Accedo alla Dashboard Tophost ed inserisco i seguenti record sul dominio spezzotti.it
| Nome | Tipo | Valore |
|---|---|---|
| A | 95.245.222.84 | |
| autodiscover | CNAME | mail.spezzotti.it |
| autoconfig | CNAME | mail.spezzotti.it |
| @ | MX 10 | mail.spezzotti.it |
| @ | TXT | v=spf1 mx a -all |
| dkim._domainkey | TXT | v=DKIM1; k=rsa; t=s; s=email; p=... |
| _dmarc.mail | TXT | v=DMARC1; p=quarantine |
Attenzione: il record dkim._domainkey dovrà essere modificato dopo l'installazione accedendo alla UI di mailcow e generando la key da inserire nel record TXT. C'è anche da capire se va bene il selettore dkim, se k=rsa è corretto e se s=email è corretto
La documentazione richiede di installare i seguenti comandi/pacchetti:git openssl curl awk sha1sum grep cut jqawk è fornito dal pacchetto gawksha1sum e cut sono forniti nel pacchetto coreutils Quindi lanciamo il seguente comando:
sudo apt update
sudo apt install -y git openssl curl gawk coreutils grep jq
Trovato:1 http://security.debian.org/debian-security trixie-security InRelease
Trovato:2 http://deb.debian.org/debian trixie InRelease
Trovato:3 http://deb.debian.org/debian trixie-updates InRelease
Tutti i pacchetti sono aggiornati.
openssl è già alla versione più recente (3.5.1-1+deb13u1).
openssl è stato contrassegnato come installato manualmente.
coreutils è già alla versione più recente (9.7-3).
grep è già alla versione più recente (3.11-4).
Installazione:
curl gawk git jq
Installazione dipendenze:
git-man libcurl4t64 libjq1 libldap2 libnghttp3-9 libngtcp2-crypto-gnutls8 librtmp1 libsasl2-modules libsigsegv2 patch
libcurl3t64-gnutls liberror-perl libldap-common libmpfr6 libngtcp2-16 libonig5 libsasl2-2 libsasl2-modules-db libssh2-1t64
Pacchetti suggeriti:
gawk-doc git-email gitk git-cvs git-svn | libsasl2-modules-gssapi-heimdal libsasl2-modules-otp ed
git-doc git-gui gitweb git-mediawiki libsasl2-modules-gssapi-mit libsasl2-modules-ldap libsasl2-modules-sql diffutils-doc
Riepilogo:
Aggiornamento: 0, Installazione: 23, Rimozione: 0, Non aggiornati: 0
Dimensione scaricamento: 15,0 MB
Spazio richiesto: 63,5 MB / 28,9 GB disponibile
Scaricamento di:1 http://deb.debian.org/debian trixie/main amd64 libmpfr6 amd64 4.2.2-1 [729 kB]
Scaricamento di:2 http://deb.debian.org/debian trixie/main amd64 libsigsegv2 amd64 2.14-1+b2 [34,4 kB]
Scaricamento di:3 http://deb.debian.org/debian trixie/main amd64 gawk amd64 1:5.2.1-2+b1 [674 kB]
Scaricamento di:4 http://deb.debian.org/debian trixie/main amd64 libsasl2-modules-db amd64 2.1.28+dfsg1-9 [19,8 kB]
Scaricamento di:5 http://deb.debian.org/debian trixie/main amd64 libsasl2-2 amd64 2.1.28+dfsg1-9 [57,5 kB]
Scaricamento di:6 http://deb.debian.org/debian trixie/main amd64 libldap2 amd64 2.6.10+dfsg-1 [194 kB]
Scaricamento di:7 http://deb.debian.org/debian trixie/main amd64 libnghttp3-9 amd64 1.8.0-1 [67,7 kB]
Scaricamento di:8 http://deb.debian.org/debian trixie/main amd64 librtmp1 amd64 2.4+20151223.gitfa8646d.1-2+b5 [58,8 kB]
Scaricamento di:9 http://deb.debian.org/debian trixie/main amd64 libssh2-1t64 amd64 1.11.1-1 [245 kB]
Scaricamento di:10 http://deb.debian.org/debian trixie/main amd64 libcurl4t64 amd64 8.14.1-2 [391 kB]
Scaricamento di:11 http://deb.debian.org/debian trixie/main amd64 curl amd64 8.14.1-2 [269 kB]
