???????
This commit is contained in:
parent
77b5a53fd1
commit
abfd7605d5
|
@ -1,12 +1,20 @@
|
||||||
# Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.
|
# Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted
|
||||||
|
|
||||||
Amavisd has below setting in its config file `/etc/amavisd/amavisd.conf` by default:
|
Amavisd has below setting in its config file `/etc/amavisd/amavisd.conf` by default:
|
||||||
|
|
||||||
$sa_tag_level_deflt = 2.0;
|
```
|
||||||
|
$sa_tag_level_deflt = 2.0;
|
||||||
|
```
|
||||||
|
|
||||||
That means Amavisd will insert `X-Spam-Flag` and other `X-Spam-*` headers when email score >= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:
|
That means Amavisd will insert `X-Spam-Flag` and other `X-Spam-*` headers when
|
||||||
|
email score >= 2.0. If you want Amavisd always insert these headers, please
|
||||||
|
set it to a low score, for example:
|
||||||
|
|
||||||
$sa_tag_level_deflt = -999;
|
```
|
||||||
|
$sa_tag_level_deflt = -999;
|
||||||
|
```
|
||||||
|
|
||||||
|
Restarting Amavisd service is required after changed setting.
|
||||||
|
|
||||||
Amavisd's main config file is different on different Linux/BSD distributions:
|
Amavisd's main config file is different on different Linux/BSD distributions:
|
||||||
|
|
||||||
|
|
|
@ -1,18 +1,20 @@
|
||||||
# Allow user to send email without authentication
|
# Allow user to send email without smtp authentication
|
||||||
|
|
||||||
Create a plain text file: `/etc/postfix/accepted_unauth_senders`:
|
Create a plain text file: `/etc/postfix/accepted_unauth_senders`, list all
|
||||||
|
users' email addresses which are allowed to send email without smtp
|
||||||
|
authentication. We use user email address `user@example.com` for example:
|
||||||
|
|
||||||
```
|
```
|
||||||
fax-machine-12@mydomain.tld OK
|
user@example.com OK
|
||||||
```
|
```
|
||||||
|
|
||||||
Use postmap to create hash db file:
|
Create hash db file with `postmap` command:
|
||||||
|
|
||||||
```
|
```
|
||||||
# postmap hash:/etc/postfix/accepted_unauth_senders
|
# postmap hash:/etc/postfix/accepted_unauth_senders
|
||||||
```
|
```
|
||||||
|
|
||||||
Modify Postfix to use this text file: `/etc/postfix/main.cf`
|
Modify Postfix config file `/etc/postfix/main.cf` to use this text file:
|
||||||
|
|
||||||
```
|
```
|
||||||
smtpd_sender_restrictions =
|
smtpd_sender_restrictions =
|
||||||
|
|
|
@ -36,4 +36,3 @@ files to replace old hostname by the new one:
|
||||||
* `/etc/httpd/conf.d/SOGo.conf`
|
* `/etc/httpd/conf.d/SOGo.conf`
|
||||||
* `/etc/apache2/conf.d/SOGo.conf`
|
* `/etc/apache2/conf.d/SOGo.conf`
|
||||||
* `/etc/apache2/conf-available/SOGo.conf`
|
* `/etc/apache2/conf-available/SOGo.conf`
|
||||||
|
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
# Mailbox sharing (Sharing IMAP folder with other users)
|
# Mailbox sharing (Sharing IMAP folder with other users)
|
||||||
|
|
||||||
> Since iRedMail-`0.7.0`, mailbox sharing related settings are configured in
|
|
||||||
> Dovecot but not enabled, what you need to do is enabling "acl" plugin as
|
|
||||||
> mentioned below.
|
|
||||||
|
|
||||||
> Since iRedMail-`0.9.0`, mailbox sharing are enabled by default, you don't need
|
> Since iRedMail-`0.9.0`, mailbox sharing are enabled by default, you don't need
|
||||||
> to modify any config file.
|
> to modify any config file.
|
||||||
|
|
||||||
|
> Since iRedMail-`0.7.0`, mailbox sharing related settings are configured in
|
||||||
|
> Dovecot but not enabled, what you need to do is enabling `acl` plugin as
|
||||||
|
> mentioned below.
|
||||||
|
|
||||||
> Do not mistake "shared folders" for "public folders". For shared folders,
|
> Do not mistake "shared folders" for "public folders". For shared folders,
|
||||||
> users must select which folder they want to share and with who, using an
|
> users must select which folder they want to share and with who, using an
|
||||||
> interface, like IMAP command line or the ones available with Roundcube
|
> interface, like IMAP command line or the ones available with Roundcube
|
||||||
|
@ -45,9 +45,9 @@ Restarting Dovecot service is required.
|
||||||
|
|
||||||
## Test shared folder
|
## Test shared folder
|
||||||
|
|
||||||
Example: share from@domain.ltd's `Sent` folder to user `testing@domain.ltd`.
|
Example: share `from@domain.ltd`'s `Sent` folder to user `testing@domain.ltd`.
|
||||||
|
|
||||||
> WARNING: Do not forget the dot before IMAP command.
|
> Attention: Do not forget the dot before IMAP command.
|
||||||
|
|
||||||
```
|
```
|
||||||
# telnet localhost 143 # <- Type this.
|
# telnet localhost 143 # <- Type this.
|
||||||
|
|
|
@ -7,29 +7,18 @@ With MySQL or PostgreSQL backends, you can generate a password hash with
|
||||||
`openssl` or `doveadm` command first, then replace old one with this newly
|
`openssl` or `doveadm` command first, then replace old one with this newly
|
||||||
generated one.
|
generated one.
|
||||||
|
|
||||||
For example:
|
For example: generate a SSHA512 password hash with `doveadm`:
|
||||||
|
|
||||||
* Generate a salted MD5 password hash with `openssl` (plain password is `123456`
|
|
||||||
in this case):
|
|
||||||
|
|
||||||
```
|
|
||||||
$ openssl passwd -1 123456
|
|
||||||
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0
|
|
||||||
```
|
|
||||||
|
|
||||||
Or, generate password hash with `doveadm`:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
$ doveadm pw -s 'ssha512' -p '123456'
|
$ doveadm pw -s 'ssha512' -p '123456'
|
||||||
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
||||||
```
|
```
|
||||||
|
|
||||||
* Reset password for user `user@domain.ltd` and `another-user@domain.ltd`:
|
* Reset password for user `user@domain.ltd`:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> USE vmail;
|
sql> USE vmail;
|
||||||
sql> UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
|
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
|
||||||
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';
|
|
||||||
```
|
```
|
||||||
|
|
||||||
With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client
|
With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client
|
||||||
|
|
|
@ -3,38 +3,41 @@
|
||||||
## Password hashes supported by iRedMail
|
## Password hashes supported by iRedMail
|
||||||
|
|
||||||
iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
|
iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
|
||||||
password schemes supported by Dovecot can be used in iRedMail. Please refer to
|
password schemes supported by Dovecot can be used in Postfix. Please refer to
|
||||||
Dovecot wiki page
|
Dovecot wiki page
|
||||||
[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes) for more details.
|
[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes)
|
||||||
|
for more details.
|
||||||
|
|
||||||
Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):
|
Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):
|
||||||
|
|
||||||
* Plain text. e.g. `123456`
|
1. SSHA512. e.g. `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
|
||||||
* MD5 (salted). For example:
|
1. BCRYPT. e.g. `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
|
||||||
|
1. SSHA. e.g. `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
|
||||||
|
1. MD5 (salted). For example:
|
||||||
|
|
||||||
* (RECOMMENDED) with a prefix: `{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
* with a prefix: `{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
||||||
* without a prefix: `$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
* without a prefix: `$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
||||||
|
|
||||||
__Important note__: SOGo groupware doesn't support MD5 without a prefix, so
|
__Important note__: SOGo groupware doesn't support MD5 without a prefix, so
|
||||||
if you're going to migrate MD5 password hash from old mail server, please
|
if you're going to migrate MD5 password hash from old mail server, please
|
||||||
prepend `{CRYPT}` prefix in password hash.
|
prepend `{CRYPT}` prefix in password hash.
|
||||||
|
|
||||||
* PLAIN-MD5 (unsalted MD5). e.g. `0d2bf3c712402f428d48fed691850bfc`
|
1. PLAIN-MD5 (without a salt). e.g. `0d2bf3c712402f428d48fed691850bfc`
|
||||||
* SSHA. e.g. `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
|
1. Plain text. e.g. `123456`
|
||||||
* SSHA512. e.g. `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
|
|
||||||
* BCRYPT. e.g. `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
|
__WARNING__: MD5, PLAIN-MD5 and plain password are weak, please don't use them.
|
||||||
|
|
||||||
__NOTES__:
|
__NOTES__:
|
||||||
|
|
||||||
* `BCRYPT` is only available on BSD systems, because libc shipped in Linux
|
* `BCRYPT` is only available on BSD systems, because `libc` shipped in Linux
|
||||||
doesn't support bcrypt.
|
doesn't support bcrypt.
|
||||||
|
|
||||||
## Default password schemes used in iRedMail
|
## Default password schemes used in iRedMail
|
||||||
|
|
||||||
* For MySQL and PostgreSQL backends:
|
* For MySQL and PostgreSQL backends:
|
||||||
|
|
||||||
* in iRedMail-0.8.7 and earlier versions: `MD5`
|
|
||||||
* in iRedMail-0.9.0 and later versions: `SSHA512`
|
* in iRedMail-0.9.0 and later versions: `SSHA512`
|
||||||
|
* in iRedMail-0.8.7 and earlier versions: `salted MD5`
|
||||||
|
|
||||||
* For LDAP backend: `SSHA`.
|
* For LDAP backend: `SSHA`.
|
||||||
|
|
||||||
|
@ -53,6 +56,7 @@ __NOTES__:
|
||||||
|
|
||||||
All mail users are stored in SQL table `vmail.mailbox`, user password is stored
|
All mail users are stored in SQL table `vmail.mailbox`, user password is stored
|
||||||
in SQL column `mailbox.password`. For example:
|
in SQL column `mailbox.password`. For example:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
||||||
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
||||||
|
@ -71,7 +75,7 @@ sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' W
|
||||||
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
||||||
```
|
```
|
||||||
|
|
||||||
### For LDAP backends
|
### For OpenLDAP backend
|
||||||
|
|
||||||
User password is stored in attribute `userPassword` of user object.
|
User password is stored in attribute `userPassword` of user object.
