elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Sync HTML files.

This commit is contained in:
Zhang Huangbin 2014-09-17 21:37:38 +08:00
parent 175ac00e24
commit 2329e87581
14 changed files with 1010 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
html/backup-restore/migrate.to.new.iredmail.server.html Normal file
View File

@ -0,0 +1,133 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>How to migrate old iRedMail server to the latest stable release</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-migrate-old-iredmail-server-to-the-latest-stable-release">How to migrate old iRedMail server to the latest stable release</h1>
<div class="toc">
<ul>
<li><a href="#how-to-migrate-old-iredmail-server-to-the-latest-stable-release">How to migrate old iRedMail server to the latest stable release</a><ul>
<li><a href="#client-settings-outlook-thunderbird">Client settings (Outlook, Thunderbird)</a></li>
<li><a href="#ldap-migrate-mail-accounts">LDAP: migrate mail accounts</a></li>
<li><a href="#mysqlpostgresql-migrate-mail-accounts">MySQL/PostgreSQL: Migrate mail accounts</a></li>
<li><a href="#migrate-mailboxes-maildir-format">Migrate mailboxes (Maildir format)</a></li>
<li><a href="#migrate-roundcube-webmail-data">Migrate Roundcube webmail data</a></li>
</ul>
</li>
</ul>
</div>
<p><code>WARNING</code>: Please try it on a test server first. if it works well, then try it on product server.</p>
<p>Since new iRedMail server will install same components as old server, you can choose what data you want to migrate. Most important data are:</p>
<ul>
<li>email accounts stored in SQL/LDAP.</li>
<li>user mailboxes. Stored under /var/vmail by default.</li>
<li>SQL database of Roundcube webmail. It stores per-user webmail preferences, and address book.</li>
<li>Policyd/Cluebringer database. It stores white/blacklists records, greylisting records, etc.</li>
<li>Amavisd database.<ul>
<li>It stores per-recipient white/blacklists in SQL tables: <code>mailaddr</code>, <code>policy</code>, <code>users</code>, <code>wblist</code>.</li>
<li>Basic info of in/out emails are stored in SQL tables: <code>maddr</code>, <code>msgs</code>, <code>msgrcpt</code>. Quarantined emails are stored in <code>quarantine</code>, it requires other 3 tables. If you don't have any quarantined emails, it's safe to delete all records in these 4 tables.</li>
</ul>
</li>
</ul>
<p><strong>WARNING</strong>: Do not restore database <code>mysql</code> exported from old server, it contains SQL usernames/passwords for Roundcube/Amavisd/Policyd/Cluebringer used on old server. New iRedMail server has the same SQL usernames, but different passwords. So please do not restore it.</p>
<h2 id="client-settings-outlook-thunderbird">Client settings (Outlook, Thunderbird)</h2>
<p>Since iRedMail-0.8.7, iRedMail enforces secure POP3/IMAP/SMTP connections.
Mail client programs must issue 'STARTTLS' command before authentication,
so please update your mail client programs you must change your mail client
programs (e.g. Outlook, Thunderbird) to use TLS connection.</p>
<ul>
<li>For SMTP service, use port <code>587</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<li>For IMAP service, use port <code>143</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<li>For POP3 service, use port <code>110</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
</ul>
<p>Addition notes:</p>
<ul>
<li>
<p>If you want to enable smtp authentication on port <code>25</code> (again, not
recommended), please comment out Postfix parameter <code>smtpd_tls_auth_only = yes</code>
in its config file <code>/etc/postfix/main.cf</code>.</p>
</li>
<li>
<p>if you want to enable SMTPS (SMTP over SSL, port <code>465</code>) to support legency
mail clients, please follow this tutorial: (How to enable SMTPS service)[./faq-howto/howto.enable.smtps.service].</p>
</li>
</ul>
<h2 id="ldap-migrate-mail-accounts">LDAP: migrate mail accounts</h2>
<p>Steps to migrate LDAP mail accounts:</p>
<ul>
<li>Setup a new server with the latest iRedMail, and make iRedAdmin-Pro-LDAP work as expected.</li>
<li>Export mail accounts from LDAP on OLD mail server.</li>
</ul>
<p>Normally, LDAP data can be exported into LDIF format. Here's backup/export script: <a href="http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Backup">http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Backup</a></p>
<p><strong>Note</strong>:
<em> There might be some changes in LDAP schema, please find scripts in below URL to apply all required changes: <a href="https://bitbucket.org/zhb/iredmail/src/default/extra/update/">https://bitbucket.org/zhb/iredmail/src/default/extra/update/</a>
</em> You can find all upgrade tutorials of iRedMail here: <a href="http://www.iredmail.org/doc.html#upgrade_tutorial">http://www.iredmail.org/doc.html#upgrade_tutorial</a></p>
<h2 id="mysqlpostgresql-migrate-mail-accounts">MySQL/PostgreSQL: Migrate mail accounts</h2>
<p>All mail accounts are stored in database <code>vmail</code> by default, to migrate mail
accounts, you can simply export this database on old server, then import it
on new server.</p>
<p><strong>IMPORTANT NOTE</strong>: iRedMail-0.8.7 drops several SQL columns, so before you
import backup SQL database, please add them first. It's safe to drop them
after you imported old database on new server.</p>
<pre><code class="mysql">mysql&gt; USE vmail;
mysql&gt; ALTER TABLE mailbox ADD COLUMN bytes BIGINT(20) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE mailbox ADD COLUMN messages BIGINT(20) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE domain ADD COLUMN defaultlanguage VARCHAR(5) NOT NULL DEFAULT 'en_US';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultuserquota BIGINT(20) NOT NULL DEFAULT '1024';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultuseraliases TEXT;
mysql&gt; ALTER TABLE domain ADD COLUMN disableddomainprofiles VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN disableduserprofiles VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultpasswordscheme VARCHAR(10) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN minpasswordlength INT(10) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE domain ADD COLUMN maxpasswordlength INT(10) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE alias ADD COLUMN islist TINYINT(1) NOT NULL DEFAULT 0;
</code></pre>
<p>After imported backup SQL databases, please execute below commands to mark
mail alias accounts and drop above newly created columns:</p>
<pre><code class="mysql">mysql&gt; USE vmail;
mysql&gt; UPDATE alias SET islist=1 WHERE address NOT IN (SELECT username FROM mailbox);
mysql&gt; UPDATE alias SET islist=0 WHERE address=domain; -- domain catch-all account
-- Store values into new column: domain.settings and drop them
mysql&gt; UPDATE domain SET settings='';
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultlanguage IS NULL OR defaultlanguage='', '', CONCAT('default_language:', defaultlanguage, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultuserquota IS NULL OR defaultuserquota=0, '', CONCAT('default_user_quota:', defaultuserquota, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultuseraliases IS NULL OR defaultuseraliases='', '', CONCAT('default_groups:', defaultuseraliases, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(minpasswordlength IS NULL OR minpasswordlength=0, '', CONCAT('min_passwd_length:', minpasswordlength, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(maxpasswordlength IS NULL OR maxpasswordlength=0, '', CONCAT('max_passwd_length:', maxpasswordlength, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(disableddomainprofiles IS NULL OR disableddomainprofiles='', '', CONCAT('disabled_domain_profiles:', disableddomainprofiles, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(disableduserprofiles IS NULL OR disableduserprofiles='', '', CONCAT('disabled_user_profiles:', disableduserprofiles, ';')));
mysql&gt; ALTER TABLE domain DROP defaultlanguage;
mysql&gt; ALTER TABLE domain DROP defaultuserquota;
mysql&gt; ALTER TABLE domain DROP defaultuseraliases;
mysql&gt; ALTER TABLE domain DROP minpasswordlength;
mysql&gt; ALTER TABLE domain DROP maxpasswordlength;
mysql&gt; ALTER TABLE domain DROP disableddomainprofiles;
mysql&gt; ALTER TABLE domain DROP disableduserprofiles;
</code></pre>
<p><strong>IMPORTANT NOTE</strong>: There might be some changes in SQL structure, please read
all upgrade tutorials for your current iRedMail release, then apply SQL
structure related changes. For example:
<a href="http://www.iredmail.org/wiki/index.php?title=Upgrade/iRedMail/0.7.4-0.8.0#Add_internal_service_required_by_Doveadm_2">http://www.iredmail.org/wiki/index.php?title=Upgrade/iRedMail/0.7.4-0.8.0#Add_internal_service_required_by_Doveadm_2</a></p>
<h2 id="migrate-mailboxes-maildir-format">Migrate mailboxes (Maildir format)</h2>
<ul>
<li>Simply copy all mailboxes (in Maildir format) to new iRedMail server.</li>
<li>Set correct file owner of mailboxes. Default owner is <code>vmail</code>, group is <code>vmail</code>.</li>
<li>Set correct file permission of mailboxes. Default is <code>0700</code>.</li>
</ul>
<p>WARNING: please make sure maildir path stored in SQL/LDAP matches the mailbox
path on file system, so that mail clients can find imported emails.</p>
<h2 id="migrate-roundcube-webmail-data">Migrate Roundcube webmail data</h2>
<ul>
<li>Export/import roundcube webmail database, and upgrade database to work with new version of Roundcube.
<a href="http://trac.roundcube.net/wiki/Howto_Upgrade">http://trac.roundcube.net/wiki/Howto_Upgrade</a></li>
</ul></body></html>

