diff --git a/convert.py b/convert.py
new file mode 100644
index 00000000..2034fa2c
--- /dev/null
+++ b/convert.py
@@ -0,0 +1,49 @@
+#!/usr/bin/env python3
+
+from pathlib import Path
+
+
+OUTPUT_DIR = 'html'
+CHAPTERS = (
+ 'overview',
+ 'installation',
+ 'mua',
+ 'upgrade',
+ 'iredmail-easy',
+ 'migrations',
+ 'howto',
+ 'integrations',
+ 'cluster',
+ 'iredadmin',
+ 'troubleshooting',
+ 'faq')
+
+
+def _get_dir_languages(path):
+ FILE_NAME = '_lang.md'
+
+ languages = {}
+ directories = [p for p in Path(path).iterdir() if p.is_dir()]
+ for d in directories:
+ path_name = d / FILE_NAME
+ if path_name.exists():
+ languages[d.name.lower()] = {
+ 'path': d,
+ 'name': path_name.read_text(encoding='utf-8').strip()
+ }
+
+ return languages
+
+
+def main():
+ current_dir = Path(__file__).parent
+ output_dir = current_dir / OUTPUT_DIR
+
+ languages = _get_dir_languages(current_dir)
+ en = languages.pop('en_us')
+
+ return
+
+
+if __name__ == '__main__':
+ main()
diff --git a/convert.sh b/convert.sh
index e7b2a747..25957056 100755
--- a/convert.sh
+++ b/convert.sh
@@ -30,7 +30,7 @@ strip_name_prefix()
}
# Available translations
-export all_languages='en_US it_IT lv_LV zh_CN'
+export all_languages='en_US it_IT zh_CN es_MX'
# Chapter directories in specified order
export all_chapter_dirs="overview \
diff --git a/es_MX/overview/0-network.ports.md b/es_MX/overview/0-network.ports.md
new file mode 100644
index 00000000..f6f032db
--- /dev/null
+++ b/es_MX/overview/0-network.ports.md
@@ -0,0 +1,42 @@
+# Qué puertos de red deben estar abiertos para iRedMail
+
+Puerto | Servicio | Software | Comentario | ¿Permitir el acceso público?
+--- |--- |--- |--- |---
+25 | smtp | Postfix | Used for communication betweem mail servers. __WARNING__: This port __MUST__ be open, otherwise you cannot receive email sent by other mail servers. | __YES (REQUIRED)__{: .red }
+587 | submission | Postfix | SMTP over TLS. Used by end users to send/submit email. | YES (open to your end users)
+110 | pop3 | Dovecot | Used by end users to retrieve emails via POP3 protocol, secure connection over STARTTLS is enforced by default. | YES (open to your end users)
+995 | pop3s | Dovecot | Used by end users to retrieve emails via POP3 protocol over SSL. | YES (open to your end users)
+143 | imap |Dovecot | Used by end users to retrieve emails via IMAP protocol, secure connection over STARTTLS is enforced by default. | YES (open to your end users)
+993 | imaps | Dovecot | Used by end users to retrieve emails via IMAP protocol over SSL. | YES (open to your end users)
+24 | lmtp | Dovecot | Used to deliver email to local mailboxes via LMTP protocol. | NO (listen on `127.0.0.1` by default)
+4190 | managesieve | Dovecot | Sieve service used by end users to manage mail filters. Note: in old iRedMail releases, it's port 2000 (deprecated and not even listed in `/etc/services` file). | NO (disabled by default and users are forced to manage mail filters with webmail)
+80 | http | Apache/Nginx | Web service. Redirect to https by default. | YES (open to your webmail users)
+443 | https | Apache/Nginx | Web service over over SSL, secure connection. | YES (open to your webmail and ActiveSync users)
+3306 | mysql | MySQL/MariaDB | MySQL/MariaDB database service | NO (listen on `127.0.0.1` by default)
+5432 | postgresql | PostgreSQL | PostgreSQL database service | NO (listen on `127.0.0.1` by default)
+389 | ldap | OpenLDAP (or OpenBSD ldapd) | LDAP service, STARTTLS is available for secure connection. | NO (listen on `127.0.0.1` by default)
+636 |ldaps | OpenLDAP (or OpenBSD ldapd) | LDAP service over SSL. Deprecated, port 389 with STARTTLS is recommended. | NO (Not enabled by default)
+10024 | | Amavisd-new | Used to scan inbound messages, includes spam/virus scanning, DKIM verification, applying spam policy. | NO (listen on `127.0.0.1` by default)
+10025 | smtp | Postfix | Used by Amavisd to inject scanned emails back to Postfix queue. | NO (listen on `127.0.0.1` by default)
+10026 | | Amavisd-new | Used to scan outbound messages, includes spam/virus scanning, DKIM signing, applying spam policy. | NO (listen on `127.0.0.1` by default)
+10027 | | Amavisd-new | Used by mlmmj mailing list manager, it bypasses spam/virus/header/banned checks by default, but have DKIM signing enabled. | NO (listen on `127.0.0.1` by default)
+10028 | | Postfix | Used by Amavisd-new to handle email message sent by mlmmj mailing list manager. Introduced in iRedMail-0.9.9. | NO (listen on `127.0.0.1` by default)
+9998 | | Amavisd-new | Used to manage quarantined emails. | NO (listen on `127.0.0.1` by default)
+7777 | | iRedAPD | Postfix policy service for greylisting, whitelisting, blacklists, throttling, etc | NO (listen on `127.0.0.1` by default)
+7778 | | iRedAPD | [SRS](https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme) sender address rewritting. | NO (listen on `127.0.0.1` by default)
+7779 | | iRedAPD | [SRS](https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme) recipient address rewritting. | NO (listen on `127.0.0.1` by default)
+7790 | http | mlmmjadmin | RESTful API server used to manage mlmmj mailing lists. Introduced in iRedMail-0.9.8. | NO (listen on `127.0.0.1` by default)
+7791 | http | iredadmin | iRedAdmin (standalone uwsgi instance). Introduced in iRedMail-0.9.9. | NO (listen on `127.0.0.1` by default)
+20000 | | SOGo | SOGo groupware | NO (listen on `127.0.0.1` by default)
+11211 | | Memcached | A distributed, high performance memory object caching system. Currently used by only SOGo Groupware. | NO (listen on `127.0.0.1` by default)
+12340 | | Dovecot | Dovecot quota status. Introduced in iRedMail-1.0. | NO (listen on `127.0.0.1` by default)
+24242 | | Dovecot | Dovecot service status. Introduced in iRedMail-0.9.8. | NO (listen on `127.0.0.1` by default)
+19999 | | Netdata | Netdata monitor. Introduced in iRedMail-0.9.8. | NO (listen on `127.0.0.1` by default)
+
+!!! Nota:
+
+ * En iRedMail-0.9.2 y versiones anteriores, Policyd o Cluebringer escuchan el
+ puerto 10031. Han sido eliminados en iRedMail-0.9.3, y reemplazados por
+ iRedAPD.
+ * El puerto 465, para por ejemplo SMTP sobre SSL, ha sido depreciado por años.
+ Por favor, use el puerto 587.
diff --git a/es_MX/overview/0-used.components.md b/es_MX/overview/0-used.components.md
new file mode 100644
index 00000000..e3f0d201
--- /dev/null
+++ b/es_MX/overview/0-used.components.md
@@ -0,0 +1,38 @@
+# Major open source softwares used in iRedMail
+
+[TOC]
+
+## Used Components
+
+Name | Comment
+--- |---
+[Postfix](http://www.postfix.org) | Mail Transfer Agent (MTA)
+[Dovecot](http://www.dovecot.org) | POP3, IMAP and Managesieve server
+[Nginx](http://www.nginx.org), [Nginx](http://nginx.org) | Web server
+[OpenLDAP](http://www.openldap.org), [ldapd(8)](http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man8/ldapd.8?query=ldapd&arch=i386) | LDAP server, used for storing mail accounts (optional)
+[MySQL](http://www.mysql.com), [MariaDB](https://mariadb.org), [PostgreSQL](http://www.postgresql.org) | SQL server used to store application data. Could be used to store mail accounts too.
+[mlmmj](http://mlmmj.org) | Mailing list manager. Shipped in iRedMail-0.9.8 and later releases.
+[Amavisd-new](http://www.amavis.org) | Interface between Postfix and SpamAssassin, ClamAV.
+[SpamAssassin](http://spamassassin.apache.org) | Content-based spam scanner
+[ClamAV](http://www.clamav.net/) | Virus scanner
+[Roundcube webmail](http://roundcube.net) | Webmail (PHP)
+[SOGo Groupware](http://sogo.nu) | A groupware which provides calendar (CalDAV), contact (CardDAV), tasks and ActiveSync services
+[Fail2ban](http://www.fail2ban.org) | Scans log files and bans IPs that show the malicious signs
+[iRedAPD](https://github.com/iredmail/iRedAPD/) | A simple postfix policy server developed by iRedMail team, with SRS (Sender Rewrite Scheme) support.
+
+## The Big Picture
+
+![](./images/big.picture.png)
+
+## Mail Flow of Inbound Emails
+
+![](./images/flow.inbound.png)
+
+## Mail Flow of Outbound Emails
+
+![](./images/flow.outbound.png)
+
+## See also
+
+* [Locations of configuration and log files of major components](./file.locations.html)
+* [Which network ports are open by iRedMail](./network.ports.html)
diff --git a/es_MX/overview/0-why.build.your.own.mail.server.md b/es_MX/overview/0-why.build.your.own.mail.server.md
new file mode 100644
index 00000000..5b940805
--- /dev/null
+++ b/es_MX/overview/0-why.build.your.own.mail.server.md
@@ -0,0 +1,37 @@
+# Why build your own mail server instead of outsourcing to external entities
+
+Quote from [Spamhaus news article](http://www.spamhaus.org/news/article/719/a-survival-guide-for-the-small-mail-server):
+
+> outsourcing (the mail service) does not come without costs, even when the
+> outsourced service appears to be "free". Hidden costs include:
+>
+> * Another organization can see the content of all messages. In some cases,
+> the contents of messages are stored on the outsourcing company's servers
+> indefinitely. External access to unencrypted emails poses privacy and
+> confidentiality issues. Furthermore, the outsourcing company may be located
+> in another country and be subjected to different regulations and obligations.
+>
+> * In some cases, the outsourcing company's terms and conditions allow it to
+> search the content of emails to aid in targeting advertising, which poses
+> even greater privacy and confidentiality problems.
+>
+> * The organization no longer has control of its own email security.
+> Server-based encryption and authentication is managed by the outsourcing
+> company, requiring end-to-end encryption for sensitive communications.
+>
+> * Large companies with many customers are often a target of cybercrime
+> attacks aimed at stealing customer data, and some of these attacks have
+> succeeded.
+>
+> * Inspection of SMTP transaction logs may be impossible for the end user.
+> Troubleshooting failed deliveries and other email problems requires
+> interacting with an external support desk. Support desks are sometimes
+> slow to respond. First-line support, in particular, might lack the
+> training and access to fix any but simple problems, requiring escalation
+> and further delays.
+>
+> * Sharing a mail server with other organizations can cause delivery issues
+> when a user at another organization sends spam through that mail server.
+> When the outsourcing company fails to detect and block spam, or is slow to
+> terminate service to spammers, the likelihood of problems increases
+> substantially.
diff --git a/es_MX/overview/_summary.md b/es_MX/overview/_summary.md
new file mode 100644
index 00000000..d62fd232
--- /dev/null
+++ b/es_MX/overview/_summary.md
@@ -0,0 +1,3 @@
+* [Por qué construir su propio servidor de correo en lugar de subcontratar un servicio](./why.build.your.own.mail.server.html)
+* [Principal softwar libre utilizado en iRedMail, y el flujo general del correo](./used.components.html)
+* [Qué puertos de red abre iRedMail](./network.ports.html)
diff --git a/es_MX/overview/_title.md b/es_MX/overview/_title.md
new file mode 100644
index 00000000..ef7c4ec5
--- /dev/null
+++ b/es_MX/overview/_title.md
@@ -0,0 +1 @@
+Visión General {: #overview }
diff --git a/html/active.directory.html b/html/active.directory.html
index 18725927..31479eba 100644
--- a/html/active.directory.html
+++ b/html/active.directory.html
@@ -132,17 +132,15 @@ same account vmail
in AD, with strong and complex password.
Make sure this newly created user is able to connect to AD server with below command on iRedMail server:
-# ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
+# ldapsearch -x -h ad.example.com -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
-
If it prints all users stored in AD server, then it's working as expected.
If you're using LDAPS, replace -h ad.example.com
by
-H ldaps://ad.example.com:636
instead:
-# ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
+# ldapsearch -x -H ldaps://ad.example.com:636 -D 'vmail' -W -b 'cn=users,dc=example,dc=com'
Enter password: password_of_vmail
-
If LDAPS doesn't work, you may need to update parameter TLS_CACERT
in
/etc/openldap/ldap.conf
(RHEL/CentOS) or /etc/ldap/ldap.conf
to use correct CA
certificate. For example:
@@ -151,63 +149,53 @@ certificate. For example:
TLS_CACERT /etc/pki/tls/certs/ca-bundle.trust.crt
-
- on Debian/Ubuntu, use
/etc/ssl/certs/ca-certificates.crt
:
TLS_CACERT /etc/ssl/certs/ca-certificates.crt
-
Enable LDAP query with AD in Postfix
Disable unused iRedMail special settings:
-postconf -e virtual_alias_maps=''
+postconf -e virtual_alias_maps=''
postconf -e sender_bcc_maps=''
postconf -e recipient_bcc_maps=''
postconf -e relay_domains=''
postconf -e relay_recipient_maps=''
postconf -e sender_dependent_relayhost_maps=''
-
Add your mail domain name in smtpd_sasl_local_domain
and virtual_mailbox_domains
:
-postconf -e smtpd_sasl_local_domain='example.com'
+postconf -e smtpd_sasl_local_domain='example.com'
postconf -e virtual_mailbox_domains='example.com'
-
Change transport maps setting:
postconf -e transport_maps='hash:/etc/postfix/transport'
-
Enable AD query. Note: We will create these 3 files later.
- Verify SMTP senders
-postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
+postconf -e smtpd_sender_login_maps='proxy:ldap:/etc/postfix/ad_sender_login_maps.cf'
-
- Verify local mail users
-postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
+postconf -e virtual_mailbox_maps='proxy:ldap:/etc/postfix/ad_virtual_mailbox_maps.cf'
-
- Verify local mail lists/groups.
postconf -e virtual_alias_maps='proxy:ldap:/etc/postfix/ad_virtual_group_maps.cf'
-
- Create/edit file:
/etc/postfix/transport
.
example.com dovecot
-
Note: the name dovecot
used here is a Postfix transport defined in
/etc/postfix/master.cf
, used to deliver received emails to local user mailboxes.
Run postmap
so that postfix can read it:
# postmap hash:/etc/postfix/transport
-
- Create file:
/etc/postfix/ad_sender_login_maps.cf
:
@@ -224,7 +212,6 @@ query_filter = (&(userPrincipalName=%s)(objectClass=person)(!(userAccount
result_attribute= userPrincipalName
debuglevel = 0
-
- Create file:
/etc/postfix/ad_virtual_mailbox_maps.cf
:
@@ -242,7 +229,6 @@ result_attribute= userPrincipalName
result_format = %d/%u/Maildir/
debuglevel = 0
-
Note: We hard-code user's mailbox path in result_format =
parameter, it
will be something like example.com/username/Maildir/
.
@@ -263,7 +249,6 @@ leaf_result_attribute = mail
result_attribute= userPrincipalName
debuglevel = 0
-
Notes:
- If your user have email address in both
mail
and userPrincipalName
, you
@@ -285,10 +270,9 @@ Before testing, we have to create two testing mail accounts first:
user user@example.com
as group member.
- Query mail user account with below command:
-
# postmap -q user@example.com ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
+# postmap -q user@example.com ldap:/etc/postfix/ad_virtual_mailbox_maps.cf
example.com/user/Maildir/
-
If nothing returned by the command, it means LDAP query doesn't get expected
result. Please set debuglevel = 1
file /etc/postfix/ad_virtual_mailbox_maps.cf
,
then query again, it now will print detailed debug message. If you're not
@@ -298,12 +282,10 @@ familiar with LDAP related info, please post the debug message in our
# postmap -q user@example.com ldap:/etc/postfix/ad_sender_login_maps.cf
user@example.com
-
Verify mail group
# postmap -q testgroup@example.com ldap:/etc/postfix/ad_virtual_group_maps.cf
user@example.com
-
NOTE: postmap
return nothing if:
- mail group doesn't exist
@@ -343,7 +325,6 @@ pass_attrs = userPassword=password
default_pass_scheme = CRYPT
user_attrs = =home=/var/vmail/vmail1/%Ld/%Ln/,=mail=maildir:~/Maildir/
-
Restart dovecot service to make it work.
Attention
@@ -373,7 +354,6 @@ number of gigabytes:
^] # <- Quit telnet with "Ctrl+]", then type 'quit'.
-
Note: Do NOT miss the dot character before login
command. if it returns
Logged in
, then dovecot + AD works.
Enable Active Directory integration in Roundcube webmail for Global LDAP Address Book
@@ -383,7 +363,7 @@ address book setting added by iRedMail, and add new setting for AD like below:
on RHEL/CentOS/Debian/Ubuntu and OpenBSD: it's /opt/www/roundcubemail/config/config.inc.php
on FreeBSD: it's /usr/local/www/roundcubemail/config/config.inc.php
-#
+#
# "sql" is personal address book stored in roundcube database.
# "global_ldap_abook" is the new LDAP address book for AD, we will create it below.
#
@@ -456,7 +436,6 @@ $config['ldap_public']["global_ldap_abook"] = array(
// Directory setups
);
-
Enable Active Directory integration in SOGo Groupware
Edit SOGo config file /etc/sogo/sogo.conf
, comment out the LDAP address book
setting added by iRedMail, and add new setting for AD like below:
@@ -542,7 +521,6 @@ setting added by iRedMail, and add new setting for AD like below:
}
);
-
Additions documents
- If your mail domain name is different than Windows Active Directory domain: https://forum.iredmail.org/topic3165-integration-with-windows-domain.html
diff --git a/html/additional.smtp.port-it_IT.html b/html/additional.smtp.port-it_IT.html
index 1be8e022..f943fa84 100644
--- a/html/additional.smtp.port-it_IT.html
+++ b/html/additional.smtp.port-it_IT.html
@@ -39,12 +39,10 @@
-o smtpd_sasl_auth_enable=yes
-o smtpd_sasl_security_options=noanonymous
-
2525
è il nuovo numero di porta per il servizio smtp. potete cambiarlo nel valore che preferite.
Il riavvio del servizio Posfitx è necessario. Dopo il riavvio potete verificare se si sta ascoltando su questa nuova porta:
netstat -ntlp | grep 2525
-
Ora è il momento di aggiornare i vostri apparati di rete, affinché inviino la posta attraverso questo numero di porta, senza usare STARTTLS o SSL.
Note
diff --git a/html/additional.smtp.port.html b/html/additional.smtp.port.html
index 7c9363c9..c9878f5e 100644
--- a/html/additional.smtp.port.html
+++ b/html/additional.smtp.port.html
@@ -48,7 +48,6 @@ in /etc/postfix/master.cf
(on Linux/OpenBSD) or
-o smtpd_tls_security_level=may
-o smtpd_sender_restrictions=permit_sasl_authenticated,reject
-
2525
is the new port number for smtp service, you're free to change it to
your favourite port number.
@@ -58,7 +57,6 @@ in /etc/postfix/master.cf
(on Linux/OpenBSD) or
it's listening on this new port:
netstat -ntlp | grep 2525
-
Now update your network devices to send email through this port number,
without STARTTLS and SSL.
diff --git a/html/allow.certain.users.to.send.email.as.different.user-it_IT.html b/html/allow.certain.users.to.send.email.as.different.user-it_IT.html
index 90b8c377..e179542a 100644
--- a/html/allow.certain.users.to.send.email.as.different.user-it_IT.html
+++ b/html/allow.certain.users.to.send.email.as.different.user-it_IT.html
@@ -40,22 +40,19 @@ con il plugin iRedAPD reject_sender_login_mismatch
.
smtpd_sender_restrictions = permit_mynetworks, permit_sasl_authenticated
-
- Nel file di configurazione iRedADP
/opt/iredapd/settings.py
abilita il
plugin:
-plugins = ['reject_sender_login_mismatch', ...]
+plugins = ['reject_sender_login_mismatch', ...]
-
- Elenca i mittenti che sono autorizzati ad inviare email con indirizzi
diversi dai propri, nel file di configurazione iRedAPD
ALLOWED_LOGIN_MISMATCH_SENDERS
. Per esempio:
-ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
+ALLOWED_LOGIN_MISMATCH_SENDERS = ['user1@here.com', 'user2@here.com']
-
NOTA: Questo parametro non è presnete di default, aggiungilo manualmente.
Riavvia il servizio iRedAPD. Questo è tutto.