New: faq/backup.restore.md.
This commit is contained in:
parent
0ef1aefd5a
commit
3a86582453
|
@ -0,0 +1,226 @@
|
||||||
|
# Backup and restore
|
||||||
|
|
||||||
|
[TOC]
|
||||||
|
|
||||||
|
## Backup
|
||||||
|
### Backup mail accounts
|
||||||
|
|
||||||
|
Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts
|
||||||
|
to backup SQL/LDAP databases, you can find them in downloaded iRedMail release,
|
||||||
|
or find them in [iRedMail source code repository](https://bitbucket.org/zhb/iredmail/src/default/iRedMail/tools/):
|
||||||
|
|
||||||
|
* `iRedMail-[VERSION]/tools/backup_openldap.sh`: used to backup OpenLDAP data.
|
||||||
|
* `iRedMail-[VERSION]/tools/backup_mysql.sh`: used to backup MySQL/MariaDB databases.
|
||||||
|
* `iRedMail-[VERSION]/tools/backup_pgsql.sh`: used to backup PostgreSQL databases.
|
||||||
|
|
||||||
|
iRedMail will setup a daily cron job to run backup script(s) during
|
||||||
|
installation, so what you need to do is checking whether or not they're
|
||||||
|
defined as cron jobs with below commands:
|
||||||
|
|
||||||
|
```
|
||||||
|
# crontab -l -u root
|
||||||
|
```
|
||||||
|
|
||||||
|
Sample output on an iRedMail server with OpenLDAP backend:
|
||||||
|
|
||||||
|
```
|
||||||
|
# iRedMail: Backup OpenLDAP data every day on 03:01 AM
|
||||||
|
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
|
||||||
|
|
||||||
|
# iRedMail: Backup MySQL databases every day on 03:10 AM
|
||||||
|
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh
|
||||||
|
```
|
||||||
|
|
||||||
|
Notes:
|
||||||
|
|
||||||
|
* Backup files are stored under directory defined in parameter `BACKUP_ROOTDIR`
|
||||||
|
in backup scripts, default is `/var/vmail/backup`.
|
||||||
|
* SQL backup is plain SQL file, LDAP backup is plain LDIF file.
|
||||||
|
* Backup files are compressed with `bzip2` by default, you can decompress them
|
||||||
|
with command `bunzip2`. for example, `bunzip file_name.bz2`.
|
||||||
|
* It's ok to run the backup scripts manually.
|
||||||
|
|
||||||
|
## Restore
|
||||||
|
|
||||||
|
### How to restore SQL databases
|
||||||
|
|
||||||
|
You can simply restore plain SQL files backed up by above backup scripts.
|
||||||
|
|
||||||
|
> __WARNING: Do not restore database `mysql` on a new iRedMail server.__
|
||||||
|
>
|
||||||
|
> If you're restoring on a __NEW__ iRedMail server, do *NOT*
|
||||||
|
> restore database `mysql` exported from old server, it contains SQL usernames
|
||||||
|
> and passwords used in many components (e.g. Postfix, Dovecot, Roundcube
|
||||||
|
> webmail) on old server. New iRedMail server already has the same SQL accounts
|
||||||
|
> with different passwords, so please do not restore `mysql` database,
|
||||||
|
> otherwise almost all services won't work due to incorrect SQL credentials.
|
||||||
|
|
||||||
|
### How to restore LDAP backup
|
||||||
|
|
||||||
|
Backup script runs command `slapcat` to dump whole LDAP tree as a backup, it
|
||||||
|
must be so restored with command `slapadd`.
|
||||||
|
|
||||||
|
Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and
|
||||||
|
directories may be different on other Linux/BSD distributions, you can find
|
||||||
|
the correct ones in this tutorial:
|
||||||
|
[Locations of configuration and log files of mojor components](./file.locations.html#openldap).
|
||||||
|
|
||||||
|
* LDAP backups are stored under `/var/vmail/backup/ldap/[YEAR]/[MONTH]` by
|
||||||
|
default, for example, `/var/vmail/backup/ldap/2015/05/`. And it's compressed
|
||||||
|
with `bzip2` command to save disk space. we must decompress it first.
