https://sourceforge.net/p/postfixadmin/code/HEAD/tree/trunk/VIRTUAL_VACATION/

I'm hosting the mailserver on an instance on AWS.
I've had to upgrade the instance, so I created a new image based on the mailserver instance.
After upgrading and running docker-compose up, the following error is printed out when pointing the browser to postfixadmin.mydomain.com:

Invalid query: Table 'postfix.config' doesn't exist

Im a little confused about this error, because all the files (including the databases) is present on the new instance .

Any idea of why this bug is present and how to fix it?

Allow to override default postfix configuration with a config file and inject each line with postconf.

Hello,

Petit problème depuis rainloop lorsque j'accède a la partie "filtres" le message d'erreur suivant : Impossible d'obtenir les filtres

Les filtres déclarés au préalable fonctionne bien
La configuration depuis le panel admin est bien ok

Je ne trouve pas de log pouvant m'éclaircir pour débugué

Hi,

I would like to start the postgrey but it doesn't start. I exec the following command in docker and get error message. When I didn't set dbdir postgrey works well.

/usr/sbin/postgrey --delay=120 --inet=127.0.0.1:10023 --dbdir=/var/mail/postgrey

2016/09/25-07:22:21 postgrey (type Net::Server::Multiplex) starting! pid(707)
Binding to TCP port 10023 on host 127.0.0.1 with IPv4
Setting gid to "114 114"
Setting uid to "108"
ERROR: can't open lock file: /var/mail/postgrey/postgrey.lock

/etc/opendmarc/opendmarc.conf contains the IgnoreMailFrom directive. It serves to not check and add headers to mails send from our own domain(s).

While opendkim/spamassassin etc. are configured by the startup script to include the additional domains given by the ADD_DOMAINS env variable, opendmarc is left out. The startup script should probably concatenate DOMAIN and ADD_DOMAINS and put them all into IgnoreMailFrom.

Salut,

J'ai suivi l'installation à la lettre mais l'envoi et la réception de mail de fonctionne pas :(

Le log du mailserver : https://paste.mondedie.fr/?85268daf86e77180#0ohLoIIXY6MxVDv8TXF3DJ4Bcn48mAbJtixpcEvdf8M=

Postfixadmin :

test IMAP SSL/TLS - 993 port (IMAPS) : https://paste.mondedie.fr/?952a69bbf8d49ae9#nRU3y/K4GUU6At7WUAbZf86sT6ShjcY7dqTCELMc/EE=

Mon DNS Record :

@                  IN MX 10  mail.mondomain.tld.
                       IN TXT    "v=spf1 a mx ip4:ipV4 ~all"
_dmarc                 IN TXT    "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; sp=reject"
mail                   IN A      ipV4
mail._domainkey        IN TXT    "v=DKIM1; k=rsa;  p=makey"

postfixadmin           IN CNAME  mondomain.tld.
webmail                IN CNAME  mondomain.tld.

J'espère avoir été assez complet :D

Merci

Hey after I have updated my container I get this error:

Temporary lookup failure at the client.

When I want to send a mail (can not reseve also). But I can view all my mails as before...

In the console I get the message:

warning: connect to mysql server mariadb: Unknown MySQL server host 'mariadb'

but if I connect to the container and ping the db there is no problem...

My startparameters:
docker run --name=mail --link mariadb:mariadb --restart=always -p 25:25 -p 143:143 -p 465:465 -p 587:587 -p 993:993 -p 4190:4190 -e DBHOST=mariadb -e DBUSER=mailserver -e DBNAME=mailserver -e DBPASS=mypassword -e ADD_DOMAINS=mail.domain.tld -v /home/mailserver:/var/mail -v /home/mailserver/opendkim:/etc/opendkim/keys -h mail.domain.tld -d hardware/mailserver
did not changed it since first start

Any suggestions ? Thanks :)

This bug is discussed here. I had the same problem described in the linked thread, and I can confirm that the only solution (that i know about) is to update to Ubuntu 16.04.

I can't send or receive mails. When I check logs, I see :

2016-04-08T22:13:30.656856+02:00 mail postfix/smtpd[283]: NOQUEUE: reject: RCPT from unknown[***.***.***.***]: 451 4.3.0 <*****@bounce.twitter.com>: Temporary lookup failure; from=<******@bounce.twitter.com> to=<***@***.net> proto=ESMTP helo=<spring-chicken-af.twitter.com>

But when i look more i see that :

2016-04-08T22:13:30.562427+02:00 mail postfix/trivial-rewrite[287]: warning: connect to mysql server mariadb: Unknown MySQL server host 'mariadb' (2)
2016-04-08T22:13:30.563026+02:00 mail postfix/trivial-rewrite[287]: warning: mysql:/etc/postfix/mysql/mysql-virtual-alias-maps.cf: table lookup problem
2016-04-08T22:13:30.563156+02:00 mail postfix/trivial-rewrite[287]: warning: virtual_alias_domains lookup failure
2016-04-08T22:13:30.655698+02:00 mail postfix/trivial-rewrite[287]: warning: mysql:/etc/postfix/mysql/mysql-virtual-alias-maps.cf: table lookup problem
2016-04-08T22:13:30.656295+02:00 mail postfix/trivial-rewrite[287]: warning: virtual_alias_domains lookup failure

