mirror of
https://github.com/mailcow/mailcow-dockerized.git
synced 2024-12-23 02:04:46 +02:00
542 lines
23 KiB
HTML
542 lines
23 KiB
HTML
<!DOCTYPE html>
|
|
<!--[if IE 8]><html class="no-js lt-ie9" lang="en" > <![endif]-->
|
|
<!--[if gt IE 8]><!--> <html class="no-js" lang="en" > <!--<![endif]-->
|
|
<head>
|
|
<meta charset="utf-8">
|
|
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
|
|
|
|
<link rel="shortcut icon" href="../img/favicon.ico">
|
|
<title>Usage & Examples - mailcow: dockerized</title>
|
|
<link href='https://fonts.googleapis.com/css?family=Lato:400,700|Roboto+Slab:400,700|Inconsolata:400,700' rel='stylesheet' type='text/css'>
|
|
|
|
<link rel="stylesheet" href="../css/theme.css" type="text/css" />
|
|
<link rel="stylesheet" href="../css/theme_extra.css" type="text/css" />
|
|
<link rel="stylesheet" href="../css/highlight.css">
|
|
|
|
<script>
|
|
// Current page data
|
|
var mkdocs_page_name = "Usage & Examples";
|
|
var mkdocs_page_input_path = "u_and_e.md";
|
|
var mkdocs_page_url = "/u_and_e/";
|
|
</script>
|
|
|
|
<script src="../js/jquery-2.1.1.min.js"></script>
|
|
<script src="../js/modernizr-2.8.3.min.js"></script>
|
|
<script type="text/javascript" src="../js/highlight.pack.js"></script>
|
|
|
|
</head>
|
|
|
|
<body class="wy-body-for-nav" role="document">
|
|
|
|
<div class="wy-grid-for-nav">
|
|
|
|
|
|
<nav data-toggle="wy-nav-shift" class="wy-nav-side stickynav">
|
|
<div class="wy-side-nav-search">
|
|
<a href=".." class="icon icon-home"> mailcow: dockerized</a>
|
|
<div role="search">
|
|
<form id ="rtd-search-form" class="wy-form" action="../search.html" method="get">
|
|
<input type="text" name="q" placeholder="Search docs" />
|
|
</form>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
|
|
<ul class="current">
|
|
|
|
<li>
|
|
<li class="toctree-l1 ">
|
|
<a class="" href="..">Overview</a>
|
|
|
|
</li>
|
|
<li>
|
|
|
|
<li>
|
|
<li class="toctree-l1 ">
|
|
<a class="" href="../install/">Installation</a>
|
|
|
|
</li>
|
|
<li>
|
|
|
|
<li>
|
|
<li class="toctree-l1 ">
|
|
<a class="" href="../first_steps/">First Steps</a>
|
|
|
|
</li>
|
|
<li>
|
|
|
|
<li>
|
|
<li class="toctree-l1 current">
|
|
<a class="current" href="./">Usage & Examples</a>
|
|
|
|
<ul>
|
|
|
|
<li class="toctree-l3"><a href="#anonymize-headers-for-smtp-relayed">Anonymize headers for smtp relayed</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#backup-and-restore-maildir-simple-tar-file">Backup and restore maildir (simple tar file)</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#backup">Backup</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#restore">Restore</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#black-and-whitelist">Black- and Whitelist</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#change-default-theme">Change default theme</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#customize-dockerfiles">Customize Dockerfiles</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#do-not-check-sender-addresses-for-any-domain">Do not check sender addresses for any domain</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#install-roundcube">Install Roundcube</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#enable-password-changing">Enable password changing</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#learn-spam-and-ham">Learn spam and ham</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#mysql">MySQL</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#connect-to-the-mysql-database">Connect