elmau
/
iredmail-doc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Reverse last commit. It's better to save a local copy for other contributors to read/verify doc.

This commit is contained in:
Zhang Huangbin 2014-09-30 23:13:21 +08:00
parent 35dd2f28ae
commit bd258a919e
39 changed files with 2451 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
SUMMARY.md
View File

@ -1745,3 +1745,38 @@
* [Turn on debug mode in OpenLDAP](turn.on.debug.mode.in.openldap.md)
# Frequently Asked Questions
* [Why append timestamp in maildir path](why.append.timestamp.in.maildir.path.md)
# Install iRedMail
* [Perform silent/unattended iRedMail installation](unattended.iredmail.installation.md)
# How to
* [Completely disable Amavisd + ClamAV + SpamAssassin](0-completely.disable.amavisd.clamav.spamassassin.md)
* [Enable SMTPS service (SMTP over SSL, port 465)](0-enable.smtps.md)
* [Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.](1-amavisd.no.x-spam.headers.md)
* [Disable spam virus scanning for outgoing mails](1-disable.spam.virus.scanning.for.outgoing.mails.md)
* [Quarantining](1-quarantining.md)
* [Allow user to send email without authentication](allow.user.to.send.email.without.authentication.md)
* [Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)](configure.thunderbird.md)
* [Ignore Trash folder in mailbox quota](ignore.trash.folder.in.quota.md)
* [LDAP: Add an alias domain](ldap.add.alias.domain.md)
* [LDAP: Add a mail alias account](ldap.add.mail.alias.md)
* [LDAP: Add a mail list account](ldap.add.mail.list.md)
* [LDAP: User mail forwarding.](ldap.user.mail.forwarding.md)
* [Monitor incoming and outgoing mails with BCC](monitor.incoming.and.outgoing.mails.with.bcc.md)
* [Pipe incoming email for certain user to external script ](pipe.incoming.email.for.certain.user.to.external.script.md)
* [Force Dovecot to recalculate mailbox quota](recalculate.mailbox.quota.md)
* [SQL: Create an mail alias account with SQL command line](sql.create.mail.alias.md)
* [Store SpamAssassin bayes in SQL](store.spamassassin.bayes.in.sql.md)
# Third-party integrations.
* [SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)](sogo-centos-6-mysql.md)
# Cluster solutions
* [An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS ](full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.md)
# Backup, restore and migration
* [Migrate iRedAdmin open source edition to iRedAdmin-Pro](migrate.or.upgrade.iredadmin.md)
* [Migrate old iRedMail server to the latest stable release](migrate.to.new.iredmail.server.md)
* [Password hashes](password.hashes.md)
# Troubleshooting and Debug
* [Turn on debug mode in Amavisd](turn.on.debug.mode.in.amavisd.md)
* [Turn on debug mode in Cluebringer](turn.on.debug.mode.in.cluebringer.md)
* [Turn on debug mode in Dovecot](turn.on.debug.mode.in.dovecot.md)
* [Turn on debug mode in OpenLDAP](turn.on.debug.mode.in.openldap.md)
# Frequently Asked Questions
* [Why append timestamp in maildir path](why.append.timestamp.in.maildir.path.md)

6
convert.sh
View File

@ -12,8 +12,7 @@
# Directory used to store converted html files.
PWD="."
SOURCE_DIR="${PWD}/src"
#OUTPUT_DIR="${PWD}/html"
OUTPUT_DIR="../web/docs"
OUTPUT_DIR="${PWD}/html"
INDEX_MD="${OUTPUT_DIR}/index.md"
README_MD="${PWD}/README.md"
GITBOOK_MD="${PWD}/SUMMARY.md"
@ -129,3 +128,6 @@ ${CMD_CONVERT} ${INDEX_MD} ${OUTPUT_DIR} title="iRedMail Documentations"
# Cleanup
rm -f ${INDEX_MD}
# Copy to local hg repo of http://www.iredmail.org/docs/
cp -rf html/* ../web/docs/

35
html/allow.user.to.send.email.without.authentication.html Normal file
View File

@ -0,0 +1,35 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Allow user to send email without authentication</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="allow-user-to-send-email-without-authentication">Allow user to send email without authentication</h1>
<div class="toc">
<ul>
<li><a href="#allow-user-to-send-email-without-authentication">Allow user to send email without authentication</a></li>
</ul>
</div>
<p>Create a plain text file: <code>/etc/postfix/accepted_unauth_senders</code>:</p>
<pre><code>fax-machine-12@mydomain.tld OK
</code></pre>
<p>Use postmap to create hash db file:</p>
<pre><code># postmap hash:/etc/postfix/accepted_unauth_senders
</code></pre>
<p>Modify Postfix to use this text file: <code>/etc/postfix/main.cf</code></p>
<pre><code>smtpd_sender_restrictions =
check_sender_access hash:/etc/postfix/accepted_unauth_senders,
[...OTHER RESTRICTIONS HERE...]
</code></pre>
<p>Restart/reload postfix to make it work:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

25
html/amavisd.no.x-spam.headers.html Normal file
View File

@ -0,0 +1,25 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="amavisd-spamassassin-not-working-no-mail-header-x-spam-inserted">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</h1>
<p>Amavisd has below setting in its config file <code>/etc/amavisd/amavisd.conf</code> by default:</p>
<pre><code>$sa_tag_level_deflt = 2.0;
</code></pre>
<p>That means Amavisd will insert <code>X-Spam-Flag</code> and other <code>X-Spam-*</code> headers when email score &gt;= 2.0. If you want to let Amavisd always insert these headers, you can set it to a low score, for example:</p>
<pre><code>$sa_tag_level_deflt = -999;
</code></pre>
<p>Amavisd's main config file is different on different Linux/BSD distributions:</p>
<ul>
<li>Red Hat, CentOS, OpenBSD: <code>/etc/amavisd/amavisd.conf</code></li>
<li>Debian, Ubuntu: <code>/etc/amavis/conf.d/50-user</code> (and other config files under <code>/etc/amavs/conf.d/</code>)</li>
<li>FreeBSD: <code>/usr/local/etc/amavisd/amavisd.conf</code></li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

54
html/completely.disable.amavisd.clamav.spamassassin.html Normal file
View File

@ -0,0 +1,54 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Completely disable Amavisd + ClamAV + SpamAssassin</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="completely-disable-amavisd-clamav-spamassassin">Completely disable Amavisd + ClamAV + SpamAssassin</h1>
<p>In iRedMail, Amavisd provides below features:</p>
<ul>
<li>content-based spam scanning (invoke SpamAssassin)</li>
<li>Virus scanning (invoke ClamAV)</li>
<li>DKIM singing</li>
<li>DKIM verification (through SpamAssassin + Perl module)</li>
<li>SPF verification (through SpamAssassin + Perl module)</li>
<li>Disclaimer (throught AlterMIME)</li>
</ul>
<h3 id="stop-virusspam-scanning-keep-dkim-signingverification-and-disclaimer">Stop virus/spam scanning, keep DKIM signing/verification and Disclaimer</h3>
<p>If you want to disable virus and spam scanning, but keep DKIM signing and disclaimer, please try this:</p>
<ul>
<li>
<p>Keep <code>content_filter = smtp-amavis:[127.0.0.1]:10024</code> in Postfix config file <code>/etc/postfix/main.cf</code>.</p>
</li>
<li>
<p>Find below lines in /etc/amavisd/amavisd.conf:</p>
</li>
</ul>
<pre><code class="perl"># @bypass_virus_checks_maps = (1); # controls running of anti-virus code
# @bypass_spam_checks_maps = (1); # controls running of anti-spam code
</code></pre>
<p>Uncomment above lines (removing "# " at the beginning of each line), and restart Amavisd service.</p>
<h3 id="completely-disable-all-features">Completely disable all features</h3>
<p>If you want to completely disable spam and virus scanning services, steps:</p>
<ul>
<li>Comment out below two lines in Postfix config file <code>/etc/postfix/main.cf</code>, then restart Postfix service.</li>
</ul>
<pre><code class="perl">content_filter = smtp-amavis:[127.0.0.1]:10024
receive_override_options = no_address_mappings
</code></pre>
<ul>
<li>Disable network services: Amavisd, ClamAV.</li>
</ul>
<p>Notes:</p>
<ul>
<li>ClamAV and SpamAssassin will be invoked by Amavisd, so if you disable Amavisd, those two are disabled too.</li>
<li>SpamAssassin doesn't have daemon service running in iRedMail solution, so there's no need to stop SpamAssassin service.</li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

77
html/configure.thunderbird.html Normal file
View File

@ -0,0 +1,77 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="configure-thunderbird-as-mail-client-imap-smtp-and-global-ldap-address-book">Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</h1>
<div class="toc">
<ul>
<li><a href="#configure-thunderbird-as-mail-client-imap-smtp-and-global-ldap-address-book">Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</a><ul>
<li><a href="#create-new-mail-account">Create new mail account</a></li>
<li><a href="#configure-thunderbird-as-pop3-client">Configure Thunderbird as POP3 client</a></li>
<li><a href="#configure-thunderbird-as-imap-client">Configure Thunderbird as IMAP client</a></li>
<li><a href="#configure-thunderbird-to-send-mail-via-smtp">Configure Thunderbird to send mail via SMTP</a></li>
<li><a href="#use-openldap-as-global-ldap-address-book">Use OpenLDAP as Global LDAP Address Book</a></li>
</ul>
</li>
</ul>
</div>
<p>iRedMail provides POP3S (POP3 over TLS), IMAPS (IMAP over TLS), SMTPS (SMTP over TLS) for receiving and sending emails by default.</p>
<h2 id="create-new-mail-account">Create new mail account</h2>
<p>To create a new mail account with Thunderbird, please click menu: <code>File -&gt; New -&gt; Mail Account</code>.</p>
<p>Add your name, email address and password in this screen.</p>
<p><img alt="" src="../images/Thunderbird.new.mail.account.png" title="Thunderbird.new.mail.account.png" /></p>
<p>Click continue, it will detect IMAP and SMTP server automatically.</p>
<p>Note:</p>
<ul>
<li>Login username must be full email address. You may want to click <code>Edit</code> to ensure it is correct.</li>
<li>If you want to use POP3 instead of IMAP, click "Edit" and change it to POP3 in this screen with port <code>110</code>, <code>STARTTLS</code>.</li>
</ul>
<p><img alt="" src="../images/thunderbird.new.mail.account.setup.png" title="Thunderbird.new.mail.account.setup.png" /></p>
<h2 id="configure-thunderbird-as-pop3-client">Configure Thunderbird as POP3 client</h2>
<p>Warning: Make sure you are using full email address as username.</p>
<p><img alt="" src="../images/thunderbird.pop3.png" title="Thunderbird.pop3.png" /></p>
<h2 id="configure-thunderbird-as-imap-client">Configure Thunderbird as IMAP client</h2>
<p>Warning: Make sure you are using full email address as username.</p>
<p><img alt="" src="../images/thunderbird.imap.png" title="Thunderbird.imap.png" /></p>
<h2 id="configure-thunderbird-to-send-mail-via-smtp">Configure Thunderbird to send mail via SMTP</h2>
<p>Menu: Tools -&gt; Account settings... -&gt; Outgoing server (SMTP) -&gt; Choose the server you are using.</p>
<p>Warning: Make sure you are using full email address as username.</p>
<p><img alt="" src="../images/thunderbird.smtp.png" title="Thunderbird.smtp.png" /></p>
<h2 id="use-openldap-as-global-ldap-address-book">Use OpenLDAP as Global LDAP Address Book</h2>
<p><strong>IMPORTANT NOTE</strong>: Thunderbird won\'t show contacts in LDAP address book directly, but it works when you starting typing email address in recipient field while composing email.</p>
<p>Here we take Thunderbird 5.0 for example. Steps:</p>
<ul>
<li>Click <code>Address Book</code> in main Thunderbird window. </li>
<li>In Address Book window, click menu <code>File -&gt; New -&gt; LDAP Directory</code>.</li>
<li>
<p>In tab <code>General</code>:</p>
<ul>
<li><code>Name</code>: use whatever name you like. e.g. Global LDAP Address Book.</li>
<li><code>Hostname</code>: IP address or hostname of your iRedMail server.</li>
<li><code>Base DN</code>: Base dn of your domain in LDAP directory. Normally, it's <code>domainName=domain.ltd,o=domains,dc=xxx,dc=xxx</code>. For example, <code>domainName=example.com,o=domains,dc=iredmail,dc=org</code>.</li>
<li><code>Port Number</code>: 389. <strong>Note</strong>: If you prefer to connect to OpenLDAP server over SSL, please check the <code>Use secure connection (SSL)</code> under same tab.</li>
<li><code>Bind DN</code>: It's full LDAP dn of your mail account. Normally, it's <code>mail=user@domain.ltd,ou=Users,domainName=domain.ltd,o=domains,dc=xxx,dc=xxx</code>. For example: <code>mail=john@example.com,ou=Users,domainName=example.com,o=domains,dc=iredmail,dc=org</code>.</li>
</ul>
</li>
<li>
<p>In tab <code>Advanced</code>:</p>
<ul>
<li><code>Don't return more than xxx results</code>: depends on how many accounts stored in same domain, you may want to increase or descrease it. Default value in 100.</li>
<li><code>Scope</code>: Subtree.</li>
<li><code>Search filter</code>: <code>(&amp;(enabledService=mail)(enabledService=deliver)(enabledService=displayedInGlobalAddressBook)(|(objectClass=mailList)(objectClass=mailAlias)(objectClass=mailUser)))</code></li>
<li><code>Login method</code>: <code>Simple</code>.</li>
</ul>
</li>
<li>
<p>Now switch to tab <code>Offline</code>, click button <code>Download Now</code> to test your settings. It will prompt to input password for this LDAP server, just type password of your mail account. With correct bind dn and password, it will display <code>Replicated succeeded</code>.</p>
</li>
</ul>
<p>That's all.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

0
css/markdown.css → html/css/markdown.css
View File

35
html/disable.spam.virus.scanning.for.outgoing.mails.html Normal file
View File

@ -0,0 +1,35 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Disable spam virus scanning for outgoing mails</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="disable-spam-virus-scanning-for-outgoing-mails">Disable spam virus scanning for outgoing mails</h1>
<p>To disable spam/virus scanning for outgoing mails, you can add bypass settings in Amavisd config file: <code>/etc/amavisd/amavisd.conf</code> (RHEL/CentOS/Scientific Linux) or <code>/etc/amavis/conf.d/50-user</code> (Debian/Ubuntu) or <code>/usr/local/etc/amavisd.conf</code> (FreeBSD).</p>
<ul>
<li>bypass_spam_checks_maps</li>
<li>bypass_virus_checks_maps</li>
<li>bypass_header_checks_maps</li>
<li>bypass_banned_checks_maps</li>
</ul>
<p>These settings can be added in setting block <code>$policy_bank{'MYUSERS'}</code>:</p>
<pre><code class="perl">$policy_bank{'MYUSERS'} = {
[...OMIT OTHER SETTINGS HERE...]
# don't perform spam/virus/header check.
bypass_spam_checks_maps =&gt; [1],
bypass_virus_checks_maps =&gt; [1],
bypass_header_checks_maps =&gt; [1],
# allow sending any file names and types
bypass_banned_checks_maps =&gt; [1],
}
</code></pre>
<p>Restarting Amavisd service is required after changing settings.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

