Closed FireFtw closed 10 months ago
I'm no docker user. Maybe you or someone else wants to do that?
I will be able to do so. @the-djmaze if you could send me an email I could arrange automatic docker builds for you as well.
@FWest98
host 160017966.pamx1.hotmail.com[104.47.45.33] said: 550 5.7.1 Unfortunately, messages from [84.22.110.35] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150).
Yes i hate Microsoft. Keeps blocking every few months.
Hotmail/Outlook's antispam is really, really picky indeed.
Make sure your HELO matches your dns setup, MX, and if possible reverse/PTR record.
And if you use SPF, include a plain A record IP there (in addition of, or in place of MX/include records).
@the-djmaze Now I'm wondering, did you ever receive my reply to your email?
@the-djmaze @FWest98 So, what's up with DockerHub?
@the-djmaze Now I'm wondering, did you ever receive my reply to your email?
Yes, but i totally forgot to reply. Sorry for that.
Any plans to release a docker image of SnappyMail ?
I took the liberty of using their own Dockerfile and setup a build and upload the image to Docker Hub. Feel free to use and/or report sugestions/bugs
I don't know why people use buster as base :disappointed: I have one running on alpine (https://hub.docker.com/repository/docker/combro2k/alpine-nginx-snappymail/) It's still a work in progress tho, source is https://github.com/combro2k/dockerfiles/tree/master/alpine-nginx-snappymail-php8 It misses some 'extras' but base image is 82.79 MB vs 228.17 MB from buster ;-)
@the-djmaze I think your provider doesn't follow the guidelines, It isn't microsoft's strictness :-P also you can add your IP from the provider (I would hide tho in the message) to a whitelist :-)
I have one running on alpine (https://hub.docker.com/repository/docker/combro2k/alpine-nginx-snappymail/) It's still a work in progress tho, source is https://github.com/combro2k/dockerfiles/tree/master/alpine-nginx-snappymail-php8 It misses some 'extras' but base image is 82.79 MB vs 228.17 MB from buster ;-)
Awesome!
It isn't microsoft's strictness :-P
@combro2k nope, it's Microsoft at fault. There is a big rant discussion here in the Netherlands that only Microsoft is blocking IP's for no apparent reason. A lot of hosting companies (small and big) have to unblock mail-server IP's every month. Also there are cases where Microsoft servers respond with "mail accepted" but the receiver never received the e-mail (not even in spam folder).
Currently we all report this to the local and European Commission in the hopes that Microsoft will change their system to be compatible with SPF, DKIM and DMARC.
Examples: https://answers.microsoft.com/en-us/outlook_com/forum/all/emails-from-my-server-dont-error-but-dont-arrive/c0c28fe8-532b-4b4b-a92b-7bf6d7a9f28b https://answers.microsoft.com/en-us/outlook_com/forum/all/emails-not-reaching-inbox-sender-support-lack-of/810ef019-98eb-44eb-b90e-5e8a60a7674b https://finch.am/projects/hotmail/ https://www.linkedin.com/pulse/how-microsoft-turns-incompetence-my-problem-mark-schouten
@the-djmaze I know you're from the NL as I am (based on the IP you shared) ;-) I've worked at an ISP for some years, but yeah it's an fight we all have to go. The most effective is indeed DMARC reporting, SPF & DKIM combination. We had an cluster of (own hosted) spamexperts running which made that part a little bit complicated; It was always an issue with them meh. But anyway back on the TOPIC :-P
Edit: I think the most issues are starting when you have multiple senders on the IP (different user/domains)
I've built the latest version on aarch64 using the Dockerfile in the repo without hiccups on a OCI VPS. I haven't looked into the Alpine version but I'll try when I get some time. If anybody is interested, the latest image is located here: https://hub.docker.com/r/fffrantz/snappymail
When I get around the Alpine version, I'll try to setup automated builds for both on aarch64.
Would also like to see this on dockerhub, @r3pek in the meantime do you plan to keep your image updated from time to time? Thank you!
