basename \"$file\")\" ]]; then chmod 600 \"/tmp/$(basename \"$file\")\" chown 5000:5000 \"/tmp/$(basename \"$file\")\" mv \"/tmp/$(basename \"$file\")\" \"$file\" else rm \"/tmp/$(basename \"$file\")\" fi fi done # Encrypt /var/vmail find /var/vmail/ -type f -regextype egrep -regex '.*S=.*W=.*' | while read -r file; do if [[ $(head -c7 \"$file\") != \"CRYPTED\" ]]; then doveadm fs put crypt private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ \\ \"$file\" \"$file\" chmod 600 \"$file\" chown 5000:5000 \"$file\" fi done","title":"Mail crypt"},{"location":"manual-guides/Dovecot/u_e-dovecot-more/","text":"Here is just an unsorted list of useful doveadm commands that could be useful. doveadm quota \u00b6 The quota get and quota recalc 1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes . To list the current quota status for a user / mailbox, do: doveadm quota get -u 'mailbox@example.org' To list the quota storage value for all users, do: doveadm quota get -A |grep \"STORAGE\" Recalculate a single user's quota usage: doveadm quota recalc -u 'mailbox@example.org' doveadm search \u00b6 The doveadm search 2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs. To view the number of messages, by user, in their .Trash folder: doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c Show all messages in a user's inbox older then 90 days: doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d Show all messages in any folder that are older then 30 days for mailbox@example.org : doveadm search -u 'mailbox@example.org' mailbox \"*\" savedbefore 30d https://wiki.dovecot.org/Tools/Doveadm/Quota \u21a9 https://wiki.dovecot.org/Tools/Doveadm/Search \u21a9","title":"More Examples with DOVEADM"},{"location":"manual-guides/Dovecot/u_e-dovecot-more/#doveadm-quota","text":"The quota get and quota recalc 1 commands are used to display or recalculate the current user's quota usage. The reported values are in kilobytes . To list the current quota status for a user / mailbox, do: doveadm quota get -u 'mailbox@example.org' To list the quota storage value for all users, do: doveadm quota get -A |grep \"STORAGE\" Recalculate a single user's quota usage: doveadm quota recalc -u 'mailbox@example.org'","title":"doveadm quota"},{"location":"manual-guides/Dovecot/u_e-dovecot-more/#doveadm-search","text":"The doveadm search 2 command is used to find messages matching your query. It can return the username, mailbox-GUID / -UID and message-GUIDs / -UIDs. To view the number of messages, by user, in their .Trash folder: doveadm search -A mailbox 'Trash' | awk '{print $1}' | sort | uniq -c Show all messages in a user's inbox older then 90 days: doveadm search -u 'mailbox@example.org' mailbox 'INBOX' savedbefore 90d Show all messages in any folder that are older then 30 days for mailbox@example.org : doveadm search -u 'mailbox@example.org' mailbox \"*\" savedbefore 30d https://wiki.dovecot.org/Tools/Doveadm/Quota \u21a9 https://wiki.dovecot.org/Tools/Doveadm/Search \u21a9","title":"doveadm search"},{"location":"manual-guides/Dovecot/u_e-dovecot-public_folder/","text":"Create a new public namespace \"Public\" and a mailbox \"Develcow\" inside that namespace: Edit or create data/conf/dovecot/extra.conf , add: namespace { type = public separator = / prefix = Public/ location = maildir:/var/vmail/public:INDEXPVT=~/public subscriptions = yes mailbox \"Develcow\" { auto = subscribe } } :INDEXPVT=~/public can be omitted if per-user seen flags are not wanted. The new mailbox in the public namespace will be auto-subscribed by users. To allow all authenticated users access full to that new mailbox (not the whole namespace), run: docker-compose exec dovecot-mailcow doveadm acl set -A \"Public/Develcow\" \"authenticated\" lookup read write write-seen write-deleted insert post delete expunge create Adjust the command to your needs if you like to assign more granular rights per user (use -u user@domain instead of -A for example). Allow authenticated users access to the whole public namespace \u00b6 To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory: Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content: authenticated kxeilprwts kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create . You can use doveadm acl set -u user@domain \"Public/Develcow\" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to \"lr\" and grant only some users full access. See Dovecot ACL for further information about ACL.","title":"Public folders"},{"location":"manual-guides/Dovecot/u_e-dovecot-public_folder/#allow-authenticated-users-access-to-the-whole-public-namespace","text":"To allow all authenticated users access full access to the whole public namespace and its subfolders, create a new dovecot-acl file in the namespace root directory: Open/edit/create /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data/public/dovecot-acl (adjust the path accordingly) to create the global ACL file with the following content: authenticated kxeilprwts kxeilprwts equals to lookup read write write-seen write-deleted insert post delete expunge create . You can use doveadm acl set -u user@domain \"Public/Develcow\" user=user@domain lookup read to limit access for a single user. You may also turn it around to limit access for all users to \"lr\" and grant only some users full access. See Dovecot ACL for further information about ACL.","title":"Allow authenticated users access to the whole public namespace"},{"location":"manual-guides/Dovecot/u_e-dovecot-static_master/","text":"Random master usernames and passwords are automatically created on every restart of dovecot-mailcow. That's recommended and should not be changed. If you need the user to be static anyway, please specify two variables in mailcow.conf . Both parameters must not be empty! DOVECOT_MASTER_USER=mymasteruser DOVECOT_MASTER_PASS=mysecretpass Run docker-compose up -d to apply your changes. The static master username will be expanded to DOVECOT_MASTER_USER@mailcow.local . To login as test@example.org this would equal to test@example.org*mymasteruser@mailcow.local with the specified password above. A login to SOGo is not possible with this username. A click-to-login function for SOGo is available for admins as described here No master user is required.","title":"Static master user"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/","text":"The \"new\" way \u00b6 Warning Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed). An easy, dirty, yet stable workaround is to stop mailcow ( docker-compose down ), remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example: mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data Start mailcow afterwards. The \"old\" way \u00b6 If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content: version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail o: bind Moving an existing vmail folder: \u00b6 Locate the current vmail folder by its \"Mountpoint\" attribute: docker volume inspect mailcowdockerized_vmail-vol-1 [ { \"CreatedAt\": \"2019-06-16T22:08:34+02:00\", \"Driver\": \"local\", \"Labels\": { \"com.docker.compose.project\": \"mailcowdockerized\", \"com.docker.compose.version\": \"1.23.2\", \"com.docker.compose.volume\": \"vmail-vol-1\" }, \"Mountpoint\": \"/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data\", \"Name\": \"mailcowdockerized_vmail-vol-1\", \"Options\": null, \"Scope\": \"local\" } ] Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail ) using cp -a , rsync -a or a similar non strcuture breaking copy command Stop mailcow by executing docker-compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized ) Create the file docker-compose.override.yml , edit the device path accordingly Delete the current vmail folder: docker volume rm mailcowdockerized_vmail-vol-1 Start mailcow by executing docker-compose up -d from within your mailcow root folder (e.g. /opt/mailcow-dockerized )","title":"Move Maildir (vmail)"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/#the-new-way","text":"Warning Newer Docker versions seem to complain about existing volumes. You can fix this temporarily by removing the existing volume and start mailcow with the override file. But it seems to be problematic after a reboot (needs to be confirmed). An easy, dirty, yet stable workaround is to stop mailcow ( docker-compose down ), remove /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data and create a new link to your remote filesystem location, for example: mv /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data_backup ln -s /mnt/volume-xy/vmail_data /var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data Start mailcow afterwards.","title":"The \"new\" way"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/#the-old-way","text":"If you want to use another folder for the vmail-volume, you can create a docker-compose.override.yml file and add the following content: version: '2.1' volumes: vmail-vol-1: driver_opts: type: none device: /data/mailcow/vmail o: bind","title":"The \"old\" way"},{"location":"manual-guides/Dovecot/u_e-dovecot-vmail-volume/#moving-an-existing-vmail-folder","text":"Locate the current vmail folder by its \"Mountpoint\" attribute: docker volume inspect mailcowdockerized_vmail-vol-1 [ { \"CreatedAt\": \"2019-06-16T22:08:34+02:00\", \"Driver\": \"local\", \"Labels\": { \"com.docker.compose.project\": \"mailcowdockerized\", \"com.docker.compose.version\": \"1.23.2\", \"com.docker.compose.volume\": \"vmail-vol-1\" }, \"Mountpoint\": \"/var/lib/docker/volumes/mailcowdockerized_vmail-vol-1/_data\", \"Name\": \"mailcowdockerized_vmail-vol-1\", \"Options\": null, \"Scope\": \"local\" } ] Copy the content of the Mountpoint folder to the new location (e.g. /data/mailcow/vmail ) using cp -a , rsync -a or a similar non strcuture breaking copy command Stop mailcow by executing docker-compose down from within your mailcow root folder (e.g. /opt/mailcow-dockerized ) Create the file docker-compose.override.yml , edit the device path accordingly Delete the current vmail folder: docker volume rm mailcowdockerized_vmail-vol-1 Start mailcow by executing docker-compose up -d from within your mailcow root folder (e.g. /opt/mailcow-dockerized )","title":"Moving an existing vmail folder:"},{"location":"manual-guides/Nginx/u_e-nginx_custom/","text":"SSL \u00b6 Please see Advanced SSL and explicitly check ADDITIONAL_SERVER_NAMES for SSL configuration. Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root. New site \u00b6 To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/ : A good template to begin with: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; # Location: data/web root /web; # Location: data/web/mysite.com #root /web/mysite.com include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; server_tokens off; # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { default_type \"text/plain\"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; } if ($scheme = http) { return 301 https://$server_name$request_uri; } } New site with proxy to a remote location \u00b6 Another example with a reverse proxy configuration: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name example.domain.tld; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } if ($scheme = http) { return 301 https://$host$request_uri; } location / { proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; } } Config expansion in mailcows Nginx \u00b6 The filename used for a new site is not important, as long as the filename carries a .conf extension. It is also possible to extend the configuration of the default file site.conf file: nano data/conf/nginx/site.my_content.custom This filename does not need to have a \".conf\" extension but follows the pattern site.*.custom , where * is a custom name. If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf . Restart Nginx (and PHP-FPM, if a new listener was created): docker-compose restart nginx-mailcow docker-compose restart php-fpm-mailcow","title":"Custom sites"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#ssl","text":"Please see Advanced SSL and explicitly check ADDITIONAL_SERVER_NAMES for SSL configuration. Please do not add ADDITIONAL_SERVER_NAMES when you plan to use a different web root.","title":"SSL"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#new-site","text":"To create persistent (over updates) sites hosted by mailcow: dockerized, a new site configuration must be placed inside data/conf/nginx/ : A good template to begin with: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; # Location: data/web root /web; # Location: data/web/mysite.com #root /web/mysite.com include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name mysite.example.org; server_tokens off; # This allows acme to be validated even with a different web root location ^~ /.well-known/acme-challenge/ { default_type \"text/plain\"; rewrite /.well-known/acme-challenge/(.*) /$1 break; root /web/.well-known/acme-challenge/; } if ($scheme = http) { return 301 https://$server_name$request_uri; } }","title":"New site"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#new-site-with-proxy-to-a-remote-location","text":"Another example with a reverse proxy configuration: nano data/conf/nginx/my_custom_site.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305; ssl_ecdh_curve X25519:X448:secp384r1:secp256k1; ssl_session_cache shared:SSL:50m; ssl_session_timeout 1d; ssl_session_tickets off; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name example.domain.tld; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } if ($scheme = http) { return 301 https://$host$request_uri; } location / { proxy_pass http://service:3000/; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; client_max_body_size 0; } }","title":"New site with proxy to a remote location"},{"location":"manual-guides/Nginx/u_e-nginx_custom/#config-expansion-in-mailcows-nginx","text":"The filename used for a new site is not important, as long as the filename carries a .conf extension. It is also possible to extend the configuration of the default file site.conf file: nano data/conf/nginx/site.my_content.custom This filename does not need to have a \".conf\" extension but follows the pattern site.