72
html/enable.smtps.html Normal file
View File

@ -0,0 +1,72 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Enable SMTPS service (SMTP over SSL, port 465)</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="enable-smtps-service-smtp-over-ssl-port-465">Enable SMTPS service (SMTP over SSL, port 465)</h1>
<div class="toc">
<ul>
<li><a href="#enable-smtps-service-smtp-over-ssl-port-465">Enable SMTPS service (SMTP over SSL, port 465)</a><ul>
<li><a href="#why-iredmail-doesnt-enable-smtps-smtp-over-ssl-by-default">Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default</a></li>
<li><a href="#why-enable-smtps-since-its-depreciated">Why enable SMTPS since it's depreciated</a></li>
<li><a href="#how-to-enable-smtps">How to enable SMTPS</a></li>
<li><a href="#open-port-465-in-iptables">Open port 465 in iptables</a></li>
</ul>
</li>
</ul>
</div>
<h3 id="why-iredmail-doesnt-enable-smtps-smtp-over-ssl-by-default">Why iRedMail doesn't enable SMTPS (SMTP over SSL) by default</h3>
<p>SMTPS is deprecated, so iRedMail disable it by default.
Quote from (wikipedia.org)[http://en.wikipedia.org/wiki/SMTPS]</p>
<blockquote>
<p>Originally, in early 1997, the Internet Assigned Numbers Authority registered 465 for SMTPS. By the end of 1998, this was revoked when STARTTLS has been specified. With STARTTLS, the same port can be used with or without TLS. SMTP was seen as particularly important, because clients of this protocol are often other mail servers, which can not know whether a server they wish to communicate with will have a separate port for TLS. The port 465 is now registered for Source-Specific Multicast audio and video.</p>
</blockquote>
<h3 id="why-enable-smtps-since-its-depreciated">Why enable SMTPS since it's depreciated</h3>
<p>Unfortunately, there're some popular mail clients don't support submission (SMTP over STARTTLS, port 587), the famous one is Microsoft Outlook. Quote from wikipedia.org:</p>
<blockquote>
<p>Even in 2013, there are still services that continue to offer the deprecated SMTPS interface on port 465 in addition to (or instead of!) the RFC-compliant message submission interface on the port 587 defined by RFC 6409. Service providers that maintain port 465 do so because older Microsoft applications (including Entourage v10.0) do not support STARTTLS, and thus not the smtp-submission standard (ESMTPS on port 587). The only way for service providers to offer those clients an encrypted connection is to maintain port 465.</p>
</blockquote>
<h3 id="how-to-enable-smtps">How to enable SMTPS</h3>
<p>To enable SMTPS, you should configure Postfix to listen on port 465 first, then open port 465 in iptables.</p>
<p>Please find below lines in Postfix config file <code>/etc/postfix/master.cf</code> (Linux/OpenBSD) or <code>/usr/local/etc/postfix/master.cf</code> (FreeBSD):</p>
<pre><code>#smtps inet n - n - - smtpd
# -o smtpd_tls_wrappermode=yes
# -o smtpd_sasl_auth_enable=yes
# -o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
</code></pre>
<p>Uncomment first 4 lines, but leave the last one commented out (because iRedMail doesn't use Postfix milter at all):</p>
<pre><code>smtps inet n - n - - smtpd
-o smtpd_tls_wrappermode=yes
-o smtpd_sasl_auth_enable=yes
-o smtpd_client_restrictions=permit_sasl_authenticated,reject
# -o milter_macro_daemon_name=ORIGINATING
</code></pre>
<p>Restart Postfix service to enable SMTPS.</p>
<h3 id="open-port-465-in-iptables">Open port 465 in iptables</h3>
<p>On RHEL/CentOS, please update iptables rule file <code>/etc/sysconfig/iptables</code>, add one rule (third line in below code) for port 465, then restart iptables service.</p>
<pre><code># File: /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<p>On Debian/Ubuntu, if you use iptables rule file provided by iRedMail, please update <code>/etc/default/iptables</code>, add one rule (third line in below code) for port 465, then restart iptables service.</p>
<pre><code>File: /etc/sysconfig/iptables
-A INPUT -p tcp --dport 25 -j ACCEPT
-A INPUT -p tcp --dport 587 -j ACCEPT
-A INPUT -p tcp --dport 465 -j ACCEPT
</code></pre>
<p>On OpenBSD, please append service 'smtps' in <code>/etc/pf.conf</code>, parameter <code>mail_services=</code>:</p>
<pre><code>File: /etc/pf.conf
mail_services="{www, https, submission, imap, imaps, pop3, pop3s, ssh, smtps}"
</code></pre>
<p>Reload PF rule file:</p>
<pre><code># pfctl -f /etc/pf.conf
</code></pre><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

486
html/full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.html Normal file
View File

