Skip to content

gmasse/emailgw

Repository files navigation

A stateless e-mail service based on docker-mailserver

Step-by-step guide

Further information

(Optional) Log and Metrics management

This is to send logs and metrics generated by the server, not the containers.

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install filebeat
sudo vi /etc/filebeat/filebeat.yml
sudo systemctl enable filebeat
sudo systemctl start filebeat
sudo apt-get install metricbeat
sudo vi /etc/metricbeat/metricbeat.yml
sudo systemctl enable metricbeat
sudo systemctl start metricbeat

Maintenance

Docecot purge

When users or admin tools delete emails, the content may not be physically removed (but only expunged). You can (should?) schedule a regular purge:

cd docker-mailserver
sudo docker-compose exec mail doveadm purge -A

NB: it takes time, launch in a screen or tmux if you run from command line

Backup with restic

sudo apt install restic

Local backup:

Generate a backup key:

sudo touch /root/.restic
chmod 600 /root/.restic
pwgen 24 1 > /root/.restic

Launch the first backup to /backup directory:

sudo mkdir /backup
sudo restic -p /root/.restic -r /backup init
sudo restic -p /root/.restic -r /backup backup /mnt/mail/

Add to crontab:

cat <<EOF | sudo tee /etc/cron.d/backup
#
# cron.d/backup -- schedules periodic backups
#

# m h dom mon dow user  command
37 2 * * * root         restic -p /root/.restic -r /backup backup /mnt/mail/ ; restic -p /root/.restic -r /backup forget -l 3
EOF
Remote (Openstack Swift) backup:

Create a specific Openstack user for these backup tasks. Create Swift container named backup_email and limit rights to this user:

swift --os-region-name SBG post -r "<os_tenant_name>:<os_username>" backup_email
swift --os-region-name SBG post -w "<os_tenant_name>:<os_username>" backup_email

Generate a backup key if needed (see above), then launch the first remote backup:

source .openrc
restic -p /root/.restic -r swift:backup_email:/ init
restic -p /root/.restic -r swift:backup_email:/ backup /mnt/mail/

Add to crontab.

Block Storage Snapshot

Snapshot the volume:

openstack volume snapshot create --force --volume email_storage email_storage_snap01

IMAP to Dovecot Migration

Enable IMAP Master User on SOURCE server

Create a Master password file passwd.masterusers

echo 'master:'`doveadm pw -s sha512-crypt` > /etc/dovecot/passwd.masterusers

To add in dovecot.conf before your passdb configuration:

auth_master_user_separator = *
passdb {
  driver = passwd-file
  args = /etc/dovecot/passwd.masterusers
  master = yes
#  result_success = continue
}

Reload dovecot: doveadm reload.

You can now connect to any IMAP account with master user/password: myuser@mydomain.com*master

(Reference)

Sync from source server to NEW Dovecot server

Add the follwing configuration to your target Dovecot server. local.conf is a good choice:

imapc_host = imap.example.com

# Authenticate as masteruser / masteruser-secret, but use a separate login user.
# If you don't have a master user, remove the imapc_master_user setting.
imapc_user = %u
imapc_master_user = masteruser
imapc_password = masteruser-secret

imapc_features = rfc822.size
# If you have Dovecot v2.2.8+ you may get a significant performance improvement with fetch-headers:
# imapc_features = $imapc_features fetch-headers
# Read multiple mails in parallel, improves performance
mail_prefetch_count = 20

# If the old IMAP server uses INBOX. namespace prefix, set:
#imapc_list_prefix = INBOX

# for SSL:
imapc_port = 993
imapc_ssl = imaps

doveadm -o mail_fsync=never sync -1 -R -u user@domain imapc:

https://wiki2.dovecot.org/Migration/Dsync

Tips

Retreiving and spam testing of an e-mail:

doveadm fetch -u user@domain.com text HEADER Message-Id '1234@abcd' MAILBOX Inbox | su --login amavis -c 'spamassassin -d -t'

Size of users mailboxes:

doveadm mailbox status -A -t vsize '*'