Scaricamento di:12 http://deb.debian.org/debian trixie/main amd64 libngtcp2-16 amd64 1.11.0-1 [131 kB]
Scaricamento di:13 http://deb.debian.org/debian trixie/main amd64 libngtcp2-crypto-gnutls8 amd64 1.11.0-1 [29,3 kB]
Scaricamento di:14 http://deb.debian.org/debian trixie/main amd64 libcurl3t64-gnutls amd64 8.14.1-2 [384 kB]
Scaricamento di:15 http://deb.debian.org/debian trixie/main amd64 liberror-perl all 0.17030-1 [26,9 kB]
Scaricamento di:16 http://deb.debian.org/debian trixie/main amd64 git-man all 1:2.47.3-0+deb13u1 [2.205 kB]
Scaricamento di:17 http://deb.debian.org/debian trixie/main amd64 git amd64 1:2.47.3-0+deb13u1 [8.862 kB]
Scaricamento di:18 http://deb.debian.org/debian trixie/main amd64 libonig5 amd64 6.9.9-1+b1 [189 kB]
Scaricamento di:19 http://deb.debian.org/debian trixie/main amd64 libjq1 amd64 1.7.1-6+deb13u1 [164 kB]
Scaricamento di:20 http://deb.debian.org/debian trixie/main amd64 jq amd64 1.7.1-6+deb13u1 [77,7 kB]
Scaricamento di:21 http://deb.debian.org/debian trixie/main amd64 libldap-common all 2.6.10+dfsg-1 [35,1 kB]
Scaricamento di:22 http://deb.debian.org/debian trixie/main amd64 libsasl2-modules amd64 2.1.28+dfsg1-9 [66,7 kB]
Scaricamento di:23 http://deb.debian.org/debian trixie/main amd64 patch amd64 2.8-2 [134 kB]
Recuperati 15,0 MB in 3s (5.176 kB/s)
Selezionato il pacchetto libmpfr6:amd64 non precedentemente selezionato.
(Lettura del database... 34736 file e directory attualmente installati.)
Preparativi per estrarre .../libmpfr6_4.2.2-1_amd64.deb...
Estrazione di libmpfr6:amd64 (4.2.2-1)...
Selezionato il pacchetto libsigsegv2:amd64 non precedentemente selezionato.
Preparativi per estrarre .../libsigsegv2_2.14-1+b2_amd64.deb...
Estrazione di libsigsegv2:amd64 (2.14-1+b2)...
Configurazione di libmpfr6:amd64 (4.2.2-1)...
Configurazione di libsigsegv2:amd64 (2.14-1+b2)...
Selezionato il pacchetto gawk non precedentemente selezionato.
(Lettura del database... 34757 file e directory attualmente installati.)
Preparativi per estrarre .../00-gawk_1%3a5.2.1-2+b1_amd64.deb...
Estrazione di gawk (1:5.2.1-2+b1)...
Selezionato il pacchetto libsasl2-modules-db:amd64 non precedentemente selezionato.
Preparativi per estrarre .../01-libsasl2-modules-db_2.1.28+dfsg1-9_amd64.deb...
Estrazione di libsasl2-modules-db:amd64 (2.1.28+dfsg1-9)...
Selezionato il pacchetto libsasl2-2:amd64 non precedentemente selezionato.
Preparativi per estrarre .../02-libsasl2-2_2.1.28+dfsg1-9_amd64.deb...
Estrazione di libsasl2-2:amd64 (2.1.28+dfsg1-9)...
Selezionato il pacchetto libldap2:amd64 non precedentemente selezionato.
Preparativi per estrarre .../03-libldap2_2.6.10+dfsg-1_amd64.deb...
Estrazione di libldap2:amd64 (2.6.10+dfsg-1)...
Selezionato il pacchetto libnghttp3-9:amd64 non precedentemente selezionato.
Preparativi per estrarre .../04-libnghttp3-9_1.8.0-1_amd64.deb...
Estrazione di libnghttp3-9:amd64 (1.8.0-1)...
Selezionato il pacchetto librtmp1:amd64 non precedentemente selezionato.
Preparativi per estrarre .../05-librtmp1_2.4+20151223.gitfa8646d.1-2+b5_amd64.deb...
Estrazione di librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b5)...
Selezionato il pacchetto libssh2-1t64:amd64 non precedentemente selezionato.
Preparativi per estrarre .../06-libssh2-1t64_1.11.1-1_amd64.deb...
