1
0
mirror of https://github.com/mailcow/mailcow-dockerized.git synced 2024-12-10 10:40:15 +02:00
mailcow-dockerized/README.md

195 lines
6.5 KiB
Markdown
Raw Normal View History

2016-12-09 21:40:57 +02:00
# mailcow-dockerized
2016-12-09 21:39:02 +02:00
mailcow dockerized comes with 11 containers linked in a mailcow network:
Dovecot, Memcached, Redis, MariaDB, PowerDNS Recursor, PHP-FPM, Postfix, Nginx, Rmilter, Rspamd and SOGo.
2016-12-11 21:09:08 +02:00
All configurations were written with security in mind.
2016-12-12 10:26:17 +02:00
### Exposed ports:
2016-12-11 21:11:46 +02:00
2016-12-12 22:56:32 +02:00
| Name | Service | Hostname, Alias | External bindings | Internal bindings |
|:------------------|:-------------|:-------------------------------|:---------------------------------------------|:-------------------------------|
| postfix-mailcow | Postfix | ${MAILCOW_HOSTNAME}, postfix | 25/tcp, 465/tcp, 587/tcp | 588/tcp |
| dovecot-mailcow | Dovecot | ${MAILCOW_HOSTNAME}, dovecot | 110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp | 24/tcp, 10001/tcp |
| nginx-mailcow | Nginx | nginx | 443/tcp | 80/tcp, 8081/tcp |
| pdns-mailcow | PowerDNS | pdns | - | 53/udp |
| rspamd-mailcow | Rspamd | rspamd | - | 11333/tcp, 11334/tcp |
| mariadb-mailcow | MariaDB | mysql | - | 3306/tcp |
| rmilter-mailcow | Rmilter | rmilter | - | 9000/tcp |
| phpfpm-mailcow | PHP FPM | phpfpm | - | 9000/tcp |
| sogo-mailcow | SOGo | sogo | - | 9000/tcp |
| redis-mailcow | Redis | redis | - | 6379/tcp |
| memcached-mailcow | Memcached | memcached | - | 11211/tcp |
2016-12-12 22:53:58 +02:00
All containers share a network ${MAILCOW_NETWORK} (name can be changed, but remove all containers and rebuild them after changing).
IPs are dynamic and taken from subnet ${DOCKER_SUBNET}.
2016-12-11 21:09:01 +02:00
2016-12-13 15:02:12 +02:00
FAQ:
- rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash.
- rspamd auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning)
2016-12-13 23:20:19 +02:00
- You can upgrade SOGo by running `docker pull andryyy/mailcow-dockerized:sogo && docker pull andryyy/mailcow-dockerized:nginx` and rebuilding of the SOGo and Nginx container.
2016-12-13 15:02:12 +02:00
- Only Postfix and Rspamd use the PowerDNS resolver for DNSSEC.
- Linking to existing redis and memcached containers will be possible soon
## Installation
2016-12-09 21:39:02 +02:00
2016-12-11 23:03:24 +02:00
1. You need Docker. Most systems can install Docker by running `wget -qO- https://get.docker.com/ | sh`
2016-12-11 21:09:01 +02:00
2016-12-11 23:03:24 +02:00
2. Clone this repository and configure `mailcow.conf`, do not use special chars in passwords in this file (will be fixed soon).
It is almost always enough to just change the hostname.
2016-12-09 21:39:02 +02:00
2016-12-11 23:03:24 +02:00
3. Run `./build-all.sh` - select `Y` when asked to reset the admin password.
2016-12-09 21:39:02 +02:00
Done.
You can now access https://${MAILCOW_HOSTNAME} with the default credentials `admin` + password `moohoo`.
## Configuration after installation
### Rspamd UI access
If you want to use Rspamds web UI, you need to set a Rspamd controller password:
```
# Generate hash
docker exec -it rspamd-mailcow rspamadm pw
```
Replace given hash in data/conf/rspamd/override.d/worker-controller.inc:
```
enable_password = "myhash";
```
Restart rspamd:
```
docker restart rspamd-mailcow
```
Open https://${MAILCOW_HOSTNAME}/rspamd in a browser.
2016-12-12 22:53:58 +02:00
### SSL (and: How to use Let's Encrypt)
mailcow dockerized generates a CA named "mailcow" with a self-signed server certificate in `data/assets/ssl` via `000-build-certs.sh`.
