From f46b6503072150b153297f7734bfcbbe6bf1ff7c Mon Sep 17 00:00:00 2001 From: Tomasz Borychowski Date: Wed, 4 Nov 2020 22:45:50 +0000 Subject: [PATCH] email --- README.md | 46 ++++++- apps/email/carddav.md | 29 +++++ apps/email/enigma.md | 35 ++++++ apps/email/hosted-providers.md | 22 ++++ apps/email/mailcow.md | 213 +++++++++++++++++++++++++++++++++ apps/email/roundcube.md | 138 +++++++++++++++++++++ apps/email/smtp-relays.md | 8 ++ template.md | 21 ---- 8 files changed, 486 insertions(+), 26 deletions(-) create mode 100644 apps/email/carddav.md create mode 100644 apps/email/enigma.md create mode 100644 apps/email/hosted-providers.md create mode 100644 apps/email/mailcow.md create mode 100644 apps/email/roundcube.md create mode 100644 apps/email/smtp-relays.md delete mode 100644 template.md diff --git a/README.md b/README.md index 043f835..4c19c31 100644 --- a/README.md +++ b/README.md @@ -14,6 +14,12 @@ So, without further ado, here's the current list: - How to use docker-compose - Troubleshooting +# How to use this cookbook +- There are certain things that some recipes need which cannot be filled in due to security reasons. + - `example.com` needs to be replaced with your own domain + - `username`, `password`, etc. - should be replaced by your username & password + - keys (like `APP_KEY`, `SECRET` etc.) should be regenerated using e.g. `openssl rand -base64 32` +- Not all apps have been tested & described. These are marked as `[external]` (external links). # Ad Blockers & local DNS - [AdGuard Home](apps/ad-blockers/adguard.md) @@ -68,12 +74,42 @@ So, without further ado, here's the current list: - [Transmission](apps/downloads/transmission.md) # E-mail -- Clients (webmail) -- Servers -- Hosted e-mail providers -- SMTP Relays -- Anonymous emails +- CLIENTS (webmail) + - [Roundcube](apps/email/roundcube.md) + - [Rainloop](http://www.rainloop.net/) [external] + - [Rainloop in MailCow](https://github.com/mailcow/mailcow-dockerized/issues/613) [external] + - [Mailpile](https://www.mailpile.is/) [external] + - [WebMail Lite](https://afterlogic.com/docs/webmail-lite-8/installation) [external] + - [Cypht](https://cypht.org/) [external] + - [Cypht docker](https://hub.docker.com/r/sailfrog/cypht-docker) [external] +- SERVERS + - [Mailcow](apps/email/mailcow.md) + - [Mailu](https://github.com/Mailu/Mailu) [external] + - Can't send from roundcube as e.g. `username@gmail.com` + - [Mail-in-a-box](https://mailinabox.email/) [external] + - [Mailcare](https://gitlab.com/mailcare/mailcare) [external] + - open source disposable email address service. + - [Poste.io](https://poste.io/doc/getting-started) [external] + - doesn't allow fetching from other imap servers + - keeps pushing the pro version + - [Wildduck](https://wildduck.email/#/) [external] + - has app passwords + - doesn't seem to have contacts or other stuff (unless you'd use e.g. Roundcube) +- [Hosted e-mail providers](apps/email/hosted-providers.md) +- [SMTP Relays](apps/email/smtp-relays.md) +- Anonymous emails - not self-hosted but important for privacy + - [Reddit Thread](https://www.reddit.com/r/selfhosted/comments/isu8mw/selfhosted_throw_away_email_addresses_that_allow/) [external] + - [burnermail.io](https://burnermail.io/) [external] + - [anonaddy.com](https://anonaddy.com/#pricing) [external] + - [simplelogin.io](https://simplelogin.io/) [external] + - [simplelogin.io github repo](https://github.com/simple-login/app) [external] - Tools + - [verify domain for google](https://postmaster.google.com/managedomains) [external] + - [remove IP from spam house](https://www.spamhaus.org/lookup/) [external] + - [check dns & reverse dns](https://mxtoolbox.com/) [external] + - [reverse-dns-check](https://www.debouncer.com/reverse-dns-check) [external] + - [DNS Records checker](https://www.digwebinterface.com/) [external] + - [Domain security checker](https://www.hardenize.com/) [external] # Home Automation - [HomeAssistant](apps/home-automation/home-assistant.md) diff --git a/apps/email/carddav.md b/apps/email/carddav.md new file mode 100644 index 0000000..55166ed --- /dev/null +++ b/apps/email/carddav.md @@ -0,0 +1,29 @@ +# Carddav +- [plugins.roundcube.net](https://plugins.roundcube.net/#/packages/roundcube/carddav) +- [Github repo](https://github.com/blind-coder/rcmcarddav) + + +### How