elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

???????

This commit is contained in:
Zhang Huangbin 2015-08-19 21:11:02 +08:00
parent 77b5a53fd1
commit abfd7605d5
27 changed files with 669 additions and 182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
en_US/howto/2-no.x-spam.headers.md
View File

@ -1,12 +1,20 @@
# Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.
# Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted
Amavisd has below setting in its config file `/etc/amavisd/amavisd.conf` by default:
$sa_tag_level_deflt = 2.0;
```
$sa_tag_level_deflt = 2.0;
```
That means Amavisd will insert `X-Spam-Flag` and other `X-Spam-*` headers when email score >= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:
That means Amavisd will insert `X-Spam-Flag` and other `X-Spam-*` headers when
email score >= 2.0. If you want Amavisd always insert these headers, please
set it to a low score, for example:
$sa_tag_level_deflt = -999;
```
$sa_tag_level_deflt = -999;
```
Restarting Amavisd service is required after changed setting.
Amavisd's main config file is different on different Linux/BSD distributions:

12
en_US/howto/allow.user.to.send.email.without.authentication.md
View File

@ -1,18 +1,20 @@
# Allow user to send email without authentication
# Allow user to send email without smtp authentication
Create a plain text file: `/etc/postfix/accepted_unauth_senders`:
Create a plain text file: `/etc/postfix/accepted_unauth_senders`, list all
users' email addresses which are allowed to send email without smtp
authentication. We use user email address `user@example.com` for example:
```
fax-machine-12@mydomain.tld OK
user@example.com OK
```
Use postmap to create hash db file:
Create hash db file with `postmap` command:
```
# postmap hash:/etc/postfix/accepted_unauth_senders
```
Modify Postfix to use this text file: `/etc/postfix/main.cf`
Modify Postfix config file `/etc/postfix/main.cf` to use this text file:
```
smtpd_sender_restrictions =

1
en_US/howto/change.server.hostname.md
View File

@ -36,4 +36,3 @@ files to replace old hostname by the new one:
* `/etc/httpd/conf.d/SOGo.conf`
* `/etc/apache2/conf.d/SOGo.conf`
* `/etc/apache2/conf-available/SOGo.conf`

12
en_US/howto/mailbox.sharing.md
View File

@ -1,12 +1,12 @@
# Mailbox sharing (Sharing IMAP folder with other users)
> Since iRedMail-`0.7.0`, mailbox sharing related settings are configured in
> Dovecot but not enabled, what you need to do is enabling "acl" plugin as
> mentioned below.
> Since iRedMail-`0.9.0`, mailbox sharing are enabled by default, you don't need
> to modify any config file.
> Since iRedMail-`0.7.0`, mailbox sharing related settings are configured in
> Dovecot but not enabled, what you need to do is enabling `acl` plugin as
> mentioned below.
> Do not mistake "shared folders" for "public folders". For shared folders,
> users must select which folder they want to share and with who, using an
> interface, like IMAP command line or the ones available with Roundcube
@ -45,9 +45,9 @@ Restarting Dovecot service is required.
## Test shared folder
Example: share from@domain.ltd's `Sent` folder to user `testing@domain.ltd`.
Example: share `from@domain.ltd`'s `Sent` folder to user `testing@domain.ltd`.
> WARNING: Do not forget the dot before IMAP command.
> Attention: Do not forget the dot before IMAP command.
```
# telnet localhost 143 # <- Type this.

17
en_US/howto/reset.user.password.md
View File

@ -7,29 +7,18 @@ With MySQL or PostgreSQL backends, you can generate a password hash with
`openssl` or `doveadm` command first, then replace old one with this newly
generated one.
For example:
* Generate a salted MD5 password hash with `openssl` (plain password is `123456`
in this case):
```
$ openssl passwd -1 123456
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0
```
Or, generate password hash with `doveadm`:
For example: generate a SSHA512 password hash with `doveadm`:
```
$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
```
* Reset password for user `user@domain.ltd` and `another-user@domain.ltd`:
* Reset password for user `user@domain.ltd`:
```
sql> USE vmail;
sql> UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
```
With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client

28
en_US/migrations/password.hashes.md
View File

@ -3,38 +3,41 @@
## Password hashes supported by iRedMail
iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
password schemes supported by Dovecot can be used in Postfix. Please refer to
Dovecot wiki page
[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes) for more details.
[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes)
for more details.
Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):
* Plain text. e.g. `123456`
* MD5 (salted). For example:
1. SSHA512. e.g. `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
1. BCRYPT. e.g. `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
1. SSHA. e.g. `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
1. MD5 (salted). For example:
* (RECOMMENDED) with a prefix: `{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
* with a prefix: `{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
* without a prefix: `$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
__Important note__: SOGo groupware doesn't support MD5 without a prefix, so
if you're going to migrate MD5 password hash from old mail server, please
prepend `{CRYPT}` prefix in password hash.
* PLAIN-MD5 (unsalted MD5). e.g. `0d2bf3c712402f428d48fed691850bfc`
* SSHA. e.g. `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
* SSHA512. e.g. `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
* BCRYPT. e.g. `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
1. PLAIN-MD5 (without a salt). e.g. `0d2bf3c712402f428d48fed691850bfc`
1. Plain text. e.g. `123456`
__WARNING__: MD5, PLAIN-MD5 and plain password are weak, please don't use them.
__NOTES__:
* `BCRYPT` is only available on BSD systems, because libc shipped in Linux
* `BCRYPT` is only available on BSD systems, because `libc` shipped in Linux
doesn't support bcrypt.
## Default password schemes used in iRedMail
* For MySQL and PostgreSQL backends:
* in iRedMail-0.8.7 and earlier versions: `MD5`
* in iRedMail-0.9.0 and later versions: `SSHA512`
* in iRedMail-0.8.7 and earlier versions: `salted MD5`
* For LDAP backend: `SSHA`.
@ -53,6 +56,7 @@ __NOTES__:
All mail users are stored in SQL table `vmail.mailbox`, user password is stored
in SQL column `mailbox.password`. For example:
```
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
@ -71,7 +75,7 @@ sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' W
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
```
### For LDAP backends
### For OpenLDAP backend
User password is stored in attribute `userPassword` of user object.

