On ubuntu the package is called “ca-certificates”.
yes I installed this one, but no luck what ldap query did you use ?
By the way did you test an imap authentication ?
From inside the container:
ldapsearch -x -H ldaps://172.28.0.1 -D “uid=piler,ou=People,dc=directory,dc=nh” -b “dc=directory,dc=nh” -w piler123
ldapsearch -x -H ldaps://172.28.0.1 -D cn=ldapservice,dc=directory,dc=nh -b “dc=directory,dc=nh” -w 5TpsW_xgFCNx_hXN
Both queries work. Anyway, I’ll discard the current vm, and try to recreate to make sure it works. I’ll keep you posted.
No, I haven’t tried the imap authentication yet. I’ll test it after the redeployment.
Append the following to /etc/ldap/ldap.conf
I started again a new VM, that is fun ca-certificates is installed from base. I tested imap authentication, no luck
I tested to import with piler-import, it works, I can the imported email in the dashboard however I cannot search for email, does it work for you ?
Yes, it works. I’ve redeployed the whole stuff, and a few things to remember:
- you need the ldap.conf fix (TLS_REQCERT never)
- configure a transport for the archive, eg.
Also somehow this settings should be made permanent. You can configure a relay host, however it would be to configure the transport entries as well from the gui or to provide some cli option to make the above settings permanent.
To have the emails visible on the gui, you need to either wait for up to 30 mins, because the indexer runs only periodically. Or as user piler run /usr/libexec/piler/indexer.delta.sh.
I’ll try the imap auth as well. It works, however it requires
db dockrules set pilerimap aqua TCPPorts 993 status enabled
I used the following config in /etc/piler/config-site.php:
$config['ENABLE_IMAP_AUTH'] = 1; $config['RESTORE_OVER_IMAP'] = 1; $config['IMAP_RESTORE_FOLDER_INBOX'] = 'INBOX'; $config['IMAP_RESTORE_FOLDER_SENT'] = 'Sent'; $config['IMAP_HOST'] = '172.28.0.1'; $config['IMAP_PORT'] = 993; $config['IMAP_SSL'] = true;
Anyway, I think we are getting closer to make it work. In the meantime I’ll fix the docker image to add the ldap.conf workaround to support self signed certs.
I suppose I needed a break…now it works, I can login with imap, if we want to be cross LDAP, maybe an imap authentication is something we could think (compatible with SAMBA AD and LDAP).
The index seems to work now, I can see email search with the auditor.
I will start a skeleton of the rpm.
I did it differently, since I use the network aqua, I can use the default port of postfix (25), then I set a host declaration in the DNS panel of NethServer
archive.yourdomain.com=remote Description= IpAddress=172.28.0.4 WildcardMode=disabled
and did a BCC in postfix
[root@ns7loc11 docker]# db domains show nethservertest.org=domain AlwaysBccAddressemail@example.com AlwaysBccStatus=enabled Description= DisclaimerStatus=disabled RelayHost= TransportType=LocalDelivery UnknownRecipientsActionDeliverMailbox=root UnknownRecipientsActionType=bounce
Not sure it is the good way
Did you actually try sending an email with this setup? Because by default postfix occupies port 25 on 0.0.0.0, so piler needs to bind to another port (that’s why I picked 2525), however I cannot it in your config. Anyway, if it works, then it’s good.
lets start a module we could go in a direction, and go back if it is wrong, I ping you soon
OK, take your time, and let me know if I can help with testing or something else.
Obviously I need you
Hoping suits both tastes, i’ll keep them warm 'til tomorrow morning.
