elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Start new script for convert

This commit is contained in:
Mauricio Baeza 2021-10-16 21:52:05 -05:00
parent 457682c806
commit a050a1dfc5
246 changed files with 764 additions and 2771 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
convert.py Normal file
View File

@ -0,0 +1,49 @@
#!/usr/bin/env python3
from pathlib import Path
OUTPUT_DIR = 'html'
CHAPTERS = (
'overview',
'installation',
'mua',
'upgrade',
'iredmail-easy',
'migrations',
'howto',
'integrations',
'cluster',
'iredadmin',
'troubleshooting',
'faq')
def _get_dir_languages(path):
FILE_NAME = '_lang.md'
languages = {}
directories = [p for p in Path(path).iterdir() if p.is_dir()]
for d in directories:
path_name = d / FILE_NAME
if path_name.exists():
languages[d.name.lower()] = {
'path': d,
'name': path_name.read_text(encoding='utf-8').strip()
}
return languages
def main():
current_dir = Path(__file__).parent
output_dir = current_dir / OUTPUT_DIR
languages = _get_dir_languages(current_dir)
en = languages.pop('en_us')
return
if __name__ == '__main__':
main()

2
convert.sh
View File

@ -30,7 +30,7 @@ strip_name_prefix()
}
# Available translations
export all_languages='en_US it_IT lv_LV zh_CN'
export all_languages='en_US it_IT zh_CN es_MX'
# Chapter directories in specified order
export all_chapter_dirs="overview \

42
es_MX/overview/0-network.ports.md Normal file
View File

@ -0,0 +1,42 @@
# Qué puertos de red deben estar abiertos para iRedMail
Puerto | Servicio | Software | Comentario | ¿Permitir el acceso público?
--- |--- |--- |--- |---
25 | smtp | Postfix | Used for communication betweem mail servers. __WARNING__: This port __MUST__ be open, otherwise you cannot receive email sent by other mail servers. | __YES (REQUIRED)__{: .red }
587 | submission | Postfix | SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users)
110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is enforced by default. | YES (open to your end users)
995 | pop3s | Dovecot | Used by end users to retrieve emails via POP3 protocol over SSL. | YES (open to your end users)
143 | imap |Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is enforced by default. | YES (open to your end users)
993 | imaps | Dovecot | Used by end users to retrieve emails via IMAP protocol over SSL. | YES (open to your end users)
24 | lmtp | Dovecot | Used to deliver email to local mailboxes via LMTP protocol. | NO (listen on `127.0.0.1` by default)
4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file). | NO (disabled by default and users are forced to manage mail filters with webmail)
80 | http | Apache/Nginx | Web service. Redirect to https by default. | YES (open to your webmail users)
443 | https | Apache/Nginx | Web service over over SSL, secure connection. | YES (open to your webmail and ActiveSync users)
3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on `127.0.0.1` by default)
5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on `127.0.0.1` by default)
389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on `127.0.0.1` by default)
636 |ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (Not enabled by default)
10024 | | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on `127.0.0.1` by default)
10025 | smtp | Postfix | Used by Amavisd to inject scanned emails back to Postfix queue. | NO (listen on `127.0.0.1` by default)
10026 | | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on `127.0.0.1` by default)
10027 | | Amavisd-new | Used by mlmmj mailing list manager, it bypasses spam/virus/header/banned checks by default, but have DKIM signing enabled. | NO (listen on `127.0.0.1` by default)
10028 | | Postfix | Used by Amavisd-new to handle email message sent by mlmmj mailing list manager. Introduced in iRedMail-0.9.9. | NO (listen on `127.0.0.1` by default)
9998 | | Amavisd-new | Used to manage quarantined emails. | NO (listen on `127.0.0.1` by default)
7777 | | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on `127.0.0.1` by default)
7778 | | iRedAPD | [SRS](https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme) sender address rewritting. | NO (listen on `127.0.0.1` by default)
7779 | | iRedAPD | [SRS](https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme) recipient address rewritting. | NO (listen on `127.0.0.1` by default)
7790 | http | mlmmjadmin | RESTful API server used to manage mlmmj mailing lists. Introduced in iRedMail-0.9.8. | NO (listen on `127.0.0.1` by default)
7791 | http | iredadmin | iRedAdmin (standalone uwsgi instance). Introduced in iRedMail-0.9.9. | NO (listen on `127.0.0.1` by default)
20000 | | SOGo | SOGo groupware | NO (listen on `127.0.0.1` by default)
11211 | | Memcached | A distributed, high performance memory object caching system. Currently used by only SOGo Groupware. | NO (listen on `127.0.0.1` by default)
12340 | | Dovecot | Dovecot quota status. Introduced in iRedMail-1.0. | NO (listen on `127.0.0.1` by default)
24242 | | Dovecot | Dovecot service status. Introduced in iRedMail-0.9.8. | NO (listen on `127.0.0.1` by default)
19999 | | Netdata | Netdata monitor. Introduced in iRedMail-0.9.8. | NO (listen on `127.0.0.1` by default)
!!! Nota:
* En iRedMail-0.9.2 y versiones anteriores, Policyd o Cluebringer escuchan el
puerto 10031. Han sido eliminados en iRedMail-0.9.3, y reemplazados por
iRedAPD.
* El puerto 465, para por ejemplo SMTP sobre SSL, ha sido depreciado por años.
Por favor, use el puerto 587.

38
es_MX/overview/0-used.components.md Normal file
View File

@ -0,0 +1,38 @@
# Major open source softwares used in iRedMail
[TOC]
## Used Components
Name | Comment
--- |---
[Postfix](http://www.postfix.org) | Mail Transfer Agent (MTA)
[Dovecot](http://www.dovecot.org) | POP3, IMAP and Managesieve server
[Nginx](http://www.nginx.org), [Nginx](http://nginx.org) | Web server
[OpenLDAP](http://www.openldap.org), [ldapd(8)](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldapd.8?query=ldapd&arch=i386) | LDAP server, used for storing mail accounts (optional)
[MySQL](http://www.mysql.com), [MariaDB](https://mariadb.org), [PostgreSQL](http://www.postgresql.org) | SQL server used to store application data. Could be used to store mail accounts too.
[mlmmj](http://mlmmj.org) | Mailing list manager. Shipped in iRedMail-0.9.8 and later releases.
[Amavisd-new](http://www.amavis.org) | Interface between Postfix and SpamAssassin, ClamAV.
[SpamAssassin](http://spamassassin.apache.org) | Content-based spam scanner
[ClamAV](http://www.clamav.net/) | Virus scanner
[Roundcube webmail](http://roundcube.net) | Webmail (PHP)
[SOGo Groupware](http://sogo.nu) | A groupware which provides calendar (CalDAV), contact (CardDAV), tasks and ActiveSync services
[Fail2ban](http://www.fail2ban.org) | Scans log files and bans IPs that show the malicious signs
[iRedAPD](https://github.com/iredmail/iRedAPD/) | A simple postfix policy server developed by iRedMail team, with SRS (Sender Rewrite Scheme) support.
## The Big Picture
![](./images/big.picture.png)
## Mail Flow of Inbound Emails
![](./images/flow.inbound.png)
## Mail Flow of Outbound Emails
![](./images/flow.outbound.png)
## See also
* [Locations of configuration and log files of major components](./file.locations.html)
* [Which network ports are open by iRedMail](./network.ports.html)

37
es_MX/overview/0-why.build.your.own.mail.server.md Normal file
View File

@ -0,0 +1,37 @@
# Why build your own mail server instead of outsourcing to external entities
Quote from [Spamhaus news article](http://www.spamhaus.org/news/article/719/a-survival-guide-for-the-small-mail-server):
> outsourcing (the mail service) does not come without costs, even when the
> outsourced service appears to be "free". Hidden costs include:
>
> * Another organization can see the content of all messages. In some cases,
> the contents of messages are stored on the outsourcing company's servers
> indefinitely. External access to unencrypted emails poses privacy and
> confidentiality issues. Furthermore, the outsourcing company may be located
> in another country and be subjected to different regulations and obligations.
>
> * In some cases, the outsourcing company's terms and conditions allow it to
> search the content of emails to aid in targeting advertising, which poses
> even greater privacy and confidentiality problems.
>
> * The organization no longer has control of its own email security.
> Server-based encryption and authentication is managed by the outsourcing
> company, requiring end-to-end encryption for sensitive communications.
>
> * Large companies with many customers are often a target of cybercrime
> attacks aimed at stealing customer data, and some of these attacks have
> succeeded.
>
> * Inspection of SMTP transaction logs may be impossible for the end user.
> Troubleshooting failed deliveries and other email problems requires
> interacting with an external support desk. Support desks are sometimes
> slow to respond. First-line support, in particular, might lack the
> training and access to fix any but simple problems, requiring escalation
> and further delays.
>
> * Sharing a mail server with other organizations can cause delivery issues
> when a user at another organization sends spam through that mail server.
> When the outsourcing company fails to detect and block spam, or is slow to
> terminate service to spammers, the likelihood of problems increases
> substantially.

3
es_MX/overview/_summary.md Normal file
View File

@ -0,0 +1,3 @@
* [Por qué construir su propio servidor de correo en lugar de subcontratar un servicio](./why.build.your.own.mail.server.html)
* [Principal softwar libre utilizado en iRedMail, y el flujo general del correo](./used.components.html)
* [Qué puertos de red abre iRedMail](./network.ports.html)

1
es_MX/overview/_title.md Normal file
View File

@ -0,0 +1 @@
Visión General {: #overview }

38
html/active.directory.html
View File

@ -132,17 +132,15 @@ same account <code>vmail</code> in AD, with strong and complex password.</p>
</ul>
<p>Make sure this newly created user is able to connect to AD server with
below command on iRedMail server:</p>
<pre><code class="shell"># ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
<pre><code class="language-shell"># ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
</code></pre>
<p>If it prints all users stored in AD server, then it's working as expected.</p>
<p>If you're using LDAPS, replace <code>-h ad.example.com</code> by
<code>-H ldaps://ad.example.com:636</code> instead:</p>
<pre><code class="shell"># ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
<pre><code class="language-shell"># ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
</code></pre>
<p>If LDAPS doesn't work, you may need to update parameter <code>TLS_CACERT</code> in
<code>/etc/openldap/ldap.conf</code> (RHEL/CentOS) or <code>/etc/ldap/ldap.conf</code> to use correct CA
certificate. For example:</p>
@ -151,63 +149,53 @@ certificate. For example:</p>
</ul>
<pre><code>TLS_CACERT /etc/pki/tls/certs/ca-bundle.trust.crt
</code></pre>
<ul>
<li>on Debian/Ubuntu, use <code>/etc/ssl/certs/ca-certificates.crt</code>:</li>
</ul>
<pre><code>TLS_CACERT /etc/ssl/certs/ca-certificates.crt
</code></pre>
<h3 id="enable-ldap-query-with-ad-in-postfix">Enable LDAP query with AD in Postfix</h3>
<p>Disable unused iRedMail special settings:</p>
<pre><code class="shell">postconf -e virtual_alias_maps=''
<pre><code class="language-shell">postconf -e virtual_alias_maps=''
postconf -e sender_bcc_maps=''
postconf -e recipient_bcc_maps=''
postconf -e relay_domains=''
postconf -e relay_recipient_maps=''
postconf -e sender_dependent_relayhost_maps=''
</code></pre>
<p>Add your mail domain name in <code>smtpd_sasl_local_domain</code> and <code>virtual_mailbox_domains</code>:</p>
<pre><code class="shell">postconf -e smtpd_sasl_local_domain='example.com'
<pre><code class="language-shell">postconf -e smtpd_sasl_local_domain='example.com'
postconf -e virtual_mailbox_domains='example.com'
</code></pre>
<p>Change transport maps setting:</p>
<pre><code>postconf -e transport_maps='hash:/etc/postfix/transport'
</code></pre>
<p>Enable AD query. <strong>Note</strong>: We will create these 3 files later.</p>
<ul>
<li>Verify SMTP senders</li>
</ul>
<pre><code class="shell">postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
<pre><code class="language-shell">postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
</code></pre>
<ul>
<li>Verify local mail users</li>
</ul>
<pre><code class="shell">postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
<pre><code class="language-shell">postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
</code></pre>
<ul>
<li>Verify local mail lists/groups.</li>
</ul>
<pre><code>postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'
</code></pre>
<ul>
<li>Create/edit file: <code>/etc/postfix/transport</code>.</li>
</ul>
<pre><code>example.com dovecot
</code></pre>
<p><strong>Note</strong>: the name <code>dovecot</code> used here is a Postfix transport defined in
<code>/etc/postfix/master.cf</code>, used to deliver received emails to local user mailboxes.</p>
<p>Run <code>postmap</code> so that postfix can read it:</p>
<pre><code># postmap hash:/etc/postfix/transport
</code></pre>
<ul>
<li>Create file: <code>/etc/postfix/ad_sender_login_maps.cf</code>:</li>
</ul>
@ -224,7 +212,6 @@ query_filter = (&amp;(userPrincipalName=%s)(objectClass=person)(!(userAccount
result_attribute= userPrincipalName
debuglevel = 0
</code></pre>
<ul>
<li>Create file: <code>/etc/postfix/ad_virtual_mailbox_maps.cf</code>:</li>
</ul>
@ -242,7 +229,6 @@ result_attribute= userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 0
</code></pre>
<p><strong>Note</strong>: We hard-code user's mailbox path in <code>result_format =</code> parameter, it
will be something like <code>example.com/username/Maildir/</code>.</p>
<ul>
@ -263,7 +249,6 @@ leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel = 0
</code></pre>
<p><strong>Notes</strong>:</p>
<ul>
<li>If your user have email address in both <code>mail</code> and <code>userPrincipalName</code>, you
@ -285,10 +270,9 @@ Before testing, we have to create two testing mail accounts first:</p>
user <code>user@example.com</code> as group member.</li>
<li>Query mail user account with below command:</li>
</ol>
<pre><code class="shell"># postmap -q user@example.com ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
<pre><code class="language-shell"># postmap -q user@example.com ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
example.com/user/Maildir/
</code></pre>
<p>If nothing returned by the command, it means LDAP query doesn't get expected
result. Please set <code>debuglevel = 1</code> file <code>/etc/postfix/ad_virtual_mailbox_maps.cf</code>,
then query again, it now will print detailed debug message. If you're not
@ -298,12 +282,10 @@ familiar with LDAP related info, please post the debug message in our
<pre><code># postmap -q user@example.com ldap:/etc/postfix/ad_sender_login_maps.cf
user@example.com
</code></pre>
<p>Verify mail group</p>
<pre><code># postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf
user@example.com
</code></pre>
<p><strong>NOTE</strong>: <code>postmap</code> return nothing if:</p>
<ol>
<li>mail group doesn't exist</li>
@ -343,7 +325,6 @@ pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
</code></pre>
<p>Restart dovecot service to make it work.</p>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
@ -373,7 +354,6 @@ number of gigabytes:</p>
^] # &lt;- Quit telnet with &quot;Ctrl+]&quot;, then type 'quit'.
</code></pre>
<p>Note: Do NOT miss the dot character before <code>login</code> command. if it returns
<code>Logged in</code>, then dovecot + AD works.</p>
<h2 id="enable-active-directory-integration-in-roundcube-webmail-for-global-ldap-address-book">Enable Active Directory integration in Roundcube webmail for Global LDAP Address Book</h2>
@ -383,7 +363,7 @@ address book setting added by iRedMail, and add new setting for AD like below:</
<li>on RHEL/CentOS/Debian/Ubuntu and OpenBSD: it's <code>/opt/www/roundcubemail/config/config.inc.php</code></li>
<li>on FreeBSD: it's <code>/usr/local/www/roundcubemail/config/config.inc.php</code></li>
</ul>
<pre><code class="php">#
<pre><code class="language-php">#
# &quot;sql&quot; is personal address book stored in roundcube database.
# &quot;global_ldap_abook&quot; is the new LDAP address book for AD, we will create it below.
#
@ -456,7 +436,6 @@ $config['ldap_public'][&quot;global_ldap_abook&quot;] = array(
// Directory setups
);
</code></pre>
<h2 id="enable-active-directory-integration-in-sogo-groupware">Enable Active Directory integration in SOGo Groupware</h2>
<p>Edit SOGo config file <code>/etc/sogo/sogo.conf</code>, comment out the LDAP address book
setting added by iRedMail, and add new setting for AD like below:</p>
@ -542,7 +521,6 @@ setting added by iRedMail, and add new setting for AD like below:</p>
}
);
</code></pre>
<h2 id="additions-documents">Additions documents</h2>
<ul>
<li>If your mail domain name is different than Windows Active Directory domain: <a href="https://forum.iredmail.org/topic3165-integration-with-windows-domain.html">https://forum.iredmail.org/topic3165-integration-with-windows-domain.html</a></li>

2
html/additional.smtp.port-it_IT.html
View File

@ -39,12 +39,10 @@
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
</code></pre>
<p><code>2525</code> è il nuovo numero di porta per il servizio smtp. potete cambiarlo nel valore che preferite.</p>
<p>Il riavvio del servizio Posfitx è necessario. Dopo il riavvio potete verificare se si sta ascoltando su questa nuova porta:</p>
<pre><code>netstat -ntlp | grep 2525
</code></pre>
<p>Ora è il momento di aggiornare i vostri apparati di rete, affinché inviino la posta attraverso questo numero di porta, senza usare STARTTLS o SSL.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>

2
html/additional.smtp.port.html
View File

@ -48,7 +48,6 @@ in <code>/etc/postfix/master.cf</code> (on Linux/OpenBSD) or
-o smtpd_tls_security_level=may
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
</code></pre>
<ul>
<li><code>2525</code> is the new port number for smtp service, you're free to change it to
your favourite port number.</li>
@ -58,7 +57,6 @@ in <code>/etc/postfix/master.cf</code> (on Linux/OpenBSD) or
it's listening on this new port:</p>
<pre><code>netstat -ntlp | grep 2525
</code></pre>
<p>Now update your network devices to send email through this port number,
without STARTTLS and SSL.</p>
<div class="admonition note">

7
html/allow.certain.users.to.send.email.as.different.user-it_IT.html
View File

@ -40,22 +40,19 @@ con il plugin iRedAPD <code>reject_sender_login_mismatch</code>.</p>
</ul>
<pre><code>smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
</code></pre>
<ul>
<li>Nel file di configurazione iRedADP <code>/opt/iredapd/settings.py</code> abilita il
plugin:</li>
</ul>
<pre><code class="python">plugins = ['reject_sender_login_mismatch', ...]
<pre><code class="language-python">plugins = ['reject_sender_login_mismatch', ...]
</code></pre>
<ul>
<li>Elenca i mittenti che sono autorizzati ad inviare email con indirizzi
diversi dai propri, nel file di configurazione iRedAPD
<code>ALLOWED_LOGIN_MISMATCH_SENDERS</code>. Per esempio:</li>
</ul>
<pre><code class="python">ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
<pre><code class="language-python">ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
</code></pre>
<pre><code>NOTA: Questo parametro non è presnete di default, aggiungilo manualmente.
</code></pre>
<p>Riavvia il servizio iRedAPD. Questo è tutto.</p><div class="footer">

7
html/allow.certain.users.to.send.email.as.different.user.html
View File

@ -38,22 +38,19 @@ below:</p>
</ul>
<pre><code>smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
</code></pre>
<ul>
<li>Enable plugin <code>reject_sender_login_mismatch</code> in iRedAPD config file
<code>/opt/iredapd/settings.py</code>:</li>
</ul>
<pre><code class="python">plugins = ['reject_sender_login_mismatch', ...]
<pre><code class="language-python">plugins = ['reject_sender_login_mismatch', ...]
</code></pre>
<ul>
<li>List senders who are allowed to send email as different users in iRedAPD
config file <code>/opt/iredapd/settings.py</code>, in parameter
<code>ALLOWED_LOGIN_MISMATCH_SENDERS</code>. For example:</li>
</ul>
<pre><code class="python">ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
<pre><code class="language-python">ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
</code></pre>
<pre><code>NOTE: this parameter does not present by default, please add it manually.
</code></pre>
<p>Restart iRedAPD service. That's all.</p><div class="footer">

3
html/allow.insecure.pop3.imap.smtp.connections-it_IT.html
View File

@ -32,7 +32,6 @@
<p>Con la configurazione di default di iRedMail, tutti i client di posta sono forzati ad usare i servizi POP3/IMAP/SMTP over STARTTLS per ottenere connessioni sicure. Se il vostro client di posta tentasse l'accesso alla casella di posta con il protocollo POP3/IMAP/SMTP senza il support TLS, otterreste un messaggio di errore simile quello sottostante:</p>
<pre><code>Plaintext authentication disallowed on non-secure (SSL/TLS) connections
</code></pre>
<p>Questo tutorial descrive come abilitare connessioni insicure per l'uso quotidiano.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
@ -47,13 +46,11 @@
<pre><code>disable_plaintext_auth=no
ssl=yes
</code></pre>
<p>Nuovamente, è fortemente raccomandato di usare solo POP3S/IMAPS per una migliore sicurezza.</p>
<p>La configurazione di default, e raccomandata, impostata da iRedMail è:</p>
<pre><code>disable_plaintext_auth=yes
ssl=required
</code></pre>
<h2 id="abilitare-connessioni-stmp-insicure">Abilitare connessioni STMP insicure</h2>
<p>Commentate la riga sottostante nel file di configurazione di Postifx, <code>/etc/postfix/main.cf</code> e ricaricate o riavviate il servizio Postfix:</p>
<pre><code>smtpd_tls_auth_only=yes

3
html/allow.insecure.pop3.imap.smtp.connections.html
View File

@ -35,7 +35,6 @@ try to access mailbox via protocol POP3/IMAP without TLS support, you will
get error message like below:</p>
<pre><code>Plaintext authentication disallowed on non-secure (SSL/TLS) connections
</code></pre>
<p>This tutorial describes how to allow insecure connection for daily use.</p>
<div class="admonition note">
<p class="admonition-title">Note</p>
@ -54,13 +53,11 @@ file <code>/etc/dovecot/dovecot.conf</code> and restart Dovecot service:</p>
<pre><code>disable_plaintext_auth=no
ssl=yes
</code></pre>
<p>Again, it's strongly recommended to use only POP3S/IMAPS for better security.</p>
<p>Default and recommended setting configured by iRedMail is:</p>
<pre><code>disable_plaintext_auth=yes
ssl=required
</code></pre>
<h2 id="allow-insecure-smtp-connection-on-port-25">Allow insecure SMTP connection on port 25</h2>
<p>Please comment out lines below in Postfix config file <code>/etc/postfix/main.cf</code>
and reload or restart Postfix service:</p>

1
html/allow.member.to.send.email.as.mail.list-it_IT.html
View File

@ -28,7 +28,6 @@
</ul>
<pre><code>ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
</code></pre>
<ul>
<li>Riavviare entrambi i servizi Postfix ed iRedAPD</li>
</ul><div class="footer">

2
html/allow.member.to.send.email.as.mail.list-zh_CN.html
View File

@ -27,14 +27,12 @@
</ul>
<pre><code>plugins = [..., 'reject_sender_login_mismatch']
</code></pre>
<ul>
<li>在 iRedAPD 配置文件 <code>/opt/iredapd/settings.py</code> 中添加如下参数,允许列表成员
以列表邮件地址作为发件人发送邮件:</li>
</ul>
<pre><code>ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
</code></pre>
<ul>
<li>修改后需要重启 Postfix 和 iRedAPD 服务。</li>
</ul><div class="footer">

1
html/allow.member.to.send.email.as.mail.list.html
View File

@ -31,7 +31,6 @@ mailing list (or mail alias), please follw steps below:</p>
</ul>
<pre><code>ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
</code></pre>
<ul>
<li>Restart both Postfix and iRedAPD services.</li>
</ul><div class="footer">

5
html/allow.send.without.smtp.auth.html
View File

@ -38,14 +38,12 @@ address which you're going to allow to send email without smtp
authentication. We use email address <code>user@example.com</code> for example here.</p>
<pre><code>/^user@example\.com$/ OK
</code></pre>
<p>It's ok to use IP address instead like below if you want to allow all emails
sent from this IP address:</p>
<pre><code>/^192\.168\.1\.1$/ OK
/^192\.168\.2\./ OK
/^172\.16\./ OK
</code></pre>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<ul>
@ -58,7 +56,6 @@ sent from this IP address:</p>
<p>Now restart or reload postfix to make it work:</p>
<pre><code>postfix reload
</code></pre>
<h2 id="iredapd">iRedAPD</h2>
<p>iRedAPD plugin <code>reject_sender_login_mismatch</code> checks forged sender address.
If sender domain is hosted on your server, but email was sent without smtp
@ -77,14 +74,12 @@ in file <code>/opt/iredapd/libs/default_settings.py</code>.</p>
</ul>
<pre><code>ALLOWED_FORGED_SENDERS = ['user@example.com']
</code></pre>
<ul>
<li>To bypass sender IP address or network, for example, <code>192.168.0.1</code> and
<code>192.168.1.0/24</code>, please add setting in <code>/opt/iredapd/settings.py</code> like below:</li>
</ul>
<pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
</code></pre>
<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

3
html/allow.user.to.send.email.without.authentication-it_IT.html
View File

@ -23,17 +23,14 @@
<p>Create questo file di testo: <code>/etc/postfix/accepted_unauth_senders</code>, elencandoci tutti gli indirizzi mail degli utenti abilitati ad inviare posta senza l'autenticazione smtp. Verrà usato l'indirizzo <code>user@example.com</code> come esempio:</p>
<pre><code>user@example.com OK
</code></pre>
<p>Create un file db hash con il comando <code>postmap</code> :</p>
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
</code></pre>
<p>Modificate il file di configurazione di Postfix <code>/etc/postmap/main.cf</code> affinché uso questo file di testo:</p>
<pre><code>smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]
</code></pre>
<p>Riavviate/ricaricate Postfix per rendere effettiva la modifica.</p>
<pre><code># /etc/init.d/postfix restart
</code></pre><div class="footer">

6
html/allow.user.to.send.email.without.authentication-zh_CN.html
View File

@ -25,21 +25,17 @@
发送邮件的用户邮件地址。下面以用户 <code>user@example.com</code> 为例:</p>
<pre><code>user@example.com OK
</code></pre>
<p>使用 <code>postmap</code> 命令建立哈希数据库文件:</p>
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
</code></pre>
<p>修改 Postfix 配置文件 <code>/etc/postfix/main.cf</code> 以使用该文件:</p>
<pre><code>smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]
</code></pre>
<p>重启 postfix 服务以使设置生效:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<h2 id="iredapd">iRedAPD</h2>
<p>iRedAPD 插件 <code>reject_sender_login_mismatch</code> 会检测伪造的发件人地址。如果发件人
的域名在你的服务器托管,并且邮件不是经由 SMTP 验证发送的,就会被认为是伪造的
@ -52,14 +48,12 @@ not logged in</code>),因此需要在 iRedAPD 里放行将该收件人邮件
</ul>
<pre><code>ALLOWED_FORGED_SENDERS = ['user@example.com']
</code></pre>
<ul>
<li>放行发件人 IP 地址或网段,例如, <code>192.168.0.1</code><code>192.168.1.0/24</code>,请在
<code>/opt/iredapd/settings.py</code> 里加以下参数:</li>
</ul>
<pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
</code></pre>
<p>修改后需要重启 iRedAPD 服务。</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

6
html/allow.user.to.send.email.without.authentication.html
View File

@ -38,7 +38,6 @@ users' email addresses which are allowed to send email without smtp
authentication. We use user email address <code>user@example.com</code> for example:</p>
<pre><code>/^user@example\.com$/ OK
</code></pre>
<p>It's ok to use IP address instead like below:</p>
<blockquote>
<p>For more allowed sender format, please check Postfix manual page: <a href="http://www.postfix.org/access.5.html">access(5)</a>.</p>
@ -47,17 +46,14 @@ authentication. We use user email address <code>user@example.com</code> for exam
/^192\.168\.2\./ OK
/^172\.16\./ OK
</code></pre>
<p>Update Postfix config file <code>/etc/postfix/main.cf</code> to use this pcre file:</p>
<pre><code>smtpd_sender_restrictions =
check_sender_access pcre:/etc/postfix/sender_access.pcre,
[...OTHER RESTRICTIONS HERE...]
</code></pre>
<p>Restart/reload postfix to make it work:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<h2 id="iredapd">iRedAPD</h2>
<p>iRedAPD plugin <code>reject_sender_login_mismatch</code> will check forged sender address.
If sender domain is hosted on your server, but no smtp auth, it will be
@ -71,14 +67,12 @@ device like printer, fax, we can also its IP address directly.</p>
</ul>
<pre><code>ALLOWED_FORGED_SENDERS = ['user@example.com']
</code></pre>
<ul>
<li>To bypass sender IP address or network, for example, <code>192.168.0.1</code> and
<code>192.168.1.0/24</code>, please add setting in <code>/opt/iredapd/settings.py</code> like below:</li>
</ul>
<pre><code>MYNETWORKS = ['192.168.0.1', '192.168.1.0/24']
</code></pre>
<p>Restarting iRedAPD service is required if you updated <code>/opt/iredapd/settings.py</code>.</p>
<h2 id="references">References</h2>
<ul>