*.custom , where * is a custom name. If PHP is to be included in a custom site, please use the PHP-FPM listener on phpfpm:9002 or create a new listener in data/conf/phpfpm/php-fpm.d/pools.conf . Restart Nginx (and PHP-FPM, if a new listener was created): docker-compose restart nginx-mailcow docker-compose restart php-fpm-mailcow","title":"Config expansion in mailcows Nginx"},{"location":"manual-guides/Nginx/u_e-nginx_webmail-site/","text":"IMPORTANT : This guide only applies to non SNI enabled configurations. The certificate path needs to be adjusted if SNI is enabled. Something like ssl_certificate,key /etc/ssl/mail/webmail.example.org/cert.pem,key.pem; will do. But : The certificate should be acquired first and only after the certificate exists a site config should be created. Nginx will fail to start if it cannot find the certificate and key. To create a subdomain webmail.example.org and redirect it to SOGo, you need to create a new Nginx site. Take care of \"CHANGE_TO_MAILCOW_HOSTNAME\"! nano data/conf/nginx/webmail.conf server { ssl_certificate /etc/ssl/mail/cert.pem; ssl_certificate_key /etc/ssl/mail/key.pem; index index.php index.html; client_max_body_size 0; root /web; include /etc/nginx/conf.d/listen_plain.active; include /etc/nginx/conf.d/listen_ssl.active; server_name webmail.example.org; server_tokens off; location ^~ /.well-known/acme-challenge/ { allow all; default_type \"text/plain\"; } location / { return 301 https://CHANGE_TO_MAILCOW_HOSTNAME/SOGo; } } Save and restart Nginx: docker-compose restart nginx-mailcow . Now open mailcow.conf and find ADDITIONAL_SAN . Add webmail.example.org to this array, don't use quotes! ADDITIONAL_SAN=webmail.example.org Run docker-compose up -d . See \"acme-mailcow\" and \"nginx-mailcow\" logs if anything fails.","title":"Create subdomain webmail.example.org"},{"location":"manual-guides/Postfix/u_e-postfix-attachment_size/","text":"Open data/conf/postfix/extra.cf and set the message_size_limit accordingly in bytes. See main.cf for the default value. Restart Postfix: docker-compose restart postfix-mailcow","title":"Max. message size (attachment size)"},{"location":"manual-guides/Postfix/u_e-postfix-custom_transport/","text":"For transport maps other than those to be configured in mailcow UI, please use data/conf/postfix/custom_transport.pcre to prevent existing maps or settings from being overwritten by updates. In most cases using this file is not necessary. Please make sure mailcow UI is not able to route your desired traffic properly before using that file. The file needs valid PCRE content and can break Postfix, if configured incorrectly.","title":"Custom transport maps"},{"location":"manual-guides/Postfix/u_e-postfix-disable_sender_verification/","text":"New guide \u00b6 Edit a mailbox and select \"Allow to send as *\". For historical reasons we kept the old and deprecated guide below: Deprecated guide (DO NOT USE ON NEWER MAILCOWS!) \u00b6 This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do. Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. user-to-allow-everything@example.com OK Open data/conf/postfix/main.cf and find smtpd_sender_restrictions . Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...] Run postmap on check_sasl_access: docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Restart the Postfix container.","title":"Disable Sender Addresses Verification"},{"location":"manual-guides/Postfix/u_e-postfix-disable_sender_verification/#new-guide","text":"Edit a mailbox and select \"Allow to send as *\". For historical reasons we kept the old and deprecated guide below:","title":"New guide"},{"location":"manual-guides/Postfix/u_e-postfix-disable_sender_verification/#deprecated-guide-do-not-use-on-newer-mailcows","text":"This option is not best-practice and should only be implemented when there is no other option available to achieve whatever you are trying to do. Simply create a file data/conf/postfix/check_sasl_access and enter the following content. This user must exist in your installation and needs to authenticate before sending mail. user-to-allow-everything@example.com OK Open data/conf/postfix/main.cf and find smtpd_sender_restrictions . Prepend check_sasl_access hash:/opt/postfix/conf/check_sasl_access like this: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sasl_access reject_authenticated_sender_login_mismatch [...] Run postmap on check_sasl_access: docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Restart the Postfix container.","title":"Deprecated guide (DO NOT USE ON NEWER MAILCOWS!)"},{"location":"manual-guides/Postfix/u_e-postfix-extra_cf/","text":"Please create a new file data/conf/postfix/extra.cf for overrides or additional content to main.cf . Postfix will complain about duplicate values once after starting postfix-mailcow, this is intended. Syslog-ng was configured to hide those warnings while Postfix is running, to not spam the log files with unnecessary information every time a service is used. Restart postfix-mailcow to apply your changes: docker-compose restart postfix-mailcow","title":"Customize/Expand main.cf"},{"location":"manual-guides/Postfix/u_e-postfix-pflogsumm/","text":"To use pflogsumm with the default logging driver, we need to query postfix-mailcow via docker logs and pipe the output to pflogsumm: docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | pflogsumm The above log output is limited to the past 24 hours. It's also possible to create a daily pflogsumm report via cron. Create the file /etc/cron.d/pflogsumm with the following content: SHELL=/bin/bash 59 23 * * * root docker logs --since 24h $(docker ps -qf name=postfix-mailcow) | /usr/sbin/pflogsumm -d today | mail -s \"Postfix Report of $(date)\" postmaster@example.net Based on the last 24h postfix logs, this example sends every day at 23:59:00 a pflogsumm report to postmaster@example.net .","title":"Statistics with pflogsumm"},{"location":"manual-guides/Postfix/u_e-postfix-postscreen_whitelist/","text":"IPs can be removed from Postscreen and therefore also from RBL checks in data/conf/postfix/custom_postscreen_whitelist.cidr . Postscreen does multiple checks to identify malicious senders. In most cases you want to whitelist an IP to exclude it from blacklist lookups. The format of the file is as follows: CIDR ACTION Where CIDR is a single IP address or IP range in CIDR notation, and action is either \"permit\" or \"reject\". Example: # Rules are evaluated in the order as specified. # Blacklist 192.168.* except 192.168.0.1. 192.168.0.1 permit 192.168.0.0/16 reject The file is reloaded on the fly, postfix restart is not required.","title":"Whitelist IP in Postscreen"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/","text":"As of September 12, 2018 you can setup relayhosts as admin by using the mailcow UI. This is useful if you want to relay outgoing emails for a specific domain to a third-party spam filter or a service like Mailgun or Sendgrid. This is also known as a smarthost . Add a new relayhost \u00b6 Go to the Routing tab of the Configuration and Details section of the admin UI. Here you will see a list of relayhosts currently setup. Scroll to the Add sender-dependent transport section. Under Host , add the host you want to relay to. Example: if you want to use Mailgun to send emails instead of your server IP, enter smtp.mailgun.org If the relay host requires a username and password to authenticate, enter them in the respective fields. Keep in mind the credentials will be stored in plain text. Test a relayhost \u00b6 To test that connectivity to the host works, click on Test from the list of relayhosts and enter a From: address. Then, run the test. You will then see the results of the SMTP transmission. If all went well, you should see SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 as one of the last lines. If not, review the error provided and resolve it. Note: Some hosts, especially those who do not require authentication, will deny connections from servers that have not been added to their system beforehand. Make sure you read the documentation of the relayhost to make sure you've added your domain and/or the server IP to their system. Tip: You can change the default test To: address the test uses from null@mailcow.email to any email address you choose by modifying the $RELAY_TO variable on the vars.inc.php file under /opt/mailcow-dockerized/data/web/inc This way you can check that the relay worked by checking the destination mailbox. Set the relayhost for a domain \u00b6 Go to the Domains tab of the Mail setup section of the admin UI. Edit the desired domain. Select the newly added host on the Sender-dependent transports dropdown and save changes. Send an email from a mailbox on that domain and you should see postfix handing the message over to the relayhost in the logs.","title":"Relayhosts"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/#add-a-new-relayhost","text":"Go to the Routing tab of the Configuration and Details section of the admin UI. Here you will see a list of relayhosts currently setup. Scroll to the Add sender-dependent transport section. Under Host , add the host you want to relay to. Example: if you want to use Mailgun to send emails instead of your server IP, enter smtp.mailgun.org If the relay host requires a username and password to authenticate, enter them in the respective fields. Keep in mind the credentials will be stored in plain text.","title":"Add a new relayhost"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/#test-a-relayhost","text":"To test that connectivity to the host works, click on Test from the list of relayhosts and enter a From: address. Then, run the test. You will then see the results of the SMTP transmission. If all went well, you should see SERVER -> CLIENT: 250 2.0.0 Ok: queued as A093B401D4 as one of the last lines. If not, review the error provided and resolve it. Note: Some hosts, especially those who do not require authentication, will deny connections from servers that have not been added to their system beforehand. Make sure you read the documentation of the relayhost to make sure you've added your domain and/or the server IP to their system. Tip: You can change the default test To: address the test uses from null@mailcow.email to any email address you choose by modifying the $RELAY_TO variable on the vars.inc.php file under /opt/mailcow-dockerized/data/web/inc This way you can check that the relay worked by checking the destination mailbox.","title":"Test a relayhost"},{"location":"manual-guides/Postfix/u_e-postfix-relayhost/#set-the-relayhost-for-a-domain","text":"Go to the Domains tab of the Mail setup section of the admin UI. Edit the desired domain. Select the newly added host on the Sender-dependent transports dropdown and save changes. Send an email from a mailbox on that domain and you should see postfix handing the message over to the relayhost in the logs.","title":"Set the relayhost for a domain"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/","text":"By default mailcow considers all networks as untrusted excluding its own IPV4_NETWORK and IPV6_NETWORK scopes. Though it is reasonable in most cases, there may be circumstances that you need to loosen this restriction. By default mailcow uses mynetworks_style = subnet to determine internal subnets and leaves mynetworks unconfigured. If you decide to set mynetworks , Postfix ignores the mynetworks_style setting. This means you have to add the IPV4_NETWORK and IPV6_NETWORK scopes as well as loopback subnets manually! Unauthenticated relaying \u00b6 Warning Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved. IPv4 hosts/subnets \u00b6 To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 Run docker-compose restart postfix-mailcow to apply your new settings. IPv6 hosts/subnets \u00b6 Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended. To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32 Run docker-compose restart postfix-mailcow to apply your new settings. Info More information about mynetworks can be found in the Postfix documentation .","title":"Add trusted networks"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/#unauthenticated-relaying","text":"Warning Incorrect setup of mynetworks will allow your server to be used as an open relay. If abused, this will affect your ability to send emails and can take some time to be resolved.","title":"Unauthenticated relaying"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/#ipv4-hostssubnets","text":"To add the subnet 192.168.2.0/24 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 192.168.2.0/24 Run docker-compose restart postfix-mailcow to apply your new settings.","title":"IPv4 hosts/subnets"},{"location":"manual-guides/Postfix/u_e-postfix-trust_networks/#ipv6-hostssubnets","text":"Adding IPv6 hosts is done the same as IPv4, however the subnet needs to be placed in brackets [] with the netmask appended. To add the subnet 2001:db8::/32 to the trusted networks you may use the following configuration, depending on your IPV4_NETWORK and IPV6_NETWORK scopes: Edit data/conf/postfix/extra.cf : mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 [fe80::]/10 172.22.1.0/24 [fd4d:6169:6c63:6f77::]/64 [2001:db8::]/32 Run docker-compose restart postfix-mailcow to apply your new settings. Info More information about mynetworks can be found in the Postfix documentation .","title":"IPv6 