Infortunatly, i can't explain why :/ When i try with telnet (from mailserver container to mariadb container) it's working

root@mail:/# telnet mariadb 3306   
Trying 172.21.0.2...
Connected to mariadb.
Escape character is '^]'.
b
5.5.5-10.1.13-MariaDB-1~jessie�TNlS;n:�?��Ov%OA99Srg/Qmysql_native_passwordConnection closed by foreign host.

Some idea to help me ?
Thanks :-)

It will be great if we can add THREAD=ORDEREDSUBJECT THREAD=REFERENCES SORT QUOTA ad default or optional.

for postfix, please consider add discard_ehlo for localhost.

In /etc/postfix/main.cf:

smtpd_discard_ehlo_keyword_address_maps = hash:/etc/postfix/discard_ehlo

and in /etc/postfix/discard_ehlo:

127.0.0.1 starttls,silent-discard 
172.17.0.1 starttls,silent-discard 

Hi,

I think than the problem come from me but I've the dmarc which fail only in Authentication Results and which do my mails directly go to Spam on hotmail/outlook and AOL....

It's very strange because I've 10/10 on mail-tester.com, I think (but not sure) than my DNS are well configured...
The dmarc seems to pass but only at the level of "Authentication-Results" it fails...

Thanks for your help !

I've a trace which can help you :

Delivered-To: [email protected]
Received: by 10.107.6.22 with SMTP id 22csp25501iog;
        Fri, 18 Nov 2016 03:29:31 -0800 (PST)
X-Received: by 10.194.200.69 with SMTP id jq5mr5317402wjc.93.1479468571133;
        Fri, 18 Nov 2016 03:29:31 -0800 (PST)
Return-Path: <[email protected]>
Received: from mail.shuguenot.fr (mail.shuguenot.fr. [163.172.52.11])
        by mx.google.com with ESMTPS id up6si7122038wjc.275.2016.11.18.03.29.30
        for <[email protected]>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Fri, 18 Nov 2016 03:29:31 -0800 (PST)
Received-SPF: pass (google.com: domain of [email protected] designates 163.172.52.11 as permitted sender) client-ip=163.172.52.11;
Authentication-Results: mx.google.com;
       dkim=pass [email protected];
       spf=pass (google.com: domain of [email protected] designates 163.172.52.11 as permitted sender) [email protected];
       dmarc=pass (p=REJECT dis=NONE) header.from=wefluence.fr
Received: from localhost (localhost [127.0.0.1]) by mail.shuguenot.fr (Postfix) with ESMTP id D1600654B for <[email protected]>; Fri, 18 Nov 2016 11:29:30 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at mail.shuguenot.fr
Received: from mail.shuguenot.fr ([127.0.0.1]) by localhost (mail.shuguenot.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gy8Ktd1R0q9q for <[email protected]>; Fri, 18 Nov 2016 11:29:30 +0000 (UTC)
Received: from authenticated-user (mail.shuguenot.fr [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: [email protected]) by mail.shuguenot.fr (Postfix) with ESMTPSA id 944A9653F for <[email protected]>; Fri, 18 Nov 2016 11:29:30 +0000 (UTC)
Authentication-Results: mail.shuguenot.fr; dmarc=fail header.from=wefluence.fr
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wefluence.fr; s=mail; t=1479468570; bh=+TycC/TM72o6KfFzMjbyVsg+WpzsrSyC/3BEXcQaXvs=; h=Date:From:Subject:To:From; b=ao8n/MAptBtsJE2f5s/6rQMalVIHVyMxF6XwpDLLwnKoWdge0eXuwMcipFTtsTSl/
	 rCKs0rT6Cp0SudPr8EXrLHNiVbte0DHw3vak2iW0gYwitDFoNhcirM/PnprtQywz+1
	 ED429zjcZ/GyF/xKRZaJ27Mn5SUN01u5A2nL5rXc=
Mime-Version: 1.0
Date: Fri, 18 Nov 2016 11:29:30 +0000
Content-Type: multipart/alternative; boundary="--=_RainLoop_139_799085972.1479468570"
Message-ID: <e6ccf83311020d4c10ea8cb4c2ff1803@11dfdbab313e>
From: [email protected]
Subject: Hello
To: [email protected]

----=_RainLoop_139_799085972.1479468570
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Petit test et voila !