to the MySQL database:</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#backup-the-database">Backup the database:</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#restore-the-database">Restore the database:</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#read-logs">Read logs</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#redirect-port-80-to-443">Redirect port 80 to 443</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#redis">Redis</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#connect-to-redis-key-store">Connect to redis key store:</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#remove-persistent-data">Remove persistent data</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#rspamd">Rspamd</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#rspamd-cli-tools">Rspamd CLI tools</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#adjust-service-configurations">Adjust service configurations</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#tagging">Tagging</a></li>
|
|
|
|
|
|
<li class="toctree-l3"><a href="#two-factor-authentication">Two-factor authentication</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#yubi-otp">Yubi OTP</a></li>
|
|
|
|
<li><a class="toctree-l4" href="#u2f">U2F</a></li>
|
|
|
|
|
|
</ul>
|
|
|
|
</li>
|
|
<li>
|
|
|
|
</ul>
|
|
</div>
|
|
|
|
</nav>
|
|
|
|
<section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">
|
|
|
|
|
|
<nav class="wy-nav-top" role="navigation" aria-label="top navigation">
|
|
<i data-toggle="wy-nav-top" class="fa fa-bars"></i>
|
|
<a href="..">mailcow: dockerized</a>
|
|
</nav>
|
|
|
|
|
|
<div class="wy-nav-content">
|
|
<div class="rst-content">
|
|
<div role="navigation" aria-label="breadcrumbs navigation">
|
|
<ul class="wy-breadcrumbs">
|
|
<li><a href="..">Docs</a> »</li>
|
|
|
|
|
|
|
|
<li>Usage & Examples</li>
|
|
<li class="wy-breadcrumbs-aside">
|
|
|
|
<a href="https://github.com/andryyy/mailcow-dockerized/edit/master/docs/u_and_e.md"
|
|
class="icon icon-github"> Edit on GitHub</a>
|
|
|
|
</li>
|
|
</ul>
|
|
<hr/>
|
|
</div>
|
|
<div role="main">
|
|
<div class="section">
|
|
|
|
<h1 id="anonymize-headers-for-smtp-relayed">Anonymize headers for smtp relayed</h1>
|
|
<p>Save as <code>data/conf/postfix/mailcow_anonymize_headers.pcre</code>:</p>
|
|
<pre><code>/^\s*Received:[^\)]+\)\s+\(Authenticated sender:(.+)/
|
|
REPLACE Received: from localhost (localhost [127.0.0.1]) (Authenticated sender:$1
|
|
/^\s*User-Agent/ IGNORE
|
|
/^\s*X-Enigmail/ IGNORE
|
|
/^\s*X-Mailer/ IGNORE
|
|
/^\s*X-Originating-IP/ IGNORE
|
|
/^\s*X-Forward/ IGNORE
|
|
/^\s*Mime-Version:/ IGNORE
|
|
</code></pre>
|
|
|
|
<p>Add this to <code>data/conf/postfix/main.cf</code>:</p>
|
|
<pre><code>smtp_header_checks = pcre:/opt/postfix/conf/mailcow_anonymize_headers.pcre
|
|
</code></pre>
|
|
|
|
<h1 id="backup-and-restore-maildir-simple-tar-file">Backup and restore maildir (simple tar file)</h1>
|
|
<h3 id="backup"><strong>Backup</strong></h3>
|
|
<p>This line backups the vmail directory to a file backup_vmail.tar.gz in the mailcow root directory:</p>
|
|
<pre><code>cd /path/to/mailcow-dockerized
|
|
source mailcow.conf
|
|
DATE=$(date +"%Y%m%d_%H%M%S")
|
|
docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar cvfz /backup/backup_vmail.tar.gz /vmail
|
|
</code></pre>
|
|
|
|
<p>You can change the path by adjusting ${PWD} (which equals to the current directory) to any path you have write-access to.