38
html/faq/why.append.timestamp.in.maildir.path.html Normal file
View File

@ -0,0 +1,38 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Why append timestamp in maildir path</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="why-append-timestamp-in-maildir-path">Why append timestamp in maildir path</h1>
<p>iRedMail will append timestamp in maildir path by default, here's why.</p>
<p>Depends on the tools/scripts you used to create mail accounts, it's tunable
in scripts shipped within iRedMail and iRedAdmin (file <code>settings.py</code>, variable
<code>MAILDIR_APPEND_TIMESTAMP = True</code> or `False').</p>
<p>Deleting mail accounts with iRedAdmin will not remove the mailboxes on file
system, so that you can keep user's mailbox for some time.</p>
<p>Think about this situation:</p>
<ul>
<li>
<p>Employee Michael Jordan has email address mj@domain.ltd. Without timestamp
in maildir path, the maildir path of his mailbox looks like
<code>/var/vmail/vmail1/domain.ltd/mj/</code>.</p>
</li>
<li>
<p>Michael left company, and your company deleted his mail account. With
iRedAdmin, it just deletes mail accounts stored in LDAP/SQL server, not delete
his mailbox on file system (<code>var/vmail/vmail1/domain.ltd/mj</code>).</p>
</li>
<li>
<p>A new talent joined in, his name is Mike Jackson, and he want to use
<code>mj@domain.ltd</code> since <code>mj@</code> is not used by others. And you created it for him.
Without timestamp in maildir path, the maildir path of Mike's mailbox is the
same as Michael's <code>/var/vmail/vmail1/domain.ltd/mj/</code>.</p>
</li>
</ul>
<p>iRedAdmin doesn't remove the mailboxes on file system, so Mike will see all
emails in Michael's mailbox if Michael didn't delete them. To avoid this, we
append a timestamp in maildir path to make sure all users will be assigned
a unique maildir paths.</p></body></html>

35
html/howto/allow.user.to.send.email.without.authentication.html Normal file
View File

@ -0,0 +1,35 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to allow user to send email without authentication </title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-allow-user-to-send-email-without-authentication">How to allow user to send email without authentication</h1>
<div class="toc">
<ul>
<li><a href="#how-to-allow-user-to-send-email-without-authentication">How to allow user to send email without authentication</a></li>
</ul>
</div>
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>:</p>
<pre>
fax-machine-12@mydomain.tld OK
</pre>
<p>Use postmap to create hash db file:</p>
<pre>
# postmap hash:/etc/postfix/accepted_unauth_senders```
</pre>
<p>Modify Postfix to use this text file: <code>/etc/postfix/main.cf</code></p>
<pre>
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]
</pre>
<p>Restart/reload postfix to make it work:</p>
<pre>
# /etc/init.d/postfix restart
</pre></body></html>