Estrazione di libssh2-1t64:amd64 (1.11.1-1)...
Selezionato il pacchetto libcurl4t64:amd64 non precedentemente selezionato.
Preparativi per estrarre .../07-libcurl4t64_8.14.1-2_amd64.deb...
Estrazione di libcurl4t64:amd64 (8.14.1-2)...
Selezionato il pacchetto curl non precedentemente selezionato.
Preparativi per estrarre .../08-curl_8.14.1-2_amd64.deb...
Estrazione di curl (8.14.1-2)...
Selezionato il pacchetto libngtcp2-16:amd64 non precedentemente selezionato.
Preparativi per estrarre .../09-libngtcp2-16_1.11.0-1_amd64.deb...
Estrazione di libngtcp2-16:amd64 (1.11.0-1)...
Selezionato il pacchetto libngtcp2-crypto-gnutls8:amd64 non precedentemente selezionato.
Preparativi per estrarre .../10-libngtcp2-crypto-gnutls8_1.11.0-1_amd64.deb...
Estrazione di libngtcp2-crypto-gnutls8:amd64 (1.11.0-1)...
Selezionato il pacchetto libcurl3t64-gnutls:amd64 non precedentemente selezionato.
Preparativi per estrarre .../11-libcurl3t64-gnutls_8.14.1-2_amd64.deb...
Estrazione di libcurl3t64-gnutls:amd64 (8.14.1-2)...
Selezionato il pacchetto liberror-perl non precedentemente selezionato.
Preparativi per estrarre .../12-liberror-perl_0.17030-1_all.deb...
Estrazione di liberror-perl (0.17030-1)...
Selezionato il pacchetto git-man non precedentemente selezionato.
Preparativi per estrarre .../13-git-man_1%3a2.47.3-0+deb13u1_all.deb...
Estrazione di git-man (1:2.47.3-0+deb13u1)...
Selezionato il pacchetto git non precedentemente selezionato.
Preparativi per estrarre .../14-git_1%3a2.47.3-0+deb13u1_amd64.deb...
Estrazione di git (1:2.47.3-0+deb13u1)...
Selezionato il pacchetto libonig5:amd64 non precedentemente selezionato.
Preparativi per estrarre .../15-libonig5_6.9.9-1+b1_amd64.deb...
Estrazione di libonig5:amd64 (6.9.9-1+b1)...
Selezionato il pacchetto libjq1:amd64 non precedentemente selezionato.
Preparativi per estrarre .../16-libjq1_1.7.1-6+deb13u1_amd64.deb...
Estrazione di libjq1:amd64 (1.7.1-6+deb13u1)...
Selezionato il pacchetto jq non precedentemente selezionato.
Preparativi per estrarre .../17-jq_1.7.1-6+deb13u1_amd64.deb...
Estrazione di jq (1.7.1-6+deb13u1)...
Selezionato il pacchetto libldap-common non precedentemente selezionato.
Preparativi per estrarre .../18-libldap-common_2.6.10+dfsg-1_all.deb...
Estrazione di libldap-common (2.6.10+dfsg-1)...
Selezionato il pacchetto libsasl2-modules:amd64 non precedentemente selezionato.
Preparativi per estrarre .../19-libsasl2-modules_2.1.28+dfsg1-9_amd64.deb...
Estrazione di libsasl2-modules:amd64 (2.1.28+dfsg1-9)...
Selezionato il pacchetto patch non precedentemente selezionato.
Preparativi per estrarre .../20-patch_2.8-2_amd64.deb...
Estrazione di patch (2.8-2)...
Configurazione di gawk (1:5.2.1-2+b1)...
Configurazione di libsasl2-modules:amd64 (2.1.28+dfsg1-9)...
Configurazione di libldap-common (2.6.10+dfsg-1)...
Configurazione di libsasl2-modules-db:amd64 (2.1.28+dfsg1-9)...
Configurazione di liberror-perl (0.17030-1)...
Configurazione di librtmp1:amd64 (2.4+20151223.gitfa8646d.1-2+b5)...
Configurazione di patch (2.8-2)...
Configurazione di libsasl2-2:amd64 (2.1.28+dfsg1-9)...
Configurazione di libnghttp3-9:amd64 (1.8.0-1)...
Configurazione di git-man (1:2.47.3-0+deb13u1)...
Configurazione di libngtcp2-16:amd64 (1.11.0-1)...
Configurazione di libssh2-1t64:amd64 (1.11.1-1)...
Configurazione di libldap2:amd64 (2.6.10+dfsg-1)...
Configurazione di libonig5:amd64 (6.9.9-1+b1)...
Configurazione di libngtcp2-crypto-gnutls8:amd64 (1.11.0-1)...
Configurazione di libcurl4t64:amd64 (8.14.1-2)...
Configurazione di libjq1:amd64 (1.7.1-6+deb13u1)...
Configurazione di libcurl3t64-gnutls:amd64 (8.14.1-2)...
Configurazione di git (1:2.47.3-0+deb13u1)...
Configurazione di jq (1.7.1-6+deb13u1)...
Configurazione di curl (8.14.1-2)...
Elaborazione dei trigger per man-db (2.13.1-1)...
Elaborazione dei trigger per libc-bin (2.41-12)...
sudo curl -sSL https://get.docker.com/ | CHANNEL=stable sh
sudo systemctl enable --now docker
# Executing docker install script, commit: 86415efcfe5f8d966625843da41a0f798238cce5
+ sudo -E sh -c apt-get -qq update >/dev/null
+ sudo -E sh -c DEBIAN_FRONTEND=noninteractive apt-get -y -qq install ca-certificates curl >/dev/null
+ sudo -E sh -c install -m 0755 -d /etc/apt/keyrings
+ sudo -E sh -c curl -fsSL "https://download.docker.com/linux/debian/gpg" -o /etc/apt/keyrings/docker.asc
+ sudo -E sh -c chmod a+r /etc/apt/keyrings/docker.asc
+ sudo -E sh -c echo "deb [arch=amd64 signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian trixie stable" > /etc/apt/sources.list.d/docker.list
+ sudo -E sh -c apt-get -qq update >/dev/null
+ sudo -E sh -c DEBIAN_FRONTEND=noninteractive apt-get -y -qq install docker-ce docker-ce-cli containerd.io docker-compose-plugin docker-ce-rootless-extras docker-buildx-plugin docker-model-plugin >/dev/null
+ sudo -E sh -c docker version
Client: Docker Engine - Community
Version: 28.5.1
API version: 1.51
Go version: go1.24.8
Git commit: e180ab8
Built: Wed Oct 8 12:17:24 2025
OS/Arch: linux/amd64
Context: default
Server: Docker Engine - Community
Engine:
Version: 28.5.1
API version: 1.51 (minimum version 1.24)
Go version: go1.24.8
Git commit: f8215cc
Built: Wed Oct 8 12:17:24 2025
OS/Arch: linux/amd64
Experimental: false
containerd:
Version: v1.7.28
GitCommit: b98a3aace656320842a23f4a392a33f46af97866
runc:
Version: 1.3.0
GitCommit: v1.3.0-0-g4ca628d1
docker-init:
Version: 0.19.0
GitCommit: de40ad0
================================================================================
To run Docker as a non-privileged user, consider setting up the
Docker daemon in rootless mode for your user:
dockerd-rootless-setuptool.sh install
Visit https://docs.docker.com/go/rootless/ to learn about rootless mode.
To run the Docker daemon as a fully privileged service, but granting non-root
users access, refer to https://docs.docker.com/go/daemon-access/
WARNING: Access to the remote API on a privileged Docker daemon is equivalent
to root access on the host. Refer to the 'Docker daemon attack surface'
documentation for details: https://docs.docker.com/go/attack-surface/
================================================================================
Synchronizing state of docker.service with SysV service script with /usr/lib/systemd/systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable docker
sudo apt update
sudo apt install docker-compose-plugin
Trovato:1 http://security.debian.org/debian-security trixie-security InRelease
Trovato:2 http://deb.debian.org/debian trixie InRelease
Trovato:3 http://deb.debian.org/debian trixie-updates InRelease
Trovato:4 https://download.docker.com/linux/debian trixie InRelease
Tutti i pacchetti sono aggiornati.
docker-compose-plugin è già alla versione più recente (2.40.2-1~debian.13~trixie).
Riepilogo:
Aggiornamento: 0, Installazione: 0, Rimozione: 0, Non aggiornati: 0
su
umask 0022
cd /opt
git clone https://github.com/mailcow/mailcow-dockerized
cd mailcow-dockerized
Clone in 'mailcow-dockerized' in corso...
remote: Enumerating objects: 58031, done.
remote: Counting objects: 100% (82/82), done.
remote: Compressing objects: 100% (44/44), done.
remote: Total 58031 (delta 53), reused 41 (delta 38), pack-reused 57949 (from 2)
Ricezione degli oggetti: 100% (58031/58031), 48.65 MiB | 4.98 MiB/s, fatto.