@WladyX yeah. I might do a new release later today just to sync up with the latest version
I will be able to do so. @the-djmaze if you could send me an email I could arrange automatic docker builds for you as well.
@FWest98 did you ever setup a docker that has auto builds? (x86,x64) I only am seeing a small group of dockers and most of them are behind. Thanks!
I was planning on doing so, I had set up a DockerHub organisation but I need to add @the-djmaze to it so he can link this repo. But considering the complicated setup it has now, we should probably do this via some CI solution anyway.
Just as an experiment, I have Rainloop installed as a plugin with Nextcloud. In the documentation of Snappymail it says in some cases it can be a dropin replacement. So, I figured it was worth a shot. I figured out where the Rainloop core stuff was inside the plugin (v) folder, and added the same coorisponding files from snappymail to that location. Then I edited the config file to point to Snappymail's version as the updated version for the plugin. It did execute, but snappymail threw an error. I figured what the hell it was worth a shot. I truely hope that snappymail for Nextcloud becomes a thing, as it is awesome.
Snappymail 2.15.2 for aarch64 available here : https://hub.docker.com/r/fffrantz/snappymail/tags Still haven't had the time to automate it all nor to check the alpine version. I should have a little bit more time in the coming weeks to try it all.
@eeeple How can we automate the docker images generation? Can we do it with Github actions, and push the images on hub.docker.com? (I can write Dockerfile's, but I don't know enough Github actions)
That is certainly possible using GH Actions. I am not too experienced with it, the entire setup with needing PHP and everything before we can run docker build is also not too convenient, unfortunately.
the entire setup with needing PHP
Is only needed to modify files. A bash script to run gulp, gzip, brotli and zip could be sufficient
Snappymail 2.15.2 for aarch64 available here : https://hub.docker.com/r/fffrantz/snappymail/tags Still haven't had the time to automate it all nor to check the alpine version. I should have a little bit more time in the coming weeks to try it all.
@eeeple is your Dockerfile available somewhere ? Thanks.
Snappymail 2.15.2 for aarch64 available here : https://hub.docker.com/r/fffrantz/snappymail/tags Still haven't had the time to automate it all nor to check the alpine version. I should have a little bit more time in the coming weeks to try it all.
@eeeple is your Dockerfile available somewhere ? Thanks.
No difference with the one provided in .docker/release except this:
- docker-php-ext-configure ldap --with-libdir=lib/x86_64-linux-gnu/ && \
+ docker-php-ext-configure ldap --with-libdir=lib/aarch64-linux-gnu/ && \
Hey @eeeple I'm sorry if this is super obvious and I'm just dumb but I'd like to ask how you're actually getting the Dockerfile to import/download the release zip. I've been trying to build it myself for x86 but i'm failing to understand how to make that part happen.
@ducky710 Two ways:
.docker/release
folder. Then, build the image (with cd docker build --pull .docker/release/ --build-arg FILES_ZIP=snappymail-2.15.3.zip
)./release.php --docker
. That will make the zip file, put it in the .docker/release
folder and run the docker build
. If you encounter error during image building, build yourself the image (with the command previously given)There is maybe another(s) way(s) I don't know...
@kouinkouin Thanks a lot man. Appreciate the help!
When a release is released, I pull the repository, and I launch on my shell:
rm -rf build/dist/releases/webmail/* .docker/release/*.zip && ./release.php --docker && ls -1 build/dist/releases/webmail/*/snappymail-*.zip | cut -d/ -f5 | while read version ; do for t in $version-php8.1-bullseye latest ; do docker image tag snappymail:$version kouinkouin/snappymail:$t && docker push kouinkouin/snappymail:$t ; done ; done
So, my docker images is up-to-date, currently. "currently", because I do it manually (some days, I'm not behind my keyboard, and sometime, I don't read "new release!" mails). It would be good to automate it with GitHub Actions, then to remove kouinkouin/snappymail images and use snappymail/snappymail images
Same here for aarch64, I run a pretty basic bash script to automanually build the docker image and push it to my registry (see here ). I'm really lacking time to look into the alpine version and into automatically building when a new release is published. So I stick to this for the time being and try to publish the aarch64 versions as soon as I can.
