Updated the app icons on all apps running in my Cloudron instance for fun

Well, I gave myself a fun little short project (took maybe 30 minutes) today where I replaced every app icon in the Dashboard of Cloudron. Here's what it looks like:

I used FlatIcon's website, filtering to Free icons and for Linear Colour as the style. I was surprised at how many fairly accurate icons I could find, even one for my email 'autoconfig' app which I had doubted I'd be able to find a good icon replacement for. Even found separate ones for the two websites which aren't really websites at all but just redirect visitors to another externally hosted website on a different domain (two clients are realtors who just wanted their own short marketing domain name for email and then having the web address forward to their actual realtor's webpage for their own listings), so they're literally just the LAMP app with a single html file which does an immediate redirect.

I may make further changes, or heck I may even revert back to the default app icons in the future, but I thought this was a nice little distraction to change the overall look of the Dashboard by replacing all the app icons with new ones, and ensuring a bit of consistency where possible between them all too so that none of them stood out from others. I think it went fairly well. Just wanted to share to maybe inspire others if they think they'd benefit from some extra bit of flair in their Dashboard.

@jdaviescoates Great idea! I'd definitely love to be a part of something like that.

What I do:
I do freelance web & tech services as a side business, and that includes hosting a bunch of things for customers which I do on Cloudron. Specifically WordPress websites for roughly 15 clients, and recently even some SFTP servers for one client too. Also a nodeBB forum for a client, Bitwarden password manager, email hosting of course, webmail apps, all that jazz. WordPress and email is the vast majority of what I host for my clients, but I get to dabble in other areas too which I like. Oh and web analytics too of course as that's bundled with my web hosting plan I sell to them, and to my surprise many of them actually really like seeing the emailed report from Matomo where they see all the results from each city, country, dates and times of busy traffic, etc. When I started offering it I honestly didn't think too many people would care, but most of them really like that part. I guess it sort of helps justify to them why they have a website in the first place so they can see how many people they're effectively reaching and such too in one area.

I don't necessarily market my services as a Saas-Cloudron or anything like that, just to be clear in case that's kind of what you were asking earlier, but I am very open in spreading the word of Cloudron (sounds like I'm in a cult, lol) to any of my clients that want to learn more about how I manage things, and even link to Cloudron from my website, so generally the customers that actually care to know that stuff all know I'm using Cloudron as the platform for everything.

Quick side story about the SFTP server I recently setup, just because I think it's really cool, haha:
Using Surfer, I setup an SFTP server to bridge a medical clinic (client of mine) administering COVID-19 tests and the lab they hired to actually process the tests. Before, they were emailing constantly between clinic and lab and it was a hassle for them to keep track of everything... and we later found out that the lab they contracted actually had a script which they use for their larger clients I guess - it polls the SFTP server every 5 minutes for a CSV file which the clinic fills it out and saves to the SFTP server for each patient, each patient being it's own row on the CSV. It's streamlined their entire process now - just that one thing alone - to the point where they get their results much faster now from the lab and can then forward that to the patients much quicker than before as it's way less overhead in communications between the lab and clinic. Once I heard about this and set it up for them and learned how much better it made things for them, honestly I was humbled in a way, I consider myself fortunate to have been a very very very tiny part of that process to ensure people can get their COVID-19 test results sooner. It really wasn't much work on my part at all, Cloudron made it easy to implement! It was still cool to be a part of an improvement to this essential service in my region none-the-less.

Sorry I'm rambling on now, lol, the answer to your original question is "Yes, I offer services to my clients that I host using Cloudron". haha.

These apps serve different purposes, so I don't think one can really answer the question without knowing the use-case.

My suggestion is if you only care about webmail, then Rainloop wins. It's quicker, nicer interface (IMO), intuitive, etc. If you however also want to manage a calendar and contacts, then SOGo is likely the better one as Rainloop does mail and contacts only, no calendar or anything like that. And even for contacts, it's differently managed - Rainloop simply stores them, but SOGo "hosts" them so they're also accessible via CardDAV protocols into apps like Contacts on macOS or iOS, Calendar on macOS, etc.

Basically, Rainloop is a webmail client whereas SOGo is what's called "groupware" as it will sync contacts, calendars, tasks, etc. in addition to the mail client role.

If you elaborate on your use-case, then people can probably give you a more accurate answer. Hopefully the above helps in the meantime.

I've been spending a long time lately on spam improvements on the Cloudron mail server. I've made a ton of improvements and while still not perfect (it never will be) it's a giant leap over how it was a few weeks ago.

I already made some updates in the other post on DNSBLs, for anyone who hasn't seen that already.

I've also improved the spam classifications for anything that gets past the DNSBLs. It was already pretty decent at classifying spam that was spam with no false-positives, however there was still a good amount getting to the inbox for some users in particular. I've trained them to use the spam folder and archive folder accordingly to train the filter for their account, but I also made a whole bunch of tweaks in the custom rules to overwrite scoring server-wide.

Tip: You can easily override the default SpamAssassin scores or even create your own rules using the Custom Spam Filtering Rules feature in Cloudron.

I thought I'd share what I have currently which adds in a few new providers as well as increasing the scores from their defaults. Here is what I've got currently and it seems to be working very well for me and my users with no false-positives that I can find and much more in the spam box where they should be. Feel free to adapt of course for your own servers.

The main highlights of the changes I made was the following:

• Increasing the scores for various DNSBLs where appropriate from their defaults
• Increasing the scores for SPF failures but keeping them still reasonable as not ever mail server has setup SPF correctly even if legitimate
• Modifying the scores for the BAYES_ learning ones, scoring them according to their confidence levels (and a bit above the default in most cases)
• Added three new DNSBLs for SpamAssassin (seen at the bottom of the list) which when combined with the overall scoring changes for DNSBLs built-in has provided a noticeable improvement in spam recognition

# scoring DNSBLs (blocklists & allowlists)
score RCVD_IN_BL_SPAMCOP_NET 2.0
score RCVD_IN_DNSWL_NONE 0.5
score RCVD_IN_DNSWL_LOW -0.5
score RCVD_IN_DNSWL_MED -2.5
score RCVD_IN_DNSWL_HI -5.0
score RCVD_IN_GBUDB 4.0
score RCVD_IN_JMF_BL 3.0
score RCVD_IN_MSPIKE_H3 -2.0
score RCVD_IN_MSPIKE_H4 -3.0
score RCVD_IN_MSPIKE_H5 -3.5
score RCVD_IN_MSPIKE_L3 2.0
score RCVD_IN_MSPIKE_L4 3.0
score RCVD_IN_MSPIKE_L5 3.5
score RCVD_IN_MSPIKE_WL 0
score RCVD_IN_MSPIKE_ZBI 4.0
score RCVD_IN_SBL 3.0
score RCVD_IN_SORBS_BLOCK 2.0
score RCVD_IN_SORBS_DUL 2.0
score RCVD_IN_SORBS_HTTP 2.0
score RCVD_IN_SORBS_MISC 2.0
score RCVD_IN_SORBS_SMTP 2.0
score RCVD_IN_SORBS_SOCKS 2.0
score RCVD_IN_SORBS_SPAM 2.0
score RCVD_IN_SORBS_WEB 2.0
score RCVD_IN_SORBS_ZOMBIE 2.0
score RCVD_IN_SPAMRATS 4.0
score RCVD_IN_XBL 3.5
score RCVD_IN_PBL 3.5
score RCVD_IN_SBL_CSS 3.5
score RCVD_IN_ZEN_BLOCKED_OPENDNS 0.5
score RCVD_IN_ZEN_BLOCKED 0.5

# scoring URIBLs
score URIBL_ABUSE_SURBL 3.0
score URIBL_BLACK 3.0
score URIBL_CR_SURBL 3.0
score URIBL_CSS 2.0
score URIBL_CSS_A 2.0
score URIBL_DBL_ABUSE_BOTCC 2.0
score URIBL_DBL_ABUSE_MALW  2.0
score URIBL_DBL_ABUSE_PHISH 2.0
score URIBL_DBL_ABUSE_REDIR 2.0
score URIBL_DBL_ABUSE_SPAM 2.0
score URIBL_DBL_BLOCKED 2.0
score URIBL_DBL_BLOCKED_OPENDNS 2.0
score URIBL_DBL_BOTNETCC 2.0
score URIBL_DBL_ERROR 2.0
score URIBL_DBL_MALWARE 2.0
score URIBL_DBL_PHISH 2.0
score URIBL_DBL_SPAM 2.0
score URIBL_GREY 1.5
score URIBL_MW_SURBL 2.0
score URIBL_PH_SURBL 2.0
score URIBL_RED 2.5
score URIBL_RHS_DOB 2.0
score URIBL_SBL 2.0
score URIBL_SBL_A 2.0
score URIBL_WS_SURBL 2.0
score URIBL_ZEN_BLOCKED 2.0
score URIBL_ZEN_BLOCKED_OPENDNS 2.0

