Compare commits
12 Commits
1.0.0+2.0.
...
main
Author | SHA1 | Date |
---|---|---|
3wc | e471ec6fd8 | |
knoflook | 976b85b701 | |
Cassowary | 2cd5446ca2 | |
3wc | 16bd66c208 | |
3wc | 68fd4e6a1b | |
3wc | 014d4456f8 | |
3wc | 41b2f8d9c1 | |
3wc | 158537ab52 | |
3wc | 877a528df2 | |
knoflook | abd4911a9b | |
knoflook | 536e78d459 | |
3wc | 826b0269f4 |
175
.env.sample
175
.env.sample
|
@ -1,64 +1,72 @@
|
|||
# See https://mailu.io/2.0/configuration.html for explanation of (most of) these
|
||||
# settings. "Quoted text" in this file comes from that page.
|
||||
|
||||
###############################################################################
|
||||
# BOILERPLATE SETTINGS (shouldn't need to change these) #
|
||||
###############################################################################
|
||||
TYPE=mailu
|
||||
|
||||
# Main mail domain, NOT main web domain (if they are different)
|
||||
DOMAIN=example.com
|
||||
LETS_ENCRYPT_ENV=production
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
# Custom settings used by certdumper_post.sh and Traefik
|
||||
WEB_DOMAIN=example.com
|
||||
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json
|
||||
###############################################################################
|
||||
# REQUIRED SETTINGS (always need to change these) #
|
||||
###############################################################################
|
||||
|
||||
# Mailu settings
|
||||
# https://mailu.io
|
||||
# Main web domain, NOT main mail domain (if they are different)
|
||||
DOMAIN=mailu.example.com
|
||||
|
||||
TLS_CERT_FILENAME=$WEB_DOMAIN/certificate.crt
|
||||
TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key
|
||||
# "This email domain is used for bounce emails, for generating the postmaster
|
||||
# email and other technical addresses."
|
||||
MAIL_DOMAIN=mailu.example.com
|
||||
|
||||
REDIS_ADDRESS=db
|
||||
# Hostnames for this server, separated with commas
|
||||
# "The first declared hostname is the main hostname and will be exposed over
|
||||
# SMTP, IMAP, etc."
|
||||
HOSTNAMES=$DOMAIN
|
||||
|
||||
# Set to a randomly generated 16 bytes string
|
||||
SECRET_KEY=XXXXXXXXXXXXXXXX
|
||||
# Run `DOCKER_CONTEXT=<yourserver> docker stack ls | grep traefik | cut -f 1 -d " "` to get that one
|
||||
TRAEFIK_STACK_NAME=traefik_example_com
|
||||
|
||||
# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!)
|
||||
SUBNET=192.168.203.0/24
|
||||
###############################################################################
|
||||
# OPTIONAL SETTINGS #
|
||||
###############################################################################
|
||||
|
||||
# Hostnames for this server, separated with comas
|
||||
HOSTNAMES=$WEB_DOMAIN
|
||||
# Name of the instance, displayed in the web UI
|
||||
SITENAME=mymail
|
||||
|
||||
# Linked Website URL
|
||||
WEBSITE=https://$DOMAIN
|
||||
|
||||
# Postmaster local part (will append the main mail domain)
|
||||
POSTMASTER=admin
|
||||
|
||||
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
||||
TLS_FLAVOR=mail
|
||||
POSTMASTER=c
|
||||
|
||||
# Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6)
|
||||
AUTH_RATELIMIT_IP=60/hour
|
||||
|
||||
# Opt-out of statistics, replace with "True" to opt out
|
