Mailpiler - self hosted email archive

timconsidine

@vladimir-d Feedback :
I tried building the app from the git address
I got error as below

=> ERROR [ 6/10] ADD config/nginx /app/data/nginx                                                                              0.0s
------
 > [ 6/10] ADD config/nginx /app/data/nginx:
------
failed to compute cache key: "/config/nginx" not found: not found

I fixed this by creating a directory 'nginx' in 'mailpiler-master/conf' and copied the 'nginx.conf from its location couple layers below
Building then continued correctly.
Other errors found which I am investigating

timconsidine

@vladimir-d Feedback on building :
After sorting out nginx.conf location, there is long list of building information until :

#5 86.05 dpkg: error processing archive piler_1.3.11-focal-5c2ceb1_amd64.deb (--install):
#5 86.05  package architecture (amd64) does not match system (arm64)
#5 86.05 Errors were encountered while processing:
#5 86.05  piler_1.3.11-focal-5c2ceb1_amd64.deb
------
executor failed running [/bin/sh -c apt-get update &&     apt-get -y --no-install-recommends install        wget openssl sysstat php7.4-cli php7.4-cgi php7.4-mysql php7.4-fpm php7.4-zip php7.4-ldap        php7.4-gd php7.4-curl php7.4-xml php7.4-memcached catdoc unrtf poppler-utils nginx tnef sudo libzip5        libtre5 cron libmariadb-dev mariadb-client-core-10.3 python3 python3-mysqldb ca-certificates curl 	   crudini vim net-tools supervisor memcached &&     apt-get clean &&     rm -rf /var/lib/apt/lists/* &&     wget --no-check-certificate -q -O ${SPHINX_BIN_TARGZ} ${DOWNLOAD_URL}/generic-local/${SPHINX_BIN_TARGZ} &&     tar zxvf ${SPHINX_BIN_TARGZ} &&     sed -i '/session    required     pam_loginuid.so/c\#session    required     pam_loginuid.so' /etc/pam.d/cron && 	wget --no-check-certificate -q -O ${PACKAGE} https://bitbucket.org/jsuto/piler/downloads/${PACKAGE} &&     dpkg -i ${PACKAGE} &&     ln -sf /etc/piler/piler-nginx.conf /etc/nginx/sites-enabled/ &&     rm -f ${PACKAGE} ${SPHINX_BIN_TARGZ} /etc/nginx/sites-enabled/default /etc/piler/piler.key /etc/piler/piler.pem /etc/piler/config-site.php]: exit code: 1

I can't see what is wrong but will continue looking.
With such long combined commands ("&&"), it is difficult to identify on which command it is failing.

Oh, BTW, I am building locally on a Mac Big Sur and using my docker registry.
But didn't get as far as pushing it there yet.

timconsidine

I edited the Dockerfile to split the original multiple command line (#14) into multiple RUN lines to identify clearly where is the problem.
Seems like it is :

 => ERROR [ 9/19] RUN dpkg -i piler_1.3.11-focal-5c2ceb1_amd64.deb                                                              0.2s 
------                                                                                                                               
 > [ 9/19] RUN dpkg -i piler_1.3.11-focal-5c2ceb1_amd64.deb:                                                                         
#13 0.222 dpkg: error processing archive piler_1.3.11-focal-5c2ceb1_amd64.deb (--install):                                           
#13 0.222  package architecture (amd64) does not match system (arm64)
#13 0.226 Errors were encountered while processing:
#13 0.226  piler_1.3.11-focal-5c2ceb1_amd64.deb
------
executor failed running [/bin/sh -c dpkg -i ${PACKAGE}]: exit code: 1

Not sure what to do here. Will have to think.
Although I guess it has to be this on line #9

PACKAGE="piler_1.3.11-focal-5c2ceb1_amd64.deb" \

timconsidine

Ah. Thinks.
Building this on Mac Big Sur running on Mac Mini with new Apple chip (not Intel)
Is that the cause of the architecture issue ?

timconsidine

Using the following seems to get past the platform architecture issue :
Only needed perhaps if building on Mac with Apple chip

docker buildx build --platform linux/amd64 -f Dockerfile --no-cache . -t <reponame>/mailpiler:cloudron-<date>

timconsidine

Build process failed (for me) on this line in #nginx section

ln -sf /etc/piler/piler-nginx.conf /etc/nginx/sites-enabled/

But i noticed preceding similar command succeeded

ln -s /app/data/nginx/conf/sites-enabled /etc/nginx/sites-enabled 

So I amended problem line by removing the trailing "/"
That build process now runs to completion.