# scoring SPF & DKIM
score DKIM_INVALID 1.0
score DKIM_SIGNED -0.5
score DKIM_VALID -0.5
score DKIM_VALID_AU -0.5
score DKIM_VALID_EF -0.5
score DKIM_VERIFIED -1.0
score SPF_FAIL 2.0
score SPF_HELO_FAIL 2.0
score SPF_HELO_NEUTRAL 0.5
score SPF_HELO_NONE 0.5
score SPF_HELO_PASS -0.5
score SPF_HELO_SOFTFAIL 1.0
score SPF_NEUTRAL 0.5
score SPF_NONE 0.5
score SPF_PASS -0.5
score SPF_SOFTFAIL 1.5

# scoring BAYES
score BAYES_00 -1.5
score BAYES_05  -1.0
score BAYES_20  -0.5
score BAYES_40  0.5
score BAYES_50  1.0
score BAYES_60  1.5
score BAYES_80  2.0
score BAYES_95  3.0
score BAYES_99  4.5
score BAYES_999 5.0

# additional scoring tweaks
score BILLION_DOLLARS 2.0
score FREEMAIL_FROM 0.5
score HEADER_FROM_DIFFERENT_DOMAINS 3.5
score HTML_FONT_LOW_CONTRAST 2.0
score HTML_MESSAE 0.5
score LOTS_OF_MONEY 1.5
score MISSING_HEADERS 1.0

# add GDUB TRUNCATE DNSBL
header RCVD_IN_GBUDB eval:check_rbl('gbudb', 'truncate.gbudb.net.')
describe RCVD_IN_GBUDB Listed in truncate.gbudb.net
tflags RCVD_IN_GBUDB net

# add JMF-Black DNSBL
header RCVD_IN_JMF_BL eval:check_rbl('jmfbl', 'black.junkemailfilter.com.')
describe RCVD_IN_JMF_BL Listed in black.junkemailfilter.com
tflags RCVD_IN_JMF_BL net

# add Spamrats DNSBL
header RCVD_IN_SPAMRATS eval:check_rbl('spamrats', 'all.spamrats.com.')
describe RCVD_IN_SPAMRATS Sender listed in all.spamrats.com
tflags RCVD_IN_SPAMRATS net

@imc67 I definitely agree, lots of areas for improvements.

I do have one item of your post I wanted to share my two cents on though...

Wordfence imho needs to be installed by default in Wordpress

This is just my personal view so take it with a grain of salt of course, I don't think there's really any right or wrong way to it. My two cents...

I have the belief that we should aim to keep all apps (WordPress included) about as close to default as the developer intended for the app, leaving Cloudron to just handle the default user and mail config for the app, etc. I think it's a bit of a slippery slope to add in all these extras regardless of how important they may be for certain use-cases, because the line needs to be drawn somewhere of course and deciding where that line is isn't particularly clear. In such a case, I'd ere on the side of "keep it as close to default as possible as intended by the developer" to stay free of any tightrope walking so-to-speak. haha.

For WordPress in particular, there's practically hundreds of thousands of plugins available, some of which are "default installs" in my environments where I have a template setup with the ones I use all the time for example, but I would never want to force my defaults on others because what works for me or the plugins I prefer to use may not work or be preferred by other users. Security plugins are one area where there's a ton of them, and there was a similar discussion not too long ago I had regarding a suggestion for including a caching plugin by default too.

And that's kind of the slippery slope I am referring too... what is the criteria for when a "default plugin suggestion" gets approved, and when would one get denied?

I just really want to see apps be as close to default as possible. But of course that's just my two cents. I'm sure many might disagree with me. haha.

I totally agree with the rest of your suggestions though, I would love to see the improvements for additional security in the Cloudron server itself. I completely forgot about the GEO-blocking request for countries, that'd be pretty great to have!

As Radicale isn't the most RFC-compliant (they even state that's not their goal), it'd be nice to have a more compliant CardDAV and CalDAV server to use as an alternative to Radicale, SOGo, and Nextcloud.

A good one I have seen recommended often is "sabre/dav". It's also updated more often than Radicale too from what I can tell. I think this would be a great addition for those people who want a more pure CalDAV and CardDAV server.

https://sabre.io/dav/
https://github.com/sabre-io/dav

I just realized from comments on a different thread that you now have yearly/annual pricing which is a generous discount per month. I may have missed the announcement of those pricing changes, not sure when that came into effect but I appreciate it.

As a Canadian who ends up paying even more than the listed price due to currency conversion between USD and CAD, I am very thankful for the chance to have that discount by paying for a year in advance. Of course one has to have the means to be able to justify a year up-front, but I can definitely see myself using this for a year or more at least.

As a result, I have changed my plan from monthly to yearly, and I just wanted to say thank you. This brings down my total cost of ownership (TCO) by quite a bit. This takes me down from roughly $40 CDN to $20 CDN, saving me $20 a month, or $240 over the course of the year.

Anyways, ultimately I really just wanted to say thank you, and hopefully let others know about this too in case it helps them. This was a pleasant surprise to see.

Reference: https://cloudron.io/pricing.html

@girish It's also quicker to do from Cloudron at times depending on the VPS host as well. For example I'm hosted currently at OVH and it's not the nicest control panel, not super mobile friendly either and takes me about 6 clicks to get to the reboot option. Cloudron is only about 2 (login > System).

Just wanted to check in and see how 6.3 is coming along.

Any ETA by chance? I'm super excited for these email improvements many of us have been requesting, particularly the DNSBL checks; greylisting; blocklist & whitelist auto-updating/DNSWL; email autoexpunge; and not forwarding spam to mailing lists. I know that's a lot, lol.

I know many of them came from me, haha, so if you want to discuss any of them or want clarification on the requests, I'd be happy to help offer guidance or clarification.

It'd be great to have the ability to add comments to backups, particularly app backups.

My example use-case: I have a WordPress app running, which I am working on some performance-projects. I'm making backups after each different plugin change for example to be able to easily restore back to baseline and after certain plugin changes. After making so many app backups, it can be difficult to later remember which one was the baseline, which one was for any particular plugin change, etc.

Having the ability to add notes to app backups would be a great way to handle that type of use-case.

I picture the UI with a small icon next to each backup to easily add notes. Then to view them, it'd be great to have it either pop-up when hovering over a backup or to perhaps have a short accordion effect to expand the notes applied to the backup. The latter would be more mobile-friendly as mobile devices don't really have the ability to "hover" over items.

@girish said in How about a Cloudron meet-up in Berlin in 2021?:

Yes! We did it when Kopano meet was getting packaged

Perfect! I'd join if it was online then. Would love to visit Germany someday, but being "at risk" (cystic fibrosis) I ain't travelling out of Canada during this pandemic, especially when insurance won't cover anything like that anymore haha

@p44 That's very strange. It should definitely save to your Sent folder. Did you perhaps have it set to save sent messages in a different folder? On iOS, you can go to Settings > Mail > Accounts > {accountName} > Account > Advanced and in there you can set the Mailbox Behaviours for Drafts, Send, Deleted, and Archive. Make sure it's set to the correct folder. Sometimes there's a difference between "Sent" and "Sent Messages". There are some semantic differences, though usually I find that only affects Junk/Spam folders as there's been previous discussions on those. The rest of them work fine for me but I may have set it up accordingly too back in the day.

The instructions above assume you're using the built-in Apple Mail app.

@dylightful I think it's a nice idea to add reCAPTCHA / hCaptcha as needed to the page. With that said, as @marcusquinn stated, fail2ban should more or less prevent any brute force attacks. Also the Cloudron has rate limits in place by default (https://docs.cloudron.io/security/#rate-limits) for Cloudron login page. Of course, that can be greatly improved as 10 requests per second per IP is far too high in my opinion, should be more like 10 requests per 5 or 10 minutes or something like that. But that was also requested already too to improve the rate limits to be more secure: https://forum.cloudron.io/post/28271 which @girish has already confirmed is going to be one of the focuses in 6.3.

There are a ton of mail server improvement requests, and lots of great comments with ideas too. Recently the mail server has been my focus and reminded me of how much room for improvement there is, I'd like to make it easier to find the feature requests and encourage people to vote for the ones they'd like to see implemented too. In no real particular order...

Spam & Reputation related

• Blocklist auto-updating for SpamAssassin
• Greylisting capabilities
• Spam messages: do not forward to mailing lists
• Monitoring mail server reputation
• Allowlist/Whitelist for incoming messages
• Option to customize DNSBL sources used to deny connections
• Option to scan all email for spam, not just those arriving from outside the server

General improvements

• Expose message queue
• Rate-limit and cap messages sent per domain
• UI to set AutoExpunge on mail folders to keep disk clean
• a discussion with many different ideas

As Cloudron grows it's user base, the mail server will become increasingly critical. I really hope we can see these improvements in 7.x in the not-so-distant future.

@girish Side note: can we make the GUI show 12 apps instead of 10? When it's generally 3 or 4 columns, 10 just seems like an odd number to use for displaying the apps on that page. Hopefully that makes sense. Just a side thing though, no worries.

Latest round of SpamAssassin rules I'm using, if anyone is interested.

