Remove mentions of XMPP

Dieser Commit ist enthalten in:
MAGIC 2021-06-30 18:00:08 +02:00
Ursprung ac761b5af3
Commit bae054e799
Es konnte kein GPG-SchlĂĽssel zu dieser Signatur gefunden werden
GPG-SchlĂĽssel-ID: A40EE5665510C9D5
7 geänderte Dateien mit 4 neuen und 193 gelöschten Zeilen

Datei anzeigen

@ -1 +0,0 @@
# WIP

Datei anzeigen

@ -48,13 +48,11 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work
**Take care of highlighted lines.** **Take care of highlighted lines.**
``` apache hl_lines="2 5 6 12 13 19 22 23 26 27 28 29 34 35" ``` apache hl_lines="2 10 11 17 22 23 24 25 30 31"
<VirtualHost *:80> <VirtualHost *:80>
ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerName CHANGE_TO_MAILCOW_HOSTNAME
ServerAlias autodiscover.* ServerAlias autodiscover.*
ServerAlias autoconfig.* ServerAlias autoconfig.*
ServerAlias xmpp_prefix_if_any.domain
ServerAlias *.xmpp_prefix_if_any.domain
RewriteEngine on RewriteEngine on
RewriteCond %{HTTPS} off RewriteCond %{HTTPS} off
@ -70,8 +68,6 @@ Let's Encrypt will follow our rewrite, certificate requests in mailcow will work
ServerName CHANGE_TO_MAILCOW_HOSTNAME ServerName CHANGE_TO_MAILCOW_HOSTNAME
ServerAlias autodiscover.* ServerAlias autodiscover.*
ServerAlias autoconfig.* ServerAlias autoconfig.*
ServerAlias xmpp_prefix_if_any.domain
ServerAlias *.xmpp_prefix_if_any.domain
# You should proxy to a plain HTTP session to offload SSL processing # You should proxy to a plain HTTP session to offload SSL processing
ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000 ProxyPass /Microsoft-Server-ActiveSync http://127.0.0.1:8080/Microsoft-Server-ActiveSync connectiontimeout=4000
@ -106,13 +102,13 @@ Let's Encrypt will follow our rewrite, certificate requests will work fine.
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} }
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.* xmpp_prefix_if_any.domain *.xmpp_prefix_if_any.domain; server_name CHANGE_TO_MAILCOW_HOSTNAME autodiscover.* autoconfig.*;
ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem; ssl_certificate MAILCOW_PATH/data/assets/ssl/cert.pem;
ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem; ssl_certificate_key MAILCOW_PATH/data/assets/ssl/key.pem;

Datei anzeigen

@ -67,7 +67,6 @@ Each container represents a single application.
- [ACME](https://letsencrypt.org/) - [ACME](https://letsencrypt.org/)
- [ClamAV](https://www.clamav.net/) (optional) - [ClamAV](https://www.clamav.net/) (optional)
- [Dovecot](https://www.dovecot.org/) - [Dovecot](https://www.dovecot.org/)
- [ejabberd](https://www.ejabberd.im/)
- [MariaDB](https://mariadb.org/) - [MariaDB](https://mariadb.org/)
- [Memcached](https://www.memcached.org/) - [Memcached](https://www.memcached.org/)
- [Netfilter](https://www.netfilter.org/) (Fail2ban-like integration by [@mkuron](https://github.com/mkuron)) - [Netfilter](https://www.netfilter.org/) (Fail2ban-like integration by [@mkuron](https://github.com/mkuron))
@ -94,6 +93,4 @@ Each container represents a single application.
- sogo-web-vol-1 - sogo-web-vol-1
- solr-vol-1 - solr-vol-1
- vmail-index-vol-1 - vmail-index-vol-1
- vmail-vol-1 - vmail-vol-1
- xmpp-upload-vol-1
- xmpp-vol-1

Datei anzeigen

@ -70,9 +70,6 @@ If you have a firewall in front of mailcow, please make sure that these ports ar
| Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` | | Dovecot POP3S | TCP | 995 | dovecot-mailcow | `${POPS_PORT}` |
| Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` | | Dovecot ManageSieve | TCP | 4190 | dovecot-mailcow | `${SIEVE_PORT}` |
| HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` | | HTTP(S) | TCP | 80/443 | nginx-mailcow | `${HTTP_PORT}` / `${HTTPS_PORT}` |
