Z
zoomba

  • Jun 16, 2024
  • Joined Apr 26, 2021
  • 5 discussions
  • 13 posts
  • 3 best answers
  • Post posted... wait what? You got the answer!
  • heavygale Any ideas where that hostname variable is being read from? Could I set it somewhere in the config, and then create a script that would update the quarantine.tpl after every update?

    heavygale Any ideas where that hostname variable is being read from? Could I set it somewhere in the config, and then create a script that would update the quarantine.tpl after every update?

    I’ll just do this after every update: sed -i "s|https://{{ hostname }}|https://mailcow.dmz.arpa|" data/assets/templates/quarantine.tpl

    I suppose all I need to do then is recreate the dovecot, php-fpm and nginx containers.

  • heavygale Grave digging here, but is there a way to change the domain that is in the Quarantine mails?

    I do not expose the UI externally as I want to use a separate domain for it, and well, the main domain points directly to the mailcow instance IP, while the secondary domain I want to use (and the one I want in the emails) points to a reverse proxy IP in front of mailcow.

    Would be ideal if I could set that second domain in ADDITIONAL_SAN, but I just need a way of changing what gets sent out in the quarantine emails.

  • This seems to already be enabled, my bad 😅

  • Hi,

    Does anyone know how to enable unauthenticated mail from local IP addresses? I feel it is too complicated to create an account for every service that might use mail on the local network… eg. nextcloud@domain.tld, bitwarden@domain.tld etc…

    • This seems to already be enabled, my bad 😅

  • If your mail server is resolvable by your dns, which it probably will be, this will only send the mail internally, but my reasoning is that if I can receive mail internally, I should be able to receive it from external sources, unless my internet is down, which I’m pretty sure I’d notice.

  • This is the solution i made:

    mail-test.sh resides in the dovecot container via a bind mount, and awaits to be called by mail-deliverability.sh

    Add the following line to your docker-compose.yml :

    ...snip...
    volumes:
       - ./helper-scripts/mail-test.sh:/root/mail-test.sh:ro
    ...snip...

    Add the following line to your crontab file (Runs every 3 hours):
    0 */3 * * * <MAILCOW DIR>/helper-scripts/mail-deliverability.sh

    Save the scripts to your helper-scripts dir in the mailcow folder.

    mail-deliverability.sh >

    #!/usr/bin/env bash
    
    mailcow_dir="<MAILCOW DIR>/helper-scripts"
    verify_uuid="/tmp/verify_uuid"
    mail_format="+%y/%m/%d_%H:%M:%S::"
    dovecot_c="<DOVECOT CONTAINER NAME>" # eg. mailcow_dovecot
    domain="<YOUR DOMAIN>"
    password="<TEST USER PASSWORD>"
    
    echo "[*] Generating verification uuid in $verify_uuid..."
    if cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20 > $verify_uuid; then
    
        uuid=$(cat $verify_uuid)
        echo "[+] Verify uuid [1/2] - $uuid"
        if docker cp $verify_uuid $dovecot_c:/root/; then
    
            echo "[*] Sending test mail..."
            if curl -s --ssl-reqd --mail-from "test@$domain" \
                --mail-rcpt "test@$domain" -T - \
                --url "smtps://mail.$domain:465" \
                --user "test@$domain:$password" \
                <<< "$(date $mail_format) :: $uuid"; then
    
                echo "[*] Sleeping 15 seconds..."
                sleep 15
    
                echo "[*] Checking if mail has been delivered..."
                echo
                if ! docker exec $dovecot_c /root/mail-test.sh; then
                    echo "[-] Unable to check if mail was delivered!"
                fi
            else
                echo "[-] Test mail was not sent!"
                exit 1
            fi
    
            rm $verify_uuid
        else
            echo "[-] Unable to copy verification uuid to $dovecot_c!"
            exit 1
        fi
    
