From d0f759accae612eec2520de97eaad3fa8aebc527 Mon Sep 17 00:00:00 2001 From: Patrick Oberdorf Date: Wed, 14 Feb 2018 12:15:45 +0100 Subject: [PATCH 01/23] Adding unbound as dns resolver --- core/unbound/Dockerfile | 14 +++++ core/unbound/unbound.conf | 19 +++++++ docs/compose/.env | 3 ++ docs/compose/docker-compose.yml | 94 ++++++++++++++++++++++++++++++++- 4 files changed, 129 insertions(+), 1 deletion(-) create mode 100644 core/unbound/Dockerfile create mode 100644 core/unbound/unbound.conf diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile new file mode 100644 index 00000000..6ae8a6ee --- /dev/null +++ b/core/unbound/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:edge + +RUN apk add --no-cache unbound curl \ + && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ + && chown root:unbound /etc/unbound \ + && chmod 775 /etc/unbound \ + && apk del --no-cache curl \ + && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true + +COPY unbound.conf /etc/unbound/unbound.conf + +EXPOSE 53/udp 53/tcp + +CMD /usr/sbin/unbound diff --git a/core/unbound/unbound.conf b/core/unbound/unbound.conf new file mode 100644 index 00000000..d2d9ce74 --- /dev/null +++ b/core/unbound/unbound.conf @@ -0,0 +1,19 @@ +server: + verbosity: 1 + interface: 0.0.0.0 + interface: ::0 + logfile: /dev/stdout + do-ip4: yes + do-ip6: yes + do-udp: yes + do-tcp: yes + do-daemonize: no + access-control: 0.0.0.0/0 allow + directory: "/etc/unbound" + username: unbound + auto-trust-anchor-file: trusted-key.key + root-hints: "/etc/unbound/root.hints" + hide-identity: yes + hide-version: yes + max-udp-size: 4096 + msg-buffer-size: 65552 diff --git a/docs/compose/.env b/docs/compose/.env index 6f330b64..e4c6dff9 100644 --- a/docs/compose/.env +++ b/docs/compose/.env @@ -21,6 +21,9 @@ SECRET_KEY=ChangeMeChangeMe BIND_ADDRESS4=127.0.0.1 BIND_ADDRESS6=::1 +# Internal Docker network +IPV4_NETWORK=172.22.1 + # Main mail domain DOMAIN=mailu.io diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index 740a5ffc..dc674a2b 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2' +version: '2.1' services: @@ -27,12 +27,37 @@ services: - "$BIND_ADDRESS6:587:587" volumes: - "$ROOT/certs:/certs" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - front + + unbound: + image: mailu/unbound:$VERSION + restart: always + networks: + backend: + ipv4_address: ${IPV4_NETWORK:-172.22.1}.254 + aliases: + - unbound redis: image: redis:alpine restart: always volumes: - "$ROOT/redis:/data" + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + depends_on: + - unbound + networks: + backend: + aliases: + - redis imap: image: mailu/dovecot:$VERSION @@ -44,6 +69,13 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - imap smtp: image: mailu/postfix:$VERSION @@ -54,6 +86,13 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - smtp antispam: image: mailu/rspamd:$VERSION @@ -65,6 +104,13 @@ services: - "$ROOT/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - antispam antivirus: image: mailu/$ANTIVIRUS:$VERSION @@ -72,6 +118,14 @@ services: env_file: .env volumes: - "$ROOT/filter:/data" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - antivirus webdav: image: mailu/$WEBDAV:$VERSION @@ -79,6 +133,14 @@ services: env_file: .env volumes: - "$ROOT/dav:/data" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - webdav admin: image: mailu/admin:$VERSION @@ -90,6 +152,13 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro depends_on: - redis + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - admin webmail: image: "mailu/$WEBMAIL:$VERSION" @@ -99,6 +168,13 @@ services: - "$ROOT/webmail:/data" depends_on: - imap + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - webmail fetchmail: image: mailu/fetchmail:$VERSION @@ -106,3 +182,19 @@ services: env_file: .env volumes: - "$ROOT/data:/data" + depends_on: + - unbound + dns: + - ${IPV4_NETWORK:-172.22.1}.254 + networks: + backend: + aliases: + - fetchmail + +networks: + backend: + driver: bridge + ipam: + driver: default + config: + - subnet: ${IPV4_NETWORK:-172.22.1}.0/24 From ada09f7922dd50656bbaa99f0c624ad2f90eb1d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 9 Oct 2018 12:35:08 +0300 Subject: [PATCH 02/23] Unbound: Use alpine:3.8 --- core/unbound/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile index 6ae8a6ee..3c7f0e7a 100644 --- a/core/unbound/Dockerfile +++ b/core/unbound/Dockerfile @@ -1,4 +1,4 @@ -FROM alpine:edge +FROM alpine:3.8 RUN apk add --no-cache unbound curl \ && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ From 013d02d7264c182db459a7d67acc7d941eb68f4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 9 Oct 2018 14:11:59 +0300 Subject: [PATCH 03/23] Add unbound to the build directive --- tests/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/build.yml b/tests/build.yml index 0b6858a0..e0123ca7 100644 --- a/tests/build.yml +++ b/tests/build.yml @@ -6,6 +6,10 @@ services: image: $DOCKER_ORG/nginx:$VERSION build: ../core/nginx + unbound: + image: $DOCKER_ORG/unbound:$VERSION + build: ../core/unbound + imap: image: $DOCKER_ORG/dovecot:$VERSION build: ../core/dovecot From cde22be4c9f4dec9889c75ba1dc7f234b586ba0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 9 Oct 2018 14:50:09 +0300 Subject: [PATCH 04/23] Some cleanup and changes: - Don't upgrade the docker-compose file. (Not in the scope of this feature) - No need to use aliases. Docker already resolves to service names - Use a fixed IP range, which stays clear of the network ranges used by