Risoluzione dei delta: 100% (38740/38740), fatto.
./generate_config.sh
# ------------------------------
# mailcow web ui configuration
# ------------------------------
# example.org is _not_ a valid hostname, use a fqdn here.
# Default admin user is "admin"
# Default password is "moohoo"
MAILCOW_HOSTNAME=mail.spezzotti.it
# Password hash algorithm
# Only certain password hash algorithm are supported. For a fully list of supported schemes,
# see https://docs.mailcow.email/models/model-passwd/
MAILCOW_PASS_SCHEME=BLF-CRYPT
# ------------------------------
# SQL database configuration
# ------------------------------
DBNAME=mailcow
DBUSER=mailcow
# Please use long, random alphanumeric strings (A-Za-z0-9)
DBPASS=MlAvF9WCSG4lrk8nWPkUm6inEPuT
DBROOT=Z4yAtu3qvfP5ocBbDfCW4AQj9iHO
# ------------------------------
# REDIS configuration
# ------------------------------
REDISPASS=0juID0AFrZ94ZFMwjc0aCGerbEwu
# ------------------------------
# HTTP/S Bindings
# ------------------------------
# You should use HTTPS, but in case of SSL offloaded reverse proxies:
# Might be important: This will also change the binding within the container.
# If you use a proxy within Docker, point it to the ports you set below.
# Do _not_ use IP:PORT in HTTP(S)_BIND or HTTP(S)_PORT
# IMPORTANT: Do not use port 8081, 9081, 9082 or 65510!
# Example: HTTP_BIND=1.2.3.4
# For IPv4 leave it as it is: HTTP_BIND= & HTTPS_PORT=
# For IPv6 see https://docs.mailcow.email/post_installation/firststeps-ip_bindings/
HTTP_PORT=80
HTTP_BIND=
HTTPS_PORT=443
HTTPS_BIND=
# Redirect HTTP connections to HTTPS - y/n
HTTP_REDIRECT=y
# ------------------------------
# Other bindings
# ------------------------------
# You should leave that alone
# Format: 11.22.33.44:25 or 12.34.56.78:465 etc.
SMTP_PORT=25
SMTPS_PORT=465
SUBMISSION_PORT=587
IMAP_PORT=143
IMAPS_PORT=993
POP_PORT=110
POPS_PORT=995
SIEVE_PORT=4190
DOVEADM_PORT=127.0.0.1:19991
SQL_PORT=127.0.0.1:13306
REDIS_PORT=127.0.0.1:7654
# Your timezone
# See https://en.wikipedia.org/wiki/List_of_tz_database_time_zones for a list of timezones
# Use the column named 'TZ identifier' + pay attention for the column named 'Notes'
TZ=Europe/Rome
# Fixed project name
# Please use lowercase letters only
COMPOSE_PROJECT_NAME=mailcowdockerized
# Used Docker Compose version
# Switch here between native (compose plugin) and standalone
# For more information take a look at the mailcow docs regarding the configuration options.
# Normally this should be untouched but if you decided to use either of those you can switch it manually here.
# Please be aware that at least one of those variants should be installed on your machine or mailcow will fail.
DOCKER_COMPOSE_VERSION=
# Set this to "allow" to enable the anyone pseudo user. Disabled by default.
# When enabled, ACL can be created, that apply to "All authenticated users"
# This should probably only be activated on mail hosts, that are used exclusively by one organisation.
# Otherwise a user might share data with too many other users.
ACL_ANYONE=disallow
# Garbage collector cleanup
# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring
# How long should objects remain in the garbage until they are being deleted? (value in minutes)
# Check interval is hourly
MAILDIR_GC_TIME=7200
# Additional SAN for the certificate
#
# You can use wildcard records to create specific names for every domain you add to mailcow.
# Example: Add domains "example.com" and "example.net" to mailcow, change ADDITIONAL_SAN to a value like:
#ADDITIONAL_SAN=imap.*,smtp.*
# This will expand the certificate to "imap.example.com", "smtp.example.com", "imap.example.net", "smtp.example.net"
# plus every domain you add in the future.
#
# You can also just add static names...
#ADDITIONAL_SAN=srv1.example.net
# ...or combine wildcard and static names:
#ADDITIONAL_SAN=imap.*,srv1.example.com
ADDITIONAL_SAN=
# Obtain certificates for autodiscover.* and autoconfig.* domains.
# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.
# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs
# between services. So acme-mailcow obtains for maildomains and all web-things get handled
# in the reverse proxy.
AUTODISCOVER_SAN=y
# Additional server names for mailcow UI
#
# Specify alternative addresses for the mailcow UI to respond to
# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.
# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.
# You can understand this as server_name directive in Nginx.
# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f
ADDITIONAL_SERVER_NAMES=
# Skip running ACME (acme-mailcow, Let's Encrypt certs) - y/n
SKIP_LETS_ENCRYPT=n
# Create separate certificates for all domains - y/n
# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames
# see https://doc.dovecot.org/admin_manual/ssl/sni_support
ENABLE_SSL_SNI=n
# Skip IPv4 check in ACME container - y/n
SKIP_IP_CHECK=n
# Skip HTTP verification in ACME container - y/n
SKIP_HTTP_VERIFICATION=n
# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n
SKIP_UNBOUND_HEALTHCHECK=n
# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n
SKIP_CLAMD=n
# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n
SKIP_OLEFY=n
# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n
SKIP_SOGO=n
# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.
# Dovecot inside mailcow use Flatcurve as FTS Backend.
SKIP_FTS=n
# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.
# Flatcurve (Xapian backend) is used as the FTS Indexer. It is supposed to be efficient in CPU and RAM consumption.
# However: Please always monitor your Resource consumption!
FTS_HEAP=128
# Controls how many processes the Dovecot indexing process can spawn at max.
# Too many indexing processes can use a lot of CPU and Disk I/O.
# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more information
FTS_PROCS=1
# Allow admins to log into SOGo as email user (without any password)
ALLOW_ADMIN_EMAIL_LOGIN=n
# Enable watchdog (watchdog-mailcow) to restart unhealthy containers
USE_WATCHDOG=y
# Send watchdog notifications by mail (sent from watchdog@MAILCOW_HOSTNAME)
# CAUTION:
# 1. You should use external recipients
# 2. Mails are sent unsigned (no DKIM)
# 3. If you use DMARC, create a separate DMARC policy ("v=DMARC1; p=none;" in _dmarc.MAILCOW_HOSTNAME)
# Multiple rcpts allowed, NO quotation marks, NO spaces
#WATCHDOG_NOTIFY_EMAIL=a@example.com,b@example.com,c@example.com
#WATCHDOG_NOTIFY_EMAIL=
# Send notifications to a webhook URL that receives a POST request with the content type "application/json".
# You can use this to send notifications to services like Discord, Slack and others.
#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
# JSON body included in the webhook POST request. Needs to be in single quotes.
# Following variables are available: SUBJECT, BODY
#WATCHDOG_NOTIFY_WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "****\n"}'
# Notify about banned IP (includes whois lookup)
WATCHDOG_NOTIFY_BAN=n
# Send a notification when the watchdog is started.
WATCHDOG_NOTIFY_START=y
# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.
#WATCHDOG_SUBJECT=
# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.
