14 EGroupwareMail
Ralf Becker edited this page 2023-04-21 09:49:06 +02:00

EGroupware Mail - containerized mail-server for EGroupware

EGroupware was traditionally just a mail clients, with the ability to manage a mail server, if you integrated it manually.

EGroupware Mail is a containerized mail server using up-to-date Dovecot and Postfix, both managed by EGroupware:

  • simple installation through egroupware-mail Linux package (currently only Debian/Ubuntu)
  • automatic creation of mailboxes for new users
  • manage aliases and forwards for existing users
  • set primary mail domain and alias domains
  • integration happens through the MariaDB/MySQL database
  • automatic integration with EGroupware push server
  • automatic configuration as EGroupware Mail account for all users (existing users need to be manually activated!)

Installation requirements:

Installation instructions

If you run MariaDB/MySQL on the host (installation updated from before 20.1) you need to make sure root can access the DB without entering a password, eg. by creating the following /root/.my.cnf file:

[client]
user = root
password = your-secret-password
  • run: apt update && apt install egroupware-mail

Further configuration steps:

1. activate mailbox of existing users: Admin > Accounts > right click on user > Mail account > Aliases+Forwards tab
  • add email address with a domain matching the one from IMAP tab
  • check email account active behind email address
  • optionally add further aliases or a forward
  • save the account

if you only want to test mail with EGroupware by sending internal mails you don't need to do the following ones just now

2. if the server not already has an external IP address, create the following port-forwards on your router
  • SMTP 25 (incl. StartTLS) for incoming mails / MX
  • IMAP(S) 143 and 993 for IMAP clients (eg. Thunderbird)
  • SUBMISSION 587 for clients (eg. Thunderbird) to send mails
  • SMTPS 465 for submission with implicit TLS for clients to send mails
  • Sieve 4059 (optional, you can always use EGroupware to set vacation notices or filter rules)
  • POP(S) 110 and 995 (optional, better use IMAP anyway)
3. change the automatic created dummy mail-domain "egroupware.local" to your real domain:
  • change MX record of that domain to point to your servers external IP address or the one of your router
  • edit domain under EGroupware Mail account: Admin > Accounts > right click a user > Mail account > IMAP tab
  • further domains can be added by using them in an alias, after there is at least one alias with the domain, it can be used for primary Email addresses in accounts too
4. add an officially recognized certificate eg. the Lets Encrypt one used by your web-server
  • uncomment and modify the following lines in /etc/egroupware-mail/docker-compose.override.yml
  • restart the containers: cd /etc/egroupware-mail; docker-compose up -d
services:
  mail:
    # to use a recognized (not self-signed) certificate, add it here (certificate.pem is the certificate plus the chain!)
    # eg. to use the one created by LetsEncrypt's Certbot for the webserver use the following (replace your domain!)
    hostname: <fully-qualified-hostname-as-used-in-certificate>
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
      - /etc/letsencrypt/live/egw.example.org/privkey.pem:/etc/dovecot/certificate.key
      - /etc/letsencrypt/live/egw.example.org/fullchain.pem:/etc/dovecot/certificate.pem
  smtp:
    # to use a recognized (not self-signed) certificate, add it here (certificate.pem is the certificate plus the chain!)
    # eg. to use the one created by LetsEncrypt's Certbot for the webserver use the following (replace your domain!)
    hostname: <fully-qualified-hostname-as-used-in-certificate>
    # Delivery to Dovecot will NOT work, if above name starts with mail e.g. "mail.example.org"!
    # You need to uncomment the following entrypoint line, to fix this:
    #entrypoint: ["sh", "-c", "sed 's/ mail$$//g' /etc/hosts > /tmp/hosts; cat /tmp/hosts > /etc/hosts; exec /usr/sbin/postfix -c /etc/postfix start-fg"]
    volumes:
      - /etc/letsencrypt:/etc/letsencrypt
      - /etc/letsencrypt/live/egw.example.org/privkey.pem:/etc/postfix/certificate.key
      - /etc/letsencrypt/live/egw.example.org/fullchain.pem:/etc/postfix/certificate.pem
    # run the following command once to make sure mail-services get restarted on certificate renewal:
    # certbot renew --force-renew --post-hook 'bash -c "cd /etc/egroupware-mail; docker-compose restart"'
  • run the following command once to make sure mail-services get restarted on certificate renewal:
certbot renew --force-renew --post-hook 'bash -c "cd /etc/egroupware-mail; docker-compose restart"'
5. use a smarthost / mail relay to send outgoing mail through (eg. for better reputation then your dynamic IP)
  • uncomment the following section in /etc/egroupware-mail/postfix/main.cf
relayhost = [mail.example.org]
smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = texthash:/etc/postfix/sasl_password
  • set mail-server, user and password in /etc/egroupware-mail/postfix/sasl_password
mail.example.org user@domain:secret
  • run the following commands to reload postfix
docker exec -it egroupware-smtp postfix reload
6. for anti-spam and anti-virus we recommend to use an external service:

Further information:

  • mailboxes are stored under /var/lib/egroupware-mail (you need to backup that!)
  • all configuration is stored in /etc/egroupware-mail
  • usual Dovecot configuration is in /etc/egroupware-mail/dovecot
  • Postfix configuration is under /etc/egroupare-mail/postfix

Known problems / trouble shooting

  • Postfix mail log: docker logs -f egroupware-smtp
  • Dovecot logs: docker logs -f egroupware-mail
  • Postfix container (egroupware-smtp) does not "find" it's mysql support
cd /etc/egroupware-mail
docker-compose logs -f
Attaching to egroupware-mail, egroupware-smtp
egroupware-mail | Nov 13 10:33:26 master: Info: Dovecot v2.3.10 (0da0eff44) starting up for imap, lmtp, sieve, pop3, submission
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/postfix-script[69]: starting the Postfix mail system
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/postlogd[72]: error: unsupported dictionary type: mysql
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/master[1]: daemon started -- version 3.5.8, configuration /etc/postfix
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/qmgr[71]: error: unsupported dictionary type: mysql
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/pickup[70]: error: unsupported dictionary type: mysql
^C
docker exec -it egroupware-smtp sh -c "apk del postfix-mysql; apk --update add postfix-mysql; postfix reload"
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory
WARNING: Ignoring APKINDEX.40a3604f.tar.gz: No such file or directory
(1/2) Purging postfix-mysql (3.5.8-r0)
(2/2) Purging mariadb-connector-c (3.1.8-r1)
OK: 44 MiB in 23 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/2) Installing mariadb-connector-c (3.1.8-r1)
(2/2) Installing postfix-mysql (3.5.8-r0)
OK: 44 MiB in 25 packages
postfix/postfix-script: refreshing the Postfix mail system
docker-compose logs -f
Attaching to egroupware-mail, egroupware-smtp
egroupware-smtp | Nov 13 10:35:02 egroupware-smtp postfix/postfix-script[85]: refreshing the Postfix mail system
egroupware-smtp | Nov 13 10:35:02 egroupware-smtp postfix/master[1]: reload -- version 3.5.8, configuration /etc/postfix