email

README.md

@@ -14,6 +14,12 @@ So, without further ado, here's the current list:
 - How to use docker-compose
 - Troubleshooting
 
+# How to use this cookbook
+- There are certain things that some recipes need which cannot be filled in due to security reasons.
+  - `example.com` needs to be replaced with your own domain
+  - `username`, `password`, etc. - should be replaced by your username & password
+  - keys (like `APP_KEY`, `SECRET` etc.) should be regenerated using e.g. `openssl rand -base64 32`
+- Not all apps have been tested & described. These are marked as `[external]` (external links).
 
 # Ad Blockers & local DNS
 - [AdGuard Home](apps/ad-blockers/adguard.md)
@@ -68,12 +74,42 @@ So, without further ado, here's the current list:
 - [Transmission](apps/downloads/transmission.md)
 
 # E-mail
-- Clients (webmail)
-- Servers
-- Hosted e-mail providers
-- SMTP Relays
-- Anonymous emails
+- CLIENTS (webmail)
+  - [Roundcube](apps/email/roundcube.md)
+  - [Rainloop](http://www.rainloop.net/) [external]
+  - [Rainloop in MailCow](https://github.com/mailcow/mailcow-dockerized/issues/613) [external]
+  - [Mailpile](https://www.mailpile.is/) [external]
+  - [WebMail Lite](https://afterlogic.com/docs/webmail-lite-8/installation) [external]
+  - [Cypht](https://cypht.org/) [external]
+  - [Cypht docker](https://hub.docker.com/r/sailfrog/cypht-docker) [external]
+- SERVERS
+  - [Mailcow](apps/email/mailcow.md)
+  - [Mailu](https://github.com/Mailu/Mailu) [external]
+    - Can't send from roundcube as e.g. `username@gmail.com`
+  - [Mail-in-a-box](https://mailinabox.email/) [external]
+  - [Mailcare](https://gitlab.com/mailcare/mailcare) [external]
+    - open source disposable email address service.
+  - [Poste.io](https://poste.io/doc/getting-started) [external]
+    - doesn't allow fetching from other imap servers
+    - keeps pushing the pro version
+  - [Wildduck](https://wildduck.email/#/) [external]
+    - has app passwords
+    - doesn't seem to have contacts or other stuff (unless you'd use e.g. Roundcube)
+- [Hosted e-mail providers](apps/email/hosted-providers.md)
+- [SMTP Relays](apps/email/smtp-relays.md)
+- Anonymous emails - not self-hosted but important for privacy
+  - [Reddit Thread](https://www.reddit.com/r/selfhosted/comments/isu8mw/selfhosted_throw_away_email_addresses_that_allow/) [external]
+  - [burnermail.io](https://burnermail.io/) [external]
+  - [anonaddy.com](https://anonaddy.com/#pricing) [external]
+  - [simplelogin.io](https://simplelogin.io/) [external]
+  - [simplelogin.io github repo](https://github.com/simple-login/app) [external]
 - Tools
+  - [verify domain for google](https://postmaster.google.com/managedomains) [external]
+  - [remove IP from spam house](https://www.spamhaus.org/lookup/) [external]
+  - [check dns & reverse dns](https://mxtoolbox.com/) [external]
+  - [reverse-dns-check](https://www.debouncer.com/reverse-dns-check) [external]
+  - [DNS Records checker](https://www.digwebinterface.com/) [external]
+  - [Domain security checker](https://www.hardenize.com/) [external]
 