hosts/subnets"},{"location":"manual-guides/Redis/u_e-redis/","text":"Redis is used as a key-value store for rspamd's and (some of) mailcow's settings and data. If you are unfamiliar with redis please read the introduction to redis and maybe visit this wonderful guide on how to use it. Client \u00b6 To connect to the redis cli execute: docker-compose exec redis-mailcow redis-cli Debugging \u00b6 Here are some useful commands for the redis-cli for debugging: MONITOR \u00b6 Listens for all requests received by the server in real time: # docker-compose exec redis-mailcow redis-cli 127.0.0.1:6379> monitor OK 1494077286.401963 [0 172.22.1.253:41228] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288.292970 [0 172.22.1.253:41229] \"SMEMBERS\" \"BAYES_SPAM_keys\" [...] KEYS \u00b6 Get all keys matching your pattern: KEYS * PING \u00b6 Test a connection: 127.0.0.1:6379> PING PONG If you want to know more, here is a cheat sheet .","title":"Redis"},{"location":"manual-guides/Redis/u_e-redis/#client","text":"To connect to the redis cli execute: docker-compose exec redis-mailcow redis-cli","title":"Client"},{"location":"manual-guides/Redis/u_e-redis/#debugging","text":"Here are some useful commands for the redis-cli for debugging:","title":"Debugging"},{"location":"manual-guides/Redis/u_e-redis/#monitor","text":"Listens for all requests received by the server in real time: # docker-compose exec redis-mailcow redis-cli 127.0.0.1:6379> monitor OK 1494077286.401963 [0 172.22.1.253:41228] \"SMEMBERS\" \"BAYES_SPAM_keys\" 1494077288.292970 [0 172.22.1.253:41229] \"SMEMBERS\" \"BAYES_SPAM_keys\" [...]","title":"MONITOR"},{"location":"manual-guides/Redis/u_e-redis/#keys","text":"Get all keys matching your pattern: KEYS *","title":"KEYS"},{"location":"manual-guides/Redis/u_e-redis/#ping","text":"Test a connection: 127.0.0.1:6379> PING PONG If you want to know more, here is a cheat sheet .","title":"PING"},{"location":"manual-guides/Rspamd/u_e-rspamd/","text":"Rspamd is used for AV handling, DKIM signing and SPAM handling. It's a powerful and fast filter system. For a more in-depth documentation on Rspamd please visit its own documentation . Learn Spam & Ham \u00b6 Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. This is achieved by using the Sieve plugin \"sieve_imapsieve\" and parser scripts. Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning ). We configured the plugin to keep a sane ratio between spam and ham learns. The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM . Besides bayes, a local fuzzy storage is used to learn recurring patterns in text or images that indicate ham or spam. You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd. Learn Spam or Ham from existing directory \u00b6 You can use a one-liner to learn mail in plain-text (uncompressed) format: # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example: for file in /data/old_mail/.Junk/cur/* ; do rspamc learn_spam < zcat $file ; done Reset learned data (Bayes, Neural) \u00b6 You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now: Backup database # It is better to stop Redis before you copy the file. cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ Reset Bayes data docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' Reset Neural data docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' Reset Fuzzy data # We need to enter the redis-cli first: docker-compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* Info If redis-cli complains about... (error) ERR wrong number of arguments for 'del' command ...the key pattern was not found and thus no data is available to delete - it is fine. CLI tools \u00b6 docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help Disable Greylisting \u00b6 Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting. You can disable greylisting server-wide by editing: {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf Add the line: enabled = false ; Save the file and restart \"rspamd-mailcow\": docker-compose restart rspamd-mailcow Spam filter thresholds (global) \u00b6 Each user is able to change their spam rating individually . To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf : reject = 15 ; add_header = 8 ; greylist = 7 ; Save the file and restart \"rspamd-mailcow\": docker-compose restart rspamd-mailcow Existing settings of users will not be overwritten! To reset custom defined thresholds, run: source mailcow.conf docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: # docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\" Custom reject messages \u00b6 The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content: reject_message = \"My custom reject message\"; Save the file and restart Rspamd: docker-compose restart rspamd-mailcow . While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted: Find prefilet reject symbol for which you want change message, to do it run: grep -R \"SYMBOL_YOU_WANT_TO_ADJUST\" /opt/mailcow-dockerized/data/conf/rspamd/ Add your custom message as new line: GLOBAL_RCPT_BL { type = \"rcpt\"; map = \"${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map\"; regexp = true; prefilter = true; action = \"reject\"; message = \"Sending mail to this recipient is prohibited by postmaster@your.domain\"; } Save the file and restart Rspamd: docker-compose restart rspamd-mailcow . Whitelist specific ClamAV signatures \u00b6 You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND ). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: docker-compose logs clamd-mailcow | grep \"FOUND\" This line confirms that such was identified: clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file: echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose: docker-compose restart clamd-mailcow Cleanup cached ClamAV results in Redis: # docker-compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit Discard instead of reject \u00b6 If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content: discard_on_reject = true; Restart Rspamd: docker-compose restart rspamd-mailcow Wipe all ratelimit keys \u00b6 If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task: docker-compose exec redis-mailcow sh # Unlink (available in Redis >=4.) will delete in the backgronud redis-cli --scan --pattern RL* | xargs redis-cli unlink Restart Rspamd: docker-compose exec redis-mailcow sh Trigger a resend of quarantine notifications \u00b6 Should be used for debugging only! docker-compose exec dovecot-mailcow bash mysql -umailcow -p$DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py Increase history retention \u00b6 By default Rspamd keeps 1000 elements in the history. The history is stored compressed. It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it: Edit data/conf/rspamd/local.d/history_redis.conf : nrows = 1000; # change this value Restart Rspamd afterwards: docker-compose restart rspamd-mailcow","title":"Rspamd"},{"location":"manual-guides/Rspamd/u_e-rspamd/#learn-spam-ham","text":"Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash. This is achieved by using the Sieve plugin \"sieve_imapsieve\" and parser scripts. Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning ). We configured the plugin to keep a sane ratio between spam and ham learns. The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM . Besides bayes, a local fuzzy storage is used to learn recurring patterns in text or images that indicate ham or spam. You can also use Rspamd's web UI to learn ham and / or spam or to adjust certain settings of Rspamd.","title":"Learn Spam & Ham"},{"location":"manual-guides/Rspamd/u_e-rspamd/#learn-spam-or-ham-from-existing-directory","text":"You can use a one-liner to learn mail in plain-text (uncompressed) format: # Ham for file in /my/folder/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_ham < $file ; done # Spam for file in /my/folder/.Junk/cur/* ; do docker exec -i $( docker-compose ps -q rspamd-mailcow ) rspamc learn_spam < $file ; done Consider attaching a local folder as new volume to rspamd-mailcow in docker-compose.yml and learn given files inside the container. This can be used as workaround to parse compressed data with zcat. Example: for file in /data/old_mail/.Junk/cur/* ; do rspamc learn_spam < zcat $file ; done","title":"Learn Spam or Ham from existing directory"},{"location":"manual-guides/Rspamd/u_e-rspamd/#reset-learned-data-bayes-neural","text":"You need to delete keys in Redis to reset learned data, so create a copy of your Redis database now: Backup database # It is better to stop Redis before you copy the file. cp /var/lib/docker/volumes/mailcowdockerized_redis-vol-1/_data/dump.rdb /root/ Reset Bayes data docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern BAYES_* | xargs redis-cli del' docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern RS* | xargs redis-cli del' Reset Neural data docker-compose exec redis-mailcow sh -c 'redis-cli --scan --pattern rn_* | xargs redis-cli del' Reset Fuzzy data # We need to enter the redis-cli first: docker-compose exec redis-mailcow redis-cli # In redis-cli: 127 .0.0.1:6379> EVAL \"for i, name in ipairs(redis.call('KEYS', ARGV[1])) do redis.call('DEL', name); end\" 0 fuzzy* Info If redis-cli complains about... (error) ERR wrong number of arguments for 'del' command ...the key pattern was not found and thus no data is available to delete - it is fine.","title":"Reset learned data (Bayes, Neural)"},{"location":"manual-guides/Rspamd/u_e-rspamd/#cli-tools","text":"docker-compose exec rspamd-mailcow rspamc --help docker-compose exec rspamd-mailcow rspamadm --help","title":"CLI tools"},{"location":"manual-guides/Rspamd/u_e-rspamd/#disable-greylisting","text":"Only messages with a higher score will be considered to be greylisted (soft rejected). It is bad practice to disable greylisting. You can disable greylisting server-wide by editing: {mailcow-dir}/data/conf/rspamd/local.d/greylist.conf Add the line: enabled = false ; Save the file and restart \"rspamd-mailcow\": docker-compose restart rspamd-mailcow","title":"Disable Greylisting"},{"location":"manual-guides/Rspamd/u_e-rspamd/#spam-filter-thresholds-global","text":"Each user is able to change their spam rating individually . To define a new server-wide limit, edit data/conf/rspamd/local.d/actions.conf : reject = 15 ; add_header = 8 ; greylist = 7 ; Save the file and restart \"rspamd-mailcow\": docker-compose restart rspamd-mailcow Existing settings of users will not be overwritten! To reset custom defined thresholds, run: source mailcow.conf docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel';\" # or: # docker-compose exec mysql-mailcow mysql -umailcow -p$DBPASS mailcow -e \"delete from filterconf where option = 'highspamlevel' or option = 'lowspamlevel' and object = 'only-this-mailbox@example.org';\"","title":"Spam filter thresholds (global)"},{"location":"manual-guides/Rspamd/u_e-rspamd/#custom-reject-messages","text":"The default spam reject message can be changed by adding a new file data/conf/rspamd/override.d/worker-proxy.custom.inc with the following content: reject_message = \"My custom reject message\"; Save the file and restart Rspamd: docker-compose restart rspamd-mailcow . While the above works for rejected mails with a high spam score, prefilter reject actions will ignore this setting. For these maps, the multimap module in Rspamd needs to be adjusted: Find prefilet reject symbol for which you want change message, to do it run: grep -R \"SYMBOL_YOU_WANT_TO_ADJUST\" /opt/mailcow-dockerized/data/conf/rspamd/ Add your custom message as new line: GLOBAL_RCPT_BL { type = \"rcpt\"; map = \"${LOCAL_CONFDIR}/custom/global_rcpt_blacklist.map\"; regexp = true; prefilter = true; action = \"reject\"; message = \"Sending mail to this recipient is prohibited by postmaster@your.domain\"; } Save the file and restart Rspamd: docker-compose restart rspamd-mailcow .","title":"Custom reject messages"},{"location":"manual-guides/Rspamd/u_e-rspamd/#whitelist-specific-clamav-signatures","text":"You may find that legitimate (clean) mail is being blocked by ClamAV (Rspamd will flag the mail with VIRUS_FOUND ). For instance, interactive PDF form attachments are blocked by default because the embedded Javascript code may be used for nefarious purposes. Confirm by looking at the clamd logs, e.g.: docker-compose logs clamd-mailcow | grep \"FOUND\" This line confirms that such was identified: clamd-mailcow_1 | Sat Sep 28 07:43:24 2019 -> instream(local): PUA.Pdf.Trojan.EmbeddedJavaScript-1(e887d2ac324ce90750768b86b63d0749:363325) FOUND To whitelist this particular signature (and enable sending this type of file attached), add it to the ClamAV signature whitelist file: echo 'PUA.Pdf.Trojan.EmbeddedJavaScript-1' >> data/conf/clamav/whitelist.ign2 Then restart the clamd-mailcow service container in the mailcow UI or using docker-compose: docker-compose restart clamd-mailcow Cleanup cached ClamAV results in Redis: # docker-compose exec redis-mailcow /bin/sh /data # redis-cli KEYS rs_cl* | xargs redis-cli DEL /data # exit","title":"Whitelist specific ClamAV signatures"},{"location":"manual-guides/Rspamd/u_e-rspamd/#discard-instead-of-reject","text":"If you want to silently drop a message, create or edit the file data/conf/rspamd/override.d/worker-proxy.custom.inc and add the following content: discard_on_reject = true; Restart Rspamd: docker-compose restart rspamd-mailcow","title":"Discard instead of reject"},{"location":"manual-guides/Rspamd/u_e-rspamd/#wipe-all-ratelimit-keys","text":"If you don't want to use the UI and instead wipe all keys in the Redis database, you can use redis-cli for that task: docker-compose exec redis-mailcow sh # Unlink (available in Redis >=4.) will delete in the backgronud redis-cli --scan --pattern RL* | xargs redis-cli unlink Restart Rspamd: docker-compose exec redis-mailcow sh","title":"Wipe