If someone knows a project which builds docker images for each release and push them on hub.docker.io (via Github actions), it will be easier :-) .
Created a ~version-specific~ Dockerfile
to build image from source. The next step on is to ~make it versionless by modifying one line. I'll get around to that at some point and~ make a repo with GitHub action to periodically build and publish to Dockerhub (and I'll do this soon) unless someone beats me to it.
https://gist.github.com/xgbstar1/4564a290a30d26d3c564afd64050d6c3
For what it's worth, Mailu has their own SnappyMail Docker image too. https://registry.hub.docker.com/r/mailu/snappymail https://github.com/Mailu/Mailu/blob/master/webmails/snappymail/Dockerfile
Created a ~version-specific~
Dockerfile
to build image from source. The next step on is to ~make it versionless by modifying one line. I'll get around to that at some point and~ make a repo with GitHub action to periodically build and publish to Dockerhub (and I'll do this soon) unless someone beats me to it. https://gist.github.com/xgbstar1/4564a290a30d26d3c564afd64050d6c3
Created this and happy to improve it. One difference between this and some of the other SnappyMail Docker images might be that this one is being updated on a schedule of twice per day. Docker registry: https://hub.docker.com/r/xgbstar1/snappymail-docker Source repo: https://github.com/xgbstar1/snappymail-docker
Schedule of twice per day in source repo GitHub Actions workflow definition: https://github.com/xgbstar1/snappymail-docker/blob/main/.github/workflows/build.yaml
Okay so effectively from what I'm getting from this issues conversation is roughly the following:
I'm not 100% certain which of these are entirely true but I'm just trying to get a sitrep so I can potentially make recommendations via PR or something.
I have indeed no knowledge of docker, kubernetes, etc. I do use things like KVM, VirtualBox, etc. and one problem with these is access.
SnappyMail GPG requires 0700 access to .gpg
directories in a path (or symlink) smaller then 80 characters.
This is because the gpg
application is like that.
The .gpg
directory will contain public/private keys that are used with PGP/Inline and PGP/MIME messages.
Replacing a VM/Docker/etc. might remove this important data. So an image should have access to a persistent storage location that each user might configure differently.
Maybe you all can write documentation how this should/would be handled?
Docker can easily support some persistent storage through volumes. Users of the container would need to mount such a volume in the right path, which is easy to do with the right instructions. In fact, I already use that approach for mounting the configuration and other user data.
Thanks heaps for the fast replies I'm pretty amped to see if we can get this working with CI/CD maybe through GitHub Actions if someone else can step in who intuitively knows it better than I. I know CI/CD methodologies from way back when Jenkins and GitLab-Runners were the only real options.
SnappyMail GPG requires 0700 access to
.gpg
directories in a path (or symlink) smaller then 80 characters. This is because thegpg
application is like that. The.gpg
directory will contain public/private keys that are used with PGP/Inline and PGP/MIME messages.
I was thinking that all of the gpg stuff was going to happen entirely in the browser. If we need a persistent .gpg folder thats great and fine and it can be done on anything including Bind Mounts (which are direct filesystem mapped static paths) or docker volumes (randomly assigned filesystem mounted volumes on the host.)
The only trick is you'd likely want to assert file permissions on the container start to ensure that the user didn't screw with them and make it impossible to operate. I have a strong preference towards flexible, minimal but also opinionated containers that manage most of the default problem cases.
If you could add a start.sh shell script as a start feature that would be fine for example if you are adding a couple of pre-flight checks to ensure that the end users haven't screwed with things in a breaking way.
If we've done our jobs right with the Dockerfile you can also inspire people to make their own forks that are functional in ways they prefer.
Hey guys, i just found this project and it looks very promising, though it didn't include a dockerhub image, so i've been working for the last few hours to make it work properly. Opened #965, i'll need help with testing whether it works properly etc.
Hey guys, i just found this project and it looks very promising, though it didn't include a dockerhub image, so i've been working for the last few hours to make it work properly. Opened #965, i'll need help with testing whether it works properly etc.