 # Home Automation
 - [HomeAssistant](apps/home-automation/home-assistant.md)

apps/email/carddav.md

@@ -0,0 +1,29 @@
+# Carddav
+- [plugins.roundcube.net](https://plugins.roundcube.net/#/packages/roundcube/carddav)
+- [Github repo](https://github.com/blind-coder/rcmcarddav)
+
+
+### How to make it work with Monica
+
+Password field in the rouncdube db is too short for the API token from Monica, so we need to make it accept longer passwords:
+
+1. First get password from `mailcow-dockerized/mailcow.conf`:
+    ```sh
+    cat mailcow-dockerized/mailcow.conf | grep DBPASS
+    ```
+
+2. Then modify the db:
+    ```sh
+    docker-compose exec mysql-mailcow sh
+    mysql -u mailcow -p <DBPASS>
+    use mailcow;
+
+    # see all addressbooks:
+    select * from mailcow_rc1carddav_addressbooks;
+
+    # see table properties
+    describe mailcow_rc1carddav_addressbooks;
+
+    # change password field type from varchar to text
+    ALTER TABLE mailcow_rc1carddav_addressbooks MODIFY password text;
+    ```

apps/email/enigma.md

@@ -0,0 +1,35 @@
+#  Enigma
+
+
+### Enable plugin in Roundcube
+In `mailcow-dockerized/data/web/roundcube/config/config.inc.php` add it to the `plugins` array:
+```php
+$config['plugins'] = array(
+        'enigma',
+);
+```
+
+### Create folder for keys
+```sh
+cd mailcow-dockerized/data/web
+mkdir enigma_keys
+chmod 777 enigma_keys
+chown 82:docker enigma_keys
+```
+
+### Plugin config
+In `mailcow-dockerized/data/web/roundcube/plugins/enigma/config.inc.php`, set the path:
+
+```php
+<?php
+// REQUIRED! Keys directory for all users.
+// Must be writeable by PHP process, and not in the web server document root
+$config['enigma_pgp_homedir'] = '/web/enigma_keys/';
+```
+
+### Enable pgp execution
+In `mailcow-dockerized/data/conf/phpfpm/php-fpm.d/pools.conf`, remove `proc_open` from this list:
+```ini
+[web-worker]
+php_admin_value[disable_functions] = <remove proc_open from the list>
+```

apps/email/hosted-providers.md

@@ -0,0 +1,22 @@
+# Hosted email providers
+
+## Migadu
+- https://www.migadu.com/
+- No calendar, just email with a contactbook
+- Custom webmail
+- Swiss-based
+- Micro tier:
+  - price: $19/year
+  - storage: 5GB
+  - emails/day: 200 in, 20 out
+
+
+## Mailcheap
+- https://www.mailcheap.co/email-shared.html
+- Has calendar
+- Sogo & Afterlogic
+- USA based
+- No "delete account"
+- Cheapest option:
+  - price: $24/year
+  - storage: 10GB