# https://www.servercow.de/mailcow?lang=en
# https://www.servercow.de/mailcow?lang=de
# No data is collected. Opt-in and anonymous.
# Will only work with unmodified mailcow setups.
WATCHDOG_EXTERNAL_CHECKS=n
# Enable watchdog verbose logging
WATCHDOG_VERBOSE=n
# Max log lines per service to keep in Redis logs
LOG_LINES=9999
# Internal IPv4 /24 subnet, format n.n.n (expands to n.n.n.0/24)
# Use private IPv4 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses
IPV4_NETWORK=172.22.1
# Internal IPv6 subnet in fc00::/7
# Use private IPv6 addresses only, see https://en.wikipedia.org/wiki/Private_network#Private_IPv6_addresses
IPV6_NETWORK=fd4d:6169:6c63:6f77::/64
# Use this IPv4 for outgoing connections (SNAT)
#SNAT_TO_SOURCE=
# Use this IPv6 for outgoing connections (SNAT)
#SNAT6_TO_SOURCE=
# Create or override an API key for the web UI
# You _must_ define API_ALLOW_FROM, which is a comma separated list of IPs
# An API key defined as API_KEY has read-write access
# An API key defined as API_KEY_READ_ONLY has read-only access
# Allowed chars for API_KEY and API_KEY_READ_ONLY: a-z, A-Z, 0-9, -
# You can define API_KEY and/or API_KEY_READ_ONLY
#API_KEY=
#API_KEY_READ_ONLY=
#API_ALLOW_FROM=172.22.1.1,127.0.0.1
# mail_home is ~/Maildir
MAILDIR_SUB=Maildir
# SOGo session timeout in minutes
SOGO_EXPIRE_SESSION=480
# SOGo URL encryption key (exactly 16 characters, limited to A–Z, a–z, 0–9)
# This key is used to encrypt email addresses within SOGo URLs
SOGO_URL_ENCRYPTION_KEY=iZ2qKGEyUZqH2IYt
# DOVECOT_MASTER_USER and DOVECOT_MASTER_PASS must both be provided. No special chars.
# Empty by default to auto-generate master user and password on start.
# User expands to DOVECOT_MASTER_USER@mailcow.local
# LEAVE EMPTY IF UNSURE
DOVECOT_MASTER_USER=
# LEAVE EMPTY IF UNSURE
DOVECOT_MASTER_PASS=
# WebAuthn device manufacturer verification
# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed
# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates
WEBAUTHN_ONLY_TRUSTED_VENDORS=n
# Spamhaus Data Query Service Key
# Optional: Leave empty for none
# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.
# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.
# Otherwise it will work normally.
SPAMHAUS_DQS_KEY=
# IPv6 Controller Section
# This variable controls the usage of IPv6 within mailcow.
# Can either be true or false | Defaults to true
# WARNING: MAKE SURE TO PROPERLY CONFIGURE IPv6 ON YOUR HOST FIRST BEFORE ENABLING THIS AS FAULTY CONFIGURATIONS CAN LEAD TO OPEN RELAYS!
# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.
ENABLE_IPV6=false
# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n
# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost
DISABLE_NETFILTER_ISOLATION_RULE=n
In questo file andiamo a modificare:
SKIP_LETS_ENCRYPT=y
docker compose pull
docker compose up -d
Quando accedo a https://mail.spezzotti.it ho l'errore TOO_MANY_REDIRECT. Probabilmente dipende dal fatto che ho disabilitato la richiesta certificato su LETS ENCRYPT dentro mailcow ma non ho copiato certificato e chiave ottenuti da nginx proxy manager. Quindi accedo ai terminali sia di mailcow che di nginxpm:
Su mailcow backup di certificato e chiave e uscita da root
root@mailcow:/opt/mailcow-dockerized/data/assets/ssl# cp cert.pem cert.pem.bk
root@mailcow:/opt/mailcow-dockerized/data/assets/ssl# cp key.pem key.pem.bk
root@mailcow:/opt/mailcow-dockerized/data/assets/ssl# ls -las
totale 28
4 drwxr-xr-x 2 root root 4096 25 ott 01.16 .
4 drwxr-xr-x 7 root root 4096 24 ott 21.11 ..
4 -rw-r--r-- 1 root root 2049 24 ott 21.11 cert.pem
4 -rw-r--r-- 1 root root 2049 25 ott 01.16 cert.pem.bk
4 -rw-r--r-- 1 root root 424 24 ott 21.11 dhparams.pem
4 -rw-r--r-- 1 root root 3272 24 ott 21.11 key.pem
4 -rw-r--r-- 1 root root 3272 25 ott 01.16 key.pem.bk
root@mailcow:/opt/mailcow-dockerized/data/assets/ssl# exit
Creazione directory di appoggio sulla home di mailcow:
mailcow@mailcow:/opt/mailcow-dockerized$ cd
mailcow@mailcow:~$ pwd
/home/mailcow
mailcow@mailcow:~$ mkdir certificati_letsencrypt
Su nginxpm copia remota verso la directory di appoggio su mailcow
root@nginxpm:/home/npmuser/npm-app/letsencrypt/live/npm-16# scp fullchain.pem mailcow@192.168.1.160:/home/mailcow/certificati_letsencrypt/fullchain.pem
The authenticity of host '192.168.1.160 (192.168.1.160)' can't be established.
ED25519 key fingerprint is SHA256:5W8gktohozMyW0GxB3pE2dDVLxVDT/oxhF1SrLi9Kz4.
This key is not known by any other names.