14
html/allow.user.to.send.email.without.authentication.html
View File

@ -1,7 +1,7 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Allow user to send email without authentication</title>
<title>Allow user to send email without smtp authentication</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
@ -10,16 +10,18 @@
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="allow-user-to-send-email-without-authentication">Allow user to send email without authentication</h1>
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>:</p>
<pre><code>fax-machine-12@mydomain.tld OK
</div><h1 id="allow-user-to-send-email-without-smtp-authentication">Allow user to send email without smtp authentication</h1>
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>, list all
users' email addresses which are allowed to send email without smtp
authentication. We use user email address <code>user@example.com</code> for example:</p>
<pre><code>user@example.com OK
</code></pre>
<p>Use postmap to create hash db file:</p>
<p>Create hash db file with <code>postmap</code> command:</p>
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
</code></pre>
<p>Modify Postfix to use this text file: <code>/etc/postfix/main.cf</code></p>
<p>Modify Postfix config file <code>/etc/postfix/main.cf</code> to use this text file:</p>
<pre><code>smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]

4
html/index.html
View File

@ -74,13 +74,13 @@ repository</a>.</p>
<li><a href="completely.disable.amavisd.clamav.spamassassin.html">Completely disable Amavisd + ClamAV + SpamAssassin</a></li>
<li><a href="enable.smtps.html">Enable SMTPS service (SMTP over SSL, port 465)</a></li>
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">Disable spam virus scanning for outgoing mails</a></li>
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</a></li>
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</a></li>
<li><a href="quarantine.clean.mails.per-user.html">Quarantine clean emails sent from/to certain local user</a></li>
<li><a href="quarantining.html">Quarantining</a></li>
<li><a href="sign.dkim.signature.for.new.domain.html">Sign DKIM signature on outgoing emails for new mail domain</a></li>
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without authentication</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without smtp authentication</a></li>
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
<li><a href="change.server.hostname.html">Change server hostname</a></li>
<li><a href="concurrent.processing.html">Process more emails concurrently</a></li>

10
html/mailbox.sharing.html
View File

@ -12,11 +12,11 @@
// <a href="./index.html">Document Index</a>
</div><h1 id="mailbox-sharing-sharing-imap-folder-with-other-users">Mailbox sharing (Sharing IMAP folder with other users)</h1>
<blockquote>
<p>Since iRedMail-<code>0.7.0</code>, mailbox sharing related settings are configured in
Dovecot but not enabled, what you need to do is enabling "acl" plugin as
mentioned below.</p>
<p>Since iRedMail-<code>0.9.0</code>, mailbox sharing are enabled by default, you don't need
to modify any config file.</p>
<p>Since iRedMail-<code>0.7.0</code>, mailbox sharing related settings are configured in
Dovecot but not enabled, what you need to do is enabling <code>acl</code> plugin as
mentioned below.</p>
<p>Do not mistake "shared folders" for "public folders". For shared folders,
users must select which folder they want to share and with who, using an
interface, like IMAP command line or the ones available with Roundcube
@ -53,9 +53,9 @@ protocol imap {
<p>Restarting Dovecot service is required.</p>
<h2 id="test-shared-folder">Test shared folder</h2>
<p>Example: share from@domain.ltd's <code>Sent</code> folder to user <code>testing@domain.ltd</code>.</p>
<p>Example: share <code>from@domain.ltd</code>'s <code>Sent</code> folder to user <code>testing@domain.ltd</code>.</p>
<blockquote>
<p>WARNING: Do not forget the dot before IMAP command.</p>
<p>Attention: Do not forget the dot before IMAP command.</p>
</blockquote>
<pre><code># telnet localhost 143 # &lt;- Type this.
* OK [...] Dovecot ready.

11
html/no.x-spam.headers.html
View File

@ -1,7 +1,7 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</title>
<title>Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</title>
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
</head>
<body>
@ -10,13 +10,18 @@
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="amavisd-spamassassin-not-working-no-mail-header-x-spam-inserted">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</h1>
</div><h1 id="amavisd-spamassassin-not-working-no-mail-header-x-spam-inserted">Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</h1>
<p>Amavisd has below setting in its config file <code>/etc/amavisd/amavisd.conf</code> by default:</p>
<pre><code>$sa_tag_level_deflt = 2.0;
</code></pre>
<p>That means Amavisd will insert <code>X-Spam-Flag</code> and other <code>X-Spam-*</code> headers when email score &gt;= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:</p>
<p>That means Amavisd will insert <code>X-Spam-Flag</code> and other <code>X-Spam-*</code> headers when
email score &gt;= 2.0. If you want Amavisd always insert these headers, please
set it to a low score, for example:</p>
<pre><code>$sa_tag_level_deflt = -999;
</code></pre>
<p>Restarting Amavisd service is required after changed setting.</p>
<p>Amavisd's main config file is different on different Linux/BSD distributions:</p>
<ul>
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>

28
html/password.hashes.html
View File

@ -13,16 +13,19 @@
</div><h1 id="password-hashes">Password hashes</h1>
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
password schemes supported by Dovecot can be used in Postfix. Please refer to
Dovecot wiki page
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a> for more details.</p>
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a>
for more details.</p>
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
<ul>
<li>Plain text. e.g. <code>123456</code></li>
<ol>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
<li>BCRYPT. e.g. <code>{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe</code></li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>
<p>MD5 (salted). For example:</p>
<ul>
<li>(RECOMMENDED) with a prefix: <code>{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>with a prefix: <code>{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>without a prefix: <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
</ul>
<p><strong>Important note</strong>: SOGo groupware doesn't support MD5 without a prefix, so
@ -30,15 +33,14 @@ if you're going to migrate MD5 password hash from old mail server, please
prepend <code>{CRYPT}</code> prefix in password hash.</p>
</li>
<li>
<p>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></p>
<p>PLAIN-MD5 (without a salt). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></p>
</li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
<li>BCRYPT. e.g. <code>{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe</code></li>
</ul>
<li>Plain text. e.g. <code>123456</code></li>
</ol>
<p><strong>WARNING</strong>: MD5, PLAIN-MD5 and plain password are weak, please don't use them.</p>
<p><strong>NOTES</strong>:</p>
<ul>
<li><code>BCRYPT</code> is only available on BSD systems, because libc shipped in Linux
<li><code>BCRYPT</code> is only available on BSD systems, because <code>libc</code> shipped in Linux
doesn't support bcrypt.</li>
</ul>
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
@ -46,8 +48,8 @@ prepend <code>{CRYPT}</code> prefix in password hash.</p>
<li>
<p>For MySQL and PostgreSQL backends:</p>
<ul>
<li>in iRedMail-0.8.7 and earlier versions: <code>MD5</code></li>
<li>in iRedMail-0.9.0 and later versions: <code>SSHA512</code></li>
<li>in iRedMail-0.8.7 and earlier versions: <code>salted MD5</code></li>
</ul>
</li>
<li>
@ -82,7 +84,7 @@ sql&gt; UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJt
<pre><code>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
</code></pre>
<h3 id="for-ldap-backends">For LDAP backends</h3>
<h3 id="for-openldap-backend">For OpenLDAP backend</h3>
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
<ul>
<li>To store plain password, SSHA, SSHA512 password hash, just store them in