21
html/howto/amavisd.no.x-spam.headers.html Normal file
View File

@ -0,0 +1,21 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="amavisd-spamassassin-not-working-no-mail-header-x-spam-inserted">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</h1>
<p>Amavisd has below setting in its config file <code>/etc/amavisd/amavisd.conf</code> by default:</p>
<pre><code>$sa_tag_level_deflt = 2.0;
</code></pre>
<p>That means Amavisd will insert <code>X-Spam-Flag</code> and other <code>X-Spam-*</code> headers when email score &gt;= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:</p>
<pre><code>$sa_tag_level_deflt = -999;
</code></pre>
<p>Amavisd's main config file is different on different Linux/BSD distributions:</p>
<ul>
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
<li>Debian, Ubuntu: <code>/etc/amavis/conf.d/50-user</code> (and other config files under <code>/etc/amavs/conf.d/</code>)</li>
<li>FreeBSD: <code>/usr/local/etc/amavisd/amavisd.conf</code></li>
</ul></body></html>

50
html/howto/completely.disable.amavisd.clamav.spamassassin.html Normal file
View File

@ -0,0 +1,50 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to completely disable amavisd/ClamAV/SpamAssassin</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-completely-disable-amavisdclamavspamassassin">How to completely disable amavisd/ClamAV/SpamAssassin</h1>
<p>In iRedMail, Amavisd provides below features:</p>
<ul>
<li>content-based spam scanning (invoke SpamAssassin)</li>
<li>Virus scanning (invoke ClamAV)</li>
<li>DKIM singing</li>
<li>DKIM verification (through SpamAssassin + Perl module)</li>
<li>SPF verification (through SpamAssassin + Perl module)</li>
<li>Disclaimer (throught AlterMIME)</li>
</ul>
<h3 id="stop-virusspam-scanning-keep-dkim-signingverification-and-disclaimer">Stop virus/spam scanning, keep DKIM signing/verification and Disclaimer</h3>
<p>If you want to disable virus and spam scanning, but keep DKIM signing and disclaimer, please try this:</p>
<ul>
<li>
<p>Keep <code>content_filter = smtp-amavis:[127.0.0.1]:10024</code> in Postfix config file <code>/etc/postfix/main.cf</code>.</p>
</li>
<li>
<p>Find below lines in /etc/amavisd/amavisd.conf:</p>
</li>
</ul>
<pre><code class="perl"># @bypass_virus_checks_maps = (1); # controls running of anti-virus code
# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
</code></pre>
<p>Uncomment above lines (removing "# " at the beginning of each line), and restart Amavisd service.</p>
<h3 id="completely-disable-all-features">Completely disable all features</h3>
<p>If you want to completely disable spam and virus scanning services, steps:</p>
<ul>
<li>Comment out below two lines in Postfix config file <code>/etc/postfix/main.cf</code>, then restart Postfix service.</li>
</ul>
<pre><code class="perl">content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
</code></pre>
<ul>
<li>Disable network services: Amavisd, ClamAV.</li>
</ul>
<p>Notes:</p>
<ul>
<li>ClamAV and SpamAssassin will be invoked by Amavisd, so if you disable Amavisd, those two are disabled too.</li>
<li>SpamAssassin doesn't have daemon service running in iRedMail solution, so there's no need to stop SpamAssassin service.</li>
</ul></body></html>

31
html/howto/disable.spam.virus.scanning.for.outgoing.mails.html Normal file
View File

@ -0,0 +1,31 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to disable spam virus scanning for outgoing mails</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-disable-spam-virus-scanning-for-outgoing-mails">How to disable spam virus scanning for outgoing mails</h1>
<p>To disable spam/virus scanning for outgoing mails, you can add bypass settings in Amavisd config file: <code>/etc/amavisd/amavisd.conf</code> (RHEL/CentOS/Scientific Linux) or <code>/etc/amavis/conf.d/50-user</code> (Debian/Ubuntu) or <code>/usr/local/etc/amavisd.conf</code> (FreeBSD).</p>
<ul>
<li>bypass_spam_checks_maps</li>
<li>bypass_virus_checks_maps</li>
<li>bypass_header_checks_maps</li>
<li>bypass_banned_checks_maps</li>
</ul>
<p>These settings can be added in setting block <code>$policy_bank{'MYUSERS'}</code>:</p>
<pre><code class="perl">$policy_bank{'MYUSERS'} = {
[...OMIT OTHER SETTINGS HERE...]
# don't perform spam/virus/header check.
bypass_spam_checks_maps =&gt; [1],
bypass_virus_checks_maps =&gt; [1],
bypass_header_checks_maps =&gt; [1],
# allow sending any file names and types
bypass_banned_checks_maps =&gt; [1],
}
</code></pre>
<p>Restarting Amavisd service is required after changing settings.</p></body></html>

61
html/howto/howto.configure.thunderbird.for.iredmail.html Normal file
View File