|
||||||
|
|
||||||
|
* Go to the backup directory, find the latest backup. here we use backup file
|
||||||
|
`2015-05-10-03:01:01.ldif.bz2` for example.
|
||||||
|
|
||||||
|
```
|
||||||
|
# cd /var/vmail/backup/ldap/2015/05/
|
||||||
|
# bunzip2 2015-05-10-03:01:01.ldif.bz2
|
||||||
|
# ls -l 2015-05-10-03:01:01.ldif
|
||||||
|
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif
|
||||||
|
```
|
||||||
|
|
||||||
|
* Find passwords for `cn=vmail,dc=xx,dc=xx` and `cn=vmailadmin,dc=xx,dc=xx`
|
||||||
|
in the root directory of iRedMail installation directory on __NEW__ iRedMail
|
||||||
|
server. for example, `/root/iRedMail-0.9.0/iRedMail.tips`. Notes:
|
||||||
|
|
||||||
|
* They're plain passwords, not hashed or encrypted.
|
||||||
|
* You can also find `cn=vmail`'s password in Postfix config files under
|
||||||
|
`/etc/postfix/mysql` (MySQL/MariaDB backend) or
|
||||||
|
`/etc/postfix/pgsql` (PostgreSQL backend).
|
||||||
|
* You can also find `cn=vmailadmin`'s password in
|
||||||
|
[iRedAdmin config file](./file.locations.html#iredadmin).
|
||||||
|
|
||||||
|
Below is sample copy in file `iRedMail.tips`.
|
||||||
|
|
||||||
|
```
|
||||||
|
OpenLDAP:
|
||||||
|
...
|
||||||
|
* LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
|
||||||
|
* LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
|
||||||
|
```
|
||||||
|
|
||||||
|
* Now hash them with command `slappasswd`:
|
||||||
|
|
||||||
|
```
|
||||||
|
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmail's password
|
||||||
|
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
|
||||||
|
|
||||||
|
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmailadmin's password
|
||||||
|
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
|
||||||
|
```
|
||||||
|
|
||||||
|
* Open the backup file `2015-05-10-03:01:01.ldif` with your favourite text
|
||||||
|
editor, find `usePassword` line of `cn=vmail` and `cn=vmailadmin`.
|
||||||
|
__Important notes__:
|
||||||
|
|
||||||
|
* A line that begins with a SPACE denotes that the characters following the
|
||||||
|
space are part of the previous line.
|
||||||
|
* There're two colons after `userPassword` string (`userPassword::`).
|
||||||
|
|
||||||
|
Below is a sample copy in `2015-05-10-03:01:01.ldif`:
|
||||||
|
|
||||||
|
```
|
||||||
|
dn: cn=vmail,dc=iredmail,dc=org
|
||||||
|
...
|
||||||
|
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ= # <- remove this line
|
||||||
|
= # <- remove this line
|
||||||
|
...
|
||||||
|
|
||||||
|
dn: cn=vmailadmin,dc=iredmail,dc=org
|
||||||
|
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ= # <- remove this line
|
||||||
|
= # <- remove this line
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
Replace these two `userPassword` lines by the newly generated ssha passwords,
|
||||||
|
save your change, exit your text editor.
|
||||||
|
|
||||||
|
```
|
||||||
|
dn: cn=vmail,dc=iredmail,dc=org
|
||||||
|
...
|
||||||
|
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
|
||||||
|
...
|
||||||
|
|
||||||
|
dn: cn=vmailadmin,dc=iredmail,dc=org
|
||||||
|
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
__Important note__: There's only __ONE__ colon after `userPassword` string
|
||||||
|
(`userPassword:`).
|
||||||
|
|
||||||
|
* OpenLDAP service must be stopped while restoring backup. So we stop it first:
|
||||||
|
|
||||||
|
```
|
||||||
|
# /etc/init.d/ldap stop
|
||||||
|
```
|
||||||
|
|
||||||
|
* Remove all files under OpenLDAP data directory defined in LDAP config file
|
||||||
|
`slapd.conf` except one file (`DB_CONFIG`). For example:
|
||||||
|
|
||||||
|
```
|
||||||
|
# File: /etc/openldap/slapd.conf
|
||||||
|
|
||||||
|
...