|
|
Set the filename <code>backup_vmail.tar.gz</code> to any custom name, but leave the path as it is. Example: <code>[...] tar cvfz /backup/my_own_filename_.tar.gz</code></p>
|
|
<h3 id="restore"><strong>Restore</strong></h3>
|
|
<pre><code>cd /path/to/mailcow-dockerized
|
|
source mailcow.conf
|
|
DATE=$(date +"%Y%m%d_%H%M%S")
|
|
docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker-compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:jessie tar xvfz /backup/backup_vmail.tar.gz
|
|
</code></pre>
|
|
|
|
<p>For the tab-tab... :-)</p>
|
|
<pre><code>curl -L https://raw.githubusercontent.com/docker/compose/$(docker-compose version --short)/contrib/completion/bash/docker-compose -o /etc/bash_completion.d/docker-compose
|
|
</code></pre>
|
|
|
|
<h1 id="black-and-whitelist">Black- and Whitelist</h1>
|
|
<p>Edit a domain as (domain) administrator to add an item to the filter table.</p>
|
|
<p>Beware that a mailbox user can login to mailcow and override a domain policy filter item. </p>
|
|
<h1 id="change-default-theme">Change default theme</h1>
|
|
<p>mailcow uses <a href="http://getbootstrap.com/">Bootstrap</a>, a HTML, CSS, and JS framework.</p>
|
|
<p>Open or create the file <code>data/web/inc/vars.local.inc.php</code> and change <code>DEFAULT_THEME</code> to either cerulean, cosmo, custom, cyborg, darkly, flatly, journal, paper, readable, sandstone, simplex, slate, spacelab, superhero, united or yeti (see https://bootswatch.com/):</p>
|
|
<pre><code><?php
|
|
$DEFAULT_THEME = "paper";
|
|
</code></pre>
|
|
|
|
<h1 id="customize-dockerfiles">Customize Dockerfiles</h1>
|
|
<p>Make your changes in <code>data/Dockerfiles/$service</code> and build the image locally:</p>
|
|
<pre><code>docker build data/Dockerfiles/service -t andryyy/mailcow-dockerized:$service
|
|
</code></pre>
|
|
|
|
<p>Now auto-recreate modified containers:</p>
|
|
<pre><code>docker-compose up -d
|
|
</code></pre>
|
|
|
|
<h1 id="do-not-check-sender-addresses-for-any-domain">Do not check sender addresses for any domain</h1>
|
|
<p>This option is not best-practice and should only be implemented when there is no other option available to archive whatever you are trying to do.</p>
|
|
<p>Simply create a file <code>data/conf/postfix/check_sender_access</code> and enter the following content:</p>
|
|
<pre><code>user-to-allow-everything@example.com OK
|
|
</code></pre>
|
|
|
|
<p>Open <code>data/conf/postfix/main.cf</code> and find <code>smtpd_sender_restrictions</code>. Prepend <code>check_sasl_access hash:/opt/postfix/conf/check_sender_access</code> like this:</p>
|
|
<pre><code>smtpd_sender_restrictions = check_sasl_access hash:/opt/postfix/conf/check_sender_access reject_authenticated_sender [...]
|
|
</code></pre>
|
|
|
|
<p>Run postmap on check_sasl_access:</p>
|
|
<pre><code>docker-compose exec postfix-mailcow postmap /opt/postfix/conf/check_sasl_access
|
|
</code></pre>
|
|
|
|
<p>Restart the Postfix container.</p>
|
|
<h1 id="install-roundcube">Install Roundcube</h1>
|
|
<p>Download Roundcube 1.3.x (beta at the time of Feb 2017) to the web htdocs directory and extract it (here <code>rc/</code>):</p>
|
|
<pre><code>cd data/web/rc
|
|
wget -O - https://github.com/roundcube/roundcubemail/releases/download/1.3-beta/roundcubemail-1.3-beta-complete.tar.gz | tar xfvz -
|
|
# Change folder name
|
|
mv roundcubemail-1.3* rc
|
|
# Change permissions
|
|
chown -R root: rc/
|
|
</code></pre>
|
|
|
|
<p>Create a file <code>data/web/rc/config/config.inc.php</code> with the following content.</p>
|
|
<p><strong>Change the <code>des_key</code> parameter to a random value.</strong> It is used to temporarily store your IMAP password.</p>
|
|
<pre><code><?php
|
|
error_reporting(0);
|
|
if (!file_exists('/tmp/mime.types')) {
|
|
file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
|
|
}
|
|
$config = array();
|
|
$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
|
|
$config['default_host'] = 'tls://dovecot';
|
|
$config['default_port'] = '143';
|
|
$config['smtp_server'] = 'tls://postfix';
|
|
$config['smtp_port'] = 587;
|
|
$config['smtp_user'] = '%u';
|
|
$config['smtp_pass'] = '%p';
|
|
$config['support_url'] = '';
|
|
$config['product_name'] = 'Roundcube Webmail';
|
|
$config['des_key'] = 'rcmail-!24ByteDESkey*Str';
|
|
$config['log_dir'] = '/dev/null';
|
|
$config['temp_dir'] = '/tmp';
|
|
$config['plugins'] = array(
|
|
'archive',
|
|
);
|
|
$config['skin'] = 'larry';
|
|
$config['mime_types'] = '/tmp/mime.types';
|
|
$config['imap_conn_options'] = array(
|
|
'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
|
|
);
|
|
$config['enable_installer'] = false;
|
|
$config['smtp_conn_options'] = array(
|
|
'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
|
|
);
|
|
</code></pre>
|
|
|
|
<p>Point your browser to <code>https://myserver/rc/installer</code> and follow the instructions.