Docker. (172.xx.0.0/16) --- docs/compose/.env | 3 -- docs/compose/docker-compose.yml | 72 +++++++-------------------------- 2 files changed, 15 insertions(+), 60 deletions(-) diff --git a/docs/compose/.env b/docs/compose/.env index 5378d37e..721aaf22 100644 --- a/docs/compose/.env +++ b/docs/compose/.env @@ -21,9 +21,6 @@ SECRET_KEY=ChangeMeChangeMe BIND_ADDRESS4=127.0.0.1 BIND_ADDRESS6=::1 -# Internal Docker network -IPV4_NETWORK=172.22.1 - # Main mail domain DOMAIN=mailu.io diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index dc674a2b..8038a0bf 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2.1' +version: '2' services: @@ -30,20 +30,14 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - front + - 10.177.20.254 unbound: image: mailu/unbound:$VERSION restart: always networks: - backend: - ipv4_address: ${IPV4_NETWORK:-172.22.1}.254 - aliases: - - unbound + default: + ipv4_address: 10.177.20.254 redis: image: redis:alpine @@ -51,13 +45,9 @@ services: volumes: - "$ROOT/redis:/data" dns: - - ${IPV4_NETWORK:-172.22.1}.254 + - 10.177.20.254 depends_on: - unbound - networks: - backend: - aliases: - - redis imap: image: mailu/dovecot:$VERSION @@ -71,11 +61,7 @@ services: - front - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - imap + - 10.177.20.254 smtp: image: mailu/postfix:$VERSION @@ -88,11 +74,7 @@ services: - front - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - smtp + - 10.177.20.254 antispam: image: mailu/rspamd:$VERSION @@ -106,11 +88,7 @@ services: - front - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - antispam + - 10.177.20.254 antivirus: image: mailu/$ANTIVIRUS:$VERSION @@ -121,11 +99,7 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - antivirus + - 10.177.20.254 webdav: image: mailu/$WEBDAV:$VERSION @@ -136,11 +110,7 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - webdav + - 10.177.20.254 admin: image: mailu/admin:$VERSION @@ -154,11 +124,7 @@ services: - redis - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - admin + - 10.177.20.254 webmail: image: "mailu/$WEBMAIL:$VERSION" @@ -170,11 +136,7 @@ services: - imap - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - webmail + - 10.177.20.254 fetchmail: image: mailu/fetchmail:$VERSION @@ -185,16 +147,12 @@ services: depends_on: - unbound dns: - - ${IPV4_NETWORK:-172.22.1}.254 - networks: - backend: - aliases: - - fetchmail + - 10.177.20.254 networks: - backend: + default: driver: bridge ipam: driver: default config: - - subnet: ${IPV4_NETWORK:-172.22.1}.0/24 + - subnet: 10.177.20.0/24 From f4ef0eed09a31a5ee609414046a99c8cf0d02be3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Fri, 12 Oct 2018 20:48:44 +0300 Subject: [PATCH 05/23] Wrote informational section of the FAQ --- docs/faq.rst | 97 ++++++++++++++++++++++++++++++++++++++++++++++++++ docs/index.rst | 1 + 2 files changed, 98 insertions(+) create mode 100644 docs/faq.rst diff --git a/docs/faq.rst b/docs/faq.rst new file mode 100644 index 00000000..8c5b5598 --- /dev/null +++ b/docs/faq.rst @@ -0,0 +1,97 @@ +Frequently asked questions +========================== + +Informational +------------- + +Where to ask questions? +``````````````````````` + +First, please read this FAQ to check if your question is listed here. +Simple questions best fit in our `Matrix`_ room. +For more complex questions, you can always open a `new issue`_ on GitHub. +We actively monitor the issues list. + + +My installation is broken! +`````````````````````````` + +We're sorry to hear that. Please check for common mistakes and troubleshooting +advice in the `Technical issues`_ section of this page. + +I think I found a bug! +`````````````````````` + +If you did not manage to solve the issue using this FAQ and there is not any +`open issues`_ describing the same problem, you can continue to open a +`new issue`_ on GitHub. + +I want a new feature or enhancement! +```````````````````````````````````` + +Great! We are always open for suggestions. We currently maintain two tags: + +- `Enhancement issues`_: Typically used for optimization of features in the project. +- `Feature request issues`_: For implementing new functionality, + plugins and applications. + +Please check if your idea (or something similar) is already mentioned there. +If there is one open, you can choose to vote with a thumbs up, so we can +estimate the popular demand. Please refrain from writing comments like +*"me too"* as it clobbers the actual discussion. + +If you can't find anything similar, you can open a `new issue`_. +Please also share (where applicable): + +- Use case: how does this improve the project? +- Any research done on the subject. Perhaps some links to upstream website, + reference implementations etc. + +Why does my feature/bug take so long to solve? +`````````````````````````````````````````````` + +You should be aware that creating, maintaining and expanding a mail server +distribution requires a lot of effort. Mail servers are highly exposed to hacking attempts, +open relay scanners, spam and malware distributors etc. We need to work in a safe way and +have to prevent pushing out something quickly. + +We currently maintain a strict work flow: + +#. Someone writes a solution and sends a pull request; +#. We use Travis-CI fore some very basic building and testing; +#. The pull request needs to be code-reviewed and tested by at least two members + from the contributors team. + +Please consider that this project is mostly developed in people their free time. +We thank you