all ratelimit keys"},{"location":"manual-guides/Rspamd/u_e-rspamd/#trigger-a-resend-of-quarantine-notifications","text":"Should be used for debugging only! docker-compose exec dovecot-mailcow bash mysql -umailcow -p$DBPASS mailcow -e \"update quarantine set notified = 0;\" redis-cli -h redis DEL Q_LAST_NOTIFIED quarantine_notify.py","title":"Trigger a resend of quarantine notifications"},{"location":"manual-guides/Rspamd/u_e-rspamd/#increase-history-retention","text":"By default Rspamd keeps 1000 elements in the history. The history is stored compressed. It is recommended not to use a disproportionate high value here, try something along 5000 or 10000 and see how your server handles it: Edit data/conf/rspamd/local.d/history_redis.conf : nrows = 1000; # change this value Restart Rspamd afterwards: docker-compose restart rspamd-mailcow","title":"Increase history retention"},{"location":"manual-guides/SOGo/u_e-sogo/","text":"SOGo is used for accessing your mails via a webbrowser, adding and sharing your contacts or calendars. For a more in-depth documentation on SOGo please visit its own documentation . Apply custom SOGo theme \u00b6 mailcow builds after 28 January 2021 can change SOGo's theme by editing data/conf/sogo/custom-theme.js . Please check the AngularJS Material intro and documentation as well as the material style guideline to learn how this works. You can use the provided custom-theme.js as an example starting point by removing the comments. After you modified data/conf/sogo/custom-theme.js and made changes to your new SOGo theme you need to edit data/conf/sogo/sogo.conf and append/set SOGoUIxDebugEnabled = YES; restart SOGo and Memcached containers by executing docker-compose restart memcached-mailcow sogo-mailcow . open SOGo in browser open browser developer console, usually shortcut is F12 only if you use Firefox: write by hands in dev console allow pasting and press enter paste java script snipet in dev console: copy([].slice.call(document.styleSheets) .map(e => e.ownerNode) .filter(e => e.hasAttribute('md-theme-style')) .map(e => e.textContent) .join('\\n') ) open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it copy CSS file to mailcow server data/conf/sogo/custom-theme.css edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO; append/create docker-compose.override.yml with: version: '2.1' services: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker-compose up -d run docker-compose restart memcached-mailcow Reset to SOGo default theme \u00b6 checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js find in data/conf/sogo/custom-theme.js : // Apply new palettes to the default theme, remap some of the hues $mdThemingProvider.theme('default') .primaryPalette('green-cow', { 'default': '400', // background color of top toolbars 'hue-1': '400', 'hue-2': '600', // background color of sidebar toolbar 'hue-3': 'A700' }) .accentPalette('green', { 'default': '600', // background color of fab buttons and login screen 'hue-1': '300', // background color of center list toolbar 'hue-2': '300', // highlight color for selected mail and current day calendar 'hue-3': 'A700' }) .backgroundPalette('frost-grey'); and replace it with: $mdThemingProvider.theme('default'); remove from docker-compose.override.yml volume mount in sogo-mailcow : - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker-compose up -d run docker-compose restart memcached-mailcow Change favicon \u00b6 mailcow builds after 31 January 2021 can change SOGo's favicon by replacing data/conf/sogo/custom-favicon.ico for SOGo and data/web/favicon.png for mailcow UI. Note : You can use .png favicons for SOGo by renaming them to custom-favicon.ico . For both SOGo and mailcow UI favicons you need use one of the standard dimensions: 16x16, 32x32, 64x64, 128x128 and 256x256. After you replaced said file you need to restart SOGo and Memcached containers by executing docker-compose restart memcached-mailcow sogo-mailcow . Change logo \u00b6 mailcow builds after 21 December 2018 can change SOGo's logo by replacing or creating (if missing) data/conf/sogo/sogo-full.svg . After you replaced said file you need to restart SOGo and Memcached containers by executing docker-compose restart memcached-mailcow sogo-mailcow . Connect domains \u00b6 Domains are usually isolated from eachother. You can change that by modifying data/conf/sogo/sogo.conf : Search... // SOGoDomainsVisibility = ( // (domain1.tld, domain5.tld), // (domain3.tld, domain2.tld) // ); ...and replace it by - for example: SOGoDomainsVisibility = ( (example.org, example.com, example.net) ); Restart SOGo: docker-compose restart sogo-mailcow Disable password changing \u00b6 Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO . Please do not add a new parameter. Run docker-compose restart memcached-mailcow sogo-mailcow to activate the changes. Reset TOTP / Disable TOTP \u00b6 Run docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@domain.tld SOGoTOTPEnabled '{\"SOGoTOTPEnabled\":0}' from within the mailcow directory.","title":"SOGo"},{"location":"manual-guides/SOGo/u_e-sogo/#apply-custom-sogo-theme","text":"mailcow builds after 28 January 2021 can change SOGo's theme by editing data/conf/sogo/custom-theme.js . Please check the AngularJS Material intro and documentation as well as the material style guideline to learn how this works. You can use the provided custom-theme.js as an example starting point by removing the comments. After you modified data/conf/sogo/custom-theme.js and made changes to your new SOGo theme you need to edit data/conf/sogo/sogo.conf and append/set SOGoUIxDebugEnabled = YES; restart SOGo and Memcached containers by executing docker-compose restart memcached-mailcow sogo-mailcow . open SOGo in browser open browser developer console, usually shortcut is F12 only if you use Firefox: write by hands in dev console allow pasting and press enter paste java script snipet in dev console: copy([].slice.call(document.styleSheets) .map(e => e.ownerNode) .filter(e => e.hasAttribute('md-theme-style')) .map(e => e.textContent) .join('\\n') ) open text editor and paste data from clipboard (Ctrl+V), you should get minified CSS, save it copy CSS file to mailcow server data/conf/sogo/custom-theme.css edit data/conf/sogo/sogo.conf and set SOGoUIxDebugEnabled = NO; append/create docker-compose.override.yml with: version: '2.1' services: sogo-mailcow: volumes: - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker-compose up -d run docker-compose restart memcached-mailcow","title":"Apply custom SOGo theme"},{"location":"manual-guides/SOGo/u_e-sogo/#reset-to-sogo-default-theme","text":"checkout data/conf/sogo/custom-theme.js by executing git fetch ; git checkout origin/master data/conf/sogo/custom-theme.js data/conf/sogo/custom-theme.js find in data/conf/sogo/custom-theme.js : // Apply new palettes to the default theme, remap some of the hues $mdThemingProvider.theme('default') .primaryPalette('green-cow', { 'default': '400', // background color of top toolbars 'hue-1': '400', 'hue-2': '600', // background color of sidebar toolbar 'hue-3': 'A700' }) .accentPalette('green', { 'default': '600', // background color of fab buttons and login screen 'hue-1': '300', // background color of center list toolbar 'hue-2': '300', // highlight color for selected mail and current day calendar 'hue-3': 'A700' }) .backgroundPalette('frost-grey'); and replace it with: $mdThemingProvider.theme('default'); remove from docker-compose.override.yml volume mount in sogo-mailcow : - ./data/conf/sogo/custom-theme.css:/usr/lib/GNUstep/SOGo/WebServerResources/css/theme-default.css:z run docker-compose up -d run docker-compose restart memcached-mailcow","title":"Reset to SOGo default theme"},{"location":"manual-guides/SOGo/u_e-sogo/#change-favicon","text":"mailcow builds after 31 January 2021 can change SOGo's favicon by replacing data/conf/sogo/custom-favicon.ico for SOGo and data/web/favicon.png for mailcow UI. Note : You can use .png favicons for SOGo by renaming them to custom-favicon.ico . For both SOGo and mailcow UI favicons you need use one of the standard dimensions: 16x16, 32x32, 64x64, 128x128 and 256x256. After you replaced said file you need to restart SOGo and Memcached containers by executing docker-compose restart memcached-mailcow sogo-mailcow .","title":"Change favicon"},{"location":"manual-guides/SOGo/u_e-sogo/#change-logo","text":"mailcow builds after 21 December 2018 can change SOGo's logo by replacing or creating (if missing) data/conf/sogo/sogo-full.svg . After you replaced said file you need to restart SOGo and Memcached containers by executing docker-compose restart memcached-mailcow sogo-mailcow .","title":"Change logo"},{"location":"manual-guides/SOGo/u_e-sogo/#connect-domains","text":"Domains are usually isolated from eachother. You can change that by modifying data/conf/sogo/sogo.conf : Search... // SOGoDomainsVisibility = ( // (domain1.tld, domain5.tld), // (domain3.tld, domain2.tld) // ); ...and replace it by - for example: SOGoDomainsVisibility = ( (example.org, example.com, example.net) ); Restart SOGo: docker-compose restart sogo-mailcow","title":"Connect domains"},{"location":"manual-guides/SOGo/u_e-sogo/#disable-password-changing","text":"Edit data/conf/sogo/sogo.conf and change SOGoPasswordChangeEnabled to NO . Please do not add a new parameter. Run docker-compose restart memcached-mailcow sogo-mailcow to activate the changes.","title":"Disable password changing"},{"location":"manual-guides/SOGo/u_e-sogo/#reset-totp-disable-totp","text":"Run docker-compose exec -u sogo sogo-mailcow sogo-tool user-preferences set defaults user@domain.tld SOGoTOTPEnabled '{\"SOGoTOTPEnabled\":0}' from within the mailcow directory.","title":"Reset TOTP / Disable TOTP"},{"location":"manual-guides/Unbound/u_e-unbound-fwd/","text":"If you want or have to use an external DNS service, you can either set a forwarder in Unbound or copy an override file to define external DNS servers: !!! warning Please do not use a public resolver like we did in the example above. Many - if not all - blacklist lookups will fail with public resolvers, because blacklist server has limits on how much requests can be done from one IP and public resolvers usually reach this limits. Important : Only DNSSEC validating DNS services will work. Method A, Unbound \u00b6 Edit data/conf/unbound/unbound.conf and append the following parameters: forward-zone: name: \".\" forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE Restart Unbound: docker-compose restart unbound-mailcow Method B, Override file \u00b6 cd /opt/mailcow-dockerized cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml . Edit docker-compose.override.yml and adjust the IP. Run docker-compose down ; docker-compose up -d .","title":"Using an external DNS service"},{"location":"manual-guides/Unbound/u_e-unbound-fwd/#method-a-unbound","text":"Edit data/conf/unbound/unbound.conf and append the following parameters: forward-zone: name: \".\" forward-addr: 8.8.8.8 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE forward-addr: 8.8.4.4 # DO NOT USE PUBLIC DNS SERVERS - JUST AN EXAMPLE Restart Unbound: docker-compose restart unbound-mailcow","title":"Method A, Unbound"},{"location":"manual-guides/Unbound/u_e-unbound-fwd/#method-b-override-file","text":"cd /opt/mailcow-dockerized cp helper-scripts/docker-compose.override.yml.d/EXTERNAL_DNS/docker-compose.override.yml . Edit docker-compose.override.yml and adjust the IP. Run docker-compose down ; docker-compose up -d .","title":"Method B, Override file"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/","text":"Watchdog uses default values for all thresholds defined in docker-compose.yml . The default values will work for most setups. Example: - NGINX_THRESHOLD=${NGINX_THRESHOLD:-5} - UNBOUND_THRESHOLD=${UNBOUND_THRESHOLD:-5} - REDIS_THRESHOLD=${REDIS_THRESHOLD:-5} - MYSQL_THRESHOLD=${MYSQL_THRESHOLD:-5} - MYSQL_REPLICATION_THRESHOLD=${MYSQL_REPLICATION_THRESHOLD:-1} - SOGO_THRESHOLD=${SOGO_THRESHOLD:-3} - POSTFIX_THRESHOLD=${POSTFIX_THRESHOLD:-8} - CLAMD_THRESHOLD=${CLAMD_THRESHOLD:-15} - DOVECOT_THRESHOLD=${DOVECOT_THRESHOLD:-12} - DOVECOT_REPL_THRESHOLD=${DOVECOT_REPL_THRESHOLD:-20} - PHPFPM_THRESHOLD=${PHPFPM_THRESHOLD:-5} - RATELIMIT_THRESHOLD=${RATELIMIT_THRESHOLD:-1} - FAIL2BAN_THRESHOLD=${FAIL2BAN_THRESHOLD:-1} - ACME_THRESHOLD=${ACME_THRESHOLD:-1} - RSPAMD_THRESHOLD=${RSPAMD_THRESHOLD:-5} - OLEFY_THRESHOLD=${OLEFY_THRESHOLD:-5} - MAILQ_THRESHOLD=${MAILQ_THRESHOLD:-20} - MAILQ_CRIT=${MAILQ_CRIT:-30} To adjust them just add necessary threshold variables (e.g. MAILQ_THRESHOLD=10 ) to mailcow.conf and run docker-compose up -d . Thresholds descriptions \u00b6 NGINX_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to Nginx on port 8081 and it will restart the container automatically when issues were found and the threshold has been reached. UNBOUND_THRESHOLD \u00b6 Notifies administrators if Unbound can not resolve/valide external domains/DNSSEC and it will restart the container automatically when issues were found and the threshold has been reached. REDIS_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to Redis on port 6379 and it will restart the container automatically when issues were found and the threshold has been reached. MYSQL_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to MySQL or can not query a table and it will restart the container automatically when issues were found and the threshold has been reached. MYSQL_REPLICATION_THRESHOLD \u00b6 Notifies administrators if the MySQL replication fails. SOGO_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to SOGo on port 20000 and it will restart the container automatically when issues were found and the threshold has been reached. POSTFIX_THRESHOLD \u00b6 Notifies administrators if