@ -0,0 +1,486 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="an-ultra-ha-full-mult-master-e-mail-cluster-with-iredmail-mariadb-and-ipvs">An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS</h1>
<div class="toc">
<ul>
<li><a href="#an-ultra-ha-full-mult-master-e-mail-cluster-with-iredmail-mariadb-and-ipvs">An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS</a><ul>
<li><a href="#introduction">Introduction</a></li>
<li><a href="#the-cluster">The Cluster</a></li>
<li><a href="#setting-up-ipvs-ldirectord-and-keepalived">Setting up IPVS, ldirectord, and keepalived</a></li>
<li><a href="#setting-up-mariadb-and-galera-multi-master-sql">Setting up MariaDB and Galera multi-master SQL</a></li>
<li><a href="#highly-available-ldap-backed-iredmail-e-mail">Highly-available, LDAP-backed iRedMail e-mail</a></li>
<li><a href="#final-notes">Final notes</a></li>
<li><a href="#credits-and-copyright">Credits and Copyright</a></li>
</ul>
</li>
</ul>
</div>
<p>Contributed by <strong>Joshua Boniface</strong>, Sep 21, 2014.</p>
<h2 id="introduction">Introduction</h2>
<p>iRedMail is a very nifty piece of software. Setting up a full mail server on modern Linux is indeed possible; there are guides for every part of the system, preconfigured templates, and many-a mailing list post. However, iRedMail does something special: it makes it easy. Easy to install, easy to administer, and and easy to use. However, there are very few guides on how to deploy a <em>complete</em>, clustered iRedMail solution. Let's talk a bit about what I mean by that.</p>
<p>I know e-mail, having deployed Debian-Linux-based carrier-grade mail platforms as part of my job. Setting up a cluster for production use, you want something that's fault-tolerant on every level. If you have 3 physical servers, you want to make sure you can keep your systems running even if you have to bring one down for maintenance, or due to a catastrophic hardware fault. You want to make sure you don't lose anything because one server crashed. However, many HA setups are not full multi-master; sure, you can lose a node, but it better not be server<em>1</em>. The setup I propose below addresses this: it doesn't matter which of your N nodes fails, you can always perform every task you need; and without proper monitoring, you might not even notice you have a problem! Some may think this is overkill, but the result is very compelling for anyone who values a 100% uptime!</p>
<p>The setup I'm using is based on Debian Wheezy (7), the latest stable release of the Debian GNU/Linux operating system; 64-bit is of course recommended. I am very dilligent on separating services, for good reason: ease of manageability and flexibility, and as a result this guide uses slightly more VMs and IP addresses than one may expect. I will break down the cluster now so you have a better idea of how this is running.</p>
<p>Please note that while this guide has parts that can be copy-pasted, and most specified shell commands and config files will work as intended, I do expect you to understand what you're doing, and RTFM if you don't; a decent knowledge of Linux System Administration is a must here. I don't go into any detail about creating your VMs, or any basic system administration tasks or commands, or what specific config options in files do. Also, all IP addresses/hostnames are fictitious and must be replaced, and anything in &lt;&gt; square brackets must be filled in with you own information. Finally, please note that I offer NO GUARANTEED SUPPORT FOR THIS GUIDE, though if you have a good question I'll probably answer it.</p>
<h2 id="the-cluster">The Cluster</h2>
<p>My home cluster is a fairly simple beast: there are two distinct hypervisors (hv1.example.net and hv2.example.net) running KVM, and a single file server (filer1.example.net). At this time, mostly due to budget reasons (it's a homelab, and those cost a lot of money in power!), I am not replicating to a second fileserver, and hence the backend Maildir storage is not HA in my setup. This can be acomplished in a huge number of ways (glusterFS, DRBD, manual sync) but is outside the scope of this guide. I assume that "filer1.example.net" is some device, providing a single NFS interface for backend storage of Maildirs.</p>
<p>The Virtual Machines running on hv1.example.net and hv2.example.net are served via NFS from filer1, as are the Maildirs used for storing e-mail. This NFS is on a private network local to the servers, and this network also carries LDAP sync and Database traffic. The virtual machines are tied to a hypervisor: each <em>1</em> server is on hv1.example.net and each <em>2</em> server is on hv2.example.net. It's worth pointing out now that this cluster could easily be expanded to 3 hypervisors (and hence a <em>3</em> server for each service) if desired; this is recommended for the Database cluster in particular, however in my setup the filer1.example.net is the third, quorum-holding database server.</p>
<p>I expect your setup to be slightly different. If so, just adapt this guide; I use consistent naming throughout (sed might be your friend here)!</p>
<p>2a) Virtual machines and networking</p>
<p>The cluster comprises the following service VMs, all running Debian Wheezy:</p>
<ul>
<li>lbX, IPVS load balancers</li>
<li>dbX, MariaDB/Galera MySQL servers</li>
<li>mailX, iRedMail/LDAP servers</li>
</ul>
<p>Additionally, one VIP address for the load balancers is required:</p>
<ul>
<li>lb0, IPVS VIP</li>
</ul>
<p>And one IP for the file server containing Maildirs:</p>
<ul>
<li>filer1, NFS server</li>
</ul>
<p>The entire cluster therefore uses 8 IP addresses (ignoring the hypervisors, and any other VMs you might have set up). For the purposes of this guide, I assume two networks: "public", 1.1.1.0/24, and "private" , 10.1.1.0/24. You can omit either network and use a single private network; my proper "public" network uses routable public IPs, while the "private" network is unrouted, and certain replication traffic and NFS are kept on the "private" network for security. You can ignore this convention if you want, or even use Masquerade mode with IPVS, to hide all these services behind a single "public" IP and keep it all behind NAT. Whatever works for your environment! If you don't have a proper DNS setup, you can use this template in your "/etc/hosts" file on each host. </p>
<pre><code># "Public"
1.1.1.11 filer1.example.net
1.1.1.12 lb0.example.net # (VIP)
1.1.1.13 lb1.example.net
1.1.1.14 lb2.example.net
1.1.1.15 db1.example.net
1.1.1.16 db2.example.net
1.1.1.17 mail1.example.net
1.1.1.18 mail2.example.net
# "Private"
10.1.1.11 filer1.local
10.1.1.13 lb1.local
10.1.1.14 lb2.local
10.1.1.15 db1.local
10.1.1.16 db2.local
10.1.1.17 mail1.local
10.1.1.18 mail2.local
</code></pre>
<p>Note that there are no VIP in the "private" network: since all its services are load-balanced from the "public" IP, it is unnecessary for there to be a "local" VIP. I recommend firewalling the VIP address (of course) to block MySQL traffic from the outside world if you are using a true public IP, though other services should probably be "public".</p>
<p>2b) A note on example conventions</p>
<p>Thoughout this guide, when command-lines are given, the following rules will be held:</p>
<p>i) the beginning of the prompt will indicate the server name, either as:
server1 # <command>
for a specific server ID, or:
serverX # <command>
for all servers in that category, or even:
serva1, servb2 # <command>
for two specific server names
ii) the seperator character shall be isolated on both sides by a space (for ease of copying a single command, but
discouraging block copying) and will consist of:
# - for a root-level account
$ - for an unprivileged account
iii) for simplicity, most commands in this guide are written as an unprivileged user with "sudo" prepended;
commands that require the actual <em>root</em> account (e.g. the iRedMail.sh setup script) will use # instead
iv) when editing a text file, the raw contents from server1 will be presented after the command (usually 'sudo
vim'), followed by a 'diff' of the differences between server1 and server2, if necessary; one can extrapolate
the third server or any other differences if desired
v) any comments regarding a text file will follow the output and diff, prepended by a [*] for each comment</p>
<h2 id="setting-up-ipvs-ldirectord-and-keepalived">Setting up IPVS, ldirectord, and keepalived</h2>
<p>Chapter source: http://www.ultramonkey.org/papers/lvs_tutorial/html/</p>
<p>The first and probably easiest part of this cluster is the load balancing configuration. It is a very straightforward setup, with 2 load-balancers sharing 1 VIP address: if contact is lost, keepalived moves the VIP between the two servers on a weighted basis (lb1 is prefered to lb2). </p>
<p>Start by installing the required packages on both hosts.</p>
<p>lbX $ sudo apt-get update
lbX $ sudo apt-get upgrade
lbX $ sudo apt-get install ipvsadm ldirectord keepalived</p>
<p>3a) keepalived</p>
<p>Begin by editing the keepalivd configuration. This will set up the VIP between the two load balancers, and allow it to fail over from lb1 to lb2 in the event lb1 goes down, thus preserving services to anyone connecting to the cluster through this IP.</p>
<p>lbX $ sudo vim /etc/keepalived/keepalived.conf</p>
<p>vrrp_instance VI_1 {
state MASTER
interface eth0
virtual_router_id 1
priority 200
authentication {
auth_type PASS
auth_pass mySuperSecretPassw0rd
}
virtual_ipaddress {
1.1.1.12/24;
}
}</p>
<p>5c5
&lt; priority 200</p>
<hr />
<blockquote>
<pre><code> priority 100
</code></pre>
</blockquote>
<p>[*] The adjusted priority on lb2 allows lb1 to take precidence and prevent flapping between the two load balancers. If you have a third lbX host, you can make its priority something less than 100 to ensure it will be last in the chain.</p>
<p>Restart the keepalived service on both hosts:</p>
<p>lbX $ sudo service keepalived restart</p>
<p>You should now see the VIP in the list of IP addresses on lb1:</p>
<p>lb1 $ ip a
[...]
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 11:11:11:11:11:11 brd ff:ff:ff:ff:ff:ff
inet 1.1.1.13/24 brd 1.1.1.255 scope global eth0
inet 1.1.1.12/24 scope global secondary eth0
[...]</p>
<p>Now stop keepalived on lb1, and observe lb2: the IP address will transfer after a second or two:</p>
<p>lb1 $ sudo service keepalived stop</p>
<p>lb2 $ ip a
[...]
eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 11:11:11:22:22:22 brd ff:ff:ff:ff:ff:ff
inet 1.1.1.14/24 brd 1.1.1.255 scope global eth0
inet 1.1.1.12/24 scope global secondary eth0
[...]</p>
<p>You can then restart the keepalived service on lb1 and the IP address will return to it, exactly as expected.</p>
<p>3b) ldirectord</p>
<p>Next is the ldirectord configuration. ldirectord is a load balancer using IPVS, the Linux kernel virtual server, to distribute traffing entering on a VIP between a number of "real servers", . It contains a number of different load-balancing and routing options, however for our purposes, with a "public" network, we will use the 'routed' mode, whereby traffic is directly routed from the VIP to the real server, which has configured on a loopback interface the VIP, allowing traffic to be sent directly back to the client from the real server, reducing load on the load balancers. In effect, the routers simply keep track of incoming packets while the outgoing packets flow right to the client.</p>
<p>ldirectord works by performing regular health checks on the real servers; if one is found to be non-working, it is removed from the IPVS configuration, thus preventing clients from being directed to a dead server. Once the service has been restored, ldirectord re-adds the real server to the IPVS configuration, and load-balancing resumes.</p>
<p>The following ldirectord.cf file contains all the services that will be provided in HA mode for client access, the list of which is: MySQL, HTTP/S, IMAPS, POPS, and SMTPSUB. I don't allow unsecured access via IMAP or POP3 directly to my mail servers, but you can add these services if desired.</p>
<pre><code>lbX $ sudo vim /etc/ldirectord.cf
logfile=&quot;daemon&quot;
fallbackcommand=&quot;&quot;
failurecount=3
checkinterval=5
fork=yes
# MySQL database to db1/db2
virtual=1.1.1.12:3306
real=1.1.1.15:3306 gate
real=1.1.1.16:3306 gate
service=mysql
scheduler=sh
login=&quot;monitor&quot;
passwd=&quot;monitoringPassw0rd&quot;
request=&quot;SELECT * from monitoring.monitoring;&quot;
# Mail services to mail1/mail2
virtual=1.1.1.12:80
real=1.1.1.17:80 gate
real=1.1.1.18:80 gate
service=http
scheduler=sh
request=&quot;ldirectord.txt&quot;
receive=&quot;ldirectord&quot;
virtual=1.1.1.12:443
real=1.1.1.17:443 gate
real=1.1.1.18:443 gate
service=https
scheduler=sh
request=&quot;ldirectord.txt&quot;
receive=&quot;ldirectord&quot;
virtual=1.1.1.12:993
real=1.1.1.17:993 gate
real=1.1.1.18:993 gate
service=imaps
virtual=1.1.1.12:995
real=1.1.1.17:995 gate
real=1.1.1.18:995 gate
service=pops
virtual=1.1.1.12:465
real=1.1.1.17:465 gate
real=1.1.1.18:465 gate
service=smtp
</code></pre>
<ul>
<li>Both servers are identical.</li>
<li>Service checks for MySQL and HTTP/S will be addressed in their relevant sections.</li>
</ul>
<p>Reload the ldirectord service, and use "ipvsadm" to view the resulting IPVS configuration (IP-to-hostname translation is used, if you don't have reverse DNS configured you will see IP addresses):</p>
<pre><code>lbX $ sudo service ldirectord restart
lbX $ sudo ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-&gt; RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP lb0.example.net:mysql sh
-&gt; db1.example.net:mysql Route 1 0 0
-&gt; db2.example.net:mysql Route 1 0 0
TCP lb0.example.net:http sh
-&gt; mail1.example.net:http Route 1 0 0
-&gt; mail2.example.net:http Route 1 0 0
TCP lb0.example.net:https sh
-&gt; mail1.example.net:https Route 1 0 0
-&gt; mail2.example.net:https Route 1 0 0
TCP lb0.example.net:imaps wrr
-&gt; mail1.example.net:imaps Route 1 0 0
-&gt; mail2.example.net:imaps Route 1 0 0
TCP lb0.example.net:pops wrr
-&gt; mail1.example.net:pops Route 1 0 0
-&gt; mail2.example.net:pops Route 1 0 0
TCP lb0.example.net:submission wrr
-&gt; mail1.example.net:submission Route 1 0 0
-&gt; mail2.example.net:submission Route 1 0 0
However, since you have not yet configured any services, there will be no real servers in your output, only the lines containing &quot;lb0.example.net&quot;:
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-&gt; RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP lb0.example.net:mysql sh
TCP lb0.example.net:http sh
TCP lb0.example.net:https sh
TCP lb0.example.net:imaps wrr
TCP lb0.example.net:pops wrr
TCP lb0.example.net:submission wrr
</code></pre>
<p>Once this guide is done, compare the resulting output from "ipvsadm" to the above output, and you should see it match!</p>
<p>This concludes the configuration required on the load balancers themselves. However, one more piece of configuration must be done to <em>each</em> real server: it must have the VIP address added to a loopback interface to allow services on the server to use that address to reply to clients. This is a required part of the "direct-routing" mode used in IPVS. If you are using an alternate routing mode (for example Masquerade), you do not need this step. On each dbX and mailX host:</p>
<pre><code>serverX $ sudo vim /etc/network/interfaces
# Loopback interface
auto lo
iface lo inet loopback
# IPVS-DR loopback interface
auto lo:0
iface lo:0 inet static
address 1.1.1.12
netmask 255.255.255.255
pre-up sysctl -w net.ipv4.conf.all.arp_ignore=1
pre-up sysctl -w net.ipv4.conf.all.arp_announce=2
# Other interfaces, server-specific...
[...]
</code></pre>
<ul>
<li>All servers are identical.</li>
</ul>
<p>This concludes the configuration of the load balancer setup, and the VIP that will direct requests to the client machines.</p>
<h2 id="setting-up-mariadb-and-galera-multi-master-sql">Setting up MariaDB and Galera multi-master SQL</h2>
<p>Chapter source: https://blog.mariadb.org/installing-mariadb-galera-cluster-on-debian-ubuntu/</p>
<p>As seen above, one of the load-balanced services is MySQL. Databases are used extensively in e-mail servers: they hold information about active accounts, sessions, filter policies; the list goes on. The services of the dbX servers could be integrated into the mailX servers themselves, however in my usage it makes more sense to separate them. You can easily run all of the following on the mailX servers and reduce your IP usage by two if you so desire (just don't forget to edit the ldirectord.cf file in Chapter 3 to match!)</p>
<p>The MySQL cluster will be provided by MariaDB, a community-driven fork of Oracle's MySQL, and headed by the original developers of MySQL. It is combined with the Galera replication engine to allow a multi-master cluster than can be load-balanced by IPVS. I am using version 5.5 for maximum compatibility, though the newer releases could be used as well. To prevent split-brain, we also use a third host in the Galera cluster, which will be provided by the filer1 server; if you are using this guide to set up a 3-server cluster, you can exclude that host as quorum will be provided by 3 dbX servers. Run all commands below on filer1 as well as dbX.</p>
<p>Start by adding the MariaDB sources (other mirrors can be found at https://downloads.mariadb.org/mariadb/repositories/) into your apt configuration:</p>
<p>dbX $ sudo apt-get install python-software-properties
dbX $ sudo apt-key adv --recv-keys --keyserver keyserver.ubuntu.com 0xcbcb082a1bb943db
dbX $ sudo add-apt-repository 'deb http://mariadb.mirror.rafal.ca/repo/5.5/debian wheezy main'</p>
<p>Then update and install the required packages:</p>
<p>dbX $ sudo apt-get update
dbX $ sudo apt-get install rsync galera mariadb-galera-server</p>
<p>You will be asked for a root password during setup; ensure it is identical on all hosts. Once installed, stop the mysql process as we need it off for the next steps.</p>
<p>dbX $ sudo service mysql stop</p>
<p>The Galera configuration below is extremely simple; read the Galera documentation for more advanced configuration options. Set the local IP addresses of the cluster members in the "wsrep_cluster_address" line, to keep replication traffic on the unrouted local network. You can also set the "wsrep_cluster_name" to a new value; this is in effect a shared secret for the cluster.</p>
<pre><code>dbX $ sudo vim /etc/mysql/conf.d/galera.cnf
[mysqld]
# MySQL settings
binlog_format=ROW
default-storage-engine=innodb
innodb_autoinc_lock_mode=2
query_cache_size=0
query_cache_type=0
bind-address=0.0.0.0
# Galera settings
wsrep_provider=/usr/lib/galera/libgalera_smm.so
wsrep_cluster_name=&quot;db_cluster&quot;
wsrep_cluster_address=&quot;gcomm://10.1.1.11,10.1.1.15,10.1.1.16&quot;
wsrep_sst_method=rsync
</code></pre>
<ul>
<li>All servers are identical.</li>
</ul>
<p>Also clone the /etc/mysql/debian.cnf file from db1 to the other database hosts; this will, combined with the tweaks below, prevent "debian-sys-maint" access denied warnings when starting the other cluster nodes.</p>
<p>Warning: Before we continue, I have discovered a bug in this setup. Because of the IPVS-DR loopback, the Galera cluster will sometimes fail to start on the second or third node of the cluster. The reasons I do not completely understand. To mitigate this however, I made a modification to the "/etc/init.d/mysql" initscript to add an "ifdown lo:0" and corresponding "ifup lo:0" at the beginning and end, respectively, of the "start" function. I recommend doing this to save you hours of headaches!</p>
<p>Once the configuration is in place on all nodes, we can start the cluster on the first node:</p>
<p>db1 $ sudo service mysql start --wsrep-new-cluster</p>
<p>The "--wsrep-new-cluster" directive creates a new active cluster; if all hosts in the Galera cluster go down, you will need to execute this command on a node again to start up the cluster. Data is of course preserved when running this command, and the host it is run on will become the "primary" sync source for the other members of the cluster.</p>
<p>On the remaining nodes, start the MySQL service normally:</p>
<p>db2,filer1 $ sudo service mysql start</p>
<p>If all goes well, they will connect to the cluster master, and data will synchronize. Check the number of nodes in the cluster with:</p>
<p>db1 $ mysql -u root -p -e 'SELECT VARIABLE_VALUE as "cluster size" FROM INFORMATION_SCHEMA.GLOBAL_STATUS WHERE VARIABLE_NAME="wsrep_cluster_size"'
+--------------+
| cluster size |
+--------------+
| 3 |
+--------------+</p>
<p>There are a number of configuration tweaks that must be performed to properly use the MySQL cluster as expected. Enter the database server, and:</p>
<p>db1 $ mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 104893
Server version: 5.5.38-MariaDB-1~wheezy-wsrep-log mariadb.org binary distribution, wsrep_25.10.r3997
Copyright (c) 2000, 2014, Oracle, Monty Program Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]&gt; </p>
<p>i) Create a "new" root user with global host access. Yes, you can restrict this per-host, but that gets messy fast
and if you have a <em>properly secured</em> network, you shouldn't have to worry about this too much.</p>
<p>MariaDB [(none)]&gt; GRANT ALL PRIVILEGES ON <em>.</em> TO 'root'@'%' WITH GRANT OPTION IDENTIFIED BY '<MySQL root password>';
MariaDB [(none)]&gt; GRANT PROXY ON ''@'' TO 'root'@'%' WITH GRANT OPTION;</p>
<p>Test that this user works by logging in to another MySQL shell, and if it works fine, drop all "old" root users:</p>
<p>MariaDB [(none)]&gt; SELECT User,Host from mysql.user;
[view the resulting list of users]
MariaDB [(none)]&gt; DROP USER 'root'@'db1';
MariaDB [(none)]&gt; DROP USER 'root'@'db2';
[etc.]</p>
<p>ii) Create a "new" debian-sys-maint user, with slighly more restricted access than the root user; again this user
should be for the global host for simplicity.</p>
<p>MariaDB [(none)]&gt; GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, RELOAD, SHUTDOWN, PROCESS, FILE, REFERENCES, INDEX, ALTER, SHOW DATABASES, SUPER, CREATE TEMPORARY TABLES, LOCK TABLES, EXECUTE, REPLICATION SLAVE, REPLICATION CLIENT, CREATE VIEW, SHOW VIEW, CREATE ROUTINE, ALTER ROUTINE, CREATE USER, EVENT, TRIGGER ON <em>.</em> TO 'debian-sys-maint'@'%' IDENTIFIED BY '<debian-sys-maint password from /etc/mysql/debian.cnf>' WITH GRANT OPTION;</p>
<p>Make sure that the "/etc/mysql.debian.cnf" file is identical between all the dbX nodes. And like the root user, drop all "old" debian-sys-maint users:</p>
<p>MariaDB [(none)]&gt; DROP USER 'debian-sys-maint'@'db1';
MariaDB [(none)]&gt; DROP USER 'debian-sys-maint'@'db2';
[etc.]</p>
<p>Attempt to stop the mysql service on any one node; it should suceed without any warnings or errors about permission denied; restart it and resume configuration.</p>
<p>Now we will add some data to the cluster and observe its replication. The data used is, conveniently, the monitoring framework required by ldirectord.</p>
<p>db1 $ mysql -u root -p
MariaDB [(none)]&gt; </p>
<p>Begin by creating a new database called 'monitoring'; these values were set in Chapter 3, in ldirectord.cf:</p>
<p>MariaDB [(none)]&gt; CREATE DATABASE monitoring;</p>
<p>Create a new user, 'monitor', identified by the password 'monitoringPassw0rd', and grant select access to the 'monitoring' database:</p>
<p>MariaDB [(none)]&gt; GRANT SELECT ON monitoring.* TO 'monitor'@'%' IDENTIFIED BY 'monitoringPassw0rd';</p>
<p>Now, change into the monitoring database, and create a table called "monitoring" containing some data:</p>
<p>MariaDB [(none)]&gt; USE monitoring; <br />
MariaDB [monitoring]&gt; CREATE TABLE monitoring (data VARCHAR(1));
MariaDB [monitoring]&gt; INSERT INTO monitoring (data) VALUES ("X");
MariaDB [monitoring]&gt; SELECT * FROM monitoring.monitoring;
+------+
| data |
+------+
| X |
+------+
MariaDB [monitoring]&gt; quit
Bye</p>
<p>You have now set up the monitoring table that the ldirectord daemon will connect to and attempt to judge your hosts' health. If everything is configured and working right, you should now see the real servers in the output of "ipvsadm" on lbX:</p>
<p>lbX $ sudo ipvsadm
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-&gt; RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP lb0.example.net:mysql wrr
-&gt; db1.example.net:mysql Route 1 0 0 <br />
-&gt; db2.example.net:mysql Route 1 0 0
[...]</p>
<p>You can see the data replication by checking any other node: you should be able to see the monitoring database and its table. But if both your dbX servers are in the IPVS configuration above, you should be good to go! Now you can access the databases, load-balanced between the two dbX VMs, from the VIP address at lb0.example.net. I recommend aliasing/pointing "db.example.net" to "lb0.example.net" now as this will be used as a referenced name later.</p>
<p>A note about filer1: When setting up the DB, we used filer1 as our third, quorum-holding host. However, as that is not a proper "database" server, it is NOT added to the load-balanced cluster. It is, in effect, a write-only copy of the data to preserve quorum. If you are using three physical servers, and hence three dbX servers, you should be able to use just those 3 to maintain quorum, and load-balance over all 3, in which case you can avoid putting any MySQL on the filer1 server.</p>
<p>This concludes the configuration of the database cluster, which is now ready for data to be added from the mailX servers, via the load-balanced VIP address at lb0.example.net.</p>
<h2 id="highly-available-ldap-backed-iredmail-e-mail">Highly-available, LDAP-backed iRedMail e-mail</h2>
<p>Chapter source: iRedAdmin Wiki/Existing Tutorials</p>
<p>And now for the Piece de resistance, the whole reason for this tutorial: the HA iRedMail cluster! For this setup, we will be using a multi-master LDAP backend to store user data; each mail server will connect to its own, local, LDAP database and those databases will be synchronized between the two servers. This allows iRedAdmin management, as well as user access, to be passed through the load balancer: if a mail server goes down, regardless of which one, the mail administrator(s) can still make changes and continue working as if nothing happened to the infrastructure backend; let the sysadmins worry about that!</p>
<p>Note that mirrormode LDAP multi-master clusters are ideally used with a "preferred" master. For this reason, I don't recommend <em>actually</em> using the VIP address to access iRedAdmin under normal situations: manage from mail1, and if needed, manage from mail2 if mail1 is down. This helps preserve consistency so that you can trust one particular host if an LDAP split-brain happens.</p>
<p>5a) iRedMail installation with the HA MySQL backend</p>
<p>To begin, become root on both mail servers:</p>
<p>mailX $ sudo su
mailX #</p>
<p>Now download and extract the latest version of iRedMail, at the time of writing iRedMail-0.8.7:</p>
<p>mailX # wget iRedMail-0.8.7.tar.bz2
mailX # tar -xvjf iRedMail-0.8.7.tar.bz2</p>
<p>Before we begin installing iRedMail, add a fully-privileged user to the database server that can be used by the install script to set up the databases. This user can be removed after installation; alternatively, you could use root but this is not recommended.</p>
<p>db1 # mysql -u root -p
MariaDB [(none)]&gt; GRANT ALL PRIVILEGES ON <em>.</em> TO 'admin_iredmail'@'%' WITH GRANT OPTION IDENTIFIED BY '<password>';</p>
<p>Next, mount the NFS Maildir storage from filer1 on both mailX hosts (I prefer the default "/var/vmail"); ensure you add it to "/etc/fstab" as well:</p>
<p>mailX # mkdir /var/vmail
mailX # chattr +i /var/vmail
mailX # mount -t nfs -o vers=3,noatime,nodiratime,noexec filer1.local:/srv/var/vmail /var/vmail
mailX # echo "filer1.local:/srv/var/vmail /var/vmail nfs vers=3,noatime,nodiratime,noexec 0 0" &gt;&gt; /etc/fstab</p>
<p>Configuration should begin on mail1 first: this will allow us to generate an iRedMail installer 'config' file, which we will then use to ensure mail2 is configured with the same settings.</p>
<p>Start the iRedMail installer with variables specifying the database host, user, and grant host (in our case, '%' for simplicity in our MySQL users):</p>
<p>mail1 # cd iRedMail-0.8.7/
mail1 # MYSQL_SERVER='db.example.net' MYSQL_ROOT_USER='admin_iredmail' MYSQL_GRANT_HOST='%' bash iRedMail.sh</p>
<p>Follow the directions as per the standard iRedMail setup procedure. In particular, choose an LDAP backend, and choose the NFS directory for the Maildir storage. Also ensure that you save any password you entered: these will eventually be the cluster master passwords. During setup, you will be asked for the password for "admin_iredmail" you set above in order for the installer to access the MySQL cluster. Also, don't use an additional domain when asked for your first virtual domain: use "example.net". This will simplify our deployment and allow you to add actual domains to the full cluster later.</p>
<p>Once the iRedMail setup completes, your first node will be operational! Feel free to test it out, and inspect the database servers to confirm that the data for the iRedMail server was properly added to the MySQL cluster backend and is replicating between the hosts as expected.</p>
<p>Next, copy the "config" file from the iRedMail installer directory over to the second server. This will ensure all our passwords and configuration options are synced and everything will work properly within the cluster.</p>
<p>mail1 # cd ~
mail1 # scp iRedMail-0.8.7/config mail2:~/iRedMail-0.8.7/</p>
<p>You are now ready to begin the setup procedure on mail2. Use the same command from mail1 on mail2, and ignore any errors from MySQL about databases already existing (since they do!):</p>
<p>mail2 # cd iRedMail-0.8.7/
mail2 # MYSQL_SERVER='db.example.net' MYSQL_ROOT_USER='admin_iredmail' MYSQL_GRANT_HOST='%' bash iRedMail.sh</p>
<p>You will be informed that a config already exists; would you like to use it? Select "yes" to use the same settings as mail1 on mail2. </p>
<p>A little bit of setup is required for ldirectord to manage the web page load balancing. Create a text file in the root of the web server (usually "/var/www") called "ldirectord.txt", containing the string "ldirectord"; as before, this was configured in the ldirectord.cf file on lbX:</p>
<p>mailX # echo "ldirectord" &gt; /var/www/ldirectord.txt</p>
<p>As is good practice, drop back out of root to your unprivileged user now:</p>
<p>mailX # exit
mailX $</p>
<p>5b) Setting up LDAP multi-master replication</p>
<p>Chapter source: http://www.openldap.org/doc/admin24/replication.html</p>
<p>Once the install completes on mail2, we can proceed with configuring LDAP in a multi-master replication between mail1 and mail2 (and mail3 if you desire).</p>
<p>Start by stopping the slapd service on both hosts:</p>
<p>mailX $ sudo service slapd stop</p>
<p>Edit the /etc/ldap/slapd.conf file on both hosts:</p>
<p>mailX $ sudo vim /etc/ldap/slapd.conf</p>
<p>Make the following changes:</p>
<p>i) under the "# Modules." section, add:</p>
<p>moduleload syncprov</p>
<p>ii) at the end of the file, add:</p>
<pre><code># Multi master replication
ServerID 1 &quot;ldap://mail1.example.net&quot;
ServerID 2 &quot;ldap://mail2.example.net&quot;
overlay syncprov
syncprov-checkpoint 10 1
syncprov-sessionlog 100
syncrepl rid=1
provider=&quot;ldap://mail1.local&quot;
type=refreshAndPersist
interval=00:00:00:10
retry=&quot;5 10 60 +&quot;
timeout=1
schemachecking=off
searchbase=&quot;dc=bonilan,dc=net&quot;
scope=sub
bindmethod=simple
binddn=&quot;cn=Manager,dc=example,dc=net&quot;
credentials=&quot;&lt;LDAP rootdn password in plaintext&gt;&quot;
syncrepl rid=2
provider=&quot;ldap://mail2.local&quot;
type=refreshAndPersist
interval=00:00:00:10
retry=&quot;5 10 60 +&quot;
timeout=1
schemachecking=off
scope=sub
searchbase=&quot;dc=bonilan,dc=net&quot;
bindmethod=simple
binddn=&quot;cn=Manager,dc=example,dc=net&quot;
credentials=&quot;&lt;LDAP rootdn password in plaintext&gt;&quot;
MirrorMode on
</code></pre>
<ul>
<li>All servers are identical.</li>
<li>Using the "local" addresses in the "provider" lines allows the LDAP replication to occur over the local network for security. LDAP should be blocked at your firewall for the public addresses just like MySQL, unless required; each mailX host will look at its own local LDAP instance when accessing or modifying data.</li>
</ul>
<p>You can now start slapd on mail1:</p>
<pre><code>mail1 $ sudo service slapd start
</code></pre>
<p>It should start normally; now, start it on mail2:</p>
<pre><code>mail2 $ sudo service slapd start
</code></pre>
<p>Since you used the same "config" file for both, all the data should match up and you will now have a functioning, replicated LDAP setup. Test it out by using iRedAdmin to add data on mail1, and check if it exists on mail2. If it does, congratulations! You have a fully HA iRedMail setup.</p>
<h2 id="final-notes">Final notes</h2>
<p>You now have a fully-functional cluster. All data is HA, and can tolerate the failure of any one set of nodes without interruption of service, either on the user or administrator side. You can now set up your first virtual domain (example.net) with some users, and configure DNS for it:</p>
<pre><code>example.net IN MX 1 mail1.example.net
example.net IN MX 1 mail2.example.net
mail.example.net IN A 1.1.1.12
smtp.example.net IN A 1.1.1.12
imap.example.net IN A 1.1.1.12
pop.example.net IN A 1.1.1.12
</code></pre>
<p>With this setup, your incoming mail will be redirected to one of either mail1 or mail2, where Postfix will filter and deliver it to the LDAP-backed mailbox of the domain user. Stored on NFS, that user can then access the mail using HTTP/S webmail, IMAPS, or POPS on the VIP, which will redirect to one of the two servers based on load and availability. The Dovecot session will use the syncronized MySQL backend to ensure consistency, and will read the data from the shared Maildir regardless of which real server the user is connected to. Try it out with a few users, and tinker with the settings to get it just perfect for you. And voila! A HA mail solution in under 6000 words!</p>
<h2 id="credits-and-copyright">Credits and Copyright</h2>
<ul>
<li>Joshua Boniface, the tinkerer and homelab geek who set this cluster up and documented the whole thing</li>
<li>The iRedMail team for making this fantastic e-mail setup and management system</li>
<li>The maintainers of a number of wonderful guides and manuals on how to configure the individual components</li>
<li>YOU, for trying this out and leaving me your feedback</li>
</ul>
<pre><code>Copyright (C) 2014 JOSHUA BONIFACE.
Permission is granted to copy, distribute and/or modify this document
under the terms of the GNU Free Documentation License, Version 1.3
or any later version published by the Free Software Foundation;
with no Invariant Sections, no Front-Cover Texts, and no Back-Cover Texts.
A copy of the license is included in the section entitled &quot;GNU
Free Documentation License&quot;. --- https://gnu.org/licenses/fdl.html
</code></pre>
<p>Joshua Boniface is a Linux system administrator from Burlington, ON, Canada, specializing in Debian-based distributions. He can be found online under the handle "djbon2112", via his e-mail address joshua <at> boniface <dot> me, and at his website (under construction) http://www.boniface.me.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

