public/mailcow-dockerized
1
0
Fork 0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2026-01-14 17:39:19 +00:00
Code Issues Releases Wiki Activity
Files
5f7fb2e7c27d9a3eac86bfbbcea45107b9eb6b72
mailcow-dockerized/mkdocs/search_index.json
andryyy 5f7fb2e7c2 Deployed dfc88cc with MkDocs version: 0.16.1
2017-03-02 11:21:46 +01:00

199 lines
45 KiB
JSON
Raw Blame History

{
"docs": [
{
"location": "/",
"text": "mailcow: dockerized - \ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95\n\n\n\n\nmailcow dockerized comes with \n11 containers\n linked in \none bridged network\n.\n\n\n\n\nDovecot\n\n\nMemcached\n\n\nRedis\n\n\nMySQL\n\n\nBind9 (Resolver) (formerly PDNS Recursor)\n\n\nPHP-FPM\n\n\nPostfix\n\n\nNginx\n\n\nRmilter\n\n\nRspamd\n\n\nSOGo\n\n\n\n\n6 volumes\n to keep dynamic data - take care of them!\n\n\n\n\nvmail-vol-1\n\n\ndkim-vol-1\n\n\nredis-vol-1\n\n\nmysql-vol-1\n\n\nrspamd-vol-1\n\n\npostfix-vol-1\n\n\n\n\nThe integrated \nmailcow UI\n allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access:\n\n\n\n\nDKIM key management\n\n\nBlack- and whitelists per domain and per user\n\n\nSpam score managment per-user (reject spam, mark spam, greylist)\n\n\nAllow mailbox users to create temporary spam aliases\n\n\nPrepend mail tags to subject or move mail to subfolder (per-user)\n\n\nAllow mailbox users to toggle incoming and outgoing TLS enforcement\n\n\nAllow users to reset SOGo ActiveSync device caches\n\n\nimapsync to migrate or pull remote mailboxes regularly\n\n\nTFA: Yubi OTP and U2F USB (Google Chrome and derivates only)\n\n\nAdd domains, mailboxes, aliases, domain aliases and SOGo resources\n\n\n\n\nLooking for a farm to host your cow?",
"title": "Overview"
},
{
"location": "/#mailcow-dockerized-",
"text": "mailcow dockerized comes with 11 containers linked in one bridged network . Dovecot Memcached Redis MySQL Bind9 (Resolver) (formerly PDNS Recursor) PHP-FPM Postfix Nginx Rmilter Rspamd SOGo 6 volumes to keep dynamic data - take care of them! vmail-vol-1 dkim-vol-1 redis-vol-1 mysql-vol-1 rspamd-vol-1 postfix-vol-1 The integrated mailcow UI allows administrative work on your mail server instance as well as separated domain administrator and mailbox user access: DKIM key management Black- and whitelists per domain and per user Spam score managment per-user (reject spam, mark spam, greylist) Allow mailbox users to create temporary spam aliases Prepend mail tags to subject or move mail to subfolder (per-user) Allow mailbox users to toggle incoming and outgoing TLS enforcement Allow users to reset SOGo ActiveSync device caches imapsync to migrate or pull remote mailboxes regularly TFA: Yubi OTP and U2F USB (Google Chrome and derivates only) Add domains, mailboxes, aliases, domain aliases and SOGo resources Looking for a farm to host your cow?",
"title": "mailcow: dockerized - \ud83d\udc2e + \ud83d\udc0b = \ud83d\udc95"
},
{
"location": "/install/",
"text": "Install mailcow\n\n\n\n\n\n\nYou need Docker.\n\n\n\n\nMost systems can install Docker by running \nwget -qO- https://get.docker.com/ | sh\n\n\n\n\n\n\n\n\nYou need Docker Compose.\n\n\n\n\nLearn \nhow to install Docker Compose\n - or:\n\n\ncurl -L \"https://github.com/docker/compose/releases/download/composer_version/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose \n chmod +x /usr/local/bin/docker-compose\n\n\n\n\n\n\n\n\nClone the master branch of the repository and run \n./generate_config.sh\n to generate a file \"mailcow.conf\". You will be asked for a hostname and a timezone:\n\n\n\n\ngit clone https://github.com/andryyy/mailcow-dockerized \n cd mailcow-dockerized\n\n\n./generate_config.sh\n\n\nOpen and check \"mailcow.conf\" if you need or want to make changes to ports (for example changing the default HTTPS port)\n\n\n\n\n\n\n\n\nRun the composer file.\n\n\n\n\ndocker-compose up -d\n\n\n\n\n\n\n\n\nDone.\n\n\nYou can now access \nhttps://${MAILCOW_HOSTNAME}\n with the default credentials \nadmin\n + password \nmoohoo\n.\n\n\nIt may take a while for MySQL to warm up, so please wait half a minute.\n\n\nThe database will be initialized right after a connection to MySQL can be established.\n\n\nUpdate mailcow\n\n\nThere is no update routine.\n\n\nYou need to refresh your pulled repository clone by running \ngit pull\n - this will likely fail due to changes to your local configuration. But that's why we use git! :-)\n\n\nWhatever file has local changes, add and commit it to your repository clone. For example:\n\n\ngit add data/conf/postfix/main.cf data/conf/dovecot/dovecot.conf\ngit commit -m \nMy changes to main.cf and dovecot.conf\n\n\n\n\nTry running \ngit pull\n again and resolve conflicts, if any.\n\n\nNow update all images, apply changes to containers and restart all services:\n\n\ndocker-compose pull\ndocker-compose up -d --remove-orphans\ndocker-compose restart\n\n\n\n\nUse dev branch (not recommended)\n\n\nWhen you checkout the dev branch, you will most likely end up using the \"master\" images with code base of \"dev\".\nIf there were critical changes to the images in dev, mailcow will not work.\n\n\nBut you can still build the images by yourself:\n\n\ndocker-compose up -d --build",
"title": "Installation"
},
{
"location": "/install/#install-mailcow",