Are you sure you want to continue connecting (yes/no/[fingerprint])? y
Please type 'yes', 'no' or the fingerprint: yes
Warning: Permanently added '192.168.1.160' (ED25519) to the list of known hosts.
mailcow@192.168.1.160's password:
fullchain.pem 100% 2900 21.2MB/s 00:00
root@nginxpm:/home/npmuser/npm-app/letsencrypt/live/npm-16# scp privkey.pem mailcow@192.168.1.160:/home/mailcow/certificati_letsencrypt/privkey.pem
mailcow@192.168.1.160's password:
privkey.pem
Su mailcow spostamento dalla directory di appoggio a quella di lavoro e restart dei container
mailcow@mailcow:~/certificati_letsencrypt$ sudo cp fullchain.pem /opt/mailcow-dockerized/data/assets/ssl/cert.pem
[sudo] password di mailcow:
mailcow@mailcow:~/certificati_letsencrypt$ sudo cp privkey.pem /opt/mailcow-dockerized/data/assets/ssl/key.pem
mailcow@mailcow:~/certificati_letsencrypt$ cd /opt/mailcow-dockerized/data/assets/ssl
mailcow@mailcow:/opt/mailcow-dockerized/data/assets/ssl$ ls -las
totale 28
4 drwxr-xr-x 2 root root 4096 25 ott 01.16 .
4 drwxr-xr-x 7 root root 4096 24 ott 21.11 ..
4 -rw-r--r-- 1 root root 2900 25 ott 01.32 cert.pem
4 -rw-r--r-- 1 root root 2049 25 ott 01.16 cert.pem.bk
4 -rw-r--r-- 1 root root 424 24 ott 21.11 dhparams.pem
4 -rw-r--r-- 1 root root 306 25 ott 01.33 key.pem
4 -rw-r--r-- 1 root root 3272 25 ott 01.16 key.pem.bk
mailcow@mailcow:/opt/mailcow-dockerized/data/assets/ssl$ cd /opt/mailcow-dockerized/
mailcow@mailcow:/opt/mailcow-dockerized$ docker compose restart
open /opt/mailcow-dockerized/.env: permission denied
mailcow@mailcow:/opt/mailcow-dockerized$ sudo docker compose restart
[+] Restarting 18/18
✔ Container mailcowdockerized-php-fpm-mailcow-1 Started 2.3s
✔ Container mailcowdockerized-nginx-mailcow-1 Started 1.9s
✔ Container mailcowdockerized-netfilter-mailcow-1 Started 2.0s
✔ Container mailcowdockerized-redis-mailcow-1 Started 2.6s
✔ Container mailcowdockerized-sogo-mailcow-1 Started 10.7s
✔ Container mailcowdockerized-watchdog-mailcow-1 Started 2.5s
✔ Container mailcowdockerized-postfix-tlspol-mailcow-1 Started 3.3s
✔ Container mailcowdockerized-dovecot-mailcow-1 Started 4.2s
✔ Container mailcowdockerized-postfix-mailcow-1 Started 3.5s
✔ Container mailcowdockerized-olefy-mailcow-1 Started 10.6s
✔ Container mailcowdockerized-acme-mailcow-1 Started 2.0s
✔ Container mailcowdockerized-unbound-mailcow-1 Started 4.2s
✔ Container mailcowdockerized-rspamd-mailcow-1 Started 3.2s
✔ Container mailcowdockerized-memcached-mailcow-1 Started 3.1s
✔ Container mailcowdockerized-dockerapi-mailcow-1 Started 3.1s
✔ Container mailcowdockerized-clamd-mailcow-1 Started 2.4s
✔ Container mailcowdockerized-mysql-mailcow-1 Started 3.2s
✔ Container mailcowdockerized-ofelia-mailcow-1 Started 1.4s
mailcow@mailcow:/opt/mailcow-dockerized$
Continuo ad avere l'errore TOO_MANY_REDIRECT. Provo a disabilitare la forzatura di https in mailcow andando a settare
HTTP_REDIRECT=nall'interno del file mailcow.conf e riavvio i container.
Adesso funziona, però non ho lanciato docker compose restart ma docker compose down && docker compose up -d
Rimane da aprire tutte le porte sul router e creare il record DKIM e cambiare le password degli utenti mailcow e root
| Utente | Password | |
|---|---|---|
| UI | admin | u44YCa3L7vFJRb |
| UI | ste.pezzotti@spezzotti.it | 4DNfLrMyFBZ4Ho |