@ -0,0 +1,61 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="configure-thunderbird-as-mail-client-imap-smtp-and-global-ldap-address-book">Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</h1>
<p>iRedMail provides POP3S (POP3 over TLS), IMAPS (IMAP over TLS), SMTPS (SMTP over TLS) for receiving and sending emails by default.</p>
<h2 id="create-new-mail-account">Create new mail account</h2>
<p>To create a new mail account with Thunderbird, please click menu: <code>File -&gt; New -&gt; Mail Account</code>.</p>
<p>Add your name, email address and password in this screen.</p>
<p><img alt="" src="../images/Thunderbird.new.mail.account.png" title="Thunderbird.new.mail.account.png" /></p>
<p>Click continue, it will detect IMAP and SMTP server automatically.</p>
<p>Note:</p>
<ul>
<li>Login username must be full email address. You may want to click <code>Edit</code> to ensure it is correct.</li>
<li>If you want to use POP3 instead of IMAP, click "Edit" and change it to POP3 in this screen with port <code>110</code>, <code>STARTTLS</code>.</li>
</ul>
<p><img alt="" src="../images/thunderbird.new.mail.account.setup.png" title="Thunderbird.new.mail.account.setup.png" /></p>
<h2 id="configure-thunderbird-as-pop3-client">Configure Thunderbird as POP3 client</h2>
<p>Warning: Make sure you are using full email address as username.</p>
<p><img alt="" src="../images/thunderbird.pop3.png" title="Thunderbird.pop3.png" /></p>
<h2 id="configure-thunderbird-as-imap-client">Configure Thunderbird as IMAP client</h2>
<p>Warning: Make sure you are using full email address as username.</p>
<p><img alt="" src="../images/thunderbird.imap.png" title="Thunderbird.imap.png" /></p>
<h2 id="configure-thunderbird-to-send-mail-via-smtp">Configure Thunderbird to send mail via SMTP</h2>
<p>Menu: Tools -&gt; Account settings... -&gt; Outgoing server (SMTP) -&gt; Choose the server you are using.</p>
<p>Warning: Make sure you are using full email address as username.</p>
<p><img alt="" src="../images/thunderbird.smtp.png" title="Thunderbird.smtp.png" /></p>
<h2 id="use-openldap-as-global-ldap-address-book">Use OpenLDAP as Global LDAP Address Book</h2>
<p><strong>IMPORTANT NOTE</strong>: Thunderbird won\'t show contacts in LDAP address book directly, but it works when you starting typing email address in recipient field while composing email.</p>
<p>Here we take Thunderbird 5.0 for example. Steps:</p>
<ul>
<li>Click <code>Address Book</code> in main Thunderbird window. </li>
<li>In Address Book window, click menu <code>File -&gt; New -&gt; LDAP Directory</code>.</li>
<li>
<p>In tab <code>General</code>:</p>
<ul>
<li><code>Name</code>: use whatever name you like. e.g. Global LDAP Address Book.</li>
<li><code>Hostname</code>: IP address or hostname of your iRedMail server.</li>
<li><code>Base DN</code>: Base dn of your domain in LDAP directory. Normally, it's <code>domainName=domain.ltd,o=domains,dc=xxx,dc=xxx</code>. For example, <code>domainName=example.com,o=domains,dc=iredmail,dc=org</code>.</li>
<li><code>Port Number</code>: 389. <strong>Note</strong>: If you prefer to connect to OpenLDAP server over SSL, please check the <code>Use secure connection (SSL)</code> under same tab.</li>
<li><code>Bind DN</code>: It's full LDAP dn of your mail account. Normally, it's <code>mail=user@domain.ltd,ou=Users,domainName=domain.ltd,o=domains,dc=xxx,dc=xxx</code>. For example: <code>mail=john@example.com,ou=Users,domainName=example.com,o=domains,dc=iredmail,dc=org</code>.</li>
</ul>
</li>
<li>
<p>In tab <code>Advanced</code>:</p>
<ul>
<li><code>Don't return more than xxx results</code>: depends on how many accounts stored in same domain, you may want to increase or descrease it. Default value in 100.</li>
<li><code>Scope</code>: Subtree.</li>
<li><code>Search filter</code>: <code>(&amp;(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))</code></li>
<li><code>Login method</code>: <code>Simple</code>.</li>
</ul>
</li>
<li>
<p>Now switch to tab <code>Offline</code>, click button <code>Download Now</code> to test your settings. It will prompt to input password for this LDAP server, just type password of your mail account. With correct bind dn and password, it will display <code>Replicated succeeded</code>.</p>
</li>
</ul>
<p>That's all.</p></body></html>

68
html/howto/howto.enable.smtps.service.html Normal file
View File

@ -0,0 +1,68 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to enable SMTPS service (SMTP over SSL, port 465)</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-enable-smtps-service-smtp-over-ssl-port-465">How to enable SMTPS service (SMTP over SSL, port 465)</h1>
<div class="toc">
<ul>
<li><a href="#how-to-enable-smtps-service-smtp-over-ssl-port-465">How to enable SMTPS service (SMTP over SSL, port 465)</a><ul>
<li><a href="#why-iredmail-doesnt-enable-smtps-smtp-over-ssl-by-default">Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default</a></li>
<li><a href="#why-enable-smtps-since-its-depreciated">Why enable SMTPS since it's depreciated</a></li>
<li><a href="#how-to-enable-smtps">How to enable SMTPS</a></li>
<li><a href="#open-port-465-in-iptables">Open port 465 in iptables</a></li>
</ul>
</li>
</ul>
</div>
<h3 id="why-iredmail-doesnt-enable-smtps-smtp-over-ssl-by-default">Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default</h3>
<p>SMTPS is deprecated, so iRedMail disable it by default.
Quote from (wikipedia.org)[http://en.wikipedia.org/wiki/SMTPS]</p>
<blockquote>
<p>Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS has been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.</p>
</blockquote>
<h3 id="why-enable-smtps-since-its-depreciated">Why enable SMTPS since it's depreciated</h3>
<p>Unfortunately, there're some popular mail clients don't support submission (SMTP over STARTTLS, port 587), the famous one is Microsoft Outlook. Quote from wikipedia.org:</p>
<blockquote>
<p>Even in 2013, there are still services that continue to offer the deprecated SMTPS interface on port 465 in addition to (or instead of!) the RFC-compliant message submission interface on the port 587 defined by RFC 6409. Service providers that maintain port 465 do so because older Microsoft applications (including Entourage v10.0) do not support STARTTLS, and thus not the smtp-submission standard (ESMTPS on port 587). The only way for service providers to offer those clients an encrypted connection is to maintain port 465.</p>
</blockquote>
<h3 id="how-to-enable-smtps">How to enable SMTPS</h3>
<p>To enable SMTPS, you should configure Postfix to listen on port 465 first, then open port 465 in iptables.</p>
<p>Please find below lines in Postfix config file <code>/etc/postfix/master.cf</code> (Linux/OpenBSD) or <code>/usr/local/etc/postfix/master.cf</code> (FreeBSD):</p>
<pre><code>#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
</code></pre>
<p>Uncomment first 4 lines, but leave the last one commented out (because iRedMail doesn't use Postfix milter at all):</p>
<pre><code>smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
</code></pre>
<p>Restart Postfix service to enable SMTPS.</p>
<h3 id="open-port-465-in-iptables">Open port 465 in iptables</h3>
<p>On RHEL/CentOS, please update iptables rule file <code>/etc/sysconfig/iptables</code>, add one rule (third line in below code) for port 465, then restart iptables service.</p>
<pre><code># File: /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<p>On Debian/Ubuntu, if you use iptables rule file provided by iRedMail, please update <code>/etc/default/iptables</code>, add one rule (third line in below code) for port 465, then restart iptables service.</p>
<pre><code>File: /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<p>On OpenBSD, please append service 'smtps' in <code>/etc/pf.conf</code>, parameter <code>mail_services=</code>:</p>
<pre><code>File: /etc/pf.conf
mail_services="{www, https, submission, imap, imaps, pop3, pop3s, ssh, smtps}"
</code></pre>
<p>Reload PF rule file:</p>
<pre><code># pfctl -f /etc/pf.conf
</code></pre></body></html>