I hope people don't mind the segregated comments and 'running commentary'. Personally I find it easier to track problems and solutions.

timconsidine

Successfully built and pushed to repository (docker in my case).
App installed on Cloudron w/o hassle .... but hangs in 'starting' mode.
So I uninstalled and tried cloudron install --image <repo>/<image>:<tag> without the --no-wait option.
This installs but similarly gets stuck

 => Wait for health check ........................................................................................................................................................................................................................................................................................................................................................^C

Out of my depth now. What to check / amend ?

timconsidine

Blundering around in the dark, but I notice that start.sh has on line 53

local SSL_CERT_DATA="/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

Should this not reference the Cloudron variable for location ?

girish

@marcusquinn @vladimir-d what is the status of the app package?

marcusquinn

@girish We have 2 self-installed working instances, not given it a thorough test but can't see anything obvious that wouldn't work either. Could perhaps do with some more experienced eyes and feedback on it though.

vladimir.d

@timconsidine I've updated Dockerfile to fix all building issues you faced with. After that everything went just fine on a fresh cloned copy.

@timconsidine said in Mailpiler - self hosted email archive:

Blundering around in the dark, but I notice that start.sh has on line 53

local SSL_CERT_DATA="/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

Should this not reference the Cloudron variable for location ?

When tls add-on is enabled in the manifest, the script doesn't generate a self signed certificate and uses the Cloudron certificate of the primary domain. I've amended it to use $CLOUDRON_APP_DOMAIN variable.

@timconsidine said in Mailpiler - self hosted email archive:

Successfully built and pushed to repository (docker in my case).
App installed on Cloudron w/o hassle .... but hangs in 'starting' mode.
So I uninstalled and tried cloudron install --image <repo>/<image>:<tag> without the --no-wait option.
This installs but similarly gets stuck

 => Wait for health check ............................^C

Out of my depth now. What to check / amend ?

It doesn't get stuck for me - I've tried to build&install the app with the recent changes.

I guess there is an issue with piler or nginx directories in /etc/, probably a wrong path or an invalid symlink or so.
You need to look at the app logs to see the issue.

timconsidine

@vladimir-d thank you !
I will give it another go in the morning.

vladimir.d

@girish It needs to expose 25 port for piler-smtp daemon. it says 25 (and other smtp ports) are reserved.
For now I've added tcpPorts field to Cloudronmanifest.json and exposed it as 12525 but I guess it won't properly work in most cases.
Is there a workaround to expose 25 port for the app?

girish

@vladimir-d Oh, interesting. Don't think an app can ever expose port 25 since the mail server requires port 25. Do you know why it requires port 25? Maybe I don't understand how the archiver works. I though it's pulling in all email via IMAP? Or is it that we should redirect all mail to mailpiler?

luckow

@girish According to my understanding of a mail archive solution, every incoming and outgoing mail must be forwarded to the archive solution. This is the only way to fulfil the requirements of the law. https://en.wikipedia.org/wiki/Email_archiving
The mailpiler docs tells us:
Postfix
Add the following to main.cf then issue the postfix reload command:

always_bcc = uuid@smtp.example.com

For historical mails there is the import option
https://docs.google.com/document/d/15F0fyb07etMqEXRJnMZcYc016UN-WDds-6zrZNjF6aU/edit#heading=h.58uixy8guf9y

https://docs.google.com/document/d/1YK7zVbcohFWf2w8BpYhCcsAY6Q61JKXa8pqUDrU7nn4/edit#

Both docs are for the enterprise edition. But the oss edition has similar docs.
https://www.mailpiler.org/wiki/current:installation

timconsidine

@luckow this makes sense ... except I don't understand why an archive solution would need SMTP for sending. It just needs its own incoming email capability, and the always_bcc means it will get a copy of all inbound and outbound emails from the primary 'working' email server.
But maybe (as is often the case) I am not understanding the full picture.

luckow

@timconsidine as I understand it, the smtp port of the archive solution is only relevant for receiving the bcc mails. The user uses the "normal" (in this case the Cloudron) smtp server for sending emails via webmail or the local mail client. And Cloudron smtp forwards/sends any incoming or outgoing mail via smtp to the archive solution. That is the magic in my understanding

timconsidine

@luckow thank you
I just didn't know inbound can even be done via SMTP. Either my bad knowledge, or non-standard config.

luckow

@timconsidine worth reading https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol

timconsidine

@vladimir-d whoop whoop !
Just built, pushed and installed your updated package of Mailpiler.
All went smoothly.
Now I have to set it up and learn it.
Thank you so much !

marcusquinn

@timconsidine Nice, more the merrier!