|
||||||
|
database bdb
|
||||||
|
suffix dc=iredmail,dc=org
|
||||||
|
directory /var/lib/ldap/iredmail.org
|
||||||
|
...
|
||||||
|
```
|
||||||
|
|
||||||
|
So you should remove all files under directory `/var/lib/ldap/iredmail.org`
|
||||||
|
except `/var/lib/ldap/iredmail.org/DB_CONFIG`.
|
||||||
|
|
||||||
|
```
|
||||||
|
# cd /var/lib/ldap/iredmail.org/
|
||||||
|
# mv DB_CONFIG ~
|
||||||
|
# rm -rf /var/lib/ldap/iredmail.org/*
|
||||||
|
# mv ~/DB_CONFIG .
|
||||||
|
```
|
||||||
|
|
||||||
|
* Start OpenLDAP service immediately, then stop it again. it will help create
|
||||||
|
necessary files required by backend db (`dbd` in our case, `database dbd`).
|
||||||
|
|
||||||
|
```
|
||||||
|
# /etc/init.d/slapd start
|
||||||
|
# /etc/init.d/slapd stop
|
||||||
|
```
|
||||||
|
|
||||||
|
* Make sure OpenLDAP server is __NOT__ running, then restore backup LDIF file
|
||||||
|
with command `slapadd`.
|
||||||
|
|
||||||
|
```
|
||||||
|
# slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
|
||||||
|
```
|
||||||
|
|
||||||
|
* It's OK to start OpenLDAP server now. It may report errors like below:
|
||||||
|
|
||||||
|
```
|
||||||
|
# /etc/init.d/slapd start
|
||||||
|
Stopping slapd: [ OK ]
|
||||||
|
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]"
|
||||||
|
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by "[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/mtaTransport.bdb is not owned by [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/cn.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/domainName.bdb is not owned by "l[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/ou.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/uid.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/enabledService.bdb is not owned b[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/homeDirectory.bdb is not owned by[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/domainGlobalAdmin.bdb is not owne[WARNING]p"
|
||||||
|
/var/lib/ldap/iredmail.org/sn.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/mail.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/accountStatus.bdb is not owned by[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/givenName.bdb is not owned by "ld[WARNING]
|
||||||
|
Checking configuration files for slapd: config file testing succeeded
|
||||||
|
[ OK ]
|
||||||
|
Starting slapd: [ OK ]
|
||||||
|
```
|
||||||
|
|
||||||
|
If you see above warning about improper file ownership, please set correct file
|
||||||
|
owner on newly created bdb files immediately, then restart OpenLDAP service:
|
||||||
|
|
||||||
|
```
|
||||||
|
# chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
|
||||||
|
# /etc/init.d/ldap restart
|
||||||
|
```
|
|
@ -1,5 +1,7 @@
|
||||||
# Which network ports are open by iRedMail
|
# Which network ports are open by iRedMail
|
||||||
|
|
||||||
|
[TOC]
|
||||||
|
|
||||||
## Web server (Apache or Nginx)
|
## Web server (Apache or Nginx)
|
||||||
|
|
||||||
* 80: normal web service port
|
* 80: normal web service port
|
||||||
|
|
|
@ -15,18 +15,19 @@ providers, choose the one you prefer.
|
||||||
## Generate SSL private key and buy one SSL certificate
|
## Generate SSL private key and buy one SSL certificate
|
||||||
|
|
||||||
First of all, you need to generate a new SSL certificate on your server
|
First of all, you need to generate a new SSL certificate on your server
|
||||||
with `openssl` command. WARNING: do NOT use key length smaller than `2048` bit,
|
with `openssl` command. __WARNING__: do NOT use key length smaller than `2048` bit,
|
||||||
it's insecure.
|
it's insecure.
|
||||||
|
|
||||||
```
|
```
|
||||||
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
|
# openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
|
||||||
```
|
```
|
||||||
|
|
||||||
This command will generate two files:
|
This command will generate two files:
|
||||||
|
|
||||||
* `server.key`: the private key for the decryption of your SSL certificate.
|
* `server.key`: the private key for the decryption of your SSL certificate.
|
||||||
* `server.csr`: the certificate signing request (CSR) file used to apply
|
* `server.csr`: the certificate signing request (CSR) file used to apply
|
||||||
for your SSL certificate.
