Integration of Mailcow for Linuxmuster.net
Linuxmuster.net official | ❌ NO* |
---|---|
Community support | ❌ No** |
Actively developed | ✅ YES |
Maintainer organisation | Netzint GmbH |
Primary maintainer | [email protected] |
* The linuxmuster community consits of people who are nice and happy to help. They are not directly involved in the development though, and might not be able to help in all cases. ** The linuxmuster community consits of people who are nice and happy to help. They are not directly involved in the development though, and might not be able to help in any case.
A python script periodically syncs all linuxmuster accounts to mailcow. It also automatically creates aliases for user proxyAddress.
For projects and classes, it also creates a mailbox. These mailboxes have a quota of 1mb and get a filter which redirects all mails to their members.
Sogo and dovecot are configured automatically to authenticate against LDAP.
More details about the sync workflow can be found in SyncWorkflow.md
-
Create an API key with read/write permissions from the Mailcow UI
-
Create a file called
docker-compose.override.yml
in your mailcow directory with the following content:version: "2.1" services: linuxmuster-mailcow: image: ghcr.io/linuxmuster/linuxmuster-mailcow:latest container_name: mailcowcustomized_linuxmuster-mailcow volumes: - ./data/conf/dovecot:/conf/dovecot:rw - ./data/conf/sogo:/conf/sogo:rw depends_on: - nginx-mailcow - dockerapi-mailcow - php-fpm-mailcow - sogo-mailcow - dovecot-mailcow environment: - LINUXMUSTER_MAILCOW_LDAP_URI=ldap://10.0.0.1 - LINUXMUSTER_MAILCOW_LDAP_BASE_DN=DC=linuxmuster,DC=lan - LINUXMUSTER_MAILCOW_LDAP_BIND_DN=CN=global-binduser,OU=Management,OU=GLOBAL,DC=linuxmuster,DC=lan - LINUXMUSTER_MAILCOW_LDAP_BIND_DN_PASSWORD=<YOUR-PASSWORD> - LINUXMUSTER_MAILCOW_API_KEY=<YOUR-API-KEY> - LINUXMUSTER_MAILCOW_SYNC_INTERVAL=300 - LINUXMUSTER_MAILCOW_DOMAIN_QUOTA=20000 - LINUXMUSTER_MAILCOW_ENABLE_GAL=1 networks: mailcow-network: aliases: - linuxmuster
-
Configure environmental variables:
LDAP-LINUXMUSTER_MAILCOW_LDAP_URI
- Uri of the Linuxmuster.net server (must be reachable from within the container). The URIs are in syntaxprotocol://host:port
. For exampleldap://localhost
orldaps://secure.domain.org
LINUXMUSTER_MAILCOW_LDAP_BASE_DN
- base DN of the ADLINUXMUSTER_MAILCOW_LDAP_BIND_DN
- bind DN of a special LDAP account that will be used to browse for usersLINUXMUSTER_MAILCOW_LDAP_BIND_DN_PASSWORD
- password for bind DN accountLINUXMUSTER_MAILCOW_API_KEY
- mailcow API key (read/write)LINUXMUSTER_MAILCOW_SYNC_INTERVAL
- interval in seconds between LDAP synchronizationsLINUXMUSTER_MAILCOW_DOMAIN_QUOTA
- total quota of one domain. CAUTION! If this is not enough to fit all mailboxes the import will fail!!LINUXMUSTER_MAILCOW_ENABLE_GAL
- whether to enable the global addressbook- Optional Only use these if you know what you are doing! They are not required for normal operation!
LDAP-MAILCOW_API_URI
- mailcow API uri.LINUXMUSTER_MAILCOW_DOCKERAPI_URI
- dockerapi API uri.
-
Start additional container:
docker compose up -d linuxmuster-mailcow
-
Check logs
docker compose logs -f linuxmuster-mailcow
(quit with ctrl+c). Please note: Connection errors are normal after all containers are started withdocker compose up -d
. -
For projects and classes, make sure to call
sophomorix-class -c test --maillist
/sophomorix-project -p test --maillist
. Otherwise no maillist will be created!
This tool enables authentication for Dovecot and SOGo, which means you will be able to log into POP3, SMTP, IMAP, and SOGo Web-Interface. You will not be able to log into mailcow UI or EAS using your LDAP credentials by default.
As a workaround, you can hook IMAP authentication directly to mailcow by adding the following code above this line:
$mbox = imap_open ("{dovecot:993/imap/ssl/novalidate-cert}INBOX", $user, $pass);
if ($mbox != false) {
imap_close($mbox);
return "user";
}
As a side-effect, It will also allow logging into mailcow UI using mailcow app passwords (since they are valid for IMAP). It is not a supported solution with mailcow and has to be done only at your own risk!
The inspiration for this from @Programmierus over here: https://github.com/Programmierus/ldap-mailcow