16
html/reset.user.password.html
View File

@ -20,26 +20,16 @@
<p>With MySQL or PostgreSQL backends, you can generate a password hash with
<code>openssl</code> or <code>doveadm</code> command first, then replace old one with this newly
generated one.</p>
<p>For example:</p>
<ul>
<li>Generate a salted MD5 password hash with <code>openssl</code> (plain password is <code>123456</code>
in this case):</li>
</ul>
<pre><code>$ openssl passwd -1 123456
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0
</code></pre>
<p>Or, generate password hash with <code>doveadm</code>:</p>
<p>For example: generate a SSHA512 password hash with <code>doveadm</code>:</p>
<pre><code>$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
</code></pre>
<ul>
<li>Reset password for user <code>user@domain.ltd</code> and <code>another-user@domain.ltd</code>:</li>
<li>Reset password for user <code>user@domain.ltd</code>:</li>
</ul>
<pre><code>sql&gt; USE vmail;
sql&gt; UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
sql&gt; UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';
sql&gt; UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
</code></pre>
<p>With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client

35
html/zh_CN/allow.member.to.send.email.as.mail.list.html Normal file
View File

@ -0,0 +1,35 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>允许列表成员以列表邮件地址作为发件人发送邮件</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="_1">允许列表成员以列表邮件地址作为发件人发送邮件</h1>
<p>要允许列表成员以列表邮件地址作为发件人发送邮件,请按照以下步骤操作:</p>
<ul>
<li>在 Postfix 配置文件 <code>/etc/postfix/main.cf</code> 中移除参数 <code>reject_sender_login_mismatch</code></li>
<li>在 iRedAPD 配置文件 <code>/opt/iredapd/settings.py</code> 中启用插件 <code>reject_sender_login_mismatch</code></li>
<li>在 iRedAPD 配置文件 <code>/opt/iredapd/settings.py</code> 中添加如下参数,允许列表成员
以列表邮件地址作为发件人发送邮件:</li>
</ul>
<pre><code>ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
</code></pre>
<ul>
<li>修改后需要重启 Postfix 和 iRedAPD 服务。</li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

40
html/zh_CN/allow.user.to.send.email.without.authentication.html Normal file
View File

@ -0,0 +1,40 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>允许用户无需身份验证发送邮件</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="_1">允许用户无需身份验证发送邮件</h1>
<p>创建文本文件 <code>/etc/postfix/accepted_unauth_senders</code>,列出无需身份验证就可以
发送邮件的用户邮件地址。下面以用户 <code>user@example.com</code> 为例:</p>
<pre><code>user@example.com OK
</code></pre>
<p>使用 <code>postmap</code> 命令建立哈希数据库文件:</p>
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
</code></pre>
<p>修改 Postfix 配置文件 <code>/etc/postfix/main.cf</code> 以使用该文件:</p>
<pre><code>smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]
</code></pre>
<p>重启 postfix 服务以使设置生效:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

60
html/zh_CN/change.server.hostname.html Normal file
View File

@ -0,0 +1,60 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>修改服务器主机名</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="_1">修改服务器主机名</h1>
<p>要在安装 iRedMail 后修改服务器的主机名,请将以下文件中的旧主机名改为新主机名:</p>
<h2 id="_2">系统配置文件</h2>
<ul>
<li>
<p><code>/etc/hosts</code></p>
</li>
<li>
<p>Debian/Ubuntu: <code>/etc/hostname</code></p>
</li>
<li>Debian/Ubuntu: <code>/etc/mailname</code></li>
</ul>
<h2 id="postfix">Postfix</h2>
<ul>
<li><code>/var/spool/postfix/etc/hosts</code></li>
<li><code>/etc/postfix/main.cf</code> (Linux/OpenBSD) 或者 <code>/usr/local/etc/postfix/main.cf</code> (FreeBSD)</li>
</ul>
<h2 id="awstats">Awstats</h2>
<ul>
<li><code>/etc/awstats/awstats.web.conf</code></li>
<li><code>/etc/awstats/awstats.smtp.conf</code></li>
</ul>
<h2 id="apache">Apache</h2>
<ul>
<li>RHEL/CentOS: <code>/etc/httpd/conf/httpd.conf</code></li>
<li>Debian/Ubuntu: <code>/etc/apache2/apache.conf</code></li>
</ul>
<h2 id="amavisd">Amavisd</h2>
<ul>
<li>RHEL/CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
<li>Debian/Ubuntu: <code>/etc/amavis/conf.d/50-user</code></li>
<li>FreeBSD: <code>/usr/local/etc/amavisd.conf</code></li>
</ul>
<h2 id="sogo">SOGO</h2>
<ul>
<li><code>/etc/httpd/conf.d/SOGo.conf</code></li>
<li><code>/etc/apache2/conf.d/SOGo.conf</code></li>
<li><code>/etc/apache2/conf-available/SOGo.conf</code></li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