"text": "You need Docker. Most systems can install Docker by running wget -qO- https://get.docker.com/ | sh You need Docker Compose. Learn how to install Docker Compose - or: curl -L \"https://github.com/docker/compose/releases/download/composer_version/docker-compose-$(uname -s)-$(uname -m)\" -o /usr/local/bin/docker-compose chmod +x /usr/local/bin/docker-compose Clone the master branch of the repository and run ./generate_config.sh to generate a file \"mailcow.conf\". You will be asked for a hostname and a timezone: git clone https://github.com/andryyy/mailcow-dockerized cd mailcow-dockerized ./generate_config.sh Open and check \"mailcow.conf\" if you need or want to make changes to ports (for example changing the default HTTPS port) Run the composer file. docker-compose up -d Done. You can now access https://${MAILCOW_HOSTNAME} with the default credentials admin + password moohoo . It may take a while for MySQL to warm up, so please wait half a minute. The database will be initialized right after a connection to MySQL can be established.",
"title": "Install mailcow"
},
{
"location": "/install/#update-mailcow",
"text": "There is no update routine. You need to refresh your pulled repository clone by running git pull - this will likely fail due to changes to your local configuration. But that's why we use git! :-) Whatever file has local changes, add and commit it to your repository clone. For example: git add data/conf/postfix/main.cf data/conf/dovecot/dovecot.conf\ngit commit -m My changes to main.cf and dovecot.conf Try running git pull again and resolve conflicts, if any. Now update all images, apply changes to containers and restart all services: docker-compose pull\ndocker-compose up -d --remove-orphans\ndocker-compose restart",
"title": "Update mailcow"
},
{
"location": "/install/#use-dev-branch-not-recommended",
"text": "When you checkout the dev branch, you will most likely end up using the \"master\" images with code base of \"dev\".\nIf there were critical changes to the images in dev, mailcow will not work. But you can still build the images by yourself: docker-compose up -d --build",
"title": "Use dev branch (not recommended)"
},
{
"location": "/first_steps/",
"text": "Change default language\n\n\nChange \ndata/conf/sogo/sogo.conf\n and replace English by your language.\n\n\nCreate a file \ndata/web/inc/vars.local.inc.php\n and add \"DEFAULT_LANG\" with either \"en\", \"pt\", \"de\" or \"nl\":\n\n\n?php\n$DEFAULT_LANG = \nde\n;\n\n\n\n\nSSL (and: How to use Let's Encrypt)\n\n\nmailcow dockerized comes with a snakeoil CA \"mailcow\" and a server certificate in \ndata/assets/ssl\n. Please use your own trusted certificates.\n\n\nmailcow uses 3 domain names that should be covered by your new certificate:\n\n\n\n\n${MAILCOW_HOSTNAME}\n\n\nautodiscover.\nexample.org\n\n\nautoconfig.\nexample.org\n\n\n\n\nObtain multi-SAN certificate by Let's Encrypt\n\n\nThis is just an example of how to obtain certificates with certbot. There are several methods!\n\n\n\n\nGet the certbot client:\n\n\n\n\nwget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot \n chmod +x /usr/local/sbin/certbot\n\n\n\n\n\n\n\n\nMake sure you set \nHTTP_BIND=0.0.0.0\n in \nmailcow.conf\n or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: \ndocker-compose restart nginx-mailcow\n.\n\n\n\n\n\n\nRequest the certificate with the webroot method:\n\n\n\n\n\n\ncd /path/to/git/clone/mailcow-dockerized\nsource mailcow.conf\ncertbot certonly \\\n --webroot \\\n -w ${PWD}/data/web \\\n -d ${MAILCOW_HOSTNAME} \\\n -d autodiscover.example.org \\\n -d autoconfig.example.org \\\n --email you@example.org \\\n --agree-tos\n\n\n\n\n\n\nCreate hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:\n\n\n\n\nmv data/assets/ssl/cert.{pem,pem.backup}\nmv data/assets/ssl/key.{pem,pem.backup}\nln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem\nln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem\n\n\n\n\n\n\nRestart containers which use the certificate:\n\n\n\n\ndocker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow\n\n\n\n\nWhen renewing certificates, run the last two steps (link + restart) as post-hook in a script.\n\n\nRspamd UI access\n\n\nAt first you may want to setup Rspamds web interface which provides some useful features and information.\n\n\n\n\nGenerate a Rspamd controller password hash:\n\n\n\n\ndocker-compose exec rspamd-mailcow rspamadm pw\n\n\n\n\n\n\nReplace the default hash in \ndata/conf/rspamd/override.d/worker-controller.inc\n by your newly generated:\n\n\n\n\nenable_password = \nmyhash\n;\n\n\n\n\n\n\nRestart rspamd:\n\n\n\n\ndocker-compose restart rspamd-mailcow\n\n\n\n\nOpen https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!",
"title": "First Steps"
},
{
"location": "/first_steps/#change-default-language",
"text": "Change data/conf/sogo/sogo.conf and replace English by your language. Create a file data/web/inc/vars.local.inc.php and add \"DEFAULT_LANG\" with either \"en\", \"pt\", \"de\" or \"nl\": ?php\n$DEFAULT_LANG = de ;",
"title": "Change default language"
},
{
"location": "/first_steps/#ssl-and-how-to-use-lets-encrypt",