@leojonathanoh do you have the container pushed anywhere I'd love to try to run this in a Swarm context.
@leojonathanoh do you have the container pushed anywhere I'd love to try to run this in a Swarm context.
@Leopere the docker image is available on #965. See the Compose examples here for deploying to Swarm. Since i use this in Compose, it should work just as well for Swarm.
just keeps trying to start I've launched this with
version: '3.9'
services:
snappymail:
image: leojonathanoh/snappymail:pr-1
# ports:
# - 8888:8888
volumes:
- /mnt/tank/persist/nixc.us/snappy/production/data:/var/lib/snappymail
networks:
- default
- db-network
- redis-network
- traefik
deploy:
replicas: 1
placement:
constraints:
## - node.labels.role == db
# - node.hostname == macmini1
- node.labels.mac-rack == true
labels:
- "traefik.enable=true"
- "traefik.http.routers.snappy.tls=true"
- "traefik.http.services.snappy.loadbalancer.server.port=3000"
- "traefik.http.routers.snappy.rule=Host(`snappy.nixc.us`)"
- "traefik.http.routers.snappy.entrypoints=websecure"
- "traefik.http.routers.snappy.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.snappy.service=snappy"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.snappy.middlewares=authelia@docker'
# networks:
# - default
# - traefik
# This provides prometheus metrics for snappymail's php-fpm
# php-fpm-exporter:
# image: hipages/php-fpm_exporter:2.2.0
# # ports:
# # - 9253:9253
# environment:
# - PHP_FPM_SCRAPE_URI=tcp://snappymail:9000/status
# networks:
# - default
db:
image: postgres:15-alpine
environment:
- POSTGRES_USER=snappymail
- POSTGRES_PASSWORD=snappymail
- POSTGRES_DB=snappymail
volumes:
- /mnt/tank/persist/nixc.us/snappy/production/db:/var/lib/postgresql/data
networks:
- db-network
deploy:
replicas: 1
placement:
constraints:
## - node.labels.role == db
# - node.hostname == macmini1
- node.labels.mac-rack == true
labels:
- "traefik.enable=false"
networks:
- default
redis:
image: redis:7-alpine
networks:
- redis-network
deploy:
replicas: 1
placement:
constraints:
## - node.labels.role == db
# - node.hostname == macmini1
- node.labels.mac-rack == true
labels:
- "traefik.enable=false"
networks:
- default
networks:
default:
db-network:
internal: true
redis-network:
internal: true
traefik:
external: true
I've tried a few different configurations for the volumes on the snappymail container with no luck.
EDIT: Ignore this, see next reply.
@Leopere EDIT: i've added a DEBUG
env var, set to true
to get verbose entrypoint.sh
logs. In docker-compose.yml
, try:
services:
snappymail:
environment:
- DEBUG=true
then you should get verbose logs which can help debugging. In this case, mine started up nicely:
+ echo '[INFO] Creating default Snappymail configuration: /var/lib/snappymail/_data_/_default_/configs/application.ini' [INFO] Creating default Snappymail configuration: /var/lib/snappymail/_data_/_default_/configs/application.ini + su - www-data -s /bin/sh -c 'php /snappymail/index.php'
for some reason it fails here
hmm, what filesystem are you using on the bind mount /mnt/tank/persist/nixc.us/snappy/production/data
?
From your logs above, setting permissions on /var/lib/snappymail
succeeded (https://github.com/leojonathanoh/snappymail/blob/22f9853c207f4319263b04a870c28974db3c0562/.docker/release/files/entrypoint.sh):
chown -R www-data:www-data /var/lib/snappymail/
chmod 550 /var/lib/snappymail/
find /var/lib/snappymail/ -type d -exec chmod 750 {} \;
So the bind mount should be working correctly. Can't think of why it would fail at there. Could you try a local docker volume (follow simple example here), to see if it works?