12
html/zh_CN/index.html
View File

@ -8,11 +8,21 @@
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
</div><h3 id="how-to">How to</h3>
</div><ul>
<li><a href="password.hashes.html">密码</a></li>
</ul>
<h3 id="how-to">How to</h3>
<ul>
<li><a href="change.mail.attachment.size.html">修改邮件附件大小</a></li>
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">禁用发件的垃圾邮件、病毒扫描功能</a></li>
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入</a></li>
<li><a href="allow.member.to.send.email.as.mail.list.html">允许列表成员以列表邮件地址作为发件人发送邮件</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">允许用户无需身份验证发送邮件</a></li>
<li><a href="change.server.hostname.html">修改服务器主机名</a></li>
<li><a href="disable.greylisting.html">禁用 Clubbringer 提供的灰名单服务</a></li>
<li><a href="ignore.trash.folder.in.quota.html">在邮箱配额中忽略垃圾箱目录</a></li>
<li><a href="mailbox.sharing.html">共享邮箱(将 IMAP 目录共享给其他用户)</a></li>
<li><a href="reset.user.password.html">重置用户密码</a></li>
<li><a href="use.a.bought.ssl.certificate.html">使用购买的 SSL 证书</a></li>
</ul>
<h3 id="_1">排错与调试</h3>

116
html/zh_CN/mailbox.sharing.html Normal file
View File

@ -0,0 +1,116 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>共享邮箱(将 IMAP 目录共享给其他用户)</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="imap">共享邮箱(将 IMAP 目录共享给其他用户)</h1>
<blockquote>
<p>自 iRedMail-<code>0.9.0</code>版起,共享邮箱功能默认开户,用户不需要任何额外的配置。</p>
<p>自 iRedMail-<code>0.7.0</code> 版起Dovecot 已包含共享邮箱的相关设置,但没有启用。
只需要按照以下文档中启用 <code>acl</code> 插件的步骤即可启用该功能。</p>
<p>请勿将<code>共享目录</code>误理解为<code>公共目录</code>的概念混淆。对于共享目录而言,用户必须
选择一个要共享的目录并指定共享给谁。</p>
</blockquote>
<h2 id="_1">共享邮箱</h2>
<p>要开启邮箱共享功能,请确保 <code>acl</code> 插件已在Dovecot 的配置文件
<code>/etc/dovecot/dovecot.conf</code> 里启用。以下是配置示例:</p>
<ul>
<li>Dovecot-1.2 版:</li>
</ul>
<pre><code># Part of file: /etc/dovecot/dovecot.conf
protocol lda {
mail_plugins = ... acl
}
protocol imap {
mail_plugins = ... acl imap_acl
}
</code></pre>
<ul>
<li>Dovecot-2.x 版:</li>
</ul>
<pre><code># Part of file: /etc/dovecot/dovecot.conf
mail_plugins = ... acl
protocol imap {
mail_plugins = ... imap_acl
}
</code></pre>
<p>修改后需重启 Dovecot 服务,以使配置生效。</p>
<h2 id="_2">测试共享目录</h2>
<p>示例:将用户 <code>from@domain.ltd</code><code>Sent</code> 目录共享给用户 <code>testing@domain.ltd</code></p>
<blockquote>
<p>注意:不要遗漏 IMAP 命令前面的点 <code>.</code> 号。</p>
</blockquote>
<pre><code># telnet localhost 143 # &lt;- 输入此命令
* OK [...] Dovecot ready.
. login from@domain.ltd passwd # &lt;- 输入此命令
# 使用完整邮件地址和密码登陆
. OK [... ACL ..] Logged in
. SETACL Sent testing@domain.ltd rli # &lt;- 输入此命令
# 将 Sent 目录共享给 testing@domain.ltd
# 具体权限为:读(r, read),查询(l, lookup),插入新邮件(i, insert)。
. OK Setacl complete.
^] # &lt;- 按 `Ctrl + ]` 组合键退出 telnet 程序。
telnet&gt; quit
</code></pre>
<p>以用户 <code>testing@domain.ltd</code> 身份登录 Roundcube 或 SOGo webmail即可看到共享的目录。</p>
<p>额外信息:</p>
<ul>
<li>
<p>使用 <code>SETACL</code> 命令共享目录后, Dovecot 会在 MySQL 数据库中插入一条记录。</p>
<ul>
<li>对于采用 OpenLDAP 后端的用户,此记录保存在 SQL 表 <code>iredadmin.share_folder</code> 中。</li>
<li>对于采用 MySQL/MariaDB/PostgreSQL 后端的用户,此记录保存在 <code>vmail.share_folder</code> 中。</li>
</ul>
</li>
</ul>
<pre><code># mysql -uroot -p
mysql&gt; USE vmail;
mysql&gt; SELECT * FROM share_folder;
+-----------------+--------------------+-------+
| from_user | to_user | dummy |
+-----------------+--------------------+-------+
| from@domain.ltd | testing@domain.ltd | 1 |
+-----------------+--------------------+-------+
</code></pre>
<h2 id="_3">参考资料</h2>
<ul>
<li>
<p>Dovecot wiki</p>
<ul>
<li><a href="http://wiki2.dovecot.org/SharedMailboxes/Shared">共享邮箱 (v2.0+)</a></li>
<li><a href="http://wiki.dovecot.org/SharedMailboxes/Shared">共享邮箱 (v1.2+)</a></li>
</ul>
</li>
<li>
<p>Roundcubemail 有官方插件 <code>acl</code> 用来管理邮箱共享。</p>
</li>
<li>SOGo 邮箱组件默认支持邮箱共享:右击 IMAP 文件夹,选择 <code>Sharing</code></li>
<li>Thunderbird 客户端可以使用 <a href="https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/">Imap-ACL-Extension 插件</a>管理共享邮箱</li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

39
html/zh_CN/no.x-spam.headers.html Normal file
View File

@ -0,0 +1,39 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="amavisd-spamassassin-x-spam-">Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入</h1>
<p>在 Amavisd 的配置文件 <code>/etc/amavisd/amavisd.conf</code> 中有如下默认设置:</p>
<pre><code>$sa_tag_level_deflt = 2.0;
</code></pre>
<p>该设置表示 Amavisd 在邮件评分 &gt;= 2.0 时会在邮件头mail header里插入
<code>X-Spam-Flag</code> 及其它的 <code>X-Spam-*</code> 信息。要让 Amavisd 总是插入 <code>X-Spam-*</code> 邮件头,
将上面的参数设成一个更低的值即可。例如:</p>
<pre><code>$sa_tag_level_deflt = -999;
</code></pre>
<p>修改后需要重启 Amavisd 服务。</p>
<p>Amavisd 的主配置文件在不同的 Linux/BSD 系统上路径不同:</p>
<ul>
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
<li>Debian, Ubuntu: <code>/etc/amavis/conf.d/50-user</code> (其它配置文件均在 <code>/etc/amavs/conf.d/</code> 目录下)</li>
<li>FreeBSD: <code>/usr/local/etc/amavisd/amavisd.conf</code></li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

