Both sides previous revision Previous revision Next revision | Previous revision |
docker_notes:docker-mailserver [2024-01-08 Mon wk02 20:33] – [alias] baumkp | docker_notes:docker-mailserver [2024-05-19 Sun wk20 19:23] (current) – [Certificates SSL/TSL] baumkp |
---|
{{tag>linux docker mail mailserver Alpine dovecot postfix sqlite s6 s6-rc}} | {{tag>linux docker mail mailserver Alpine dovecot postfix sqlite s6 s6-rc}} |
======Docker mailserver====== | ======Docker mailserver====== |
This mailserver setup follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]]. Key changes are that instead of installing on Debian 11 virtual machine<sup>1</sup>, with a Maria mysql database<sup>2</sup>, this setup is for installation on latest Alpine linux Docker image with s6-rc init using sqlite database. | This mailserver setup follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]]. Key changes are that instead of installing on Debian 11 virtual machine<sup>1</sup>, with a Maria mysql database<sup>2</sup>, this setup is for installation on latest Alpine linux Docker image with s6-rc init using maria database. I toyed with sqlite and basically got it functional, however the support apps do not function with sqlite. |
| |
//As this follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]], significant amounts of text have been copied and generally modified from there. **I hereby credit Workaround's author Christoph Haas.** Furthermore Christoph's guide is very descriptive and should be referenced to get a better understanding of how to put together a mailserver.// | //As this follows Workaround's [[https://workaround.org/ispmail-bookworm/|SPmail guide for Debian 12 “Bookworm”]], significant amounts of text have been copied and generally modified from there. **I hereby credit Workaround's author Christoph Haas.** Furthermore Christoph's guide is very descriptive and should be referenced to get a better understanding of how to put together a mailserver.// |
| |
<fc #ff0000>**The notes here are my current working attempt to get an Alpine s6-rc Docker implementation of Postfix and Dovecot, with sqlite based mail server functional and are currently incomplete.** | |
</fc> | |
- Use of virtual machines is much more common these days than base metal for applications. However Workarounds Debian email server could be loaded on base metal. | - Use of virtual machines is much more common these days than base metal for applications. However Workarounds Debian email server could be loaded on base metal. |
- The database requirements for a small mailserver with a few dozen domains, with each domain having hundreds of emails and aliases is well within the capacity of the sqlite database. The use of a full multi user server / client relational database is not necessary, particularly for a Docker based server implementation. See [[https://www.digitalocean.com/community/tutorials/sqlite-vs-mysql-vs-postgresql-a-comparison-of-relational-database-management-systems|SQLite vs MySQL vs PostgreSQL: A Comparison Of Relational Database Management Systems]] | - The database requirements for a small mailserver with a few dozen domains, with each domain having hundreds of emails and aliases is well within the capacity of the sqlite database. The use of a full multi user server / client relational database is not necessary, particularly for a Docker based server implementation. See [[https://www.digitalocean.com/community/tutorials/sqlite-vs-mysql-vs-postgresql-a-comparison-of-relational-database-management-systems|SQLite vs MySQL vs PostgreSQL: A Comparison Of Relational Database Management Systems]] |
| |
| <fc #008000>I got the Docker emailer server functional mid 2023. It still needs some more work. Currently I run the mail server 2 containers, I would rather have it all in one container. The email server could also have some more optimisations performed. |
| </fc> |
=====Dockerfile===== | =====Dockerfile===== |
I go annoyed with the messy UID and GID and found this reference to attempt to standardise upon. <fc #ffa500>//Sadly there seems to be no comprehensive standard!//</fc> | I go annoyed with the messy UID and GID and found this reference to attempt to standardise upon. <fc #ffa500>//Sadly there seems to be no comprehensive standard!//</fc> |
====alias==== | ====alias==== |
I could not get the alias command to work in Alpine shell. I tried /etc/profile and /etc/profile.d to no avail. So the following seems to meet my needs: | I could not get the alias command to work in Alpine shell. I tried /etc/profile and /etc/profile.d to no avail. So the following seems to meet my needs: |
*create file ++++ll.sh| | *create file ''ll.sh'' |
<code>#!/bin/sh | *<code>#!/bin/sh |
exec ls -la "$@"</code> | exec ls -la "$@"</code> |
++++ | *chmod +x ll.sh to allow to to be an executable. |
| *Copy the ll.sh file to /bin/ll or link it ''/bin/ln -s /app/scripts/ll.sh /bin/ll'' |
| |
=====sqlite===== | =====sqlite===== |
====ISPmail Admin==== | ====ISPmail Admin==== |
I will setup DNS and Traefik for this to be ''mailadmin.local.kptree.net''. This will only be accessible on the LAN. | I will setup DNS and Traefik for this to be ''mailadmin.local.kptree.net''. This will only be accessible on the LAN. |
| Admin user is mailserver with associated password. |
=====adminer===== | =====adminer===== |
**phpMyAdmin** is a web based mysql management interface. | **phpMyAdmin** is a web based mysql management interface. |
Alpine posfix would seem to be setup to use postlogd, as master.cf has the following line already configured: ''%%postlog unix-dgram n - n - 1 postlogd%%''. Hence the following does not need to be used: ''%%/bin/echo 'postlog unix-dgram n - n - 1 postlogd' >> '/etc/postfix/master.cf'%%'' | Alpine posfix would seem to be setup to use postlogd, as master.cf has the following line already configured: ''%%postlog unix-dgram n - n - 1 postlogd%%''. Hence the following does not need to be used: ''%%/bin/echo 'postlog unix-dgram n - n - 1 postlogd' >> '/etc/postfix/master.cf'%%'' |
