Mailadm server deployment

Proposal

To have an easy to deploy raspberry-pi capable server that can be hosted in a Local Area Network to provide local communications.

The ideal situation would be a SD image of a raspbery pi OS ( like raspbian ) with mailadm and all the software related to it already preconfigured, and a generic hostname predefined ( like chat ), and a web server providing an update version of the deltachat binary (desktop and android).

Opportunities

The LibreRouter provides automatic DNS within the mesh (and in the near future, with the outside world too), so by allowing the deployment of a server that works with deltachat, it would enable reliable communications within the community, and with the outside world too.

Any device that connects over wifi or cable gets an IP and gets registered on the mesh DNS, so anyone can run a service in the community.

An example of this can be seen for Kolibri here: https://hackmd.io/@nicopace/kolibri-on-librerouter

Background

I am Nico from the librerouter.org project. I want to congratulate you all for an amazing project!

I know that deltachat has so much potential… I want to introduce you to a usecase that might not be that common: unconnected or poorly connected communities. I work for rural underserved communities in the global south, supporting their will of connecting to each other and with the outside world.

Would love to hear your feedback.

4 Likes

I have a working local setup on 4GB Raspberry Pi 4 Model B, Raspberry Pi OS Lite, with Postfix, Dovecot and mailadm, mainly used for testing.

How does LibreRouter DNS works? My setup has a hostname raspberrypi and my OpenWrt router exposes it as raspberrypi.lan, but in case of Kolibri the hostname is simply kolibri. Is it the same across the whole mesh or does it appear as a subdomain somewhere?

mailadm is mainly used to create “burner accounts” or testing accounts for automated online tests. It can also create normal accounts with mailadm add-user command, but this requires an administrator to type this command in the console, users can’t use it to register themselves.

Something based on pyinfra or Ansible can be created or an entire image like https://gitlab.com/librerouter/pi-gen, but it’s not clear how users would create accounts in this network.

Maybe LibreRouter has some authentication server and a web interface for user registration which can be integrated with Postfix and Dovecot? Then mailadm is not needed and users can register themselves. I see there are some soporteremoto repositories at https://gitlab.com/librerouter, what is it about?

Related topic about LAN setups for Delta Chat:

Would you kindly guide me through it’s setup? I’ve seen there are some docker images… i guess if it is just:

hostname chat # for the computer to be called chat
apt-get install dovecot-core postfix python-tox python3-pip git make
git clone https://github.com/deltachat/mailadm
cd mailadm
./install_mailadm.sh # it looks there are a few variables that would be good to touch here
# TODO add binaries from https://delta.chat/en/download

I don’t know much about dovecot… is there anything else you would do?

Each LibreRouter works in coordination with the rest in the network. All of them have all the essential services, and they run locally and autonomously, and in coordination with the rest of the nodes in the mesh.
LibreMesh/LibreRouterOS DNS is a DNSMasq instance that works both as a DHCP server and as a DNS server.
When a user device connects to a router and requests and IP address, DNSMasq replies with an IP address and registers the device’s hostname in the DNS records, so anyone connected to that router can call it by it’s name.
And as all the routers are coordinated, this not only happens in one router but in the whole mesh, so anyone in the mesh can refer to that user device via it’s hostname.

When we work with communities, we like to explore ways of deploying infrastructure that are geek-free, meaning that they can use it the easiest and integrate as many users of the community as possible, and then improve it later if they feel they are interested.
I see the burner account is the easiest way for starting with this, as anyone can create an email server and infinite email accounts to each member of the community without having technical knowledge, it reduces the friction of the on-boarding to deltachat for users that have no experience and are in disconnected environments.

They could accesss to a URL like http://chat/newaccount/,where this QR codes is provided, or straight away the possibility to download the DC-account file.

We haven’t gotten into integrating applications too close with the LibreRouter… right now we try to make the routers as geek-free as possible (so communities can understand, deploy, maintain, and expand the network without having to understand the smaller bits)… in upcoming years maybe we dive deeper into integration, though I would personally prefer for this to comfortably sit on top of it :).

It is a tool that will support communities in the organization of their work maintaining the network, and would allow those members that are more tech savvy to support the communities that might not have a tech person in their community, by providing knowledge and guidance based on thier exploration of the issue at hand.

I have some notes I took during installation, but something may be missing in them. I remember there were some permission problems with mailadm database and things like that, looks like I have not documented the fixes here. Also nginx configuration part is missing, but mailadm README.txt appears after mailadm installation and describes the steps required.

