gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44493ebfe3
secubox-openwrt/package/secubox/secubox-app-mailserver
History
CyberMind-FR 44493ebfe3 feat: Add CVE Triage Agent and Vortex DNS, fix webmail login 
New Packages:
- secubox-cve-triage: AI-powered CVE analysis and vulnerability management
  - NVD API integration for CVE data
  - CrowdSec CVE alert correlation
  - LocalAI-powered impact analysis
  - Approval workflow for patch recommendations
  - Multi-source monitoring (opkg, LXC, Docker)

- luci-app-cve-triage: Dashboard with alerts, pending queue, risk score

- secubox-vortex-dns: Meshed multi-dynamic subdomain delegation
  - Master/slave hierarchical DNS delegation
  - Wildcard domain management
  - First Peek auto-registration
  - Gossip-based exposure config sync
  - Submastering for nested hierarchies

Fixes:
- Webmail 401 login: config.docker.inc.php was overriding IMAP host
  to ssl://mail.secubox.in:993 which Docker couldn't reach
- Fixed mailctl webmail configure to use socat proxy (172.17.0.1:10143)

Documentation:
- Added LXC cgroup:mixed fix to FAQ-TROUBLESHOOTING.md
- Updated CLAUDE.md to include FAQ consultation at startup

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-05 12:19:54 +01:00
..
files feat: Add CVE Triage Agent and Vortex DNS, fix webmail login 2026-02-05 12:19:54 +01:00
Makefile feat: Add unified backup manager, custom mail server, DNS subdomain generator 2026-02-05 10:40:32 +01:00
README.md feat: Add unified backup manager, custom mail server, DNS subdomain generator 2026-02-05 10:40:32 +01:00

README.md

SecuBox Mail Server

Custom mail server (Postfix + Dovecot) running in LXC container with mesh backup support.

Features

  • Postfix - SMTP server with virtual domains
  • Dovecot - IMAP/POP3 with LMTP delivery
  • Rspamd - Spam filtering
  • OpenDKIM - Email signing
  • Mesh Backup - P2P backup sync with other SecuBox nodes
  • Webmail Integration - Works with Roundcube container

Installation

opkg install secubox-app-mailserver

Quick Start

# 1. Configure domain
uci set mailserver.main.domain='example.com'
uci set mailserver.main.hostname='mail'
uci commit mailserver

# 2. Install container
mailctl install

# 3. Set up DNS records (MX, SPF, DMARC)
mailctl dns-setup

# 4. Get SSL certificate
mailctl ssl-setup

# 5. Add mail users
mailctl user add user@example.com

# 6. Enable and start
uci set mailserver.main.enabled=1
uci commit mailserver
/etc/init.d/mailserver start

# 7. Configure webmail
mailctl webmail configure

CLI Reference

Service Control

mailctl start      # Start mail server
mailctl stop       # Stop mail server
mailctl restart    # Restart mail server
mailctl status     # Show status

User Management

mailctl user add user@domain.com    # Add user (prompts for password)
mailctl user del user@domain.com    # Delete user
mailctl user list                   # List all users
mailctl user passwd user@domain.com # Change password

Aliases

mailctl alias add info@domain.com user@domain.com
mailctl alias list

SSL Certificates

mailctl ssl-setup    # Obtain Let's Encrypt cert via DNS-01
mailctl ssl-status   # Show certificate info

DNS Integration

mailctl dns-setup    # Create MX, SPF, DMARC records via dnsctl

Mesh Backup

mailctl mesh backup              # Create backup for mesh sync
mailctl mesh restore <file>      # Restore from backup
mailctl mesh sync push           # Push to mesh peers
mailctl mesh sync pull           # Pull from mesh peers
mailctl mesh add-peer <peer_id>  # Add mesh peer
mailctl mesh peers               # List configured peers
mailctl mesh enable              # Enable mesh sync
mailctl mesh disable             # Disable mesh sync

Webmail

mailctl webmail status      # Check Roundcube status
mailctl webmail configure   # Point Roundcube to this server

Diagnostics

mailctl logs         # View mail logs (last 50 lines)
mailctl logs 100     # View last 100 lines
mailctl test user@external.com   # Send test email

UCI Configuration

config mailserver 'main'
    option enabled '0'
    option hostname 'mail'
    option domain 'example.com'
    option postmaster 'postmaster'
    option data_path '/srv/mailserver'
    option container 'mailserver'

config ports 'ports'
    option smtp '25'
    option submission '587'
    option smtps '465'
    option imap '143'
    option imaps '993'
    option pop3 '110'
    option pop3s '995'

config features 'features'
    option spam_filter '1'
    option virus_scan '0'
    option dkim '1'
    option spf '1'
    option dmarc '1'
    option fail2ban '1'

config ssl 'ssl'
    option type 'letsencrypt'

config webmail 'webmail'
    option enabled '1'
    option container 'secubox-webmail'
    option port '8026'

config mesh 'mesh'
    option enabled '0'
    option backup_peers ''
    option sync_interval '3600'

Data Structure

/srv/mailserver/
├── config/          # Postfix/Dovecot config
│   ├── vmailbox     # Virtual mailbox map
│   ├── valias       # Virtual alias map
│   └── users        # Dovecot user database
├── mail/            # Maildir storage
│   └── example.com/
│       └── user/
│           ├── cur/
│           ├── new/
│           └── tmp/
└── ssl/             # SSL certificates
    ├── fullchain.pem
    └── privkey.pem

DNS Records Required

The mailctl dns-setup command creates these records via dnsctl:

Type Name Value
A mail <public-ip>
MX @ 10 mail.example.com.
TXT @ v=spf1 mx a:mail.example.com ~all
TXT _dmarc v=DMARC1; p=none; rua=mailto:postmaster@example.com
TXT mail._domainkey v=DKIM1; k=rsa; p=<public-key>

Ports

Port Protocol Description
25 SMTP Mail transfer (server-to-server)
587 Submission Mail submission (client-to-server)
465 SMTPS Secure SMTP
143 IMAP Mail access
993 IMAPS Secure IMAP
110 POP3 Mail download (optional)
995 POP3S Secure POP3 (optional)
4190 Sieve Mail filtering rules

Dependencies

  • lxc - Container runtime
  • secubox-app-dns-provider - DNS record management
  • acme - SSL certificate automation (optional)
  • secubox-p2p - Mesh backup sync (optional)