Notes webmail Roundcube

docker run -ti --rm -p 127.0.0.1:8081:80 \
    -e ROUNDCUBEMAIL_DEFAULT_HOST=tls://imap.acme.fr \
    -e ROUNDCUBEMAIL_SMTP_SERVER=smtp.acme.fr \
    -e ROUNDCUBEMAIL_SMTP_PORT=25 \
    roundcube/roundcubemail

docker ps
docker update --restart unless-stopped 22eac34b881c

/etc/nginx/sites-available/mail.acme.fr

server {                            
    if ($host = mail.acme.fr) {                 
        return 301 https://$host$request_uri;              
    } # managed by Certbot                                                   
 
 
        listen 80;
        listen [::]:80;
        server_name mail.acme.fr;
        return 301 https://mail.acme.fr$request_uri;                     
 
 
} 
 
server {
        #listen 127.0.0.1:444 ssl;
        listen 443 ssl;
        listen [::]:443 ssl;
 
        server_name mail.acme.fr;
        ssl_certificate /etc/letsencrypt/live/mail.acme.fr/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/mail.acme.fr/privkey.pem; # managed by Certbot
        ssl_session_timeout 5m;
        ssl_prefer_server_ciphers on;
        #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_protocols TLSv1.2;
        ssl_ciphers ALL:!aNULL:!eNULL:!LOW:!EXP:!RC4:!3DES:+HIGH:+MEDIUM;
        #ssl_dhparam /etc/ssl/private/dh2048.pem;
        ssl_dhparam /etc/nginx/ssl/dhparam4.pem;
        add_header Strict-Transport-Security max-age=2678400;
 
        #auth_basic "Restricted";
        #auth_basic_user_file /etc/nginx/wiki.htpasswd;
        client_max_body_size 20m;
        proxy_read_timeout 3600;
 
 
        location / {
                 proxy_redirect off;
                 proxy_set_header Host $http_host;
                 proxy_set_header X-Forwarded-Server $host;
                 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                 proxy_set_header X-Real-IP $remote_addr;
                 proxy_pass http://127.0.0.1:8081;
        }
 
}

/etc/postfix/main.cf

# Ajouter le réseau de Docker dans mynetworks
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128 172.16.0.0/12

Puis

postfix reload

Cela permet de pouvoir envoyer des mails à soi-même dans le cas où nous interdisons les mails de “mondomain.com” depuis internet.

Voir smtpd_client_restrictions = permit_mynetworks, check_client_access hash:/etc/postfix/client_checks

Pb

Erreur upstream timed out (110: Connection timed out)

2023/03/23 16:24:33 [error] 20264#20264: *66053 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 192.168.78.117, server: mail.acme.fr, request: "GET /?_task=mail&_action=search&_interval=&_q=plop&_headers=text&_layout=widescreen&_filter=ALL&_scope=all&_remote=1&_unlock=loading1679585013210&_=1679584230928 HTTP/1.1", upstream: "http://127.0.0.1:8081/?_task=mail&_action=search&_interval=&_q=david&_headers=text&_layout=widescreen&_filter=ALL&_scope=all&_remote=1&_unlock=loading1679585013210&_=1679584230928", host: "mail.acme.fr", referrer: "https://mail.acme.fr/?_task=mail&_mbox=INBOX"

Solution

proxy_read_timeout 3600;

Pb taille des pièces jointes

Solution

client_max_body_size 20m;