diff --git a/.env.sample b/.env.sample index 13b51bf..f71e3d6 100644 --- a/.env.sample +++ b/.env.sample @@ -1,64 +1,72 @@ -TYPE=mailu +# See https://mailu.io/2.0/configuration.html for explanation of (most of) these +# settings. "Quoted text" in this file comes from that page. -# Main mail domain, NOT main web domain (if they are different) -DOMAIN=example.com +############################################################################### +# BOILERPLATE SETTINGS (shouldn't need to change these) # +############################################################################### +TYPE=mailu LETS_ENCRYPT_ENV=production -# Run `docker stack ls | grep traefik | cut -f 1 -d " "` on the target machine to get that one +COMPOSE_FILE="compose.yml" + +############################################################################### +# REQUIRED SETTINGS (always need to change these) # +############################################################################### + +# Main web domain, NOT main mail domain (if they are different) +DOMAIN=mailu.example.com + +# "This email domain is used for bounce emails, for generating the postmaster +# email and other technical addresses." +MAIL_DOMAIN=mailu.example.com + +# Hostnames for this server, separated with commas +# "The first declared hostname is the main hostname and will be exposed over +# SMTP, IMAP, etc." +HOSTNAMES=$DOMAIN + +# Run `DOCKER_CONTEXT= docker stack ls | grep traefik | cut -f 1 -d " "` to get that one TRAEFIK_STACK_NAME=traefik_example_com -# Custom settings used by certdumper_post.sh and Traefik -WEB_DOMAIN=example.com -ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json +############################################################################### +# OPTIONAL SETTINGS # +############################################################################### -# Mailu settings -# https://mailu.io +# Name of the instance, displayed in the web UI +SITENAME=mymail -TLS_CERT_FILENAME=$WEB_DOMAIN/certificate.crt -TLS_KEYPAIR_FILENAME=$WEB_DOMAIN/privatekey.key - -REDIS_ADDRESS=db - - -# Subnet of the docker network. This should not conflict with any networks to which your system is connected. (Internal and external!) -SUBNET=192.168.203.0/24 - -# Hostnames for this server, separated with comas -HOSTNAMES=$WEB_DOMAIN +# Linked Website URL +WEBSITE=https://$DOMAIN # Postmaster local part (will append the main mail domain) -POSTMASTER=admin - -# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) -TLS_FLAVOR=mail +POSTMASTER=c # Authentication rate limit per IP (per /24 on ipv4 and /56 on ipv6) AUTH_RATELIMIT_IP=60/hour -# Opt-out of statistics, replace with "True" to opt out +# Opt-in to statistics, change to "False" to opt in DISABLE_STATISTICS=True -################################### -# Optional features -################################### +# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) +LOG_LEVEL=WARNING + +# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones +TZ=Etc/UTC # Expose the admin interface (value: true, false) ADMIN=true -# Choose which webmail to run if any (values: roundcube, rainloop, none) +# Choose which webmail to run if any (values: snappymail, roundcube, none) WEBMAIL=snappymail -# Dav server implementation (value: radicale, none) -WEBDAV=none +# API settings +# ------------- -# Antivirus solution (value: clamav, none) -ANTIVIRUS=none +# Authentication token for API requests +API=false +#API_TOKEN= -# Scan Macros solution (value: true, false) -SCAN_MACROS=true - -################################### # Mail settings -################################### +# ------------- # Message size limit in bytes # Default: accept messages up to 50MB @@ -81,7 +89,7 @@ FETCHMAIL_ENABLED=False # Fetchmail delay FETCHMAIL_DELAY=600 -# Recipient delimiter, character used to delimiter localpart from custom address part +# Recipient delimiter, character used to delimit localpart from custom address part RECIPIENT_DELIMITER=+ # DMARC rua and ruf email @@ -101,14 +109,58 @@ COMPRESSION= COMPRESSION_LEVEL= # IMAP full-text search is enabled by default. Set the following variable to off in order to disable the feature. -# FULL_TEXT_SEARCH=off +#FULL_TEXT_SEARCH=off + +# Co-op Cloud settings +# ------------- + +# Mailman settings +# NOTE(3wc): remember to also set RELAYNETS +#COMPOSE_FILE="compose.yml:compose.mailman.yml" +#MAILMAN_POSTFIX_OVERRIDES=1 +#MAILMAN_CORE_VOLUME=lists_example_com_mailman-core +#MAILMAN_CORE_NETWORK=lists_example_com_internal + +# NOTE(3wc): think this is no longer needed, see https://github.com/Mailu/Mailu/pull/1904 +# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying +# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base +# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions +# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096 +#COMPOSE_FILE="compose.yml:compose.senderlogins.yml" +#SENDER_LOGINS_POSTFIX_OVERRIDES=1 SECRET_SECRET_KEY_VERSION=v1 +############################################################################### +# INFINITE NERD DEPTH SETTINGS (rarely needed) # +############################################################################### + +# Traefik certificates filename, used by certdumper +ACME_JSON=${LETS_ENCRYPT_ENV}-acme.json + +TLS_CERT_FILENAME=$DOMAIN/certificate.crt +TLS_KEYPAIR_FILENAME=$DOMAIN/privatekey.key + +# Choose how secure connections will behave (value: letsencrypt, cert, notls, mail, mail-letsencrypt) +# NOTE(3wc): changing this to "letsencrypt" might (but probably won't) allow +# this recipe to be deployed standalone without Traefik. "notls" might (but +# might not) disable encryption for everything except the web interfaces. +TLS_FLAVOR=mail + +# Optional features +# ------------- + +# Dav server implementation (value: radicale, none) +WEBDAV=none + +# Antivirus solution (value: clamav, none) +ANTIVIRUS=none + +# Scan Macros solution (value: true, false) +SCAN_MACROS=true -################################### # Web settings -################################### +# ------------- # Path to redirect / to WEBROOT_REDIRECT=/webmail @@ -119,24 +171,14 @@ WEB_ADMIN=/admin # Path to the webmail if enabled WEB_WEBMAIL=/webmail -# Website name -SITENAME=mymail - -# Linked Website URL -WEBSITE=https://$DOMAIN - -################################### # Advanced settings -################################### +# ------------- # Log driver for front service. Possible values: # json-file (default) # journald (On systemd platforms, useful for Fail2Ban integration) # syslog (Non systemd platforms, Fail2Ban integration. Disables `docker-compose log` for front!) -# LOG_DRIVER=json-file - -# Docker-compose project name, this will prepended to containers names. -COMPOSE_PROJECT_NAME=mailu +#LOG_DRIVER=json-file # Number of rounds used by the password hashing scheme CREDENTIAL_ROUNDS=12 @@ -150,34 +192,6 @@ REAL_IP_FROM= # choose wether mailu bounces (no) or rejects (yes) mail when recipient is unknown (value: yes, no) REJECT_UNLISTED_RECIPIENT= -# Log level threshold in start.py (value: CRITICAL, ERROR, WARNING, INFO, DEBUG, NOTSET) -LOG_LEVEL=WARNING - -# Timezone for the Mailu containers. See this link for all possible values https://en.wikipedia.org/wiki/List_of_tz_database_time_zones -TZ=Etc/UTC - -# Authentication token for API requests -API=false -#API_TOKEN= - -################################### -# Database settings -################################### +# NOTE(3wc): Other values are not supported, as compose.yml does not contain +# configuration for them. Pull requests welcome! DB_FLAVOR=sqlite - -################################### -# Mailman settings -################################### -# COMPOSE_FILE="compose.yml:compose.mailman.yml" -# MAILMAN_POSTFIX_OVERRIDES=1 -# MAILMAN_CORE_VOLUME=lists_example_com_mailman-core -# MAILMAN_CORE_NETWORK=lists_example_com_internal - -################################### -# SASL account -> MAIL FROM mappings for more liberal MAIL FROM relaying -# return-path: https://www.rubydoc.info/gems/actionmailer-rack-upgrade-2/2.3.15/ActionMailer/Base -# logins and MAIL FROM ownership: http://www.postfix.com/postconf.5.html#smtpd_relay_restrictions -# there is an open ticket with a further discussion also https://github.com/Mailu/Mailu/issues/1096 -################################### -# COMPOSE_FILE="compose.yml:compose.senderlogins.yml" -# SENDER_LOGINS_POSTFIX_OVERRIDES=1 diff --git a/compose.yml b/compose.yml index 349da62..b0c26f2 100644 --- a/compose.yml +++ b/compose.yml @@ -30,13 +30,13 @@ x-environment: - REAL_IP_FROM - REAL_IP_HEADER - RECIPIENT_DELIMITER - - REDIS_ADDRESS + - REDIS_ADDRESS=db - REJECT_UNLISTED_RECIPIENT - RELAYHOST - RELAYNETS - SECRET_KEY_FILE=/run/secrets/secret_key - SITENAME - - SUBNET + - SUBNET=192.168.203.0/24 - TLS_CERT_FILENAME - TLS_FLAVOR - TLS_KEYPAIR_FILENAME @@ -92,7 +92,7 @@ services: - "traefik.enable=true" - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${WEB_DOMAIN}`)" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - "coop-cloud.${STACK_NAME}.version=1.0.2+2.0.23" @@ -178,7 +178,7 @@ services: --dest /output --domain-subdir=true --version v2 --post-hook "sh /usr/bin/certdumper_post.sh"' environment: - - DOMAIN=$WEB_DOMAIN + - DOMAIN=$DOMAIN volumes: # Folder, which contains the acme.json - type: volume