80
html/howto/pipe.incoming.email.for.certain.user.to.external.script.html Normal file
View File

@ -0,0 +1,80 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to pipe incoming email for certain user to external script </title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-pipe-incoming-email-for-certain-user-to-external-script">How to pipe incoming email for certain user to external script</h1>
<p>This tutorial explains how to pipe incoming email for certain user to external script.</p>
<h2 id="configure-postfix-to-use-your-external-script-as-transport">Configure Postfix to use your external script as transport</h2>
<p>To pipe incoming emails to external script, you must add your external script
as Postfix transport program. Please add below line at the bottom of Postfix
config file <code>/etc/postfix/master.cf</code>:</p>
<pre><code>external-pipe unix - n n - - pipe
flags= user=vmail:vmail argv=/path/to/your/external/script.sh
</code></pre>
<p><strong>Note</strong>:</p>
<ul>
<li>You can use some macros to replace with corresponding information from the
Postfix queue manager delivery request. Refer to Postfix manual page
<a href="http://www.postfix.org/pipe.8.html">pipe(8)</a> for more details. For example:</li>
</ul>
<pre><code>external-pipe unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/path/to/your/external/script.sh -f ${sender} -d ${user}@${domain} -m ${extension}
</code></pre>
<ul>
<li>the second line needs to be right under the first line and must start with
one (or more) whitespace, and the first line cannot start with whitespace,
otherwise postfix will fail with <code>unexpected command-line argument</code> errors.
Also make sure the <code>user=</code> line is pointing to a valid user with permissions
to execute the script. This user must not be the postfix or root user, otherwise
or the pipe will fail.</li>
</ul>
<p>Now restart Postfix service to make this new transport available:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<h2 id="update-per-user-transport-to-use-this-new-transport">Update per-user transport to use this new transport</h2>
<p>We need to update per-user transport setting, so that all emails delivered to
this user will be piped to this new transport - your script.</p>
<ul>
<li>
<p>If you have iRedAdmin-Pro:</p>
<ul>
<li>
<p>For iRedAdmin-Pro-LDAP installed, please go to user profile page, under
tab <code>Advanced</code>, set <code>Relay/Transport setting</code> to <code>external-pipe</code>.
<a href="http://www.iredmail.org/images/iredadmin/user_profile_relay.png">Screenshot</a> for your reference:</p>
</li>
<li>
<p>For iRedAdmin-Pro-MySQL or iRedAdmin-Pro-PGSQL installed, please go
to user profile page, under tab <code>Relay</code>, set <code>Relay/Transport setting</code> to
<code>external-pipe</code>.</p>
</li>
</ul>
</li>
<li>
<p>If you don't have iRedAdmin-Pro, please update LDAP/MySQL/PgSQL database to
use this new transport.</p>
<ul>
<li>
<p>For OpenLDAP backend, please login to phpLDAPadmin, add new attribute
<code>mtaTransport</code> for your user, set its value to <code>external-pipe</code>.</p>
</li>
<li>
<p>For MySQL/PostgreSQL backend, please execute below command with SQL
command line tool (Replace 'user@domain.ltd' by the real email address):</p>
</li>
</ul>
</li>
</ul>
<pre>
sql> USE vmail;
sql> UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
</pre>
<p>That's all.</p></body></html>

32
html/howto/recalculate.mailbox.quota.html Normal file
View File

@ -0,0 +1,32 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to force Dovecot to recalculate mailbox quota </title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-force-dovecot-to-recalculate-mailbox-quota">How to force Dovecot to recalculate mailbox quota</h1>
<p>iRedMail enables dict quota since iRedMail-0.7.0, dict quota is recalculated
only if the quota goes below zero</p>
<ul>
<li>For MySQL and PostgreSQL backend:</li>
</ul>
<pre>
mysql> USE vmail;
mysql> DELETE FROM used_quota WHERE username='user@domain.ltd';
</pre>
<ul>
<li>For OpenLDAP backend:</li>
</ul>
<pre>
mysql> USE iredadmin;
mysql> DELETE FROM used_quota WHERE username='user@domain.ltd';
</pre>
<p>Re-login via POP3/IMAP (or webmail) will trigger Dovecot to recalculate mailbox
quota.</p>
<p><strong>TIP</strong>: it's safe to delete records in SQL table <code>used_quota</code> if mail user
was deleted in table <code>vmail.mailbox</code> or LDAP. iRedAdmin-Pro will handle this
for you automatically.</p></body></html>

212
html/howto/store.spamassassin.bayes.in.sql.html Normal file
View File

@ -0,0 +1,212 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to store spamassassin bayes in SQL</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-store-spamassassin-bayes-in-sql">How to store spamassassin bayes in SQL</h1>
<p><strong>THIS ARTICLE IS STILL A DRAFT, DO NOT APPLY IT IN PRODUCTION SERVER.</strong></p>
<h2 id="summary">Summary</h2>
<p>This article will guide you to configure related components to store
SpamAssassin Bayes data in SQL server, and allow webmail users to report spam
with one click.</p>
<p>Tested with:</p>
<ul>
<li>iRedMail-0.8.0, iRedMail-0.8.7. </li>
<li>CentOS 6.2 (x86_64)</li>
<li>SpamAssassin-3.3.1</li>
<li>Amavisd-new-2.6.6</li>
<li>MySQL-5.1.61</li>
<li>Roundcubemail-0.7.2</li>
</ul>
<p>Notes:</p>
<ul>
<li>This article should work with all iRedMail releases. We take iRedMail-0.8.0 for example.</li>
<li>This article should work with all backends: OpenLDAP, MySQL, MariaDB, PostgreSQL. We take MySQL backend for example.</li>
<li>This article should work with Amavisd-new-2.6.0 and later versions.</li>
</ul>
<p><strong>IMPORTANT NOTE</strong>:</p>
<ul>
<li>The bayesian classifier can only score new messages if it already has 200
known spams and 200 known hams.</li>
<li>If Spamassassin fails to identify a spam, teach it so it can do better next
time. e.g. Mark it as spam in roundcube webmail.</li>
<li>Read <code>References</code> section at the end of this article before asking questions.</li>
</ul>
<h2 id="create-required-sql-database-used-to-store-bayes-data">Create required SQL database used to store bayes data</h2>
<p>We need to create a SQL database and necessary tables to store SpamAssassin
bayes data. The RPM package installed on CentOS 6 doesn't ship SQL template
for bayes database, so we have to download it from Apache web site. We're
running SpamAssassin-3.3.1, so what we need is this SQL template file:
http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_3_1/sql/bayes_mysql.sql.
If you're running different version, please find the proper SQL file here:
<a href="http://svn.apache.org/repos/asf/spamassassin/tags/">http://svn.apache.org/repos/asf/spamassassin/tags/</a>.</p>
<pre>
# cd /root/
# wget http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_3_1/sql/bayes_mysql.sql
</pre>
<p>Create MySQL database and import SQL template file:</p>
<pre>
# mysql -uroot -p
mysql> CREATE DATABASE sa_bayes;
mysql> USE sa_bayes;
mysql> SOURCE /root/bayes_mysql.sql;
</pre>
<p>Create a new MySQL user (with password <code>sa_user_password</code>) and grant
permissions. <strong>IMPORTANT NOTE</strong>: Please replace password <code>sa_user_password</code>
by your own password.</p>
<pre>
mysql> GRANT SELECT, INSERT, UPDATE, DELETE ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_user_password';
mysql> FLUSH PRIVILEGES;
</pre>
<h2 id="enable-bayes-modules-in-spamassassin">Enable Bayes modules in SpamAssassin</h2>
<p>Edit <code>/etc/mail/spamassassin/local.cf</code>, add (or modify below settings):</p>
<pre>
use_bayes 1
bayes_auto_learn 1
bayes_auto_expire 1
# Store bayesian data in MySQL
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:sa_bayes:127.0.0.1:3306
# Store bayesian data in PostgreSQL
#bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
#bayes_sql_dsn DBI:Pg:sa_bayes:127.0.0.1:5432
bayes_sql_username sa_user
bayes_sql_password sa_user_password
# Override the username used for storing
# data in the database. This could be used to group users together to
# share bayesian filter data. You can also use this config option to
# trick sa-learn to learn data as a specific user.
bayes_sql_override_username vmail
</pre>
<p>Make sure SpamAssassin will load bayes modules:</p>
<pre>
# /etc/init.d/amavisd stop
# amavisd -c /etc/amavisd/amavisd.conf debug 2>&1 | grep -i 'bayes'
May 16 09:59:33 ... SpamAssassin loaded plugins: ..., Bayes, ...
May 16 10:27:38 ... extra modules loaded after daemonizing/chrooting:
Mail/SpamAssassin/BayesStore/MySQL.pm, Mail/SpamAssassin/BayesStore/SQL.pm, ...
</pre>
<p>Looks fine. Now press <code>Ctrl-C</code> to terminate above command.</p>
<p>Start Amavisd service:</p>
<pre>
# /etc/init.d/amavisd restart
</pre>
<p>It is required we initialize the database by learning a message. We use the
sample spam email shipped in the RPM package provided by CentOS 6:</p>
<pre>
# rpm -ql spamassassin | grep 'sample-spam'
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
# sa-learn --spam --username=vmail /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
Learned tokens from 1 message(s) (1 message(s) examined)
</pre>
<h2 id="enable-roundcube-plugin-markasjunk2">Enable Roundcube plugin: markasjunk2</h2>
<ul>
<li>
<p>We need a third-party Roundcube plugin to allow webmail users to report spam:
<code>Mark as Junk 2</code>. You can download it here:
<a href="https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2/releases">https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2/releases</a></p>
</li>
<li>
<p>After download, please uncompress it and copy it to roundcube plugins
directory: <code>/var/www/roundcubemail/plugins/</code>. Then we get a new directory:
<code>/var/www/roundcubemail/plugins/markasjunk2/</code>.</p>
</li>
<li>
<p>Enter directory <code>/var/www/roundcubemail/plugins/markasjunk2/</code>, generate
config file by copying its sample config file:</p>
</li>
</ul>
<pre>
# cd /var/www/roundcubemail/plugins/markasjunk2/
# cp config.inc.php.dist config.inc.php
</pre>
<ul>
<li>Edit <code>roundcubemail/plugins/markasjunk2/config.inc.php</code>, update below settings:</li>
</ul>
<pre>
$rcmail_config['markasjunk2_learning_driver'] = 'cmd_learn';
$rcmail_config['markasjunk2_read_spam'] = true;
$rcmail_config['markasjunk2_unread_ham'] = false;
$rcmail_config['markasjunk2_move_spam'] = true;
$rcmail_config['markasjunk2_move_ham'] = true;
$rcmail_config['markasjunk2_mb_toolbar'] = true;
$rcmail_config['markasjunk2_spam_cmd'] = 'sa-learn --spam --username=vmail %f';
$rcmail_config['markasjunk2_ham_cmd'] = 'sa-learn --ham --username=vmail %f';
</pre>
<ul>
<li>Enable this plugin in Roundcube config file
<code>/var/www/roundcubemail/config/main.inc.php</code> by appending <code>markasjunk2</code>
in plugin list:</li>
</ul>
<pre>
$rcmail_config['plugins'] = array(..., "markasjunk2");
</pre>
<ul>
<li>Learning driver <code>cmd_learn</code> requires PHP function <code>exec</code>, so we have to
remove it from PHP config file <code>/etc/php.ini</code>, parameter <code>disabled_functions</code>:</li>
</ul>
<pre>
# OLD SETTING
# disable_functions =show_source,system,shell_exec,passthru,exec,phpinfo,proc_open ;
# NEW SETTING. exec is removed.
disable_functions =show_source,system,shell_exec,passthru,phpinfo,proc_open ;
</pre>
<ul>
<li>Restarting Apache web server.</li>
</ul>
<p>You will see a new toolbar button after logging into Roundcube webmail:</p>
<p><img alt="" src="../images/Markasjunk2_toolbar_button.png" /></p>
<p>Check SQL database <code>sa_bayes</code> before we testing this plugin:</p>
<pre>
# mysql -uroot -p
mysql> USE sa_bayes;
mysql> SELECT COUNT(*) FROM bayes_token;
+----------+
| count(*) |
+----------+
| 65 |
+----------+
</pre>
<p>Back to Roundcube webmail, select a spam email (or a testing email), click
<code>Mark as Junk</code> button, then this email will be scanned by command <code>sa-learn</code>.
Check database <code>sa_bayes</code> again to make sure it's working:</p>
<pre>
# mysql -uroot -p
mysql> USE sa_bayes;
mysql> SELECT COUNT(*) FROM bayes_token;
+----------+
| count(*) |
+----------+
| 143 |
+----------+
</pre>
<p>Note: You may get different result number as shown above.</p>
<p>So far so good. That's all we need to do.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://wiki.apache.org/spamassassin/BayesInSpamAssassin">Bayes Introduction</a>. Please do read section <code>Things to remember</code>.</li>
<li><a href="http://wiki.apache.org/spamassassin/BayesFaq">SpamAssassin Bayes Frequently Asked Questions</a></li>
</ul></body></html>