"text": "mailcow dockerized comes with a snakeoil CA \"mailcow\" and a server certificate in data/assets/ssl . Please use your own trusted certificates. mailcow uses 3 domain names that should be covered by your new certificate: ${MAILCOW_HOSTNAME} autodiscover. example.org autoconfig. example.org",
"title": "SSL (and: How to use Let's Encrypt)"
},
{
"location": "/first_steps/#obtain-multi-san-certificate-by-lets-encrypt",
"text": "This is just an example of how to obtain certificates with certbot. There are several methods! Get the certbot client: wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot chmod +x /usr/local/sbin/certbot Make sure you set HTTP_BIND=0.0.0.0 in mailcow.conf or setup a reverse proxy to enable connections to port 80. If you changed HTTP_BIND, then restart Nginx: docker-compose restart nginx-mailcow . Request the certificate with the webroot method: cd /path/to/git/clone/mailcow-dockerized\nsource mailcow.conf\ncertbot certonly \\\n --webroot \\\n -w ${PWD}/data/web \\\n -d ${MAILCOW_HOSTNAME} \\\n -d autodiscover.example.org \\\n -d autoconfig.example.org \\\n --email you@example.org \\\n --agree-tos Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder: mv data/assets/ssl/cert.{pem,pem.backup}\nmv data/assets/ssl/key.{pem,pem.backup}\nln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/cert.pem\nln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/key.pem Restart containers which use the certificate: docker-compose restart postfix-mailcow dovecot-mailcow nginx-mailcow When renewing certificates, run the last two steps (link + restart) as post-hook in a script.",
"title": "Obtain multi-SAN certificate by Let's Encrypt"
},
{
"location": "/first_steps/#rspamd-ui-access",
"text": "At first you may want to setup Rspamds web interface which provides some useful features and information. Generate a Rspamd controller password hash: docker-compose exec rspamd-mailcow rspamadm pw Replace the default hash in data/conf/rspamd/override.d/worker-controller.inc by your newly generated: enable_password = myhash ; Restart rspamd: docker-compose restart rspamd-mailcow Open https://${MAILCOW_HOSTNAME}/rspamd in a browser and login!",
"title": "Rspamd UI access"
},
{
"location": "/u_and_e/",
"text": "Anonymize headers for smtp relayed\n\n\nSave as \ndata/conf/postfix/mailcow_anonymize_headers.pcre\n:\n\n\n/^\\s*Received:[^\\)]+\\)\\s+\\(Authenticated sender:(.+)/\n REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1\n/^\\s*User-Agent/ IGNORE\n/^\\s*X-Enigmail/ IGNORE\n/^\\s*X-Mailer/ IGNORE\n/^\\s*X-Originating-IP/ IGNORE\n/^\\s*X-Forward/ IGNORE\n/^\\s*Mime-Version:/ IGNORE\n\n\n\n\nAdd this to \ndata/conf/postfix/main.cf\n:\n\n\nsmtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre\n\n\n\n\nBackup and restore maildir (simple tar file)\n\n\nBackup\n\n\nThis line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory:\n\n\ncd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date +\n%Y%m%d_%H%M%S\n)\ndocker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \n/var/vmail\n }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar cvfz /backup/backup_vmail.tar.gz /vmail\n\n\n\n\nYou can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to.\nSet the filename \nbackup_vmail.tar.gz\n to any custom name, but leave the path as it is. Example: \n[...] tar cvfz /backup/my_own_filename_.tar.gz\n\n\nRestore\n\n\ncd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date +\n%Y%m%d_%H%M%S\n)\ndocker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination \n/var/vmail\n }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar xvfz /backup/backup_vmail.tar.gz\n\n\n\n\nFor the tab-tab... :-)\n\n\ncurl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose\n\n\n\n\nBlack- and Whitelist\n\n\nEdit a domain as (domain) administrator to add an item to the filter table.\n\n\nBeware that a mailbox user can login to mailcow and override a domain policy filter item. \n\n\nChange default theme\n\n\nmailcow uses \nBootstrap\n, a HTML, CSS, and JS framework.\n\n\nOpen or create the file \ndata/web/inc/vars.local.inc.php\n and change \nDEFAULT_THEME\n to either cerulean, cosmo, custom, cyborg, darkly, flatly, journal, paper, readable, sandstone, simplex, slate, spacelab, superhero, united or yeti (see https://bootswatch.com/):\n\n\n?php\n$DEFAULT_THEME = \npaper\n;\n\n\n\n\nCustomize Dockerfiles\n\n\nMake your changes in \ndata/Dockerfiles/$service\n and build the image locally:\n\n\ndocker build data/Dockerfiles/service -t andryyy/mailcow-dockerized:$service\n\n\n\n\nNow auto-recreate modified containers:\n\n\ndocker-compose up -d\n\n\n\n\nDo not check sender addresses for any domain\n\n\nThis option is not best-practice and should only be implemented when there is no other option available to archive whatever you are trying to do.\n\n\nSimply create a file \ndata/conf/postfix/check_sender_access\n and enter the following content:\n\n\nuser-to-allow-everything@example.com OK\n\n\n\n\nOpen \ndata/conf/postfix/main.cf\n and find \nsmtpd_sender_restrictions\n. Prepend \ncheck_sasl_access hash:/opt/postfix/conf/check_sender_access\n like this:\n\n\nsmtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sender_access reject_authenticated_sender [...]\n\n\n\n\nRun postmap on check_sasl_access:\n\n\ndocker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access\n\n\n\n\nRestart the Postfix container.