64
html/ignore.trash.folder.in.quota.html Normal file
View File

@ -0,0 +1,64 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Ignore Trash folder in mailbox quota</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="ignore-trash-folder-in-mailbox-quota">Ignore Trash folder in mailbox quota</h1>
<p>Per-user mailbox quota rule is defined in Dovecot, in one of below files:</p>
<ul>
<li><code>/etc/dovecot/dovecot-mysql.conf</code>: MySQL backend</li>
<li><code>/etc/dovecot/dovecot-pgsql.conf</code>: PostgreSQL backend</li>
<li><code>/etc/dovecot/dovecot-mysql.conf</code>: MySQL backend</li>
</ul>
<p>If no per-user quota rules found, Dovecot will use 'quota_rule[X]' defined in
<code>/etc/dovecot/dovecot.conf</code>. For example:</p>
<pre><code># File: /etc/dovecot/dovecot.conf
plugin {
quota = dict:user::proxy::quotadict
quota_rule = *:storage=1G
#quota_rule2 = *:messages=0
#quota_rule3 = Trash:storage=1G
#quota_rule4 = Junk:ignore
...
}
</code></pre>
<p>So, if you want to ignore quota of <code>Trash</code> folder, you can add new quota_rule
in either <code>/etc/dovecot/dovecot.conf</code> or <code>/etc/dovecot/dovecot-{mysql,pgsql,ldap}.conf</code>.</p>
<ul>
<li>Sample setting #1:</li>
</ul>
<pre><code># File: /etc/dovecot/dovecot.conf
plugin {
quota = dict:user::proxy::quotadict
quota_rule = *:storage=1G
quota_rule2 = Trash:ignore
...
}
</code></pre>
<ul>
<li>Sample setting #2:</li>
</ul>
<pre><code># File: /etc/dovecot/dovecot-ldap.conf
user_attrs = ...,mailQuota=quota_rule=*:bytes=%$,=quota_rule2=Trash:ignore
# File: /etc/dovecot/dovecot-mysql.conf, or dovecot-pgsql.conf
user_query = SELECT ... \
CONCAT('*:bytes=', mailbox.quota*1048576) AS quota_rule \
'Trash:ignore' AS quota_rule2 \
FROM ...
</code></pre><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

0
images/Markasjunk2_toolbar_button.png → html/images/Markasjunk2_toolbar_button.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 47 KiB

After

Width:  |  Height:  |  Size: 47 KiB

0
images/README → html/images/README
View File

0
images/Thunderbird.imap.png → html/images/Thunderbird.imap.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 95 KiB

After

Width:  |  Height:  |  Size: 95 KiB

0
images/Thunderbird.new.mail.account.png → html/images/Thunderbird.new.mail.account.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 29 KiB

After

Width:  |  Height:  |  Size: 29 KiB

0
images/Thunderbird.new.mail.account.setup.png → html/images/Thunderbird.new.mail.account.setup.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 59 KiB

After

Width:  |  Height:  |  Size: 59 KiB

0
images/Thunderbird.pop3.png → html/images/Thunderbird.pop3.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 94 KiB

After

Width:  |  Height:  |  Size: 94 KiB

0
images/Thunderbird.smtp.png → html/images/Thunderbird.smtp.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

60
html/index.html Normal file
View File

@ -0,0 +1,60 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>iRedMail Documentations</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
</div><p>We're working on migrating <a href="http://www.iredmail.org/wiki">old wiki documents</a> to Markdown format for easier maintenance.</p>
<h1 id="install-iredmail">Install iRedMail</h1>
<ul>
<li><a href="unattended.iredmail.installation.html">Perform silent/unattended iRedMail installation</a></li>
</ul>
<h1 id="how-to">How to</h1>
<ul>
<li><a href="completely.disable.amavisd.clamav.spamassassin.html">Completely disable Amavisd + ClamAV + SpamAssassin</a></li>
<li><a href="enable.smtps.html">Enable SMTPS service (SMTP over SSL, port 465)</a></li>
<li><a href="amavisd.no.x-spam.headers.html">Amavisd + SpamAssassin not working, no mail header (X-Spam-*) inserted.</a></li>
<li><a href="disable.spam.virus.scanning.for.outgoing.mails.html">Disable spam virus scanning for outgoing mails</a></li>
<li><a href="quarantining.html">Quarantining</a></li>
<li><a href="allow.user.to.send.email.without.authentication.html">Allow user to send email without authentication</a></li>
<li><a href="configure.thunderbird.html">Configure Thunderbird as mail client (IMAP, SMTP and global ldap address book)</a></li>
<li><a href="ignore.trash.folder.in.quota.html">Ignore Trash folder in mailbox quota</a></li>
<li><a href="ldap.add.alias.domain.html">LDAP: Add an alias domain</a></li>
<li><a href="ldap.add.mail.alias.html">LDAP: Add a mail alias account</a></li>
<li><a href="ldap.add.mail.list.html">LDAP: Add a mail list account</a></li>
<li><a href="ldap.user.mail.forwarding.html">LDAP: User mail forwarding.</a></li>
<li><a href="monitor.incoming.and.outgoing.mails.with.bcc.html">Monitor incoming and outgoing mails with BCC</a></li>
<li><a href="pipe.incoming.email.for.certain.user.to.external.script.html">Pipe incoming email for certain user to external script </a></li>
<li><a href="recalculate.mailbox.quota.html">Force Dovecot to recalculate mailbox quota</a></li>
<li><a href="sql.create.mail.alias.html">SQL: Create an mail alias account with SQL command line</a></li>
<li><a href="store.spamassassin.bayes.in.sql.html">Store SpamAssassin bayes in SQL</a></li>
</ul>
<h1 id="third-party-integrations">Third-party integrations.</h1>
<ul>
<li><a href="sogo-centos-6-mysql.html">SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)</a></li>
</ul>
<h1 id="cluster-solutions">Cluster solutions</h1>
<ul>
<li><a href="full.mult-master.iredmail.cluster.with.mariadb.and.ipvs.html">An Ultra-HA, full Mult-Master E-mail cluster with iRedMail, MariaDB, and IPVS </a></li>
</ul>
<h1 id="backup-restore-and-migration">Backup, restore and migration</h1>
<ul>
<li><a href="migrate.or.upgrade.iredadmin.html">Migrate iRedAdmin open source edition to iRedAdmin-Pro</a></li>
<li><a href="migrate.to.new.iredmail.server.html">Migrate old iRedMail server to the latest stable release</a></li>
<li><a href="password.hashes.html">Password hashes</a></li>
</ul>
<h1 id="troubleshooting-and-debug">Troubleshooting and Debug</h1>
<ul>
<li><a href="turn.on.debug.mode.in.amavisd.html">Turn on debug mode in Amavisd</a></li>
<li><a href="turn.on.debug.mode.in.cluebringer.html">Turn on debug mode in Cluebringer</a></li>
<li><a href="turn.on.debug.mode.in.dovecot.html">Turn on debug mode in Dovecot</a></li>
<li><a href="turn.on.debug.mode.in.openldap.html">Turn on debug mode in OpenLDAP</a></li>
</ul>
<h1 id="frequently-asked-questions">Frequently Asked Questions</h1>
<ul>
<li><a href="why.append.timestamp.in.maildir.path.html">Why append timestamp in maildir path</a></li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

60
html/ldap.add.alias.domain.html Normal file
View File

@ -0,0 +1,60 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LDAP: Add an alias domain</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="ldap-add-an-alias-domain">LDAP: Add an alias domain</h1>
<h2 id="what-an-alias-domain-is-used-for">What an alias domain is used for?</h2>
<p>Let's say you have a mail domain <code>example.com</code> hosted on your iRedMail server,
if you add domain name <code>domain.ltd</code> as an alias domain of <code>example.com</code>, all
emails sent to <code>username@domain.ltd</code> will be delivered to user
<code>username@example.com</code>'s mailbox.</p>
<h2 id="add-alias-domain-with-iredadmin-pro">Add alias domain with iRedAdmin-Pro</h2>
<p>With iRedAdmin-Pro, you can simply add alias domain name in domain profile page,
under tab <code>Aliases</code>.</p>
<p>Screenshot:</p>
<p><img alt="" src="http://www.iredmail.org/images/iredadmin/domain_profile_alias.png" /></p>
<h2 id="how-to-add-an-alias-domain-with-phpldapadmin">How to add an alias domain with phpLDAPadmin:</h2>
<ul>
<li>
<p>Login to phpLDAPadmin (<code>https://[your_server]/phpldapadmin</code>) as LDAP root dn
(<code>cn=Manager,dc=xx,dc=xx</code>)</p>
</li>
<li>
<p>Find the LDAP object of your mail domain which you want to add alias
domain in left panel of phpLDAPadmin, click the ldap object, phpLDAPadmin will
show detailed LDAP attributes/values of this domain in right panel.</p>
</li>
<li>
<p>Add a new LDAP attribute <code>domainAliasName</code> to this domain account, set value
to the alias domain (e.g. <code>domain.com</code>). Save your change.</p>
</li>
</ul>
<p>Now you should add addition mail address for all mail users, lists, aliases.
For example, if you have mail user <code>user@example.com</code>, you should add addition
email address <code>user@domain.ltd</code> for this user. Steps:</p>
<ul>
<li>
<p>Find the LDAP object of mail account which you want to add addition email
address in left panel of phpLDAPadmin, for example, user <code>user@example.com</code>,
click the ldap object, phpLDAPadmin will show detailed LDAP attributes/values
in right panel.</p>
</li>
<li>
<p>Add a new LDAP attribute <code>shadowAddress</code> to this mail account, set value to
<code>user@domain.ltd</code>. <strong>WARNING</strong>: You must user the same username part as
original email address.</p>
</li>
<li>
<p>Save your change.</p>
</li>
</ul>
<p>If you have several mail accounts (mail users, lists, aliases), you have to
add addition email address for them all.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

42
html/ldap.add.mail.alias.html Normal file
View File

@ -0,0 +1,42 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LDAP: Add a mail alias account</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="ldap-add-a-mail-alias-account">LDAP: Add a mail alias account</h1>
<ul>
<li>
<p>Log into phpLDAPadmin as LDAP root dn <code>cn=Manager</code> or <code>cn=vmailadmin</code>:<br />
<img alt="" src="http://screenshots.iredmail.googlecode.com/hg/phpldapadmin/login.png" /></p>
</li>
<li>
<p>Expand LDAP tree in left panel, click <code>Create new entry here</code> under <code>ou=Aliases</code> of your domain, and select <code>Default</code> in right panel:<br />
<img alt="" src="http://screenshots.iredmail.googlecode.com/hg/phpldapadmin/create_alias_1.png" /></p>
</li>
<li>
<p>Select object class <code>mailAlias</code> in right panel:<br />
<img alt="" src="http://screenshots.iredmail.googlecode.com/hg/phpldapadmin/create_alias_2.png" /></p>
</li>
<li>
<p>Input required fields of alias account:<br />
<img alt="" src="http://screenshots.iredmail.googlecode.com/hg/phpldapadmin/create_alias_3.png" /></p>
</li>
</ul>
<p><strong>WARNING</strong>: Attribute <code>enabledService</code> requires two values: <code>mail</code>, <code>deliver</code>.</p>
<ul>
<li>
<p>Confirm to create:<br />
<img alt="" src="http://screenshots.iredmail.googlecode.com/hg/phpldapadmin/create_alias_4.png" /></p>
</li>
<li>
<p>Add missing value of attribute <code>enabledService</code>, and you can add as many destination addresses as you want here (value of attribute <code>mailForwardingAddress</code>):<br />
<img alt="" src="http://screenshots.iredmail.googlecode.com/hg/phpldapadmin/create_alias_5.png" /></p>
</li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