||||
# Opt-in to statistics, change to "False" to opt in
|
||||
DISABLE_STATISTICS=True
|
||||
|
||||
###################################
|
||||
# Optional features
|
||||
###################################
|
||||
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
|
||||
LOG_LEVEL=WARNING
|
||||
|
||||
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
||||
TZ=Etc/UTC
|
||||
|
||||
# Expose the admin interface (value: true, false)
|
||||
ADMIN=true
|
||||
|
||||
# Choose which webmail to run if any (values: roundcube, rainloop, none)
|
||||
# Choose which webmail to run if any (values: snappymail, roundcube, none)
|
||||
WEBMAIL=snappymail
|
||||
|
||||
# Dav server implementation (value: radicale, none)
|
||||
WEBDAV=none
|
||||
# API settings
|
||||
# -------------
|
||||
|
||||
# Antivirus solution (value: clamav, none)
|
||||
ANTIVIRUS=none
|
||||
# Authentication token for API requests
|
||||
API=false
|
||||
#API_TOKEN=
|
||||
|
||||
# Scan Macros solution (value: true, false)
|
||||
SCAN_MACROS=true
|
||||
|
||||
###################################
|
||||
# Mail settings
|
||||
###################################
|
||||
# -------------
|
||||
|
||||
# Message size limit in bytes
|
||||
# Default: accept messages up to 50MB
|
||||
|
@ -81,7 +89,7 @@ FETCHMAIL_ENABLED=False
|
|||
# Fetchmail delay
|
||||
FETCHMAIL_DELAY=600
|
||||
|
||||
# Recipient delimiter, character used to delimiter localpart from custom address part
|
||||
# Recipient delimiter, character used to delimit localpart from custom address part
|
||||
RECIPIENT_DELIMITER=+
|
||||
|
||||
# DMARC rua and ruf email
|
||||
|
@ -101,11 +109,58 @@ COMPRESSION=
|
|||
COMPRESSION_LEVEL=
|
||||
|
||||
# IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature.
|
||||
# FULL_TEXT_SEARCH=off
|
||||
#FULL_TEXT_SEARCH=off
|
||||
|
||||
# Co-op Cloud settings
|
||||
# -------------
|
||||
|
||||
# Mailman settings
|
||||
# NOTE(3wc): remember to also set RELAYNETS
|
||||
#COMPOSE_FILE="compose.yml:compose.mailman.yml"
|
||||
#MAILMAN_POSTFIX_OVERRIDES=1
|
||||
#MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
|
||||
#MAILMAN_CORE_NETWORK=lists_example_com_internal
|
||||
|
||||
# NOTE(3wc): think this is no longer needed, see https://github.com/Mailu/Mailu/pull/1904
|
||||
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
|
||||
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
|
||||
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
|
||||
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
|
||||
#COMPOSE_FILE="compose.yml:compose.senderlogins.yml"
|
||||
#SENDER_LOGINS_POSTFIX_OVERRIDES=1
|
||||
|
||||
SECRET_SECRET_KEY_VERSION=v1
|
||||
|
||||
###############################################################################
|
||||
# INFINITE NERD DEPTH SETTINGS (rarely needed) #
|
||||
###############################################################################
|
||||
|
||||
# Traefik certificates filename, used by certdumper
|
||||
ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json
|
||||
|
||||
TLS_CERT_FILENAME=$DOMAIN/certificate.crt
|
||||
TLS_KEYPAIR_FILENAME=$DOMAIN/privatekey.key
|
||||
|
||||
# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt)
