MailCow in Production Datacenter
-
HI Scott
'
How did you get Zimbra to work with a nginx proxy? Got nginx proxy to work in testing with a server but not with Zimbra. Also How do you handle spam in zimbra? -
@scottalanmiller said in MailCow in Production Datacenter:
It's been several weeks, I'll start over as I'd like this to work. I'm beyond unhappy that they are going Docker only, but Zimbra is doing the same so there is zero reason to stick with them at this point.
Not to mention Zimbra is so heavy on resources...
-
@Curtis said in MailCow in Production Datacenter:
@scottalanmiller said in MailCow in Production Datacenter:
It's been several weeks, I'll start over as I'd like this to work. I'm beyond unhappy that they are going Docker only, but Zimbra is doing the same so there is zero reason to stick with them at this point.
Not to mention Zimbra is so heavy on resources...
Yeah, Zimbra hasn't done much to sell us on sticky with it. Moving to Docker, which I just learned, really puts the nail in the coffin. I am totally confident that our existing install will be broken and unsupportable.
-
@gtech said in MailCow in Production Datacenter:
HI Scott
'
How did you get Zimbra to work with a nginx proxy? Got nginx proxy to work in testing with a server but not with Zimbra. Also How do you handle spam in zimbra?Zimbra "just worked" with the proxy from my memory. What issue are you getting with it? We use Nginx in front of everything - only things that have had issues with it are Docker containers. Everything else has been pretty transparent.
Right now we use Zimbra's built in spam handling (that has to be manually configured.) It mostly works pretty well. It catches the bulk of things.
-
@Curtis said in MailCow in Production Datacenter:
@scottalanmiller said in MailCow in Production Datacenter:
It's been several weeks, I'll start over as I'd like this to work. I'm beyond unhappy that they are going Docker only, but Zimbra is doing the same so there is zero reason to stick with them at this point.
Not to mention Zimbra is so heavy on resources...
AND that those processes are Java based! I'm not anti-Java, but it is just another PITA component of the system to deal with and start up times are terrible. Reboot and email is down for ten minutes while Java allocates resources.
-
@scottalanmiller said in MailCow in Production Datacenter:
AND that those processes are Java based! I'm not anti-Java, but it is just another PITA component of the system to deal with and start up times are terrible. Reboot and email is down for ten minutes while Java allocates resources.
According to my monitoring rebooting only takes our MailCow down for about 50 seconds!
-
@Curtis said in MailCow in Production Datacenter:
What Distro?
Ubuntu 18.04. We were trying to use the "most recommended" option for MailCow in our testing. Didn't want the distro choice to be considered a problem (especially with Docker which seems to make the distro matter so much more than normal.)
-
Let's start with... what distro is needed for MailCow? What's their Docker built for?
-
@scottalanmiller said in MailCow in Production Datacenter:
(especially with Docker which seems to make the distro matter so much more than normal.)
Isn't one of the major selling point of Docker platform Independence? You can run it on any distro, even Windows?
-
@scottalanmiller I would use Ubuntu 18.04 and start there.
-
@Curtis said in MailCow in Production Datacenter:
@scottalanmiller said in MailCow in Production Datacenter:
(especially with Docker which seems to make the distro matter so much more than normal.)
Isn't one of the major selling point of Docker platform Independence? You can run it on any distro, even Windows?
That's what everyone says about it, but that's not been anyone's experience with it. Docker uses a shared kernel, so if you are using a different distribution or even just a different version of the same distribution as the developers, things randomly break.
-
@Curtis said in MailCow in Production Datacenter:
@scottalanmiller said in MailCow in Production Datacenter:
(especially with Docker which seems to make the distro matter so much more than normal.)
Isn't one of the major selling point of Docker platform Independence? You can run it on any distro, even Windows?
that's one of the horribly false claims that makes for the hype. In the real world, no, it's not platform independent in any way. And no, it can't run on Windows. Windows has to run a Linux VM in the background to handle Docker.
It's these kinds of things that make Docker something I am so wary of in production. I worry that devs think it is platform independent then they make a change and kill it for half their users and have no idea why. The devs don't know how Docker works so can't support them. And the end users used Docker to avoid knowing how things work, so can't fix their own systems. Docker just adds all kinds of pointless effort and risk that doesn't need to be there. All the components under the hood were as platform agnostic or more already. Docker can't remove the limitations already there, it can only carry them through or add more of them!
-
@Curtis said in MailCow in Production Datacenter:
@scottalanmiller I would use Ubuntu 18.04 and start there.
I have used Debian and CentOS; standarizing everything on CentOS
-
@travisdh1 said in MailCow in Production Datacenter:
@Curtis said in MailCow in Production Datacenter:
@scottalanmiller said in MailCow in Production Datacenter:
(especially with Docker which seems to make the distro matter so much more than normal.)
Isn't one of the major selling point of Docker platform Independence? You can run it on any distro, even Windows?
That's what everyone says about it, but that's not been anyone's experience with it. Docker uses a shared kernel, so if you are using a different distribution or even just a different version of the same distribution as the developers, things randomly break.
And that's what blocks Windows. Docker itself can't even run on Windows, let alone the workloads within it. Docker isn't a full VM, only a container. Containers, by definition, aren't distro agnostic, let alone OS agnostic.
-
@travisdh1 said in MailCow in Production Datacenter:
things randomly break.
I agree. I have avoided docker because some things do not seem reliable. And I have applied mailcow updates that break things that should not be broke: I mean what happens makes no sense.
On the other hand, I have moved mailcow from Debian to CentOS within short maintenance windows and docker has eased the process.
Now that I think about it, mailcow is probably the only docker based deployment I have and probably will for some time -
@dave_c said in MailCow in Production Datacenter:
Now that I think about it, mailcow is probably the only docker based deployment I have and probably will for some time
This scares me. Because to me it tells me that MailCow lacks the resources to put out the product correctly, which is mirrored in their statement of stepping away from it full time, and doesn't have a production mindset. Maybe they've gotten lucky in the past that things keep running. But it sounds like they are just getting lucky, not really planning around reliable processes. And that your updates break things seems like what we'd expect from that process.
-
@scottalanmiller The issue is getting Let's Encrypt - SSL Certificates to work behind the nginx proxy. Are you using only the global settings AS/AV? Or are you using other installed tools. Still find spam emails counts are high with just those settings.
-
@gtech said in MailCow in Production Datacenter:
The issue is getting Let's Encrypt - SSL Certificates to work behind the nginx proxy.
DNS based challenges resolve this for most things.
-
@gtech said in MailCow in Production Datacenter:
The issue is getting Let's Encrypt - SSL Certificates to work behind the nginx proxy.
That's a pain but there are multiple ways to handle it. Our proxy gets the certs, Zimbra pulls them from the proxy.
-
@gtech said in MailCow in Production Datacenter:
Are you using only the global settings AS/AV? Or are you using other installed tools. Still find spam emails counts are high with just those settings.
No third party tools, just PyRazr and such that are included and recommended in the Zimbra guides. We find it comparable to the spam we get on O365 or GSuite.