113
html/zh_CN/password.hashes.html Normal file
View File

@ -0,0 +1,113 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>密码</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="_1">密码</h1>
<h2 id="iredmail">iRedMail 支持的密码</h2>
<p>在 iRedMail 中Doevcot 被配置为 Postfix 的 SASL 认证服务器因此Dovecot 支持
的所有密码格式都可以在 Postfix (SMTP 服务)中使用。 查看 Dovecot 的 wiki 页面
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes">Password Schemes</a>
获取更多信息。</p>
<p>iRedAdmin-Pro 支持以下密码格式,因此你可以使用给用户使用下列任意一种。</p>
<ol>
<li>SSHA512例如 <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
<li>BCRYPT例如 <code>{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe</code></li>
<li>SSHA例如 <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>
<p>MD5salted。例如</p>
<ul>
<li>带有前缀:<code>{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>不带前缀:<code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
</ul>
<p><strong>重要提示</strong>: SOGo 不支持不带前缀的 MD5 密码,因此,当你打算从旧邮件服务器
上迁移密码数据时,请预先加上 <code>{CRYPT}</code> 前缀。</p>
</li>
<li>
<p>PLAIN-MD5 (不带 salt),例如:<code>0d2bf3c712402f428d48fed691850bfc</code></p>
</li>
<li>明文密码。例如: <code>123456</code></li>
</ol>
<p><strong>警告</strong>MD5, PLAIN-MD5 和明文密码都不安全,请尽可能不要使用它们。</p>
<p><strong>注意</strong>:</p>
<ul>
<li><code>BCRYPT</code> 目前仅在 BSD 平台上有效,因为 Linux 系统带的 <code>libc</code> 函数库不支持 bcrypt。</li>
</ul>
<h2 id="iredmail_1">iRedMail 中默认使用的密码</h2>
<ul>
<li>
<p>对于采用 MySQL 和 PostgreSQL 后端而言:</p>
<ul>
<li>iRedMail-0.9.0 及后续新版本:<code>SSHA512</code></li>
<li>iRedMail-0.8.7 及更早版本:<code>MD5</code></li>
</ul>
</li>
<li>
<p>LDAP 后端:<code>SSHA</code>.</p>
<p>OpenLDAP 内建的密码验证不支持直接验证 SHA-2 格式密码,因此,如果你有第三方
程序需要使用 OpenLDAP 内建的密码验证机制,建议使用 <code>SSHA</code></p>
<p>如果你没有这方面的顾虑,可以使用 <code>SSHA512/BCRYPT</code> 来保存用户密码,同时
<code>/etc/dovecot/dovecot.conf</code> 里设置 <code>ldap_bind = no</code>。SMTP/IMAP/POP3
服务都能正常工作但是Apache 的基础认证basic auth则不行。</p>
</li>
</ul>
<h2 id="iredmail_2">如何在 iRedMail 中使用不同的哈希密码</h2>
<h3 id="mysql-postgresql">对于采用 MySQL 和 PostgreSQL 后端的用户</h3>
<p>所有的邮箱用户账户存放于 SQL 表 <code>vmail.mailbox</code> 中,用户密码则存放于
<code>mailbox.password</code> 字段中。例如:</p>
<pre><code>sql&gt; UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql&gt; UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql&gt; UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
</code></pre>
<ul>
<li>要保存 PLAIN-MD5 ,需要加上 <code>{PLAIN-MD5}</code> 前缀:</li>
</ul>
<pre><code>sql&gt; UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
</code></pre>
<ul>
<li>要保存明文密码,需要加上 <code>{PLAIN}</code> 前缀:</li>
</ul>
<pre><code>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
</code></pre>
<h3 id="openldap">对于采用 OpenLDAP 后端的用户</h3>
<p>用户密码存储于用户的 <code>userPassword</code> 属性中。</p>
<ul>
<li>要保存明文密码SSHASSHA512 哈希密码,只需要直接按原有格式保存即可。例如:</li>
</ul>
<pre><code>userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs...
</code></pre>
<ul>
<li>要保存标准的 MD5 哈希值密码salted MD5 hash请在密码前加上 <code>{CRYPT}</code>
前缀(不区分大小写)。例如:</li>
</ul>
<pre><code>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250
</code></pre>
<p><strong>重要提示</strong> If you want to input password hash with phpLDAPadmin,
please choose <code>clear</code> in the password hash list, then input password hash.</p>
<h2 id="_2">参考资料</h2>
<ul>
<li><a href="./reset.user.password.html">重置用户密码</a></li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

55
html/zh_CN/reset.user.password.html Normal file
View File

@ -0,0 +1,55 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>重置用户密码</title>
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="_1">重置用户密码</h1>
<blockquote>
<ul>
<li>SQL 版本推荐使用 SSHA512 密码。没有特殊情况请不要使用 MD5 密码。</li>
<li>BSD 系统的 SQL 后端推荐使用 BCRYPT 密码。</li>
</ul>
</blockquote>
<p>对于 MySQL 或者 PostgreSQL 后端,可以使用 <code>openssl</code><code>doveadm</code> 命令来生成
密码,然后用它替换掉旧密码。</p>
<p>例如:使用 <code>doveadm</code> 命令生成一个 SSHA512 密码:</p>
<pre><code>$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
</code></pre>
<ul>
<li>为用户 <code>user@domain.ltd</code> 重置密码:</li>
</ul>
<pre><code>sql&gt; USE vmail;
sql&gt; UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
</code></pre>
<p>OpenLDAP 后端用户可以使用 phpLDAPadmin 或其它 LDAP 客户端工具。如果有其它
程序需要通过 LDAP 做验证,建议使用 <code>SSHA</code> 密码以保证通用性,不是所有程序都支持
SSHA512。</p>
<p>作为一种临时方案,可以重置为明文密码,然后立即登录 Roundcube webmail 或
启用了自助服务 (self-service) 功能的 iRedAdmin-Pro 修改密码。
例如:</p>
<pre><code>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
</code></pre>
<h2 id="_2">参考资料</h2>
<ul>
<li><a href="./password.hashes.html">iRedMail 支持的哈希密码</a></li>
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
ga('create', 'UA-3293801-21', 'auto');
ga('send', 'pageview');
</script>
</body></html>