|
||||
# NOTE(3wc): changing this to "letsencrypt" might (but probably won't) allow
|
||||
# this recipe to be deployed standalone without Traefik. "notls" might (but
|
||||
# might not) disable encryption for everything except the web interfaces.
|
||||
TLS_FLAVOR=mail
|
||||
|
||||
# Optional features
|
||||
# -------------
|
||||
|
||||
# Dav server implementation (value: radicale, none)
|
||||
WEBDAV=none
|
||||
|
||||
# Antivirus solution (value: clamav, none)
|
||||
ANTIVIRUS=none
|
||||
|
||||
# Scan Macros solution (value: true, false)
|
||||
SCAN_MACROS=true
|
||||
|
||||
###################################
|
||||
# Web settings
|
||||
###################################
|
||||
# -------------
|
||||
|
||||
# Path to redirect / to
|
||||
WEBROOT_REDIRECT=/webmail
|
||||
|
@ -116,24 +171,14 @@ WEB_ADMIN=/admin
|
|||
# Path to the webmail if enabled
|
||||
WEB_WEBMAIL=/webmail
|
||||
|
||||
# Website name
|
||||
SITENAME=mymail
|
||||
|
||||
# Linked Website URL
|
||||
WEBSITE=https://$DOMAIN
|
||||
|
||||
###################################
|
||||
# Advanced settings
|
||||
###################################
|
||||
# -------------
|
||||
|
||||
# Log driver for front service. Possible values:
|
||||
# json-file (default)
|
||||
# journald (On systemd platforms, useful for Fail2Ban integration)
|
||||
# syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!)
|
||||
# LOG_DRIVER=json-file
|
||||
|
||||
# Docker-compose project name, this will prepended to containers names.
|
||||
COMPOSE_PROJECT_NAME=mailu
|
||||
#LOG_DRIVER=json-file
|
||||
|
||||
# Number of rounds used by the password hashing scheme
|
||||
CREDENTIAL_ROUNDS=12
|
||||
|
@ -147,30 +192,6 @@ REAL_IP_FROM=
|
|||
# choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no)
|
||||
REJECT_UNLISTED_RECIPIENT=
|
||||
|
||||
# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET)
|
||||
LOG_LEVEL=WARNING
|
||||
|
||||
# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
|
||||
TZ=Etc/UTC
|
||||
|
||||
###################################
|
||||
# Database settings
|
||||
###################################
|
||||
# NOTE(3wc): Other values are not supported, as compose.yml does not contain
|
||||
# configuration for them. Pull requests welcome!
|
||||
DB_FLAVOR=sqlite
|
||||
|
||||
###################################
|
||||
# Mailman settings
|
||||
###################################
|
||||
# COMPOSE_FILE="compose.yml:compose.mailman.yml"
|
||||
# MAILMAN_POSTFIX_OVERRIDES=1
|
||||
# MAILMAN_CORE_VOLUME=lists_example_com_mailman-core
|
||||
# MAILMAN_CORE_NETWORK=lists_example_com_internal
|
||||
|
||||
###################################
|
||||
# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying
|
||||
# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base
|
||||
# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions
|
||||
# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096
|
||||
###################################
|
||||
# COMPOSE_FILE="compose.yml:compose.senderlogins.yml"
|
||||
# SENDER_LOGINS_POSTFIX_OVERRIDES=1
|
||||
|
|
|
@ -27,7 +27,7 @@ host.
|
|||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
9. Create initial user:
|
||||
```
|
||||
abra app YOURAPPDOMAIN run admin flask mailu admin admin YOURDOMAIN YOURPASSWORD
|
||||
abra app run YOURDOMAIN admin flask mailu admin admin YOURDOMAIN YOURPASSWORD
|
||||
```
|
||||
|
||||
[Mailu]: https://mailu.io/
|
||||
|
|
2
abra.sh
2
abra.sh
|
@ -1,3 +1,3 @@
|
|||
export CERTDUMPER_POST_VERSION=v1
|
||||
export POSTFIX_OVERRIDE_VERSION=v15
|
||||