90
html/ldap.add.mail.list.html Normal file
View File

@ -0,0 +1,90 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LDAP: Add a mail list account</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="ldap-add-a-mail-list-account">LDAP: Add a mail list account</h1>
<h2 id="add-mail-list-with-iredadmin-pro">Add mail list with iRedAdmin-Pro</h2>
<p>With iRedAdmin-Pro, you can easily add mail list account by click menu:
<code>Add -&gt; Mail List</code> in main navigation bar.</p>
<h2 id="add-mail-list-with-phpldapadmin">Add mail list with phpLDAPadmin</h2>
<ul>
<li>Login to phpLDAPadmin (httpS://[your_server]/phpldapadmin/)</li>
<li>Expand LDAP tree in left panel, find <code>ou=Groups</code> under your domain dn.</li>
<li>Click <code>ou=Groups</code> in left panel, then click <code>Create a child entry</code> in right
panel. Screenshot:</li>
</ul>
<p><a href="http://screenshots.iredmail.googlecode.com/hg/iredmail/phpldapadmin/create_maillist_ou_groups.png"></a>
<em> Choose <code>mailList</code> in <code>ObjectClasses</code> list, then click <code>Proceed</code>.
</em> Select <code>mail</code> as RDN, fill necessary values of attributes:</p>
<pre><code>dn: mail=demolist@demo.iredmail.org,ou=Groups,domainName=demo.iredmail.org,o=domains,dc=iredmail,dc=org
accountStatus: active
cn: demolist
enabledService: mail
enabledService: deliver
enabledService: displayedInGlobalAddressBook
mail: demolist@demo.iredmail.org
objectClass: mailList
</code></pre>
<p>Now switch to <code>ou=Users</code> under you domain LDAP dn in left panel.</p>
<ul>
<li>Expand <code>ou=Users</code> in left panel.</li>
<li>Find user account which you want to assign to new mail list we created above.</li>
<li>Click user account in left panel.</li>
<li>If attribute <code>memberOfGroup</code> exists in right panel:<ul>
<li>click <code>Add value</code> under it and fill mail address of our new mail list. For example: <code>demolist@demo.iredmail.org</code></li>
<li>Click <code>Update Object</code> to save settings.</li>
</ul>
</li>
<li>If attribute <code>memberOfGroup</code> doesn't exist in right panel:<ul>
<li>Click <code>Add new attribute</code> in right panel</li>
<li>Choose <code>memberOfGroup</code> in drop-down list.</li>
<li>Fill mail address of our new mail list.</li>
<li>Click <code>Update Object</code> to save settings.</li>
</ul>
</li>
</ul>
<p>You can add as many <code>memberOfGroup=xxx</code> as you want, which means this user is assigned to many mail lists.</p>
<p>Here's sample to add external users as mail list members:</p>
<pre><code>dn: memberOfGroup=demolist@demo.iredmail.org,ou=Externals,domainName=demo.iredmail.org,o=domains,dc=iredmail,dc=org
accountstatus: active
enabledservice: mail
enabledservice: deliver
mail: user01@external.com
mail: user02@external.com
memberofgroup: demolist@demo.iredmail.org
objectclass: mailExternalUser
</code></pre>
<p><strong>IMPORTANT NOTE</strong>: If you don't have any mail list member, Postfix will report error like below:</p>
<pre><code>Aug 1 15:45:42 mail postfix/smtpd[6024]: NOQUEUE: reject: RCPT from unknown[1.1.1.1]: 550 5.1.1
&lt;it@domain1.ru&gt;: Recipient address rejected: User unknown in virtual mailbox table; from=&lt;test@domain1.ru&gt;
to=&lt;it@domain1.ru&gt; proto=ESMTP helo=&lt;[2.2.2.2]&gt;
</code></pre>
<h2 id="mail-list-access-policies">Mail list access policies</h2>
<p>You can restrict who can send email to this mailing list by adding LDAP attribute <code>accessPolicy</code>. For example:</p>
<pre><code>dn: mail=demolist@demo.iredmail.org,ou=Groups,domainName=demo.iredmail.org,o=domains,dc=iredmail,dc=org
accesspolicy: domain
...
</code></pre>
<p>This access restriction is implemented in iRedAPD (a simple Postfix policy
server), iRedMail has it enabled by default.</p>
<p>Available access policies are:</p>
<ul>
<li><code>public</code>: no restrictions.</li>
<li><code>domain</code>: all users under same domain are allowed to send email to this mail list.</li>
<li><code>subdomain</code>: all users under same domain and sub-domains are allowed to send email to this mail list.</li>
<li><code>membersOnly</code>: only members of this mail list are allowd.</li>
<li><code>moderatorsOnly</code>: only moderators of this mail list are allowed.</li>
<li><code>memebersAndModeratorsOnly</code>: only members and moderators of this mail list are allowed.</li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

47
html/ldap.user.mail.forwarding.html Normal file
View File

@ -0,0 +1,47 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>LDAP: User mail forwarding.</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="ldap-user-mail-forwarding">LDAP: User mail forwarding.</h1>
<h2 id="set-mail-forwarding-with-iredadmin-pro">Set mail forwarding with iRedAdmin-Pro</h2>
<p>With iRedAdmin-Pro, you can simply add mail forwarding addresses in user
profile page, under tab <code>Forwarding</code>.</p>
<p>Screenshot:</p>
<p><img alt="" src="http://www.iredmail.org/images/iredadmin/user_profile_mail_forwarding.png" /></p>
<h2 id="set-mail-forwarding-with-phpldapadmin">Set mail forwarding with phpLDAPadmin</h2>
<p>To forward emails to other email addresses, you can add value in LDAP attribute
<code>mailForwardingAddress</code> of user object.</p>
<p>For example, if you want to forward all emails sent to <code>user@domain.ltd</code> to
two addresses: <code>forward@domain.ltd</code>, <code>user@gmail.com</code>. Steps:</p>
<ol>
<li>
<p>Login to phpLDAPadmin (https://[your_server]/phpldapadmin ) as LDAP root dn
<code>cn=Manager,dc=xx,dc=xx</code> or 'cn=vmailadmin,dc=xx,dc=xx'.</p>
</li>
<li>
<p>Find the LDAP object of email account which you want to forward emails in
left panel of phpLDAPadmin, click the ldap object, phpLDAPadmin will show you
detailed LDAP attributes/values in right panel.</p>
</li>
<li>
<p>Add a new LDAP attribute <code>mailForwardingAddress</code> to this mail account, set
value to first forwarding address <code>forward@domain.ltd</code>.</p>
</li>
<li>
<p>Repeat step #3, add another email address: <code>user@gmail.com</code>.</p>
</li>
<li>
<p>Save your changes.</p>
</li>
</ol>
<p>Now all emails sent to <code>user@domain.ltd</code> will be forwarded to both
<code>forward@domain.ltd</code> and <code>user@gmail.com</code>.</p>
<p>If you want to save a copy of forwarded email, please add 'user@domain.ltd' as addition value of LDAP attribute 'mailForwardingAddress'.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

58
html/migrate.or.upgrade.iredadmin.html Normal file
View File

@ -0,0 +1,58 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Migrate iRedAdmin open source edition to iRedAdmin-Pro</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="migrate-iredadmin-open-source-edition-to-iredadmin-pro">Migrate iRedAdmin open source edition to iRedAdmin-Pro</h1>
<div class="toc">
<ul>
<li><a href="#migrate-iredadmin-open-source-edition-to-iredadmin-pro">Migrate iRedAdmin open source edition to iRedAdmin-Pro</a><ul>
<li><a href="#requirements">Requirements</a></li>
<li><a href="#upgrade-steps">Upgrade Steps</a></li>
<li><a href="#addition-optional-steps">Addition optional steps</a></li>
</ul>
</li>
</ul>
</div>
<p>This tutorial describes how to migrate iRedAdmin open source edition or old
iRedAdmin-Pro release to the latest iRedAdmin-Pro (full-featured edition).</p>
<h2 id="requirements">Requirements</h2>
<ul>
<li>You <strong>MUST</strong> have iRedAdmin open source edition or old iRedAdmin-Pro release
installed and running on your server before upgrading.</li>
</ul>
<h2 id="upgrade-steps">Upgrade Steps</h2>
<ul>
<li>
<p>Upload or copy the latest iRedAdmin-Pro to your server which has iRedAdmin
open source edition or old iRedAdmin-Pro release running. We assume you
uploaded it to <code>/root/iRedAdmin-Pro-{BACKEND}-x.y.z.tar.bz2</code> ({BACKEND} is one
of <code>LDAP</code>, <code>MySQL</code>, <code>PGSQL</code>). We will use iRedAdmin-Pro-x.y.z below for
example, please replace x.y.z by the real file name. For example,
<code>iRedAdmin-Pro-LDAP-2.1.2.tar.bz2</code>.</p>
</li>
<li>
<p>Uncompress and upgrade iRedAdmin-Pro</p>
</li>
</ul>
<pre><code># cd /root/
# tar xjf iRedAdmin-Pro-x.y.z.tar.bz2
# cd iRedAdmin-Pro-x.y.z/tools/
# bash upgrade_iredadmin.sh
</code></pre>
<p>That's all. If it doesn't work for you, please post a new topic in our
<a href="http://www.iredmail.org/forum/">online support forum</a>.</p>
<h2 id="addition-optional-steps">Addition optional steps</h2>
<ul>
<li>If you want to quarantine SPAM/Virus into SQL database and manage them with
iRedAdmin-Pro, please follow this tutorial to update Amavisd settings:
<a href="./quarantining.html">Quarantining SPAM and Virus emails into SQL database</a></li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

137
html/migrate.to.new.iredmail.server.html Normal file
View File

@ -0,0 +1,137 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Migrate old iRedMail server to the latest stable release</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="migrate-old-iredmail-server-to-the-latest-stable-release">Migrate old iRedMail server to the latest stable release</h1>
<div class="toc">
<ul>
<li><a href="#migrate-old-iredmail-server-to-the-latest-stable-release">Migrate old iRedMail server to the latest stable release</a><ul>
<li><a href="#client-settings-outlook-thunderbird">Client settings (Outlook, Thunderbird)</a></li>
<li><a href="#ldap-migrate-mail-accounts">LDAP: migrate mail accounts</a></li>
<li><a href="#mysqlpostgresql-migrate-mail-accounts">MySQL/PostgreSQL: Migrate mail accounts</a></li>
<li><a href="#migrate-mailboxes-maildir-format">Migrate mailboxes (Maildir format)</a></li>
<li><a href="#migrate-roundcube-webmail-data">Migrate Roundcube webmail data</a></li>
</ul>
</li>
</ul>
</div>
<p><code>WARNING</code>: Please try it on a test server first. if it works well, then try it on product server.</p>
<p>Since new iRedMail server will install same components as old server, you can choose what data you want to migrate. Most important data are:</p>
<ul>
<li>email accounts stored in SQL/LDAP.</li>
<li>user mailboxes. Stored under /var/vmail by default.</li>
<li>SQL database of Roundcube webmail. It stores per-user webmail preferences, and address book.</li>
<li>Policyd/Cluebringer database. It stores white/blacklists records, greylisting records, etc.</li>
<li>Amavisd database.<ul>
<li>It stores per-recipient white/blacklists in SQL tables: <code>mailaddr</code>, <code>policy</code>, <code>users</code>, <code>wblist</code>.</li>
<li>Basic info of in/out emails are stored in SQL tables: <code>maddr</code>, <code>msgs</code>, <code>msgrcpt</code>. Quarantined emails are stored in <code>quarantine</code>, it requires other 3 tables. If you don't have any quarantined emails, it's safe to delete all records in these 4 tables.</li>
</ul>
</li>
</ul>
<p><strong>WARNING</strong>: Do not restore database <code>mysql</code> exported from old server, it contains SQL usernames/passwords for Roundcube/Amavisd/Policyd/Cluebringer used on old server. New iRedMail server has the same SQL usernames, but different passwords. So please do not restore it.</p>
<h2 id="client-settings-outlook-thunderbird">Client settings (Outlook, Thunderbird)</h2>
<p>Since iRedMail-0.8.7, iRedMail enforces secure POP3/IMAP/SMTP connections.
Mail client programs must issue 'STARTTLS' command before authentication,
so please update your mail client programs you must change your mail client
programs (e.g. Outlook, Thunderbird) to use TLS connection.</p>
<ul>
<li>For SMTP service, use port <code>587</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<li>For IMAP service, use port <code>143</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
<li>For POP3 service, use port <code>110</code> with <code>STARTTLS</code> (or <code>TLS</code>).</li>
</ul>
<p>Addition notes:</p>
<ul>
<li>
<p>If you want to enable smtp authentication on port <code>25</code> (again, not
recommended), please comment out Postfix parameter <code>smtpd_tls_auth_only = yes</code>
in its config file <code>/etc/postfix/main.cf</code>.</p>
</li>
<li>
<p>if you want to enable SMTPS (SMTP over SSL, port <code>465</code>) to support legency
mail clients, please follow this tutorial: (How to enable SMTPS service)[./faq-howto/howto.enable.smtps.service].</p>
</li>
</ul>
<h2 id="ldap-migrate-mail-accounts">LDAP: migrate mail accounts</h2>
<p>Steps to migrate LDAP mail accounts:</p>
<ul>
<li>Setup a new server with the latest iRedMail, and make iRedAdmin-Pro-LDAP work as expected.</li>
<li>Export mail accounts from LDAP on OLD mail server.</li>
</ul>
<p>Normally, LDAP data can be exported into LDIF format. Here's backup/export script: <a href="http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Backup">http://www.iredmail.org/wiki/index.php?title=IRedMail/FAQ/Backup</a></p>
<p><strong>Note</strong>:
<em> There might be some changes in LDAP schema, please find scripts in below URL to apply all required changes: <a href="https://bitbucket.org/zhb/iredmail/src/default/extra/update/">https://bitbucket.org/zhb/iredmail/src/default/extra/update/</a>
</em> You can find all upgrade tutorials of iRedMail here: <a href="http://www.iredmail.org/doc.html#upgrade_tutorial">http://www.iredmail.org/doc.html#upgrade_tutorial</a></p>
<h2 id="mysqlpostgresql-migrate-mail-accounts">MySQL/PostgreSQL: Migrate mail accounts</h2>
<p>All mail accounts are stored in database <code>vmail</code> by default, to migrate mail
accounts, you can simply export this database on old server, then import it
on new server.</p>
<p><strong>IMPORTANT NOTE</strong>: iRedMail-0.8.7 drops several SQL columns, so before you
import backup SQL database, please add them first. It's safe to drop them
after you imported old database on new server.</p>
<pre><code class="mysql">mysql&gt; USE vmail;
mysql&gt; ALTER TABLE mailbox ADD COLUMN bytes BIGINT(20) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE mailbox ADD COLUMN messages BIGINT(20) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE domain ADD COLUMN defaultlanguage VARCHAR(5) NOT NULL DEFAULT 'en_US';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultuserquota BIGINT(20) NOT NULL DEFAULT '1024';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultuseraliases TEXT;
mysql&gt; ALTER TABLE domain ADD COLUMN disableddomainprofiles VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN disableduserprofiles VARCHAR(255) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN defaultpasswordscheme VARCHAR(10) NOT NULL DEFAULT '';
mysql&gt; ALTER TABLE domain ADD COLUMN minpasswordlength INT(10) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE domain ADD COLUMN maxpasswordlength INT(10) NOT NULL DEFAULT 0;
mysql&gt; ALTER TABLE alias ADD COLUMN islist TINYINT(1) NOT NULL DEFAULT 0;
</code></pre>
<p>After imported backup SQL databases, please execute below commands to mark
mail alias accounts and drop above newly created columns:</p>
<pre><code class="mysql">mysql&gt; USE vmail;
mysql&gt; UPDATE alias SET islist=1 WHERE address NOT IN (SELECT username FROM mailbox);
mysql&gt; UPDATE alias SET islist=0 WHERE address=domain; -- domain catch-all account
-- Store values into new column: domain.settings and drop them
mysql&gt; UPDATE domain SET settings='';
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultlanguage IS NULL OR defaultlanguage='', '', CONCAT('default_language:', defaultlanguage, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultuserquota IS NULL OR defaultuserquota=0, '', CONCAT('default_user_quota:', defaultuserquota, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(defaultuseraliases IS NULL OR defaultuseraliases='', '', CONCAT('default_groups:', defaultuseraliases, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(minpasswordlength IS NULL OR minpasswordlength=0, '', CONCAT('min_passwd_length:', minpasswordlength, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(maxpasswordlength IS NULL OR maxpasswordlength=0, '', CONCAT('max_passwd_length:', maxpasswordlength, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(disableddomainprofiles IS NULL OR disableddomainprofiles='', '', CONCAT('disabled_domain_profiles:', disableddomainprofiles, ';')));
mysql&gt; UPDATE domain SET settings=CONCAT(settings, IF(disableduserprofiles IS NULL OR disableduserprofiles='', '', CONCAT('disabled_user_profiles:', disableduserprofiles, ';')));
mysql&gt; ALTER TABLE domain DROP defaultlanguage;
mysql&gt; ALTER TABLE domain DROP defaultuserquota;
mysql&gt; ALTER TABLE domain DROP defaultuseraliases;
mysql&gt; ALTER TABLE domain DROP minpasswordlength;
mysql&gt; ALTER TABLE domain DROP maxpasswordlength;
mysql&gt; ALTER TABLE domain DROP disableddomainprofiles;
mysql&gt; ALTER TABLE domain DROP disableduserprofiles;
</code></pre>
<p><strong>IMPORTANT NOTE</strong>: There might be some changes in SQL structure, please read
all upgrade tutorials for your current iRedMail release, then apply SQL
structure related changes. For example:
<a href="http://www.iredmail.org/wiki/index.php?title=Upgrade/iRedMail/0.7.4-0.8.0#Add_internal_service_required_by_Doveadm_2">http://www.iredmail.org/wiki/index.php?title=Upgrade/iRedMail/0.7.4-0.8.0#Add_internal_service_required_by_Doveadm_2</a></p>
<h2 id="migrate-mailboxes-maildir-format">Migrate mailboxes (Maildir format)</h2>
<ul>
<li>Simply copy all mailboxes (in Maildir format) to new iRedMail server.</li>
<li>Set correct file owner of mailboxes. Default owner is <code>vmail</code>, group is <code>vmail</code>.</li>
<li>Set correct file permission of mailboxes. Default is <code>0700</code>.</li>
</ul>
<p>WARNING: please make sure maildir path stored in SQL/LDAP matches the mailbox
path on file system, so that mail clients can find imported emails.</p>
<h2 id="migrate-roundcube-webmail-data">Migrate Roundcube webmail data</h2>
<ul>
<li>Export/import roundcube webmail database, and upgrade database to work with new version of Roundcube.
<a href="http://trac.roundcube.net/wiki/Howto_Upgrade">http://trac.roundcube.net/wiki/Howto_Upgrade</a></li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