| XMPP (c2s) | TCP | 5222 | ejabberd-mailcow | `${XMPP_C2S_PORT}` |
| XMPP (s2s) | TCP | 5269 | ejabberd-mailcow | `${XMPP_C2S_PORT}` |
| XMPP (upload) | TCP | 5443 | ejabberd-mailcow | `${XMPP_HTTPS_PORT}` |
To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25` To bind a service to an IP address, you can prepend the IP like this: `SMTP_PORT=1.2.3.4:25`

Datei anzeigen

@ -1,98 +0,0 @@
XMPP is provided by ejabberd, which describes itself as robust, scalable and extensible XMPP Server.
So first of all, thanks to ejabberd and its contributers!
## Enable XMPP in mailcow
To enable XMPP for a domain, you need to edit the given domain in mailcow UI:
![Screen1](https://i.imgur.com/oLyHBke.png)
The chosen prefix will be used to derive your XMPP login.
A prefix **xmpp_prefix** for the mailbox user `cowboy@develcow.de` would equal to the JID `cowboy@xmpp_prefix.develcow.de`.
!!! info
The login passwords for mail and XMPP are the same. XMPP users are authenticated against mailcow.
Before enabling XMPP for a domain, you should create two CNAME records in DNS:
```
# CNAMES
# Name Type Value
xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME})
*.xmpp_prefix IN CNAME mail.example.org. (your ${MAILCOW_HOSTNAME})
```
These two CNAMEs are essential for acquiring a certificate. Please **do not** add "xmpp_prefix.domain.tld" as name to `ADDITIONAL_SAN`.
Make sure your CNAMEs are correct. Enable XMPP for your domain now.
If you enabled XMPP first and then added your DNS records there is no need to worry. You will just need to wait for ejabberd to automatically acquire the certificates or
simply restart ejabberd-mailcow to trigger the process immediately: `docker-compose restart ejabberd-mailcow`.
Once ejabberd is enabled, you may want to re-run the DNS check in the mailcow UI where you will find two more SRV records:
![Screen2](https://i.imgur.com/IxlUZ7y.png)
```
# SRV records
# Name Type Value
_xmpp-client._tcp.xmpp_prefix IN SRV 10 1 5222 mail.example.org. (your ${MAILCOW_HOSTNAME})
_xmpp-server._tcp.xmpp_prefix IN SRV 10 1 5269 mail.example.org. (your ${MAILCOW_HOSTNAME})
```
There is no need to restart ejabberd, add these SRV records whenever you like. These records are crucial for autoconfiguration of XMPP clients and server-to-server connections.
## ACL
A domain administrator can be given the right to toggle XMPP access for domains and mailboxes, promoting users to XMPP administrators (WIP) and to change the prefix:
![Screen3](https://i.imgur.com/OxKuDFU.png)
## Verify certificates
Once everything is setup, make sure ejabberd was able to acquire certificates:
If you see a message similar to...
```
ejabberd-mailcow_1 | 2021-02-13 14:40:19.507956+01:00 [error] Failed to request certificate for im.example.org, pubsub.im.example.org and 3 more hosts: Challenge failed for domain conference.im.example.org: ACME server reported: DNS problem: NXDOMAIN looking up A for conference.im.example.org - check that a DNS record exists for this domain (error type: dns)
```
...you may need to recheck your DNS configuration or restart ejabberd-mailcow to restart the process in case of slow DNS propagation.
Opening `https://xmpp_prefix.domain.tld:5443/upload` should point you to a 404 page with a valid certificate.
## Why can't we use no prefix?
It does not matter which server name we point our SRV to, Jabber will always rely on the domain given in a JID. We would need to acquire a certificate for the SLD `domain.tld`, which hardly anyone wants to point to its mail system.
We are sorry for this circumstance. As soon as we implemented Servercows DNS API, this may be reconsidered.