The highlights here are just a couple of things:

• A few new sources which come with new rules
• Slight scoring tweaks on just a few rules

Of course, as they say... YMMV.

# scoring DNSBLs (blocklists & allowlists)
score RCVD_IN_BL_SPAMCOP_NET 2.5
score RCVD_IN_DNSWL_HI -5.0
score RCVD_IN_DNSWL_LOW -0.5
score RCVD_IN_DNSWL_MED -2.5
score RCVD_IN_DNSWL_NONE 0.5
score RCVD_IN_GBUDB 4.5
score RCVD_IN_IADB_DK -0.5
score RCVD_IN_IADB_DOPTIN_GT50 -0.5
score RCVD_IN_IADB_DOPTIN_LT50 -0.5
score RCVD_IN_IADB_EDDB -0.5
score RCVD_IN_IADB_EPIA -0.5
score RCVD_IN_IADB_GOODMAIL -0.5
score RCVD_IN_IADB_LISTED -0.5
score RCVD_IN_IADB_LOOSE -0.5
score RCVD_IN_IADB_MI_CPEAR 0
score RCVD_IN_IADB_MI_CPR_30 0
score RCVD_IN_IADB_MI_CPR_MAT 0.0
score RCVD_IN_IADB_NOCONTROL -0.5
score RCVD_IN_IADB_OOO -0.5
score RCVD_IN_IADB_OPTIN -0.5
score RCVD_IN_IADB_OPTIN_GT50 -0.5
score RCVD_IN_IADB_OPTIN_LT50 -0.5
score RCVD_IN_IADB_OPTOUTONLY -0.5
score RCVD_IN_IADB_RDNS -0.5
score RCVD_IN_IADB_SENDERID -0.5
score RCVD_IN_IADB_SPF -0.5
score RCVD_IN_IADB_UNVERIFIED_1 -0.5
score RCVD_IN_IADB_UNVERIFIED_2 -0.5
score RCVD_IN_IADB_UT_CPEAR 0
score RCVD_IN_IADB_UT_CPR_30 0
score RCVD_IN_IADB_UT_CPR_MAT 0
score RCVD_IN_JMF_BL 2.5
score RCVD_IN_MSPIKE_BL 0.0
score RCVD_IN_MSPIKE_H2 0.0
score RCVD_IN_MSPIKE_H3 -0.5
score RCVD_IN_MSPIKE_H4 -2.0
score RCVD_IN_MSPIKE_H5 -3.0
score RCVD_IN_MSPIKE_L2 1.5
score RCVD_IN_MSPIKE_L3 3.5
score RCVD_IN_MSPIKE_L4 4.5
score RCVD_IN_MSPIKE_L5 5.0
score RCVD_IN_MSPIKE_WL 0.0
score RCVD_IN_MSPIKE_ZBI 4.0
score RCVD_IN_PBL 3.5
score RCVD_IN_SBL 3.5
score RCVD_IN_SBL_CSS 3.5
score RCVD_IN_SEM_BACKSCATTER 1.5
score RCVD_IN_SEM_BLACK 3.5
score RCVD_IN_SEM_NET_BLACK 2.5
score RCVD_IN_SORBS_BLOCK 2.5
score RCVD_IN_SORBS_DUL 2.5
score RCVD_IN_SORBS_HTTP 2.5
score RCVD_IN_SORBS_MISC 2.5
score RCVD_IN_SORBS_SMTP 2.5
score RCVD_IN_SORBS_SOCKS 2.5
score RCVD_IN_SORBS_SPAM 2.5
score RCVD_IN_SORBS_WEB 2.5
score RCVD_IN_SORBS_ZOMBIE 2.5
score RCVD_IN_SPAMRATS 2.5
score RCVD_IN_XBL 3.5
score RCVD_IN_ZEN_BLOCKED 0.0
score RCVD_IN_ZEN_BLOCKED_OPENDNS 0.0

# scoring URIBLs
score URIBL_ABUSE_SURBL 4.0
score URIBL_BLACK 4.5
score URIBL_CR_SURBL 4.0
score URIBL_CSS 2.0
score URIBL_CSS_A 2.0
score URIBL_DBL_ABUSE_BOTCC 3.5
score URIBL_DBL_ABUSE_MALW  3.5
score URIBL_DBL_ABUSE_PHISH 3.5
score URIBL_DBL_ABUSE_REDIR 3.5
score URIBL_DBL_ABUSE_SPAM 3.5
score URIBL_DBL_BLOCKED 0.0
score URIBL_DBL_BLOCKED_OPENDNS 0.0
score URIBL_DBL_BOTNETCC 3.5
score URIBL_DBL_ERROR 3.5
score URIBL_DBL_MALWARE 3.5
score URIBL_DBL_PHISH 3.5
score URIBL_DBL_SPAM 3.5
score URIBL_GREY 1.0
score URIBL_MW_SURBL 4.0
score URIBL_PH_SURBL 4.0
score URIBL_RED 1.5
score URIBL_RHS_DOB 2.0
score URIBL_SBL 2.0
score URIBL_SBL_A 2.0
score URIBL_SEM 3.0
score URIBL_SEM_FRESH30 1.5
score URIBL_WS_SURBL 3.0
score URIBL_ZEN_BLOCKED 0.0
score URIBL_ZEN_BLOCKED_OPENDNS 0.0

# scoring DKIM & SPF
score DKIM_INVALID 1.5
score DKIM_SIGNED 0.0
score DKIM_VALID 0.0
score DKIM_VALID_AU 0.0
score DKIM_VALID_EF 0.0
score DKIM_VERIFIED 0.0
score DKIMWL_BL 3.0
score DKIMWL_WL_HIGH -3.5
score DKIMWL_WL_MED -1.5
score DKIMWL_WL_MEDHI -2.5
score FORGED_SPF_HELO 3.0
score SPF_FAIL 1.5
score SPF_HELO_FAIL 1.5
score SPF_HELO_NEUTRAL 1.0
score SPF_HELO_NONE 0.5
score SPF_HELO_PASS 0.0
score SPF_HELO_SOFTFAIL 1.5
score SPF_NEUTRAL 0.5
score SPF_NONE 0.5
score SPF_PASS 0.0
score SPF_SOFTFAIL 1.5

# scoring BAYES
score BAYES_00 -3.0
score BAYES_05  -1.5
score BAYES_20  0.5
score BAYES_40  1.5
score BAYES_50  2.0
score BAYES_60  3.0
score BAYES_80  4.0
score BAYES_95  4.5
score BAYES_99  5.0
score BAYES_999 1.5

# scoring HTML
score HTML_FONT_LOW_CONTRAST 0.5
score HTML_IMAGE_ONLY_04 1.5
score HTML_IMAGE_ONLY_08 2.0
score HTML_IMAGE_ONLY_12 2.0
score HTML_IMAGE_ONLY_16 2.0
score HTML_IMAGE_ONLY_20 2.0
score HTML_IMAGE_ONLY_24 2.5
score HTML_IMAGE_ONLY_28 2.5
score HTML_IMAGE_ONLY_32 3.0
score HTML_IMAGE_RATIO_02 0.0
score HTML_IMAGE_RATIO_04 0.0
score HTML_IMAGE_RATIO_06 0.0
score HTML_IMAGE_RATIO_08 0.0
score HTML_MESSAGE 0.0

# scoring HEADER & MISSING
score HEADER_FROM_DIFFERENT_DOMAINS 0.5
score HEADER_SPAM 2.5
score MISSING_DATE 3.0
score MISSING_FROM 1.5
score MISSING_HB_SEP 0.0
score MISSING_HEADERS 1.5
score MISSING_MID 1.0
score MISSING_MIMEOLE 2.0
score MISSING_SUBJECT 2.0

# scoring FREEMAIL
score FORGED_GMAIL_RCVD 2.5
score FORGED_YAHOO_RCVD 2.5
score FREEMAIL_ENVFROM_END_DIGIT 0.5
score FREEMAIL_FORGED_REPLYTO 1.5
score FREEMAIL_FROM 0
score FREEMAIL_REPLY 1.0
score FREEMAIL_REPLYTO 1.0
score FREEMAIL_REPLYTO_END_DIGIT 0.5
score MALFORMED_FREEMAIL 4.0

# additional scoring tweaks
score BILLION_DOLLARS 2.0
score BODY_URI_ONLY 1.5
score EMPTY_MESSAGE 1.5
score HELO_DYNAMIC_SPLIT_IP 2.0
score HK_RANDOM_ENVFROM 0.5
score HK_RANDOM_FROM 0.5
score LOTS_OF_MONEY 0.5
score MPART_ALT_DIFF 1.0
score MPART_ALT_DIFF_COUNT 1.5
score NO_DNS_FOR_FROM 0.5
score PDS_TONAME_EQ_TOLOCAL 0.5
score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.5
score RDNS_NONE 1.5
score REPLYTO_WITHOUT_TO_CC 2.5
score UNPARSEABLE_RELAY 0.5
score URI_DQ_UNSUB 2.0

