This is to send logs and metrics generated by the server, not the containers.
wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list
sudo apt-get update && sudo apt-get install filebeat
sudo vi /etc/filebeat/filebeat.yml
sudo systemctl enable filebeat
sudo systemctl start filebeat
sudo apt-get install metricbeat
sudo vi /etc/metricbeat/metricbeat.yml
sudo systemctl enable metricbeat
sudo systemctl start metricbeat
When users or admin tools delete emails, the content may not be physically removed (but only expunged). You can (should?) schedule a regular purge:
cd docker-mailserver
sudo docker-compose exec mail doveadm purge -A
NB: it takes time, launch in a screen
or tmux
if you run from command line
sudo apt install restic
Generate a backup key:
sudo touch /root/.restic
chmod 600 /root/.restic
pwgen 24 1 > /root/.restic
Launch the first backup to /backup
directory:
sudo mkdir /backup
sudo restic -p /root/.restic -r /backup init
sudo restic -p /root/.restic -r /backup backup /mnt/mail/
Add to crontab:
cat <<EOF | sudo tee /etc/cron.d/backup
#
# cron.d/backup -- schedules periodic backups
#
# m h dom mon dow user command
37 2 * * * root restic -p /root/.restic -r /backup backup /mnt/mail/ ; restic -p /root/.restic -r /backup forget -l 3
EOF
Create a specific Openstack user for these backup tasks.
Create Swift container named backup_email
and limit rights to this user:
swift --os-region-name SBG post -r "<os_tenant_name>:<os_username>" backup_email
swift --os-region-name SBG post -w "<os_tenant_name>:<os_username>" backup_email
Generate a backup key if needed (see above), then launch the first remote backup:
source .openrc
restic -p /root/.restic -r swift:backup_email:/ init
restic -p /root/.restic -r swift:backup_email:/ backup /mnt/mail/
Add to crontab.
Snapshot the volume:
openstack volume snapshot create --force --volume email_storage email_storage_snap01
Create a Master password file passwd.masterusers
echo 'master:'`doveadm pw -s sha512-crypt` > /etc/dovecot/passwd.masterusers
To add in dovecot.conf
before your passdb configuration:
auth_master_user_separator = *
passdb {
driver = passwd-file
args = /etc/dovecot/passwd.masterusers
master = yes
# result_success = continue
}
Reload dovecot: doveadm reload
.
You can now connect to any IMAP account with master user/password: [email protected]*master
Add the follwing configuration to your target Dovecot server. local.conf
is a good choice:
imapc_host = imap.example.com
# Authenticate as masteruser / masteruser-secret, but use a separate login user.
# If you don't have a master user, remove the imapc_master_user setting.
imapc_user = %u
imapc_master_user = masteruser
imapc_password = masteruser-secret
imapc_features = rfc822.size
# If you have Dovecot v2.2.8+ you may get a significant performance improvement with fetch-headers:
# imapc_features = $imapc_features fetch-headers
# Read multiple mails in parallel, improves performance
mail_prefetch_count = 20
# If the old IMAP server uses INBOX. namespace prefix, set:
#imapc_list_prefix = INBOX
# for SSL:
imapc_port = 993
imapc_ssl = imaps
doveadm -o mail_fsync=never sync -1 -R -u user@domain imapc:
https://wiki2.dovecot.org/Migration/Dsync
Retreiving and spam testing of an e-mail:
doveadm fetch -u [email protected] text HEADER Message-Id '1234@abcd' MAILBOX Inbox | su --login amavis -c 'spamassassin -d -t'
Size of users mailboxes:
doveadm mailbox status -A -t vsize '*'