Prepare Your System
Preparing OpenEMAIL Docker Host¶
Before you run OpenEMAIL, there are a few requirements that you should check:
When running OpenEMAIL on a Debian 8 (Jessie) box, you should switch to kernel 4.9 from Jessie backports to avoid a bug when running Docker containers with healthchecks! For more details read: github.com/docker/docker/issues/30402
- OpenEMAIL requires some ports to be open for incoming connections, so make sure that your firewall is not blocking these.
- Make sure that no other application is interfering with OpenEMAIL's configuration, such as another mail service
- A correct DNS setup is crucial to every good mailserver setup, so please make sure you got OpenEMAILt the basics covered before you begin!
- Make sure that your system has a correct date and time setup. This is crucial for stuff like two factor TOTP authentication.
Choosing a Linux Distribution for the Docker Host¶
During the creation of this installation guide I used Ubuntu 18.04.2 LTS (Bionic Beaver). Some of the examples shown in this document may largely depend on this Linux distribution. But with a minor adjustment on it you can make it prepare to get working in your Linux distribution of choice as your docker host. It may be Ubuntu, Debian, CentOS, or an another.
Minimum System Resources¶
Please make sure that your system has at least the following resources:
|RAM||2 GiB + Swap (better: 4 GiB and more + Swap)|
|Disk||15 GiB (without emails)|
ClamAV and Solr are greedy RAM munchers. You can disable them in
openemail.conf by settings
Firewall and Ports¶
Please check if any of OpenEMAIL's standard ports are open and not in use by other applications:
# netstat -tulpn | grep -E -w '25|80|110|143|443|465|587|993|995'
There are several problems with running OpenEMAIL on a firewalld/ufw enabled system. You should disable it (if possible) and move your ruleset to the DOCKER-USER chain, which is not cleared by a Docker service restart, instead. See this blog post for information about how to use iptables-persistent with the DOCKER-USER chain. As OpenEMAIL runs dockerized, INPUT rules have no effect on restricting access to OpenEMAIL. Use the FORWARD chain instead.
If this command returns any results please remove or stop the application running on that port. You may also adjust OpenEMAILs ports via the
openemail.conf configuration file.
If you have a firewall in front of OpenEMAIL, please make sure that these ports are open for incoming connections:
To bind a service to an IP address, you can prepend the IP like this:
Important: You cannot use IP:PORT bindings in HTTP_PORT and HTTPS_PORT. Please use
Date and Time¶
To ensure that you have the correct date and time setup on your system, please check the output of
You need to ensure that date and time is accurate. This is required for the operation of openemail as well and accurate system logging.
To check your current time run:
$ timedatectl status
Local time: Tue 2019-03-05 09:17:54 UTC Universal time: Tue 2019-03-05 09:17:54 UTC RTC time: Tue 2019-03-05 09:17:55 Time zone: Etc/UTC (UTC, +0000) System clock synchronized: yes Local time: Tue 2019-03-05 09:17:54 UTC Universal time: Tue 2019-03-05 09:17:54 UTC RTC time: Tue 2019-03-05 09:17:55 Time zone: Etc/UTC (UTC, +0000) System clock synchronized: yes systemd-timesyncd.service active: no RTC in local TZ: no RTC in local TZ: no
systemd-timesyncd.service active: nomeans your system hasn't been configured get it time synced using
To set your system time to sync with `systemd-timesyncd, run:
$ sudo sudo timedatectl set-ntp on
timedatectl status. You will observe that
systemd-timesyncd.service active: yes
$ timedatectl status
systemd-timesyncd.service active: yesas in the below output
Local time: Tue 2019-03-05 09:26:24 UTC Universal time: Tue 2019-03-05 09:26:24 UTC RTC time: Tue 2019-03-05 09:26:25 Time zone: Etc/UTC (UTC, +0000) System clock synchronized: yes systemd-timesyncd.service active: yes
To check to see whether
systemd-timesyncd is running:
sudo systemctl status systemd-timesyncd
If it is not running you will get an output like below.
systemctl status systemd-timesyncd ● systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: inactive (dead) since Wed 2019-03-06 03:18:40 UTC; 2s ago Docs: man:systemd-timesyncd.service(8) Process: 21020 ExecStart=/lib/systemd/systemd-timesyncd (code=exited, status=0/SUCCESS) Main PID: 21020 (code=exited, status=0/SUCCESS) Status: "Idle." Mar 05 09:26:13 mail.openemail.io systemd: Starting Network Time Synchronization... Mar 05 09:26:13 mail.openemail.io systemd: Started Network Time Synchronization. Mar 05 09:26:13 mail.openemail.io systemd-timesyncd: Synchronized to time server 188.8.131.52:123 (ntp.ubuntu.com). Mar 06 03:18:40 mail.openemail.io systemd: Stopping Network Time Synchronization... Mar 06 03:18:40 mail.openemail.io systemd: Stopped Network Time Synchronization.
sudo systemctl start systemd-timesyncd
To see the status of
sudo systemctl status systemd-timesyncd
Your output should be like below
● systemd-timesyncd.service - Network Time Synchronization Loaded: loaded (/lib/systemd/system/systemd-timesyncd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-03-06 03:30:08 UTC; 8s ago Docs: man:systemd-timesyncd.service(8) Main PID: 29018 (systemd-timesyn) Status: "Synchronized to time server 184.108.40.206:123 (ntp.ubuntu.com)." Tasks: 2 (limit: 2361) CGroup: /system.slice/systemd-timesyncd.service └─29018 /lib/systemd/systemd-timesyncd Mar 06 03:30:08 mail.openemail.io systemd: Starting Network Time Synchronization... Mar 06 03:30:08 mail.openemail.io systemd: Started Network Time Synchronization. Mar 06 03:30:08 mail.openemail.io systemd-timesyncd: Synchronized to time server 220.127.116.11:123 (ntp.ubuntu.com).
timedatectl set-ntp true. You also need to edit your
# vim /etc/systemd/timesyncd.conf [Time] Servers=0.pool.ntp.org 1.pool.ntp.org 2.pool.ntp.org 3.pool.ntp.org
Set Up Static IP¶
Ubuntu 18.04 has changed its network interface configuration subsystem with new netplan configuration. The yml syntaxes are used in network configuration.
To configure the network
sudo nano /etc/netplan/50-cloud-init.yaml
network: version: 2 ethernets: eth0: addresses: - 18.104.22.168/20 gateway4: 22.214.171.124 match: macaddress: 0a:17:6b:4f:06:ed nameservers: addresses: - 126.96.36.199 - 188.8.131.52 search:  set-name: eth0
sudo netplan apply
To check your network configuration run
ip addr sh eth0
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 0a:17:6b:4f:06:ed brd ff:ff:ff:ff:ff:ff inet 184.108.40.206/20 brd 220.127.116.11 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::817:6bff:fe4f:6ed/64 scope link valid_lft forever preferred_lft forever
Especially relevant for OpenStack users: Check your MTU and set it accordingly in docker-compose.yml. See 4.1 in Installation Section of this guide.