## My reverse proxy does not work anymore
If your reverse proxy is configured to point to a site like `webmail.domain.tld` **which mailcow is not aware of** (as in MAILCOW_HOSTNAME does **not** match `webmail.domain.tld`), you may now be redirected to the default ejabberd Nginx site.
That's because mailcow does not know it should respond to `webmail.domain.tld` with mailcow UI.
### Method 1
A more simple approach is defining `ADDITIONAL_SERVER_NAMES` in `mailcow.conf`:
```
ADDITIONAL_SERVER_NAMES=webmail.domain.tld
```
Run `docker-compose up -d` to apply.
### Method 2
In your reverse proxy configuration, make sure you set a "Host" header that mailcow actually services, similar to this (Nginx example):
```
proxy_set_header Host MAILCOW_HOSTNAME;
# Instead of proxy_set_header Host $http_host;
```
Now you can use whatever name you like, as long mailcow receives a known "Host" header.

Datei anzeigen

@ -1,76 +0,0 @@
## FAQ
Please find the most frequently asked questions with their corresponding configuration in `data/conf/ejabberd/ejabberd.yml` (if any).
- **I do not want to run ejabberd, is there a `SKIP_XMPP` variable?**
No, there is not. But you don't need one either.
The xmppd behaves the same way as SOGo or Solr do when disabled. A shell will be idling and ejabberd will **not** be started (but open unconnected ports).
As soon as a domain is enabled for XMPP, the container will be restarted and ejabberd bootstrapped.
ejabberd is **very** light on resources, you may want to give it a try.
- **Are messages stored on the server?**
Not by default. The default setting is to disable the message archive via mod_mam but allow users to enable the function if they want to:
```
mod_mam:
clear_archive_on_room_destroy: true
default: never
compress_xml: true
request_activates_archiving: true
```
- **Are uploaded files stored on the server?**
Yes, uploaded files are stored in the volume `xmpp-uploads-vol-1`.
The retention policy saves them for 30 days:
```
mod_http_upload_quota:
max_days: 30
```
- **Are messages stored when a JID is offline?**
Yes, up to 1000 messages are stored for "normal" users and administrators:
```
shaper_rules:
max_user_offline_messages:
1000: admin
1000: all
```
- **Are messages written in group chats stored?**
No, messages are not stored:
```
mod_muc:
default_room_options:
mam: false
```
- **Are group chats persistent when the last participant leaves?**
No, they will vanish:
```
mod_muc:
default_room_options:
persistent: false
```
- **How many client sessions can be open at the same time?**
10 sessions are allowed per user.
```
shaper_rules:
max_user_sessions: 10
```

Datei anzeigen

@ -99,9 +99,6 @@ nav:
- 'Redis': 'u_e-redis.md' - 'Redis': 'u_e-redis.md'
- 'Rspamd': 'u_e-rspamd.md' - 'Rspamd': 'u_e-rspamd.md'
- 'SOGo': 'u_e-sogo.md' - 'SOGo': 'u_e-sogo.md'
- 'XMPP':
- 'FAQ': 'u_e-xmpp-faq.md'
- 'Enable XMPP': 'u_e-xmpp-enable.md'
- 'Docker': - 'Docker':
- 'Customize Dockerfiles': 'u_e-docker-cust_dockerfiles.md' - 'Customize Dockerfiles': 'u_e-docker-cust_dockerfiles.md'
- 'Docker Compose Bash Completion': 'u_e-docker-dc_bash_compl.md' - 'Docker Compose Bash Completion': 'u_e-docker-dc_bash_compl.md'
@ -114,7 +111,6 @@ nav:
- 'Android': 'client/client-android.md' - 'Android': 'client/client-android.md'
- 'Apple macOS / iOS': 'client/client-apple.md' - 'Apple macOS / iOS': 'client/client-apple.md'
- 'eM Client': 'client/client-emclient.md' - 'eM Client': 'client/client-emclient.md'
- 'Gajim XMPP client': 'client/client-gajim_xmpp_client.md'
- 'KDE Kontact': 'client/client-kontact.md' - 'KDE Kontact': 'client/client-kontact.md'
- 'Microsoft Outlook': 'client/client-outlook.md' - 'Microsoft Outlook': 'client/client-outlook.md'
- 'Mozilla Thunderbird': 'client/client-thunderbird.md' - 'Mozilla Thunderbird': 'client/client-thunderbird.md'