|
for your SSL certificate. __This file is the one required by SSL certificate
|
||||||
|
provider.__
|
||||||
|
|
||||||
The openssl command will prompt for the following X.509 attributes of the
|
The openssl command will prompt for the following X.509 attributes of the
|
||||||
certificate:
|
certificate:
|
||||||
|
|
|
@ -0,0 +1,249 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>Backup and restore</title>
|
||||||
|
<link href="./css/markdown.css" rel="stylesheet"></head>
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="backup-and-restore">Backup and restore</h1>
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
<li><a href="#backup-and-restore">Backup and restore</a><ul>
|
||||||
|
<li><a href="#backup">Backup</a><ul>
|
||||||
|
<li><a href="#backup-mail-accounts">Backup mail accounts</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li><a href="#restore">Restore</a><ul>
|
||||||
|
<li><a href="#how-to-restore-sql-databases">How to restore SQL databases</a></li>
|
||||||
|
<li><a href="#how-to-restore-ldap-backup">How to restore LDAP backup</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
|
<h2 id="backup">Backup</h2>
|
||||||
|
<h3 id="backup-mail-accounts">Backup mail accounts</h3>
|
||||||
|
<p>Mail accounts are stored in SQL/LDAP database. iRedMail provides shell scripts
|
||||||
|
to backup SQL/LDAP databases, you can find them in downloaded iRedMail release,
|
||||||
|
or find them in <a href="https://bitbucket.org/zhb/iredmail/src/default/iRedMail/tools/">iRedMail source code repository</a>:</p>
|
||||||
|
<ul>
|
||||||
|
<li><code>iRedMail-[VERSION]/tools/backup_openldap.sh</code>: used to backup OpenLDAP data.</li>
|
||||||
|
<li><code>iRedMail-[VERSION]/tools/backup_mysql.sh</code>: used to backup MySQL/MariaDB databases.</li>
|
||||||
|
<li><code>iRedMail-[VERSION]/tools/backup_pgsql.sh</code>: used to backup PostgreSQL databases.</li>
|
||||||
|
</ul>
|
||||||
|
<p>iRedMail will setup a daily cron job to run backup script(s) during
|
||||||
|
installation, so what you need to do is checking whether or not they're
|
||||||
|
defined as cron jobs with below commands:</p>
|
||||||
|
<pre><code># crontab -l -u root
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>Sample output on an iRedMail server with OpenLDAP backend:</p>
|
||||||
|
<pre><code># iRedMail: Backup OpenLDAP data every day on 03:01 AM
|
||||||
|
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
|
||||||
|
|
||||||
|
# iRedMail: Backup MySQL databases every day on 03:10 AM
|
||||||
|
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>Notes:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Backup files are stored under directory defined in parameter <code>BACKUP_ROOTDIR</code>
|
||||||
|
in backup scripts, default is <code>/var/vmail/backup</code>.</li>
|
||||||
|
<li>SQL backup is plain SQL file, LDAP backup is plain LDIF file.</li>
|
||||||
|
<li>Backup files are compressed with <code>bzip2</code> by default, you can decompress them
|
||||||
|
with command <code>bunzip2</code>. for example, <code>bunzip file_name.bz2</code>.</li>
|
||||||
|
<li>It's ok to run the backup scripts manually.</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="restore">Restore</h2>
|
||||||
|
<h3 id="how-to-restore-sql-databases">How to restore SQL databases</h3>
|
||||||
|
<p>You can simply restore plain SQL files backed up by above backup scripts.</p>
|
||||||
|
<blockquote>
|
||||||
|
<p><strong>WARNING: Do not restore database <code>mysql</code> on a new iRedMail server.</strong></p>
|
||||||
|
<p>If you're restoring on a <strong>NEW</strong> iRedMail server, do <em>NOT</em>
|
||||||
|
restore database <code>mysql</code> exported from old server, it contains SQL usernames
|
||||||
|
and passwords used in many components (e.g. Postfix, Dovecot, Roundcube
|
||||||
|
webmail) on old server. New iRedMail server already has the same SQL accounts
|
||||||
|
with different passwords, so please do not restore <code>mysql</code> database,