watchdog can not sent a test mail via port 589 and it will restart the container automatically when issues were found and the threshold has been reached. CLAMD_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to Clamd and it will restart the container automatically when issues were found and the threshold has been reached. DOVECOT_THRESHOLD \u00b6 Notifies administrators if watchdog fails with various tests with Dovecot container and it will restart the container automatically when issues were found and the threshold has been reached. DOVECOT_REPL_THRESHOLD \u00b6 Notifies administrators if the Dovecot replication fails. PHPFPM_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to PHP-FPM on port 9001/9002 and it will restart the container automatically when issues were found and the threshold has been reached. RATELIMIT_THRESHOLD \u00b6 Notifies administrators if a ratelimit got hit. FAIL2BAN_THRESHOLD \u00b6 Notifies administrators if a fail2ban banned an IP. ACME_THRESHOLD \u00b6 Notifies administrators if something is wrong with the acme-mailcow container. You may check its logs. RSPAMD_THRESHOLD \u00b6 Notifies administrators if watchdog fails with various tests with Rspamd container and it will restart the container automatically when issues were found and the threshold has been reached. OLEFY_THRESHOLD \u00b6 Notifies administrators if watchdog can not establish a connection to olefy on port 10005 and it will restart the container automatically when issues were found and the threshold has been reached. MAILQ_CRIT and MAILQ_THRESHOLD \u00b6 Notifies administrators if number of emails in the postfix queue is greater then MAILQ_CRIT for period of MAILQ_THRESHOLD * (60\u00b130) seconds.","title":"Thresholds"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#thresholds-descriptions","text":"","title":"Thresholds descriptions"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#nginx_threshold","text":"Notifies administrators if watchdog can not establish a connection to Nginx on port 8081 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"NGINX_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#unbound_threshold","text":"Notifies administrators if Unbound can not resolve/valide external domains/DNSSEC and it will restart the container automatically when issues were found and the threshold has been reached.","title":"UNBOUND_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#redis_threshold","text":"Notifies administrators if watchdog can not establish a connection to Redis on port 6379 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"REDIS_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#mysql_threshold","text":"Notifies administrators if watchdog can not establish a connection to MySQL or can not query a table and it will restart the container automatically when issues were found and the threshold has been reached.","title":"MYSQL_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#mysql_replication_threshold","text":"Notifies administrators if the MySQL replication fails.","title":"MYSQL_REPLICATION_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#sogo_threshold","text":"Notifies administrators if watchdog can not establish a connection to SOGo on port 20000 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"SOGO_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#postfix_threshold","text":"Notifies administrators if watchdog can not sent a test mail via port 589 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"POSTFIX_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#clamd_threshold","text":"Notifies administrators if watchdog can not establish a connection to Clamd and it will restart the container automatically when issues were found and the threshold has been reached.","title":"CLAMD_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#dovecot_threshold","text":"Notifies administrators if watchdog fails with various tests with Dovecot container and it will restart the container automatically when issues were found and the threshold has been reached.","title":"DOVECOT_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#dovecot_repl_threshold","text":"Notifies administrators if the Dovecot replication fails.","title":"DOVECOT_REPL_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#phpfpm_threshold","text":"Notifies administrators if watchdog can not establish a connection to PHP-FPM on port 9001/9002 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"PHPFPM_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#ratelimit_threshold","text":"Notifies administrators if a ratelimit got hit.","title":"RATELIMIT_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#fail2ban_threshold","text":"Notifies administrators if a fail2ban banned an IP.","title":"FAIL2BAN_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#acme_threshold","text":"Notifies administrators if something is wrong with the acme-mailcow container. You may check its logs.","title":"ACME_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#rspamd_threshold","text":"Notifies administrators if watchdog fails with various tests with Rspamd container and it will restart the container automatically when issues were found and the threshold has been reached.","title":"RSPAMD_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#olefy_threshold","text":"Notifies administrators if watchdog can not establish a connection to olefy on port 10005 and it will restart the container automatically when issues were found and the threshold has been reached.","title":"OLEFY_THRESHOLD"},{"location":"manual-guides/Watchdog/u_e-watchdog-thresholds/#mailq_crit-and-mailq_threshold","text":"Notifies administrators if number of emails in the postfix queue is greater then MAILQ_CRIT for period of MAILQ_THRESHOLD * (60\u00b130) seconds.","title":"MAILQ_CRIT and MAILQ_THRESHOLD"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-bl_wl/","text":"To add or edit an entry to your domain-wide filter table, log in to your mailcow UI as (domain) administrator and go to: Configuration > Email Setup > Domains > Edit Domain > Spam Filter . Info Be aware that a user can override this setting by setting their own blacklist and whitelist! There is also a global filter table in Configuration > Configuration & Details > Global filter maps to configure a server wide filter for multiple regex maps (todo: screenshots).","title":"Blacklist / Whitelist"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-config/","text":"Several configuration parameters of the mailcow UI can be changed by creating a file data/web/inc/vars.local.inc.php which overrides defaults settings found in data/web/inc/vars.inc.php . The local configuration file is persistent over updates of mailcow. Try not to change values inside data/web/inc/vars.inc.php , but use them as template for the local override. mailcow UI configuration parameters can be used to... ...change the default language 1 ...change the default bootstrap theme ...set a password complexity regex ...enable DKIM private key visibility ...set a pagination trigger size ...set default mailbox attributes ...change session lifetimes ...create fixed app menus (which cannot be changed in mailcow UI) ...set a default \"To\" field for relayhost tests ...set a timeout for Docker API requests ...toggle IP anonymization To change SOGos default language, you will need to edit data/conf/sogo/sogo.conf and replace \"English\" by your preferred language. \u21a9","title":"Configuration"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-css/","text":"For custom overrides of specific elements via CSS, use data/web/css/build/0081-custom-mailcow.css . The file is excluded from tracking and persists over updates.","title":"CSS overrides"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/","text":"How is UV handled in mailcow? \u00b6 The UV flag (as in \"user verification\") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey). Login and key processing \u00b6 mailcow uses client-side key processing . We ask the authenticator (i.e. YubiKey) to save the registration in its memory. A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the \"key login\" via mailcow UI login. When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory. Who can use WebAuthn to login to mailcow? \u00b6 As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2. You want to use WebAuthn/Fido as 2FA? Check it out here: Two-Factor Authentication","title":"WebAuthn / FIDO2"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#how-is-uv-handled-in-mailcow","text":"The UV flag (as in \"user verification\") enforces WebAuthn to verify the user before it allows access to the key (think of a PIN). We don't enforce UV to allow logins via iOS and NFC (YubiKey).","title":"How is UV handled in mailcow?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#login-and-key-processing","text":"mailcow uses client-side key processing . We ask the authenticator (i.e. YubiKey) to save the registration in its memory. A user does not need to enter a username. The available credentials - if any - will be shown to the user when selecting the \"key login\" via mailcow UI login. When calling the login process, the authenticator is not given any credential IDs. This will force it to lookup credentials in its own memory.","title":"Login and key processing"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-fido/#who-can-use-webauthn-to-login-to-mailcow","text":"As of today, only administrators and domain administrators are able to setup WebAuthn/FIDO2. You want to use WebAuthn/Fido as 2FA? Check it out here: Two-Factor Authentication","title":"Who can use WebAuthn to login to mailcow?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-pushover/","text":"Info Pushover makes it easy to get real-time notifications on your Android, iPhone, iPad, and Desktop You can use Pushover to get a push notification on every mail you receive for each mailbox where you enabled this feature. 1. As admin open your mailbox' settings and scroll down to the Pushover settings 2. Register yourself on Pushover 3. Put your 'User Key' in the 'User/Group Key' field in your mailbox settings 4. Create an Applications to get the API Token/Key which you also need to put in your mailbox settings 5. Optional you can edit the notification title/text and define certain sender email addresses where a push notification is triggered 6. Save everything and then you can verify your credentials If everything is done you can test sending a mail and you will receive a push message on your phone","title":"Pushover"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-spamalias/","text":"These temporary email aliases are mostly used for places where we need to provide an email address but don't want future correspondence with. They are also called spam alias. To create, delete or extend a temporary email aliases you need to login to mailcow's UI as a mailbox user and navigate to the tab Temporary email aliases :","title":"Temporary email aliases"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-spamfilter/","text":"A mailbox user may adjust the spam filter and black- / whitelist settings for his mailbox individually by navigating to the Spam filter tab in the users mailcow UI. Info For global adjustments on your spam filter please check our section on Rspamd . For a domain wide black- and whitelist please check our guide on Black / Whitelist","title":"Spamfilter"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/","text":"Mailbox users can tag their mail address like in me+facebook@example.org . They can control the tag handling in the users mailcow UI panel under Mailbox > Settings . Tagging is also known as 'sub-addressing' (RFC 5233) or 'plus addressing' Available Actions \u00b6 1. Move this message to a sub folder \"facebook\" (will be created lower case if not existing) 2. Prepend the tag to the subject: \"[facebook] Subject\" Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after index e047136e..933c4137 100644 --- a/data/conf/dovecot/global_sieve_after +++ b/data/conf/dovecot/global_sieve_after @@ -15,7 +15,7 @@ if allof ( envelope :detail :matches \"to\" \"*\", header :contains \"X-Moo-Tag\" \"YES\" ) { - set :lower :upperfirst \"tag\" \"${1}\"; + set \"tag\" \"${1}\"; if mailboxexists \"INBOX/${1}\" { fileinto \"INBOX/${1}\"; } else {","title":"Tagging"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tagging/#available-actions","text":"1. Move this message to a sub folder \"facebook\" (will be created lower case if not existing) 2. Prepend the tag to the subject: \"[facebook] Subject\" Please note: Uppercase tags are converted to lowercase except for the first letter. If you want to keep the tag as it is, please apply the following diff and restart mailcow: diff --git a/data/conf/dovecot/global_sieve_after b/data/conf/dovecot/global_sieve_after index e047136e..933c4137 100644 --- a/data/conf/dovecot/global_sieve_after +++ b/data/conf/dovecot/global_sieve_after @@ -15,7 +15,7 @@ if allof ( envelope :detail :matches \"to\" \"*\", header :contains \"X-Moo-Tag\" \"YES\" ) { - set :lower :upperfirst \"tag\" \"${1}\"; + set \"tag\" \"${1}\"; if mailboxexists \"INBOX/${1}\" { fileinto \"INBOX/${1}\"; } else {","title":"Available Actions"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/","text":"So far three methods for Two-Factor Authentication are implemented: WebAuthn (replacing U2F since February 2022), Yubi OTP, and TOTP For WebAuthn to work, you need an encrypted connection to the server (HTTPS) as well as a FIDO security key. Both WebAuthn and Yubi OTP work well with the fantastic Yubikey . While Yubi OTP needs an active internet connection and an API ID + key, WebAuthn will work with any Fido Security Key out of the box, but can only be used