65
html/monitor.incoming.and.outgoing.mails.with.bcc.html Normal file
View File

@ -0,0 +1,65 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Monitor incoming and outgoing mails with BCC</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="monitor-incoming-and-outgoing-mails-with-bcc">Monitor incoming and outgoing mails with BCC</h1>
<div class="toc">
<ul>
<li><a href="#monitor-incoming-and-outgoing-mails-with-bcc">Monitor incoming and outgoing mails with BCC</a><ul>
<li><a href="#manage-bcc-settings-with-iredadmin-pro">Manage BCC settings with iRedAdmin-Pro</a></li>
<li><a href="#manage-bcc-settings-with-phpldapadmin-or-other-ldap-client-tools">Manage BCC settings with phpLDAPadmin or other LDAP client tools</a></li>
<li><a href="#screenshot-of-iredadmin-pro">Screenshot of iRedAdmin-Pro</a></li>
</ul>
</li>
</ul>
</div>
<p>This tutorial describes how to configure your iRedMail server (OpenLDAP backend)
to monitor incoming and outgoing mails with BCC, via iRedAdmin-Pro or phpLDAPadmin.</p>
<h2 id="manage-bcc-settings-with-iredadmin-pro">Manage BCC settings with iRedAdmin-Pro</h2>
<p>With iRedAdmin-Pro, you can configure BCC easily.</p>
<ul>
<li>For per-domain BCC settings, please go to domain profile page, then you can
manage BCC settings under tab <code>BCC</code>.</li>
<li>For per-user BCC settings, please go to user profile page, then you can
manage BCC settings under tab <code>BCC</code>.</li>
</ul>
<h2 id="manage-bcc-settings-with-phpldapadmin-or-other-ldap-client-tools">Manage BCC settings with phpLDAPadmin or other LDAP client tools</h2>
<ul>
<li>For per-domain BCC settings, you can add below LDAP attribute/value pairs
for domain object:</li>
</ul>
<pre><code># per-domain sender bcc
enabledService=senderbcc
domainSenderBccAddress=user@domain.com
# per-domain recipient bcc
enabledService=recipientbcc
domainRecipientBccAddress=user@domain.com
</code></pre>
<ul>
<li>For per-user BCC settings, you can add below LDAP attribute/value pairs
for user object:</li>
</ul>
<pre><code># per-domain sender bcc
enabledService=senderbcc
userSenderBccAddress=user@domain.com
# per-domain recipient bcc
enabledService=recipientbcc
userRecipientBccAddress=user@domain.com
</code></pre>
<h2 id="screenshot-of-iredadmin-pro">Screenshot of iRedAdmin-Pro</h2>
<p>Per-domain bcc settings:
<img alt="" src="http://www.iredmail.org/images/iredadmin/domain_profile_bcc.png" /></p>
<p>Per-user bcc settings:
<img alt="" src="http://www.iredmail.org/images/iredadmin/user_profile_bcc.png" /></p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

70
html/password.hashes.html Normal file
View File

@ -0,0 +1,70 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Password hashes</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="password-hashes">Password hashes</h1>
<h2 id="password-hashes-supported-by-iredmail">Password hashes supported by iRedMail</h2>
<p>iRedMail configures Postfix to use Dovecot as SASL authenticate server, so all
password schemes supported by Dovecot can be used in iRedMail. Please refer to
Dovecot wiki page
<a href="http://wiki2.dovecot.org/Authentication/PasswordSchemes"><code>Password Schemes</code></a> for more details.</p>
<p>Below password schemes are supported in iRedAdmin-Pro (which means you can add new mail user with either one):</p>
<ul>
<li>Plain text. e.g. <code>123456</code></li>
<li>MD5. (salted. e.g. <code>$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></li>
<li>PLAIN-MD5 (unsalted MD5). e.g. <code>0d2bf3c712402f428d48fed691850bfc</code></li>
<li>SSHA. e.g. <code>{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD</code></li>
<li>SSHA512. e.g. <code>{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></li>
</ul>
<p><strong>NOTE</strong>: Dovecot claims it supports SSHA512, but I didn't get it work.
Please test it first if you choose SSHA512.</p>
<h2 id="default-password-schemes-used-in-iredmail">Default password schemes used in iRedMail</h2>
<ul>
<li>For MySQL and PostgreSQL backends: <code>MD5</code> (salted).</li>
<li>For LDAP backend: <code>SSHA</code>.</li>
</ul>
<h2 id="how-to-use-different-password-hashes-in-iredmail">How to use different password hashes in iRedMail</h2>
<h3 id="for-mysql-and-postgresql-backends">For MySQL and PostgreSQL backends</h3>
<p>All mail users are stored in SQL table <code>vmail.mailbox</code>, user password is stored
in SQL column <code>mailbox.password</code>. For example:</p>
<pre><code>sql&gt; UPDATE mailbox SET password='$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250' WHERE username='xx@xx';
sql&gt; UPDATE mailbox SET password='{SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD' WHERE username='xx@xx';
sql&gt; UPDATE mailbox SET password='{SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=' WHERE username='xx@xx';
</code></pre>
<ul>
<li>To store PLAIN-MD5, you have to prepend <code>{PLAIN-MD5}</code> in your password hash:</li>
</ul>
<pre><code>sql&gt; UPDATE mailbox SET password='{PLAIN-MD5}0d2bf3c712402f428d48fed691850bfc' WHERE username='xx@xx';
</code></pre>
<ul>
<li>To store plain password, you have to prepend <code>{PLAIN}</code>:
<code>sql&gt; UPDATE mailbox SET password='{PLAIN}123456' WHERE username='xx@xx';</code></li>
</ul>
<h3 id="for-ldap-backends">For LDAP backends</h3>
<p>User password is stored in attribute <code>userPassword</code> of user object.</p>
<ul>
<li>
<p>To store plain password, SSHA, SSHA512 password hash, just store them in
original format. For example:
<code>userPassword: 123456
userPassword: {SSHA}OuCrqL2yWwQIu8a9uvyOQ5V/ZKfL7LJD
userPassword: {SSHA512}FxgXDhBVYmTqoboW+ibyyzPv/wGG7y4VJtuHWrx+wfqrs/lIH2Qxn2eA0jygXtBhMvRi7GNFmL++6aAZ0kXpcy1fxag=</code></p>
</li>
<li>
<p>To store standard MD5 password (salted MD5 hash), please prepend <code>{CRYPT}</code>
(case insensitive) in your password hash. For example:
<code>userPassword: {CRYPT}$1$GfHYI7OE$vlXqMZSyJOSPXAmbXHq250</code></p>
</li>
</ul>
<p><strong>IMPORTANT NOTE</strong>: If you want to input password hash with phpLDAPadmin,
please choose <code>clear</code> in the password hash list, then input password hash.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

81
html/pipe.incoming.email.for.certain.user.to.external.script.html Normal file
View File

@ -0,0 +1,81 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Pipe incoming email for certain user to external script</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="pipe-incoming-email-for-certain-user-to-external-script">Pipe incoming email for certain user to external script</h1>
<p>This tutorial explains how to pipe incoming email for certain user to external script.</p>
<h2 id="configure-postfix-to-use-your-external-script-as-transport">Configure Postfix to use your external script as transport</h2>
<p>To pipe incoming emails to external script, you must add your external script
as Postfix transport program. Please add below line at the bottom of Postfix
config file <code>/etc/postfix/master.cf</code>:</p>
<pre><code>external-pipe unix - n n - - pipe
flags= user=vmail:vmail argv=/path/to/your/external/script.sh
</code></pre>
<p><strong>Note</strong>:</p>
<ul>
<li>You can use some macros to replace with corresponding information from the
Postfix queue manager delivery request. Refer to Postfix manual page
<a href="http://www.postfix.org/pipe.8.html">pipe(8)</a> for more details. For example:</li>
</ul>
<pre><code>external-pipe unix - n n - - pipe
flags=DRhu user=vmail:vmail argv=/path/to/your/external/script.sh -f ${sender} -d ${user}@${domain} -m ${extension}
</code></pre>
<ul>
<li>the second line needs to be right under the first line and must start with
one (or more) whitespace, and the first line cannot start with whitespace,
otherwise postfix will fail with <code>unexpected command-line argument</code> errors.
Also make sure the <code>user=</code> line is pointing to a valid user with permissions
to execute the script. This user must not be the postfix or root user, otherwise
or the pipe will fail.</li>
</ul>
<p>Now restart Postfix service to make this new transport available:</p>
<pre><code># /etc/init.d/postfix restart
</code></pre>
<h2 id="update-per-user-transport-to-use-this-new-transport">Update per-user transport to use this new transport</h2>
<p>We need to update per-user transport setting, so that all emails delivered to
this user will be piped to this new transport - your script.</p>
<ul>
<li>
<p>If you have iRedAdmin-Pro:</p>
<ul>
<li>
<p>For iRedAdmin-Pro OpenLDAP edition, please go to user profile page, under
tab <code>Advanced</code>, set <code>Relay/Transport setting</code> to <code>external-pipe</code>. Screenshot: <img alt="" src="http://www.iredmail.org/images/iredadmin/user_profile_relay.png" /></p>
</li>
<li>
<p>For iRedAdmin-Pro MySQL or PostgreSQL edition, please go to user profile
page, under tab <code>Relay</code>, set <code>Relay/Transport setting</code> to <code>external-pipe</code>.</p>
</li>
</ul>
</li>
<li>
<p>If you don't have iRedAdmin-Pro, please update LDAP/MySQL/PgSQL database to
use this new transport.</p>
<ul>
<li>
<p>For OpenLDAP backend, please login to phpLDAPadmin, add new attribute
<code>mtaTransport</code> for your user, set its value to <code>external-pipe</code>.</p>
</li>
<li>
<p>For MySQL/PostgreSQL backend, please execute below command with SQL
command line tool (Replace 'user@domain.ltd' by the real email address):</p>
</li>
</ul>
</li>
</ul>
<pre><code>sql&gt; USE vmail;
sql&gt; UPDATE mailbox SET transport='external-pipe' WHERE username='user@domain.ltd';
</code></pre>
<p>That's all.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

140
html/quarantining.html Normal file
View File

@ -0,0 +1,140 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Quarantining</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="quarantining">Quarantining</h1>
<div class="toc">
<ul>
<li><a href="#quarantining">Quarantining</a><ul>
<li><a href="#summary">Summary</a></li>
<li><a href="#update-amavisd-config-file-to-enable-normal-quarantining">Update Amavisd config file to enable normal quarantining</a></li>
<li><a href="#configure-iredadmin-pro-to-manage-quarantined-mails">Configure iRedAdmin-Pro to manage quarantined mails</a></li>
<li><a href="#quarantine-clean-emails">Quarantine clean emails</a></li>
<li><a href="#screenshots">Screenshots</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="summary">Summary</h2>
<p>Since iRedMail-<code>0.7.0</code>, quarantining related settings in Amavisd are configured
by iRedMail but disabled by default, you can easily enable quarantining with
this tutorial.</p>
<p>With below steps, Virus/Spam/Banned emails will be quarantined into SQL database.
You can then manage quarantined emails with iRedAdmin-Pro.</p>
<h2 id="update-amavisd-config-file-to-enable-normal-quarantining">Update Amavisd config file to enable normal quarantining</h2>
<p>Edit Amavisd config file, find below settings and update them. If it doesn't
exist, please add them.</p>
<ul>
<li>on Red Hat Enterprise Linux, CentOS, Scientific Linux, it's <code>/etc/amavisd/amavisd.conf</code>
or <code>/etc/amavisd.conf</code>.</li>
<li>on Debian/Ubuntu, it's <code>/etc/amavis/conf.d/50-user</code>.</li>
<li>on FreeBSD, it's <code>/usr/local/etc/amavisd.conf</code>.</li>
<li>on OpenBSD, it's <code>/etc/amavisd.conf</code>.</li>
</ul>
<pre><code># File: amavisd.conf
# Change below 3 parameters to D_DISCARD.
$final_virus_destiny = D_DISCARD;
$final_spam_destiny = D_DISCARD;
$final_banned_destiny = D_DISCARD;
# Quarantine SPAM into SQL server.
$spam_quarantine_to = 'spam-quarantine';
$spam_quarantine_method = 'sql:';
# Quarantine VIRUS into SQL server.
$virus_quarantine_to = 'virus-quarantine';
$virus_quarantine_method = 'sql:';
# Quarantine BANNED emails into SQL server.
$banned_quarantine_to = 'banned-quarantine';
$banned_files_quarantine_method = 'sql:';
</code></pre>
<p>Also, make sure you have below lines configured in same config file:</p>
<pre><code class="perl"># For MySQL
@storage_sql_dsn = (
['DBI:mysql:database=amavisd;host=127.0.0.1;port=3306', 'amavisd', 'password'],
);
# For PostgreSQL
#@storage_sql_dsn = (
# ['DBI:Pg:database=amavisd;host=127.0.0.1;port=5432', 'amavisd', 'password'],
#);
</code></pre>
<p>Restart amavisd service to make it work.</p>
<h2 id="configure-iredadmin-pro-to-manage-quarantined-mails">Configure iRedAdmin-Pro to manage quarantined mails</h2>
<p>Update iRedAdmin-Pro config file, make sure you have correct settings for Amavisd:</p>
<ul>
<li>on Red Hat Enterprise Linux, CentOS, Scientific Linux, it's <code>/var/www/iredadmin/settings.py</code>.</li>
<li>on Debian, Ubuntu, it's <code>/usr/share/apache2/iredadmin/settings.py</code>.</li>
<li>on FreeBSD, it's <code>/usr/local/www/iredadmin/settings.py</code>.</li>
<li>on OpenBSD, it's <code>/var/www/iredadmin/settings.py</code>.</li>
</ul>
<pre><code class="python"># File: settings.py
amavisd_db_host = '127.0.0.1'
amavisd_db_port = 3306
amavisd_db_name = 'amavisd'
amavisd_db_user = 'amavisd'
amavisd_db_password = 'password'
amavisd_enable_logging = True
amavisd_enable_quarantine = True
amavisd_quarantine_port = 9998
# This setting is used for per-recipient spam policy
amavisd_enable_policy_lookup = True
</code></pre>
<p>Restart Apache web server to make it work.</p>
<p>You can now login to iRedAdmin-Pro, and manage quarantined mails via menu
<code>System -&gt; Quarantined Mails</code>. Choose action in drop-down menu list to release
or delete them.</p>
<p>Screenshots attached at the bottom.</p>
<h2 id="quarantine-clean-emails">Quarantine clean emails</h2>
<p>If you want to quarantine clean emails into SQL database for further approval
or whatever reason, please try below steps:</p>
<ul>
<li>Update below parameters in Amavisd config file:</li>
</ul>
<pre><code class="perl"># File: /etc/amavisd/amavisd.conf
$clean_quarantine_method = 'sql:';
$clean_quarantine_to = 'clean-quarantine';
</code></pre>
<ul>
<li>Find policy bank 'MYUSERS', append two lines in this policy bank:</li>
</ul>
<pre><code class="perl">$policy_bank{'MYUSERS'} = {
...
clean_quarantine_method =&gt; 'sql:',
final_destiny_by_ccat =&gt; {CC_CLEAN, D_DISCARD},
}
</code></pre>
<ul>
<li>Restart Amavisd service.</li>
</ul>
<p>Now all clean emails sent by your mail users will be quarantined into SQL
database.</p>
<h2 id="screenshots">Screenshots</h2>
<ul>
<li>View quarantined mails:</li>
</ul>
<p><img alt="" src="http://www.iredmail.org/images/iredadmin/system_maillog_quarantined.png" /></p>
<ul>
<li>Expand quarantined mail to view mail body and headers.</li>
</ul>
<p><img alt="" src="http://www.iredmail.org/images/iredadmin/system_maillog_quarantined_expanded.png" /></p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