to make it work with Monica + +Password field in the rouncdube db is too short for the API token from Monica, so we need to make it accept longer passwords: + +1. First get password from `mailcow-dockerized/mailcow.conf`: + ```sh + cat mailcow-dockerized/mailcow.conf | grep DBPASS + ``` + +2. Then modify the db: + ```sh + docker-compose exec mysql-mailcow sh + mysql -u mailcow -p + use mailcow; + + # see all addressbooks: + select * from mailcow_rc1carddav_addressbooks; + + # see table properties + describe mailcow_rc1carddav_addressbooks; + + # change password field type from varchar to text + ALTER TABLE mailcow_rc1carddav_addressbooks MODIFY password text; + ``` diff --git a/apps/email/enigma.md b/apps/email/enigma.md new file mode 100644 index 0000000..3a22e82 --- /dev/null +++ b/apps/email/enigma.md @@ -0,0 +1,35 @@ +# Enigma + + +### Enable plugin in Roundcube +In `mailcow-dockerized/data/web/roundcube/config/config.inc.php` add it to the `plugins` array: +```php +$config['plugins'] = array( + 'enigma', +); +``` + +### Create folder for keys +```sh +cd mailcow-dockerized/data/web +mkdir enigma_keys +chmod 777 enigma_keys +chown 82:docker enigma_keys +``` + +### Plugin config +In `mailcow-dockerized/data/web/roundcube/plugins/enigma/config.inc.php`, set the path: + +```php + +``` diff --git a/apps/email/hosted-providers.md b/apps/email/hosted-providers.md new file mode 100644 index 0000000..e554ce2 --- /dev/null +++ b/apps/email/hosted-providers.md @@ -0,0 +1,22 @@ +# Hosted email providers + +## Migadu +- https://www.migadu.com/ +- No calendar, just email with a contactbook +- Custom webmail +- Swiss-based +- Micro tier: + - price: $19/year + - storage: 5GB + - emails/day: 200 in, 20 out + + +## Mailcheap +- https://www.mailcheap.co/email-shared.html +- Has calendar +- Sogo & Afterlogic +- USA based +- No "delete account" +- Cheapest option: + - price: $24/year + - storage: 10GB diff --git a/apps/email/mailcow.md b/apps/email/mailcow.md new file mode 100644 index 0000000..fb3fb4c --- /dev/null +++ b/apps/email/mailcow.md @@ -0,0 +1,213 @@ +# Mailcow + +Probably the best email server solution for self-hosting. +Features: +- allows fetching from other imap servers (like gmail) +- alias emails, alias domains, temporary aliases +- integrated SoGo out-of-the-box, and can be integrated with other webmails (Roundcube, Rainloop) +- With Roundcube plugin you can send emails through 3rd party imap + +
+ +- [Homepage](https://mailcow.email/) +- [Github repo](https://github.com/mailcow/mailcow-dockerized) +- [Docs](https://mailcow.github.io/mailcow-dockerized-docs/) + + +## Setup +```sh +git clone https://github.com/mailcow/mailcow-dockerized +cd mailcow-dockerized +./generate_config.sh +nano mailcow.conf +``` + +## mailcow.conf +```ini +# ------------------------------ +# mailcow web ui configuration +# ------------------------------ +# example.org is _not_ a valid hostname, use a fqdn here. +# Default admin user is "admin" +# Default password is "moohoo" +MAILCOW_HOSTNAME=mail.example.com + +# ------------------------------ +# SQL database configuration +# ------------------------------ +DBNAME=mailcow +DBUSER=mailcow + +# Please use long, random alphanumeric strings (A-Za-z0-9) +DBPASS= +DBROOT= + +# ------------------------------ +# HTTP/S Bindings +# ------------------------------ +# You should use HTTPS, but in case of SSL offloaded reverse proxies: +# Might be important: This will also change the binding within the container. +# If you use a proxy within Docker, point it to the ports you set below. + +HTTP_PORT=7080 +HTTP_BIND=0.0.0.0 +HTTPS_PORT=7443 +HTTPS_BIND=0.0.0.0 + +# ------------------------------ +# Other bindings +# ------------------------------ +# You should leave that alone +# Format: 11.22.33.44:25 or 0.0.0.0:465 etc. +# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT +SMTP_PORT=25 +SMTPS_PORT=465 +SUBMISSION_PORT=587 +IMAP_PORT=143 +IMAPS_PORT=993 +POP_PORT=110 +POPS_PORT=995 +SIEVE_PORT=4190 +DOVEADM_PORT=127.0.0.1:19991 +SQL_PORT=127.0.0.1:13306 +SOLR_PORT=127.0.0.1:18983 + +# Your timezone +TZ=Etc/UTC + +# Fixed project name +COMPOSE_PROJECT_NAME=mailcowdockerized + +# Set this to "allow" to enable the anyone pseudo user. Disabled by default. +# When enabled, ACL can be created, that apply to "All