2014-12-03 07:01:21 -06:00
|
|
|
# Install iRedMail on FreeBSD inside Jail (with ezjail)
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
[TOC]
|
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
## Summary
|
|
|
|
|
|
|
|
* This tutorial describes how to create a FreeBSD Jail with ezjail, then
|
|
|
|
install the latest iRedMail in Jail.
|
2016-02-21 12:11:25 -06:00
|
|
|
* We use hostname `mx.example.com` and IP address `172.16.244.254` for our Jail server.
|
2014-12-03 07:01:21 -06:00
|
|
|
|
|
|
|
Notes:
|
|
|
|
|
2016-02-21 12:11:25 -06:00
|
|
|
* This tutorial was tested with FreeBSD 10 and the latest ports tree, but it
|
|
|
|
should work on FreeBSD 9 and other releases.
|
2014-12-03 07:01:21 -06:00
|
|
|
* All backends available in iRedMail (OpenLDAP, MySQL/MariaDB, PostgreSQL) were
|
|
|
|
tested, work like a charm. :)
|
2016-02-21 12:11:25 -06:00
|
|
|
* For more details about ezjail, please check FreeBSD Handbook:
|
|
|
|
[Managing Jails with ezjail](https://www.freebsd.org/doc/handbook/jails-ezjail.html).
|
2014-12-03 07:01:21 -06:00
|
|
|
|
2014-10-11 00:25:17 -05:00
|
|
|
## System Requirements
|
|
|
|
|
2014-11-04 17:43:25 -06:00
|
|
|
__IMPORTANT WARNING__: iRedMail is designed to be deployed on a FRESH server system,
|
|
|
|
which means your server does __NOT__ have mail related components installed,
|
|
|
|
e.g. MySQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc. iRedMail will install
|
|
|
|
and configure them for you automatically. Otherwise it may override your
|
2016-02-21 12:11:25 -06:00
|
|
|
existing files/configurations althought it will backup files before modifying,
|
2015-04-26 10:11:30 -05:00
|
|
|
and it may not be working as expected.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2017-11-16 21:48:44 -06:00
|
|
|
* The latest stable release of iRedMail. You can download it here: <https://www.iredmail.org/download.html>
|
2014-12-03 07:01:21 -06:00
|
|
|
* Port `sysutils/ezjail` for FreeBSD.
|
2017-02-09 07:27:32 -06:00
|
|
|
* Make sure 3 UID/GID are not used by other user/group: 2000, 2001, 2002.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
## Preparations
|
2014-10-11 00:50:41 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
### Install sysutils/ezjail and add required settings
|
|
|
|
|
|
|
|
* Install ezjail with ports tree:
|
|
|
|
|
|
|
|
```
|
|
|
|
# cd /usr/ports/sysutils/ezjail/
|
|
|
|
# make install clean
|
|
|
|
```
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2017-03-27 23:16:04 -06:00
|
|
|
* Enable ezjail service and sysvipc by appending lines below to `/etc/rc.conf`:
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
|
|
|
# Start ezjail while system start up
|
|
|
|
ezjail_enable="YES"
|
2017-03-27 23:16:04 -06:00
|
|
|
|
|
|
|
# Enable sysvipc. Required by PostgreSQL.
|
|
|
|
jail_sysvipc_allow="YES"
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2017-03-27 23:16:04 -06:00
|
|
|
* Add parameter in `/etc/sysctl.conf`, this is required if you're
|
2017-03-27 11:10:36 -06:00
|
|
|
going to install iRedMail with PostgreSQL backend.