normally piler is up on aqua, you can reach it at
piler.$DomainName (default domain name of your nethserver)
Still other stuff to do
- ldap and/or imap authentication
- backup of docker volumes
- understand why the docker health status is false (curl -s smtp://localhost exit with error)
- make an UI in cockpit (if a lot of settings are exposed)
- decide the hostname of piler (for docker and apache reverse proxy), actually set to piler.$DomainName
- find a way to import all received emails before the piler installation
- make a transport or a BCC for each domain
- docker-compose does not get a version number, find a trick
I think I have something basically workable
After the installation piler is up, docker based
you can login with default login admin@local:pilerrocks auditor@local:auditor or any valid imap account on the server
the web interface of piler is reachable at piler.DefaultDomainOfTheServer, https redirection if you use http, we use the default https certificate of the server
To send email to piler you have to enable a BCC to
archive@piler.DefaultDomainOfTheServer for each domain
[root@ns7loc10 ~]# db domains setprop nethservertest.org AlwaysBccAddress firstname.lastname@example.org AlwaysBccStatus enabled [root@ns7loc10 ~]# signal-event domain-modify nethservertest.org
you have to wait 30 minute before to search with sphinx but in the dashboard you can see the email number incremented
the nethserver backup is taking in account (The three docker volumes)
We cannot use the template system to rewrite as is the piler configuration files, we have to wait that docker has written the config-php before to rewrite it with our configurations (I mean mainly for the imap authentication) so I created a systemd service to check it.
I have some question relative to
the certificate of piler I suppose it is done to encrypt the data
/(.*)/ prepend X-Envelope-To: $1 not sure it is a mandatory
The last but not the least, how to integrate the previous received/sent email on the server, we have a specific folder on the server, the ownership is to vmail…thinking on it
yum install http://mirror.de-labrusse.fr/NethDev/nethserver-piler/nethserver-piler-0.1.0-1.ns7.sdl.x86_64.rpm
yum install install http://mirror.de-labrusse.fr/NethDev/nethserver-piler/nethserver-piler-0.1.0-1.1.g92389b8.ns7.sdl.x86_64.rpm
- piler service is PartOf docker service
- a piler wrapper ease you life, do piler in the console
need to go back at the fosdem
relative to the importation of the former received email we could use the pilerimport script outside of the container with the dovecot master user, no need to know the password of user
[root@ns7loc10 ~]# ll /var/lib/nethserver/vmail/ email@example.com/ firstname.lastname@example.org/ root/ shared-mailboxes.db email@example.com/ vmail/ firstname.lastname@example.org/ [root@ns7loc10 ~]# cat /var/lib/nethserver/secrets/vmail oM_3bQpJm7hrKVDF [root@ns7loc10 ~]# docker exec piler_piler_1 /bin/bash -c 'su - piler;cd /var/piler/imap;/usr/bin/pilerimport -i ns7loc10.nethservertest.org -u email@example.com*vmail -p oM_3bQpJm7hrKVDF -P 993' Cipher: ECDHE-RSA-AES256-GCM-SHA384 List of IMAP folders: => 'Drafts [\HasNoChildren \Drafts]' => 'Sent [\HasNoChildren \Sent]' => 'Trash [\HasNoChildren \Trash]' => 'Junk [\HasNoChildren \Junk]' => 'Public [\HasChildren]' => 'Public/Junk [\HasNoChildren]' => 'INBOX [\HasNoChildren]' processing folder: Public... ERROR: select cmd error: A3 NO [NOPERM] Permission denied (0.001 + 0.000 secs). processing folder: Drafts... found 0 messages processing folder: Sent... found 4 messages duplicate: 405-imap-4.txt (duplicate id: 6) processing folder: Public/Junk... ERROR: select cmd error: * OK [CLOSED] Previous mailbox closed. processing folder: Junk... found 0 messages processing folder: INBOX... found 6 messages duplicate: 405-imap-5.txt (duplicate id: 1) duplicate: 405-imap-6.txt (duplicate id: 2) duplicate: 405-imap-7.txt (duplicate id: 2) duplicate: 405-imap-8.txt (duplicate id: 3) duplicate: 405-imap-9.txt (duplicate id: 4) duplicate: 405-imap-10.txt (duplicate id: 6) processing folder: Trash... found 4 messages duplicate: 405-imap-11.txt (duplicate id: 2) duplicate: 405-imap-12.txt (duplicate id: 3) duplicate: 405-imap-13.txt (duplicate id: 4) duplicate: 405-imap-14.txt (duplicate id: 1)
do piler-import-email in the console, you will import all emails of the host to the piler docker
A post was split to a new topic: Nethserver-piler needs your tests