|
||||||
|
otherwise almost all services won't work due to incorrect SQL credentials.</p>
|
||||||
|
</blockquote>
|
||||||
|
<h3 id="how-to-restore-ldap-backup">How to restore LDAP backup</h3>
|
||||||
|
<p>Backup script runs command <code>slapcat</code> to dump whole LDAP tree as a backup, it
|
||||||
|
must be so restored with command <code>slapadd</code>.</p>
|
||||||
|
<p>Below example shows how to restore a LDAP backup on RHEL/CentOS 6.x, files and
|
||||||
|
directories may be different on other Linux/BSD distributions, you can find
|
||||||
|
the correct ones in this tutorial:
|
||||||
|
<a href="./file.locations.html#openldap">Locations of configuration and log files of mojor components</a>.</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>LDAP backups are stored under <code>/var/vmail/backup/ldap/[YEAR]/[MONTH]</code> by
|
||||||
|
default, for example, <code>/var/vmail/backup/ldap/2015/05/</code>. And it's compressed
|
||||||
|
with <code>bzip2</code> command to save disk space. we must decompress it first.</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Go to the backup directory, find the latest backup. here we use backup file
|
||||||
|
<code>2015-05-10-03:01:01.ldif.bz2</code> for example.</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># cd /var/vmail/backup/ldap/2015/05/
|
||||||
|
# bunzip2 2015-05-10-03:01:01.ldif.bz2
|
||||||
|
# ls -l 2015-05-10-03:01:01.ldif
|
||||||
|
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Find passwords for <code>cn=vmail,dc=xx,dc=xx</code> and <code>cn=vmailadmin,dc=xx,dc=xx</code>
|
||||||
|
in the root directory of iRedMail installation directory on <strong>NEW</strong> iRedMail
|
||||||
|
server. for example, <code>/root/iRedMail-0.9.0/iRedMail.tips</code>. Notes:</p>
|
||||||
|
<ul>
|
||||||
|
<li>They're plain passwords, not hashed or encrypted.</li>
|
||||||
|
<li>You can also find <code>cn=vmail</code>'s password in Postfix config files under
|
||||||
|
<code>/etc/postfix/mysql</code> (MySQL/MariaDB backend) or
|
||||||
|
<code>/etc/postfix/pgsql</code> (PostgreSQL backend).</li>
|
||||||
|
<li>You can also find <code>cn=vmailadmin</code>'s password in
|
||||||
|
<a href="./file.locations.html#iredadmin">iRedAdmin config file</a>.</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p>Below is sample copy in file <code>iRedMail.tips</code>.</p>
|
||||||
|
<pre><code>OpenLDAP:
|
||||||
|
...
|
||||||
|
* LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
|
||||||
|
* LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Now hash them with command <code>slappasswd</code>:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmail's password
|
||||||
|
{SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
|
||||||
|
|
||||||
|
# slappasswd -h '{ssha}' -s 'py2BQwM0zoRM5nciK68AlP8dyu2Mq6' # <- cn=vmailadmin's password
|
||||||
|
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Open the backup file <code>2015-05-10-03:01:01.ldif</code> with your favourite text
|
||||||
|
editor, find <code>usePassword</code> line of <code>cn=vmail</code> and <code>cn=vmailadmin</code>.
|
||||||
|
<strong>Important notes</strong>:</p>
|
||||||
|
<ul>
|
||||||
|
<li>A line that begins with a SPACE denotes that the characters following the
|
||||||
|
space are part of the previous line.</li>
|
||||||
|
<li>There're two colons after <code>userPassword</code> string (<code>userPassword::</code>).</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<p>Below is a sample copy in <code>2015-05-10-03:01:01.ldif</code>:</p>
|
||||||
|
<pre><code>dn: cn=vmail,dc=iredmail,dc=org
|
||||||
|
...
|
||||||
|
userPassword:: e1NTSEF7F8AwbjVqeER1R1dXVmREN1RJU8NtdnFHN0hnekdWYzVHSG9iWEE9PQ= # <- remove this line
|
||||||
|
= # <- remove this line
|
||||||
|
...
|
||||||
|
|
||||||
|
dn: cn=vmailadmin,dc=iredmail,dc=org
|
||||||
|
userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ= # <- remove this line
|
||||||
|
= # <- remove this line
|
||||||
|
...