| |
| ====/etc/postfix/aliases==== |
| I get an error when recreating the container; "error: open database /etc/postfix/aliases.lmdb: No such file or directory" The postfix command recreates the missing/corupt aliases.lmdb file; ''newaliases''.I added this to my Docker container startup script. This solved the problem, but not sure if this is the right way to do this. |
====Postfix References==== | ====Postfix References==== |
*Postfix: | *Postfix: |
| |
=====Certificates SSL/TSL===== | =====Certificates SSL/TSL===== |
Early on, before 2015 there were not many free SSL certificate providers. I used StartSSL for a free certificate. They would purchased by a company that managed to get their certificate deregister...... So StartSSL basically became non-usable circa 2017. Fourtunately a better solution came about a year or 2 earlier called LetsEncrypt. This could be used with certbot to get free certificates and eventually free wildcard certificates. Then came Traefik which handled certificates | Early on, before 2015 there were not many free SSL certificate providers. I used StartSSL for a free certificate. They would purchased by a company that managed to get their certificate deregister...... So StartSSL basically became non-usable circa 2017. Fourtunately a better solution came about a year or 2 earlier called LetsEncrypt. This could be used with certbot to get free certificates and eventually free wildcard certificates. Then came Traefik which handled certificates. |
=====apache2===== | =====apache2===== |
Alpine apk apache2 distribution seems to follow the Red Hat setup style. The daemon is httpd instead of apache2. So I need to learn a new setup. | Alpine apk apache2 distribution seems to follow the Red Hat setup style. The daemon is httpd instead of apache2. So I need to learn a new setup. |
*[[https://github.com/roundcube/roundcubemail-docker|Roundcube Docker Git Page]] | *[[https://github.com/roundcube/roundcubemail-docker|Roundcube Docker Git Page]] |
*[[https://wiki.alpinelinux.org/wiki/Roundcube|Alpine Roundcube]] seems to be based upon Lighttpd web server and postgres database with manual download of Roundcube. | *[[https://wiki.alpinelinux.org/wiki/Roundcube|Alpine Roundcube]] seems to be based upon Lighttpd web server and postgres database with manual download of Roundcube. |
| =====dmarc===== |
| [[https://www.mailercheck.com/articles/how-to-read-a-dmarc-report-and-actually-understand-it|How to read a DMARC report—and actually understand it!]] |
| |
| =====rspamd===== |
| |
| rspamd -u rspamd -g rspamd |
| |
| Help from rspamd: ++++rspamd -h| |
| <code>Usage: |
| rspamd [OPTION*] - run rspamd daemon |
| |
| Summary: |
| Rspamd daemon version 3.7.4 |
| |
| Help Options: |
| -h, --help Show help options |
| |
| Application Options: |
| -f, --no-fork Do not daemonize main process |
| -c, --config Specify config file(s) |
| -u, --user User to run rspamd as |
| -g, --group Group to run rspamd as |
| -p, --pid Path to pidfile |
| -d, --debug Force debug output |
| -i, --insecure Ignore running workers as privileged users (insecure) |
| -v, --version Show version and exit |
| --var Redefine/define environment variable |
| -T, --skip-template Do not apply Jinja templates |
| --lua-env Load lua environment from the specified files </code> |
| ++++ |
| |
| [[https://rspamd.com/doc/quickstart.html|Rspamd quick start]] |
| |
| =====redis===== |
| *Load the Alpine package ''redis'' |
| *To start on command line ''redis-server /etc/redis.conf &'' |
| *The redis configuration file ''/etc/redis.conf'' is installed with the redis package. |
| *The default conf log file is ''/var/log/redis/redis.log''. Use ''mkdir /var/log/redis'' to make directory if required. |
| *To stop on command line ''redis-cli shutdown'' |
| *Redis complains if 'vm.overcommit_memory' is not equal to 1. |
| *This is not set in the container (Docker does have sysctl directive, but not all kernal parameters are support, including this one.) |
| *This can be set in the host ''sudo sysctl -w vm.overcommit_memory=1'' |
| Some reference links: |
| *Redis |
| *[[https://redis.io/docs/install/install-redis/|Install Redis]] |
| *[[https://redis.io/docs/get-started/faq/#background-saving-fails-with-a-fork-error-on-linux|Redis FAQ]] |
| *[[https://ourcodeworld.com/articles/read/2083/how-to-remove-redis-warning-on-docker-memory-overcommit-must-be-enabled|How to remove Redis warning on Docker: Memory overcommit must be enabled ]] |
| *[[https://docs.docker.com/engine/reference/commandline/run/#sysctl|Docker sysctl]] |
| ====nftables==== |
| rspamd requires netfilter chains to functions. So a nftables needs to be available and a basic input chain setup to function. See [[https://wiki.kptree.net/doku.php?id=docker_notes:docker#dns_and_nftable_iptables_netfilter_within_containers|netfilter use within containers]] that describe why care must be taken no to interfere with existing netfilter nat chains required for container DNS function. |
| |
| =====Mailserver testing from CLI===== |
| *''telnet mail.kptree.net 25'' Tests the main SMPT mail server connectivity. Port 25 is also designated smtp. |
| *''telnet mail.kptree.net 587'' Tests the mail client SMPT server connectivity. Port 25 is also designated submission. |
| *''telnet mail.kptree.net imap'' Tests the mail client imap server connectivity. The designation imap is port 143. |
| |
| The mailserver exit control character is '^]' or control key ]. |
| The SMTP and mailserver exit control character is '^]' or control key ]. |
=====References===== | =====References===== |
*Workaround.org [[https://workaround.org/ispmail/bullseye/|ISPmail guide for Debian 11 “Bullseye”]] | *Workaround.org [[https://workaround.org/ispmail/bullseye/|ISPmail guide for Debian 11 “Bullseye”]] |