20
zh_CN/howto/2-no.x-spam.headers.md
View File

@ -1,15 +1,23 @@
# Amavisd + SpamAssassin 失效,邮件头无 (X-Spam-*) 信息插入
# Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入
在 Amavisd 的配置文件 `/etc/amavisd/amavisd.conf` 中有如下默认设置:
$sa_tag_level_deflt = 2.0;
```
$sa_tag_level_deflt = 2.0;
```
即 Amavisd 将在邮件评分 >= 2.0 时在邮件头插入 `X-Spam-Flag` 及其他的 `X-Spam-*` 信息。假如想让 Amavisd 总是在邮件头插入前述信息,将参数评分设成一个更低的值即可,例如:
该设置表示 Amavisd 在邮件评分 >= 2.0 时会在邮件头mail header里插入
`X-Spam-Flag` 及其它的 `X-Spam-*` 信息。要让 Amavisd 总是插入 `X-Spam-*` 邮件头,
将上面的参数设成一个更低的值即可。例如:
$sa_tag_level_deflt = -999;
```
$sa_tag_level_deflt = -999;
```
Amavisd 的主配置文件在不同版本的 Linux/BSD 系统上分布路径如下:
修改后需要重启 Amavisd 服务。
Amavisd 的主配置文件在不同的 Linux/BSD 系统上路径不同:
* Red Hat, CentOS, OpenBSD: `/etc/amavisd/amavisd.conf`
* Debian, Ubuntu: `/etc/amavis/conf.d/50-user` (and other config files under `/etc/amavs/conf.d/`)
* Debian, Ubuntu: `/etc/amavis/conf.d/50-user` (其它配置文件均在 `/etc/amavs/conf.d/` 目录下)
* FreeBSD: `/usr/local/etc/amavisd/amavisd.conf`

14
zh_CN/howto/allow.member.to.send.email.as.mail.list.md
View File

@ -1,14 +1,14 @@
# Allow member to send email as mailing list or mail alias
# 允许列表成员以列表邮件地址作为发件人发送邮件
To allow member of mailing list (or mail alias) account to send email as this
mailing list (or mail alias), please follw steps below:
要允许列表成员以列表邮件地址作为发件人发送邮件,请按照以下步骤操作:
* 将参数 `reject_sender_login_mismatch` 从 Postfix 配置文件 `/etc/postfix/main.cf` 中移除。
* 更改 iRedAPD 配置文件 `/opt/iredapd/settings.py` 中的参数 `reject_sender_login_mismatch` ,以启用 iRedAPD 插件。
* 在配置文件 `/opt/iredapd/settings.py` 中添加如下参数,允许成员按发件列表或者邮件别名来发送邮件:
* 在 Postfix 配置文件 `/etc/postfix/main.cf` 中移除参数 `reject_sender_login_mismatch`
* 在 iRedAPD 配置文件 `/opt/iredapd/settings.py` 中启用插件 `reject_sender_login_mismatch`
* 在 iRedAPD 配置文件 `/opt/iredapd/settings.py` 中添加如下参数,允许列表成员
以列表邮件地址作为发件人发送邮件:
```
ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
```
* 之后重启 Postfix 和 iRedAPD 服务器
* 修改后需要重启 Postfix 和 iRedAPD 服务