|
|
|
|
|
|
|
|
```
|
|
|
|
security.jail.sysvipc_allowed=1
|
|
|
|
```
|
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
* Rebooting system is required after changing `/etc/rc.conf`.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
|
|
|
# reboot
|
|
|
|
```
|
|
|
|
|
|
|
|
### Create Jail
|
|
|
|
|
2016-02-21 12:11:25 -06:00
|
|
|
* After server reboot, populate the Jail with FreeBSD-RELEASE
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
```
|
2014-12-03 07:01:21 -06:00
|
|
|
# ezjail-admin install -p
|
2014-10-11 00:25:17 -05:00
|
|
|
```
|
|
|
|
|
2017-03-16 10:16:45 -06:00
|
|
|
* Create a new jail
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2016-02-21 12:11:25 -06:00
|
|
|
* hostname `mx.example.com`
|
|
|
|
* bound IP address `172.16.244.254` to network interface `em0`
|
|
|
|
* Jail is placed under `/jails/mx.example.com`
|
2014-10-11 00:50:41 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
2016-02-21 12:11:25 -06:00
|
|
|
# ezjail-admin create -r /jails/mx.example.com mx.example.com 'em0|172.16.244.254'
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
2014-10-11 00:50:41 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
* Start Jail.
|
2014-10-11 00:50:41 -05:00
|
|
|
|
|
|
|
```
|
2016-02-21 12:11:25 -06:00
|
|
|
# service ezjail restart
|
2014-10-11 00:50:41 -05:00
|
|
|
```
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
* List all Jails:
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
```
|
2014-12-03 07:01:21 -06:00
|
|
|
# ezjail-admin list
|
|
|
|
STA JID IP Hostname Root Directory
|
|
|
|
--- ---- ---------------- --------------------------------- ------------------------
|
2016-02-21 12:11:25 -06:00
|
|
|
DS 1 172.16.244.254 mx.example.com /jails/mx.example.com
|
2014-10-11 00:25:17 -05:00
|
|
|
```
|
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
## Install iRedMail
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
We can now enter this Jail with below command:
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
|
|
|
# ezjail-admin console mx.example.com
|
|
|
|
```
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
* In Jail, update `/etc/resolv.conf` with valid DNS server address(es). For example:
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
```
|
2014-12-03 07:01:21 -06:00
|
|
|
# File: /etc/resolv.conf
|
2016-02-21 12:11:25 -06:00
|
|
|
nameserver 172.16.244.2
|
2014-12-03 07:01:21 -06:00
|
|
|
```
|
|
|
|
|
|
|
|
* In Jail, install binary package `bash-static`, it's required by iRedMail.
|
|
|
|
|
|
|
|
```
|
2016-02-21 12:11:25 -06:00
|
|
|
# -- For FreeBSD 10 or later releases --
|
|
|
|
# pkg install bash-static
|
2017-03-16 10:16:45 -06:00
|
|
|
|
|
|
|
# -- For FreeBSD 9 or earlier releases --
|
|
|
|
# pkg_add -r bash-static
|
2014-10-11 00:25:17 -05:00
|
|
|
```
|
|
|
|
|
|
|
|
## Start iRedMail installer
|
|
|
|
|
2014-12-03 07:01:21 -06:00
|
|
|
It's now ready to start iRedMail installer inside Jail, it will ask you several simple
|
2015-11-26 02:03:27 -06:00
|
|
|
questions, that's all required to setup a full-featured mail server.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
```
|
2014-12-03 07:01:21 -06:00
|
|
|
# bash # <- start bash shell, REQUIRED
|
|
|
|
# cd /root/iRedMail/
|
2016-02-21 12:11:25 -06:00
|
|
|
# LOCAL_ADDRESS='172.16.244.254' bash iRedMail.sh
|
2014-10-11 00:25:17 -05:00
|
|
|
```
|
|
|
|
|
2016-03-06 11:23:52 -06:00
|
|
|
!!! note "Note to Chinese users"
|
|
|
|
|
|
|
|
Our domain name `iredmail.org` has been blocked in mainland China for
|
|
|
|
years (since Jun 04, 2011), please run command below to finish the
|
|
|
|
installation:
|
|
|
|
|
2017-11-10 02:38:00 -06:00
|
|
|
`IREDMAIL_MIRROR='https://dl.iredmail.org' bash iRedMail.sh`
|
2016-03-06 11:23:52 -06:00
|
|
|
|
2014-10-11 00:25:17 -05:00
|
|
|
## Screenshots of installation:
|
|
|
|
|
|
|
|
* Welcome and thanks for your use
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/welcome.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
* Specify location to store all mailboxes. Default is `/var/vmail/`.
