You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Releases can be found at https://mailu.github.io/helm-charts/
15
15
16
-
A comprehensive guide how to set up mailu on a manages k8s cluster (oracle cloud) can be found at https://just-4.fun/blog/howto/oc-k8s-mailu/ (external resource).
16
+
A comprehensive guide on how to set up Mailu on a managed Kubernetes cluster (Oracle Cloud) can be found at https://just-4.fun/blog/howto/oc-k8s-mailu/ (external resource).
This chart installs the Mailu mail system on kubernetes
5
+
This chart installs the Mailu mail system on Kubernetes
6
6
7
7
**Homepage:**<https://mailu.io>
8
8
@@ -16,16 +16,16 @@ This chart installs the Mailu mail system on kubernetes
16
16
| 2.x.x | >= 2024.06 |
17
17
18
18
Active development of this chart is only for the latest supported Mailu version.
19
-
Branches exists for older mailu versions (e.g. old/mailu-1.8).
19
+
Branches exists for older Mailu versions (e.g. old/mailu-1.8).
20
20
21
21
## Prerequisites
22
22
23
-
-⚠️Starting with version 1.9, you need a validating DNSSEC compatible resolver in order to run Mailu.
24
-
- a working HTTP/HTTPS ingress controller such as nginx or traefik
25
-
- cert-manager v0.12 or higher installed and configured (including a working cert issuer). Otherwise you will need to handle it by yourself and provide the secret to Mailu.
26
-
-A node which has a public reachable IP, static address because mail service binds directly to the node's IP
27
-
-A hosting service that allows inbound and outbound traffic on port 25.
28
-
- Helm 3 (helm 2 support is dropped with release 0.3.0).
23
+
-Starting with version 1.9, you need a validating DNSSEC compatible resolver in order to run Mailu.
24
+
- a working HTTP/HTTPS ingress controller such as nginx or Traefik
25
+
- cert-manager v0.12 or higher installed and configured (including a working cert issuer) – otherwise you'll need to handle issuing certificates and providing the secret to Mailu yourself
26
+
-a node which has a publicly reachable static IP address, because mail service binds directly to the node's IP
27
+
-a hosting provider that allows inbound and outbound traffic on port 25
28
+
- Helm 3 (Helm 2 support is dropped with release 0.3.0)
One of the biggest mistakes when running a mail server is a so called "Open Relay". This kind of misconfiguration is in most cases caused by a badly configured
40
-
load balancer which hides the originating IP address of an email which makes Mailu think, the email comes from an internal address and ommits authentification and other checks. In the result, your mail server can be abused to spread spam and will get blacklisted within hours.
39
+
One of the biggest mistakes when running a mail server is a so-called "open relay".
40
+
In most cases, this kind of misconfiguration is caused by a badly configured load balancer that hides the originating IP address of an email.
41
+
This makes Mailu think that the email is coming from an internal address and it omits authentification and other checks.
42
+
As a result, your mail server can be abused to spread spam and will get blacklisted within hours.
41
43
42
-
It is very important that you check your setup for open relay at least:
44
+
It is very important to check whether your setup is an open relay at least:
43
45
44
46
- after installation
45
-
-at any time you change network settings or load balancer configuration
47
+
- any time you change network settings or load balancer configuration
46
48
47
49
The check is quite simple:
48
50
49
-
- watch the logs for the "mailu-front" POD
51
+
- watch the logs for the "mailu-front" pod
50
52
- browse to an open relay checker like <https://mxtoolbox.com/diagnostic.aspx>
51
53
- enter the hostname or IP address of your mail server and start the test
52
54
@@ -56,7 +58,7 @@ In the logs, you should see some message like
56
58
2021/10/26 21:23:25 [info] 12#12: *25691 client 18.205.72.90:56741 connected to 0.0.0.0:25
57
59
```
58
60
59
-
It is very important that the IP address shown here is an external public IP address, not an internal like 10.x.x.x, 192.168.x.x or 172.x.x.x.
61
+
The IP address shown here must be a public IP address, i.e. not in any of the RFC 1918 subnets: `10.0.0.0/8`, `172.16.0.0/12`, or `192.168.0.0/16`
60
62
61
63
Also verify that the result of the check confirms that there is no open relay:
62
64
@@ -66,21 +68,20 @@ SMTP Open Relay OK - Not an open relay.
