Setting up Postfix/Dovecot under a different domain

Pioneer Support
1

First of all, some basic infos:

Box is plugged into a router with port forwarding.
I bought my kit in January 2023.
I am running version 23.6.2. on my FreedomBox.

Hey guys! About over half a year ago I bought the Olimex Pioneer Edition and – except for some problems at the start as well as my poor Linux skills – meanwhile nearly everything is working like a charm. At this point I want to emphasize that apparently also a layman can indeed set up the whole thing, as it is being advertised! Of course not without spending a ton of time with the Box and furthermore this forum here, so a big thanks to all those kind people always trying to help out!

Anyways: We mainly use the box for communication (Matrix), therefore I registered a free subdomain provided by the DynDNS service of the FreedomBox community (example.freedombox.rocks - greatly appreciated!). Other Apps like Syncthing, Radicale or Mumble also use this public facing domain. Now I additionally want to use the Box as an eMail server via Postfix/Dovecot. After studying the manual, I had to learn that the mentioned free subdomain wasn‘t suitable for this to work. Buying/renting a proper domain from a registrar (like example.com) would be no problem for me – but now comes the tricky part: I would like to keep the existing, free subdomain for all the Apps I’ve installed so far (mainly Matrix and Mumble) – as I had to reinstall all of them to be able to change the domain. It also wouldn’t meet great acceptance amongst my Matrix or Mumble users either, as they would have to set up their accounts from scratch. This has already cost me loads of persuasion initially. Long story short: Is it possible to configure two seperate domains (example.freedombox.rocks as well as example.com - each with a valid Lets Encrypt certificate I guess), in a way that the existing Apps keep working with the present one and the eMail server would work with the new one? Or do I have to wait until the free subdomain is supported for this purpose?

Besides that, I want to add two more rather short questions that imho don’t justify being asked in seperate posts, namely:

  1. When opening the Etherpad integration in a Matrix room (accessed via Element on Android) I get the following error messages (please refer to the images below). This error now persists for about two or three months and doesn’t display when Etherpad is opened in a browser (like Chrome on Android) or in Element on Windows. Any ideas on how to solve this? As it was very convenient to be able to view it directly via the App!

Screenshot_20230801-210842
Screenshot_20230801-2108421012×657 71.9 KB

Screenshot_20230801-210901
Screenshot_20230801-2109011009×992 121 KB

  1. My Box upgrade to Debian 12 (bookworm) has also been a mess but after changing back the DefaultZone of firewalld to external everything seems to work again properly, except for any FreedomBox version update. I’m still on 23.6.2. and a manual update (via Plinth) didn’t and also doesn‘t change anything. Frequent functionality updates are activated, so I should be able to get any updates from the backports update stream (currently 23.13. I guess), right? How can I successfully update to this version?

Again I want to express my gratitude about having such a helpful community for this project! Besides those errors, issues or impassabilities here and then it’s also a tonload of fun working on the Box, even for a layman, as I said in the beginning. Big thanks in advance for trying to solve those questions with me. Cheers!

2

I can’t answer your other questions, but issue #2368 documents a known problem with Freedombox updates from bookworm-backports.

1 Like
3

In my understanding, freedombox handles well the case in which one uses a single domain and never changes it. Other cases are likely to have more issues.

One thing you could do is setup a second freedombox for email.

Besides the burden of buying and setting up one more freedombox, the main issue I expect with such a situation is that both freedomboxes are on the same local network reachable via the same single public IP address but you want Let’s Encrypt certificates on both, Let’s Encrypt only wants to use ports 80 and 443 for its challenge to provide certificates and your routeur can redirect them only to one machine.

A solution to that problem can be to redirect ports 80 and 443 to a machine that runs sniproxy (available as a debian package) and in /etc/sniproxy.conf, in the http_host and https_hosts tables, to indicate each domain and the corresponding local IP address.

If you run sniproxy on one of the two freedomboxes, there is a risk that the firewall interferes with it. I run sniproxy on a different machine (another olimex box running debian without freedombox). However, be aware that sniproxy can only be used for http/https requests so you can’t do that with servers that don’t use http/https, e.g. you can’t have a matrix server on each machine.

If your ISP can provide a second public IP address, or if you can find a VPN provider that gives you a permanent public IP with unfiltered internet (like https://www.fdn.fr/ in France), you can setup a second freedombox without any such restriction. In the VPN solution, it is good to use another routeur and, before buying a routeur, to be careful about its CPU as it is likely to be the limiting factor for the throughput. I have a few routeurs and can provide my own test results with openVPN.

1 Like
4

Thanks a lot to both of you for answering my questions this fast! Your help is greatly appreciated!

@lifeform I have studied the thread in your link and will try to apply this fix coming weekend, when I got time to dig into the details! I may come back to this post if something won’t work, but I think it’s doable for me. Thanks again for pointing this out!

@Avron Your answer is a bliss, as it covers my main question perfectly! I now understand my options and will think about’em thoroughly. The sniproxy solution sounds interesting, but it may also be a bummer mainly due to Matrix not working in this setup. It’s the current main usage for the box and pretty sure will also be in the future. I’ll educate myself in options for a suitable VPN provider like you described and if I choose to go for that setup, I’d be glad to fall back to your said own test results. Thanks again for taking your time answering as detailed as you did!