|
|
Initialize the database and leave the installer.
|
|
<strong>Delete the directory <code>data/web/rc/installer</code> after a successful installation!</strong></p>
|
|
<h2 id="enable-password-changing">Enable password changing</h2>
|
|
<p>Open <code>data/web/rc/config.inc.php</code> and enable the password plugin:</p>
|
|
<pre><code>...
|
|
$config['plugins'] = array(
|
|
'archive',
|
|
'password',
|
|
);
|
|
...
|
|
</code></pre>
|
|
|
|
<p>Open <code>data/web/rc/plugins/password/password.php</code>, search for <code>case 'ssha':</code> and add above:</p>
|
|
<pre><code> case 'ssha256':
|
|
$salt = rcube_utils::random_bytes(8);
|
|
$crypted = base64_encode( hash('sha256', $password . $salt, TRUE ) . $salt );
|
|
$prefix = '{SSHA256}';
|
|
break;
|
|
</code></pre>
|
|
|
|
<p>Open <code>data/web/rc/plugins/password/config.inc.php</code> and change the following parameters (or add them at the bottom of that file):</p>
|
|
<pre><code>$config['password_driver'] = 'sql';
|
|
$config['password_algorithm'] = 'ssha256';
|
|
$config['password_algorithm_prefix'] = '{SSHA256}';
|
|
$config['password_query'] = "UPDATE mailbox SET password = %P WHERE username = %u";
|
|
</code></pre>
|
|
|
|
<h1 id="learn-spam-and-ham">Learn spam and ham</h1>
|
|
<p>Rspamd learns mail as spam or ham when you move a message in or out of the junk folder to any mailbox besides trash.
|
|
This is archived by using the Dovecot plugin "antispam" and a simple parser script.</p>
|
|
<p>Rspamd also auto-learns mail when a high or low score is detected (see https://rspamd.com/doc/configuration/statistic.html#autolearning)</p>
|
|
<p>The bayes statistics are written to Redis as keys <code>BAYES_HAM</code> and <code>BAYES_SPAM</code>.</p>
|
|
<p>You can also use Rspamds web ui to learn ham and/or spam.</p>
|
|
<h1 id="mysql">MySQL</h1>
|
|
<h3 id="connect-to-the-mysql-database">Connect to the MySQL database:</h3>
|
|
<pre><code>source mailcow.conf
|
|
docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME}
|
|
</code></pre>
|
|
|
|
<h3 id="backup-the-database">Backup the database:</h3>
|
|
<pre><code>cd /path/to/mailcow-dockerized
|
|
source mailcow.conf
|
|
DATE=$(date +"%Y%m%d_%H%M%S")
|
|
docker-compose exec mysql-mailcow mysqldump --default-character-set=utf8mb4 -u${DBUSER} -p${DBPASS} ${DBNAME} > backup_${DBNAME}_${DATE}.sql
|
|
</code></pre>
|
|
|
|
<h3 id="restore-the-database">Restore the database:</h3>
|
|
<pre><code>cd /path/to/mailcow-dockerized
|
|
source mailcow.conf
|
|
docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} < backup_file.sql
|
|
</code></pre>
|
|
|
|
<h1 id="read-logs">Read logs</h1>
|
|
<p>You can use <code>docker-compose logs $service-name</code> for all containers.</p>
|
|
<p>Run <code>docker-compose logs</code> for all logs at once.</p>
|
|
<p>Follow the log output by running docker-compose with <code>logs -f</code>.</p>
|
|
<h1 id="redirect-port-80-to-443">Redirect port 80 to 443</h1>
|
|
<p>Since February the 28th 2017 mailcow does come with port 80 and 443 enabled.</p>
|
|
<p>Open <code>mailcow.conf</code> and set <code>HTTP_BIND=0.0.0.0</code>.</p>
|
|
<p>Open <code>data/conf/nginx/site.conf</code> and add a new "catch-all" site at the top of that file:</p>
|
|
<pre><code>server {
|
|
listen 80 default_server;
|
|
server_name _;
|
|
return 301 https://$host$request_uri;
|
|
}
|
|
</code></pre>
|
|
|
|
<p>Restart the stack, changed containers will be updated:</p>
|
|