----=_RainLoop_139_799085972.1479468570
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html><html><head><meta http-equiv=3D"Content-Type" content=3D"tex=
t/html; charset=3Dutf-8" /></head><body><div data-html-editor-font-wrapper=
=3D"true" style=3D"font-family: arial, sans-serif; font-size: 13px;"> <sign=
ature></signature>Petit test et voila !<br> </div></body></html>

----=_RainLoop_139_799085972.1479468570--

Bonjour,

J'ai mis en place votre solution, cela fonctionne correctement à défaut d'une erreur sur postfixadmin, en effet lors de la création d'un utilisateur / envoi d'un message depuis l'interface j'ai l'erreur :

Erreur lors de l'envoit du message! ([email protected])

J'ai beau regarder les logs avec des docker logs -f, je ne vois rien.

Une idée ?

Merci beaucoup pour votre fabuleux travail

The startup script allows to use /var/mail/postfix/custom.conf to overwrite the default settings w/ the help of postconf.
When only overriding existing options this works. But when I try to add an option previously undefined in the main.cf like "smtpd_data_restrictions" or "smtpd_delay_reject" it is NOT appended as a new file but instead appended to the last line. Further new options then will be added as new lines.
Result looks like:

non_smtpd_milters = $smtpd_milterssmtpd_delay_reject = yes
smtpd_data_restrictions = reject_unauth_pipelining

So this should be fixed by keeping a trailing linebreak in the /etc/postfix/main.cf

Hi,

I'm currently organizing a new infrastructure around an OpenLDAP container for my users, and I'd like to manage them from a centralized place.

I was going for a manual Postfix / Dovecot install revolving around my directory and then stumbled upon your packaged docker solution.

Do you know if this is all pluggable to an LDAP instance ? Thank you : )

Actuellement, la taille de la clé est de 1024 bits.
https://github.com/hardware/mailserver/blob/master/rootfs/usr/local/bin/opendkim#L15

Est-ce qu'il y a une raison qui empêcherait, ou déconseillerait techniquement l'utilisation d'une clé de taille supérieure ? Comme 2048 bits ? Parce qu'aujourd'hui en 2016 les clés RSA de cette taille sont fortement déconseillée d'utilisation. Si c'est juste une question d'enregistrement DNS chez certains services comme celui d'OVH, il y a par exemple le moyen de découper la clé en plusieurs enregistrements TXT. Pour le reste, aucun problème.

Merci de m'éclairer.
Au pire, pourquoi pas laisser le choix ? On en a déjà parlé, ce serait une bonne idée. Il suffit juste de rajouter une variable pour qu'on puisse générer une clé dont on peut préciser la taille avec docker exec -ti mailserver opendkim 2048.

Hello,

Sorry for my English, I use google translation to write.

I followed the instructions for the installation by creating the group and UNIX user. I copy the file docker-compose and I executed.

When I make myself the admin page, I get this error: Invalid query: Table 'postfix.domain' doesn't exist

The attached the log of the starting containers
log.txt

Could you implement a way to have multiple entry in the KeyTable, SigningTable and TrustedHosts ?
Maybe doing a shared folder and if the files exist then don't reset them.
It can be useful for multiple domains DKIM signing.
Actually on each restart these files are reset to the original values.

Whenever I stop/restart the container, the following happens in syslog :

Container xxxx failed to exit within 10 seconds of signal 15 - using the force

Nothing critical, but I'd like to know if I'm not the only one who experiences this.
As someone told me : "A Jedi uses the Force for knowledge and defense, never for attack."

Postfix VDA — Limiting the size of virtual mailbox for Postfix.

• postfix-vda-3.1.1

Features

• Brings per mailbox/maildir quota support to Postfix VDA
• Support for Courier style maildir format, including maildirsize file
• Limit either only INBOX or whole maildir
• Customizable bounce message, used if mails are bounced (it's also an option)
• Customisable suffix for Maildir support, sometimes needed for Courier IMAP
• Enhanced patch delivery abilities using vfilter

##############################
## QUOTA SUPPORT PARAMETERS ##
##############################

virtual_create_maildirsize     = yes
virtual_mailbox_extended       = yes
virtual_mailbox_limit_maps     = mysql:/etc/postfix/mysql/mysql-virtual-mailbox-limit-maps.cf
virtual_mailbox_limit_override = yes
virtual_maildir_limit_message  = "The user you are trying to reach is over quota."
virtual_overquota_bounce       = yes

mysql-virtual-mailbox-limit-maps.cf

# …
query = SELECT quota FROM mailbox WHERE username = '%s' AND active = '1'

Hi,

just wanted to use your mailserver image but I wonder how to initialize the database. In the readme you suggest to generate a new password and then UPDATE the admin user. But the database was never filled with any data, neither is there a structure.

How is this image supposed to work?

I have followed all instructions to the point, and my mail-tester.com score is 10/10.
Everything should work as expected, but the emails the server is sending out ends up in spam-folders (tested in yahoo and hotmail, works with gmail).

Please see this question os StackOverflow

Any ideas of improvements?