13
zh_CN/howto/allow.user.to.send.email.without.authentication.md
View File

@ -1,26 +1,27 @@
# 允许用户无需身份验证发送邮件
创建一个文本文件 `/etc/postfix/accepted_unauth_senders` :
创建文本文件 `/etc/postfix/accepted_unauth_senders`,列出无需身份验证就可以
发送邮件的用户邮件地址。下面以用户 `user@example.com` 为例:
```
fax-machine-12@mydomain.tld OK
user@example.com OK
```
使用 postmap 命令建立一个哈希库文件:
使用 `postmap` 命令建立哈希数据库文件:
```
# postmap hash:/etc/postfix/accepted_unauth_senders
```
修改 Postfix 服务调用此文件: `/etc/postfix/main.cf`
修改 Postfix 配置文件 `/etc/postfix/main.cf` 以使用该文件:
```
smtpd_sender_restrictions =
smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]
```
重启/重新装载 postfix 服务以使设置生效:
重启 postfix 服务以使设置生效:
```
# /etc/init.d/postfix restart

5
zh_CN/howto/change.server.hostname.md
View File

@ -1,6 +1,6 @@
# 更改邮件服务器主机名
# 修改服务器主机名
要在 iRedMail 被安装后更改服务器的主机名,要将以下文件中的主机名更改为新主机名:
要在安装 iRedMail 后修改服务器的主机名,请将以下文件中的旧主机名改为新主机名:
## 系统配置文件
@ -35,4 +35,3 @@
* `/etc/httpd/conf.d/SOGo.conf`
* `/etc/apache2/conf.d/SOGo.conf`
* `/etc/apache2/conf-available/SOGo.conf`

51
zh_CN/howto/mailbox.sharing.md
View File

@ -1,20 +1,20 @@
# 共享邮箱(和其他用户共享 IMAP 目录)
> 自 iRedMail-`0.7.0` 版起,共享邮箱的相关设置被配置于 Dovecot 中,但是没有启用。
> 以下是开启此 "acl" 插件功能的方法。
# 共享邮箱(将 IMAP 目录共享给其他用户)
> 自 iRedMail-`0.9.0`版起,共享邮箱功能默认开户,用户不需要任何额外的配置。
> 请勿将“共享目录”和“公共目录”的概念混淆。对于共享目录而言用户必须选择一个要共享的目录并指定共享给谁。Do not mistake "shared folders" for "public folders". For shared folders,
> users must select which folder they want to share and with who, using an
> interface, like IMAP command line or the ones available with Roundcube
> webmail or SOGo and SOGo connectors.
> 自 iRedMail-`0.7.0` 版起Dovecot 已包含共享邮箱的相关设置,但没有启用。
> 只需要按照以下文档中启用 `acl` 插件的步骤即可启用该功能。
## 开户邮箱共享
> 请勿将`共享目录`误理解为`公共目录`的概念混淆。对于共享目录而言,用户必须
> 选择一个要共享的目录并指定共享给谁。
要开启邮箱共享功能,请确保 Dovecot 中位于 `/etc/dovecot/dovecot.conf` 路径的配置文件中的 `acl` 插件参数为启用状态,如下所示:
## 共享邮箱
要开启邮箱共享功能,请确保 `acl` 插件已在Dovecot 的配置文件
`/etc/dovecot/dovecot.conf` 里启用。以下是配置示例:
* Dovecot-1.2 版:
```
# Part of file: /etc/dovecot/dovecot.conf
@ -28,6 +28,7 @@ protocol imap {
```
* Dovecot-2.x 版:
```
# Part of file: /etc/dovecot/dovecot.conf
@ -42,34 +43,34 @@ protocol imap {
## 测试共享目录
例如:将用户 share from@domain.ltd`Sent` 目录共享给用户 `testing@domain.ltd`
示例:将用户 `from@domain.ltd``Sent` 目录共享给用户 `testing@domain.ltd`
> 警告:不要遗漏 IMAP 命令前面的点 `.` 号。
> 注意:不要遗漏 IMAP 命令前面的点 `.` 号。
```
# telnet localhost 143 # <- Type this.
# telnet localhost 143 # <- 输入此命令
* OK [...] Dovecot ready.
. login from@domain.ltd passwd # <- Type this.
# Login with full email address and password
. login from@domain.ltd passwd # <- 输入此命令
# 使用完整邮件地址和密码登陆
. OK [... ACL ..] Logged in
. SETACL Sent testing@domain.ltd rli # <- Type this.
# Share folder `Sent` with user testing@domain.ltd,
# with permissions: read (r), lookup (l) and insert (i).
. SETACL Sent testing@domain.ltd rli # <- 输入此命令
# 将 Sent 目录共享给 testing@domain.ltd
# 具体权限为:读(r, read),查询(l, lookup),插入新邮件(i, insert)。
. OK Setacl complete.
^] # <- Press `Ctrl + ]` to exit telnet.
^] # <- `Ctrl + ]` 组合键退出 telnet 程序
telnet> quit
```
以用户 `testing@domain.ltd` 身份登录 Roundcube 网页邮箱或 SOGo 网页邮箱,即可看到共享的目录。
以用户 `testing@domain.ltd` 身份登录 Roundcube 或 SOGo webmail,即可看到共享的目录。
额外信息:
* 使用 `SETACL` 命令共享目录后, Dovecot 会在 MySQL 数据库中插入一条记录。
* 对于采用 OpenLDAP 后端的用户,此记录保存在 `iredadmin.share_folder` 中。
* 对于采用 OpenLDAP 后端的用户,此记录保存在 SQL 表 `iredadmin.share_folder` 中。
* 对于采用 MySQL/MariaDB/PostgreSQL 后端的用户,此记录保存在 `vmail.share_folder` 中。
```
@ -85,11 +86,11 @@ mysql> SELECT * FROM share_folder;
## 参考资料
* Dovecot wiki百科
* Dovecot wiki
* [用户间共享邮箱 (v2.0+)](http://wiki2.dovecot.org/SharedMailboxes/Shared)
* [用户间共享邮箱 (v1.2+)](http://wiki.dovecot.org/SharedMailboxes/Shared)
* [共享邮箱 (v2.0+)](http://wiki2.dovecot.org/SharedMailboxes/Shared)
* [共享邮箱 (v1.2+)](http://wiki.dovecot.org/SharedMailboxes/Shared)
* Roundcubemail 有官方插件 `acl` 用来管理邮箱共享。
* SOGo 邮箱组件默认支持邮箱共享:右击 IMAP 文件夹,选择 `Sharing`
* [Imap-ACL-Extension for Thunderbird](https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/), manage acls/permissions for shared mailboxes/folders on imap servers.
* Thunderbird 客户端可以使用 [Imap-ACL-Extension 插件](https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/)管理共享邮箱

35
zh_CN/howto/reset.user.password.md
View File

@ -1,44 +1,37 @@
# 重置用户密码
> * SQL 后台推荐使用 SSHA512 编译的密码,没有特别的原因不要使用 MD5 值作为密码。
> * BSD 系统的 SQL 后端推荐使用 BCRYPT 编译密码。
> * SQL 版本推荐使用 SSHA512 密码。没有特殊情况请不要使用 MD5 密码。
> * BSD 系统的 SQL 后端推荐使用 BCRYPT 密码。
对于 MySQL 或者 PostgreSQL 后端,可以使用 `openssl``doveadm` 命令来生成一个密码哈希值,然后用它来替换旧的密码。
对于 MySQL 或者 PostgreSQL 后端,可以使用 `openssl``doveadm` 命令来生成
密码,然后用它替换掉旧密码。
例如:
* 用 `openssl` 生成一个 MD5 哈希密码(本例中使用一个非常简单的密码 `123456`
```
$ openssl passwd -1 123456
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0
```
或者,使用 `doveadm` 命令来生成:
例如:使用 `doveadm` 命令生成一个 SSHA512 密码:
```
$ doveadm pw -s 'ssha512' -p '123456'
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
```
* 为用户 `user@domain.ltd` `another-user@domain.ltd` 重置密码:
* 为用户 `user@domain.ltd` 重置密码:
```
sql> USE vmail;
sql> UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
```
OpenLDAP 后端用户可以使用 phpLDAPadmin 重置密码,或者使用其他的 LDAP 客户端工具。 `SSHA` is preferred if you have other applications to authenticate
users against OpenLDAP.
OpenLDAP 后端用户可以使用 phpLDAPadmin 或其它 LDAP 客户端工具。如果有其它
程序需要通过 LDAP 做验证,建议使用 `SSHA` 密码以保证通用性,不是所有程序都支持
SSHA512。
使用一组简单的临时密码用来登录 Roundcube 网页邮箱或者 iRedMail-Pro已启用自助服务功能后台是没有问题的但登录后应立即更改密码。
作为一种临时方案,可以重置为明文密码,然后立即登录 Roundcube webmail 或
启用了自助服务 (self-service) 功能的 iRedAdmin-Pro 修改密码。
例如:
```
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
```
## 另请参阅
## 参考资料
* [iRedMail 使用/支持的哈希密码](./password.hashes.html)
* [iRedMail 支持的哈希密码](./password.hashes.html)

74
zh_CN/migrations/password.hashes.md
View File

@ -1,68 +1,80 @@
# 哈希密码
# 密码
## iRedMail 使用/支持的哈希密码
## iRedMail 支持的密码
在 iRedMail 中, Doevcot 被配置为 Postfix 的 SASL简单认证与安全层认证服务器因此所有被 Dovecot 支持的密码设定都可以在 iRedMail 中使用。 请参考 Dovecot 的 Wiki 页面:[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes) ,以获取更多的信息。
在 iRedMail 中Doevcot 被配置为 Postfix 的 SASL 认证服务器因此Dovecot 支持
的所有密码格式都可以在 Postfix (SMTP 服务)中使用。 查看 Dovecot 的 wiki 页面
[Password Schemes](http://wiki2.dovecot.org/Authentication/PasswordSchemes)
获取更多信息。
下列密码设定均可在 iRedMail-Pro 中使用(就是说可以采用其中任意一种方式来添加新邮箱用户):
iRedAdmin-Pro 支持以下密码格式,因此你可以使用给用户使用下列任意一种。
* 简单文本。例如: `123456`
* MD5 salted。例如
1. SSHA512例如 `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
1. BCRYPT例如 `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
1. SSHA例如 `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
1. MD5salted。例如
* (推荐)带有前缀: `{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
* 没有前缀: `$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
* 带有前缀:`{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
* 不带前缀:`$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
__重要提示__: SOGo 组件不支持没有前缀的 MD5 哈希值,因此,当你打算从旧邮件服务器上迁移密码数据时,请预先加上 `{CRYPT}` 前缀。
__重要提示__: SOGo 不支持不带前缀的 MD5 密码,因此,当你打算从旧邮件服务器
上迁移密码数据时,请预先加上 `{CRYPT}` 前缀。
* PLAIN-MD5 (unsalted MD5),例如: `0d2bf3c712402f428d48fed691850bfc`
* SSHA例如 `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
* SSHA512例如 `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
* BCRYPT例如 `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
1. PLAIN-MD5 (不带 salt),例如:`0d2bf3c712402f428d48fed691850bfc`
1. 明文密码。例如: `123456`
__警告__MD5, PLAIN-MD5 和明文密码都不安全,请尽可能不要使用它们。
__注意__:
* `BCRYPT` 仅在 BSD 平台上有效,因数在 Linux 系统上装载的函数库不支持 bcrypt 编码
* `BCRYPT` 目前仅在 BSD 平台上有效,因为 Linux 系统带的 `libc` 函数库不支持 bcrypt
## iRedMail 中默认使用的密码设定
## iRedMail 中默认使用的密码
* 对于采用 MySQL 和 PostgreSQL 后端而言:
* iRedMail-0.8.7 及更早版本: `MD5`
* iRedMail-0.9.0 及更新版本: `SSHA512`
* iRedMail-0.9.0 及后续新版本:`SSHA512`
* iRedMail-0.8.7 及更早版本:`MD5`
* 对于采用 LDAP 后端而言 `SSHA`.
* LDAP 后端:`SSHA`.
OpenLDAP 内建的密码验证并不直接支持 SHA-2 格式密码,因此,如果你采用的第三方程序需要使用 OpenLDAP 内建的密码验证,那么最好使用 `SSHA` 哈希密码。
如果你没有这方面的问题,那么可使用 `SSHA512/BCRYPT` 哈希码来保存邮箱用户密码,同时,修改配置文件 `/etc/dovecot/dovecot.conf` 中的参数为 `ldap_bind = no` 。至此, SMTP/IMAP/POP3 服务都能良好的工作在此配置下,但是, Apache 的基础认证则不行。
OpenLDAP 内建的密码验证不支持直接验证 SHA-2 格式密码,因此,如果你有第三方
程序需要使用 OpenLDAP 内建的密码验证机制,建议使用 `SSHA`
如果你没有这方面的顾虑,可以使用 `SSHA512/BCRYPT` 来保存用户密码,同时
`/etc/dovecot/dovecot.conf` 里设置 `ldap_bind = no`。SMTP/IMAP/POP3
服务都能正常工作但是Apache 的基础认证basic auth则不行。
## 如何在 iRedMail 中使用不同的哈希密码
### 对于采用 MySQL 和 PostgreSQL 后端的用户
所有的邮箱用户账户存放于 SQL 数据表 `vmail.mailbox` 中,用户密码则存放于 SQL 列 `mailbox.password` 中。例如:
所有的邮箱用户账户存放于 SQL 表 `vmail.mailbox` 中,用户密码则存放于
`mailbox.password` 字段中。例如:
```
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
```
* 要保存 PLAIN-MD5 需要在哈希密码值前加上前缀 `{PLAIN-MD5}`
* 要保存 PLAIN-MD5 ,需要加上 `{PLAIN-MD5}` 前缀
```
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
```
* 要保存文密码,需要加上 `{PLAIN}` 前缀:
* 要保存文密码,需要加上 `{PLAIN}` 前缀:
```
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
```
### 对于采用 LDAP 后端的用户
### 对于采用 OpenLDAP 后端的用户
用户密码被存放于用户对象`userPassword` 属性中。
用户密码存储于用户`userPassword` 属性中。
* 要保存文密码SSHASSHA512哈希密码只需要直接按原有格式保存即可。例如
* 要保存文密码SSHASSHA512 哈希密码,只需要直接按原有格式保存即可。例如:
```
userPassword: 123456
@ -70,12 +82,16 @@ userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs...
```
* 要保存标准的 MD5 哈希值密码salted MD5 hash请在哈希密码前加上前缀 `{CRYPT}` (不区分大小写)。例如:
```userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250```
* 要保存标准的 MD5 哈希值密码salted MD5 hash请在密码前加上 `{CRYPT}`
前缀(不区分大小写)。例如:
```
userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250
```
__重要提示__ If you want to input password hash with phpLDAPadmin,
please choose `clear` in the password hash list, then input password hash.
## 另请参阅
## 参考资料
* [重置用户密码](./reset.user.password.html)