<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<font size="-1">Fabio,<br>
Very interesting stuff. I would encourage you to add Readme.md to
your repository, containing at least what you've summarized here.
This would make for a nice addition to the Cyrus documentation,
but would need a bit more explanation on your part, first, so
whomever prepares the docs for the Cyrus project doesn't
misrepresent anything you've done.<br>
<br>
Some questions:<br>
</font>
<ul>
<li><font size="-1">You've gone to the trouble to add the
certificate infrastructure for Postfix, but not for Cyrus.
Any reason for that?</font></li>
<ul>
<li><font size="-1">What I'm referring to here is the nginx
proxy support for the Let's Encrypt stuff (at least I assume
that's what you're using)<br>
</font></li>
</ul>
<li><font size="-1">Your Postfix configuration contains support
for the deprecated Cyrus 'deliver' program as well as LMTP. <br>
</font></li>
<ul>
<li><font size="-1">If Postfix & Cyrus are separate
containers, then 'deliver' won't work.<br>
</font></li>
</ul>
</ul>
<br>
Nice work!<br>
-nic<br>
<br>
<div class="moz-cite-prefix">On 2/18/20 10:16 AM, Fabio Montefuscolo
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAF4KPBTAQHxf_s0Xsv5faEKOVbgG4z=HQXZgH5dWycvE78wTww@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default"
style="font-family:monospace,monospace">Hello!</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">I finally got the
basic stuff working on Docker and deployed through Docker
swarm. That is what I learnt (or I think I learnt)</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* a basic mail
solution having Cyrus needs 4 containers (imapd, saslauthd,
rsyslog and postfix)</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* sharing rsyslog
socket on all containers is needed to have logs</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* saslauthd socket
needs to be shared on imapd and postfix containers, to have
authentication</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* imapd exposes lmtp
socket, that needs to be shared with postfix, to receive
emails</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">Other stuff</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* Saslauthd is using
OpenLDAP</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* Postfix uses
letsencrypt generated certificate</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">Next challenges</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* Run OpenDKIM
container and tie it o Postfix</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* Work with
virtualdomains</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* Have a spam solution</div>
<div class="gmail_default"
style="font-family:monospace,monospace">* Convert the
docker-compose.yml to a kubernetes equivalent (so scary)</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">If anyone have some
minutes to take a look at <a
href="https://github.com/fabiomontefuscolo/wikisuite-swarm/tree/master/global-services"
moz-do-not-send="true">https://github.com/fabiomontefuscolo/wikisuite-swarm/tree/master/global-services</a>
and give some thoughts, it would be awesome.</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
<div class="gmail_default"
style="font-family:monospace,monospace">Thank you!!</div>
<div class="gmail_default"
style="font-family:monospace,monospace"><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em qua., 15 de jan. de 2020 às
08:49, Fabio Montefuscolo <<a
href="mailto:fabio.montefuscolo@gmail.com"
moz-do-not-send="true">fabio.montefuscolo@gmail.com</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:monospace,monospace">Hi N<span
style="font-family:Arial,Helvetica,sans-serif">iels</span></div>
<div class="gmail_default"
style="font-family:monospace,monospace"><span
style="font-family:Arial,Helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"
style="font-family:monospace,monospace"><span
style="font-family:Arial,Helvetica,sans-serif">Thank you
very much for looking into this. </span></div>
<div class="gmail_default"
style="font-family:monospace,monospace"><span
style="font-family:Arial,Helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default"
style="font-family:monospace,monospace"><span
style="font-family:Arial,Helvetica,sans-serif">Initially,
I would like to get this working like I got in a real
CentOS 8. I have here a virtual machine where I did the
same steps I did in Dockerfile. But in VM I start
services "<b>systemctl start cyrus-imapd</b>" and "<b>systemctl