Hello,

Pb suivant au démarrage de NGINX (version boring)

root@mail:/mnt/docker/nginx/log# tail -f error.log
2016/11/06 10:59:43 [emerg] 8#8: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 10:59:43 [emerg] 8#8: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 10:59:44 [emerg] 8#8: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 10:59:46 [emerg] 7#7: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 10:59:50 [emerg] 7#7: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 10:59:56 [emerg] 8#8: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 11:00:09 [emerg] 7#7: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 11:00:35 [emerg] 8#8: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 11:01:27 [emerg] 7#7: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:)
2016/11/06 11:03:10 [emerg] 8#8: SSL_CTX_set1_curves_list("secp384r1") failed (SSL:

root@mail:/mnt/docker/nginx/log# docker ps
CONTAINER ID        IMAGE                     COMMAND                  CREATED             STATUS                         PORTS                                                                                                                   NAMES
bbf8f63ef21e        wonderfall/boring-nginx   "run.sh"                 22 minutes ago      Restarting (1) 2 minutes ago   0.0.0.0:443->4430/tcp, 0.0.0.0:80->8000/tcp             

Une idée ?

Merci

I seem to be getting an issue with name services under rancher, it appears postfixadmin can connect to the db, however postfix cant.... it deployed ok, and heres the docker compose

nginx:
  ports:
  - 443:4430/tcp
  - 80:8000/tcp
  image: wonderfall/nginx
  links:
  - postfixadmin:postfixadmin
  - rainloop:rainloop
  volumes:
  - /mnt/docker/nginx/sites-enabled:/sites-enabled
  - /mnt/docker/nginx/conf:/conf.d
  - /mnt/docker/nginx/log:/var/log/nginx
  - /mnt/docker/nginx/certs:/certs
postfixadmin:
  environment:
    DBPASS: xxxxxxx
  domainname: domain.tld
  hostname: mail
  image: hardware/postfixadmin
  links:
  - mariadb:mariadb
  - mailserver:mailserver
mailserver:
  ports:
  - 143:143/tcp
  - 25:25/tcp
  - 4190:4190/tcp
  - 465:465/tcp
  - 587:587/tcp
  - 993:993/tcp
  environment:
    DBPASS: xxxxxxx
  domainname: domain.tld
  hostname: mail
  image: hardware/mailserver
  links:
  - mariadb:mariadb
  volumes:
  - /mnt/docker/mail:/var/mail
  - /mnt/docker/opendkim:/etc/opendkim/keys
mariadb:
  environment:
    MYSQL_DATABASE: postfix
    MYSQL_PASSWORD: xxxxxxx
    MYSQL_ROOT_PASSWORD: xxxxxxx
    MYSQL_USER: postfix
  image: mariadb:10.1
  volumes:
  - /mnt/docker/mysql/db:/var/lib/mysql
rainloop:
  image: hardware/rainloop
  links:
  - mariadb:mariadb
  - mailserver:mailserver
  volumes:
  - /mnt/docker/rainloop:/rainloop/data

2016-07-04T05:00:57.502262+00:00 mail postfix/trivial-rewrite[448]: warning: connect to mysql server mariadb: Unknown MySQL server host 'mariadb' (2)
2016-07-04T05:00:57.502328+00:00 mail postfix/trivial-rewrite[448]: warning: mysql:/etc/postfix/mysql/mysql-virtual-alias-maps.cf: table lookup problem
2016-07-04T05:00:57.502359+00:00 mail postfix/trivial-rewrite[448]: warning: virtual_alias_domains lookup failure
2016-07-04T05:00:57.503029+00:00 mail postfix/trivial-rewrite[448]: warning: mysql:/etc/postfix/mysql/mysql-virtual-alias-maps.cf: table lookup problem
2016-07-04T05:00:57.503072+00:00 mail postfix/trivial-rewrite[448]: warning: virtual_alias_domains lookup failure

https://sourceforge.net/p/postfixadmin/code/HEAD/tree/trunk/ADDITIONS/fetchmail.pl

Yop,

Petit souci ce soir suite a l'upgrade du mailserver, je n'arrive plus a accéder a Rainloop/PostfixAdmin

J'ai bien entendu modifié le proxy_pass sur le port 8888 comme indiqué mais cela ne corrige pas le pb.

Lorsque je fais un docker logs nginx je n'ai absolument rien (noir/vide)

Je vois bien les connexions dans l'access.log

Aurais-tu une idée ?