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
<title>Allow user to send email without authentication</title>
|
<title>Allow user to send email without smtp authentication</title>
|
||||||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
@ -10,16 +10,18 @@
|
||||||
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
// <a href="./index.html">Document Index</a>
|
// <a href="./index.html">Document Index</a>
|
||||||
</div><h1 id="allow-user-to-send-email-without-authentication">Allow user to send email without authentication</h1>
|
</div><h1 id="allow-user-to-send-email-without-smtp-authentication">Allow user to send email without smtp authentication</h1>
|
||||||
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>:</p>
|
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>, list all
|
||||||
<pre><code>fax-machine-12@mydomain.tld OK
|
users' email addresses which are allowed to send email without smtp
|
||||||
|
authentication. We use user email address <code>user@example.com</code> for example:</p>
|
||||||
|
<pre><code>user@example.com OK
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<p>Use postmap to create hash db file:</p>
|
<p>Create hash db file with <code>postmap</code> command:</p>
|
||||||
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
|
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<p>Modify Postfix to use this text file: <code>/etc/postfix/main.cf</code></p>
|
<p>Modify Postfix config file <code>/etc/postfix/main.cf</code> to use this text file:</p>
|
||||||
<pre><code>smtpd_sender_restrictions =
|
<pre><code>smtpd_sender_restrictions =
|
||||||
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
|
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
|
||||||
[...OTHER RESTRICTIONS HERE...]
|
[...OTHER RESTRICTIONS HERE...]
|
||||||
|
|
|
@ -74,13 +74,13 @@ repository</a>.</p>
|
||||||
<li><a href="completely.disable.amavisd.clamav.spamassassin.html">Completely disable Amavisd + ClamAV + SpamAssassin</a></li>
|
<li><a href="completely.disable.amavisd.clamav.spamassassin.html">Completely disable Amavisd + ClamAV + SpamAssassin</a></li>
|
||||||
<li><a href="enable.smtps.html">Enable SMTPS service (SMTP over SSL, port 465)</a></li>
|
<li><a href="enable.smtps.html">Enable SMTPS service (SMTP over SSL, port 465)</a></li>
|
||||||
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">Disable spam virus scanning for outgoing mails</a></li>
|
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">Disable spam virus scanning for outgoing mails</a></li>
|
||||||
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</a></li>
|
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</a></li>
|
||||||
<li><a href="quarantine.clean.mails.per-user.html">Quarantine clean emails sent from/to certain local user</a></li>
|
<li><a href="quarantine.clean.mails.per-user.html">Quarantine clean emails sent from/to certain local user</a></li>
|
||||||
<li><a href="quarantining.html">Quarantining</a></li>
|
<li><a href="quarantining.html">Quarantining</a></li>
|
||||||
<li><a href="sign.dkim.signature.for.new.domain.html">Sign DKIM signature on outgoing emails for new mail domain</a></li>
|
<li><a href="sign.dkim.signature.for.new.domain.html">Sign DKIM signature on outgoing emails for new mail domain</a></li>
|
||||||
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
|
<li><a href="allow.insecure.pop3.imap.smtp.connections.html">Allow insecure POP3/IMAP/SMTP connections without STARTTLS</a></li>
|
||||||
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
|
<li><a href="allow.member.to.send.email.as.mail.list.html">Allow member to send email as mailing list or mail alias</a></li>
|
||||||
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without authentication</a></li>
|
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without smtp authentication</a></li>
|
||||||
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
|
<li><a href="amavisd.per-recipient.policy.lookup.html">Amavisd: Enable per-recipient policy lookup</a></li>
|
||||||
<li><a href="change.server.hostname.html">Change server hostname</a></li>
|
<li><a href="change.server.hostname.html">Change server hostname</a></li>
|
||||||
<li><a href="concurrent.processing.html">Process more emails concurrently</a></li>
|
<li><a href="concurrent.processing.html">Process more emails concurrently</a></li>
|
||||||
|
|
|
@ -12,11 +12,11 @@
|
||||||
// <a href="./index.html">Document Index</a>
|
// <a href="./index.html">Document Index</a>
|
||||||
</div><h1 id="mailbox-sharing-sharing-imap-folder-with-other-users">Mailbox sharing (Sharing IMAP folder with other users)</h1>
|
</div><h1 id="mailbox-sharing-sharing-imap-folder-with-other-users">Mailbox sharing (Sharing IMAP folder with other users)</h1>
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<p>Since iRedMail-<code>0.7.0</code>, mailbox sharing related settings are configured in
|
|
||||||
Dovecot but not enabled, what you need to do is enabling "acl" plugin as
|
|
||||||
mentioned below.</p>
|
|
||||||
<p>Since iRedMail-<code>0.9.0</code>, mailbox sharing are enabled by default, you don't need
|
<p>Since iRedMail-<code>0.9.0</code>, mailbox sharing are enabled by default, you don't need
|
||||||
to modify any config file.</p>
|
to modify any config file.</p>
|
||||||
|
<p>Since iRedMail-<code>0.7.0</code>, mailbox sharing related settings are configured in
|
||||||
|
Dovecot but not enabled, what you need to do is enabling <code>acl</code> plugin as
|
||||||
|
mentioned below.</p>
|
||||||
<p>Do not mistake "shared folders" for "public folders". For shared folders,
|
<p>Do not mistake "shared folders" for "public folders". For shared folders,
|
||||||
users must select which folder they want to share and with who, using an
|
users must select which folder they want to share and with who, using an
|
||||||
interface, like IMAP command line or the ones available with Roundcube
|
interface, like IMAP command line or the ones available with Roundcube
|
||||||
|
@ -53,9 +53,9 @@ protocol imap {
|
||||||
|
|
||||||
<p>Restarting Dovecot service is required.</p>
|
<p>Restarting Dovecot service is required.</p>
|
||||||
<h2 id="test-shared-folder">Test shared folder</h2>
|
<h2 id="test-shared-folder">Test shared folder</h2>
|
||||||
<p>Example: share from@domain.ltd's <code>Sent</code> folder to user <code>testing@domain.ltd</code>.</p>
|
<p>Example: share <code>from@domain.ltd</code>'s <code>Sent</code> folder to user <code>testing@domain.ltd</code>.</p>
|
||||||
<blockquote>
|
<blockquote>
|
||||||
<p>WARNING: Do not forget the dot before IMAP command.</p>
|
<p>Attention: Do not forget the dot before IMAP command.</p>
|
||||||
</blockquote>
|
</blockquote>
|
||||||
<pre><code># telnet localhost 143 # <- Type this.
|
<pre><code># telnet localhost 143 # <- Type this.
|
||||||
* OK [...] Dovecot ready.