157
html/howto/unattended.iredmail.installation.html Normal file
View File

@ -0,0 +1,157 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to perform silent/unattended iRedMail installation</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-perform-silentunattended-iredmail-installation">How to perform silent/unattended iRedMail installation</h1>
<p>iRedMail will store configrations in file iRedMail-x.y.z/config during
installation, and ask you whether to use it for installation directly
or create a new one.</p>
<p>You can create a sample config file by executing iRedMail installer:</p>
<pre><code class="bash"># bash iRedMail.sh
</code></pre>
<p>After config wizard dialogs, you will find file <code>config</code> under iRedMail root
directory. For example, <code>/root/iRedMail-0.8.7/config</code>. it will ask whether to
start installation or not, you can cancel it if you want.</p>
<p>You can copy this config file to deploy as many servers as you want, change
the hard-coded passwords in it if you want.</p>
<p>How to deploy a new server with sample config file:</p>
<ul>
<li>Copy sample config file to new server, e.g. <code>/root/iRedMail-0.8.7/config</code>.</li>
<li>Execute iRedMail installer with shell variables:</li>
</ul>
<pre><code class="bash"># AUTO_USE_EXISTING_CONFIG_FILE=y \
AUTO_INSTALL_WITHOUT_CONFIRM=y \
AUTO_CLEANUP_REMOVE_SENDMAIL=y \
AUTO_CLEANUP_REMOVE_MOD_PYTHON=y \
AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y \
AUTO_CLEANUP_RESTART_IPTABLES=y \
AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y \
AUTO_CLEANUP_RESTART_POSTFIX=n \
bash iRedMail.sh
</code></pre>
<h2 id="sample-deployment">Sample Deployment</h2>
<p>Here's how i preform iRedMail tests every day with VMware Fusion on Mac OS X,
all are completed automatically with a shell command.</p>
<ul>
<li>
<p>Install a clean, basic/minimal OS (Debian/CentOS/OpenBSD/FreeBSD, etc), set
proper hostname, configure network, then shut down this server and create a
VMware snapshot named <code>Latest</code>. The snapshot name will be used in my shell
script, it needs a snapshot name to reverse VM to the clean OS.</p>
</li>
<li>
<p>Revert VM to the latest snapshot (a clean, basic, minimal OS) with VMware
command line tool <code>vmrun</code>.</p>
</li>
<li>
<p>Start this VM with <code>vmrun</code>, sleep 30 (or 60) seconds waiting for OS start up.</p>
</li>
<li>
<p>Detect network connection to this VM, if it's up, upload required files with <code>scp</code>:</p>
</li>
<li>the latest development edition of iRedMail</li>
<li>source tarballs required by iRedMail (Roundcube, iRedAdmin, iRedAPD, etc)</li>
<li>
<p>downloaded RHEL/CentOS/Debian/Ubuntu/OpenBSD binary packages, FreeBSD
distfiles etc. The most important one is a prepared iRedMail config file: iRedMail-x.y.z/config.</p>
</li>
<li>
<p>Create/Update iRedMail installation status file: iRedMail-x.y.z/.status
to skip downloading source tarballs, etc.</p>
</li>
<li>
<p>Perform installation via ssh like this:</p>
</li>
</ul>
<pre><code class="shell">ssh root@[SERVER] &quot;cd /root/iRedMail/ &amp;&amp; IREDMAIL_DEBUG='NO' AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_MOD_PYTHON=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_RESTART_IPTABLES=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_RESTART_POSTFIX=n bash iRedMail.sh&quot;
</code></pre>
<ul>
<li>Perform after-installation tasks: upload downloaded ClamAV database, ..., reboot server.</li>
</ul>
<p>It should complete in 2-3 minutes (uploading binary packages takes most time),
then i got a working iRedMail server. I do this many times every day.</p>
<p>I have 5 prepared iRedMail config files for different backends: OpenLDAP,
MySQL, MariaDB, PostgreSQL, ldapd (OpenBSD only). i run my script with an
option to install iRedMail with specified backend like below, the script will
upload proper config file to server:</p>
<pre><code class="shell"># bash auto.centos7.sh ldap
# bash auto.centos7.sh mysql
# bash auto.centos7.sh pgsql
# bash auto.ubuntu14.sh mariadb
# bash auto.openbsd55.sh ldapd
</code></pre>
<p>Below is file of <code>auto.centos7.sh</code> mentioned above, it prepares VMware virtual
machine, then execute another script <code>c7.sh</code> to perform the real installation.</p>
<pre><code class="shell">#!/usr/bin/env bash
# File: auto.centos7.sh
[ X&quot;$#&quot; != X'1' ] &amp;&amp; echo 'No backend? ldap, mysql, pgsql' &amp;&amp; exit 255
export backend=&quot;${1}&quot;
export VMRUN='vmrun -T fusion'
export VM_USER_ROOT='root'
export VM_HOSTNAME='c7'
export VM=&quot;/Users/zhb/vm.packages/vm/CentOS-7-x86_64.vmwarevm/CentOS-7-x86_64.vmx&quot;
echo &quot;* Revert to the latest snapshot.&quot;
${VMRUN} revertToSnapshot ${VM} Latest
echo &quot;* Start VM.&quot;
${VMRUN} start ${VM}
echo &quot;* Sleep 30 seconds to wait VM start up.&quot;
sleep 30
echo &quot;* Detect network status with ssh.&quot;
while :; do
ssh ${VM_USER_ROOT}@${VM_HOSTNAME} &quot;exit&quot;
if [ X&quot;$?&quot; == X'0' ]; then
break
else
sleep 5
fi
done
echo &quot;* Start testing iRedMail.&quot;
sh ${VM_HOSTNAME}.sh ${backend}
</code></pre>
<pre><code class="shell">#!/usr/bin/env bash
# File: c7.sh
[ X&quot;$#&quot; != X'1' ] &amp;&amp; echo 'No backend?' &amp;&amp; exit 255
backend=&quot;${1}&quot;
# hostname of your VMware virtual machine set in Mac OS X /etc/hosts.
HOST=&quot;c7&quot;
echo 'copying iRedMail ...'
scp -r ~/projects/iredmail/iRedMail root@${HOST}:~ &gt;/dev/null
echo 'copying pkgs/misc ...'
scp -r misc root@${HOST}:~/iRedMail/pkgs/ &gt;/dev/null
scp -r config.${backend} root@${HOST}:~/iRedMail/config &gt;/dev/null
echo 'copying archives ...'
scp -r rhel/7/yum root@${HOST}:/var/cache/ &gt;/dev/null
echo 'updating .status ...'
ssh root@${HOST} &quot;echo export status_check_new_iredmail='DONE' &gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;echo export status_fetch_pkgs='DONE' &gt;&gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;echo export status_fetch_misc='DONE' &gt;&gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;echo export status_cleanup_update_clamav_signatures='DONE' &gt;&gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;cd /root/iRedMail/ &amp;&amp; yum clean metadata &amp;&amp; AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_MOD_PYTHON=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_RESTART_IPTABLES=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_RESTART_POSTFIX=n bash iRedMail.sh&quot;
ssh root@${HOST} &quot;/usr/bin/systemctl stop firewalld&quot;
#ssh root@${HOST} &quot;mkdir /root/pro &amp;&amp; cp /var/www/iredadmin/settings.py /root/pro/&quot;
#scp -r clamav/* root@${HOST}:/var/lib/clamav/
#ssh root@${HOST} &quot;chown clamupdate:clamupdate /var/lib/clamav/*&quot;
ssh root@${HOST} &quot;echo 'reboot'; reboot&quot;
</code></pre></body></html>