authenticated users" +# This should probably only be activated on mail hosts, that are used exclusivly by one organisation. +# Otherwise a user might share data with too many other users. +ACL_ANYONE=disallow + +# Garbage collector cleanup +# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring +# How long should objects remain in the garbage until they are being deleted? (value in minutes) +# Check interval is hourly +MAILDIR_GC_TIME=1440 + +# Additional SAN for the certificate +# +# You can use wildcard records to create specific names for every domain you add to mailcow. +# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like: +#ADDITIONAL_SAN=imap.*,smtp.* +# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "imap.example.net" +# plus every domain you add in the future. +# +# You can also just add static names... +#ADDITIONAL_SAN=srv1.example.net +# ...or combine wildcard and static names: +#ADDITIONAL_SAN=imap.*,srv1.example.com +ADDITIONAL_SAN= + +# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n +SKIP_LETS_ENCRYPT=y + +# Create seperate certificates for all domains - y/n +# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames +# see https://wiki.dovecot.org/SSL/SNIClientSupport +ENABLE_SSL_SNI=n + +# Skip IPv4 check in ACME container - y/n +SKIP_IP_CHECK=n + +# Skip HTTP verification in ACME container - y/n +SKIP_HTTP_VERIFICATION=n + +# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n +SKIP_CLAMD=n + +# Skip Solr on low-memory systems or if you do not want to store a readable index of your mails in solr-vol-1. +SKIP_SOLR=n + +# Solr heap size in MB, there is no recommendation, please see Solr docs. +# Solr is a prone to run OOM and should be monitored. Unmonitored Solr setups are not recommended. +SOLR_HEAP=1024 + +# Enable watchdog (watchdog-mailcow) to restart unhealthy containers (experimental) +USE_WATCHDOG=n + +# Allow admins to log into SOGo as email user (without any password) +ALLOW_ADMIN_EMAIL_LOGIN=n + +# Send notifications by mail (sent from watchdog@MAILCOW_HOSTNAME) +# CAUTION: +# 1. You should use external recipients +# 2. Mails are sent unsigned (no DKIM) +# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME) +# Multiple rcpts allowed, NO quotation marks, NO spaces + +#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com +WATCHDOG_NOTIFY_EMAIL= + +# Notify about banned IP (includes whois lookup) +WATCHDOG_NOTIFY_BAN=y + +# Checks if mailcow is an open relay. Requires a SAL. More checks will follow. +# https://www.servercow.de/mailcow?lang=en +# https://www.servercow.de/mailcow?lang=de +# No data is collected. Opt-in and anonymous. +# Will only work with unmodified mailcow setups. +WATCHDOG_EXTERNAL_CHECKS=n + +# Max log lines per service to keep in Redis logs +LOG_LINES=9999 + +# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24) +IPV4_NETWORK=172.16.1 + +# Internal IPv6 subnet in fc00::/7 +IPV6_NETWORK=fd4d:6169:6c63:6f77::/64 + +# Use this IPv4 for outgoing connections (SNAT) +#SNAT_TO_SOURCE= + +# Use this IPv6 for outgoing connections (SNAT) +#SNAT6_TO_SOURCE= + +# Create or override API key for web ui +# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs +# API_KEY allowed chars: a-z, A-Z, 0-9, - +#API_KEY= +#API_ALLOW_FROM=172.22.1.1,127.0.0.1 + +# mail_home is ~/Maildir +MAILDIR_SUB=Maildir + +# SOGo session timeout in minutes +SOGO_EXPIRE_SESSION=480 + +REDIS_PORT=127.0.0.1:7654 +# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n +SKIP_SOGO=n +# Create or override read-only API key for web UI +#API_KEY_READ_ONLY= +``` + +Login with `admin`:`moohoo` + + + +## Upgrading + +There's `update.sh` script in the cloned repo: +```sh +sudo ./update.sh + +# Check for updates +sudo ./update.sh --check + +# Do not start mailcow after applying an update +sudo ./update.sh --skip-start + +# Update with merge strategy "ours" instead of "theirs" +# This will merge in favor for your local changes. +sudo ./update.sh --ours + +# Don't update, but prefetch images and exit +sudo ./update.sh --prefetch +``` diff --git a/apps/email/roundcube.md b/apps/email/roundcube.md new file mode 100644 index 0000000..fdda279 --- /dev/null +++ b/apps/email/roundcube.md @@ -0,0 +1,138 @@ +# Roundcube + +It's the best looking, stable, reliable and configurable open source WebMail. +In my setup Roundcube is integrated with MailCow server. + +