apps/email/mailcow.md

@@ -0,0 +1,213 @@
+# Mailcow
+
+Probably the best email server solution for self-hosting.
+Features:
+- allows fetching from other imap servers (like gmail)
+- alias emails, alias domains, temporary aliases
+- integrated SoGo out-of-the-box, and can be integrated with other webmails (Roundcube, Rainloop)
+- With Roundcube plugin you can send emails through 3rd party imap
+
+<br>
+
+- [Homepage](https://mailcow.email/)
+- [Github repo](https://github.com/mailcow/mailcow-dockerized)
+- [Docs](https://mailcow.github.io/mailcow-dockerized-docs/)
+
+
+## Setup
+```sh
+git clone https://github.com/mailcow/mailcow-dockerized
+cd mailcow-dockerized
+./generate_config.sh
+nano mailcow.conf
+```
+
+## mailcow.conf
+```ini
+# ------------------------------
+# mailcow web ui configuration
+# ------------------------------
+# example.org is _not_ a valid hostname, use a fqdn here.
+# Default admin user is "admin"
+# Default password is "moohoo"
+MAILCOW_HOSTNAME=mail.example.com
+
+# ------------------------------
+# SQL database configuration
+# ------------------------------
+DBNAME=mailcow
+DBUSER=mailcow
+
+# Please use long, random alphanumeric strings (A-Za-z0-9)
+DBPASS=<PASSWORD>
+DBROOT=<PASSWORD>
+
+# ------------------------------
+# HTTP/S Bindings
+# ------------------------------
+# You should use HTTPS, but in case of SSL offloaded reverse proxies:
+# Might be important: This will also change the binding within the container.
+# If you use a proxy within Docker, point it to the ports you set below.
+
+HTTP_PORT=7080
+HTTP_BIND=0.0.0.0
+HTTPS_PORT=7443
+HTTPS_BIND=0.0.0.0
+
+# ------------------------------
+# Other bindings
+# ------------------------------
+# You should leave that alone
+# Format: 11.22.33.44:25 or 0.0.0.0:465 etc.
+# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
+SMTP_PORT=25
+SMTPS_PORT=465
+SUBMISSION_PORT=587
+IMAP_PORT=143
+IMAPS_PORT=993
+POP_PORT=110
+POPS_PORT=995
+SIEVE_PORT=4190
+DOVEADM_PORT=127.0.0.1:19991
+SQL_PORT=127.0.0.1:13306
+SOLR_PORT=127.0.0.1:18983
+
+# Your timezone
+TZ=Etc/UTC
+
+# Fixed project name
+COMPOSE_PROJECT_NAME=mailcowdockerized
+
+# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
+# When enabled, ACL can be created, that apply to "All authenticated users"
+# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.
+# Otherwise a user might share data with too many other users.
+ACL_ANYONE=disallow
+
+# Garbage collector cleanup
+# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
+# How long should objects remain in the garbage until they are being deleted? (value in minutes)
+# Check interval is hourly
+MAILDIR_GC_TIME=1440
+
+# Additional SAN for the certificate
+#
+# You can use wildcard records to create specific names for every domain you add to mailcow.
+# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
+#ADDITIONAL_SAN=imap.*,smtp.*
+# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "imap.example.net"
+# plus every domain you add in the future.
+#
+# You can also just add static names...
