Difference between revisions of "Integration with UCS/Mail"
From Univention Wiki
| Line 40: | Line 40: | ||
* Port 587 (submission) for authentication | * Port 587 (submission) for authentication | ||
* Auth login or Auth Plain | * Auth login or Auth Plain | ||
| + | |||
| + | = Provide SMTP/IMAP in [[Docker Apps]] = | ||
| + | |||
| + | To provide SMTP and/or IMAP services in a Docker App, these services have to stopped on the Docker host. This can be done in the App's '''preinst''' [[Docker_Apps/Container_Scripts]]. | ||
| + | <pre> | ||
| + | #!/bin/bash | ||
| + | |||
| + | # stop imap/smtp on docker host | ||
| + | test -e /etc/init.d/postfix && service postfix stop | ||
| + | test -e /etc/init.d/dovecot && service dovecot stop | ||
| + | ucr set postfix/autostart='no' | ||
| + | ucr set dovecot/autostart='no' | ||
| + | </pre> | ||
| + | |||
| + | To map SMTP and IMAP ports from the container to the host to be able to use the Docker host as IMAP/SMTP server the parameter '''PortsExclusive''' can be set in the Apps [[Meta files/ini|ini file]]. | ||
| + | <pre> | ||
| + | # map pop3(s), imap(s), smtp(s), submission and sieve port | ||
| + | PortsExclusive=110,143,993,995,587,25,465,4190 | ||
| + | </pre> | ||
| + | Firewall exceptions for these ports are create automatically. | ||
| + | |||
| + | Best practice: | ||
Revision as of 16:48, 8 November 2016
Use an existing UCS mailstack in Docker Apps
If the App relies on an existing mail infrastructure (IMAP, SMTP), best practice is to set a dependency RequiredAppsInDomain=mailserver in the Apps ini file.
This way the UCS mailstack has to be installed (anywhere in the UCS domain) before the installation of the App is allowed.
Next step is to configure the App to use the UCS IMAP/SMTP server. This should be done in the Apps join script.
...
. /usr/share/univention-appcenter/joinscripthelper.sh
...
eval "$(univention-config-registry shell)"
...
# use the first IMAP server as smtp and imap server
mailserver="$(univention-ldapsearch -LLL univentionService=IMAP cn | grep "^cn: " | sed s/"^cn: "// | head -n1)"
if [ -n "$mailserver" ]; then
mailserver="$mailserver.$domainname"
joinscript_run_in_container my-app-setup --config imap="$mailserver"
joinscript_run_in_container my-app-setup --config smtp="$mailserver"
joinscript_run_in_container my-app-setup --config sieve="$mailserver"
fi
...
This snippet searches the UCS LDAP for a host with the service IMAP and sets the FQDN of this host as IMAP, SMTP and SIEVE server in the container.
Best practice IMAP settings:
- TLS
- Port 143
- Authentication is possible for domain users with a mailPrimaryAddress
- Uid or mailPrimaryAddress are both valid for authentication
Best practice SMTP settings:
- TLS
- Port 587 (submission) for authentication
- Auth login or Auth Plain
Provide SMTP/IMAP in Docker Apps
To provide SMTP and/or IMAP services in a Docker App, these services have to stopped on the Docker host. This can be done in the App's preinst Docker_Apps/Container_Scripts.
#!/bin/bash # stop imap/smtp on docker host test -e /etc/init.d/postfix && service postfix stop test -e /etc/init.d/dovecot && service dovecot stop ucr set postfix/autostart='no' ucr set dovecot/autostart='no'
To map SMTP and IMAP ports from the container to the host to be able to use the Docker host as IMAP/SMTP server the parameter PortsExclusive can be set in the Apps ini file.
# map pop3(s), imap(s), smtp(s), submission and sieve port PortsExclusive=110,143,993,995,587,25,465,4190
Firewall exceptions for these ports are create automatically.
Best practice:
