2016-05-19 06:51:20 -05:00
<!DOCTYPE html>
2014-12-03 07:01:21 -06:00
< html >
< head >
< meta http-equiv = "Content-Type" content = "text/html; charset=utf-8" / >
< title > Install iRedMail on FreeBSD inside Jail (with ezjail)< / title >
2015-07-31 23:14:52 -05:00
< link rel = "stylesheet" type = "text/css" href = "./css/markdown.css" / >
2014-12-03 07:01:21 -06:00
< / head >
< body >
< div id = "navigation" >
2016-04-19 12:48:51 -05:00
< a href = "/index.html" target = "_blank" >
< img alt = "iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>
< span > iRedMail< / span >
< / a >
2016-02-29 02:15:19 -06:00
// < a href = "./index.html" > Document Index< / a > < / div > < h1 id = "install-iredmail-on-freebsd-inside-jail-with-ezjail" > Install iRedMail on FreeBSD inside Jail (with ezjail)< / h1 >
2014-12-03 07:01:21 -06:00
< div class = "toc" >
< ul >
< li > < a href = "#install-iredmail-on-freebsd-inside-jail-with-ezjail" > Install iRedMail on FreeBSD inside Jail (with ezjail)< / a > < ul >
< li > < a href = "#summary" > Summary< / a > < / li >
< li > < a href = "#system-requirements" > System Requirements< / a > < / li >
< li > < a href = "#preparations" > Preparations< / a > < ul >
< li > < a href = "#install-sysutilsezjail-and-add-required-settings" > Install sysutils/ezjail and add required settings< / a > < / li >
< li > < a href = "#create-jail" > Create Jail< / a > < / li >
< / ul >
< / li >
< li > < a href = "#install-iredmail" > Install iRedMail< / a > < / li >
< li > < a href = "#start-iredmail-installer" > Start iRedMail installer< / a > < / li >
< li > < a href = "#screenshots-of-installation" > Screenshots of installation:< / a > < / li >
< li > < a href = "#important-things-you-must-know-after-installation" > Important things you MUST know after installation< / a > < / li >
< li > < a href = "#access-webmail-and-other-web-applications" > Access webmail and other web applications< / a > < / li >
< li > < a href = "#get-technical-support" > Get technical support< / a > < / li >
2016-02-21 12:11:25 -06:00
< li > < a href = "#some-tips-for-freebsd-jail" > Some Tips for FreeBSD Jail< / a > < ul >
< li > < a href = "#allow-ping-in-jail" > Allow ping in Jail< / a > < / li >
< li > < a href = "#share-usrportsdistfiles-with-jail" > Share /usr/ports/distfiles with Jail< / a > < / li >
< / ul >
< / li >
2014-12-03 07:01:21 -06:00
< / ul >
< / li >
< / ul >
< / div >
< h2 id = "summary" > Summary< / h2 >
< ul >
< li > This tutorial describes how to create a FreeBSD Jail with ezjail, then
install the latest iRedMail in Jail.< / li >
2016-02-21 12:11:25 -06:00
< li > We use hostname < code > mx.example.com< / code > and IP address < code > 172.16.244.254< / code > for our Jail server.< / li >
2014-12-03 07:01:21 -06:00
< / ul >
< p > Notes:< / p >
< ul >
2016-02-21 12:11:25 -06:00
< li > This tutorial was tested with FreeBSD 10 and the latest ports tree, but it
should work on FreeBSD 9 and other releases.< / li >
2014-12-03 07:01:21 -06:00
< li > All backends available in iRedMail (OpenLDAP, MySQL/MariaDB, PostgreSQL) were
tested, work like a charm. :)< / li >
2016-02-21 12:11:25 -06:00
< li > For more details about ezjail, please check FreeBSD Handbook:
< a href = "https://www.freebsd.org/doc/handbook/jails-ezjail.html" > Managing Jails with ezjail< / a > .< / li >
2014-12-03 07:01:21 -06:00
< / ul >
< h2 id = "system-requirements" > System Requirements< / h2 >
< p > < strong > IMPORTANT WARNING< / strong > : iRedMail is designed to be deployed on a FRESH server system,
which means your server does < strong > NOT< / strong > have mail related components installed,
e.g. MySQL, OpenLDAP, Postfix, Dovecot, Amavisd, etc. iRedMail will install
and configure them for you automatically. Otherwise it may override your
2016-02-21 12:11:25 -06:00
existing files/configurations althought it will backup files before modifying,
2015-04-26 10:11:30 -05:00
and it may not be working as expected.< / p >
2014-12-03 07:01:21 -06:00
< ul >
< li > The latest stable release of iRedMail. You can download it here: http://www.iredmail.org/download.html< / li >
< li > Port < code > sysutils/ezjail< / code > for FreeBSD.< / li >
< / ul >
< h2 id = "preparations" > Preparations< / h2 >
< h3 id = "install-sysutilsezjail-and-add-required-settings" > Install sysutils/ezjail and add required settings< / h3 >
< ul >
< li > Install ezjail with ports tree:< / li >
< / ul >
< pre > < code > # cd /usr/ports/sysutils/ezjail/
# make install clean
< / code > < / pre >
< ul >
2016-02-21 12:11:25 -06:00
< li > Enable ezjail service by appending below line in < code > /etc/rc.conf< / code > :< / li >
2014-12-03 07:01:21 -06:00
< / ul >
2016-02-21 12:11:25 -06:00
< pre > < code > # Start ezjail while system start up
2014-12-03 07:01:21 -06:00
ezjail_enable=" YES"
< / code > < / pre >
< ul >
< li > Rebooting system is required after changing < code > /etc/rc.conf< / code > .< / li >
< / ul >
< pre > < code > # reboot
< / code > < / pre >
< h3 id = "create-jail" > Create Jail< / h3 >
< ul >
2016-02-21 12:11:25 -06:00
< li > After server reboot, populate the Jail with FreeBSD-RELEASE< / li >
2014-12-03 07:01:21 -06:00
< / ul >
< pre > < code > # ezjail-admin install -p
< / code > < / pre >
< ul >
< li >
2016-02-21 12:11:25 -06:00
< p > Create Jail< / p >
2014-12-03 07:01:21 -06:00
< ul >
2016-02-21 12:11:25 -06:00
< li > hostname < code > mx.example.com< / code > < / li >
< li > bound IP address < code > 172.16.244.254< / code > to network interface < code > em0< / code > < / li >
< li > Jail is placed under < code > /jails/mx.example.com< / code > < / li >
2014-12-03 07:01:21 -06:00
< / ul >
< / li >
< / ul >
2016-02-21 12:11:25 -06:00
< pre > < code > # ezjail-admin create -r /jails/mx.example.com mx.example.com 'em0|172.16.244.254'
2014-12-03 07:01:21 -06:00
< / code > < / pre >
< ul >
< li > Start Jail.< / li >
< / ul >
2016-02-21 12:11:25 -06:00
< pre > < code > # service ezjail restart
2014-12-03 07:01:21 -06:00
< / code > < / pre >
< ul >
< li > List all Jails:< / li >
< / ul >
< pre > < code > # ezjail-admin list
STA JID IP Hostname Root Directory
--- ---- ---------------- --------------------------------- ------------------------
2016-02-21 12:11:25 -06:00
DS 1 172.16.244.254 mx.example.com /jails/mx.example.com
2014-12-03 07:01:21 -06:00
< / code > < / pre >
< h2 id = "install-iredmail" > Install iRedMail< / h2 >
< p > We can now enter this Jail with below command:< / p >
< pre > < code > # ezjail-admin console mx.example.com