Actuellement, l'image est taillée pour la compatibilité, parfois au détriment de la sécurité dans l'absolu.
Par exemple pour le MUA on pourrait n'autoriser que TLS 1.2 et AESGCM :

ssl = required
ssl_cert = <<FULLCHAIN>
ssl_key = <<KEYFILE>
ssl_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1
ssl_cipher_list = AESGCM
ssl_prefer_server_ciphers = yes
ssl_dh_parameters_length = 2048

En plus édulcoré on pourrait faire :

ssl_protocols = !SSLv2 !SSLv3
ssl_cipher_list = AES128+EECDH:AES128+EDH

Ensuite, pour le MTA : https://github.com/hardware/mailserver/blob/master/rootfs/etc/postfix/main.cf#L31-L69
Ne pourrait-on pas être un peu plus exigent quand même ? Déjà que la sécurité offerte par SMTP+STARTTLS est toute relative, autant faire le moins de concessions, toujours dans l'absolu sécuritaire.

Je pense qu'il est quand même utile d'au moins en discuter.

Hi,

I'm getting "Recipient not found" for all addresses with different domains than the email server itself. Shouldn't that also work for multiple domains?
Also I can't see this error in any logfile. Could you redirect the logs from all services to stdout/stderr?

Amavis fail to start :

2016-07-07 08:16:16,105 INFO spawned: 'freshclam' with pid 259
2016-07-07 08:16:16,153 INFO exited: freshclam (exit status 40; not expected)
2016-07-07 08:16:17,158 INFO spawned: 'clamd' with pid 260
2016-07-07 08:16:17,195 INFO exited: clamd (exit status 1; not expected)
2016-07-07 08:16:19,622 INFO exited: freshclam (exit status 40; not expected)
2016-07-07 08:16:19,812 INFO gave up: freshclam entered FATAL state, too many st                              art retries too quickly
2016-07-07 08:16:20,881 INFO exited: clamd (exit status 1; not expected)
2016-07-07 08:16:21,883 INFO gave up: clamd entered FATAL state, too many start                               retries too quickly

That occur debug mail at each sending mail and no sending at all.

ClueGetter - Access and Auditing Milter

ClueGetter provides a means to have an integrated way to determine if a message
should be accepted by Postfix. All email (metadata) and verdicts are stored in a
database allowing for auditing.

Each message has a verdict of one of the following values:

• Permit: Accept message.
• Tempfail: Deny delivery, but expect the delivering MTA to deliver it at a later time.
• Reject: Reject the message, indicating it will not be accepted a next time either.

Features:

• Quotas - Limit the number of emails
  (per ip, sasl user, recipient, sender) over an arbitrary amount of time.
• SpamAssassin - Determine whether an email is SPAM through SpamAssassin.
  Can be used alongside the Rspamd module.
• Rspamd - Determine whether an email is SPAM through Rspamd.
  Can be used alongside the SpamAssassin module.
• ClamAV/Clamd - Scan the message for viruses, malware, etc.
• Greylisting - Ask a server to try again in a bit if it wasn't seen before and the mail looks spammy.
• Bounce Handling - Keep track of what emails were rejected by remote MTAs and for what reasons.
• Abusers - Present a list of users in the web interface who had an unusual amount of email rejected.
  Usually these users have been hacked, or are otherwise malicious.
• MailQueue - Display an aggregate of all mail queues that reside in your ClueGetter cluster.
  Filter based on instance, recipient(/domain), sender(/domain) and delete or requeue selections
  of items in the queue.
• Contacts - Import address books (e.g. from RoundCube) so these addresses and/or domains can be used to (partially) blacklist messages from those addresses or domains.
• SRS - Sender Rewriting Scheme
• DKIM - Sign messages using DKIM
• Volume Reputation - Detect anomalies in volume, and penalize sudden increases in volume.

Message Details	Searching for a message	Mail Queue

Do you have any intention to add greylisting to this mail stack? I am currently migrating a production mailserver to a docker-based one using this image and right now the only difference between both servers is the one that is currently used uses greylisting in conjunction with spamassassin for filtering spams.

I don't know, in 2016, if greylisting is still efficient and recommended. What are your thoughts on this?

Thanks.

Hello,
something failed when i try to configure the proxy for postfixadmin and rainloop.
i can just see postfixadmin. i can't connect to rainloop.
i tryied to modify the nginx proxy for that postfixadmin be in a specific directory /pf/ ( Webroot (default is /): /pf/ ), it indicates that : WARNING: You might have to add a proxy header to get your custom webroot working.
it request this : "Type the required proxy_set_header (like X-Script-Name):"
what would the good line ?
Is there a little tuto to do that ?
thx

With amavis & clamav on small VPS the server will be slow, if we can disable it by configure or ENV var will make hardware/mailserver more useable for small VPS.

Bonjour Hardware,
J'utilise ton docker Mailserver, j'ai des boites mail qui sont conséquente.
et j'ai ce genre d'erreur quand on a besoin de consulter nos boîtes mail.