\n\n\nInstall Roundcube\n\n\nDownload Roundcube 1.3.x (beta at the time of Feb 2017) to the web htdocs directory and extract it (here \nrc/\n):\n\n\ncd data/web/rc\nwget -O - https://github.com/roundcube/roundcubemail/releases/download/1.3-beta/roundcubemail-1.3-beta-complete.tar.gz | tar xfvz -\n# Change folder name\nmv roundcubemail-1.3* rc\n# Change permissions\nchown -R root: rc/\n\n\n\n\nCreate a file \ndata/web/rc/config/config.inc.php\n with the following content.\n\n\nChange the \ndes_key\n parameter to a random value.\n It is used to temporarily store your IMAP password.\n\n\n?php\nerror_reporting(0);\nif (!file_exists('/tmp/mime.types')) {\nfile_put_contents(\n/tmp/mime.types\n, fopen(\nhttp://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types\n, 'r'));\n}\n$config = array();\n$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');\n$config['default_host'] = 'tls://dovecot';\n$config['default_port'] = '143';\n$config['smtp_server'] = 'tls://postfix';\n$config['smtp_port'] = 587;\n$config['smtp_user'] = '%u';\n$config['smtp_pass'] = '%p';\n$config['support_url'] = '';\n$config['product_name'] = 'Roundcube Webmail';\n$config['des_key'] = 'rcmail-!24ByteDESkey*Str';\n$config['log_dir'] = '/dev/null';\n$config['temp_dir'] = '/tmp';\n$config['plugins'] = array(\n 'archive',\n);\n$config['skin'] = 'larry';\n$config['mime_types'] = '/tmp/mime.types';\n$config['imap_conn_options'] = array(\n'ssl' =\n array('verify_peer' =\n false, 'verify_peer_name' =\n false, 'allow_self_signed' =\n true)\n);\n$config['enable_installer'] = false;\n$config['smtp_conn_options'] = array(\n'ssl' =\n array('verify_peer' =\n false, 'verify_peer_name' =\n false, 'allow_self_signed' =\n true)\n);\n\n\n\n\nPoint your browser to \nhttps://myserver/rc/installer\n and follow the instructions.\nInitialize the database and leave the installer.\n\nDelete the directory \ndata/web/rc/installer\n after a successful installation!\n\n\nEnable password changing\n\n\nOpen \ndata/web/rc/config.inc.php\n and enable the password plugin:\n\n\n...\n$config['plugins'] = array(\n 'archive',\n 'password',\n);\n...\n\n\n\n\nOpen \ndata/web/rc/plugins/password/password.php\n, search for \ncase 'ssha':\n and add above:\n\n\n case 'ssha256':\n $salt = rcube_utils::random_bytes(8);\n $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );\n $prefix = '{SSHA256}';\n break;\n\n\n\n\nOpen \ndata/web/rc/plugins/password/config.inc.php\n and change the following parameters (or add them at the bottom of that file):\n\n\n$config['password_driver'] = 'sql';\n$config['password_algorithm'] = 'ssha256';\n$config['password_algorithm_prefix'] = '{SSHA256}';\n$config['password_query'] = \nUPDATE mailbox SET password = %P WHERE username = %u\n;\n\n\n\n\nLearn spam and ham\n\n\nRspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash.\nThis is archived by using the Dovecot plugin \"antispam\" and a simple parser script.\n\n\nRspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning)\n\n\nThe bayes statistics are written to Redis as keys \nBAYES_HAM\n and \nBAYES_SPAM\n.\n\n\nYou can also use Rspamds web ui to learn ham and/or spam.\n\n\nMySQL\n\n\nConnect to the MySQL database:\n\n\nsource mailcow.conf\ndocker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}\n\n\n\n\nBackup the database:\n\n\ncd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date +\n%Y%m%d_%H%M%S\n)\ndocker-compose exec mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} \n backup_${DBNAME}_${DATE}.sql\n\n\n\n\nRestore the database:\n\n\ncd /path/to/mailcow-dockerized\nsource mailcow.conf\ndocker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} \n backup_file.sql\n\n\n\n\nRead logs\n\n\nYou can use \ndocker-compose logs $service-name\n for all containers.\n\n\nRun \ndocker-compose logs\n for all logs at once.\n\n\nFollow the log output by running docker-compose with \nlogs -f\n.\n\n\nRedirect port 80 to 443\n\n\nSince February the 28th 2017 mailcow does come with port 80 and 443 enabled.\n\n\nOpen \nmailcow.conf\n and set \nHTTP_BIND=0.0.0.0\n.\n\n\nOpen \ndata/conf/nginx/site.conf\n and add a new \"catch-all\" site at the top of that file:\n\n\nserver {\n listen 80 default_server;\n server_name _;\n return 301 https://$host$request_uri;\n}\n\n\n\n\nRestart the stack, changed containers will be updated:\n\n\ndocker-compose up -d\n\n\nRedis\n\n\nConnect to redis key store:\n\n\ndocker-compose exec redis-mailcow redis-cli\n\n\n\n\nRemove persistent data\n\n\n\n\nRemove volume \nmysql-vol-1\n to remove all MySQL data.\n\n\nRemove volume \nredis-vol-1\n to remove all Redis data.\n\n\nRemove volume \nvmail-vol-1\n to remove all contents of \n/var/vmail\n mounted to \ndovecot-mailcow\n.\n\n\nRemove volume \ndkim-vol-1\n to remove all DKIM keys.\n\n\nRemove volume \nrspamd-vol-1\n to remove all Rspamd data.