Skip to main content

Using Docker Engine to Run IndiMail / IndiMail-MTA

IndiMail now has docker images. You can read about installing Docker here. Once you have installed docker-engine, you need to start it. Typically it would be
$ sudo service docker start

To avoid having to use sudo when you use the docker command, create a Unix group called docker and add users to it. When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.
Warning: The docker group is equivalent to the root user; For details on how this impacts security in your system, see Docker Daemon Attack Surface for details.
$ sudo groupadd docker 
$ sudo usermod -aG docker your_username

Log out and login again to ensure your user is running with the correct permissions. You can run the unix id command to confirm that you have the docker group privileges. e.g.
$ id -a
uid=1000(mbhangui) gid=1000(mbhangui) groups=1000(mbhangui),10(wheel),545(docker) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Now we need to pull the docker image for IndiMail. use the docker pull command. The values for tag can be fedora-23, centos7, debian8, ubuntu-15.10, ubuntu-14.03. If your favourite OS is missing, let me know. You can find the list of all images here.
$ docker pull cprogrammer/indimail:tag

(for indimail-mta image, execute docker pull cprogrammer/indimail-mta:tag

You can now list the docker image by executing the docker images command.

$ docker images
REPOSITORY                 TAG                 IMAGE ID            CREATED             SIZE
cprogrammer/indimail       fedora-23           a02e6014a67b        53 minutes ago      1.774 GB

Now let us run a container with this image using the image id a02e6014a67b listed above by running the docker run command. The --privileged flag gives all capabilities to the container, and it also lifts all the limitations enforced by the device cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker. In our case, I want the systemctl command to work and the container run like a normal host.

$ docker run -d -h --privileged a02e6014a67b /sbin/init

I have now figured out the you don't require the --privileged flag. This flag gives the container access to the host's systemd. A better way is to add SYS_ADMIN capability

$ docker run -ti --cap-add=SYS_ADMIN -e "container-docker" -v /sys/fs/cgroup:/sys/fs/cgroup:ro a02e6014a67b /sbin/init

The above will start a fully functional Fedora 23 OS with IndiMail, MySQL, sshd, httpd services up and running.

We can list the running container by running the docker ps command

$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
fd09c7ca75be        a02e6014a67b        "/sbin/init"        38 seconds ago      Up 37 seconds                           desperate_jones 

We now have a running container and can attach to it and use it like any functional host. Run the docker exec command. The -ti option attaches a pseudo terminal and makes the session interactive.
$ docker exec -ti fd09c7ca75be /bin/bash --login
# /var/indimail/bin/svstat /service/*
/service/fetchmail: down 32 seconds
/service/greylist.1999: up (pid 203) 32 seconds
/service/indisrvr.4000: up (pid 178) 32 seconds
/service/inlookup.infifo: up (pid 192) 32 seconds
/service/mysql.3306: up (pid 181) 32 seconds
/service/proxy-imapd.4143: up (pid 191) 32 seconds
/service/proxy-imapd-ssl.9143: up (pid 188) 32 seconds
/service/proxy-pop3d.4110: up (pid 197) 32 seconds
/service/proxy-pop3d-ssl.9110: up (pid 179) 32 seconds
/service/pwdlookup: up (pid 195) 32 seconds
/service/qmail-imapd.143: up (pid 222) 32 seconds
/service/qmail-imapd-ssl.993: up (pid 200) 32 seconds
/service/qmail-pop3d.110: up (pid 212) 32 seconds
/service/qmail-pop3d-ssl.995: up (pid 184) 32 seconds
/service/qmail-poppass.106: up (pid 216) 32 seconds
/service/qmail-qmqpd.628: down 32 seconds
/service/qmail-qmtpd.209: up (pid 153) 32 seconds
/service/qmail-send.25: up (pid 182) 32 seconds
/service/qmail-smtpd.25: up (pid 187) 32 seconds
/service/qmail-smtpd.366: up (pid 208) 32 seconds
/service/qmail-smtpd.465: up (pid 194) 32 seconds
/service/qmail-smtpd.587: up (pid 196) 32 seconds
/service/qmail-spamlog: up (pid 221) 32 seconds
/service/qscanq: up (pid 213) 32 seconds
/service/udplogger.3000: up (pid 211) 32 seconds
You now have a fully functional mail server with a pre-configured virtual domain and a pre-configured virtual user You can use IMAP/POP3/SMTP to your heart's content. If not satisfied, try out the ssl enabled services IMAPS/POP3S/SMTPS or STARTTLS command. If still not satisfied, read the man pages in /var/indimail/man/* :)

You can stop the container by executing the docker stop command.