< / code > < / pre >
< ul >
< li > In Jail, update < code > /etc/resolv.conf< / code > with valid DNS server address(es). For example:< / li >
< / ul >
< pre > < code > # File: /etc/resolv.conf
2016-02-21 12:11:25 -06:00
nameserver 172.16.244.2
2014-12-03 07:01:21 -06:00
< / code > < / pre >
< ul >
< li > In Jail, install binary package < code > bash-static< / code > , it's required by iRedMail.< / li >
< / ul >
2016-02-21 12:11:25 -06:00
< pre > < code > # -- For FreeBSD 9 or earlier releases --
# pkg_add -r bash-static
# -- For FreeBSD 10 or later releases --
# pkg install bash-static
2014-12-03 07:01:21 -06:00
< / code > < / pre >
< h2 id = "start-iredmail-installer" > Start iRedMail installer< / h2 >
< p > It's now ready to start iRedMail installer inside Jail, it will ask you several simple
2015-11-26 02:03:27 -06:00
questions, that's all required to setup a full-featured mail server.< / p >
2014-12-03 07:01:21 -06:00
< pre > < code > # bash # < - start bash shell, REQUIRED
# cd /root/iRedMail/
2016-02-21 12:11:25 -06:00
# LOCAL_ADDRESS='172.16.244.254' bash iRedMail.sh
2014-12-03 07:01:21 -06:00
< / code > < / pre >
2016-03-06 11:23:52 -06:00
< div class = "admonition note" >
< p class = "admonition-title" > Note to Chinese users< / p >
< p > Our domain name < code > iredmail.org< / code > has been blocked in mainland China for
years (since Jun 04, 2011), please run command below to finish the
installation:< / p >
< p > < code > IREDMAIL_MIRROR='http://42.159.241.31' bash iRedMail.sh< / code > < / p >
< / div >
2014-12-03 07:01:21 -06:00
< h2 id = "screenshots-of-installation" > Screenshots of installation:< / h2 >
< ul >
< li > Welcome and thanks for your use< / li >
< / ul >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/welcome.png" width = "700px" / > < / p >
2014-12-03 07:01:21 -06:00
< ul >
< li > Specify location to store all mailboxes. Default is < code > /var/vmail/< / code > .< / li >
< / ul >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/mail_storage.png" width = "700px" / > < / p >
2014-12-03 07:01:21 -06:00
< ul >
< li > Choose backend used to store mail accounts. You can manage mail accounts
with iRedAdmin, our web-based iRedMail admin panel.< / li >
< / ul >
2016-02-29 07:18:38 -06:00
< div class = "admonition note" >
< p class = "admonition-title" > Note< / p >
< p > There's no big difference between available backends, so
2014-12-03 07:01:21 -06:00
it's strongly recommended to choose the one you're familiar with for easier
management and maintenance after installation.< / p >
2016-02-29 07:18:38 -06:00
< / div >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/backends.png" width = "700px" / > < / p >
2014-12-03 07:01:21 -06:00
< ul >
< li > If you choose to store mail accounts in OpenLDAP, iRedMail installer will
2016-04-19 12:48:51 -05:00
ask to set the LDAP suffix.< / li >
2014-12-03 07:01:21 -06:00
< / ul >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/ldap_suffix.png" width = "700px" / > < / p >
2016-02-29 07:18:38 -06:00
< div class = "admonition note" >
< p class = "admonition-title" > To MySQL/MariaDB/PostgreSQL users< / p >
2016-01-16 09:10:14 -06:00
< p > If you choose to store mail accounts in MySQL/MariaDB/PostgreSQL, iRedMail
2016-02-29 07:18:38 -06:00
installer will generate a random, strong password for you. You can find it
in file < code > iRedMail.tips< / code > .< / p >
< / div >
< ul >
< li > Add your first mail domain name< / li >
2014-12-03 07:01:21 -06:00
< / ul >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/first_domain.png" width = "700px" / > < / p >
2014-12-03 07:01:21 -06:00
< ul >
< li > Set password of admin account of your first mail domain.< / li >
< / ul >
< p > < strong > Note< / strong > : This account is an admin account and a mail user. That means you can
login to webmail and admin panel (iRedAdmin) with this account, login username
is full email address.< / p >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/admin_pw.png" width = "700px" / > < / p >
2014-12-03 07:01:21 -06:00
< ul >
< li > Choose optional components< / li >
< / ul >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/optional_components.png" width = "700px" / > < / p >
< p > After answered above questions, iRedMail installer will ask you to review and
confirm to start installation. It will install and configure required packages
2014-12-03 07:01:21 -06:00
automatically. Type < code > y< / code > or < code > Y< / code > and press < code > Enter< / code > to start.< / p >
2016-05-15 21:18:14 -05:00
< p > < img alt = "" src = "./images/installation/review.png" width = "700px" / > < / p >
2014-12-03 07:01:21 -06:00
< h2 id = "important-things-you-must-know-after-installation" > Important things you < strong > MUST< / strong > know after installation< / h2 >
2016-09-15 02:49:23 -05:00
< div class = "admonition warning" >
< p class = "admonition-title" > Warning< / p >
2015-09-23 20:42:57 -05:00
< p > The weakest part of a mail server is user's weak password. Spammers don't
2015-09-23 20:44:20 -05:00
want to hack your server, they just want to send spam from your server.
2015-09-23 20:42:57 -05:00
Please < strong > ALWAYS ALWAYS ALWAYS< / strong > force users to use a strong password.< / p >
2016-09-15 02:49:23 -05:00
< / div >
2014-12-03 07:01:21 -06:00
< ul >
< li >
< p > Read file < code > /root/iRedMail-x.y.z/iRedMail.tips< / code > first, it contains:< / p >
< ul >
< li > URLs, usernames and passwords of web-based applications< / li >
2015-05-02 11:25:55 -05:00
< li > Location of mail service related software configuration files. You can
also check this tutorial instead:
2016-02-10 06:05:52 -06:00
< a href = "./file.locations.html" > Locations of configuration and log files of major components< / a > .< / li >
2014-12-03 07:01:21 -06:00
< li > Some other important and sensitive information< / li >
< / ul >
< / li >
< li >
< p > < a href = "./setup.dns.html" > Setup DNS records for your mail server< / a > < / p >
< / li >
2014-12-26 00:30:33 -06:00
< li > < a href = "./index.html#configure-mail-client-applications" > How to configure your mail clients< / a > < / li >
2016-02-25 03:17:57 -06:00
< li > It's highly recommended to get a SSL cert to avoid annonying warning
2014-12-26 00:30:33 -06:00
message in web browser or mail clients when accessing mailbox via
2016-02-25 03:17:57 -06:00
HTTPS/IMAPS/POP3/SMTPS. < a href = "https://letsencrypt.org" > Let's Encrypt offers < strong > FREE< / strong > SSL certificate< / a > .
