EGroupwareMail

EGroupware Mail - containerized mail-server for EGroupware

EGroupware was traditionally just a mail clients, with the ability to manage a mail server, if you integrated it manually.

EGroupware Mail is a containerized mail server using up-to-date Dovecot and Postfix, both managed by EGroupware:

• simple installation through egroupware-mail Linux package (currently only Debian/Ubuntu)
• automatic creation of mailboxes for new users
• manage aliases and forwards for existing users
• set primary mail domain and alias domains
• integration happens through the MariaDB/MySQL database
• automatic integration with EGroupware push server
• automatic configuration as EGroupware Mail account for all users (existing users need to be manually activated!)

Installation requirements:

• egroupware-docker (>= 20.1) Linux package installed on same machine
• MariaDB / MySQL either running on host or MariaDB in a container (20.1+)
• Accounts stored in SQL and authentication against these accounts (other authentication eg. AD can be configured in Dovecot)

Installation instructions

If you run MariaDB/MySQL on the host (installation updated from before 20.1) you need to make sure root can access the DB without entering a password, eg. by creating the following /root/.my.cnf file:

[client]
user = root
password = your-secret-password

• run: apt update && apt install egroupware-mail

Further configuration steps:

1. activate mailbox of existing users: Admin > Accounts > right click on user > Mail account > Aliases+Forwards tab

• add email address with a domain matching the one from IMAP tab
• check email account active behind email address
• optionally add further aliases or a forward
• save the account

if you only want to test mail with EGroupware by sending internal mails you don't need to do the following ones just now

2. if the server not already has an external IP address, create the following port-forwards on your router

• SMTP 25 (incl. StartTLS) for incoming mails / MX
• IMAP(S) 143 and 993 for IMAP clients (eg. Thunderbird)
• SUBMISSION 587 for clients (eg. Thunderbird) to send mails
• SMTPS 465 for submission with implicit TLS for clients to send mails
• Sieve 4059 (optional, you can always use EGroupware to set vacation notices or filter rules)
• POP(S) 110 and 995 (optional, better use IMAP anyway)

3. change the automatic created dummy mail-domain "egroupware.local" to your real domain:

• change MX record of that domain to point to your servers external IP address or the one of your router
• edit domain under EGroupware Mail account: Admin > Accounts > right click a user > Mail account > IMAP tab

4. add an officially recognized certificate eg. the Lets Encrypt one used by your web-server

• uncomment and modify the following lines in /etc/egroupware-mail/docker-compose.override.yml
• restart the containers: cd /etc/egroupware-mail; docker-compose up -d

services:
  mail:
    hostname: <fully-qualified-hostname-as-used-in-certificate>
    volumes:
      # to use a recognized (not self-signed) certificate, add it here (certificate.pem is the certificate plus the chain!)
      # eg. to use the one created by LetsEncrypt's Certbot for the webserver use the following (replace your domain!)
      - /etc/letsencrypt:/etc/letsencrypt
      - /etc/letsencrypt/live/egw.example.org/privkey.pem:/etc/dovecot/certificate.key
      - /etc/letsencrypt/live/egw.example.org/fullchain.pem:/etc/dovecot/certificate.pem
  smtp:
    hostname: <fully-qualified-hostname-as-used-in-certificate>
    volumes:
      # to use a recognized (not self-signed) certificate, add it here (certificate.pem is the certificate plus the chain!)
      # eg. to use the one created by LetsEncrypt's Certbot for the webserver use the following (replace your domain!)
      - /etc/letsencrypt:/etc/letsencrypt
      - /etc/letsencrypt/live/egw.example.org/privkey.pem:/etc/postfix/certificate.key
      - /etc/letsencrypt/live/egw.example.org/fullchain.pem:/etc/postfix/certificate.pem

• run the following command once to make sure mail-services get restarted on certificate renewal:

certbot renew --force-renew --post-hook "docker-compose -f /etc/egroupware-mail/docker-compose.yml restart"

5. use a smarthost / mail relay to send outgoing mail through (eg. for better reputation then your dynamic IP)

• uncomment the following section in /etc/egroupware-mail/postfix/main.cf

relayhost = [mail.example.org]
smtp_tls_security_level = may
smtp_sasl_auth_enable = yes
smtp_sasl_security_options = noanonymous
smtp_sasl_password_maps = hash:/etc/postfix/sasl_password

• set mail-server, user and password in /etc/egroupware-mail/postfix/sasl_password

mail.example.org user@domain:secret

• run the following commands to compile sasl_password.db and reload postfix

docker exec -it ergoupware-mail postmap hash:/etc/postfix/sasl_password
docker exec -it egroupware-mail postfix reload

6. for anti-spam and anti-virus we recommend to use an external service:

• SpamTitan services hosted by EGroupware GmbH
• some firewall products also offer spam- and virus-protection for mail
• or a local Proxmox Mail Gateway

Further information:

• mailboxes are stored under /var/lib/egroupware-mail (you need to backup that!)
• all configuration is stored in /etc/egroupware-mail
• usual Dovecot configuration is in /etc/egroupware-mail/dovecot
• Postfix configuration is under /etc/egroupare-mail/postfix

Known problems / trouble shooting

• Postfix mail log: docker logs -f egroupware-smtp
• Dovecot logs: docker logs -f egroupware-mail
• Postfix container (egroupware-smtp) does not "find" it's mysql support

cd /etc/egroupware-mail
docker-compose logs -f
Attaching to egroupware-mail, egroupware-smtp
egroupware-mail | Nov 13 10:33:26 master: Info: Dovecot v2.3.10 (0da0eff44) starting up for imap, lmtp, sieve, pop3, submission
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/postfix-script[69]: starting the Postfix mail system
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/postlogd[72]: error: unsupported dictionary type: mysql
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/master[1]: daemon started -- version 3.5.8, configuration /etc/postfix
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/qmgr[71]: error: unsupported dictionary type: mysql
egroupware-smtp | Nov 13 10:33:25 egroupware-smtp postfix/pickup[70]: error: unsupported dictionary type: mysql
^C
docker exec -it egroupware-smtp sh -c "apk del postfix-mysql; apk --update add postfix-mysql; postfix reload"
WARNING: Ignoring APKINDEX.2c4ac24e.tar.gz: No such file or directory
WARNING: Ignoring APKINDEX.40a3604f.tar.gz: No such file or directory
(1/2) Purging postfix-mysql (3.5.8-r0)
(2/2) Purging mariadb-connector-c (3.1.8-r1)
OK: 44 MiB in 23 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.12/community/x86_64/APKINDEX.tar.gz
(1/2) Installing mariadb-connector-c (3.1.8-r1)
(2/2) Installing postfix-mysql (3.5.8-r0)
OK: 44 MiB in 25 packages
postfix/postfix-script: refreshing the Postfix mail system
docker-compose logs -f
Attaching to egroupware-mail, egroupware-smtp
egroupware-smtp | Nov 13 10:35:02 egroupware-smtp postfix/postfix-script[85]: refreshing the Postfix mail system
egroupware-smtp | Nov 13 10:35:02 egroupware-smtp postfix/master[1]: reload -- version 3.5.8, configuration /etc/postfix

• ask for help under EGroupware Mail category in our forum or buy a support budget from EGroupware GmbH