1
html/amavisd.per-recipient.policy.lookup-it_IT.html
View File

@ -27,7 +27,6 @@
@storage_sql_dsn = [...]
@lookup_sql_dsn = @storage_sql_dsn;
</code></pre>
<p>Acqueo punto riavviate il servizio Amavisd.</p>
<p>Se non sapete dove sia il file di configurazione di Amavisd, fate riferimento a questo documento: <a href="./file.locations.html#amavisd">Posizione dei file di configurazione e log dei componenti maggiori</a></p>
<h2 id="referenze">Referenze:</h2>

1
html/amavisd.per-recipient.policy.lookup.html
View File

@ -33,7 +33,6 @@ it's very easy to enable per-recipient policy lookup. Just add one line after
@storage_sql_dsn = [...]
@lookup_sql_dsn = @storage_sql_dsn;
</code></pre>
<p>Then restart Amavisd serivce.</p>
<p>If you don't know where Amavisd config file is, please refer to our document:
<a href="./file.locations.html#amavisd">Locations of configuration and log files of major components</a></p>

5
html/amavisd.wblist-it_IT.html
View File

@ -39,7 +39,6 @@
<pre><code># cd /opt/iredapd/tools/
# python wblist_admin.py
</code></pre>
<p>Esempi di utilizzo:</p>
<ul>
<li>Aggiungere globalmente in whitelist o blacklist mittenti:</li>
@ -47,14 +46,12 @@
<pre><code># python wblist_admin.py --add --whitelist 202.96.134.133 john@example.com @test.com @.abc.com
# python wblist_admin.py --add --blacklist 202.96.134.133 john@example.com @test.com @.abc.com
</code></pre>
<ul>
<li>Elencare mittenti inseriti in whitelist o blacklist a livello globale:</li>
</ul>
<pre><code># python wblist_admin.py --list --whitelist
# python wblist_admin.py --list --blacklist
</code></pre>
<ul>
<li>Per gestire a livello utente o dominio le white/backlist aggiungete il parametro <code>--account</code> come sotto riportato:</li>
</ul>
@ -64,13 +61,11 @@
# python wblist_admin.py --account mydomain.com --list --whitelist
# python wblist_admin.py --account user@mydomain.com --list --blacklist
</code></pre>
<ul>
<li>Per le mail in uscita aggiungete il parametro <code>--outbound</code> come sotto riportato:</li>
</ul>
<pre><code># python wblist_admin.py --outbound --account mydomain.com --add --whitelist 202.96.134.133
</code></pre>
<p>Screenshot di iRedAdmin-Pro:</p>
<p><img alt="" src="./images/iredadmin/system_wblist.png" /></p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

5
html/amavisd.wblist.html
View File

@ -47,7 +47,6 @@ without argument like this:</p>
<pre><code># cd /opt/iredapd/tools/
# python wblist_admin.py
</code></pre>
<p>Sample usages:</p>
<ul>
<li>Add server-wide whitelisted or blacklisted senders:</li>
@ -55,14 +54,12 @@ without argument like this:</p>
<pre><code># python wblist_admin.py --add --whitelist 202.96.134.133 john@example.com @test.com @.abc.com
# python wblist_admin.py --add --blacklist 202.96.134.133 john@example.com @test.com @.abc.com
</code></pre>
<ul>
<li>Show server-wide whitelisted and blacklisted senders:</li>
</ul>
<pre><code># python wblist_admin.py --list --whitelist
# python wblist_admin.py --list --blacklist
</code></pre>
<ul>
<li>For per-domain or per-user white/blacklists, please add argument <code>--account</code>.
like below:</li>
@ -73,13 +70,11 @@ without argument like this:</p>
# python wblist_admin.py --account mydomain.com --list --whitelist
# python wblist_admin.py --account user@mydomain.com --list --blacklist
</code></pre>
<ul>
<li>For outbound messages, please add argument <code>--outbound</code>. like below:</li>
</ul>
<pre><code># python wblist_admin.py --outbound --account mydomain.com --add --whitelist 202.96.134.133
</code></pre>
<p>Screenshot of iRedAdmin-Pro:</p>
<p><img alt="" src="./images/iredadmin/system_wblist.png" /></p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

2
html/authenticate.without.domain.name.html
View File

@ -35,7 +35,6 @@ email address, please follow below steps.</p>
without domain name part in email address. For example:</p>
<pre><code>auth_default_realm = mydomain.com
</code></pre>
<p>Restarting Dovecot is required. After restarted Dovecot, user logins as
<code>john.smith</code> will be rewritten to <code>john.smith@mydomain.com</code> by Dovecot.
This works for POP3/IMAP/SMTP services.</p>
@ -56,7 +55,6 @@ in this parameter. For example:</p>
// For example %n = mail.domain.tld, %t = domain.tld
$config['username_domain'] = 'mydomain.com';
</code></pre>
<p>Restarting web server (Apache or php-fpm) is recommended.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

18
html/backup.restore.html
View File

@ -67,7 +67,6 @@ installation, so what you need to do is checking whether or not they're
defined as cron jobs with below commands:</p>
<pre><code># crontab -l -u root
</code></pre>
<p>Sample output on an iRedMail server with OpenLDAP backend:</p>
<pre><code># iRedMail: Backup OpenLDAP data every day on 03:01 AM
1 3 * * * /bin/bash /var/vmail/backup/backup_openldap.sh
@ -75,7 +74,6 @@ defined as cron jobs with below commands:</p>
# iRedMail: Backup MySQL databases every day on 03:10 AM
10 3 * * * /bin/bash /var/vmail/backup/backup_mysql.sh
</code></pre>
<p>Notes:</p>
<ul>
<li>Backup files are stored under directory defined in parameter <code>BACKUP_ROOTDIR</code>
@ -176,7 +174,6 @@ the correct ones in this tutorial:
# ls -l 2015-05-10-03:01:01.ldif
-rw-r--r-- 1 root root 7352 May 10 03:01 2015-05-10-03:01:01.ldif
</code></pre>
<ul>
<li>
<p>Find passwords for <code>cn=vmail,dc=xx,dc=xx</code> and <code>cn=vmailadmin,dc=xx,dc=xx</code>
@ -198,7 +195,6 @@ the correct ones in this tutorial:
* LDAP bind dn (read-only): cn=vmail,dc=example,dc=com, password: py2BQwM0zoRM5nciK68AlP8dyu2Mq6
* LDAP admin dn (used for iRedAdmin): cn=vmailadmin,dc=example,dc=com, password: 9wr0mHeVYz2uaxSAGBLucVkOgYPSBB
</code></pre>
<ul>
<li>Now hash them with command <code>slappasswd</code>:</li>
</ul>
@ -208,7 +204,6 @@ the correct ones in this tutorial:
# slappasswd -h '{ssha}' -s '9wr0mHeVYz2uaxSAGBLucVkOgYPSBB' # &lt;- cn=vmailadmin's password
{SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
</code></pre>
<ul>
<li>
<p>Open the backup file <code>2015-05-10-03:01:01.ldif</code> with your favourite text
@ -233,7 +228,6 @@ userPassword:: e1NTSEF9alZi8E12dS9FNllaMktteFh7YkZham1mM3Jqc21cdEFsZjJIeEE9PQ=
= # &lt;- remove this line
...
</code></pre>
<p>Replace these two <code>userPassword</code> lines by the newly generated ssha passwords,
save your change, exit your text editor.</p>
<pre><code>dn: cn=vmail,dc=iredmail,dc=org
@ -245,7 +239,6 @@ dn: cn=vmailadmin,dc=iredmail,dc=org
userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
...
</code></pre>
<p><strong>Important note</strong>: There's only <strong>ONE</strong> colon after <code>userPassword</code> string
(<code>userPassword:</code>).</p>
<ul>
@ -253,7 +246,6 @@ userPassword: {SSHA}lWt6zjOOUq+2WUmiAea2FXLB4oHMYvIb
</ul>
<pre><code># /etc/init.d/ldap stop
</code></pre>
<ul>
<li>
<p>If you enabled additional LDAP schema files on old server, you <code>MUST</code> copy
@ -284,7 +276,6 @@ suffix dc=iredmail,dc=org
directory /var/lib/ldap/iredmail.org
...
</code></pre>
<p>So you should remove all files under directory <code>/var/lib/ldap/iredmail.org</code>
except <code>/var/lib/ldap/iredmail.org/DB_CONFIG</code>.</p>
<pre><code># cd /var/lib/ldap/iredmail.org/
@ -292,7 +283,6 @@ except <code>/var/lib/ldap/iredmail.org/DB_CONFIG</code>.</p>
# rm -rf /var/lib/ldap/iredmail.org/*
# mv ~/DB_CONFIG .
</code></pre>
<ul>
<li>Start OpenLDAP service immediately, then stop it again. it will help create
necessary files required by backend db (<code>dbd</code> in our case, <code>database dbd</code>).</li>
@ -300,14 +290,12 @@ except <code>/var/lib/ldap/iredmail.org/DB_CONFIG</code>.</p>
<pre><code># /etc/init.d/slapd start
# /etc/init.d/slapd stop
</code></pre>
<ul>
<li>Make sure OpenLDAP server is <strong>NOT</strong> running, then restore backup LDIF file
with command <code>slapadd</code>.</li>
</ul>
<pre><code># slapadd -f /etc/openldap/slapd.conf -l /path/to/backup/backup.ldif
</code></pre>
<ul>
<li>It's OK to start OpenLDAP server now. It may report errors like below:</li>
</ul>
@ -320,13 +308,11 @@ Checking configuration files for slapd: config file testing succeeded
[ OK ]
Starting slapd: [ OK ]
</code></pre>
<p>If you see above warning about improper file ownership, please set correct file
owner on newly created bdb files immediately, then restart OpenLDAP service:</p>
<pre><code># chown ldap:ldap /var/lib/ldap/iredmail.org/*.bdb
# /etc/init.d/ldap restart
</code></pre>
<p>If you're restoring LDAP data from an old iRedMail server, you should add
missing LDAP attribute/values, which are introduced in newer iRedMail releases,
by following step below: <a href="#after-ldap-restore">After LDAP Restore</a>.</p>
@ -340,14 +326,12 @@ to restore its data with command <code>ldapadd</code>.</p>
</ul>
<pre><code>rcctl stop ldapd
</code></pre>
<ul>
<li>Remove all files under ldapd data directory <code>/var/db/ldap/</code>.</li>
<li>Start ldapd service.</li>
</ul>
<pre><code>rcctl start ldapd
</code></pre>
<ul>
<li>
<p>Import backup LDIF file:</p>
@ -359,7 +343,6 @@ to restore its data with command <code>ldapadd</code>.</p>
</ul>
<pre><code># ldapadd -x -D 'cn=Manager,dc=xx,dc=xx' -W -f /path/to/backup.ldif
</code></pre>
<p>If you're restoring LDAP data from an old iRedMail server, you should add
missing LDAP attribute/values, which are introduced in newer iRedMail releases,
by following step below: <a href="#after-ldap-restore">After LDAP Restore</a>.</p>
@ -390,7 +373,6 @@ basedn = 'o=domains,dc=example,dc=com'
bind_dn = 'cn=Manager,dc=example,dc=com'
bind_pw = 'passwd'
</code></pre>
<p>Please update them with the correct LDAP prefix (<code>dc=xx,dc=xx</code>) and bind
password, then run it with <code>python</code> command:</p>
<pre><code>python updateLDAPValues_094_to_095.py

3
html/backupmx.html
View File

@ -47,7 +47,6 @@ mail server in MX type DNS record.</p>
<pre><code>example.com. 3600 IN MX 5 mx01.example.com
example.com. 3600 IN MX 10 mx02.example.com
</code></pre>
<p>Server <code>mx01.example.com</code> has priority number <code>5</code>, and <code>mx02.example.com</code> has
priority number <code>10</code>. For mail service, the lowest number has highest priority.
so with above example, server <code>mx01.example.com</code> is the primary MX, and
@ -69,7 +68,6 @@ avoid mail loop.</p>
<pre><code>USE vmail;
UPDATE domain SET transport='relay:[45.56.127.226]:25',backupmx=1 WHERE domain='example.com';
</code></pre>
<p>In above example, we mark domain <code>example.com</code> as a backup MX, and use IP
address <code>45.56.127.226</code> as primary MX server, you should replace it by the real
IP address.</p>
@ -78,7 +76,6 @@ IP address.</p>
<pre><code>domainBackupMX: yes
mtaTransport: relay:[45.56.127.226]:25
</code></pre>
<h2 id="see-also">See also</h2>
<ul>
<li><a href="https://en.wikipedia.org/wiki/MX_record#The_backup_MX">Backup MX (wikipedia)</a></li>

4
html/change.mail.attachment.size-it_IT.html
View File

@ -43,11 +43,9 @@ con allegati di grosse dimensioni.</p>
<pre><code># postconf -e message_size_limit='104857600'
# postconf -e mailbox_size_limit='104857600'
</code></pre>
<p>Riavviate postfix per applicare le modifiche.</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<p><strong>NOTE</strong>:</p>
<ul>
<li><code>104857600</code> corrisponde a 100 (MB) x 1024 (KB) x 1024 (Bit).</li>
@ -77,7 +75,6 @@ configurazioni: <code>memory_limit</code>, <code>upload_max_filesize</code> e <c
upload_max_filesize = 100M;
post_max_size = 100M;
</code></pre>
<h3 id="modifica-configurazioni-di-roundcube-webmail-per-permettere-allegati-di-grosse-dimensioni">Modifica configurazioni di Roundcube webmail per permettere allegati di grosse dimensioni</h3>
<p>Modificate le stesse configurazioni in <code>.htaccess</code> nella directory root di roundcube:</p>
<ul>
@ -93,7 +90,6 @@ ignorare le seguenti modifiche</p>
php_value upload_max_filesize 100M
php_value post_max_size 100M
</code></pre>
<p>Riavviate il servizio di Apache o php-frm per accettare le modifiche fin qui applicate.</p>
<h3 id="modifica-dimensione-di-upload-in-nginx">Modifica dimensione di upload in Nginx</h3>
<p>Trovate, nel file di configurazione di Nginx, cher si trova a <code>/etc/nginx/nginx.conf</code>, la riga con <code>client_max_body_size</code>e modificate il valore assegnato alle vostre specifiche esigenze.</p>

7
html/change.mail.attachment.size-zh_CN.html
View File

@ -44,11 +44,9 @@
<pre><code># postconf -e message_size_limit='104857600'
# postconf -e mailbox_size_limit='104857600'
</code></pre>
<p>之后重启 Postfix 服务,使上述修改生效:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<p><strong>注意</strong>:</p>
<ul>
<li><code>104857600</code> 是由 100 (MB) x 1024 (KB) x 1024 (Bit) 计算得到的结果。</li>
@ -73,7 +71,6 @@
upload_max_filesize = 100M;
post_max_size = 100M;
</code></pre>
<h3 id="roundcube_1">修改 Roundcube 网页邮箱设置以允许上传大附件</h3>
<p>修改 roundcube 目录下的 <code>.htaccess</code> 文件:</p>
<ul>
@ -88,7 +85,6 @@ post_max_size = 100M;
php_value upload_max_filesize 100M
php_value post_max_size 100M
</code></pre>
<p>重启 Apache 或 php-fpm 服务以使上述修改生效。</p>
<h2 id="nginx">限制 Nginx 上传文件大小</h2>
<p>在配置文件 <code>/etc/nginx/nginx.conf</code> 中找到参数 <code>client_max_body_size</code> ,按需要修改大小:</p>
@ -98,7 +94,6 @@ php_value post_max_size 100M
...
}
</code></pre>
<h2 id="sogo">限制 SOGo 上传文件大小</h2>
<p>SOGo-3.x 引入新参数 <code>WOMaxUploadSize</code> 用于限制上传文件的大小,请将它添加到 SOGo
配置文件 <code>/etc/sogo/sogo.conf</code> 里并设置一个合适的附件大小。</p>
@ -110,7 +105,6 @@ php_value post_max_size 100M
// - By default, the value is 0, or disabled so no limit will be set.
WOMaxUploadSize = 102400;
</code></pre>
<p>修改后需要重启 SOGo 服务。</p>
<h2 id="outlook">修改 Outlook 程序的附件大小限制</h2>
<p>Outlook 有自己的附件大小限制,如果超出限制会弹出错误信息 <code>The
@ -128,7 +122,6 @@ attachment size exceeds the allowable limit.</code></p>
<pre><code>HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Preferences
</code></pre>
<ul>
<li>
<p>在以上条目底下添加注册表项:</p>

7
html/change.mail.attachment.size.html
View File

@ -54,7 +54,6 @@ attachment.</p>
<pre><code># postconf -e message_size_limit=104857600
# postconf -e mailbox_size_limit=104857600
</code></pre>
<div class="admonition note">
<p class="admonition-title">Note</p>
<ul>
@ -70,7 +69,6 @@ attachment.</p>
<p>Restart postfix to make it work:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<p><strong>NOTES</strong>:</p>
<ul>
<li><code>104857600</code> is 100 (MB) x 1024 (KB) x 1024 (Byte).</li>
@ -120,7 +118,6 @@ explanation: <a href="https://github.com/iredmail/iRedAPD/blob/master/plugins/th
upload_max_filesize = 100M;
post_max_size = 100M;
</code></pre>
<p>Note:</p>
<ul>
<li>If you're running Nginx as web server, restarting php-fpm service is required.</li>
@ -140,7 +137,6 @@ limit message size, please add or update this parameter in its config file:</p>
</ul>
<pre><code>$config['max_message_size'] = '100M';
</code></pre>
<h2 id="change-upload-file-size-in-nginx">Change upload file size in Nginx</h2>
<p>Find setting <code>client_max_body_size</code> in Nginx config file
<code>/etc/nginx/conf-enabled/client_max_body_size.conf</code>, change the size to a
@ -151,7 +147,6 @@ proper value to match your need.</p>
</div>
<pre><code>client_max_body_size 100m;
</code></pre>
<p>Reloading or restarting Nginx service is required.</p>
<h2 id="change-file-size-limits-in-sogo">Change file size limits in SOGo</h2>
<p>SOGo config file is <code>/etc/sogo/sogo.conf</code> (Linux/OpenBSD) or
@ -175,7 +170,6 @@ proper value to match your need.</p>
// no limit will be set.
SOGoMaximumMessageSizeLimit = 102400;
</code></pre>
<p>Restarting SOGo service is required if you changed any setting in SOGo config file.</p>
<h2 id="change-attachment-size-limit-in-microsoft-outlook">Change attachment size limit in Microsoft Outlook</h2>
<p>Outlook has its own attachment size limit, and will raise error like <code>The
@ -194,7 +188,6 @@ follow these steps:</p>
<pre><code>HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Outlook\Preferences
HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\14.0\Outlook\Preferences
</code></pre>
<ul>
<li>
<p>Add the following registry data under this subkey:</p>

2
html/change.mailbox.format.html
View File

@ -64,7 +64,6 @@ MySQL for example here.</p>
<pre><code>USE vmail;
UPDATE mailbox SET mailboxformat='mdbox', mailboxfolder='mdbox' where username=&quot;user@your-domain.com&quot;;
</code></pre>
<ul>
<li>Value of <code>mailboxfolder</code> can be any folder name supported by Linux/BSD file
system, but value of <code>mailboxformat</code> must be one of the formats supported by
@ -80,7 +79,6 @@ to update mail user's LDIF data.</p>
<pre><code>mailboxFormat: mdbox
mailboxFolder: mdbox
</code></pre>
<ul>
<li>Value of <code>mailboxFolder</code> can be any folder name supported by Linux/BSD file
system, but value of <code>mailboxFormat</code> must be one of the formats supported by

12
html/cluebringer.to.iredapd.html
View File

@ -63,7 +63,6 @@ of iRedAPD.</p>
the version number with command below:</p>
<pre><code>grep '__version__' /opt/iredapd/libs/__init__.py
</code></pre>
<p>If you're not running iRedAPD-1.7.0 or later release, please follow our
tutorial to upgrade it: <a href="./upgrade.iredapd.html">Upgrade iRedAPD</a>.</p>
<h3 id="migrate-cluebringer-to-iredapd">Migrate Cluebringer to iRedAPD</h3>
@ -90,13 +89,11 @@ cluebringer_db_name = 'cluebringer'
cluebringer_db_user = 'root'
cluebringer_db_password = ''
</code></pre>
<p>Then run below commands to migrate greylisting and throttling settings:</p>
<pre><code># cd /opt/iredapd/tools/
# python migrate_cluebringer_greylisting.py
# python migrate_cluebringer_throttle.py
</code></pre>
<p>That's it.</p>
<h2 id="after-migration">After migration</h2>
<h3 id="enable-required-plugins-remove-old-plugins">Enable required plugins, remove old plugins</h3>
@ -112,7 +109,6 @@ cluebringer_db_password = ''
plugins = [..., 'amavisd_wblist', 'greylisting', 'throttle']
</code></pre>
<p>The order of plugin names doesn't matter.</p>
<ul>
<li>
@ -145,7 +141,6 @@ smtpd_end_of_data_restrictions =
check_policy_service inet:127.0.0.1:10031 # &lt;- Remove this line
...
</code></pre>
<h3 id="enable-iredapd-in-postfix">Enable iRedAPD in Postfix</h3>
<p>Make sure iRedAPD are enabled in <strong>BOTH</strong> <code>smtpd_recipient_restrictions</code>
and <code>smtpd_end_of_data_restrictions</code> like below:</p>
@ -157,7 +152,6 @@ and <code>smtpd_end_of_data_restrictions</code> like below:</p>
smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
</code></pre>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>If you have additional IP addresses/networks listed in Postfix setting
@ -172,13 +166,11 @@ smtpd_end_of_data_restrictions = check_policy_service inet:127.0.0.1:7777
</ul>
<pre><code># service postfix restart
</code></pre>
<ul>
<li>On OpenBSD:</li>
</ul>
<pre><code># /etc/rc.d/postfix restart
</code></pre>
<h3 id="stop-cluebringer-service-and-remove-cluebringer-packages">Stop Cluebringer service, and remove Cluebringer packages</h3>
<p>We don't need Cluebringer anymore, so it's ok to stop cluebringer service and
remove the packages:</p>
@ -187,19 +179,16 @@ remove the packages:</p>
</ul>
<pre><code># service cbpolicyd stop &amp;&amp; yum remove cluebringer
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
<pre><code># service postfix-cluebringer stop &amp;&amp; apt-get remove --purge postfix-cluebringer
</code></pre>
<ul>
<li>On FreeBSD:</li>
</ul>
<pre><code># service policyd2 stop &amp;&amp; cd /usr/ports/mail/policyd2/ &amp;&amp; make deinstall
</code></pre>
<ul>
<li>
<p>Edit root user's cron job, remove the one used to clean up Cluebringer SQL
@ -212,7 +201,6 @@ remove the packages:</p>
</ul>
<pre><code>3 3 * * * /usr/sbin/cbpadmin --config=/etc/policyd/cluebringer.conf --cleanup &gt;/dev/null
</code></pre>
<ul>
<li>Optionally, you can drop its SQL database <code>cluebringer</code> also.</li>
</ul>

9
html/completely.disable.amavisd.clamav.spamassassin-it_IT.html
View File

@ -48,26 +48,23 @@
<p>Trovate le seguenti linee in /etc/amavisd/amavisd.conf:</p>
</li>
</ul>
<pre><code class="perl"># @bypass_virus_checks_maps = (1); # controls running of anti-virus code
<pre><code class="language-perl"># @bypass_virus_checks_maps = (1); # controls running of anti-virus code
# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
</code></pre>
<p>Decommentate le righe sopra (rimuovendo il carattere # da ogni riga), e riavviate il servizio Amavisd.</p>
<h3 id="disabilitare-completamente-tutte-le-opzioni">Disabilitare completamente tutte le opzioni:</h3>
<p>Se volete disabilitare completamente sia il servizio anti spam che anti virus, fate:</p>
<ul>
<li>Commentate le due righe sotto nel file di configurazione di Postfix <code>/etc/postfix/main.cf</code>:</li>
</ul>
<pre><code class="cfg">content_filter = smtp-amavis:[127.0.0.1]:10024
<pre><code class="language-cfg">content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings # &lt;- it's ok if you don't have this line
</code></pre>
<ul>
<li>Commentate le righe sottostanti nel file di configurazione di Postfix <code>/etc/postfix/main.cf</code>:</li>
</ul>
<pre><code class="cfg"> -o content_filter=smtp-amavis:[127.0.0.1]:10026
<pre><code class="language-cfg"> -o content_filter=smtp-amavis:[127.0.0.1]:10026
</code></pre>
<ul>
<li>Il riavvio del servizio Postfix è necessario.</li>
<li>Disabilitare i seguenti servizi di rete: Amavisd, ClamAV.</li>

11
html/completely.disable.amavisd.clamav.spamassassin.html
View File

@ -57,10 +57,9 @@
</ul>
</li>
</ul>
<pre><code class="perl"># @bypass_virus_checks_maps = (1); # controls running of anti-virus code
<pre><code class="language-perl"># @bypass_virus_checks_maps = (1); # controls running of anti-virus code
# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
</code></pre>
<p>Uncomment above lines (removing "# " at the beginning of each line), and restart Amavisd service.</p>
<p>You may want to stop and disable ClamAV service, then remove clamav packages
since it's not called by Amavisd or other programs anymore:</p>
@ -96,22 +95,19 @@ rcctl disable clamd
rcctl restart amavisd
pkg_delete clamav
</code></pre>
<h3 id="completely-disable-all-features">Completely disable all features</h3>
<p>If you want to completely disable spam and virus scanning services, steps:</p>
<ul>
<li>Comment out below two lines in Postfix config file <code>/etc/postfix/main.cf</code>:</li>
</ul>
<pre><code class="cfg">content_filter = smtp-amavis:[127.0.0.1]:10024
<pre><code class="language-cfg">content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings # &lt;- it's ok if you don't have this line
</code></pre>
<ul>
<li>Comment out below line in Postfix config file <code>/etc/postfix/master.cf</code>,</li>
</ul>
<pre><code class="cfg"> -o content_filter=smtp-amavis:[127.0.0.1]:10026
<pre><code class="language-cfg"> -o content_filter=smtp-amavis:[127.0.0.1]:10026
</code></pre>
<ul>
<li>Restarting Postfix service is required.</li>
<li>Disable network services: Amavisd, ClamAV.</li>
@ -134,7 +130,6 @@ connect to this port anymore.</p>
</ul>
<pre><code>MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</code></pre>
<ul>
<li>
<p>Remove all <code>control/smtpport</code> file under <code>/var/vmail/mlmmj/&lt;domain&gt;/&lt;list-name&gt;/</code>.