# add GDUB TRUNCATE DNSBL
header RCVD_IN_GBUDB eval:check_rbl('gbudb', 'truncate.gbudb.net.')
describe RCVD_IN_GBUDB Listed in truncate.gbudb.net
tflags RCVD_IN_GBUDB net

# add JMF-Black DNSBL
header RCVD_IN_JMF_BL eval:check_rbl('jmf', 'black.junkemailfilter.com.')
describe RCVD_IN_JMF_BL Listed in black.junkemailfilter.com
tflags RCVD_IN_JMF_BL net

# add Spamrats DNSBL
header RCVD_IN_SPAMRATS eval:check_rbl('spamrats', 'all.spamrats.com.')
describe RCVD_IN_SPAMRATS Sender listed in all.spamrats.com
tflags RCVD_IN_SPAMRATS net

# add SpamEatingMonkey backscatter DNSBL
header RCVD_IN_SEM_BACKSCATTER eval:check_rbl('sem', 'backscatter.spameatingmonkey.net')
tflags RCVD_IN_SEM_BACKSCATTER net
describe RCVD_IN_SEM_BACKSCATTER Received from an IP listed by SEM-BACKSCATTER

# add SpamEatingMonkey network blacklist DNSBL
header RCVD_IN_SEM_NET_BLACK eval:check_rbl('sem', 'netbl.spameatingmonkey.net')
tflags RCVD_IN_SEM_NET_BLACK net
describe RCVD_IN_SEM_NET_BLACK Received from an IP listed by SpamEatingMonkeys

# add SpamEatingMonkey blacklist DNSBL
header RCVD_IN_SEM_BLACK eval:check_rbl('sem', 'bl.spameatingmonkey.net')
tflags RCVD_IN_SEM_BLACK net
describe RCVD_IN_SEM_BLACK Received from an IP listed by SpamEatingMonkeys

# add SpamEatingMonkey URIBL
urirhssub URIBL_SEM uribl.spameatingmonkey.net. A 2
body URIBL_SEM eval:check_uridnsbl('URIBL_SEM')
describe URIBL_SEM Contains a URI listed by SpamEatingMonkeys
tflags URIBL_SEM net

# add SpamEatingMonkey fresh domain URIBL
urirhssub URIBL_SEM_FRESH30 fresh30.spameatingmonkey.net. A 2
body URIBL_SEM_FRESH30 eval:check_uridnsbl('URIBL_SEM_FRESH30')
describe URIBL_SEM_FRESH30 From a domain registered less than 30 days ago
tflags URIBL_SEM_FRESH30 net

Great topic! It's always fun to peek into people's offices. haha. Here's my home office setup for the moment. Been changing it slowly over the past year. Recently got a new chair I find much more comfortable than my previous one. haha.

I was going to write a blog post on this one day but here is a quick summary of what I found in moving roughly 12 WordPress sites to the WordPress app in Cloudron...

1. Use the All-In-One WP Migration plugin (https://wordpress.org/plugins/all-in-one-wp-migration/) to export the site, being sure to check the boxes in advanced section that say "Do not export must-use plugins" (if you don't do this it will overwrite the must-used plugins for LDAP authentication in the Cloudron implementation of WordPress)

2. Setup a new base WordPress site in Cloudron, and add in the same All-In-One WP Migration plugin. Now import the site file that was created in step one above.

3. After it's done importing, restart the WordPress site in Cloudron so that it can re-connect it's must-use plugins (initially I find access is lost to the main LDAP admin user until a restart).

4. Once in using your LDAP admin user, remove any old admin user and replace with the new one if you wish, and clean-up any unnecessary plugins and themes that are there by default.

Not only did I find this to be the quickest method but also the safest in terms of not losing anything at all. When I tried the Cloudron blog method it just seemed like a lot of extra work for me. But maybe that's because most of the sites I've designed aren't simple blogs, so maybe their method is still better for simple blog sites.

Enjoy.

Happy New Year everybody!

Just learned how to deploy a custom app using Bitwarden as the test, but seeing as it should be delivered soon, figured I'd wait for the more official release. So on that note... is there any ETA yet for this app @girish or @nebulon by any chance? If it's going to be a month or two I may start with the custom app, but figured if it'd be just another week or two (or just less than a month), then I'll just wait it out.

Thanks again for all the work you guys do - including everyone else in this thread, as I was able to learn a lot from reviewing everything you all wrote!

@nebulon I think the app icons themselves should be left alone. Looking great!

@girish Ah, that's interesting. That isn't documented anywhere that I could find, so that wasn't known. Yes, 3 weeks sounds about right - the "a month" was more figurative as it was close. Unfortunately I can't say for certain now as the backups were failing due to disk space so I had to remove the old backups - this is how I came to learn of this discrepancy between my understanding of how retention time works and what was happening in my system.

Is this something we can customize by any chance? It's a great idea, I like that you're doing it for keeping backups when a package version change happens, because you're right - people usually don't see any smaller issues until a while later. I just wonder if it could be an option to overwrite it all for people who may not have a lot of disk space to spare. May be useful to expose that in the GUI.

On a related side note: One thing I've come to learn through using Cloudron the past 8 months or so is that there is a lot of stuff missing from the documentation that we only find out about later in the forum. I actually am the rare oddball who likes to write up documentation to help others (this is part of my day job), so I'm happy to help contribute these types of updates if you have a list or backlog of items that need to make it into the documentation. If there's anything I can offer on that side of things, I'd love to help so it improves the docs for everyone and hopefully prevents these types of issues from consuming your time.

Just curious how others organize their Cloudron "My Apps" dashboard. Do you use the labels feature much or just descriptive app URLs to keep them organized? Do you bother with tags? And if you use tags, what are some examples you do to solve problems?

I currently have about 20 apps deployed across roughly 12 domains, and am not having too much difficulty yet with organization but I can imagine a year or two down the road (if I'm still using Cloudron which I assume I will be for now) I may run into issues keeping everything straight in the Dashboard, so figured I'd see what problems people have run into and what they've done to solve them when it comes to organizing their apps.

Peertube apparently now has an LDAP ability now too. Saw this today: https://framagit.org/framasoft/peertube/official-plugins/-/tree/master/peertube-plugin-auth-ldap

I noticed that when removing a mailbox, it only sets up the mail server to bounce emails to it, but doesn't delete any mail data itself. I'd love to see an option where there's a checkbox on that dialogue pop-up where data can be deleted too. It seems weird to me that no data would be deleted, when generally that's what users I would think want done when they remove a mailbox.

I see the following benefits from implementing this feature:

• Improved efficiency in the workflow for deleting accounts when the admin intends for all the data to be removed too. Saves time.
• Prevents accidental missteps in the CLI by removing the need to SSH to the box in the first place.

Personally I believe that (almost) anytime a user needs to SSH to the server to achieve something on a Cloudron box, this is an opportunity for Cloudron to improve and "sell" a new feature to attract users who aren't interested in doing the system administration. As we've seen from recent posts, Cloudron seems to be attracting a lot of "newbie" sysadmins (which I think is great, that shows how user friendly Cloudron is!), and they may not be as willing to dwelve into the command line to remove data that we'd expect Cloudron to do for us when trashing a mailbox, for example. And heck, even the seasoned sysadmin can easily make mistakes and delete more than they intended (the rm -rf is a powerful command, lol) - we're all human. I think every time a user can achieve something from Cloudron instead of via command line makes it so much safer for the masses of Cloudron users.

For completion sake: https://docs.cloudron.io/backups/#restore-email

@girish My two cents (and coming from someone supporting a mission-critical product written by a Fortune 500 company that's used by about 95% of all Fortune 100 companies, so "support" and "tech docs" are my jam, haha, hence why I've contributed to the docs at least a few times)... usually in the documentation it is best to clarify what you have tested on, rather than making specific recommendations because people could assume then that you only support it running on a particular provider for example. So I'd recommend something like "Tested on such-and-such plan with X provider", and then specifically make a note about performance varying between providers and then the general "minimum recommended" requirements regardless of provider for Cloudron to run.

There's even a list for Cloudron team to use for this forum haha

https://iplists.firehol.org/?ipset=stopforumspam

Now imagine if that could be used in the firewall automatically. Would be awesome.

@girish Okay... I think I found a possible root cause of the issue (though it shouldn't be a big deal long-term, would only impact why I saw only 5 apps yesterday)... I believe the root cause is when an app has a pending update (the green up arrow next to it) then the logrotate mysteriously disappears. Here's why I feel this way and my detailed testing and investigation here...