    else
        echo "[-] Couldn't generate verification string at $verify_uuid!"
        exit 1
    fi

    mail-test.sh >

    #!/usr/bin/env bash
    
    domain=<YOUR DOMAIN>
    maildir="/var/vmail/$domain/test/Maildir/new"
    latestMail=$(ls -Art $maildir | tail -n 1)
    testfile="/root/test"
    verify_uuid="/root/verify_uuid"
    delete_older_than="8w"
    
    if [ -s "$maildir"/"$latestMail" ]; then
        cp "$maildir"/"$latestMail" $testfile
    
        if [[ $(head -c7 "$testfile") == "CRYPTED" ]]; then
            echo "[+] Expunging mail older than $delete_older_than..."
            echo
            if ! doveadm expunge -u test@$domain mailbox '*' before $delete_older_than; then
                echo "[-] Unable to expunge old mail!"
            fi
    
            echo "[+] Found latest message, decrypting..."
            echo
            if doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ "$testfile" > "$testfile".dec; then
                echo "========== BEGIN MESSAGE =========="
                cat "$testfile.dec"
                echo "========== END MESSAGE =========="
                echo
            else
                echo "[-] Unable to decrypt latest message!"
                exit 1
            fi
        fi
    
        uuid=$(cat $verify_uuid)
        echo "[+] Verify uuid [2/2] - $uuid"
        echo
        if grep -q "$uuid" "$testfile".dec; then
            echo "[+] E-mail is up and running."
            ret=0
        else
            echo "[-] Message uuid verification failed!"
            ret=1
        fi
    
        rm "$verify_uuid"
        rm "$testfile"
        rm "$testfile".dec
        exit $ret
    
    else
        echo "[-] Latest mail not found!"
        exit 1
    fi
  • Hello,

    I’m trying to make an email availability script which made me wonder is CLI reading/sending available without extensive modification of the containers?

    Open to any CLI mail recommendations, even accessing the mailcow container stack from the docker host.

    • This is the solution i made:

      mail-test.sh resides in the dovecot container via a bind mount, and awaits to be called by mail-deliverability.sh

      Add the following line to your docker-compose.yml :

      ...snip...
      volumes:
         - ./helper-scripts/mail-test.sh:/root/mail-test.sh:ro
      ...snip...

      Add the following line to your crontab file (Runs every 3 hours):
      0 */3 * * * <MAILCOW DIR>/helper-scripts/mail-deliverability.sh

      Save the scripts to your helper-scripts dir in the mailcow folder.

      mail-deliverability.sh >

      #!/usr/bin/env bash
      
      mailcow_dir="<MAILCOW DIR>/helper-scripts"
      verify_uuid="/tmp/verify_uuid"
      mail_format="+%y/%m/%d_%H:%M:%S::"
      dovecot_c="<DOVECOT CONTAINER NAME>" # eg. mailcow_dovecot
      domain="<YOUR DOMAIN>"
      password="<TEST USER PASSWORD>"
      
      echo "[*] Generating verification uuid in $verify_uuid..."
      if cat /proc/sys/kernel/random/uuid | sed 's/[-]//g' | head -c 20 > $verify_uuid; then
      
          uuid=$(cat $verify_uuid)
          echo "[+] Verify uuid [1/2] - $uuid"
          if docker cp $verify_uuid $dovecot_c:/root/; then
      
              echo "[*] Sending test mail..."
              if curl -s --ssl-reqd --mail-from "test@$domain" \
                  --mail-rcpt "test@$domain" -T - \
                  --url "smtps://mail.$domain:465" \
                  --user "test@$domain:$password" \
                  <<< "$(date $mail_format) :: $uuid"; then
      
                  echo "[*] Sleeping 15 seconds..."
                  sleep 15
      
                  echo "[*] Checking if mail has been delivered..."
                  echo
                  if ! docker exec $dovecot_c /root/mail-test.sh; then
                      echo "[-] Unable to check if mail was delivered!"
                  fi
              else
                  echo "[-] Test mail was not sent!"
                  exit 1
              fi
      
