hugalafutro

  • 24 Jun
  • Joined Dec 27, 2021
  • 6 discussions
  • 18 posts
  • 3 best answers
  • Post posted... wait what? You got the answer!
  • DocFraggle Maybe it’s because I’m the only user of my mail server so i never needed an “user” login. But the snippet you posted is telling nothing to layman like me, what does slash admin, slash, slash domainadmin mean? If it mentioned anything about domain in front of it I’d be in the clear.

    esackbauer I too read each every changelog and this is the 1st one of mailcow I had issue with. I wouldn’t posted at all if it wasn’t for the coincidence of struggling with changes in various changelogs recently written in what I call too much of a technical mumbo jumbo.

    peace out, it all works now

    • With all due respect, the notice is very badly written. I re-read it 3 times and only by pure chance I realized that to log in after the update I have to use new link ending in /admin. Maybe for you technical gurus it’s apparent from the text, but for me (and obviously others) it is written in very obscure way.

      Why not write:
      Change your bookmarks from whatever.domain to whatever.domain/admin

      Sorry for the rant, but it’s like 5th time this week I run into an issue, because the dev words it incomprehensibly (to me).
      Maybe I’m just getting old…

      • try this as your data/conf/borgmatic/etc/crontab.txt (that’s what I have there and “it just works”):
        0 * * * * PATH=$PATH:/usr/local/bin /usr/local/bin/borgmatic --stats -v 0 2>&1 and restart the borgmatic container, maybe the logfile you have defined there cannot be created or some permission issue.

        alternatively enter the shell of the borgmatic container and run your command from the crontab manually and see the output, it might give you more info

        I’m not sure why it complains about the borg passphrase, that is defined in the docker-compose as environment variable, and manual backup wouldn’t work either if it wasn’t defined.

        just to make 100% sure, if you run docker compose exec borgmatic-mailcow bash -c 'echo "${BORG_PASSPHRASE}"' it returns your borg passphrase as you defined it in docker-compose.override.yml ?

        • The repositories option now expects a list of key/value pairs. Lists of strings for this option are deprecated and support will be removed from a future release.

          is the issue imho, i remember having to change all my borgmatic configs everywhere few months back

          Change your repositories in data/conf/borgmatic/etc/config.yaml like so (this is copied from my working mailcow config):

          repositories:
            - path: ssh://borgwarehouse@[REDACTED]:2223/./[REDACTED]
              label: borgwarehouse

          and rebuild the stack. (i don’t think the label is mandatory)

          my working config:

          service from ‘docker-compose.override.yml’

          my ‘data/conf/borgmatic/etc/config.yaml’:

          source_directories:
              - /mnt/source/vmail
              - /mnt/source/crypt
              - /mnt/source/redis
              - /mnt/source/rspamd
              - /mnt/source/postfix
          
          repositories:
            - path: ssh://borgwarehouse@[REDACTED]:2223/./[REDACTED]
              label: borgwarehouse
          
          exclude_patterns:
              - '/mnt/source/postfix/public/'
              - '/mnt/source/postfix/private/'
              - '/mnt/source/rspamd/rspamd.sock'
          
          compression: auto,lz4
          
          checks:
            - name: repository
              frequency: 1 week
            - name: archives
              frequency: 1 week
          
          keep_hourly: 24
          keep_daily: 7
          keep_weekly: 4
          keep_monthly: 6
          
          before_backup:
            - echo "Starting a backup job."
          after_backup:
            - echo "Backup created."
          on_error:
            - echo "Error while creating a backup."
          
          mysql_databases:
              - name: mailcow
                username: mailcow
                password: [REDACTED]
                options: --default-character-set=utf8mb4

          i dunno why the docker-compose part didn’t post but here it is:

            borgmatic-mailcow:
              image: b3vis/borgmatic
              hostname: mailcow
              restart: always
              dns: ${IPV4_NETWORK:-172.22.1}.254
              volumes:
                - vmail-vol-1:/mnt/source/vmail:ro
                - crypt-vol-1:/mnt/source/crypt:ro
                - redis-vol-1:/mnt/source/redis:ro,z
                - rspamd-vol-1:/mnt/source/rspamd:ro,z
                - postfix-vol-1:/mnt/source/postfix:ro,z
                - mysql-socket-vol-1:/var/run/mysqld/:z
                - borg-config-vol-1:/root/.config/borg:Z
                - borg-cache-vol-1:/root/.cache/borg:Z
                - ./data/conf/borgmatic/etc:/etc/borgmatic.d:Z
                - ./data/conf/borgmatic/ssh:/root/.ssh:Z
              environment:
                - TZ=${TZ}
                - BORG_PASSPHRASE=[REDACTED]
              networks:
                mailcow-network:
                  aliases:
                    - borgmatic
          
          volumes:
            borg-cache-vol-1:
            borg-config-vol-1:
          • accolon thanks for the link that would explain it, guess I’ll stick with the 2vcpu, the next 4vcpu intel is twice the price.

          • weirdly enough, it turns out it was because I also happened to change the server type some time before the update as I was just remembering what changes I made recently (hetzner cloud vm, rescaled form 2vcpu intel to 4vcpu amd)

            Rescaling back to 2vcpu intel instance makes rspamd work.

            Is there any way to make rspamd work on amd instance ?

          • Hi, I ran the update.sh script today and afterwards the rspamd container is stuck in restart loop with re_cache; rspamd_re_cache_load_hyperscan: fatal error: cannot allocate scratch for /var/lib/rspamd//791648bcd295379bd35146fd029ee28c88cfa0bd2429269cf09abc9541528fc8.hs: -6

            output of update.sh: https://o.o5.ddns.net/S5H8T


            rspamd log: https://o.o5.ddns.net/jHhHJ
            o.o5.ddns.net
            https://o.o5.ddns.net/jHhHJ
            No preview could be generated for this link

            Any ideas how to make it work? Thanks!

          • Works now 111 pushed to hub 4mins ago 🙂

          • Oh I didn’t think about that, just thought since the email went out it’s all ready. I shall try later.

          • edit: The title got cut off 🙁 Trying to update to Amoogust Update 2022 - The Nightly Build Switch Update | Revision B as I just got the email

            Getting this error when I run ./update.sh

            
            Error pulling mailcow/sogo:1.111, retrying...
            Error response from daemon: manifest for mailcow/sogo:1.111 not found: manifest unknown: manifest unknown
            
            Error pulling mailcow/sogo:1.111, retrying...
            Error response from daemon: manifest for mailcow/sogo:1.111 not found: manifest unknown: manifest unknown
            
            Error pulling mailcow/sogo:1.111, retrying...
            Error response from daemon: manifest for mailcow/sogo:1.111 not found: manifest unknown: manifest unknown
            
            Error pulling mailcow/sogo:1.111, retrying...
            
            Too many failed retries, exiting
          • Hi,
            I already have ClamAV container running on different machine. Could this be used with mailcow so I could save the resources it eats on the mailcow vm? The ClamAV container is being used over network by nextcloud container and I was wondering if I could set mailcow in similar way.

            Thanks for any advice!

          • I forgot about this, but here is the solution I’m using:

            #!/bin/bash
            scp pi@192.168.1.101:/home/pi/docker/nginx-proxy-manager/letsencrypt/live/npm-29/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
            scp pi@192.168.1.101:/home/pi/docker/nginx-proxy-manager/letsencrypt/live/npm-29/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
            postfix_c=$(docker ps -qaf name=postfix-mailcow)
            dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
            nginx_c=$(docker ps -qaf name=nginx-mailcow)
            docker restart ${postfix_c} ${dovecot_c} ${nginx_c}

            running via cron on the 1st day of every 2nd month
            0 1 * */2 * bash /opt/mailcow_cert_renew.sh >/dev/null 2>&1

          • Was only able to solve this with nullmailer for cron where you can utilize MAILTO= before the cron line to force the email.

            To make it work systemwide (i.e. for failed login attempts) had to go back to postfix, following the tutorial @ https://easyengine.io/tutorials/linux/ubuntu-postfix-gmail-smtp/

            just exchanging the gmail parts with my mailcow address got me 90% of way there, adding root: myemail@mailcow.net and running sudo newaliases && sudo service postfix restart made it work.

