add haraka files

.gitignore

@@ -85,3 +85,6 @@ Backups/*.sql
 Backups/*.tar
 
 .env
+
+Haraka/dkim/keys/private_base64.txt
+Haraka/dkim/keys/public_base64.txt

Haraka/README.md

@@ -1,108 +1,82 @@
-# SMTP Server Container for OneUptime
-
-This is a simple SMTP server which is used to send bulk emails. This can be used to send email alerts to subscribers and team.
-
-> This will not work on your local machine because email sending is blocked by ISP. You need to run these on the server and test.
-
-## Run a OneUptime Haraka Docker Container
-
-### Setup Private Key (Optional)
+# Build haraka container. 
 
 ```
-# Unix machine
-
-
-# generate private key
-
-openssl genrsa -out private 2048
-
-# Encode it to base64 and export it
-
-export DKIM_PRIVATE_KEY=$(cat private | base64)
-
+sudo docker build . -t haraka:latest
 ```
 
-> If you already have a private key, you can point the export command to it, and export as base64 encoded
 
-### Setup DKIM on DNS TXT Record (Optional)
+# To update a stack
 
 ```
-# Unix machine
-
-# private should point to the private key generated previously
-
-chmod 0400 private
-openssl rsa -in private -out public -pubout
-
-# value of DKIM dns record
-
-echo "v=DKIM1;p=$(grep -v '^-' public | tr -d '\n')"
-
+cd haraka
+sudo docker stack deploy haraka -c docker-compose.yml
 ```
 
-> When setting up the DKIM dns txt record (recommended), the selector should be `oneuptime._domainkey` then the value should be the output of the echo command
-
-### Setup DMARC and SPF DNS TXT Record (Optional)
-
-To setup dmarc for the smtp server, you need to create a new dns record with the following values
-
-| Type | Name    | Content                                                                                  |
-| ---- | ------- | ---------------------------------------------------------------------------------------- |
-| TXT  | \_dmarc | v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:youremail; ruf=mailto:youremail; pct=100 |
-
-> For SPF dns record, you need to setup with appropriate values, if the ip of the smtp mail server is static, you can add that to the spf ip list
-
-### Setup tls Keys (Optional)
+# To restart a service
 
 ```
-# Unix machine
-
-
-# generate tls_cert.pem and tls_key.pem files with there keys
-# this command will open a prompt for you to fill in your details
-
-openssl req -x509 -nodes -days 2190 -newkey rsa:2048 -keyout tls_key.pem -out tls_cert.pem
-
-# Encode your tls to base64 and export it
-
-export TLS_KEY=$(cat tls_key.pem | base64)
-export TLS_CERT=$(cat tls_cert.pem | base64)
-
+sudo docker service update haraka_haraka --force
 ```
 
-> If you already have tls_key and tls_cert for your domain, you can point the export command to the tls files to generate base64 encoded value
 
-## Build Docker Container
+# Send Test Outbound Email
 
 ```
-docker build --build-arg PORT="2525" . -t haraka:latest
+swaks --to hello@nawazdhandala.com --from hello@genosyn.com --server 192.168.1.100 --port 2525 --auth-user homelab --auth-password password
 ```
 
-### Run Haraka SMTP Server
+# Set a domain to send email
+
+
+Generate a DKIM key: 
 
 ```
-docker run -p 2525:2525 -e SMTP_USER="user@oneuptime.com" -e SMTP_PASSWORD="oneuptime" -e DOMAIN="oneuptime.com" -e DKIM_PRIVATE_KEY=$DKIM_PRIVATE_KEY -e TLS_CERT=$TLS_CERT -e TLS_KEY=$TLS_KEY  haraka:latest
+cd dkim
+
+bash generate.sh
+
+cd ..
 ```
 
-> The following envs are optional `DKIM_PRIVATE_KEY`, `TLS_CERT`, `TLS_KEY` and `DOMAIN`
+`public` and `private` files should have been generated inside of `dkim` folder. Please also add DNS and env vars to docker-compose files. Values of that should be shown on the console.
 
-## Test
+
+
+Add an A record: 
 
 ```
-# Install swaks on Linux machine
-
-sudo apt-get update
-sudo apt-get install swaks -y
-
-# MacOS
-
-brew install swaks
-
-# Test
-
-swaks --to jude@oneuptime.com --from support@oneuptime.com --server localhost \
-  --port 2525 --auth-user user@oneuptime.com --auth-password oneuptime
-
+mailer.company.com <IP address or haraka server>
 ```
 
-Check the logs for running container and see if you get a mail in your inbox.
+Set SPF record: 
+
+```
+# Any MX or A servers can send emails. 
+v=spf1 mx a -all
+```
+
+Example: 
+
+```
+v=spf1 mx a ip4:37.26.74.9 include:_spf.google.com include:mail.genosyn.com ~all
+```
+
+Set DMARC record: 
+
+```
+Type: TXT
+Key: _dmarc   
+Value: "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@<DOMAIN>; ruf=mailto:dmarc-feedback@<DOMAIN>; pct=100"
+```
+
+Example: 
+
+
+```
+_dmarc  TXT "v=DMARC1; p=reject; adkim=s; aspf=r; rua=mailto:dmarc-feedback@genosyn.com; ruf=mailto:dmarc-feedback@genosyn.com; pct=100"
+```
+
+
+# Test, Test, Test. 
+
+Use https://www.mail-tester.com/ to test emails. 