when mailcow is accessed over HTTPS. WebAuthn and Yubi OTP support multiple keys per user. As the third TFA method mailcow uses TOTP: time-based one-time passwords. Those passwords can be generated with apps like \"Google Authenticator\" after initially scanning a QR code or entering the given secret manually. As administrator you are able to temporary disable a domain administrators TFA login until they successfully logged in. The key used to login will be displayed in green, while other keys remain grey. Information on how to remove 2FA can be found here . Yubi OTP \u00b6 The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key. The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret. Example setup \u00b6 First of all, the YubiKey must be configured for use as an OTP Generator. To do this, download the YubiKey Manager from the Yubico website: here In the following you configure the YubiKey for OTP. Via the menu item Applications -> OTP and a click on the Configure button. In the following menu select Credential Type -> Yubico OTP and click on Next . Set a checkmark in the Use serial checkbox, generate a Private ID and a Secret key via the buttons. So that the YubiKey can be validated later, the checkmark in the Upload checkbox must also be set and then click on Finish . Now a new browser window will open in which you have to enter an OTP of your YubiKey at the bottom of the form (click on the field and then tap on your YubiKey). Confirm the captcha and upload the information to the Yubico server by clicking 'Upload'. The processing of the data will take a moment. After the generation was successful, you will be shown a Client ID and a Secret key , make a note of this information in a safe place. Now you can select Yubico OTP authentication from the dropdown menu in the mailcow UI on the start page under Access -> Two-factor authentication . In the dialog that opened now you can enter a name for this YubiKey and insert the Client ID you noted before as well as the Secret key into the fields provided. Finally, enter your current account password and, after selecting the Touch Yubikey field, touch your YubiKey button. Congratulations! You can now log in to the mailcow UI using your YubiKey! WebAuthn (U2F, replacement) \u00b6 Warning Since February 2022 Google Chrome has discarded support for U2F and standardized the use of WebAuthn. The WebAuthn (U2F removal) is part of mailcow since 21th January 2022, so if you want to use the Key past February 2022 please consider a update with the update.sh To use WebAuthn, the browser must support this standard. The following desktop browsers support this authentication type: Edge (>=18) Firefox (>=60) Chrome (>=67) Safari (>=13) Opera (>=54) The following mobile browsers support this authentication type: Safari on iOS (>=14.5) Android Browser (>=97) Opera Mobile (>=64) Chrome for Android (>=97) Sources: caniuse.com , blog.mozilla.org WebAuthn works without an internet connection. What will happen to my registered Fido Security Key after the Update from U2F to WebAuthn? \u00b6 Warning With this new U2F replacement (WebAuthn) you have to re-register your Fido Security Key, thankfully WebAuthn is backwards compatible and supports the U2F protocol. Ideally, the next time you log in (with the key), you should get a text box saying that your Fido Security Key has been removed due to the update to WebAuthn and deleted as a 2-factor authenticator. But don't worry! You can simply re-register your existing key and use it as usual, you probably won't even notice a difference, except that your browser won't show the U2F deactivation message anymore. Disable unofficial supported Fido Security Keys \u00b6 With WebAuthn there is the possibility to use only official Fido Security Keys (from the big brands like: Yubico, Apple, Nitro, Google, Huawei, Microsoft, etc.). This is primarily for security purposes, as it allows administrators to ensure that only official hardware can be used in their environment. To enable this feature, change the value WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf from n to y and restart the affected containers with docker-compose up -d . The mailcow will now use the Vendor Certificates located in your mailcow directory under data/web/inc/lib/WebAuthn/rootCertificates . Example: \u00b6 If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the data/web/inc/lib/WebAuthn/rootCertificates . After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices. That\u00b4s for every vendor the same, so choose what you like (if you want to). Use own certificates for WebAuthn \u00b6 If you have a valid certificate from the vendor of your key you can also add it to your mailcow! Just copy the certificate into the data/web/inc/lib/WebAuthn/rootCertificates folder and restart your mailcow. Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually. Is it dangerous to keep the Vendor Check disabled? \u00b6 No, it isn\u00b4t! These vendor certificates are only used to verify original hardware, not to secure the registration process. As you can read in these articles, the deactivation is not software security related: - https://developers.yubico.com/U2F/Attestation_and_Metadata/ - https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 - https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01 In the end, however, it is of course your decision to leave this check disabled or enabled. TOTP \u00b6 The best known TFA method mostly used with a smartphone. To setup the TOTP method login to the Admin UI and select Time-based OTP (TOTP) from the list. Now a modal will open in which you have to type in a name for your 2FA \"device\" (example: John Deer\u00b4s Smartphone) and the password of the affected Admin account (you are currently logged in with). You have two seperate methods to register TOTP to your account: 1. Scan the QR-Code with your Authenticator App on a Smartphone or Tablet. 2. Use the TOTP Code (under the QR Code) in your TOTP Program or App (if you can\u00b4t scan a QR Code). After you have registered the QR or TOTP code in the TOTP app/program of your choice you only need to enter the now generated TOTP token (in the app/program) as confirmation in the mailcow UI to finally activate the TOTP 2FA, otherwise it will not be activated even though the TOTP token is already generated in your app/program.","title":"Two-Factor Authentication"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#yubi-otp","text":"The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key. The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.","title":"Yubi OTP"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#example-setup","text":"First of all, the YubiKey must be configured for use as an OTP Generator. To do this, download the YubiKey Manager from the Yubico website: here In the following you configure the YubiKey for OTP. Via the menu item Applications -> OTP and a click on the Configure button. In the following menu select Credential Type -> Yubico OTP and click on Next . Set a checkmark in the Use serial checkbox, generate a Private ID and a Secret key via the buttons. So that the YubiKey can be validated later, the checkmark in the Upload checkbox must also be set and then click on Finish . Now a new browser window will open in which you have to enter an OTP of your YubiKey at the bottom of the form (click on the field and then tap on your YubiKey). Confirm the captcha and upload the information to the Yubico server by clicking 'Upload'. The processing of the data will take a moment. After the generation was successful, you will be shown a Client ID and a Secret key , make a note of this information in a safe place. Now you can select Yubico OTP authentication from the dropdown menu in the mailcow UI on the start page under Access -> Two-factor authentication . In the dialog that opened now you can enter a name for this YubiKey and insert the Client ID you noted before as well as the Secret key into the fields provided. Finally, enter your current account password and, after selecting the Touch Yubikey field, touch your YubiKey button. Congratulations! You can now log in to the mailcow UI using your YubiKey!","title":"Example setup"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#webauthn-u2f-replacement","text":"Warning Since February 2022 Google Chrome has discarded support for U2F and standardized the use of WebAuthn. The WebAuthn (U2F removal) is part of mailcow since 21th January 2022, so if you want to use the Key past February 2022 please consider a update with the update.sh To use WebAuthn, the browser must support this standard. The following desktop browsers support this authentication type: Edge (>=18) Firefox (>=60) Chrome (>=67) Safari (>=13) Opera (>=54) The following mobile browsers support this authentication type: Safari on iOS (>=14.5) Android Browser (>=97) Opera Mobile (>=64) Chrome for Android (>=97) Sources: caniuse.com , blog.mozilla.org WebAuthn works without an internet connection.","title":"WebAuthn (U2F, replacement)"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#what-will-happen-to-my-registered-fido-security-key-after-the-update-from-u2f-to-webauthn","text":"Warning With this new U2F replacement (WebAuthn) you have to re-register your Fido Security Key, thankfully WebAuthn is backwards compatible and supports the U2F protocol. Ideally, the next time you log in (with the key), you should get a text box saying that your Fido Security Key has been removed due to the update to WebAuthn and deleted as a 2-factor authenticator. But don't worry! You can simply re-register your existing key and use it as usual, you probably won't even notice a difference, except that your browser won't show the U2F deactivation message anymore.","title":"What will happen to my registered Fido Security Key after the Update from U2F to WebAuthn?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#disable-unofficial-supported-fido-security-keys","text":"With WebAuthn there is the possibility to use only official Fido Security Keys (from the big brands like: Yubico, Apple, Nitro, Google, Huawei, Microsoft, etc.). This is primarily for security purposes, as it allows administrators to ensure that only official hardware can be used in their environment. To enable this feature, change the value WEBAUTHN_ONLY_TRUSTED_VENDORS in mailcow.conf from n to y and restart the affected containers with docker-compose up -d . The mailcow will now use the Vendor Certificates located in your mailcow directory under data/web/inc/lib/WebAuthn/rootCertificates .","title":"Disable unofficial supported Fido Security Keys"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#example","text":"If you want to limit the official Vendor devices to Apple only you only need the Apple Vendor Certificate inside the data/web/inc/lib/WebAuthn/rootCertificates . After you deleted all other certs you now only can activate WebAuthn 2FA with Apple devices. That\u00b4s for every vendor the same, so choose what you like (if you want to).","title":"Example:"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#use-own-certificates-for-webauthn","text":"If you have a valid certificate from the vendor of your key you can also add it to your mailcow! Just copy the certificate into the data/web/inc/lib/WebAuthn/rootCertificates folder and restart your mailcow. Now you should be able to register this device as well, even though the verification for the vendor certificates is enabled, since you just added the certificate manually.","title":"Use own certificates for WebAuthn"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#is-it-dangerous-to-keep-the-vendor-check-disabled","text":"No, it isn\u00b4t! These vendor certificates are only used to verify original hardware, not to secure the registration process. As you can read in these articles, the deactivation is not software security related: - https://developers.yubico.com/U2F/Attestation_and_Metadata/ - https://medium.com/webauthnworks/webauthn-fido2-demystifying-attestation-and-mds-efc3b3cb3651 - https://medium.com/webauthnworks/sorting-fido-ctap-webauthn-terminology-7d32067c0b01 In the end, however, it is of course your decision to leave this check disabled or enabled.","title":"Is it dangerous to keep the Vendor Check disabled?"},{"location":"manual-guides/mailcow-UI/u_e-mailcow_ui-tfa/#totp","text":"The best known TFA method mostly used with a smartphone. To setup the TOTP method login to the Admin UI and select Time-based OTP (TOTP) from the list. Now a modal will open in which you have to type in a name for your 2FA \"device\" (example: John Deer\u00b4s Smartphone) and the password of the affected Admin account (you are currently logged in with). You have two seperate methods to register TOTP to your account: 1. Scan the QR-Code with your Authenticator App on a Smartphone or Tablet. 