|
* OK [...] Dovecot ready.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
<title>Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</title>
|
<title>Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</title>
|
||||||
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
<link rel="stylesheet" type="text/css" href="./css/markdown.css" />
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
@ -10,13 +10,18 @@
|
||||||
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
// <a href="./index.html">Document Index</a>
|
// <a href="./index.html">Document Index</a>
|
||||||
</div><h1 id="amavisd-spamassassin-not-working-no-mail-header-x-spam-inserted">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</h1>
|
</div><h1 id="amavisd-spamassassin-not-working-no-mail-header-x-spam-inserted">Amavisd + SpamAssassin not working? no mail header (X-Spam-*) inserted</h1>
|
||||||
<p>Amavisd has below setting in its config file <code>/etc/amavisd/amavisd.conf</code> by default:</p>
|
<p>Amavisd has below setting in its config file <code>/etc/amavisd/amavisd.conf</code> by default:</p>
|
||||||
<pre><code>$sa_tag_level_deflt = 2.0;
|
<pre><code>$sa_tag_level_deflt = 2.0;
|
||||||
</code></pre>
|
</code></pre>
|
||||||
<p>That means Amavisd will insert <code>X-Spam-Flag</code> and other <code>X-Spam-*</code> headers when email score >= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:</p>
|
|
||||||
|
<p>That means Amavisd will insert <code>X-Spam-Flag</code> and other <code>X-Spam-*</code> headers when
|
||||||
|
email score >= 2.0. If you want Amavisd always insert these headers, please
|
||||||
|
set it to a low score, for example:</p>
|
||||||
<pre><code>$sa_tag_level_deflt = -999;
|
<pre><code>$sa_tag_level_deflt = -999;
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
|
<p>Restarting Amavisd service is required after changed setting.</p>
|
||||||
<p>Amavisd's main config file is different on different Linux/BSD distributions:</p>
|
<p>Amavisd's main config file is different on different Linux/BSD distributions:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
|
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
|
||||||
|
|
|
@ -13,16 +13,19 @@
|
||||||
</div><h1 id="password-hashes">Password hashes</h1>
|
</div><h1 id="password-hashes">Password hashes</h1>
|
||||||
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
|
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
|
||||||
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
|
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
|
||||||
password schemes supported by Dovecot can be used in iRedMail. Please refer to
|
password schemes supported by Dovecot can be used in Postfix. Please refer to
|
||||||
Dovecot wiki page
|
Dovecot wiki page
|
||||||
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a> for more details.</p>
|
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a>
|
||||||
|
for more details.</p>
|
||||||
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
|
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
|
||||||
<ul>
|
<ol>
|
||||||
<li>Plain text. e.g. <code>123456</code></li>
|
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
|
||||||
|
<li>BCRYPT. e.g. <code>{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe</code></li>
|
||||||
|
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
|
||||||
<li>
|
<li>
|
||||||
<p>MD5 (salted). For example:</p>
|
<p>MD5 (salted). For example:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>(RECOMMENDED) with a prefix: <code>{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
<li>with a prefix: <code>{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
||||||
<li>without a prefix: <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
<li>without a prefix: <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
||||||
</ul>
|
</ul>
|
||||||
<p><strong>Important note</strong>: SOGo groupware doesn't support MD5 without a prefix, so
|
<p><strong>Important note</strong>: SOGo groupware doesn't support MD5 without a prefix, so
|
||||||
|
@ -30,15 +33,14 @@ if you're going to migrate MD5 password hash from old mail server, please
|
||||||
prepend <code>{CRYPT}</code> prefix in password hash.</p>
|
prepend <code>{CRYPT}</code> prefix in password hash.</p>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
<p>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></p>
|
<p>PLAIN-MD5 (without a salt). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></p>
|
||||||
</li>
|
</li>
|
||||||
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
|
<li>Plain text. e.g. <code>123456</code></li>
|
||||||
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
|
</ol>
|
||||||
<li>BCRYPT. e.g. <code>{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe</code></li>
|
<p><strong>WARNING</strong>: MD5, PLAIN-MD5 and plain password are weak, please don't use them.</p>
|
||||||
</ul>
|
|
||||||
<p><strong>NOTES</strong>:</p>
|
<p><strong>NOTES</strong>:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li><code>BCRYPT</code> is only available on BSD systems, because libc shipped in Linux
|
<li><code>BCRYPT</code> is only available on BSD systems, because <code>libc</code> shipped in Linux
|
||||||
doesn't support bcrypt.</li>
|
doesn't support bcrypt.</li>
|
||||||
</ul>
|
</ul>
|
||||||
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
|
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
|
||||||
|
@ -46,8 +48,8 @@ prepend <code>{CRYPT}</code> prefix in password hash.</p>
|
||||||
<li>
|
<li>
|
||||||
<p>For MySQL and PostgreSQL backends:</p>
|
<p>For MySQL and PostgreSQL backends:</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>in iRedMail-0.8.7 and earlier versions: <code>MD5</code></li>
|
|
||||||
<li>in iRedMail-0.9.0 and later versions: <code>SSHA512</code></li>
|
<li>in iRedMail-0.9.0 and later versions: <code>SSHA512</code></li>
|
||||||
|
<li>in iRedMail-0.8.7 and earlier versions: <code>salted MD5</code></li>
|
||||||
</ul>
|
</ul>
|
||||||
</li>
|
</li>
|
||||||
<li>
|
<li>
|
||||||
|
@ -82,7 +84,7 @@ sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJt
|
||||||
<pre><code>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
<pre><code>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<h3 id="for-ldap-backends">For LDAP backends</h3>
|
<h3 id="for-openldap-backend">For OpenLDAP backend</h3>
|
||||||
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
|
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
|
||||||
<ul>
|
<ul>
|
||||||
<li>To store plain password, SSHA, SSHA512 password hash, just store them in
|
<li>To store plain password, SSHA, SSHA512 password hash, just store them in
|
||||||
|
|
|
@ -20,26 +20,16 @@
|
||||||
<p>With MySQL or PostgreSQL backends, you can generate a password hash with
|
<p>With MySQL or PostgreSQL backends, you can generate a password hash with
|
||||||
<code>openssl</code> or <code>doveadm</code> command first, then replace old one with this newly
|
<code>openssl</code> or <code>doveadm</code> command first, then replace old one with this newly
|
||||||
generated one.</p>
|
generated one.</p>
|
||||||
<p>For example:</p>
|
<p>For example: generate a SSHA512 password hash with <code>doveadm</code>:</p>
|
||||||
<ul>
|
|
||||||
<li>Generate a salted MD5 password hash with <code>openssl</code> (plain password is <code>123456</code>
|
|
||||||
in this case):</li>
|
|
||||||
</ul>
|
|
||||||
<pre><code>$ openssl passwd -1 123456
|
|
||||||
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0
|
|
||||||
</code></pre>
|
|
||||||
|
|
||||||
<p>Or, generate password hash with <code>doveadm</code>:</p>
|
|
||||||
<pre><code>$ doveadm pw -s 'ssha512' -p '123456'
|
<pre><code>$ doveadm pw -s 'ssha512' -p '123456'
|
||||||
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li>Reset password for user <code>user@domain.ltd</code> and <code>another-user@domain.ltd</code>:</li>
|
<li>Reset password for user <code>user@domain.ltd</code>:</li>
|
||||||
</ul>
|
</ul>
|
||||||
<pre><code>sql> USE vmail;
|
<pre><code>sql> USE vmail;
|
||||||
sql> UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
|
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
|
||||||
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';
|
|
||||||
</code></pre>
|
</code></pre>
|
||||||
|
|
||||||
<p>With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client
|
<p>With OpenLDAP backend, you can reset it with phpLDAPadmin or other LDAP client
|
||||||
|
|
|
@ -0,0 +1,35 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>允许列表成员以列表邮件地址作为发件人发送邮件</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="_1">允许列表成员以列表邮件地址作为发件人发送邮件</h1>
|
||||||
|
<p>要允许列表成员以列表邮件地址作为发件人发送邮件,请按照以下步骤操作:</p>
|
||||||
|
<ul>
|
||||||
|
<li>在 Postfix 配置文件 <code>/etc/postfix/main.cf</code> 中移除参数 <code>reject_sender_login_mismatch</code>。</li>
|
||||||
|
<li>在 iRedAPD 配置文件 <code>/opt/iredapd/settings.py</code> 中启用插件 <code>reject_sender_login_mismatch</code>。</li>
|
||||||
|
<li>在 iRedAPD 配置文件 <code>/opt/iredapd/settings.py</code> 中添加如下参数,允许列表成员
|
||||||
|
以列表邮件地址作为发件人发送邮件:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>修改后需要重启 Postfix 和 iRedAPD 服务。</li>
|
||||||
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -0,0 +1,40 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>允许用户无需身份验证发送邮件</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="_1">允许用户无需身份验证发送邮件</h1>
|
||||||
|
<p>创建文本文件 <code>/etc/postfix/accepted_unauth_senders</code>,列出无需身份验证就可以
|
||||||
|
发送邮件的用户邮件地址。下面以用户 <code>user@example.com</code> 为例:</p>
|
||||||
|
<pre><code>user@example.com OK
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>使用 <code>postmap</code> 命令建立哈希数据库文件:</p>
|
||||||
|
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>修改 Postfix 配置文件 <code>/etc/postfix/main.cf</code> 以使用该文件:</p>
|
||||||
|
<pre><code>smtpd_sender_restrictions =
|
||||||
|
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
|
||||||
|
[...OTHER RESTRICTIONS HERE...]