for your understanding and patience. + +I would to donate (for a feature) +````````````````````````````````` + +Donations are welcome at the `patreon`_ account of the project lead. It will be used to pay +for infra structure and project related costs. If there are leftovers, it will be distributed +among the developers. + +It is not yet possible to pay for a specific feature. We don't have +any bounty system implemented. Feel free to come with suggestions in +our ongoing `project management`_ discussion issue. + + +.. _`Matrix`: https://matrix.to/#/#mailu:tedomum.net +.. _`open issues`: https://github.com/Mailu/Mailu/issues +.. _`new issue`: https://github.com/Mailu/Mailu/issues/new +.. _`Enhancement issues`: https://github.com/Mailu/Mailu/issues?q=is%3Aissue+is%3Aopen+label%3Atype%2Fenhancement +.. _`Feature request issues`: https://github.com/Mailu/Mailu/issues?q=is%3Aopen+is%3Aissue+label%3Atype%2Ffeature +.. _`patreon`: https://patreon.com/kaiyou +.. _`project management`: https://github.com/Mailu/Mailu/issues/508 + +Deployment related +------------------ + + +Technical issues +---------------- + +WIP: Link to `troubleshooting`_ related issues will be in the bottom of this section. + +.. _`troubleshooting`: https://github.com/Mailu/Mailu/issues?utf8=%E2%9C%93&q=label%3Afaq%2Ftroubleshooting diff --git a/docs/index.rst b/docs/index.rst index 5219145f..0a4aadff 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -44,6 +44,7 @@ the version of Mailu that you are running. general features + faq releases demo From b5693edc63ce11979459c204793a525b4dc57b05 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Sat, 13 Oct 2018 20:59:14 +0300 Subject: [PATCH 06/23] Include a doc section for external certbot --- docs/maintain.rst | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/docs/maintain.rst b/docs/maintain.rst index d570690e..ffb51a50 100644 --- a/docs/maintain.rst +++ b/docs/maintain.rst @@ -28,6 +28,33 @@ Logs are managed by Docker directly. You can easily read your logs using: Docker is able to forward logs to multiple log engines. Read the following documentation for details: https://docs.docker.com/engine/admin/logging/overview/. +.. _external_certs: + +Managing of external Let's encrypt certificates +----------------------------------------------- + +When you are not using the embedded ``letsencrypt`` option from Mailu, +you cannot make use of it's symlink functionality in the ``letsencrypt/live`` directory. +You should take care that after every renewal new certificates are copied to ``/mailu/certs`` and +the *nginx* process in the ``front`` container is reloaded. + +In the case of *certbot* you could write a script to be executed as `deploy hook`_. Example: + +.. code-block:: bash + + #!/bin/sh + cp /etc/letsencrypt/live/domain.com/privkey.pem /mailu/certs/key.pem || exit 1 + cp /etc/letsencrypt/live/domain.com/fullchain.pem /mailu/certs/cert.pem || exit 1 + docker exec mailu_front_1 nginx -s reload + +And the certbot command you will use in crontab would look something like: + +.. code-block:: bash + + 52 0,12 * * * root /usr/bin/certbot renew --deploy-hook /path/to/script.sh + +.. _`deploy hook`: https://certbot.eff.org/docs/using.html#renewing-certificates + Migrating an instance --------------------- From 13949554479383e09a184bac695e7e6e085350ab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Sat, 13 Oct 2018 21:13:09 +0300 Subject: [PATCH 07/23] FAQ about TLS issues --- docs/faq.rst | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 84 insertions(+), 3 deletions(-) diff --git a/docs/faq.rst b/docs/faq.rst index 8c5b5598..81d51b86 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -55,6 +55,7 @@ distribution requires a lot of effort. Mail servers are highly exposed to hackin open relay scanners, spam and malware distributors etc. We need to work in a safe way and have to prevent pushing out something quickly. +**TODO: Move the next section into the contributors part of docs** We currently maintain a strict work flow: #. Someone writes a solution and sends a pull request; @@ -65,8 +66,8 @@ We currently maintain a strict work flow: Please consider that this project is mostly developed in people their free time. We thank you for your understanding and patience. -I would to donate (for a feature) -````````````````````````````````` +I would like to donate (for a feature) +`````````````````````````````````````` Donations are welcome at the `patreon`_ account of the project lead. It will be used to pay for infra structure and project related costs. If there are leftovers, it will be distributed @@ -88,10 +89,90 @@ our ongoing `project management`_ discussion issue. Deployment related ------------------ - Technical issues ---------------- +Changes in .env don't propagate +``````````````````````````````` + +Variables are sent to the containers at creation time. This means you need to take the project +down and up again. A container restart is not sufficient. + +.. code-block:: bash + + docker-compose down && \ + docker-compose up -d + +*Issue reference:* `615`_, + +TLS certificate issues +`````````````````````` + +When there are issues with the TLS/SSL certificates, Mailu denies service on secure ports. +This is a security precaution. Symptoms are: + +- 403 browser errors; + +These issues are typically caused by four scenarios: + +#. ``TLS_FLAVOR=notls`` in ``.env``; +#. Certificates expired; +#. When ``TLS_FLAVOR=letsencrypt``, it might be that the *certbot* script is not capable of + obtaining the certificates for your domain. See `letsencrypt issues`_ +#. When ``TLS_FLAVOR=certs``, certificates are supposed to be copied to ``/mailu/certs``. + Using an external ``letsencrypt`` program, it tends to happen people copy the whole + ``letsencrypt/live`` directory containing symlinks. Symlinks do not resolve inside the + container and therefore it breaks the TLS implementation. + +letsencrypt issues +.................. + +In order to determine the exact problem on TLS / Let's encrypt issues, it might be helpful +to check the logs. + +.. code-block:: bash + + docker-compose logs front | less -R + docker-compose exec front less /var/log/letsencrypt/letsencrypt.log + +Common problems: + +- Port 80 not reachable from outside. +- Faulty DNS records: make sure that all ``HOSTNAMES`` have **A** (IPv4) and **AAAA** (IPv6) + records, pointing the the ``BIND_ADDRESS4`` and ``BIND_ADDRESS6``. +- DNS cache not yet expired. It might be that old / faulty DNS records are stuck in a cache + en-route to letsencrypt's server. The time this takes is set by the ``TTL`` field in the + records. You'll have to wait at least this time after changing the DNS entries. + Don't keep trying, as you might hit `rate-limits`_. + +.. _`rate-limits`: https://letsencrypt.org/docs/rate-limits/ + +Copying certificates +.................... + +As mentioned above, care must be taken not to copy symlinks to the ``/mailu/certs`` location. + +**The wrong way!:** + +.. code-block:: bash + + cp -r /etc/letsencrypt/live/domain.com /mailu/certs + +**The right way!:** + +.. code-block:: bash + + mkdir -p /mailu/certs + cp /etc/letsencrypt/live/domain.com/privkey.pem /mailu/certs/key.pem + cp /etc/letsencrypt/live/domain.com/fullchain.pem /mailu/certs/cert.pem + +See also :ref:`external_certs`. + +*Issue reference:* `426`_, `615`_. + + WIP: Link to `troubleshooting`_ related issues will be in the bottom of this section. +.. _`426`: https://github.com/Mailu/Mailu/issues/426 +.. _`615`: https://github.com/Mailu/Mailu/issues/615 .. _`troubleshooting`: https://github.com/Mailu/Mailu/issues?utf8=%E2%9C%93&q=label%3Afaq%2Ftroubleshooting From 3552c59ff33115d6880439814adfc8e62f9c378e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Mon, 22 Oct 2018 16:11:45 +0300 Subject: [PATCH 08/23] Insert ref link for FAQ, shortened title for display purposes --- docs/kubernetes/mailu/index.rst | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/kubernetes/mailu/index.rst b/docs/kubernetes/mailu/index.rst index ef12eb58..8f172179 100644 --- a/docs/kubernetes/mailu/index.rst +++ b/docs/kubernetes/mailu/index.rst @@ -1,5 +1,7 @@ -Install Mailu master on kubernetes -================================== +.. _kubernetes: + +Kubernetes setup +================ Prequisites ----------- From 7c1118df7d7d722af9f41b3127be7efa26cf9708 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Mon, 22 Oct 2018 16:14:54 +0300 Subject: [PATCH 09/23] Extending the FAQ --- docs/faq.rst | 104 +++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 101 insertions(+), 3 deletions(-) diff --git a/docs/faq.rst b/docs/faq.rst index 81d51b86..745c58f7 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -89,9 +89,80 @@ our ongoing `project management`_ discussion issue. Deployment related ------------------ +How does Mailu scale up? +```````````````````````` + +Recent works allow Mailu to be deployed in Docker Swarm and Kubernetes. +This means it can be scaled horizontally. For more information, refer to :ref:`kubernetes` +or the `Docker swarm howto`_. + +*Issue reference:* `165`_, `520`_. + +How to achieve HA / failover? +````````````````````````````` + +The mailboxes and databases for Mailu are kept on the host filesystem under ``$ROOT/``. +For making the **storage** highly available, all sorts of techniques can be used: + +- Local raid-1 +- btrfs in raid configuration +- Distributed network filesystems such as GlusterFS or CEPH + +Note that no storage HA solution can protect against incidental deletes or file corruptions. +Therefore it is advised to create backups on a regular base! + +A backup MX can be configured as **failover**. For this you need a separate server running +Mailu. On that server, your domains will need to be setup as "Relayed domains", pointing +to you main server. MX records for the mail domains with a higher priority number will have +to point to this server. Please be aware that a backup MX can act as a `spam magnet`_. + +For **service** HA, please see: `How does Mailu scale up?`_ + + +*Issue reference:* `177`_, `591`_. + +.. _`spam magnet`: https://blog.zensoftware.co.uk/2012/07/02/why-we-tend-to-recommend-not-having-a-secondary-mx-these-days/ + + +Can I run Mailu without host iptables? +`````````````````````````````````````` + +When disabling iptables in docker, its forwarding proxy process takes over. +This creates the situation that every incoming connection on port 25 seems to come from the +local network (docker's 172.17.x.x) and is accepted. This causes an open relay! + +For that reason we do **not** support deployment on Docker hosts without iptables. + +*Issue reference:* `332`_. + +How can I override settings? +```````````````````````````` + +Postfix, dovecot and Rspamd support overriding configuration files. Override files belong in +``$ROOT/overrides``. Please refer to the official documentation of those programs for the +correct syntax. The following file names will be taken as override configuration: + +- `Postfix`_ - ``postfix.cf``; +- `Dovecot`_ - ``dovecot.conf``; +- `Rspamd`_ - All files in the ``rspamd`` sub-directory. + +.. _`Postfix`: http://www.postfix.org/postconf.5.html +.. _`Dovecot`: https://wiki.dovecot.org/ConfigFile +.. _`Rspamd`: https://www.rspamd.com/doc/configuration/index.html + +.. _`Docker swarm howto`: https://github.com/Mailu/Mailu/tree/master/docs/swarm/master +.. _`165`: https://github.com/Mailu/Mailu/issues/165 +.. _`177`: https://github.com/Mailu/Mailu/issues/177 +.. _`332`: https://github.com/Mailu/Mailu/issues/332 +.. _`520`: https://github.com/Mailu/Mailu/issues/520 +.. _`591`: https://github.com/Mailu/Mailu/issues/591 + Technical issues ---------------- +In this section we are trying to cover the most common problems our users are having. +If your issue is not listed here, please consult issues with the `troubleshooting tag`_. + Changes in .env don't propagate ``````````````````````````````` @@ -103,7 +174,7 @@ down and up again. A container restart is not sufficient. docker-compose down && \ docker-compose up -d -*Issue reference:* `615`_, +*Issue reference:* `615`_. TLS certificate issues `````````````````````` @@ -170,9 +241,36 @@ See also :ref:`external_certs`. *Issue reference:* `426`_, `615`_. +Do you support Fail2Ban? +```````````````````````` +Fail2Ban is not included in Mailu. Fail2Ban needs to modify the host's IP tables in order to +ban the addresses. We consider such a program should be run on the host system and not +inside a container. The ``front`` container does use authentication rate limiting to slow +down brute force attacks. -WIP: Link to `troubleshooting`_ related issues will be in the bottom of this section. +We *do* provide a possibility to export the logs from the ``front`` service to the host. +For this you need to set ``LOG_DRIVER=journald`` or ``syslog``, depending on the log +manager of the host. You will need to setup the proper Regex in the Fail2Ban configuration. +Be aware that webmail authentication appears to come form the Docker network, +so don't ban those addresses! +*Issue reference:* `85`_, `116`_, `171`_, `584`_, `592`_. + +Users can't change their password from webmail +`````````````````````````````````````````````` + +All users have the abilty to login to the admin interface. Non-admin users +have only restricted funtionality such as changing their password and the +spam filter weight settings. + +*Issue reference:* `503`_. + +.. _`troubleshooting tag`: https://github.com/Mailu/Mailu/issues?utf8=%E2%9C%93&q=label%3Afaq%2Ftroubleshooting +.. _`85`: https://github.com/Mailu/Mailu/issues/85 +.. _`116`: https://github.com/Mailu/Mailu/issues/116 +.. _`171`: https://github.com/Mailu/Mailu/issues/171 .. _`426`: https://github.com/Mailu/Mailu/issues/426 +.. _`503`: https://github.com/Mailu/Mailu/issues/503 +.. _`584`: https://github.com/Mailu/Mailu/issues/584 +.. _`592`: https://github.com/Mailu/Mailu/issues/592 .. _`615`: https://github.com/Mailu/Mailu/issues/615 -.. _`troubleshooting`: https://github.com/Mailu/Mailu/issues?utf8=%E2%9C%93&q=label%3Afaq%2Ftroubleshooting From 76e95bd5850e04018654dcc954dbffbd4169768c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20S=C3=A4nger?= Date: Mon, 22 Oct 2018 21:05:55 +0300 Subject: [PATCH 10/23] Fix typo Co-Authored-By: muhlemmer --- docs/faq.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.rst b/docs/faq.rst index 745c58f7..5d6d9c1b 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -59,7 +59,7 @@ have to prevent pushing out something quickly. We currently maintain a strict work flow: #. Someone writes a solution and sends a pull request; -#. We use Travis-CI fore some very basic building and testing; +#. We use Travis-CI for some very basic building and testing; #. The pull request needs to be code-reviewed and tested by at least two members from the contributors team. From 40d8e657627a64b3aa8c45784533bc97d4ede69c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 23 Oct 2018 12:22:36 +0300 Subject: [PATCH 11/23] Revert docker-compose to latest upstream version --- docs/compose/docker-compose.yml | 51 --------------------------------- 1 file changed, 51 deletions(-) diff --git a/docs/compose/docker-compose.yml b/docs/compose/docker-compose.yml index 7e2ac486..b8d15587 100644 --- a/docs/compose/docker-compose.yml +++ b/docs/compose/docker-compose.yml @@ -29,27 +29,12 @@ services: - "$BIND_ADDRESS6:587:587" volumes: - "$ROOT/certs:/certs" - depends_on: - - unbound - dns: - - 10.177.20.254 - - unbound: - image: mailu/unbound:$VERSION - restart: always - networks: - default: - ipv4_address: 10.177.20.254 redis: image: redis:alpine restart: always volumes: - "$ROOT/redis:/data" - dns: - - 10.177.20.254 - depends_on: - - unbound imap: image: mailu/dovecot:$VERSION @@ -60,9 +45,6 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front - - unbound - dns: - - 10.177.20.254 smtp: image: mailu/postfix:$VERSION @@ -72,9 +54,6 @@ services: - "$ROOT/overrides:/overrides" depends_on: - front - - unbound - dns: - - 10.177.20.254 antispam: image: mailu/rspamd:$VERSION @@ -86,9 +65,6 @@ services: - "$ROOT/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front - - unbound - dns: - - 10.177.20.254 antivirus: image: mailu/$ANTIVIRUS:$VERSION @@ -96,10 +72,6 @@ services: env_file: .env volumes: - "$ROOT/filter:/data" - depends_on: - - unbound - dns: - - 10.177.20.254 webdav: image: mailu/$WEBDAV:$VERSION @@ -107,10 +79,6 @@ services: env_file: .env volumes: - "$ROOT/dav:/data" - depends_on: - - unbound - dns: - - 10.177.20.254 admin: image: mailu/admin:$VERSION @@ -122,9 +90,6 @@ services: - /var/run/docker.sock:/var/run/docker.sock:ro depends_on: - redis - - unbound - dns: - - 10.177.20.254 webmail: image: "mailu/$WEBMAIL:$VERSION" @@ -134,24 +99,8 @@ services: - "$ROOT/webmail:/data" depends_on: - imap - - unbound - dns: - - 10.177.20.254 fetchmail: image: mailu/fetchmail:$VERSION restart: always env_file: .env - depends_on: - - unbound - dns: - - 10.177.20.254 - -networks: - default: - driver: bridge - ipam: - driver: default - config: - - subnet: 10.177.20.0/24 - From 9412c8e1e9ca51214121b9fc0b9d0fd499026b57 Mon Sep 17 00:00:00 2001 From: hoellen Date: Tue, 23 Oct 2018 13:52:43 +0300 Subject: [PATCH 12/23] Correct spelling error Co-Authored-By: muhlemmer --- docs/faq.