+#ADDITIONAL_SAN=srv1.example.net
+# ...or combine wildcard and static names:
+#ADDITIONAL_SAN=imap.*,srv1.example.com
+ADDITIONAL_SAN=
+
+# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
+SKIP_LETS_ENCRYPT=y
+
+# Create seperate certificates for all domains - y/n
+# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
+# see https://wiki.dovecot.org/SSL/SNIClientSupport
+ENABLE_SSL_SNI=n
+
+# Skip IPv4 check in ACME container - y/n
+SKIP_IP_CHECK=n
+
+# Skip HTTP verification in ACME container - y/n
+SKIP_HTTP_VERIFICATION=n
+
+# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
+SKIP_CLAMD=n
+
+# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1.
+SKIP_SOLR=n
+
+# Solr heap size in MB, there is no recommendation, please see Solr docs.
+# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended.
+SOLR_HEAP=1024
+
+# Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental)
+USE_WATCHDOG=n
+
+# Allow admins to log into SOGo as email user (without any password)
+ALLOW_ADMIN_EMAIL_LOGIN=n
+
+# Send notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
+# CAUTION:
+# 1. You should use external recipients
+# 2. Mails are sent unsigned (no DKIM)
+# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
+# Multiple rcpts allowed, NO quotation marks, NO spaces
+
+#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
+WATCHDOG_NOTIFY_EMAIL=
+
+# Notify about banned IP (includes whois lookup)
+WATCHDOG_NOTIFY_BAN=y
+
+# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
+# https://www.servercow.de/mailcow?lang=en
+# https://www.servercow.de/mailcow?lang=de
+# No data is collected. Opt-in and anonymous.
+# Will only work with unmodified mailcow setups.
+WATCHDOG_EXTERNAL_CHECKS=n
+
+# Max log lines per service to keep in Redis logs
+LOG_LINES=9999
+
+# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
+IPV4_NETWORK=172.16.1
+
+# Internal IPv6 subnet in fc00::/7
+IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
+
+# Use this IPv4 for outgoing connections (SNAT)
+#SNAT_TO_SOURCE=
+
+# Use this IPv6 for outgoing connections (SNAT)
+#SNAT6_TO_SOURCE=
+
+# Create or override API key for web ui
+# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
+# API_KEY allowed chars: a-z, A-Z, 0-9, -
+#API_KEY=
+#API_ALLOW_FROM=172.22.1.1,127.0.0.1
+
+# mail_home is ~/Maildir
+MAILDIR_SUB=Maildir
+
+# SOGo session timeout in minutes
+SOGO_EXPIRE_SESSION=480
+
+REDIS_PORT=127.0.0.1:7654
+# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
+SKIP_SOGO=n
+# Create or override read-only API key for web UI
+#API_KEY_READ_ONLY=
+```
+
+Login with `admin`:`moohoo`
+
+
+
+## Upgrading
+
+There's `update.sh` script in the cloned repo:
+```sh
+sudo ./update.sh
+
+# Check for updates
+sudo ./update.sh --check
+
+# Do not start mailcow after applying an update
+sudo ./update.sh --skip-start
+
+# Update with merge strategy "ours" instead of "theirs"
+# This will merge in favor for your local changes.
+sudo ./update.sh --ours
+
+# Don't update, but prefetch images and exit
+sudo ./update.sh --prefetch
+```