1. I forced the logrotate again today and it somehow cleared up another large batch of space, taking it from the leftover nearly 2 GB yesterday to just under 600 MB today.

ubuntu@my:~$ sudo du -ch -d 1 /home/yellowtent/platformdata/ | sort -hr
3.3G	total
3.3G	/home/yellowtent/platformdata/
1.8G	/home/yellowtent/platformdata/mysql
592M	/home/yellowtent/platformdata/logs
522M	/home/yellowtent/platformdata/mongodb
358M	/home/yellowtent/platformdata/graphite
89M	/home/yellowtent/platformdata/postgresql
7.6M	/home/yellowtent/platformdata/redis
724K	/home/yellowtent/platformdata/nginx
164K	/home/yellowtent/platformdata/update
128K	/home/yellowtent/platformdata/collectd
116K	/home/yellowtent/platformdata/backup
104K	/home/yellowtent/platformdata/logrotate.d
32K	/home/yellowtent/platformdata/addons
8.0K	/home/yellowtent/platformdata/acme

2. Realized that when I listed out the /home/yellowtent/platformdata/logrotate.d/ directory, I suddenly had many more app configs listed in there than there was yesterday. Yesterday there was 5 apps only, today there were many (if not all of them at quick glance):

ubuntu@my:~$ ls -alh /home/yellowtent/platformdata/logrotate.d/
total 108K
drwxr-xr-x  2 root       root       4.0K Feb  9 04:22 .
drwxr-xr-x 15 yellowtent yellowtent 4.0K Dec  9 04:03 ..
-rw-r--r--  1 root       root        946 Feb  9 04:13 0e55f920-98bd-4ff6-b591-7254c28451c0
-rw-r--r--  1 root       root        946 Feb  9 04:22 11c6fe46-82ff-4ea4-b816-3b78a962d048
-rw-r--r--  1 root       root        946 Feb  9 04:14 1c4fd6e4-09ed-4628-a2f4-0938312536f5
-rw-r--r--  1 root       root        946 Feb  9 04:13 24bff5cf-736c-49a2-a0aa-87e59131c4b6
-rw-r--r--  1 root       root        946 Feb  9 04:12 28f810a3-2d17-4e45-b0f8-e581528ac4ba
-rw-r--r--  1 root       root        946 Feb  9 04:10 3167ef7d-e4c2-4072-8e11-8de49c5db970
-rw-r--r--  1 root       root        946 Feb  9 04:08 38f883dc-4047-4237-a6a1-3ecd77efcde9
-rw-r--r--  1 root       root        946 Feb  9 04:09 47164e82-f1d2-4fae-9959-507062614906
-rw-r--r--  1 root       root        946 Feb  9 04:14 83d329e1-6571-46e5-b14f-07477b8f2aac
-rw-r--r--  1 root       root        946 Feb  3 04:00 8732aed0-273e-49f5-837f-cd9c600bf7b9
-rw-r--r--  1 root       root        946 Feb  3 04:00 9fdedb7f-1bd4-42f6-a7e8-9831df9da8dd
-rw-r--r--  1 root       root        946 Feb  9 04:12 b6fa7dcd-1d93-4786-82e0-90a634f8c3a7
-rw-r--r--  1 root       root        946 Feb  9 04:09 be3840f0-458e-4bd8-8d18-34120ebdfce4
-rw-r--r--  1 root       root        230 Feb  2 16:21 box
-rw-r--r--  1 root       root        946 Feb  9 04:15 c6a63a87-aa45-4281-b4ad-e65c85817f5d
-rw-r--r--  1 root       root        946 Feb  9 04:15 cf1d5c7c-d4f0-4c32-ada8-e25ab025bd3d
-rw-r--r--  1 root       root        946 Feb  9 04:09 d0d6e4ea-36e2-42df-ae47-c59a6d5bf60d
-rw-r--r--  1 root       root        946 Feb  9 04:14 d2df514f-18f6-4e4e-84a1-69bd6360765c
-rw-r--r--  1 root       root        946 Feb  9 04:14 d2e46149-3287-4944-8e86-1c9a03e12641
-rw-r--r--  1 root       root        946 Feb  9 04:14 dc527d19-aced-44fa-bae1-a0b22c358a44
-rw-r--r--  1 root       root        946 Feb  9 04:12 de175741-ee83-4085-b04f-a0048cbdf493
-rw-r--r--  1 root       root        946 Feb  3 04:00 ea2ee30a-8d3b-4a3b-8817-19b0f1e17bd7
-rw-r--r--  1 root       root        946 Feb  9 04:13 f1fe6d67-0897-4063-bc76-0ef7256bac7a
-rw-r--r--  1 root       root        946 Feb  9 04:14 f2dbde27-0159-4e28-803e-7a3fc21450fb
-rw-r--r--  1 root       root       1.1K Feb  2 16:21 platform

3. Digged further into the logs usage and found that one app in particular was using significantly more than the rest:

ubuntu@my:~$ sudo du -ch -d 1 /home/yellowtent/platformdata/logs | sort -hr
592M	total
592M	/home/yellowtent/platformdata/logs
204M	/home/yellowtent/platformdata/logs/d3121e48-4196-48fe-907d-ee831e11ce5c
76M	/home/yellowtent/platformdata/logs/e50f78c7-da6e-4036-a1a3-0cc934448cf1
72M	/home/yellowtent/platformdata/logs/e18fa18b-b176-4b25-bf78-4d82c022b0f5
37M	/home/yellowtent/platformdata/logs/c40f9f5f-037c-4a1d-8538-f1f4d4b82f5d
22M	/home/yellowtent/platformdata/logs/turn
11M	/home/yellowtent/platformdata/logs/f1fe6d67-0897-4063-bc76-0ef7256bac7a
11M	/home/yellowtent/platformdata/logs/11c6fe46-82ff-4ea4-b816-3b78a962d048
11M	/home/yellowtent/platformdata/logs/0e55f920-98bd-4ff6-b591-7254c28451c0
9.8M	/home/yellowtent/platformdata/logs/1c4fd6e4-09ed-4628-a2f4-0938312536f5
9.6M	/home/yellowtent/platformdata/logs/47164e82-f1d2-4fae-9959-507062614906
9.4M	/home/yellowtent/platformdata/logs/f2dbde27-0159-4e28-803e-7a3fc21450fb
9.1M	/home/yellowtent/platformdata/logs/c6a63a87-aa45-4281-b4ad-e65c85817f5d
8.6M	/home/yellowtent/platformdata/logs/dc527d19-aced-44fa-bae1-a0b22c358a44
8.5M	/home/yellowtent/platformdata/logs/d2e46149-3287-4944-8e86-1c9a03e12641
8.4M	/home/yellowtent/platformdata/logs/d0d6e4ea-36e2-42df-ae47-c59a6d5bf60d
8.1M	/home/yellowtent/platformdata/logs/492b4264-fea8-4d52-bbe6-1f15ce72c53a
7.2M	/home/yellowtent/platformdata/logs/mail

4. I noticed that app d3121e48-4196-48fe-907d-ee831e11ce5c was the Radicale card/calDAV app. I then checked the list of logrotate app configs and sure enough that one was missing from the list as you can see above in #2.
5. I followed the steps suggested by @girish and that was then successful in creating the new logrotate for Radicale app, and then I ran logrotate again and it of course cleared even more space now. This lead me to see the following usage afterwards (took the Radicale log usage from 204 MB to 53 MB now):

ubuntu@my:~$ sudo du -ch -d 1 /home/yellowtent/platformdata/logs | sort -hr
272M	total
272M	/home/yellowtent/platformdata/logs
76M	/home/yellowtent/platformdata/logs/e50f78c7-da6e-4036-a1a3-0cc934448cf1
72M	/home/yellowtent/platformdata/logs/e18fa18b-b176-4b25-bf78-4d82c022b0f5
53M	/home/yellowtent/platformdata/logs/d3121e48-4196-48fe-907d-ee831e11ce5c
37M	/home/yellowtent/platformdata/logs/c40f9f5f-037c-4a1d-8538-f1f4d4b82f5d
8.1M	/home/yellowtent/platformdata/logs/492b4264-fea8-4d52-bbe6-1f15ce72c53a
368K	/home/yellowtent/platformdata/logs/turn
136K	/home/yellowtent/platformdata/logs/f1fe6d67-0897-4063-bc76-0ef7256bac7a
88K	/home/yellowtent/platformdata/logs/24bff5cf-736c-49a2-a0aa-87e59131c4b6
76K	/home/yellowtent/platformdata/logs/1c4fd6e4-09ed-4628-a2f4-0938312536f5
64K	/home/yellowtent/platformdata/logs/mail

6. I then looked at the new #1 consumer app ID e50f78c7-da6e-4036-a1a3-0cc934448cf1 which was associated to Matomo, and it too was missing a logrotate config file.

I realized at this point that Matomo had an app update associated with it currently in my Dashboard. Yesterday when I only saw 5 apps, the vast majority of the apps at that time also had updates pending (WordPress makes up around 12-15 of my app instances, then Roundcube was one, plus Bitwarden was another, so had roughly 14-17 or so apps with pending updates at that time which I then updated last night). This makes me suspicious that possibly an app having a pending app update somehow removes it's logrotate configuration file. It kind of explains why I only saw a few apps listed yesterday, as well as why it recovered so much more disk space today when all those apps were updated last night and today their logrotates suddenly existed again. To be fair though, it doesn't explain why Radicale didn't have one today as Radicale hasn't been updated in a while and no pending app updates for it, so that's the one app that goes against my theory.