34
html/recalculate.mailbox.quota.html Normal file
View File

@ -0,0 +1,34 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Force Dovecot to recalculate mailbox quota</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="force-dovecot-to-recalculate-mailbox-quota">Force Dovecot to recalculate mailbox quota</h1>
<p>iRedMail enables dict quota since iRedMail-0.7.0, dict quota is recalculated
only if the quota goes below zero</p>
<ul>
<li>For MySQL and PostgreSQL backend:</li>
</ul>
<pre><code>mysql&gt; USE vmail;
mysql&gt; DELETE FROM used_quota WHERE username='user@domain.ltd';
</code></pre>
<ul>
<li>For OpenLDAP backend:</li>
</ul>
<pre><code>mysql&gt; USE iredadmin;
mysql&gt; DELETE FROM used_quota WHERE username='user@domain.ltd';
</code></pre>
<p>Re-login via POP3/IMAP (or webmail) will trigger Dovecot to recalculate mailbox
quota.</p>
<p><strong>TIP</strong>: it's safe to delete records in SQL table <code>used_quota</code> if mail user
was deleted in table <code>vmail.mailbox</code> or LDAP. iRedAdmin-Pro will handle this
for you automatically.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

138
html/sogo-centos-6-mysql.html Normal file
View File

@ -0,0 +1,138 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="sogo-how-to-install-sogo-on-centos-6-with-iredmail-mysql-backend">SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)</h1>
<div class="toc">
<ul>
<li><a href="#sogo-how-to-install-sogo-on-centos-6-with-iredmail-mysql-backend">SOGo: How to install SOGo on CentOS 6 with iRedMail (MySQL backend)</a><ul>
<li><a href="#requirements">Requirements</a></li>
<li><a href="#install-sogo">Install SOGo</a></li>
<li><a href="#create-sql-database-to-store-sogo-data">Create SQL database to store SOGo data</a></li>
<li><a href="#configure-sogo">Configure SOGo</a></li>
<li><a href="#start-sogo-and-dependent-services">Start SOGo and dependent services</a></li>
<li><a href="#how-to-configure-client-applications">How to configure client applications</a><ul>
<li><a href="#apple-devices">Apple Devices</a></li>
</ul>
</li>
<li><a href="#todo">TODO</a></li>
<li><a href="#references">References</a></li>
</ul>
</li>
</ul>
</div>
<h2 id="requirements">Requirements</h2>
<ul>
<li>A working iRedMail server (MySQL backend) on CentOS 6.</li>
</ul>
<h2 id="install-sogo">Install SOGo</h2>
<ul>
<li>Make sure you have EPEL repo enabled, if not, please follow <a href="https://fedoraproject.org/wiki/EPEL#How_can_I_use_these_extra_packages.3F">this wiki
tutorial</a>
to enable it.</li>
</ul>
<pre><code># yum repolist | grep -i 'epel'
epel Extra Packages for Enterprise Linux 6 - x86_64 11,109
</code></pre>
<ul>
<li>Add yum repo file <code>/etc/yum.repos.d/sogo.repo</code>:</li>
</ul>
<pre><code>[SOGo]
name=Inverse SOGo Repository
baseurl=http://inverse.ca/downloads/SOGo/RHEL6/$basearch
gpgcheck=0
</code></pre>
<ul>
<li>Install SOGo and dependences:</li>
</ul>
<pre><code># yum install sogo sope49-gdl1-mysql sogo-activesync libwbxml
</code></pre>
<h2 id="create-sql-database-to-store-sogo-data">Create SQL database to store SOGo data</h2>
<pre><code>$ mysql -u root -p
mysql&gt; CREATE DATABASE sogo CHARSET='UTF8';
mysql&gt; GRANT ALL ON sogo.* TO sogo@localhost IDENTIFIED BY 'password';
-- TODO
mysql&gt; GRANT SELECT ON vmail.mailbox TO sogo@localhost;
mysql&gt; CREATE VIEW sogo.sogo_users (c_uid, c_name, c_password, c_cn, mail, home) AS SELECT username, username, password, name, username, maildir FROM vmail.mailbox;
</code></pre>
<h2 id="configure-sogo">Configure SOGo</h2>
<p>Default SOGo config file is <code>/etc/sogo/sogo.conf</code>:</p>
<pre><code>(
WOPort = 127.0.0.1:20000;
SOGoProfileURL = &quot;mysql://sogo:password@localhost:3306/sogo/sogo_user_profile&quot;;
OCSFolderInfoURL = &quot;mysql://sogo:password@localhost:3306/sogo/sogo_folder_info&quot;;
OCSSessionsFolderURL = &quot;mysql://sogo:password@localhost:3306/sogo/sogo_sessions_folder&quot;;
SOGoIMAPServer = &quot;127.0.0.1&quot;;
SOGoDraftsFolderName Drafts
SOGoSentFolderName Sent
SOGoTrashFolderName Trash
SOGoMailingMechanism = smtp;
SOGoSMTPServer = 127.0.0.1;
// Enable managesieve service
SOGoSieveServer = sieve://127.0.0.1:4190;
SOGoSieveScriptsEnabled = YES;
SOGoVacationEnabled = YES;
SOGoMemcachedHost = 127.0.0.1;
SOGoTimeZone = &quot;Europe/Berlin&quot;;
SOGoFirstDayOfWeek = 1;
SOGoMailMessageCheck = every_5_minutes;
SOGoForceExternalLoginWithEmail = YES;
SOGoAppointmentSendEMailNotifications = YES;
SOGoFoldersSendEMailNotifications = YES;
SOGoACLsSendEMailNotifications = YES;
// OCSEMailAlarmsFolderURL = &quot;mysql://sogo:password@localhost:3306/sogo/sogo_alarms_folder&quot;;
SOGoPasswordChangeEnabled = YES;
SOGoUserSources =
(
{
type = sql;
id = directory;
viewURL = &quot;mysql://sogo:password@127.0.0.1:3306/sogo/sogo_users&quot;;
canAuthenticate = YES;
isAddressBook = YES;
userPasswordAlgorithm = md5;
prependPasswordScheme = YES;
}
);
</code></pre>
<p><strong>NOTE</strong>: SOGo will create required SQL tables automatically
(<code>sogo_user_profile</code>, <code>sogo_folder_info</code>, <code>sogo_sessions_folder</code>, ...), we
don't need to create them manually.</p>
<h2 id="start-sogo-and-dependent-services">Start SOGo and dependent services</h2>
<pre><code>service sogod start
service httpd restart
service memcached start
</code></pre>
<h2 id="how-to-configure-client-applications">How to configure client applications</h2>
<h3 id="apple-devices">Apple Devices</h3>
<p>URL for calendar service: <code>http://[host]/SOGo/dav/[user]/</code></p>
<h2 id="todo">TODO</h2>
<h2 id="references">References</h2><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

30
html/sql.create.mail.alias.html Normal file
View File

@ -0,0 +1,30 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>SQL: Create an mail alias account with SQL command line</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="sql-create-an-mail-alias-account-with-sql-command-line">SQL: Create an mail alias account with SQL command line</h1>
<p>To create an mail alias account, you can simply insert a SQL record in table
<code>vmail.alias</code>. For example:</p>
<pre><code class="mysql">sql&gt; USE vmail;
sql&gt; INSERT INTO alias (address, goto, domain) \
VALUES ('original@example.com', \
'user1@example.com,user2@example.com,user1@test.com', \
'example.com');
</code></pre>
<p><strong>NOTES</strong>:</p>
<ul>
<li>Please always use lower cases for email addresses.</li>
<li>Please separated multiple destination addresses by comma.</li>
<li>If destination address is a user under domain which is hosted on localhost,
it must exist. Otherwise emails sent to alias account will be bounced after
expanded to destination addresses.</li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

203
html/store.spamassassin.bayes.in.sql.html Normal file
View File

@ -0,0 +1,203 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Store SpamAssassin bayes in SQL</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="store-spamassassin-bayes-in-sql">Store SpamAssassin bayes in SQL</h1>
<p><strong>THIS ARTICLE IS STILL A DRAFT, DO NOT APPLY IT IN PRODUCTION SERVER.</strong></p>
<h2 id="summary">Summary</h2>
<p>This article will guide you to configure related components to store
SpamAssassin Bayes data in SQL server, and allow webmail users to report spam
with one click.</p>
<p>Tested with:</p>
<ul>
<li>iRedMail-0.8.0, iRedMail-0.8.7. </li>
<li>CentOS 6.2 (x86_64)</li>
<li>SpamAssassin-3.3.1</li>
<li>Amavisd-new-2.6.6</li>
<li>MySQL-5.1.61</li>
<li>Roundcubemail-0.7.2</li>
</ul>
<p>Notes:</p>
<ul>
<li>This article should work with all iRedMail releases. We take iRedMail-0.8.0 for example.</li>
<li>This article should work with all backends: OpenLDAP, MySQL, MariaDB, PostgreSQL. We take MySQL backend for example.</li>
<li>This article should work with Amavisd-new-2.6.0 and later versions.</li>
</ul>
<p><strong>IMPORTANT NOTE</strong>:</p>
<ul>
<li>The bayesian classifier can only score new messages if it already has 200
known spams and 200 known hams.</li>
<li>If Spamassassin fails to identify a spam, teach it so it can do better next
time. e.g. Mark it as spam in roundcube webmail.</li>
<li>Read <code>References</code> section at the end of this article before asking questions.</li>
</ul>
<h2 id="create-required-sql-database-used-to-store-bayes-data">Create required SQL database used to store bayes data</h2>
<p>We need to create a SQL database and necessary tables to store SpamAssassin
bayes data. The RPM package installed on CentOS 6 doesn't ship SQL template
for bayes database, so we have to download it from Apache web site. We're
running SpamAssassin-3.3.1, so what we need is this SQL template file:
http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_3_1/sql/bayes_mysql.sql.
If you're running different version, please find the proper SQL file here:
<a href="http://svn.apache.org/repos/asf/spamassassin/tags/">http://svn.apache.org/repos/asf/spamassassin/tags/</a>.</p>
<pre><code># cd /root/
# wget http://svn.apache.org/repos/asf/spamassassin/tags/spamassassin_release_3_3_1/sql/bayes_mysql.sql
</code></pre>
<p>Create MySQL database and import SQL template file:</p>
<pre><code># mysql -uroot -p
mysql&gt; CREATE DATABASE sa_bayes;
mysql&gt; USE sa_bayes;
mysql&gt; SOURCE /root/bayes_mysql.sql;
</code></pre>
<p>Create a new MySQL user (with password <code>sa_user_password</code>) and grant
permissions. <strong>IMPORTANT NOTE</strong>: Please replace password <code>sa_user_password</code>
by your own password.</p>
<pre><code>mysql&gt; GRANT SELECT, INSERT, UPDATE, DELETE ON sa_bayes.* TO sa_user@localhost IDENTIFIED BY 'sa_user_password';
mysql&gt; FLUSH PRIVILEGES;
</code></pre>
<h2 id="enable-bayes-modules-in-spamassassin">Enable Bayes modules in SpamAssassin</h2>
<p>Edit <code>/etc/mail/spamassassin/local.cf</code>, add (or modify below settings):</p>
<pre><code>use_bayes 1
bayes_auto_learn 1
bayes_auto_expire 1
# Store bayesian data in MySQL
bayes_store_module Mail::SpamAssassin::BayesStore::MySQL
bayes_sql_dsn DBI:mysql:sa_bayes:127.0.0.1:3306
# Store bayesian data in PostgreSQL
#bayes_store_module Mail::SpamAssassin::BayesStore::PgSQL
#bayes_sql_dsn DBI:Pg:sa_bayes:127.0.0.1:5432
bayes_sql_username sa_user
bayes_sql_password sa_user_password
# Override the username used for storing
# data in the database. This could be used to group users together to
# share bayesian filter data. You can also use this config option to
# trick sa-learn to learn data as a specific user.
bayes_sql_override_username vmail
</code></pre>
<p>Make sure SpamAssassin will load bayes modules:</p>
<pre><code># /etc/init.d/amavisd stop
# amavisd -c /etc/amavisd/amavisd.conf debug 2&gt;&amp;1 | grep -i 'bayes'
May 16 09:59:33 ... SpamAssassin loaded plugins: ..., Bayes, ...
May 16 10:27:38 ... extra modules loaded after daemonizing/chrooting:
Mail/SpamAssassin/BayesStore/MySQL.pm, Mail/SpamAssassin/BayesStore/SQL.pm, ...
</code></pre>
<p>Looks fine. Now press <code>Ctrl-C</code> to terminate above command.</p>
<p>Start Amavisd service:</p>
<pre><code># /etc/init.d/amavisd restart
</code></pre>
<p>It is required we initialize the database by learning a message. We use the
sample spam email shipped in the RPM package provided by CentOS 6:</p>
<pre><code># rpm -ql spamassassin | grep 'sample-spam'
/usr/share/doc/spamassassin-3.3.1/sample-spam.txt
# sa-learn --spam --username=vmail /usr/share/doc/spamassassin-3.3.1/sample-spam.txt
Learned tokens from 1 message(s) (1 message(s) examined)
</code></pre>
<h2 id="enable-roundcube-plugin-markasjunk2">Enable Roundcube plugin: markasjunk2</h2>
<ul>
<li>
<p>We need a third-party Roundcube plugin to allow webmail users to report spam:
<code>Mark as Junk 2</code>. You can download it here:
<a href="https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2/releases">https://github.com/JohnDoh/Roundcube-Plugin-Mark-as-Junk-2/releases</a></p>
</li>
<li>
<p>After download, please uncompress it and copy it to roundcube plugins
directory: <code>/var/www/roundcubemail/plugins/</code>. Then we get a new directory:
<code>/var/www/roundcubemail/plugins/markasjunk2/</code>.</p>
</li>
<li>
<p>Enter directory <code>/var/www/roundcubemail/plugins/markasjunk2/</code>, generate
config file by copying its sample config file:</p>
</li>
</ul>
<pre><code># cd /var/www/roundcubemail/plugins/markasjunk2/
# cp config.inc.php.dist config.inc.php
</code></pre>
<ul>
<li>Edit <code>roundcubemail/plugins/markasjunk2/config.inc.php</code>, update below settings:</li>
</ul>
<pre><code>$rcmail_config['markasjunk2_learning_driver'] = 'cmd_learn';
$rcmail_config['markasjunk2_read_spam'] = true;
$rcmail_config['markasjunk2_unread_ham'] = false;
$rcmail_config['markasjunk2_move_spam'] = true;
$rcmail_config['markasjunk2_move_ham'] = true;
$rcmail_config['markasjunk2_mb_toolbar'] = true;
$rcmail_config['markasjunk2_spam_cmd'] = 'sa-learn --spam --username=vmail %f';
$rcmail_config['markasjunk2_ham_cmd'] = 'sa-learn --ham --username=vmail %f';
</code></pre>
<ul>
<li>Enable this plugin in Roundcube config file
<code>/var/www/roundcubemail/config/main.inc.php</code> by appending <code>markasjunk2</code>
in plugin list:</li>
</ul>
<pre><code>$rcmail_config['plugins'] = array(..., &quot;markasjunk2&quot;);
</code></pre>
<ul>
<li>Learning driver <code>cmd_learn</code> requires PHP function <code>exec</code>, so we have to
remove it from PHP config file <code>/etc/php.ini</code>, parameter <code>disabled_functions</code>:</li>
</ul>
<pre><code># OLD SETTING
# disable_functions =show_source,system,shell_exec,passthru,exec,phpinfo,proc_open ;
# NEW SETTING. exec is removed.
disable_functions =show_source,system,shell_exec,passthru,phpinfo,proc_open ;
</code></pre>
<ul>
<li>Restarting Apache web server.</li>
</ul>
<p>You will see a new toolbar button after logging into Roundcube webmail:</p>
<p><img alt="" src="../images/Markasjunk2_toolbar_button.png" /></p>
<p>Check SQL database <code>sa_bayes</code> before we testing this plugin:</p>
<pre><code># mysql -uroot -p
mysql&gt; USE sa_bayes;
mysql&gt; SELECT COUNT(*) FROM bayes_token;
+----------+
| count(*) |
+----------+
| 65 |
+----------+
</code></pre>
<p>Back to Roundcube webmail, select a spam email (or a testing email), click
<code>Mark as Junk</code> button, then this email will be scanned by command <code>sa-learn</code>.
Check database <code>sa_bayes</code> again to make sure it's working:</p>
<pre><code># mysql -uroot -p
mysql&gt; USE sa_bayes;
mysql&gt; SELECT COUNT(*) FROM bayes_token;
+----------+
| count(*) |
+----------+
| 143 |
+----------+
</code></pre>
<p>Note: You may get different result number as shown above.</p>
<p>So far so good. That's all we need to do.</p>
<h2 id="references">References</h2>
<ul>
<li><a href="http://wiki.apache.org/spamassassin/BayesInSpamAssassin">Bayes Introduction</a>. Please do read section <code>Things to remember</code>.</li>
<li><a href="http://wiki.apache.org/spamassassin/BayesFaq">SpamAssassin Bayes Frequently Asked Questions</a></li>
</ul><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