apps/email/roundcube.md

@@ -0,0 +1,138 @@
+# Roundcube
+
+It's the best looking, stable, reliable and configurable open source WebMail.
+In my setup Roundcube is integrated with MailCow server.
+
+<br>
+
+- [Homepage](https://roundcube.net/)
+- [Roundcube in Mailcow](https://mailcow.github.io/mailcow-dockerized-docs/third_party-roundcube/)
+- [Github repo](https://github.com/roundcube/roundcubemail)
+
+### Plugins
+- [Carddav](carddav.md)
+- [Enigma](enigma.md)
+- [SMTP identity](https://plugins.roundcube.net/#/packages/elm/identity_smtp) [external] - Send emails from gmail account
+- [HTML5 Notifier](https://plugins.roundcube.net/#/packages/kitist/html5_notifier) [external]
+- [Easy unsubscribe](https://plugins.roundcube.net/#/packages/ss88/easy_unsubscribe) [external] - (composer require "ss88/easy_unsubscribe @dev")
+- [Automatic addressbook](https://plugins.roundcube.net/#/packages/sblaisot/automatic_addressbook) [external]
+- [Context menus](https://plugins.roundcube.net/#/packages/johndoh/contextmenu) [external]
+- [Plugin installer](https://plugins.roundcube.net/#/packages/roundcube/plugin-installer) [external]
+- [Folder size](https://plugins.roundcube.net/#/packages/jfcherng/show-folder-size) [external]
+- [Filters](https://plugins.roundcube.net/#/packages/roundcube/filters) [external]
+
+
+## mailcow-dockerized/data/web/roundcube/config/config.inc.php
+```php
+<?php
+error_reporting(0);
+if (!file_exists('/tmp/mime.types')) {
+    file_put_contents("/tmp/mime.types", fopen("http://svn.apache.org/repos/asf/httpd/httpd/trunk/docs/conf/mime.types", 'r'));
+}
+
+$config = array();
+$config['db_dsnw'] = 'mysql://' . getenv('DBUSER') . ':' . getenv('DBPASS') . '@mysql/' . getenv('DBNAME');
+$config['default_host'] = 'tls://dovecot';
+$config['default_port'] = '143';
+$config['smtp_server'] = 'tls://postfix';
+$config['smtp_port'] = 587;
+$config['smtp_user'] = '%u';
+$config['smtp_pass'] = '%p';
+$config['support_url'] = '';
+$config['product_name'] = 'Roundcube Webmail';
+$config['des_key'] = 'yourrandomstring_changeme';
+$config['log_dir'] = '/dev/null';
+$config['temp_dir'] = '/tmp';
+$config['plugins'] = array(
+	'archive',
+	'enigma',
+	'zipdownload',
+	'password',
+	'carddav',
+	'html5_notifier',
+	'identity_smtp',
+	'managesieve',
+	'markasjunk'
+);
+$config['skin'] = 'elastic';
+
+$config['mime_types'] = '/tmp/mime.types';
+$config['imap_conn_options'] = array(
+  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
+);
+$config['enable_installer'] = true;
+$config['smtp_conn_options'] = array(
+  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
+);
+
+$config['managesieve_port'] = 4190;
+$config['managesieve_host'] = 'tls://dovecot';
+$config['managesieve_conn_options'] = array(
+  'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true)
+);
+// Enables separate management interface for vacation responses (out-of-office)
+// 0 - no separate section (default),
+// 1 - add Vacation section,
+// 2 - add Vacation section, but hide Filters section
+$config['managesieve_vacation'] = 1;
+$config['db_prefix'] = 'mailcow_rc1';
+
+$config['address_book_type'] = '';
+
+// Session lifetime in minutes, 10080min = 7 days
+$config['session_lifetime'] = 10080;
+```
+
+
+## Tips & Tricks
+
+### "Remember me" session
+- [Issue reference](https://github.com/roundcube/roundcubemail/issues/5050#issuecomment-377663569)
+
+1. In `mailcow-dockerized/data/web/roundcube/program/lib/Roundcube/rcube.php`
+    replace:
+    ```php
+    ini_set('session.cookie_lifetime', 0);
+    ```
+    with:
+	```php
+    ini_set('session.cookie_lifetime', 2592000); // 1 month
+	```
+
+
+2. In `mailcow-dockerized/data/web/roundcube/program/lib/Roundcube/rcube_session.php`
+    replace:
+	```php
+	rcube_utils::setcookie($this->cookiename, $this->cookie, 0);
+	```
+    with:
+	```php
+	$timestamp_in_one_month = time() + 60 * 60 * 24 * 30;
+    rcube_utils::setcookie($this->cookiename, $this->cookie, $timestamp_in_one_month);
+	```
+
+### Enable logging
+In `mailcow-dockerized/data/web/roundcube/config/config.inc.php` add:
+```php
+$config['log_dir'] = '/web/roundcube/logs';
+```
+
+
+### Upgrade script
+```sh
+#!/bin/bash
+
+V=1.4.9
+
+echo "Upgrading Roundcube to v.$V..."
+wget "https://github.com/roundcube/roundcubemail/releases/download/$V/roundcubemail-$V.tar.gz"
+tar -xvf "roundcubemail-$V.tar.gz"
+rm "roundcubemail-$V.tar.gz"
+
+cd "roundcubemail-$V"
+sudo ./bin/installto.sh /var/www/mailcow-dockerized/data/web/roundcube
+cd ..
+rm -rf "roundcubemail-$V"
+echo "Done."
+echo "Remember to update the session cookie expiry!"
+```

apps/email/smtp-relays.md

@@ -0,0 +1,8 @@
+# SMTP Relays
+
+| Name                                         | Comment         | Price |
+|----------------------------------------------|-----------------|------:|
+| [SMTP2Go](https://www.smtp2go.com/pricing/)  | Free: 1k/month  |    $0 |
+| [Mailgun](https://www.mailgun.com/pricing/)  | PAYG: 10k/month |    $8 |
+| [Sendgrid](https://sendgrid.com/pricing/)    | Free 100/day    |    $0 |
+| [MailJet](https://www.mailjet.com/pricing/)  | Free 6k/month   |    $0 |

template.md

@@ -1,21 +0,0 @@
-#
-
-- opinion
-
-<br>
-
-- [Homepage]()
-- [Github repo]()
-- [DockerHub repo]()
-- [Docs]()
-
-![Screenshot]()
-
-
-## docker-compose.yml
-```yml
-
-```
-
-
-## Tips & Tricks