\n\n\n\n\nRunning \ndocker-compose down -v\n will \ndestroy all mailcow: dockerized volumes\n and delete any related containers.Reset mailcow admin to \nadmin:moohoo\n:\n\n\n\n\nDrop admin table\n\n\n\n\nsource mailcow.conf\ndocker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e \nDROP TABLE admin;\n\n\n\n\n\n\n\nOpen mailcow UI to auto-init the db\n\n\n\n\nRspamd\n\n\nRspamd CLI tools\n\n\ndocker-compose exec rspamd-mailcow rspamc --help\ndocker-compose exec rspamd-mailcow rspamadm --help\n\n\n\n\nSee \nRspamd documentation\n\n\nAdjust service configurations\n\n\nThe most important configuration files are mounted from the host into the related containers:\n\n\ndata/conf\n\u251c\u2500\u2500 bind9\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 named.conf\n\u251c\u2500\u2500 dovecot\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dovecot.conf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dovecot-master.passwd\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sieve_after\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dovecot-dict-sql.conf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 dovecot-mysql.conf\n\u251c\u2500\u2500 mysql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 my.cnf\n\u251c\u2500\u2500 nginx\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynmaps.conf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 site.conf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 templates\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 listen_plain.template\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 listen_ssl.template\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 server_name.template\n\u251c\u2500\u2500 pdns\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pdns_custom.lua\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 recursor.conf\n\u251c\u2500\u2500 postfix\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 main.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 master.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 postscreen_access.cidr\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 smtp_dsn_filter\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_relay_recipient_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_tls_enforce_in_policy.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_tls_enforce_out_policy.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_alias_domain_catchall_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_alias_domain_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_alias_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_domains_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_mailbox_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_relay_domain_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_sender_acl.cf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 mysql_virtual_spamalias_maps.cf\n\u251c\u2500\u2500 rmilter\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 rmilter.conf\n\u251c\u2500\u2500 rspamd\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynmaps\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 authoritative.php\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 settings.php\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 tags.php\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 vars.inc.php -\n ../../../web/inc/vars.inc.php\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 local.d\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dkim.conf\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 metrics.conf\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 options.inc\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 redis.conf\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 rspamd.conf.local\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 statistic.conf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 lua\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 rspamd.local.lua\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 override.d\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 logging.inc\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 worker-controller.inc\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 worker-normal.inc\n\u2514\u2500\u2500 sogo\n \u251c\u2500\u2500 sieve.creds\n \u2514\u2500\u2500 sogo.conf\n\n\n\n\n\nJust change the according configuration file on the host and restart the related service: \ndocker-compose restart service-mailcow\n\n\nTagging\n\n\nMailbox users can tag their mail address like in \nme+facebook@example.org\n and choose between to setups to handle this tag:\n\n\n\n\nMove this message to a subfolder \"facebook\" (will be created lower case if not existing)\n\n\nPrepend the tag to the subject: \"[facebook] Subject\"\n\n\n\n\nTwo-factor authentication\n\n\nSo far two methods for TFA are impelemented. Both work with the fantastic \nYubikey\n. \n\n\nWhile Yubi OTP needs an active internet connection and an API ID/key, U2F will work with any FIDO U2F USB key out of the box.\n\n\nBoth methods support mulitple YubiKeys.\n\n\nAs administrator you are able to temporary disable a domain adminsitrators TFA login until they successfully logged in.\n\n\nThe key used to login will be displayed in green, while other keys remain grey.\n\n\nYubi OTP\n\n\nThe Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key.\nThe API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.\n\n\nU2F\n\n\nOnly Google Chrome (+derivates) and Opera support U2F authentication to this day natively.\nFor Firefox you will need to install the \"U2F Support Add-on\" as provided on \nmozilla.org\n.\nU2F works without an internet connection.# Why does mailcow come with a DNS resolver?\n\n\nFor DNS blacklist lookups and DNSSEC.\n\n\nMost systems use either a public or a local caching DNS resolver.\nThat's a very bad idea when it comes to filter spam using DNS-based blackhole lists (DNSBL) or similar technics.\nMost if not all providers apply a rate limit based on the DNS resolver that is used to query their service.\nUsing a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.",