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/mail_storage.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
* Choose backend used to store mail accounts. You can manage mail accounts
|
|
|
|
with iRedAdmin, our web-based iRedMail admin panel.
|
|
|
|
|
2016-02-29 07:18:38 -06:00
|
|
|
!!! note
|
|
|
|
|
|
|
|
There's no big difference between available backends, so
|
|
|
|
it's strongly recommended to choose the one you're familiar with for easier
|
|
|
|
management and maintenance after installation.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/backends.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
* If you choose to store mail accounts in OpenLDAP, iRedMail installer will
|
2016-04-19 12:48:51 -05:00
|
|
|
ask to set the LDAP suffix.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/ldap_suffix.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
2016-02-29 07:18:38 -06:00
|
|
|
!!! note "To MySQL/MariaDB/PostgreSQL users"
|
|
|
|
|
|
|
|
If you choose to store mail accounts in MySQL/MariaDB/PostgreSQL, iRedMail
|
|
|
|
installer will generate a random, strong password for you. You can find it
|
|
|
|
in file `iRedMail.tips`.
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
* Add your first mail domain name
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/first_domain.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
* Set password of admin account of your first mail domain.
|
|
|
|
|
|
|
|
__Note__: This account is an admin account and a mail user. That means you can
|
|
|
|
login to webmail and admin panel (iRedAdmin) with this account, login username
|
|
|
|
is full email address.
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/admin_pw.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
* Choose optional components
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/optional_components.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
After answered above questions, iRedMail installer will ask you to review and
|
|
|
|
confirm to start installation. It will install and configure required packages
|
2014-10-11 00:25:17 -05:00
|
|
|
automatically. Type `y` or `Y` and press `Enter` to start.
|
|
|
|
|
2016-05-15 21:18:14 -05:00
|
|
|
![](./images/installation/review.png){: width="700px" }
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
## Important things you __MUST__ know after installation
|
|
|
|
|
2016-09-15 02:49:23 -05:00
|
|
|
!!! warning
|
|
|
|
|
|
|
|
The weakest part of a mail server is user's weak password. Spammers don't
|
|
|
|
want to hack your server, they just want to send spam from your server.
|
|
|
|
Please __ALWAYS ALWAYS ALWAYS__ force users to use a strong password.
|
2015-09-23 20:42:57 -05:00
|
|
|
|
2014-10-11 00:25:17 -05:00
|
|
|
* Read file `/root/iRedMail-x.y.z/iRedMail.tips` first, it contains:
|
|
|
|
|
|
|
|
* URLs, usernames and passwords of web-based applications
|
2015-05-02 11:20:57 -05:00
|
|
|
* Location of mail service related software configuration files. You can
|
|
|
|
also check this tutorial instead:
|
2016-02-10 06:05:52 -06:00
|
|
|
[Locations of configuration and log files of major components](./file.locations.html).
|
2014-10-11 00:25:17 -05:00
|
|
|
* Some other important and sensitive information
|
|
|
|
|
2014-11-02 17:59:04 -06:00
|
|
|
* [Setup DNS records for your mail server](./setup.dns.html)
|
2014-12-26 00:30:33 -06:00
|
|
|
* [How to configure your mail clients](./index.html#configure-mail-client-applications)
|
2016-12-17 09:39:20 -06:00
|
|
|
* [Locations of configuration and log files of major components](./file.locations.html)
|
2016-02-25 03:17:57 -06:00
|
|
|
* It's highly recommended to get a SSL cert to avoid annonying warning
|
2014-12-26 00:30:33 -06:00
|
|
|
message in web browser or mail clients when accessing mailbox via
|
2016-02-25 03:17:57 -06:00
|
|
|
HTTPS/IMAPS/POP3/SMTPS. [Let's Encrypt offers __FREE__ SSL certificate](https://letsencrypt.org).