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>重启 postfix 服务以使设置生效:</p>
|
||||||
|
<pre><code># /etc/init.d/postfix restart
|
||||||
|
</code></pre><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -0,0 +1,60 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>修改服务器主机名</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="_1">修改服务器主机名</h1>
|
||||||
|
<p>要在安装 iRedMail 后修改服务器的主机名,请将以下文件中的旧主机名改为新主机名:</p>
|
||||||
|
<h2 id="_2">系统配置文件</h2>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p><code>/etc/hosts</code></p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Debian/Ubuntu: <code>/etc/hostname</code></p>
|
||||||
|
</li>
|
||||||
|
<li>Debian/Ubuntu: <code>/etc/mailname</code></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="postfix">Postfix</h2>
|
||||||
|
<ul>
|
||||||
|
<li><code>/var/spool/postfix/etc/hosts</code></li>
|
||||||
|
<li><code>/etc/postfix/main.cf</code> (Linux/OpenBSD) 或者 <code>/usr/local/etc/postfix/main.cf</code> (FreeBSD)</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="awstats">Awstats</h2>
|
||||||
|
<ul>
|
||||||
|
<li><code>/etc/awstats/awstats.web.conf</code></li>
|
||||||
|
<li><code>/etc/awstats/awstats.smtp.conf</code></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="apache">Apache</h2>
|
||||||
|
<ul>
|
||||||
|
<li>RHEL/CentOS: <code>/etc/httpd/conf/httpd.conf</code></li>
|
||||||
|
<li>Debian/Ubuntu: <code>/etc/apache2/apache.conf</code></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="amavisd">Amavisd</h2>
|
||||||
|
<ul>
|
||||||
|
<li>RHEL/CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
|
||||||
|
<li>Debian/Ubuntu: <code>/etc/amavis/conf.d/50-user</code></li>
|
||||||
|
<li>FreeBSD: <code>/usr/local/etc/amavisd.conf</code></li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="sogo">SOGO</h2>
|
||||||
|
<ul>
|
||||||
|
<li><code>/etc/httpd/conf.d/SOGo.conf</code></li>
|
||||||
|
<li><code>/etc/apache2/conf.d/SOGo.conf</code></li>
|
||||||
|
<li><code>/etc/apache2/conf-available/SOGo.conf</code></li>
|
||||||
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -8,11 +8,21 @@
|
||||||
|
|
||||||
<div id="navigation">
|
<div id="navigation">
|
||||||
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
</div><h3 id="how-to">How to</h3>
|
</div><ul>
|
||||||
|
<li><a href="password.hashes.html">密码</a></li>
|
||||||
|
</ul>
|
||||||
|
<h3 id="how-to">How to</h3>
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="change.mail.attachment.size.html">修改邮件附件大小</a></li>
|
<li><a href="change.mail.attachment.size.html">修改邮件附件大小</a></li>
|
||||||
|
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">禁用发件的垃圾邮件、病毒扫描功能</a></li>
|
||||||
|
<li><a href="no.x-spam.headers.html">Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入</a></li>
|
||||||
|
<li><a href="allow.member.to.send.email.as.mail.list.html">允许列表成员以列表邮件地址作为发件人发送邮件</a></li>
|
||||||
|
<li><a href="allow.user.to.send.email.without.authentication.html">允许用户无需身份验证发送邮件</a></li>
|
||||||
|
<li><a href="change.server.hostname.html">修改服务器主机名</a></li>
|
||||||
<li><a href="disable.greylisting.html">禁用 Clubbringer 提供的灰名单服务</a></li>
|
<li><a href="disable.greylisting.html">禁用 Clubbringer 提供的灰名单服务</a></li>
|
||||||
<li><a href="ignore.trash.folder.in.quota.html">在邮箱配额中忽略垃圾箱目录</a></li>
|
<li><a href="ignore.trash.folder.in.quota.html">在邮箱配额中忽略垃圾箱目录</a></li>
|
||||||
|
<li><a href="mailbox.sharing.html">共享邮箱(将 IMAP 目录共享给其他用户)</a></li>
|
||||||
|
<li><a href="reset.user.password.html">重置用户密码</a></li>
|
||||||
<li><a href="use.a.bought.ssl.certificate.html">使用购买的 SSL 证书</a></li>
|
<li><a href="use.a.bought.ssl.certificate.html">使用购买的 SSL 证书</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<h3 id="_1">排错与调试</h3>
|
<h3 id="_1">排错与调试</h3>
|
||||||
|
|
|
@ -0,0 +1,116 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>共享邮箱(将 IMAP 目录共享给其他用户)</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="imap">共享邮箱(将 IMAP 目录共享给其他用户)</h1>
|
||||||
|
<blockquote>
|
||||||
|
<p>自 iRedMail-<code>0.9.0</code>版起,共享邮箱功能默认开户,用户不需要任何额外的配置。</p>
|
||||||
|
<p>自 iRedMail-<code>0.7.0</code> 版起,Dovecot 已包含共享邮箱的相关设置,但没有启用。
|
||||||
|
只需要按照以下文档中启用 <code>acl</code> 插件的步骤即可启用该功能。</p>
|
||||||
|
<p>请勿将<code>共享目录</code>误理解为<code>公共目录</code>的概念混淆。对于共享目录而言,用户必须
|
||||||
|
选择一个要共享的目录并指定共享给谁。</p>
|
||||||
|
</blockquote>
|
||||||
|
<h2 id="_1">共享邮箱</h2>
|
||||||
|
<p>要开启邮箱共享功能,请确保 <code>acl</code> 插件已在Dovecot 的配置文件
|
||||||
|
<code>/etc/dovecot/dovecot.conf</code> 里启用。以下是配置示例:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Dovecot-1.2 版:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># Part of file: /etc/dovecot/dovecot.conf
|
||||||
|
|
||||||
|
protocol lda {
|
||||||
|
mail_plugins = ... acl
|
||||||
|
}
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
mail_plugins = ... acl imap_acl
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>Dovecot-2.x 版:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># Part of file: /etc/dovecot/dovecot.conf
|
||||||
|
|
||||||
|
mail_plugins = ... acl
|
||||||
|
|
||||||
|
protocol imap {
|
||||||
|
mail_plugins = ... imap_acl
|
||||||
|
}
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>修改后需重启 Dovecot 服务,以使配置生效。</p>
|
||||||
|
<h2 id="_2">测试共享目录</h2>
|
||||||
|
<p>示例:将用户 <code>from@domain.ltd</code> 的 <code>Sent</code> 目录共享给用户 <code>testing@domain.ltd</code> 。</p>
|
||||||
|
<blockquote>
|
||||||
|
<p>注意:不要遗漏 IMAP 命令前面的点 <code>.</code> 号。</p>
|
||||||
|
</blockquote>
|
||||||
|
<pre><code># telnet localhost 143 # <- 输入此命令
|
||||||
|
* OK [...] Dovecot ready.
|
||||||
|
|
||||||
|
. login from@domain.ltd passwd # <- 输入此命令
|
||||||
|
# 使用完整邮件地址和密码登陆
|
||||||
|
. OK [... ACL ..] Logged in
|
||||||
|
|
||||||
|
. SETACL Sent testing@domain.ltd rli # <- 输入此命令
|
||||||
|
# 将 Sent 目录共享给 testing@domain.ltd,
|
||||||
|
# 具体权限为:读(r, read),查询(l, lookup),插入新邮件(i, insert)。
|
||||||
|
. OK Setacl complete.