4
html/concurrent.processing.html
View File

@ -37,13 +37,11 @@ Sample settings:</p>
$max_servers = 4;
</code></pre>
<pre><code># File: /etc/postfix/master.cf
smtp-amavis unix - - - - 4 smtp
...
</code></pre>
<p>Both values should be identical for two reasons: If Amavisd offers more
processes than Postfix will ever use, Amavisd wastes resources. On the other
hand, if Postfix starts more dedicated transports than amavisd can handle
@ -56,14 +54,12 @@ time. Sample setting:</p>
$max_servers = 10;
</code></pre>
<p>Restarting Amavisd service is required.</p>
<pre><code># File: /etc/postfix/master.cf
smtp-amavis unix - - - - 10 smtp
...
</code></pre>
<p>Note: If you don't want to modify <code>/etc/postfix/master.cf</code>, it's ok to set
<code>smtp-amavis_destination_concurrency_limit = 10</code> in <code>/etc/postfix/main.cf</code>
instead.</p>

52
html/dbmail.mysql.centos.html
View File

@ -116,23 +116,20 @@ store mail accounts and messages.</p>
</ul>
<pre><code># useradd -s /sbin/nologin -m dbmail
</code></pre>
<p>Above command will create group <code>dbmail</code> and system user <code>dbmail</code>. You can verify it with command <code>id</code>:</p>
<pre><code># id dbmail
uid=504(dbmail) gid=504(dbmail) groups=504(dbmail)
</code></pre>
<ul>
<li>Create MySQL database <code>dbmail</code> to store mail accounts and mail messages. Replace <code>password_of_dbmail</code> below with your password.</li>
</ul>
<pre><code class="sql">$ mysql -uroot -p
<pre><code class="language-sql">$ mysql -uroot -p
mysql&gt; CREATE DATABASE dbmail DEFAULT CHARACTER SET utf8;
mysql&gt; GRANT ALL ON dbmail.* TO dbmail@localhost IDENTIFIED BY 'password_of_dbmail';
mysql&gt; FLUSH PRIVILEGES;
</code></pre>
<p>We now have a MySQL database <code>dbmail</code>, you can access it with MySQL user <code>dbmail</code> and password <code>password_of_dbmail</code>. You can verify it with MySQL command line:</p>
<pre><code class="sql">$ mysql -udbmail -p
<pre><code class="language-sql">$ mysql -udbmail -p
Enter password: # &lt;- Type password of MySQL user dbmail here.
mysql&gt; show databases;
@ -144,14 +141,12 @@ mysql&gt; show databases;
+--------------------+
2 rows in set (0.04 sec)
</code></pre>
<ul>
<li>Stop Dovecot daemon. Since Dovecot will be replaced by DBMail, we must stop it:</li>
</ul>
<pre><code># /etc/init.d/dovecot stop
# chkconfig --level 345 dovecot off
</code></pre>
<h3 id="install-dbmail">Install DBMail</h3>
<p>DBMail is available in <a href="http://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F">EPEL repository</a>, we will use this yum repository to install DBMail.</p>
<p>It's now ready to install DBMail core component and library used to connect MySQL.</p>
@ -169,15 +164,13 @@ mysql&gt; show databases;
# yum clean all
# yum install dbmail
</code></pre>
<p>On RHEL/CentOS/Scientific Linux 6.x, please make sure you have DBMail 3.0.0-rc3 or later version installed:</p>
<pre><code># rpm -q dbmail
dbmail-3.0.0-0.6.rc3.el6.x86_64
</code></pre>
<p>Main configure file of DBMail is <code>/etc/dbmail.conf</code> by default, we will configure it later.</p>
<p>DBMail provides a MySQL template file <code>/usr/share/doc/dbmail-x.y.z/sql/mysql/create_tables.mysql</code> (replace 'x.y.z' by real version number on your server), we should import it to create necessary MySQL tables to store mail accounts and messages. Here we use 'dbmail-3.0.0' for example.</p>
<pre><code class="shell"># rpm -ql dbmail | grep 'create_tables.mysql'
<pre><code class="language-shell"># rpm -ql dbmail | grep 'create_tables.mysql'
/usr/share/doc/dbmail-3.0.0/sql/mysql/create_tables.mysql
# mysql -udbmail -p
@ -185,7 +178,6 @@ mysql&gt; USE dbmail;
mysql&gt; SOURCE /usr/share/doc/dbmail-3.0.0/sql/mysql/create_tables.mysql;
mysql&gt; SHOW TABLES; # &lt; See what tables were created.
</code></pre>
<h3 id="configure-dbmail">Configure DBMail</h3>
<p>Now open configure file of DBMail, <code>/etc/dbmail.conf</code>, update below settings:</p>
<pre><code>[DBMAIL]
@ -262,20 +254,16 @@ tls_port = 993
# Note: Please set it to 2000 on RHEL/CentOS 5.x, 4190 on RHEL/CentOS 6.x.
port = 4190
</code></pre>
<p>Create directory to store PID files:</p>
<pre><code># mkdir /var/run/dbmail
# chown dbmail:dbmail /var/run/dbmail
</code></pre>
<p>It's ready to start DBMail daemons:</p>
<pre><code># for i in dbmail-imapd dbmail-lmtpd dbmail-pop3d dbmail-timsieved; do /etc/init.d/$i restart; done
</code></pre>
<p>Make sure DBMail daemons will start when system startup:</p>
<pre><code># for i in dbmail-imapd dbmail-lmtpd dbmail-pop3d dbmail-timsieved; do chkconfig --level 345 $i on; done
</code></pre>
<p>Check status of DBMail daemons:</p>
<pre><code># netstat -ntlp | grep dbmail
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 1747/dbmail-pop3d
@ -285,7 +273,6 @@ tcp 0 0 0.0.0.0:4190 0.0.0.0:* LIST
tcp 0 0 0.0.0.0:993 0.0.0.0:* LISTEN 1710/dbmail-imapd
tcp 0 0 0.0.0.0:995 0.0.0.0:* LISTEN 1747/dbmail-pop3d
</code></pre>
<h3 id="create-testing-account">Create testing account</h3>
<p>DBMail daemons are running, let's create a testing account to test POP3/POP3S/IMAP/IMAPS/Managesieve services.</p>
<ul>
@ -297,7 +284,6 @@ Adding INBOX for new user... ok.
Done
test@domain.ltd:x:5:0:0.00:0.00:test@domain.ltd
</code></pre>
<p>Refer to DBMail wiki site for more information about managing users: http://dbmail.org/dokuwiki/doku.php/manage_users</p>
<h3 id="test-pop3imapmanagesieve-services-with-telnet">Test POP3/IMAP/Managesieve services with telnet</h3>
<p>It's OK to test POP3/POP3S/IMAP/IMAPS services with telnet, mutt or Roundcube webmail, here we use telnet and mutt instead. After testing, you can login to Roundcube Webmail directly.</p>
@ -322,11 +308,9 @@ QUIT # &lt;-- DIsconnect
+OK see ya later
Connection closed by foreign host.
</code></pre>
<p>Telnet doesn't support SSL service, so we test POP3S with <code>mutt</code> (a console based mail client application) instead.</p>
<pre><code>$ mutt -f pops://&quot;test@domain.ltd&quot;:mypass@localhost
</code></pre>
<p>If POP3S works well, mutt will show you an empty mailbox. Then type 'q' to exit mutt.</p>
<h4 id="testing-imap-service">Testing IMAP service</h4>
<pre><code>$ telnet localhost 143
@ -348,11 +332,9 @@ Escape character is '^]'.
. OK LOGOUT completed
Connection closed by foreign host.
</code></pre>
<p>Telnet doesn't support SSL service, so we test IMAPS with <code>mutt</code> instead.</p>
<pre><code>$ mutt -f imaps://&quot;test@domain.ltd&quot;:mypass@localhost
</code></pre>
<p>If IMAPS works well, mutt will show you an empty mailbox. Then type 'q' to exit mutt.</p>
<h4 id="testing-managesieve-service">Testing Managesieve service</h4>
<p>Before testing managesieve service, we have to encode username and password first.</p>
@ -363,7 +345,6 @@ Connection closed by foreign host.
<pre><code>$ perl sieve-auth-command.pl test@domain.ltd mypass
AUTHENTICATE &quot;PLAIN&quot; &quot;AHRlc3RAZG9tYWluLmx0ZABteXBhc3M=&quot;
</code></pre>
<p>The command output is what we need.</p>
<p>Now start to test managesieve service:</p>
<pre><code>$ telnet localhost 4190
@ -383,31 +364,26 @@ OK
telnet&gt; quit # &lt;-- Type 'quit' to quit telnet program.
Connection closed.
</code></pre>
<h3 id="integrate-dbmail-in-postfix">Integrate DBMail in Postfix</h3>
<p>Backup Postfix config files before we go further:</p>
<pre><code># cp /etc/postfix/main.cf /etc/postfix/main.cf.bak
# cp /etc/postfix/master.cf /etc/postfix/master.cf.bak
</code></pre>
<ul>
<li>Add below line in <code>/etc/postfix/master.cf</code>, it's new transport provided by DBMail.</li>
</ul>
<pre><code>dbmail-lmtp unix - - n - - lmtp
</code></pre>
<ul>
<li>Since DBMail uses different SQL structure from iRedMail, we have to disable some iRedMail special features in Postfix first.</li>
</ul>
<pre><code># postconf -e recipient_bcc_maps='' relay_domains='$mydestination' sender_bcc_maps='' transport_maps='' virtual_alias_maps=''
</code></pre>
<ul>
<li>Update postfix setting to use DBMail transport:</li>
</ul>
<pre><code># postconf -e virtual_transport='dbmail-lmtp:127.0.0.1:24'
</code></pre>
<ul>
<li>
<p>Update postfix setting in <code>/etc/postfix/main.cf</code>, remove <code>reject_unknown_sender_domain</code> in <code>smtpd_recipient_restrictions</code> setting.</p>
@ -420,7 +396,6 @@ Connection closed.
# postconf -e virtual_mailbox_domains='proxy:mysql:/etc/postfix/dbmail_domains.cf'
# postconf -e virtual_mailbox_maps='proxy:mysql:/etc/postfix/dbmail_mailboxes.cf'
</code></pre>
<p>Content of file <code>/etc/postfix/dbmail_recipients.cf</code>:</p>
<pre><code>hosts = 127.0.0.1
dbname = dbmail
@ -428,7 +403,6 @@ user = dbmail
password = password_of_dbmail
query = SELECT alias FROM dbmail_aliases WHERE alias='%s' LIMIT 1
</code></pre>
<p>Content of file <code>/etc/postfix/dbmail_domains.cf</code>:</p>
<pre><code>hosts = 127.0.0.1
dbname = dbmail
@ -436,7 +410,6 @@ user = dbmail
password = password_of_dbmail
query = SELECT DISTINCT 1 FROM dbmail_aliases WHERE SUBSTRING_INDEX(alias, '@', -1) = '%s'
</code></pre>
<p>Content of file <code>/etc/postfix/dbmail_mailboxes.cf</code>:</p>
<pre><code>hosts = 127.0.0.1
dbname = dbmail
@ -444,7 +417,6 @@ user = dbmail
password = password_of_dbmail
query = SELECT 1 FROM dbmail_aliases WHERE alias='%s' LIMIT 1
</code></pre>
<ul>
<li>Test MySQL queries:</li>
</ul>
@ -457,14 +429,12 @@ test@domain.ltd
# postmap -q 'test@domain.ltd' mysql:/etc/postfix/dbmail_mailboxes.cf
1
</code></pre>
<ul>
<li>It's now OK to send a test email with command <code>mail</code> (provided by package <code>mailx</code>) after restarting Postfix service:</li>
</ul>
<pre><code># /etc/init.d/postfix restart
# mail -s &quot;test&quot; test@domain.ltd &lt; /etc/hosts
</code></pre>
<p>Log in Postfix log file /var/log/maillog:</p>
<blockquote>
<p>Aug 14 06:40:20 c60 postfix/pickup[6017]: B89A141FAD: uid=0 from=<root>
@ -475,13 +445,11 @@ Aug 14 06:40:20 c60 postfix/qmgr[6016]: B89A141FAD: removed</p>
</blockquote>
<h3 id="configure-roundcube-to-work-with-dbmail">Configure Roundcube to work with DBMail</h3>
<p>Change below setting in <code>/var/www/roundcubemail/config/main.inc.php</code>:</p>
<pre><code class="php">$rcmail_config['imap_auth_type'] = &quot;LOGIN&quot;;
<pre><code class="language-php">$rcmail_config['imap_auth_type'] = &quot;LOGIN&quot;;
</code></pre>
<p>Restart Apache, you can now view sent email after logging into Roundcube webmail:</p>
<pre><code># /etc/init.d/httpd restart
</code></pre>
<h2 id="replace-dovecot-with-cyrus-sasl-as-smtp-sasl-auth-daemon">Replace Dovecot with Cyrus-SASL as SMTP SASL auth daemon</h2>
<p>Postfix uses <code>dovecot</code> as SASL type in iRedMail by default, since Dovecot will be replaced by DBMail, we cannot use Dovecot anymore. So we're going to install Cyrus-SASL libraries, and use daemon 'saslauthd' for SMTP SASL auth.</p>
<p>In this section, we will:</p>
@ -492,11 +460,10 @@ Aug 14 06:40:20 c60 postfix/qmgr[6016]: B89A141FAD: removed</p>
</ul>
<h3 id="install-cyrus-sasl-libraries">Install Cyrus-SASL libraries</h3>
<p>Cyrus-SASL libraries are available in default yum repositories.
<em> For RHEL, they're available in yum repository <code>rhn</code> or CD/DVD images.
</em> For CentOS and Scientific Linux, they're available in default yum repositories.</p>
* For RHEL, they're available in yum repository <code>rhn</code> or CD/DVD images.
* For CentOS and Scientific Linux, they're available in default yum repositories.</p>
<pre><code># yum install cyrus-sasl cyrus-sasl-lib cyrus-sasl-sql cyrus-sasl-plain cyrus-sasl-md5
</code></pre>
<h3 id="configure-cyrus-sasl">Configure Cyrus-SASL</h3>
<p>Configure Cyrus-SASL daemon config file:</p>
<ul>
@ -522,13 +489,11 @@ sql_database: dbmail
sql_verbose: no
sql_select: SELECT passwd FROM dbmail_users WHERE userid = '%u'
</code></pre>
<p>Update <code>/etc/sysconfig/saslauthd</code> (refer to manual page saslauthd(8) for more information):</p>
<pre><code>SOCKETDIR=/var/spool/postfix/var/run/saslauthd
MECH=rimap
FLAGS='-O 127.0.0.1 -r'
</code></pre>
<p>Notes:</p>
<ul>
<li>We set <code>SOCKETDIR</code> to <code>/var/spool/postfix/var/run/saslauthd/</code> so that Postfix works fine under chroot.</li>
@ -537,26 +502,21 @@ FLAGS='-O 127.0.0.1 -r'
<p>Create directory used to store saslauthd daemon socket file:</p>
<pre><code># mkdir -p /var/spool/postfix/var/run/saslauthd/
</code></pre>
<p>Start service saslauthd now, and make it auto start when system boot:</p>
<pre><code># /etc/init.d/saslauthd restart
# chkconfig --level 345 saslauthd on
</code></pre>
<h3 id="test-saslauthd-and-troubleshooting">Test saslauthd and troubleshooting</h3>
<pre><code># testsaslauthd -f /var/spool/postfix/var/run/saslauthd/mux -u 'test@domain.ltd' -p 'mypass'
0: OK &quot;Success.&quot;
</code></pre>
<p>Note: If you're running DBMail-3.0.0-rc1, you will always get <code>0: NO "authentication failed"</code>, because DBMail-3.0.0-rc1 has a compatibility issue with Cyrus-SASL.</p>
<h3 id="enable-cyrus-sasl-in-postfix">Enable Cyrus-SASL in Postfix</h3>
<pre><code># postconf -e smtpd_sasl_path='smtpd' smtpd_sasl_type='cyrus'
</code></pre>
<p>Restarting Postfix service to make it work:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<p>You can now send email with Roundcube webmail.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

2
html/debug.amavisd-zh_CN.html
View File

@ -24,11 +24,9 @@
然后重启 amavisd 服务。</p>
<pre><code>$log_level = 5; # 日志等级0 到 5或 -d
</code></pre>
<p>如果需要调试 SpamAssassin请同时修改 <code>$sa_debug</code> 参数:</p>
<pre><code>$sa_debug = 1;
</code></pre>
<p>在 iRedMail 里Amavisd 会记录日志到 <a href="./file.locations.html#postfix">Postfix 日志文件</a></p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

2
html/debug.amavisd.html
View File

@ -24,11 +24,9 @@
then restart amavis service.</p>
<pre><code>$log_level = 5; # verbosity 0..5, -d
</code></pre>
<p>If you want to debug SpamAssassin, please update <code>$sa_debug</code> also:</p>
<pre><code>$sa_debug = 1;
</code></pre>
<p>Amavisd is configured by iRedMail to log to <a href="./file.locations.html#postfix">Postfix log file</a>.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

1
html/debug.cluebringer.html
View File

@ -36,7 +36,6 @@ service.</p>
<pre><code>log_level=4
log_detail=modules,tracking,policies
</code></pre>
<p>Cluebringer is configured to log to <code>/var/log/cbpolicyd.log</code> by default, so
please monitor this file to check detailed debug log.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

2
html/debug.dovecot-zh_CN.html
View File

@ -27,7 +27,6 @@
<p>要调试 Dovecot请修改 <code>dovecot.conf</code> 的如下参数:</p>
<pre><code>mail_debug = yes
</code></pre>
<p>之后重启 Dovecot 服务。</p>
<p>如果需要查看验证和密码相关的调试信息,请修改如下参数并重启 Dovecot 服务:</p>
<pre><code>auth_verbose = yes
@ -35,7 +34,6 @@ auth_debug = yes
auth_debug_passwords = yes
auth_verbose_passwords = yes
</code></pre>
<p>如果重启 Dovecot 服务时看到很多错误信息(例如:<code>dovecot fails, spawning too
quickly</code>),可能是由于 Dovecot 配置文件中有某种错误导致的。请在命令行手动重启
Dovecot 服务,它会报告配置文件的错误:</p>

4
html/debug.dovecot.html
View File

@ -28,7 +28,6 @@
config file <code>dovecot.conf</code>:</p>
<pre><code>mail_debug = yes
</code></pre>
<p>Restart Dovecot service.</p>
<p>If you need authentication and password related debug message, turn on related
settings and restart dovecot service.</p>
@ -39,10 +38,9 @@ auth_debug_passwords = yes
# Set to 'yes' or 'plain', to output plaintext password (NOT RECOMMENDED).
auth_verbose_passwords = plain
</code></pre>
<p>If Dovecot service cannot start, please run it manually, it will print the
error message on console:</p>
<pre><code class="shell">dovecot -c /etc/dovecot/dovecot.conf
<pre><code class="language-shell">dovecot -c /etc/dovecot/dovecot.conf
</code></pre><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

1
html/debug.fail2ban.html
View File

@ -22,7 +22,6 @@ If file <code>/etc/fail2ban/fail2ban.local</code> doesn't exist, use
<code>/etc/fail2ban/fail2ban.conf</code> instead.</p>
<pre><code>loglevel = DEBUG
</code></pre>
<h2 id="log-file">Log File</h2>
<p>Fail2ban may log to different log files on different Linux/BSD distributions:</p>
<ul>

1
html/debug.iredapd.html
View File

@ -22,7 +22,6 @@ service.</p>
<pre><code># Log level: info, debug.
log_level = 'debug'
</code></pre>
<h3 id="log-file">Log File</h3>
<p>Log file is configured in <code>/opt/iredapd/settings.py</code>, parameter <code>log_file =</code>.
Please monitor its log file to check detailed debug log.</p>

1
html/debug.mysql.html
View File

@ -26,7 +26,6 @@ config file <code>my.cnf</code>:</p>
general_log = 1
general_log_file = /var/log/mysql.log
</code></pre>
<p>Then restart MySQL/MariaDB service.</p>
<p>Note: MySQL/MariaDB daemon user must have permission to write this log file.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

1
html/debug.nginx.html
View File

@ -22,7 +22,6 @@
in parameter <code>error_log</code> like below:</p>
<pre><code>error_log ... debug;
</code></pre>
<p>Then restart Nginx service.</p>
<p>Nginx logs detailed debug info to <code>/var/log/nginx/error.log</code> (Linux/FreeBSD)
or <code>/var/www/logs/error.log</code> (OpenBSD).</p><div class="footer">

1
html/debug.openldap.html
View File

@ -24,7 +24,6 @@
</ul>
<pre><code>loglevel 256
</code></pre>
<p>OpenLDAP is configured by iRedMail to log into <code>/var/log/openldap.log</code> by default.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

3
html/debug.postfix.html
View File

@ -24,19 +24,16 @@ hostname or IP address in the <code>debug_peer_list</code> parameter (in
<code>/etc/postfix/main.cf</code>). For example:</p>
<pre><code>debug_peer_list = 192.168.0.1
</code></pre>
<p>You can specify one or more hosts, domains, addresses or net/masks. Execute
command <code>postfix reload</code> to make the change effective immediately.</p>
<h2 id="making-postfix-daemon-programs-more-verbose">Making Postfix daemon programs more verbose</h2>
<p>There're many daemon services defined in <code>/etc/postfix/master.cf</code>, for example:</p>
<pre><code>smtp inet n - n - - smtpd
</code></pre>
<p>To make Postfix logging verbose info of this daemon, please append one or more
<code>-v</code> options to selected daemon and execute command <code>postfix reload</code>.</p>
<pre><code>smtp inet n - n - - smtpd -v
</code></pre>
<ul>
<li>To diagnose problems with address rewriting specify a <code>-v</code> option for the
<code>cleanup(8)</code> and/or <code>trivial-rewrite(8)</code> daemon.</li>

1
html/debug.roundcubemail.html
View File

@ -35,7 +35,6 @@ $config['ldap_debug'] = true;
// Log SMTP conversation
$config['smtp_debug'] = true;
</code></pre>
<p>No need to restart web service.</p>
<p>Roundcube is configured (by iRedMail) to log to Postfix log file, it's
<code>/var/log/maillog</code> or <code>/var/log/mail.log</code>.</p><div class="footer">

1
html/debug.sogo.html
View File

@ -27,7 +27,6 @@ options, like below:</p>
//MySQL4DebugEnabled = YES;
//PGDebugEnabled = YES;
</code></pre>
<p>Please uncomment the one you need, then restart SOGo service. You can find
debug log in its log file <code>/var/log/sogo/sogo.log</code>.</p>
<p>If you need source code level debugging, please read this tutorial instead:

1
html/disable.greylisting-it_IT.html
View File

@ -39,7 +39,6 @@ iRedAPD: <a href="./cluebringer.to.iredapd.html">Migrare da Cluebringer to iRedA
<pre><code>[Greylisting]
enable=1
</code></pre>
<p>Per disabilitare il greylisting, cambiare <code>enabled=1</code> in <code>enabled=0</code> e riavviare
e il servizio Cluebringer.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

1
html/disable.greylisting-zh_CN.html
View File

@ -34,7 +34,6 @@ Cluebringer请迁移到 iRedMail 自行开发的 iRedAPD迁移文档
<pre><code>[Greylisting]
enable=1
</code></pre>
<p>要禁用灰名单,把 <code>enabled=1</code> 改为 <code>enabled=0</code>,并重启 Cluebringer 服务即可。</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

1
html/disable.greylisting.html
View File

@ -38,7 +38,6 @@ iRedAPD: <a href="./cluebringer.to.iredapd.html">Migrate from Cluebringer to iRe
<pre><code>[Greylisting]
enable=1
</code></pre>
<p>To disable gryelisting, please change <code>enabled=1</code> to <code>enabled=0</code>, then restart
Cluebringer service.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>

3
html/disable.spam.virus.scanning.for.outgoing.mails-it_IT.html
View File

@ -31,7 +31,7 @@ oppure in <code>/etc/amavis/conf.d/50-user</code> (per Debian/Ububtu) oppure <co
<li>bypass_banned_checks_maps</li>
</ul>
<p>Queste configurazioni possono essere aggiunti nel blocco di configurazione <code>$policy_bank{'ORIGINATING'}</code>:</p>
<pre><code class="perl">$policy_bank{'ORIGINATING'} = {
<pre><code class="language-perl">$policy_bank{'ORIGINATING'} = {
[...OMETTERE ALTRE CONFIGURAZIONI QUI...]
# don't perform spam/virus/header check.
@ -43,7 +43,6 @@ oppure in <code>/etc/amavis/conf.d/50-user</code> (per Debian/Ububtu) oppure <co
bypass_banned_checks_maps =&gt; [1],
}
</code></pre>
<p>Il riavvio del servizio Amavisd è necessario dopo aver effettuato le modifiche.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

3
html/disable.spam.virus.scanning.for.outgoing.mails-zh_CN.html
View File

@ -30,7 +30,7 @@
<li>bypass_banned_checks_maps</li>
</ul>
<p>这些设置可以添加到 <code>$policy_bank{'ORIGINATING'}</code> 配置里。例如:</p>
<pre><code class="perl">$policy_bank{'ORIGINATING'} = {
<pre><code class="language-perl">$policy_bank{'ORIGINATING'} = {
[...此处省略其它配置参数...]
# 不执行垃圾扫描、病毒扫描、邮件头检测
@ -42,7 +42,6 @@
bypass_banned_checks_maps =&gt; [1],
}
</code></pre>
<p>更改设置后需要重启 Amavisd 服务以使更改生效。</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

3
html/disable.spam.virus.scanning.for.outgoing.mails.html
View File

@ -31,7 +31,7 @@ in Amavisd config file: <code>/etc/amavisd/amavisd.conf</code> (RHEL/CentOS) or
<li>bypass_banned_checks_maps</li>
</ul>
<p>These settings can be added in setting block <code>$policy_bank{'ORIGINATING'}</code>:</p>
<pre><code class="perl">$policy_bank{'ORIGINATING'} = {
<pre><code class="language-perl">$policy_bank{'ORIGINATING'} = {
[...OMIT OTHER SETTINGS HERE...]
# don't perform spam/virus/header check.
@ -43,7 +43,6 @@ in Amavisd config file: <code>/etc/amavisd/amavisd.conf</code> (RHEL/CentOS) or
bypass_banned_checks_maps =&gt; [1],
}
</code></pre>
<p>Restarting Amavisd service is required after changing settings.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

15
html/dovecot.imapsieve.html
View File

@ -109,7 +109,6 @@ plugin {
}
</code></pre>
<h2 id="create-required-directories-and-files">Create required directories and files</h2>
<p>We will create few directories and files used by <code>imap_sieve</code> plugin:</p>
<ul>
@ -134,7 +133,6 @@ mkdir -p /var/vmail/imapsieve_copy
chown vmail:vmail /var/vmail/imapsieve_copy
chmod 0700 /var/vmail/imapsieve_copy
</code></pre>
<p>Create file <code>/var/vmail/sieve/report_spam.sieve</code> with content below:</p>
<pre><code>require [&quot;vnd.dovecot.pipe&quot;, &quot;copy&quot;, &quot;imapsieve&quot;, &quot;environment&quot;, &quot;variables&quot;];
@ -144,7 +142,6 @@ if environment :matches &quot;imap.user&quot; &quot;*&quot; {
pipe :copy &quot;imapsieve_copy&quot; [ &quot;${username}&quot;, &quot;spam&quot; ];
</code></pre>
<p>Create file <code>/var/vmail/sieve/report_ham.sieve</code> with content below:</p>
<pre><code>require [&quot;vnd.dovecot.pipe&quot;, &quot;copy&quot;, &quot;imapsieve&quot;, &quot;environment&quot;, &quot;variables&quot;];
@ -162,7 +159,6 @@ if environment :matches &quot;imap.user&quot; &quot;*&quot; {
pipe :copy &quot;imapsieve_copy&quot; [ &quot;${username}&quot;, &quot;ham&quot; ];
</code></pre>
<p>Create file <code>/etc/dovecot/sieve/pipe/imapsieve_copy</code> with content below:</p>
<pre><code>#!/usr/bin/env bash
# Author: Zhang Huangbin &lt;zhb@iredmail.org&gt;
@ -194,7 +190,6 @@ cat &gt; ${FILE} &lt; /dev/stdin
#export LOG='logger -p local5.info -t imapsieve_copy'
#[[ $? == 0 ]] &amp;&amp; ${LOG} &quot;Copied one ${MSG_TYPE} email reported by ${USER}: ${FILE}&quot;
</code></pre>
<p>Set correct file owner and permissions:</p>
<pre><code>chown vmail:vmail /var/vmail/sieve/report_spam.sieve \
/var/vmail/sieve/report_ham.sieve \
@ -204,11 +199,9 @@ chmod 0700 /var/vmail/sieve/report_spam.sieve \
/var/vmail/sieve/report_ham.sieve \
/etc/dovecot/sieve/pipe/imapsieve_copy
</code></pre>
<p>Restart Dovecot service to enable this plugin.</p>
<pre><code>service dovecot restart
</code></pre>
<h2 id="setup-cron-job-to-scan-and-learn-spamham-messages">Setup cron job to scan and learn spam/ham messages</h2>
<p>Dovecot can now save a copy of reported spam/ham automatically, we still need
a shell script to call SpamAssassin to actually learn spam/ham periodly.</p>
@ -308,13 +301,11 @@ fi
rm -f ${LOCK_FILE} &amp;&gt;/dev/null
</code></pre>
<p>Run command <code>crontab -e -u root</code> to setup cron job for root user, scan emails
every 10 minutes:</p>
<pre><code># iRedMail: Scan reported mails.
*/10 * * * * /bin/bash /etc/dovecot/sieve/scan_reported_mails.sh
</code></pre>
<h2 id="tests">Tests</h2>
<h3 id="report-spam-move-email-from-inbox-to-junk">Report spam: Move email from Inbox to Junk</h3>
<div class="admonition attention">
@ -333,7 +324,6 @@ below:</p>
Jan 31 21:10:42 c7 dovecot: imap(&lt;email&gt;): sieve: left message in mailbox 'Junk'
Jan 31 21:10:42 c7 dovecot: imap(&lt;email&gt;): expunge: box=INBOX, uid=7, msgid=, size=7805, from=&lt;email&gt;, subject=&lt;subject&gt;
</code></pre>
<p>In the meantime, you should see an email in <code>/var/vmail/imapsieve_copy/spam/</code>,
file name in <code>&lt;email&gt;-&lt;timestamp&gt;-&lt;random_number&gt;.eml</code> format.</p>
<h3 id="report-ham-move-email-from-junk-to-any-other-folder-except-trash">Report ham: Move email from Junk to any other folder (except <code>Trash</code>)</h3>
@ -345,20 +335,17 @@ see log lines like below:</p>
Jan 31 21:15:51 c7 dovecot: imap(&lt;email&gt;): sieve: left message in mailbox 'INBOX'
Jan 31 21:15:51 c7 dovecot: imap(&lt;email&gt;): expunge: box=Junk, uid=7, msgid=, size=7805, from=&lt;email&gt;, subject=&lt;subject&gt;
</code></pre>
<p>In the meantime, you should see an email in <code>/var/vmail/imapsieve_copy/ham/</code>,
file name in <code>&lt;email&gt;-&lt;timestamp&gt;-&lt;random_number&gt;.eml</code> format.</p>
<h3 id="scan-reported-mails">Scan reported mails</h3>
<p>It's ok to run the script manually to scan reported mails:</p>
<pre><code>bash /etc/dovecot/sieve/scan_reported_mails.sh
</code></pre>
<p>If it scanned messages, it will log a message in <code>/var/log/syslog</code> or
<code>/var/log/messages</code> like this:</p>
<pre><code>Jan 31 04:51:34 mail scan_reported_mails: [CLEAN] Learned tokens from 1 message(s) (1 message(s) examined)
Jan 31 05:03:16 mail scan_reported_mails: [SPAM] Learned tokens from 1 message(s) (1 message(s) examined)
</code></pre>
<h3 id="check-detailed-bayes-learning-log-on-command-line">Check detailed bayes learning log on command line</h3>
<p>You can either <a href="./debug.amavisd.html">turn on debug mode in Amavisd and SpamAssassin</a>
to check how bayes learning works in SpamAssassin, or run <code>sa-learn</code> manually
@ -372,7 +359,6 @@ May 21 05:27:08.264 [32241] dbg: bayes: learner_new: got store=Mail::SpamAssassi
M
...
</code></pre>
<h2 id="check-bayes-data">Check bayes data</h2>
<p>Run <code>sa-learn</code> as Amavisd daemon user with <code>--dump</code> argument will show the bayes data like below:</p>
<pre><code># su -s /bin/bash amavis -c &quot;sa-learn --dump magic&quot;
@ -388,7 +374,6 @@ M
0.000 0 43200 0 non-token data: last expire atime delta
0.000 0 59325 0 non-token data: last expire reduction count
</code></pre>
<ul>
<li><code>nspam</code> means number of learnt spams.</li>
<li><code>nham</code> means number of learnt ham/clean emails.</li>

3
html/dovecot.master.user.html
View File

@ -25,7 +25,6 @@ master user.</p>
<p>The format is simple:</p>
<pre><code>username:password
</code></pre>
<p>You can generate a password supported by Dovecot first. for example, SSHA512.
Let's generate password hash for our password <code>my_master_password</code>:</p>
<pre><code># doveadm pw -s SSHA512
@ -33,13 +32,11 @@ Enter new password: my_master_password
Retype new password: my_master_password
{SSHA512}B0VHomJaMk6aLXOPglgNgJtCUA8JRnOweAwJxRW6NPWSNZ25rG/L6T05DJXH+t8WCQkemBilgkcEi6mq4Kadssivtts=
</code></pre>
<p>You can now pick up any username you like, for example, <code>my_master_user@not-exist.com</code>.
Now add new master user in file
<code>/etc/dovecot/dovecot-master-users</code> like below:</p>
<pre><code>my_master_user@not-exist.com:{SSHA512}B0VHomJaMk6aLXOPglgNgJtCU...
</code></pre>
<p>Now you can access <code>user@domain.ltd</code>'s mailbox (via either IMAP or POP3
protocol) as user <code>user@domain.ltd*my_master_user@not-exist.com</code> with password
<code>my_master_password</code> with Roundcube webmail (it should work with other MUAs).</p>

8
html/ejabberd.openldap.ubuntu.html
View File

@ -38,7 +38,6 @@
<h2 id="install-ejabberd">Install Ejabberd</h2>
<pre><code>apt-get install ejabberd
</code></pre>
<h2 id="configure-ejabberd">Configure ejabberd</h2>
<h3 id="use-a-proper-ldap-bind-dnpassword-to-query-accounts">Use a proper LDAP bind dn/password to query accounts</h3>
<p>iRedMail generates a LDAP bind dn <code>cn=vmail,dc=xxx,dc=xxx</code> with read-only
@ -50,7 +49,6 @@ installation, you can find the full dn and password in
bind_dn = cn=vmail,dc=example,dc=com
bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
</code></pre>
<h3 id="configure-ejabberd_1">Configure ejabberd</h3>
<p>Ejabberd's configuration files are written in Erlang syntax, which might be difficult to comprehend. Thankfully, the modifications we need to make are relatively minor and straightforward. The main ejabberd configuration file is located at /etc/ejabberd/ejabberd.cfg. We'll cover each relevant option in turn.</p>
<p>In Erlang, comments begin with the % sign.</p>
@ -91,7 +89,6 @@ bind_pw = InYTi8qGjamTb6Me2ESwbb6rxQUs5y
{ldap_filter, &quot;(&amp;(objectClass=mailUser)(accountStatus=active))&quot;}.
{ldap_uids, [{&quot;mail&quot;, &quot;%u@%d&quot;}]}.
</code></pre>
<h3 id="start-ejabberd-service">Start ejabberd service</h3>
<pre><code># /etc/init.d/ejabberd start
Starting jabber server: ejabberd.
@ -100,7 +97,6 @@ Starting jabber server: ejabberd.
Node ejabberd@u910 is started. Status: started
ejabberd is running
</code></pre>
<h3 id="config-iptables">Config iptables</h3>
<p>Ejabberd uses some standard ports:</p>
<ul>
@ -115,11 +111,9 @@ ejabberd is running
-A INPUT -p tcp --dport 5269 -j ACCEPT
-A INPUT -p tcp --dport 5280 -j ACCEPT
</code></pre>
<p>Restart the iptables service.</p>
<pre><code>/etc/init.d/iptables restart
</code></pre>
<h3 id="web-access-ejabberd-admin-console">Web Access Ejabberd Admin Console</h3>
<p>Now you can access <a href="http://192.168.1.10:5280/admin/">http://192.168.1.10:5280/admin/</a></p>
<p>Login in the ejabberd web admin, We have seting www@example.com as admin for the ejabberd server</p>
@ -131,7 +125,6 @@ ejabberd is running
<pre><code>% Hostname
{hosts, [&quot;example.com&quot;,&quot;test.com&quot;]}.
</code></pre>
<h3 id="xmpp-clients">XMPP Clients</h3>
<p>There're many free and open source XMPP clients available, you can choose the
one you prefer listed on this page: <a href="http://xmpp.org/software/clients.html">http://xmpp.org/software/clients.html</a></p>
@ -144,7 +137,6 @@ be created in the DNS Management tool of your choice:</p>
<pre><code>_xmpp-client._tcp.example.net. 86400 IN SRV 5 0 5222 example.net.
_xmpp-server._tcp.example.net. 86400 IN SRV 5 0 5269 example.net.
</code></pre>
<p>For more examples, please read this tutorial: <a href="http://wiki.xmpp.org/web/SRV_Records">http://wiki.xmpp.org/web/SRV_Records</a></p>
<h2 id="troubleshooting">Troubleshooting</h2>
<ol>

2
html/enable.dnsbl.html
View File

@ -38,7 +38,6 @@ DNS server speeds up the mail flow.</p>
reject_rbl_client zen.spamhaus.org=127.0.0.[2..11]
reject_rbl_client b.barracudacentral.org=127.0.0.2
</code></pre>
<p>It must be placed after <code>reject_unauth_destination</code>. You can add more DNSBL
services after <code>reject_unauth_destination</code>, and they will be queried in the
specified order.</p>
@ -55,7 +54,6 @@ response code.</p>
zen.spamhaus.org=127.0.0.[2..11]*3
b.barracudacentral.org=127.0.0.2*2
</code></pre>
<ul>
<li>Restart or reload Postfix service is required.</li>
</ul>

3
html/enable.postscreen.html
View File

@ -40,7 +40,6 @@ service.</p>
</ol>
<pre><code># bash enable_postscreen.sh
</code></pre>
<p>That's all.</p>
<p>Important notes:</p>
<ul>
@ -62,7 +61,6 @@ it by following steps below.</p>
smtp inet n - - - 1 postscreen
smtpd pass - - n - - smtpd
</code></pre>
<ul>
<li>Uncomment first line, comment out the other 2 lines:</li>
</ul>
@ -70,7 +68,6 @@ smtpd pass - - n - - smtpd
#smtp inet n - - - 1 postscreen
#smtpd pass - - n - - smtpd
</code></pre>
<ul>
<li>Now restart or reload Postfix service. That's it. No need to modify any
setting in <code>/etc/postfix/main.cf</code>.</li>

2
html/enable.smtp.auth.on.port.25-it_IT.html
View File

@ -37,7 +37,6 @@
#smtpd_tls_auth_only = yes
#smtpd_sasl_security_options = noanonymous
</code></pre>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Con <code>smtpd_tls_auth_only = yes</code> si rende necessaria l'abilitazione di STARTTLS per una connessione sicura, Se non la volete per qualsivoglia motivo, commentatelo.</p>
@ -49,7 +48,6 @@
smtpd_tls_auth_only = yes
smtpd_sasl_security_options = noanonymous
</code></pre>
<ul>
<li>Riavvia o ricarica il servizio Postfix</li>
</ul>

1
html/enable.smtp.auth.on.port.25.html
View File

@ -41,7 +41,6 @@ connection, you may try another tutorial instead:
smtpd_sasl_security_options = noanonymous
smtpd_tls_auth_only = yes
</code></pre>
<ul>
<li>Restart or reload Postfix service.</li>
</ul>

7
html/enable.smtps-it_IT.html
View File

@ -55,7 +55,6 @@ Estratto da <a href="https://it.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
</code></pre>
<p>Riavviate il servizio Postfix per abilitare SMTPS.</p>
<p><strong>WARNING</strong>: Fare attenzione di avere Amavisd in ascolto sulla porta 10026 (ed 10024, 9998).</p>
<h3 id="aprirte-la-porta-465-sul-firewall">Aprirte la porta <code>465</code> sul firewall</h3>
@ -68,7 +67,6 @@ Estratto da <a href="https://it.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<ul>
<li>Su RHEL/CentOS 7, aggiungete il file <code>/etc/firewalld/services/smtps.xml</code>, che contiene quello che vedete qui sotto:</li>
</ul>
@ -79,18 +77,15 @@ Estratto da <a href="https://it.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
&lt;port protocol=&quot;tcp&quot; port=&quot;465&quot;/&gt;
&lt;/service&gt;
</code></pre>
<p>Modificate il file <code>/etc/firewalld/zones/iredmail.xml</code> abilitando il servizio smtp inserendo la linea <code>&lt;service name="smtps"/&gt;</code> inside <code>&lt;zone&gt;&lt;/zone&gt;</code> nel blocco seguente:</p>
<pre><code>&lt;zone&gt;
...
&lt;service name=&quot;smtps&quot;/&gt;
&lt;/zone&gt;
</code></pre>
<p>Riavviate il servizio firewall:</p>
<pre><code># firewall-cmd --complete-reload
</code></pre>
<h3 id="su-debianububtu">Su Debian/Ububtu</h3>
<p>Su Debian/Ubuntu, se usate le regole per iptables configurate da iRedMail, aggiornate il file <code>/etc/default/iptables</code>, aggiungete una regola (la terza del codice qui sotto) per la porta 465 e successivamente riavviate il servizio iptables.</p>
<pre><code># Part of file: /etc/default/iptables
@ -98,13 +93,11 @@ Estratto da <a href="https://it.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<h3 id="su-openbsd">Su OpenBSD</h3>
<p>Su OpenBSD, aggiungete il servizio <code>smtps</code> in <code>/etc/pf.conf</code>, parameter <code>mail_services=</code>:</p>
<pre><code># Part of file: /etc/pf.conf
mail_services=&quot;{www, https, submission, imap, imaps, pop3, pop3s, ssh, smtps}&quot;
</code></pre>
<p>Ricaricate il file delle regole di PF</p>
<pre><code># pfctl -f /etc/pf.conf
</code></pre><div class="footer">

7
html/enable.smtps.html
View File

@ -57,7 +57,6 @@ Quote from <a href="http://en.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
-o content_filter=smtp-amavis:[127.0.0.1]:10026
</code></pre>
<p>Restart Postfix service to enable SMTPS.</p>
<p><strong>WARNING</strong>: Please make sure you have Amavisd listening on port 10026 (and 10024, 9998).</p>
<h3 id="open-port-465-in-firewall">Open port <code>465</code> in firewall</h3>
@ -70,7 +69,6 @@ Quote from <a href="http://en.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<ul>
<li>on RHEL/CentOS 7, please add file <code>/etc/firewalld/services/smtps.xml</code>, with content below</li>
</ul>
@ -81,7 +79,6 @@ Quote from <a href="http://en.wikipedia.org/wiki/SMTPS">wikipedia.org</a></p>
&lt;port protocol=&quot;tcp&quot; port=&quot;465&quot;/&gt;
&lt;/service&gt;
</code></pre>
<p>Update file <code>/etc/firewalld/zones/iredmail.xml</code>, enable smtps service by
inserting line <code>&lt;service name="smtps"/&gt;</code> inside <code>&lt;zone&gt;&lt;/zone&gt;</code> block like
below:</p>
@ -90,11 +87,9 @@ below:</p>
&lt;service name=&quot;smtps&quot;/&gt;
&lt;/zone&gt;
</code></pre>
<p>Restart firewalld service:</p>
<pre><code># firewall-cmd --complete-reload
</code></pre>
<h4 id="on-debianubuntu">on Debian/Ubuntu</h4>
<p>On Debian/Ubuntu, if you use iptables rule file provided by iRedMail, please update <code>/etc/default/iptables</code>, add one rule (third line in below code) for port 465, then restart iptables service.</p>
<pre><code># Part of file: /etc/default/iptables
@ -102,13 +97,11 @@ below:</p>
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<h4 id="on-openbsd">on OpenBSD</h4>
<p>On OpenBSD, please append service <code>smtps</code> in <code>/etc/pf.conf</code>, parameter <code>mail_services=</code>:</p>
<pre><code># Part of file: /etc/pf.conf
mail_services=&quot;{www, https, submission, imap, imaps, pop3, pop3s, ssh, smtps}&quot;
</code></pre>
<p>Reload PF rule file:</p>
<pre><code># pfctl -f /etc/pf.conf
</code></pre><div class="footer">

6
html/errors.html
View File

@ -85,7 +85,6 @@ Postfix parameter <code>smtpd_recipient_restrictions</code>, in file <code>/etc/
reject_sender_login_mismatch,
...
</code></pre>
<p>It will reject the request when $smtpd_sender_login_maps specifies an owner
for the MAIL FROM address, but the client is not (SASL) logged in as that MAIL
FROM address owner; or when the client is (SASL) logged in, but the client
@ -171,7 +170,6 @@ from <strong>ANY</strong> mail server.</p>
</ul>
<pre><code>ALLOWED_LOGIN_MISMATCH_SENDERS = ['user@mydomain.com']
</code></pre>
<p>Notes: <code>user@mydomain.com</code> is the email address you used for smtp authentication.</p>
<h4 id="case-2">case #2</h4>
<p>If you're a member of mailing list or mail alias, and trying to send email with
@ -179,7 +177,6 @@ the email address of mailing list/alias as sender address, you will get same
error. There's another setting you can try (either one is ok):</p>
<pre><code>ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
</code></pre>
<p>It will allow all members of mailing list/alias to send email with the email
of mailing list/alias as the sender address.</p>
<h3 id="unreasonable-virtual_alias_maps-map-expansion-size-for-userdomaincom">unreasonable virtual_alias_maps map expansion size for user@domain.com</h3>
@ -196,7 +193,6 @@ hard limit (default is 1000), or reduce alias members.</p>
Postfix config file <code>/etc/postfix/main.cf</code>:</p>
<pre><code>virtual_alias_expansion_limit = 1500
</code></pre>
<p>Reference: <a href="http://www.postfix.org/postconf.5.html#virtual_alias_expansion_limit">Postfix Configuration Parameters</a></p>
<h3 id="helo-command-rejected-need-fully-qualified-hostname">Helo command rejected: need fully-qualified hostname</h3>
<p>Sample error message in Postfix log file:</p>
@ -214,7 +210,6 @@ by adding a line like below at the top of file <code>/etc/postfix/helo_access.pc
(Linux/OpenBSD) or <code>/usr/local/etc/postfix/helo_access.pcre</code> (FreeBSD):</p>
<pre><code>/^EHSGmbHLUCASPC$/ OK
</code></pre>
<h3 id="helo-command-rejected-host-not-found">Helo command rejected: Host not found</h3>
<p>Sample error message in Postfix log file:</p>
<blockquote>
@ -227,7 +222,6 @@ by adding a line like below at the top of file <code>/etc/postfix/helo_access.pc
(Linux/OpenBSD) or <code>/usr/local/etc/postfix/helo_access.pcre</code> (FreeBSD):</p>
<pre><code>/^mta02\.globetel\.com$/ OK
</code></pre>
<h3 id="helo-command-rejected-access-denied-your-email-was-rejected-because-the-sending-mail-server-does-not-identify-itself-correctly-local">Helo command rejected: ACCESS DENIED. Your email was rejected because the sending mail server does not identify itself correctly (.local)</h3>
<p>It means sender mail server uses a FQDN hostname which ends with <code>.local</code> as
HELO identity. <code>.local</code> is not a valid top level domain name, and all mail

26
html/fail2ban.sql.html
View File

@ -59,7 +59,6 @@ filter = ...
logpath = ...
action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,995,143,993,4190&quot;, protocol=tcp]
</code></pre>
<p>Action name <code>iptables-multipart</code> maps to commands defined in
<code>/etc/fail2ban/action.d/iptables-multiport.conf</code> for different fail2ban actions.
For example:</p>
@ -82,7 +81,6 @@ actionban = ...
# command is executed with Fail2Ban user rights.
actionunban = ...
</code></pre>
<p>In this tutorial, we will add a custom action config file and update jail
config files to use this action.</p>
<h2 id="create-required-sql-database">Create required SQL database</h2>
@ -95,7 +93,6 @@ also a SQL user <code>fail2ban</code>.</p>
<pre><code>cd /tmp
wget https://github.com/iredmail/iRedMail/raw/1.3.2/samples/fail2ban/sql/fail2ban.mysql
</code></pre>
<ul>
<li>
<p>Run <strong>SQL commands</strong> below as <strong>MySQL <code>root</code> user</strong>:</p>
@ -111,7 +108,6 @@ GRANT ALL ON fail2ban.* TO 'fail2ban'@'localhost' IDENTIFIED BY '&lt;my-secret-p
USE fail2ban;
SOURCE /tmp/fail2ban.mysql;
</code></pre>
<ul>
<li>Create required file: <code>/root/.my.cnf-fail2ban</code>. Script will read MySQL
credential from this file instead of storing plain password in script.</li>
@ -122,7 +118,6 @@ port=&quot;3306&quot;
user=&quot;fail2ban&quot;
password=&quot;&lt;my-secret-password&gt;&quot;
</code></pre>
<h3 id="for-postgresql-backend">For PostgreSQL backend</h3>
<p>We will create a new database named <code>fail2ban</code> to store banned IP addresses,
also a SQL user <code>fail2ban</code>.</p>
@ -135,7 +130,6 @@ wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/sql/fail2ban.
su - postgres
psql -d template1
</code></pre>
<ul>
<li>
<p>Run <strong>SQL commands</strong> below:</p>
@ -153,14 +147,12 @@ ALTER DATABASE fail2ban OWNER TO fail2ban;
\c fail2ban fail2ban;
\i /tmp/fail2ban.pgsql;
</code></pre>
<ul>
<li>Now append line below to file <code>~/.pgpass</code> under PostgreSQL daemon user's
HOME directory. Script will read SQL credential from this file.</li>
</ul>
<pre><code>*:*:*:fail2ban:&lt;my-secret-password&gt;
</code></pre>
<h2 id="add-required-fail2ban-config-file-and-script">Add required Fail2ban config file and script</h2>
<p>On Linux, run commands below as <code>root</code> user:</p>
<pre><code>wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/action.d/banned_db.conf
@ -170,7 +162,6 @@ wget https://github.com/iredmail/iRedMail/raw/1.3/samples/fail2ban/bin/fail2ban_
mv fail2ban_banned_db /usr/local/bin/
chmod 0550 /usr/local/bin/fail2ban_banned_db
</code></pre>
<p>File <code>/etc/fail2ban/action.d/banned_db.conf</code> indicates we now have a new action
named <code>banned_db</code> (it's file name without extension). Feel free to open this
file and check what it does.</p>
@ -188,7 +179,6 @@ want to store banned IP in SQL db. Let's take <code>dovecot.local</code> for exa
...
action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,995,143,993,4190&quot;, protocol=tcp]
</code></pre>
<ul>
<li>
<p>Add our new action under existing action:</p>
@ -209,7 +199,6 @@ action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,
action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,995,143,993,4190&quot;, protocol=tcp]
banned_db[name=dovecot, port=&quot;80,443,25,587,465,110,995,143,993,4190&quot;, protocol=tcp]
</code></pre>
<p>That's it. It's recommend to enable this new action <code>banned_db</code> for all jails.</p>
<p>Now restart <code>fail2ban</code> service to load modified config files.</p>
<h2 id="add-required-cron-job-to-query-sql-database-and-unban-ip-addresses">Add required cron job to query SQL database and unban IP addresses</h2>
@ -217,7 +206,6 @@ action = iptables-multiport[name=dovecot, port=&quot;80,443,25,587,465,110,
<pre><code># Fail2ban: Unban IP addresses pending for removal (stored in SQL db).
* * * * * /bin/bash /usr/local/bin/fail2ban_banned_db unban_db
</code></pre>
<p>It runs every minute and queries SQL database to get banned IP addresses which
are pending for removal.</p>
<h2 id="optional-look-up-and-store-country-name-of-banned-ip-address">Optional: look up and store country name of banned IP address</h2>
@ -230,25 +218,21 @@ country of banned IP address and store it in SQL database.</p>
</ul>
<pre><code>yum -y install GeoIP GeoIP-data
</code></pre>
<ul>
<li>On RHEL/CentOS 8:</li>
</ul>
<pre><code>yum -y install GeoIP GeoIP-GeoLite-data
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
<pre><code>apt -y install geoip-bin geoip-database
</code></pre>
<ul>
<li>On OpenBSD 6.6:</li>
</ul>
<pre><code>pkg_add GeoIP geolite-country
</code></pre>
<h2 id="for-iredadmin-pro-users-enable-the-sql-integration">For iRedAdmin-Pro users: Enable the SQL integration</h2>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
@ -270,7 +254,6 @@ fail2ban_db_name = 'fail2ban'
fail2ban_db_user = 'fail2ban'
fail2ban_db_password = '&lt;my-secret-password&gt;'
</code></pre>
<h2 id="tests">Tests</h2>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
@ -280,11 +263,9 @@ fail2ban_db_password = '&lt;my-secret-password&gt;'
<pre><code>fail2ban-client set dovecot banip 1.1.1.1
fail2ban-client set dovecot banip 1.1.1.2
</code></pre>
<p>You can see the banned IP address with command <code>fail2ban-client status &lt;jail&gt;</code>:</p>
<pre><code>fail2ban-client status dovecot
</code></pre>
<p>Command output:</p>
<pre><code>Status for the jail: dovecot
|- Filter
@ -296,11 +277,9 @@ fail2ban-client set dovecot banip 1.1.1.2
|- Total banned: 2
`- Banned IP list: 1.1.1.2 1.1.1.1
</code></pre>
<p>Now run command below to query SQL table <code>fail2ban.banned</code> as <code>root</code> user:</p>
<pre><code>mysql fail2ban -e &quot;SELECT * FROM banned&quot;
</code></pre>
<p>You should see the command output like below:</p>
<pre><code>+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
| id | ip | ports | protocol | jail | hostname | country | timestamp | remove |
@ -309,27 +288,22 @@ fail2ban-client set dovecot banip 1.1.1.2
| 4 | 1.1.1.2 | 22 | tcp | dovecot | ob66.localdomain | AU, Australia | 2020-04-15 13:34:58 | 0 |
+----+---------+-------+----------+---------+------------------+---------------+---------------------+--------+
</code></pre>
<p>Now run <code>fail2ban-client</code> command to unban IP and query SQL table
<code>fail2ban.banned</code> again, you should see unbanned IP is gone:</p>
<pre><code>fail2ban-client set dovecot unbanip 1.1.1.1
</code></pre>
<p>Now run command as <code>root</code> user to update SQL column <code>banned.remove=1</code> to
simulate the unban triggered by iRedAdmin-Pro:</p>
<pre><code>mysql fail2ban -e &quot;UPDATE banned SET remove=1 WHERE ip='1.1.1.2'&quot;
</code></pre>
<p>Run script <code>/usr/local/bin/fail2ban_banned_db</code> with argument <code>unban_db</code> as <code>root</code> user:</p>
<pre><code>/usr/local/bin/fail2ban_banned_db unban_db
</code></pre>
<p>Again, query SQL table <code>fail2ban.banned</code> as <code>root</code> user, you should see the IP
stored in SQL db with <code>remove=1</code> is gone, and unbanned in fail2ban too:</p>
<pre><code>mysql fail2ban -e &quot;SELECT * FROM banned&quot;
fail2ban-client status dovecot
</code></pre>
<h2 id="troubleshooting">Troubleshooting</h2>
<p>If there's something, you should see related log in syslog log file or Fail2ban
log file:</p>

4
html/file.locations.html
View File

@ -46,8 +46,8 @@
<li><a href="#mlmmjadmin">mlmmjadmin</a></li>
<li><a href="#iredapd">iRedAPD</a></li>
<li><a href="#iredadmin">iRedAdmin</a></li>
<li><a href="#apache"><strike>Apache</strike></a></li>
<li><a href="#cluebringer"><strike>Cluebringer</strike></a></li>
<li><a href="#apache">Apache</a></li>
<li><a href="#cluebringer">Cluebringer</a></li>
</ul>
</li>
</ul>

4
html/force.user.to.change.password.html
View File

@ -47,13 +47,12 @@ days, this plugin rejects smtp session with specified message.</p>
<h2 id="how-to-enable-iredapd-plugin">How to enable iRedAPD plugin</h2>
<p>To enable this plugin, please list the plugin name in iRedAPD config file
<code>/opt/iredapd/settings.py</code>, variable <code>plugins =</code>. For example:</p>
<pre><code class="python"># For SQL backends
<pre><code class="language-python"># For SQL backends
plugins = [..., 'sql_force_change_password']
# For LDAP backends:
plugins = [..., 'ldap_force_change_password']
</code></pre>
<p>There're three optional settings pre-defined in <code>/opt/iredapd/libs/default_settings.py</code>,
if you want to change them, please copy the parameter names and set proper values
in <code>/opt/iredapd/settings.py</code>:</p>
@ -69,7 +68,6 @@ CHANGE_PASSWORD_MESSAGE = 'Password expired or never changed, please change your
# sample values: ['user@example.com', 'domain.com']
CHANGE_PASSWORD_NEVER_EXPIRE_USERS = []
</code></pre>
<p>Restarting <code>iredapd</code> service is required after changed <code>/opt/iredapd/settings.py</code>.</p>
<h2 id="roundcube-plugin-force_password_change">Roundcube plugin: <code>force_password_change</code></h2>
<p>There's a third-party Roundcube plugin can force user to change password.

54
html/haproxy.keepalived.glusterfs.html
View File

@ -89,7 +89,6 @@ Thanks Setyo. :) iRedMail Team doesn't offer tech support for this setup.</p>
192.168.1.3 mail1
192.168.1.4 mail2
</code></pre>
<p>The procedure:</p>
<ol>
<li>Install and configure KeepAlived</li>
@ -111,20 +110,17 @@ Thanks Setyo. :) iRedMail Team doesn't offer tech support for this setup.</p>
192.168.1.3 mail1
192.168.1.4 mail2
</code></pre>
<ul>
<li>Install KeepAlived and backup default config file:</li>
</ul>
<pre><code>yum install -y keepalived
mv /etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf_DEFAULT
</code></pre>
<ul>
<li>on ha1:</li>
</ul>
<pre><code>nano /etc/keepalived/keepalived.conf
</code></pre>
<ul>
<li>change eth0 to your existing interface</li>
</ul>
@ -147,7 +143,6 @@ vrrp_instance VI_1 {
}
}
</code></pre>
<ul>
<li>on ha2, update <code>/etc/keepalived/keepalived.conf</code></li>
</ul>
@ -170,20 +165,17 @@ vrrp_instance VI_1 {
}
}
</code></pre>
<ul>
<li>activate KeepAlived service on both servers:</li>
</ul>
<pre><code>systemctl enable keepalived
systemctl start keepalived
</code></pre>
<ul>
<li>Check status of virtual IP (192.168.1.10) with command below:</li>
</ul>
<pre><code>ip a
</code></pre>
<h2 id="install-and-configure-haproxy">Install and configure HAProxy</h2>
<ul>
<li>Install on both servers (ha1 &amp; ha2)</li>
@ -191,7 +183,6 @@ systemctl start keepalived
<pre><code>yum install -y haproxy
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg_DEFAULT
</code></pre>
<ul>
<li>on ha1: update <code>/etc/haproxy/haproxy.cfg</code></li>
</ul>
@ -248,7 +239,6 @@ listen stats
# Set a username and password
stats auth yourUsername:yourPassword
</code></pre>
<ul>
<li>on ha2, update <code>/etc/haproxy/haproxy.cfg</code></li>
</ul>
@ -305,7 +295,6 @@ listen stats
# Set a username and password
stats auth yourUsername:yourPassword
</code></pre>
<ul>
<li>on both servers:</li>
</ul>
@ -316,23 +305,19 @@ openssl req -new -key /etc/ssl/iredmail.org/iredmail.org.key -out /etc/ssl/iredm
openssl x509 -req -days 365 -in /etc/ssl/iredmail.org/iredmail.org.csr -signkey /etc/ssl/iredmail.org/iredmail.org.key -out /etc/ssl/iredmail.org/iredmail.org.crt
cat /etc/ssl/iredmail.org/iredmail.org.crt /etc/ssl/iredmail.org/iredmail.org.key &gt; /etc/ssl/iredmail.org/iredmail.org.pem
</code></pre>
<p>activate HAProxy service</p>
<pre><code>systemctl enable haproxy
systemctl start haproxy
</code></pre>
<p>check log if any errors</p>
<pre><code>tail -f /var/log/messages
</code></pre>
<p>allow http, https, haproxystat ports</p>
<pre><code>firewall-cmd --zone=public --permanent --add-port=80/tcp
firewall-cmd --zone=public --permanent --add-port=443/tcp
firewall-cmd --zone=public --permanent --add-port=9000/tcp
firewall-cmd --complete-reload
</code></pre>
<h2 id="glusterfs">GlusterFS</h2>
<h3 id="add-new-hard-disk-and-format-with-preferred-file-system">Add new hard disk and format with preferred file system</h3>
<p>first, add new hard drive with the same capacity</p>
@ -342,7 +327,6 @@ firewall-cmd --complete-reload
<pre><code>192.168.1.3 mail1
192.168.1.4 mail2
</code></pre>
<ul>
<li>add new disk on <code>mail1</code>:</li>
</ul>
@ -351,15 +335,12 @@ firewall-cmd --complete-reload
/sbin/mkfs.ext4 /dev/sdb1
mkdir /glusterfs1
</code></pre>
<p>Update <code>/etc/fstab</code>:</p>
<pre><code>/dev/sdb1 /glusterfs1 ext4 defaults 1 2
</code></pre>
<p>remount all:</p>
<pre><code>mount -a
</code></pre>
<ul>
<li>add new disk on mail2:</li>
</ul>
@ -368,15 +349,12 @@ mkdir /glusterfs1
/sbin/mkfs.ext4 /dev/sdb1
mkdir /glusterfs2
</code></pre>
<p>Update /etc/fstab:</p>
<pre><code>/dev/sdb1 /glusterfs2 ext4 defaults 1 2
</code></pre>
<p>remount all</p>
<pre><code>mount -a
</code></pre>
<h3 id="install-and-configure-gulsterfs">Install and Configure GulsterFS</h3>
<ul>
<li>on both servers (mail1 &amp; mail2):</li>
@ -385,44 +363,36 @@ mkdir /glusterfs2
yum -y install centos-release-gluster38.noarch
yum -y install glusterfs glusterfs-fuse glusterfs-server
</code></pre>
<p>activate the service</p>
<pre><code>systemctl enable glusterd.service
systemctl start glusterd.service
</code></pre>
<p>disabling firewall</p>
<pre><code>systemctl stop firewalld.service
systemctl disable firewalld.service
</code></pre>
<ul>
<li>on mail1:</li>
</ul>
<pre><code>gluster peer probe mail2
</code></pre>
<ul>
<li>on mail2:</li>
</ul>
<pre><code>gluster peer probe mail1
</code></pre>
<p>you can check status with command below:</p>
<pre><code>gluster peer status
</code></pre>
<ul>
<li>ONLY on mail1:</li>
</ul>
<pre><code>gluster volume create mailrep-volume replica 2 mail1:/glusterfs1/vmail mail2:/glusterfs2/vmail force
gluster volume start mailrep-volume
</code></pre>
<p>check it</p>
<pre><code>gluster volume info mailrep-volume
</code></pre>
<ul>
<li>create folder for vmail and mount glusterfs to vmail folder</li>
</ul>
@ -430,46 +400,36 @@ gluster volume start mailrep-volume
<pre><code>mkdir /var/vmail
mount.glusterfs mail1:/mailrep-volume /var/vmail/
</code></pre>
<p>Update /etc/fstab</p>
<pre><code>mail1:/mailrep-volume /var/vmail glusterfs defaults,_netdev 0 0
</code></pre>
<p>remount all</p>
<pre><code>mount -a
</code></pre>
<p>check it</p>
<pre><code>df -h
</code></pre>
<ul>
<li>on mail2:</li>
</ul>
<pre><code>mkdir /var/vmail
mount.glusterfs mail2:/mailrep-volume /var/vmail/
</code></pre>
<p>Update /etc/fstab:</p>
<pre><code>mail2:/mailrep-volume /var/vmail glusterfs defaults,_netdev 0 0
</code></pre>
<p>remount all</p>
<pre><code>mount -a
</code></pre>
<p>check it</p>
<pre><code>df -h
</code></pre>
<p>you can test it by creating any files on one of your mail servers</p>
<pre><code>cd /var/vmail; touch R1 R2 R3 R4 R5 R6
</code></pre>
<p>make sure it, by checking files on both servers</p>
<pre><code>ls -la /var/vmail
</code></pre>
<h2 id="install-and-configure-iredmail">Install and configure iRedMail</h2>
<ul>
<li>
@ -504,7 +464,6 @@ overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 200
</code></pre>
<ul>
<li>on mail2 (SLAVE), update <code>/etc/openldap/slapd.conf</code>:</li>
</ul>
@ -526,7 +485,6 @@ query files under <code>/etc/postfix/ldap/</code>.</p>
interval=00:00:01:00
attrs=&quot;*,+&quot;
</code></pre>
<p>on both servers set firewalld to accept gluster port, ldap port, and database to each servers,
or you can set by your own rules:</p>
<pre><code>firewall-cmd --permanent \
@ -550,15 +508,12 @@ firewall-cmd --zone=iredmail --permanent --add-port=631/tcp
firewall-cmd --zone=iredmail --permanent --add-port=963/tcp
firewall-cmd --zone=iredmail --permanent --add-port=49152-49251/tcp
</code></pre>
<p>reload firewall rules:</p>
<pre><code>firewall-cmd --complete-reload
</code></pre>
<p>Restart OpenLDAP service:</p>
<pre><code>systemctl restart slapd
</code></pre>
<h2 id="configure-mariadb-replication-master-master">Configure MariaDB replication (Master-Master)</h2>
<ul>
<li>on mail1, update <code>/etc/my.cnf</code>:</li>
@ -587,11 +542,9 @@ firewall-cmd --zone=iredmail --permanent --add-port=49152-49251/tcp
replicate-ignore-db=mysql
replicate-ignore-db=iredapd
</code></pre>
<p>Restart MariaDB service:</p>
<pre><code>systemctl restart mariadb
</code></pre>
<p>*on mail2, update <code>/etc/my.cnf</code>:</p>
<pre><code>server-id = 2
log_bin = /var/log/mariadb/mariadb-bin.log
@ -617,11 +570,9 @@ firewall-cmd --zone=iredmail --permanent --add-port=49152-49251/tcp
replicate-ignore-db=mysql
replicate-ignore-db=iredapd
</code></pre>
<p>Restart MariaDB service:</p>
<pre><code>systemctl restart mariadb
</code></pre>
<h3 id="create-replicator-dbuser-on-both-servers">create replicator dbuser on both servers</h3>
<ul>
<li>on mail1, login as MariaDB root user, then execute sql commands below:</li>
@ -635,7 +586,6 @@ SHOW MASTER STATUS;
| mariadb-bin.000001 | 245 | amavisd,iredadmin,iredapd,roundcubemail,sogo | test,information_schema,mysql |
+--------------------+----------+----------------------------------------------+-------------------------------+
</code></pre>
<p>check master status in column <code>File</code> and <code>Position</code>:</p>
<ul>
<li>on mail2:</li>
@ -654,7 +604,6 @@ SHOW MASTER STATUS;
show slave status\G;
</code></pre>
<ul>
<li>change to your own master status MASTER_LOG_FILE is from <code>File</code>, MASTER_LOG_POS is from <code>Position</code> of master mail1</li>
<li>check master status for <code>File</code> and <code>Position</code></li>
@ -662,7 +611,6 @@ show slave status\G;
<p>Restart MariaDB service:</p>
<pre><code>systemctl restart mariadb
</code></pre>
<ul>
<li>on mail1, login as MariaDB root user:</li>
</ul>
@ -672,14 +620,12 @@ slave start;
show slave status\G;
exit;
</code></pre>
<ul>
<li>change to your own master status MASTER_LOG_FILE is from <code>File</code>, MASTER_LOG_POS is from <code>Position</code> of master mail2*.</li>
</ul>
<p>Restart MariaDB service:</p>
<pre><code>systemctl restart mariadb
</code></pre>
<ul>
<li>reboot one of mailserver and wait till up, then reboot the other mailserver</li>
</ul>

3
html/ignore.trash.folder.in.quota-zh_CN.html
View File

@ -40,7 +40,6 @@ plugin {
...
}
</code></pre>
<p>因此,要忽略 <code>Trash</code> 目录的邮箱容量,可以在 <code>/etc/dovecot/dovecot.conf</code>
<code>/etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf</code> 中增加新的配额规则quota_rule</p>
<ul>
@ -57,7 +56,6 @@ plugin {
...
}
</code></pre>
<ul>
<li>配置示例 2:</li>
</ul>
@ -66,7 +64,6 @@ plugin {
user_attrs = ...,mailQuota=quota_rule=*:bytes=%$,=quota_rule2=Trash:ignore
</code></pre>
<p>MySQL 或 PostgreSQL 后端:</p>
<h1 id="file-etcdovecotdovecot-mysqlconf-or-dovecot-pgsqlconf">File: /etc/dovecot/dovecot-mysql.conf, or dovecot-pgsql.conf</h1>
<p>user_query = SELECT ... \

2
html/ignore.trash.folder.in.quota.html
View File

@ -40,7 +40,6 @@ plugin {
...
}
</code></pre>
<p>So, if you want to ignore quota of <code>Trash</code> folder, you can add new quota_rule
in either <code>/etc/dovecot/dovecot.conf</code> or <code>/etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf</code>.</p>
<ul>
@ -57,7 +56,6 @@ plugin {
...
}
</code></pre>
<ul>
<li>Sample setting #2:</li>
</ul>

29
html/index-es_MX.html Normal file
View File

@ -0,0 +1,29 @@
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>iRedMail Documentations</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="https://www.iredmail.org" target="_blank">
<img alt="iRedMail web site"
src="./images/logo-iredmail.png"
style="vertical-align: middle; height: 30px;"
/>&nbsp;
<span>iRedMail</span>
</a>
</div><div class="admonition note">
<p class="admonition-title">Some tutorials have been translated to different languages. <a href="https://github.com/iredmail/docs">Help translate more</a></p>
<p><a href="./index.html">English</a> / <a href="./index-it_IT.html">Italiano</a> / <a href="./index-zh_CN.html">简体中文</a> /</p>
</div>
<h3 id="overview">Visión General</h3>
<ul>
<li><a href="./why.build.your.own.mail.server.html">Por qué construir su propio servidor de correo en lugar de subcontratar un servicio</a></li>
<li><a href="./used.components.html">Principal softwar libre utilizado en iRedMail, y el flujo general del correo</a></li>
<li><a href="./network.ports.html">Qué puertos de red abre iRedMail</a></li>
</ul><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

2
html/index-it_IT.html
View File

@ -17,7 +17,7 @@
</a>
</div><div class="admonition note">
<p class="admonition-title">Some tutorials have been translated to different languages. <a href="https://github.com/iredmail/docs">Help translate more</a></p>
<p><a href="./index.html">English</a> / <a href="./index-zh_CN.html">简体中文</a> /</p>
<p><a href="./index.html">English</a> / <a href="./index-zh_CN.html">简体中文</a> / <a href="./index-es_MX.html">Español</a> /</p>
</div>
<h3 id="howto">How to</h3>
<ul>

2
html/index-zh_CN.html
View File

@ -17,7 +17,7 @@
</a>
</div><div class="admonition note">
<p class="admonition-title">Some tutorials have been translated to different languages. <a href="https://github.com/iredmail/docs">Help translate more</a></p>
<p><a href="./index.html">English</a> / <a href="./index-it_IT.html">Italiano</a> /</p>
<p><a href="./index.html">English</a> / <a href="./index-it_IT.html">Italiano</a> / <a href="./index-es_MX.html">Español</a> /</p>
</div>
<h3 id="iredmail">安装 iRedMail</h3>
<ul>

4
html/index.html
View File

@ -17,7 +17,7 @@
</a>
</div><div class="admonition note">
<p class="admonition-title">Some tutorials have been translated to different languages. <a href="https://github.com/iredmail/docs">Help translate more</a></p>
<p><a href="./index-it_IT.html">Italiano</a> / <a href="./index-zh_CN.html">简体中文</a> /</p>
<p><a href="./index-it_IT.html">Italiano</a> / <a href="./index-zh_CN.html">简体中文</a> / <a href="./index-es_MX.html">Español</a> /</p>
</div>
<h3 id="overview">Overview</h3>
<ul>
@ -220,9 +220,9 @@
<ul>
<li><a href="iredadmin-pro.custom.ban.rules.html">iRedAdmin-Pro: Custom (Amavisd) ban rules</a></li>
<li><a href="iredadmin-pro.custom.base.url.html">iRedAdmin-Pro: Custom base url (/iredadmin)</a></li>
<li><a href="iredadmin-pro.customize.maildir.path.html">iRedAdmin-Pro: Customize maildir path</a></li>
<li><a href="iredadmin-pro.custom.logo.html">iRedAdmin-Pro: Custom logo image, brand name, short product description</a></li>
<li><a href="iredadmin-pro.custom.user.services.html">iRedAdmin-Pro (LDAP backend): Add and manage custom services for mail user</a></li>
<li><a href="iredadmin-pro.customize.maildir.path.html">iRedAdmin-Pro: Customize maildir path</a></li>
<li><a href="iredadmin-pro.default.password.policy.html">iRedAdmin-Pro: Default password restrictions</a></li>
<li><a href="iredadmin-pro.domain.ownership.verification.html">iRedAdmin-Pro: Domain ownership verification</a></li>
<li><a href="iredadmin-pro.restful.api.html">iRedAdmin-Pro: RESTful API</a></li>

8
html/install.iredadmin.on.debian.html
View File

@ -82,7 +82,6 @@ install them manually, below info just for your reference.</p>
# chmod -R 0555 iRedAdmin-x.y.z
# ln -s iRedAdmin-x.y.z iredadmin
</code></pre>
<ul>
<li>
<p>Add apache configure file: <code>/etc/apache2/conf.d/iredadmin.conf</code>.</p>
@ -102,7 +101,6 @@ AddType text/html .py
Allow from all
&lt;/Directory&gt;
</code></pre>
<ul>
<li>Edit <code>/etc/apache2/sites-enabled/default-ssl</code>, make iredadmin accessible via HTTPS.
Add below lines before <code>&lt;/VirtualHost&gt;</code>:</li>
@ -110,14 +108,12 @@ AddType text/html .py
<pre><code>WSGIScriptAlias /iredadmin /opt/www/iredadmin/iredadmin.py/
Alias /iredadmin/static /opt/www/iredadmin/static/
</code></pre>
<ul>
<li>Enable mod_wsgi module and restart Apache service:</li>
</ul>
<pre><code># a2enmod wsgi
# service apache2 restart
</code></pre>
<h2 id="create-required-mysql-database-and-grant-privileges">Create required MySQL database and grant privileges</h2>
<ul>
<li>Create MySQL database: <code>iredadmin</code>.</li>
@ -127,7 +123,6 @@ mysql&gt; CREATE DATABASE iredadmin DEFAULT CHARACTER SET utf8 COLLATE utf8_gene
mysql&gt; USE iredadmin;
mysql&gt; SOURCE /opt/www/iredadmin/docs/samples/iredadmin.sql;
</code></pre>
<ul>
<li>Grant privileges to iredadmin user and set password for it. WARNING: Here we
use 'secret_passwd' as password of iredadmin user, please replace it with
@ -137,7 +132,6 @@ mysql&gt; SOURCE /opt/www/iredadmin/docs/samples/iredadmin.sql;
mysql&gt; GRANT SELECT,INSERT,UPDATE,DELETE ON iredadmin.* TO iredadmin@localhost IDENTIFIED BY 'secret_passwd';
mysql&gt; FLUSH PRIVILEGES;
</code></pre>
<h2 id="configure-iredadmin">Configure iRedAdmin</h2>
<ul>
<li>
@ -154,7 +148,6 @@ mysql&gt; FLUSH PRIVILEGES;
# chown iredadmin:iredadmin settings.py
# chmod 0400 settings.py
</code></pre>
<ul>
<li>
<p>Update settings.py with correct values. Please read <code>settings.py</code> for more
@ -166,7 +159,6 @@ mysql&gt; FLUSH PRIVILEGES;
</ul>
<pre><code># service apache2 restart
</code></pre>
<h2 id="access-iredadmin">Access iRedAdmin</h2>
<p>Open your web browser to access iRedAdmin: <code>httpS://your_server_ip_address/iredadmin/</code></p>
<p>Make sure you use <code>HTTPS://</code> instead of <code>HTTP://</code>.</p>

8
html/install.iredadmin.on.freebsd.html
View File

@ -82,7 +82,6 @@ install them manually, below info just for your reference.</p>
# chmod -R 0555 iRedAdmin-x.y.z
# ln -s iRedAdmin-x.y.z iredadmin
</code></pre>
<ul>
<li>Add apache configure file: <code>/usr/local/etc/apache22/Includes/iredadmin.conf</code>:</li>
</ul>
@ -97,7 +96,6 @@ AddType text/html .py
Allow from all
&lt;/Directory&gt;
</code></pre>
<ul>
<li>Edit <code>/usr/local/etc/apache22/extra/httpd-ssl.conf</code>, make iredadmin accessible via HTTPS.
Add below lines before <code>&lt;/VirtualHost&gt;</code>:</li>
@ -105,13 +103,11 @@ AddType text/html .py
<pre><code>WSGIScriptAlias /iredadmin /usr/local/www/iredadmin/iredadmin.py/
Alias /iredadmin/static /usr/local/www/iredadmin/static/
</code></pre>
<ul>
<li>Restart apache to enable mod_wsgi:</li>
</ul>
<pre><code># /usr/local/etc/rc.d/apache22 restart
</code></pre>
<h2 id="create-required-mysql-database-and-grant-privileges">Create required MySQL database and grant privileges</h2>
<ul>
<li>Create MySQL database: <code>iredadmin</code>.</li>
@ -121,7 +117,6 @@ mysql&gt; CREATE DATABASE iredadmin DEFAULT CHARACTER SET utf8 COLLATE utf8_gene
mysql&gt; USE iredadmin;
mysql&gt; SOURCE /usr/local/www/iredadmin/docs/samples/iredadmin.sql;
</code></pre>
<ul>
<li>Grant privileges to iredadmin user and set password for it. WARNING: Here we
use 'secret_passwd' as password of iredadmin user, please replace it with
@ -131,7 +126,6 @@ mysql&gt; SOURCE /usr/local/www/iredadmin/docs/samples/iredadmin.sql;
mysql&gt; GRANT SELECT,INSERT,UPDATE,DELETE ON iredadmin.* TO iredadmin@localhost IDENTIFIED BY 'secret_passwd';
mysql&gt; FLUSH PRIVILEGES;
</code></pre>
<h2 id="configure-iredadmin">Configure iRedAdmin</h2>
<ul>
<li>
@ -148,7 +142,6 @@ mysql&gt; FLUSH PRIVILEGES;
# chown iredadmin:iredadmin settings.py
# chmod 0400 settings.py
</code></pre>
<ul>
<li>
<p>Update settings.py with correct values. Please read <code>settings.py</code> for more
@ -160,7 +153,6 @@ mysql&gt; FLUSH PRIVILEGES;
</ul>
<pre><code># /usr/local/etc/rc.d/apache22 restart
</code></pre>
<h2 id="access-iredadmin">Access iRedAdmin</h2>
<p>Open your web browser to access iRedAdmin: <code>httpS://your_server_ip_address/iredadmin/</code></p>
<p>Make sure you use <code>HTTPS://</code> instead of <code>HTTP://</code>.</p>

8
html/install.iredadmin.on.openbsd.html
View File

@ -82,7 +82,6 @@ install them manually, below info just for your reference.</p>
# chmod -R 0555 iRedAdmin-x.y.z
# ln -s iRedAdmin-x.y.z iredadmin
</code></pre>
<ul>
<li>Add apache configure file: <code>/var/www/conf/modules/iredadmin.conf</code>.</li>
</ul>
@ -95,7 +94,6 @@ AddHandler cgi-script .py
Allow from all
&lt;/Directory&gt;
</code></pre>
<ul>
<li>Edit <code>/var/www/conf/httpd.conf</code>, make iredadmin accessible via HTTPS.
Add below lines before <code>&lt;/VirtualHost&gt;</code>:</li>
@ -103,13 +101,11 @@ AddHandler cgi-script .py
<pre><code>Alias /iredadmin/static /var/www/iredadmin/static
ScriptAlias /iredadmin /var/www/iredadmin/iredadmin.py
</code></pre>
<ul>
<li>Restart apache to enable mod_wsgi:</li>
</ul>
<pre><code># /etc/rc.d/httpd restart
</code></pre>
<h2 id="create-required-mysql-database-and-grant-privileges">Create required MySQL database and grant privileges</h2>
<ul>
<li>Create MySQL database: <code>iredadmin</code>.</li>
@ -119,7 +115,6 @@ mysql&gt; CREATE DATABASE iredadmin DEFAULT CHARACTER SET utf8 COLLATE utf8_gene
mysql&gt; USE iredadmin;
mysql&gt; SOURCE /var/www/iredadmin/docs/samples/iredadmin.sql;
</code></pre>
<ul>
<li>Grant privileges to iredadmin user and set password for it. WARNING: Here we
use 'secret_passwd' as password of iredadmin user, please replace it with
@ -129,7 +124,6 @@ mysql&gt; SOURCE /var/www/iredadmin/docs/samples/iredadmin.sql;
mysql&gt; GRANT SELECT,INSERT,UPDATE,DELETE ON iredadmin.* TO iredadmin@localhost IDENTIFIED BY 'secret_passwd';
mysql&gt; FLUSH PRIVILEGES;
</code></pre>
<h2 id="configure-iredadmin">Configure iRedAdmin</h2>
<ul>
<li>
@ -146,7 +140,6 @@ mysql&gt; FLUSH PRIVILEGES;
# chown iredadmin:iredadmin settings.py
# chmod 0400 settings.py
</code></pre>
<ul>
<li>
<p>Update settings.py with correct values. Please read <code>settings.py</code> for more
@ -158,7 +151,6 @@ mysql&gt; FLUSH PRIVILEGES;
</ul>
<pre><code># /etc/rc.d/httpd restart
</code></pre>
<h2 id="access-iredadmin">Access iRedAdmin</h2>
<p>Open your web browser to access iRedAdmin: <code>httpS://your_server_ip_address/iredadmin/</code></p>
<p>Make sure you use <code>HTTPS://</code> instead of <code>HTTP://</code>.</p>

8
html/install.iredadmin.on.rhel.html
View File

@ -82,7 +82,6 @@ install them manually, below info just for your reference.</p>
# chmod -R 0555 iRedAdmin-x.y.z
# ln -s iRedAdmin-x.y.z iredadmin
</code></pre>
<ul>
<li>Add apache configure file: <code>/etc/httpd/conf.d/iredadmin.conf</code>:</li>
</ul>
@ -97,7 +96,6 @@ AddType text/html .py
Allow from all
&lt;/Directory&gt;
</code></pre>
<ul>
<li>Edit <code>/etc/httpd/conf.d/ssl.conf</code>, make iredadmin accessible via HTTPS.
Add below lines before <code>&lt;/VirtualHost&gt;</code>:</li>
@ -105,13 +103,11 @@ AddType text/html .py
<pre><code>WSGIScriptAlias /iredadmin /var/www/iredadmin/iredadmin.py/
Alias /iredadmin/static /var/www/iredadmin/static/
</code></pre>
<ul>
<li>Restart apache to enable mod_wsgi:</li>
</ul>
<pre><code># /etc/init.d/httpd restart
</code></pre>
<h2 id="create-required-mysql-database-and-grant-privileges">Create required MySQL database and grant privileges</h2>
<ul>
<li>Create MySQL database: <code>iredadmin</code>.</li>
@ -121,7 +117,6 @@ mysql&gt; CREATE DATABASE iredadmin DEFAULT CHARACTER SET utf8 COLLATE utf8_gene
mysql&gt; USE iredadmin;
mysql&gt; SOURCE /var/www/iredadmin/docs/samples/iredadmin.sql;
</code></pre>
<ul>
<li>Grant privileges to iredadmin user and set password for it. WARNING: Here we
use 'secret_passwd' as password of iredadmin user, please replace it with
@ -131,7 +126,6 @@ mysql&gt; SOURCE /var/www/iredadmin/docs/samples/iredadmin.sql;
mysql&gt; GRANT SELECT,INSERT,UPDATE,DELETE ON iredadmin.* TO iredadmin@localhost IDENTIFIED BY 'secret_passwd';
mysql&gt; FLUSH PRIVILEGES;
</code></pre>
<h2 id="configure-iredadmin">Configure iRedAdmin</h2>
<ul>
<li>
@ -148,7 +142,6 @@ mysql&gt; FLUSH PRIVILEGES;
# chown iredadmin:iredadmin settings.py
# chmod 0400 settings.py
</code></pre>
<ul>
<li>
<p>Update settings.py with correct values. Please read <code>settings.py</code> for more
@ -160,7 +153,6 @@ mysql&gt; FLUSH PRIVILEGES;
</ul>
<pre><code># /etc/init.d/httpd restart
</code></pre>
<h2 id="access-iredadmin">Access iRedAdmin</h2>
<p>Open your web browser to access iRedAdmin: <code>httpS://your_server_ip_address/iredadmin/</code></p>
<p>Make sure you use <code>HTTPS://</code> instead of <code>HTTP://</code>.</p>

9
html/install.iredmail.on.debian.ubuntu-zh_CN.html
View File

@ -69,28 +69,24 @@ iRedMail 会自动安装和配置邮件服务所需的组件,因此如果操
<h3 id="fqdn">为服务器设置一个完整域名FQDN的主机名</h3>
<p>不管你的服务器将用于实际运行还是仅仅用作测试都建议设置一个完整域名FQDN的主机名。</p>
<p>输入命令 <code>hostname -f</code> 查看当前的主机名</p>
<pre><code class="shell">$ hostname -f
<pre><code class="language-shell">$ hostname -f
mx.example.com
</code></pre>
<p>在 Debian/Ubuntu 系统上,主机名需要在两个文件里设置:<code>/etc/hostname</code><code>/etc/hosts</code></p>
<ul>
<li><code>/etc/hostname</code>:短名称。</li>
</ul>
<pre><code>mx
</code></pre>
<ul>
<li><code>/etc/hosts</code> 里定义主机名和 IP 地址的对应关系。注意:一定要将 FQDN 主机名列在第一个。</li>
</ul>
<pre><code>127.0.0.1 mx.example.com mx localhost localhost.localdomain
</code></pre>
<p>确认系统已使用设置好的 FQDN 作为主机名。如果没有生效,请重启系统。</p>
<pre><code>$ hostname -f
mx.example.com
</code></pre>
<h3 id="debianubuntu-apt">启用 Debian/Ubuntu 默认的官方 apt 软件源</h3>
<ul>
<li>iRedMail 依赖 Debian/Ubuntu 官方的 apt 软件源,请在 <code>/etc/apt/sources.list</code>
@ -99,7 +95,6 @@ mx.example.com
</ul>
<pre><code># sudo apt-get install bzip2
</code></pre>
<h3 id="iredmail">下载最新版本的 iRedMail</h3>
<ul>
<li>访问<a href="https://www.iredmail.org/download.html">下载页面</a>下载最新的版本。</li>
@ -110,13 +105,11 @@ mx.example.com
<pre><code># cd /root/
# tar xjf iRedMail-x.y.z.tar.bz2
</code></pre>
<h2 id="iredmail_1">运行 iRedMail 安装程序</h2>
<p>现在可以运行 iRedMail 安装程序了,它会问你几个简单的问题,仅此而已。</p>
<pre><code>cd /root/iRedMail-x.y.z/
bash iRedMail.sh
</code></pre>
<h2 id="_3">安装过程的截图</h2>
<ul>
<li>欢迎和感谢使用</li>

9
html/install.iredmail.on.debian.ubuntu.html
View File

@ -92,17 +92,15 @@ is available through the ticket system.</p>
<p>No matter your server is a testing machine or production server, it's strongly
recommended to set a fully qualified domain name (FQDN) hostname.</p>
<p>Enter command <code>hostname -f</code> to view the current hostname:</p>
<pre><code class="shell">$ hostname -f
<pre><code class="language-shell">$ hostname -f
mx.example.com
</code></pre>
<p>On Debian/Ubuntu Linux, hostname is set in two files: <code>/etc/hostname</code> and <code>/etc/hosts</code>.</p>
<ul>
<li><code>/etc/hostname</code>: short hostname, not FQDN.</li>
</ul>
<pre><code>mx
</code></pre>
<ul>
<li><code>/etc/hosts</code>: static table lookup for hostnames. <strong>Warning</strong>: Please list the
FQDN hostname as first item.</li>
@ -110,13 +108,11 @@ mx.example.com
<pre><code># Part of file: /etc/hosts
127.0.0.1 mx.example.com mx localhost localhost.localdomain
</code></pre>
<p>Verify the FQDN hostname. If it wasn't changed after updating above two files,
please reboot server to make it work.</p>
<pre><code>$ hostname -f
mx.example.com
</code></pre>
<h3 id="enable-default-official-debianubuntu-apt-repositories">Enable default official Debian/Ubuntu apt repositories</h3>
<ul>
<li>iRedMail needs official Debian/Ubuntu apt repositories, please enable them in
@ -125,7 +121,6 @@ mx.example.com
</ul>
<pre><code>sudo apt-get install gzip
</code></pre>
<h3 id="download-the-latest-release-of-iredmail">Download the latest release of iRedMail</h3>
<ul>
<li>
@ -144,14 +139,12 @@ mx.example.com
<pre><code>cd /root/
tar zxf iRedMail-x.y.z.tar.gz
</code></pre>
<h2 id="start-iredmail-installer">Start iRedMail installer</h2>
<p>It's now ready to start iRedMail installer, it will ask you several simple
questions, that's all required to setup a full-featured mail server.</p>
<pre><code>cd /root/iRedMail-x.y.z/
bash iRedMail.sh
</code></pre>
<h2 id="screenshots-of-installation">Screenshots of installation:</h2>
<ul>
<li>Welcome and thanks for your use</li>

12
html/install.iredmail.on.freebsd.html
View File

@ -82,10 +82,9 @@ this installation guide instead:
<p>No matter your server is a testing machine or production server, it's strongly
recommended to set a fully qualified domain name (FQDN) hostname.</p>
<p>Enter command <code>hostname -f</code> to view the current hostname:</p>
<pre><code class="shell"># hostname -f
<pre><code class="language-shell"># hostname -f
mx.example.com
</code></pre>
<p>On FreeBSD, hostname is set in two files: <code>/etc/rc.conf</code>, <code>/etc/hosts</code>.</p>
<ul>
<li><code>/etc/rc.conf</code>: set hostname.</li>
@ -93,27 +92,22 @@ mx.example.com
<pre><code># Part of File: /etc/rc.conf
hostname=&quot;mx.example.com&quot;
</code></pre>
<ul>
<li><code>/etc/hosts</code>: hostname &lt;=&gt; IP address mapping.</li>
</ul>
<pre><code># Part of file: /etc/hosts
127.0.0.1 mx.example.com mx localhost localhost.localdomain
</code></pre>
<p>Verify the FQDN hostname. If it wasn't changed, please reboot server to make it work.</p>
<pre><code># hostname -f
mx.example.com
</code></pre>
<h3 id="update-ports-tree-via-portsnap">Update ports tree via portsnap</h3>
<pre><code># portsnap fetch extract update
</code></pre>
<h3 id="install-package-bash-static-its-required-by-iredmail">Install package <code>bash-static</code>, it's required by iRedMail</h3>
<pre><code class="bash"># pkg install bash-static
<pre><code class="language-bash"># pkg install bash-static
</code></pre>
<h3 id="download-the-latest-release-of-iredmail">Download the latest release of iRedMail</h3>
<ul>
<li>
@ -132,14 +126,12 @@ mx.example.com
<pre><code># cd /root/
# tar zxf iRedMail-x.y.z.tar.gz
</code></pre>
<h2 id="start-iredmail-installer">Start iRedMail installer</h2>
<p>It's now ready to start iRedMail installer, it will ask you several simple
questions, that's all required to setup a full-featured mail server.</p>
<pre><code># cd /root/iRedMail-x.y.z/
# bash iRedMail.sh
</code></pre>
<h2 id="screenshots-of-installation">Screenshots of installation:</h2>
<ul>
<li>Welcome and thanks for your use</li>

15
html/install.iredmail.on.freebsd.with.jail.html
View File

@ -95,7 +95,6 @@
<pre><code># cd /usr/ports/sysutils/ezjail/
# make install clean
</code></pre>
<ul>
<li>Enable ezjail service and sysvipc by appending lines below to <code>/etc/rc.conf</code>:</li>
</ul>
@ -105,27 +104,23 @@ ezjail_enable=&quot;YES&quot;
# Enable sysvipc. Required by PostgreSQL.
jail_sysvipc_allow=&quot;YES&quot;
</code></pre>
<ul>
<li>Add parameter in <code>/etc/sysctl.conf</code>, this is required if you're
going to install iRedMail with PostgreSQL backend.</li>
</ul>
<pre><code>security.jail.sysvipc_allowed=1
</code></pre>
<ul>
<li>Rebooting system is required after changing <code>/etc/rc.conf</code>.</li>
</ul>
<pre><code># reboot
</code></pre>
<h3 id="create-jail">Create Jail</h3>
<ul>
<li>After server reboot, populate the Jail with FreeBSD-RELEASE</li>
</ul>
<pre><code># ezjail-admin install -p
</code></pre>
<ul>
<li>
<p>Create a new jail</p>
@ -138,13 +133,11 @@ jail_sysvipc_allow=&quot;YES&quot;
</ul>
<pre><code># ezjail-admin create -r /jails/mx.example.com mx.example.com 'em0|172.16.244.254'
</code></pre>
<ul>
<li>Start Jail.</li>
</ul>
<pre><code># service ezjail restart
</code></pre>
<ul>
<li>List all Jails:</li>
</ul>
@ -153,25 +146,21 @@ STA JID IP Hostname Root Directory
--- ---- ---------------- --------------------------------- ------------------------
DS 1 172.16.244.254 mx.example.com /jails/mx.example.com
</code></pre>
<h2 id="install-iredmail">Install iRedMail</h2>
<p>We can now enter this Jail with below command:</p>
<pre><code># ezjail-admin console mx.example.com
</code></pre>
<ul>
<li>In Jail, update <code>/etc/resolv.conf</code> with valid DNS server address(es). For example:</li>
</ul>
<pre><code># File: /etc/resolv.conf
nameserver 172.16.244.2
</code></pre>
<ul>
<li>In Jail, install binary package <code>bash-static</code>, it's required by iRedMail.</li>
</ul>
<pre><code># pkg install bash-static
</code></pre>
<h2 id="start-iredmail-installer">Start iRedMail installer</h2>
<p>It's now ready to start iRedMail installer inside Jail, it will ask you several simple
questions, that's all required to setup a full-featured mail server.</p>
@ -179,7 +168,6 @@ questions, that's all required to setup a full-featured mail server.</p>
# cd /root/iRedMail/
# LOCAL_ADDRESS='172.16.244.254' bash iRedMail.sh
</code></pre>
<h2 id="screenshots-of-installation">Screenshots of installation:</h2>
<ul>
<li>Welcome and thanks for your use</li>
@ -305,13 +293,11 @@ expected.</p>
</ul>
<pre><code>security.jail.allow_raw_sockets=1
</code></pre>
<ul>
<li>Update <code>/usr/local/etc/ezjail/mx_example_com</code> to allow <code>ping</code> inside Jail:</li>
</ul>
<pre><code>export jail_mx_example_com_parameters=&quot;allow.raw_sockets=1&quot;
</code></pre>
<h3 id="share-usrportsdistfiles-with-jail">Share <code>/usr/ports/distfiles</code> with Jail</h3>
<p>To share <code>/usr/ports/distfiles/</code> with Jail, please append below line in
<code>/etc/fstab.mx_example_com</code>:</p>
@ -323,7 +309,6 @@ either use this default setting or change it to <code>/usr/ports</code>.</p>
<pre><code># Part of file: /etc/fstab.mx_example.com
/usr/ports/distfiles /jails/mx.example.com/basejail/var/ports/distfiles nullfs rw 0 0
</code></pre>
<p>Create directory <code>/usr/jails/basejail/var/ports/distfiles</code>:</p>
<pre><code># mkdir /usr/jails/basejail/var/ports/distfiles
</code></pre><div class="footer">

9
html/install.iredmail.on.openbsd.html
View File

@ -104,17 +104,15 @@ is available through the ticket system.</p>
<p>No matter your server is a testing machine or production server, it's strongly
recommended to set a fully qualified domain name (FQDN) hostname.</p>
<p>Enter command <code>hostname</code> to view the current hostname:</p>
<pre><code class="shell">$ hostname
<pre><code class="language-shell">$ hostname
mx.example.com
</code></pre>
<p>On OpenBSD, hostname is set in two files: <code>/etc/myname</code> and <code>/etc/hosts</code>.</p>
<ul>
<li><code>/etc/myname</code>: FQDN.</li>
</ul>
<pre><code>mx.example.com
</code></pre>
<ul>
<li><code>/etc/hosts</code>: static table lookup for hostnames. <strong>Warning</strong>: Please list the
FQDN hostname as first item.</li>
@ -122,13 +120,11 @@ mx.example.com
<pre><code># Part of file: /etc/hosts
127.0.0.1 mx.example.com mx localhost localhost.localdomain
</code></pre>
<p>Verify the FQDN hostname. If it wasn't changed after updating above two files,
please reboot server to make it work.</p>
<pre><code>$ hostname
mx.example.com
</code></pre>
<h3 id="choose-a-nearest-mirror-site-for-installing-binary-packages">Choose a nearest mirror site for installing binary packages</h3>
<p>iRedMail will install all required binary packages with command <code>pkg_add -i</code>
from mirror site defined in file <code>/etc/installurl</code> (FYI:
@ -145,7 +141,6 @@ near you on OpenBSD web site:
is required, install it first:</p>
<pre><code>pkg_add bash
</code></pre>
<h3 id="download-the-latest-release-of-iredmail">Download the latest release of iRedMail</h3>
<ul>
<li>
@ -164,14 +159,12 @@ is required, install it first:</p>
<pre><code># cd /root/
# tar zxf iRedMail-x.y.z.tar.gz
</code></pre>
<h2 id="start-iredmail-installer">Start iRedMail installer</h2>
<p>It's now ready to start iRedMail installer, it will ask you several simple
questions, that's all required to setup a full-featured mail server.</p>
<pre><code># cd /root/iRedMail-x.y.z/
# bash iRedMail.sh
</code></pre>
<h2 id="screenshots-of-installation">Screenshots of installation</h2>
<ul>
<li>Welcome and thanks for your use</li>

10
html/install.iredmail.on.rhel-zh_CN.html
View File

@ -62,10 +62,9 @@ iRedMail 会自动安装和配置邮件服务所需的组件,因此如果操
<h3 id="fqdn">为服务器设置一个完整域名FQDN的主机名</h3>
<p>不管你的服务器将用于实际运行还是仅仅用作测试都建议设置一个完整域名FQDN的主机名。</p>
<p>输入命令 <code>hostname -f</code> 查看当前的主机名</p>
<pre><code class="shell">$ hostname -f
<pre><code class="language-shell">$ hostname -f
mx.example.com
</code></pre>
<p>在 RHEL/CentOS 系统上,主机名需要在两个文件里设置:</p>
<ol>
<li>
@ -81,20 +80,16 @@ mx.example.com
<pre><code>$ hostname -f
mx.example.com
</code></pre>
<h3 id="selinux">禁用 SELinux</h3>
<p>iRedMail 不支持 SELinux所以需要在 <code>/etc/selinux/config</code> 文件里禁用它。</p>
<pre><code>SELINUX=disabled
</code></pre>
<p>如果不希望禁用 SELinux可以设置为让它打印警告信息但不强制限制</p>
<pre><code>SELINUX=permissive
</code></pre>
<p>也可以无须重启服务就禁用它:</p>
<pre><code># setenforce 0
</code></pre>
<h3 id="yum">启用必须的 yum 仓库</h3>
<ul>
<li>
@ -115,19 +110,16 @@ mx.example.com
<pre><code># cd /root/
# tar xjf iRedMail-x.y.z.tar.bz2
</code></pre>
<h2 id="iredmail_1">运行 iRedMail 安装程序</h2>
<p>现在可以运行 iRedMail 安装程序了,它会问你几个简单的问题,仅此而已。</p>
<pre><code>cd /root/iRedMail-x.y.z/
bash iRedMail.sh
</code></pre>
<p>如果是在 CentOS 8 系统上安装iRedMail 安装程序会使用 <code>pip2</code> 命令安装几个
Python-2 的模块,国内用户请指定镜像站点完成安装,否则很大可能会因网络问题
导致安装失败:</p>
<pre><code>PIP_MIRROR_SITE='http://pypi.douban.com/simple/' PIP_TRUSTED_HOST=pypi.douban.com bash iRedMail.sh
</code></pre>
<h2 id="_3">安装过程的截图</h2>
<ul>
<li>欢迎和感谢使用</li>

10
html/install.iredmail.on.rhel.html
View File

@ -86,10 +86,9 @@ is available through the ticket system.</p>
<p>No matter your server is a testing machine or production server, it's strongly
recommended to set a fully qualified domain name (FQDN) hostname.</p>
<p>Enter command <code>hostname -f</code> to view the current hostname:</p>
<pre><code class="shell">$ hostname -f
<pre><code class="language-shell">$ hostname -f
mx.example.com
</code></pre>
<p>On RHEL/CentOS Linux, hostname is set in two files:</p>
<ol>
<li>
@ -105,23 +104,19 @@ mx.example.com
<pre><code>$ hostname -f
mx.example.com
</code></pre>
<h3 id="disable-selinux">Disable SELinux.</h3>
<p>iRedMail doesn't work with SELinux, so please disable it by setting below
value in its config file <code>/etc/selinux/config</code>. After server reboot, SELinux
will be completely disabled.</p>
<pre><code>SELINUX=disabled
</code></pre>
<p>If you prefer to let SELinux prints warnings instead of enforcing, you can
set below value instead:</p>
<pre><code>SELINUX=permissive
</code></pre>
<p>Disable it immediately without rebooting your server.</p>
<pre><code># setenforce 0
</code></pre>
<h3 id="enable-yum-repositories-for-installing-new-packages">Enable yum repositories for installing new packages</h3>
<ul>
<li>
@ -147,7 +142,6 @@ set below value instead:</p>
<pre><code>dnf -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms
</code></pre>
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Since official RHEL/CentOS and EPEL repositories don't have all
@ -177,14 +171,12 @@ used by iRedMail team to build the binary packages are available
<pre><code># cd /root/
# tar zxf iRedMail-x.y.z.tar.gz
</code></pre>
<h2 id="start-iredmail-installer">Start iRedMail installer</h2>
<p>It's now ready to start iRedMail installer, it will ask you several simple
questions, that's all required to setup a full-featured mail server.</p>
<pre><code># cd /root/iRedMail-x.y.z/
# bash iRedMail.sh
</code></pre>
<h2 id="screenshots-of-installation">Screenshots of installation:</h2>
<ul>
<li>Welcome and thanks for your use</li>

5
html/install.iredmail.with.remote.mysql.server.html
View File

@ -51,7 +51,6 @@ from iRedMail server (<code>192.168.1.200</code> in our case).</p>
<pre><code># netstat -ntlp | grep 3306
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 2479/mysqld
</code></pre>
<p>If MySQL server is listening on only 127.0.0.1, please update parameter
<code>bind-address</code> in MySQL config file <code>my.cnf</code> to make sure it listens on all
available IPv4 addresses like below, restarting MySQL service is required:</p>
@ -63,7 +62,6 @@ available IPv4 addresses like below, restarting MySQL service is required:</p>
<pre><code># If you comment out this parameter, it listens on all available IPv6 addresses
bind-address = 0.0.0.0
</code></pre>
<ul>
<li>
<p>Make sure remote MySQL request will not be blocked by network firewall like
@ -80,7 +78,6 @@ GRANT ALL PRIVILEGES ON *.* TO 'admin_iredmail'@'192.168.1.200' IDENTIFIED BY 'a
FLUSH PRIVILEGES;
FLUSH HOSTS;
</code></pre>
<p>With above commands, MySQL user <code>admin_iredmail</code> is allowed to connect from IP
address <code>192.168.1.200</code> with password <code>admin_password</code>.</p>
<p><strong>Notes</strong>:</p>
@ -114,7 +111,6 @@ DROP USER 'sogo'@'192.168.1.200';
DROP USER 'vmail'@'192.168.1.200';
DROP USER 'vmailadmin'@'192.168.1.200';
</code></pre>
<h2 id="install-iredmail">Install iRedMail</h2>
<p>Please follow iRedMail installation guide strictly, but start iRedMail
installer with below command instead of the original one (<code>bash iRedMail.sh</code>):</p>
@ -131,7 +127,6 @@ surround it with <code>[]</code> like this: <code>[fd01:2345:6789:1::1]</code>.<
MYSQL_GRANT_HOST='192.168.1.200' \
bash iRedMail.sh
</code></pre>
<p>It will launch iRedMail installation wizard as usual.</p>
<p>Parameters we used in above command line:</p>
<ul>

33
html/integration.mlmmj.ldap.html
View File

@ -86,7 +86,6 @@ yum install mlmmj uwsgi uwsgi-plugin-python36 uwsgi-logger-syslog python3-reques
yum install mlmmj python3-pip3 python3-requests python3-ldap
pip3 install uwsgi
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
@ -96,7 +95,6 @@ apt-get install mlmmj uwsgi uwsgi-plugin-python3 python3-requests python3-pyldap
# Other Debian/Ubuntu releases
apt-get install mlmmj uwsgi uwsgi-plugin-python3 python3-requests python3-ldap
</code></pre>
<ul>
<li>On FreeBSD:</li>
</ul>
@ -107,14 +105,12 @@ make install clean
cd /usr/ports/www/py-requests
make install clean
</code></pre>
<ul>
<li>On OpenBSD (iRedMail always installs <code>uwsgi</code> during installation, so no need
to install it here):</li>
</ul>
<pre><code>pkg_add mlmmj altermime py3-ldap
</code></pre>
<h2 id="create-required-system-account">Create required system account</h2>
<p>mlmmj will be ran as user <code>mlmmj</code> and group <code>mlmmj</code>, all mailing list data will
be stored under its home directory <code>/var/vmail/mlmmj</code>:</p>
@ -126,7 +122,6 @@ chown -R mlmmj:mlmmj /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod -R 0700 /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod 0755 /var/vmail # Make sure this directory is accessible by other users
</code></pre>
<p>On FreeBSD:</p>
<pre><code>pw groupadd mlmmj
pw useradd mlmmj -m -g mlmmj -s /sbin/nologin -d /var/vmail/mlmmj
@ -135,7 +130,6 @@ chown -R mlmmj:mlmmj /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod -R 0700 /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod 0755 /var/vmail # Make sure this directory is accessible by other users
</code></pre>
<h2 id="postfix-integration">Postfix integration</h2>
<ul>
<li>Please add lines below in Postfix config file <code>/etc/postfix/master.cf</code>:</li>
@ -152,13 +146,11 @@ chmod 0755 /var/vmail # Make sure this directory is accessible by othe
mlmmj unix - n n - - pipe
flags=ORhu user=mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}
</code></pre>
<ul>
<li>Add line below in Postfix config file <code>/etc/postfix/main.cf</code>:</li>
</ul>
<pre><code>mlmmj_destination_recipient_limit = 1
</code></pre>
<ul>
<li>Open file <code>/etc/postfix/ldap/virtual_group_maps.cf</code>, replace the
<code>query_filter</code> line by below one. It will query old mailing list and new
@ -166,7 +158,6 @@ mlmmj unix - n n - - pipe
</ul>
<pre><code>query_filter = (&amp;(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail)(enabledService=deliver)(|(&amp;(objectClass=mailUser)(|(memberOfGroup=%s)(shadowAddress=%s)))(&amp;(memberOfGroup=%s)(!(shadowAddress=%s))(|(objectClass=mailExternalUser)(&amp;(objectClass=mailList)(!(enabledService=mlmmj)))(objectClass=mailAlias)))(&amp;(objectClass=mailList)(enabledService=mlmmj)(|(mail=%s)(shadowAddress=%s)))))
</code></pre>
<ul>
<li>Open file <code>/etc/postfix/ldap/transport_maps_user.cf</code>, make sure no <code>ou=Users,</code>
in <code>search_base =</code> line, and change <code>scope = one</code> to <code>scope = sub</code>:</li>
@ -174,7 +165,6 @@ mlmmj unix - n n - - pipe
<pre><code>search_base = domainName=%d,o=domains,dc=xx,dc=xx
scope = sub
</code></pre>
<ul>
<li>Open file <code>/etc/postfix/ldap/transport_maps_user.cf</code>, replace the
<code>query_filter</code> line by below one. It will query both mail user and mlmmj
@ -182,7 +172,6 @@ scope = sub
</ul>
<pre><code>query_filter = (&amp;(|(objectClass=mailUser)(&amp;(objectClass=mailList)(enabledService=mlmmj)))(|(mail=%s)(shadowAddress=%s))(accountStatus=active)(!(domainStatus=disabled))(enabledService=mail))
</code></pre>
<ul>
<li>Run commands below to create file <code>/usr/bin/mlmmj-amime-receive</code> (Linux) or
<code>/usr/local/bin/mlmmj-amime-receive</code> (FreeBSD/OpenBSD):</li>
@ -201,14 +190,12 @@ wget https://github.com/iredmail/iRedMail/raw/1.0/samples/mlmmj/mlmmj-amime-rece
chown mlmmj:mlmmj mlmmj-amime-receive
chmod 0550 mlmmj-amime-receive
</code></pre>
<p>On FreeBSD or OpenBSD:</p>
<pre><code>cd /usr/local/bin/
wget https://github.com/iredmail/iRedMail/raw/1.0/samples/mlmmj/mlmmj-amime-receive
chown mlmmj:mlmmj mlmmj-amime-receive
chmod 0550 mlmmj-amime-receive
</code></pre>
<h2 id="amavisd-integration">Amavisd Integration</h2>
<p>We need Amavisd to listen on one more port <code>10027</code>, it will be used to scan
spam/virus for emails posted to mailing list.</p>
@ -224,7 +211,6 @@ spam/virus for emails posted to mailing list.</p>
</ul>
<pre><code>$inet_socket_port = [10024, 10026, 10027, 9998];
</code></pre>
<ul>
<li>Add lines below in Amavisd config file. It creates a new policy bank called
<code>MLMMJ</code> for emails submitted by mlmmj from port 10027. The purpose is signing
@ -246,7 +232,6 @@ $policy_bank{'MLMMJ'} = {
bypass_header_checks_maps =&gt; [1], # don't check bad header
};
</code></pre>
<p>Now restart Amavisd and Postfix service, mlmmj mailing list manager is now
fully integrated.</p>
<p>We will setup <code>mlmmjadmin</code> program to make managing mailing lists easier.</p>
@ -271,7 +256,6 @@ tar zxf 3.1.3.tar.gz -C /opt
rm -f 3.1.3.tar.gz
ln -s /opt/mlmmjadmin-3.1.3 /opt/mlmmjadmin
</code></pre>
<ul>
<li>Generate config file by copying sample file, <code>settings.py.sample</code>:</li>
</ul>
@ -280,7 +264,6 @@ cp settings.py.sample settings.py
chown mlmmj:mlmmj settings.py
chmod 0400 settings.py
</code></pre>
<ul>
<li>Generate a random, long string as API auth token, it will be used by your
API client. For example:</li>
@ -293,18 +276,15 @@ $ eval &lt;/dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &amp;&gt;/dev/null || hea
$ eval &lt;/dev/random tr -cd [:alnum:] | fold -w 32 | head -1
43a89b7aa34354089e629ed9f9be0b3b
</code></pre>
<ul>
<li>Add this string in <code>/opt/mlmmjadmin/settings.py</code>, parameter <code>api_auth_tokens</code>
like below:</li>
</ul>
<pre><code>api_auth_tokens = ['43a89b7aa34354089e629ed9f9be0b3b']
</code></pre>
<p>You can add as many token as you want for different API clients. For example:</p>
<pre><code>api_auth_tokens = ['43a89b7aa34354089e629ed9f9be0b3b', '703ed37b20243d7c51c56ce6cd90e94c']
</code></pre>
<ul>
<li>if you manage mail accounts <strong>WITH</strong> iRedAdmin-Pro, please set values of
parameters <code>backend_api</code> and <code>backend_cli</code> in <code>/opt/mlmmjadmin/settings.py</code>
@ -313,7 +293,6 @@ $ eval &lt;/dev/random tr -cd [:alnum:] | fold -w 32 | head -1
<pre><code>backend_api = 'bk_none'
backend_cli = 'bk_iredmail_ldap'
</code></pre>
<ul>
<li>if you do <strong>NOT</strong> manage mail accounts with iRedAdmin-Pro, please set values
of parameters <code>backend_api</code> and <code>backend_cli</code> in <code>/opt/mlmmjadmin/settings.py</code>
@ -322,7 +301,6 @@ backend_cli = 'bk_iredmail_ldap'
<pre><code>backend_api = 'bk_iredmail_ldap'
backend_cli = 'bk_iredmail_ldap'
</code></pre>
<ul>
<li>
<p>Add extra required parameters in <code>/opt/mlmmjadmin/settings.py</code>, so that
@ -341,7 +319,6 @@ iredmail_ldap_basedn = 'o=domains,dc=XXX,dc=XXX'
iredmail_ldap_bind_dn = 'cn=vmailadmin,dc=XXX,dc=XXX'
iredmail_ldap_bind_password = 'xxxxxxxx'
</code></pre>
<ul>
<li>Add extra required parameters in <code>/opt/mlmmjadmin/settings.py</code> to use the
directory used to store mailing lists:</li>
@ -350,7 +327,6 @@ iredmail_ldap_bind_password = 'xxxxxxxx'
MLMMJ_ARCHIVE_DIR = '/var/vmail/mlmmj-archive'
MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</code></pre>
<ul>
<li>If you're running OpenBSD or FreeBSD, please add parameter <code>MLMMJ_SKEL_DIR</code>
in <code>/opt/mlmmjadmin/settings.py</code> to set the directory which stores mlmmj mail
@ -358,7 +334,6 @@ MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</ul>
<pre><code>MLMMJ_SKEL_DIR = '/usr/local/share/mlmmj/text.skel'
</code></pre>
<ul>
<li>Copy rc/systemd scripts for service control:</li>
</ul>
@ -407,7 +382,6 @@ cp /opt/mlmmjadmin/rc_scripts/mlmmjadmin.openbsd /etc/rc.d/mlmmjadmin
chmod 0755 /etc/rc.d/mlmmjadmin
rcctl enable mlmmjadmin
</code></pre>
<ul>
<li>Create directory used to store mlmmjadmin log file. mlmmjadmin is
configured to log to syslog directly.</li>
@ -440,7 +414,6 @@ mkdir /var/log/mlmmjadmin
chown root:wheel /var/log/mlmmjadmin
chmod 0755 /var/log/mlmmjadmin
</code></pre>
<ul>
<li>Update syslog daemon config file to log mlmmjadmin to dedicated log file:</li>
</ul>
@ -448,17 +421,14 @@ chmod 0755 /var/log/mlmmjadmin
<pre><code>cp /opt/mlmmjadmin/samples/rsyslog/mlmmjadmin.conf /etc/rsyslog.d/
service rsyslog restart
</code></pre>
<p>For OpenBSD, please append below lines in <code>/etc/syslog.conf</code>:</p>
<pre><code>!!mlmmjadmin
local5.* /var/log/mlmmjadmin/mlmmjadmin.log
</code></pre>
<p>For FreeBSD, please append below lines in <code>/etc/syslog.conf</code>:</p>
<pre><code>!mlmmjadmin
local5.* /var/log/mlmmjadmin/mlmmjadmin.log
</code></pre>
<ul>
<li>Now it's ok to start <code>mlmmjadmin</code> service, it listens on <code>127.0.0.1:7790</code>
by default:</li>
@ -473,16 +443,13 @@ service mlmmjadmin restart
#
rcctl start mlmmjadmin
</code></pre>
<p>On Linux, you can check the port number with command <code>netstat</code> or <code>ss</code> like below:</p>
<pre><code>netstat -ntlp | grep 7790
ss -ntlp | grep 7790
</code></pre>
<p>On FreeBSD/OpenBSD, run:</p>
<pre><code>netstat -anl -p tcp | grep 7790
</code></pre>
<h2 id="manage-subscribeable-mailing-lists">Manage subscribeable mailing lists</h2>
<p>Please read document <a href="./manage.subscribeable.mailing.lists.html">Manage subscribeable mailing lists</a>.</p>
<h2 id="references">References</h2>

32
html/integration.mlmmj.mysql.html
View File

@ -85,13 +85,11 @@ yum install mlmmj uwsgi uwsgi-plugin-python36 uwsgi-logger-syslog python3-reques
yum install mlmmj python3-pip3 python3-requests python3-PyMySQL
pip3 install uwsgi
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
<pre><code>apt-get install mlmmj uwsgi uwsgi-plugin-python3 python3-requests
</code></pre>
<ul>
<li>On FreeBSD:</li>
</ul>
@ -102,13 +100,11 @@ make install clean
cd /usr/ports/www/py-requests
make install clean
</code></pre>
<ul>
<li>On OpenBSD:</li>
</ul>
<pre><code>pkg_add mlmmj altermime py3-requests
</code></pre>
<h2 id="create-required-system-account">Create required system account</h2>
<p>mlmmj will be ran as user <code>mlmmj</code> and group <code>mlmmj</code>, all mailing list data will
be stored under its home directory <code>/var/vmail/mlmmj</code>:</p>
@ -120,7 +116,6 @@ chown -R mlmmj:mlmmj /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod -R 0700 /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod 0755 /var/vmail # Make sure this directory is accessible by other users
</code></pre>
<p>On FreeBSD:</p>
<pre><code>pw groupadd mlmmj
pw useradd mlmmj -m -g mlmmj -s /sbin/nologin -d /var/vmail/mlmmj
@ -129,7 +124,6 @@ chown -R mlmmj:mlmmj /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod -R 0700 /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod 0755 /var/vmail # Make sure this directory is accessible by other users
</code></pre>
<h2 id="update-sql-tables-in-vmail-database">Update SQL tables in <code>vmail</code> database</h2>
<p>We need some updates in <code>vmail</code> SQL database:</p>
<ul>
@ -163,13 +157,11 @@ by following our tutorials first:</p>
mlmmj unix - n n - - pipe
flags=ORhu user=mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}
</code></pre>
<ul>
<li>Add line below in Postfix config file <code>/etc/postfix/main.cf</code>:</li>
</ul>
<pre><code>mlmmj_destination_recipient_limit = 1
</code></pre>
<ul>
<li>Open Postfix config file <code>/etc/postfix/main.cf</code>, update existing parameter
<code>transport_maps</code>, add new sql lookup <code>/etc/postfix/mysql/transport_maps_maillist.cf</code>
@ -181,7 +173,6 @@ mlmmj unix - n n - - pipe
proxy:mysql:/etc/postfix/mysql/transport_maps_maillist.cf
...
</code></pre>
<ul>
<li>Now create file <code>/etc/postfix/mysql/transport_maps_maillist.cf</code>:</li>
</ul>
@ -197,7 +188,6 @@ password = qsescZvV03f6YUtTMN2bQTejmjatzz
dbname = vmail
query = SELECT maillists.transport FROM maillists,domain WHERE maillists.address='%s' AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1
</code></pre>
<ul>
<li>Run commands below to create file <code>/usr/bin/mlmmj-amime-receive</code> (Linux) or
<code>/usr/local/bin/mlmmj-amime-receive</code> (FreeBSD/OpenBSD):</li>
@ -216,14 +206,12 @@ wget https://github.com/iredmail/iRedMail/raw/1.0/samples/mlmmj/mlmmj-amime-rece
chown mlmmj:mlmmj mlmmj-amime-receive
chmod 0550 mlmmj-amime-receive
</code></pre>
<p>On FreeBSD or OpenBSD:</p>
<pre><code>cd /usr/local/bin/
wget https://github.com/iredmail/iRedMail/raw/1.0/samples/mlmmj/mlmmj-amime-receive
chown mlmmj:mlmmj mlmmj-amime-receive
chmod 0550 mlmmj-amime-receive
</code></pre>
<h2 id="amavisd-integration">Amavisd Integration</h2>
<p>We need Amavisd to listen on one more port <code>10027</code>, it will be used to scan
spam/virus for emails posted to mailing list.</p>
@ -239,7 +227,6 @@ spam/virus for emails posted to mailing list.</p>
</ul>
<pre><code>$inet_socket_port = [10024, 10026, 10027, 9998];
</code></pre>
<ul>
<li>Add lines below in Amavisd config file. It creates a new policy bank called
<code>MLMMJ</code> for emails submitted by mlmmj from port 10027. The purpose is signing
@ -261,7 +248,6 @@ $policy_bank{'MLMMJ'} = {
bypass_header_checks_maps =&gt; [1], # don't check bad header
};
</code></pre>
<p>Now restart Amavisd and Postfix service, mlmmj mailing list manager is now
fully integrated.</p>
<p>We will setup <code>mlmmjadmin</code> program to make managing mailing lists easier.</p>
@ -286,7 +272,6 @@ tar zxf 3.1.3.tar.gz -C /opt
rm -f 3.1.3.tar.gz
ln -s /opt/mlmmjadmin-3.1.3 /opt/mlmmjadmin
</code></pre>
<ul>
<li>Generate config file by copying sample file, <code>settings.py.sample</code>:</li>
</ul>
@ -295,7 +280,6 @@ cp settings.py.sample settings.py
chown mlmmj:mlmmj settings.py
chmod 0400 settings.py
</code></pre>
<ul>
<li>Generate a random, long string as API auth token, it will be used by your
API client. For example:</li>
@ -308,18 +292,15 @@ $ eval &lt;/dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &amp;&gt;/dev/null || hea
$ eval &lt;/dev/random tr -cd [:alnum:] | fold -w 32 | head -1
43a89b7aa34354089e629ed9f9be0b3b
</code></pre>
<ul>
<li>Add this string in <code>/opt/mlmmjadmin/settings.py</code>, parameter <code>api_auth_tokens</code>
like below:</li>
</ul>
<pre><code>api_auth_tokens = ['43a89b7aa34354089e629ed9f9be0b3b']
</code></pre>
<p>You can add as many token as you want for different API clients. For example:</p>
<pre><code>api_auth_tokens = ['43a89b7aa34354089e629ed9f9be0b3b', '703ed37b20243d7c51c56ce6cd90e94c']
</code></pre>
<ul>
<li>if you manage mail accounts <strong>WITH</strong> iRedAdmin-Pro, please set values of
parameters <code>backend_api</code> and <code>backend_cli</code> in <code>/opt/mlmmjadmin/settings.py</code>
@ -328,7 +309,6 @@ $ eval &lt;/dev/random tr -cd [:alnum:] | fold -w 32 | head -1
<pre><code>backend_api = 'bk_none'
backend_cli = 'bk_iredmail_sql'
</code></pre>
<ul>
<li>if you do <strong>NOT</strong> manage mail accounts with iRedAdmin-Pro, please set values
of parameters <code>backend_api</code> and <code>backend_cli</code> in <code>/opt/mlmmjadmin/settings.py</code>
@ -337,7 +317,6 @@ backend_cli = 'bk_iredmail_sql'
<pre><code>backend_api = 'bk_iredmail_sql'
backend_cli = 'bk_iredmail_sql'
</code></pre>
<ul>
<li>
<p>Add extra required parameters in <code>/opt/mlmmjadmin/settings.py</code>, so that
@ -358,7 +337,6 @@ iredmail_sql_db_name = 'vmail'
iredmail_sql_db_user = 'vmailadmin'
iredmail_sql_db_password = '&lt;password&gt;'
</code></pre>
<ul>
<li>Add extra required parameters in <code>/opt/mlmmjadmin/settings.py</code> to use the
directory used to store mailing lists:</li>
@ -367,7 +345,6 @@ iredmail_sql_db_password = '&lt;password&gt;'
MLMMJ_ARCHIVE_DIR = '/var/vmail/mlmmj-archive'
MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</code></pre>
<ul>
<li>If you're running OpenBSD or FreeBSD, please add parameter <code>MLMMJ_SKEL_DIR</code>
in <code>/opt/mlmmjadmin/settings.py</code> to set the directory which stores mlmmj mail
@ -375,7 +352,6 @@ MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</ul>
<pre><code>MLMMJ_SKEL_DIR = '/usr/local/share/mlmmj/text.skel'
</code></pre>
<ul>
<li>Copy rc/systemd scripts for service control:</li>
</ul>
@ -424,7 +400,6 @@ cp /opt/mlmmjadmin/rc_scripts/mlmmjadmin.openbsd /etc/rc.d/mlmmjadmin
chmod 0755 /etc/rc.d/mlmmjadmin
rcctl enable mlmmjadmin
</code></pre>
<ul>
<li>Create directory used to store mlmmjadmin log file. mlmmjadmin is
configured to log to syslog directly.</li>
@ -457,7 +432,6 @@ mkdir /var/log/mlmmjadmin
chown root:wheel /var/log/mlmmjadmin
chmod 0755 /var/log/mlmmjadmin
</code></pre>
<ul>
<li>Update syslog daemon config file to log mlmmjadmin to dedicated log file:</li>
</ul>
@ -465,17 +439,14 @@ chmod 0755 /var/log/mlmmjadmin
<pre><code>cp /opt/mlmmjadmin/samples/rsyslog/mlmmjadmin.conf /etc/rsyslog.d/
service rsyslog restart
</code></pre>
<p>For OpenBSD, please append below lines in <code>/etc/syslog.conf</code>:</p>
<pre><code>!!mlmmjadmin
local5.* /var/log/mlmmjadmin/mlmmjadmin.log
</code></pre>
<p>For FreeBSD, please append below lines in <code>/etc/syslog.conf</code>:</p>
<pre><code>!mlmmjadmin
local5.* /var/log/mlmmjadmin/mlmmjadmin.log
</code></pre>
<ul>
<li>Now it's ok to start <code>mlmmjadmin</code> service, it listens on <code>127.0.0.1:7790</code>
by default:</li>
@ -490,16 +461,13 @@ service mlmmjadmin restart
#
rcctl start mlmmjadmin
</code></pre>
<p>On Linux, you can check the port number with command <code>netstat</code> or <code>ss</code> like below:</p>
<pre><code>netstat -ntlp | grep 7790
ss -ntlp | grep 7790
</code></pre>
<p>On FreeBSD/OpenBSD, run:</p>
<pre><code>netstat -anl -p tcp | grep 7790
</code></pre>
<h2 id="manage-subscribeable-mailing-lists">Manage subscribeable mailing lists</h2>
<p>Please read document <a href="./manage.subscribeable.mailing.lists.html">Manage subscribeable mailing lists</a>.</p>
<h2 id="references">References</h2>

32
html/integration.mlmmj.pgsql.html
View File

@ -85,13 +85,11 @@ yum install mlmmj uwsgi uwsgi-plugin-python36 uwsgi-logger-syslog python3-reques
yum install mlmmj python3-pip3 python3-requests python3-PyMySQL
pip3 install uwsgi
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
<pre><code>apt-get install mlmmj uwsgi uwsgi-plugin-python3 python3-requests
</code></pre>
<ul>
<li>On FreeBSD:</li>
</ul>
@ -102,14 +100,12 @@ make install clean
cd /usr/ports/www/py-requests
make install clean
</code></pre>
<ul>
<li>On OpenBSD (iRedMail always installs <code>uwsgi</code> during installation, so no need
to install it here):</li>
</ul>
<pre><code>pkg_add mlmmj altermime py3-requests
</code></pre>
<h2 id="create-required-system-account">Create required system account</h2>
<p>mlmmj will be ran as user <code>mlmmj</code> and group <code>mlmmj</code>, all mailing list data will
be stored under its home directory <code>/var/vmail/mlmmj</code>:</p>
@ -121,7 +117,6 @@ chown -R mlmmj:mlmmj /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod -R 0700 /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod 0755 /var/vmail # Make sure this directory is accessible by other users
</code></pre>
<p>On FreeBSD:</p>
<pre><code>pw groupadd mlmmj
pw useradd mlmmj -m -g mlmmj -s /sbin/nologin -d /var/vmail/mlmmj
@ -130,7 +125,6 @@ chown -R mlmmj:mlmmj /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod -R 0700 /var/vmail/mlmmj /var/vmail/mlmmj-archive
chmod 0755 /var/vmail # Make sure this directory is accessible by other users
</code></pre>
<h2 id="update-sql-tables-in-vmail-database">Update SQL tables in <code>vmail</code> database</h2>
<p>We need some updates in <code>vmail</code> SQL database:</p>
<ul>
@ -164,13 +158,11 @@ by following our tutorials first:</p>
mlmmj unix - n n - - pipe
flags=ORhu user=mlmmj argv=/usr/bin/mlmmj-amime-receive -L /var/vmail/mlmmj/${nexthop}
</code></pre>
<ul>
<li>Add line below in Postfix config file <code>/etc/postfix/main.cf</code>:</li>
</ul>
<pre><code>mlmmj_destination_recipient_limit = 1
</code></pre>
<ul>
<li>Open Postfix config file <code>/etc/postfix/main.cf</code>, update existing parameter
<code>transport_maps</code>, add new sql lookup <code>/etc/postfix/pgsql/transport_maps_maillist.cf</code>
@ -182,7 +174,6 @@ mlmmj unix - n n - - pipe
proxy:pgsql:/etc/postfix/pgsql/transport_maps_maillist.cf
...
</code></pre>
<ul>
<li>Now create file <code>/etc/postfix/pgsql/transport_maps_maillist.cf</code>:</li>
</ul>
@ -198,7 +189,6 @@ password = qsescZvV03f6YUtTMN2bQTejmjatzz
dbname = vmail
query = SELECT maillists.transport FROM maillists,domain WHERE maillists.address='%s' AND maillists.active=1 AND maillists.domain = domain.domain AND domain.active=1
</code></pre>
<ul>
<li>Run commands below to create file <code>/usr/bin/mlmmj-amime-receive</code> (Linux) or
<code>/usr/local/bin/mlmmj-amime-receive</code> (FreeBSD/OpenBSD):</li>
@ -217,14 +207,12 @@ wget https://github.com/iredmail/iRedMail/raw/1.0/samples/mlmmj/mlmmj-amime-rece
chown mlmmj:mlmmj mlmmj-amime-receive
chmod 0550 mlmmj-amime-receive
</code></pre>
<p>On FreeBSD or OpenBSD:</p>
<pre><code>cd /usr/local/bin/
wget https://github.com/iredmail/iRedMail/raw/1.0/samples/mlmmj/mlmmj-amime-receive
chown mlmmj:mlmmj mlmmj-amime-receive
chmod 0550 mlmmj-amime-receive
</code></pre>
<h2 id="amavisd-integration">Amavisd Integration</h2>
<p>We need Amavisd to listen on one more port <code>10027</code>, it will be used to scan
spam/virus for emails posted to mailing list.</p>
@ -240,7 +228,6 @@ spam/virus for emails posted to mailing list.</p>
</ul>
<pre><code>$inet_socket_port = [10024, 10026, 10027, 9998];
</code></pre>
<ul>
<li>Add lines below in Amavisd config file. It creates a new policy bank called
<code>MLMMJ</code> for emails submitted by mlmmj from port 10027. The purpose is signing
@ -262,7 +249,6 @@ $policy_bank{'MLMMJ'} = {
bypass_header_checks_maps =&gt; [1], # don't check bad header
};
</code></pre>
<p>Now restart Amavisd and Postfix service, mlmmj mailing list manager is now
fully integrated.</p>
<p>We will setup <code>mlmmjadmin</code> program to make managing mailing lists easier.</p>
@ -287,7 +273,6 @@ tar zxf 3.1.3.tar.gz -C /opt
rm -f 3.1.3.tar.gz
ln -s /opt/mlmmjadmin-3.1.3 /opt/mlmmjadmin
</code></pre>
<ul>
<li>Generate config file by copying sample file, <code>settings.py.sample</code>:</li>
</ul>
@ -296,7 +281,6 @@ cp settings.py.sample settings.py
chown mlmmj:mlmmj settings.py
chmod 0400 settings.py
</code></pre>
<ul>
<li>Generate a random, long string as API auth token, it will be used by your
API client. For example:</li>
@ -309,18 +293,15 @@ $ eval &lt;/dev/urandom tr -dc A-Za-z0-9 | (head -c $1 &amp;&gt;/dev/null || hea
$ eval &lt;/dev/random tr -cd [:alnum:] | fold -w 32 | head -1
43a89b7aa34354089e629ed9f9be0b3b
</code></pre>
<ul>
<li>Add this string in <code>/opt/mlmmjadmin/settings.py</code>, parameter <code>api_auth_tokens</code>
like below:</li>
</ul>
<pre><code>api_auth_tokens = ['43a89b7aa34354089e629ed9f9be0b3b']
</code></pre>
<p>You can add as many token as you want for different API clients. For example:</p>
<pre><code>api_auth_tokens = ['43a89b7aa34354089e629ed9f9be0b3b', '703ed37b20243d7c51c56ce6cd90e94c']
</code></pre>
<ul>
<li>if you manage mail accounts <strong>WITH</strong> iRedAdmin-Pro, please set values of
parameters <code>backend_api</code> and <code>backend_cli</code> in <code>/opt/mlmmjadmin/settings.py</code>
@ -329,7 +310,6 @@ $ eval &lt;/dev/random tr -cd [:alnum:] | fold -w 32 | head -1
<pre><code>backend_api = 'bk_none'
backend_cli = 'bk_iredmail_sql'
</code></pre>
<ul>
<li>if you do <strong>NOT</strong> manage mail accounts with iRedAdmin-Pro, please set values
of parameters <code>backend_api</code> and <code>backend_cli</code> in <code>/opt/mlmmjadmin/settings.py</code>
@ -338,7 +318,6 @@ backend_cli = 'bk_iredmail_sql'
<pre><code>backend_api = 'bk_iredmail_sql'
backend_cli = 'bk_iredmail_sql'
</code></pre>
<ul>
<li>
<p>Add extra required parameters in <code>/opt/mlmmjadmin/settings.py</code>, so that
@ -359,7 +338,6 @@ iredmail_sql_db_name = 'vmail'
iredmail_sql_db_user = 'vmailadmin'
iredmail_sql_db_password = '&lt;password&gt;'
</code></pre>
<ul>
<li>Add extra required parameters in <code>/opt/mlmmjadmin/settings.py</code> to use the
directory used to store mailing lists:</li>
@ -368,7 +346,6 @@ iredmail_sql_db_password = '&lt;password&gt;'
MLMMJ_ARCHIVE_DIR = '/var/vmail/mlmmj-archive'
MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</code></pre>
<ul>
<li>If you're running OpenBSD or FreeBSD, please add parameter <code>MLMMJ_SKEL_DIR</code>
in <code>/opt/mlmmjadmin/settings.py</code> to set the directory which stores mlmmj mail
@ -376,7 +353,6 @@ MLMMJ_DEFAULT_PROFILE_SETTINGS.update({'smtp_port': 10027})
</ul>
<pre><code>MLMMJ_SKEL_DIR = '/usr/local/share/mlmmj/text.skel'
</code></pre>
<ul>
<li>Copy rc/systemd scripts for service control:</li>
</ul>
@ -425,7 +401,6 @@ cp /opt/mlmmjadmin/rc_scripts/mlmmjadmin.openbsd /etc/rc.d/mlmmjadmin
chmod 0755 /etc/rc.d/mlmmjadmin
rcctl enable mlmmjadmin
</code></pre>
<ul>
<li>Create directory used to store mlmmjadmin log file. mlmmjadmin is
configured to log to syslog directly.</li>
@ -458,7 +433,6 @@ mkdir /var/log/mlmmjadmin
chown root:wheel /var/log/mlmmjadmin
chmod 0755 /var/log/mlmmjadmin
</code></pre>
<ul>
<li>Update syslog daemon config file to log mlmmjadmin to dedicated log file:</li>
</ul>
@ -466,17 +440,14 @@ chmod 0755 /var/log/mlmmjadmin
<pre><code>cp /opt/mlmmjadmin/samples/rsyslog/mlmmjadmin.conf /etc/rsyslog.d/
service rsyslog restart
</code></pre>
<p>For OpenBSD, please append below lines in <code>/etc/syslog.conf</code>:</p>
<pre><code>!!mlmmjadmin
local5.* /var/log/mlmmjadmin/mlmmjadmin.log
</code></pre>
<p>For FreeBSD, please append below lines in <code>/etc/syslog.conf</code>:</p>
<pre><code>!mlmmjadmin
local5.* /var/log/mlmmjadmin/mlmmjadmin.log
</code></pre>
<ul>
<li>Now it's ok to start <code>mlmmjadmin</code> service, it listens on <code>127.0.0.1:7790</code>
by default:</li>
@ -491,16 +462,13 @@ service mlmmjadmin restart
#
rcctl start mlmmjadmin
</code></pre>
<p>On Linux, you can check the port number with command <code>netstat</code> or <code>ss</code> like below:</p>
<pre><code>netstat -ntlp | grep 7790
ss -ntlp | grep 7790
</code></pre>
<p>On FreeBSD/OpenBSD, run:</p>
<pre><code>netstat -anl -p tcp | grep 7790
</code></pre>
<h2 id="manage-subscribeable-mailing-lists">Manage subscribeable mailing lists</h2>
<p>Please read document <a href="./manage.subscribeable.mailing.lists.html">Manage subscribeable mailing lists</a>.</p>
<h2 id="references">References</h2>

20
html/integration.netdata.freebsd.html
View File

@ -54,7 +54,6 @@ its website to check online demo.</p>
<pre><code>cd /usr/ports/net-mgmt/netdata
make install clean
</code></pre>
<h2 id="configure-netdata">Configure netdata</h2>
<p>Main config file of netdata is <code>/usr/local/etc/netdata/netdata.conf</code>, it
contains many parameters with detailed comments. Here's the
@ -81,7 +80,6 @@ used by iRedMail:</p>
# inbound packets dropped
/proc/net/dev = no
</code></pre>
<p>netdata ships a lot modular config files to gather information of softwares
running on the server, they have very good default settings and most config
files don't need your attention at all, including:</p>
@ -113,7 +111,6 @@ access to dn=&quot;cn=monitor&quot;
by dn.exact=&quot;cn=vmail,dc=example,dc=com&quot; read
by * none
</code></pre>
<p>It enables OpenLDAP backend <code>monitor</code>, also grant <code>read</code> access to dn
<code>cn=Manager,dc=example,dc=com</code> and <code>cn=vmail,dc=example,dc=com</code>. Again, you
must replace <code>dc=example,dc=com</code> by the real LDAP suffix that you use.</p>
@ -121,12 +118,10 @@ must replace <code>dc=example,dc=com</code> by the real LDAP suffix that you use
<pre><code>modulepath /usr/local/libexec/openldap
moduleload back_mdb
</code></pre>
<p>Append a new <code>moduleload</code> directive right after <code>moduleload back_mdb</code> like
below:</p>
<pre><code>moduleload back_monitor
</code></pre>
<p>Now restart OpenLDAP service.</p>
<p>Create file <code>/usr/local/etc/netdata/python.d/openldap.conf</code> with content below:</p>
<div class="admonition attention">
@ -146,7 +141,6 @@ local:
port : 389
timeout : 1
</code></pre>
<p>Now restart netdata service.</p>
<h3 id="monitor-nginx-and-php-fpm">Monitor Nginx and php-fpm</h3>
<p>We need to enable <code>stub_status</code> in Nginx to get detailed server info, also
@ -171,7 +165,6 @@ location = /status {
deny all;
}
</code></pre>
<ul>
<li>Update default virtual host config file <code>/usr/local/etc/nginx/sites-enabled/00-default.conf</code>,
include new snippet config file <code>stub_status.tmpl</code> after the
@ -184,14 +177,12 @@ location = /status {
...
}
</code></pre>
<ul>
<li>Update php-fpm pool config file <code>/usr/local/etc/php-fpm.d/www.conf</code>, enable
parameter <code>pm.status_path</code> like below:</li>
</ul>
<pre><code>pm.status_path = /status
</code></pre>
<ul>
<li>Restart both php-fpm and Nginx service.</li>
</ul>
@ -209,7 +200,6 @@ protocol imap {
...
}
</code></pre>
<ul>
<li>Append settings below in Dovecot config file:</li>
</ul>
@ -232,7 +222,6 @@ service stats {
}
}
</code></pre>
<ul>
<li>Restart Dovecot service.</li>
</ul>
@ -247,7 +236,6 @@ gather MySQL server information.</p>
sql&gt; GRANT USAGE ON *.* TO netdata@localhost IDENTIFIED BY '&lt;password&gt;';
sql&gt; FLUSH PRIVILEGES;
</code></pre>
<ul>
<li>
<p>Create file <code>/usr/local/etc/netdata/python.d/mysql.conf</code> with content below.</p>
@ -268,7 +256,6 @@ sql&gt; FLUSH PRIVILEGES;
user: 'netdata'
pass: '&lt;password&gt;'
</code></pre>
<h3 id="monitor-postgresql-server">Monitor PostgreSQL server</h3>
<p>netdata requires a SQL user (we use <code>netdata</code> here) to gather PostgreSQL server
information.</p>
@ -280,7 +267,6 @@ information.</p>
$ psql
sql&gt; CREATE USER netdata WITH ENCRYPTED PASSWORD '&lt;password&gt;' NOSUPERUSER NOCREATEDB NOCREATEROLE;
</code></pre>
<ul>
<li>
<p>Create file <code>/usr/local/etc/netdata/python.d/postgres.conf</code> with content below.</p>
@ -300,7 +286,6 @@ sql&gt; CREATE USER netdata WITH ENCRYPTED PASSWORD '&lt;password&gt;' NOSUPERUS
password : '&lt;password&gt;'
database : 'postgres'
</code></pre>
<h2 id="configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</h2>
<ul>
<li>Create Nginx config snippet <code>/usr/local/etc/nginx/templates/netdata.tmpl</code> with
@ -334,7 +319,6 @@ location ~ /netdata/(?&lt;ndpath&gt;.*) {
auth_basic_user_file /usr/local/etc/nginx/netdata.users;
}
</code></pre>
<ul>
<li>Update default virtual host (https site) config file
<code>/usr/local/etc/nginx/sites-enabled/00-default-ssl.conf</code>,
@ -348,20 +332,17 @@ location ~ /netdata/(?&lt;ndpath&gt;.*) {
...
}
</code></pre>
<ul>
<li>Create new file <code>/usr/local/etc/nginx/netdata.users</code> used for basic http auth:</li>
</ul>
<pre><code>touch /usr/local/etc/nginx/netdata.users
</code></pre>
<ul>
<li>Run command below to generate a SSHA password hash. NOTE: Please replace
<code>&lt;password&gt;</code> below by a real, strong password.</li>
</ul>
<pre><code>doveadm pw -s SSHA -p '&lt;password&gt;'
</code></pre>
<p>The password looks like this <code>{SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv</code>.</p>
<ul>
<li>Now open <code>/usr/local/etc/nginx/netdata.users</code> with your faviourite text
@ -370,7 +351,6 @@ location ~ /netdata/(?&lt;ndpath&gt;.*) {
</ul>
<pre><code>postmaster@domain.com:{SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv
</code></pre>
<ul>
<li>Restart nginx service.</li>
</ul>

28
html/integration.netdata.linux.html
View File

@ -61,13 +61,11 @@ install it first.</p>
</ul>
<pre><code>yum install curl libmnl libuuid lm_sensors nc PyYAML zlib iproute MySQL-python python-psycopg2
</code></pre>
<ul>
<li>On Debian/Ubuntu:</li>
</ul>
<pre><code>apt-get install zlib1g libuuid1 libmnl0 curl lm-sensors iproute netcat python-mysqldb python-psycopg2
</code></pre>
<h2 id="install-netdata">Install netdata</h2>
<ul>
<li>
@ -85,13 +83,11 @@ is: <a href="https://github.com/firehol/netdata/releases/download/v1.10.0/netdat
chmod +x netdata-latest.gz.run
./netdata-latest.gz.run --accept
</code></pre>
<p>netdata installs its files under <code>/opt/netdata/</code> by default, let's create
symbol link of the configuration and log directories:</p>
<pre><code>ln -s /opt/netdata/etc/netdata /etc/netdata
ln -s /opt/netdata/var/log/netdata /var/log/netdata
</code></pre>
<p>netdata will create required systemd script for service control, also logrotate
config file, so there's not much we need to do after the package installation.</p>
<h2 id="configure-netdata">Configure netdata</h2>
@ -120,7 +116,6 @@ used by iRedMail:</p>
# inbound packets dropped
/proc/net/dev = no
</code></pre>
<p>netdata ships a lot modular config files to gather information of softwares
running on the server, they have very good default settings and most config
files don't need your attention at all, including:</p>
@ -156,7 +151,6 @@ access to dn=&quot;cn=monitor&quot;
by dn.exact=&quot;cn=vmail,dc=example,dc=com&quot; read
by * none
</code></pre>
<p>It enables OpenLDAP backend <code>monitor</code>, also grant <code>read</code> access to dn
<code>cn=Manager,dc=example,dc=com</code> and <code>cn=vmail,dc=example,dc=com</code>. Again, you
must replace <code>dc=example,dc=com</code> by the real LDAP suffix that you use.</p>
@ -164,12 +158,10 @@ must replace <code>dc=example,dc=com</code> by the real LDAP suffix that you use
<pre><code>modulepath /usr/lib/ldap
moduleload back_mdb
</code></pre>
<p>Append a new <code>moduleload</code> directive right after <code>moduleload back_mdb</code> like
below:</p>
<pre><code>moduleload back_monitor
</code></pre>
<p>Now restart OpenLDAP service.</p>
<p>Create file <code>/opt/netdata/etc/netdata/python.d/openldap.conf</code> with content below:</p>
<div class="admonition attention">
@ -189,7 +181,6 @@ local:
port : 389
timeout : 1
</code></pre>
<p>Now restart netdata service.</p>
<h3 id="monitor-nginx-and-php-fpm">Monitor Nginx and php-fpm</h3>
<p>We need to enable <code>stub_status</code> in Nginx to get detailed server info, also
@ -214,7 +205,6 @@ location = /status {
deny all;
}
</code></pre>
<ul>
<li>Update default virtual host config file <code>/etc/nginx/sites-enabled/00-default.conf</code>,
include new snippet config file <code>stub_status.tmpl</code> after the
@ -227,7 +217,6 @@ location = /status {
...
}
</code></pre>
<ul>
<li>Update php-fpm pool config file <code>www.conf</code>, enable parameter <code>pm.status_path</code>
like below:<ul>
@ -239,7 +228,6 @@ location = /status {
</ul>
<pre><code>pm.status_path = /status
</code></pre>
<ul>
<li>Restart both php-fpm and Nginx service.</li>
</ul>
@ -260,7 +248,6 @@ protocol imap {
...
}
</code></pre>
<ul>
<li>Append settings below in Dovecot config file:</li>
</ul>
@ -283,7 +270,6 @@ service stats {
}
}
</code></pre>
<ul>
<li>Restart Dovecot service.</li>
</ul>
@ -298,7 +284,6 @@ gather MySQL server information.</p>
sql&gt; GRANT USAGE ON *.* TO netdata@localhost IDENTIFIED BY '&lt;password&gt;';
sql&gt; FLUSH PRIVILEGES;
</code></pre>
<ul>
<li>
<p>Create file <code>/etc/netdata/python.d/mysql.conf</code> with content below.</p>
@ -319,7 +304,6 @@ sql&gt; FLUSH PRIVILEGES;
user: 'netdata'
pass: '&lt;password&gt;'
</code></pre>
<h3 id="monitor-postgresql-server">Monitor PostgreSQL server</h3>
<p>netdata requires a SQL user (we use <code>netdata</code> here) to gather PostgreSQL server
information.</p>
@ -331,7 +315,6 @@ information.</p>
$ psql
sql&gt; CREATE USER netdata WITH ENCRYPTED PASSWORD '&lt;password&gt;' NOSUPERUSER NOCREATEDB NOCREATEROLE;
</code></pre>
<ul>
<li>
<p>Create file <code>/etc/netdata/python.d/postgres.conf</code> with content below.</p>
@ -351,7 +334,6 @@ sql&gt; CREATE USER netdata WITH ENCRYPTED PASSWORD '&lt;password&gt;' NOSUPERUS
password : '&lt;password&gt;'
database : 'postgres'
</code></pre>
<h2 id="system-tuning">System tuning</h2>
<p>To get better performance, netdata requires few sysctl settings. Please add
lines below in <code>/etc/sysctl.conf</code>:</p>
@ -359,20 +341,16 @@ lines below in <code>/etc/sysctl.conf</code>:</p>
vm.dirty_background_ratio=80
vm.dirty_ratio=90
</code></pre>
<p>Also increase max open files limit.</p>
<pre><code>mkdir -p /etc/systemd/system/netdata.service.d
</code></pre>
<p>Create file <code>/etc/systemd/system/netdata.service.d/limits.conf</code>:</p>
<pre><code>[Service]
LimitNOFILE=30000
</code></pre>
<p>Reload systemd daemon:</p>
<pre><code>systemctl daemon-reload
</code></pre>
<h2 id="configure-nginx-to-forward-requests-to-netdata">Configure Nginx to forward requests to netdata</h2>
<ul>
<li>Create Nginx config snippet <code>/etc/nginx/templates/netdata.tmpl</code> with
@ -406,7 +384,6 @@ location ~ /netdata/(?&lt;ndpath&gt;.*) {
auth_basic_user_file /etc/nginx/netdata.users;
}
</code></pre>
<ul>
<li>Update default virtual host (https site) config file
<code>/etc/nginx/sites-enabled/00-default-ssl.conf</code>,
@ -420,20 +397,17 @@ location ~ /netdata/(?&lt;ndpath&gt;.*) {
...
}
</code></pre>
<ul>
<li>Create new file <code>/etc/nginx/netdata.users</code> used for basic http auth:</li>
</ul>
<pre><code>touch /etc/nginx/netdata.users
</code></pre>
<ul>
<li>Run command below to generate a SSHA password hash. NOTE: Please replace
<code>&lt;password&gt;</code> below by a real, strong password.</li>
</ul>
<pre><code>doveadm pw -s SSHA -p '&lt;password&gt;'
</code></pre>
<p>The password looks like this <code>{SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv</code>.</p>
<ul>
<li>Now open <code>/etc/nginx/netdata.users</code> with your faviourite text
@ -442,7 +416,6 @@ location ~ /netdata/(?&lt;ndpath&gt;.*) {
</ul>
<pre><code>postmaster@domain.com:{SSHA}Tama1midwSV6XWTlonR6n6sNM8yuEPvv
</code></pre>
<ul>
<li>Restart nginx service.</li>
</ul>
@ -458,7 +431,6 @@ in file <code>/etc/nginx/netdata.users</code> to login.</p>
<pre><code>chmod +x netdata-latest.gz.run
./netdata-latest.gz.run --accept
</code></pre>
<p>That's it.</p>
<h2 id="see-also">See Also</h2>
<ul>

4
html/iredadmin-pro.custom.ban.rules.html
View File

@ -46,7 +46,6 @@
'DEFAULT' =&gt; $banned_filename_re,
);
</code></pre>
<ul>
<li><code>ALLOW_MS_OFFICE</code>: Allow all Microsoft Office documents.</li>
<li><code>ALLOW_MS_WORD</code>: Allow Microsoft Word documents (<code>.doc</code>, <code>.docx</code>).</li>
@ -64,7 +63,6 @@ formats, and <code>ALLOW_PDF</code> to allow / bypass <code>.pdf</code> files:</
'ALLOW_PDF' =&gt; new_RE([qr'.\.pdf$'i =&gt; 0]),
)
</code></pre>
<p>Restarting Amavisd service is required after updated its config file.</p>
<p>If you're running iRedAdmin-Pro, please list your custom rules in its config
file <code>/opt/www/iredadmin/settings.py</code> like below, so that you can use them
@ -80,7 +78,6 @@ AMAVISD_BAN_RULES = {
&quot;ALLOW_PDF&quot;: &quot;Allow PDF files (.pdf)
}
</code></pre>
<p>Restarting "iredadmin" service is required after updated its config file.</p>
<h2 id="how-to-use-the-ban-rules">How to use the ban rules</h2>
<h3 id="assign-ban-rules-with-iredadmin-pro">Assign ban rules with iRedAdmin-Pro</h3>
@ -103,7 +100,6 @@ commands below to achieve it (Note: we use MySQL for example):</p>
<pre><code>USE amavisd;
UPDATE policy SET banned_rulenames=&quot;ALLOW_MS_WORD,ALLOW_MS_EXCEL&quot; WHERE policy_name=&quot;user@domain.com&quot;;
</code></pre>
<p>Multiple rule names must be separated by comma.</p><div class="footer">
<p style="text-align: center; color: grey;">All documents are available in <a href="https://github.com/iredmail/docs/">GitHub repository</a>, and published under <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">Creative Commons</a> license. You can <a href="https://github.com/iredmail/docs/archive/master.zip">download the latest version</a> for offline reading. If you found something wrong, please do <a href="https://www.iredmail.org/contact.html">contact us</a> to fix it.</p>
</div></body></html>

3
html/iredadmin-pro.custom.user.services.html
View File

@ -44,7 +44,6 @@ below:</p>
</div>
<pre><code>ADDITIONAL_ENABLED_USER_SERVICES = ['gitlab', 'jabber']
</code></pre>
<p>Then restart <code>iredadmin</code> service.</p>
<p><strong>Newly</strong> created mail user will have these 2 services enabled by default, but
for existing users, you have to add them either manually or do it with some
@ -57,11 +56,9 @@ attribute/value pairs:</p>
<pre><code>enabledService=gitlab
enabledService=jabber
</code></pre>
<p>For GitLab, the LDAP filter used to query user should look like this:</p>
<pre><code>(&amp;(objectClass=mailUser)(accountStatus=active)(enabledService=gitlab))
</code></pre>
<p>For Jabber, the LDAP filter used to query user should look like this:</p>
<pre><code>(&amp;(objectClass=mailUser)(accountStatus=active)(enabledService=jabber))
</code></pre><div class="footer">

2
html/iredadmin-pro.customize.maildir.path.html
View File

@ -36,13 +36,11 @@ MAILDIR_PREPEND_DOMAIN = True
# - without timestamp: domain.ltd/username/
MAILDIR_APPEND_TIMESTAMP = True
</code></pre>
<p>Also one setting in <code>settings.py</code>:</p>
<pre><code># Directory used to store mailboxes. Defaults to /var/vmail/vmail1.
# Note: This directory must be owned by 'vmail:vmail' with permission 0700.
storage_base_directory = '/var/vmail/vmail1'
</code></pre>
<p>Note: each time you modified iRedAdmin source code (Python source file which
file name ends with <code>.py</code>), you must restart Apache or uwsgi (if you're running
Nginx) service to load modified code.</p><div class="footer">

2
html/iredadmin-pro.default.password.policy.html
View File

@ -33,7 +33,6 @@ server. Please ALWAYS ALWAYS ALWAYS force users to use strong password.</p>
min_passwd_length = 8
max_passwd_length = 0
</code></pre>
<p>It's also supported to set a per-domain password length in domain profile page.</p>
<h2 id="password-policy">Password policy</h2>
<p>iRedAdmin-Pro has some default password restrictions, you can find default
@ -52,7 +51,6 @@ PASSWORD_HAS_UPPERCASE = True
PASSWORD_HAS_NUMBER = True
PASSWORD_HAS_SPECIAL_CHAR = True
</code></pre>
<p>For example, if you don't want to enforce upper case in password, set below
parameter in iRedAdmin-Pro config file <code>settings.py</code>:</p>
<pre><code>PASSWORD_HAS_UPPERCASE = False

2
html/iredadmin-pro.domain.ownership.verification.html
View File

@ -63,7 +63,6 @@ DOMAIN_OWNERSHIP_VERIFY_CODE_PREFIX = 'iredmail-domain-verification-'
# Timeout (in seconds) while performing each verification.
DOMAIN_OWNERSHIP_VERIFY_TIMEOUT = 10
</code></pre>
<h2 id="how-to-verify-domain-ownership">How to verify domain ownership</h2>
<p>There're several ways to verify domain ownership:</p>
<ul>
@ -95,7 +94,6 @@ verify code.</p>
example.com text = &quot;iredmail-domain-verification-5tzh5gHjU688yyWK7cSV&quot;
...
</code></pre>
<p>Sample DNS query with <code>dig</code>:</p>
<pre><code>$ dig -t txt example.com
...

37
html/iredadmin-pro.restful.api-20170123.html
View File

@ -72,7 +72,6 @@
iRedAdmin-Pro config file <code>settings.py</code>:</p>
<pre><code>ENABLE_RESTFUL_API = True
</code></pre>
<p>To restrict API access to few IP addresses, please also add settings below in
iRedAdmin-Pro config file:</p>
<pre><code># Enable restriction
@ -81,7 +80,6 @@ RESTRICT_API_ACCESS = True
# List all IP addresses of allowed client for API access.
RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</code></pre>
<p>Restarting Apache or uwsgi (if you're running Nginx) is required.</p>
<h2 id="sample-code-to-interact-with-iredadmin-pro-restful-api">Sample code to interact with iRedAdmin-Pro RESTful API</h2>
<ul>
@ -102,7 +100,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/login</code> <code class="comment">Login with an admin username (full email address) and password</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -125,7 +122,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="domain">Domain</h3>
<div class="admonition api">
@ -134,7 +130,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Create a new domain</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -202,7 +197,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Delete an existing domain (all mail messages will NOT be removed)</code></p>
@ -213,7 +207,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Update profile of an existing domain</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -516,12 +509,10 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/domain/admins/&lt;domain&gt;</code> <code class="comment">Manage normal domain admins.</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain_admins">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Normal domain admin can only promote mail users under managed domains
@ -554,7 +545,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="domain-admin">Domain Admin</h3>
<div class="admonition attention">
@ -570,7 +560,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/admin/&lt;mail&gt;</code> <code class="comment">Create a new domain admin</code> <code class="has_params">Parameters</code></p>
<div class="params params_admin">
<table>
<thead>
<tr>
@ -650,7 +639,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/admin/&lt;mail&gt;</code> <code class="comment">Delete an existing domain admin</code></p>
@ -658,7 +646,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/admin/&lt;mail&gt;</code> <code class="comment">Update profile of an existing domain admin</code> <code class="has_params">Parameters</code></p>
<div class="params params_admin">
<table>
<thead>
<tr>
@ -738,12 +725,10 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/verify_password/admin/&lt;mail&gt;</code> <code class="comment">Verify given (plain) password against the one stored in SQL/LDAP</code> <code class="has_params">Parameters</code> </p>
<div class="params params_admin">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Password verification is limited to global domain admin.</p>
@ -765,7 +750,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="mail-user">Mail User</h3>
<div class="admonition api">
@ -774,7 +758,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/user/&lt;mail&gt;</code> <code class="comment">Create a new mail user</code> <code class="has_params">Parameters</code></p>
<div class="params params_user">
<table>
<thead>
<tr>
@ -807,7 +790,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/user/&lt;mail&gt;</code> <code class="comment">Delete an existing mail user</code></p>
@ -818,7 +800,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/user/&lt;mail&gt;</code> <code class="comment">Update profile of an existing mail user</code> <code class="has_params">Parameters</code> </p>
<div class="params params_user">
<table>
<thead>
<tr>
@ -886,7 +867,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="put">POST</code> <code class="url">/api/user/&lt;mail&gt;/change_email/&lt;new_mail&gt;</code> <code class="comment">Change user's email address (from '&lt;mail&gt;' to '&lt;new_mail&gt;')</code></p>
@ -894,7 +874,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/users/&lt;domain&gt;</code> <code class="comment">Update profiles of all users under domain</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -922,12 +901,10 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/verify_password/user/&lt;mail&gt;</code> <code class="comment">Verify given (plain) password against the one stored in SQL/LDAP</code> <code class="has_params">Parameters</code> </p>
<div class="params params_user">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Password verification is limited to global domain admin.</p>
@ -949,7 +926,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="mailing-list">Mailing List</h3>
<div class="admonition attention">
@ -963,7 +939,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/maillist/&lt;mail&gt;</code> <code class="comment">Create a new mailing list</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -991,7 +966,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/maillist/&lt;mail&gt;</code> <code class="comment">Delete an existing mailing list</code></p>
@ -999,7 +973,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/maillist/&lt;mail&gt;</code> <code class="comment">Update profile of an existing mailing list</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -1037,7 +1010,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="mail-alias">Mail Alias</h3>
<div class="admonition api">
@ -1046,7 +1018,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/alias/&lt;mail&gt;</code> <code class="comment">Create a new mail alias</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -1078,7 +1049,6 @@ please use mail alias account as mailing list.</p>
<p><code>accessPolicy</code> for mail alias account is only available for SQL backends.</p>
</div>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/alias/&lt;mail&gt;</code> <code class="comment">Delete an existing mail alias</code></p>
@ -1086,7 +1056,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/alias/&lt;mail&gt;</code> <code class="comment">Update profile of an existing mail alias</code> <code class="has_params">Parameters</code></p>
<div class="params">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p><code>accessPolicy</code> for mail alias account is only available for SQL backends.</p>
@ -1128,7 +1097,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="put">POST</code> <code class="url">/api/alias/&lt;mail&gt;/change_email/&lt;new_mail&gt;</code> <code class="comment">Change email address of alias account (from '&lt;mail&gt;' to '&lt;new_mail&gt;')</code></p>
@ -1161,7 +1129,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/spampolicy/user/&lt;mail&gt;</code> <code class="comment">Delete per-user spam policy</code></p>
<div class="params params_spampolicy">
<p>Parameters available for global, per-domain, per-user spam policies.</p>
<blockquote>
<p>Per-user policy has the highest priority, then per-domain policy, then global policy.</p>
@ -1233,7 +1200,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="throttling">Throttling</h3>
<div class="admonition api">
@ -1272,7 +1238,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/throttle/&lt;mail&gt;/outbound</code> <code class="comment">Set user outbound throttle settings</code> <code class="has_params_throttle">Parameters</code></p>
<div class="params params_throttle">
<p>Parameters available for global, per-domain, per-user throttle settings.</p>
<table>
<thead>
@ -1306,7 +1271,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="export-accounts">Export Accounts</h3>
<h4 class="toggle" id="ldif-ldap-backend-only">LDIF (LDAP backend only)</h4>
@ -1329,7 +1293,6 @@ please use mail alias account as mailing list.</p>
<p class="admonition-title"><code class="get">GET</code> <code class="url">/api/ldif/alias/&lt;mail&gt;</code> <code class="comment">Export mail alias account to LDIF</code></p>
</div>
<script src="./js/jquery-1.12.4.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
/* Collapse all parameters by default */

46
html/iredadmin-pro.restful.api-20170824.html
View File

@ -69,7 +69,6 @@
iRedAdmin-Pro config file <code>settings.py</code>:</p>
<pre><code>ENABLE_RESTFUL_API = True
</code></pre>
<p>Restarting Apache or uwsgi (if you're running Nginx) is required after changed
iRedAdmin config file.</p>
<div class="admonition note">
@ -89,7 +88,6 @@ RESTRICT_API_ACCESS = True
# List all IP addresses of allowed client for API access.
RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</code></pre>
<h2 id="sample-code-to-interact-with-iredadmin-pro-restful-api">Sample code to interact with iRedAdmin-Pro RESTful API</h2>
<ul>
<li><a href="./iredadmin-pro.restful.api.curl.html">iRedAdmin-Pro RESTful API (interact with <code>curl</code>)</a></li>
@ -108,7 +106,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/login</code> <code class="comment">Login with an admin username (full email address) and password</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -131,13 +128,11 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="domain">Domain</h3>
<div class="admonition api">
<p class="admonition-title"><code class="get">GET</code> <code class="url">/api/domains</code> <code class="comment">Get profiles of all managed mail domains</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -160,7 +155,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="get">GET</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Get profile of an existing domain</code></p>
@ -168,7 +162,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Create a new domain</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -236,7 +229,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Delete an existing domain (all mail messages will NOT be removed)</code></p>
@ -247,7 +239,6 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/domain/&lt;domain&gt;</code> <code class="comment">Update profile of an existing domain</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain">
<table>
<thead>
<tr>
@ -550,12 +541,10 @@ RESTFUL_API_CLIENTS = ['172.16.244.1', ...]
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/domain/admins/&lt;domain&gt;</code> <code class="comment">Manage normal domain admins.</code> <code class="has_params">Parameters</code></p>
<div class="params params_domain_admins">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Normal domain admin can only promote mail users under managed domains
@ -588,7 +577,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="domain-admin">Domain Admin</h3>
<div class="admonition attention">
@ -604,7 +592,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/admin/&lt;mail&gt;</code> <code class="comment">Create a new domain admin</code> <code class="has_params">Parameters</code></p>
<div class="params params_admin">
<table>
<thead>
<tr>
@ -684,7 +671,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/admin/&lt;mail&gt;</code> <code class="comment">Delete an existing domain admin</code></p>
@ -692,7 +678,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/admin/&lt;mail&gt;</code> <code class="comment">Update profile of an existing domain admin</code> <code class="has_params">Parameters</code></p>
<div class="params params_admin">
<table>
<thead>
<tr>
@ -772,12 +757,10 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/verify_password/admin/&lt;mail&gt;</code> <code class="comment">Verify given (plain) password against the one stored in SQL/LDAP</code> <code class="has_params">Parameters</code> </p>
<div class="params params_admin">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Password verification is limited to global domain admin.</p>
@ -799,7 +782,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="mail-user">Mail User</h3>
<div class="admonition api">
@ -808,7 +790,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/user/&lt;mail&gt;</code> <code class="comment">Create a new mail user</code> <code class="has_params">Parameters</code></p>
<div class="params params_user">
<table>
<thead>
<tr>
@ -841,7 +822,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/user/&lt;mail&gt;</code> <code class="comment">Delete an existing mail user</code></p>
@ -852,7 +832,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/user/&lt;mail&gt;</code> <code class="comment">Update profile of an existing mail user</code> <code class="has_params">Parameters</code> </p>
<div class="params params_user">
<table>
<thead>
<tr>
@ -971,7 +950,6 @@ to be a domain admin.</p>
</ul>
</div>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="put">POST</code> <code class="url">/api/user/&lt;mail&gt;/change_email/&lt;new_mail&gt;</code> <code class="comment">Change user's email address (from '&lt;mail&gt;' to '&lt;new_mail&gt;')</code></p>
@ -979,7 +957,6 @@ to be a domain admin.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/users/&lt;domain&gt;</code> <code class="comment">Update profiles of all users under domain</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -1007,12 +984,10 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/verify_password/user/&lt;mail&gt;</code> <code class="comment">Verify given (plain) password against the one stored in SQL/LDAP</code> <code class="has_params">Parameters</code> </p>
<div class="params params_user">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p>Password verification is limited to global domain admin.</p>
@ -1034,7 +1009,6 @@ to be a domain admin.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="mailing-list">Mailing List</h3>
<div class="admonition attention">
@ -1048,7 +1022,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/maillist/&lt;mail&gt;</code> <code class="comment">Create a new mailing list</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -1076,7 +1049,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/maillist/&lt;mail&gt;</code> <code class="comment">Delete an existing mailing list</code></p>
@ -1084,7 +1056,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/maillist/&lt;mail&gt;</code> <code class="comment">Update profile of an existing mailing list</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -1122,7 +1093,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="mail-alias">Mail Alias</h3>
<div class="admonition api">
@ -1131,7 +1101,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/alias/&lt;mail&gt;</code> <code class="comment">Create a new mail alias</code> <code class="has_params">Parameters</code></p>
<div class="params">
<table>
<thead>
<tr>
@ -1163,7 +1132,6 @@ please use mail alias account as mailing list.</p>
<p><code>accessPolicy</code> for mail alias account is only available for SQL backends.</p>
</div>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/alias/&lt;mail&gt;</code> <code class="comment">Delete an existing mail alias</code></p>
@ -1171,7 +1139,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/alias/&lt;mail&gt;</code> <code class="comment">Update profile of an existing mail alias</code> <code class="has_params">Parameters</code></p>
<div class="params">
<div class="admonition attention">
<p class="admonition-title">Attention</p>
<p><code>accessPolicy</code> for mail alias account is only available for SQL backends.</p>
@ -1213,7 +1180,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="put">POST</code> <code class="url">/api/alias/&lt;mail&gt;/change_email/&lt;new_mail&gt;</code> <code class="comment">Change email address of alias account (from '&lt;mail&gt;' to '&lt;new_mail&gt;')</code></p>
@ -1246,7 +1212,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="put">PUT</code> <code class="url">/api/spampolicy/user/&lt;mail&gt;</code> <code class="comment">Set per-user spam policy</code> <code class="has_params_spampolicy">Parameters</code></p>
<div class="params params_spampolicy">
<p>Parameters available for global, per-domain, per-user spam policies.</p>
<blockquote>
<p>Per-user policy has the highest priority, then per-domain policy, then global policy.</p>
@ -1318,7 +1283,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="throttling">Throttling</h3>
<div class="admonition api">
@ -1357,7 +1321,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/throttle/&lt;mail&gt;/outbound</code> <code class="comment">Set user outbound throttle settings</code> <code class="has_params_throttle">Parameters</code></p>
<div class="params params_throttle">
<p>Parameters available for global, per-domain, per-user throttle settings.</p>
<table>
<thead>
@ -1391,7 +1354,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<h3 class="toggle" id="greylisting">Greylisting</h3>
<div class="admonition api">
@ -1415,7 +1377,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/greylisting/&lt;mail&gt;</code> <code class="comment">Set per-user greylisting setting</code> <code class="has_params_greylisting">Parameters</code></p>
<div class="params params_greylisting">
<p>Parameters available for global, per-domain and per-user greylisting settings.</p>
<table>
<thead>
@ -1434,7 +1395,6 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="delete">DELETE</code> <code class="url">/api/greylisting/global</code> <code class="comment">Delete global greylisting setting</code></p>
@ -1463,7 +1423,6 @@ please use mail alias account as mailing list.</p>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/greylisting/&lt;mail&gt;/whitelists</code> <code class="comment">Whitelist senders for greylisting services for specified user</code> <code class="has_params_greylisting_whitelists">Parameters</code></p>
<div class="params params_greylisting_whitelists">
<table>
<thead>
<tr>
@ -1522,12 +1481,10 @@ please use mail alias account as mailing list.</p>
</tbody>
</table>
</div>
</div>
<div class="admonition api">
<p class="admonition-title"><code class="post">POST</code> <code class="url">/api/greylisting/whitelist_spf_domains</code> <code class="comment">Whitelist IP addresses and networks listed in SPF/MX DNS record of given sender domains for greylisting service globally</code> <code class="has_params">Parameters</code></p>
<div class="params">
<p>Given sender domain names are not used directly while checking whitelisting, instead, there's a cron job to query SPF and MX DNS records of given sender domains, then whitelist the IP addresses/networks listed in DNS records.</p>
<p>Multiple domains must be separated by comma.</p>
<table>
@ -1559,9 +1516,7 @@ please use mail alias account as mailing list.</p>
<!--
<code>query_dns_immediately</code> | Query SPF/MX/A DNS records of given sender domains immediately, and whitelist returned IP/networks | <code>query_dns_immediately=yes</code>
-->
</div>
</div>
<h3 class="toggle" id="export-accounts">Export Accounts</h3>
<h4 class="toggle" id="ldif-ldap-backend-only">LDIF (LDAP backend only)</h4>
@ -1584,7 +1539,6 @@ please use mail alias account as mailing list.</p>
<p class="admonition-title"><code class="get">GET</code> <code class="url">/api/ldif/alias/&lt;mail&gt;</code> <code class="comment">Export mail alias account to LDIF</code></p>
</div>
<script src="./js/jquery-1.12.4.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
/* Collapse all parameters by default */

Some files were not shown because too many files have changed in this diff Show More