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>Replace these two <code>userPassword</code> lines by the newly generated ssha passwords,
|
||||||
|
save your change, exit your text editor.</p>
|
||||||
|
<pre><code>dn: cn=vmail,dc=iredmail,dc=org
|
||||||
|
...
|
||||||
|
userPassword: {SSHA}eJEO2yGVryVw+mZ/Qd2HMSyrl6u9WDhd
|
||||||
|
...
|
||||||
|
|
||||||
|
dn: cn=vmailadmin,dc=iredmail,dc=org
|
||||||
|
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
|
||||||
|
...
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p><strong>Important note</strong>: There's only <strong>ONE</strong> colon after <code>userPassword</code> string
|
||||||
|
(<code>userPassword:</code>).</p>
|
||||||
|
<ul>
|
||||||
|
<li>OpenLDAP service must be stopped while restoring backup. So we stop it first:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># /etc/init.d/ldap stop
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Remove all files under OpenLDAP data directory defined in LDAP config file
|
||||||
|
<code>slapd.conf</code> except one file (<code>DB_CONFIG</code>). For example:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># File: /etc/openldap/slapd.conf
|
||||||
|
|
||||||
|
...
|
||||||
|
database bdb
|
||||||
|
suffix dc=iredmail,dc=org
|
||||||
|
directory /var/lib/ldap/iredmail.org
|
||||||
|
...
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>So you should remove all files under directory <code>/var/lib/ldap/iredmail.org</code>
|
||||||
|
except <code>/var/lib/ldap/iredmail.org/DB_CONFIG</code>.</p>
|
||||||
|
<pre><code># cd /var/lib/ldap/iredmail.org/
|
||||||
|
# mv DB_CONFIG ~
|
||||||
|
# rm -rf /var/lib/ldap/iredmail.org/*
|
||||||
|
# mv ~/DB_CONFIG .
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Start OpenLDAP service immediately, then stop it again. it will help create
|
||||||
|
necessary files required by backend db (<code>dbd</code> in our case, <code>database dbd</code>).</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># /etc/init.d/slapd start
|
||||||
|
# /etc/init.d/slapd stop
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Make sure OpenLDAP server is <strong>NOT</strong> running, then restore backup LDIF file
|
||||||
|
with command <code>slapadd</code>.</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>It's OK to start OpenLDAP server now. It may report errors like below:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># /etc/init.d/slapd start
|
||||||
|
Stopping slapd: [ OK ]
|
||||||
|
/var/lib/ldap/iredmail.org/mailMessageStore.bdb is not owned[WARNING]"
|
||||||
|
/var/lib/ldap/iredmail.org/objectClass.bdb is not owned by "[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/mtaTransport.bdb is not owned by [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/cn.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/domainName.bdb is not owned by "l[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/ou.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/uid.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/enabledService.bdb is not owned b[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/homeDirectory.bdb is not owned by[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/domainGlobalAdmin.bdb is not owne[WARNING]p"
|
||||||
|
/var/lib/ldap/iredmail.org/sn.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/mail.bdb is not owned by "ldap" [WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/accountStatus.bdb is not owned by[WARNING]
|
||||||
|
/var/lib/ldap/iredmail.org/givenName.bdb is not owned by "ld[WARNING]
|
||||||
|
Checking configuration files for slapd: config file testing succeeded
|
||||||
|
[ OK ]
|
||||||
|
Starting slapd: [ OK ]
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>If you see above warning about improper file ownership, please set correct file
|
||||||
|
owner on newly created bdb files immediately, then restart OpenLDAP service:</p>
|
||||||
|
<pre><code># chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
|
||||||
|
# /etc/init.d/ldap restart
|
||||||
|
</code></pre><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -134,6 +134,7 @@
|
||||||
<li><a href="iredadmin-pro.default.password.policy.html">iRedAdmin-Pro: Default password restrictions</a></li>