2016-05-09T09:43:12.310028+00:00 lucy dovecot: imap-login: Login: user=<[email protected]>, method=PLAIN, rip=172.17.0.1, lip=172.17.0.5, mpid=4876, TLS, session=<4eUOo2Uy0ACsEQAB>
2016-05-09T09:43:12.374169+00:00 lucy dovecot: imap([email protected]): Fatal: pool_system_realloc(1048576): Out of memory
2016-05-09T09:43:12.375808+00:00 lucy dovecot: imap([email protected]): Fatal: master: service(imap): child 4876 returned error 83 (Out of memory (service imap { vsz_limit=256 MB }, you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core dump)

Sometimes when receiving mail (from an external server) I can see something like this in the logs:

postfix/smtpd[4657]: connect from unknown[172.18.0.1]
postfix/smtpd[4657]: Anonymous TLS connection established from unknown[172.18.0.1]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
postfix/cleanup[4665]: 78DA3189E7E: milter-reject: END-OF-MESSAGE from unknown[172.18.0.1]: 5.7.1 rejected by DMARC policy for google.com; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-oi0-x249.google.com>

So postfix only sees the IP of the docker host (172.18.0.1) instead of the real client IP. This causes different problems: SPF fails and eventually fails DMARC (as in the log above), or the spam score from spamassassin contains "ALL_TRUSTED=-1" as the mail server thinks the mail came from a trusted network.

Others are having the same problem with Docker & Postfix: http://stackoverflow.com/questions/39517593/postfix-docker-and-inconsistent-ip-addresses-from-host
I'm using docker compose (yaml v2) with no specific network settings (so it uses the default bridged mode) and no other proxies, the ports are directly exposed.

I was wondering if you ran into the same problem / know the reason for this?

Hi,

Could you add pop3/pop3s support to mail server?

Regards,

Zoli

Est-il possible d'ajouter la fonctionnalitée PUSH sur la récéption des mails ?

Rspamd is an advanced spam filtering system that allows evaluation of messages by a number of rules including regular expressions, statistical analysis and custom services such as URL black lists. Each message is analysed by Rspamd and given a spam score.

According to this spam score and the user's settings Rspamd recommends an action for
the MTA to apply to the message, for example, to pass, reject or add a header.
Rspamd is designed to process hundreds of messages per second simultaneously and has a number of features available.

You can watch the following introduction video from the FOSDEM-2016 where I describe the main features of Rspamd and explain why Rspamd runs so fast.

Rspamd is packaged for the major Linux distributions and is also available via FreeBSD ports and NetBSD pkgsrc.

Spam filtering features

Rspamd distribution contains a number of mail processing features, including such techniques as:

• Regular expressions filtering - allows basic processing of messages, their textual parts, MIME headers and SMTP data received by MTA against a set of expressions that includes both normal regular expressions and message processing functions. Rspamd expressions are the powerful tool that allows to filter messages based on some pre-defined rules. This feature is similar to regular expressions in SpamAssassin spam filter.

• SPF module that allows to validate a message's sender against the policy defined in the DNS record of sender's domain. You can read about SPF policies here. A number of mail systems includes SPF support, such as Gmail or Yahoo Mail.

• DKIM module validates a message cryptographic signature against a public key placed in the DNS record of sender's domain. Like SPF, this technique is widely spread and allows to validate that a message is sent from that specific domain.

• DNS black lists allows to estimate reputation of sender's IP address or network. Rspamd uses a number of DNS lists including such lists as SORBS or Spamhaus. However, Rspamd doesn't trust any specific DNS list and use a conjunction of estimations instead that allows to avoid mistakes and false positives. Rspamd also uses positive and grey DNS lists for checking for trusted senders.

• URL black lists are rather similar to DNS black lists but uses URLs in a message to make an estimation of sender's reputation.
  This technique is very useful for finding malicious or phished domains and filter such mail.

• Statistics - Rspamd uses Bayesian classifier based on five-grams of input. This means that the input is estimated not based on individual words, but all input is organized in chains that are further estimated by Bayesian classifier. This approach allows to achieve better results than traditionally used monograms (or words literally speaking), that is described in details in the following paper.

• Fuzzy hashes - for checking of malicious mail patterns Rspamd uses so called fuzzy hashes. Unlike normal hashes, these structures are targeted to hide
  small differences between text patterns allowing to find similar messages quickly. Rspamd has internal storage of such hashes and allows to block mass spam sendings
  quickly based on user's feedback that specifies messages reputation. Moreover, this allows to feed Rspamd with data from honeypots without polluting the statistical module.

Rspamd uses the conjunction of different techniques to make the final decision about a message. This allows to improve the overall quality of filtering and reduce the number of false positives (e.g. when a innocent message is badly classified as a spam one). I have tried to simplify Rspamd usage by adding the following elements:

• Web interface - Rspamd is shipped with the fully functional Ajax-based web interface that allows to observe Rspamd statistic, to configure rules, weights and lists, to scan and learn messages and to view the history of scans. The interface is self-hosted, requires zero configuration and follows the recent web applications standards. You don't need a web server or applications server to run WebUI - you just need to run Rspamd itself and a web browser.