<p><code>docker-compose up -d</code></p>
|
|
<h1 id="redis">Redis</h1>
|
|
<h2 id="connect-to-redis-key-store">Connect to redis key store:</h2>
|
|
<pre><code>docker-compose exec redis-mailcow redis-cli
|
|
</code></pre>
|
|
|
|
<h1 id="remove-persistent-data">Remove persistent data</h1>
|
|
<ul>
|
|
<li>Remove volume <code>mysql-vol-1</code> to remove all MySQL data.</li>
|
|
<li>Remove volume <code>redis-vol-1</code> to remove all Redis data.</li>
|
|
<li>Remove volume <code>vmail-vol-1</code> to remove all contents of <code>/var/vmail</code> mounted to <code>dovecot-mailcow</code>.</li>
|
|
<li>Remove volume <code>dkim-vol-1</code> to remove all DKIM keys.</li>
|
|
<li>Remove volume <code>rspamd-vol-1</code> to remove all Rspamd data.</li>
|
|
</ul>
|
|
<p>Running <code>docker-compose down -v</code> will <strong>destroy all mailcow: dockerized volumes</strong> and delete any related containers.Reset mailcow admin to <code>admin:moohoo</code>:</p>
|
|
<ol>
|
|
<li>Drop admin table</li>
|
|
</ol>
|
|
<pre><code>source mailcow.conf
|
|
docker-compose exec mysql-mailcow mysql -u${DBUSER} -p${DBPASS} ${DBNAME} -e "DROP TABLE admin;"
|
|
</code></pre>
|
|
|
|
<ol>
|
|
<li>Open mailcow UI to auto-init the db</li>
|
|
</ol>
|
|
<h1 id="rspamd">Rspamd</h1>
|
|
<h2 id="rspamd-cli-tools">Rspamd CLI tools</h2>
|
|
<pre><code>docker-compose exec rspamd-mailcow rspamc --help
|
|
docker-compose exec rspamd-mailcow rspamadm --help
|
|
</code></pre>
|
|
|
|
<p>See <a href="https://rspamd.com/doc/index.html">Rspamd documentation</a></p>
|
|
<h1 id="adjust-service-configurations">Adjust service configurations</h1>
|
|
<p>The most important configuration files are mounted from the host into the related containers:</p>
|
|
<pre><code>data/conf
|
|
├── bind9
|
|
│ └── named.conf
|
|
├── dovecot
|
|
│ ├── dovecot.conf
|
|
│ ├── dovecot-master.passwd
|
|
│ ├── sieve_after
|
|
│ └── sql
|
|
│ ├── dovecot-dict-sql.conf
|
|
│ └── dovecot-mysql.conf
|
|
├── mysql
|
|
│ └── my.cnf
|
|
├── nginx
|
|
│ ├── dynmaps.conf
|
|
│ ├── site.conf
|
|
│ └── templates
|
|
│ ├── listen_plain.template
|
|
│ ├── listen_ssl.template
|
|
│ └── server_name.template
|
|
├── pdns
|
|
│ ├── pdns_custom.lua
|
|
│ └── recursor.conf
|
|
├── postfix
|
|
│ ├── main.cf
|
|
│ ├── master.cf
|
|
│ ├── postscreen_access.cidr
|
|
│ ├── smtp_dsn_filter
|
|
│ └── sql
|
|
│ ├── mysql_relay_recipient_maps.cf
|
|
│ ├── mysql_tls_enforce_in_policy.cf
|
|
│ ├── mysql_tls_enforce_out_policy.cf
|
|
│ ├── mysql_virtual_alias_domain_catchall_maps.cf
|
|
│ ├── mysql_virtual_alias_domain_maps.cf
|
|
│ ├── mysql_virtual_alias_maps.cf
|
|
│ ├── mysql_virtual_domains_maps.cf
|
|
│ ├── mysql_virtual_mailbox_maps.cf
|
|
│ ├── mysql_virtual_relay_domain_maps.cf
|
|
│ ├── mysql_virtual_sender_acl.cf
|
|
│ └── mysql_virtual_spamalias_maps.cf
|
|
├── rmilter
|
|
│ └── rmilter.conf
|
|
├── rspamd
|
|
│ ├── dynmaps
|
|
│ │ ├── authoritative.php
|
|
│ │ ├── settings.php
|
|
│ │ ├── tags.php
|
|
│ │ └── vars.inc.php -> ../../../web/inc/vars.inc.php
|
|
│ ├── local.d
|
|
│ │ ├── dkim.conf
|
|
│ │ ├── metrics.conf
|
|
│ │ ├── options.inc
|
|
│ │ ├── redis.conf
|
|
│ │ ├── rspamd.conf.local
|
|
│ │ └── statistic.conf
|
|
│ ├── lua
|
|
│ │ └── rspamd.local.lua
|
|
│ └── override.d
|
|
│ ├── logging.inc
|
|
│ ├── worker-controller.inc
|
|
│ └── worker-normal.inc
|
|
└── sogo
|
|
├── sieve.creds
|
|
└── sogo.conf
|
|
|
|
</code></pre>
|
|
|
|