2. Use the TOTP Code (under the QR Code) in your TOTP Program or App (if you can\u00b4t scan a QR Code). After you have registered the QR or TOTP code in the TOTP app/program of your choice you only need to enter the now generated TOTP token (in the app/program) as confirmation in the mailcow UI to finally activate the TOTP 2FA, otherwise it will not be activated even though the TOTP token is already generated in your app/program.","title":"TOTP"},{"location":"models/model-acl/","text":"Editing a domain administrator or a mailbox user allows to set restrictions to that account. Important : For overlapping modules like sync jobs, which both domain administrators and mailbox users can be granted access to, the domain administrators permissions are inherited, when logging in as mailbox user. Some examples: 1. A domain administror has not access to sync jobs but can login as mailbox user When logging in as mailbox user, he does not gain access to sync jobs, even if the given mailbox user has access when logging in directly 2. A domain administror has access to sync jobs and can login as mailbox user The mailbox user he tries to login as has not access to sync jobs The domain administrator, now logged in as mailbox user, inherits its permission to the mailbox user and can access sync jobs 3. A domain administrator logs in as mailbox user Every permission, that does not exist in a domain administrators ACL, is automatically granted (example: time-limited alias, TLS policy etc.)","title":"ACL"},{"location":"models/model-passwd/","text":"Fully supported hashing methods \u00b6 The most current mailcow fully supports the following hashing methods. The default hashing method is written in bold: BLF-CRYPT SSHA SSHA256 SSHA512 The methods above can be used in mailcow.conf as MAILCOW_PASS_SCHEME value. Read-only hashing methods \u00b6 The following methods are supported read only . If you plan to use SOGo (as per default), you need a SOGo compatible hashing method. Please see the note at the bottom of this page how to update the view if necessary. With SOGo disabled, all hashing methods below will be able to be read by mailcow and Dovecot. ARGON2I (SOGo compatible) ARGON2ID (SOGo compatible) CLEAR CLEARTEXT CRYPT (SOGo compatible) DES-CRYPT LDAP-MD5 (SOGo compatible) MD5 (SOGo compatible) MD5-CRYPT (SOGo compatible) PBKDF2 (SOGo compatible) PLAIN (SOGo compatible) PLAIN-MD4 PLAIN-MD5 PLAIN-TRUNC SHA (SOGo compatible) SHA1 (SOGo compatible) SHA256 (SOGo compatible) SHA256-CRYPT (SOGo compatible) SHA512 (SOGo compatible) SHA512-CRYPT (SOGo compatible) SMD5 (SOGo compatible) That means mailcow is able to verify users with a hash like {MD5}1a1dc91c907325c69271ddf0c944bc72 from the database. The value of MAILCOW_PASS_SCHEME will always be used to encrypt new passwords. I changed the password hashes in the \"mailbox\" SQL table and cannot login. A \"view\" needs to be updated. You can trigger this by restarting sogo-mailcow: docker-compose restart sogo-mailcow","title":"Password hashing"},{"location":"models/model-passwd/#fully-supported-hashing-methods","text":"The most current mailcow fully supports the following hashing methods. The default hashing method is written in bold: BLF-CRYPT SSHA SSHA256 SSHA512 The methods above can be used in mailcow.conf as MAILCOW_PASS_SCHEME value.","title":"Fully supported hashing methods"},{"location":"models/model-passwd/#read-only-hashing-methods","text":"The following methods are supported read only . If you plan to use SOGo (as per default), you need a SOGo compatible hashing method. Please see the note at the bottom of this page how to update the view if necessary. With SOGo disabled, all hashing methods below will be able to be read by mailcow and Dovecot. ARGON2I (SOGo compatible) ARGON2ID (SOGo compatible) CLEAR CLEARTEXT CRYPT (SOGo compatible) DES-CRYPT LDAP-MD5 (SOGo compatible) MD5 (SOGo compatible) MD5-CRYPT (SOGo compatible) PBKDF2 (SOGo compatible) PLAIN (SOGo compatible) PLAIN-MD4 PLAIN-MD5 PLAIN-TRUNC SHA (SOGo compatible) SHA1 (SOGo compatible) SHA256 (SOGo compatible) SHA256-CRYPT (SOGo compatible) SHA512 (SOGo compatible) SHA512-CRYPT (SOGo compatible) SMD5 (SOGo compatible) That means mailcow is able to verify users with a hash like {MD5}1a1dc91c907325c69271ddf0c944bc72 from the database. The value of MAILCOW_PASS_SCHEME will always be used to encrypt new passwords. I changed the password hashes in the \"mailbox\" SQL table and cannot login. A \"view\" needs to be updated. You can trigger this by restarting sogo-mailcow: docker-compose restart sogo-mailcow","title":"Read-only hashing methods"},{"location":"models/model-sender_rcv/","text":"When a mailbox is created, a user is allowed to send mail from and receive mail for his own mailbox address. Mailbox me@example.org is created. example.org is a primary domain. Note: a mailbox cannot be created in an alias domain. me@example.org is only known as me@example.org. me@example.org is allowed to send as me@example.org. We can add an alias domain for example.org: Alias domain alias.com is added and assigned to primary domain example.org. me@example.org is now known as me@example.org and me@alias.com. me@example.org is now allowed to send as me@example.org and me@alias.com. We can add aliases for a mailbox to receive mail for and to send from this new address. It is important to know, that you are not able to receive mail for my-alias@my-alias-domain.tld . You would need to create this particular alias. me@example.org is assigned the alias alias@example.org me@example.org is now known as me@example.org, me@alias.com, alias@example.org me@example.org is NOT known as alias@alias.com. Please note that this does not apply to catch-all aliases: Alias domain alias.com is added and assigned to primary domain example.org me@example.org is assigned the catch-all alias @example.org me@example.org is still just known as me@example.org, which is the only available send-as option Any email send to alias.com will match the catch-all alias for example.org Administrators and domain administrators can edit mailboxes to allow specific users to send as other mailbox users (\"delegate\" them). You can choose between mailbox users or completely disable the sender check for domains. SOGo \"mail from\" addresses \u00b6 Mailbox users can, obviously, select their own mailbox address, as well as all alias addresses and aliases that exist through alias domains. If you want to select another existing mailbox user as your \"mail from\" address, this user has to delegate you access through SOGo (see SOGo documentation). Moreover a mailcow (domain) administrator needs to grant you access as described above.","title":"Sender and receiver model"},{"location":"models/model-sender_rcv/#sogo-mail-from-addresses","text":"Mailbox users can, obviously, select their own mailbox address, as well as all alias addresses and aliases that exist through alias domains. If you want to select another existing mailbox user as your \"mail from\" address, this user has to delegate you access through SOGo (see SOGo documentation). Moreover a mailcow (domain) administrator needs to grant you access as described above.","title":"SOGo \"mail from\" addresses"},{"location":"post_installation/firststeps-disable_ipv6/","text":"This is ONLY recommended if you do not have an IPv6 enabled network on your host! If you really need to, you can disable the usage of IPv6 in the compose file. Additionally, you can also disable the startup of container \"ipv6nat-mailcow\", as it's not needed if you won't use IPv6. Instead of editing docker-compose.yml directly, it is preferable to create an override file for it and implement your changes to the service there. Unfortunately, this right now only seems to work for services, not for network settings. To disable IPv6 on the mailcow network, open docker-compose.yml with your favourite text editor and search for the network section (it's near the bottom of the file). 1. Modify docker-compose.yml Change enable_ipv6: true to enable_ipv6: false : networks: mailcow-network: [...] enable_ipv6: true # <<< set to false [...] 2. Disable ipv6nat-mailcow To disable the ipv6nat-mailcow container as well, go to your mailcow directory and create a new file called \"docker-compose.override.yml\": NOTE: If you already have an override file, of course don't recreate it, but merge the lines below into your existing one accordingly! # cd /opt/mailcow-dockerized # touch docker-compose.override.yml Open the file in your favourite text editor and fill in the following: version: '2.1' services: ipv6nat-mailcow: image: bash:latest restart: \"no\" entrypoint: [\"echo\", \"ipv6nat disabled in compose.override.yml\"] For these changes to be effective, you need to fully stop and then restart the stack, so containers and networks are recreated: docker-compose down docker-compose up -d 3. Disable IPv6 in unbound-mailcow Edit data/conf/unbound/unbound.conf and set do-ip6 to \"no\": server: [...] do-ip6: no [...] Restart Unbound: docker-compose restart unbound-mailcow 4. Disable IPv6 in postfix-mailcow Create data/conf/postfix/extra.cf and set smtp_address_preference to ipv4 : smtp_address_preference = ipv4 inet_protocols = ipv4 Restart Postfix: docker-compose restart postfix-mailcow","title":"Disable IPv6"},{"location":"post_installation/firststeps-dmarc_reporting/","text":"DMARC Reporting done via Rspamd DMARC Module. Rspamd documentation can be found here: https://rspamd.com/doc/modules/dmarc.html Important: Change example.com , mail.example.com and Example to reflect your setup DMARC reporting requires additional attention, especially over the first few days All receiving domains hosted on mailcow send from one reporting domain. It is recommended to use the parent domain of your MAILCOW_HOSTNAME : If your MAILCOW_HOSTNAME is mail.example.com change the following config to domain = \"example.com\"; Set email equally, e.g. email = \"noreply-dmarc@example.com\"; It is optional but recommended to create an email user noreply-dmarc in mailcow to handle bounces. Enable DMARC reporting \u00b6 Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content: reporting { enabled = true; email = 'noreply-dmarc@example.com'; domain = 'example.com'; org_name = 'Example'; helo = 'rspamd'; smtp = 'postfix'; smtp_port = 25; from_name = 'Example DMARC Report'; msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; } Create or modify docker-compose.override.yml in the mailcow-dockerized base directory: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting.schedule: \"@every 24h\" ofelia.job-exec.rspamd_dmarc_reporting.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Run docker-compose up -d Send a copy reports to yourself \u00b6 To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf : reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = [\"noreply-dmarc@example.com\",\"parsedmarc@example.com\"]; [...] Rspamd will load changes in real time, so you won't need to restart the container at this point. This can be useful if you... ...want to check that your DMARC reports are sent correctly and authenticated. ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems. Troubleshooting \u00b6 Check when the report schedule last ran: docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log See the latest report output: docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log Manually trigger a DMARC report: docker-compose exec rspamd-mailcow rspamadm dmarc_report Validate that Rspamd has recorded data in Redis: docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' docker-compose exec redis-mailcow redis-cli HGETALL \"dmarc;example.com;20211231\" Change DMARC reporting frequency \u00b6 In the example above reports are sent once every 24 hours. Olefia schedule has same implementation as cron in Go, supported syntax described at cron Documentation To change schedule: Edit docker-compose.override.yml and a djust ofelia.job-exec.rspamd_dmarc_reporting.schedule: \"@every 24h\" to a desired value, for example to \"@midnight\" Run docker-compose up -d Run docker-compose restart ofelia-mailcow Disable DMARC Reporting \u00b6 To disable reporting: Set enabled to false in data/conf/rspamd/local.d/dmarc.conf Revert changes done in docker-compose.override.yml to rspamd-mailcow and ofelia-mailcow Run docker-compose up -d","title":"DMARC Reporting"},{"location":"post_installation/firststeps-dmarc_reporting/#enable-dmarc-reporting","text":"Create the file data/conf/rspamd/local.d/dmarc.conf and set the following content: reporting { enabled = true; email = 'noreply-dmarc@example.com'; domain = 'example.com'; org_name = 'Example'; helo = 'rspamd'; smtp = 'postfix'; smtp_port = 25; from_name = 'Example DMARC Report'; msgid_from = 'rspamd.mail.example.com'; max_entries = 2k; keys_expire = 2d; } Create or modify docker-compose.override.yml in the mailcow-dockerized base directory: version: '2.1' services: rspamd-mailcow: environment: - MASTER=${MASTER:-y} labels: ofelia.enabled: \"true\" ofelia.job-exec.rspamd_dmarc_reporting.schedule: \"@every 24h\" ofelia.job-exec.rspamd_dmarc_reporting.command: \"/bin/bash -c \\\"[[ $${MASTER} == y ]] && /usr/bin/rspamadm dmarc_report > /var/lib/rspamd/dmarc_reports_last_log 2>&1 || exit 0\\\"\" ofelia-mailcow: depends_on: - rspamd-mailcow Run docker-compose up -d","title":"Enable DMARC reporting"},{"location":"post_installation/firststeps-dmarc_reporting/#send-a-copy-reports-to-yourself","text":"To receive a hidden copy of reports generated by Rspamd you can set a bcc_addrs list in the reporting config section of data/conf/rspamd/local.d/dmarc.conf : reporting { enabled = true; email = 'noreply-dmarc@example.com'; bcc_addrs = [\"noreply-dmarc@example.com\",\"parsedmarc@example.com\"]; [...] Rspamd will load changes in real time, so you won't need to restart the container at this point. This can be useful if you... ...want to check that your DMARC reports are sent correctly and authenticated. ...want to analyze your own reports to get statistics, i.e. to use with ParseDMARC or other analytic systems.","title":"Send a copy reports to yourself"},{"location":"post_installation/firststeps-dmarc_reporting/#troubleshooting","text":"Check when the report schedule last ran: docker-compose exec rspamd-mailcow date -r /var/lib/rspamd/dmarc_reports_last_log See the latest report output: docker-compose exec rspamd-mailcow cat /var/lib/rspamd/dmarc_reports_last_log Manually trigger a DMARC report: docker-compose exec rspamd-mailcow rspamadm dmarc_report Validate that Rspamd has recorded data in Redis: docker-compose exec redis-mailcow redis-cli KEYS 'dmarc;*' docker-compose exec redis-mailcow redis-cli HGETALL \"dmarc;example.com;20211231\"","title":"Troubleshooting"},{"location":"post_installation/firststeps-dmarc_reporting/#change-dmarc-reporting-frequency","text":"In the example above reports are sent once every 24 hours. Olefia schedule has same implementation as cron in Go, supported syntax described at cron Documentation To change schedule: Edit docker-compose.override.yml and a djust ofelia.job-exec.rspamd_dmarc_reporting.schedule: \"@every 24h\" to a desired value, for example to \"@midnight\" Run docker-compose up -d Run docker-compose restart ofelia-mailcow","title":"Change DMARC reporting frequency"},{"location":"post_installation/firststeps-dmarc_reporting/#disable-dmarc-reporting","text":"To disable reporting: Set enabled to false in data/conf/rspamd/local.d/dmarc.conf Revert changes done in docker-compose.override.yml to rspamd-mailcow and ofelia-mailcow Run docker-compose up -d","title":"Disable DMARC Reporting"},{"location":"post_installation/firststeps-ip_bindings/","text":"Warning Changing the binding does not affect source NAT. See SNAT for required steps. IPv4 binding \u00b6 To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs: # For technical reasons, http bindings are a bit different from other service bindings. # You will find the following variables, separated by a bind address and its port: # Example: HTTP_BIND=1.2.3.4 HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 HTTPS_BIND= # Other services are bound by using the following format: # SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 # Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. # doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 To apply your changes, run docker-compose down followed by docker-compose up -d . IPv6 binding \u00b6 Changing IPv6 bindings is different from IPv4. Again, this has a technical background. A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten. Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file. An imaginary IPv6 2a00:dead:beef::abc is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed. version: '2.1' services: dovecot-mailcow: ports: - '2a00:dead:beef::abc:143:143' - '2a00:dead:beef::abc:993:993' - '2a00:dead:beef::abc:110:110' - '2a00:dead:beef::abc:995:995' - '2a00:dead:beef::abc:4190:4190' postfix-mailcow: ports: - '2a00:dead:beef::abc:25:25' - '2a00:dead:beef::abc:465:465' - '2a00:dead:beef::abc:587:587' nginx-mailcow: ports: - '2a00:dead:beef::abc:80:80' - '2a00:dead:beef::abc:443:443' To apply your changes, run docker-compose down followed by docker-compose up -d .","title":"IP bindings"},{"location":"post_installation/firststeps-ip_bindings/#ipv4-binding","text":"To adjust one or multiple IPv4 bindings, open mailcow.conf and edit one, multiple or all variables as per your needs: # For technical reasons, http bindings are a bit different from other service bindings. # You will find the following variables, separated by a bind address and its port: # Example: HTTP_BIND=1.2.3.4 HTTP_PORT=80 HTTP_BIND= HTTPS_PORT=443 HTTPS_BIND= # Other services are bound by using the following format: # SMTP_PORT=1.2.3.4:25 will bind SMTP to the IP 1.2.3.4 on port 25 # Important! Specifying an IPv4 address will skip all IPv6 bindings since Docker 20.x. # doveadm, SQL as well as Solr are bound to local ports only, please do not change that, unless you know what you are doing. SMTP_PORT=25 SMTPS_PORT=465 SUBMISSION_PORT=587 IMAP_PORT=143 IMAPS_PORT=993 POP_PORT=110 POPS_PORT=995 SIEVE_PORT=4190 DOVEADM_PORT=127.0.0.1:19991 SQL_PORT=127.0.0.1:13306 SOLR_PORT=127.0.0.1:18983 To apply your changes, run docker-compose down followed by docker-compose up -d .","title":"IPv4 binding"},{"location":"post_installation/firststeps-ip_bindings/#ipv6-binding","text":"Changing IPv6 bindings is different from IPv4. Again, this has a technical background. A docker-compose.override.yml file will be used instead of editing the docker-compose.yml file directly. This is to maintain updatability, as the docker-compose.yml file gets updated regularly and your changes will most likely be overwritten. Edit to create a file docker-compose.override.yml with the following content. Its content will be merged with the productive docker-compose.yml file. An imaginary IPv6 2a00:dead:beef::abc is given. The first suffix :PORT1 defines the external port, while the second suffix :PORT2 routes to the corresponding port inside the container and must not be changed. version: '2.1' services: dovecot-mailcow: ports: - '2a00:dead:beef::abc:143:143' - '2a00:dead:beef::abc:993:993' - '2a00:dead:beef::abc:110:110' - '2a00:dead:beef::abc:995:995' - '2a00:dead:beef::abc:4190:4190' postfix-mailcow: ports: - '2a00:dead:beef::abc:25:25' - '2a00:dead:beef::abc:465:465' - '2a00:dead:beef::abc:587:587' nginx-mailcow: ports: - '2a00:dead:beef::abc:80:80' - '2a00:dead:beef::abc:443:443' To apply your changes, run docker-compose down followed by docker-compose up -d .","title":"IPv6 binding"},{"location":"post_installation/firststeps-local_mta/","text":"The easiest option would be to disable the listener on port 25/tcp. Postfix users disable the listener by commenting the following line (starting with smtp or 25 ) in /etc/postfix/master.cf : #smtp inet n - - - - smtpd Furthermore, to relay over a dockerized mailcow, you may want to add 172.22.1.1 as relayhost and remove the Docker interface from \"inet_interfaces\": postconf -e 'relayhost = 172.22.1.1' postconf -e \"mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128\" postconf -e \"inet_interfaces = loopback-only\" postconf -e \"relay_transport = relay\" postconf -e \"default_transport = smtp\" Now it is important to not have the same FQDN in myhostname as you use for your dockerized mailcow. Check your local (non-Docker) Postfix' main.cf for myhostname and set it to something different, for example local.my.fqdn.tld . \"172.22.1.1\" is the mailcow created network gateway in Docker. Relaying over this interface is necessary (instead of - for example - relaying directly over ${MAILCOW_HOSTNAME}) to relay over a known internal network. Restart Postfix after applying your changes.","title":"Local MTA on Docker host"},{"location":"post_installation/firststeps-logging/","text":"Logging in mailcow: dockerized consists of multiple stages, but is, after all, much more flexible and easier to integrate into a logging daemon than before. In Docker the containerized application (PID 1) writes its output to stdout. For real one-application containers this works just fine. Run docker-compose logs --help to learn more. Some containers log or stream to multiple destinations. No container will keep persistent logs in it. Containers are transient items! In the end, every line of logs will reach the Docker daemon - unfiltered. The default logging driver is \"json\" . Filtered logs \u00b6 Some logs are filtered and written to Redis keys but also streamed to a Redis channel. The Redis channel is used to stream logs with failed authentication attempts to be read by netfilter-mailcow. The Redis keys are persistent and will keep 10000 lines of logs for the web UI. This mechanism makes it possible to use whatever Docker logging driver you want to, without losing the ability to read logs from the UI or ban suspicious clients with netfilter-mailcow. Redis keys will only hold logs from applications and filter out system messages (think of cron etc.). Logging drivers \u00b6 Via docker-compose.override.yml \u00b6 Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease. Create a docker-compose.override.yml and add, for example, this block to use the \"gelf\" logging plugin for postfix-mailcow : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"gelf\" options: gelf-address: \"udp://graylog:12201\" Another example for Syslog : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" dovecot-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" rspamd-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" # For Rsyslog only: # To move local3 input to /var/log/mailcow.log and stop processing, create a file \"/etc/rsyslog.d/docker.conf\": local3.* /var/log/mailcow.logs & ~ # Restart rsyslog afterwards. via daemon.json (globally) \u00b6 If you want to change the logging driver globally , edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service: { ... \"log-driver\": \"gelf\", \"log-opts\": { \"gelf-address\": \"udp://graylog:12201\" } ... } For Syslog: { ... \"log-driver\": \"syslog\", \"log-opts\": { \"syslog-address\": \"udp://1.2.3.4:514\" } ... } Restart the Docker daemon and run docker-compose down && docker-compose up -d to recreate the containers with the new logging driver.","title":"Logging"},{"location":"post_installation/firststeps-logging/#filtered-logs","text":"Some logs are filtered and written to Redis keys but also streamed to a Redis channel. The Redis channel is used to stream logs with failed authentication attempts to be read by netfilter-mailcow. The Redis keys are persistent and will keep 10000 lines of logs for the web UI. This mechanism makes it possible to use whatever Docker logging driver you want to, without losing the ability to read logs from the UI or ban suspicious clients with netfilter-mailcow. Redis keys will only hold logs from applications and filter out system messages (think of cron etc.).","title":"Filtered logs"},{"location":"post_installation/firststeps-logging/#logging-drivers","text":"","title":"Logging drivers"},{"location":"post_installation/firststeps-logging/#via-docker-composeoverrideyml","text":"Here is the good news: Since Docker has some great logging drivers, you can integrate mailcow: dockerized into your existing logging environment with ease. Create a docker-compose.override.yml and add, for example, this block to use the \"gelf\" logging plugin for postfix-mailcow : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"gelf\" options: gelf-address: \"udp://graylog:12201\" Another example for Syslog : version: '2.1' services: postfix-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" dovecot-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" rspamd-mailcow: # or any other logging: driver: \"syslog\" options: syslog-address: \"udp://127.0.0.1:514\" syslog-facility: \"local3\" # For Rsyslog only: # To move local3 input to /var/log/mailcow.log and stop processing, create a file \"/etc/rsyslog.d/docker.conf\": local3.* /var/log/mailcow.logs & ~ # Restart rsyslog afterwards.","title":"Via docker-compose.override.yml"},{"location":"post_installation/firststeps-logging/#via-daemonjson-globally","text":"If you want to change the logging driver globally , edit Dockers daemon configuration file /etc/docker/daemon.json and restart the Docker service: { ... \"log-driver\": \"gelf\", \"log-opts\": { \"gelf-address\": \"udp://graylog:12201\" } ... } For Syslog: { ... \"log-driver\": \"syslog\", \"log-opts\": { \"syslog-address\": \"udp://1.2.3.4:514\" } ... } Restart the Docker daemon and run docker-compose down && docker-compose up -d to recreate the containers with the new logging driver.","title":"via daemon.json (globally)"},{"location":"post_installation/firststeps-rp/","text":"You don't need to change the Nginx site that comes with mailcow: dockerized. mailcow: dockerized trusts the default gateway IP 172.22.1.1 as proxy. 1. Make sure you change HTTP_BIND and HTTPS_BIND in mailcow.conf to a local address and set the ports accordingly, for example: HTTP_BIND = 127 .0.0.1 HTTP_PORT = 8080 HTTPS_BIND = 127 .0.0.1 HTTPS_PORT = 8443 This will also change the bindings inside the Nginx container! This is important, if you decide to use a proxy within Docker. IMPORTANT: Do not use port 8081, 9081 or 65510! Recreate affected containers by running docker-compose up -d . Important information, please read them carefully! Info If you plan to use a reverse proxy and want to use another server name that is not MAILCOW_HOSTNAME, you need to read Adding additional server names for mailcow UI at the bottom of this page. Warning Make sure you run generate_config.sh before you enable any site configuration examples below. The script generate_config.sh copies snake-oil certificates to the correct location, so the services will not fail to start due to missing files. Warning If you enable TLS SNI ( ENABLE_TLS_SNI in mailcow.conf), the certificate paths in your reverse proxy must match the correct paths in data/assets/ssl/{hostname}. The certificates will be split into data/assets/ssl/{hostname1,hostname2,etc} and therefore will not work when you copy the examples from below pointing to data/assets/ssl/cert.pem etc. Info Using the site configs below will forward ACME requests to mailcow and let it handle certificates itself. The downside of using mailcow as ACME client behind a reverse proxy is, that you will need to reload your webserver after acme-mailcow changed/renewed/created the certificate. You can either reload your webserver daily or write a script to watch the file for changes. On many servers logrotate will reload the webserver daily anyway. If you want to use a local certbot installation, you will need to change the SSL certificate parameters accordingly. Make sure you run a post-hook script when you decide to use external ACME clients. You will find an example at the bottom of this page. 2. Configure your local webserver as reverse proxy: Apache 2.4 \u00b6 Required modules: a2enmod rewrite proxy proxy_http headers ssl Let's Encrypt will follow our rewrite, certificate requests in mailcow will work fine. Take care of highlighted lines. mailcow has it's own update script in /opt/mailcow-dockerized/update.sh
, see the docs.
For Mailman just fetch the newest version from the github repository.
mailcow has an own backup script. Read the docs for further informations.
+mailcow has an own backup script. Read the docs for further informations.
Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.