elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

New: faq/backup.restore.md.

This commit is contained in:
Zhang Huangbin 2015-05-10 20:29:07 +08:00
parent 0ef1aefd5a
commit 3a86582453
7 changed files with 502 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
faq/backup.restore.md Normal file
View File

@ -0,0 +1,226 @@
# Backup and restore
[TOC]
## Backup
### Backup mail accounts
Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts
to backup SQL/LDAP databases, you can find them in downloaded iRedMail release,
or find them in [iRedMail source code repository](https://bitbucket.org/zhb/iredmail/src/default/iRedMail/tools/):
* `iRedMail-[VERSION]/tools/backup_openldap.sh`: used to backup OpenLDAP data.
* `iRedMail-[VERSION]/tools/backup_mysql.sh`: used to backup MySQL/MariaDB databases.
* `iRedMail-[VERSION]/tools/backup_pgsql.sh`: used to backup PostgreSQL databases.
iRedMail will setup a daily cron job to run backup script(s) during
installation, so what you need to do is checking whether or not they're
defined as cron jobs with below commands:
```
# crontab -l -u root
```
Sample output on an iRedMail server with OpenLDAP backend:
```
# iRedMail: Backup OpenLDAP data every day on 03:01 AM
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
# iRedMail: Backup MySQL databases every day on 03:10 AM
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh
```
Notes:
* Backup files are stored under directory defined in parameter `BACKUP_ROOTDIR`
in backup scripts, default is `/var/vmail/backup`.
* SQL backup is plain SQL file, LDAP backup is plain LDIF file.
* Backup files are compressed with `bzip2` by default, you can decompress them
with command `bunzip2`. for example, `bunzip file_name.bz2`.
* It's ok to run the backup scripts manually.
## Restore
### How to restore SQL databases
You can simply restore plain SQL files backed up by above backup scripts.
> __WARNING: Do not restore database `mysql` on a new iRedMail server.__
>
> If you're restoring on a __NEW__ iRedMail server, do *NOT*
> restore database `mysql` exported from old server, it contains SQL usernames
> and passwords used in many components (e.g. Postfix, Dovecot, Roundcube
> webmail) on old server. New iRedMail server already has the same SQL accounts
> with different passwords, so please do not restore `mysql` database,
> otherwise almost all services won't work due to incorrect SQL credentials.
### How to restore LDAP backup
Backup script runs command `slapcat` to dump whole LDAP tree as a backup, it
must be so restored with command `slapadd`.
Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and
directories may be different on other Linux/BSD distributions, you can find
the correct ones in this tutorial:
[Locations of configuration and log files of mojor components](./file.locations.html#openldap).
* LDAP backups are stored under `/var/vmail/backup/ldap/[YEAR]/[MONTH]` by
default, for example, `/var/vmail/backup/ldap/2015/05/`. And it's compressed
with `bzip2` command to save disk space. we must decompress it first.
* Go to the backup directory, find the latest backup. here we use backup file
`2015-05-10-03:01:01.ldif.bz2` for example.
```
# cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif
```
* Find passwords for `cn=vmail,dc=xx,dc=xx` and `cn=vmailadmin,dc=xx,dc=xx`
in the root directory of iRedMail installation directory on __NEW__ iRedMail
server. for example, `/root/iRedMail-0.9.0/iRedMail.tips`. Notes:
* They're plain passwords, not hashed or encrypted.
* You can also find `cn=vmail`'s password in Postfix config files under
`/etc/postfix/mysql` (MySQL/MariaDB backend) or
`/etc/postfix/pgsql` (PostgreSQL backend).
* You can also find `cn=vmailadmin`'s password in
[iRedAdmin config file](./file.locations.html#iredadmin).
Below is sample copy in file `iRedMail.tips`.
```
OpenLDAP:
...
* LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
* LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
```
* Now hash them with command `slappasswd`:
```
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmail's password
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmailadmin's password
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
```
* Open the backup file `2015-05-10-03:01:01.ldif` with your favourite text
editor, find `usePassword` line of `cn=vmail` and `cn=vmailadmin`.
__Important notes__:
* A line that begins with a SPACE denotes that the characters following the
space are part of the previous line.
* There're two colons after `userPassword` string (`userPassword::`).
Below is a sample copy in `2015-05-10-03:01:01.ldif`:
```
dn: cn=vmail,dc=iredmail,dc=org
...
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ= # <- remove this line
= # <- remove this line
...
dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ= # <- remove this line
= # <- remove this line
...
```
Replace these two `userPassword` lines by the newly generated ssha passwords,
save your change, exit your text editor.
```
dn: cn=vmail,dc=iredmail,dc=org
...
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
...
dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
...
```
__Important note__: There's only __ONE__ colon after `userPassword` string
(`userPassword:`).
* OpenLDAP service must be stopped while restoring backup. So we stop it first:
```
# /etc/init.d/ldap stop
```
* Remove all files under OpenLDAP data directory defined in LDAP config file
`slapd.conf` except one file (`DB_CONFIG`). For example:
```
# File: /etc/openldap/slapd.conf
...
database bdb
suffix dc=iredmail,dc=org
directory /var/lib/ldap/iredmail.org
...
```
So you should remove all files under directory `/var/lib/ldap/iredmail.org`
except `/var/lib/ldap/iredmail.org/DB_CONFIG`.
```
# cd /var/lib/ldap/iredmail.org/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/iredmail.org/*
# mv ~/DB_CONFIG .
```
* Start OpenLDAP service immediately, then stop it again. it will help create
necessary files required by backend db (`dbd` in our case, `database dbd`).
```
# /etc/init.d/slapd start
# /etc/init.d/slapd stop
```
* Make sure OpenLDAP server is __NOT__ running, then restore backup LDIF file
with command `slapadd`.
```
# slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
```
* It's OK to start OpenLDAP server now. It may report errors like below:
```
# /etc/init.d/slapd start
Stopping slapd: [ OK ]
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]"
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by "[WARNING]
/var/lib/ldap/iredmail.org/mtaTransport.bdb is not owned by [WARNING]
/var/lib/ldap/iredmail.org/cn.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/domainName.bdb is not owned by "l[WARNING]
/var/lib/ldap/iredmail.org/ou.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/uid.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/enabledService.bdb is not owned b[WARNING]
/var/lib/ldap/iredmail.org/homeDirectory.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/domainGlobalAdmin.bdb is not owne[WARNING]p"
/var/lib/ldap/iredmail.org/sn.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/mail.bdb is not owned by "ldap" [WARNING]
/var/lib/ldap/iredmail.org/accountStatus.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/givenName.bdb is not owned by "ld[WARNING]
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
```
If you see above warning about improper file ownership, please set correct file
owner on newly created bdb files immediately, then restart OpenLDAP service:
```
# chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
# /etc/init.d/ldap restart
```

2
faq/network.ports.md
View File

@ -1,5 +1,7 @@
# Which network ports are open by iRedMail
[TOC]
## Web server (Apache or Nginx)
* 80: normal web service port

7
howto/use.a.bought.ssl.certificate.md
View File

@ -15,18 +15,19 @@ providers, choose the one you prefer.
## Generate SSL private key and buy one SSL certificate
First of all, you need to generate a new SSL certificate on your server
with `openssl` command. WARNING: do NOT use key length smaller than `2048` bit,
with `openssl` command. __WARNING__: do NOT use key length smaller than `2048` bit,
it's insecure.
```
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
```
This command will generate two files:
* `server.key`: the private key for the decryption of your SSL certificate.
* `server.csr`: the certificate signing request (CSR) file used to apply
for your SSL certificate.
for your SSL certificate. __This file is the one required by SSL certificate
provider.__
The openssl command will prompt for the following X.509 attributes of the
certificate:

249
html/backup.restore.html Normal file
View File

@ -0,0 +1,249 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Backup and restore</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="backup-and-restore">Backup and restore</h1>
<div class="toc">
<ul>
<li><a href="#backup-and-restore">Backup and restore</a><ul>
<li><a href="#backup">Backup</a><ul>
<li><a href="#backup-mail-accounts">Backup mail accounts</a></li>
</ul>
</li>
<li><a href="#restore">Restore</a><ul>
<li><a href="#how-to-restore-sql-databases">How to restore SQL databases</a></li>
<li><a href="#how-to-restore-ldap-backup">How to restore LDAP backup</a></li>
</ul>
</li>
</ul>
</li>
</ul>
</div>
<h2 id="backup">Backup</h2>
<h3 id="backup-mail-accounts">Backup mail accounts</h3>
<p>Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts
to backup SQL/LDAP databases, you can find them in downloaded iRedMail release,
or find them in <a href="https://bitbucket.org/zhb/iredmail/src/default/iRedMail/tools/">iRedMail source code repository</a>:</p>
<ul>
<li><code>iRedMail-[VERSION]/tools/backup_openldap.sh</code>: used to backup OpenLDAP data.</li>
<li><code>iRedMail-[VERSION]/tools/backup_mysql.sh</code>: used to backup MySQL/MariaDB databases.</li>
<li><code>iRedMail-[VERSION]/tools/backup_pgsql.sh</code>: used to backup PostgreSQL databases.</li>
</ul>
<p>iRedMail will setup a daily cron job to run backup script(s) during
installation, so what you need to do is checking whether or not they're
defined as cron jobs with below commands:</p>
<pre><code># crontab -l -u root
</code></pre>
<p>Sample output on an iRedMail server with OpenLDAP backend:</p>
<pre><code># iRedMail: Backup OpenLDAP data every day on 03:01 AM
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
# iRedMail: Backup MySQL databases every day on 03:10 AM
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh
</code></pre>
<p>Notes:</p>
<ul>
<li>Backup files are stored under directory defined in parameter <code>BACKUP_ROOTDIR</code>
in backup scripts, default is <code>/var/vmail/backup</code>.</li>
<li>SQL backup is plain SQL file, LDAP backup is plain LDIF file.</li>
<li>Backup files are compressed with <code>bzip2</code> by default, you can decompress them
with command <code>bunzip2</code>. for example, <code>bunzip file_name.bz2</code>.</li>
<li>It's ok to run the backup scripts manually.</li>
</ul>
<h2 id="restore">Restore</h2>
<h3 id="how-to-restore-sql-databases">How to restore SQL databases</h3>
<p>You can simply restore plain SQL files backed up by above backup scripts.</p>