Either way... I see issues here with missing logrotate configs. And that's of course on top of the disk space concern, however I suppose if everything was running properly with logrotate my main concern may be a moot point by then. So the root cause of all of all of this may simply be missing logrotate configurations for apps.

I should add... I haven't updated Matomo yet, in case the Cloudron team wanted to connect to my server to do that update and see if logrotate suddenly exists afterwards, in case that helps at all with troubleshooting.

@onlybro For me I run a freelance business for web design and web hosting / email hosting, and more. So I use Cloudron to make managing the whole experience better. Better for me, better for my clients.

I run and support servers as my day-job so I'm very familiar with how to do it, but it's also a real time sink when trying to run a business on top of it, plus the day-job and social life (prior to the pandemic, lol) and more. So Cloudron saves me a ton of time overall which I most appreciate. I used to run everything in Docker containers manually but with some help from Portainer, and while it worked, it just made generally keeping everything up-to-date and managing it much more difficult to do manually, which is where I found Cloudron as a solution.

Where Cloudron really shines for my use-case:

• Managing users (groups, password resets, etc) and the 2FA ability too
• Solid mail server uptime and functionality (though lots of room for improvement )
• The adapted CI/CD workflow is great... Example: I have my client's production websites running, if they need a major change that I need to test first I quickly clone their website from the app backup, make the changes in staging, then once finalized I push it back to production. Only a minute or two of downtime needed when pushing back to production, and makes the whole flow much easier, saving time for me and makes the customer happier as they see more solid uptime and responsiveness
• Security is basically a "default" in Cloudron, so no need to constantly setup and maintain various firewall rules, DNS records for SPF, DKIM, rate limiting included, and more.
• Speaking of DNS... while I currently have opted for the wildcard approach, I used to use it for DigitalOcean and it was a huge time saver at the time when getting things initially setup. It's possible I may go back to managing it in DO too via Cloudron's API integration to DO.
• Many other areas, not to mention the community and team behind it, it's a great product that I hope will succeed long into the future.

For me, since I have paying clients, I rent a server at OVH in Canada, since it means more uptime and less chance of things like power outages, fires, etc (though OVH didn't escape too well in their one region from a fire that broke out in some old infrastructure) compared to the likelihood of those issues if I was running it from home. It also makes it easier to quickly expand on-demand things like disk size compared to having to order in a new disk, manually add or replace it, etc at home. Basically just much better for adaptability and general performance and functionality. However if I was running it just for myself and not paying client's, I'd likely just run a server at home.

+1 for IPv6. Had a situation come up recently where IPv6 would have (apparently) resolved it when it came to email block lists. Of course the easier workaround for me is to use a mail relay instead of the built-in SMTP server, but IPv6 was a second alternative presented by OVH who is responsible for the IP range mine was included in.

@artd2019 Currently Cloudron does not offer (a documented) "whitelist" / "allow list" function, so there is no way to guarantee deliverability of an incoming email. There is a feature request for it already that I'd encourage you to upvote. Version 6.3 coming in the not too distant future is supposed to deliver on many of the email improvements users have been clamouring for (including myself).

One thing you can do if you're not already is making sure to remove those emails from the Junk / Spam folder in order for SpamAssassin to unlearn the message as spam. Eventually after a sufficient number of them, it'll learn that those emails are not spam and will decrease the BAYES probability of it being spam.

On a related topic, you may want to consider enhancing your SpamAssassin rules list from the defaults, specifically in your case the BAYES_## rules perhaps as I have offered previously in this forum.

I'd like to request a minor improvement to the status bar when the Cloudron server is performing a backup.

Currently, it appears to move forward on each app step, presumably knowing it has "20" steps for example and dividing the bar by 20. However, in my case I have many small apps but 20+ GB of emails (included in boxdata). So in my case, it often appears like it's "almost done" (like 90-95%) judging by the green bar when in fact it is maybe only 30-40% done uploading all of the data for the backup.

Assuming this is possible, I think it'd be nice to improve the accuracy of the status bar to more align with the amount of data it has to upload so that it is more accurate to how far in the process it really is. I assume this means it'd need to do a quick scan prior (which presumably it already knows since it shows in the System Info page), and then divide it by how many GBs it needs to upload.

Hope the above makes sense. It's definitely a minor / low priority for sure, because I admit most times people aren't watching the status bar, haha, but I do when I'm preparing for a large maintenance window, waiting for the backup to finish before I proceed with the maintenance.

I'd like to request the ability for Cloudron to not forward on mail to a mailing list recipient if it's identified it as spam.

Context behind feature request:

I have a particular recipient who checks their email on iCloud.com but has a domain I host for them too which is simply a bunch of mailing lists that forward to their iCloud.com accounts.

They’ve been getting a lot of spam lately. Thankfully Apple blocks most of it so they don’t really see the extra spam, but in my mail server logs I see that there are frequently messages sent which the system identifies as spam (and obvious spam at that - see log below), but still forwards it on anyway. This then causes Apple to send a bounce which my mail server forwards on and basically goes in a bit of loop.

For multiple reasons, I’d like the system to not forward messages to mailing lists when it it identifies the message as spam. Ideally also the ability to set a threshold number to avoid false-positives. Some reasons include:

• unnecessary resource usage of the mail server
• risk of being blocked by receiving mail server as sending spam (this is the biggest reason IMO)

{
  "ts": 1615659016646,
  "type": "queued",
  "direction": "inbound",
  "uuid": "080BB72D-E208-4C11-8CA0-080450DC03E6.1",
  "remote": {
    "ip": "162.215.212.45",
    "port": 45066,
    "host": "162-215-212-45.unifiedlayer.com",
    "info": "162-215-212-45.unifiedlayer.com",
    "closed": false,
    "is_private": false,
    "is_local": false
  },
  "authUser": null,
  "mailFrom": "<SRS0=326c=IM=worldmap2100.info=WORLDMAP210020210313@<domain>.<tld>>",
  "rcptTo": [
    "<<username>@<domain>.<tld>>"
  ],
  "details": {
    "spamStatus": "Yes, score=20.8 required=5.0 tests=BAYES_99,BAYES_999,  \tCK_HELO_DYNAMIC_SPLIT_IP,DYN_RDNS_AND_INLINE_IMAGE,  \tFREEMAIL_FORGED_REPLYTO,FREEMAIL_REPLYTO_END_DIGIT,FROM_LOCAL_DIGITS,  \tFROM_LOCAL_HEX,GB_FREEMAIL_DISPTO,GB_FREEMAIL_DISPTO_NOTFREEM,  \tHELO_MISC_IP,HTML_IMAGE_ONLY_04,HTML_MESSAGE,HTML_SHORT_LINK_IMG_1,  \tIMG_ONLY_FM_DOM_INFO,KHOP_HELO_FCRDNS,MIME_HTML_ONLY,  \tRCVD_IN_BL_SPAMCOP_NET,RCVD_IN_MSPIKE_BL,RCVD_IN_MSPIKE_L5,  \tRCVD_IN_RP_RNBL,RDNS_DYNAMIC,SPF_HELO_NONE,TVD_RCVD_IP,T_SPF_TEMPERROR,  \tURI_HEX autolearn=no autolearn_force=no version=3.4.4",
    "message": "Message Queued (080BB72D-E208-4C11-8CA0-080450DC03E6.1) (080BB72D-E208-4C11-8CA0-080450DC03E6.1)"
  }
}

I'd like to request that we expose the message queue. Most dedicated mail server software allows for the ability to view the outgoing queue and clear the queue or individual messages too.

Having this ability means bounce backs to invalid email addresses caused by spam can be cleared out instead of being tried repeatedly for days, as just one example.

Admittedly this will be more useful for those running Cloudron with very active mail server usage which I suppose is in the minority of users, but would still be nice to have for those who are heavily relying on the mail server in Cloudron.

Based on the post around "Old backups persist", I'm filing this feature request where the focus is on improving the backup page of each app, specifically retention-related items.

It isn't clear (especially to new users) that backups will be retained outside of their set retention policy due version upgrades or other designated exceptions to the rule as seen in the documentation. Right now, it's just not very intuitive to users and even myself as an experienced user I find I need to be reminded of this periodically too as it's just not an obvious exception to the retention policy when backups are kept outside of it. I propose that we aim to clear this all up for new users as well as experienced users.

One idea I'd like to propose is a little icon next to each backup that's designated to be an exception to the retention policy (i.e. version upgrades, etc). Perhaps the Info icon would be best suited for this task, or the question mark icon. Then when hovered over it or clicking on it, it'd display a small floating window which explains why the particular backup is kept beyond the retention policy, and links to the documentation for it too. If this isn't feasible to do beside every backup that falls outside the retention period, then maybe just a single one in the upper right corner or something of the Backups page which gives some highlight information and links to the documentation for retention policies.

I believe the above would server as a good reminder and tip for users who are wondering why their backup is sticking beyond the set retention policy.

This logic likely needs to be applied to both the app backup page and system backup page.