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/faq.rst b/docs/faq.rst index 5d6d9c1b..395b739c 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -251,7 +251,7 @@ down brute force attacks. We *do* provide a possibility to export the logs from the ``front`` service to the host. For this you need to set ``LOG_DRIVER=journald`` or ``syslog``, depending on the log manager of the host. You will need to setup the proper Regex in the Fail2Ban configuration. -Be aware that webmail authentication appears to come form the Docker network, +Be aware that webmail authentication appears to come from the Docker network, so don't ban those addresses! *Issue reference:* `85`_, `116`_, `171`_, `584`_, `592`_. From bcfce27ee2beb735049d4597786b3354930cb771 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 23 Oct 2018 15:07:49 +0300 Subject: [PATCH 13/23] Standarize unbound, prepare for setup inclusion - Use jinja template for configuration file (start.py) - Limit access to the Mailu subnet - Implement health checks --- core/unbound/Dockerfile | 14 -------------- services/unbound/Dockerfile | 18 ++++++++++++++++++ services/unbound/start.py | 9 +++++++++ {core => services}/unbound/unbound.conf | 4 ++-- tests/build.yml | 4 ++-- 5 files changed, 31 insertions(+), 18 deletions(-) delete mode 100644 core/unbound/Dockerfile create mode 100644 services/unbound/Dockerfile create mode 100755 services/unbound/start.py rename {core => services}/unbound/unbound.conf (86%) diff --git a/core/unbound/Dockerfile b/core/unbound/Dockerfile deleted file mode 100644 index 3c7f0e7a..00000000 --- a/core/unbound/Dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM alpine:3.8 - -RUN apk add --no-cache unbound curl \ - && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ - && chown root:unbound /etc/unbound \ - && chmod 775 /etc/unbound \ - && apk del --no-cache curl \ - && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true - -COPY unbound.conf /etc/unbound/unbound.conf - -EXPOSE 53/udp 53/tcp - -CMD /usr/sbin/unbound diff --git a/services/unbound/Dockerfile b/services/unbound/Dockerfile new file mode 100644 index 00000000..1b84855c --- /dev/null +++ b/services/unbound/Dockerfile @@ -0,0 +1,18 @@ +FROM python:3-alpine + +RUN apk add --no-cache unbound curl bind-tools \ + && pip3 install jinja2 \ + && curl -o /etc/unbound/root.hints https://www.internic.net/domain/named.cache \ + && chown root:unbound /etc/unbound \ + && chmod 775 /etc/unbound \ + && apk del --no-cache curl \ + && /usr/sbin/unbound-anchor -a /etc/unbound/trusted-key.key | true + +COPY start.py /start.py +COPY unbound.conf /unbound.conf + +EXPOSE 53/udp 53/tcp + +CMD /start.py + +HEALTHCHECK CMD dig @127.0.0.1 || exit 1 diff --git a/services/unbound/start.py b/services/unbound/start.py new file mode 100755 index 00000000..82e017f7 --- /dev/null +++ b/services/unbound/start.py @@ -0,0 +1,9 @@ +#!/usr/local/bin/python3 + +import jinja2 +import os + +convert = lambda src, dst: open(dst, "w").write(jinja2.Template(open(src).read()).render(**os.environ)) +convert("/unbound.conf", "/etc/unbound/unbound.conf") + +os.execv("/usr/sbin/unbound", ["-c /etc/unbound/unbound.conf"]) diff --git a/core/unbound/unbound.conf b/services/unbound/unbound.conf similarity index 86% rename from core/unbound/unbound.conf rename to services/unbound/unbound.conf index d2d9ce74..d54cbfbc 100644 --- a/core/unbound/unbound.conf +++ b/services/unbound/unbound.conf @@ -8,9 +8,9 @@ server: do-udp: yes do-tcp: yes do-daemonize: no - access-control: 0.0.0.0/0 allow + access-control: {{ SUBNET }} allow directory: "/etc/unbound" - username: unbound + username: root auto-trust-anchor-file: trusted-key.key root-hints: "/etc/unbound/root.hints" hide-identity: yes diff --git a/tests/build.yml b/tests/build.yml index 00323151..8a5cd540 100644 --- a/tests/build.yml +++ b/tests/build.yml @@ -6,8 +6,8 @@ services: image: ${DOCKER_ORG:-mailu}/nginx:${VERSION:-local} build: ../core/nginx - unbound: - image: $DOCKER_ORG/unbound:$VERSION + resolver: + image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local} build: ../core/unbound imap: From 7c07efc216138eb4d7402c530e8f4173787ccf53 Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 15:42:19 +0300 Subject: [PATCH 14/23] Added unbound to setup - Added checkbox for unbound resolver - Added subnet variable - Added dns variable which is generating the ip address based on subnet --- setup/flavors/compose/docker-compose.yml | 44 ++++++++++++++++++++ setup/flavors/compose/mailu.env | 3 ++ setup/server.py | 2 + setup/templates/steps/compose/03_expose.html | 13 ++++++ setup/templates/steps/stack/03_expose.html | 3 +- 5 files changed, 64 insertions(+), 1 deletion(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index