Maintain a Mailu server
Upgrading the mail server
First check upstream for changes in the docker-compose.yml
or in the
.env
files. Also, check CHANGELOG.md
for changes that you
might not want to include.
Update your .env
file to reflect the version that you wish to install (if
you are running stable
or latest
, you may skip this and proceed), then
simply pull the latest images and recreate the containers :
docker compose pull
docker compose down
docker compose up -d
Monitoring the mail server
Logs are managed by Docker directly. You can easily read your logs using:
docker compose logs
Docker is able to forward logs to multiple log engines. Read the following documentation for details: https://docs.docker.com/engine/admin/logging/overview/.
Managing of external Let’s Encrypt certificates
When you are not using the embedded letsencrypt
option from Mailu,
you cannot make use of it’s symlink functionality in the letsencrypt/live
directory.
You should take care that after every renewal new certificates are copied to /mailu/certs
and
the nginx process in the front
container is reloaded.
In the case of certbot you could write a script to be executed as deploy hook. Example:
#!/bin/sh
cp /etc/letsencrypt/live/domain.com/privkey.pem /mailu/certs/key.pem || exit 1
cp /etc/letsencrypt/live/domain.com/fullchain.pem /mailu/certs/cert.pem || exit 1
docker exec mailu-front-1 nginx -s reload
docker exec mailu-front-1 doveadm reload
And the certbot command you will use in crontab would look something like:
52 0,12 * * * root /usr/bin/certbot renew --deploy-hook /path/to/script.sh
Migrating an instance
The SMTP protocol has an embedded retry mechanism and multiple MX that can serve a single domain, so that most migration processes or maintenance processes do not require any specific care.
Mailu relies heavily on files for storing everything, which helps the migration process, that can be performed based on file synchronization.
The suggested migration process consists of setting up a new backup server that drops incoming emails (Mailu not started), synchronizing both servers, stopping the main server and launching the backup server. Then, the backup server is switched as a main MX and the old server is deleted.
Prepare your new server, copy your
docker-compose.yml
,.env
and basic configuration files to the server, so that it is ready to start configuration Mailu, do not start MailuSetup your DNS so that the backup server is an additional, deprioritized MX for the domain; this can be complex if you serve many domains, in which case you can simply accept that some remote MX will retry for a couple of minutes, skip this step
While your DNS TTL expires and your modification propagates, start rsyncing your Mailu directory (
data
,dkim
,mail
, etc.) to the new server, repeat until there are only a couple files synchronizedStop Mailu on the old server and run a final
rsync
while no process is writing to the filesStart Mailu on the new server, and production should be back to normal
Set your new server as the main MX for your domains, if you did not set an additional MX, make sure you still change the
A
andAAAA
record for your MX name.