export POSTFIX_OVERRIDE_VERSION=v17
|
||||
export SENDER_LOGIN_VERSIONS=v2
|
||||
|
|
|
@ -10,18 +10,12 @@ services:
|
|||
- MAILMAN_POSTFIX_OVERRIDES
|
||||
networks:
|
||||
- default
|
||||
- shared_mailman_network
|
||||
volumes:
|
||||
- "shared-mailman-core:/opt/mailman/"
|
||||
configs:
|
||||
- source: postfix_override
|
||||
target: /overrides/postfix.cf
|
||||
|
||||
networks:
|
||||
shared_mailman_network:
|
||||
external: true
|
||||
name: ${MAILMAN_CORE_NETWORK}
|
||||
|
||||
volumes:
|
||||
# https://git.autonomic.zone/coop-cloud/mailman3/src/branch/master/compose.yml
|
||||
shared-mailman-core:
|
||||
|
|
64
compose.yml
64
compose.yml
|
@ -5,6 +5,8 @@ x-environment:
|
|||
- FRONT_ADDRESS=${STACK_NAME}_app
|
||||
- ADMIN
|
||||
- ANTIVIRUS
|
||||
- API
|
||||
- API_TOKEN
|
||||
- AUTH_RATELIMIT_IP
|
||||
- MESSAGE_RATELIMIT
|
||||
- COMPOSE_PROJECT_NAME
|
||||
|
@ -28,13 +30,13 @@ x-environment:
|
|||
- REAL_IP_FROM
|
||||
- REAL_IP_HEADER
|
||||
- RECIPIENT_DELIMITER
|
||||
- REDIS_ADDRESS
|
||||
- REDIS_ADDRESS=db
|
||||
- REJECT_UNLISTED_RECIPIENT
|
||||
- RELAYHOST
|
||||
- RELAYNETS
|
||||
- SECRET_KEY
|
||||
- SECRET_KEY_FILE=/run/secrets/secret_key
|
||||
- SITENAME
|
||||
- SUBNET
|
||||
- SUBNET=192.168.203.0/24
|
||||
- TLS_CERT_FILENAME
|
||||
- TLS_FLAVOR
|
||||
- TLS_KEYPAIR_FILENAME
|
||||
|
@ -44,6 +46,7 @@ x-environment:
|
|||
- WEBROOT_REDIRECT
|
||||
- WEBSITE
|
||||
- WEB_WEBMAIL
|
||||
- WEB_API=/api
|
||||
- WELCOME
|
||||
- WELCOME_BODY
|
||||
- WELCOME_SUBJECT
|
||||
|
@ -51,7 +54,7 @@ x-environment:
|
|||
|
||||
services:
|
||||
app:
|
||||
image: ghcr.io/mailu/nginx:2.0.16
|
||||
image: ghcr.io/mailu/nginx:2.0.41
|
||||
logging:
|
||||
driver: json-file
|
||||
networks:
|
||||
|
@ -82,26 +85,30 @@ services:
|
|||
mode: host
|
||||
volumes:
|
||||
- "certs:/certs"
|
||||
secrets:
|
||||
- secret_key
|
||||
deploy:
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.docker.network=proxy"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.0.0+2.0.16"
|
||||
- "coop-cloud.${STACK_NAME}.version=1.1.1+2.0.41"
|
||||
|
||||
db:
|
||||
image: redis:alpine
|
||||
image: redis:7.2.4-alpine
|
||||
volumes:
|
||||
- "redis:/data"
|
||||
|
||||
admin:
|
||||
image: ghcr.io/mailu/admin:2.0.16
|
||||
image: ghcr.io/mailu/admin:2.0.41
|
||||
environment: *default-env
|
||||
healthcheck:
|
||||
disable: true
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "dkim:/dkim"
|
||||
- "mailu:/data"
|
||||
|
@ -109,8 +116,10 @@ services:
|
|||
- default
|
||||
|
||||
imap:
|
||||
image: ghcr.io/mailu/dovecot:2.0.16
|
||||
image: ghcr.io/mailu/dovecot:2.0.41
|
||||
environment: *default-env
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "mail:/mail"
|
||||
healthcheck:
|
||||
|
@ -121,8 +130,10 @@ services:
|
|||
- default
|
||||
|
||||
smtp:
|
||||
image: ghcr.io/mailu/postfix:2.0.16
|
||||
image: ghcr.io/mailu/postfix:2.0.41
|
||||
environment: *default-env
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "mailqueue:/queue"
|
||||
healthcheck:
|
||||
|
@ -131,8 +142,10 @@ services:
|
|||
- app
|
||||
|
||||
antispam:
|
||||
image: ghcr.io/mailu/rspamd:2.0.16
|
||||
image: ghcr.io/mailu/rspamd:2.0.41
|
||||
environment: *default-env
|
||||
secrets:
|
||||
- secret_key
|
||||
volumes:
|
||||
- "rspamd:/var/lib/rspamd"
|
||||
- "dkim:/dkim:ro"
|
||||
|
@ -140,33 +153,38 @@ services:
|
|||
disable: true
|
||||
|
||||
webmail:
|
||||
image: ghcr.io/mailu/webmail:2.0.16
|
||||
image: ghcr.io/mailu/webmail:2.0.41
|
||||
environment: *default-env
|
||||
networks:
|
||||