+ +- [Homepage](https://roundcube.net/) +- [Roundcube in Mailcow](https://mailcow.github.io/mailcow-dockerized-docs/third_party-roundcube/) +- [Github repo](https://github.com/roundcube/roundcubemail) + +### Plugins +- [Carddav](carddav.md) +- [Enigma](enigma.md) +- [SMTP identity](https://plugins.roundcube.net/#/packages/elm/identity_smtp) [external] - Send emails from gmail account +- [HTML5 Notifier](https://plugins.roundcube.net/#/packages/kitist/html5_notifier) [external] +- [Easy unsubscribe](https://plugins.roundcube.net/#/packages/ss88/easy_unsubscribe) [external] - (composer require "ss88/easy_unsubscribe @dev") +- [Automatic addressbook](https://plugins.roundcube.net/#/packages/sblaisot/automatic_addressbook) [external] +- [Context menus](https://plugins.roundcube.net/#/packages/johndoh/contextmenu) [external] +- [Plugin installer](https://plugins.roundcube.net/#/packages/roundcube/plugin-installer) [external] +- [Folder size](https://plugins.roundcube.net/#/packages/jfcherng/show-folder-size) [external] +- [Filters](https://plugins.roundcube.net/#/packages/roundcube/filters) [external] + + +## mailcow-dockerized/data/web/roundcube/config/config.inc.php +```php + array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) +); +$config['enable_installer'] = true; +$config['smtp_conn_options'] = array( + 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) +); + +$config['managesieve_port'] = 4190; +$config['managesieve_host'] = 'tls://dovecot'; +$config['managesieve_conn_options'] = array( + 'ssl' => array('verify_peer' => false, 'verify_peer_name' => false, 'allow_self_signed' => true) +); +// Enables separate management interface for vacation responses (out-of-office) +// 0 - no separate section (default), +// 1 - add Vacation section, +// 2 - add Vacation section, but hide Filters section +$config['managesieve_vacation'] = 1; +$config['db_prefix'] = 'mailcow_rc1'; + +$config['address_book_type'] = ''; + +// Session lifetime in minutes, 10080min = 7 days +$config['session_lifetime'] = 10080; +``` + + +## Tips & Tricks + +### "Remember me" session +- [Issue reference](https://github.com/roundcube/roundcubemail/issues/5050#issuecomment-377663569) + +1. In `mailcow-dockerized/data/web/roundcube/program/lib/Roundcube/rcube.php` + replace: + ```php + ini_set('session.cookie_lifetime', 0); + ``` + with: + ```php + ini_set('session.cookie_lifetime', 2592000); // 1 month + ``` + + +2. In `mailcow-dockerized/data/web/roundcube/program/lib/Roundcube/rcube_session.php` + replace: + ```php + rcube_utils::setcookie($this->cookiename, $this->cookie, 0); + ``` + with: + ```php + $timestamp_in_one_month = time() + 60 * 60 * 24 * 30; + rcube_utils::setcookie($this->cookiename, $this->cookie, $timestamp_in_one_month); + ``` + +### Enable logging +In `mailcow-dockerized/data/web/roundcube/config/config.inc.php` add: +```php +$config['log_dir'] = '/web/roundcube/logs'; +``` + + +### Upgrade script +```sh +#!/bin/bash + +V=1.4.9 + +echo "Upgrading Roundcube to v.$V..." +wget "https://github.com/roundcube/roundcubemail/releases/download/$V/roundcubemail-$V.tar.gz" +tar -xvf "roundcubemail-$V.tar.gz" +rm "roundcubemail-$V.tar.gz" + +cd "roundcubemail-$V" +sudo ./bin/installto.sh /var/www/mailcow-dockerized/data/web/roundcube +cd .. +rm -rf "roundcubemail-$V" +echo "Done." +echo "Remember to update the session cookie expiry!" +``` diff --git a/apps/email/smtp-relays.md b/apps/email/smtp-relays.md new file mode 100644 index 0000000..578742a --- /dev/null +++ b/apps/email/smtp-relays.md @@ -0,0 +1,8 @@ +# SMTP Relays + +| Name | Comment | Price | +|----------------------------------------------|-----------------|------:| +| [SMTP2Go](https://www.smtp2go.com/pricing/) | Free: 1k/month | $0 | +| [Mailgun](https://www.mailgun.com/pricing/) | PAYG: 10k/month | $8 | +| [Sendgrid](https://sendgrid.com/pricing/) | Free 100/day | $0 | +| [MailJet](https://www.mailjet.com/pricing/) | Free 6k/month | $0 | diff --git a/template.md b/template.md deleted file mode 100644 index ae83e22..0000000 --- a/template.md +++ /dev/null @@ -1,21 +0,0 @@ -# - -- opinion - -
- -- [Homepage]() -- [Github repo]() -- [DockerHub repo]() -- [Docs]() - -![Screenshot]() - - -## docker-compose.yml -```yml - -``` - - -## Tips & Tricks