20
html/turn.on.debug.mode.in.amavisd.html Normal file
View File

@ -0,0 +1,20 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Turn on debug mode in Amavisd</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="turn-on-debug-mode-in-amavisd">Turn on debug mode in Amavisd</h1>
<p>In Amavisd config file <code>/etc/amavisd/amavisd.conf</code>, change <code>$log_level</code>, then restart amavis service.</p>
<pre><code>$log_level = 5; # verbosity 0..5, -d
</code></pre>
<p>If you want to debug SpamAssassin, please update <code>$sa_debug</code> also:</p>
<pre><code>$sa_debug = 1;
</code></pre><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

29
html/turn.on.debug.mode.in.cluebringer.html Normal file
View File

@ -0,0 +1,29 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Turn on debug mode in Cluebringer</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="turn-on-debug-mode-in-cluebringer">Turn on debug mode in Cluebringer</h1>
<p>To turn on debug mode in Cluebringer, please increase its log level in
Cluebringer config file, set what it should log, and restart Cluebringer
service.</p>
<ul>
<li>on RHEL/CentOS, it's <code>/etc/policyd/cluebringer.conf</code>.</li>
<li>on Debian/Ubuntu, it's <code>/etc/cluebringer/cluebringer.conf</code>.</li>
<li>on FreeBSD, it's <code>/usr/local/etc/cluebringer.conf</code>.</li>
<li>on OpenBSD: we don't have Cluebringer installed on Cluebringer.</li>
</ul>
<pre><code>log_level=4
log_detail=modules,tracking,policies
</code></pre>
<p>Cluebringer is configured to log to <code>/var/log/cbpolicyd.log</code> by default, so
please monitor this file to check detailed debug log.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

34
html/turn.on.debug.mode.in.dovecot.html Normal file
View File

@ -0,0 +1,34 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Turn on debug mode in Dovecot</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="turn-on-debug-mode-in-dovecot">Turn on debug mode in Dovecot</h1>
<p>To turn on debug mode in Dovecot, please update Dovecot config file
<code>/etc/dovecot/dovecot.conf</code> (Linux/OpenBSD) or
<code>/usr/local/etc/dovecot/dovecot.conf</code> (FreeBSD), set <code>mail_debug</code> to <code>yes</code>:</p>
<pre><code>mail_debug = yes
</code></pre>
<p>Restart Dovecot service.</p>
<p>Dovecot is configured to log into 3 log files:</p>
<ul>
<li><code>/var/log/dovecot.log</code>: main log file.</li>
<li><code>/var/log/dovecot-sieve.log</code>: sieve related log.</li>
<li><code>/var/log/dovecot-lmtp.log</code>: lmtp related log. <strong>NOTE</strong>: old iRedMail release
doesn't have this file.</li>
</ul>
<p>If you need authentication and password related debug message, turn on related
settings and restart dovecot service.</p>
<pre><code>auth_verbose = yes
auth_debug = yes
auth_debug_passwords = yes
auth_verbose_passwords = yes
</code></pre><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

23
html/turn.on.debug.mode.in.openldap.html Normal file
View File

@ -0,0 +1,23 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Turn on debug mode in OpenLDAP</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="turn-on-debug-mode-in-openldap">Turn on debug mode in OpenLDAP</h1>
<p>In OpenLDAP config file <code>slapd.conf</code>, update parameter <code>loglevel</code> to value <code>256</code>, then restart OpenLDAP service.</p>
<ul>
<li>On RHEL/CentOS and OpenBSD, it's <code>/etc/openldap/slapd.conf</code></li>
<li>On Debian/Ubuntu, it's <code>/etc/ldap/slapd.conf</code></li>
<li>On FreeBSD, it's <code>/usr/local/etc/openldap/slapd.conf</code></li>
</ul>
<pre><code>loglevel 256
</code></pre>
<p>OpenLDAP is configured by iRedMail to log into <code>/var/log/openldap.log</code> by default.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

161
html/unattended.iredmail.installation.html Normal file
View File

@ -0,0 +1,161 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Perform silent/unattended iRedMail installation</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="perform-silentunattended-iredmail-installation">Perform silent/unattended iRedMail installation</h1>
<p>iRedMail will store configrations in file iRedMail-x.y.z/config during
installation, and ask you whether to use it for installation directly
or create a new one.</p>
<p>You can create a sample config file by executing iRedMail installer:</p>
<pre><code class="bash"># bash iRedMail.sh
</code></pre>
<p>After config wizard dialogs, you will find file <code>config</code> under iRedMail root
directory. For example, <code>/root/iRedMail-0.8.7/config</code>. it will ask whether to
start installation or not, you can cancel it if you want.</p>
<p>You can copy this config file to deploy as many servers as you want, change
the hard-coded passwords in it if you want.</p>
<p>How to deploy a new server with sample config file:</p>
<ul>
<li>Copy sample config file to new server, e.g. <code>/root/iRedMail-0.8.7/config</code>.</li>
<li>Execute iRedMail installer with shell variables:</li>
</ul>
<pre><code class="bash"># AUTO_USE_EXISTING_CONFIG_FILE=y \
AUTO_INSTALL_WITHOUT_CONFIRM=y \
AUTO_CLEANUP_REMOVE_SENDMAIL=y \
AUTO_CLEANUP_REMOVE_MOD_PYTHON=y \
AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y \
AUTO_CLEANUP_RESTART_IPTABLES=y \
AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y \
AUTO_CLEANUP_RESTART_POSTFIX=n \
bash iRedMail.sh
</code></pre>
<h2 id="sample-deployment">Sample Deployment</h2>
<p>Here's how i preform iRedMail tests every day with VMware Fusion on Mac OS X,
all are completed automatically with a shell command.</p>
<ul>
<li>
<p>Install a clean, basic/minimal OS (Debian/CentOS/OpenBSD/FreeBSD, etc), set
proper hostname, configure network, then shut down this server and create a
VMware snapshot named <code>Latest</code>. The snapshot name will be used in my shell
script, it needs a snapshot name to reverse VM to the clean OS.</p>
</li>
<li>
<p>Revert VM to the latest snapshot (a clean, basic, minimal OS) with VMware
command line tool <code>vmrun</code>.</p>
</li>
<li>
<p>Start this VM with <code>vmrun</code>, sleep 30 (or 60) seconds waiting for OS start up.</p>
</li>
<li>
<p>Detect network connection to this VM, if it's up, upload required files with <code>scp</code>:</p>
</li>
<li>the latest development edition of iRedMail</li>
<li>source tarballs required by iRedMail (Roundcube, iRedAdmin, iRedAPD, etc)</li>
<li>
<p>downloaded RHEL/CentOS/Debian/Ubuntu/OpenBSD binary packages, FreeBSD
distfiles etc. The most important one is a prepared iRedMail config file: iRedMail-x.y.z/config.</p>
</li>
<li>
<p>Create/Update iRedMail installation status file: iRedMail-x.y.z/.status
to skip downloading source tarballs, etc.</p>
</li>
<li>
<p>Perform installation via ssh like this:</p>
</li>
</ul>
<pre><code class="shell">ssh root@[SERVER] &quot;cd /root/iRedMail/ &amp;&amp; IREDMAIL_DEBUG='NO' AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_MOD_PYTHON=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_RESTART_IPTABLES=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_RESTART_POSTFIX=n bash iRedMail.sh&quot;
</code></pre>
<ul>
<li>Perform after-installation tasks: upload downloaded ClamAV database, ..., reboot server.</li>
</ul>
<p>It should complete in 2-3 minutes (uploading binary packages takes most time),
then i got a working iRedMail server. I do this many times every day.</p>
<p>I have 5 prepared iRedMail config files for different backends: OpenLDAP,
MySQL, MariaDB, PostgreSQL, ldapd (OpenBSD only). i run my script with an
option to install iRedMail with specified backend like below, the script will
upload proper config file to server:</p>
<pre><code class="shell"># bash auto.centos7.sh ldap
# bash auto.centos7.sh mysql
# bash auto.centos7.sh pgsql
# bash auto.ubuntu14.sh mariadb
# bash auto.openbsd55.sh ldapd
</code></pre>
<p>Below is file of <code>auto.centos7.sh</code> mentioned above, it prepares VMware virtual
machine, then execute another script <code>c7.sh</code> to perform the real installation.</p>
<pre><code class="shell">#!/usr/bin/env bash
# File: auto.centos7.sh
[ X&quot;$#&quot; != X'1' ] &amp;&amp; echo 'No backend? ldap, mysql, pgsql' &amp;&amp; exit 255
export backend=&quot;${1}&quot;
export VMRUN='vmrun -T fusion'
export VM_USER_ROOT='root'
export VM_HOSTNAME='c7'
export VM=&quot;/Users/zhb/vm.packages/vm/CentOS-7-x86_64.vmwarevm/CentOS-7-x86_64.vmx&quot;
echo &quot;* Revert to the latest snapshot.&quot;
${VMRUN} revertToSnapshot ${VM} Latest
echo &quot;* Start VM.&quot;
${VMRUN} start ${VM}
echo &quot;* Sleep 30 seconds to wait VM start up.&quot;
sleep 30
echo &quot;* Detect network status with ssh.&quot;
while :; do
ssh ${VM_USER_ROOT}@${VM_HOSTNAME} &quot;exit&quot;
if [ X&quot;$?&quot; == X'0' ]; then
break
else
sleep 5
fi
done
echo &quot;* Start testing iRedMail.&quot;
sh ${VM_HOSTNAME}.sh ${backend}
</code></pre>
<pre><code class="shell">#!/usr/bin/env bash
# File: c7.sh
[ X&quot;$#&quot; != X'1' ] &amp;&amp; echo 'No backend?' &amp;&amp; exit 255
backend=&quot;${1}&quot;
# hostname of your VMware virtual machine set in Mac OS X /etc/hosts.
HOST=&quot;c7&quot;
echo 'copying iRedMail ...'
scp -r ~/projects/iredmail/iRedMail root@${HOST}:~ &gt;/dev/null
echo 'copying pkgs/misc ...'
scp -r misc root@${HOST}:~/iRedMail/pkgs/ &gt;/dev/null
scp -r config.${backend} root@${HOST}:~/iRedMail/config &gt;/dev/null
echo 'copying archives ...'
scp -r rhel/7/yum root@${HOST}:/var/cache/ &gt;/dev/null
echo 'updating .status ...'
ssh root@${HOST} &quot;echo export status_check_new_iredmail='DONE' &gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;echo export status_fetch_pkgs='DONE' &gt;&gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;echo export status_fetch_misc='DONE' &gt;&gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;echo export status_cleanup_update_clamav_signatures='DONE' &gt;&gt; /root/iRedMail/.status&quot;
ssh root@${HOST} &quot;cd /root/iRedMail/ &amp;&amp; yum clean metadata &amp;&amp; AUTO_USE_EXISTING_CONFIG_FILE=y AUTO_INSTALL_WITHOUT_CONFIRM=y AUTO_CLEANUP_REMOVE_SENDMAIL=y AUTO_CLEANUP_REMOVE_MOD_PYTHON=y AUTO_CLEANUP_REPLACE_FIREWALL_RULES=y AUTO_CLEANUP_RESTART_IPTABLES=y AUTO_CLEANUP_REPLACE_MYSQL_CONFIG=y AUTO_CLEANUP_RESTART_POSTFIX=n bash iRedMail.sh&quot;
ssh root@${HOST} &quot;/usr/bin/systemctl stop firewalld&quot;
#ssh root@${HOST} &quot;mkdir /root/pro &amp;&amp; cp /var/www/iredadmin/settings.py /root/pro/&quot;
#scp -r clamav/* root@${HOST}:/var/lib/clamav/
#ssh root@${HOST} &quot;chown clamupdate:clamupdate /var/lib/clamav/*&quot;
ssh root@${HOST} &quot;echo 'reboot'; reboot&quot;
</code></pre><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>

42
html/why.append.timestamp.in.maildir.path.html Normal file
View File

@ -0,0 +1,42 @@
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Why append timestamp in maildir path</title>
<link href="./css/markdown.css" rel="stylesheet"></head>
</head>
<body>
<div id="navigation">
<a href="http://www.iredmail.org" target="_blank">iRedMail web site</a>
// <a href="./index.html">Document Index</a>
</div><h1 id="why-append-timestamp-in-maildir-path">Why append timestamp in maildir path</h1>
<p>iRedMail will append timestamp in maildir path by default, here's why.</p>
<p>Depends on the tools/scripts you used to create mail accounts, it's tunable
in scripts shipped within iRedMail and iRedAdmin (file <code>settings.py</code>, variable
<code>MAILDIR_APPEND_TIMESTAMP = True</code> or <code>False</code>).</p>
<p>Deleting mail accounts with iRedAdmin will not remove the mailboxes on file
system, so that you can keep user's mailbox for some time.</p>
<p>Think about this situation:</p>
<ul>
<li>
<p>Employee Michael Jordan has email address mj@domain.ltd. Without timestamp
in maildir path, the maildir path of his mailbox looks like
<code>/var/vmail/vmail1/domain.ltd/mj/</code>.</p>
</li>
<li>
<p>Michael left company, and your company deleted his mail account. With
iRedAdmin, it just deletes mail accounts stored in LDAP/SQL server, not delete
his mailbox on file system (<code>var/vmail/vmail1/domain.ltd/mj</code>).</p>
</li>
<li>
<p>A new talent joined in, his name is Mike Jackson, and he want to use
<code>mj@domain.ltd</code> since <code>mj@</code> is not used by others. And you created it for him.
Without timestamp in maildir path, the maildir path of Mike's mailbox is the
same as Michael's <code>/var/vmail/vmail1/domain.ltd/mj/</code>.</p>
</li>
</ul>
<p>iRedAdmin doesn't remove the mailboxes on file system, so Mike will see all
emails in Michael's mailbox if Michael didn't delete them. To avoid this, we
append a timestamp in maildir path to make sure all users will be assigned
a unique maildir paths.</p><br /><p>If you found something wrong in this document, please do <a href="http://www.iredmail.org/contact.html">contact us</a> to fix it.</p></body></html>