- default
|
||||
volumes:
|
||||
- "webmail:/data"
|
||||
secrets:
|
||||
- secret_key
|
||||
deploy:
|
||||
replicas: 1
|
||||
healthcheck:
|
||||
disable: true
|
||||
|
||||
certdumper:
|
||||
image: ldez/traefik-certs-dumper:v2.7.4
|
||||
image: ldez/traefik-certs-dumper:v2.8.3
|
||||
entrypoint: sh -c '
|
||||
apk add jq
|
||||
; while ! [ -e /traefik/production-acme.json ]
|
||||
|| ! [ `jq ".production.Certificates | length" /traefik/production-acme.json` != 0 ]; do
|
||||
; while ! [ -e /traefik/${ACME_JSON} ]
|
||||
|| ! [ `jq ".production.Certificates | length" /traefik/${ACME_JSON}` != 0 ]; do
|
||||
sleep 1
|
||||
; done
|
||||
&& traefik-certs-dumper file --watch --source /traefik/production-acme.json
|
||||
--dest /output --domain-subdir=true --version v2'
|
||||
&& traefik-certs-dumper file --watch --source /traefik/${ACME_JSON}
|
||||
--dest /output --domain-subdir=true --version v2
|
||||
--post-hook "sh /usr/bin/certdumper_post.sh"'
|
||||
environment:
|
||||
# Make sure this is the same as the main=-domain in traefik.toml
|
||||
- DOMAIN=$WEB_DOMAIN
|
||||
- DOMAIN=$DOMAIN
|
||||
volumes:
|
||||
# Folder, which contains the acme.json
|
||||
- "traefik_letsencrypt:/traefik"
|
||||
- type: volume
|
||||
read_only: true
|
||||
source: traefik_letsencrypt
|
||||
target: "/traefik"
|
||||
# Folder, where cert.pem and key.pem will be written
|
||||
- "certs:/output"
|
||||
configs:
|
||||
|
@ -184,6 +202,7 @@ volumes:
|
|||
certs:
|
||||
mailqueue:
|
||||
traefik_letsencrypt:
|
||||
name: "${TRAEFIK_STACK_NAME}_letsencrypt"
|
||||
external: true
|
||||
|
||||
networks:
|
||||
|
@ -200,3 +219,8 @@ configs:
|
|||
certdumper_post:
|
||||
name: ${STACK_NAME}_certdumper_post_${CERTDUMPER_POST_VERSION}
|
||||
file: certdumper_post.sh
|
||||
|
||||
secrets:
|
||||
secret_key:
|
||||
external: true
|
||||
name: ${STACK_NAME}_secret_key_${SECRET_SECRET_KEY_VERSION}
|
||||
|
|
|
@ -10,9 +10,9 @@
|
|||
|
||||
unknown_local_recipient_reject_code = 550
|
||||
owner_request_special = no
|
||||
virtual_mailbox_maps = regexp:/opt/mailman/var/data/postfix_lmtp, \${podop}mailbox
|
||||
transport_maps = regexp:/opt/mailman/var/data/postfix_lmtp \${podop}transport
|
||||
local_recipient_maps = regexp:/opt/mailman/var/data/postfix_lmtp
|
||||
relay_domains = regexp:/opt/mailman/var/data/postfix_domains \${podop}transport
|
||||
{{ end }}
|
||||
{{ if eq (env "SENDER_LOGINS_POSTFIX_OVERRIDES") "1" }}
|
||||
# https://github.com/Mailu/Mailu/issues/1096
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
this version introduces a new variable TRAEFIK_STACK_NAME
|
|
@ -0,0 +1,18 @@
|
|||
# Secret key
|
||||
|
||||
The secret key is now stored as a docker secret instead of a variable in the
|
||||
env file. You need to insert it by running:
|
||||
`abra app secret insert <your mailu app> secret_key v1 <SECRETKEYHERE>`
|
||||
and you can remove `SECRET_KEY` from your config file.
|
||||
|
||||
# `DOMAIN` is now `MAIL_DOMAIN`
|
||||
|
||||
This is important! If your main e-mail domain is something else than the
|
||||
domain you are reaching the web interface at, you need to make changes.
|
||||
I.e. in our setup we have `autonomic.zone` pointing an A record at some server
|
||||
and `mail.autonomic.zone` is a separate server, and MX records are pointing
|
||||
to the server at `mail.autonomic.zone`.
|
||||
In this case:
|
||||
- `DOMAIN` should be `mail.autonomic.zone` - this is what traefik will use to
|
||||
provision a certificate
|
||||
- `MAIL_DOMAIN` should be `autonomic.zone`
|
Loading…
Reference in New Issue