"title": "Usage & Examples"
},
{
"location": "/u_and_e/#anonymize-headers-for-smtp-relayed",
"text": "Save as data/conf/postfix/mailcow_anonymize_headers.pcre : /^\\s*Received:[^\\)]+\\)\\s+\\(Authenticated sender:(.+)/\n REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1\n/^\\s*User-Agent/ IGNORE\n/^\\s*X-Enigmail/ IGNORE\n/^\\s*X-Mailer/ IGNORE\n/^\\s*X-Originating-IP/ IGNORE\n/^\\s*X-Forward/ IGNORE\n/^\\s*Mime-Version:/ IGNORE Add this to data/conf/postfix/main.cf : smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre",
"title": "Anonymize headers for smtp relayed"
},
{
"location": "/u_and_e/#backup-and-restore-maildir-simple-tar-file",
"text": "",
"title": "Backup and restore maildir (simple tar file)"
},
{
"location": "/u_and_e/#backup",
"text": "This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory: cd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date + %Y%m%d_%H%M%S )\ndocker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination /var/vmail }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar cvfz /backup/backup_vmail.tar.gz /vmail You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to.\nSet the filename backup_vmail.tar.gz to any custom name, but leave the path as it is. Example: [...] tar cvfz /backup/my_own_filename_.tar.gz",
"title": "Backup"
},
{
"location": "/u_and_e/#restore",
"text": "cd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date + %Y%m%d_%H%M%S )\ndocker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination /var/vmail }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar xvfz /backup/backup_vmail.tar.gz For the tab-tab... :-) curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose",
"title": "Restore"
},
{
"location": "/u_and_e/#black-and-whitelist",
"text": "Edit a domain as (domain) administrator to add an item to the filter table. Beware that a mailbox user can login to mailcow and override a domain policy filter item.",
"title": "Black- and Whitelist"
},
{
"location": "/u_and_e/#change-default-theme",
"text": "mailcow uses Bootstrap , a HTML, CSS, and JS framework. Open or create the file data/web/inc/vars.local.inc.php and change DEFAULT_THEME to either cerulean, cosmo, custom, cyborg, darkly, flatly, journal, paper, readable, sandstone, simplex, slate, spacelab, superhero, united or yeti (see https://bootswatch.com/): ?php\n$DEFAULT_THEME = paper ;",
"title": "Change default theme"
},
{
"location": "/u_and_e/#customize-dockerfiles",
"text": "Make your changes in data/Dockerfiles/$service and build the image locally: docker build data/Dockerfiles/service -t andryyy/mailcow-dockerized:$service Now auto-recreate modified containers: docker-compose up -d",
"title": "Customize Dockerfiles"
},
{
"location": "/u_and_e/#do-not-check-sender-addresses-for-any-domain",
"text": "This option is not best-practice and should only be implemented when there is no other option available to archive whatever you are trying to do. Simply create a file data/conf/postfix/check_sender_access and enter the following content: user-to-allow-everything@example.com OK Open data/conf/postfix/main.cf and find smtpd_sender_restrictions . Prepend check_sasl_access hash:/opt/postfix/conf/check_sender_access like this: smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sender_access reject_authenticated_sender [...] Run postmap on check_sasl_access: docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access Restart the Postfix container.",
"title": "Do not check sender addresses for any domain"
},
{
"location": "/u_and_e/#install-roundcube",
"text": "Download Roundcube 1.3.x (beta at the time of Feb 2017) to the web htdocs directory and extract it (here rc/ ): cd data/web/rc\nwget -O - https://github.com/roundcube/roundcubemail/releases/download/1.3-beta/roundcubemail-1.3-beta-complete.tar.gz | tar xfvz -\n# Change folder name\nmv roundcubemail-1.3* rc\n# Change permissions\nchown -R root: rc/ Create a file data/web/rc/config/config.inc.php with the following content. Change the des_key parameter to a random value. It is used to temporarily store your IMAP password. ?php\nerror_reporting(0);\nif (!file_exists('/tmp/mime.types')) {\nfile_put_contents( /tmp/mime.types , fopen( http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types , 'r'));\n}\n$config = array();\n$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');\n$config['default_host'] = 'tls://dovecot';\n$config['default_port'] = '143';\n$config['smtp_server'] = 'tls://postfix';\n$config['smtp_port'] = 587;\n$config['smtp_user'] = '%u';\n$config['smtp_pass'] = '%p';\n$config['support_url'] = '';\n$config['product_name'] = 'Roundcube Webmail';\n$config['des_key'] = 'rcmail-!24ByteDESkey*Str';\n$config['log_dir'] = '/dev/null';\n$config['temp_dir'] = '/tmp';\n$config['plugins'] = array(\n 'archive',\n);\n$config['skin'] = 'larry';\n$config['mime_types'] = '/tmp/mime.types';\n$config['imap_conn_options'] = array(\n'ssl' = array('verify_peer' = false, 'verify_peer_name' = false, 'allow_self_signed' = true)\n);\n$config['enable_installer'] = false;\n$config['smtp_conn_options'] = array(\n'ssl' = array('verify_peer' = false, 'verify_peer_name' = false, 'allow_self_signed' = true)\n); Point your browser to https://myserver/rc/installer and follow the instructions.\nInitialize the database and leave the installer. Delete the directory data/web/rc/installer after a successful installation!",
"title": "Install Roundcube"
},
{
"location": "/u_and_e/#enable-password-changing",
"text": "Open data/web/rc/config.inc.php and enable the password plugin: ...\n$config['plugins'] = array(\n 'archive',\n 'password',\n);\n... Open data/web/rc/plugins/password/password.php , search for case 'ssha': and add above: case 'ssha256':\n $salt = rcube_utils::random_bytes(8);\n $crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );\n $prefix = '{SSHA256}';\n break; Open data/web/rc/plugins/password/config.inc.php and change the following parameters (or add them at the bottom of that file): $config['password_driver'] = 'sql';\n$config['password_algorithm'] = 'ssha256';\n$config['password_algorithm_prefix'] = '{SSHA256}';\n$config['password_query'] = UPDATE mailbox SET password = %P WHERE username = %u ;",
"title": "Enable password changing"
},
{
"location": "/u_and_e/#learn-spam-and-ham",
"text": "Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash.\nThis is archived by using the Dovecot plugin \"antispam\" and a simple parser script. Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning) The bayes statistics are written to Redis as keys BAYES_HAM and BAYES_SPAM . You can also use Rspamds web ui to learn ham and/or spam.",
"title": "Learn spam and ham"
},
{
"location": "/u_and_e/#mysql",
"text": "",
"title": "MySQL"
},
{
"location": "/u_and_e/#connect-to-the-mysql-database",
"text": "source mailcow.conf\ndocker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}",
"title": "Connect to the MySQL database:"
},
{
"location": "/u_and_e/#backup-the-database",
"text": "cd /path/to/mailcow-dockerized\nsource mailcow.conf\nDATE=$(date + %Y%m%d_%H%M%S )\ndocker-compose exec mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} backup_${DBNAME}_${DATE}.sql",
"title": "Backup the database:"
},
{
"location": "/u_and_e/#restore-the-database",
"text": "cd /path/to/mailcow-dockerized\nsource mailcow.conf\ndocker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} backup_file.sql",
"title": "Restore the database:"
},
{
"location": "/u_and_e/#read-logs",
"text": "You can use docker-compose logs $service-name for all containers. Run docker-compose logs for all logs at once. Follow the log output by running docker-compose with logs -f .",
"title": "Read logs"
},
{
"location": "/u_and_e/#redirect-port-80-to-443",
"text": "Since February the 28th 2017 mailcow does come with port 80 and 443 enabled. Open mailcow.conf and set HTTP_BIND=0.0.0.0 . Open data/conf/nginx/site.conf and add a new \"catch-all\" site at the top of that file: server {\n listen 80 default_server;\n server_name _;\n return 301 https://$host$request_uri;\n} Restart the stack, changed containers will be updated: docker-compose up -d",
"title": "Redirect port 80 to 443"
},
{
"location": "/u_and_e/#redis",
"text": "",
"title": "Redis"
},
{
"location": "/u_and_e/#connect-to-redis-key-store",
"text": "docker-compose exec redis-mailcow redis-cli",
"title": "Connect to redis key store:"
},
{
"location": "/u_and_e/#remove-persistent-data",
"text": "Remove volume mysql-vol-1 to remove all MySQL data. Remove volume redis-vol-1 to remove all Redis data. Remove volume vmail-vol-1 to remove all contents of /var/vmail mounted to dovecot-mailcow . Remove volume dkim-vol-1 to remove all DKIM keys. Remove volume rspamd-vol-1 to remove all Rspamd data. Running docker-compose down -v will destroy all mailcow: dockerized volumes and delete any related containers.Reset mailcow admin to admin:moohoo : Drop admin table source mailcow.conf\ndocker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e DROP TABLE admin; Open mailcow UI to auto-init the db",
"title": "Remove persistent data"
},
{
"location": "/u_and_e/#rspamd",
"text": "",
"title": "Rspamd"
},
{
"location": "/u_and_e/#rspamd-cli-tools",
"text": "docker-compose exec rspamd-mailcow rspamc --help\ndocker-compose exec rspamd-mailcow rspamadm --help See Rspamd documentation",
"title": "Rspamd CLI tools"
},
{
"location": "/u_and_e/#adjust-service-configurations",