<blockquote>
<p><strong>WARNING: Do not restore database <code>mysql</code> on a new iRedMail server.</strong></p>
<p>If you're restoring on a <strong>NEW</strong> iRedMail server, do <em>NOT</em>
restore database <code>mysql</code> exported from old server, it contains SQL usernames
and passwords used in many components (e.g. Postfix, Dovecot, Roundcube
webmail) on old server. New iRedMail server already has the same SQL accounts
with different passwords, so please do not restore <code>mysql</code> database,
otherwise almost all services won't work due to incorrect SQL credentials.</p>
</blockquote>
<h3 id="how-to-restore-ldap-backup">How to restore LDAP backup</h3>
<p>Backup script runs command <code>slapcat</code> to dump whole LDAP tree as a backup, it
must be so restored with command <code>slapadd</code>.</p>
<p>Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and
directories may be different on other Linux/BSD distributions, you can find
the correct ones in this tutorial:
<a href="./file.locations.html#openldap">Locations of configuration and log files of mojor components</a>.</p>
<ul>
<li>
<p>LDAP backups are stored under <code>/var/vmail/backup/ldap/[YEAR]/[MONTH]</code> by
default, for example, <code>/var/vmail/backup/ldap/2015/05/</code>. And it's compressed
with <code>bzip2</code> command to save disk space. we must decompress it first.</p>
</li>
<li>
<p>Go to the backup directory, find the latest backup. here we use backup file
<code>2015-05-10-03:01:01.ldif.bz2</code> for example.</p>
</li>
</ul>
<pre><code># cd /var/vmail/backup/ldap/2015/05/
# bunzip2 2015-05-10-03:01:01.ldif.bz2
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif
</code></pre>
<ul>
<li>
<p>Find passwords for <code>cn=vmail,dc=xx,dc=xx</code> and <code>cn=vmailadmin,dc=xx,dc=xx</code>
in the root directory of iRedMail installation directory on <strong>NEW</strong> iRedMail
server. for example, <code>/root/iRedMail-0.9.0/iRedMail.tips</code>. Notes:</p>
<ul>
<li>They're plain passwords, not hashed or encrypted.</li>
<li>You can also find <code>cn=vmail</code>'s password in Postfix config files under
<code>/etc/postfix/mysql</code> (MySQL/MariaDB backend) or
<code>/etc/postfix/pgsql</code> (PostgreSQL backend).</li>
<li>You can also find <code>cn=vmailadmin</code>'s password in
<a href="./file.locations.html#iredadmin">iRedAdmin config file</a>.</li>
</ul>
</li>
</ul>
<p>Below is sample copy in file <code>iRedMail.tips</code>.</p>
<pre><code>OpenLDAP:
...
* LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
* LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
</code></pre>
<ul>
<li>Now hash them with command <code>slappasswd</code>:</li>
</ul>
<pre><code># slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # &lt;- cn=vmail's password
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # &lt;- cn=vmailadmin's password
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
</code></pre>
<ul>
<li>
<p>Open the backup file <code>2015-05-10-03:01:01.ldif</code> with your favourite text
editor, find <code>usePassword</code> line of <code>cn=vmail</code> and <code>cn=vmailadmin</code>.
<strong>Important notes</strong>:</p>
<ul>
<li>A line that begins with a SPACE denotes that the characters following the
space are part of the previous line.</li>
<li>There're two colons after <code>userPassword</code> string (<code>userPassword::</code>).</li>
</ul>
</li>
</ul>
<p>Below is a sample copy in <code>2015-05-10-03:01:01.ldif</code>:</p>
