Fabio,
Very interesting stuff. I would encourage you to add Readme.md to your
repository, containing at least what you've summarized here. This would
make for a nice addition to the Cyrus documentation, but would need a
bit more explanation on your part, first, so whomever prepares the docs
for the Cyrus project doesn't misrepresent anything you've done.
Some questions:
* You've gone to the trouble to add the certificate infrastructure for
Postfix, but not for Cyrus. Any reason for that?
o What I'm referring to here is the nginx proxy support for the
Let's Encrypt stuff (at least I assume that's what you're using)
* Your Postfix configuration contains support for the deprecated Cyrus
'deliver' program as well as LMTP.
o If Postfix & Cyrus are separate containers, then 'deliver' won't
work.
Nice work!
-nic
On 2/18/20 10:16 AM, Fabio Montefuscolo wrote:
Hello!
I finally got the basic stuff working on Docker and deployed through
Docker swarm. That is what I learnt (or I think I learnt)
* a basic mail solution having Cyrus needs 4 containers (imapd,
saslauthd, rsyslog and postfix)
* sharing rsyslog socket on all containers is needed to have logs
* saslauthd socket needs to be shared on imapd and postfix containers,
to have authentication
* imapd exposes lmtp socket, that needs to be shared with postfix, to
receive emails
Other stuff
* Saslauthd is using OpenLDAP
* Postfix uses letsencrypt generated certificate
Next challenges
* Run OpenDKIM container and tie it o Postfix
* Work with virtualdomains
* Have a spam solution
* Convert the docker-compose.yml to a kubernetes equivalent (so scary)
If anyone have some minutes to take a look at
https://github.com/fabiomontefuscolo/wikisuite-swarm/tree/master/global-services
and give some thoughts, it would be awesome.
Thank you!!
Em qua., 15 de jan. de 2020 às 08:49, Fabio Montefuscolo
<fabio.montefusc...@gmail.com <mailto:fabio.montefusc...@gmail.com>>
escreveu:
Hi Niels
Thank you very much for looking into this.
Initially, I would like to get this working like I got in a real
CentOS 8. I have here a virtual machine where I did the same steps
I did in Dockerfile. But in VM I start services "*systemctl start
cyrus-imapd*" and "*systemctl start saslauthd*" and basic login
works out of the box. I could telnet on port 143 and "*. login
cyrus cyrus*". That is not happening on Docker.
I hope other people using the image can write their own config and
mount inside the container to achieve their needs. The plan is to
have some kubernetes recipes I can repeat whenever we get a new
client wondering to have an email service. Actually I'm testing it
on DO, but using kubernetes should be simple to move to AWS,
Linode or any other kubernetes hosting.
Thank you
Em qua., 15 de jan. de 2020 às 06:22, Niels Dettenbach via
Info-cyrus <info-cyrus@lists.andrew.cmu.edu
<mailto:info-cyrus@lists.andrew.cmu.edu>> escreveu:
Am Dienstag, 14. Januar 2020, 16:47:52 CET schrieb Fabio
Montefuscolo:
> I'm trying to build a simple docker image based on CentOS 8,
which brings
> cyrus-imapd 3.0.7. I'm having troubles to authenticate on
cyrus imap
> service for unknown reasons. There is no syslog facility
working inside
> the centos image, so I don't have logs. The final idea is
deploy this
> image in a kubernetes cluster. The Dockerfile I'm using is
> https://github.com/fabiomontefuscolo/docker-cyrusimapd
>
> When I jump into console and try to use cyradm, I get 2
password fields to
> fulfill and at the ent, that doesn't work
as far as i can read in that dockerfile on a first view, it
does only install
dependencies and "activating" SSL/TLS, but lacks any kind of
further required
configuration for cyrus auth etc.
the flexibility and complexity of cyrus installations are not
easy to
"capsule" into a docker file or reciept for a "common usage".
depending on what kind of authentication subsystem (i.e.
mysql, pam, ldap,
pam_mysql, sasl, saslauthd (with pam or other "backend") you
want to use or
even active AD or others you have to configure that by hand
(or extend that
docker file).
a typical "easy" way is using saslauthd with -s pam to
"simply" use pam
authentication.
hth,
niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info:
http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
----
Cyrus Home Page:http://www.cyrusimap.org/
List Archives/Info:http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
--
Nic Bernstein n...@nicbernstein.com
mobile: +1 414 807 1734
snail: 1111 N Astor St Apt A5, Milwaukee, WI 53202-3319
https://www.nicbernstein.com
https://www.linkedin.com/in/nic-b-26577a178/
----
Cyrus Home Page: http://www.cyrusimap.org/
List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
To Unsubscribe:
https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