b01bb8fd..4fef7468 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -28,6 +28,15 @@ services: {% endfor %} volumes: - "{{ root }}/certs:/certs" + + {% if resolver_enabled %} + resolver: + image: mailu/resolver:{{ version }} + restart: always + networks: + default: + ipv4_address: {{ dns }} + {% endif %} admin: image: mailu/admin:{{ version }} @@ -58,6 +67,11 @@ services: - "{{ root }}/overrides:/overrides" depends_on: - front + {% if resolver_enabled %} + - resolver + dns: + - {{ dns }} + {% endif %} # Optional services {% if antispam_enabled %} @@ -70,6 +84,11 @@ services: - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d" depends_on: - front + {% if resolver_enabled %} + - resolver + dns: + - {{ dns }} + {% endif %} {% endif %} {% if antivirus_enabled %} @@ -78,6 +97,12 @@ services: env_file: {{ env }} volumes: - "{{ root }}/filter:/data" + {% if resolver_enabled %} + depends_on: + - resolver + dns: + - {{ dns }} + {% endif %} {% endif %} {% if webdav_enabled %} @@ -92,6 +117,12 @@ services: fetchmail: image: mailu/fetchmail:{{ version }} env_file: {{ env }} + {% if resolver_enabled %} + depends_on: + - resolver + dns: + - {{ dns }} + {% endif %} {% endif %} # Webmail @@ -103,4 +134,17 @@ services: - "{{ root }}/webmail:/data" depends_on: - imap + - resolver + dns: + - {{ dns }} {% endif %} + +{% if resolver_enabled %} +networks: + default: + driver: bridge + ipam: + driver: default + config: + - subnet: {{ subnet }} +{% endif %} diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 9fc1197d..425f4cad 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -25,6 +25,9 @@ SECRET_KEY={{ secret(16) }} # PUBLIC_IPV4= {{ bind4 }} (default: 127.0.0.1) # PUBLIC_IPV6= {{ bind6 }} (default: ::1) +# Subnet +# SUBNET={{ subnet }} + # Main mail domain DOMAIN={{ domain }} diff --git a/setup/server.py b/setup/server.py index bfe5ef15..6f60c3c0 100644 --- a/setup/server.py +++ b/setup/server.py @@ -7,6 +7,7 @@ import jinja2 import uuid import string import random +import ipaddress app = flask.Flask(__name__) @@ -75,6 +76,7 @@ def build_app(path): def submit(): data = flask.request.form.copy() data['uid'] = str(uuid.uuid4()) + data['dns'] = str(ipaddress.IPv4Network(data['subnet'])[-2]) db.set(data['uid'], json.dumps(data)) return flask.redirect(flask.url_for('.setup', uid=data['uid'])) diff --git a/setup/templates/steps/compose/03_expose.html b/setup/templates/steps/compose/03_expose.html index df121c7d..783c2037 100644 --- a/setup/templates/steps/compose/03_expose.html +++ b/setup/templates/steps/compose/03_expose.html @@ -26,6 +26,19 @@ avoid generic all-interfaces addresses like 0.0.0.0 or :: +
+ +
+ +
+ + +
+

You server will be available under a main hostname but may expose multiple public hostnames. Every e-mail domain that points to this server must have one of the hostnames in its MX record. Hostnames must be coma-separated.

diff --git a/setup/templates/steps/stack/03_expose.html b/setup/templates/steps/stack/03_expose.html index a9cffc1c..1cd0cde5 100644 --- a/setup/templates/steps/stack/03_expose.html +++ b/setup/templates/steps/stack/03_expose.html @@ -5,7 +5,8 @@ you expose it to the world.

- +

You server will be available under a main hostname but may expose multiple public From da37555a3c6af23a28237bf8ba9da7ff34ed5529 Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 15:46:53 +0300 Subject: [PATCH 15/23] Fixed naming error --- setup/flavors/compose/docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 4fef7468..630531fe 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -31,7 +31,7 @@ services: {% if resolver_enabled %} resolver: - image: mailu/resolver:{{ version }} + image: mailu/unbound:{{ version }} restart: always networks: default: From 12d8872a0950173fed22050eb1baad3786f0e3f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Tue, 23 Oct 2018 16:09:59 +0300 Subject: [PATCH 16/23] Fix unbound build path --- tests/build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/build.yml b/tests/build.yml index 8a5cd540..ed5b75fe 100644 --- a/tests/build.yml +++ b/tests/build.yml @@ -8,7 +8,7 @@ services: resolver: image: ${DOCKER_ORG:-mailu}/unbound:${VERSION:-local} - build: ../core/unbound + build: ../services/unbound imap: image: ${DOCKER_ORG:-mailu}/dovecot:${VERSION:-local} From 6c12e2fffb9990dec70fdbc650245d78796b282c Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 16:39:22 +0300 Subject: [PATCH 17/23] Fixed subnet variable in unbound --- setup/flavors/compose/docker-compose.yml | 1 + setup/flavors/compose/mailu.env | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 630531fe..e6b64077 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -32,6 +32,7 @@ services: {% if resolver_enabled %} resolver: image: mailu/unbound:{{ version }} + env_file: {{ env }} restart: always networks: default: diff --git a/setup/flavors/compose/mailu.env b/setup/flavors/compose/mailu.env index 425f4cad..4a14de63 100644 --- a/setup/flavors/compose/mailu.env +++ b/setup/flavors/compose/mailu.env @@ -26,7 +26,7 @@ SECRET_KEY={{ secret(16) }} # PUBLIC_IPV6= {{ bind6 }} (default: ::1) # Subnet -# SUBNET={{ subnet }} +SUBNET={{ subnet }} # Main mail domain DOMAIN={{ domain }} From 120c29eff603850d8bb9573df1ddbc8edc4a56b5 Mon Sep 17 00:00:00 2001 From: Ionut Filip Date: Tue, 23 Oct 2018 17:46:06 +0300 Subject: [PATCH 18/23] Added unbound for stack flavor --- setup/flavors/compose/docker-compose.yml | 4 ++-- setup/flavors/stack/docker-compose.yml | 25 ++++++++++++++++++++++ setup/templates/steps/stack/03_expose.html | 7 ++++++ 3 files changed, 34 insertions(+), 2 deletions(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index e6b64077..50fd1705 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -29,7 +29,7 @@ services: volumes: - "{{ root }}/certs:/certs" - {% if resolver_enabled %} + {% if resolver_enabled %} resolver: image: mailu/unbound:{{ version }} env_file: {{ env }} @@ -68,7 +68,7 @@ services: - "{{ root }}/overrides:/overrides" depends_on: - front - {% if resolver_enabled %} + {% if resolver_enabled %} - resolver dns: - {{ dns }} diff --git a/setup/flavors/stack/docker-compose.yml b/setup/flavors/stack/docker-compose.yml index f27b661f..b9537e94 100644 --- a/setup/flavors/stack/docker-compose.yml +++ b/setup/flavors/stack/docker-compose.yml @@ -28,6 +28,15 @@ services: - "{{ root }}/certs:/certs" deploy: replicas: 1 + + {% if resolver_enabled %} + resolver: + image: mailu/unbound:{{ version }} + env_file: {{ env }} + networks: + default: + ipv4_address: {{ dns }} + {% endif %} admin: image: mailu/admin:{{ version }} @@ -63,6 +72,10 @@ services: - "{{ root }}/overrides:/overrides" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} # Optional services {% if antispam_enabled %} @@ -77,6 +90,10 @@ services: - "{{ root }}/overrides/rspamd:/etc/rspamd/override.d" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} {% endif %} {% if antivirus_enabled %} @@ -87,6 +104,10 @@ services: - "{{ root }}/filter:/data" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} {% endif %} {% if webdav_enabled %} @@ -107,6 +128,10 @@ services: - "{{ root }}/data:/data" deploy: replicas: 1 + {% if resolver_enabled %} + dns: + - {{ dns }} + {% endif %} {% endif %} {% if webmail_type != 'none' %} diff --git a/setup/templates/steps/stack/03_expose.html b/setup/templates/steps/stack/03_expose.html index 1cd0cde5..d47390be 100644 --- a/setup/templates/steps/stack/03_expose.html +++ b/setup/templates/steps/stack/03_expose.html @@ -3,6 +3,13 @@ and let users access their mailboxes. Mailu has some flexibility in the way you expose it to the world.

+
+ +
+
Date: Tue, 23 Oct 2018 10:47:31 -0500 Subject: [PATCH 19/23] Fix typo (duplicate self). Fixes #683 --- core/admin/mailu/models.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 3653011f..62c25c81 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -271,7 +271,7 @@ class User(Base, Email): @property def destination(self): if self.forward_enabled: - result = self.self.forward_destination + result = self.forward_destination if self.forward_keep: result += ',' + self.email return result From b8783b670aa6a299047f280c0c272b68905cbb62 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Wed, 24 Oct 2018 12:18:03 +0300 Subject: [PATCH 20/23] Take out DNS entry for webmail --- setup/flavors/compose/docker-compose.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/setup/flavors/compose/docker-compose.yml b/setup/flavors/compose/docker-compose.yml index 50fd1705..81b6bcb2 100644 --- a/setup/flavors/compose/docker-compose.yml +++ b/setup/flavors/compose/docker-compose.yml @@ -135,9 +135,6 @@ services: - "{{ root }}/webmail:/data" depends_on: - imap - - resolver - dns: - - {{ dns }} {% endif %} {% if resolver_enabled %} From fd3a9448500bf6aea4686583d104473e3f96911e Mon Sep 17 00:00:00 2001 From: hoellen Date: Thu, 25 Oct 2018 13:04:40 +0200 Subject: [PATCH 21/23] fix typo in doc --- docs/cli.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cli.rst b/docs/cli.rst index 4a5250a2..038f1247 100644 --- a/docs/cli.rst +++ b/docs/cli.rst @@ -39,7 +39,7 @@ primary difference with simple `user` command is that password is being imported .. code-block:: bash - docker-compose run --rm admin python manage.py user --hash_scheme='SHA512-CRYPT' myuser example.net '$6$51ebe0cb9f1dab48effa2a0ad8660cb489b445936b9ffd812a0b8f46bca66dd549fea530ce' + docker-compose run --rm admin python manage.py user_import --hash_scheme='SHA512-CRYPT' myuser example.net '$6$51ebe0cb9f1dab48effa2a0ad8660cb489b445936b9ffd812a0b8f46bca66dd549fea530ce' user_delete ------------ From 2237e641b04726c1482fc87becd260ed4c374e77 Mon Sep 17 00:00:00 2001 From: Daniel Huber Date: Sun, 28 Oct 2018 12:26:14 +0100 Subject: [PATCH 22/23] Fix Typo in K8s Docs --- docs/kubernetes/mailu/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/kubernetes/mailu/index.rst b/docs/kubernetes/mailu/index.rst index ef12eb58..99abd8b1 100644 --- a/docs/kubernetes/mailu/index.rst +++ b/docs/kubernetes/mailu/index.rst @@ -189,5 +189,5 @@ This problem can be easily fixed by running following commands: .. code:: bash - kubectl -n mailu-mailserver exec -it maolu-imap-... /bin/sh + kubectl -n mailu-mailserver exec -it mailu-imap-... /bin/sh chmod 777 /data/main.db From 7125077dec76cd5a9e3f1d4d1d03e2100c96cd1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20S=C3=A4nger?= Date: Mon, 29 Oct 2018 01:41:04 +0100 Subject: [PATCH 23/23] Update roundcube --- webmails/roundcube/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/webmails/roundcube/Dockerfile b/webmails/roundcube/Dockerfile index 6250e6df..69e0f334 100644 --- a/webmails/roundcube/Dockerfile +++ b/webmails/roundcube/Dockerfile @@ -1,6 +1,6 @@ FROM php:7.2-apache -ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.3.7/roundcubemail-1.3.7-complete.tar.gz +ENV ROUNDCUBE_URL https://github.com/roundcube/roundcubemail/releases/download/1.3.8/roundcubemail-1.3.8-complete.tar.gz RUN apt-get update && apt-get install -y \ zlib1g-dev curl \