2015-09-29 01:27:10 -05:00
We have a document for you to
2016-04-19 12:48:51 -05:00
< a href = "./use.a.bought.ssl.certificate.html" > use a SSL certificate< / a > .< / li >
2015-09-29 01:27:10 -05:00
< li > If you need to bulk create mail users, check our document for
< a href = "./ldap.bulk.create.mail.users.html" > OpenLDAP< / a > and
< a href = "./sql.bulk.create.mail.users.html" > MySQL/MariaDB/PostgreSQL< / a > .< / li >
2015-07-07 08:09:17 -05:00
< li > If you're running a busy mail server, we have < a href = "./performance.tuning.html" > some suggestions for better
performance< / a > .< / li >
2014-12-03 07:01:21 -06:00
< / ul >
< h2 id = "access-webmail-and-other-web-applications" > Access webmail and other web applications< / h2 >
< p > After installation successfully completed, you can access web-based programs
if you choose to install them. Replace < code > your_server< / code > below by your real server
hostname or IP address.< / p >
< ul >
< li > < strong > Roundcube webmail< / strong > : < a href = "https://your_server/mail/" > https://your_server/mail/< / a > < / li >
2015-12-10 06:51:58 -06:00
< li > < strong > SOGo Groupware< / strong > : < a href = "https://your_server/SOGo" > https://your_server/SOGo< / a > < / li >
2014-12-03 07:01:21 -06:00
< li > < strong > Web admin panel (iRedAdmin)< / strong > : < a href = "httpS://your_server/iredadmin/" > httpS://your_server/iredadmin/< / a > < / li >
2016-10-13 09:24:50 -05:00
< li > < strong > Awstats< / strong > : < a href = "httpS://your_server/awstats/awstats.pl?config=web" > httpS://your_server/awstats/awstats.pl?config=web< / a > (or
< code > ?config=smtp< / code > for SMTP traffic log)< / li >
2014-12-03 07:01:21 -06:00
< / ul >
< h2 id = "get-technical-support" > Get technical support< / h2 >
2016-04-19 12:48:51 -05:00
< p > Please post all issues, feedbacks, feature requests, suggestions in our < a href = "http://www.iredmail.org/forum/" > online
2014-12-03 07:01:21 -06:00
support forum< / a > , it's more responsible than you
2016-02-21 12:11:25 -06:00
expected.< / p >
< h2 id = "some-tips-for-freebsd-jail" > Some Tips for FreeBSD Jail< / h2 >
< h3 id = "allow-ping-in-jail" > Allow < code > ping< / code > in Jail< / h3 >
< ul >
< li > Appending below line in < code > /etc/sysctl.conf< / code > to allow to use < code > ping< / code > command
inside Jail:< / li >
< / ul >
< pre > < code > security.jail.allow_raw_sockets=1
< / code > < / pre >
< ul >
< li > Update < code > /usr/local/etc/ezjail/mx_example_com< / code > to allow < code > ping< / code > inside Jail:< / li >
< / ul >
< pre > < code > export jail_mx_example_com_parameters=" allow.raw_sockets=1"
< / code > < / pre >
< h3 id = "share-usrportsdistfiles-with-jail" > Share < code > /usr/ports/distfiles< / code > with Jail< / h3 >
< p > To share < code > /usr/ports/distfiles/< / code > with Jail, please append below line in
< code > /etc/fstab.mx_example_com< / code > :< / p >
< blockquote >
< p > Jail will set ports tree directory to < code > /var/ports< / code > instead of
< code > /usr/ports< / code > in < code > /jails/mx.example.com/etc/make.conf< / code > by default, you can
either use this default setting or change it to < code > /usr/ports< / code > .< / p >
< / blockquote >
< pre > < code > # Part of file: /etc/fstab.mx_example.com
/usr/ports/distfiles /jails/mx.example.com/basejail/var/ports/distfiles nullfs rw 0 0
< / code > < / pre >
< p > Create directory < code > /usr/jails/basejail/var/ports/distfiles< / code > :< / p >
< pre > < code > # mkdir /usr/jails/basejail/var/ports/distfiles
2016-05-19 06:51:20 -05:00
< / code > < / pre > < div class = "footer" >
< p style = "text-align: center; color: grey;" > All documents are available in < a href = "https://bitbucket.org/zhb/iredmail-docs/src" > BitBucket repository< / a > , and published under < a href = "http://creativecommons.org/licenses/by-nd/3.0/us/" target = "_blank" > Creative Commons< / a > license. You can < a href = "https://bitbucket.org/zhb/iredmail-docs/get/tip.tar.bz2" > download the latest version< / a > for offline reading. If you found something wrong, please do < a href = "http://www.iredmail.org/contact.html" > contact us< / a > to fix it.< / p >
< / div >
< script type = "text/javascript" >
2015-02-05 07:02:53 -06:00
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
2014-12-03 07:01:21 -06:00
< / script >
< / body > < / html >