<p>Just change the according configuration file on the host and restart the related service: <code>docker-compose restart service-mailcow</code></p>
|
|
<h1 id="tagging">Tagging</h1>
|
|
<p>Mailbox users can tag their mail address like in <code>me+facebook@example.org</code> and choose between to setups to handle this tag:</p>
|
|
<ol>
|
|
<li>Move this message to a subfolder "facebook" (will be created lower case if not existing)</li>
|
|
<li>Prepend the tag to the subject: "[facebook] Subject"</li>
|
|
</ol>
|
|
<h1 id="two-factor-authentication">Two-factor authentication</h1>
|
|
<p>So far two methods for TFA are impelemented. Both work with the fantastic <a href="https://www.yubico.com">Yubikey</a>. </p>
|
|
<p>While Yubi OTP needs an active internet connection and an API ID/key, U2F will work with any FIDO U2F USB key out of the box.</p>
|
|
<p>Both methods support mulitple YubiKeys.</p>
|
|
<p>As administrator you are able to temporary disable a domain adminsitrators TFA login until they successfully logged in.</p>
|
|
<p>The key used to login will be displayed in green, while other keys remain grey.</p>
|
|
<h2 id="yubi-otp">Yubi OTP</h2>
|
|
<p>The Yubi API ID and Key will be checked against the Yubico Cloud API. When setting up TFA you will be asked for your personal API account for this key.
|
|
The API ID, API key and the first 12 characters (your YubiKeys ID in modhex) are stored in the MySQL table as secret.</p>
|
|
<h2 id="u2f">U2F</h2>
|
|
<p>Only Google Chrome (+derivates) and Opera support U2F authentication to this day natively.
|
|
For Firefox you will need to install the "U2F Support Add-on" as provided on <a href="https://addons.mozilla.org/en-US/firefox/addon/u2f-support-add-on/">mozilla.org</a>.
|
|
U2F works without an internet connection.# Why does mailcow come with a DNS resolver?</p>
|
|
<p>For DNS blacklist lookups and DNSSEC.</p>
|
|
<p>Most systems use either a public or a local caching DNS resolver.
|
|
That's a very bad idea when it comes to filter spam using DNS-based blackhole lists (DNSBL) or similar technics.
|
|
Most if not all providers apply a rate limit based on the DNS resolver that is used to query their service.
|
|
Using a public resolver like Googles 4x8, OpenDNS or any other shared DNS resolver like your ISPs will hit that limit very soon.</p>
|
|
|
|
</div>
|
|
</div>
|
|
<footer>
|
|
|
|
<div class="rst-footer-buttons" role="navigation" aria-label="footer navigation">
|
|
|
|
|
|
<a href="../first_steps/" class="btn btn-neutral" title="First Steps"><span class="icon icon-circle-arrow-left"></span> Previous</a>
|
|
|
|
</div>
|
|
|
|
|
|
<hr/>
|
|
|
|
<div role="contentinfo">
|
|
<!-- Copyright etc -->
|
|
|
|
</div>
|
|
|
|
Built with <a href="http://www.mkdocs.org">MkDocs</a> using a <a href="https://github.com/snide/sphinx_rtd_theme">theme</a> provided by <a href="https://readthedocs.org">Read the Docs</a>.
|
|
</footer>
|
|
|
|
</div>
|
|
</div>
|
|
|
|
</section>
|
|
|
|
</div>
|
|
|
|
<div class="rst-versions" role="note" style="cursor: pointer">
|
|
<span class="rst-current-version" data-toggle="rst-current-version">
|
|
|
|
<a href="https://github.com/andryyy/mailcow-dockerized/" class="icon icon-github" style="float: left; color: #fcfcfc"> GitHub</a>
|
|
|
|
|
|
<span><a href="../first_steps/" style="color: #fcfcfc;">« Previous</a></span>
|
|
|
|
|
|
</span>
|
|
</div>
|
|
<script src="../js/theme.js"></script>
|
|
|
|
</body>
|
|
</html>
|