|
||||||
|
|
||||||
|
^] # <- 按 `Ctrl + ]` 组合键退出 telnet 程序。
|
||||||
|
telnet> quit
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>以用户 <code>testing@domain.ltd</code> 身份登录 Roundcube 或 SOGo webmail,即可看到共享的目录。</p>
|
||||||
|
<p>额外信息:</p>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>使用 <code>SETACL</code> 命令共享目录后, Dovecot 会在 MySQL 数据库中插入一条记录。</p>
|
||||||
|
<ul>
|
||||||
|
<li>对于采用 OpenLDAP 后端的用户,此记录保存在 SQL 表 <code>iredadmin.share_folder</code> 中。</li>
|
||||||
|
<li>对于采用 MySQL/MariaDB/PostgreSQL 后端的用户,此记录保存在 <code>vmail.share_folder</code> 中。</li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code># mysql -uroot -p
|
||||||
|
mysql> USE vmail;
|
||||||
|
mysql> SELECT * FROM share_folder;
|
||||||
|
+-----------------+--------------------+-------+
|
||||||
|
| from_user | to_user | dummy |
|
||||||
|
+-----------------+--------------------+-------+
|
||||||
|
| from@domain.ltd | testing@domain.ltd | 1 |
|
||||||
|
+-----------------+--------------------+-------+
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="_3">参考资料</h2>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>Dovecot wiki:</p>
|
||||||
|
<ul>
|
||||||
|
<li><a href="http://wiki2.dovecot.org/SharedMailboxes/Shared">共享邮箱 (v2.0+)</a></li>
|
||||||
|
<li><a href="http://wiki.dovecot.org/SharedMailboxes/Shared">共享邮箱 (v1.2+)</a></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>Roundcubemail 有官方插件 <code>acl</code> 用来管理邮箱共享。</p>
|
||||||
|
</li>
|
||||||
|
<li>SOGo 邮箱组件默认支持邮箱共享:右击 IMAP 文件夹,选择 <code>Sharing</code> 。</li>
|
||||||
|
<li>Thunderbird 客户端可以使用 <a href="https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/">Imap-ACL-Extension 插件</a>管理共享邮箱</li>
|
||||||
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -0,0 +1,39 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="amavisd-spamassassin-x-spam-">Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入</h1>
|
||||||
|
<p>在 Amavisd 的配置文件 <code>/etc/amavisd/amavisd.conf</code> 中有如下默认设置:</p>
|
||||||
|
<pre><code>$sa_tag_level_deflt = 2.0;
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>该设置表示 Amavisd 在邮件评分 >= 2.0 时会在邮件头(mail header)里插入
|
||||||
|
<code>X-Spam-Flag</code> 及其它的 <code>X-Spam-*</code> 信息。要让 Amavisd 总是插入 <code>X-Spam-*</code> 邮件头,
|
||||||
|
将上面的参数设成一个更低的值即可。例如:</p>
|
||||||
|
<pre><code>$sa_tag_level_deflt = -999;
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>修改后需要重启 Amavisd 服务。</p>
|
||||||
|
<p>Amavisd 的主配置文件在不同的 Linux/BSD 系统上路径不同:</p>
|
||||||
|
<ul>
|
||||||
|
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
|
||||||
|
<li>Debian, Ubuntu: <code>/etc/amavis/conf.d/50-user</code> (其它配置文件均在 <code>/etc/amavs/conf.d/</code> 目录下)</li>
|
||||||
|
<li>FreeBSD: <code>/usr/local/etc/amavisd/amavisd.conf</code></li>
|
||||||
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -0,0 +1,113 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>密码</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="_1">密码</h1>
|
||||||
|
<h2 id="iredmail">iRedMail 支持的密码</h2>
|
||||||
|
<p>在 iRedMail 中,Doevcot 被配置为 Postfix 的 SASL 认证服务器,因此,Dovecot 支持
|
||||||
|
的所有密码格式都可以在 Postfix (SMTP 服务)中使用。 查看 Dovecot 的 wiki 页面
|
||||||
|
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes">Password Schemes</a>
|
||||||
|
获取更多信息。</p>
|
||||||
|
<p>iRedAdmin-Pro 支持以下密码格式,因此你可以使用给用户使用下列任意一种。</p>
|
||||||
|
<ol>
|
||||||
|
<li>SSHA512,例如: <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
|
||||||
|
<li>BCRYPT,例如: <code>{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe</code></li>
|
||||||
|
<li>SSHA,例如: <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
|
||||||
|
<li>
|
||||||
|
<p>MD5(salted)。例如:</p>
|
||||||
|
<ul>
|
||||||
|
<li>带有前缀:<code>{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
||||||
|
<li>不带前缀:<code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
|
||||||
|
</ul>
|
||||||
|
<p><strong>重要提示</strong>: SOGo 不支持不带前缀的 MD5 密码,因此,当你打算从旧邮件服务器
|
||||||
|
上迁移密码数据时,请预先加上 <code>{CRYPT}</code> 前缀。</p>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>PLAIN-MD5 (不带 salt),例如:<code>0d2bf3c712402f428d48fed691850bfc</code></p>
|
||||||
|
</li>
|
||||||
|
<li>明文密码。例如: <code>123456</code></li>
|
||||||
|
</ol>
|
||||||
|
<p><strong>警告</strong>:MD5, PLAIN-MD5 和明文密码都不安全,请尽可能不要使用它们。</p>
|
||||||
|
<p><strong>注意</strong>:</p>
|
||||||
|
<ul>
|
||||||
|
<li><code>BCRYPT</code> 目前仅在 BSD 平台上有效,因为 Linux 系统带的 <code>libc</code> 函数库不支持 bcrypt。</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="iredmail_1">iRedMail 中默认使用的密码</h2>
|
||||||
|
<ul>
|
||||||
|
<li>
|
||||||
|
<p>对于采用 MySQL 和 PostgreSQL 后端而言:</p>
|
||||||
|
<ul>
|
||||||
|
<li>iRedMail-0.9.0 及后续新版本:<code>SSHA512</code></li>
|
||||||
|
<li>iRedMail-0.8.7 及更早版本:<code>MD5</code></li>
|
||||||
|
</ul>
|
||||||
|
</li>
|
||||||
|
<li>
|
||||||
|
<p>LDAP 后端:<code>SSHA</code>.</p>
|
||||||
|
<p>OpenLDAP 内建的密码验证不支持直接验证 SHA-2 格式密码,因此,如果你有第三方
|
||||||
|
程序需要使用 OpenLDAP 内建的密码验证机制,建议使用 <code>SSHA</code>。</p>
|
||||||
|
<p>如果你没有这方面的顾虑,可以使用 <code>SSHA512/BCRYPT</code> 来保存用户密码,同时
|
||||||
|
在 <code>/etc/dovecot/dovecot.conf</code> 里设置 <code>ldap_bind = no</code>。SMTP/IMAP/POP3
|
||||||
|
服务都能正常工作,但是,Apache 的基础认证(basic auth)则不行。</p>
|
||||||
|
</li>
|
||||||
|
</ul>
|
||||||
|
<h2 id="iredmail_2">如何在 iRedMail 中使用不同的哈希密码</h2>
|
||||||
|
<h3 id="mysql-postgresql">对于采用 MySQL 和 PostgreSQL 后端的用户</h3>
|
||||||
|
<p>所有的邮箱用户账户存放于 SQL 表 <code>vmail.mailbox</code> 中,用户密码则存放于
|
||||||
|
<code>mailbox.password</code> 字段中。例如:</p>
|
||||||
|
<pre><code>sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
||||||
|
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
||||||
|
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>要保存 PLAIN-MD5 ,需要加上 <code>{PLAIN-MD5}</code> 前缀:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>要保存明文密码,需要加上 <code>{PLAIN}</code> 前缀:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h3 id="openldap">对于采用 OpenLDAP 后端的用户</h3>
|
||||||
|
<p>用户密码存储于用户的 <code>userPassword</code> 属性中。</p>
|
||||||
|
<ul>
|
||||||
|
<li>要保存明文密码,SSHA,SSHA512 哈希密码,只需要直接按原有格式保存即可。例如:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>userPassword: 123456
|
||||||
|
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
|
||||||
|
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs...
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>要保存标准的 MD5 哈希值密码(salted MD5 hash),请在密码前加上 <code>{CRYPT}</code>
|
||||||
|
前缀(不区分大小写)。例如:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p><strong>重要提示</strong> :If you want to input password hash with phpLDAPadmin,
|
||||||
|
please choose <code>clear</code> in the password hash list, then input password hash.</p>
|
||||||
|
<h2 id="_2">参考资料</h2>
|
||||||
|
<ul>
|
||||||
|
<li><a href="./reset.user.password.html">重置用户密码</a></li>
|
||||||
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -0,0 +1,55 @@
|
||||||
|
<html>
|
||||||
|
<head>
|
||||||
|
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
|
||||||
|
<title>重置用户密码</title>
|
||||||
|
<link rel="stylesheet" type="text/css" href="../css/markdown.css" />
|
||||||
|
</head>
|
||||||
|
<body>
|
||||||