---

Additionally - and this one may just be me - I find the actual definitions of the retention policies quite unintuitive. It may be wise to have an info box there too that explains the different options or links to the docs to explain it there instead. This is definitely a minor one though as I feel most people would look at the docs to understand them since it's not super obvious to begin with, but just something to consider too. Or perhaps renaming the actual values to be more explanatory to a user, might be a better approach on this one too. Maybe "7 daily" could be "(1/day * 7 days)", I don't know maybe that makes it worse though. haha

@jdaviescoates Ah sorry I didn't see this sooner. Yeah my customers definitely enjoy the reports. I send them out monthly though, not daily. Here's some notes if this helps at all

• Running Matomo server in Cloudron (of course, lol)
• Enabled tracking of a dozen+ WordPress websites using the plugin that @humptydumpty mentioned earlier (https://wordpress.org/plugins/wp-piwik/) with what appears to be the same settings too.
  ** I also enabled in that plugin to not count visits from sign-in admin users, I feel that keeps me from throwing off the analytic data a bit whenever I'm making a bunch of changes to the site where I'm needing to load up all the pages to check stuff in.
  ** I also enabled the 404 and Search Results tracking in the plugin too, which just makes it easier to tell 404 pages and such in the backend results in Matomo server as it highlights them better.
• I've got monthly reports setup from Matomo which go to the website owners on the first of each month. Here's a screenshot of what I'm sending them if this helps (some get more data if they request it but these are basically my default report styles):
  
  
  
• I have it set to send monthly reports, with a month report period, and via email using HTML instead of PDF. I can't recall why exactly I chose HTML, I think it was just easier for my clients when it was all in the email itself rather than as a PDF (it isn't like they're really filing them away where they need PDFs anyways), it looked nicer that way too and was more readable for them.
  
• I don't have any additional third-party plugins in Matomo, just using the base install.
• For the Geolocation setup, I've got it set with this one below, I found this one to be the most accurate for me and my clients:
  
• I've set the IP addresses of UptimeRobot (which I currently use to monitor my client websites and other services) to be excluded from the analytics. Though I heard this may not be necessary as they supposedly don't trigger the Javascript code from running, but I figured may as well be safe than sorry. UptimeRobot has a TXT file so it's super simple to add them all in with just a copy + paste.

Hope the above helps.

Was wondering if there was a way (in the future, I know it's not currently possible) to implement it so that if I backed up my Managed WordPress app for example, I could restore it into the Unmanaged/Developer WordPress app instead. And vice-versa.

This request would make it super easy for customers running Wordpress on Cloudron to migrate between packages. While this is easy enough with All-In-One Migrator plugin, it does come with some hiccups / caveats that people need to be aware of, and if it were possible to simply backup one app and restore in the other, it'd be far easier I suspect especially for newer people. I figured it might be possible with some modifications to make this happen, especially now that there's pretty much feature parity between the packages from the changes made earlier this week. Because in the end, they're the same app, just different ways they were packaged, right?

I realize it may not be technically possible or may be way more work than it's worth to implement, but figured no harm in asking. Thank you in advance if this can be made possible.

FYI - I of course already tried it, haha, and it works up until it tries to restore redis, and it can't find a redis file so it fails at that point (since managed didn't have redis integration. but unmanaged/developer does).

A couple of those are still relevant, particularly Yoast and All-In-One SEO and SEOPress. But there is a newcomer that is quickly gaining ground and very popular lately too: Rankmath.

My recommendations (especially if you don't have crazy unique needs) is to use either RankMath or SEOPress. They are my favourites so far. I've used Yoast before and it's pretty decent, but they charge an arm and a leg if you want additional features (they're way more expensive than the rest - to be fair they are the most established though too so they probably are fine sine large companies won't care about the price and want a reputable brand). So if you need to go to a "pro" level too, SEOPress is the cheapest, and then Rankmath, and both are far cheaper than Yoast. Generally speaking though most SEO plugins work just fine if the needs are basic as if most people's needs for most small business websites (unless they have multiple locations).

@murgero You're right, it'd likely be less of a burden if moving just to Debian. My comment however was made explicitly stating CentOS as the target OS rather than Debian (that would be my preference only as I'm more experienced with it, but Debian works too).

Looks like a great release! I’m most looking forward to Multihost support and being able to restore without having to make DNS changes before hand. Plus of course the updates to MySQL and such. Excellent news!!

@mehdi To be clear, I agree that it’s “just fine” too. It works and it gets the job done. That’s the main thing after all - that it works.

I just would have expected the behaviours to match between when we deploy a custom app update and when the Cloudron teams deploys an app update, if nothing more than for consistency sake. That would be my preference too.

I’m really happy with how app updates work when pushed from the Cloudron team, and I see no reason why we shouldn’t have that same capability. I’d love to execute my custom app updates in the same manner. Maybe there can even be a switch in the CLI for whether to make all apps aware of the updated image or just one app so we can get the best of both worlds.

You don’t necessarily have to agree, just giving my two cents on what I’d like to see and why.

Maybe as an alternative to the "open source" filter idea, it could be filtered on if it needs a paid license to run the program as-is? Of course there are always paid support options and paid add-ons/features, but as long as the base product which ships as-is requires a license or doesn't require a license, it'd be good to know that so people don't deploy Confluence for example assuming they can use it like most of the other apps for free and then realize they need to pay for it.

But assuming we go with the "open source" filter idea, my two cents to address the concern from @luckow is that as long as the base project/app has it's source code available, then it's tagged as open source. Because paid add-ons and paid support plans for the app doesn't diminish the open source nature of the original base project. Right? Maybe I'm missing something but it seems to me it'd be something fairly simple like that where we only look at the base project. Add-ons that aren't open source doesn't necessarily "void" the open source nature of the base project/app.

I've been using Cloudron for serving mail for about 15+ domains, and all has worked quite well overall. I'd say go for it if you're comfortable with managing a mail server.

Was in there for about 10 minutes, had to leave to my full-time job as I had a meeting starting, haha. Very cool stuff! Love the idea of that app. Was nice to briefly meet some of you guys.

Hello,

I was just thinking as I have about 30 apps now running on my Cloudron (many are just WordPress, not 30 different apps, lol), that it'd be great to see quickly without having to go into each individual app that those which I want auto backups are enabled and those I want disabled are in fact disabled.

Having a list somewhere would be great. I was thinking it'd be very useful perhaps adding a section on the Backup page that calls out any apps that are currently set to be disabled in auto-backups, so that anyone who's about to go in and do a manual backup for the whole system can see at a glance which apps may not be included or are otherwise disabled for backups.

Would anyone else find this useful? Is it possible something like this can be added to the Backup page in Cloudron?

Great question! I'm currently a Senior Technical Support Engineer for a large Fortune 150 tech company, that's my day job. My roles before that were more sysadmin oriented for two smaller companies. Then I run my own business (freelance work) for web design & hosting, email hosting, tech support, etc. for local small businesses and individuals. That's where Cloudron comes in for me, it's basically for helping me save time while I manage customer websites and emails, etc. and so far I'm quite impressed with Cloudron and the team behind it.

Sorry I couldn't make it to the meetup today, but glad I was able to at least meet a couple of you yesterday. Love that group photo of you guys

As I have a few mailboxes growing quickly for their business, while I have plenty of space left on my main SSD, I'd like to be able to dedicate (and move mail) storage to an external mounted disk. From what I can tell, this isn't possible to do yet in Cloudron (but please correct me if I've missed it).

It seems like a natural extension of the already-existing app storage in custom directories feature, so I naturally assumed I could do this already for mail but it doesn't appear to be the case. I would love to see the ability to move and store mailbox data on an external disk in the near future.

+1 for having the ability to schedule reboots straight from Cloudron (in local time zone that's set of course rather than having to factor in UTC). I was just going to file a feature request for this and found this so figure I'd just add my two cents to it. Would love to see this, ideally it can be done from the System page with the Reboot button where it pops-up and allows it to be done right away or to schedule a reboot in local time, and also maybe even straight from the notification where it mentions a reboot is required for security updates. I'll settle for it just on the System page though for the Reboot button action.

Side note: The text on the Reboot button after clicking it states "Use this only when you experience unexpected behavior. All services and apps will be automatically started." but I think this needs to be changed, because the main reason one is rebooting is probably for the security updates, which has nothing to do with it being "unexpected behaviour" only. Perhaps it could be written in this way: "Use this when you experience unexpected behaviour or need to apply security updates. All apps currently running will be automatically started when the reboot is complete." I'll maybe submit this change in your box repository on git, as I like doing the smaller things that I'm capable of as I'm not a big programmer. haha

@imc67 This is easy to do manually in the meantime, but yes I agree it'd be awesome to have this process sort of automated. For me it's mostly just email I focus on that's likely to change between backup and restore, so I do a full system backup and once it gets to the "box" part of the backup I disable the mail container so that it won't receive mail after the backup. Helps a lot. Of course doing this if you have clients relying heavily on email like I do then it means you have to do this in the middle of the night though lol. The ability to automate this process would be awesome.