It's definitely another app that can help win mindshare for Cloudron as an enterprise considerate solution with this sort of auditing. Especially when it can be setup as a separate Cloudron instance too for further risk spreading.

timconsidine

@marcusquinn agreed.
I totally agree. Have tried some archiving solutions previously and mailpiler looks nice.
But I having a "thick" morning :

• looking through app and their online docs, I can't what address emails should be BCC'ed to. Is it staring me in the face and I can't see it? Do I have to set it up ?

• importing from a server doesn't specify a port number to access IMAP on, so test connection always fails, and it doesn't specify SSL/STARTTLS

I'm embarrassed by these basic questions, but if someone can nudge me in the right direction, I'd appreciate it.

marcusquinn

@timconsidine We haven't got to out setup and migration yet, working on 6 things at once, as always! Will bear in mind and answer when we do get to it.

timconsidine

@marcusquinn no problem, stumbling through it
Testing some configs
Another Q for later : what is a "mapped domain" when setting up a domain? Can't find any references to it.
No rush.

marcusquinn

@jsuto You still with us here? Maybe someone can email him if the forum doesn't?

necrevistonnezr

@marcusquinn
BTW does Mailpiler have any sort of compression? I recently tried to switch from the gold standard MailStore Home to another solution (in an attempt to ditch my Windows VM for good) - and my 30 GB MailStore Archive went up to 110 GB(!) in mbox files!

marcusquinn

@necrevistonnezr Don't know yet but will post some stats when I get to it. The project I have with it is for years of company email archives, so will have some good stats to compare from source to destination.

I might research file-system level deduplication, as I imagine there's a lot of duplicate files from email threads.

mazarian

Just thought I'd chime in and say I'm very interested in a mail archive solution.

necrevistonnezr

@marcusquinn said in Mailpiler - self hosted email archive:

@necrevistonnezr Don't know yet but will post some stats when I get to it. The project I have with it is for years of company email archives, so will have some good stats to compare from source to destination.

I might research file-system level deduplication, as I imagine there's a lot of duplicate files from email threads.

Is this still in the works or in a beta stage to be installed?

marcusquinn

@necrevistonnezr Hey, we have it working, need to ask @vladimir-d to commit to Cloudron's GitLab and let the team verify it's good to go for App Store inclusion.

Neiluj

Hi all,
I am wondering if we are far away from an addition of mailpiler to the Cloudron app repository. It would be of great help in a couple of the situation I am facing atm.
@vladimir-d Maybe you have had the chance to commit the working app version to Clourdon's GitLab already

If I can help (within the remit of my abilities) or contribute in making this happen, I would be happy to do so.

girish

I am happy to include this if we have something basic going . @marcusquinn @vladimir-d do you have any initial work here ?

vladimir.d

@girish here is some initial work.
https://git.cloudron.io/vladimir.d/mailpiler

TBH I didn't have a chance to complete it yet, I think the issue described here still needs to be addressed.

savity

@vladimir-d Would be awesome to get this working... Since the LAW in austria and germany for this hase been activate now for i think 2 Years. That you need a Mail Archive where you can proof the Mail is not changed....

https://www.bfdi.bund.de/DE/Buerger/Inhalte/Finanzen-Steuern/ABC_GoBD.html

marcusquinn

@savity As an alternative, you can achieve pretty-much the same thing with EspoCRM, as that will import emails to give you the same duplicate data in an alternative place.

necrevistonnezr

@marcusquinn said in Mailpiler - self hosted email archive:

@savity As an alternative, you can achieve pretty-much the same thing with EspoCRM, as that will import emails to give you the same duplicate data in an alternative place.

With full text search of mails and attachments? Can this be used for continuous backup?

marcusquinn

@necrevistonnezr full text search of emails, yes. Attachment searching I don't think so but it could be possible as we're using this full-time for 100+ users, so there's some value in us developing anything that isn't there. Sure, just add connection details and it will keep importing emails regardless of if you login or not.

savity

@marcusquinn does it import automaticly ? have to check it

marcusquinn

@savity Yes, and it's already an Cloudron packaged and maintained app. I recommend it in many ways.

We also have Mailpiler packaged but not yet adopted by the Cloudron team, but have not pursued it further, since Espo is covering our needs.

jsuto

Hello, I'm glad to see that there was an initial work adding piler to the app store.
I've got a request recently from a Cloudron user that he wanted to use piler archiving. Can you update me about the current status about this initiative? Whether it's still relevant, or you need some help from my side, etc.

marcusquinn

• https://git.cloudron.io/vladimir.d/mailpiler

It works for us, just need adopting by Cloudron with tests and app store inclusion.