              rm $verify_uuid
          else
              echo "[-] Unable to copy verification uuid to $dovecot_c!"
              exit 1
          fi
      
      else
          echo "[-] Couldn't generate verification string at $verify_uuid!"
          exit 1
      fi

      mail-test.sh >

      #!/usr/bin/env bash
      
      domain=<YOUR DOMAIN>
      maildir="/var/vmail/$domain/test/Maildir/new"
      latestMail=$(ls -Art $maildir | tail -n 1)
      testfile="/root/test"
      verify_uuid="/root/verify_uuid"
      delete_older_than="8w"
      
      if [ -s "$maildir"/"$latestMail" ]; then
          cp "$maildir"/"$latestMail" $testfile
      
          if [[ $(head -c7 "$testfile") == "CRYPTED" ]]; then
              echo "[+] Expunging mail older than $delete_older_than..."
              echo
              if ! doveadm expunge -u test@$domain mailbox '*' before $delete_older_than; then
                  echo "[-] Unable to expunge old mail!"
              fi
      
              echo "[+] Found latest message, decrypting..."
              echo
              if doveadm fs get compress lz4:1:crypt:private_key_path=/mail_crypt/ecprivkey.pem:public_key_path=/mail_crypt/ecpubkey.pem:posix:prefix=/ "$testfile" > "$testfile".dec; then
                  echo "========== BEGIN MESSAGE =========="
                  cat "$testfile.dec"
                  echo "========== END MESSAGE =========="
                  echo
              else
                  echo "[-] Unable to decrypt latest message!"
                  exit 1
              fi
          fi
      
          uuid=$(cat $verify_uuid)
          echo "[+] Verify uuid [2/2] - $uuid"
          echo
          if grep -q "$uuid" "$testfile".dec; then
              echo "[+] E-mail is up and running."
              ret=0
          else
              echo "[-] Message uuid verification failed!"
              ret=1
          fi
      
          rm "$verify_uuid"
          rm "$testfile"
          rm "$testfile".dec
          exit $ret
      
      else
          echo "[-] Latest mail not found!"
          exit 1
      fi
  • Hi,

    So I’ve got the mailcow server up and was wondering, does my certificate need to have domain.tld in it’s dns entries? Meaning will the mailserver suffice with a mail.domain.tld cert if I don’t use webmail, or do I need to keep both entries in the certificate?

    • mail. is enough. Also you may add autodiscover and autoconfig to the cert

  • Hi,

    I’m setting up health checks for all my containers, and I figured it would be a good idea to have a mail deliverability checks. An idea was to have a script send an email from the cli, over the internet, and wait for it to be delivered, confirming that email is working.

    Do we have any made solutions for this? I tried the mail command from the docker container but it’s not installed. Just wanted to check with the community before I start blasting my container with additional software.

  • Heyo,

    I’m self hosting mailcow-dockerized on a home server.

    I just realized that my cert expired today because there was no way for it to renew itself, since I’m running inside docker and the only ports that are open on my router are the mail ports, meaning there was no way for LE to work.

    I’m guessing I should open port 80 on my router and forward it to the home server, but that doesn’t fully bridge the gap into the docker network.

    Perhaps I could add a proxy host inside Nginx Proxy Manager, but I don’t know what port to point it to, does the acme container automatically bind to port 80 when requesting a cert or do I need to connect it to the “outside world” manually?

    What else am I missing here?

    Should I be looking into manually renewing outside docker and copying the certs into /opt/mailcow-dockerized/data/assets/ssl? Seems like an easier option as far as my knowledge level goes.

    Here are the acme container logs: Pastebin Icon Mon Apr 26 20:58:48 CEST 2021 - Waiting for Docker API...Mon Apr 26 - Pastebin.com