Haraka/config/auth_flat_file.ini

@@ -0,0 +1,4 @@
+[core]
+methods=PLAIN
+
+[users]

Haraka/config/dkim_sign.ini

@@ -0,0 +1,3 @@
+disabled = false
+selector = haraka
+headers_to_sign = From, Sender, Reply-To, Subject, Date, Message-ID, To, Cc, MIME-Version

Haraka/config/plugins

@@ -0,0 +1,3 @@
+tls
+auth/flat_file
+dkim_sign

Haraka/config/smtp.ini

@@ -0,0 +1,64 @@
+; address to listen on (default: all IPv6 and IPv4 addresses, port 25)
+; use "[::0]:25" to listen on IPv6 and IPv4 (not all OSes)
+listen=[::0]:2525
+
+; Note you can listen on multiple IPs/ports using commas:
+;listen=127.0.0.1:2529,127.0.0.2:2529,127.0.0.3:2530
+
+; public IP address (default: none)
+; If your machine is behind a NAT, some plugins (SPF, GeoIP) gain features
+; if they know the servers public IP. If 'stun' is installed, Haraka will
+; try to figure it out. If that doesn't work, set it here.
+;public_ip=N.N.N.N
+
+; Time in seconds to let sockets be idle with no activity
+;inactivity_timeout=300
+
+; Drop privileges to this user/group
+;user=smtp
+;group=smtp
+
+; Don't stop Haraka if plugins fail to compile
+;ignore_bad_plugins=0
+
+; Run using cluster to fork multiple backend processes
+;nodes=cpus
+
+; Daemonize
+;daemonize=true
+;daemon_log_file=/var/log/haraka.log
+;daemon_pid_file=/var/run/haraka.pid
+
+; Spooling
+; Save memory by spooling large messages to disk
+;spool_dir=/var/spool/haraka
+; Specify -1 to never spool to disk
+; Specify 0 to always spool to disk
+; Otherwise specify a size in bytes, once reached the
+; message will be spooled to disk to save memory.
+;spool_after=
+
+; Force Shutdown Timeout
+; - Haraka tries to close down gracefully, but if everything is shut down
+;   after this time it will hard close. 30s is usually long enough to
+;   wait for outbound connections to finish.
+;force_shutdown_timeout=30
+
+; SMTP service extensions: https://tools.ietf.org/html/rfc1869
+; strict_rfc1869 = false
+
+; Advertise support for SMTPUTF8 (RFC-6531)
+;smtputf8=true
+
+[headers]
+;add_received=true
+;clean_auth_results=true
+
+; replace header_hide_version
+;show_version=true
+
+; replace max_header_lines
+max_lines=1000
+
+; replace max_received_count
+max_received=100

Haraka/config/tls.ini

@@ -0,0 +1 @@
+no_starttls_ports[]=2525

Haraka/dkim/generate.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+
+
+cd keys
+
+openssl genrsa -out private 4096
+chmod 0400 private
+openssl rsa -in private -out public -pubout
+
+cd ..
+
+bash show-info.sh

Haraka/dkim/keys/README.md

@@ -0,0 +1 @@
+This is where all the keys are stored.

Haraka/dkim/show-info.sh

@@ -0,0 +1,30 @@
+cd keys
+
+cat private | base64 -w0 > private_base64.txt
+cat public | base64 -w0 > public_base64.txt
+
+echo ""
+echo ""
+echo ""
+
+
+echo "Add this to docker compose file - DKIM private key for env var is:" 
+cat private_base64.txt
+
+echo ""
+echo ""
+echo ""
+
+echo "Add this to docker compose file - DKIM public key for env var is:" 
+cat public_base64.txt
+
+echo ""
+echo ""
+echo ""
+
+echo "You need to add this to DNS" 
+echo "Type: TXT" 
+echo "Key: haraka._domainkey"
+echo "v=DKIM1;p=$(grep -v '^-' public | tr -d '\n')"
+
+cd ..

Haraka/init.sh

@@ -0,0 +1,21 @@
+
+
+# Setup auth
+echo "domain = $DOMAIN" >> /harakaapp/config/dkim_sign.ini
+echo "$DOMAIN" > /harakaapp/config/host_list
+echo "$DOMAIN" > /harakaapp/config/me
+echo "$SMTP_USERNAME=$SMTP_PASSWORD" >> /harakaapp/config/auth_flat_file.ini
+
+openssl req -x509 -nodes -days 2190 -newkey rsa:2048 -keyout /harakaapp/config/tls_key.pem -out /harakaapp/config/tls_cert.pem -subj "/C=US/ST=Massachusetts/L=Boston/O=Hackerbay/CN=$DOMAIN"
+
+# DKIM
+mkdir -p /harakaapp/config/dkim/$DOMAIN
+touch /harakaapp/config/dkim/$DOMAIN/selector
+echo "haraka" > /harakaapp/config/dkim/$DOMAIN/selector
+
+# Decode keys from base64
+echo "$DKIM_PUBLIC_KEY" | base64 -d > /harakaapp/config/dkim/$DOMAIN/public
+echo "$DKIM_PRIVATE_KEY" | base64 -d > /harakaapp/config/dkim/$DOMAIN/private
+
+# Run haraka
+haraka -c /harakaapp