69
html/howto/use.or.migrate.password.hashes.html Normal file
View File

@ -0,0 +1,69 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to use or migrate password hashes</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-use-or-migrate-password-hashes">How to use or migrate password hashes</h1>
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
Dovecot wiki page
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a> for more details.</p>
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
<ul>
<li>Plain text. e.g. <code>123456</code></li>
<li>MD5. (salted. e.g. <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
</ul>
<p><strong>NOTE</strong>: Dovecot claims it supports SSHA512, but I didn't get it work.
Please test it first if you choose SSHA512.</p>
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
<ul>
<li>For MySQL and PostgreSQL backends: <code>MD5</code> (salted).</li>
<li>For LDAP backend: <code>SSHA</code>.</li>
</ul>
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
<h3 id="for-mysql-and-postgresql-backends">For MySQL and PostgreSQL backends</h3>
<p>All mail users are stored in SQL table <code>vmail.mailbox</code>, user password is stored
in SQL column <code>mailbox.password</code>. For example:</p>
<pre>
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
</pre>
<ul>
<li>To store PLAIN-MD5, you have to prepend <code>{PLAIN-MD5}</code> in your password hash:</li>
</ul>
<pre>
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
</pre>
<ul>
<li>To store plain password, you have to prepend <code>{PLAIN}</code>:
<pre>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</pre></li>
</ul>
<h3 id="for-ldap-backends">For LDAP backends</h3>
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
<ul>
<li>
<p>To store plain password, SSHA, SSHA512 password hash, just store them in
original format. For example:
<pre>
userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</pre></p>
</li>
<li>
<p>To store standard MD5 password (salted MD5 hash), please prepend <code>{CRYPT}</code>
(case insensitive) in your password hash. For example:
<pre>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</pre></p>
</li>
</ul>
<p><strong>IMPORTANT NOTE</strong>: If you want to input password hash with phpLDAPadmin,
please choose <code>clear</code> in the password hash list, then input password hash.</p></body></html>

23
html/troubleshooting/turn.on.debug.mode.in.dovecot.html Normal file
View File

@ -0,0 +1,23 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title> How to turn on debug mode in Dovecot</title>
<link href="../css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<h1 id="how-to-turn-on-debug-mode-in-dovecot">How to turn on debug mode in Dovecot</h1>
<p>To turn on debug mode in Dovecot, please update Dovecot config file
<code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), set <code>mail_debug</code> to <code>yes</code>:</p>
<pre><code>mail_debug = yes
</code></pre>
<p>Restart Dovecot service.</p>
<p>If you need authentication and password related debug message, turn on related
settings and restart dovecot service.</p>
<pre><code>auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
auth_verbose_passwords = yes
</code></pre></body></html>