• Integration with MTA - Rspamd can work with the most popular mail transfer systems, such as Postfix, Exim or Sendmail. For Postfix and Sendmail, there is an Rmilter project, whilst for Exim there are several solutions to work with Rspamd. Should you require MTA integration then please consult with the integration guide.

• Extensive Lua API - Rspamd ships with hundreds of Lua functions that are available to write own rules for efficient and targeted spam filtering.

• Dynamic tables - Rspamd allows to specify bulk lists as dynamic maps that are checked in runtime with updating data when they are changed. Rspamd supports file, HTTP and HTTPS maps.

Performance

Rspamd is designed to be fast. The core of Rspamd is written in C and uses an event-driven model that allows to process multiple messages simultaneously and without blocking.
Moreover, a set of techniques is used in Rspamd to process messages faster:

• Finite state machines processing - Rspamd uses specialized finite state machines for the performance critical tasks to process input faster than a set of regular expressions.
  Of course, it is possible to implement these machines by ordinary Perl regular expressions but then they won't be compact or human-readable. On the contrary, Rspamd optimizes such actions as headers processing, received elements extraction, protocol operations by building the concrete automata for an assigned task.

• Expressions optimizer - allows to optimize expressions by execution of likely false or likely true expressions in order in the branches. That allows to reduce number of expensive expressions calls when scanning a message.

• Symbols optimizer - Rspamd tries to check first the rules that are frequent or inexpensive in terms of time or CPU resources which allows to block spam before processing of expensive rules (rules with negative weights are always checked before other ones).

• Event driven model - Rspamd is designed not to block anywhere in the code and knowing that a spam check requires a lot of network operations, Rspamd can process many messages
  simultaneously increasing the efficiency of shared DNS caches and other system resources. Moreover, event-driven system normally scales automatically and you won't need to do any
  tuning in the most of cases.

• Hyperscan regular expressions engine - Rspamd utilizes Hyperscan engine to match multiple regular expressions at the same time. You can watch the following presentation where the main benefits of Hyperscan are described.

• Clever choice of data structures - Rspamd tries to use the optimal data structure for each task. For example, it uses very efficient suffix tries for fast matching of a text against a set of multiple patterns. Or it uses radix bit trie for storing IP addresses information that provides O(1) access time complexity.

Extensions

Besides its C core, Rspamd provides an extensive Lua API to access almost all the features available directly from C. Lua is an extremely easy
to learn programming language though it is powerful enough to implement complex mail filters. In fact Rspamd has a significant amount of code written completely in Lua such as
DNS blacklists checks, user's settings or different maps implementation. You can also write your own filters and rules in Lua adopting Rspamd functionality to your needs.
Furthermore, Lua programs are very fast and their performance is rather close to pure C. However, you should mention that for the most
of performance critical tasks you usually use the Rspamd core functionality than Lua code. Anyway, you can also use LuaJIT with Rspamd if your goal is maximum performance.
From the Lua API you can do the following tasks:

• Reading the configuration parameters - Lua code has the full access to the parsed configuration knobs and you can easily modify your plugins behaviour by means of the main
  Rspamd configuration.

• Registering custom filters - it is more than simple to add your own filters to Rspamd: just add new index to the global variable rspamd_config:

rspamd_config.MYFILTER = function(task)
-- Do something
end

• Full access to the content of messages - you can access text parts, headers, SMTP data and so on and so forth by using of task object. The full list of methods could be found
  here.

• Pre- and post- filters - you can register callbacks that are called before or after messages processing to make results more precise or to make some early decision, for example, to implement a rate limit.

• Registering functions for Rspamd - you can write your own functions in Lua to extend Rspamd internal expression functions.

• Managing statistics - Lua scripts can define a set of statistical files to be scanned or learned for a specific message allowing to create more complex statistical systems, e.g. based on an input language. Moreover, you can even learn Rspamd statistic from Lua scripts.

• Standalone Lua applications - you can even write your own worker based on Rspamd core and performing some asynchronous logic in Lua. Of course, you can use the all features from Rspamd core, including such features as non-blocking IO, HTTP client and server, non-blocking Redis client, asynchronous DNS, UCL configuration and so on
  and so forth.

• API documentation - Rspamd Lua API has an extensive documentation where you can find examples, references and the guide about how to extend Rspamd with Lua.