<pre><code>dn: cn=vmail,dc=iredmail,dc=org
...
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ= # &lt;- remove this line
= # &lt;- remove this line
...
dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ= # &lt;- remove this line
= # &lt;- remove this line
...
</code></pre>
<p>Replace these two <code>userPassword</code> lines by the newly generated ssha passwords,
save your change, exit your text editor.</p>
<pre><code>dn: cn=vmail,dc=iredmail,dc=org
...
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
...
dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
...
</code></pre>
<p><strong>Important note</strong>: There's only <strong>ONE</strong> colon after <code>userPassword</code> string
(<code>userPassword:</code>).</p>
<ul>
<li>OpenLDAP service must be stopped while restoring backup. So we stop it first:</li>
</ul>
<pre><code># /etc/init.d/ldap stop
</code></pre>
<ul>
<li>Remove all files under OpenLDAP data directory defined in LDAP config file
<code>slapd.conf</code> except one file (<code>DB_CONFIG</code>). For example:</li>
</ul>
<pre><code># File: /etc/openldap/slapd.conf
...
database bdb
suffix dc=iredmail,dc=org
directory /var/lib/ldap/iredmail.org
...
</code></pre>
<p>So you should remove all files under directory <code>/var/lib/ldap/iredmail.org</code>
except <code>/var/lib/ldap/iredmail.org/DB_CONFIG</code>.</p>
<pre><code># cd /var/lib/ldap/iredmail.org/
# mv DB_CONFIG ~
# rm -rf /var/lib/ldap/iredmail.org/*
# mv ~/DB_CONFIG .
</code></pre>
<ul>
<li>Start OpenLDAP service immediately, then stop it again. it will help create
necessary files required by backend db (<code>dbd</code> in our case, <code>database dbd</code>).</li>
</ul>
<pre><code># /etc/init.d/slapd start
# /etc/init.d/slapd stop
</code></pre>
<ul>
<li>Make sure OpenLDAP server is <strong>NOT</strong> running, then restore backup LDIF file
with command <code>slapadd</code>.</li>
</ul>
<pre><code># slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
</code></pre>
<ul>
<li>It's OK to start OpenLDAP server now. It may report errors like below:</li>
</ul>
<pre><code># /etc/init.d/slapd start
Stopping slapd: [ OK ]
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]&quot;
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by &quot;[WARNING]
/var/lib/ldap/iredmail.org/mtaTransport.bdb is not owned by [WARNING]
/var/lib/ldap/iredmail.org/cn.bdb is not owned by &quot;ldap&quot; [WARNING]
/var/lib/ldap/iredmail.org/domainName.bdb is not owned by &quot;l[WARNING]
/var/lib/ldap/iredmail.org/ou.bdb is not owned by &quot;ldap&quot; [WARNING]
/var/lib/ldap/iredmail.org/uid.bdb is not owned by &quot;ldap&quot; [WARNING]
/var/lib/ldap/iredmail.org/enabledService.bdb is not owned b[WARNING]
/var/lib/ldap/iredmail.org/homeDirectory.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/domainGlobalAdmin.bdb is not owne[WARNING]p&quot;
/var/lib/ldap/iredmail.org/sn.bdb is not owned by &quot;ldap&quot; [WARNING]
/var/lib/ldap/iredmail.org/mail.bdb is not owned by &quot;ldap&quot; [WARNING]
/var/lib/ldap/iredmail.org/accountStatus.bdb is not owned by[WARNING]
/var/lib/ldap/iredmail.org/givenName.bdb is not owned by &quot;ld[WARNING]
Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
</code></pre>
<p>If you see above warning about improper file ownership, please set correct file
owner on newly created bdb files immediately, then restart OpenLDAP service:</p>
<pre><code># chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
# /etc/init.d/ldap restart
</code></pre><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