|
|
||||||
|
<div id="navigation">
|
||||||
|
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
|
||||||
|
|
||||||
|
// <a href="./index.html">Document Index</a>
|
||||||
|
</div><h1 id="_1">重置用户密码</h1>
|
||||||
|
<blockquote>
|
||||||
|
<ul>
|
||||||
|
<li>SQL 版本推荐使用 SSHA512 密码。没有特殊情况请不要使用 MD5 密码。</li>
|
||||||
|
<li>BSD 系统的 SQL 后端推荐使用 BCRYPT 密码。</li>
|
||||||
|
</ul>
|
||||||
|
</blockquote>
|
||||||
|
<p>对于 MySQL 或者 PostgreSQL 后端,可以使用 <code>openssl</code> 或 <code>doveadm</code> 命令来生成
|
||||||
|
密码,然后用它替换掉旧密码。</p>
|
||||||
|
<p>例如:使用 <code>doveadm</code> 命令生成一个 SSHA512 密码:</p>
|
||||||
|
<pre><code>$ doveadm pw -s 'ssha512' -p '123456'
|
||||||
|
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<ul>
|
||||||
|
<li>为用户 <code>user@domain.ltd</code> 重置密码:</li>
|
||||||
|
</ul>
|
||||||
|
<pre><code>sql> USE vmail;
|
||||||
|
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<p>OpenLDAP 后端用户可以使用 phpLDAPadmin 或其它 LDAP 客户端工具。如果有其它
|
||||||
|
程序需要通过 LDAP 做验证,建议使用 <code>SSHA</code> 密码以保证通用性,不是所有程序都支持
|
||||||
|
SSHA512。</p>
|
||||||
|
<p>作为一种临时方案,可以重置为明文密码,然后立即登录 Roundcube webmail 或
|
||||||
|
启用了自助服务 (self-service) 功能的 iRedAdmin-Pro 修改密码。
|
||||||
|
例如:</p>
|
||||||
|
<pre><code>sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
|
||||||
|
</code></pre>
|
||||||
|
|
||||||
|
<h2 id="_2">参考资料</h2>
|
||||||
|
<ul>
|
||||||
|
<li><a href="./password.hashes.html">iRedMail 支持的哈希密码</a></li>
|
||||||
|
</ul><p style="text-align: center; color: grey;">Document published under a <a href="http://creativecommons.org/licenses/by-nd/3.0/us/" target="_blank">CC BY-ND 3.0</a> license. If you found something wrong, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.<script>
|
||||||
|
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
|
||||||
|
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
|
||||||
|
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
|
||||||
|
})(window,document,'script','//www.google-analytics.com/analytics.js','ga');
|
||||||
|
|
||||||
|
ga('create', 'UA-3293801-21', 'auto');
|
||||||
|
ga('send', 'pageview');
|
||||||
|
</script>
|
||||||
|
</body></html>
|
|
@ -1,15 +1,23 @@
|
||||||
# Amavisd + SpamAssassin 失效,邮件头无 (X-Spam-*) 信息插入
|
# Amavisd + SpamAssassin 无效,邮件头无 X-Spam-* 信息插入
|
||||||
|
|
||||||
在 Amavisd 的配置文件 `/etc/amavisd/amavisd.conf` 中有如下默认设置:
|
在 Amavisd 的配置文件 `/etc/amavisd/amavisd.conf` 中有如下默认设置:
|
||||||
|
|
||||||
$sa_tag_level_deflt = 2.0;
|
```
|
||||||
|
$sa_tag_level_deflt = 2.0;
|
||||||
|
```
|
||||||
|
|
||||||
即 Amavisd 将在邮件评分 >= 2.0 时在邮件头插入 `X-Spam-Flag` 及其他的 `X-Spam-*` 信息。假如想让 Amavisd 总是在邮件头插入前述信息,将参数评分设成一个更低的值即可,例如:
|
该设置表示 Amavisd 在邮件评分 >= 2.0 时会在邮件头(mail header)里插入
|
||||||
|
`X-Spam-Flag` 及其它的 `X-Spam-*` 信息。要让 Amavisd 总是插入 `X-Spam-*` 邮件头,
|
||||||
|
将上面的参数设成一个更低的值即可。例如:
|
||||||
|
|
||||||
$sa_tag_level_deflt = -999;
|
```
|
||||||
|
$sa_tag_level_deflt = -999;
|
||||||
|
```
|
||||||
|
|
||||||
Amavisd 的主配置文件在不同版本的 Linux/BSD 系统上分布路径如下:
|
修改后需要重启 Amavisd 服务。
|
||||||
|
|
||||||
|
Amavisd 的主配置文件在不同的 Linux/BSD 系统上路径不同:
|
||||||
|
|
||||||
* Red Hat, CentOS, OpenBSD: `/etc/amavisd/amavisd.conf`
|
* Red Hat, CentOS, OpenBSD: `/etc/amavisd/amavisd.conf`
|
||||||
* Debian, Ubuntu: `/etc/amavis/conf.d/50-user` (and other config files under `/etc/amavs/conf.d/`)
|
* Debian, Ubuntu: `/etc/amavis/conf.d/50-user` (其它配置文件均在 `/etc/amavs/conf.d/` 目录下)
|
||||||
* FreeBSD: `/usr/local/etc/amavisd/amavisd.conf`
|
* FreeBSD: `/usr/local/etc/amavisd/amavisd.conf`
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
# Allow member to send email as mailing list or mail alias
|
# 允许列表成员以列表邮件地址作为发件人发送邮件
|
||||||
|
|
||||||
To allow member of mailing list (or mail alias) account to send email as this
|
要允许列表成员以列表邮件地址作为发件人发送邮件,请按照以下步骤操作:
|
||||||
mailing list (or mail alias), please follw steps below:
|
|
||||||
|
|
||||||
* 将参数 `reject_sender_login_mismatch` 从 Postfix 配置文件 `/etc/postfix/main.cf` 中移除。
|
* 在 Postfix 配置文件 `/etc/postfix/main.cf` 中移除参数 `reject_sender_login_mismatch`。
|
||||||
* 更改 iRedAPD 配置文件 `/opt/iredapd/settings.py` 中的参数 `reject_sender_login_mismatch` ,以启用 iRedAPD 插件。
|
* 在 iRedAPD 配置文件 `/opt/iredapd/settings.py` 中启用插件 `reject_sender_login_mismatch`。
|
||||||
* 在配置文件 `/opt/iredapd/settings.py` 中添加如下参数,允许成员按发件列表或者邮件别名来发送邮件:
|
* 在 iRedAPD 配置文件 `/opt/iredapd/settings.py` 中添加如下参数,允许列表成员
|
||||||
|
以列表邮件地址作为发件人发送邮件:
|
||||||
|
|
||||||
```
|
```
|
||||||
ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
|
ALLOWED_LOGIN_MISMATCH_LIST_MEMBER = True
|
||||||
```
|
```
|
||||||
|
|
||||||
* 之后重启 Postfix 和 iRedAPD 服务器。
|
* 修改后需要重启 Postfix 和 iRedAPD 服务。
|
||||||
|
|
|
@ -1,18 +1,19 @@
|
||||||
# 允许用户无需身份验证发送邮件
|
# 允许用户无需身份验证发送邮件
|
||||||
|
|
||||||
创建一个文本文件 `/etc/postfix/accepted_unauth_senders` :
|
创建文本文件 `/etc/postfix/accepted_unauth_senders`,列出无需身份验证就可以
|
||||||
|
发送邮件的用户邮件地址。下面以用户 `user@example.com` 为例:
|
||||||
|
|
||||||
```
|
```
|
||||||
fax-machine-12@mydomain.tld OK
|
user@example.com OK
|
||||||
```
|
```
|
||||||
|
|
||||||
使用 postmap 命令建立一个哈希库文件:
|
使用 `postmap` 命令建立哈希数据库文件:
|
||||||
|
|
||||||
```
|
```
|
||||||
# postmap hash:/etc/postfix/accepted_unauth_senders
|
# postmap hash:/etc/postfix/accepted_unauth_senders
|
||||||
```
|
```
|
||||||
|
|
||||||
修改 Postfix 服务调用此文件: `/etc/postfix/main.cf`
|
修改 Postfix 配置文件 `/etc/postfix/main.cf` 以使用该文件:
|
||||||
|
|
||||||
```
|
```
|
||||||
smtpd_sender_restrictions =
|
smtpd_sender_restrictions =
|
||||||
|
@ -20,7 +21,7 @@ smtpd_sender_restrictions =
|
||||||
[...OTHER RESTRICTIONS HERE...]
|
[...OTHER RESTRICTIONS HERE...]
|
||||||
```
|
```
|
||||||
|
|
||||||
重启/重新装载 postfix 服务,以使设置生效:
|
重启 postfix 服务以使设置生效:
|
||||||
|
|
||||||
```
|
```
|
||||||
# /etc/init.d/postfix restart
|
# /etc/init.d/postfix restart
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# 更改邮件服务器主机名
|
# 修改服务器主机名
|
||||||
|
|
||||||
要在 iRedMail 被安装后更改服务器的主机名,要将以下文件中的主机名更改为新主机名:
|
要在安装 iRedMail 后修改服务器的主机名,请将以下文件中的旧主机名改为新主机名:
|
||||||
|
|
||||||
## 系统配置文件
|
## 系统配置文件
|
||||||
|
|
||||||
|
@ -35,4 +35,3 @@
|
||||||
* `/etc/httpd/conf.d/SOGo.conf`
|
* `/etc/httpd/conf.d/SOGo.conf`
|
||||||
* `/etc/apache2/conf.d/SOGo.conf`
|
* `/etc/apache2/conf.d/SOGo.conf`
|
||||||
* `/etc/apache2/conf-available/SOGo.conf`
|
* `/etc/apache2/conf-available/SOGo.conf`
|
||||||
|
|
||||||
|
|
|
@ -1,20 +1,20 @@
|
||||||
# 共享邮箱(和其他用户共享 IMAP 目录)
|
# 共享邮箱(将 IMAP 目录共享给其他用户)
|
||||||
|
|
||||||
> 自 iRedMail-`0.7.0` 版起,共享邮箱的相关设置被配置于 Dovecot 中,但是没有启用。
|
|
||||||
> 以下是开启此 "acl" 插件功能的方法。
|
|
||||||
|
|
||||||
> 自 iRedMail-`0.9.0`版起,共享邮箱功能默认开户,用户不需要任何额外的配置。
|
> 自 iRedMail-`0.9.0`版起,共享邮箱功能默认开户,用户不需要任何额外的配置。
|
||||||
|
|
||||||
> 请勿将“共享目录”和“公共目录”的概念混淆。对于共享目录而言,用户必须选择一个要共享的目录并指定共享给谁。Do not mistake "shared folders" for "public folders". For shared folders,
|
> 自 iRedMail-`0.7.0` 版起,Dovecot 已包含共享邮箱的相关设置,但没有启用。
|
||||||
> users must select which folder they want to share and with who, using an
|
> 只需要按照以下文档中启用 `acl` 插件的步骤即可启用该功能。
|
||||||
> interface, like IMAP command line or the ones available with Roundcube
|
|
||||||
> webmail or SOGo and SOGo connectors.