References

• Home site: https://rspamd.com
• Development: https://github.com/vstakhov/rspamd

• Increase of number of amavisd-new childs/forks
  • Default number of instances 2 => $max_servers=2;
  • 4 Childs/Core *2 Cores => $max_servers=8;
• Debian HOME of user amavis is /var/lib/amavisd-new
• mount tmpfs at $TEMPBASE = $HOME/tmp => /var/lib/amavisd-new/tmp/
  • $max_servers(8) * message_size_limit(10MiB) * Reserve(1,5) => size=128m

apt install pigz pxz pbzip2

/etc/amavis/conf.d/50-user

use strict;

#
# Place your configuration directives here.  They will override those in
# earlier files.
#
# See /usr/share/doc/amavisd-new/ for documentation and examples of
# the directives you can use in this file
#

### Maximun number of child processes
$max_servers = 8;

### Parallel de-/compression
$gzip   = 'pgiz';
$bzip2  = 'pbzip2';
$uncompress = ['uncompress', 'pigz -d', 'zcat'];

### Actions to be performed on events
$final_virus_destiny      = D_REJECT;

### Header Encoding
## to be used in RFC 2047-encoded header field bodies, e.g. in Subject:
$hdr_encoding = 'utf8';  # (default: 'iso-8859-1')
## to be used in notification body text: its encoding and Content-type.charset
$bdy_encoding = 'utf8';  # (default: 'iso-8859-1')


#------------ Do not modify anything below this line -------------
1;  # ensure a defined return

Refs:

• https://redd.it/3cnn54
• https://www.mediawiki.org/wiki/Dbzip2
• http://utappia.org/parallel-compression-decompression-files-multicore-multithreaded-cpu.html
• http://www.nongnu.org/lzip/plzip_benchmark.html
• http://catchchallenger.first-world.info//wiki/Quick_Benchmark:_Gzip_vs_Bzip2_vs_LZMA_vs_XZ_vs_LZ4_vs_LZO
• https://www.rockstable.org/amavisd-new

The automated build fail on docker hub since 2 weeks, i don't know why...

Step 6 : EXPOSE 25 143 465 587 993 4190
 ---> Running in a572810c6807
 ---> 444d7bd2d173
Removing intermediate container a572810c6807
Step 7 : COPY rootfs /
Removing intermediate container a073e4b98b3e
lchown /var/lib/docker/overlay/673a8cc98f9cc7b3c815406edd258b5ec4192a4b74034db5a2d7184e5750b488/merged/etc: no such file or directory

https://hub.docker.com/r/hardware/mailserver/builds/

I have no problem when i build hardware/mailserver manually on my pc :

https://paste.mondedie.fr/?ceff42e030d11b92#/a5NKzfvfIHK1yFyl4tr15+BrNmsyr0hfzV4Sgj90Yo=

Does anyone have an idea to solve this issue ?

EDIT: It's a Docker Hub bug : docker/hub-feedback#811

After step 4 of "Postfixadmin initial configuration" I'm not able to login...

In the docker-compose.sample.yml at the level of the Mariadb container, there are environment and volumes property which are set.
However if the volumes property is set then the environment variables are ignored.
I think it might be a good thing to specify it in the README for example.

These two variables are set by default and cannot be set manually (without exec in the docker and that's not a good solution...)
upload_max_filesize
post_max_size

Is it possible to add something to allow to modify it ?
It's really useful to set the maximum size of an attachment.

DockerSlim (docker-slim): Optimize and secure your Docker containers

Creating small containers requires a lot of voodoo magic and it can be pretty painful. You shouldn't have to throw away your tools and your workflow to have skinny containers. Using Docker should be easy.

docker-slim is a magic diet pill for your containers :) It will use static and dynamic analysis to create a skinny container for your app.

• https://github.com/docker-slim/docker-slim
• https://github.com/jwilder/docker-squash

the error message from gmail when I try sent mail from gmail to mailserver:

450 4.1.8 <[email protected]>: Sender address rejected: Domain not found

I had this all functional until i tried to upgrade rancher/docker... fail.... so i started over from scratch now im running into issues, however i see the postfix db resolution has been resolved.

seems looking at the nginx postfixadmin config it shows postfixadmin container should be listening on 8000 and 4443, however using the docker-compose.yml postfixadmin container is only listening on port 80

I also noted that when i go to https://postifxadmin.optimcloud.com i actually get rainloop webmail
as is the same for https://webmail.optimcloud.com goes to rainloop

Hi,

I use docker to serve several websites on my host through the nginx-proxy image.
I would like to know if it's possible to serve the mailserver through that image instead of boring-nginx.
I would have something like:
website1.com and mail.website1.com to serve emails for this domain @website1.com
website2.com and mail.website2.com to serve emails for this domain @website2.com
where mail.domain.com is the webgui for postfix admin.
My db is actually a mysql container.

Machine installed with Debian 8.

I think /etc/crond.d/ with the spamassassin conrjobs should be renamed to /etc/cron.d/
I suspected this jobs weren't run, so I added a job that would run every minute which wasn't run. Moving the "spamassassin" file to /etc/cron.d (next to the automatically added "amavisd-new" file) fixed this.

The amavisd-new triggers "sa-sync", this itself seems to trigger "sa-learn --sync", without specifying the "--ham" and "--spam" folders. What will "sa-learn --sync" do here, does it interfere with the ham/spam jobs?

Additionally: If the "spamassassin" file itself is left unchanged the cron will send mails with the output of the jobs to root@$hostname, the output should be redirected to syslog, a logfile or /dev/null.