66
68
67
69
### Warning, this will not work on most cloud providers
68
70
69
-
- Google cloud does not allow outgoing connections to connect to port 25. You will not be able to send
70
-
mails with mailu on google cloud (<https://googlecloudplatform.uservoice.com/forums/302595-compute-engine/suggestions/12422808-please-unblock-port-25-allow-outbound-mail-connec>)
71
-
- Many cloud providers don't allow to assign fixed IPs directly to nodes. They use proxies or load balancers instead. While
72
-
this works well with HTTP/HTTPs, on raw TCP connections (such as mail protocol connections) the originating IP get's lost.
73
-
There's a so called "proxy protocol" as a solution for this limitation but that's not yet supported by mailu (due the lack of
74
-
support in the nginx mail modules). Without the original IP information, a mail server will not work properly, or worse, will be
71
+
- Google Cloud does not allow outgoing connections to connect to port 25, so
72
+
[you will not be able to send mails with Mailu on Google Cloud](<https://googlecloudplatform.uservoice.com/forums/302595-compute-engine/suggestions/12422808-please-unblock-port-25-allow-outbound-mail-connec>)
73
+
- Many cloud providers don't assign fixed IPs to nodes directly. They use proxies or load balancers instead.
74
+
While this works well with HTTP/HTTPs, on raw TCP connections (such as mail protocol connections) the originating IP gets lost.
75
+
There's a so called "proxy protocol" as a solution for this limitation but that's not yet supported by Mailu (due the lack of support in the nginx mail modules).
76
+
Without the original IP information, a mail server will not work properly, or worse, become
75
77
an open relay.
76
-
- If you'd like to run mailu on kubernetes, consider to rent a cheap VPS and run kuberneres on it (e.g. using rancher2). A good option is to
77
-
use hetzner cloud VPS (author's personal opinion).
78
-
- Please don't open issues in the bug tracker if your mail server is not working because your cloud provider blocks port 25 or hides
79
-
source ip addresses behind a load balancer.
78
+
- If you'd like to run Mailu on Kubernetes, consider renting a cheap VPS to run Kubernetes on (e.g. using Rancher2).
79
+
A good option for a hosting provider is [Hetzner Cloud VPS](<https://www.hetzner.com/cloud/>) (author's personal opinion).
80
+
- Please don't open issues in the bug tracker if your mail server is not working because your cloud provider blocks port 25 or hides source ip addresses behind a load balancer.
|`externalDatabase.enabled`| Set to true to use an external database |`false`|
215
-
|`externalDatabase.type`| Type of the external database for mailu and roundcube (`mysql`/`postgresql`) |`""`|
216
+
|`externalDatabase.type`| Type of the external database for Mailu and Roundcube (`mysql`/`postgresql`) |`""`|
216
217
|`externalDatabase.host`| Hostname of the database |`""`|
217
218
|`externalDatabase.port`| Port of the database |`3306`|
218
219
|`externalDatabase.database`| Name of the database |`mailu`|
@@ -1139,13 +1140,13 @@ There are several ways to expose mail ports to the public. If you do so, make su
1139
1140
1140
1141
### Running on a single node with a public IP
1141
1142
1142
-
This is the most straightforward way to run mailu. It can be used when the node where mailu (or at least the "front" POD) runs on a specific node that has a public ip address which is used for mail. All mail ports of the "front" POD will be simply exposed via the "hostPort" function.
1143
+
This is the most straightforward way to run Mailu. It can be used when the node where Mailu (or at least the "front" POD) runs on a specific node that has a public ip address which is used for mail. All mail ports of the "front" POD will be simply exposed via the "hostPort" function.
1143
1144
1144
1145
To use this mode, set `front.hostPort.enabled` to `true` (which is the default). If your cluster has multiple nodes, you should use `front.nodeSelector` to bind the front container on the node where your public mail IP is located on.
1145
1146
1146
1147
### Running on bare metal with k3s and klipper-lb
1147
1148
1148
-
If you run on bare metal with k3s (e.g by using k3os), you can use the build-in load balancer [klipper-lb](https://rancher.com/docs/k3s/latest/en/networking/#service-load-balancer). To expose mailu via loadBalancer, set:
1149
+
If you run on bare metal with k3s (e.g by using k3os), you can use the build-in load balancer [klipper-lb](https://rancher.com/docs/k3s/latest/en/networking/#service-load-balancer). To expose Mailu via loadBalancer, set:
0 commit comments