"text": "The most important configuration files are mounted from the host into the related containers: data/conf\n\u251c\u2500\u2500 bind9\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 named.conf\n\u251c\u2500\u2500 dovecot\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dovecot.conf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dovecot-master.passwd\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 sieve_after\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dovecot-dict-sql.conf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 dovecot-mysql.conf\n\u251c\u2500\u2500 mysql\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 my.cnf\n\u251c\u2500\u2500 nginx\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynmaps.conf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 site.conf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 templates\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 listen_plain.template\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 listen_ssl.template\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 server_name.template\n\u251c\u2500\u2500 pdns\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 pdns_custom.lua\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 recursor.conf\n\u251c\u2500\u2500 postfix\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 main.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 master.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 postscreen_access.cidr\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 smtp_dsn_filter\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 sql\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_relay_recipient_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_tls_enforce_in_policy.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_tls_enforce_out_policy.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_alias_domain_catchall_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_alias_domain_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_alias_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_domains_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_mailbox_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_relay_domain_maps.cf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 mysql_virtual_sender_acl.cf\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 mysql_virtual_spamalias_maps.cf\n\u251c\u2500\u2500 rmilter\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 rmilter.conf\n\u251c\u2500\u2500 rspamd\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 dynmaps\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 authoritative.php\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 settings.php\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 tags.php\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 vars.inc.php - ../../../web/inc/vars.inc.php\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 local.d\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 dkim.conf\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 metrics.conf\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 options.inc\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 redis.conf\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u251c\u2500\u2500 rspamd.conf.local\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 statistic.conf\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 lua\n\u2502\u00a0\u00a0 \u2502\u00a0\u00a0 \u2514\u2500\u2500 rspamd.local.lua\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 override.d\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 logging.inc\n\u2502\u00a0\u00a0 \u251c\u2500\u2500 worker-controller.inc\n\u2502\u00a0\u00a0 \u2514\u2500\u2500 worker-normal.inc\n\u2514\u2500\u2500 sogo\n \u251c\u2500\u2500 sieve.creds\n \u2514\u2500\u2500 sogo.conf Just change the according configuration file on the host and restart the related service: docker-compose restart service-mailcow",
"title": "Adjust service configurations"
},
{
"location": "/u_and_e/#tagging",
"text": "Mailbox users can tag their mail address like in me+facebook@example.org and choose between to setups to handle this tag: Move this message to a subfolder \"facebook\" (will be created lower case if not existing) Prepend the tag to the subject: \"[facebook] Subject\"",
"title": "Tagging"
},
{
"location": "/u_and_e/#two-factor-authentication",
"text": "So far two methods for TFA are impelemented. Both work with the fantastic Yubikey . While Yubi OTP needs an active internet connection and an API ID/key, U2F will work with any FIDO U2F USB key out of the box. Both methods support mulitple YubiKeys. As administrator you are able to temporary disable a domain adminsitrators TFA login until they successfully logged in. The key used to login will be displayed in green, while other keys remain grey.",
"title": "Two-factor authentication"
},
{
"location": "/u_and_e/#yubi-otp",
"text": "The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key.\nThe API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.",
"title": "Yubi OTP"
},
{
"location": "/u_and_e/#u2f",
"text": "Only Google Chrome (+derivates) and Opera support U2F authentication to this day natively.\nFor Firefox you will need to install the \"U2F Support Add-on\" as provided on mozilla.org .\nU2F works without an internet connection.# Why does mailcow come with a DNS resolver? For DNS blacklist lookups and DNSSEC. Most systems use either a public or a local caching DNS resolver.\nThat's a very bad idea when it comes to filter spam using DNS-based blackhole lists (DNSBL) or similar technics.\nMost if not all providers apply a rate limit based on the DNS resolver that is used to query their service.\nUsing a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.",
"title": "U2F"
}
]
}
Reference in New Issue View Git Blame Copy Permalink