I ruined my mailcow-dockerized folder trying to secure it by lowering rights so that only root has rwx. I did chmod -R 700 mailcow-dockerized.
I deleted the folder, recreated it, did chmod 700 mailcow-dockerized and did the git-checkout again. Then I copied the mailcow.conf from the backup folder and did docker-compose pull (forgot to restore docker-compose.yml). Last I did ./helper-scripts/backup_and_restore.sh restore with option all.
It worked fine, but I have noticed some things. I had to:
- update the TLSA record
- recreate data/web/.well-known/mta-sts.txt
- recreate data/conf/nginx/redirect.conf
- set the password for rspamd
The 1. was expected, but why are 2. and 3. not in the backup? And does rspamd don’t store it’s password-hash in the database? Why I had to set it again?
Is there anything else regarding security I should verify? Is there a checklist for restore the backup to an new mailcow folder, which is in state e. g. after git-checkout or after ./generate_config.sh?