It looks like all directories in the File Manager are listed as '4 kB' under size. Which might be true for the folder itself, but it doesn't factor in the files within the folder. Ideally, I'd expect a folder size to display the size of all of the contents within it.

@thetomester13 It'd be awesome if they can somehow get around the 4 Kb thing so we know what the total of the folder is, but just for reference (you may already know this) this is how Linux works too when you run a command like "ls -alh", so at least the behaviour is consistent with the file system commands. Though I personally wish neither of them would work that way, haha, and work the way you suggested where it totals everything up.

Quick feature request: Change the colour codes in the Mail page for domains. If a domain is set for "Outbound only", it shouldn't be red as at least to me red means misconfigured or on a blacklist / wrong DNS, etc. Maybe it could be just a different (lighter) shade of green? Or at least a change to yellow if we're talking just "street light" colours... although yellow to me also means I need to double check something, so I'm not sure if yellow is the right colour to use. Maybe blue? But definitely not red.

We should only be using red for "critical issue" or "error" or "misconfiguration", that type of thing. My two cents.

As you can see from my screenshots, I have many domains I manage, and everytime I see red my heart skips a beat. lol.

@girish That would be ideal! In fact if that can come in the next couple of months, I'll hold off my own DNS change until that's there. Because the whole "my." doesn't really conform to the standards that people expect when they need to enter in their server names for a mail server. I'd definitely love if Cloudron could use it's own "mail" subdomain and it's own certificate for the mail server portion so that I can still have clients connect to mail.<domain>.<tld> without impact since that's what I have told a dozen or so to do already over the last 1.5 years.

---

And no, the decision wasn't anything to do with Cloudron or DigitalOcean really. My main reason for the move away from DigitalOcean isn't anything to do with Cloudron or DigitalOcean. If you're curious... the decision was mostly for two reasons:

1. A movement from both myself and my clients to keep everything (as much as possible) in Canada. And my current DNS provider (LunaNode) has their infrastructure in Canada only (well France too, I believe). It's one of those "shop local" sort of things.

2. The DNS provider I currently use has a great feature that I can take advantage of in the future when running a secondary Cloudron server as a mirror image of the first one (waiting for that clustering capabilities in the future, hint hint haha). The advantage is that they have monitoring tools I can use, and based on those monitoring tools they can automatically update DNS records to the other IP address if monitoring detects one of the servers as "down" for whatever reason. To me this is like the health checks in load balancing, but I don't have to pay for load balancing with this solution. I see this as a further advantage to using LunaNode for the DNS management.

So yeah, nothing to do with Cloudron or DigitalOcean really, so no worries there. Just a decision made for various reasons (the biggest two above, but also a bit of my own OCD and others haha).

---

I will keep my primary domain on DigitalOcean then for now if you think the SSL cert for the mail subdomain would arrive in the next couple of months. Because I think that's a fantastic idea, and I think that was something I mentioned or questioned back when I started using Cloudron because I was so surprised that it had to be "my." as that's not something that conforms to the standards of mail server hostnames, and I wanted to keep things more standard for my clients to avoid having to explain non-standard implementations. I say standard loosely here as I realize there's no official standard, but it's more a de-facto one that mail. is the subdomain to use, or imap., etc.

Hope that helps.

Found this today, which may be helpful to some before we switch over to v5: https://youtu.be/NgwCxIMry54

@girish I think I'm referring to the other part. @necrevistonnezr is saying that when he hit update, it started to backup the app which he didn't want because it was set to have backups disabled. Unless I misunderstood, but I would think in that scenario if the app has backups disabled then the "Skip backup" option when updating an app should be enabled by default, right? Or did I misunderstand? Sorry if I did. Been a crazy day today lol.

@Hillside502 Oh yes, I actually just realized late last night that a couple of them were in fact not set properly with the DNS records. I meant to update this thread but forgot because it was so late. This thread can basically be ignored or marked as resolved. A little embarrassed that I didn’t realize this before I bothered posting. haha.

Hi guys,

I checked for the version update (5.5) yesterday evening and it was there. However because of the major changes to the databases and the criticality of some of the apps running in my Cloudron, I opted not to install it. However I logged in this morning and saw it was installed overnight.

Shouldn't pre-release builds (at the very least) be installed only when fully intentional / directed by the admin user? In other words, if I check for a release and see one available but realize it's a pre-release and therefore don't directly hit the Update Now button, I would expect that it does NOT update, but unfortunately it still did during the night.

I think this is a bug and needs to be fixed. I know this may relate to the forum post where we requested the ability to install pre-release builds, and I still want that functionality, but I feel like it follows the exact same format as the full stable release where it gets pushed once Cloudron knows about it.

Pre-release builds should not be updated automatically, IMO.

Actually I just ran some more tests and found out that a CNAME record isn't even needed. Since my DNS records for the domains I manage are wildcard (i.e. no A records for individual services, but is just the * and @ DNS records to the IP address), it seems I can actually throw in anything I want. So I tested for example whatever.<domain>.ca and still put in the username and password and it was accepted by the SFTP server.

This is interesting as I expected it'd only respond to my.<domain>.<tld> but I suppose that isn't the correct understanding because if it were a CNAME record all it'd be doing anyways is looking up the associated A record and hitting the IP.

I think this works because the lack of certs needed for the handshake. This is strange to me though... am I understanding the above correctly?

Just my personal opinion and might be unpopular, but I think this ultimately should be up to the users to setup their own filtering as they desire. Because that's all this is, it's just pre-set filters when you come down to it. It's easy enough for users to make their own. I think the time of the Cloudron developers are probably better spent elsewhere.

I ran the logrotate -f /etc/logrotate.conf command as suggested, and it went from 4.1 GB (this morning) for logs to 1.7 GB, so removed around 60% of it roughly. Personally I still think 1.7 GB is a lot (I mean it's just plain text files), but much more reasonable than over 4 GB, lol.

I then looked into the logrotate.conf file contents, and I see this:

<user>@my:~$ cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# use the syslog group by default, since this is the owning group
# of /var/log/syslog.
su root syslog

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# uncomment this if you want your log files compressed
#compress

# packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
    missingok
    monthly
    create 0664 root utmp
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0660 root utmp
    rotate 1
}

# system-specific logs may be configured here

include /home/yellowtent/platformdata/logrotate.d

I then checked the /home/yellowtent/platformdata/logrotate.d/ directory and found ones for basically each app (but only 5 apps in my case, not the 20+ I'm running... is that sign of an issue? Makes me wonder if some apps are logging indefinitely if there's no logrotate set for them...), along with platform and box, etc.

Here's an example of one of the 5 apps set in that logrotate.d directory:

<user>@my:~$ cat /home/yellowtent/platformdata/logrotate.d/3167ef7d-e4c2-4072-8e11-8de49c5db970 
# Generated by apptask

# keep upto 7 rotated logs. rotation triggered daily or ahead of time if size is > 1M
/var/lib/docker/volumes/1db1c5dda83ebf58f62348adcc965eca2ad82585ee912ae0dabc9a06dc3f30a2/_data/*.log /var/lib/docker/volumes/1db1c5dda83ebf58f62348adcc965eca2ad82585ee912ae0dabc9a06dc3f30a2/_data/*/*.log /var/lib/docker/volumes/1db1c5dda83ebf58f62348adcc965eca2ad82585ee912ae0dabc9a06dc3f30a2/_data/*/*/*.log {
    rotate 7
    daily
    compress
    maxsize 1M
    missingok
    delaycompress
    # this truncates the original log file and not the rotated one
    copytruncate
}

/home/yellowtent/platformdata/logs/3167ef7d-e4c2-4072-8e11-8de49c5db970/*.log {
    # only keep one rotated file, we currently do not send that over the api
    rotate 1
    size 10M
    missingok
    # we never compress so we can simply tail the files
    nocompress
    # this truncates the original log file and not the rotated one
    copytruncate
}

The above makes it sound like there should be very little disk usage of the app logs, basically seven 1 MB files and/or one 10 MB file, right? Or have I misread that?

I guess I'm just questioning the whole logs setup... in my opinion over 4 GB is overkill for logs (4 GB of plain text is a LOT of text!), and when running logrotate it brought it to a more reasonable (but still a little high IMO) 1.7 GB in size. Then when I look at logrotate.d custom log rotates set by Cloudron, it seems to only include a few apps and most of my apps are missing from the directory which is a red flag to me... is that expected behaviour?

PS - I realize 4 GB isn't a ton of disk space in the big picture, but I am required to run my servers in Canada and we have far fewer options here, and in many cases (like OVH) the disk space offered is quite low. So 4 GB out of a 50 GB disk offered at OVH for example is basically 1/12th of the disk consumption. Of course I could use something like DigitalOcean but they charge in USD which after conversion is almost double the price of OVH for a comparable specced system, so my choices are limited unfortunately, so several GB of stuff is a larger deal for me than it admittedly may be to most, and I certainly can apreciate that maybe it seems like I'm nitpicking on the logs in that sense. Just trying to do what I can with what I have since disk space is a bit limited in Canada pricing-wise.