Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
docker_notes:docker-mailserver [2024-05-04 Sat wk18 10:16] – [nftables] baumkpdocker_notes:docker-mailserver [2024-08-14 Wed wk33 20:50] (current) – [postfix] baumkp
Line 1: Line 1:
 {{tag>linux docker mail mailserver Alpine dovecot postfix sqlite s6 s6-rc}} {{tag>linux docker mail mailserver Alpine dovecot postfix sqlite s6 s6-rc}}
 ======Docker mailserver====== ======Docker mailserver======
-This mailserver setup follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]].  Key changes are that instead of installing on Debian 11 virtual machine<sup>1</sup>, with a Maria mysql database<sup>2</sup>, this setup is for installation on latest Alpine linux Docker image with s6-rc init using sqlite database.+This mailserver setup follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]].  Key changes are that instead of installing on Debian 11 virtual machine<sup>1</sup>, with a Maria mysql database<sup>2</sup>, this setup is for installation on latest Alpine linux Docker image with s6-rc init using maria database.  I toyed with sqlite and basically got it functional, however the support apps do not function with sqlite.
  
 //As this follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]], significant amounts of text have been copied and generally modified from there. **I hereby credit Workaround's author Christoph Haas.**  Furthermore Christoph's guide is very descriptive and should be referenced to get a better understanding of how to put together a mailserver.// //As this follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]], significant amounts of text have been copied and generally modified from there. **I hereby credit Workaround's author Christoph Haas.**  Furthermore Christoph's guide is very descriptive and should be referenced to get a better understanding of how to put together a mailserver.//
  
-<fc #ff0000>**The notes here are my current working attempt to get an Alpine s6-rc Docker implementation of Postfix and Dovecot, with sqlite based mail server functional and are currently incomplete.** 
-</fc>  
   - Use of virtual machines is much more common these days than base metal for applications. However Workarounds Debian email server could be loaded on base metal.   - Use of virtual machines is much more common these days than base metal for applications. However Workarounds Debian email server could be loaded on base metal.
   - The database requirements for a small mailserver with a few dozen domains, with each domain having hundreds of emails and aliases is well within the capacity of the sqlite database. The use of a full multi user server / client relational database is not necessary, particularly for a Docker based server implementation. See [[https://www.digitalocean.com/community/tutorials/sqlite-vs-mysql-vs-postgresql-a-comparison-of-relational-database-management-systems|SQLite vs MySQL vs PostgreSQL: A Comparison Of Relational Database Management Systems]]   - The database requirements for a small mailserver with a few dozen domains, with each domain having hundreds of emails and aliases is well within the capacity of the sqlite database. The use of a full multi user server / client relational database is not necessary, particularly for a Docker based server implementation. See [[https://www.digitalocean.com/community/tutorials/sqlite-vs-mysql-vs-postgresql-a-comparison-of-relational-database-management-systems|SQLite vs MySQL vs PostgreSQL: A Comparison Of Relational Database Management Systems]]
 +
 +<fc #008000>I got the Docker emailer server functional mid 2023.  It still needs some more work. I recently went through and clean up some non-fatal errors in the configuration that were showing in the logs, mid 2024.  Currently I run the mail server 2 containers, I would rather have it all in one container.  The email server could also have some more optimisations performed.
 +</fc>
 =====Dockerfile===== =====Dockerfile=====
 I go annoyed with the messy UID and GID and found this reference to attempt to standardise upon.  <fc #ffa500>//Sadly there seems to be no comprehensive standard!//</fc> I go annoyed with the messy UID and GID and found this reference to attempt to standardise upon.  <fc #ffa500>//Sadly there seems to be no comprehensive standard!//</fc>
Line 250: Line 251:
 <code>/ # postconf mail_version <code>/ # postconf mail_version
 mail_version = 3.7.4</code> mail_version = 3.7.4</code>
 +  *''postconf -d''  to print default parameters
 +  *''postconf -n''  to print parameters specifically changed in main.cf
  