|
2015-09-29 01:27:10 -05:00
|
|
|
We have a document for you to
|
2016-04-19 12:48:51 -05:00
|
|
|
[use a SSL certificate](./use.a.bought.ssl.certificate.html).
|
2015-09-29 01:27:10 -05:00
|
|
|
* If you need to bulk create mail users, check our document for
|
|
|
|
[OpenLDAP](./ldap.bulk.create.mail.users.html) and
|
|
|
|
[MySQL/MariaDB/PostgreSQL](./sql.bulk.create.mail.users.html).
|
2015-07-07 08:09:17 -05:00
|
|
|
* If you're running a busy mail server, we have [some suggestions for better
|
|
|
|
performance](./performance.tuning.html).
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
## Access webmail and other web applications
|
|
|
|
|
|
|
|
After installation successfully completed, you can access web-based programs
|
|
|
|
if you choose to install them. Replace `your_server` below by your real server
|
|
|
|
hostname or IP address.
|
|
|
|
|
2015-12-10 06:51:58 -06:00
|
|
|
* __Roundcube webmail__: <https://your_server/mail/>
|
|
|
|
* __SOGo Groupware__: <https://your_server/SOGo>
|
|
|
|
* __Web admin panel (iRedAdmin)__: <httpS://your_server/iredadmin/>
|
2016-10-13 09:24:50 -05:00
|
|
|
* __Awstats__: <httpS://your_server/awstats/awstats.pl?config=web> (or
|
|
|
|
`?config=smtp` for SMTP traffic log)
|
2014-10-11 00:25:17 -05:00
|
|
|
|
|
|
|
## Get technical support
|
|
|
|
|
|
|
|
Please post all issues, feedbacks, feature requests, suggestions in our [online
|
2017-10-26 08:13:46 -05:00
|
|
|
support forum](https://forum.iredmail.org/), it's more responsible than you
|
2014-10-11 00:25:17 -05:00
|
|
|
expected.
|
2016-02-21 12:11:25 -06:00
|
|
|
|
|
|
|
## Some Tips for FreeBSD Jail
|
|
|
|
|
|
|
|
### Allow `ping` in Jail
|
|
|
|
|
|
|
|
* Appending below line in `/etc/sysctl.conf` to allow to use `ping` command
|
|
|
|
inside Jail:
|
|
|
|
|
|
|
|
```
|
|
|
|
security.jail.allow_raw_sockets=1
|
|
|
|
```
|
|
|
|
|
|
|
|
* Update `/usr/local/etc/ezjail/mx_example_com` to allow `ping` inside Jail:
|
|
|
|
|
|
|
|
```
|
|
|
|
export jail_mx_example_com_parameters="allow.raw_sockets=1"
|
|
|
|
```
|
|
|
|
|
|
|
|
### Share `/usr/ports/distfiles` with Jail
|
|
|
|
|
|
|
|
To share `/usr/ports/distfiles/` with Jail, please append below line in
|
|
|
|
`/etc/fstab.mx_example_com`:
|
|
|
|
|
|
|
|
> Jail will set ports tree directory to `/var/ports` instead of
|
|
|
|
> `/usr/ports` in `/jails/mx.example.com/etc/make.conf` by default, you can
|
|
|
|
> either use this default setting or change it to `/usr/ports`.
|
|
|
|
|
|
|
|
```
|
|
|
|
# Part of file: /etc/fstab.mx_example.com
|
|
|
|
/usr/ports/distfiles /jails/mx.example.com/basejail/var/ports/distfiles nullfs rw 0 0
|
|
|
|
```
|
|
|
|
|
|
|
|
Create directory `/usr/jails/basejail/var/ports/distfiles`:
|
|
|
|
|
|
|
|
```
|
|
|
|
# mkdir /usr/jails/basejail/var/ports/distfiles
|
|
|
|
```
|