start saslauthd</b>" and basic login works out of the
box. I could telnet on port 143 and "<b>. login cyrus
cyrus</b>". That is not happening on Docker.</span></div>
<div class="gmail_default"
style="font-family:monospace,monospace"><span
style="font-family:Arial,Helvetica,sans-serif"><br>
</span></div>
<div class="gmail_default">I hope other people using the
image can write their own config and mount inside the
container to achieve their needs. The plan is to have some
kubernetes recipes I can repeat whenever we get a new
client wondering to have an email service. Actually I'm
testing it on DO, but using kubernetes should be simple to
move to AWS, Linode or any other kubernetes hosting.</div>
<div class="gmail_default"><br>
</div>
<div class="gmail_default">Thank you</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">Em qua., 15 de jan. de
2020 às 06:22, Niels Dettenbach via Info-cyrus <<a
href="mailto:info-cyrus@lists.andrew.cmu.edu"
target="_blank" moz-do-not-send="true">info-cyrus@lists.andrew.cmu.edu</a>>
escreveu:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">Am Dienstag, 14. Januar
2020, 16:47:52 CET schrieb Fabio Montefuscolo:<br>
> I'm trying to build a simple docker image based on
CentOS 8, which brings<br>
> cyrus-imapd 3.0.7. I'm having troubles to
authenticate on cyrus imap<br>
> service for unknown reasons. There is no syslog
facility working inside<br>
> the centos image, so I don't have logs. The final
idea is deploy this<br>
> image in a kubernetes cluster. The Dockerfile I'm
using is<br>
> <a
href="https://github.com/fabiomontefuscolo/docker-cyrusimapd"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://github.com/fabiomontefuscolo/docker-cyrusimapd</a><br>
> <br>
> When I jump into console and try to use cyradm, I get
2 password fields to<br>
> fulfill and at the ent, that doesn't work<br>
<br>
<br>
as far as i can read in that dockerfile on a first view,
it does only install <br>
dependencies and "activating" SSL/TLS, but lacks any kind
of further required <br>
configuration for cyrus auth etc.<br>
<br>
the flexibility and complexity of cyrus installations are
not easy to <br>
"capsule" into a docker file or reciept for a "common
usage".<br>
<br>
depending on what kind of authentication subsystem (i.e.
mysql, pam, ldap, <br>
pam_mysql, sasl, saslauthd (with pam or other "backend")
you want to use or <br>
even active AD or others you have to configure that by
hand (or extend that <br>
docker file).<br>
<br>
a typical "easy" way is using saslauthd with -s pam to
"simply" use pam <br>
authentication.<br>
<br>
<br>
hth,<br>
<br>
<br>
<br>
niels.<br>
<br>
<br>
-- <br>
---<br>
Niels Dettenbach<br>
Syndicat IT & Internet<br>
<a href="http://www.syndicat.com" rel="noreferrer"
target="_blank" moz-do-not-send="true">http://www.syndicat.com</a><br>
PGP: <a href="https://syndicat.com/pub_key.asc"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://syndicat.com/pub_key.asc</a><br>
---<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
----<br>
Cyrus Home Page: <a href="http://www.cyrusimap.org/"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://www.cyrusimap.org/</a><br>
List Archives/Info: <a
href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a><br>
To Unsubscribe:<br>
<a
href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus"
rel="noreferrer" target="_blank" moz-do-not-send="true">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a><br>
</blockquote>
</div>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">----
Cyrus Home Page: <a class="moz-txt-link-freetext" href="http://www.cyrusimap.org/" moz-do-not-send="true">http://www.cyrusimap.org/</a>
List Archives/Info: <a class="moz-txt-link-freetext" href="http://lists.andrew.cmu.edu/pipermail/info-cyrus/" moz-do-not-send="true">http://lists.andrew.cmu.edu/pipermail/info-cyrus/</a>
To Unsubscribe:
<a class="moz-txt-link-freetext" href="https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus" moz-do-not-send="true">https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus</a></pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Nic Bernstein <a class="moz-txt-link-abbreviated" href="mailto:nic@nicbernstein.com">nic@nicbernstein.com</a>
mobile: +1 414 807 1734
snail: 1111 N Astor St Apt A5, Milwaukee, WI 53202-3319
<a class="moz-txt-link-freetext" href="https://www.nicbernstein.com">https://www.nicbernstein.com</a>
<a class="moz-txt-link-freetext" href="https://www.linkedin.com/in/nic-b-26577a178/">https://www.linkedin.com/in/nic-b-26577a178/</a>
</pre>
</body>
</html>