            Disclaimer: I’ve no idea what I’m doing, and as long as the results are in the vicinity of what I wanted it’s “solved” for me

          • Hi,
            I’m using nullmailer to handle sending emails from local machines to outside mail (as discussed @ https://community.mailcow.email/d/1150-how-to-handle-service-mails-from-non-public-hosts/2

            ) via my mailcow server and that works ok.

            While browsing through the postfix logs I noticed it bounces local messages received such as from cron daemon (it shows mail from user@vm.lan to user@vm.lan) with warning: Unable to look up MX host vm.lan for Recipient address user@vm.lan: Name or service not known

            I can also see the message being processed in rspamdui where it’s all green. However as for the actual message that just disappears. It’s not in the vm.lan mailbox, it’s not on mailcow mailbox, so where is the mail gone? More importantly how can I force these messages to go to outside mailbox?

            Any advice welcome, thanks!

            • Was only able to solve this with nullmailer for cron where you can utilize MAILTO= before the cron line to force the email.

              To make it work systemwide (i.e. for failed login attempts) had to go back to postfix, following the tutorial @ https://easyengine.io/tutorials/linux/ubuntu-postfix-gmail-smtp/ just exchanging the gmail parts with my mailcow address got me 90% of way there, adding root: myemail@mailcow.net and running sudo newaliases && sudo service postfix restart made it work.

              Disclaimer: I’ve no idea what I’m doing, and as long as the results are in the vicinity of what I wanted it’s “solved” for me

          • Hi, I use nginx-proxy-manager to manage my certificates. My mailcow runs on different vm. I can successfully import the certificate by using instructions for the post hook script

            , but I’m looking for advice on best way how to automate this now.

            I’m thinking sharing the cert directory over nfs to mailcow vm, and then use something like inotifywait to run the post hook script and restart the 3 containers if the files change.

            If you’re using the post hook script how do you manage the renews automatically?

            • majorgear likes this.
            • I forgot about this, but here is the solution I’m using:

              #!/bin/bash
              scp pi@192.168.1.101:/home/pi/docker/nginx-proxy-manager/letsencrypt/live/npm-29/fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
              scp pi@192.168.1.101:/home/pi/docker/nginx-proxy-manager/letsencrypt/live/npm-29/privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
              postfix_c=$(docker ps -qaf name=postfix-mailcow)
              dovecot_c=$(docker ps -qaf name=dovecot-mailcow)
              nginx_c=$(docker ps -qaf name=nginx-mailcow)
              docker restart ${postfix_c} ${dovecot_c} ${nginx_c}

              running via cron on the 1st day of every 2nd month
              0 1 * */2 * bash /opt/mailcow_cert_renew.sh >/dev/null 2>&1

          • Figured it out! Your post made me try nullmailer which is absolutely fantastic as the whole config is 1 line as opposed to postfix which I spent last 2 days reading about, which let me focus on the mailcow side of the thing.

            say your local vm is vm.lan and mailcow runs on mailcow.lan locally:

            in /etc/nullmailer/remotes on vm.lan:
            mailcow.lan smtp --port=587 --starttls --insecure --user=foo@example.com --pass=pass

            In Mailcow UI edit foo@example.com Mailbox and in field called External sender addresses:
            type @vm.lan and any other local hosts delimited by space

            Of note is you I use --insecure as my mailcow host uses self-signed cert behind reverse proxy. I also had to put lan into /etc/nullmailer/domain. YMMV

          • I was running to exact same issue, and to get mailcow to accept mails from local lan hosts i had to disable sender verification on the receiving mailbox which I presume presents a security vulnerability as it warns in red when I select that.

            Anyone has any insight how to make mailcow to accept mail from local lan hosts without compromising security?
            Thanks!

          • Hi,
            recently set up mailcow dockerized on (not my actual domain) mail.example.com, and added example.com as a domain in mailcow and created some mailboxes such as foo@example.com foo2@example.com etc.

            Using dmarcian.com to check, I get all green for domain example.com, but subdomain mail.example.com shows 2 green and missing DKIM record. Obviously can’t add the host as a domain in mailcow so how would I get a dkim key for it? Or is the warning for subdomain safe to ignore?

            Any insights welcome, thanks!