1
html/index.html
View File

@ -134,6 +134,7 @@
<li><a href="iredadmin-pro.default.password.policy.html">iRedAdmin-Pro: Default password restrictions</a></li>
<li><a href="iredadmin-pro.self-service.html">iRedAdmin-Pro: Enable self-service to allow users to manage their own preferences and more</a></li>
<li><a href="translate.iredadmin.html">iRedAdmin: Translate iRedAdmin to your local language</a></li>
<li><a href="backup.restore.html">Backup and restore</a></li>
<li><a href="network.ports.html">Which network ports are open by iRedMail</a></li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){

16
html/network.ports.html
View File

@ -11,6 +11,22 @@
// <a href="./index.html">Document Index</a>
</div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
<div class="toc">
<ul>
<li><a href="#which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</a><ul>
<li><a href="#web-server-apache-or-nginx">Web server (Apache or Nginx)</a></li>
<li><a href="#smtp-postfix">SMTP (Postfix)</a></li>
<li><a href="#mysql">MySQL</a></li>
<li><a href="#postgresql">PostgreSQL</a></li>
<li><a href="#openldap">OpenLDAP</a></li>
<li><a href="#pop3imap-dovecot">POP3/IMAP (Dovecot)</a></li>
<li><a href="#amavisd-new">Amavisd-new</a></li>
<li><a href="#policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</a></li>
<li><a href="#iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="web-server-apache-or-nginx">Web server (Apache or Nginx)</h2>
<ul>
<li>80: normal web service port</li>

7
html/use.a.bought.ssl.certificate.html
View File

@ -38,16 +38,17 @@ providers, choose the one you prefer.</p>
</blockquote>
<h2 id="generate-ssl-private-key-and-buy-one-ssl-certificate">Generate SSL private key and buy one SSL certificate</h2>
<p>First of all, you need to generate a new SSL certificate on your server
with <code>openssl</code> command. WARNING: do NOT use key length smaller than <code>2048</code> bit,
with <code>openssl</code> command. <strong>WARNING</strong>: do NOT use key length smaller than <code>2048</code> bit,
it's insecure.</p>
<pre><code>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
<pre><code># openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
</code></pre>
<p>This command will generate two files:</p>
<ul>
<li><code>server.key</code>: the private key for the decryption of your SSL certificate.</li>
<li><code>server.csr</code>: the certificate signing request (CSR) file used to apply
for your SSL certificate. </li>
for your SSL certificate. <strong>This file is the one required by SSL certificate
provider.</strong></li>
</ul>
<p>The openssl command will prompt for the following X.509 attributes of the
certificate:</p>