|
|
||||||
|
|
||||||
## 开户邮箱共享
|
> 请勿将`共享目录`误理解为`公共目录`的概念混淆。对于共享目录而言,用户必须
|
||||||
|
> 选择一个要共享的目录并指定共享给谁。
|
||||||
|
|
||||||
要开启邮箱共享功能,请确保 Dovecot 中位于 `/etc/dovecot/dovecot.conf` 路径的配置文件中的 `acl` 插件参数为启用状态,如下所示:
|
## 共享邮箱
|
||||||
|
|
||||||
|
要开启邮箱共享功能,请确保 `acl` 插件已在Dovecot 的配置文件
|
||||||
|
`/etc/dovecot/dovecot.conf` 里启用。以下是配置示例:
|
||||||
|
|
||||||
* Dovecot-1.2 版:
|
* Dovecot-1.2 版:
|
||||||
|
|
||||||
```
|
```
|
||||||
# Part of file: /etc/dovecot/dovecot.conf
|
# Part of file: /etc/dovecot/dovecot.conf
|
||||||
|
|
||||||
|
@ -28,6 +28,7 @@ protocol imap {
|
||||||
```
|
```
|
||||||
|
|
||||||
* Dovecot-2.x 版:
|
* Dovecot-2.x 版:
|
||||||
|
|
||||||
```
|
```
|
||||||
# Part of file: /etc/dovecot/dovecot.conf
|
# Part of file: /etc/dovecot/dovecot.conf
|
||||||
|
|
||||||
|
@ -42,34 +43,34 @@ protocol imap {
|
||||||
|
|
||||||
## 测试共享目录
|
## 测试共享目录
|
||||||
|
|
||||||
例如:将用户 share from@domain.ltd 的 `Sent` 目录共享给用户 `testing@domain.ltd` 。
|
示例:将用户 `from@domain.ltd` 的 `Sent` 目录共享给用户 `testing@domain.ltd` 。
|
||||||
|
|
||||||
> 警告:不要遗漏 IMAP 命令前面的点 `.` 号。
|
> 注意:不要遗漏 IMAP 命令前面的点 `.` 号。
|
||||||
|
|
||||||
```
|
```
|
||||||
# telnet localhost 143 # <- Type this.
|
# telnet localhost 143 # <- 输入此命令
|
||||||
* OK [...] Dovecot ready.
|
* OK [...] Dovecot ready.
|
||||||
|
|
||||||
. login from@domain.ltd passwd # <- Type this.
|
. login from@domain.ltd passwd # <- 输入此命令
|
||||||
# Login with full email address and password
|
# 使用完整邮件地址和密码登陆
|
||||||
. OK [... ACL ..] Logged in
|
. OK [... ACL ..] Logged in
|
||||||
|
|
||||||
. SETACL Sent testing@domain.ltd rli # <- Type this.
|
. SETACL Sent testing@domain.ltd rli # <- 输入此命令
|
||||||
# Share folder `Sent` with user testing@domain.ltd,
|
# 将 Sent 目录共享给 testing@domain.ltd,
|
||||||
# with permissions: read (r), lookup (l) and insert (i).
|
# 具体权限为:读(r, read),查询(l, lookup),插入新邮件(i, insert)。
|
||||||
. OK Setacl complete.
|
. OK Setacl complete.
|
||||||
|
|
||||||
^] # <- Press `Ctrl + ]` to exit telnet.
|
^] # <- 按 `Ctrl + ]` 组合键退出 telnet 程序。
|
||||||
telnet> quit
|
telnet> quit
|
||||||
```
|
```
|
||||||
|
|
||||||
以用户 `testing@domain.ltd` 身份登录 Roundcube 网页邮箱或 SOGo 网页邮箱,即可看到共享的目录。
|
以用户 `testing@domain.ltd` 身份登录 Roundcube 或 SOGo webmail,即可看到共享的目录。
|
||||||
|
|
||||||
额外信息:
|
额外信息:
|
||||||
|
|
||||||
* 使用 `SETACL` 命令共享目录后, Dovecot 会在 MySQL 数据库中插入一条记录。
|
* 使用 `SETACL` 命令共享目录后, Dovecot 会在 MySQL 数据库中插入一条记录。
|
||||||
|
|
||||||
* 对于采用 OpenLDAP 后端的用户,此记录保存在 `iredadmin.share_folder` 中。
|
* 对于采用 OpenLDAP 后端的用户,此记录保存在 SQL 表 `iredadmin.share_folder` 中。
|
||||||
* 对于采用 MySQL/MariaDB/PostgreSQL 后端的用户,此记录保存在 `vmail.share_folder` 中。
|
* 对于采用 MySQL/MariaDB/PostgreSQL 后端的用户,此记录保存在 `vmail.share_folder` 中。
|
||||||
|
|
||||||
```
|
```
|
||||||
|
@ -85,11 +86,11 @@ mysql> SELECT * FROM share_folder;
|
||||||
|
|
||||||
## 参考资料
|
## 参考资料
|
||||||
|
|
||||||
* Dovecot wiki百科:
|
* Dovecot wiki:
|
||||||
|
|
||||||
* [用户间共享邮箱 (v2.0+)](http://wiki2.dovecot.org/SharedMailboxes/Shared)
|
* [共享邮箱 (v2.0+)](http://wiki2.dovecot.org/SharedMailboxes/Shared)
|
||||||
* [用户间共享邮箱 (v1.2+)](http://wiki.dovecot.org/SharedMailboxes/Shared)
|
* [共享邮箱 (v1.2+)](http://wiki.dovecot.org/SharedMailboxes/Shared)
|
||||||
|
|
||||||
* Roundcubemail 有官方插件 `acl` 用来管理邮箱共享。
|
* Roundcubemail 有官方插件 `acl` 用来管理邮箱共享。
|
||||||
* SOGo 邮箱组件默认支持邮箱共享:右击 IMAP 文件夹,选择 `Sharing` 。
|
* SOGo 邮箱组件默认支持邮箱共享:右击 IMAP 文件夹,选择 `Sharing` 。
|
||||||
* [Imap-ACL-Extension for Thunderbird](https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/), manage acls/permissions for shared mailboxes/folders on imap servers.
|
* Thunderbird 客户端可以使用 [Imap-ACL-Extension 插件](https://addons.mozilla.org/en-US/thunderbird/addon/imap-acl-extension/)管理共享邮箱
|
||||||
|
|
|
@ -1,44 +1,37 @@
|
||||||
# 重置用户密码
|
# 重置用户密码
|
||||||
|
|
||||||
> * SQL 后台推荐使用 SSHA512 编译的密码,没有特别的原因不要使用 MD5 值作为密码。
|
> * SQL 版本推荐使用 SSHA512 密码。没有特殊情况请不要使用 MD5 密码。
|
||||||
> * BSD 系统的 SQL 后端推荐使用 BCRYPT 编译密码。
|
> * BSD 系统的 SQL 后端推荐使用 BCRYPT 密码。
|
||||||
|
|
||||||
对于 MySQL 或者 PostgreSQL 后端,可以使用 `openssl` 或 `doveadm` 命令来生成一个密码哈希值,然后用它来替换旧的密码。
|
对于 MySQL 或者 PostgreSQL 后端,可以使用 `openssl` 或 `doveadm` 命令来生成
|
||||||
|
密码,然后用它替换掉旧密码。
|
||||||
|
|
||||||
例如:
|
例如:使用 `doveadm` 命令生成一个 SSHA512 密码:
|
||||||
|
|
||||||
* 用 `openssl` 生成一个 MD5 哈希密码(本例中使用一个非常简单的密码 `123456` ) :
|
|
||||||
|
|
||||||
```
|
|
||||||
$ openssl passwd -1 123456
|
|
||||||
$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0
|
|
||||||
```
|
|
||||||
|
|
||||||
或者,使用 `doveadm` 命令来生成:
|
|
||||||
|
|
||||||
```
|
```
|
||||||
$ doveadm pw -s 'ssha512' -p '123456'
|
$ doveadm pw -s 'ssha512' -p '123456'
|
||||||
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=
|
||||||
```
|
```
|
||||||
|
|
||||||
* 为用户 `user@domain.ltd` 和 `another-user@domain.ltd` 重置密码:
|
* 为用户 `user@domain.ltd` 重置密码:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> USE vmail;
|
sql> USE vmail;
|
||||||
sql> UPDATE mailbox SET password='$1$2dQ48hyz$.mCLeDSdPkP3fxVmARsB.0' WHERE username='user@domain.ltd';
|
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY9foj6UlUVfZ2O2SNkEExU3n42YJLXDbLnu3ghnIRBkwDMsM31q7OI0jY5B/5E=' WHERE username='user@domain.ltd';
|
||||||
sql> UPDATE mailbox SET password='{SSHA512}jOcGSlKEz95VeuLGecbL0MwJKy0yWY...' WHERE username='another-user@domain.ltd';
|
|
||||||
```
|
```
|
||||||
|
|
||||||
OpenLDAP 后端用户可以使用 phpLDAPadmin 重置密码,或者使用其他的 LDAP 客户端工具。 `SSHA` is preferred if you have other applications to authenticate
|
OpenLDAP 后端用户可以使用 phpLDAPadmin 或其它 LDAP 客户端工具。如果有其它
|
||||||
users against OpenLDAP.
