12 KiB
Installing Mailcow and Mailman3 based on dockerized versions
This guide is a copy from dockerized-mailcow-mailman.
Introduction
This guide aims to install and configure mailcow-dockerized with docker-mailman and to provide some useful scripts. An essential condition is, to preserve Mailcow and Mailman in their own installations for independent updates.
There are some guides and projects on the internet, but they are not up to date and/or incomplete in documentation or configuration. This guide is based on the work of:
After finishing this guide, mailcow-dockerized and docker-mailman will run and Apache as a reverse proxy will serve the web frontends.
The operating system used is an Ubuntu 20.04 LTS.
Disclaimer
I'm not responsible for any data loss, hardware damage or broken keyboards. This guide comes without any warranty. Make backups before starting, 'coze: No backup no pity!
Installation
This guide ist based on different steps:
- DNS setup
- Install Apache as a reverse proxy
- Obtain ssl certificates with Let's Encrypt
- Install Mailcow with Mailman integration
- Install Mailman
- 🏃 Run
DNS setup
Most of the configuration ist covered by Mailcows DNS setup. After finishing this setup add another subdomain for Mailman, e.g. lists.example.org
that points to the same server:
# Name Type Value
lists IN A 1.2.3.4
lists IN AAAA dead:beef
Install Apache as a reverse proxy
Install Apache, e.g. with this guide from Digital Ocean: How To Install the Apache Web Server on Ubuntu 20.04.
Activate certain Apache modules (as root or sudo):
a2enmod rewrite proxy proxy_http headers ssl wsgi proxy_uwsgi http2
Maybe you have to install further packages to get these modules. This PPA by Ondřej Surý may help you.
vhost configuration
Copy the mailcow.conf and the mailman.conf to the Apache conf folder sites-available
(e.g. under /etc/apache2/sites-available
).
Change in mailcow.conf
:
MAILCOW_HOSTNAME
to your MAILCOW_HOSTNAME
Change in mailman.conf
:
MAILMAN_DOMAIN
to your Mailman domain (e.g.lists.example.org
)
Don't activate the configuration, as the ssl certificates and directories are missing yet.
Obtain ssl certificates with Let's Encrypt
Check if your DNS config is available over the internet and points to the right IP addresses, e.g. with MXToolBox:
- https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILCOW_HOSTNAME
- https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILCOW_HOSTNAME
- https://mxtoolbox.com/SuperTool.aspx?action=a%3aMAILMAN_DOMAIN
- https://mxtoolbox.com/SuperTool.aspx?action=aaaa%3aMAILMAN_DOMAIN
Install certbot (as root or sudo):
apt install certbot
Get the desired certificates (as root or sudo):
certbot certonly -d MAILCOW_HOSTNAME
certbot certonly -d MAILMAN_DOMAIN
Install Mailcow with Mailman integration
install Mailcow
Follow the Mailcow installation. Omit step 5 and do not pull and up with docker-compose
!
configure Mailcow
This is also Step 4 in the official Mailcow installation (nano mailcow.conf
). So change to your needs and alter the following variables:
HTTP_PORT=18080 # don't use 8080 as mailman needs it
HTTP_BIND=127.0.0.1 #
HTTPS_PORT=18443 # you may use 8443
HTTPS_BIND=127.0.0.1 #
SKIP_LETS_ENCRYPT=y # reverse proxy will do the ssl termination
SNAT_TO_SOURCE=1.2.3.4 # change this to your ipv4
SNAT6_TO_SOURCE=dead:beef # change this to your global ipv6
add Mailman integration
Create the file /opt/mailcow-dockerized/docker-compose.override.yml
(e.g. with nano
) and add the following lines:
version: '2.1'
services:
postfix-mailcow:
volumes:
- /opt/mailman:/opt/mailman
networks:
- docker-mailman_mailman
networks:
docker-mailman_mailman:
external: true
The additional volume is used by Mailman to generate additional config files for Mailcow postfix. The external network is build and used by Mailman. Mailcow needs it to deliver incoming list mails to Mailman.
dockerized-mailcow-mailman
Create the file /opt/mailcow-dockerized/data/conf/postfix/extra.cf
(e.g. with nano
) and add the following lines:
# mailman
recipient_delimiter = +
unknown_local_recipient_reject_code = 550
owner_request_special = no
local_recipient_maps =
regexp:/opt/mailman/core/var/data/postfix_lmtp,
proxy:unix:passwd.byname,
$alias_maps
virtual_mailbox_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_mailbox_maps.cf,
regexp:/opt/mailman/core/var/data/postfix_lmtp
transport_maps =
pcre:/opt/postfix/conf/custom_transport.pcre,
pcre:/opt/postfix/conf/local_transport,
proxy:mysql:/opt/postfix/conf/sql/mysql_relay_ne.cf,
proxy:mysql:/opt/postfix/conf/sql/mysql_transport_maps.cf,
regexp:/opt/mailman/core/var/data/postfix_lmtp
relay_domains =
proxy:mysql:/opt/postfix/conf/sql/mysql_virtual_relay_domain_maps.cf,
regexp:/opt/mailman/core/var/data/postfix_domains
relay_recipient_maps =
proxy:mysql:/opt/postfix/conf/sql/mysql_relay_recipient_maps.cf,
regexp:/opt/mailman/core/var/data/postfix_lmtp
As we overwrite Mailcow postfix configuration here, this step may break your normal mail transports. Check the original configuration files if anything changed.
