docker-mailserver/docs/content/config/troubleshooting/faq.md
2019-10-28 09:15:34 +01:00

8.8 KiB

What kind of database are you using?

None. No *sql database required.
This image is based on config files that can be versioned.
You'll probably want to push your config updates to your server and restart the container to apply changes.

How can I sync container with host date/time?

Share the host /etc/localtime using:

    volumes:
      - /etc/localtime:/etc/localtime:ro

What is the file format?

All files are using the Unix format with LF line endings. Please do not use CRLF.

Where are emails stored?

Mails are stored in /var/mail/${domain}/${username}.
You should use a data volume container for /var/mail to persist data. Otherwise, your data may be lost.

What about backups?

Assuming that you use docker-compose and a data volumes, you can backup your user mails like this:

docker run --rm -ti \
  -v maildata:/var/mail \
  -v mailstate:/var/mail-state \
  -v /backup/mail:/backup \
  alpine:3.2 \
  tar czf /backup/mail-`date +%y%m%d-%H%M%S`.tgz /var/mail /var/mail-state

find /backup/mail -type f -mtime +30 -exec rm -f {} \;

What about mail-state folder?

This folder consolidates all data generated by the server itself to persist when you upgrade. Example of data folder persisted: lib-amavis, lib-clamav, lib-fail2ban, lib-postfix, lib-postgrey, lib-spamassasin, lib-spamassassin, spool-postfix, ...

How can I configure my email client?

Login are full email address (user@domain.com).

# imap
username:           <user1@domain.tld>
password:           <mypassword>
server:             <mail.domain.tld>
imap port:          143 or 993 with ssl (recommended)
imap path prefix:   INBOX

# smtp
smtp port:          25 or 587 with ssl (recommended)
username:           <user1@domain.tld>
password:           <mypassword>

Please use STARTTLS.

How can I manage my custom Spamassassin rules?

Antispam rules are managed in config/spamassassin-rules.cf.

What are acceptable SA_SPAM_SUBJECT values?

For no subject set SA_SPAM_SUBJECT=undef.

For a trailing white-space subject one can define the whole variable with quotes in docker-compose.yml:

    environment:
      - "SA_SPAM_SUBJECT=[SPAM] "

Why are Spamassassin x-headers not inserted into my sample.domain.com subdomain emails?

In the default setup, amavis only applies Spamassassin x-headers into domains matching the template listed in the config file 05-domain_id (in the amavis defaults). The default setup @local_domains_acl = ( ".$mydomain" ); does not match subdomains. To match subdomains, you can override the @local_domains_acl directive in the amavis user config file 50-user with @local_domains_maps = ("."); to match any sort of domain template.

How can I make SpamAssassin learn spam?

Put received spams in .Junk/ imap folder and add a user cron like the following:

# This assumes you're having `environment: ONE_DIR=1` in the docker-compose.yml,
# with a consolidated config in `/var/mail-state`
#
# m h dom mon dow command
# Everyday 2:00AM, learn spam from a specific user
0 2 * * * docker exec mail sa-learn --spam /var/mail/domain.com/username/.Junk --dbpath /var/mail-state/lib-amavis/.spamassassin

If you run the server with docker-compose, you can leverage on docker configs and the mailserver's own cron. This is less problematic than the simple solution shown above, because it decouples the learning from the host on which the mailserver is running and avoids errors if the server is not running.

The following configuration works nicely:

create a system cron file:

# in the docker-compose.yml root directory
mkdir cron
touch cron/sa-learn
chown root:root cron/sa-learn
chmod 0644 cron/sa-learn

edit the system cron file nano cron/sa-learn, and set an appropriate configuration:

# This assumes you're having `environment: ONE_DIR=1` in the docker-compose.yml,
# with a consolidated config in `/var/mail-state`
#
# m h dom mon dow user command
#
# Everyday 2:00AM, learn spam from a specific user
# spam: junk directory
0  2 * * * root  sa-learn --spam /var/mail/domain.com/username/.Junk --dbpath /var/mail-state/lib-amavis/.spamassassin
# ham: archive directories
15 2 * * * root  sa-learn --ham /var/mail/domain.com/username/.Archives* --dbpath /var/mail-state/lib-amavis/.spamassassin
# ham: inbox subdirectories
30 2 * * * root  sa-learn --ham /var/mail/domain.com/username/.INBOX.* --dbpath /var/mail-state/lib-amavis/.spamassassin
#
# Everyday 3:00AM, learn spam from all users of a domain
# spam: junk directory
0  3 * * * root  sa-learn --spam /var/mail/otherdomain.com/*/.Junk --dbpath /var/mail-state/lib-amavis/.spamassassin
# ham: archive directories
15 3 * * * root  sa-learn --ham /var/mail/otherdomain.com/*/.Archives* --dbpath /var/mail-state/lib-amavis/.spamassassin
# ham: inbox subdirectories
30 3 * * * root  sa-learn --ham /var/mail/otherdomain.com/*/.INBOX.* --dbpath /var/mail-state/lib-amavis/.spamassassin

with plain docker-compose:

version: "2"

services:
  mail:
    image: tvial/docker-mailserver:latest
    # ...
    volumes:
      - ./cron/sa-learn:/etc/cron.d/sa-learn

with docker swarm:

version: "3.3"

services:
  mail:
    image: tvial/docker-mailserver:latest
    # ...
    configs:
      - source: my_sa_crontab
        target: /etc/cron.d/sa-learn

configs:
  my_sa_crontab:
    file: ./cron/sa-learn

With the default settings, Spamassassin will require 200 mails trained for spam (for example with the method explained above) and 200 mails trained for ham (using the same command as above but using --ham and providing it with some ham mails). Until you provided these 200+200 mails, Spamassasin will not take the learned mails into account. For further reference, see the Spamassassin Wiki.

What kind of SSL certificates can I use?

You can use the same certificates you use with another mail server.
The only thing is that we provide a self-signed certificate tool and a letsencrypt certificate loader.

I just moved from my old mail server but "it doesn't work".

If this migration implies a DNS modification, be sure to wait for DNS propagation before opening an issue. Few examples of symptoms can be found here or here.
This could be related to a modification of your MX record, or the IP mapped to mail.my-domain.tld.

If everything is OK regarding DNS, please provide formatted logs and config files. This will allow us to help you.

If we're blind, we won't be able to do anything.

Which system requirements needs my container to run docker-mailserver effectively?

1 core and 1GB of RAM + swap partition is recommended to run docker-mailserver with clamav. Otherwise, it could work with 512M of RAM.

Please note that clamav can consume a lot of memory, as it reads the entire signature database into RAM. Current figure is about 850M and growing. If you get errors about clamav or amavis failing to allocate memory you need more RAM or more swap and of course docker must be allowed to use swap (not always the case). If you can't use swap at all you may need 3G RAM.

Is docker-mailserver running in a rancher environment?

Yes, by Adding the Environment Variable PERMIT_DOCKER: network.

How can I authenticate users with SMTP_ONLY?

See https://github.com/tomav/docker-mailserver/issues/1247 for an example.

Common errors

warning: connect to Milter service inet:localhost:8893: Connection refused
# DMARC not running
# => /etc/init.d/opendmarc restart

warning: connect to Milter service inet:localhost:8891: Connection refused
# DKIM not running
# => /etc/init.d/opendkim restart

mail amavis[1459]: (01459-01) (!)connect to /var/run/clamav/clamd.ctl failed, attempt #1: Can't connect to a UNIX socket /var/run/clamav/clamd.ctl: No such file or directory
mail amavis[1459]: (01459-01) (!)ClamAV-clamd: All attempts (1) failed connecting to /var/run/clamav/clamd.ctl, retrying (2)
mail amavis[1459]: (01459-01) (!)ClamAV-clamscan av-scanner FAILED: /usr/bin/clamscan KILLED, signal 9 (0009) at (eval 100) line 905.
mail amavis[1459]: (01459-01) (!!)AV: ALL VIRUS SCANNERS FAILED
# Clamav is not running (not started or because you don't have enough memory)
# => check requirements and/or start Clamav

What about updates

You can of course use a own script or every now and then pull && stop && rm && start the images but there are tools available for this. There is a page in the Update and cleanup wiki page that explains how to use it the docker way.