|
程序需要通过 LDAP 做验证,建议使用 `SSHA` 密码以保证通用性,不是所有程序都支持
|
||||||
|
SSHA512。
|
||||||
|
|
||||||
使用一组简单的临时密码用来登录 Roundcube 网页邮箱或者 iRedMail-Pro(已启用自助服务功能)后台是没有问题的,但登录后应立即更改密码。
|
作为一种临时方案,可以重置为明文密码,然后立即登录 Roundcube webmail 或
|
||||||
|
启用了自助服务 (self-service) 功能的 iRedAdmin-Pro 修改密码。
|
||||||
例如:
|
例如:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
|
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='user@domain.ltd';
|
||||||
```
|
```
|
||||||
|
|
||||||
## 另请参阅
|
## 参考资料
|
||||||
|
|
||||||
* [iRedMail 使用/支持的哈希密码](./password.hashes.html)
|
* [iRedMail 支持的哈希密码](./password.hashes.html)
|
||||||
|
|
|
@ -1,68 +1,80 @@
|
||||||
# 哈希密码
|
# 密码
|
||||||
|
|
||||||
## iRedMail 使用/支持的哈希密码
|
## iRedMail 支持的密码
|
||||||
|
|
||||||
在 iRedMail 中, Doevcot 被配置为 Postfix 的 SASL(简单认证与安全层)认证服务器,因此,所有被 Dovecot 支持的密码设定都可以在 iRedMail 中使用。 请参考 Dovecot 的 Wiki 页面:[`Password Schemes`](http://wiki2.dovecot.org/Authentication/PasswordSchemes) ,以获取更多的信息。
|
在 iRedMail 中,Doevcot 被配置为 Postfix 的 SASL 认证服务器,因此,Dovecot 支持
|
||||||
|
的所有密码格式都可以在 Postfix (SMTP 服务)中使用。 查看 Dovecot 的 wiki 页面
|
||||||
|
[Password Schemes](http://wiki2.dovecot.org/Authentication/PasswordSchemes)
|
||||||
|
获取更多信息。
|
||||||
|
|
||||||
下列密码设定均可在 iRedMail-Pro 中使用(就是说可以采用其中任意一种方式来添加新邮箱用户):
|
iRedAdmin-Pro 支持以下密码格式,因此你可以使用给用户使用下列任意一种。
|
||||||
|
|
||||||
* 简单文本。例如: `123456`
|
1. SSHA512,例如: `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
|
||||||
* MD5 (salted)。例如:
|
1. BCRYPT,例如: `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
|
||||||
|
1. SSHA,例如: `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
|
||||||
|
1. MD5(salted)。例如:
|
||||||
|
|
||||||
* (推荐)带有前缀: `{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
* 带有前缀:`{CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
||||||
* 没有前缀: `$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
* 不带前缀:`$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250`
|
||||||
|
|
||||||
__重要提示__: SOGo 组件不支持没有前缀的 MD5 哈希值,因此,当你打算从旧邮件服务器上迁移密码数据时,请预先加上 `{CRYPT}` 前缀。
|
__重要提示__: SOGo 不支持不带前缀的 MD5 密码,因此,当你打算从旧邮件服务器
|
||||||
|
上迁移密码数据时,请预先加上 `{CRYPT}` 前缀。
|
||||||
|
|
||||||
* PLAIN-MD5 (unsalted MD5),例如: `0d2bf3c712402f428d48fed691850bfc`
|
1. PLAIN-MD5 (不带 salt),例如:`0d2bf3c712402f428d48fed691850bfc`
|
||||||
* SSHA,例如: `{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD`
|
1. 明文密码。例如: `123456`
|
||||||
* SSHA512,例如: `{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=`
|
|
||||||
* BCRYPT,例如: `{CRYPT}$2a$05$TKnXV39M3uJ4o.AbY1HbjeAval9bunHbxd0.6Qn782yKoBjTEBXTe`
|
__警告__:MD5, PLAIN-MD5 和明文密码都不安全,请尽可能不要使用它们。
|
||||||
|
|
||||||
__注意__:
|
__注意__:
|
||||||
|
|
||||||
* `BCRYPT` 仅在 BSD 平台上有效,因数在 Linux 系统上装载的函数库不支持 bcrypt 编码。
|
* `BCRYPT` 目前仅在 BSD 平台上有效,因为 Linux 系统带的 `libc` 函数库不支持 bcrypt。
|
||||||
|
|
||||||
## iRedMail 中默认使用的密码设定
|
## iRedMail 中默认使用的密码
|
||||||
|
|
||||||
* 对于采用 MySQL 和 PostgreSQL 后端而言:
|
* 对于采用 MySQL 和 PostgreSQL 后端而言:
|
||||||
|
|
||||||
* iRedMail-0.8.7 及更早版本: `MD5`
|
* iRedMail-0.9.0 及后续新版本:`SSHA512`
|
||||||
* iRedMail-0.9.0 及更新版本: `SSHA512`
|
* iRedMail-0.8.7 及更早版本:`MD5`
|
||||||
|
|
||||||
* 对于采用 LDAP 后端而言: `SSHA`.
|
* LDAP 后端:`SSHA`.
|
||||||
|
|
||||||
OpenLDAP 内建的密码验证并不直接支持 SHA-2 格式密码,因此,如果你采用的第三方程序需要使用 OpenLDAP 内建的密码验证,那么最好使用 `SSHA` 哈希密码。
|
OpenLDAP 内建的密码验证不支持直接验证 SHA-2 格式密码,因此,如果你有第三方
|
||||||
如果你没有这方面的问题,那么可使用 `SSHA512/BCRYPT` 哈希码来保存邮箱用户密码,同时,修改配置文件 `/etc/dovecot/dovecot.conf` 中的参数为 `ldap_bind = no` 。至此, SMTP/IMAP/POP3 服务都能良好的工作在此配置下,但是, Apache 的基础认证则不行。
|
程序需要使用 OpenLDAP 内建的密码验证机制,建议使用 `SSHA`。
|
||||||
|
|
||||||
|
如果你没有这方面的顾虑,可以使用 `SSHA512/BCRYPT` 来保存用户密码,同时
|
||||||
|
在 `/etc/dovecot/dovecot.conf` 里设置 `ldap_bind = no`。SMTP/IMAP/POP3
|
||||||
|
服务都能正常工作,但是,Apache 的基础认证(basic auth)则不行。
|
||||||
|
|
||||||
## 如何在 iRedMail 中使用不同的哈希密码
|
## 如何在 iRedMail 中使用不同的哈希密码
|
||||||
|
|
||||||
### 对于采用 MySQL 和 PostgreSQL 后端的用户
|
### 对于采用 MySQL 和 PostgreSQL 后端的用户
|
||||||
|
|
||||||
所有的邮箱用户账户存放于 SQL 数据表 `vmail.mailbox` 中,用户密码则存放于 SQL 列 `mailbox.password` 中。例如:
|
所有的邮箱用户账户存放于 SQL 表 `vmail.mailbox` 中,用户密码则存放于
|
||||||
|
`mailbox.password` 字段中。例如:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
|
||||||
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
|
||||||
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
|
||||||
```
|
```
|
||||||
|
|
||||||
* 要保存 PLAIN-MD5 ,你需要在哈希密码值前加上前缀 `{PLAIN-MD5}` :
|
* 要保存 PLAIN-MD5 ,需要加上 `{PLAIN-MD5}` 前缀:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
|
||||||
```
|
```
|
||||||
|
|
||||||
* 要保存文本密码,你需要加上 `{PLAIN}` 前缀:
|
* 要保存明文密码,需要加上 `{PLAIN}` 前缀:
|
||||||
|
|
||||||
```
|
```
|
||||||
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
sql> UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';
|
||||||
```
|
```
|
||||||
|
|
||||||
### 对于采用 LDAP 后端的用户
|
### 对于采用 OpenLDAP 后端的用户
|
||||||
|
|
||||||
用户密码被存放于用户对象的 `userPassword` 属性中。
|
用户密码存储于用户的 `userPassword` 属性中。
|
||||||
|
|
||||||
* 要保存文本密码,SSHA,SSHA512哈希密码,只需要直接按原有格式保存即可。例如:
|
* 要保存明文密码,SSHA,SSHA512 哈希密码,只需要直接按原有格式保存即可。例如:
|
||||||
|
|
||||||
```
|
```
|
||||||
userPassword: 123456
|
userPassword: 123456
|
||||||
|
@ -70,12 +82,16 @@ userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
|
||||||
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs...
|
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs...
|
||||||
```
|
```
|
||||||
|
|
||||||
* 要保存标准的 MD5 哈希值密码(salted MD5 hash),请在哈希密码前加上前缀 `{CRYPT}` (不区分大小写)。例如:
|
* 要保存标准的 MD5 哈希值密码(salted MD5 hash),请在密码前加上 `{CRYPT}`
|
||||||
```userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250```
|
前缀(不区分大小写)。例如:
|
||||||
|
|
||||||
|
```
|
||||||
|
userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250
|
||||||
|
```
|
||||||
|
|
||||||
__重要提示__ :If you want to input password hash with phpLDAPadmin,
|
__重要提示__ :If you want to input password hash with phpLDAPadmin,
|
||||||
please choose `clear` in the password hash list, then input password hash.
|
please choose `clear` in the password hash list, then input password hash.
|
||||||
|
|
||||||
## 另请参阅
|
## 参考资料
|
||||||
|
|
||||||
* [重置用户密码](./reset.user.password.html)
|
* [重置用户密码](./reset.user.password.html)
|
||||||
|
|
Loading…
Reference in New Issue