Hello,

I ruined my mailcow-dockerized folder trying to secure it by lowering rights so that only root has rwx. I did chmod -R 700 mailcow-dockerized.
I deleted the folder, recreated it, did chmod 700 mailcow-dockerized and did the git-checkout again. Then I copied the mailcow.conf from the backup folder and did docker-compose pull (forgot to restore docker-compose.yml). Last I did ./helper-scripts/backup_and_restore.sh restore with option all.

It worked fine, but I have noticed some things. I had to:

  1. update the TLSA record
  2. recreate data/web/.well-known/mta-sts.txt
  3. recreate data/conf/nginx/redirect.conf
  4. set the password for rspamd

The 1. was expected, but why are 2. and 3. not in the backup? And does rspamd don’t store it’s password-hash in the database? Why I had to set it again?

Is there anything else regarding security I should verify? Is there a checklist for restore the backup to an new mailcow folder, which is in state e. g. after git-checkout or after ./generate_config.sh?

Best regards
wmf

    wmf43 The 1. was expected, but why are 2. and 3. not in the backup?

    Because those aren’t files in mailcow. You probably created them yourself.
    There’s no need for mailcow to backup stuff that you can just get from the repository.

        Have something to say?

        Join the community by quickly registering to participate in this discussion. We'd like to see you joining our great moo-community!

        D4niel
        Ok, then I miss a custom hook as implemented in update.sh. 😉

        But the security issue is more important to me , I am a little bit worried about cause it was the first time I have to use the recovery.

          For clarification:

          In case of a damaged mailcow-customized folder, would it be enough to clone it from github, copy the mailcow.conf from the backup and restart the containers without using restore-script? Or is it necessary to rerun generate_config.sh again (snakeoil certificates, set variables etc.) and then restore mailcow.conf from backup and start the containers? Or is is actually necessary to execute the backup&restore-script?

          Help me, what is the correct workflow? And additional, what have to be backuped manually from mailcow-dockerized (must-have and nice-to-have)?

          No one is typing