Fwd: Help putting cyrus on Docker

Tue Feb 18 14:38:07 EST 2020

Hi Nic!

I'm super happy with your response!

Honestly, I added that while I was getting 550 from lmtp, but that probably
should be removed. But lmtp, do you think I can remove that line from the
master? Actually, that line came turned on by default on CentOS 8, that is
the base image I'm using. I will turn that off and check if all runs ok.

I will write a README for this recipe and all containers I made. I would be
very happy to see that in the Cyrus docs :)

Em ter., 18 de fev. de 2020 às 14:24, Nic Bernstein <nic at nicbernstein.com>
escreveu:

> Fabio,
> Very interesting stuff.  I would encourage you to add Readme.md to your
> repository, containing at least what you've summarized here.  This would
> make for a nice addition to the Cyrus documentation, but would need a bit
> more explanation on your part, first, so whomever prepares the docs for the
> Cyrus project doesn't misrepresent anything you've done.
>
> Some questions:
>
>    - You've gone to the trouble to add the certificate infrastructure for
>    Postfix, but not for Cyrus.  Any reason for that?
>       - What I'm referring to here is the nginx proxy support for the
>       Let's Encrypt stuff (at least I assume that's what you're using)
>       - Your Postfix configuration contains support for the deprecated
>    Cyrus 'deliver' program as well as LMTP.
>    - If Postfix & Cyrus are separate containers, then 'deliver' won't
>       work.
>
>
> Nice work!
>     -nic
>
> On 2/18/20 10:16 AM, Fabio Montefuscolo wrote:
>
> Hello!
>
> I finally got the basic stuff working on Docker and deployed through
> Docker swarm. That is what I learnt (or I think I learnt)
>
> * a basic mail solution having Cyrus needs 4 containers (imapd, saslauthd,
> rsyslog and postfix)
> * sharing rsyslog socket on all containers is needed to have logs
> * saslauthd socket needs to be shared on imapd and postfix containers, to
> have authentication
> * imapd exposes lmtp socket, that needs to be shared with postfix, to
> receive emails
>
> Other stuff
>
> * Saslauthd is using OpenLDAP
> * Postfix uses letsencrypt generated certificate
>
> Next challenges
>
> * Run OpenDKIM container and tie it o Postfix
> * Work with virtualdomains
> * Have a spam solution
> * Convert the docker-compose.yml to a kubernetes equivalent (so scary)
>
> If anyone have some minutes to take a look at
> https://github.com/fabiomontefuscolo/wikisuite-swarm/tree/master/global-services
> and give some thoughts, it would be awesome.
>
> Thank you!!
>
>
> Em qua., 15 de jan. de 2020 às 08:49, Fabio Montefuscolo <
> fabio.montefuscolo at gmail.com> escreveu:
>
>> Hi Niels
>>
>> Thank you very much for looking into this.
>>
>> Initially, I would like to get this working like I got in a real CentOS
>> 8. I have here a virtual machine where I did the same steps I did in
>> Dockerfile. But in VM I start services "*systemctl start cyrus-imapd*"
>> and "*systemctl start saslauthd*" and basic login works out of the box.
>> I could telnet on port 143 and "*. login cyrus cyrus*". That is not
>> happening on Docker.
>>
>> I hope other people using the image can write their own config and mount
>> inside the container to achieve their needs. The plan is to have some
>> kubernetes recipes I can repeat whenever we get a new client wondering to
>> have an email service. Actually I'm testing it on DO, but using kubernetes
>> should be simple to move to AWS, Linode or any other kubernetes hosting.
>>
>> Thank you
>>
>> Em qua., 15 de jan. de 2020 às 06:22, Niels Dettenbach via Info-cyrus <
>> info-cyrus at lists.andrew.cmu.edu> escreveu:
>>
>>> Am Dienstag, 14. Januar 2020, 16:47:52 CET schrieb Fabio Montefuscolo:
>>> > I'm trying to build a simple docker image based on CentOS 8, which
>>> brings
>>> > cyrus-imapd 3.0.7. I'm having troubles to authenticate on cyrus imap
>>> > service for unknown reasons. There is no syslog facility working inside
>>> > the centos image, so I don't have logs. The final idea is deploy this
>>> > image in a kubernetes cluster. The Dockerfile I'm using is
>>> > https://github.com/fabiomontefuscolo/docker-cyrusimapd
>>> >
>>> > When I jump into console and try to use cyradm, I get 2 password
>>> fields to
>>> > fulfill and at the ent, that doesn't work
>>>
>>>
>>> as far as i can read in that dockerfile on a first view, it does only
>>> install
>>> dependencies and "activating" SSL/TLS, but lacks any kind of further
>>> required
>>> configuration for cyrus auth etc.
>>>
>>> the flexibility and complexity of cyrus installations are not easy to
>>> "capsule" into a docker file or reciept for a "common usage".
>>>
>>> depending on what kind of authentication subsystem (i.e. mysql, pam,
>>> ldap,
>>> pam_mysql, sasl, saslauthd (with pam or other "backend") you want to use
>>> or
>>> even active AD or others you have to configure that by hand (or extend
>>> that
>>> docker file).
>>>
>>> a typical "easy" way is using saslauthd with -s pam to "simply" use pam
>>> authentication.
>>>
>>>
>>> hth,
>>>
>>>
>>>
>>> niels.
>>>
>>>
>>> --
>>>  ---
>>>  Niels Dettenbach
>>>  Syndicat IT & Internet
>>>  http://www.syndicat.com
>>>  PGP: https://syndicat.com/pub_key.asc
>>>  ---
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ----
>>> Cyrus Home Page: http://www.cyrusimap.org/
>>> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
>>> To Unsubscribe:
>>> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>>>
>>
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
>
>
>
> --
> Nic Bernstein                               nic at nicbernstein.com
> mobile: +1 414 807 1734
> snail: 1111 N Astor St Apt A5, Milwaukee, WI  53202-3319https://www.nicbernstein.comhttps://www.linkedin.com/in/nic-b-26577a178/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20200218/e3eb4b77/attachment-0001.html>