I actually ended up just using a docker volume and still running into this but I'll keep poking and possibly try a bind mount here local and not a gluster volume
still flopping
+ UPLOAD_MAX_SIZE=25M
+ MEMORY_LIMIT=128M
+ SECURE_COOKIES=true
+ sed -i 's/<UPLOAD_MAX_SIZE>/25M/g' /usr/local/etc/php-fpm.d/php-fpm.conf /etc/nginx/nginx.conf
+ sed -i 's/<MEMORY_LIMIT>/128M/g' /usr/local/etc/php-fpm.d/php-fpm.conf
+ '[' true '=' true ]
+ echo '[INFO] Secure cookies activated'
[INFO] Secure cookies activated
+ echo 'session.cookie_httponly = On'
+ echo 'session.cookie_secure = On'
+ echo 'session.use_only_cookies = On'
+ echo '[INFO] Setting permissions on /var/lib/snappymail'
+ chown -R www-data:www-data /var/lib/snappymail/
[INFO] Setting permissions on /var/lib/snappymail
+ chmod 550 /var/lib/snappymail/
+ find /var/lib/snappymail/ -type d -exec chmod 750 '{}' ';'
+ SNAPPYMAIL_CONFIG_FILE=/var/lib/snappymail/_data_/_default_/configs/application.ini
+ '[' '!' -f /var/lib/snappymail/_data_/_default_/configs/application.ini ]
+ echo '[INFO] Creating default Snappymail configuration: /var/lib/snappymail/_data_/_default_/configs/application.ini'
[INFO] Creating default Snappymail configuration: /var/lib/snappymail/_data_/_default_/configs/application.ini
+ su - www-data -s /bin/sh -c 'php /snappymail/index.php'
this is with
version: '3.9'
services:
snappymail:
image: leojonathanoh/snappymail:pr-1
# ports:
# - 8888:8888
environment:
- DEBUG=true
volumes:
- /root/tank/persist/nixc.us/snappy/production/data:/var/lib/snappymail
# - snappymail:/var/lib/snappymail
networks:
- default
# - db-network
# - redis-network
- traefik
deploy:
replicas: 1
placement:
constraints:
# - node.labels.role == db
- node.hostname == macmini1
# - node.labels.mac-rack == true
labels:
- "traefik.enable=true"
- "traefik.http.routers.snappy.tls=true"
- "traefik.http.services.snappy.loadbalancer.server.port=8888"
- "traefik.http.routers.snappy.rule=Host(`snappy.nixc.us`)"
- "traefik.http.routers.snappy.entrypoints=websecure"
- "traefik.http.routers.snappy.tls.certresolver=letsencryptresolver"
- "traefik.http.routers.snappy.service=snappy"
- "traefik.docker.network=traefik"
# - 'traefik.http.routers.snappy.middlewares=authelia@docker'
# networks:
# - default
# - traefik
# This provides prometheus metrics for snappymail's php-fpm
# php-fpm-exporter:
# image: hipages/php-fpm_exporter:2.2.0
# # ports:
# # - 9253:9253
# environment:
# - PHP_FPM_SCRAPE_URI=tcp://snappymail:9000/status
# networks:
# - default
# db:
# image: postgres:15-alpine
# environment:
# - POSTGRES_USER=snappymail
# - POSTGRES_PASSWORD=snappymail
# - POSTGRES_DB=snappymail
# volumes:
# - /mnt/tank/persist/nixc.us/snappy/production/db:/var/lib/postgresql/data
# networks:
# - db-network
# deploy:
# replicas: 1
# placement:
# constraints:
# ## - node.labels.role == db
# # - node.hostname == macmini1
# - node.labels.mac-rack == true
# labels:
# - "traefik.enable=false"
# networks:
# - default
# redis:
# image: redis:7-alpine
# networks:
# - redis-network
# deploy:
# replicas: 1
# placement:
# constraints:
# ## - node.labels.role == db
# # - node.hostname == macmini1
# - node.labels.mac-rack == true
# labels:
# - "traefik.enable=false"
# networks:
# - default
networks:
default:
# db-network:
# internal: true
# redis-network:
# internal: true
traefik:
external: true
volumes:
postgres:
driver: local
snappymail:
driver: local
Any interest/plans to maintain a docker image on DockerHub?