|
<li><a href="iredadmin-pro.default.password.policy.html">iRedAdmin-Pro: Default password restrictions</a></li>
|
||||||
<li><a href="iredadmin-pro.self-service.html">iRedAdmin-Pro: Enable self-service to allow users to manage their own preferences and more</a></li>
|
<li><a href="iredadmin-pro.self-service.html">iRedAdmin-Pro: Enable self-service to allow users to manage their own preferences and more</a></li>
|
||||||
<li><a href="translate.iredadmin.html">iRedAdmin: Translate iRedAdmin to your local language</a></li>
|
<li><a href="translate.iredadmin.html">iRedAdmin: Translate iRedAdmin to your local language</a></li>
|
||||||
|
<li><a href="backup.restore.html">Backup and restore</a></li>
|
||||||
<li><a href="network.ports.html">Which network ports are open by iRedMail</a></li>
|
<li><a href="network.ports.html">Which network ports are open by iRedMail</a></li>
|
||||||
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
|
|
@ -11,6 +11,22 @@
|
||||||
|
|
||||||
// <a href="./index.html">Document Index</a>
|
// <a href="./index.html">Document Index</a>
|
||||||
</div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
|
</div><h1 id="which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</h1>
|
||||||
|
<div class="toc">
|
||||||
|
<ul>
|
||||||
|
<li><a href="#which-network-ports-are-open-by-iredmail">Which network ports are open by iRedMail</a><ul>
|
||||||
|
<li><a href="#web-server-apache-or-nginx">Web server (Apache or Nginx)</a></li>
|
||||||
|
<li><a href="#smtp-postfix">SMTP (Postfix)</a></li>
|
||||||
|
<li><a href="#mysql">MySQL</a></li>
|
||||||
|
<li><a href="#postgresql">PostgreSQL</a></li>
|
||||||
|
<li><a href="#openldap">OpenLDAP</a></li>
|
||||||
|
<li><a href="#pop3imap-dovecot">POP3/IMAP (Dovecot)</a></li>
|
||||||
|
<li><a href="#amavisd-new">Amavisd-new</a></li>
|
||||||
|
<li><a href="#policyd-or-cluebringer-postfix-policy-server">Policyd or Cluebringer (Postfix policy server)</a></li>
|
||||||
|
<li><a href="#iredapd-postfix-policy-server">iRedAPD (Postfix policy server)</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
</div>
|
||||||
<h2 id="web-server-apache-or-nginx">Web server (Apache or Nginx)</h2>
|
<h2 id="web-server-apache-or-nginx">Web server (Apache or Nginx)</h2>
|
||||||
<ul>
|
<ul>
|
||||||
<li>80: normal web service port</li>
|
<li>80: normal web service port</li>
|
||||||
|
|
|
@ -38,16 +38,17 @@ providers, choose the one you prefer.</p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<h2 id="generate-ssl-private-key-and-buy-one-ssl-certificate">Generate SSL private key and buy one SSL certificate</h2>
|
<h2 id="generate-ssl-private-key-and-buy-one-ssl-certificate">Generate SSL private key and buy one SSL certificate</h2>
|
||||||
<p>First of all, you need to generate a new SSL certificate on your server
|
<p>First of all, you need to generate a new SSL certificate on your server
|
||||||
with <code>openssl</code> command. WARNING: do NOT use key length smaller than <code>2048</code> bit,
|
with <code>openssl</code> command. <strong>WARNING</strong>: do NOT use key length smaller than <code>2048</code> bit,
|
||||||
it's insecure.</p>
|
it's insecure.</p>
|
||||||
<pre><code>openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
|
<pre><code># openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<p>This command will generate two files:</p>
|
<p>This command will generate two files:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><code>server.key</code>: the private key for the decryption of your SSL certificate.</li>
|
<li><code>server.key</code>: the private key for the decryption of your SSL certificate.</li>
|
||||||
<li><code>server.csr</code>: the certificate signing request (CSR) file used to apply
|
<li><code>server.csr</code>: the certificate signing request (CSR) file used to apply
|
||||||
for your SSL certificate. </li>
|
for your SSL certificate. <strong>This file is the one required by SSL certificate
|
||||||
|
provider.</strong></li>
|
||||||
</ul>
|
</ul>
|
||||||
<p>The openssl command will prompt for the following X.509 attributes of the
|
<p>The openssl command will prompt for the following X.509 attributes of the
|
||||||
certificate:</p>
|
certificate:</p>
|
||||||
|
|
Loading…
Reference in New Issue