Basic mail server configuration

  1. Install dovecot-imapd package. It opens ports 143 (imap) and 993 (imaps). By default system users can use it to access their mail, because Debian enables PAM authentication in /etc/dovecot/conf.d/10-auth.conf via include of auth-system.conf.ext. We will replace it with our own auth-mailadm.conf.ext after mailadm installation. Dovecot is responsible for user authentication, we will configure Postfix server to ask Dovecot for authentication later on.
  2. Install postfix. Select “Internet Site” configuration. Provide hostname, I provided raspberrypi.lan in my OpenWrt network.
  3. In /etc/postfix/master.cf uncomment the following lines:
submission inet n - y - - smtpd                                                            
  -o syslog_name=postfix/submission                                                        
  -o smtpd_tls_security_level=encrypt                                                      
  -o smtpd_sasl_auth_enable=yes                                                            
  -o smtpd_sasl_type=dovecot                                                               
  -o smtpd_sasl_path=private/auth

This enables submission port 587, which speaks SMTP and accepts outgoing mail from users.

  1. In /etc/dovecot/conf.d/10-master.conf uncomment the following lines:
   service auth {                                                                             
     # Postfix smtp-auth                                                                      
     unix_listener /var/spool/postfix/private/auth {                                          
       mode = 0666                                                                            
     }                                                                                        
   }

This is needed for Postfix so it can authenticate users via Dovecot.
5. At this point you should be able to login in Delta Chat using normal unix accounts and send mails between them.

Mailadm configuration

In this part we replace unix users with virtual users and hand over their management to mailadm. For reference check https://wiki.dovecot.org/VirtualUsers and https://wiki.dovecot.org/HowTo/SimpleVirtualInstall

  1. Create vmail user:
   groupadd -r vmail                                                                          
   useradd -r -m -d /home/vmail -s /usr/sbin/nologin -g vmail vmail                           
   chmod 2770 /home/vmail 
  1. Clone mailadm: git clone https://github.com/deltachat/mailadm.git
  2. Install python3-venv and dovecot-sqlite.
  3. Change variables in mailadm/install_mailadm.sh, e.g. MAIL_DOMAIN=raspberrypi.lan and WEB_ENDPOINT=http://raspberrypi.lan/new_email.
  4. Add !include auth-mailadm.conf.ext to /etc/dovecot/conf.d/10-auth.conf. Possibly comment out auth-system.conf.ext for better security if you don’t plan to use system accounts over the network.
  5. Install dovecot-lmtpd.
  6. Add to /etc/dovecot/conf.d/10-master.cf:
   service lmtp {                                                                                          
     unix_listener /var/spool/postfix/private/dovecot-lmtp {                                               
       mode = 0600                                                                                         
       group = postfix                                                                                     
       user = postfix                                                                                      
     }                                                                                                     
   }   

From this point Postifx will deliver mail via Dovecot, because Dovecot knows about virtual users and where their mail folders are.
8. Reload Dovecot config: systemctl reload dovecot.
9. Add to /etc/postfix/main.cf:

   virtual_mailbox_domains = raspberrypi.lan                                                               
   virtual_transport = lmtp:unix:private/dovecot-lmtp                                                      
   virtual_mailbox_base = /home/vmail                                                                      
   virtual_mailbox_maps = hash:/var/lib/mailadm/virtual_mailboxes  
  1. Add export PATH=~mailadm/venv/bin:$PATH and export MAILADM_DB=~mailadm/mailadm.db to admin account .profile.

At this point command mailadm should work.

Wow… that is some boilerplate… thanks for such a detailed instructions!
Will try to get on trying them the earliest, and give feedback here (and maybe automate the image creation using pi-gen so we can have a self-deployable system :slight_smile: .

Dockerfile with Dovecot, Postfix, nginx and virtual user storage on a Docker volume in mailadm repository could help indeed. Something Alpine-based, with plain Postfix and Dovecot config instead of Debian /etc/dovecot/conf.d would be way simpler and easier to maintain than what we have now.

I would like to focus the conversation on ease of deployment from the user side, so wether Docker or not Docker is not the most urgent question, because probably everything would be already set up on an SD card that the user will just plug in and power on.

The usecase I am interested in is the one of a layperson in a rural community, with smartphone usage skills, for them to be able to deploy and use a deltachat setup without having to get into the complications that are embedded within these systems.

Also, a nice plus would be for them to be able to easily customize usernames and domains…

I felt that mailadm would be a good start for that kind of setup.