$ docker stop fd09c7ca75be

You can make your changes to the container and commit changes by using the docker commit command. Learning how to use docker is not difficult. Just follow the Docker Documentation. If you are lazy like me, just read the Getting Started guide.

I am also a newbie as far as docker is concerned. Do let me know your experience with network settings and other advanced docker topics, that you may be familiar with. Do send few bottles of beer my way if you can.

NOTE: There are few defaults for the indimail docker container image
  • root password is passxxx@xxx
  • mysql user, password for indimail is indimail, ssh-1.5-
  • mysql privileged user, password is mysql, 4-57343-
  • password for virtual imap/pop3 account is passxxx
  • password for virtual imap/pop3 account is passxxx

Post a Comment

Popular posts from this blog

IndiMail Installation for newbies in < 10 steps

Installing Indimail using YUM/APT Repository Install OS
openSUSE Leap 42.3
openSUSE Leap 42.2
openSUSE 13.2
openSUSE 13.1
SUSE Linux Enterprise 12 SP2
SUSE Linux Enterprise 12 SP1
SUSE Linux Enterprise 12
Red Hat
Feodra 27
Fedora 26
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
CentOS 7
CentOS 6
Debian 8.0
Debian 7.0
Ubuntu 17.04
Ubuntu 16.10
Ubuntu 16.04
Ubuntu 14.04
Ubuntu 12.04
Click the below URL for Install Instructions Shutdown MySQL if already running and disable MySQL from being started up by the system % /etc/init.d/mysqld stop % sudo chkconfig mysqld off % /bin/rm -f /service/mysql.3306/down
Start IndiMail
% sudo service indimail start Check Servicess
% sudo /usr/bin/svstat /service/* /service/clamd: up (pid 1014) 2985 seconds /service/dnscache: up (pid 1021) 2985 seconds /service/fetchmail: down 2985 seconds /service/freshclam: up (pid 1020) 2…

The AdminClient Protocol

IndiMail provides close to around 300 different programs as part of a flexible Enterprise Messaging Platform. You can carry administer the entire platform with around 45 of these programs. A program called indisrvr(8) provides a way for users to secure execute these commands from any remote location. To execute these programs, you need to have an admin account on the IndiMail server. These accounts can be created by the mgmtpass(8) program. Once you have an admin account on the IndiMail server, you can further restrict users to certain programs using the vpriv(8) program. vpriv can further modify privileges by allowing only certain options within a allowed program.

To execute these programs on the IndiMail server, you need to connect to port 4000 and use the adminclient protocol. The adminclient protocol is described below by showing a conversation between a client and the server 'indisrvr'

s - denotes server
c - denotes client

        s: "Login: "
        c: "u…

Writing Filters for IndiMail

IndiMail provides multiple methods by which you can intercept an email in transit and modify the email headers or the email body. A filter is a simple program that expects the raw email on standard input and outputs the message text back on standard output. The program /bin/cat can be used as a filter which simply copies the standard input to standard output without modifying anything. Some methods can be used before the mail gets queued and some methods can be used before the execution of local / remote delivery.

It is not necessary for a filter to modify the email. You can have a filter just to extract the headers or body and use that information for some purpose. IndiMail also provides the following programs - 822addr(1), 822headerfilter(1), 822bodyfilter(1), 822field(1), 822fields(1), 822header(1), 822body(1), 822headerok(1), 822received(1), 822date(1), 822fields(1) to help in processing emails.

Let us say that we have written a script /usr/local/bin/myfilter. The myfilter program …