 ====Making Postfix get its information from the sqlite database==== ====Making Postfix get its information from the sqlite database====
Line 311: Line 314:
   *''postfix stop'' to stop postfix   *''postfix stop'' to stop postfix
   *''postfix reload'' to reload configuration   *''postfix reload'' to reload configuration
-  *''pstfix status'' to return current postfix operating status+  *''postfix status'' to return current postfix operating status
 It looks a shell script is used to control Postfix, in Alpine is is located ++here|/usr/libexec/postfix/postfix-script++ It looks a shell script is used to control Postfix, in Alpine is is located ++here|/usr/libexec/postfix/postfix-script++
  
Line 350: Line 353:
 Alpine posfix would seem to be setup to use postlogd, as master.cf has the following line already configured:  ''%%postlog   unix-dgram n  -                         postlogd%%''. Hence the following does not need to be used: ''%%/bin/echo 'postlog   unix-dgram n  -                         postlogd' >> '/etc/postfix/master.cf'%%'' Alpine posfix would seem to be setup to use postlogd, as master.cf has the following line already configured:  ''%%postlog   unix-dgram n  -                         postlogd%%''. Hence the following does not need to be used: ''%%/bin/echo 'postlog   unix-dgram n  -                         postlogd' >> '/etc/postfix/master.cf'%%''
  
 +The ''postfix.log'' warning "postfix/postfix-script[228]: warning: group or other writable: /etc/postfix/./master.cf"  is probably as the noted file has been setup using a symlink.  As it is a warning only no further concern.
 ====/etc/postfix/aliases==== ====/etc/postfix/aliases====
 I get an error when recreating the container; "error: open database /etc/postfix/aliases.lmdb: No such file or directory"  The postfix command recreates the missing/corupt aliases.lmdb file; ''newaliases''.I added this to my Docker container startup script.  This solved the problem, but not sure if this is the right way to do this. I get an error when recreating the container; "error: open database /etc/postfix/aliases.lmdb: No such file or directory"  The postfix command recreates the missing/corupt aliases.lmdb file; ''newaliases''.I added this to my Docker container startup script.  This solved the problem, but not sure if this is the right way to do this.
Line 370: Line 374:
 <code>/ # dovecot --version <code>/ # dovecot --version
 2.3.20 (80a5ac675d) </code> 2.3.20 (80a5ac675d) </code>
 +  *''doveconf -d''  to print default parameters
 +  *''doveconf -n''  to print parameters specifically changed in main.cf
  
 ====dovecot database configuration and testing==== ====dovecot database configuration and testing====
Line 480: Line 486:
 ====dovecot testing with mutt==== ====dovecot testing with mutt====
 Workaround suggests the following command to be used to test: ''%%mutt -f imaps://john@example.org@webmail.example.org%%''  The webmail.example.org simple made no sense to me and did not function with error ''Could not find the host "webmail.example.org"'' As I am creating this in Docker and separately taking the certificates from Traefik, this mailserver simple is not linked in a anyway with a webserver!  The webservers for the database access and webmail are totally separate containers.  The "simple" solution was to use "localhost" from within the mailserver docker container, e.g. ''%%mutt -f imaps://john@example.org@localhost%%''.   Workaround suggests the following command to be used to test: ''%%mutt -f imaps://john@example.org@webmail.example.org%%''  The webmail.example.org simple made no sense to me and did not function with error ''Could not find the host "webmail.example.org"'' As I am creating this in Docker and separately taking the certificates from Traefik, this mailserver simple is not linked in a anyway with a webserver!  The webservers for the database access and webmail are totally separate containers.  The "simple" solution was to use "localhost" from within the mailserver docker container, e.g. ''%%mutt -f imaps://john@example.org@localhost%%''.  
 +
 +====dovecot ssl_dh====
 +
 +I was getting the following error coming up occasionally in my Dovecot log file, "May 25 12:16:05 imap-login: Error: Diffie-Hellman key exchange requested, but no DH parameters provided. Set ssl_dh=</path/to/dh.pem". To help resolve this error I set up the ssl_dh parameter in 10-ssl.conf, see [[https://doc.dovecot.org/configuration_manual/dovecot_ssl_configuration/#id8|Dovecot SSL configuration]] for instructions.  The creation of the dh.pem was taking so long on the server that I stopped and created on the desktop, it was much faster.  I then simply text copied to the server.
  