Get the certbot client:
```
2016-12-11 21:09:08 +02:00
wget https://dl.eff.org/certbot-auto -O /usr/local/sbin/certbot && chmod +x /usr/local/sbin/certbot
```
Please disable applications blocking port 80 and run certbot:
```
2016-12-11 21:09:08 +02:00
certbot-auto certonly \
--standalone \
--standalone-supported-challenges http-01 \
-d ${MAILCOW_HOSTNAME} \
--email you@example.org \
--agree-tos
```
2016-12-11 21:09:08 +02:00
Create hard links to the full path of the new certificates. Assuming you are still in the mailcow root folder:
```
2016-12-12 22:53:58 +02:00
mv data/assets/ssl/cert.{pem,pem.backup}
mv data/assets/ssl/key.{pem,pem.backup}
2016-12-11 21:09:08 +02:00
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/fullchain.pem) data/assets/ssl/mail.crt
ln $(readlink -f /etc/letsencrypt/live/${MAILCOW_HOSTNAME}/privkey.pem) data/assets/ssl/mail.key
```
Restart containers which use the certificate:
```
docker restart postfix-mailcow
docker restart dovecot-mailcow
docker restart nginx-mailcow
```
2016-12-09 21:39:02 +02:00
2016-12-11 21:09:08 +02:00
When renewing certificates, run the last two steps (link + restart) as post-hook in certbot.
## Special usage
2016-12-09 21:39:02 +02:00
### build-*.files
(Re)build a container:
```
2016-12-12 11:01:27 +02:00
./n-build-$name.sh
2016-12-09 21:39:02 +02:00
```
2016-12-09 21:40:57 +02:00
**:exclamation:** Any previous container with the same name will be stopped and removed.
2016-12-09 21:39:02 +02:00
No persistent data is deleted at any time.
If an image exists, you will be asked wether or not to repull/rebuild it.
2016-12-12 22:53:58 +02:00
Build files are numbered "nnn" for dependencies.
2016-12-12 22:53:58 +02:00
### Logs
2016-12-12 22:53:58 +02:00
You can use docker logs $name for almost all containers. Only rmilter does not log to stdout. You can check rspamd logs for rmilter responses.
2016-12-11 15:13:17 +02:00
### MariaDB
2016-12-09 21:39:02 +02:00
2016-12-11 15:13:17 +02:00
Connect to MariaDB database:
2016-12-09 21:39:02 +02:00
```
2016-12-12 11:01:27 +02:00
./n-build-sql.sh --client
2016-12-09 21:39:02 +02:00
```
2016-12-12 11:01:27 +02:00
Init schema (will also be installed when running `./n-build-sql.sh` without parameters):
2016-12-09 21:39:02 +02:00
```
2016-12-12 11:01:27 +02:00
./n-build-sql.sh --init-schema
2016-12-09 21:39:02 +02:00
```
Reset mailcow admin to `admin:moohoo`:
```
2016-12-12 11:01:27 +02:00
./n-build-sql.sh --reset-admin
2016-12-11 15:13:17 +02:00
```
Dump database to file backup_${DBNAME}_${DATE}.sql:
```
2016-12-12 11:01:27 +02:00
./n-build-sql.sh --dump
2016-12-09 21:39:02 +02:00
```
Restore database from a file:
```
2016-12-12 11:01:27 +02:00
./n-build-sql.sh --restore filename
2016-12-12 10:39:21 +02:00
```
2016-12-09 21:39:02 +02:00
### Redis
Connect to redis database:
```
2016-12-12 11:01:27 +02:00
./n-build-redis.sh --client
2016-12-09 21:39:02 +02:00
```
### Some examples
2016-12-09 21:39:02 +02:00
Use rspamadm:
```
docker exec -it rspamd-mailcow rspamadm --help
2016-12-09 21:39:02 +02:00
```
Use rspamc:
```
docker exec -it rspamd-mailcow rspamc --help
2016-12-09 21:39:02 +02:00
```
Use doveadm:
```
docker exec -it dovecot-mailcow doveadm
```
2016-12-09 21:39:02 +02:00
### Remove persistent data
2016-12-11 15:13:17 +02:00
MariaDB:
2016-12-09 21:39:02 +02:00
```
2016-12-11 15:13:17 +02:00
docker stop mariadb-mailcow
docker rm mariadb-mailcow
2016-12-09 21:39:02 +02:00
rm -rf data/db/mysql/*
2016-12-12 11:01:27 +02:00
./n-build-sql.sh
2016-12-09 21:39:02 +02:00
```
Redis:
```
# If you feel hardcore:
docker stop redis-mailcow
docker rm redus-mailcow
rm -rf data/db/redis/*
2016-12-12 11:01:27 +02:00
./n-build-redis.sh
2016-12-09 21:39:02 +02:00
## It is almost always enough to just flush all keys:
2016-12-12 11:01:27 +02:00
./n-build-redis client
2016-12-09 21:39:02 +02:00
# FLUSHALL [ENTER]
```