ssl certificates
As we proxying Mailcow, we need to copy the ssl certificates into the Mailcow file structure. This task will do the script renew-ssl.sh for us:
- copy the file to
/opt/mailcow-dockerized
- change MAILCOW_HOSTNAME to your Mailcow hostname
- make it executable (
chmod a+x renew-ssl.sh
) - do not run it yet, as we first need Mailman
You have to create a cronjob, so that new certificates will be copied. Execute as root or sudo:
crontab -e
To run the script every day at 5am, add:
0 5 * * * /opt/mailcow-dockerized/renew-ssl.sh
Install Mailman
Basicly follow the instructions at docker-mailman. As they are a lot, here is in a nuthshell what to do:
As root or sudo:
cd /opt
mkdir -p mailman/core
mkdir -p mailman/web
git clone https://github.com/maxking/docker-mailman
cd docker-mailman
configure Mailman
Create a long key for Hyperkitty, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo
. Save this key for a moment as HYPERKITTY_KEY.
Create a long password for the database, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo
. Save this password for a moment as DBPASS.
Create a long key for Django, e.g. with the linux command cat /dev/urandom | tr -dc a-zA-Z0-9 | head -c30; echo
. Save this key for a moment as DJANGO_KEY.
Create the file /opt/docker-mailman/docker-compose.override.yaml
and replace HYPERKITTY_KEY
, DBPASS
and DJANGO_KEY
with the generated values:
version: '2'
services:
mailman-core:
environment:
- DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
- HYPERKITTY_API_KEY=HYPERKITTY_KEY
- TZ=Europe/Berlin
- MTA=postfix
restart: always
networks:
- mailman
mailman-web:
environment:
- DATABASE_URL=postgres://mailman:DBPASS@database/mailmandb
- HYPERKITTY_API_KEY=HYPERKITTY_KEY
- TZ=Europe/Berlin
- SECRET_KEY=DJANGO_KEY
- SERVE_FROM_DOMAIN=MAILMAN_DOMAIN # e.g. lists.example.org
- MAILMAN_ADMIN_USER=admin # the admin user
- MAILMAN_ADMIN_EMAIL=admin@example.org # the admin mail address
- UWSGI_STATIC_MAP=/static=/opt/mailman-web-data/static
restart: always
database:
environment:
- POSTGRES_PASSWORD=DBPASS
restart: always
At mailman-web
fill in correct values for SERVE_FROM_DOMAIN
(e.g. lists.example.org
), MAILMAN_ADMIN_USER
and MAILMAN_ADMIN_EMAIL
. You need the admin credentials to log into the web interface (Pistorius). For setting the password for the first time use the Forgot password function in the web interface.
About other configuration options read Mailman-web and Mailman-core documentation.
configure Mailman core and Mailman web
Create the file /opt/mailman/core/mailman-extra.cfg
with the following content. mailman@example.org
should be pointing to a valid mail box or redirection.
[mailman]
default_language: de
site_owner: mailman@example.org
Create the file /opt/mailman/web/settings_local.py
with the following content. mailman@example.org
should be pointing to a valid mail box or redirection.
# locale
LANGUAGE_CODE = 'de-de'
# disable social authentication
SOCIALACCOUNT_PROVIDERS = {}
# change it
DEFAULT_FROM_EMAIL = 'mailman@example.org'
DEBUG = False
You can change LANGUAGE_CODE
and SOCIALACCOUNT_PROVIDERS
to your needs. At the moment SOCIALACCOUNT_PROVIDERS
has no effect, see issue #2.
🏃 Run
Run (as root or sudo)
a2ensite mailcow.conf
a2ensite mailman.conf
systemctl restart apache2
cd /opt/docker-mailman
docker-compose pull
docker-compose up -d
cd /opt/mailcow-dockerized/
docker-compose pull
./renew-ssl.sh
Wait a few minutes! The containers have to create there databases and config files. This can last up to 1 minute and more.
Remarks
New lists aren't recognized by postfix instantly
When you create a new list and try to immediately send an e-mail, postfix responses with User doesn't exist
, because postfix won't deliver it to Mailman yet. The configuration at /opt/mailman/core/var/data/postfix_lmtp
is not instantly updated. If you need the list instantly, restart postifx manually:
cd /opt/mailcow-dockerized
docker-compose restart postfix-mailcow
Update
Mailcow has it's own update script in `/opt/mailcow-dockerized/update.sh', see the docs.
For Mailman just fetch the newest version from the github repository.
Backup
Mailcow has an own backup script. Read the docs for further informations.
Mailman won't state backup instructions in the README.md. In the gitbucket of pgollor is a script that may be helpful.
ToDo
install script
Write a script like in mailman-mailcow-integration/mailman-install.sh as many of the steps are automatable.
- Ask for all the configuration variables and create passwords and keys.
- Do a (semi-)automatic installation.
- Have fun!