 ====dovecot logging==== ====dovecot logging====
Line 506: Line 516:
  
 =====Certificates SSL/TSL===== =====Certificates SSL/TSL=====
-Early on, before 2015 there were not many free SSL certificate providers. I used StartSSL for a free certificate.  They would purchased by a company that managed to get their certificate deregister...... So StartSSL basically became non-usable circa 2017.  Fourtunately a better solution came about a year or 2 earlier called LetsEncrypt. This could be used with certbot to get free certificates and eventually free wildcard certificates. Then came Traefik which handled certificates +Early on, before 2015 there were not many free SSL certificate providers. I used StartSSL for a free certificate.  They would purchased by a company that managed to get their certificate deregister...... So StartSSL basically became non-usable circa 2017.  Fourtunately a better solution came about a year or 2 earlier called LetsEncrypt. This could be used with certbot to get free certificates and eventually free wildcard certificates. Then came Traefik which handled certificates.
 =====apache2===== =====apache2=====
 Alpine apk apache2 distribution seems to follow the Red Hat setup style. The daemon is httpd instead of apache2.  So I need to learn a new setup. Alpine apk apache2 distribution seems to follow the Red Hat setup style. The daemon is httpd instead of apache2.  So I need to learn a new setup.
Line 602: Line 612:
     * https://wiki.nginx.org/QuickStart     * https://wiki.nginx.org/QuickStart
     * https://wiki.nginx.org/Configuration     * https://wiki.nginx.org/Configuration
 +
 +Places to change php version number:
 +  *In the Docker file us the variable ''ARG PHPVERION=82''
 +  *All the /php82/ paths in the pre_start_script.sh, ''.config_php/scripts/pre_start_script.sh''
 +  *The php-fpm82 reference in ''.config_php/s6-rc.d/php-fpm/run''
 +  *''.config_php/etc/php/php-fpm.conf'' change the following /php82/ path references:
 +    *''error_log = log/php82/error.log''
 +    *''include=/etc/php82/php-fpm.d/*.conf''
  
 ===Reference=== ===Reference===
Line 828: Line 846:
  
 =====Mailserver testing from CLI===== =====Mailserver testing from CLI=====
-''telnet mail.kptree.net 25'' Tests the main SMPT mail server connectivity. Port 25 is also designated smtp. +  *''telnet mail.kptree.net 25'' Tests the main SMPT mail server connectivity. Port 25 is also designated smtp. 
-''telnet mail.kptree.net 587'' Tests the mail client SMPT server connectivity.  Port 25 is also designated submission. +  *''telnet mail.kptree.net 587'' Tests the mail client SMPT server connectivity.  Port 25 is also designated submission. 
-''telnet mail.kptree.net imap'' Tests the mail client imap server connectivity.  The designation imap is port 143.+  *''telnet mail.kptree.net imap'' Tests the mail client imap server connectivity.  The designation imap is port 143.
  
 The mailserver exit control character is '^]' or control key ]. The mailserver exit control character is '^]' or control key ].
 The SMTP and mailserver exit control character is '^]' or control key ]. The SMTP and mailserver exit control character is '^]' or control key ].
 +
 +=====Errors=====
 +<code>Temporary lookup failure.
 +Please check the message recipient "admin@kptree.net" and try again.</code>
 +[[https://serverfault.com/questions/506347/postfix-temporary-lookup-failure]]
 +[[https://serverfault.com/questions/745545/postfix-rcpt-to-temporary-lookup-failure]]
 +
 =====References===== =====References=====
   *Workaround.org [[https://workaround.org/ispmail/bullseye/|ISPmail guide for Debian 11 “Bullseye”]]   *Workaround.org [[https://workaround.org/ispmail/bullseye/|ISPmail guide for Debian 11 “Bullseye”]]