LoudLemur

@jsuto Thanks for mailpiler. What is the password for the demo? This ought to be written somewhere... more obvious...

jsuto

@LoudLemur When you visit https://demo.mailpiler.com/ you may find several account in the username:password format, eg.

admin@local:pilerrocks
auditor@local:auditor
fedora@redhat.com:redhat
external@local:external

Let me know if you have any further questions.

jsuto

@marcusquinn It's great news! Can you tell me whom should I contact to progress further?

marcusquinn

@jsuto I think that'll be the @appdev Group for community assistance finishing this, or @girish if he's interested in adding it to the App Store.

jdaviescoates

@jsuto said in Mailpiler - self hosted email archive:

@marcusquinn It's great news! Can you tell me whom should I contact to progress further?

I guess @staff would just need to give you access to https://git.cloudron.io/vladimir.d/mailpiler

girish

@marcusquinn @vladimir-d I have missed this one. Shall I move this to cloudron namespace and publish as unstable?

marcusquinn

@girish Sure, it's relatively simple and appears to work as intended. Testing from others would help.

girish

@marcusquinn thanks, I can get this published. @vladimir-d can you please put a license?

timconsidine

@girish yay ! Thank you.

vladimir.d

@girish the License has been added to the repository.
Please feel free to change anything if needed.

m-si

@girish First of of all, a huge thank you to all participants. This is huge step for seriuos mail providing especially in germany.... but, maybe I don't see the obvious. As it is published... am I able to install it via the appstore? Or do I have to use the cli route mentioned in vladimirs readme?

LoudLemur

@necrevistonnezr and @jsuto Thanks for this.

1. Mailpiler and ordinary people
   Mailpiler seems needed for corporations but I wonder how it might be useful to an ordinary person who self-hosts their email instead of using a proprietary service?

The archiving there would be just leaving mail on the server and/or downloading your mail too and keeping it locally with something like Thunderbird.

2. Importing Dumps of Mail

Sometimes, people grow fedup with proprietary solutions for mail and want to migrate to a self-hosted solution. Services like e.g. Gmail allow you to dump your entire accounts email and save it offline. Is Mailpiler able to "one-click" import a dump like that, so we could search it easily offline?

Anyway, thanks for your help on logging in and being able to see how pretty the archived mail looks in Mailpiler. It was funny looking through the Broadcom wireless issues in the Fedora archive. Why do they do it, really? Couldn't they just Free their drivers?!

m-si

@LoudLemur in germany there is a legal requirement for almost all businesses according to different laws and regulations to archive without the user haveing the option to modify, delete…so before it get‘s in the inbox. Additionally you have to find mechanisms to not archive personal information due to regulations of the GDPR/DSGVO. Very hairy therefore a solution like mailpiler was developed…

Mailpiler is a software to archive not to backup so a different usecase

LoudLemur

@m-si said in Mailpiler - self hosted email archive:

@LoudLemur in germany there is a legal requirement for almost all businesses according to different laws and regulations to archive without the user haveing the option to modify, delete…so before it get‘s in the inbox. Additionally you have to find mechanisms to not archive personal information due to regulations of the GDPR/DSGVO. Very hairy therefore a solution like mailpiler was developed…

Mailpiler is a software to archive not to backup so a different usecase

Wow! That is pretty much George Orwell / 1984 / Police State legislation right there. Was there much objection when it was being discussed/introduced?

necrevistonnezr

@LoudLemur
@m-si was not very precise: There's a requirement for businesses to archive business-related letters, emails etc. for a certain time (usually 5 years, up to 10 years) - for compliance, tax, and audit reasons.

m-si

@necrevistonnezr you are absolutely right. @LoudLemur as the same legislative rules already applied to the paper-based business communication for a long time before already... from the surveillance perspective you are right, but it is not the government but the business owners, that are collecting the information and need too anyway to fulfill the business. When I look from different angles on it, I even sort of can understand it.

• As a business owner it makes you safe in legal cases (HGB) or financial audits (AO, GoBD)...

• As an end-user/citizen I like the regulation because, that way it is a bit more difficult to mess around with taxes (I think taxes are fair as long as all of us pay them) and with the GDPR rules we in Europe are always able to ask for deletion, change and handing out of at least any personal information...

IMHO So there is as always a fine line between surveillance and the security/freedom we as a community deserve and rely on and in my eyes we as the technical enablers have to consult at that point wisely...

But I'm neither a judge nor a lawyer anyway