EGroupwareMail - EGroupware/egroupware GitHub Wiki
EGroupware Mail - containerized mail-server for EGroupware
EGroupware was traditionally just a mail clients, with the ability to manage a mail server, if you integrated it manually.
EGroupware Mail is a containerized mail server using up-to-date Dovecot and Postfix, both managed by EGroupware:
- simple installation through
egroupware-mailLinux package (currently only Debian/Ubuntu) - automatic creation of mailboxes for new users
- manage aliases and forwards for existing users
- set primary mail domain and alias domains
- integration happens through the MariaDB/MySQL database
- automatic integration with EGroupware push server
- automatic configuration as EGroupware Mail account for all users (existing users need to be manually activated!)
Installation requirements:
egroupware-docker(>= 20.1) Linux package installed on same machine- MariaDB / MySQL either running on host or MariaDB in a container (20.1+)
- Accounts stored in MariaDB/MySQL database and authentication against these accounts or
- Active Directory or LDAP for authentication or account-storage can be used
Installation instructions
If you run MariaDB/MySQL on the host (installation updated from before 20.1) you need to make sure root can access the DB without entering a password, eg. by creating the following /root/.my.cnf file:
[client]
user = root
password = your-secret-password
- run:
apt update && apt install egroupware-mail
Further configuration steps:
1. activate mailbox of existing users: Admin > Accounts > right click on user > Mail account > Aliases+Forwards tab
- add email address with a domain matching the one from IMAP tab
- check
email account activebehind email address - optionally add further aliases or a forward
- save the account
if you only want to test mail with EGroupware by sending internal mails you don't need to do the following ones just now
2. if the server not already has an external IP address, create the following port-forwards on your router
- SMTP 25 (incl. StartTLS) for incoming mails / MX
- IMAP(S) 143 and 993 for IMAP clients (eg. Thunderbird)
- SUBMISSION 587 for clients (eg. Thunderbird) to send mails
- SMTPS 465 for submission with implicit TLS for clients to send mails
- Sieve 4059 (optional, you can always use EGroupware to set vacation notices or filter rules)
- POP(S) 110 and 995 (optional, better use IMAP anyway)
3. change the automatic created dummy mail-domain "egroupware.local" to your real domain:
- change MX record of that domain to point to your servers external IP address or the one of your router
- edit domain under
EGroupware Mailaccount: Admin > Accounts > right click a user > Mail account > IMAP tab - further domains can be added by using them in an alias, after there is at least one alias with the domain, it can be used for primary Email addresses in accounts too
4. add an officially recognized certificate eg. the Lets Encrypt one used by your web-server
- uncomment and modify the following lines in /etc/egroupware-mail/docker-compose.override.yml
- restart the containers:
cd /etc/egroupware-mail; docker-compose up -d
services:
mail:
# to use a recognized (not self-signed) certificate, add it here (certificate.pem is the certificate plus the chain!)
# eg. to use the one created by LetsEncrypt's Certbot for the webserver use the following (replace your domain!)
hostname: <fully-qualified-hostname-as-used-in-certificate>
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- /etc/letsencrypt/live/egw.example.org/privkey.pem:/etc/dovecot/certificate.key
- /etc/letsencrypt/live/egw.example.org/fullchain.pem:/etc/dovecot/certificate.pem
smtp:
# to use a recognized (not self-signed) certificate, add it here (certificate.pem is the certificate plus the chain!)
# eg. to use the one created by LetsEncrypt's Certbot for the webserver use the following (replace your domain!)
hostname: <fully-qualified-hostname-as-used-in-certificate>
# Delivery to Dovecot will NOT work, if above name starts with mail e.g. "mail.example.org"!
# You need to uncomment the following entrypoint line, to fix this:
#entrypoint: ["sh", "-c", "sed 's/ mail$$//g' /etc/hosts > /tmp/hosts; cat /tmp/hosts > /etc/hosts; exec /usr/sbin/postfix -c /etc/postfix start-fg"]
volumes:
- /etc/letsencrypt:/etc/letsencrypt
- /etc/letsencrypt/live/egw.example.org/privkey.pem:/etc/postfix/certificate.key
- /etc/letsencrypt/live/egw.example.org/fullchain.pem:/etc/postfix/certificate.pem
# run the following command once to make sure mail-services get restarted on certificate renewal:
# certbot renew --force-renew --post-hook 'bash -c "cd /etc/egroupware-mail; docker-compose restart"'
- run the following command once to make sure mail-services get restarted on certificate renewal:
certbot renew --force-renew --post-hook 'bash -c "cd /etc/egroupware-mail; docker-compose restart"'
5. use a smarthost / mail relay to send outgoing mail through (eg. for better reputation then your dynamic IP)
- uncomment the following section in /etc/egroupware-mail/postfix/main.cf
relayhost = [mail.example.org]
smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = texthash:/etc/postfix/sasl_password
- set mail-server, user and password in /etc/egroupware-mail/postfix/sasl_password
mail.example.org user@domain:secret
- run the following commands to reload postfix
docker exec -it egroupware-smtp postfix reload
6. for anti-spam and anti-virus we recommend to use an external service:
- SpamTitan services hosted by EGroupware GmbH
- some firewall products also offer spam- and virus-protection for mail
- or a local Proxmox Mail Gateway
Further information:
- mailboxes are stored under /var/lib/egroupware-mail (you need to backup that!)
- all configuration is stored in /etc/egroupware-mail
- usual Dovecot configuration is in /etc/egroupware-mail/dovecot
- Postfix configuration is under /etc/egroupare-mail/postfix
Known problems / trouble shooting
- Postfix mail log:
docker logs -f egroupware-smtp - Dovecot logs:
docker logs -f egroupware-mail - Postfix container (egroupware-smtp) does not "find" it's mysql support
cd /etc/egroupware-mail
docker-compose logs -f
Attaching to egroupware-mail, egroupware-smtp
egroupware-mail | Nov 13 10:33:26 master: Info: Dovecot v2.3.10 (0da0eff44) starting up for imap, lmtp, sieve, pop3, submission
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/postfix-script[69]: starting the Postfix mail system
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/postlogd[72]: error: unsupported dictionary type: mysql
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/master[1]: daemon started -- version 3.5.8, configuration /etc/postfix
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/qmgr[71]: error: unsupported dictionary type: mysql
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/pickup[70]: error: unsupported dictionary type: mysql
^C
docker exec -it egroupware-smtp sh -c "apk del postfix-mysql; apk --update add postfix-mysql; postfix reload"
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory
WARNING: Ignoring APKINDEX.40a3604f.tar.gz: No such file or directory
(1/2) Purging postfix-mysql (3.5.8-r0)
(2/2) Purging mariadb-connector-c (3.1.8-r1)
OK: 44 MiB in 23 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/2) Installing mariadb-connector-c (3.1.8-r1)
(2/2) Installing postfix-mysql (3.5.8-r0)
OK: 44 MiB in 25 packages
postfix/postfix-script: refreshing the Postfix mail system
docker-compose logs -f
Attaching to egroupware-mail, egroupware-smtp
egroupware-smtp | Nov 13 10:35:02 egroupware-smtp postfix/postfix-script[85]: refreshing the Postfix mail system
egroupware-smtp | Nov 13 10:35:02 egroupware-smtp postfix/master[1]: reload -- version 3.5.8, configuration /etc/postfix
- ask for help under EGroupware Mail category in our forum or buy a support budget from EGroupware GmbH